From 9f66aad423a52e951ad0ed44e0719b66066df914 Mon Sep 17 00:00:00 2001 From: salmonca Date: Fri, 13 Feb 2026 12:14:22 +0800 Subject: [PATCH] payment-widget: fix NaCl bundle + harden against XSS/iframe --- payment-widget/README.md | 55 ++++++------ payment-widget/poc/iframe-block.html | 30 +++++++ payment-widget/poc/xss-label.html | 26 ++++++ payment-widget/poc/xss-memo.html | 26 ++++++ payment-widget/rustchain-pay.js | 130 +++++++++++++++++++++++---- 5 files changed, 222 insertions(+), 45 deletions(-) create mode 100644 payment-widget/poc/iframe-block.html create mode 100644 payment-widget/poc/xss-label.html create mode 100644 payment-widget/poc/xss-memo.html diff --git a/payment-widget/README.md b/payment-widget/README.md index 68eb7ed..f00b1a9 100644 --- a/payment-widget/README.md +++ b/payment-widget/README.md @@ -1,4 +1,4 @@ -# RustChain Payment Widget (rustchain-pay.js) +# RustChain Payment Widget (rustchain-pay.js)

Version @@ -8,18 +8,16 @@ A lightweight, embeddable JavaScript widget for accepting **RTC (RustChain Token)** payments on any website. Similar to Stripe's checkout button, but for RustChain's Proof-of-Antiquity cryptocurrency. -## ✨ Features - -- **🔒 Client-Side Signing** - Private keys never leave the browser -- **📦 Zero Dependencies** - Self-contained with bundled TweetNaCl.js -- **🎨 Beautiful UI** - Modern, responsive modal design -- **⚡ Easy Integration** - Single script tag, auto-initializes -- **🔑 Multiple Auth Methods** - Supports seed phrases and encrypted keystores -- **📱 Responsive** - Works on desktop and mobile -- **🔗 Callback Support** - Webhook notifications for payment confirmation - -## 🚀 Quick Start +## Features +- Client-side signing (private keys never leave the browser) +- Zero dependencies (bundled TweetNaCl.js) +- Modal checkout UI +- Data-attribute integration or JS API +- Seed phrase and keystore support +- Responsive (desktop and mobile) +- Callback/webhook notification (restricted by default) +## Quick Start ### Method 1: Data Attributes (Easiest) ```html @@ -68,8 +66,7 @@ document.getElementById('pay-btn').onclick = () => { ``` -## 📖 API Reference - +## API Reference ### `RustChainPay` Class #### Constructor Options @@ -128,6 +125,9 @@ console.log(balance.amount_rtc); // e.g., 150.5 | `data-memo` | No | Payment memo/description | | `data-label` | No | Custom button text | | `data-callback` | No | Webhook URL for payment notification | +| `data-allow-iframe` | No | Set to `true` to allow running inside an iframe (default: blocked) | +| `data-allowed-origins` | No | Comma-separated origin allowlist (defense-in-depth) | +| `data-allow-callback-any-origin` | No | Set to `true` to allow cross-origin callback URLs (default: same-origin only) | ### Success Callback Payload @@ -142,7 +142,14 @@ console.log(balance.amount_rtc); // e.g., 150.5 } ``` -## 🔐 Security +## Security + +### Embed Hardening (Defense-in-Depth) + +- DOM injection hardening: widget renders user-provided fields via `textContent`/text nodes, not `innerHTML`. +- Iframe default-deny: widget refuses to run in iframes unless `data-allow-iframe="true"` is set. +- Optional origin allowlist: `data-allowed-origins` can restrict which `window.location.origin` values are allowed. +- Callback restriction: `data-callback` is same-origin only by default; set `data-allow-callback-any-origin="true"` to override. ### Client-Side Signing @@ -177,8 +184,7 @@ Supports RustChain's encrypted keystore format: } ``` -## 🎨 Customization - +## Customization ### CSS Variables Override the default styles: @@ -216,8 +222,7 @@ document.getElementById('pay').onclick = () => { ``` -## 🌐 Webhook Integration - +## Webhook Integration Set `data-callback` or pass `callback` in options to receive POST notifications: ```javascript @@ -246,8 +251,7 @@ app.post('/payment-webhook', (req, res) => { }); ``` -## 🔧 Development - +## Development ### Building from Source The widget is self-contained. To modify: @@ -264,8 +268,7 @@ python3 -m http.server 8000 # Open http://localhost:8000/demo.html ``` -## 📋 Browser Support - +## Browser Support - Chrome 60+ - Firefox 55+ - Safari 11+ @@ -273,8 +276,7 @@ python3 -m http.server 8000 Requires Web Crypto API support. -## 🔗 Resources - +## Resources - **RustChain Repo**: [github.com/Scottcjn/Rustchain](https://github.com/Scottcjn/Rustchain) - **Network Explorer**: [50.28.86.131/explorer](https://50.28.86.131/explorer/) - **Bounties**: [github.com/Scottcjn/rustchain-bounties](https://github.com/Scottcjn/rustchain-bounties) @@ -284,8 +286,7 @@ Requires Web Crypto API support. - `GET /wallet/balance?miner_id=ADDRESS` - Check balance - `POST /wallet/transfer/signed` - Submit signed transfer -## 📜 License - +## License MIT License - Free for commercial and non-commercial use. --- diff --git a/payment-widget/poc/iframe-block.html b/payment-widget/poc/iframe-block.html new file mode 100644 index 0000000..c6d15cb --- /dev/null +++ b/payment-widget/poc/iframe-block.html @@ -0,0 +1,30 @@ + + + + + + PoC: Iframe Block (Payment Widget) + + +

PoC: Iframe Block

+

+ The hardened widget blocks execution in iframes by default (anti-clickjacking). + To allow, set data-allow-iframe="true". +

+ + + + + diff --git a/payment-widget/poc/xss-label.html b/payment-widget/poc/xss-label.html new file mode 100644 index 0000000..7e32f1e --- /dev/null +++ b/payment-widget/poc/xss-label.html @@ -0,0 +1,26 @@ + + + + + + PoC: XSS via data-label (Payment Widget) + + +

PoC: XSS via data-label

+

+ This page demonstrates the injection vector that existed when the widget rendered + data-label via innerHTML. In the hardened version, the label is rendered + via a text node and should not execute HTML/JS. +

+ +
+ + + + + diff --git a/payment-widget/poc/xss-memo.html b/payment-widget/poc/xss-memo.html new file mode 100644 index 0000000..33ccfe1 --- /dev/null +++ b/payment-widget/poc/xss-memo.html @@ -0,0 +1,26 @@ + + + + + + PoC: XSS via data-memo (Payment Widget) + + +

PoC: XSS via data-memo

+

+ This page demonstrates the injection vector that existed when the widget interpolated + data-memo into innerHTML. In the hardened version, memo is rendered via + textContent and should not execute HTML/JS. +

+ +
+ + + + + diff --git a/payment-widget/rustchain-pay.js b/payment-widget/rustchain-pay.js index 6954744..a58d06b 100644 --- a/payment-widget/rustchain-pay.js +++ b/payment-widget/rustchain-pay.js @@ -1,4 +1,4 @@ -/** +/** * RustChain Payment Widget v1.0.0 * Embeddable checkout button for RTC cryptocurrency payments * @@ -19,7 +19,10 @@ // TweetNaCl.js v1.0.3 (minified Ed25519 implementation) // Public domain - https://tweetnacl.js.org // ============================================================================= - var nacl=function(n){"use strict";var t=function(n){var t,r=new Float64Array(16);if(n)for(t=0;t>8,o|=e-1>>>8&255;return(1&o-1)-1}function L(n,t){for(var r=new Uint8Array(32),e=new Float64Array(80),o=0;o<31;o++)r[o]=n[o];r[31]=127&n[31]|64,C(e,t),R(e,r),O(e),j(e,e),N(e,e),j(e,e),N(e,e),j(e,e),N(e,e),j(e,e),function(n,t){var r,e=t[0],o=t[1],i=t[2],a=t[3],u=t[4],c=t[5],f=t[6],s=t[7],l=t[8],h=t[9],p=t[10],y=t[11],d=t[12],g=t[13],v=t[14],b=t[15];e*=2,o*=2,i*=2,a*=2,u*=2,c*=2,f*=2,s*=2,l*=2,h*=2;var w=38*c,_=19*f,A=38*s,U=19*l,E=38*h,x=19*p,M=38*y,m=19*d,B=38*g,S=19*v,K=19*b,T=(r=e*_)+o*A+i*U+a*E+u*x+65536|0,Y=(r=e*A+o*U+i*E+a*x+u*M)+c*K+65536|0,L=(r=e*U+o*E+i*x+a*M+c*m)+f*K+65536|0,R=(r=e*E+o*x+i*M+a*m+c*B)+f*S+s*K+65536|0,C=(r=e*x+o*M+i*m+a*B+c*S)+f*K+s*K+l*K+65536|0,O=(r=e*M+o*m+i*B+a*S+c*K)+f*K+s*K+l*K+h*K+65536|0,j=T>>>16,N=Y>>>16,z=L>>>16,I=R>>>16,P=C>>>16,F=O>>>16;T&=65535,Y&=65535,L&=65535,R&=65535,C&=65535,O&=65535;var D=(r=p*K)+e*m+o*B+i*S+a*K+c*K+65536|0,G=(r=y*K)+e*B+o*S+i*K+a*K+c*K+f*K+65536|0,H=(r=d*K)+e*S+o*K+i*K+a*K+c*K+f*K+s*K+65536|0,J=(r=g*K)+e*K+o*K+i*K+a*K+c*K+f*K+s*K+l*K+65536|0,Q=(r=v*K)+o*K+i*K+a*K+c*K+f*K+s*K+l*K+h*K+65536|0,V=(r=b*K)+i*K+a*K+c*K+f*K+s*K+l*K+h*K+p*K+65536|0,W=D>>>16,X=G>>>16,Z=H>>>16,$=J>>>16,nn=Q>>>16,tn=V>>>16;D&=65535,G&=65535,H&=65535,J&=65535,Q&=65535,V&=65535,D+=j,G+=N,H+=z,J+=I,Q+=P,V+=F,j=D>>>16,N=G>>>16,z=H>>>16,I=J>>>16,P=Q>>>16,F=V>>>16,D&=65535,G&=65535,H&=65535,J&=65535,Q&=65535,V&=65535,D+=j,G+=N,H+=z,J+=I,Q+=P,V+=F,j=D>>>16,N=G>>>16,z=H>>>16,I=J>>>16,P=Q>>>16,F=V>>>16,D&=65535,G&=65535,H&=65535,J&=65535,Q&=65535,V&=65535;var rn=D+W+65536|0,en=G+X+65536|0,on=H+Z+65536|0,an=J+$+65536|0,un=Q+nn+65536|0,cn=V+tn+65536|0,fn=rn>>>16,sn=en>>>16,ln=on>>>16,hn=an>>>16,pn=un>>>16,yn=cn>>>16;rn&=65535,en&=65535,on&=65535,an&=65535,un&=65535,cn&=65535,rn+=fn,en+=sn,on+=ln,an+=hn,un+=pn,cn+=yn,fn=rn>>>16,sn=en>>>16,ln=on>>>16,hn=an>>>16,pn=un>>>16,yn=cn>>>16,rn&=65535,en&=65535,on&=65535,an&=65535,un&=65535,cn&=65535;var dn=T+38*(rn-65536+fn)|0,gn=Y+38*(en-65536+sn)|0,vn=L+38*(on-65536+ln)|0,bn=R+38*(an-65536+hn)|0,wn=C+38*(un-65536+pn)|0,_n=O+38*(cn-65536+yn)|0;dn+=dn>>>16,gn+=gn>>>16,vn+=vn>>>16,bn+=bn>>>16,wn+=wn>>>16,_n+=_n>>>16,n[0]=65535&dn,n[1]=65535&gn,n[2]=65535&vn,n[3]=65535&bn,n[4]=65535&wn,n[5]=65535&_n,n[6]=D,n[7]=G,n[8]=H,n[9]=J,n[10]=Q,n[11]=V,n[12]=rn,n[13]=en,n[14]=on,n[15]=an}(e,e),N(e,e);for(var i=0;i<16;i++)r[i]=e[i]>>>8&255;return r[0]|=n[31]&128,r}function R(n,t){for(var r,e=new Float64Array(80),o=0;o<16;o++)e[o]=n[o],e[o+16]=t[o],e[o+32]=0,e[o+48]=0,e[o+64]=0;for(e[32]=1,o=254;o>=0;--o)z(e,r=t[o>>>3]>>>(7&o)&1,0,32),z(e,r,16,48),I(e,0,16),I(e,32,48),P(e,16,0),P(e,48,32),D(e,32,48),D(e,0,16),D(e,48,48),D(e,16,16),G(e,0,32),G(e,32,0),F(e,0,48),F(e,48,32),F(e,32,16);for(o=0;o<16;o++)n[o]=e[o],n[o+16]=e[o+16],n[o+32]=e[o+32],n[o+48]=e[o+48],n[o+64]=e[o+64]}function C(n,t){for(var r,e=new Float64Array(80),o=0;o<16;o++)e[o]=t[o],e[o+16]=0,e[o+32]=0,e[o+48]=0,e[o+64]=0;for(e[16]=1,e[32]=1,o=254;o>=0;--o)z(e,r=n[o>>>3]>>>(7&o)&1,0,32),z(e,r,16,48),I(e,0,16),I(e,32,48),P(e,16,0),P(e,48,32),D(e,32,48),D(e,0,16),D(e,48,48),D(e,16,16),G(e,0,32),G(e,32,0),F(e,0,48),F(e,48,32),F(e,32,16);for(o=0;o<16;o++)t[o]=e[o]}function O(n){var t,r;for(t=0;t<5;t++)for(r=0;r<16;r++)n[r]=Math.floor(n[r]+65536)-65536}function j(n,t){for(var r,e=0;e<16;e++)r=Math.round(t[e]),n[e]=r<0?0:r>255?255:r}function N(n,t){for(var r,e,o,i=0;i<16;i++)r=t[i]/65536|0,e=t[i]-65536*r,o=e/256|0,n[2*i]=e-256*o,n[2*i+1]=o+256*r}function z(n,t,r,e){for(var o,i=0;i<16;i++)o=t*(n[e+i]-n[r+i]),n[r+i]+=o,n[e+i]-=o}function I(n,t,r){for(var e=0;e<16;e++)n[t+e]+=n[r+e]}function P(n,t,r){for(var e=0;e<16;e++)n[t+e]-=n[r+e]}function F(n,t,r){for(var e,o=0;o<16;o++)e=n[t+o]*n[r+o],n[t+o]=e}function D(n,t,r){for(var e,o,i=0;i<16;i++)e=n[t+i],o=n[r+i],n[t+i]=e*o}function G(n,t,r){for(var e=0;e<16;e++)n[t+e]=n[r+e]*n[r+e]}function H(n,t,r){var e,o=new Float64Array(16);for(e=0;e<16;e++)o[e]=t[e];for(e=253;e>=0;e--)G(o,0,0),2!==e&&4!==e&&D(o,0,r);for(e=0;e<16;e++)n[e]=o[e]}function J(n,t){var r,e=new Float64Array(16);for(r=0;r<16;r++)e[r]=t[r];for(r=250;r>=0;r--)G(e,0,0),1!==r&&D(e,0,t);for(r=0;r<16;r++)n[r]=e[r]}function Q(n,r){var e,o,a=new Uint8Array(32),u=new Float64Array(80),s=[t(),t(),t(),t()],l=t();C(u,r),O(u),function(n,t){var r;for(r=0;r<16;r++)n[r]=t[r]}(s[0],u.subarray(0,16)),function(n,t){var r;for(r=0;r<16;r++)n[r]=t[r]}(s[1],u.subarray(16,32)),function(n,t){var r;for(r=0;r<16;r++)n[r]=t[r]}(s[2],u.subarray(32,48)),function(n,t){var r;for(r=0;r<16;r++)n[r]=t[r]}(s[3],u.subarray(48,64)),function(n,t,r,e,o){var a,u,c=t(),f=t(),s=t(),l=t(),h=t(),p=t(),y=t(),d=t(),g=t();for(I(c,n[1],n[0]),I(g,e[1],e[0]),D(c,0,16),D(g,0,16),I(f,n[0],n[1]),I(d,e[0],e[1]),D(f,0,16),D(d,0,16),D(s,c,d),D(l,f,g),I(h,s,l),P(p,s,l),D(y,r[2],o[2]),F(y,0,16),function(n,t){var r;for(r=0;r<16;r++)n[r]=2*t[r]}(y,y),I(d,r[3],o[3]),D(d,0,16),I(g,y,d),P(c,y,d),D(f,n[2],n[2]),G(s,0,0),D(l,s,p),D(s,h,g),D(y,h,c),D(d,l,c),D(g,p,g),a=t(),u=t(),I(a,s,y),I(u,d,g),j(n[0],a),j(n[1],u),I(a,l,g),I(u,s,d),j(n[2],a),j(n[3],u)}(s,s,u.subarray(64,80),f,c),H(l,s[2],i),D(l,0,16),function(n,t){var r,e=t();for(I(e,n[0],n[1]),P(n[0],n[0],n[1]),D(n[0],0,16),D(e,0,16),J(n[1],e),D(n[1],0,16),D(n[1],0,16),D(n[0],n[0],n[1]),r=0;r<16;r++)n[0][r]=Math.round(n[0][r])}(s,l),j(s[0],s[0]),N(a,s[0]);for(var h=0;h<32;h++)a[h]^=128&r[31];return Y(a,a)^Y(a,n)^-1}n.scalarMult=function(n,t){var r=new Uint8Array(32);return L(n,t),r},n.scalarMult.scalarLength=32,n.scalarMult.groupElementLength=32;var V=function(){var n,t=new Uint8Array(32);for(n=0;n<32;n++)t[n]=Math.floor(256*Math.random());return t};n.sign=function(n,r){var e,o,i,a,u=new Uint8Array(64),c=new Uint8Array(64),f=new Uint8Array(64),l=new Float64Array(64);if(n.length!==64)throw new Error("bad secret key size");for(e=0;e<32;e++)c[e]=n[e];!function(n){var t,r=new Uint8Array(64);for(t=0;t<64;t++)r[t]=n[t];for(function(n){var t,r,e,o,i,a,u,c,f,s=new Uint32Array(16),l=new Uint32Array(16);for(t=0;t<16;t++)s[t]=0,l[t]=0;for(t=0;t<64;t++)s[t>>2]|=n[t]<<(24-8*(3&t));s[0]+=1779033703,s[1]+=3144134277,s[2]+=1013904242,s[3]+=2773480762,s[4]+=1359893119,s[5]+=2600822924,s[6]+=528734635,s[7]+=1541459225;for(var h=0;h<80;h++){if(r=s[0],e=s[1],o=s[2],i=s[3],a=s[4],u=s[5],c=s[6],f=s[7],h<16)l[h]=s[h];else{var p=l[h-15],y=l[h-2];l[h]=(l[h-16]+(((p>>>7|p<<25)^(p>>>18|p<<14)^p>>>3)>>>0)+l[h-7]+(((y>>>17|y<<15)^(y>>>19|y<<13)^y>>>10)>>>0))>>>0}var d=((((a>>>6|a<<26)^(a>>>11|a<<21)^(a>>>25|a<<7))>>>0)+(a&u^~a&c)>>>0)+(f+(([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298][h]>>>0)+l[h]>>>0)>>>0)>>>0,g=((((r>>>2|r<<30)^(r>>>13|r<<19)^(r>>>22|r<<10))>>>0)+(r&e^r&o^e&o)>>>0)>>>0;s[7]=s[6],s[6]=s[5],s[5]=s[4],s[4]=i+d>>>0,s[3]=s[2],s[2]=s[1],s[1]=s[0],s[0]=d+g>>>0}for(t=0;t<8;t++)s[t]=s[t]+[1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225][t]>>>0;for(t=0;t<8;t++)n[4*t]=s[t]>>>24,n[4*t+1]=s[t]>>>16&255,n[4*t+2]=s[t]>>>8&255,n[4*t+3]=255&s[t]}}(n),t=0;t<64;t++)n[t]=r[t]}(c),c[0]&=248,c[31]&=127,c[31]|=64;for(var h=new Uint8Array(r.length+64),p=0;p>2]|=n[t]<<(24-8*(3&t));s[0]+=1779033703,s[1]+=3144134277,s[2]+=1013904242,s[3]+=2773480762,s[4]+=1359893119,s[5]+=2600822924,s[6]+=528734635,s[7]+=1541459225;for(var h=0;h<80;h++){if(r=s[0],e=s[1],o=s[2],i=s[3],a=s[4],u=s[5],c=s[6],f=s[7],h<16)l[h]=s[h];else{var p=l[h-15],y=l[h-2];l[h]=(l[h-16]+(((p>>>7|p<<25)^(p>>>18|p<<14)^p>>>3)>>>0)+l[h-7]+(((y>>>17|y<<15)^(y>>>19|y<<13)^y>>>10)>>>0))>>>0}var d=((((a>>>6|a<<26)^(a>>>11|a<<21)^(a>>>25|a<<7))>>>0)+(a&u^~a&c)>>>0)+(f+(([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298][h]>>>0)+l[h]>>>0)>>>0)>>>0,g=((((r>>>2|r<<30)^(r>>>13|r<<19)^(r>>>22|r<<10))>>>0)+(r&e^r&o^e&o)>>>0)>>>0;s[7]=s[6],s[6]=s[5],s[5]=s[4],s[4]=i+d>>>0,s[3]=s[2],s[2]=s[1],s[1]=s[0],s[0]=d+g>>>0}for(t=0;t<8;t++)s[t]=s[t]+[1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225][t]>>>0;for(t=0;t<8;t++)n[4*t]=s[t]>>>24,n[4*t+1]=s[t]>>>16&255,n[4*t+2]=s[t]>>>8&255,n[4*t+3]=255&s[t]}}(n),t=0;t<64;t++)n[t]=r[t]}(h.subarray(0,64));for(var y=new Float64Array(64),d=0;d<64;d++)y[d]=h[d];!function(n){var t,r,e,o;for(t=63;t>=32;--t)for(e=0,r=t-32,o=t-12;r>8,n[t]&=255}(y);for(var g=0;g<32;g++)u[g]=y[g];for(var w=new Float64Array(80),_=0;_<32;_++)w[_]=c[_];R(w,n.subarray(32)),O(w);var A=new Float64Array(16);for(p=0;p<16;p++)A[p]=w[p];for(N(f,A),p=0;p<32;p++)u[p+32]=f[p];for(e=0;e<32;e++)h[e]=u[e];!function(n){var t,r=new Uint8Array(64);for(t=0;t<64;t++)r[t]=n[t];!function(n){var t,r,e,o,i,a,u,c,f,s=new Uint32Array(16),l=new Uint32Array(16);for(t=0;t<16;t++)s[t]=0,l[t]=0;for(t=0;t<64;t++)s[t>>2]|=n[t]<<(24-8*(3&t));s[0]+=1779033703,s[1]+=3144134277,s[2]+=1013904242,s[3]+=2773480762,s[4]+=1359893119,s[5]+=2600822924,s[6]+=528734635,s[7]+=1541459225;for(var h=0;h<80;h++){if(r=s[0],e=s[1],o=s[2],i=s[3],a=s[4],u=s[5],c=s[6],f=s[7],h<16)l[h]=s[h];else{var p=l[h-15],y=l[h-2];l[h]=(l[h-16]+(((p>>>7|p<<25)^(p>>>18|p<<14)^p>>>3)>>>0)+l[h-7]+(((y>>>17|y<<15)^(y>>>19|y<<13)^y>>>10)>>>0))>>>0}var d=((((a>>>6|a<<26)^(a>>>11|a<<21)^(a>>>25|a<<7))>>>0)+(a&u^~a&c)>>>0)+(f+(([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298][h]>>>0)+l[h]>>>0)>>>0)>>>0,g=((((r>>>2|r<<30)^(r>>>13|r<<19)^(r>>>22|r<<10))>>>0)+(r&e^r&o^e&o)>>>0)>>>0;s[7]=s[6],s[6]=s[5],s[5]=s[4],s[4]=i+d>>>0,s[3]=s[2],s[2]=s[1],s[1]=s[0],s[0]=d+g>>>0}for(t=0;t<8;t++)s[t]=s[t]+[1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225][t]>>>0;for(t=0;t<8;t++)n[4*t]=s[t]>>>24,n[4*t+1]=s[t]>>>16&255,n[4*t+2]=s[t]>>>8&255,n[4*t+3]=255&s[t]}}(n),t=0;t<64;t++)n[t]=r[t]}(h.subarray(0,64));for(var b=new Float64Array(64),M=0;M<64;M++)b[M]=h[M];!function(n){var t,r,e,o;for(t=63;t>=32;--t)for(e=0,r=t-32,o=t-12;r>8,n[t]&=255}(b);for(o=0;o<32;o++)u[o+32]=b[o];for(i=0;i<32;i++)l[i]=c[i];for(a=0;a<32;a++)for(var S=0;S<32;S++)l[a]+=u[a+32]*c[S],l[a]=l[a]-(l[a]>>8<<8);return u},n.sign.keyPair=function(){var n=new Uint8Array(32),r=new Uint8Array(64);return V(n),function(n,r){var e,o=new Uint8Array(64),i=new Float64Array(80),a=[t(),t(),t(),t()];for(e=0;e<64;e++)o[e]=r[e];!function(n){var t,r=new Uint8Array(64);for(t=0;t<64;t++)r[t]=n[t];!function(n){var t,r,e,o,i,a,u,c,f,s=new Uint32Array(16),l=new Uint32Array(16);for(t=0;t<16;t++)s[t]=0,l[t]=0;for(t=0;t<64;t++)s[t>>2]|=n[t]<<(24-8*(3&t));s[0]+=1779033703,s[1]+=3144134277,s[2]+=1013904242,s[3]+=2773480762,s[4]+=1359893119,s[5]+=2600822924,s[6]+=528734635,s[7]+=1541459225;for(var h=0;h<80;h++){if(r=s[0],e=s[1],o=s[2],i=s[3],a=s[4],u=s[5],c=s[6],f=s[7],h<16)l[h]=s[h];else{var p=l[h-15],y=l[h-2];l[h]=(l[h-16]+(((p>>>7|p<<25)^(p>>>18|p<<14)^p>>>3)>>>0)+l[h-7]+(((y>>>17|y<<15)^(y>>>19|y<<13)^y>>>10)>>>0))>>>0}var d=((((a>>>6|a<<26)^(a>>>11|a<<21)^(a>>>25|a<<7))>>>0)+(a&u^~a&c)>>>0)+(f+(([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298][h]>>>0)+l[h]>>>0)>>>0)>>>0,g=((((r>>>2|r<<30)^(r>>>13|r<<19)^(r>>>22|r<<10))>>>0)+(r&e^r&o^e&o)>>>0)>>>0;s[7]=s[6],s[6]=s[5],s[5]=s[4],s[4]=i+d>>>0,s[3]=s[2],s[2]=s[1],s[1]=s[0],s[0]=d+g>>>0}for(t=0;t<8;t++)s[t]=s[t]+[1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225][t]>>>0;for(t=0;t<8;t++)n[4*t]=s[t]>>>24,n[4*t+1]=s[t]>>>16&255,n[4*t+2]=s[t]>>>8&255,n[4*t+3]=255&s[t]}}(n),t=0;t<64;t++)n[t]=r[t]}(o),o[0]&=248,o[31]&=127,o[31]|=64,C(i,o),O(i),function(n,t){var r;for(r=0;r<16;r++)n[r]=t[r]}(a[0],i.subarray(0,16)),function(n,t){var r;for(r=0;r<16;r++)n[r]=t[r]}(a[1],i.subarray(16,32)),function(n,t){var r;for(r=0;r<16;r++)n[r]=t[r]}(a[2],i.subarray(32,48)),function(n,t){var r;for(r=0;r<16;r++)n[r]=t[r]}(a[3],i.subarray(48,64)),function(n,t,r,e,o){var a,u,c=t(),f=t(),s=t(),l=t(),h=t(),p=t(),y=t(),d=t(),g=t();for(I(c,n[1],n[0]),I(g,e[1],e[0]),D(c,0,16),D(g,0,16),I(f,n[0],n[1]),I(d,e[0],e[1]),D(f,0,16),D(d,0,16),D(s,c,d),D(l,f,g),I(h,s,l),P(p,s,l),D(y,r[2],o[2]),F(y,0,16),function(n,t){var r;for(r=0;r<16;r++)n[r]=2*t[r]}(y,y),I(d,r[3],o[3]),D(d,0,16),I(g,y,d),P(c,y,d),D(f,n[2],n[2]),G(s,0,0),D(l,s,p),D(s,h,g),D(y,h,c),D(d,l,c),D(g,p,g),a=t(),u=t(),I(a,s,y),I(u,d,g),j(n[0],a),j(n[1],u),I(a,l,g),I(u,s,d),j(n[2],a),j(n[3],u)}(a,a,i.subarray(64,80),f,c),H(i,a[2],i),D(i,0,16),function(n,t){var r,e=t();for(I(e,n[0],n[1]),P(n[0],n[0],n[1]),D(n[0],0,16),D(e,0,16),J(n[1],e),D(n[1],0,16),D(n[1],0,16),D(n[0],n[0],n[1]),r=0;r<16;r++)n[0][r]=Math.round(n[0][r])}(a,i),j(a[0],a[0]),N(o,a[0]);for(var u=0;u<32;u++)o[u]^=128&o[31];for(e=0;e<32;e++)n[e+32]=o[e];for(e=0;e<32;e++)n[e]=r[e]}(r,n),{publicKey:r.subarray(32),secretKey:r}},n.sign.keyPair.fromSeed=function(n){if(32!==n.length)throw new Error("bad seed size");var t=new Uint8Array(64);return function(n,r){var e,o=new Uint8Array(64),i=new Float64Array(80),a=[t(),t(),t(),t()];for(e=0;e<64;e++)o[e]=r[e];!function(n){var t,r=new Uint8Array(64);for(t=0;t<64;t++)r[t]=n[t];!function(n){var t,r,e,o,i,a,u,c,f,s=new Uint32Array(16),l=new Uint32Array(16);for(t=0;t<16;t++)s[t]=0,l[t]=0;for(t=0;t<64;t++)s[t>>2]|=n[t]<<(24-8*(3&t));s[0]+=1779033703,s[1]+=3144134277,s[2]+=1013904242,s[3]+=2773480762,s[4]+=1359893119,s[5]+=2600822924,s[6]+=528734635,s[7]+=1541459225;for(var h=0;h<80;h++){if(r=s[0],e=s[1],o=s[2],i=s[3],a=s[4],u=s[5],c=s[6],f=s[7],h<16)l[h]=s[h];else{var p=l[h-15],y=l[h-2];l[h]=(l[h-16]+(((p>>>7|p<<25)^(p>>>18|p<<14)^p>>>3)>>>0)+l[h-7]+(((y>>>17|y<<15)^(y>>>19|y<<13)^y>>>10)>>>0))>>>0}var d=((((a>>>6|a<<26)^(a>>>11|a<<21)^(a>>>25|a<<7))>>>0)+(a&u^~a&c)>>>0)+(f+(([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298][h]>>>0)+l[h]>>>0)>>>0)>>>0,g=((((r>>>2|r<<30)^(r>>>13|r<<19)^(r>>>22|r<<10))>>>0)+(r&e^r&o^e&o)>>>0)>>>0;s[7]=s[6],s[6]=s[5],s[5]=s[4],s[4]=i+d>>>0,s[3]=s[2],s[2]=s[1],s[1]=s[0],s[0]=d+g>>>0}for(t=0;t<8;t++)s[t]=s[t]+[1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225][t]>>>0;for(t=0;t<8;t++)n[4*t]=s[t]>>>24,n[4*t+1]=s[t]>>>16&255,n[4*t+2]=s[t]>>>8&255,n[4*t+3]=255&s[t]}}(n),t=0;t<64;t++)n[t]=r[t]}(o),o[0]&=248,o[31]&=127,o[31]|=64,C(i,o),O(i),function(n,t){var r;for(r=0;r<16;r++)n[r]=t[r]}(a[0],i.subarray(0,16)),function(n,t){var r;for(r=0;r<16;r++)n[r]=t[r]}(a[1],i.subarray(16,32)),function(n,t){var r;for(r=0;r<16;r++)n[r]=t[r]}(a[2],i.subarray(32,48)),function(n,t){var r;for(r=0;r<16;r++)n[r]=t[r]}(a[3],i.subarray(48,64)),function(n,t,r,e,o){var a,u,c=t(),f=t(),s=t(),l=t(),h=t(),p=t(),y=t(),d=t(),g=t();for(I(c,n[1],n[0]),I(g,e[1],e[0]),D(c,0,16),D(g,0,16),I(f,n[0],n[1]),I(d,e[0],e[1]),D(f,0,16),D(d,0,16),D(s,c,d),D(l,f,g),I(h,s,l),P(p,s,l),D(y,r[2],o[2]),F(y,0,16),function(n,t){var r;for(r=0;r<16;r++)n[r]=2*t[r]}(y,y),I(d,r[3],o[3]),D(d,0,16),I(g,y,d),P(c,y,d),D(f,n[2],n[2]),G(s,0,0),D(l,s,p),D(s,h,g),D(y,h,c),D(d,l,c),D(g,p,g),a=t(),u=t(),I(a,s,y),I(u,d,g),j(n[0],a),j(n[1],u),I(a,l,g),I(u,s,d),j(n[2],a),j(n[3],u)}(a,a,i.subarray(64,80),f,c),H(i,a[2],i),D(i,0,16),function(n,t){var r,e=t();for(I(e,n[0],n[1]),P(n[0],n[0],n[1]),D(n[0],0,16),D(e,0,16),J(n[1],e),D(n[1],0,16),D(n[1],0,16),D(n[0],n[0],n[1]),r=0;r<16;r++)n[0][r]=Math.round(n[0][r])}(a,i),j(a[0],a[0]),N(t.subarray(32),a[0]);for(var u=0;u<32;u++)t[u+32]^=128&t[63];for(e=0;e<32;e++)t[e]=n[e]}(t,function(n){var t=new Uint8Array(64);return function(n,t){!function(n){var t,r,e,o,i,a,u,c,f,s=new Uint32Array(16),l=new Uint32Array(16);for(t=0;t<16;t++)s[t]=0,l[t]=0;for(t=0;t<64;t++)s[t>>2]|=n[t]<<(24-8*(3&t));s[0]+=1779033703,s[1]+=3144134277,s[2]+=1013904242,s[3]+=2773480762,s[4]+=1359893119,s[5]+=2600822924,s[6]+=528734635,s[7]+=1541459225;for(var h=0;h<80;h++){if(r=s[0],e=s[1],o=s[2],i=s[3],a=s[4],u=s[5],c=s[6],f=s[7],h<16)l[h]=s[h];else{var p=l[h-15],y=l[h-2];l[h]=(l[h-16]+(((p>>>7|p<<25)^(p>>>18|p<<14)^p>>>3)>>>0)+l[h-7]+(((y>>>17|y<<15)^(y>>>19|y<<13)^y>>>10)>>>0))>>>0}var d=((((a>>>6|a<<26)^(a>>>11|a<<21)^(a>>>25|a<<7))>>>0)+(a&u^~a&c)>>>0)+(f+(([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298][h]>>>0)+l[h]>>>0)>>>0)>>>0,g=((((r>>>2|r<<30)^(r>>>13|r<<19)^(r>>>22|r<<10))>>>0)+(r&e^r&o^e&o)>>>0)>>>0;s[7]=s[6],s[6]=s[5],s[5]=s[4],s[4]=i+d>>>0,s[3]=s[2],s[2]=s[1],s[1]=s[0],s[0]=d+g>>>0}for(t=0;t<8;t++)s[t]=s[t]+[1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225][t]>>>0;for(t=0;t<8;t++)n[4*t]=s[t]>>>24,n[4*t+1]=s[t]>>>16&255,n[4*t+2]=s[t]>>>8&255,n[4*t+3]=255&s[t]}(n);for(var r=0;r<64;r++)n[r]=t[r]}(t,n),t}(n)),{publicKey:t.subarray(32),secretKey:t}},n.sign.publicKeyLength=32,n.sign.secretKeyLength=64,n.sign.seedLength=32,n.sign.signatureLength=64,n.verify=function(n,t,r){var e;if(64!==t.length)throw new Error("bad signature size");if(32!==r.length)throw new Error("bad public key size");if(e=new Uint8Array(64+n.length),function(n,t){for(var r=0;r>2]|=n[t]<<(24-8*(3&t));s[0]+=1779033703,s[1]+=3144134277,s[2]+=1013904242,s[3]+=2773480762,s[4]+=1359893119,s[5]+=2600822924,s[6]+=528734635,s[7]+=1541459225;for(var h=0;h<80;h++){if(r=s[0],e=s[1],o=s[2],i=s[3],a=s[4],u=s[5],c=s[6],f=s[7],h<16)l[h]=s[h];else{var p=l[h-15],y=l[h-2];l[h]=(l[h-16]+(((p>>>7|p<<25)^(p>>>18|p<<14)^p>>>3)>>>0)+l[h-7]+(((y>>>17|y<<15)^(y>>>19|y<<13)^y>>>10)>>>0))>>>0}var d=((((a>>>6|a<<26)^(a>>>11|a<<21)^(a>>>25|a<<7))>>>0)+(a&u^~a&c)>>>0)+(f+(([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298][h]>>>0)+l[h]>>>0)>>>0)>>>0,g=((((r>>>2|r<<30)^(r>>>13|r<<19)^(r>>>22|r<<10))>>>0)+(r&e^r&o^e&o)>>>0)>>>0;s[7]=s[6],s[6]=s[5],s[5]=s[4],s[4]=i+d>>>0,s[3]=s[2],s[2]=s[1],s[1]=s[0],s[0]=d+g>>>0}for(t=0;t<8;t++)s[t]=s[t]+[1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225][t]>>>0;for(t=0;t<8;t++)n[4*t]=s[t]>>>24,n[4*t+1]=s[t]>>>16&255,n[4*t+2]=s[t]>>>8&255,n[4*t+3]=255&s[t]}}(n),t=0;t<64;t++)n[t]=r[t]}(t),t},n.randomBytes=function(n){var t=new Uint8Array(n);return r(t),t},n.setPRNG=function(n){r=n},n}({}); + /* tweetnacl-js (nacl-fast.min.js) */ +!function(i){"use strict";var v=function(r){var t,n=new Float64Array(16);if(r)for(t=0;t>24&255,r[t+1]=n>>16&255,r[t+2]=n>>8&255,r[t+3]=255&n,r[t+4]=e>>24&255,r[t+5]=e>>16&255,r[t+6]=e>>8&255,r[t+7]=255&e}function w(r,t,n,e,o){var i,h=0;for(i=0;i>>8)-1}function b(r,t,n,e){return w(r,t,n,e,16)}function g(r,t,n,e){return w(r,t,n,e,32)}function A(r,t,n,e){!function(r,t,n,e){for(var o,i=255&e[0]|(255&e[1])<<8|(255&e[2])<<16|(255&e[3])<<24,h=255&n[0]|(255&n[1])<<8|(255&n[2])<<16|(255&n[3])<<24,a=255&n[4]|(255&n[5])<<8|(255&n[6])<<16|(255&n[7])<<24,f=255&n[8]|(255&n[9])<<8|(255&n[10])<<16|(255&n[11])<<24,s=255&n[12]|(255&n[13])<<8|(255&n[14])<<16|(255&n[15])<<24,u=255&e[4]|(255&e[5])<<8|(255&e[6])<<16|(255&e[7])<<24,c=255&t[0]|(255&t[1])<<8|(255&t[2])<<16|(255&t[3])<<24,y=255&t[4]|(255&t[5])<<8|(255&t[6])<<16|(255&t[7])<<24,l=255&t[8]|(255&t[9])<<8|(255&t[10])<<16|(255&t[11])<<24,w=255&t[12]|(255&t[13])<<8|(255&t[14])<<16|(255&t[15])<<24,v=255&e[8]|(255&e[9])<<8|(255&e[10])<<16|(255&e[11])<<24,p=255&n[16]|(255&n[17])<<8|(255&n[18])<<16|(255&n[19])<<24,b=255&n[20]|(255&n[21])<<8|(255&n[22])<<16|(255&n[23])<<24,g=255&n[24]|(255&n[25])<<8|(255&n[26])<<16|(255&n[27])<<24,A=255&n[28]|(255&n[29])<<8|(255&n[30])<<16|(255&n[31])<<24,_=255&e[12]|(255&e[13])<<8|(255&e[14])<<16|(255&e[15])<<24,U=i,d=h,E=a,x=f,M=s,m=u,B=c,S=y,k=l,K=w,Y=v,L=p,T=b,z=g,R=A,P=_,N=0;N<20;N+=2)U^=(o=(T^=(o=(k^=(o=(M^=(o=U+T|0)<<7|o>>>25)+U|0)<<9|o>>>23)+M|0)<<13|o>>>19)+k|0)<<18|o>>>14,m^=(o=(d^=(o=(z^=(o=(K^=(o=m+d|0)<<7|o>>>25)+m|0)<<9|o>>>23)+K|0)<<13|o>>>19)+z|0)<<18|o>>>14,Y^=(o=(B^=(o=(E^=(o=(R^=(o=Y+B|0)<<7|o>>>25)+Y|0)<<9|o>>>23)+R|0)<<13|o>>>19)+E|0)<<18|o>>>14,P^=(o=(L^=(o=(S^=(o=(x^=(o=P+L|0)<<7|o>>>25)+P|0)<<9|o>>>23)+x|0)<<13|o>>>19)+S|0)<<18|o>>>14,U^=(o=(x^=(o=(E^=(o=(d^=(o=U+x|0)<<7|o>>>25)+U|0)<<9|o>>>23)+d|0)<<13|o>>>19)+E|0)<<18|o>>>14,m^=(o=(M^=(o=(S^=(o=(B^=(o=m+M|0)<<7|o>>>25)+m|0)<<9|o>>>23)+B|0)<<13|o>>>19)+S|0)<<18|o>>>14,Y^=(o=(K^=(o=(k^=(o=(L^=(o=Y+K|0)<<7|o>>>25)+Y|0)<<9|o>>>23)+L|0)<<13|o>>>19)+k|0)<<18|o>>>14,P^=(o=(R^=(o=(z^=(o=(T^=(o=P+R|0)<<7|o>>>25)+P|0)<<9|o>>>23)+T|0)<<13|o>>>19)+z|0)<<18|o>>>14;U=U+i|0,d=d+h|0,E=E+a|0,x=x+f|0,M=M+s|0,m=m+u|0,B=B+c|0,S=S+y|0,k=k+l|0,K=K+w|0,Y=Y+v|0,L=L+p|0,T=T+b|0,z=z+g|0,R=R+A|0,P=P+_|0,r[0]=U>>>0&255,r[1]=U>>>8&255,r[2]=U>>>16&255,r[3]=U>>>24&255,r[4]=d>>>0&255,r[5]=d>>>8&255,r[6]=d>>>16&255,r[7]=d>>>24&255,r[8]=E>>>0&255,r[9]=E>>>8&255,r[10]=E>>>16&255,r[11]=E>>>24&255,r[12]=x>>>0&255,r[13]=x>>>8&255,r[14]=x>>>16&255,r[15]=x>>>24&255,r[16]=M>>>0&255,r[17]=M>>>8&255,r[18]=M>>>16&255,r[19]=M>>>24&255,r[20]=m>>>0&255,r[21]=m>>>8&255,r[22]=m>>>16&255,r[23]=m>>>24&255,r[24]=B>>>0&255,r[25]=B>>>8&255,r[26]=B>>>16&255,r[27]=B>>>24&255,r[28]=S>>>0&255,r[29]=S>>>8&255,r[30]=S>>>16&255,r[31]=S>>>24&255,r[32]=k>>>0&255,r[33]=k>>>8&255,r[34]=k>>>16&255,r[35]=k>>>24&255,r[36]=K>>>0&255,r[37]=K>>>8&255,r[38]=K>>>16&255,r[39]=K>>>24&255,r[40]=Y>>>0&255,r[41]=Y>>>8&255,r[42]=Y>>>16&255,r[43]=Y>>>24&255,r[44]=L>>>0&255,r[45]=L>>>8&255,r[46]=L>>>16&255,r[47]=L>>>24&255,r[48]=T>>>0&255,r[49]=T>>>8&255,r[50]=T>>>16&255,r[51]=T>>>24&255,r[52]=z>>>0&255,r[53]=z>>>8&255,r[54]=z>>>16&255,r[55]=z>>>24&255,r[56]=R>>>0&255,r[57]=R>>>8&255,r[58]=R>>>16&255,r[59]=R>>>24&255,r[60]=P>>>0&255,r[61]=P>>>8&255,r[62]=P>>>16&255,r[63]=P>>>24&255}(r,t,n,e)}function _(r,t,n,e){!function(r,t,n,e){for(var o,i=255&e[0]|(255&e[1])<<8|(255&e[2])<<16|(255&e[3])<<24,h=255&n[0]|(255&n[1])<<8|(255&n[2])<<16|(255&n[3])<<24,a=255&n[4]|(255&n[5])<<8|(255&n[6])<<16|(255&n[7])<<24,f=255&n[8]|(255&n[9])<<8|(255&n[10])<<16|(255&n[11])<<24,s=255&n[12]|(255&n[13])<<8|(255&n[14])<<16|(255&n[15])<<24,u=255&e[4]|(255&e[5])<<8|(255&e[6])<<16|(255&e[7])<<24,c=255&t[0]|(255&t[1])<<8|(255&t[2])<<16|(255&t[3])<<24,y=255&t[4]|(255&t[5])<<8|(255&t[6])<<16|(255&t[7])<<24,l=255&t[8]|(255&t[9])<<8|(255&t[10])<<16|(255&t[11])<<24,w=255&t[12]|(255&t[13])<<8|(255&t[14])<<16|(255&t[15])<<24,v=255&e[8]|(255&e[9])<<8|(255&e[10])<<16|(255&e[11])<<24,p=255&n[16]|(255&n[17])<<8|(255&n[18])<<16|(255&n[19])<<24,b=255&n[20]|(255&n[21])<<8|(255&n[22])<<16|(255&n[23])<<24,g=255&n[24]|(255&n[25])<<8|(255&n[26])<<16|(255&n[27])<<24,A=255&n[28]|(255&n[29])<<8|(255&n[30])<<16|(255&n[31])<<24,_=255&e[12]|(255&e[13])<<8|(255&e[14])<<16|(255&e[15])<<24,U=0;U<20;U+=2)i^=(o=(b^=(o=(l^=(o=(s^=(o=i+b|0)<<7|o>>>25)+i|0)<<9|o>>>23)+s|0)<<13|o>>>19)+l|0)<<18|o>>>14,u^=(o=(h^=(o=(g^=(o=(w^=(o=u+h|0)<<7|o>>>25)+u|0)<<9|o>>>23)+w|0)<<13|o>>>19)+g|0)<<18|o>>>14,v^=(o=(c^=(o=(a^=(o=(A^=(o=v+c|0)<<7|o>>>25)+v|0)<<9|o>>>23)+A|0)<<13|o>>>19)+a|0)<<18|o>>>14,_^=(o=(p^=(o=(y^=(o=(f^=(o=_+p|0)<<7|o>>>25)+_|0)<<9|o>>>23)+f|0)<<13|o>>>19)+y|0)<<18|o>>>14,i^=(o=(f^=(o=(a^=(o=(h^=(o=i+f|0)<<7|o>>>25)+i|0)<<9|o>>>23)+h|0)<<13|o>>>19)+a|0)<<18|o>>>14,u^=(o=(s^=(o=(y^=(o=(c^=(o=u+s|0)<<7|o>>>25)+u|0)<<9|o>>>23)+c|0)<<13|o>>>19)+y|0)<<18|o>>>14,v^=(o=(w^=(o=(l^=(o=(p^=(o=v+w|0)<<7|o>>>25)+v|0)<<9|o>>>23)+p|0)<<13|o>>>19)+l|0)<<18|o>>>14,_^=(o=(A^=(o=(g^=(o=(b^=(o=_+A|0)<<7|o>>>25)+_|0)<<9|o>>>23)+b|0)<<13|o>>>19)+g|0)<<18|o>>>14;r[0]=i>>>0&255,r[1]=i>>>8&255,r[2]=i>>>16&255,r[3]=i>>>24&255,r[4]=u>>>0&255,r[5]=u>>>8&255,r[6]=u>>>16&255,r[7]=u>>>24&255,r[8]=v>>>0&255,r[9]=v>>>8&255,r[10]=v>>>16&255,r[11]=v>>>24&255,r[12]=_>>>0&255,r[13]=_>>>8&255,r[14]=_>>>16&255,r[15]=_>>>24&255,r[16]=c>>>0&255,r[17]=c>>>8&255,r[18]=c>>>16&255,r[19]=c>>>24&255,r[20]=y>>>0&255,r[21]=y>>>8&255,r[22]=y>>>16&255,r[23]=y>>>24&255,r[24]=l>>>0&255,r[25]=l>>>8&255,r[26]=l>>>16&255,r[27]=l>>>24&255,r[28]=w>>>0&255,r[29]=w>>>8&255,r[30]=w>>>16&255,r[31]=w>>>24&255}(r,t,n,e)}var U=new Uint8Array([101,120,112,97,110,100,32,51,50,45,98,121,116,101,32,107]);function d(r,t,n,e,o,i,h){var a,f,s=new Uint8Array(16),u=new Uint8Array(64);for(f=0;f<16;f++)s[f]=0;for(f=0;f<8;f++)s[f]=i[f];for(;64<=o;){for(A(u,s,h,U),f=0;f<64;f++)r[t+f]=n[e+f]^u[f];for(a=1,f=8;f<16;f++)a=a+(255&s[f])|0,s[f]=255&a,a>>>=8;o-=64,t+=64,e+=64}if(0>>=8;n-=64,t+=64}if(0>>13|n<<3),e=255&r[4]|(255&r[5])<<8,this.r[2]=7939&(n>>>10|e<<6),o=255&r[6]|(255&r[7])<<8,this.r[3]=8191&(e>>>7|o<<9),i=255&r[8]|(255&r[9])<<8,this.r[4]=255&(o>>>4|i<<12),this.r[5]=i>>>1&8190,h=255&r[10]|(255&r[11])<<8,this.r[6]=8191&(i>>>14|h<<2),a=255&r[12]|(255&r[13])<<8,this.r[7]=8065&(h>>>11|a<<5),f=255&r[14]|(255&r[15])<<8,this.r[8]=8191&(a>>>8|f<<8),this.r[9]=f>>>5&127,this.pad[0]=255&r[16]|(255&r[17])<<8,this.pad[1]=255&r[18]|(255&r[19])<<8,this.pad[2]=255&r[20]|(255&r[21])<<8,this.pad[3]=255&r[22]|(255&r[23])<<8,this.pad[4]=255&r[24]|(255&r[25])<<8,this.pad[5]=255&r[26]|(255&r[27])<<8,this.pad[6]=255&r[28]|(255&r[29])<<8,this.pad[7]=255&r[30]|(255&r[31])<<8};function B(r,t,n,e,o,i){var h=new m(i);return h.update(n,e,o),h.finish(r,t),0}function S(r,t,n,e,o,i){var h=new Uint8Array(16);return B(h,0,n,e,o,i),b(r,t,h,0)}function k(r,t,n,e,o){var i;if(n<32)return-1;for(M(r,0,t,0,n,e,o),B(r,16,r,32,n-32,r),i=0;i<16;i++)r[i]=0;return 0}function K(r,t,n,e,o){var i,h=new Uint8Array(32);if(n<32)return-1;if(x(h,0,32,e,o),0!==S(t,16,t,32,n-32,h))return-1;for(M(r,0,t,0,n,e,o),i=0;i<32;i++)r[i]=0;return 0}function Y(r,t){var n;for(n=0;n<16;n++)r[n]=0|t[n]}function L(r){var t,n,e=1;for(t=0;t<16;t++)n=r[t]+e+65535,e=Math.floor(n/65536),r[t]=n-65536*e;r[0]+=e-1+37*(e-1)}function T(r,t,n){for(var e,o=~(n-1),i=0;i<16;i++)e=o&(r[i]^t[i]),r[i]^=e,t[i]^=e}function z(r,t){var n,e,o,i=v(),h=v();for(n=0;n<16;n++)h[n]=t[n];for(L(h),L(h),L(h),e=0;e<2;e++){for(i[0]=h[0]-65517,n=1;n<15;n++)i[n]=h[n]-65535-(i[n-1]>>16&1),i[n-1]&=65535;i[15]=h[15]-32767-(i[14]>>16&1),o=i[15]>>16&1,i[14]&=65535,T(h,i,1-o)}for(n=0;n<16;n++)r[2*n]=255&h[n],r[2*n+1]=h[n]>>8}function R(r,t){var n=new Uint8Array(32),e=new Uint8Array(32);return z(n,r),z(e,t),g(n,0,e,0)}function P(r){var t=new Uint8Array(32);return z(t,r),1&t[0]}function N(r,t){var n;for(n=0;n<16;n++)r[n]=t[2*n]+(t[2*n+1]<<8);r[15]&=32767}function O(r,t,n){for(var e=0;e<16;e++)r[e]=t[e]+n[e]}function C(r,t,n){for(var e=0;e<16;e++)r[e]=t[e]-n[e]}function F(r,t,n){var e,o,i=0,h=0,a=0,f=0,s=0,u=0,c=0,y=0,l=0,w=0,v=0,p=0,b=0,g=0,A=0,_=0,U=0,d=0,E=0,x=0,M=0,m=0,B=0,S=0,k=0,K=0,Y=0,L=0,T=0,z=0,R=0,P=n[0],N=n[1],O=n[2],C=n[3],F=n[4],I=n[5],Z=n[6],G=n[7],q=n[8],D=n[9],V=n[10],X=n[11],j=n[12],H=n[13],J=n[14],Q=n[15];i+=(e=t[0])*P,h+=e*N,a+=e*O,f+=e*C,s+=e*F,u+=e*I,c+=e*Z,y+=e*G,l+=e*q,w+=e*D,v+=e*V,p+=e*X,b+=e*j,g+=e*H,A+=e*J,_+=e*Q,h+=(e=t[1])*P,a+=e*N,f+=e*O,s+=e*C,u+=e*F,c+=e*I,y+=e*Z,l+=e*G,w+=e*q,v+=e*D,p+=e*V,b+=e*X,g+=e*j,A+=e*H,_+=e*J,U+=e*Q,a+=(e=t[2])*P,f+=e*N,s+=e*O,u+=e*C,c+=e*F,y+=e*I,l+=e*Z,w+=e*G,v+=e*q,p+=e*D,b+=e*V,g+=e*X,A+=e*j,_+=e*H,U+=e*J,d+=e*Q,f+=(e=t[3])*P,s+=e*N,u+=e*O,c+=e*C,y+=e*F,l+=e*I,w+=e*Z,v+=e*G,p+=e*q,b+=e*D,g+=e*V,A+=e*X,_+=e*j,U+=e*H,d+=e*J,E+=e*Q,s+=(e=t[4])*P,u+=e*N,c+=e*O,y+=e*C,l+=e*F,w+=e*I,v+=e*Z,p+=e*G,b+=e*q,g+=e*D,A+=e*V,_+=e*X,U+=e*j,d+=e*H,E+=e*J,x+=e*Q,u+=(e=t[5])*P,c+=e*N,y+=e*O,l+=e*C,w+=e*F,v+=e*I,p+=e*Z,b+=e*G,g+=e*q,A+=e*D,_+=e*V,U+=e*X,d+=e*j,E+=e*H,x+=e*J,M+=e*Q,c+=(e=t[6])*P,y+=e*N,l+=e*O,w+=e*C,v+=e*F,p+=e*I,b+=e*Z,g+=e*G,A+=e*q,_+=e*D,U+=e*V,d+=e*X,E+=e*j,x+=e*H,M+=e*J,m+=e*Q,y+=(e=t[7])*P,l+=e*N,w+=e*O,v+=e*C,p+=e*F,b+=e*I,g+=e*Z,A+=e*G,_+=e*q,U+=e*D,d+=e*V,E+=e*X,x+=e*j,M+=e*H,m+=e*J,B+=e*Q,l+=(e=t[8])*P,w+=e*N,v+=e*O,p+=e*C,b+=e*F,g+=e*I,A+=e*Z,_+=e*G,U+=e*q,d+=e*D,E+=e*V,x+=e*X,M+=e*j,m+=e*H,B+=e*J,S+=e*Q,w+=(e=t[9])*P,v+=e*N,p+=e*O,b+=e*C,g+=e*F,A+=e*I,_+=e*Z,U+=e*G,d+=e*q,E+=e*D,x+=e*V,M+=e*X,m+=e*j,B+=e*H,S+=e*J,k+=e*Q,v+=(e=t[10])*P,p+=e*N,b+=e*O,g+=e*C,A+=e*F,_+=e*I,U+=e*Z,d+=e*G,E+=e*q,x+=e*D,M+=e*V,m+=e*X,B+=e*j,S+=e*H,k+=e*J,K+=e*Q,p+=(e=t[11])*P,b+=e*N,g+=e*O,A+=e*C,_+=e*F,U+=e*I,d+=e*Z,E+=e*G,x+=e*q,M+=e*D,m+=e*V,B+=e*X,S+=e*j,k+=e*H,K+=e*J,Y+=e*Q,b+=(e=t[12])*P,g+=e*N,A+=e*O,_+=e*C,U+=e*F,d+=e*I,E+=e*Z,x+=e*G,M+=e*q,m+=e*D,B+=e*V,S+=e*X,k+=e*j,K+=e*H,Y+=e*J,L+=e*Q,g+=(e=t[13])*P,A+=e*N,_+=e*O,U+=e*C,d+=e*F,E+=e*I,x+=e*Z,M+=e*G,m+=e*q,B+=e*D,S+=e*V,k+=e*X,K+=e*j,Y+=e*H,L+=e*J,T+=e*Q,A+=(e=t[14])*P,_+=e*N,U+=e*O,d+=e*C,E+=e*F,x+=e*I,M+=e*Z,m+=e*G,B+=e*q,S+=e*D,k+=e*V,K+=e*X,Y+=e*j,L+=e*H,T+=e*J,z+=e*Q,_+=(e=t[15])*P,h+=38*(d+=e*O),a+=38*(E+=e*C),f+=38*(x+=e*F),s+=38*(M+=e*I),u+=38*(m+=e*Z),c+=38*(B+=e*G),y+=38*(S+=e*q),l+=38*(k+=e*D),w+=38*(K+=e*V),v+=38*(Y+=e*X),p+=38*(L+=e*j),b+=38*(T+=e*H),g+=38*(z+=e*J),A+=38*(R+=e*Q),i=(e=(i+=38*(U+=e*N))+(o=1)+65535)-65536*(o=Math.floor(e/65536)),h=(e=h+o+65535)-65536*(o=Math.floor(e/65536)),a=(e=a+o+65535)-65536*(o=Math.floor(e/65536)),f=(e=f+o+65535)-65536*(o=Math.floor(e/65536)),s=(e=s+o+65535)-65536*(o=Math.floor(e/65536)),u=(e=u+o+65535)-65536*(o=Math.floor(e/65536)),c=(e=c+o+65535)-65536*(o=Math.floor(e/65536)),y=(e=y+o+65535)-65536*(o=Math.floor(e/65536)),l=(e=l+o+65535)-65536*(o=Math.floor(e/65536)),w=(e=w+o+65535)-65536*(o=Math.floor(e/65536)),v=(e=v+o+65535)-65536*(o=Math.floor(e/65536)),p=(e=p+o+65535)-65536*(o=Math.floor(e/65536)),b=(e=b+o+65535)-65536*(o=Math.floor(e/65536)),g=(e=g+o+65535)-65536*(o=Math.floor(e/65536)),A=(e=A+o+65535)-65536*(o=Math.floor(e/65536)),_=(e=_+o+65535)-65536*(o=Math.floor(e/65536)),i=(e=(i+=o-1+37*(o-1))+(o=1)+65535)-65536*(o=Math.floor(e/65536)),h=(e=h+o+65535)-65536*(o=Math.floor(e/65536)),a=(e=a+o+65535)-65536*(o=Math.floor(e/65536)),f=(e=f+o+65535)-65536*(o=Math.floor(e/65536)),s=(e=s+o+65535)-65536*(o=Math.floor(e/65536)),u=(e=u+o+65535)-65536*(o=Math.floor(e/65536)),c=(e=c+o+65535)-65536*(o=Math.floor(e/65536)),y=(e=y+o+65535)-65536*(o=Math.floor(e/65536)),l=(e=l+o+65535)-65536*(o=Math.floor(e/65536)),w=(e=w+o+65535)-65536*(o=Math.floor(e/65536)),v=(e=v+o+65535)-65536*(o=Math.floor(e/65536)),p=(e=p+o+65535)-65536*(o=Math.floor(e/65536)),b=(e=b+o+65535)-65536*(o=Math.floor(e/65536)),g=(e=g+o+65535)-65536*(o=Math.floor(e/65536)),A=(e=A+o+65535)-65536*(o=Math.floor(e/65536)),_=(e=_+o+65535)-65536*(o=Math.floor(e/65536)),i+=o-1+37*(o-1),r[0]=i,r[1]=h,r[2]=a,r[3]=f,r[4]=s,r[5]=u,r[6]=c,r[7]=y,r[8]=l,r[9]=w,r[10]=v,r[11]=p,r[12]=b,r[13]=g,r[14]=A,r[15]=_}function I(r,t){F(r,t,t)}function Z(r,t){var n,e=v();for(n=0;n<16;n++)e[n]=t[n];for(n=253;0<=n;n--)I(e,e),2!==n&&4!==n&&F(e,e,t);for(n=0;n<16;n++)r[n]=e[n]}function G(r,t){var n,e=v();for(n=0;n<16;n++)e[n]=t[n];for(n=250;0<=n;n--)I(e,e),1!==n&&F(e,e,t);for(n=0;n<16;n++)r[n]=e[n]}function q(r,t,n){var e,o,i=new Uint8Array(32),h=new Float64Array(80),a=v(),f=v(),s=v(),u=v(),c=v(),y=v();for(o=0;o<31;o++)i[o]=t[o];for(i[31]=127&t[31]|64,i[0]&=248,N(h,n),o=0;o<16;o++)f[o]=h[o],u[o]=a[o]=s[o]=0;for(a[0]=u[0]=1,o=254;0<=o;--o)T(a,f,e=i[o>>>3]>>>(7&o)&1),T(s,u,e),O(c,a,s),C(a,a,s),O(s,f,u),C(f,f,u),I(u,c),I(y,a),F(a,s,a),F(s,f,c),O(c,a,s),C(a,a,s),I(f,a),C(s,u,y),F(a,s,p),O(a,a,u),F(s,s,a),F(a,u,y),F(u,f,h),I(f,c),T(a,f,e),T(s,u,e);for(o=0;o<16;o++)h[o+16]=a[o],h[o+32]=s[o],h[o+48]=f[o],h[o+64]=u[o];var l=h.subarray(32),w=h.subarray(16);return Z(l,l),F(w,w,l),z(r,w),0}function D(r,t){return q(r,t,n)}function V(r,t){return h(t,32),D(r,t)}function X(r,t,n){var e=new Uint8Array(32);return q(e,n,t),_(r,o,e,U)}m.prototype.blocks=function(r,t,n){for(var e,o,i,h,a,f,s,u,c,y,l,w,v,p,b,g,A,_,U,d=this.fin?0:2048,E=this.h[0],x=this.h[1],M=this.h[2],m=this.h[3],B=this.h[4],S=this.h[5],k=this.h[6],K=this.h[7],Y=this.h[8],L=this.h[9],T=this.r[0],z=this.r[1],R=this.r[2],P=this.r[3],N=this.r[4],O=this.r[5],C=this.r[6],F=this.r[7],I=this.r[8],Z=this.r[9];16<=n;)y=c=0,y+=(E+=8191&(e=255&r[t+0]|(255&r[t+1])<<8))*T,y+=(x+=8191&(e>>>13|(o=255&r[t+2]|(255&r[t+3])<<8)<<3))*(5*Z),y+=(M+=8191&(o>>>10|(i=255&r[t+4]|(255&r[t+5])<<8)<<6))*(5*I),y+=(m+=8191&(i>>>7|(h=255&r[t+6]|(255&r[t+7])<<8)<<9))*(5*F),c=(y+=(B+=8191&(h>>>4|(a=255&r[t+8]|(255&r[t+9])<<8)<<12))*(5*C))>>>13,y&=8191,y+=(S+=a>>>1&8191)*(5*O),y+=(k+=8191&(a>>>14|(f=255&r[t+10]|(255&r[t+11])<<8)<<2))*(5*N),y+=(K+=8191&(f>>>11|(s=255&r[t+12]|(255&r[t+13])<<8)<<5))*(5*P),y+=(Y+=8191&(s>>>8|(u=255&r[t+14]|(255&r[t+15])<<8)<<8))*(5*R),l=c+=(y+=(L+=u>>>5|d)*(5*z))>>>13,l+=E*z,l+=x*T,l+=M*(5*Z),l+=m*(5*I),c=(l+=B*(5*F))>>>13,l&=8191,l+=S*(5*C),l+=k*(5*O),l+=K*(5*N),l+=Y*(5*P),c+=(l+=L*(5*R))>>>13,l&=8191,w=c,w+=E*R,w+=x*z,w+=M*T,w+=m*(5*Z),c=(w+=B*(5*I))>>>13,w&=8191,w+=S*(5*F),w+=k*(5*C),w+=K*(5*O),w+=Y*(5*N),v=c+=(w+=L*(5*P))>>>13,v+=E*P,v+=x*R,v+=M*z,v+=m*T,c=(v+=B*(5*Z))>>>13,v&=8191,v+=S*(5*I),v+=k*(5*F),v+=K*(5*C),v+=Y*(5*O),p=c+=(v+=L*(5*N))>>>13,p+=E*N,p+=x*P,p+=M*R,p+=m*z,c=(p+=B*T)>>>13,p&=8191,p+=S*(5*Z),p+=k*(5*I),p+=K*(5*F),p+=Y*(5*C),b=c+=(p+=L*(5*O))>>>13,b+=E*O,b+=x*N,b+=M*P,b+=m*R,c=(b+=B*z)>>>13,b&=8191,b+=S*T,b+=k*(5*Z),b+=K*(5*I),b+=Y*(5*F),g=c+=(b+=L*(5*C))>>>13,g+=E*C,g+=x*O,g+=M*N,g+=m*P,c=(g+=B*R)>>>13,g&=8191,g+=S*z,g+=k*T,g+=K*(5*Z),g+=Y*(5*I),A=c+=(g+=L*(5*F))>>>13,A+=E*F,A+=x*C,A+=M*O,A+=m*N,c=(A+=B*P)>>>13,A&=8191,A+=S*R,A+=k*z,A+=K*T,A+=Y*(5*Z),_=c+=(A+=L*(5*I))>>>13,_+=E*I,_+=x*F,_+=M*C,_+=m*O,c=(_+=B*N)>>>13,_&=8191,_+=S*P,_+=k*R,_+=K*z,_+=Y*T,U=c+=(_+=L*(5*Z))>>>13,U+=E*Z,U+=x*I,U+=M*F,U+=m*C,c=(U+=B*O)>>>13,U&=8191,U+=S*N,U+=k*P,U+=K*R,U+=Y*z,E=y=8191&(c=(c=((c+=(U+=L*T)>>>13)<<2)+c|0)+(y&=8191)|0),x=l+=c>>>=13,M=w&=8191,m=v&=8191,B=p&=8191,S=b&=8191,k=g&=8191,K=A&=8191,Y=_&=8191,L=U&=8191,t+=16,n-=16;this.h[0]=E,this.h[1]=x,this.h[2]=M,this.h[3]=m,this.h[4]=B,this.h[5]=S,this.h[6]=k,this.h[7]=K,this.h[8]=Y,this.h[9]=L},m.prototype.finish=function(r,t){var n,e,o,i,h=new Uint16Array(10);if(this.leftover){for(i=this.leftover,this.buffer[i++]=1;i<16;i++)this.buffer[i]=0;this.fin=1,this.blocks(this.buffer,0,16)}for(n=this.h[1]>>>13,this.h[1]&=8191,i=2;i<10;i++)this.h[i]+=n,n=this.h[i]>>>13,this.h[i]&=8191;for(this.h[0]+=5*n,n=this.h[0]>>>13,this.h[0]&=8191,this.h[1]+=n,n=this.h[1]>>>13,this.h[1]&=8191,this.h[2]+=n,h[0]=this.h[0]+5,n=h[0]>>>13,h[0]&=8191,i=1;i<10;i++)h[i]=this.h[i]+n,n=h[i]>>>13,h[i]&=8191;for(h[9]-=8192,e=(1^n)-1,i=0;i<10;i++)h[i]&=e;for(e=~e,i=0;i<10;i++)this.h[i]=this.h[i]&e|h[i];for(this.h[0]=65535&(this.h[0]|this.h[1]<<13),this.h[1]=65535&(this.h[1]>>>3|this.h[2]<<10),this.h[2]=65535&(this.h[2]>>>6|this.h[3]<<7),this.h[3]=65535&(this.h[3]>>>9|this.h[4]<<4),this.h[4]=65535&(this.h[4]>>>12|this.h[5]<<1|this.h[6]<<14),this.h[5]=65535&(this.h[6]>>>2|this.h[7]<<11),this.h[6]=65535&(this.h[7]>>>5|this.h[8]<<8),this.h[7]=65535&(this.h[8]>>>8|this.h[9]<<5),o=this.h[0]+this.pad[0],this.h[0]=65535&o,i=1;i<8;i++)o=(this.h[i]+this.pad[i]|0)+(o>>>16)|0,this.h[i]=65535&o;r[t+0]=this.h[0]>>>0&255,r[t+1]=this.h[0]>>>8&255,r[t+2]=this.h[1]>>>0&255,r[t+3]=this.h[1]>>>8&255,r[t+4]=this.h[2]>>>0&255,r[t+5]=this.h[2]>>>8&255,r[t+6]=this.h[3]>>>0&255,r[t+7]=this.h[3]>>>8&255,r[t+8]=this.h[4]>>>0&255,r[t+9]=this.h[4]>>>8&255,r[t+10]=this.h[5]>>>0&255,r[t+11]=this.h[5]>>>8&255,r[t+12]=this.h[6]>>>0&255,r[t+13]=this.h[6]>>>8&255,r[t+14]=this.h[7]>>>0&255,r[t+15]=this.h[7]>>>8&255},m.prototype.update=function(r,t,n){var e,o;if(this.leftover){for(n<(o=16-this.leftover)&&(o=n),e=0;e>>16,m=65535&(d=N),B=d>>>16,x+=65535&(E=((w=Z)>>>14|(a=z)<<18)^(Z>>>18|z<<14)^(z>>>9|Z<<23)),M+=E>>>16,m+=65535&(d=(z>>>14|Z<<18)^(z>>>18|Z<<14)^(Z>>>9|z<<23)),B+=d>>>16,x+=65535&(E=Z&(v=G)^~Z&(p=q)),M+=E>>>16,m+=65535&(d=z&(f=R)^~z&(s=P)),B+=d>>>16,d=J[2*_],x+=65535&(E=J[2*_+1]),M+=E>>>16,m+=65535&d,B+=d>>>16,d=S[_%16],M+=(E=k[_%16])>>>16,m+=65535&d,B+=d>>>16,m+=(M+=(x+=65535&E)>>>16)>>>16,x=65535&(E=A=65535&x|M<<16),M=E>>>16,m=65535&(d=g=65535&m|(B+=m>>>16)<<16),B=d>>>16,x+=65535&(E=(O>>>28|K<<4)^(K>>>2|O<<30)^(K>>>7|O<<25)),M+=E>>>16,m+=65535&(d=(K>>>28|O<<4)^(O>>>2|K<<30)^(O>>>7|K<<25)),B+=d>>>16,M+=(E=O&C^O&F^C&F)>>>16,m+=65535&(d=K&Y^K&L^Y&L),B+=d>>>16,u=65535&(m+=(M+=(x+=65535&E)>>>16)>>>16)|(B+=m>>>16)<<16,b=65535&x|M<<16,x=65535&(E=l),M=E>>>16,m=65535&(d=h),B=d>>>16,M+=(E=A)>>>16,m+=65535&(d=g),B+=d>>>16,Y=K,L=o,T=i,z=h=65535&(m+=(M+=(x+=65535&E)>>>16)>>>16)|(B+=m>>>16)<<16,R=a,P=f,N=s,K=u,C=O,F=c,I=y,Z=l=65535&x|M<<16,G=w,q=v,D=p,O=b,_%16==15)for(U=0;U<16;U++)d=S[U],x=65535&(E=k[U]),M=E>>>16,m=65535&d,B=d>>>16,d=S[(U+9)%16],x+=65535&(E=k[(U+9)%16]),M+=E>>>16,m+=65535&d,B+=d>>>16,g=S[(U+1)%16],x+=65535&(E=((A=k[(U+1)%16])>>>1|g<<31)^(A>>>8|g<<24)^(A>>>7|g<<25)),M+=E>>>16,m+=65535&(d=(g>>>1|A<<31)^(g>>>8|A<<24)^g>>>7),B+=d>>>16,g=S[(U+14)%16],M+=(E=((A=k[(U+14)%16])>>>19|g<<13)^(g>>>29|A<<3)^(A>>>6|g<<26))>>>16,m+=65535&(d=(g>>>19|A<<13)^(A>>>29|g<<3)^g>>>6),B+=d>>>16,B+=(m+=(M+=(x+=65535&E)>>>16)>>>16)>>>16,S[U]=65535&m|B<<16,k[U]=65535&x|M<<16;x=65535&(E=O),M=E>>>16,m=65535&(d=K),B=d>>>16,d=r[0],M+=(E=t[0])>>>16,m+=65535&d,B+=d>>>16,B+=(m+=(M+=(x+=65535&E)>>>16)>>>16)>>>16,r[0]=K=65535&m|B<<16,t[0]=O=65535&x|M<<16,x=65535&(E=C),M=E>>>16,m=65535&(d=Y),B=d>>>16,d=r[1],M+=(E=t[1])>>>16,m+=65535&d,B+=d>>>16,B+=(m+=(M+=(x+=65535&E)>>>16)>>>16)>>>16,r[1]=Y=65535&m|B<<16,t[1]=C=65535&x|M<<16,x=65535&(E=F),M=E>>>16,m=65535&(d=L),B=d>>>16,d=r[2],M+=(E=t[2])>>>16,m+=65535&d,B+=d>>>16,B+=(m+=(M+=(x+=65535&E)>>>16)>>>16)>>>16,r[2]=L=65535&m|B<<16,t[2]=F=65535&x|M<<16,x=65535&(E=I),M=E>>>16,m=65535&(d=T),B=d>>>16,d=r[3],M+=(E=t[3])>>>16,m+=65535&d,B+=d>>>16,B+=(m+=(M+=(x+=65535&E)>>>16)>>>16)>>>16,r[3]=T=65535&m|B<<16,t[3]=I=65535&x|M<<16,x=65535&(E=Z),M=E>>>16,m=65535&(d=z),B=d>>>16,d=r[4],M+=(E=t[4])>>>16,m+=65535&d,B+=d>>>16,B+=(m+=(M+=(x+=65535&E)>>>16)>>>16)>>>16,r[4]=z=65535&m|B<<16,t[4]=Z=65535&x|M<<16,x=65535&(E=G),M=E>>>16,m=65535&(d=R),B=d>>>16,d=r[5],M+=(E=t[5])>>>16,m+=65535&d,B+=d>>>16,B+=(m+=(M+=(x+=65535&E)>>>16)>>>16)>>>16,r[5]=R=65535&m|B<<16,t[5]=G=65535&x|M<<16,x=65535&(E=q),M=E>>>16,m=65535&(d=P),B=d>>>16,d=r[6],M+=(E=t[6])>>>16,m+=65535&d,B+=d>>>16,B+=(m+=(M+=(x+=65535&E)>>>16)>>>16)>>>16,r[6]=P=65535&m|B<<16,t[6]=q=65535&x|M<<16,x=65535&(E=D),M=E>>>16,m=65535&(d=N),B=d>>>16,d=r[7],M+=(E=t[7])>>>16,m+=65535&d,B+=d>>>16,B+=(m+=(M+=(x+=65535&E)>>>16)>>>16)>>>16,r[7]=N=65535&m|B<<16,t[7]=D=65535&x|M<<16,V+=128,e-=128}return e}function W(r,t,n){var e,o=new Int32Array(8),i=new Int32Array(8),h=new Uint8Array(256),a=n;for(o[0]=1779033703,o[1]=3144134277,o[2]=1013904242,o[3]=2773480762,o[4]=1359893119,o[5]=2600822924,o[6]=528734635,o[7]=1541459225,i[0]=4089235720,i[1]=2227873595,i[2]=4271175723,i[3]=1595750129,i[4]=2917565137,i[5]=725511199,i[6]=4215389547,i[7]=327033209,Q(o,i,t,n),n%=128,e=0;e>(7&o)&1),$(t,r),$(r,r),rr(r,t,e)}function er(r,t){var n=[v(),v(),v(),v()];Y(n[0],e),Y(n[1],a),Y(n[2],u),F(n[3],e,a),nr(r,n,t)}function or(r,t,n){var e,o=new Uint8Array(64),i=[v(),v(),v(),v()];for(n||h(t,32),W(o,t,32),o[0]&=248,o[31]&=127,o[31]|=64,er(i,o),tr(r,i),e=0;e<32;e++)t[e+32]=r[e];return 0}var ir=new Float64Array([237,211,245,92,26,99,18,88,214,156,247,162,222,249,222,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]);function hr(r,t){var n,e,o,i;for(e=63;32<=e;--e){for(n=0,o=e-32,i=e-12;o>4)*ir[o],n=t[o]>>8,t[o]&=255;for(o=0;o<32;o++)t[o]-=n*ir[o];for(e=0;e<32;e++)t[e+1]+=t[e]>>8,r[e]=255&t[e]}function ar(r){var t,n=new Float64Array(64);for(t=0;t<64;t++)n[t]=r[t];for(t=0;t<64;t++)r[t]=0;hr(r,n)}function fr(r,t,n,e){var o,i,h=new Uint8Array(64),a=new Uint8Array(64),f=new Uint8Array(64),s=new Float64Array(64),u=[v(),v(),v(),v()];W(h,e,32),h[0]&=248,h[31]&=127,h[31]|=64;var c=n+64;for(o=0;o>7&&C(r[0],s,r[0]),F(r[3],r[0],r[1])}(f,e))return-1;for(o=0;o `; + function escapeHtml(s) { + return String(s) + .replace(/&/g, '&') + .replace(//g, '>') + .replace(/"/g, '"') + .replace(/'/g, '''); + } + + function isValidRtcAddress(addr) { + return /^RTC[0-9a-fA-F]{40}$/.test(String(addr || '').trim()); + } + + function normalizeAmount(x) { + const n = typeof x === 'number' ? x : Number(String(x).trim()); + if (!Number.isFinite(n)) return null; + if (n <= 0) return null; + // Keep precision reasonable for display/transport; chain should validate final semantics. + return Math.round(n * 1e6) / 1e6; + } + + function parseAllowedOrigins(raw) { + if (!raw) return null; + return String(raw) + .split(',') + .map(s => s.trim()) + .filter(Boolean); + } + + function safeCallbackUrl(url, { allowAnyOrigin } = {}) { + if (!url) return null; + let u; + try { + u = new URL(url, window.location.href); + } catch (e) { + return null; + } + if (u.protocol !== 'https:' && u.protocol !== 'http:') return null; + if (allowAnyOrigin) return u.toString(); + if (u.origin !== window.location.origin) return null; + return u.toString(); + } + class RustChainPay { constructor(config = {}) { this.nodeUrl = config.nodeUrl || DEFAULT_NODE; @@ -493,15 +539,19 @@ const config = { to: el.dataset.to || options.to, - amount: parseFloat(el.dataset.amount || options.amount || 0), + amount: normalizeAmount(el.dataset.amount || options.amount || 0), memo: el.dataset.memo || options.memo || '', label: el.dataset.label || options.label || `Pay ${el.dataset.amount || options.amount || ''} RTC`, - callback: el.dataset.callback || options.callback + callback: el.dataset.callback || options.callback, + allowIframe: (el.dataset.allowIframe || options.allowIframe || 'false').toString().toLowerCase() === 'true', + allowedOrigins: parseAllowedOrigins(el.dataset.allowedOrigins || options.allowedOrigins), + allowCallbackAnyOrigin: (el.dataset.allowCallbackAnyOrigin || options.allowCallbackAnyOrigin || 'false').toString().toLowerCase() === 'true' }; const btn = document.createElement('button'); btn.className = 'rtc-pay-btn'; - btn.innerHTML = `${LOGO_SVG} ${config.label}`; + btn.innerHTML = LOGO_SVG; + btn.appendChild(document.createTextNode(' ' + String(config.label || 'Pay RTC'))); btn.onclick = () => this.openPaymentModal(config); el.appendChild(btn); @@ -509,6 +559,32 @@ } openPaymentModal(config) { + // Basic anti-clickjacking default: block execution inside iframes unless explicitly allowed. + if (window.top !== window.self && !config.allowIframe) { + this.onError(new Error('Widget blocked in iframe (set data-allow-iframe=\"true\" to override).')); + return; + } + + // Optional origin allowlist (defense-in-depth; not a substitute for server-side validation). + if (Array.isArray(config.allowedOrigins) && config.allowedOrigins.length > 0) { + if (!config.allowedOrigins.includes(window.location.origin)) { + this.onError(new Error('Embedding origin not allowed for this widget configuration.')); + return; + } + } + + // Validate config before rendering anything. + const to = String(config.to || '').trim(); + if (!isValidRtcAddress(to)) { + this.onError(new Error('Invalid recipient address format.')); + return; + } + const amount = normalizeAmount(config.amount); + if (amount === null) { + this.onError(new Error('Invalid amount.')); + return; + } + // Create modal const overlay = document.createElement('div'); overlay.className = 'rtc-modal-overlay'; @@ -521,10 +597,10 @@
-

${config.amount} RTC

+

Payment Amount

- ${config.memo ? `

Memo: ${config.memo}

` : ''} -

To: ${config.to}

+ +

@@ -565,6 +641,17 @@ document.body.appendChild(overlay); + // Fill summary fields using textContent to prevent DOM injection. + overlay.querySelector('#rtc-summary-amount').textContent = `${amount} RTC`; + overlay.querySelector('#rtc-summary-to').textContent = `To: ${to}`; + const memoRaw = String(config.memo || ''); + const memo = memoRaw.length > 200 ? memoRaw.slice(0, 200) + '...' : memoRaw; + if (memo) { + const memoEl = overlay.querySelector('#rtc-summary-memo'); + memoEl.textContent = `Memo: ${memo}`; + memoEl.style.display = 'block'; + } + // Event handlers const modal = overlay.querySelector('.rtc-modal'); const closeBtn = overlay.querySelector('.rtc-modal-close'); @@ -605,7 +692,7 @@ reader.onload = (evt) => { try { keystoreData = JSON.parse(evt.target.result); - fileLabel.textContent = `✓ ${file.name}`; + fileLabel.textContent = `鉁?${file.name}`; fileLabel.classList.add('has-file'); } catch (err) { this._showError(errorDiv, 'Invalid keystore file'); @@ -641,12 +728,13 @@ wallet = await decryptKeystore(keystoreData, password); } - const result = await this._sendPayment(wallet, config); + const safeConfig = { ...config, to, amount, memo }; + const result = await this._sendPayment(wallet, safeConfig); this._showSuccess(overlay, result); this.onSuccess(result); - if (config.callback) { - this._notifyCallback(config.callback, result); + if (safeConfig.callback) { + this._notifyCallback(safeConfig.callback, result, safeConfig); } } catch (err) { @@ -721,17 +809,23 @@
${CHECK_SVG}

Payment Successful!

-

TX: ${result.tx_hash}

+

- + `; + const txEl = body.querySelector('#rtc-success-tx'); + txEl.textContent = `TX: ${String(result.tx_hash || '')}`; + body.querySelector('#rtc-success-done').onclick = () => { + const ov = body.closest('.rtc-modal-overlay'); + if (ov) ov.remove(); + }; } - async _notifyCallback(callbackUrl, result) { + async _notifyCallback(callbackUrl, result, config) { try { - await fetch(callbackUrl, { + const safeUrl = safeCallbackUrl(callbackUrl, { allowAnyOrigin: !!config.allowCallbackAnyOrigin }); + if (!safeUrl) throw new Error('Invalid callback URL (must be same-origin https/http unless explicitly allowed).'); + await fetch(safeUrl, { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify(result)