@noble/post-quantum 0.1.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +158 -180
- package/_crystals.d.ts +0 -1
- package/_crystals.d.ts.map +1 -1
- package/_crystals.js +1 -31
- package/_crystals.js.map +1 -1
- package/esm/_crystals.d.ts +33 -0
- package/esm/_crystals.d.ts.map +1 -0
- package/esm/_crystals.js +0 -30
- package/esm/_crystals.js.map +1 -1
- package/esm/index.d.ts +2 -0
- package/esm/index.d.ts.map +1 -0
- package/esm/ml-dsa.d.ts +44 -0
- package/esm/ml-dsa.d.ts.map +1 -0
- package/esm/ml-dsa.js +67 -88
- package/esm/ml-dsa.js.map +1 -1
- package/esm/ml-kem.d.ts +55 -0
- package/esm/ml-kem.d.ts.map +1 -0
- package/esm/ml-kem.js +26 -83
- package/esm/ml-kem.js.map +1 -1
- package/esm/slh-dsa.d.ts +46 -0
- package/esm/slh-dsa.d.ts.map +1 -0
- package/esm/slh-dsa.js +27 -111
- package/esm/slh-dsa.js.map +1 -1
- package/esm/utils.d.ts +38 -0
- package/esm/utils.d.ts.map +1 -0
- package/esm/utils.js +2 -1
- package/esm/utils.js.map +1 -1
- package/ml-dsa.d.ts +27 -20
- package/ml-dsa.d.ts.map +1 -1
- package/ml-dsa.js +66 -87
- package/ml-dsa.js.map +1 -1
- package/ml-kem.d.ts +1 -80
- package/ml-kem.d.ts.map +1 -1
- package/ml-kem.js +26 -83
- package/ml-kem.js.map +1 -1
- package/package.json +14 -22
- package/slh-dsa.d.ts +0 -24
- package/slh-dsa.d.ts.map +1 -1
- package/slh-dsa.js +27 -111
- package/slh-dsa.js.map +1 -1
- package/src/_crystals.ts +0 -33
- package/src/ml-dsa.ts +75 -92
- package/src/ml-kem.ts +28 -87
- package/src/slh-dsa.ts +27 -121
- package/src/utils.ts +2 -1
- package/utils.d.ts +2 -2
- package/utils.d.ts.map +1 -1
- package/utils.js +7 -6
- package/utils.js.map +1 -1
package/esm/ml-kem.js
CHANGED
|
@@ -1,9 +1,7 @@
|
|
|
1
1
|
/*! noble-post-quantum - MIT License (c) 2024 Paul Miller (paulmillr.com) */
|
|
2
|
-
import { ctr } from '@noble/ciphers/aes';
|
|
3
|
-
import { sha256, sha512 } from '@noble/hashes/sha2';
|
|
4
2
|
import { sha3_256, sha3_512, shake256 } from '@noble/hashes/sha3';
|
|
5
3
|
import { u32 } from '@noble/hashes/utils';
|
|
6
|
-
import { genCrystals,
|
|
4
|
+
import { genCrystals, XOF128 } from './_crystals.js';
|
|
7
5
|
import { cleanBytes, ensureBytes, equalBytes, randomBytes, splitCoder, vecCoder, } from './utils.js';
|
|
8
6
|
/*
|
|
9
7
|
Lattice-based key encapsulation mechanism.
|
|
@@ -25,15 +23,10 @@ There are some concerns with regards to security: see
|
|
|
25
23
|
[djb blog](https://blog.cr.yp.to/20231003-countcorrectly.html) and
|
|
26
24
|
[mailing list](https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/W2VOzy0wz_E).
|
|
27
25
|
|
|
28
|
-
Three versions are provided:
|
|
29
|
-
|
|
30
|
-
1. Kyber
|
|
31
|
-
2. Kyber-90s, using algorithms from 1990s
|
|
32
|
-
3. ML-KEM aka [FIPS-203](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.ipd.pdf)
|
|
33
26
|
*/
|
|
34
27
|
const N = 256; // Kyber (not FIPS-203) supports different lengths, but all std modes were using 256
|
|
35
28
|
const Q = 3329; // 13*(2**8)+1, modulo prime
|
|
36
|
-
const F = 3303; // 3303 ≡ 128−1 mod q (FIPS-203)
|
|
29
|
+
const F = 3303; // 3303 ≡ 128**(−1) mod q (FIPS-203)
|
|
37
30
|
const ROOT_OF_UNITY = 17; // ζ = 17 ∈ Zq is a primitive 256-th root of unity modulo Q. ζ**128 ≡−1
|
|
38
31
|
const { mod, nttZetas, NTT, bitsCoder } = genCrystals({
|
|
39
32
|
N,
|
|
@@ -146,7 +139,7 @@ function sampleCBD(PRF, seed, nonce, eta) {
|
|
|
146
139
|
// K-PKE
|
|
147
140
|
// As per FIPS-203, it doesn't perform any input validation and can't be used in standalone fashion.
|
|
148
141
|
const genKPKE = (opts) => {
|
|
149
|
-
const { K, PRF, XOF, HASH512, ETA1, ETA2, du, dv
|
|
142
|
+
const { K, PRF, XOF, HASH512, ETA1, ETA2, du, dv } = opts;
|
|
150
143
|
const poly1 = polyCoder(1);
|
|
151
144
|
const polyV = polyCoder(dv);
|
|
152
145
|
const polyU = polyCoder(du);
|
|
@@ -160,7 +153,11 @@ const genKPKE = (opts) => {
|
|
|
160
153
|
publicKeyLen: publicCoder.bytesLen,
|
|
161
154
|
cipherTextLen: cipherCoder.bytesLen,
|
|
162
155
|
keygen: (seed) => {
|
|
163
|
-
const
|
|
156
|
+
const seedDst = new Uint8Array(33);
|
|
157
|
+
seedDst.set(seed);
|
|
158
|
+
seedDst[32] = K;
|
|
159
|
+
const seedHash = HASH512(seedDst);
|
|
160
|
+
const [rho, sigma] = seedCoder.decode(seedHash);
|
|
164
161
|
const sHat = [];
|
|
165
162
|
const tHat = [];
|
|
166
163
|
for (let i = 0; i < K; i++)
|
|
@@ -169,7 +166,7 @@ const genKPKE = (opts) => {
|
|
|
169
166
|
for (let i = 0; i < K; i++) {
|
|
170
167
|
const e = NTT.encode(sampleCBD(PRF, sigma, K + i, ETA1));
|
|
171
168
|
for (let j = 0; j < K; j++) {
|
|
172
|
-
const aji = SampleNTT(
|
|
169
|
+
const aji = SampleNTT(x.get(j, i)); // A[j][i], inplace
|
|
173
170
|
polyAdd(e, MultiplyNTTs(aji, sHat[j]));
|
|
174
171
|
}
|
|
175
172
|
tHat.push(e); // t ← A ◦ s + e
|
|
@@ -179,7 +176,7 @@ const genKPKE = (opts) => {
|
|
|
179
176
|
publicKey: publicCoder.encode([tHat, rho]),
|
|
180
177
|
secretKey: secretCoder.encode(sHat),
|
|
181
178
|
};
|
|
182
|
-
cleanBytes(rho, sigma, sHat, tHat);
|
|
179
|
+
cleanBytes(rho, sigma, sHat, tHat, seedDst, seedHash);
|
|
183
180
|
return res;
|
|
184
181
|
},
|
|
185
182
|
encrypt: (publicKey, msg, seed) => {
|
|
@@ -194,7 +191,7 @@ const genKPKE = (opts) => {
|
|
|
194
191
|
const e1 = sampleCBD(PRF, seed, K + i, ETA2);
|
|
195
192
|
const tmp = new Uint16Array(N);
|
|
196
193
|
for (let j = 0; j < K; j++) {
|
|
197
|
-
const aij = SampleNTT(
|
|
194
|
+
const aij = SampleNTT(x.get(i, j)); // A[i][j], inplace
|
|
198
195
|
polyAdd(tmp, MultiplyNTTs(aij, rHat[j])); // t += aij * rHat[j]
|
|
199
196
|
}
|
|
200
197
|
polyAdd(e1, NTT.decode(tmp)); // e1 += tmp
|
|
@@ -224,7 +221,7 @@ const genKPKE = (opts) => {
|
|
|
224
221
|
};
|
|
225
222
|
function createKyber(opts) {
|
|
226
223
|
const KPKE = genKPKE(opts);
|
|
227
|
-
const { HASH256, HASH512, KDF
|
|
224
|
+
const { HASH256, HASH512, KDF } = opts;
|
|
228
225
|
const { secretCoder: KPKESecretCoder, cipherTextLen } = KPKE;
|
|
229
226
|
const publicKeyLen = KPKE.publicKeyLen; // 384*K+32
|
|
230
227
|
const secretCoder = splitCoder(KPKE.secretKeyLen, KPKE.publicKeyLen, 32, 32);
|
|
@@ -245,31 +242,20 @@ function createKyber(opts) {
|
|
|
245
242
|
encapsulate: (publicKey, msg = randomBytes(32)) => {
|
|
246
243
|
ensureBytes(publicKey, publicKeyLen);
|
|
247
244
|
ensureBytes(msg, msgLen);
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
// (Modulus check.) Perform the computation ek ← ByteEncode12(ByteDecode12(eke)).
|
|
255
|
-
// If ek = ̸ eke, the input is invalid. (See Section 4.2.1.)
|
|
256
|
-
if (!equalBytes(ek, eke)) {
|
|
257
|
-
cleanBytes(ek);
|
|
258
|
-
throw new Error('ML-KEM.encapsulate: wrong publicKey modulus');
|
|
259
|
-
}
|
|
245
|
+
// FIPS-203 includes additional verification check for modulus
|
|
246
|
+
const eke = publicKey.subarray(0, 384 * opts.K);
|
|
247
|
+
const ek = KPKESecretCoder.encode(KPKESecretCoder.decode(eke.slice())); // Copy because of inplace encoding
|
|
248
|
+
// (Modulus check.) Perform the computation ek ← ByteEncode12(ByteDecode12(eke)).
|
|
249
|
+
// If ek = ̸ eke, the input is invalid. (See Section 4.2.1.)
|
|
250
|
+
if (!equalBytes(ek, eke)) {
|
|
260
251
|
cleanBytes(ek);
|
|
252
|
+
throw new Error('ML-KEM.encapsulate: wrong publicKey modulus');
|
|
261
253
|
}
|
|
254
|
+
cleanBytes(ek);
|
|
262
255
|
const kr = HASH512.create().update(msg).update(HASH256(publicKey)).digest(); // derive randomness
|
|
263
256
|
const cipherText = KPKE.encrypt(publicKey, msg, kr.subarray(32, 64));
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
const cipherTextHash = HASH256(cipherText);
|
|
267
|
-
const sharedSecret = KDF.create({})
|
|
268
|
-
.update(kr.subarray(0, 32))
|
|
269
|
-
.update(cipherTextHash)
|
|
270
|
-
.digest();
|
|
271
|
-
cleanBytes(kr, cipherTextHash);
|
|
272
|
-
return { cipherText, sharedSecret };
|
|
257
|
+
kr.subarray(32).fill(0);
|
|
258
|
+
return { cipherText, sharedSecret: kr.subarray(0, 32) };
|
|
273
259
|
},
|
|
274
260
|
decapsulate: (cipherText, secretKey) => {
|
|
275
261
|
ensureBytes(secretKey, secretKeyLen); // 768*k + 96
|
|
@@ -280,39 +266,12 @@ function createKyber(opts) {
|
|
|
280
266
|
const Khat = kr.subarray(0, 32);
|
|
281
267
|
const cipherText2 = KPKE.encrypt(publicKey, msg, kr.subarray(32, 64)); // re-encrypt using the derived randomness
|
|
282
268
|
const isValid = equalBytes(cipherText, cipherText2); // if ciphertexts do not match, “implicitly reject”
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
return isValid ? Khat : Kbar;
|
|
287
|
-
}
|
|
288
|
-
const cipherTextHash = HASH256(cipherText);
|
|
289
|
-
const sharedSecret = KDF.create({ dkLen: 32 })
|
|
290
|
-
.update(isValid ? Khat : z)
|
|
291
|
-
.update(cipherTextHash)
|
|
292
|
-
.digest();
|
|
293
|
-
cleanBytes(msg, cipherTextHash, cipherText2, Khat, z);
|
|
294
|
-
return sharedSecret;
|
|
269
|
+
const Kbar = KDF.create({ dkLen: 32 }).update(z).update(cipherText).digest();
|
|
270
|
+
cleanBytes(msg, cipherText2, !isValid ? Khat : Kbar);
|
|
271
|
+
return isValid ? Khat : Kbar;
|
|
295
272
|
},
|
|
296
273
|
};
|
|
297
274
|
}
|
|
298
|
-
function PRF(l, key, nonce) {
|
|
299
|
-
const _nonce = new Uint8Array(16);
|
|
300
|
-
_nonce[0] = nonce;
|
|
301
|
-
return ctr(key, _nonce).encrypt(new Uint8Array(l));
|
|
302
|
-
}
|
|
303
|
-
const opts90s = { HASH256: sha256, HASH512: sha512, KDF: sha256, XOF: XOF_AES, PRF };
|
|
304
|
-
export const kyber512_90s = /* @__PURE__ */ createKyber({
|
|
305
|
-
...opts90s,
|
|
306
|
-
...PARAMS[512],
|
|
307
|
-
});
|
|
308
|
-
export const kyber768_90s = /* @__PURE__ */ createKyber({
|
|
309
|
-
...opts90s,
|
|
310
|
-
...PARAMS[768],
|
|
311
|
-
});
|
|
312
|
-
export const kyber1024_90s = /* @__PURE__ */ createKyber({
|
|
313
|
-
...opts90s,
|
|
314
|
-
...PARAMS[1024],
|
|
315
|
-
});
|
|
316
275
|
function shakePRF(dkLen, key, nonce) {
|
|
317
276
|
return shake256
|
|
318
277
|
.create({ dkLen })
|
|
@@ -327,35 +286,19 @@ const opts = {
|
|
|
327
286
|
XOF: XOF128,
|
|
328
287
|
PRF: shakePRF,
|
|
329
288
|
};
|
|
330
|
-
export const kyber512 = /* @__PURE__ */ createKyber({
|
|
331
|
-
...opts,
|
|
332
|
-
...PARAMS[512],
|
|
333
|
-
});
|
|
334
|
-
export const kyber768 = /* @__PURE__ */ createKyber({
|
|
335
|
-
...opts,
|
|
336
|
-
...PARAMS[768],
|
|
337
|
-
});
|
|
338
|
-
export const kyber1024 = /* @__PURE__ */ createKyber({
|
|
339
|
-
...opts,
|
|
340
|
-
...PARAMS[1024],
|
|
341
|
-
});
|
|
342
289
|
/**
|
|
343
|
-
* FIPS-203
|
|
344
|
-
* Unsafe: we can't cross-verify, because there are no test vectors or other implementations.
|
|
290
|
+
* FIPS-203 ML-KEM.
|
|
345
291
|
*/
|
|
346
292
|
export const ml_kem512 = /* @__PURE__ */ createKyber({
|
|
347
293
|
...opts,
|
|
348
294
|
...PARAMS[512],
|
|
349
|
-
FIPS203: true,
|
|
350
295
|
});
|
|
351
296
|
export const ml_kem768 = /* @__PURE__ */ createKyber({
|
|
352
297
|
...opts,
|
|
353
298
|
...PARAMS[768],
|
|
354
|
-
FIPS203: true,
|
|
355
299
|
});
|
|
356
300
|
export const ml_kem1024 = /* @__PURE__ */ createKyber({
|
|
357
301
|
...opts,
|
|
358
302
|
...PARAMS[1024],
|
|
359
|
-
FIPS203: true,
|
|
360
303
|
});
|
|
361
304
|
//# sourceMappingURL=ml-kem.js.map
|
package/esm/ml-kem.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ml-kem.js","sourceRoot":"","sources":["../src/ml-kem.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAC5E,OAAO,EAAE,GAAG,EAAE,MAAM,oBAAoB,CAAC;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAClE,OAAO,EAAE,GAAG,EAA4C,MAAM,qBAAqB,CAAC;AACpF,OAAO,EAAE,WAAW,EAAO,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AACnE,OAAO,EAEL,UAAU,EACV,WAAW,EACX,UAAU,EACV,WAAW,EACX,UAAU,EACV,QAAQ,GACT,MAAM,YAAY,CAAC;AAEpB;;;;;;;;;;;;;;;;;;;;;;;;;EAyBE;AAEF,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,oFAAoF;AACnG,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,4BAA4B;AAC5C,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,gCAAgC;AAChD,MAAM,aAAa,GAAG,EAAE,CAAC,CAAC,uEAAuE;AACjG,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,WAAW,CAAC;IACpD,CAAC;IACD,CAAC;IACD,CAAC;IACD,aAAa;IACb,OAAO,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC;IAC1C,OAAO,EAAE,CAAC;IACV,OAAO,EAAE,IAAI;CACd,CAAC,CAAC;AAaH,kBAAkB;AAClB,MAAM,CAAC,MAAM,MAAM,GAAiC;IAClD,GAAG,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE;IACtE,GAAG,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE;IACtE,IAAI,EAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE;CAC9D,CAAC;AAEX,gCAAgC;AAChC,MAAM,QAAQ,GAAG,CAAC,CAAS,EAAyB,EAAE;IACpD,qFAAqF;IACrF,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC;IAC3E,uFAAuF;IACvF,0EAA0E;IAC1E,wDAAwD;IACxD,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,OAAO;QACL,oEAAoE;QACpE,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC;QAC7C,6DAA6D;QAC7D,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC;KACzC,CAAC;AACJ,CAAC,CAAC;AAEF,4FAA4F;AAC5F,yGAAyG;AACzG,gFAAgF;AAChF,MAAM,SAAS,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;AAK3D,SAAS,OAAO,CAAC,CAAO,EAAE,CAAO;IAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;QAAE,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;AAChE,CAAC;AACD,SAAS,OAAO,CAAC,CAAO,EAAE,CAAO;IAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;QAAE,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;AAChE,CAAC;AAED,mGAAmG;AACnG,SAAS,gBAAgB,CAAC,EAAU,EAAE,EAAU,EAAE,EAAU,EAAE,EAAU,EAAE,IAAY;IACpF,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;IACzC,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;IAClC,OAAO,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC;AACpB,CAAC;AAED,wGAAwG;AACxG,iHAAiH;AACjH,SAAS,YAAY,CAAC,CAAO,EAAE,CAAO;IACpC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC/B,IAAI,CAAC,GAAG,QAAQ,CAAC,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChC,IAAI,CAAC,GAAG,CAAC;YAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAClB,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC/F,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;QAClB,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;IACpB,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAiBD,oCAAoC;AACpC,SAAS,SAAS,CAAC,GAAW;IAC5B,MAAM,CAAC,GAAS,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;IACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAI,CAAC;QACxB,MAAM,CAAC,GAAG,GAAG,EAAE,CAAC;QAChB,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACnD,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC;YACvD,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC;YACvD,IAAI,EAAE,GAAG,CAAC;gBAAE,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC;YACxB,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC;gBAAE,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC;QACnC,CAAC;IACH,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,mDAAmD;AACnD,sDAAsD;AACtD,SAAS,SAAS,CAAC,GAAQ,EAAE,IAAgB,EAAE,KAAa,EAAE,GAAW;IACvE,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IAC5C,MAAM,CAAC,GAAS,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;IACnC,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IACrB,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3D,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;YACZ,CAAC,KAAK,CAAC,CAAC;YACR,GAAG,IAAI,CAAC,CAAC;YACT,IAAI,GAAG,KAAK,GAAG,EAAE,CAAC;gBAChB,EAAE,GAAG,EAAE,CAAC;gBACR,EAAE,GAAG,CAAC,CAAC;YACT,CAAC;iBAAM,IAAI,GAAG,KAAK,CAAC,GAAG,GAAG,EAAE,CAAC;gBAC3B,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;gBACtB,EAAE,GAAG,CAAC,CAAC;gBACP,GAAG,GAAG,CAAC,CAAC;YACV,CAAC;QACH,CAAC;IACH,CAAC;IACD,IAAI,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,GAAG,EAAE,CAAC,CAAC;IAC7D,OAAO,CAAC,CAAC;AACX,CAAC;AAED,QAAQ;AACR,oGAAoG;AACpG,MAAM,OAAO,GAAG,CAAC,IAAe,EAAE,EAAE;IAClC,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IACnE,MAAM,KAAK,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;IAC3B,MAAM,KAAK,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;IAC5B,MAAM,KAAK,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;IAC5B,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC/D,MAAM,WAAW,GAAG,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;IAC/C,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAC1D,MAAM,SAAS,GAAG,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACrC,OAAO;QACL,WAAW;QACX,YAAY,EAAE,WAAW,CAAC,QAAQ;QAClC,YAAY,EAAE,WAAW,CAAC,QAAQ;QAClC,aAAa,EAAE,WAAW,CAAC,QAAQ;QACnC,MAAM,EAAE,CAAC,IAAgB,EAAE,EAAE;YAC3B,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YACrD,MAAM,IAAI,GAAW,EAAE,CAAC;YACxB,MAAM,IAAI,GAAW,EAAE,CAAC;YACxB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;gBAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;YAClF,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;YACnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3B,MAAM,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;gBACzD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3B,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,mBAAmB;oBAC/E,OAAO,CAAC,CAAC,EAAE,YAAY,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACzC,CAAC;gBACD,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB;YAChC,CAAC;YACD,CAAC,CAAC,KAAK,EAAE,CAAC;YACV,MAAM,GAAG,GAAG;gBACV,SAAS,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;gBAC1C,SAAS,EAAE,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC;aACpC,CAAC;YACF,UAAU,CAAC,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;YACnC,OAAO,GAAG,CAAC;QACb,CAAC;QACD,OAAO,EAAE,CAAC,SAAqB,EAAE,GAAe,EAAE,IAAgB,EAAE,EAAE;YACpE,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAClD,MAAM,IAAI,GAAG,EAAE,CAAC;YAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;gBAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;YACjF,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;YACnB,MAAM,IAAI,GAAG,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;YAChC,MAAM,CAAC,GAAG,EAAE,CAAC;YACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3B,MAAM,EAAE,GAAG,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;gBAC7C,MAAM,GAAG,GAAG,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;gBAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3B,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,mBAAmB;oBAC/E,OAAO,CAAC,GAAG,EAAE,YAAY,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,qBAAqB;gBACjE,CAAC;gBACD,OAAO,CAAC,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY;gBAC1C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACX,OAAO,CAAC,IAAI,EAAE,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,0BAA0B;gBACzE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACd,CAAC;YACD,CAAC,CAAC,KAAK,EAAE,CAAC;YACV,MAAM,EAAE,GAAG,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;YAC7C,OAAO,CAAC,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,aAAa;YAC5C,MAAM,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,uCAAuC;YACpE,OAAO,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU;YAC1B,UAAU,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;YACjC,OAAO,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACpC,CAAC;QACD,OAAO,EAAE,CAAC,UAAsB,EAAE,UAAsB,EAAE,EAAE;YAC1D,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAC9C,MAAM,EAAE,GAAG,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,4BAA4B;YACvE,MAAM,GAAG,GAAG,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;YAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;gBAAE,OAAO,CAAC,GAAG,EAAE,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,sBAAsB;YACvG,OAAO,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW;YACxC,UAAU,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YACvB,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACzB,CAAC;KACF,CAAC;AACJ,CAAC,CAAC;AAEF,SAAS,WAAW,CAAC,IAAe;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3B,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IAChD,MAAM,EAAE,WAAW,EAAE,eAAe,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC;IAC7D,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,WAAW;IACnD,MAAM,WAAW,GAAG,UAAU,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAC7E,MAAM,YAAY,GAAG,WAAW,CAAC,QAAQ,CAAC;IAC1C,MAAM,MAAM,GAAG,EAAE,CAAC;IAClB,OAAO;QACL,YAAY;QACZ,MAAM;QACN,MAAM,EAAE,CAAC,IAAI,GAAG,WAAW,CAAC,EAAE,CAAC,EAAE,EAAE;YACjC,WAAW,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YACtB,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;YACvE,MAAM,aAAa,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;YACzC,wBAAwB;YACxB,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YACxF,UAAU,CAAC,EAAE,EAAE,aAAa,CAAC,CAAC;YAC9B,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;QAClC,CAAC;QACD,WAAW,EAAE,CAAC,SAAqB,EAAE,GAAG,GAAG,WAAW,CAAC,EAAE,CAAC,EAAE,EAAE;YAC5D,WAAW,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;YACrC,WAAW,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YACzB,IAAI,CAAC,OAAO;gBAAE,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,uCAAuC;iBACpE,CAAC;gBACJ,8DAA8D;gBAC9D,MAAM,GAAG,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;gBAChD,MAAM,EAAE,GAAG,eAAe,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,mCAAmC;gBAC3G,iFAAiF;gBACjF,4DAA4D;gBAC5D,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,CAAC;oBACzB,UAAU,CAAC,EAAE,CAAC,CAAC;oBACf,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;gBACjE,CAAC;gBACD,UAAU,CAAC,EAAE,CAAC,CAAC;YACjB,CAAC;YACD,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,oBAAoB;YACjG,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YACrE,IAAI,OAAO;gBAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YACrE,MAAM,cAAc,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;YAC3C,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;iBAChC,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;iBAC1B,MAAM,CAAC,cAAc,CAAC;iBACtB,MAAM,EAAE,CAAC;YACZ,UAAU,CAAC,EAAE,EAAE,cAAc,CAAC,CAAC;YAC/B,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,CAAC;QACtC,CAAC;QACD,WAAW,EAAE,CAAC,UAAsB,EAAE,SAAqB,EAAE,EAAE;YAC7D,WAAW,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC,CAAC,aAAa;YACnD,WAAW,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC,CAAC,gBAAgB;YACxD,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACxE,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;YACzC,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,+CAA+C;YACvH,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAChC,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,0CAA0C;YACjH,MAAM,OAAO,GAAG,UAAU,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC,mDAAmD;YACxG,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,EAAE,CAAC;gBAC7E,UAAU,CAAC,GAAG,EAAE,WAAW,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;gBACrD,OAAO,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;YAC/B,CAAC;YACD,MAAM,cAAc,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;YAC3C,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;iBAC3C,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;iBAC1B,MAAM,CAAC,cAAc,CAAC;iBACtB,MAAM,EAAE,CAAC;YACZ,UAAU,CAAC,GAAG,EAAE,cAAc,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;YACtD,OAAO,YAAY,CAAC;QACtB,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,GAAG,CAAC,CAAS,EAAE,GAAe,EAAE,KAAa;IACpD,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAClC,MAAM,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC;IAClB,OAAO,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;AACrD,CAAC;AAED,MAAM,OAAO,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;AAErF,MAAM,CAAC,MAAM,YAAY,GAAG,eAAe,CAAC,WAAW,CAAC;IACtD,GAAG,OAAO;IACV,GAAG,MAAM,CAAC,GAAG,CAAC;CACf,CAAC,CAAC;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,eAAe,CAAC,WAAW,CAAC;IACtD,GAAG,OAAO;IACV,GAAG,MAAM,CAAC,GAAG,CAAC;CACf,CAAC,CAAC;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,eAAe,CAAC,WAAW,CAAC;IACvD,GAAG,OAAO;IACV,GAAG,MAAM,CAAC,IAAI,CAAC;CAChB,CAAC,CAAC;AAEH,SAAS,QAAQ,CAAC,KAAa,EAAE,GAAe,EAAE,KAAa;IAC7D,OAAO,QAAQ;SACZ,MAAM,CAAC,EAAE,KAAK,EAAE,CAAC;SACjB,MAAM,CAAC,GAAG,CAAC;SACX,MAAM,CAAC,IAAI,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;SAC/B,MAAM,EAAE,CAAC;AACd,CAAC;AAED,MAAM,IAAI,GAAG;IACX,OAAO,EAAE,QAAQ;IACjB,OAAO,EAAE,QAAQ;IACjB,GAAG,EAAE,QAAQ;IACb,GAAG,EAAE,MAAM;IACX,GAAG,EAAE,QAAQ;CACd,CAAC;AAEF,MAAM,CAAC,MAAM,QAAQ,GAAG,eAAe,CAAC,WAAW,CAAC;IAClD,GAAG,IAAI;IACP,GAAG,MAAM,CAAC,GAAG,CAAC;CACf,CAAC,CAAC;AACH,MAAM,CAAC,MAAM,QAAQ,GAAG,eAAe,CAAC,WAAW,CAAC;IAClD,GAAG,IAAI;IACP,GAAG,MAAM,CAAC,GAAG,CAAC;CACf,CAAC,CAAC;AACH,MAAM,CAAC,MAAM,SAAS,GAAG,eAAe,CAAC,WAAW,CAAC;IACnD,GAAG,IAAI;IACP,GAAG,MAAM,CAAC,IAAI,CAAC;CAChB,CAAC,CAAC;AAEH;;;GAGG;AAEH,MAAM,CAAC,MAAM,SAAS,GAAG,eAAe,CAAC,WAAW,CAAC;IACnD,GAAG,IAAI;IACP,GAAG,MAAM,CAAC,GAAG,CAAC;IACd,OAAO,EAAE,IAAI;CACd,CAAC,CAAC;AACH,MAAM,CAAC,MAAM,SAAS,GAAG,eAAe,CAAC,WAAW,CAAC;IACnD,GAAG,IAAI;IACP,GAAG,MAAM,CAAC,GAAG,CAAC;IACd,OAAO,EAAE,IAAI;CACd,CAAC,CAAC;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,eAAe,CAAC,WAAW,CAAC;IACpD,GAAG,IAAI;IACP,GAAG,MAAM,CAAC,IAAI,CAAC;IACf,OAAO,EAAE,IAAI;CACd,CAAC,CAAC"}
|
|
1
|
+
{"version":3,"file":"ml-kem.js","sourceRoot":"","sources":["../src/ml-kem.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAC5E,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAClE,OAAO,EAAE,GAAG,EAA4C,MAAM,qBAAqB,CAAC;AACpF,OAAO,EAAE,WAAW,EAAO,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EAEL,UAAU,EACV,WAAW,EACX,UAAU,EACV,WAAW,EACX,UAAU,EACV,QAAQ,GACT,MAAM,YAAY,CAAC;AAEpB;;;;;;;;;;;;;;;;;;;;EAoBE;AAEF,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,oFAAoF;AACnG,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,4BAA4B;AAC5C,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,oCAAoC;AACpD,MAAM,aAAa,GAAG,EAAE,CAAC,CAAC,uEAAuE;AACjG,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,WAAW,CAAC;IACpD,CAAC;IACD,CAAC;IACD,CAAC;IACD,aAAa;IACb,OAAO,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC;IAC1C,OAAO,EAAE,CAAC;IACV,OAAO,EAAE,IAAI;CACd,CAAC,CAAC;AAaH,kBAAkB;AAClB,MAAM,CAAC,MAAM,MAAM,GAAiC;IAClD,GAAG,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE;IACtE,GAAG,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE;IACtE,IAAI,EAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE;CAC9D,CAAC;AAEX,gCAAgC;AAChC,MAAM,QAAQ,GAAG,CAAC,CAAS,EAAyB,EAAE;IACpD,qFAAqF;IACrF,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC;IAC3E,uFAAuF;IACvF,0EAA0E;IAC1E,wDAAwD;IACxD,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,OAAO;QACL,oEAAoE;QACpE,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC;QAC7C,6DAA6D;QAC7D,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC;KACzC,CAAC;AACJ,CAAC,CAAC;AAEF,4FAA4F;AAC5F,yGAAyG;AACzG,gFAAgF;AAChF,MAAM,SAAS,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;AAK3D,SAAS,OAAO,CAAC,CAAO,EAAE,CAAO;IAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;QAAE,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;AAChE,CAAC;AACD,SAAS,OAAO,CAAC,CAAO,EAAE,CAAO;IAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;QAAE,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;AAChE,CAAC;AAED,mGAAmG;AACnG,SAAS,gBAAgB,CAAC,EAAU,EAAE,EAAU,EAAE,EAAU,EAAE,EAAU,EAAE,IAAY;IACpF,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;IACzC,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;IAClC,OAAO,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC;AACpB,CAAC;AAED,wGAAwG;AACxG,iHAAiH;AACjH,SAAS,YAAY,CAAC,CAAO,EAAE,CAAO;IACpC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC/B,IAAI,CAAC,GAAG,QAAQ,CAAC,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChC,IAAI,CAAC,GAAG,CAAC;YAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAClB,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC/F,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;QAClB,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;IACpB,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAgBD,oCAAoC;AACpC,SAAS,SAAS,CAAC,GAAW;IAC5B,MAAM,CAAC,GAAS,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;IACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAI,CAAC;QACxB,MAAM,CAAC,GAAG,GAAG,EAAE,CAAC;QAChB,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACnD,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC;YACvD,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC;YACvD,IAAI,EAAE,GAAG,CAAC;gBAAE,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC;YACxB,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC;gBAAE,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC;QACnC,CAAC;IACH,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,mDAAmD;AACnD,sDAAsD;AACtD,SAAS,SAAS,CAAC,GAAQ,EAAE,IAAgB,EAAE,KAAa,EAAE,GAAW;IACvE,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IAC5C,MAAM,CAAC,GAAS,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;IACnC,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IACrB,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3D,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;YACZ,CAAC,KAAK,CAAC,CAAC;YACR,GAAG,IAAI,CAAC,CAAC;YACT,IAAI,GAAG,KAAK,GAAG,EAAE,CAAC;gBAChB,EAAE,GAAG,EAAE,CAAC;gBACR,EAAE,GAAG,CAAC,CAAC;YACT,CAAC;iBAAM,IAAI,GAAG,KAAK,CAAC,GAAG,GAAG,EAAE,CAAC;gBAC3B,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;gBACtB,EAAE,GAAG,CAAC,CAAC;gBACP,GAAG,GAAG,CAAC,CAAC;YACV,CAAC;QACH,CAAC;IACH,CAAC;IACD,IAAI,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,GAAG,EAAE,CAAC,CAAC;IAC7D,OAAO,CAAC,CAAC;AACX,CAAC;AAED,QAAQ;AACR,oGAAoG;AACpG,MAAM,OAAO,GAAG,CAAC,IAAe,EAAE,EAAE;IAClC,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC;IAC1D,MAAM,KAAK,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;IAC3B,MAAM,KAAK,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;IAC5B,MAAM,KAAK,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;IAC5B,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC/D,MAAM,WAAW,GAAG,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;IAC/C,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAC1D,MAAM,SAAS,GAAG,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACrC,OAAO;QACL,WAAW;QACX,YAAY,EAAE,WAAW,CAAC,QAAQ;QAClC,YAAY,EAAE,WAAW,CAAC,QAAQ;QAClC,aAAa,EAAE,WAAW,CAAC,QAAQ;QACnC,MAAM,EAAE,CAAC,IAAgB,EAAE,EAAE;YAC3B,MAAM,OAAO,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;YACnC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAClB,OAAO,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;YAChB,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;YAElC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAChD,MAAM,IAAI,GAAW,EAAE,CAAC;YACxB,MAAM,IAAI,GAAW,EAAE,CAAC;YACxB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;gBAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;YAClF,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;YACnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3B,MAAM,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;gBACzD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3B,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,mBAAmB;oBACvD,OAAO,CAAC,CAAC,EAAE,YAAY,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACzC,CAAC;gBACD,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB;YAChC,CAAC;YACD,CAAC,CAAC,KAAK,EAAE,CAAC;YACV,MAAM,GAAG,GAAG;gBACV,SAAS,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;gBAC1C,SAAS,EAAE,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC;aACpC,CAAC;YACF,UAAU,CAAC,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;YACtD,OAAO,GAAG,CAAC;QACb,CAAC;QACD,OAAO,EAAE,CAAC,SAAqB,EAAE,GAAe,EAAE,IAAgB,EAAE,EAAE;YACpE,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAClD,MAAM,IAAI,GAAG,EAAE,CAAC;YAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;gBAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;YACjF,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;YACnB,MAAM,IAAI,GAAG,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;YAChC,MAAM,CAAC,GAAG,EAAE,CAAC;YACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3B,MAAM,EAAE,GAAG,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;gBAC7C,MAAM,GAAG,GAAG,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;gBAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3B,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,mBAAmB;oBACvD,OAAO,CAAC,GAAG,EAAE,YAAY,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,qBAAqB;gBACjE,CAAC;gBACD,OAAO,CAAC,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY;gBAC1C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACX,OAAO,CAAC,IAAI,EAAE,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,0BAA0B;gBACzE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACd,CAAC;YACD,CAAC,CAAC,KAAK,EAAE,CAAC;YACV,MAAM,EAAE,GAAG,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;YAC7C,OAAO,CAAC,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,aAAa;YAC5C,MAAM,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,uCAAuC;YACpE,OAAO,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU;YAC1B,UAAU,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;YACjC,OAAO,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACpC,CAAC;QACD,OAAO,EAAE,CAAC,UAAsB,EAAE,UAAsB,EAAE,EAAE;YAC1D,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAC9C,MAAM,EAAE,GAAG,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,4BAA4B;YACvE,MAAM,GAAG,GAAG,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;YAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;gBAAE,OAAO,CAAC,GAAG,EAAE,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,sBAAsB;YACvG,OAAO,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW;YACxC,UAAU,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YACvB,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACzB,CAAC;KACF,CAAC;AACJ,CAAC,CAAC;AAEF,SAAS,WAAW,CAAC,IAAe;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3B,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IACvC,MAAM,EAAE,WAAW,EAAE,eAAe,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC;IAC7D,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,WAAW;IACnD,MAAM,WAAW,GAAG,UAAU,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAC7E,MAAM,YAAY,GAAG,WAAW,CAAC,QAAQ,CAAC;IAC1C,MAAM,MAAM,GAAG,EAAE,CAAC;IAClB,OAAO;QACL,YAAY;QACZ,MAAM;QACN,MAAM,EAAE,CAAC,IAAI,GAAG,WAAW,CAAC,EAAE,CAAC,EAAE,EAAE;YACjC,WAAW,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YACtB,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;YACvE,MAAM,aAAa,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;YACzC,wBAAwB;YACxB,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YACxF,UAAU,CAAC,EAAE,EAAE,aAAa,CAAC,CAAC;YAC9B,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;QAClC,CAAC;QACD,WAAW,EAAE,CAAC,SAAqB,EAAE,GAAG,GAAG,WAAW,CAAC,EAAE,CAAC,EAAE,EAAE;YAC5D,WAAW,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;YACrC,WAAW,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAEzB,8DAA8D;YAC9D,MAAM,GAAG,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YAChD,MAAM,EAAE,GAAG,eAAe,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,mCAAmC;YAC3G,iFAAiF;YACjF,4DAA4D;YAC5D,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,CAAC;gBACzB,UAAU,CAAC,EAAE,CAAC,CAAC;gBACf,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;YACjE,CAAC;YACD,UAAU,CAAC,EAAE,CAAC,CAAC;YACf,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,oBAAoB;YACjG,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YACrE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACxB,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;QAC1D,CAAC;QACD,WAAW,EAAE,CAAC,UAAsB,EAAE,SAAqB,EAAE,EAAE;YAC7D,WAAW,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC,CAAC,aAAa;YACnD,WAAW,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC,CAAC,gBAAgB;YACxD,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACxE,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;YACzC,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,+CAA+C;YACvH,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAChC,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,0CAA0C;YACjH,MAAM,OAAO,GAAG,UAAU,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC,mDAAmD;YACxG,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,EAAE,CAAC;YAC7E,UAAU,CAAC,GAAG,EAAE,WAAW,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACrD,OAAO,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;QAC/B,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,QAAQ,CAAC,KAAa,EAAE,GAAe,EAAE,KAAa;IAC7D,OAAO,QAAQ;SACZ,MAAM,CAAC,EAAE,KAAK,EAAE,CAAC;SACjB,MAAM,CAAC,GAAG,CAAC;SACX,MAAM,CAAC,IAAI,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;SAC/B,MAAM,EAAE,CAAC;AACd,CAAC;AAED,MAAM,IAAI,GAAG;IACX,OAAO,EAAE,QAAQ;IACjB,OAAO,EAAE,QAAQ;IACjB,GAAG,EAAE,QAAQ;IACb,GAAG,EAAE,MAAM;IACX,GAAG,EAAE,QAAQ;CACd,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,SAAS,GAAG,eAAe,CAAC,WAAW,CAAC;IACnD,GAAG,IAAI;IACP,GAAG,MAAM,CAAC,GAAG,CAAC;CACf,CAAC,CAAC;AACH,MAAM,CAAC,MAAM,SAAS,GAAG,eAAe,CAAC,WAAW,CAAC;IACnD,GAAG,IAAI;IACP,GAAG,MAAM,CAAC,GAAG,CAAC;CACf,CAAC,CAAC;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,eAAe,CAAC,WAAW,CAAC;IACpD,GAAG,IAAI;IACP,GAAG,MAAM,CAAC,IAAI,CAAC;CAChB,CAAC,CAAC"}
|
package/esm/slh-dsa.d.ts
ADDED
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
import { Signer } from './utils.js';
|
|
2
|
+
/**
|
|
3
|
+
* * N: Security parameter (in bytes). W: Winternitz parameter
|
|
4
|
+
* * H: Hypertree height. D: Hypertree layers
|
|
5
|
+
* * K: FORS trees numbers. A: FORS trees height
|
|
6
|
+
*/
|
|
7
|
+
export type SphincsOpts = {
|
|
8
|
+
N: number;
|
|
9
|
+
W: number;
|
|
10
|
+
H: number;
|
|
11
|
+
D: number;
|
|
12
|
+
K: number;
|
|
13
|
+
A: number;
|
|
14
|
+
};
|
|
15
|
+
export type SphincsHashOpts = {
|
|
16
|
+
isCompressed?: boolean;
|
|
17
|
+
getContext: GetContext;
|
|
18
|
+
};
|
|
19
|
+
export declare const PARAMS: Record<string, SphincsOpts>;
|
|
20
|
+
export type ADRS = Uint8Array;
|
|
21
|
+
type Context = {
|
|
22
|
+
PRFaddr: (addr: ADRS) => Uint8Array;
|
|
23
|
+
PRFmsg: (skPRF: Uint8Array, random: Uint8Array, msg: Uint8Array) => Uint8Array;
|
|
24
|
+
Hmsg: (R: Uint8Array, pk: Uint8Array, m: Uint8Array, outLen: number) => Uint8Array;
|
|
25
|
+
thash1: (input: Uint8Array, addr: ADRS) => Uint8Array;
|
|
26
|
+
thashN: (blocks: number, input: Uint8Array, addr: ADRS) => Uint8Array;
|
|
27
|
+
clean: () => void;
|
|
28
|
+
};
|
|
29
|
+
export type GetContext = (opts: SphincsOpts) => (pub_seed: Uint8Array, sk_seed?: Uint8Array) => Context;
|
|
30
|
+
type SphincsSigner = Signer & {
|
|
31
|
+
seedLen: number;
|
|
32
|
+
};
|
|
33
|
+
export declare const slh_dsa_shake_128f: SphincsSigner;
|
|
34
|
+
export declare const slh_dsa_shake_128s: SphincsSigner;
|
|
35
|
+
export declare const slh_dsa_shake_192f: SphincsSigner;
|
|
36
|
+
export declare const slh_dsa_shake_192s: SphincsSigner;
|
|
37
|
+
export declare const slh_dsa_shake_256f: SphincsSigner;
|
|
38
|
+
export declare const slh_dsa_shake_256s: SphincsSigner;
|
|
39
|
+
export declare const slh_dsa_sha2_128f: SphincsSigner;
|
|
40
|
+
export declare const slh_dsa_sha2_128s: SphincsSigner;
|
|
41
|
+
export declare const slh_dsa_sha2_192f: SphincsSigner;
|
|
42
|
+
export declare const slh_dsa_sha2_192s: SphincsSigner;
|
|
43
|
+
export declare const slh_dsa_sha2_256f: SphincsSigner;
|
|
44
|
+
export declare const slh_dsa_sha2_256s: SphincsSigner;
|
|
45
|
+
export {};
|
|
46
|
+
//# sourceMappingURL=slh-dsa.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"slh-dsa.d.ts","sourceRoot":"","sources":["../src/slh-dsa.ts"],"names":[],"mappings":"AAKA,OAAO,EACL,MAAM,EAQP,MAAM,YAAY,CAAC;AA+BpB;;;;GAIG;AACH,MAAM,MAAM,WAAW,GAAG;IACxB,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;CACX,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG;IAC5B,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,UAAU,EAAE,UAAU,CAAC;CACxB,CAAC;AAEF,eAAO,MAAM,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAOrC,CAAC;AAYX,MAAM,MAAM,IAAI,GAAG,UAAU,CAAC;AAE9B,KAAK,OAAO,GAAG;IACb,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,KAAK,UAAU,CAAC;IACpC,MAAM,EAAE,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,KAAK,UAAU,CAAC;IAC/E,IAAI,EAAE,CAAC,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,KAAK,UAAU,CAAC;IACnF,MAAM,EAAE,CAAC,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,KAAK,UAAU,CAAC;IACtD,MAAM,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,KAAK,UAAU,CAAC;IACtE,KAAK,EAAE,MAAM,IAAI,CAAC;CACnB,CAAC;AACF,MAAM,MAAM,UAAU,GAAG,CACvB,IAAI,EAAE,WAAW,KACd,CAAC,QAAQ,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,UAAU,KAAK,OAAO,CAAC;AAqC7D,KAAK,aAAa,GAAG,MAAM,GAAG;IAAE,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAiblD,eAAO,MAAM,kBAAkB,eAAoD,CAAC;AACpF,eAAO,MAAM,kBAAkB,eAAoD,CAAC;AACpF,eAAO,MAAM,kBAAkB,eAAoD,CAAC;AACpF,eAAO,MAAM,kBAAkB,eAAoD,CAAC;AACpF,eAAO,MAAM,kBAAkB,eAAoD,CAAC;AACpF,eAAO,MAAM,kBAAkB,eAAoD,CAAC;AAqGpF,eAAO,MAAM,iBAAiB,eAAqD,CAAC;AACpF,eAAO,MAAM,iBAAiB,eAAqD,CAAC;AACpF,eAAO,MAAM,iBAAiB,eAAqD,CAAC;AACpF,eAAO,MAAM,iBAAiB,eAAqD,CAAC;AACpF,eAAO,MAAM,iBAAiB,eAAqD,CAAC;AACpF,eAAO,MAAM,iBAAiB,eAAqD,CAAC"}
|
package/esm/slh-dsa.js
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
import { HMAC } from '@noble/hashes/hmac';
|
|
3
3
|
import { sha256, sha512 } from '@noble/hashes/sha2';
|
|
4
4
|
import { shake256 } from '@noble/hashes/sha3';
|
|
5
|
-
import { bytesToHex, hexToBytes, createView, concatBytes
|
|
5
|
+
import { bytesToHex, hexToBytes, createView, concatBytes } from '@noble/hashes/utils';
|
|
6
6
|
import { cleanBytes, ensureBytes, equalBytes, getMask, randomBytes, splitCoder, vecCoder, } from './utils.js';
|
|
7
7
|
export const PARAMS = {
|
|
8
8
|
'128f': { W: 16, N: 16, H: 66, D: 22, K: 33, A: 6 },
|
|
@@ -15,8 +15,7 @@ export const PARAMS = {
|
|
|
15
15
|
function hexToNumber(hex) {
|
|
16
16
|
if (typeof hex !== 'string')
|
|
17
17
|
throw new Error('hex string expected, got ' + typeof hex);
|
|
18
|
-
// Big Endian
|
|
19
|
-
return BigInt(hex === '' ? '0' : `0x${hex}`);
|
|
18
|
+
return BigInt(hex === '' ? '0' : '0x' + hex); // Big Endian
|
|
20
19
|
}
|
|
21
20
|
// BE: Big Endian, LE: Little Endian
|
|
22
21
|
function bytesToNumberBE(bytes) {
|
|
@@ -25,34 +24,20 @@ function bytesToNumberBE(bytes) {
|
|
|
25
24
|
function numberToBytesBE(n, len) {
|
|
26
25
|
return hexToBytes(n.toString(16).padStart(len * 2, '0'));
|
|
27
26
|
}
|
|
28
|
-
// Same as bitsCoder.decode, but bits are BE instead of LE (so we cannot re-use it).
|
|
29
|
-
// NOTE: difference happens only if d < 8.
|
|
30
|
-
const base_2bBE = (N, d) => {
|
|
31
|
-
const mask = getMask(d);
|
|
32
|
-
return (bytes) => {
|
|
33
|
-
const r = new Uint32Array(N);
|
|
34
|
-
for (let i = 0, buf = 0, bufLen = 0, pos = 0; i < bytes.length; i++) {
|
|
35
|
-
buf |= bytes[i] << bufLen;
|
|
36
|
-
bufLen += 8;
|
|
37
|
-
for (; bufLen >= d; bufLen -= d)
|
|
38
|
-
r[pos++] = (buf >>> (bufLen - d)) & mask;
|
|
39
|
-
buf &= getMask(bufLen);
|
|
40
|
-
}
|
|
41
|
-
return r;
|
|
42
|
-
};
|
|
43
|
-
};
|
|
44
27
|
// Same as bitsCoder.decode, but maybe spec will change and unify with base2bBE.
|
|
45
|
-
const
|
|
46
|
-
const mask = getMask(
|
|
28
|
+
const base2b = (outLen, b) => {
|
|
29
|
+
const mask = getMask(b);
|
|
47
30
|
return (bytes) => {
|
|
48
|
-
const
|
|
49
|
-
for (let
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
31
|
+
const baseB = new Uint32Array(outLen);
|
|
32
|
+
for (let out = 0, pos = 0, bits = 0, total = 0; out < outLen; out++) {
|
|
33
|
+
while (bits < b) {
|
|
34
|
+
total = (total << 8) | bytes[pos++];
|
|
35
|
+
bits += 8;
|
|
36
|
+
}
|
|
37
|
+
bits -= b;
|
|
38
|
+
baseB[out] = (total >>> bits) & mask;
|
|
54
39
|
}
|
|
55
|
-
return
|
|
40
|
+
return baseB;
|
|
56
41
|
};
|
|
57
42
|
};
|
|
58
43
|
function getMaskBig(bits) {
|
|
@@ -121,9 +106,9 @@ function gen(opts, hashOpts) {
|
|
|
121
106
|
}
|
|
122
107
|
return addr;
|
|
123
108
|
};
|
|
124
|
-
const chainCoder =
|
|
109
|
+
const chainCoder = base2b(WOTS_LEN2, WOTS_LOGW);
|
|
125
110
|
const chainLengths = (msg) => {
|
|
126
|
-
const W1 =
|
|
111
|
+
const W1 = base2b(WOTS_LEN1, WOTS_LOGW)(msg);
|
|
127
112
|
let csum = 0;
|
|
128
113
|
for (let i = 0; i < W1.length; i++)
|
|
129
114
|
csum += W - 1 - W1[i]; // ▷ Compute checksum
|
|
@@ -136,9 +121,7 @@ function gen(opts, hashOpts) {
|
|
|
136
121
|
lengths.set(W2, W1.length);
|
|
137
122
|
return lengths;
|
|
138
123
|
};
|
|
139
|
-
|
|
140
|
-
const msgCoder = base_2bLE(K, A);
|
|
141
|
-
const messageToIndices = (msg) => msgCoder(msg);
|
|
124
|
+
const messageToIndices = base2b(K, A);
|
|
142
125
|
const TREE_BITS = TREE_HEIGHT * (D - 1);
|
|
143
126
|
const LEAF_BITS = TREE_HEIGHT;
|
|
144
127
|
const hashMsgCoder = splitCoder(Math.ceil((A * K) / 8), Math.ceil(TREE_BITS / 8), Math.ceil(TREE_HEIGHT / 8));
|
|
@@ -395,13 +378,12 @@ function gen(opts, hashOpts) {
|
|
|
395
378
|
},
|
|
396
379
|
};
|
|
397
380
|
}
|
|
398
|
-
const genShake = (
|
|
399
|
-
const ADDR_BYTES = 32;
|
|
381
|
+
const genShake = () => (opts) => (pubSeed, skSeed) => {
|
|
400
382
|
const { N } = opts;
|
|
401
383
|
const stats = { prf: 0, thash: 0, hmsg: 0, gen_message_random: 0 };
|
|
402
384
|
const h0 = shake256.create({}).update(pubSeed);
|
|
403
385
|
const h0tmp = h0.clone();
|
|
404
|
-
const
|
|
386
|
+
const thash = (blocks, input, addr) => {
|
|
405
387
|
stats.thash++;
|
|
406
388
|
return h0
|
|
407
389
|
._cloneInto(h0tmp)
|
|
@@ -409,26 +391,13 @@ const genShake = (robust) => (opts) => (pubSeed, skSeed) => {
|
|
|
409
391
|
.update(input.subarray(0, blocks * N))
|
|
410
392
|
.xof(N);
|
|
411
393
|
};
|
|
412
|
-
const thash_robust = (blocks, input, addr) => {
|
|
413
|
-
stats.thash++;
|
|
414
|
-
const buf = new Uint8Array(ADDR_BYTES + (blocks + 1) * N);
|
|
415
|
-
buf.subarray(0, N).set(pubSeed);
|
|
416
|
-
buf.subarray(N, N + ADDR_BYTES).set(addr);
|
|
417
|
-
shake256
|
|
418
|
-
.create({})
|
|
419
|
-
.update(buf.subarray(0, N + ADDR_BYTES))
|
|
420
|
-
.xofInto(buf.subarray(N + ADDR_BYTES));
|
|
421
|
-
for (let i = 0; i < blocks * N; i++)
|
|
422
|
-
buf[N + ADDR_BYTES + i] ^= input[i];
|
|
423
|
-
return shake256.create({}).update(buf).xof(N);
|
|
424
|
-
};
|
|
425
|
-
const thash = robust ? thash_robust : thash_simple;
|
|
426
394
|
return {
|
|
427
395
|
PRFaddr: (addr) => {
|
|
428
396
|
if (!skSeed)
|
|
429
397
|
throw new Error('no sk seed');
|
|
430
398
|
stats.prf++;
|
|
431
|
-
|
|
399
|
+
const res = h0._cloneInto(h0tmp).update(addr).update(skSeed).xof(N);
|
|
400
|
+
return res;
|
|
432
401
|
},
|
|
433
402
|
PRFmsg: (skPRF, random, msg) => {
|
|
434
403
|
stats.gen_message_random++;
|
|
@@ -447,20 +416,7 @@ const genShake = (robust) => (opts) => (pubSeed, skSeed) => {
|
|
|
447
416
|
},
|
|
448
417
|
};
|
|
449
418
|
};
|
|
450
|
-
const SHAKE_SIMPLE = { getContext: genShake(
|
|
451
|
-
const SHAKE_ROBUST = { getContext: genShake(true) };
|
|
452
|
-
export const sphincs_shake_128f_simple = /* @__PURE__ */ gen(PARAMS['128f'], SHAKE_SIMPLE);
|
|
453
|
-
export const sphincs_shake_128f_robust = /* @__PURE__ */ gen(PARAMS['128f'], SHAKE_ROBUST);
|
|
454
|
-
export const sphincs_shake_128s_simple = /* @__PURE__ */ gen(PARAMS['128s'], SHAKE_SIMPLE);
|
|
455
|
-
export const sphincs_shake_128s_robust = /* @__PURE__ */ gen(PARAMS['128s'], SHAKE_ROBUST);
|
|
456
|
-
export const sphincs_shake_192f_simple = /* @__PURE__ */ gen(PARAMS['192f'], SHAKE_SIMPLE);
|
|
457
|
-
export const sphincs_shake_192f_robust = /* @__PURE__ */ gen(PARAMS['192f'], SHAKE_ROBUST);
|
|
458
|
-
export const sphincs_shake_192s_simple = /* @__PURE__ */ gen(PARAMS['192s'], SHAKE_SIMPLE);
|
|
459
|
-
export const sphincs_shake_192s_robust = /* @__PURE__ */ gen(PARAMS['192s'], SHAKE_ROBUST);
|
|
460
|
-
export const sphincs_shake_256f_simple = /* @__PURE__ */ gen(PARAMS['256f'], SHAKE_SIMPLE);
|
|
461
|
-
export const sphincs_shake_256f_robust = /* @__PURE__ */ gen(PARAMS['256f'], SHAKE_ROBUST);
|
|
462
|
-
export const sphincs_shake_256s_simple = /* @__PURE__ */ gen(PARAMS['256s'], SHAKE_SIMPLE);
|
|
463
|
-
export const sphincs_shake_256s_robust = /* @__PURE__ */ gen(PARAMS['256s'], SHAKE_ROBUST);
|
|
419
|
+
const SHAKE_SIMPLE = { getContext: genShake() };
|
|
464
420
|
// Only simple mode in SLH-DSA
|
|
465
421
|
export const slh_dsa_shake_128f = /* @__PURE__ */ gen(PARAMS['128f'], SHAKE_SIMPLE);
|
|
466
422
|
export const slh_dsa_shake_128s = /* @__PURE__ */ gen(PARAMS['128s'], SHAKE_SIMPLE);
|
|
@@ -468,7 +424,7 @@ export const slh_dsa_shake_192f = /* @__PURE__ */ gen(PARAMS['192f'], SHAKE_SIMP
|
|
|
468
424
|
export const slh_dsa_shake_192s = /* @__PURE__ */ gen(PARAMS['192s'], SHAKE_SIMPLE);
|
|
469
425
|
export const slh_dsa_shake_256f = /* @__PURE__ */ gen(PARAMS['256f'], SHAKE_SIMPLE);
|
|
470
426
|
export const slh_dsa_shake_256s = /* @__PURE__ */ gen(PARAMS['256s'], SHAKE_SIMPLE);
|
|
471
|
-
const genSha = (h0, h1
|
|
427
|
+
const genSha = (h0, h1) => (opts) => (pub_seed, sk_seed) => {
|
|
472
428
|
const { N } = opts;
|
|
473
429
|
/*
|
|
474
430
|
Perf debug stats, how much hashes we call?
|
|
@@ -502,7 +458,7 @@ const genSha = (h0, h1, robust) => (opts) => (pub_seed, sk_seed) => {
|
|
|
502
458
|
out.subarray(length).fill(0);
|
|
503
459
|
return out.subarray(0, length);
|
|
504
460
|
}
|
|
505
|
-
const
|
|
461
|
+
const thash = (_, h, hTmp) => (blocks, input, addr) => {
|
|
506
462
|
stats.thash++;
|
|
507
463
|
const d = h
|
|
508
464
|
._cloneInto(hTmp)
|
|
@@ -511,38 +467,18 @@ const genSha = (h0, h1, robust) => (opts) => (pub_seed, sk_seed) => {
|
|
|
511
467
|
.digest();
|
|
512
468
|
return d.subarray(0, N);
|
|
513
469
|
};
|
|
514
|
-
const thash_robust = (sha, h, _) => (blocks, input, addr) => {
|
|
515
|
-
stats.thash++;
|
|
516
|
-
stats.mgf1++;
|
|
517
|
-
// inlined mgf1
|
|
518
|
-
const addr8 = addr;
|
|
519
|
-
const hh = sha.create().update(pub_seed).update(addr8);
|
|
520
|
-
let bitmask = new Uint8Array(Math.ceil((blocks * N) / sha.outputLen) * sha.outputLen);
|
|
521
|
-
for (let counter = 0, o = bitmask; o.length; counter++) {
|
|
522
|
-
counterV.setUint32(0, counter, false);
|
|
523
|
-
hh.clone().update(counterB).digestInto(o);
|
|
524
|
-
o = o.subarray(sha.outputLen);
|
|
525
|
-
}
|
|
526
|
-
bitmask = bitmask.subarray(0, blocks * N);
|
|
527
|
-
const ou32 = u32(input);
|
|
528
|
-
const bm32 = u32(bitmask);
|
|
529
|
-
for (let i = 0; i < bm32.length; i++)
|
|
530
|
-
bm32[i] ^= ou32[i];
|
|
531
|
-
const d = h.clone().update(addr8).update(bitmask).digest();
|
|
532
|
-
return d.subarray(0, N);
|
|
533
|
-
};
|
|
534
|
-
const thash = robust ? thash_robust : thash_simple;
|
|
535
470
|
return {
|
|
536
471
|
PRFaddr: (addr) => {
|
|
537
472
|
if (!sk_seed)
|
|
538
473
|
throw new Error('No sk seed');
|
|
539
474
|
stats.prf++;
|
|
540
|
-
|
|
475
|
+
const res = h0ps
|
|
541
476
|
._cloneInto(h0tmp)
|
|
542
477
|
.update(addr)
|
|
543
478
|
.update(sk_seed)
|
|
544
479
|
.digest()
|
|
545
480
|
.subarray(0, N);
|
|
481
|
+
return res;
|
|
546
482
|
},
|
|
547
483
|
PRFmsg: (skPRF, random, msg) => {
|
|
548
484
|
stats.gen_message_random++;
|
|
@@ -566,32 +502,12 @@ const genSha = (h0, h1, robust) => (opts) => (pub_seed, sk_seed) => {
|
|
|
566
502
|
};
|
|
567
503
|
const SHA256_SIMPLE = {
|
|
568
504
|
isCompressed: true,
|
|
569
|
-
getContext: genSha(sha256, sha256
|
|
570
|
-
};
|
|
571
|
-
const SHA256_ROBUST = {
|
|
572
|
-
isCompressed: true,
|
|
573
|
-
getContext: genSha(sha256, sha256, true),
|
|
505
|
+
getContext: genSha(sha256, sha256),
|
|
574
506
|
};
|
|
575
507
|
const SHA512_SIMPLE = {
|
|
576
508
|
isCompressed: true,
|
|
577
|
-
getContext: genSha(sha256, sha512
|
|
578
|
-
};
|
|
579
|
-
const SHA512_ROBUST = {
|
|
580
|
-
isCompressed: true,
|
|
581
|
-
getContext: genSha(sha256, sha512, true),
|
|
509
|
+
getContext: genSha(sha256, sha512),
|
|
582
510
|
};
|
|
583
|
-
export const sphincs_sha2_128f_simple = /* @__PURE__ */ gen(PARAMS['128f'], SHA256_SIMPLE);
|
|
584
|
-
export const sphincs_sha2_128f_robust = /* @__PURE__ */ gen(PARAMS['128f'], SHA256_ROBUST);
|
|
585
|
-
export const sphincs_sha2_128s_simple = /* @__PURE__ */ gen(PARAMS['128s'], SHA256_SIMPLE);
|
|
586
|
-
export const sphincs_sha2_128s_robust = /* @__PURE__ */ gen(PARAMS['128s'], SHA256_ROBUST);
|
|
587
|
-
export const sphincs_sha2_192f_simple = /* @__PURE__ */ gen(PARAMS['192f'], SHA512_SIMPLE);
|
|
588
|
-
export const sphincs_sha2_192f_robust = /* @__PURE__ */ gen(PARAMS['192f'], SHA512_ROBUST);
|
|
589
|
-
export const sphincs_sha2_192s_simple = /* @__PURE__ */ gen(PARAMS['192s'], SHA512_SIMPLE);
|
|
590
|
-
export const sphincs_sha2_192s_robust = /* @__PURE__ */ gen(PARAMS['192s'], SHA512_ROBUST);
|
|
591
|
-
export const sphincs_sha2_256f_simple = /* @__PURE__ */ gen(PARAMS['256f'], SHA512_SIMPLE);
|
|
592
|
-
export const sphincs_sha2_256f_robust = /* @__PURE__ */ gen(PARAMS['256f'], SHA512_ROBUST);
|
|
593
|
-
export const sphincs_sha2_256s_simple = /* @__PURE__ */ gen(PARAMS['256s'], SHA512_SIMPLE);
|
|
594
|
-
export const sphincs_sha2_256s_robust = /* @__PURE__ */ gen(PARAMS['256s'], SHA512_ROBUST);
|
|
595
511
|
// Only simple mode in SLH-DSA
|
|
596
512
|
export const slh_dsa_sha2_128f = /* @__PURE__ */ gen(PARAMS['128f'], SHA256_SIMPLE);
|
|
597
513
|
export const slh_dsa_sha2_128s = /* @__PURE__ */ gen(PARAMS['128s'], SHA256_SIMPLE);
|