@noble/post-quantum 0.1.0 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- package/README.md +158 -180
- package/_crystals.d.ts +0 -1
- package/_crystals.d.ts.map +1 -1
- package/_crystals.js +1 -31
- package/_crystals.js.map +1 -1
- package/esm/_crystals.d.ts +33 -0
- package/esm/_crystals.d.ts.map +1 -0
- package/esm/_crystals.js +0 -30
- package/esm/_crystals.js.map +1 -1
- package/esm/index.d.ts +2 -0
- package/esm/index.d.ts.map +1 -0
- package/esm/ml-dsa.d.ts +44 -0
- package/esm/ml-dsa.d.ts.map +1 -0
- package/esm/ml-dsa.js +67 -88
- package/esm/ml-dsa.js.map +1 -1
- package/esm/ml-kem.d.ts +55 -0
- package/esm/ml-kem.d.ts.map +1 -0
- package/esm/ml-kem.js +26 -83
- package/esm/ml-kem.js.map +1 -1
- package/esm/slh-dsa.d.ts +46 -0
- package/esm/slh-dsa.d.ts.map +1 -0
- package/esm/slh-dsa.js +27 -111
- package/esm/slh-dsa.js.map +1 -1
- package/esm/utils.d.ts +38 -0
- package/esm/utils.d.ts.map +1 -0
- package/esm/utils.js +2 -1
- package/esm/utils.js.map +1 -1
- package/ml-dsa.d.ts +27 -20
- package/ml-dsa.d.ts.map +1 -1
- package/ml-dsa.js +66 -87
- package/ml-dsa.js.map +1 -1
- package/ml-kem.d.ts +1 -80
- package/ml-kem.d.ts.map +1 -1
- package/ml-kem.js +26 -83
- package/ml-kem.js.map +1 -1
- package/package.json +14 -22
- package/slh-dsa.d.ts +0 -24
- package/slh-dsa.d.ts.map +1 -1
- package/slh-dsa.js +27 -111
- package/slh-dsa.js.map +1 -1
- package/src/_crystals.ts +0 -33
- package/src/ml-dsa.ts +75 -92
- package/src/ml-kem.ts +28 -87
- package/src/slh-dsa.ts +27 -121
- package/src/utils.ts +2 -1
- package/utils.d.ts +2 -2
- package/utils.d.ts.map +1 -1
- package/utils.js +7 -6
- package/utils.js.map +1 -1
package/esm/ml-kem.js
CHANGED
|
@@ -1,9 +1,7 @@
|
|
|
1
1
|
/*! noble-post-quantum - MIT License (c) 2024 Paul Miller (paulmillr.com) */
|
|
2
|
-
import { ctr } from '@noble/ciphers/aes';
|
|
3
|
-
import { sha256, sha512 } from '@noble/hashes/sha2';
|
|
4
2
|
import { sha3_256, sha3_512, shake256 } from '@noble/hashes/sha3';
|
|
5
3
|
import { u32 } from '@noble/hashes/utils';
|
|
6
|
-
import { genCrystals,
|
|
4
|
+
import { genCrystals, XOF128 } from './_crystals.js';
|
|
7
5
|
import { cleanBytes, ensureBytes, equalBytes, randomBytes, splitCoder, vecCoder, } from './utils.js';
|
|
8
6
|
/*
|
|
9
7
|
Lattice-based key encapsulation mechanism.
|
|
@@ -25,15 +23,10 @@ There are some concerns with regards to security: see
|
|
|
25
23
|
[djb blog](https://blog.cr.yp.to/20231003-countcorrectly.html) and
|
|
26
24
|
[mailing list](https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/W2VOzy0wz_E).
|
|
27
25
|
|
|
28
|
-
Three versions are provided:
|
|
29
|
-
|
|
30
|
-
1. Kyber
|
|
31
|
-
2. Kyber-90s, using algorithms from 1990s
|
|
32
|
-
3. ML-KEM aka [FIPS-203](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.ipd.pdf)
|
|
33
26
|
*/
|
|
34
27
|
const N = 256; // Kyber (not FIPS-203) supports different lengths, but all std modes were using 256
|
|
35
28
|
const Q = 3329; // 13*(2**8)+1, modulo prime
|
|
36
|
-
const F = 3303; // 3303 ≡ 128−1 mod q (FIPS-203)
|
|
29
|
+
const F = 3303; // 3303 ≡ 128**(−1) mod q (FIPS-203)
|
|
37
30
|
const ROOT_OF_UNITY = 17; // ζ = 17 ∈ Zq is a primitive 256-th root of unity modulo Q. ζ**128 ≡−1
|
|
38
31
|
const { mod, nttZetas, NTT, bitsCoder } = genCrystals({
|
|
39
32
|
N,
|
|
@@ -146,7 +139,7 @@ function sampleCBD(PRF, seed, nonce, eta) {
|
|
|
146
139
|
// K-PKE
|
|
147
140
|
// As per FIPS-203, it doesn't perform any input validation and can't be used in standalone fashion.
|
|
148
141
|
const genKPKE = (opts) => {
|
|
149
|
-
const { K, PRF, XOF, HASH512, ETA1, ETA2, du, dv
|
|
142
|
+
const { K, PRF, XOF, HASH512, ETA1, ETA2, du, dv } = opts;
|
|
150
143
|
const poly1 = polyCoder(1);
|
|
151
144
|
const polyV = polyCoder(dv);
|
|
152
145
|
const polyU = polyCoder(du);
|
|
@@ -160,7 +153,11 @@ const genKPKE = (opts) => {
|
|
|
160
153
|
publicKeyLen: publicCoder.bytesLen,
|
|
161
154
|
cipherTextLen: cipherCoder.bytesLen,
|
|
162
155
|
keygen: (seed) => {
|
|
163
|
-
const
|
|
156
|
+
const seedDst = new Uint8Array(33);
|
|
157
|
+
seedDst.set(seed);
|
|
158
|
+
seedDst[32] = K;
|
|
159
|
+
const seedHash = HASH512(seedDst);
|
|
160
|
+
const [rho, sigma] = seedCoder.decode(seedHash);
|
|
164
161
|
const sHat = [];
|
|
165
162
|
const tHat = [];
|
|
166
163
|
for (let i = 0; i < K; i++)
|
|
@@ -169,7 +166,7 @@ const genKPKE = (opts) => {
|
|
|
169
166
|
for (let i = 0; i < K; i++) {
|
|
170
167
|
const e = NTT.encode(sampleCBD(PRF, sigma, K + i, ETA1));
|
|
171
168
|
for (let j = 0; j < K; j++) {
|
|
172
|
-
const aji = SampleNTT(
|
|
169
|
+
const aji = SampleNTT(x.get(j, i)); // A[j][i], inplace
|
|
173
170
|
polyAdd(e, MultiplyNTTs(aji, sHat[j]));
|
|
174
171
|
}
|
|
175
172
|
tHat.push(e); // t ← A ◦ s + e
|
|
@@ -179,7 +176,7 @@ const genKPKE = (opts) => {
|
|
|
179
176
|
publicKey: publicCoder.encode([tHat, rho]),
|
|
180
177
|
secretKey: secretCoder.encode(sHat),
|
|
181
178
|
};
|
|
182
|
-
cleanBytes(rho, sigma, sHat, tHat);
|
|
179
|
+
cleanBytes(rho, sigma, sHat, tHat, seedDst, seedHash);
|
|
183
180
|
return res;
|
|
184
181
|
},
|
|
185
182
|
encrypt: (publicKey, msg, seed) => {
|
|
@@ -194,7 +191,7 @@ const genKPKE = (opts) => {
|
|
|
194
191
|
const e1 = sampleCBD(PRF, seed, K + i, ETA2);
|
|
195
192
|
const tmp = new Uint16Array(N);
|
|
196
193
|
for (let j = 0; j < K; j++) {
|
|
197
|
-
const aij = SampleNTT(
|
|
194
|
+
const aij = SampleNTT(x.get(i, j)); // A[i][j], inplace
|
|
198
195
|
polyAdd(tmp, MultiplyNTTs(aij, rHat[j])); // t += aij * rHat[j]
|
|
199
196
|
}
|
|
200
197
|
polyAdd(e1, NTT.decode(tmp)); // e1 += tmp
|
|
@@ -224,7 +221,7 @@ const genKPKE = (opts) => {
|
|
|
224
221
|
};
|
|
225
222
|
function createKyber(opts) {
|
|
226
223
|
const KPKE = genKPKE(opts);
|
|
227
|
-
const { HASH256, HASH512, KDF
|
|
224
|
+
const { HASH256, HASH512, KDF } = opts;
|
|
228
225
|
const { secretCoder: KPKESecretCoder, cipherTextLen } = KPKE;
|
|
229
226
|
const publicKeyLen = KPKE.publicKeyLen; // 384*K+32
|
|
230
227
|
const secretCoder = splitCoder(KPKE.secretKeyLen, KPKE.publicKeyLen, 32, 32);
|
|
@@ -245,31 +242,20 @@ function createKyber(opts) {
|
|
|
245
242
|
encapsulate: (publicKey, msg = randomBytes(32)) => {
|
|
246
243
|
ensureBytes(publicKey, publicKeyLen);
|
|
247
244
|
ensureBytes(msg, msgLen);
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
// (Modulus check.) Perform the computation ek ← ByteEncode12(ByteDecode12(eke)).
|
|
255
|
-
// If ek = ̸ eke, the input is invalid. (See Section 4.2.1.)
|
|
256
|
-
if (!equalBytes(ek, eke)) {
|
|
257
|
-
cleanBytes(ek);
|
|
258
|
-
throw new Error('ML-KEM.encapsulate: wrong publicKey modulus');
|
|
259
|
-
}
|
|
245
|
+
// FIPS-203 includes additional verification check for modulus
|
|
246
|
+
const eke = publicKey.subarray(0, 384 * opts.K);
|
|
247
|
+
const ek = KPKESecretCoder.encode(KPKESecretCoder.decode(eke.slice())); // Copy because of inplace encoding
|
|
248
|
+
// (Modulus check.) Perform the computation ek ← ByteEncode12(ByteDecode12(eke)).
|
|
249
|
+
// If ek = ̸ eke, the input is invalid. (See Section 4.2.1.)
|
|
250
|
+
if (!equalBytes(ek, eke)) {
|
|
260
251
|
cleanBytes(ek);
|
|
252
|
+
throw new Error('ML-KEM.encapsulate: wrong publicKey modulus');
|
|
261
253
|
}
|
|
254
|
+
cleanBytes(ek);
|
|
262
255
|
const kr = HASH512.create().update(msg).update(HASH256(publicKey)).digest(); // derive randomness
|
|
263
256
|
const cipherText = KPKE.encrypt(publicKey, msg, kr.subarray(32, 64));
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
const cipherTextHash = HASH256(cipherText);
|
|
267
|
-
const sharedSecret = KDF.create({})
|
|
268
|
-
.update(kr.subarray(0, 32))
|
|
269
|
-
.update(cipherTextHash)
|
|
270
|
-
.digest();
|
|
271
|
-
cleanBytes(kr, cipherTextHash);
|
|
272
|
-
return { cipherText, sharedSecret };
|
|
257
|
+
kr.subarray(32).fill(0);
|
|
258
|
+
return { cipherText, sharedSecret: kr.subarray(0, 32) };
|
|
273
259
|
},
|
|
274
260
|
decapsulate: (cipherText, secretKey) => {
|
|
275
261
|
ensureBytes(secretKey, secretKeyLen); // 768*k + 96
|
|
@@ -280,39 +266,12 @@ function createKyber(opts) {
|
|
|
280
266
|
const Khat = kr.subarray(0, 32);
|
|
281
267
|
const cipherText2 = KPKE.encrypt(publicKey, msg, kr.subarray(32, 64)); // re-encrypt using the derived randomness
|
|
282
268
|
const isValid = equalBytes(cipherText, cipherText2); // if ciphertexts do not match, “implicitly reject”
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
return isValid ? Khat : Kbar;
|
|
287
|
-
}
|
|
288
|
-
const cipherTextHash = HASH256(cipherText);
|
|
289
|
-
const sharedSecret = KDF.create({ dkLen: 32 })
|
|
290
|
-
.update(isValid ? Khat : z)
|
|
291
|
-
.update(cipherTextHash)
|
|
292
|
-
.digest();
|
|
293
|
-
cleanBytes(msg, cipherTextHash, cipherText2, Khat, z);
|
|
294
|
-
return sharedSecret;
|
|
269
|
+
const Kbar = KDF.create({ dkLen: 32 }).update(z).update(cipherText).digest();
|
|
270
|
+
cleanBytes(msg, cipherText2, !isValid ? Khat : Kbar);
|
|
271
|
+
return isValid ? Khat : Kbar;
|
|
295
272
|
},
|
|
296
273
|
};
|
|
297
274
|
}
|
|
298
|
-
function PRF(l, key, nonce) {
|
|
299
|
-
const _nonce = new Uint8Array(16);
|
|
300
|
-
_nonce[0] = nonce;
|
|
301
|
-
return ctr(key, _nonce).encrypt(new Uint8Array(l));
|
|
302
|
-
}
|
|
303
|
-
const opts90s = { HASH256: sha256, HASH512: sha512, KDF: sha256, XOF: XOF_AES, PRF };
|
|
304
|
-
export const kyber512_90s = /* @__PURE__ */ createKyber({
|
|
305
|
-
...opts90s,
|
|
306
|
-
...PARAMS[512],
|
|
307
|
-
});
|
|
308
|
-
export const kyber768_90s = /* @__PURE__ */ createKyber({
|
|
309
|
-
...opts90s,
|
|
310
|
-
...PARAMS[768],
|
|
311
|
-
});
|
|
312
|
-
export const kyber1024_90s = /* @__PURE__ */ createKyber({
|
|
313
|
-
...opts90s,
|
|
314
|
-
...PARAMS[1024],
|
|
315
|
-
});
|
|
316
275
|
function shakePRF(dkLen, key, nonce) {
|
|
317
276
|
return shake256
|
|
318
277
|
.create({ dkLen })
|
|
@@ -327,35 +286,19 @@ const opts = {
|
|
|
327
286
|
XOF: XOF128,
|
|
328
287
|
PRF: shakePRF,
|
|
329
288
|
};
|
|
330
|
-
export const kyber512 = /* @__PURE__ */ createKyber({
|
|
331
|
-
...opts,
|
|
332
|
-
...PARAMS[512],
|
|
333
|
-
});
|
|
334
|
-
export const kyber768 = /* @__PURE__ */ createKyber({
|
|
335
|
-
...opts,
|
|
336
|
-
...PARAMS[768],
|
|
337
|
-
});
|
|
338
|
-
export const kyber1024 = /* @__PURE__ */ createKyber({
|
|
339
|
-
...opts,
|
|
340
|
-
...PARAMS[1024],
|
|
341
|
-
});
|
|
342
289
|
/**
|
|
343
|
-
* FIPS-203
|
|
344
|
-
* Unsafe: we can't cross-verify, because there are no test vectors or other implementations.
|
|
290
|
+
* FIPS-203 ML-KEM.
|
|
345
291
|
*/
|
|
346
292
|
export const ml_kem512 = /* @__PURE__ */ createKyber({
|
|
347
293
|
...opts,
|
|
348
294
|
...PARAMS[512],
|
|
349
|
-
FIPS203: true,
|
|
350
295
|
});
|
|
351
296
|
export const ml_kem768 = /* @__PURE__ */ createKyber({
|
|
352
297
|
...opts,
|
|
353
298
|
...PARAMS[768],
|
|
354
|
-
FIPS203: true,
|
|
355
299
|
});
|
|
356
300
|
export const ml_kem1024 = /* @__PURE__ */ createKyber({
|
|
357
301
|
...opts,
|
|
358
302
|
...PARAMS[1024],
|
|
359
|
-
FIPS203: true,
|
|
360
303
|
});
|
|
361
304
|
//# sourceMappingURL=ml-kem.js.map
|
package/esm/ml-kem.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ml-kem.js","sourceRoot":"","sources":["../src/ml-kem.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAC5E,OAAO,EAAE,GAAG,EAAE,MAAM,oBAAoB,CAAC;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAClE,OAAO,EAAE,GAAG,EAA4C,MAAM,qBAAqB,CAAC;AACpF,OAAO,EAAE,WAAW,EAAO,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AACnE,OAAO,EAEL,UAAU,EACV,WAAW,EACX,UAAU,EACV,WAAW,EACX,UAAU,EACV,QAAQ,GACT,MAAM,YAAY,CAAC;AAEpB;;;;;;;;;;;;;;;;;;;;;;;;;EAyBE;AAEF,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,oFAAoF;AACnG,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,4BAA4B;AAC5C,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,gCAAgC;AAChD,MAAM,aAAa,GAAG,EAAE,CAAC,CAAC,uEAAuE;AACjG,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,WAAW,CAAC;IACpD,CAAC;IACD,CAAC;IACD,CAAC;IACD,aAAa;IACb,OAAO,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC;IAC1C,OAAO,EAAE,CAAC;IACV,OAAO,EAAE,IAAI;CACd,CAAC,CAAC;AAaH,kBAAkB;AAClB,MAAM,CAAC,MAAM,MAAM,GAAiC;IAClD,GAAG,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE;IACtE,GAAG,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE;IACtE,IAAI,EAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE;CAC9D,CAAC;AAEX,gCAAgC;AAChC,MAAM,QAAQ,GAAG,CAAC,CAAS,EAAyB,EAAE;IACpD,qFAAqF;IACrF,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC;IAC3E,uFAAuF;IACvF,0EAA0E;IAC1E,wDAAwD;IACxD,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,OAAO;QACL,oEAAoE;QACpE,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC;QAC7C,6DAA6D;QAC7D,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC;KACzC,CAAC;AACJ,CAAC,CAAC;AAEF,4FAA4F;AAC5F,yGAAyG;AACzG,gFAAgF;AAChF,MAAM,SAAS,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;AAK3D,SAAS,OAAO,CAAC,CAAO,EAAE,CAAO;IAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;QAAE,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;AAChE,CAAC;AACD,SAAS,OAAO,CAAC,CAAO,EAAE,CAAO;IAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;QAAE,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;AAChE,CAAC;AAED,mGAAmG;AACnG,SAAS,gBAAgB,CAAC,EAAU,EAAE,EAAU,EAAE,EAAU,EAAE,EAAU,EAAE,IAAY;IACpF,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;IACzC,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;IAClC,OAAO,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC;AACpB,CAAC;AAED,wGAAwG;AACxG,iHAAiH;AACjH,SAAS,YAAY,CAAC,CAAO,EAAE,CAAO;IACpC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC/B,IAAI,CAAC,GAAG,QAAQ,CAAC,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChC,IAAI,CAAC,GAAG,CAAC;YAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAClB,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC/F,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;QAClB,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;IACpB,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAiBD,oCAAoC;AACpC,SAAS,SAAS,CAAC,GAAW;IAC5B,MAAM,CAAC,GAAS,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;IACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAI,CAAC;QACxB,MAAM,CAAC,GAAG,GAAG,EAAE,CAAC;QAChB,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACnD,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC;YACvD,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC;YACvD,IAAI,EAAE,GAAG,CAAC;gBAAE,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC;YACxB,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC;gBAAE,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC;QACnC,CAAC;IACH,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,mDAAmD;AACnD,sDAAsD;AACtD,SAAS,SAAS,CAAC,GAAQ,EAAE,IAAgB,EAAE,KAAa,EAAE,GAAW;IACvE,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IAC5C,MAAM,CAAC,GAAS,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;IACnC,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IACrB,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3D,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;YACZ,CAAC,KAAK,CAAC,CAAC;YACR,GAAG,IAAI,CAAC,CAAC;YACT,IAAI,GAAG,KAAK,GAAG,EAAE,CAAC;gBAChB,EAAE,GAAG,EAAE,CAAC;gBACR,EAAE,GAAG,CAAC,CAAC;YACT,CAAC;iBAAM,IAAI,GAAG,KAAK,CAAC,GAAG,GAAG,EAAE,CAAC;gBAC3B,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;gBACtB,EAAE,GAAG,CAAC,CAAC;gBACP,GAAG,GAAG,CAAC,CAAC;YACV,CAAC;QACH,CAAC;IACH,CAAC;IACD,IAAI,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,GAAG,EAAE,CAAC,CAAC;IAC7D,OAAO,CAAC,CAAC;AACX,CAAC;AAED,QAAQ;AACR,oGAAoG;AACpG,MAAM,OAAO,GAAG,CAAC,IAAe,EAAE,EAAE;IAClC,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IACnE,MAAM,KAAK,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;IAC3B,MAAM,KAAK,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;IAC5B,MAAM,KAAK,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;IAC5B,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC/D,MAAM,WAAW,GAAG,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;IAC/C,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAC1D,MAAM,SAAS,GAAG,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACrC,OAAO;QACL,WAAW;QACX,YAAY,EAAE,WAAW,CAAC,QAAQ;QAClC,YAAY,EAAE,WAAW,CAAC,QAAQ;QAClC,aAAa,EAAE,WAAW,CAAC,QAAQ;QACnC,MAAM,EAAE,CAAC,IAAgB,EAAE,EAAE;YAC3B,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YACrD,MAAM,IAAI,GAAW,EAAE,CAAC;YACxB,MAAM,IAAI,GAAW,EAAE,CAAC;YACxB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;gBAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;YAClF,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;YACnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3B,MAAM,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;gBACzD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3B,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,mBAAmB;oBAC/E,OAAO,CAAC,CAAC,EAAE,YAAY,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACzC,CAAC;gBACD,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB;YAChC,CAAC;YACD,CAAC,CAAC,KAAK,EAAE,CAAC;YACV,MAAM,GAAG,GAAG;gBACV,SAAS,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;gBAC1C,SAAS,EAAE,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC;aACpC,CAAC;YACF,UAAU,CAAC,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;YACnC,OAAO,GAAG,CAAC;QACb,CAAC;QACD,OAAO,EAAE,CAAC,SAAqB,EAAE,GAAe,EAAE,IAAgB,EAAE,EAAE;YACpE,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAClD,MAAM,IAAI,GAAG,EAAE,CAAC;YAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;gBAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;YACjF,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;YACnB,MAAM,IAAI,GAAG,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;YAChC,MAAM,CAAC,GAAG,EAAE,CAAC;YACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3B,MAAM,EAAE,GAAG,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;gBAC7C,MAAM,GAAG,GAAG,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;gBAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3B,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,mBAAmB;oBAC/E,OAAO,CAAC,GAAG,EAAE,YAAY,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,qBAAqB;gBACjE,CAAC;gBACD,OAAO,CAAC,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY;gBAC1C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACX,OAAO,CAAC,IAAI,EAAE,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,0BAA0B;gBACzE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACd,CAAC;YACD,CAAC,CAAC,KAAK,EAAE,CAAC;YACV,MAAM,EAAE,GAAG,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;YAC7C,OAAO,CAAC,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,aAAa;YAC5C,MAAM,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,uCAAuC;YACpE,OAAO,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU;YAC1B,UAAU,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;YACjC,OAAO,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACpC,CAAC;QACD,OAAO,EAAE,CAAC,UAAsB,EAAE,UAAsB,EAAE,EAAE;YAC1D,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAC9C,MAAM,EAAE,GAAG,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,4BAA4B;YACvE,MAAM,GAAG,GAAG,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;YAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;gBAAE,OAAO,CAAC,GAAG,EAAE,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,sBAAsB;YACvG,OAAO,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW;YACxC,UAAU,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YACvB,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACzB,CAAC;KACF,CAAC;AACJ,CAAC,CAAC;AAEF,SAAS,WAAW,CAAC,IAAe;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3B,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IAChD,MAAM,EAAE,WAAW,EAAE,eAAe,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC;IAC7D,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,WAAW;IACnD,MAAM,WAAW,GAAG,UAAU,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAC7E,MAAM,YAAY,GAAG,WAAW,CAAC,QAAQ,CAAC;IAC1C,MAAM,MAAM,GAAG,EAAE,CAAC;IAClB,OAAO;QACL,YAAY;QACZ,MAAM;QACN,MAAM,EAAE,CAAC,IAAI,GAAG,WAAW,CAAC,EAAE,CAAC,EAAE,EAAE;YACjC,WAAW,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YACtB,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;YACvE,MAAM,aAAa,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;YACzC,wBAAwB;YACxB,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YACxF,UAAU,CAAC,EAAE,EAAE,aAAa,CAAC,CAAC;YAC9B,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;QAClC,CAAC;QACD,WAAW,EAAE,CAAC,SAAqB,EAAE,GAAG,GAAG,WAAW,CAAC,EAAE,CAAC,EAAE,EAAE;YAC5D,WAAW,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;YACrC,WAAW,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YACzB,IAAI,CAAC,OAAO;gBAAE,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,uCAAuC;iBACpE,CAAC;gBACJ,8DAA8D;gBAC9D,MAAM,GAAG,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;gBAChD,MAAM,EAAE,GAAG,eAAe,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,mCAAmC;gBAC3G,iFAAiF;gBACjF,4DAA4D;gBAC5D,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,CAAC;oBACzB,UAAU,CAAC,EAAE,CAAC,CAAC;oBACf,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;gBACjE,CAAC;gBACD,UAAU,CAAC,EAAE,CAAC,CAAC;YACjB,CAAC;YACD,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,oBAAoB;YACjG,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YACrE,IAAI,OAAO;gBAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YACrE,MAAM,cAAc,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;YAC3C,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;iBAChC,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;iBAC1B,MAAM,CAAC,cAAc,CAAC;iBACtB,MAAM,EAAE,CAAC;YACZ,UAAU,CAAC,EAAE,EAAE,cAAc,CAAC,CAAC;YAC/B,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,CAAC;QACtC,CAAC;QACD,WAAW,EAAE,CAAC,UAAsB,EAAE,SAAqB,EAAE,EAAE;YAC7D,WAAW,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC,CAAC,aAAa;YACnD,WAAW,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC,CAAC,gBAAgB;YACxD,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACxE,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;YACzC,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,+CAA+C;YACvH,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAChC,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,0CAA0C;YACjH,MAAM,OAAO,GAAG,UAAU,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC,mDAAmD;YACxG,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,EAAE,CAAC;gBAC7E,UAAU,CAAC,GAAG,EAAE,WAAW,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;gBACrD,OAAO,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;YAC/B,CAAC;YACD,MAAM,cAAc,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;YAC3C,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;iBAC3C,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;iBAC1B,MAAM,CAAC,cAAc,CAAC;iBACtB,MAAM,EAAE,CAAC;YACZ,UAAU,CAAC,GAAG,EAAE,cAAc,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;YACtD,OAAO,YAAY,CAAC;QACtB,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,GAAG,CAAC,CAAS,EAAE,GAAe,EAAE,KAAa;IACpD,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAClC,MAAM,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC;IAClB,OAAO,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;AACrD,CAAC;AAED,MAAM,OAAO,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;AAErF,MAAM,CAAC,MAAM,YAAY,GAAG,eAAe,CAAC,WAAW,CAAC;IACtD,GAAG,OAAO;IACV,GAAG,MAAM,CAAC,GAAG,CAAC;CACf,CAAC,CAAC;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,eAAe,CAAC,WAAW,CAAC;IACtD,GAAG,OAAO;IACV,GAAG,MAAM,CAAC,GAAG,CAAC;CACf,CAAC,CAAC;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,eAAe,CAAC,WAAW,CAAC;IACvD,GAAG,OAAO;IACV,GAAG,MAAM,CAAC,IAAI,CAAC;CAChB,CAAC,CAAC;AAEH,SAAS,QAAQ,CAAC,KAAa,EAAE,GAAe,EAAE,KAAa;IAC7D,OAAO,QAAQ;SACZ,MAAM,CAAC,EAAE,KAAK,EAAE,CAAC;SACjB,MAAM,CAAC,GAAG,CAAC;SACX,MAAM,CAAC,IAAI,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;SAC/B,MAAM,EAAE,CAAC;AACd,CAAC;AAED,MAAM,IAAI,GAAG;IACX,OAAO,EAAE,QAAQ;IACjB,OAAO,EAAE,QAAQ;IACjB,GAAG,EAAE,QAAQ;IACb,GAAG,EAAE,MAAM;IACX,GAAG,EAAE,QAAQ;CACd,CAAC;AAEF,MAAM,CAAC,MAAM,QAAQ,GAAG,eAAe,CAAC,WAAW,CAAC;IAClD,GAAG,IAAI;IACP,GAAG,MAAM,CAAC,GAAG,CAAC;CACf,CAAC,CAAC;AACH,MAAM,CAAC,MAAM,QAAQ,GAAG,eAAe,CAAC,WAAW,CAAC;IAClD,GAAG,IAAI;IACP,GAAG,MAAM,CAAC,GAAG,CAAC;CACf,CAAC,CAAC;AACH,MAAM,CAAC,MAAM,SAAS,GAAG,eAAe,CAAC,WAAW,CAAC;IACnD,GAAG,IAAI;IACP,GAAG,MAAM,CAAC,IAAI,CAAC;CAChB,CAAC,CAAC;AAEH;;;GAGG;AAEH,MAAM,CAAC,MAAM,SAAS,GAAG,eAAe,CAAC,WAAW,CAAC;IACnD,GAAG,IAAI;IACP,GAAG,MAAM,CAAC,GAAG,CAAC;IACd,OAAO,EAAE,IAAI;CACd,CAAC,CAAC;AACH,MAAM,CAAC,MAAM,SAAS,GAAG,eAAe,CAAC,WAAW,CAAC;IACnD,GAAG,IAAI;IACP,GAAG,MAAM,CAAC,GAAG,CAAC;IACd,OAAO,EAAE,IAAI;CACd,CAAC,CAAC;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,eAAe,CAAC,WAAW,CAAC;IACpD,GAAG,IAAI;IACP,GAAG,MAAM,CAAC,IAAI,CAAC;IACf,OAAO,EAAE,IAAI;CACd,CAAC,CAAC"}
|
|
1
|
+
{"version":3,"file":"ml-kem.js","sourceRoot":"","sources":["../src/ml-kem.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAC5E,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAClE,OAAO,EAAE,GAAG,EAA4C,MAAM,qBAAqB,CAAC;AACpF,OAAO,EAAE,WAAW,EAAO,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EAEL,UAAU,EACV,WAAW,EACX,UAAU,EACV,WAAW,EACX,UAAU,EACV,QAAQ,GACT,MAAM,YAAY,CAAC;AAEpB;;;;;;;;;;;;;;;;;;;;EAoBE;AAEF,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,oFAAoF;AACnG,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,4BAA4B;AAC5C,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,oCAAoC;AACpD,MAAM,aAAa,GAAG,EAAE,CAAC,CAAC,uEAAuE;AACjG,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,WAAW,CAAC;IACpD,CAAC;IACD,CAAC;IACD,CAAC;IACD,aAAa;IACb,OAAO,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC;IAC1C,OAAO,EAAE,CAAC;IACV,OAAO,EAAE,IAAI;CACd,CAAC,CAAC;AAaH,kBAAkB;AAClB,MAAM,CAAC,MAAM,MAAM,GAAiC;IAClD,GAAG,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE;IACtE,GAAG,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE;IACtE,IAAI,EAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE;CAC9D,CAAC;AAEX,gCAAgC;AAChC,MAAM,QAAQ,GAAG,CAAC,CAAS,EAAyB,EAAE;IACpD,qFAAqF;IACrF,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC;IAC3E,uFAAuF;IACvF,0EAA0E;IAC1E,wDAAwD;IACxD,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,OAAO;QACL,oEAAoE;QACpE,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC;QAC7C,6DAA6D;QAC7D,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC;KACzC,CAAC;AACJ,CAAC,CAAC;AAEF,4FAA4F;AAC5F,yGAAyG;AACzG,gFAAgF;AAChF,MAAM,SAAS,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;AAK3D,SAAS,OAAO,CAAC,CAAO,EAAE,CAAO;IAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;QAAE,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;AAChE,CAAC;AACD,SAAS,OAAO,CAAC,CAAO,EAAE,CAAO;IAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;QAAE,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;AAChE,CAAC;AAED,mGAAmG;AACnG,SAAS,gBAAgB,CAAC,EAAU,EAAE,EAAU,EAAE,EAAU,EAAE,EAAU,EAAE,IAAY;IACpF,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;IACzC,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;IAClC,OAAO,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC;AACpB,CAAC;AAED,wGAAwG;AACxG,iHAAiH;AACjH,SAAS,YAAY,CAAC,CAAO,EAAE,CAAO;IACpC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC/B,IAAI,CAAC,GAAG,QAAQ,CAAC,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChC,IAAI,CAAC,GAAG,CAAC;YAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAClB,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC/F,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;QAClB,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;IACpB,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAgBD,oCAAoC;AACpC,SAAS,SAAS,CAAC,GAAW;IAC5B,MAAM,CAAC,GAAS,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;IACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAI,CAAC;QACxB,MAAM,CAAC,GAAG,GAAG,EAAE,CAAC;QAChB,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACnD,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC;YACvD,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC;YACvD,IAAI,EAAE,GAAG,CAAC;gBAAE,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC;YACxB,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC;gBAAE,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC;QACnC,CAAC;IACH,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,mDAAmD;AACnD,sDAAsD;AACtD,SAAS,SAAS,CAAC,GAAQ,EAAE,IAAgB,EAAE,KAAa,EAAE,GAAW;IACvE,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IAC5C,MAAM,CAAC,GAAS,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;IACnC,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IACrB,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3D,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;YACZ,CAAC,KAAK,CAAC,CAAC;YACR,GAAG,IAAI,CAAC,CAAC;YACT,IAAI,GAAG,KAAK,GAAG,EAAE,CAAC;gBAChB,EAAE,GAAG,EAAE,CAAC;gBACR,EAAE,GAAG,CAAC,CAAC;YACT,CAAC;iBAAM,IAAI,GAAG,KAAK,CAAC,GAAG,GAAG,EAAE,CAAC;gBAC3B,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;gBACtB,EAAE,GAAG,CAAC,CAAC;gBACP,GAAG,GAAG,CAAC,CAAC;YACV,CAAC;QACH,CAAC;IACH,CAAC;IACD,IAAI,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,GAAG,EAAE,CAAC,CAAC;IAC7D,OAAO,CAAC,CAAC;AACX,CAAC;AAED,QAAQ;AACR,oGAAoG;AACpG,MAAM,OAAO,GAAG,CAAC,IAAe,EAAE,EAAE;IAClC,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC;IAC1D,MAAM,KAAK,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;IAC3B,MAAM,KAAK,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;IAC5B,MAAM,KAAK,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;IAC5B,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC/D,MAAM,WAAW,GAAG,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;IAC/C,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAC1D,MAAM,SAAS,GAAG,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACrC,OAAO;QACL,WAAW;QACX,YAAY,EAAE,WAAW,CAAC,QAAQ;QAClC,YAAY,EAAE,WAAW,CAAC,QAAQ;QAClC,aAAa,EAAE,WAAW,CAAC,QAAQ;QACnC,MAAM,EAAE,CAAC,IAAgB,EAAE,EAAE;YAC3B,MAAM,OAAO,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;YACnC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAClB,OAAO,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;YAChB,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;YAElC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAChD,MAAM,IAAI,GAAW,EAAE,CAAC;YACxB,MAAM,IAAI,GAAW,EAAE,CAAC;YACxB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;gBAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;YAClF,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;YACnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3B,MAAM,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;gBACzD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3B,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,mBAAmB;oBACvD,OAAO,CAAC,CAAC,EAAE,YAAY,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACzC,CAAC;gBACD,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB;YAChC,CAAC;YACD,CAAC,CAAC,KAAK,EAAE,CAAC;YACV,MAAM,GAAG,GAAG;gBACV,SAAS,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;gBAC1C,SAAS,EAAE,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC;aACpC,CAAC;YACF,UAAU,CAAC,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;YACtD,OAAO,GAAG,CAAC;QACb,CAAC;QACD,OAAO,EAAE,CAAC,SAAqB,EAAE,GAAe,EAAE,IAAgB,EAAE,EAAE;YACpE,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAClD,MAAM,IAAI,GAAG,EAAE,CAAC;YAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;gBAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;YACjF,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;YACnB,MAAM,IAAI,GAAG,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;YAChC,MAAM,CAAC,GAAG,EAAE,CAAC;YACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3B,MAAM,EAAE,GAAG,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;gBAC7C,MAAM,GAAG,GAAG,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;gBAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3B,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,mBAAmB;oBACvD,OAAO,CAAC,GAAG,EAAE,YAAY,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,qBAAqB;gBACjE,CAAC;gBACD,OAAO,CAAC,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY;gBAC1C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACX,OAAO,CAAC,IAAI,EAAE,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,0BAA0B;gBACzE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACd,CAAC;YACD,CAAC,CAAC,KAAK,EAAE,CAAC;YACV,MAAM,EAAE,GAAG,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;YAC7C,OAAO,CAAC,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,aAAa;YAC5C,MAAM,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,uCAAuC;YACpE,OAAO,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU;YAC1B,UAAU,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;YACjC,OAAO,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACpC,CAAC;QACD,OAAO,EAAE,CAAC,UAAsB,EAAE,UAAsB,EAAE,EAAE;YAC1D,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAC9C,MAAM,EAAE,GAAG,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,4BAA4B;YACvE,MAAM,GAAG,GAAG,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;YAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;gBAAE,OAAO,CAAC,GAAG,EAAE,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,sBAAsB;YACvG,OAAO,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW;YACxC,UAAU,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YACvB,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACzB,CAAC;KACF,CAAC;AACJ,CAAC,CAAC;AAEF,SAAS,WAAW,CAAC,IAAe;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3B,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IACvC,MAAM,EAAE,WAAW,EAAE,eAAe,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC;IAC7D,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,WAAW;IACnD,MAAM,WAAW,GAAG,UAAU,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAC7E,MAAM,YAAY,GAAG,WAAW,CAAC,QAAQ,CAAC;IAC1C,MAAM,MAAM,GAAG,EAAE,CAAC;IAClB,OAAO;QACL,YAAY;QACZ,MAAM;QACN,MAAM,EAAE,CAAC,IAAI,GAAG,WAAW,CAAC,EAAE,CAAC,EAAE,EAAE;YACjC,WAAW,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YACtB,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;YACvE,MAAM,aAAa,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;YACzC,wBAAwB;YACxB,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YACxF,UAAU,CAAC,EAAE,EAAE,aAAa,CAAC,CAAC;YAC9B,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;QAClC,CAAC;QACD,WAAW,EAAE,CAAC,SAAqB,EAAE,GAAG,GAAG,WAAW,CAAC,EAAE,CAAC,EAAE,EAAE;YAC5D,WAAW,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;YACrC,WAAW,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAEzB,8DAA8D;YAC9D,MAAM,GAAG,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YAChD,MAAM,EAAE,GAAG,eAAe,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,mCAAmC;YAC3G,iFAAiF;YACjF,4DAA4D;YAC5D,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,CAAC;gBACzB,UAAU,CAAC,EAAE,CAAC,CAAC;gBACf,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;YACjE,CAAC;YACD,UAAU,CAAC,EAAE,CAAC,CAAC;YACf,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,oBAAoB;YACjG,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YACrE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACxB,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;QAC1D,CAAC;QACD,WAAW,EAAE,CAAC,UAAsB,EAAE,SAAqB,EAAE,EAAE;YAC7D,WAAW,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC,CAAC,aAAa;YACnD,WAAW,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC,CAAC,gBAAgB;YACxD,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACxE,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;YACzC,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,+CAA+C;YACvH,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAChC,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,0CAA0C;YACjH,MAAM,OAAO,GAAG,UAAU,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC,mDAAmD;YACxG,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,EAAE,CAAC;YAC7E,UAAU,CAAC,GAAG,EAAE,WAAW,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACrD,OAAO,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;QAC/B,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,QAAQ,CAAC,KAAa,EAAE,GAAe,EAAE,KAAa;IAC7D,OAAO,QAAQ;SACZ,MAAM,CAAC,EAAE,KAAK,EAAE,CAAC;SACjB,MAAM,CAAC,GAAG,CAAC;SACX,MAAM,CAAC,IAAI,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;SAC/B,MAAM,EAAE,CAAC;AACd,CAAC;AAED,MAAM,IAAI,GAAG;IACX,OAAO,EAAE,QAAQ;IACjB,OAAO,EAAE,QAAQ;IACjB,GAAG,EAAE,QAAQ;IACb,GAAG,EAAE,MAAM;IACX,GAAG,EAAE,QAAQ;CACd,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,SAAS,GAAG,eAAe,CAAC,WAAW,CAAC;IACnD,GAAG,IAAI;IACP,GAAG,MAAM,CAAC,GAAG,CAAC;CACf,CAAC,CAAC;AACH,MAAM,CAAC,MAAM,SAAS,GAAG,eAAe,CAAC,WAAW,CAAC;IACnD,GAAG,IAAI;IACP,GAAG,MAAM,CAAC,GAAG,CAAC;CACf,CAAC,CAAC;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,eAAe,CAAC,WAAW,CAAC;IACpD,GAAG,IAAI;IACP,GAAG,MAAM,CAAC,IAAI,CAAC;CAChB,CAAC,CAAC"}
|
package/esm/slh-dsa.d.ts
ADDED
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
import { Signer } from './utils.js';
|
|
2
|
+
/**
|
|
3
|
+
* * N: Security parameter (in bytes). W: Winternitz parameter
|
|
4
|
+
* * H: Hypertree height. D: Hypertree layers
|
|
5
|
+
* * K: FORS trees numbers. A: FORS trees height
|
|
6
|
+
*/
|
|
7
|
+
export type SphincsOpts = {
|
|
8
|
+
N: number;
|
|
9
|
+
W: number;
|
|
10
|
+
H: number;
|
|
11
|
+
D: number;
|
|
12
|
+
K: number;
|
|
13
|
+
A: number;
|
|
14
|
+
};
|
|
15
|
+
export type SphincsHashOpts = {
|
|
16
|
+
isCompressed?: boolean;
|
|
17
|
+
getContext: GetContext;
|
|
18
|
+
};
|
|
19
|
+
export declare const PARAMS: Record<string, SphincsOpts>;
|
|
20
|
+
export type ADRS = Uint8Array;
|
|
21
|
+
type Context = {
|
|
22
|
+
PRFaddr: (addr: ADRS) => Uint8Array;
|
|
23
|
+
PRFmsg: (skPRF: Uint8Array, random: Uint8Array, msg: Uint8Array) => Uint8Array;
|
|
24
|
+
Hmsg: (R: Uint8Array, pk: Uint8Array, m: Uint8Array, outLen: number) => Uint8Array;
|
|
25
|
+
thash1: (input: Uint8Array, addr: ADRS) => Uint8Array;
|
|
26
|
+
thashN: (blocks: number, input: Uint8Array, addr: ADRS) => Uint8Array;
|
|
27
|
+
clean: () => void;
|
|
28
|
+
};
|
|
29
|
+
export type GetContext = (opts: SphincsOpts) => (pub_seed: Uint8Array, sk_seed?: Uint8Array) => Context;
|
|
30
|
+
type SphincsSigner = Signer & {
|
|
31
|
+
seedLen: number;
|
|
32
|
+
};
|
|
33
|
+
export declare const slh_dsa_shake_128f: SphincsSigner;
|
|
34
|
+
export declare const slh_dsa_shake_128s: SphincsSigner;
|
|
35
|
+
export declare const slh_dsa_shake_192f: SphincsSigner;
|
|
36
|
+
export declare const slh_dsa_shake_192s: SphincsSigner;
|
|
37
|
+
export declare const slh_dsa_shake_256f: SphincsSigner;
|
|
38
|
+
export declare const slh_dsa_shake_256s: SphincsSigner;
|
|
39
|
+
export declare const slh_dsa_sha2_128f: SphincsSigner;
|
|
40
|
+
export declare const slh_dsa_sha2_128s: SphincsSigner;
|
|
41
|
+
export declare const slh_dsa_sha2_192f: SphincsSigner;
|
|
42
|
+
export declare const slh_dsa_sha2_192s: SphincsSigner;
|
|
43
|
+
export declare const slh_dsa_sha2_256f: SphincsSigner;
|
|
44
|
+
export declare const slh_dsa_sha2_256s: SphincsSigner;
|
|
45
|
+
export {};
|
|
46
|
+
//# sourceMappingURL=slh-dsa.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"slh-dsa.d.ts","sourceRoot":"","sources":["../src/slh-dsa.ts"],"names":[],"mappings":"AAKA,OAAO,EACL,MAAM,EAQP,MAAM,YAAY,CAAC;AA+BpB;;;;GAIG;AACH,MAAM,MAAM,WAAW,GAAG;IACxB,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;CACX,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG;IAC5B,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,UAAU,EAAE,UAAU,CAAC;CACxB,CAAC;AAEF,eAAO,MAAM,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAOrC,CAAC;AAYX,MAAM,MAAM,IAAI,GAAG,UAAU,CAAC;AAE9B,KAAK,OAAO,GAAG;IACb,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,KAAK,UAAU,CAAC;IACpC,MAAM,EAAE,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,KAAK,UAAU,CAAC;IAC/E,IAAI,EAAE,CAAC,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,KAAK,UAAU,CAAC;IACnF,MAAM,EAAE,CAAC,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,KAAK,UAAU,CAAC;IACtD,MAAM,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,KAAK,UAAU,CAAC;IACtE,KAAK,EAAE,MAAM,IAAI,CAAC;CACnB,CAAC;AACF,MAAM,MAAM,UAAU,GAAG,CACvB,IAAI,EAAE,WAAW,KACd,CAAC,QAAQ,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,UAAU,KAAK,OAAO,CAAC;AAqC7D,KAAK,aAAa,GAAG,MAAM,GAAG;IAAE,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAiblD,eAAO,MAAM,kBAAkB,eAAoD,CAAC;AACpF,eAAO,MAAM,kBAAkB,eAAoD,CAAC;AACpF,eAAO,MAAM,kBAAkB,eAAoD,CAAC;AACpF,eAAO,MAAM,kBAAkB,eAAoD,CAAC;AACpF,eAAO,MAAM,kBAAkB,eAAoD,CAAC;AACpF,eAAO,MAAM,kBAAkB,eAAoD,CAAC;AAqGpF,eAAO,MAAM,iBAAiB,eAAqD,CAAC;AACpF,eAAO,MAAM,iBAAiB,eAAqD,CAAC;AACpF,eAAO,MAAM,iBAAiB,eAAqD,CAAC;AACpF,eAAO,MAAM,iBAAiB,eAAqD,CAAC;AACpF,eAAO,MAAM,iBAAiB,eAAqD,CAAC;AACpF,eAAO,MAAM,iBAAiB,eAAqD,CAAC"}
|
package/esm/slh-dsa.js
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
import { HMAC } from '@noble/hashes/hmac';
|
|
3
3
|
import { sha256, sha512 } from '@noble/hashes/sha2';
|
|
4
4
|
import { shake256 } from '@noble/hashes/sha3';
|
|
5
|
-
import { bytesToHex, hexToBytes, createView, concatBytes
|
|
5
|
+
import { bytesToHex, hexToBytes, createView, concatBytes } from '@noble/hashes/utils';
|
|
6
6
|
import { cleanBytes, ensureBytes, equalBytes, getMask, randomBytes, splitCoder, vecCoder, } from './utils.js';
|
|
7
7
|
export const PARAMS = {
|
|
8
8
|
'128f': { W: 16, N: 16, H: 66, D: 22, K: 33, A: 6 },
|
|
@@ -15,8 +15,7 @@ export const PARAMS = {
|
|
|
15
15
|
function hexToNumber(hex) {
|
|
16
16
|
if (typeof hex !== 'string')
|
|
17
17
|
throw new Error('hex string expected, got ' + typeof hex);
|
|
18
|
-
// Big Endian
|
|
19
|
-
return BigInt(hex === '' ? '0' : `0x${hex}`);
|
|
18
|
+
return BigInt(hex === '' ? '0' : '0x' + hex); // Big Endian
|
|
20
19
|
}
|
|
21
20
|
// BE: Big Endian, LE: Little Endian
|
|
22
21
|
function bytesToNumberBE(bytes) {
|
|
@@ -25,34 +24,20 @@ function bytesToNumberBE(bytes) {
|
|
|
25
24
|
function numberToBytesBE(n, len) {
|
|
26
25
|
return hexToBytes(n.toString(16).padStart(len * 2, '0'));
|
|
27
26
|
}
|
|
28
|
-
// Same as bitsCoder.decode, but bits are BE instead of LE (so we cannot re-use it).
|
|
29
|
-
// NOTE: difference happens only if d < 8.
|
|
30
|
-
const base_2bBE = (N, d) => {
|
|
31
|
-
const mask = getMask(d);
|
|
32
|
-
return (bytes) => {
|
|
33
|
-
const r = new Uint32Array(N);
|
|
34
|
-
for (let i = 0, buf = 0, bufLen = 0, pos = 0; i < bytes.length; i++) {
|
|
35
|
-
buf |= bytes[i] << bufLen;
|
|
36
|
-
bufLen += 8;
|
|
37
|
-
for (; bufLen >= d; bufLen -= d)
|
|
38
|
-
r[pos++] = (buf >>> (bufLen - d)) & mask;
|
|
39
|
-
buf &= getMask(bufLen);
|
|
40
|
-
}
|
|
41
|
-
return r;
|
|
42
|
-
};
|
|
43
|
-
};
|
|
44
27
|
// Same as bitsCoder.decode, but maybe spec will change and unify with base2bBE.
|
|
45
|
-
const
|
|
46
|
-
const mask = getMask(
|
|
28
|
+
const base2b = (outLen, b) => {
|
|
29
|
+
const mask = getMask(b);
|
|
47
30
|
return (bytes) => {
|
|
48
|
-
const
|
|
49
|
-
for (let
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
31
|
+
const baseB = new Uint32Array(outLen);
|
|
32
|
+
for (let out = 0, pos = 0, bits = 0, total = 0; out < outLen; out++) {
|
|
33
|
+
while (bits < b) {
|
|
34
|
+
total = (total << 8) | bytes[pos++];
|
|
35
|
+
bits += 8;
|
|
36
|
+
}
|
|
37
|
+
bits -= b;
|
|
38
|
+
baseB[out] = (total >>> bits) & mask;
|
|
54
39
|
}
|
|
55
|
-
return
|
|
40
|
+
return baseB;
|
|
56
41
|
};
|
|
57
42
|
};
|
|
58
43
|
function getMaskBig(bits) {
|
|
@@ -121,9 +106,9 @@ function gen(opts, hashOpts) {
|
|
|
121
106
|
}
|
|
122
107
|
return addr;
|
|
123
108
|
};
|
|
124
|
-
const chainCoder =
|
|
109
|
+
const chainCoder = base2b(WOTS_LEN2, WOTS_LOGW);
|
|
125
110
|
const chainLengths = (msg) => {
|
|
126
|
-
const W1 =
|
|
111
|
+
const W1 = base2b(WOTS_LEN1, WOTS_LOGW)(msg);
|
|
127
112
|
let csum = 0;
|
|
128
113
|
for (let i = 0; i < W1.length; i++)
|
|
129
114
|
csum += W - 1 - W1[i]; // ▷ Compute checksum
|
|
@@ -136,9 +121,7 @@ function gen(opts, hashOpts) {
|
|
|
136
121
|
lengths.set(W2, W1.length);
|
|
137
122
|
return lengths;
|
|
138
123
|
};
|
|
139
|
-
|
|
140
|
-
const msgCoder = base_2bLE(K, A);
|
|
141
|
-
const messageToIndices = (msg) => msgCoder(msg);
|
|
124
|
+
const messageToIndices = base2b(K, A);
|
|
142
125
|
const TREE_BITS = TREE_HEIGHT * (D - 1);
|
|
143
126
|
const LEAF_BITS = TREE_HEIGHT;
|
|
144
127
|
const hashMsgCoder = splitCoder(Math.ceil((A * K) / 8), Math.ceil(TREE_BITS / 8), Math.ceil(TREE_HEIGHT / 8));
|
|
@@ -395,13 +378,12 @@ function gen(opts, hashOpts) {
|
|
|
395
378
|
},
|
|
396
379
|
};
|
|
397
380
|
}
|
|
398
|
-
const genShake = (
|
|
399
|
-
const ADDR_BYTES = 32;
|
|
381
|
+
const genShake = () => (opts) => (pubSeed, skSeed) => {
|
|
400
382
|
const { N } = opts;
|
|
401
383
|
const stats = { prf: 0, thash: 0, hmsg: 0, gen_message_random: 0 };
|
|
402
384
|
const h0 = shake256.create({}).update(pubSeed);
|
|
403
385
|
const h0tmp = h0.clone();
|
|
404
|
-
const
|
|
386
|
+
const thash = (blocks, input, addr) => {
|
|
405
387
|
stats.thash++;
|
|
406
388
|
return h0
|
|
407
389
|
._cloneInto(h0tmp)
|
|
@@ -409,26 +391,13 @@ const genShake = (robust) => (opts) => (pubSeed, skSeed) => {
|
|
|
409
391
|
.update(input.subarray(0, blocks * N))
|
|
410
392
|
.xof(N);
|
|
411
393
|
};
|
|
412
|
-
const thash_robust = (blocks, input, addr) => {
|
|
413
|
-
stats.thash++;
|
|
414
|
-
const buf = new Uint8Array(ADDR_BYTES + (blocks + 1) * N);
|
|
415
|
-
buf.subarray(0, N).set(pubSeed);
|
|
416
|
-
buf.subarray(N, N + ADDR_BYTES).set(addr);
|
|
417
|
-
shake256
|
|
418
|
-
.create({})
|
|
419
|
-
.update(buf.subarray(0, N + ADDR_BYTES))
|
|
420
|
-
.xofInto(buf.subarray(N + ADDR_BYTES));
|
|
421
|
-
for (let i = 0; i < blocks * N; i++)
|
|
422
|
-
buf[N + ADDR_BYTES + i] ^= input[i];
|
|
423
|
-
return shake256.create({}).update(buf).xof(N);
|
|
424
|
-
};
|
|
425
|
-
const thash = robust ? thash_robust : thash_simple;
|
|
426
394
|
return {
|
|
427
395
|
PRFaddr: (addr) => {
|
|
428
396
|
if (!skSeed)
|
|
429
397
|
throw new Error('no sk seed');
|
|
430
398
|
stats.prf++;
|
|
431
|
-
|
|
399
|
+
const res = h0._cloneInto(h0tmp).update(addr).update(skSeed).xof(N);
|
|
400
|
+
return res;
|
|
432
401
|
},
|
|
433
402
|
PRFmsg: (skPRF, random, msg) => {
|
|
434
403
|
stats.gen_message_random++;
|
|
@@ -447,20 +416,7 @@ const genShake = (robust) => (opts) => (pubSeed, skSeed) => {
|
|
|
447
416
|
},
|
|
448
417
|
};
|
|
449
418
|
};
|
|
450
|
-
const SHAKE_SIMPLE = { getContext: genShake(
|
|
451
|
-
const SHAKE_ROBUST = { getContext: genShake(true) };
|
|
452
|
-
export const sphincs_shake_128f_simple = /* @__PURE__ */ gen(PARAMS['128f'], SHAKE_SIMPLE);
|
|
453
|
-
export const sphincs_shake_128f_robust = /* @__PURE__ */ gen(PARAMS['128f'], SHAKE_ROBUST);
|
|
454
|
-
export const sphincs_shake_128s_simple = /* @__PURE__ */ gen(PARAMS['128s'], SHAKE_SIMPLE);
|
|
455
|
-
export const sphincs_shake_128s_robust = /* @__PURE__ */ gen(PARAMS['128s'], SHAKE_ROBUST);
|
|
456
|
-
export const sphincs_shake_192f_simple = /* @__PURE__ */ gen(PARAMS['192f'], SHAKE_SIMPLE);
|
|
457
|
-
export const sphincs_shake_192f_robust = /* @__PURE__ */ gen(PARAMS['192f'], SHAKE_ROBUST);
|
|
458
|
-
export const sphincs_shake_192s_simple = /* @__PURE__ */ gen(PARAMS['192s'], SHAKE_SIMPLE);
|
|
459
|
-
export const sphincs_shake_192s_robust = /* @__PURE__ */ gen(PARAMS['192s'], SHAKE_ROBUST);
|
|
460
|
-
export const sphincs_shake_256f_simple = /* @__PURE__ */ gen(PARAMS['256f'], SHAKE_SIMPLE);
|
|
461
|
-
export const sphincs_shake_256f_robust = /* @__PURE__ */ gen(PARAMS['256f'], SHAKE_ROBUST);
|
|
462
|
-
export const sphincs_shake_256s_simple = /* @__PURE__ */ gen(PARAMS['256s'], SHAKE_SIMPLE);
|
|
463
|
-
export const sphincs_shake_256s_robust = /* @__PURE__ */ gen(PARAMS['256s'], SHAKE_ROBUST);
|
|
419
|
+
const SHAKE_SIMPLE = { getContext: genShake() };
|
|
464
420
|
// Only simple mode in SLH-DSA
|
|
465
421
|
export const slh_dsa_shake_128f = /* @__PURE__ */ gen(PARAMS['128f'], SHAKE_SIMPLE);
|
|
466
422
|
export const slh_dsa_shake_128s = /* @__PURE__ */ gen(PARAMS['128s'], SHAKE_SIMPLE);
|
|
@@ -468,7 +424,7 @@ export const slh_dsa_shake_192f = /* @__PURE__ */ gen(PARAMS['192f'], SHAKE_SIMP
|
|
|
468
424
|
export const slh_dsa_shake_192s = /* @__PURE__ */ gen(PARAMS['192s'], SHAKE_SIMPLE);
|
|
469
425
|
export const slh_dsa_shake_256f = /* @__PURE__ */ gen(PARAMS['256f'], SHAKE_SIMPLE);
|
|
470
426
|
export const slh_dsa_shake_256s = /* @__PURE__ */ gen(PARAMS['256s'], SHAKE_SIMPLE);
|
|
471
|
-
const genSha = (h0, h1
|
|
427
|
+
const genSha = (h0, h1) => (opts) => (pub_seed, sk_seed) => {
|
|
472
428
|
const { N } = opts;
|
|
473
429
|
/*
|
|
474
430
|
Perf debug stats, how much hashes we call?
|
|
@@ -502,7 +458,7 @@ const genSha = (h0, h1, robust) => (opts) => (pub_seed, sk_seed) => {
|
|
|
502
458
|
out.subarray(length).fill(0);
|
|
503
459
|
return out.subarray(0, length);
|
|
504
460
|
}
|
|
505
|
-
const
|
|
461
|
+
const thash = (_, h, hTmp) => (blocks, input, addr) => {
|
|
506
462
|
stats.thash++;
|
|
507
463
|
const d = h
|
|
508
464
|
._cloneInto(hTmp)
|
|
@@ -511,38 +467,18 @@ const genSha = (h0, h1, robust) => (opts) => (pub_seed, sk_seed) => {
|
|
|
511
467
|
.digest();
|
|
512
468
|
return d.subarray(0, N);
|
|
513
469
|
};
|
|
514
|
-
const thash_robust = (sha, h, _) => (blocks, input, addr) => {
|
|
515
|
-
stats.thash++;
|
|
516
|
-
stats.mgf1++;
|
|
517
|
-
// inlined mgf1
|
|
518
|
-
const addr8 = addr;
|
|
519
|
-
const hh = sha.create().update(pub_seed).update(addr8);
|
|
520
|
-
let bitmask = new Uint8Array(Math.ceil((blocks * N) / sha.outputLen) * sha.outputLen);
|
|
521
|
-
for (let counter = 0, o = bitmask; o.length; counter++) {
|
|
522
|
-
counterV.setUint32(0, counter, false);
|
|
523
|
-
hh.clone().update(counterB).digestInto(o);
|
|
524
|
-
o = o.subarray(sha.outputLen);
|
|
525
|
-
}
|
|
526
|
-
bitmask = bitmask.subarray(0, blocks * N);
|
|
527
|
-
const ou32 = u32(input);
|
|
528
|
-
const bm32 = u32(bitmask);
|
|
529
|
-
for (let i = 0; i < bm32.length; i++)
|
|
530
|
-
bm32[i] ^= ou32[i];
|
|
531
|
-
const d = h.clone().update(addr8).update(bitmask).digest();
|
|
532
|
-
return d.subarray(0, N);
|
|
533
|
-
};
|
|
534
|
-
const thash = robust ? thash_robust : thash_simple;
|
|
535
470
|
return {
|
|
536
471
|
PRFaddr: (addr) => {
|
|
537
472
|
if (!sk_seed)
|
|
538
473
|
throw new Error('No sk seed');
|
|
539
474
|
stats.prf++;
|
|
540
|
-
|
|
475
|
+
const res = h0ps
|
|
541
476
|
._cloneInto(h0tmp)
|
|
542
477
|
.update(addr)
|
|
543
478
|
.update(sk_seed)
|
|
544
479
|
.digest()
|
|
545
480
|
.subarray(0, N);
|
|
481
|
+
return res;
|
|
546
482
|
},
|
|
547
483
|
PRFmsg: (skPRF, random, msg) => {
|
|
548
484
|
stats.gen_message_random++;
|
|
@@ -566,32 +502,12 @@ const genSha = (h0, h1, robust) => (opts) => (pub_seed, sk_seed) => {
|
|
|
566
502
|
};
|
|
567
503
|
const SHA256_SIMPLE = {
|
|
568
504
|
isCompressed: true,
|
|
569
|
-
getContext: genSha(sha256, sha256
|
|
570
|
-
};
|
|
571
|
-
const SHA256_ROBUST = {
|
|
572
|
-
isCompressed: true,
|
|
573
|
-
getContext: genSha(sha256, sha256, true),
|
|
505
|
+
getContext: genSha(sha256, sha256),
|
|
574
506
|
};
|
|
575
507
|
const SHA512_SIMPLE = {
|
|
576
508
|
isCompressed: true,
|
|
577
|
-
getContext: genSha(sha256, sha512
|
|
578
|
-
};
|
|
579
|
-
const SHA512_ROBUST = {
|
|
580
|
-
isCompressed: true,
|
|
581
|
-
getContext: genSha(sha256, sha512, true),
|
|
509
|
+
getContext: genSha(sha256, sha512),
|
|
582
510
|
};
|
|
583
|
-
export const sphincs_sha2_128f_simple = /* @__PURE__ */ gen(PARAMS['128f'], SHA256_SIMPLE);
|
|
584
|
-
export const sphincs_sha2_128f_robust = /* @__PURE__ */ gen(PARAMS['128f'], SHA256_ROBUST);
|
|
585
|
-
export const sphincs_sha2_128s_simple = /* @__PURE__ */ gen(PARAMS['128s'], SHA256_SIMPLE);
|
|
586
|
-
export const sphincs_sha2_128s_robust = /* @__PURE__ */ gen(PARAMS['128s'], SHA256_ROBUST);
|
|
587
|
-
export const sphincs_sha2_192f_simple = /* @__PURE__ */ gen(PARAMS['192f'], SHA512_SIMPLE);
|
|
588
|
-
export const sphincs_sha2_192f_robust = /* @__PURE__ */ gen(PARAMS['192f'], SHA512_ROBUST);
|
|
589
|
-
export const sphincs_sha2_192s_simple = /* @__PURE__ */ gen(PARAMS['192s'], SHA512_SIMPLE);
|
|
590
|
-
export const sphincs_sha2_192s_robust = /* @__PURE__ */ gen(PARAMS['192s'], SHA512_ROBUST);
|
|
591
|
-
export const sphincs_sha2_256f_simple = /* @__PURE__ */ gen(PARAMS['256f'], SHA512_SIMPLE);
|
|
592
|
-
export const sphincs_sha2_256f_robust = /* @__PURE__ */ gen(PARAMS['256f'], SHA512_ROBUST);
|
|
593
|
-
export const sphincs_sha2_256s_simple = /* @__PURE__ */ gen(PARAMS['256s'], SHA512_SIMPLE);
|
|
594
|
-
export const sphincs_sha2_256s_robust = /* @__PURE__ */ gen(PARAMS['256s'], SHA512_ROBUST);
|
|
595
511
|
// Only simple mode in SLH-DSA
|
|
596
512
|
export const slh_dsa_sha2_128f = /* @__PURE__ */ gen(PARAMS['128f'], SHA256_SIMPLE);
|
|
597
513
|
export const slh_dsa_sha2_128s = /* @__PURE__ */ gen(PARAMS['128s'], SHA256_SIMPLE);
|