npm - @noble/post-quantum - Versions diffs - 0.1.0 - Mend

@noble/post-quantum 0.1.0

Files changed (47) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+Copyright (c) 2024 Paul Miller (https://paulmillr.com)
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the “Software”), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,300 @@
+# noble-post-quantum
+Auditable & minimal JS implementation of public-key post-quantum cryptography.
+- 🔒 Auditable
+- 🔻 Tree-shaking-friendly: use only what's necessary, other code won't be included
+- 🦾 ML-KEM & CRYSTALS-Kyber: lattice-based kem
+- 🔋 ML-DSA & CRYSTALS-Dilithium: lattice-based signatures
+- 🐈 SLH-DSA & SPHINCS+: hash-based signatures
+- 📄 FIPS-203, FIPS-204, FIPS-205 drafts
+- 🪶 2000 lines for all algorithms
+Check out [What should I use](#what-should-i-use) section for benchmarks
+and algorithm selection guidance. For discussions, questions and support, visit
+[GitHub Discussions](https://github.com/paulmillr/noble-post-quantum/discussions)
+section of the repository.
+### This library belongs to _noble_ cryptography
+> **noble cryptography** — high-security, easily auditable set of contained cryptographic libraries and tools.
+- Zero or minimal dependencies
+- Highly readable TypeScript / JS code
+- PGP-signed releases and transparent NPM builds
+- All libraries:
+  [ciphers](https://github.com/paulmillr/noble-ciphers),
+  [curves](https://github.com/paulmillr/noble-curves),
+  [hashes](https://github.com/paulmillr/noble-hashes),
+  [post-quantum](https://github.com/paulmillr/noble-post-quantum),
+  4kb [secp256k1](https://github.com/paulmillr/noble-secp256k1) /
+  [ed25519](https://github.com/paulmillr/noble-ed25519)
+- [Check out homepage](https://paulmillr.com/noble/)
+  for reading resources, documentation and apps built with noble
+## Usage
+> npm install @noble/post-quantum
+We support all major platforms and runtimes.
+For [Deno](https://deno.land), ensure to use
+[npm specifier](https://deno.land/manual@v1.28.0/node/npm_specifiers).
+For React Native, you may need a
+[polyfill for getRandomValues](https://github.com/LinusU/react-native-get-random-values).
+A standalone file
+[noble-post-quantum.js](https://github.com/paulmillr/noble-post-quantum/releases) is also available.
+```js
+// import * from '@noble/post-quantum'; // Error: use sub-imports, to ensure small app size
+import { ml_kem768, kyber768 } from '@noble/post-quantum/ml-kem';
+// import { ml_kem768, kyber768 } from 'npm:@noble/post-quantum@0.1.0/ml-kem'; // Deno
+```
+- [What should I use?](#what-should-i-use)
+- [ML-KEM / Kyber](#ml-kem--kyber-shared-secrets)
+- [ML-DSA / Dilithium](#ml-dsa--dilithium-signatures)
+- [SLH-DSA / SPHINCS+](#slh-dsa--sphincs-signatures)
+- [Security](#security)
+- [Speed](#speed)
+- [Contributing & testing](#contributing--testing)
+- [Resources](#resources)
+- [License](#license)
+### What should I use?
+|           | Speed  | Key size    | Sig size    | Created in | Popularized in | Post-quantum? |
+|-----------|--------|-------------|-------------|------------|----------------|---------------|
+| RSA       | Normal | 256B - 2KB  | 256B - 2KB  | 1970s      | 1990s          | No            |
+| ECC       | Normal | 32 - 256B   | 48 - 128B   | 1980s      | 2010s          | No            |
+| Kyber     | Fast   | 1.6 - 31KB  | 1KB         | 1990s      | 2020s          | Yes           |
+| Dilithium | Normal | 1.3 - 2.5KB | 2.5 - 4.5KB | 1990s      | 2020s          | Yes           |
+| SPHINCS   | Slow   | 32 - 128B   | 17 - 50KB   | 1970s      | 2020s          | Yes           |
+Speed (higher is better):
+| OPs/sec      | Keygen | Signing | Verification | Shared secret |
+|--------------|--------|---------|--------------|---------------|
+| ECC ed25519  | 10270  | 5110    | 1050         | 1470          |
+| Kyber-512    | 3050   |         |              | 2090          |
+| Dilithium-2  | 580    | 170     | 550          |               |
+| SPHINCS-128f | 200    | 8       | 140          |               |
+tl;dr: ECC + ML-KEM for key agreement, SLH-DSA for pq signatures.
+It's recommended to use SPHINCS, which is built on
+top of older, conservative primitives.
+Kyber and Dilithium are lattice-based, so they're less "proven".
+There's some chance of advancement, which will break this algorithm class.
+FIPS wants to release final standards in 2024.
+Until then, they provide no test vectors, meaning
+implementations could be producing invalid output.
+Moreover, if you'll use non-FIPS versions, or even FIPS
+versions today, it's possible the final spec will be
+incompatible, and you'll be stuck with old implementations.
+Similar to what happened to Keccak and SHA-3.
+Symmetrical algorithms like AES and ChaCha (available in [noble-ciphers](https://github.com/paulmillr/noble-ciphers))
+suffer less from quantum computers. For AES, simply update from AES-128 to AES-256.
+### ML-KEM / Kyber shared secrets
+```ts
+import { ml_kem512, ml_kem768, ml_kem1024 } from '@noble/post-quantum/ml-kem';
+// import { kyber512, kyber768, kyber1024 } from '@noble/post-quantum/ml-kem';
+// import { kyber512_90s, kyber768_90s, kyber1024_90s } from '@noble/post-quantum/ml-kem';
+const aliceKeys = ml_kem768.keygen();
+const alicePub = aliceKeys.publicKey;
+const { cipherText, sharedSecret: bobShared } = ml_kem768.encapsulate(alicePub);
+const aliceShared = ml_kem768.decapsulate(cipherText, aliceKeys.secretKey); // [Alice] decrypts sharedSecret from Bob
+// aliceShared == bobShared
+```
+Lattice-based key encapsulation mechanism.
+See [official site](https://www.pq-crystals.org/kyber/resources.shtml),
+[repo](https://github.com/pq-crystals/kyber),
+[spec](https://datatracker.ietf.org/doc/draft-cfrg-schwabe-kyber/).
+Key encapsulation is similar to DH / ECDH (think X25519), with important differences:
+- We can't verify if it was "Bob" who've sent the shared secret.
+  In ECDH, it's always verified
+- It is probabalistic and relies on quality of randomness (CSPRNG).
+  ECDH doesn't (to this extent).
+- Kyber decapsulation never throws an error, even when shared secret was
+  encrypted by a different public key. It will just return a different
+  shared secret
+There are some concerns with regards to security: see
+[djb blog](https://blog.cr.yp.to/20231003-countcorrectly.html) and
+[mailing list](https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/W2VOzy0wz_E).
+Three versions are provided:
+1. Kyber
+2. Kyber-90s, using algorithms from 1990s
+3. ML-KEM aka [FIPS-203](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.ipd.pdf)
+```ts
+// Alice generates keys
+const aliceKeys = kyber1024.keygen(); // [Alice] generates key pair (secret and public key)
+const alicePub = aliceKeys.publicKey; // [Alice] sends public key to Bob (somehow)
+// aliceKeys.secretKey never leaves [Alice] system and unknown to other parties
+// Bob creates cipherText for Alice
+// [Bob] generates shared secret for Alice publicKey
+const { cipherText, sharedSecret: bobShared } = kyber1024.encapsulate(alicePub);
+// bobShared never leaves [Bob] system and unknown to other parties
+// Alice gets cipherText from Bob
+// [Alice] decrypts sharedSecret from Bob
+const aliceShared = kyber1024.decapsulate(cipherText, aliceKeys.secretKey);
+// Now, both Alice and Both have same sharedSecret key without exchanging in plainText
+deepStrictEqual(aliceShared, bobShared);
+// Warning: Can be MITM-ed
+const carolKeys = kyber1024.keygen();
+const carolShared = kyber1024.decapsulate(cipherText, carolKeys.secretKey); // No error!
+notDeepStrictEqual(aliceShared, carolShared); // Different key!
+```
+### ML-DSA / Dilithium signatures
+```ts
+import { ml_dsa44, ml_dsa65, ml_dsa87 } from '@noble/post-quantum/ml-dsa';
+// import { dilithium_v30, dilithium_v31 } from '@noble/post-quantum/ml-dsa';
+// import { dilithium_v30_aes, dilithium_v31_aes } from '@noble/post-quantum/ml-dsa';
+const aliceKeys = ml_dsa65.keygen();
+const msg = new Uint8Array(1);
+const sig = ml_dsa65.sign(aliceKeys.secretKey, msg);
+const isValid = ml_dsa65.verify(aliceKeys.publicKey, msg, sig)
+```
+Lattice-based digital signature algorithm. See
+[official site](https://www.pq-crystals.org/dilithium/index.shtml),
+[repo](https://github.com/pq-crystals/dilithium).
+Dilithium has similar internals to Kyber, but their keys and params are different.
+Three versions are provided:
+1. Dilithium v3.0, v3.0 AES
+2. Dilithium v3.1, v3.1 AES
+3. ML-DSA aka [FIPS-204](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.ipd.pdf)
+### SLH-DSA / SPHINCS+ signatures
+```ts
+import { slh_dsa_sha2_128f as sph } from '@noble/post-quantum/slh-dsa';
+// import { sphincs_shake_128f_simple } from '@noble/post-quantum/slh-dsa';
+// import { sphincs_sha2_128f_simple } from '@noble/post-quantum/slh-dsa';
+// Full list of imports can be seen below in "FIPS-205" section details
+const aliceKeys = sph.keygen();
+const msg = new Uint8Array(1);
+const sig = sph.sign(aliceKeys.secretKey, msg);
+const isValid = sph.verify(aliceKeys.publicKey, msg, sig);
+```
+Hash-based digital signature algorithm. See [official site](https://sphincs.org).
+We implement spec v3.1 with latest FIPS-205 changes.
+It's compatible with the latest version in the [official repo](https://github.com/sphincs/sphincsplus).
+Some wasm libraries use older specs.
+Three versions are provided:
+1. SHAKE256-based
+2. SHA2-based
+3. SLH-DSA aka [FIPS-205](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.ipd.pdf)
+The pattern for exported name is:
+```
+sphincs_{HASH}_{BITS}{SIZE}_{KIND}
+where
+  HASH: shake | sha2
+  BITS: 128 | 192 | 256
+  SIZE: f | s (full, short)
+  KIND: simple | robust
+// Examples
+sphincs_shake_128f_simple
+sphincs_sha2_192s_robust
+```
+All imports:
+```ts
+import {
+  sphincs_shake_128f_simple,
+  sphincs_shake_128f_robust,
+  sphincs_shake_128s_simple,
+  sphincs_shake_128s_robust,
+  sphincs_shake_192f_simple,
+  sphincs_shake_192f_robust,
+  sphincs_shake_192s_simple,
+  sphincs_shake_192s_robust,
+  sphincs_shake_256f_simple,
+  sphincs_shake_256f_robust,
+  sphincs_shake_256s_simple,
+  sphincs_shake_256s_robust,
+} from '@noble/post-quantum/slh-dsa';
+import {
+  sphincs_sha2_128f_simple,
+  sphincs_sha2_128f_robust,
+  sphincs_sha2_128s_simple,
+  sphincs_sha2_128s_robust,
+  sphincs_sha2_192f_simple,
+  sphincs_sha2_192f_robust,
+  sphincs_sha2_192s_simple,
+  sphincs_sha2_192s_robust,
+  sphincs_sha2_256f_simple,
+  sphincs_sha2_256f_robust,
+  sphincs_sha2_256s_simple,
+  sphincs_sha2_256s_robust,
+} from '@noble/post-quantum/slh-dsa';
+import {
+  slh_dsa_sha2_128f,
+  slh_dsa_sha2_128s,
+  slh_dsa_sha2_192f,
+  slh_dsa_sha2_192s,
+  slh_dsa_sha2_256f,
+  slh_dsa_sha2_256s,
+} from '@noble/post-quantum/slh-dsa';
+```
+## Security
+The library has not been independently audited yet.
+If you see anything unusual: investigate and report.
+## Speed
+To summarize, noble is the fastest JS implementation of post-quantum algorithms.
+Check out [What should I use](#what-should-i-use) table for now.
+## Contributing & testing
+1. Clone the repository
+2. `npm install` to install build dependencies like TypeScript
+3. `npm run build` to compile TypeScript code
+4. `npm run test` will execute all main tests
+## Resources
+Check out [paulmillr.com/noble](https://paulmillr.com/noble/)
+for useful resources, articles, documentation and demos
+related to the library.
+## License
+The MIT License (MIT)
+Copyright (c) 2024 Paul Miller [(https://paulmillr.com)](https://paulmillr.com)
+See LICENSE file.

package/_crystals.d.ts ADDED Viewed

@@ -0,0 +1,34 @@
+import type { TypedArray } from '@noble/hashes/utils';
+import { BytesCoderLen, Coder } from './utils.js';
+export type XOF = (seed: Uint8Array, blockLen?: number) => {
+    stats: () => {
+        calls: number;
+        xofs: number;
+    };
+    get: (x: number, y: number) => () => Uint8Array;
+    clean: () => void;
+};
+export type CrystalOpts<T extends TypedArray> = {
+    newPoly: TypedCons<T>;
+    N: number;
+    Q: number;
+    F: number;
+    ROOT_OF_UNITY: number;
+    brvBits: number;
+    isKyber: boolean;
+};
+export type TypedCons<T extends TypedArray> = (n: number) => T;
+export declare const genCrystals: <T extends TypedArray>(opts: CrystalOpts<T>) => {
+    mod: (a: number, modulo?: number) => number;
+    smod: (a: number, modulo?: number) => number;
+    nttZetas: T;
+    NTT: {
+        encode: (r: T) => T;
+        decode: (r: T) => T;
+    };
+    bitsCoder: (d: number, c: Coder<number, number>) => BytesCoderLen<T>;
+};
+export declare const XOF128: XOF;
+export declare const XOF256: XOF;
+export declare const XOF_AES: XOF;
+//# sourceMappingURL=_crystals.d.ts.map

package/_crystals.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"_crystals.d.ts","sourceRoot":"","sources":["src/_crystals.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,KAAK,EAAW,MAAM,YAAY,CAAC;AAE3D,MAAM,MAAM,GAAG,GAAG,CAChB,IAAI,EAAE,UAAU,EAChB,QAAQ,CAAC,EAAE,MAAM,KACd;IACH,KAAK,EAAE,MAAM;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IAC7C,GAAG,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,KAAK,MAAM,UAAU,CAAC;IAChD,KAAK,EAAE,MAAM,IAAI,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,WAAW,CAAC,CAAC,SAAS,UAAU,IAAI;IAC9C,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,SAAS,CAAC,CAAC,SAAS,UAAU,IAAI,CAAC,CAAC,EAAE,MAAM,KAAK,CAAC,CAAC;AAU/D,eAAO,MAAM,WAAW;aAGN,MAAM,sBAAe,MAAM;cAK1B,MAAM,sBAAe,MAAM;;;;;;mBAsDtB,MAAM,KAAK,MAAM,MAAM,EAAE,MAAM,CAAC;CA2BvD,CAAC;AAuCF,eAAO,MAAM,MAAM,KAA2C,CAAC;AAC/D,eAAO,MAAM,MAAM,KAA2C,CAAC;AAgC/D,eAAO,MAAM,OAAO,KAAuC,CAAC"}

package/_crystals.js ADDED Viewed

@@ -0,0 +1,171 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.XOF_AES = exports.XOF256 = exports.XOF128 = exports.genCrystals = void 0;
+/*! noble-post-quantum - MIT License (c) 2024 Paul Miller (paulmillr.com) */
+const aes_1 = require("@noble/ciphers/aes");
+const sha3_1 = require("@noble/hashes/sha3");
+const utils_js_1 = require("./utils.js");
+// TODO: benchmark
+function bitReversal(n, bits = 8) {
+    const padded = n.toString(2).padStart(8, '0');
+    const sliced = padded.slice(-bits).padStart(7, '0');
+    const revrsd = sliced.split('').reverse().join('');
+    return Number.parseInt(revrsd, 2);
+}
+const genCrystals = (opts) => {
+    // isKyber: true means Kyber, false means Dilithium
+    const { newPoly, N, Q, F, ROOT_OF_UNITY, brvBits, isKyber } = opts;
+    const mod = (a, modulo = Q) => {
+        const result = a % modulo | 0;
+        return (result >= 0 ? result | 0 : (modulo + result) | 0) | 0;
+    };
+    // -(Q-1)/2 < a <= (Q-1)/2
+    const smod = (a, modulo = Q) => {
+        const r = mod(a, modulo) | 0;
+        return (r > modulo >> 1 ? (r - modulo) | 0 : r) | 0;
+    };
+    // Generate zettas
+    function getZettas() {
+        const out = newPoly(N);
+        for (let i = 0; i < N; i++) {
+            const b = bitReversal(i, brvBits);
+            const p = BigInt(ROOT_OF_UNITY) ** BigInt(b) % BigInt(Q);
+            out[i] = Number(p) | 0;
+        }
+        return out;
+    }
+    const nttZetas = getZettas();
+    // Number-Theoretic Transform
+    // Explained: https://electricdusk.com/ntt.html
+    // Kyber has slightly different params, since there is no 512th primitive root of unity mod q,
+    // only 256th primitive root of unity mod. Which also complicates MultiplyNTT.
+    // TODO: there should be less ugly way to define this.
+    const LEN1 = isKyber ? 128 : N;
+    const LEN2 = isKyber ? 1 : 0;
+    const NTT = {
+        encode: (r) => {
+            for (let k = 1, len = 128; len > LEN2; len >>= 1) {
+                for (let start = 0; start < N; start += 2 * len) {
+                    const zeta = nttZetas[k++];
+                    for (let j = start; j < start + len; j++) {
+                        const t = mod(zeta * r[j + len]);
+                        r[j + len] = mod(r[j] - t) | 0;
+                        r[j] = mod(r[j] + t) | 0;
+                    }
+                }
+            }
+            return r;
+        },
+        decode: (r) => {
+            for (let k = LEN1 - 1, len = 1 + LEN2; len < LEN1 + LEN2; len <<= 1) {
+                for (let start = 0; start < N; start += 2 * len) {
+                    const zeta = nttZetas[k--];
+                    for (let j = start; j < start + len; j++) {
+                        const t = r[j];
+                        r[j] = mod(t + r[j + len]);
+                        r[j + len] = mod(zeta * (r[j + len] - t));
+                    }
+                }
+            }
+            for (let i = 0; i < r.length; i++)
+                r[i] = mod(F * r[i]);
+            return r;
+        },
+    };
+    // Encode polynominal as bits
+    const bitsCoder = (d, c) => {
+        const mask = (0, utils_js_1.getMask)(d);
+        const bytesLen = d * (N / 8);
+        return {
+            bytesLen,
+            encode: (poly) => {
+                const r = new Uint8Array(bytesLen);
+                for (let i = 0, buf = 0, bufLen = 0, pos = 0; i < poly.length; i++) {
+                    buf |= (c.encode(poly[i]) & mask) << bufLen;
+                    bufLen += d;
+                    for (; bufLen >= 8; bufLen -= 8, buf >>= 8)
+                        r[pos++] = buf & (0, utils_js_1.getMask)(bufLen);
+                }
+                return r;
+            },
+            decode: (bytes) => {
+                const r = newPoly(N);
+                for (let i = 0, buf = 0, bufLen = 0, pos = 0; i < bytes.length; i++) {
+                    buf |= bytes[i] << bufLen;
+                    bufLen += 8;
+                    for (; bufLen >= d; bufLen -= d, buf >>= d)
+                        r[pos++] = c.decode(buf & mask);
+                }
+                return r;
+            },
+        };
+    };
+    return { mod, smod, nttZetas, NTT, bitsCoder };
+};
+exports.genCrystals = genCrystals;
+const createXofShake = (shake) => (seed, blockLen) => {
+    if (!blockLen)
+        blockLen = shake.blockLen;
+    // Optimizations that won't mater:
+    // - cached seed update (two .update(), on start and on the end)
+    // - another cache which cloned into working copy
+    // Faster than multiple updates, since seed less than blockLen
+    const _seed = new Uint8Array(seed.length + 2);
+    _seed.set(seed);
+    const seedLen = seed.length;
+    const buf = new Uint8Array(blockLen); // == shake128.blockLen
+    let h = shake.create({});
+    let calls = 0;
+    let xofs = 0;
+    return {
+        stats: () => ({ calls, xofs }),
+        get: (x, y) => {
+            _seed[seedLen + 0] = x;
+            _seed[seedLen + 1] = y;
+            h.destroy();
+            h = shake.create({}).update(_seed);
+            calls++;
+            return () => {
+                xofs++;
+                return h.xofInto(buf);
+            };
+        },
+        clean: () => {
+            h.destroy();
+            buf.fill(0);
+            _seed.fill(0);
+        },
+    };
+};
+exports.XOF128 = createXofShake(sha3_1.shake128);
+exports.XOF256 = createXofShake(sha3_1.shake256);
+const createXofAes = (aes) => (seed, blockLen) => {
+    if (!blockLen)
+        blockLen = 16 * 3; // 288
+    const nonce = new Uint8Array(16);
+    const xk = aes.expandKeyLE(seed.subarray(0, 32));
+    const block = new Uint8Array(blockLen);
+    const out = block.slice();
+    let calls = 0;
+    let xofs = 0;
+    return {
+        stats: () => ({ calls, xofs }),
+        get: (x, y) => {
+            nonce.fill(0); // clean counter
+            nonce[0] = x;
+            nonce[1] = y;
+            calls++;
+            return () => {
+                xofs++;
+                return aes.ctrCounter(xk, nonce, block, out);
+            };
+        },
+        clean: () => {
+            nonce.fill(0);
+            xk.fill(0);
+            out.fill(0);
+        },
+    };
+};
+exports.XOF_AES = createXofAes(aes_1.unsafe);
+//# sourceMappingURL=_crystals.js.map

package/_crystals.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"_crystals.js","sourceRoot":"","sources":["src/_crystals.ts"],"names":[],"mappings":";;;AAAA,4EAA4E;AAC5E,4CAA4C;AAC5C,6CAAwD;AAExD,yCAA2D;AAuB3D,kBAAkB;AAClB,SAAS,WAAW,CAAC,CAAS,EAAE,OAAe,CAAC;IAC9C,MAAM,MAAM,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACnD,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;AACpC,CAAC;AAEM,MAAM,WAAW,GAAG,CAAuB,IAAoB,EAAE,EAAE;IACxE,mDAAmD;IACnD,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,aAAa,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IACnE,MAAM,GAAG,GAAG,CAAC,CAAS,EAAE,MAAM,GAAG,CAAC,EAAU,EAAE;QAC5C,MAAM,MAAM,GAAG,CAAC,GAAG,MAAM,GAAG,CAAC,CAAC;QAC9B,OAAO,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;IAChE,CAAC,CAAC;IACF,0BAA0B;IAC1B,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,MAAM,GAAG,CAAC,EAAU,EAAE;QAC7C,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7B,OAAO,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACtD,CAAC,CAAC;IACF,kBAAkB;IAClB,SAAS,SAAS;QAChB,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3B,MAAM,CAAC,GAAG,WAAW,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;YAClC,MAAM,CAAC,GAAG,MAAM,CAAC,aAAa,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;YACzD,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,MAAM,QAAQ,GAAG,SAAS,EAAE,CAAC;IAE7B,6BAA6B;IAC7B,+CAA+C;IAE/C,8FAA8F;IAC9F,8EAA8E;IAC9E,sDAAsD;IACtD,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/B,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7B,MAAM,GAAG,GAAG;QACV,MAAM,EAAE,CAAC,CAAI,EAAE,EAAE;YACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,GAAG,GAAG,EAAE,GAAG,GAAG,IAAI,EAAE,GAAG,KAAK,CAAC,EAAE,CAAC;gBACjD,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,CAAC,EAAE,KAAK,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC;oBAChD,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC;oBAC3B,KAAK,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC,GAAG,KAAK,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;wBACzC,MAAM,CAAC,GAAG,GAAG,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;wBACjC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;wBAC/B,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;oBAC3B,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO,CAAC,CAAC;QACX,CAAC;QACD,MAAM,EAAE,CAAC,CAAI,EAAE,EAAE;YACf,KAAK,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,GAAG,IAAI,EAAE,GAAG,GAAG,IAAI,GAAG,IAAI,EAAE,GAAG,KAAK,CAAC,EAAE,CAAC;gBACpE,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,CAAC,EAAE,KAAK,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC;oBAChD,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC;oBAC3B,KAAK,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC,GAAG,KAAK,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;wBACzC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;wBACf,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;wBAC3B,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;oBAC5C,CAAC;gBACH,CAAC;YACH,CAAC;YACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;gBAAE,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACxD,OAAO,CAAC,CAAC;QACX,CAAC;KACF,CAAC;IACF,6BAA6B;IAC7B,MAAM,SAAS,GAAG,CAAC,CAAS,EAAE,CAAwB,EAAoB,EAAE;QAC1E,MAAM,IAAI,GAAG,IAAA,kBAAO,EAAC,CAAC,CAAC,CAAC;QACxB,MAAM,QAAQ,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC7B,OAAO;YACL,QAAQ;YACR,MAAM,EAAE,CAAC,IAAO,EAAc,EAAE;gBAC9B,MAAM,CAAC,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC;gBACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,MAAM,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBACnE,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,MAAM,CAAC;oBAC5C,MAAM,IAAI,CAAC,CAAC;oBACZ,OAAO,MAAM,IAAI,CAAC,EAAE,MAAM,IAAI,CAAC,EAAE,GAAG,KAAK,CAAC;wBAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,GAAG,GAAG,IAAA,kBAAO,EAAC,MAAM,CAAC,CAAC;gBAC/E,CAAC;gBACD,OAAO,CAAC,CAAC;YACX,CAAC;YACD,MAAM,EAAE,CAAC,KAAiB,EAAK,EAAE;gBAC/B,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;gBACrB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,MAAM,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBACpE,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC;oBAC1B,MAAM,IAAI,CAAC,CAAC;oBACZ,OAAO,MAAM,IAAI,CAAC,EAAE,MAAM,IAAI,CAAC,EAAE,GAAG,KAAK,CAAC;wBAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;gBAC9E,CAAC;gBACD,OAAO,CAAC,CAAC;YACX,CAAC;SACF,CAAC;IACJ,CAAC,CAAC;IAEF,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;AACjD,CAAC,CAAC;AAzFW,QAAA,WAAW,eAyFtB;AAEF,MAAM,cAAc,GAClB,CAAC,KAAsB,EAAO,EAAE,CAChC,CAAC,IAAgB,EAAE,QAAiB,EAAE,EAAE;IACtC,IAAI,CAAC,QAAQ;QAAE,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;IACzC,kCAAkC;IAClC,gEAAgE;IAChE,iDAAiD;IAEjD,8DAA8D;IAC9D,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC9C,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAChB,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC;IAC5B,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,uBAAuB;IAC7D,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IACzB,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,OAAO;QACL,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QAC9B,GAAG,EAAE,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE;YAC5B,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;YACvB,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;YACvB,CAAC,CAAC,OAAO,EAAE,CAAC;YACZ,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACnC,KAAK,EAAE,CAAC;YACR,OAAO,GAAG,EAAE;gBACV,IAAI,EAAE,CAAC;gBACP,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACxB,CAAC,CAAC;QACJ,CAAC;QACD,KAAK,EAAE,GAAG,EAAE;YACV,CAAC,CAAC,OAAO,EAAE,CAAC;YACZ,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACZ,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChB,CAAC;KACF,CAAC;AACJ,CAAC,CAAC;AAES,QAAA,MAAM,GAAmB,cAAc,CAAC,eAAQ,CAAC,CAAC;AAClD,QAAA,MAAM,GAAmB,cAAc,CAAC,eAAQ,CAAC,CAAC;AAE/D,MAAM,YAAY,GAChB,CAAC,GAAkB,EAAO,EAAE,CAC5B,CAAC,IAAgB,EAAE,QAAiB,EAAE,EAAE;IACtC,IAAI,CAAC,QAAQ;QAAE,QAAQ,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,MAAM;IACxC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IACjC,MAAM,EAAE,GAAG,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IACjD,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,EAAE,CAAC;IAC1B,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,OAAO;QACL,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QAC9B,GAAG,EAAE,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE;YAC5B,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB;YAC/B,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YACb,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YACb,KAAK,EAAE,CAAC;YACR,OAAO,GAAG,EAAE;gBACV,IAAI,EAAE,CAAC;gBACP,OAAO,GAAG,CAAC,UAAU,CAAC,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;YAC/C,CAAC,CAAC;QACJ,CAAC;QACD,KAAK,EAAE,GAAG,EAAE;YACV,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACd,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACX,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACd,CAAC;KACF,CAAC;AACJ,CAAC,CAAC;AAES,QAAA,OAAO,GAAmB,YAAY,CAAC,YAAM,CAAC,CAAC"}