aegis-aead 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +239 -64
- package/dist/aegis128l-bs.d.ts +162 -0
- package/dist/aegis128l-bs.d.ts.map +1 -0
- package/dist/aegis128l-bs.js +470 -0
- package/dist/aegis128l-bs.js.map +1 -0
- package/dist/aegis128l.d.ts +42 -5
- package/dist/aegis128l.d.ts.map +1 -1
- package/dist/aegis128l.js +79 -5
- package/dist/aegis128l.js.map +1 -1
- package/dist/aegis128x.d.ts +67 -12
- package/dist/aegis128x.d.ts.map +1 -1
- package/dist/aegis128x.js +102 -9
- package/dist/aegis128x.js.map +1 -1
- package/dist/aegis256-bs.d.ts +151 -0
- package/dist/aegis256-bs.d.ts.map +1 -0
- package/dist/aegis256-bs.js +398 -0
- package/dist/aegis256-bs.js.map +1 -0
- package/dist/aegis256.d.ts +42 -5
- package/dist/aegis256.d.ts.map +1 -1
- package/dist/aegis256.js +79 -5
- package/dist/aegis256.js.map +1 -1
- package/dist/aegis256x.d.ts +67 -12
- package/dist/aegis256x.d.ts.map +1 -1
- package/dist/aegis256x.js +102 -9
- package/dist/aegis256x.js.map +1 -1
- package/dist/aes-bs.d.ts +71 -0
- package/dist/aes-bs.d.ts.map +1 -0
- package/dist/aes-bs.js +399 -0
- package/dist/aes-bs.js.map +1 -0
- package/dist/index.d.ts +6 -4
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +6 -4
- package/dist/index.js.map +1 -1
- package/dist/random.d.ts +22 -0
- package/dist/random.d.ts.map +1 -0
- package/dist/random.js +36 -0
- package/dist/random.js.map +1 -0
- package/package.json +1 -1
- package/src/aegis128l-bs.ts +602 -0
- package/src/aegis128l.ts +112 -5
- package/src/aegis128x.ts +174 -15
- package/src/aegis256-bs.ts +518 -0
- package/src/aegis256.ts +112 -5
- package/src/aegis256x.ts +174 -15
- package/src/aes-bs.ts +459 -0
- package/src/index.ts +66 -0
- package/src/random.ts +41 -0
|
@@ -0,0 +1,151 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Bitsliced AEGIS-256 implementation.
|
|
3
|
+
* Provides constant-time operation by processing state blocks simultaneously.
|
|
4
|
+
*/
|
|
5
|
+
/**
|
|
6
|
+
* Bitsliced AEGIS-256 cipher state.
|
|
7
|
+
* Uses 6 AES blocks (96 bytes) stored in bitsliced form.
|
|
8
|
+
*/
|
|
9
|
+
export declare class Aegis256BsState {
|
|
10
|
+
private st;
|
|
11
|
+
private st1;
|
|
12
|
+
private tmp;
|
|
13
|
+
constructor();
|
|
14
|
+
/**
|
|
15
|
+
* AEGIS round function: applies AES round to all blocks and rotates.
|
|
16
|
+
* st[i] = AES(st[i]) ^ st[(i+5) mod 6]
|
|
17
|
+
*/
|
|
18
|
+
private aegisRound;
|
|
19
|
+
/**
|
|
20
|
+
* Absorb rate: XOR message block into state position 0.
|
|
21
|
+
*/
|
|
22
|
+
private absorbRate;
|
|
23
|
+
/**
|
|
24
|
+
* Update state with a message block.
|
|
25
|
+
*/
|
|
26
|
+
private update;
|
|
27
|
+
/**
|
|
28
|
+
* Initializes the state with a key and nonce.
|
|
29
|
+
* @param key - 32-byte encryption key
|
|
30
|
+
* @param nonce - 32-byte nonce (must be unique per message)
|
|
31
|
+
*/
|
|
32
|
+
init(key: Uint8Array, nonce: Uint8Array): void;
|
|
33
|
+
/**
|
|
34
|
+
* Absorbs a 16-byte associated data block into the state.
|
|
35
|
+
* @param ai - 16-byte associated data block
|
|
36
|
+
*/
|
|
37
|
+
absorb(ai: Uint8Array): void;
|
|
38
|
+
/**
|
|
39
|
+
* Encrypts a 16-byte plaintext block and writes to output buffer.
|
|
40
|
+
* @param xi - 16-byte plaintext block
|
|
41
|
+
* @param out - 16-byte output buffer
|
|
42
|
+
*/
|
|
43
|
+
encTo(xi: Uint8Array, out: Uint8Array): void;
|
|
44
|
+
/**
|
|
45
|
+
* Encrypts a 16-byte plaintext block.
|
|
46
|
+
* @param xi - 16-byte plaintext block
|
|
47
|
+
* @returns 16-byte ciphertext block
|
|
48
|
+
*/
|
|
49
|
+
enc(xi: Uint8Array): Uint8Array;
|
|
50
|
+
/**
|
|
51
|
+
* Decrypts a 16-byte ciphertext block and writes to output buffer.
|
|
52
|
+
* @param ci - 16-byte ciphertext block
|
|
53
|
+
* @param out - 16-byte output buffer
|
|
54
|
+
*/
|
|
55
|
+
decTo(ci: Uint8Array, out: Uint8Array): void;
|
|
56
|
+
/**
|
|
57
|
+
* Decrypts a 16-byte ciphertext block.
|
|
58
|
+
* @param ci - 16-byte ciphertext block
|
|
59
|
+
* @returns 16-byte plaintext block
|
|
60
|
+
*/
|
|
61
|
+
dec(ci: Uint8Array): Uint8Array;
|
|
62
|
+
/**
|
|
63
|
+
* Decrypts a partial (final) ciphertext block smaller than 16 bytes.
|
|
64
|
+
* @param cn - Partial ciphertext block (1-15 bytes)
|
|
65
|
+
* @returns Decrypted plaintext of the same length
|
|
66
|
+
*/
|
|
67
|
+
decPartial(cn: Uint8Array): Uint8Array;
|
|
68
|
+
/**
|
|
69
|
+
* Finalizes encryption/decryption and produces an authentication tag.
|
|
70
|
+
* @param adLen - Associated data length in bytes
|
|
71
|
+
* @param msgLen - Message length in bytes
|
|
72
|
+
* @param tagLen - Tag length (16 or 32 bytes)
|
|
73
|
+
* @returns Authentication tag
|
|
74
|
+
*/
|
|
75
|
+
finalize(adLen: number, msgLen: number, tagLen?: 16 | 32): Uint8Array;
|
|
76
|
+
}
|
|
77
|
+
/**
|
|
78
|
+
* Encrypts a message using bitsliced AEGIS-256 (detached mode).
|
|
79
|
+
* @param msg - Plaintext message
|
|
80
|
+
* @param ad - Associated data (authenticated but not encrypted)
|
|
81
|
+
* @param key - 32-byte encryption key
|
|
82
|
+
* @param nonce - 32-byte nonce (must be unique per message with the same key)
|
|
83
|
+
* @param tagLen - Authentication tag length: 16 or 32 bytes (default: 16)
|
|
84
|
+
* @returns Object containing ciphertext and authentication tag separately
|
|
85
|
+
*/
|
|
86
|
+
export declare function aegis256BsEncryptDetached(msg: Uint8Array, ad: Uint8Array, key: Uint8Array, nonce: Uint8Array, tagLen?: 16 | 32): {
|
|
87
|
+
ciphertext: Uint8Array;
|
|
88
|
+
tag: Uint8Array;
|
|
89
|
+
};
|
|
90
|
+
/**
|
|
91
|
+
* Decrypts a message using bitsliced AEGIS-256 (detached mode).
|
|
92
|
+
* @param ct - Ciphertext
|
|
93
|
+
* @param tag - Authentication tag (16 or 32 bytes)
|
|
94
|
+
* @param ad - Associated data (must match what was used during encryption)
|
|
95
|
+
* @param key - 32-byte encryption key
|
|
96
|
+
* @param nonce - 32-byte nonce (must match what was used during encryption)
|
|
97
|
+
* @returns Decrypted plaintext, or null if authentication fails
|
|
98
|
+
*/
|
|
99
|
+
export declare function aegis256BsDecryptDetached(ct: Uint8Array, tag: Uint8Array, ad: Uint8Array, key: Uint8Array, nonce: Uint8Array): Uint8Array | null;
|
|
100
|
+
export declare const AEGIS_256_BS_NONCE_SIZE = 32;
|
|
101
|
+
export declare const AEGIS_256_BS_KEY_SIZE = 32;
|
|
102
|
+
/**
|
|
103
|
+
* Encrypts a message using bitsliced AEGIS-256.
|
|
104
|
+
* Returns a single buffer containing nonce || ciphertext || tag.
|
|
105
|
+
* @param msg - Plaintext message
|
|
106
|
+
* @param ad - Associated data (authenticated but not encrypted)
|
|
107
|
+
* @param key - 32-byte encryption key
|
|
108
|
+
* @param nonce - 32-byte nonce (optional, generates random nonce if not provided)
|
|
109
|
+
* @param tagLen - Authentication tag length: 16 or 32 bytes (default: 16)
|
|
110
|
+
* @returns Concatenated nonce || ciphertext || tag
|
|
111
|
+
*/
|
|
112
|
+
export declare function aegis256BsEncrypt(msg: Uint8Array, ad: Uint8Array, key: Uint8Array, nonce?: Uint8Array | null, tagLen?: 16 | 32): Uint8Array;
|
|
113
|
+
/**
|
|
114
|
+
* Decrypts a message using bitsliced AEGIS-256.
|
|
115
|
+
* Expects input as nonce || ciphertext || tag.
|
|
116
|
+
* @param sealed - Concatenated nonce || ciphertext || tag
|
|
117
|
+
* @param ad - Associated data (must match what was used during encryption)
|
|
118
|
+
* @param key - 32-byte encryption key
|
|
119
|
+
* @param tagLen - Authentication tag length: 16 or 32 bytes (default: 16)
|
|
120
|
+
* @returns Decrypted plaintext, or null if authentication fails
|
|
121
|
+
*/
|
|
122
|
+
export declare function aegis256BsDecrypt(sealed: Uint8Array, ad: Uint8Array, key: Uint8Array, tagLen?: 16 | 32): Uint8Array | null;
|
|
123
|
+
/**
|
|
124
|
+
* Computes a MAC (Message Authentication Code) using bitsliced AEGIS-256.
|
|
125
|
+
* @param data - Data to authenticate
|
|
126
|
+
* @param key - 32-byte key
|
|
127
|
+
* @param nonce - 32-byte nonce (optional, uses zero nonce if null)
|
|
128
|
+
* @param tagLen - Tag length: 16 or 32 bytes (default: 16)
|
|
129
|
+
* @returns Authentication tag
|
|
130
|
+
*/
|
|
131
|
+
export declare function aegis256BsMac(data: Uint8Array, key: Uint8Array, nonce?: Uint8Array | null, tagLen?: 16 | 32): Uint8Array;
|
|
132
|
+
/**
|
|
133
|
+
* Verifies a MAC computed using bitsliced AEGIS-256.
|
|
134
|
+
* @param data - Data to verify
|
|
135
|
+
* @param tag - Expected authentication tag (16 or 32 bytes)
|
|
136
|
+
* @param key - 32-byte key
|
|
137
|
+
* @param nonce - 32-byte nonce (optional, uses zero nonce if null)
|
|
138
|
+
* @returns True if the tag is valid, false otherwise
|
|
139
|
+
*/
|
|
140
|
+
export declare function aegis256BsMacVerify(data: Uint8Array, tag: Uint8Array, key: Uint8Array, nonce?: Uint8Array | null): boolean;
|
|
141
|
+
/**
|
|
142
|
+
* Generates a random 32-byte key for bitsliced AEGIS-256.
|
|
143
|
+
* @returns 32-byte encryption key
|
|
144
|
+
*/
|
|
145
|
+
export declare function aegis256BsCreateKey(): Uint8Array;
|
|
146
|
+
/**
|
|
147
|
+
* Generates a random 32-byte nonce for bitsliced AEGIS-256.
|
|
148
|
+
* @returns 32-byte nonce
|
|
149
|
+
*/
|
|
150
|
+
export declare function aegis256BsCreateNonce(): Uint8Array;
|
|
151
|
+
//# sourceMappingURL=aegis256-bs.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"aegis256-bs.d.ts","sourceRoot":"","sources":["../src/aegis256-bs.ts"],"names":[],"mappings":"AAAA;;;GAGG;AA4BH;;;GAGG;AACH,qBAAa,eAAe;IAC3B,OAAO,CAAC,EAAE,CAAY;IACtB,OAAO,CAAC,GAAG,CAAY;IACvB,OAAO,CAAC,GAAG,CAAW;;IAQtB;;;OAGG;IACH,OAAO,CAAC,UAAU;IAkBlB;;OAEG;IACH,OAAO,CAAC,UAAU;IAQlB;;OAEG;IACH,OAAO,CAAC,MAAM;IAKd;;;;OAIG;IACH,IAAI,CAAC,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,UAAU,GAAG,IAAI;IAmC9C;;;OAGG;IACH,MAAM,CAAC,EAAE,EAAE,UAAU,GAAG,IAAI;IAM5B;;;;OAIG;IACH,KAAK,CAAC,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,GAAG,IAAI;IAuB5C;;;;OAIG;IACH,GAAG,CAAC,EAAE,EAAE,UAAU,GAAG,UAAU;IAM/B;;;;OAIG;IACH,KAAK,CAAC,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,GAAG,IAAI;IAoB5C;;;;OAIG;IACH,GAAG,CAAC,EAAE,EAAE,UAAU,GAAG,UAAU;IAM/B;;;;OAIG;IACH,UAAU,CAAC,EAAE,EAAE,UAAU,GAAG,UAAU;IA+BtC;;;;;;OAMG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAE,EAAE,GAAG,EAAO,GAAG,UAAU;CAkDzE;AAED;;;;;;;;GAQG;AACH,wBAAgB,yBAAyB,CACxC,GAAG,EAAE,UAAU,EACf,EAAE,EAAE,UAAU,EACd,GAAG,EAAE,UAAU,EACf,KAAK,EAAE,UAAU,EACjB,MAAM,GAAE,EAAE,GAAG,EAAO,GAClB;IAAE,UAAU,EAAE,UAAU,CAAC;IAAC,GAAG,EAAE,UAAU,CAAA;CAAE,CAyB7C;AAED;;;;;;;;GAQG;AACH,wBAAgB,yBAAyB,CACxC,EAAE,EAAE,UAAU,EACd,GAAG,EAAE,UAAU,EACf,EAAE,EAAE,UAAU,EACd,GAAG,EAAE,UAAU,EACf,KAAK,EAAE,UAAU,GACf,UAAU,GAAG,IAAI,CA6BnB;AAED,eAAO,MAAM,uBAAuB,KAAK,CAAC;AAC1C,eAAO,MAAM,qBAAqB,KAAK,CAAC;AAExC;;;;;;;;;GASG;AACH,wBAAgB,iBAAiB,CAChC,GAAG,EAAE,UAAU,EACf,EAAE,EAAE,UAAU,EACd,GAAG,EAAE,UAAU,EACf,KAAK,GAAE,UAAU,GAAG,IAAW,EAC/B,MAAM,GAAE,EAAE,GAAG,EAAO,GAClB,UAAU,CAkBZ;AAED;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAChC,MAAM,EAAE,UAAU,EAClB,EAAE,EAAE,UAAU,EACd,GAAG,EAAE,UAAU,EACf,MAAM,GAAE,EAAE,GAAG,EAAO,GAClB,UAAU,GAAG,IAAI,CASnB;AAED;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAC5B,IAAI,EAAE,UAAU,EAChB,GAAG,EAAE,UAAU,EACf,KAAK,GAAE,UAAU,GAAG,IAAW,EAC/B,MAAM,GAAE,EAAE,GAAG,EAAO,GAClB,UAAU,CAUZ;AAED;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CAClC,IAAI,EAAE,UAAU,EAChB,GAAG,EAAE,UAAU,EACf,GAAG,EAAE,UAAU,EACf,KAAK,GAAE,UAAU,GAAG,IAAW,GAC7B,OAAO,CAIT;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI,UAAU,CAEhD;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,IAAI,UAAU,CAElD"}
|
|
@@ -0,0 +1,398 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Bitsliced AEGIS-256 implementation.
|
|
3
|
+
* Provides constant-time operation by processing state blocks simultaneously.
|
|
4
|
+
*/
|
|
5
|
+
import { constantTimeEqual, zeroPad } from "./aes.js";
|
|
6
|
+
import { aesRound, blockFromBytes, blocksPut, blockToBytes, blockXor, createAesBlock, createAesBlocks, pack, unpack, wordIdx, } from "./aes-bs.js";
|
|
7
|
+
import { randomBytes } from "./random.js";
|
|
8
|
+
const RATE = 16;
|
|
9
|
+
const C0 = new Uint32Array([
|
|
10
|
+
0x02010100, 0x0d080503, 0x59372215, 0x6279e990,
|
|
11
|
+
]);
|
|
12
|
+
const C1 = new Uint32Array([
|
|
13
|
+
0x55183ddb, 0xf12fc26d, 0x42311120, 0xdd28b573,
|
|
14
|
+
]);
|
|
15
|
+
/**
|
|
16
|
+
* Bitsliced AEGIS-256 cipher state.
|
|
17
|
+
* Uses 6 AES blocks (96 bytes) stored in bitsliced form.
|
|
18
|
+
*/
|
|
19
|
+
export class Aegis256BsState {
|
|
20
|
+
constructor() {
|
|
21
|
+
this.st = createAesBlocks();
|
|
22
|
+
this.st1 = createAesBlocks();
|
|
23
|
+
this.tmp = createAesBlock();
|
|
24
|
+
}
|
|
25
|
+
/**
|
|
26
|
+
* AEGIS round function: applies AES round to all blocks and rotates.
|
|
27
|
+
* st[i] = AES(st[i]) ^ st[(i+5) mod 6]
|
|
28
|
+
*/
|
|
29
|
+
aegisRound() {
|
|
30
|
+
const st = this.st;
|
|
31
|
+
const st1 = this.st1;
|
|
32
|
+
st1.set(st);
|
|
33
|
+
pack(st1);
|
|
34
|
+
aesRound(st1);
|
|
35
|
+
unpack(st1);
|
|
36
|
+
for (let i = 0; i < 6; i++) {
|
|
37
|
+
const prev = (i + 5) % 6;
|
|
38
|
+
st[wordIdx(i, 0)] = (st[wordIdx(i, 0)] ^ st1[wordIdx(prev, 0)]) >>> 0;
|
|
39
|
+
st[wordIdx(i, 1)] = (st[wordIdx(i, 1)] ^ st1[wordIdx(prev, 1)]) >>> 0;
|
|
40
|
+
st[wordIdx(i, 2)] = (st[wordIdx(i, 2)] ^ st1[wordIdx(prev, 2)]) >>> 0;
|
|
41
|
+
st[wordIdx(i, 3)] = (st[wordIdx(i, 3)] ^ st1[wordIdx(prev, 3)]) >>> 0;
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
/**
|
|
45
|
+
* Absorb rate: XOR message block into state position 0.
|
|
46
|
+
*/
|
|
47
|
+
absorbRate(m) {
|
|
48
|
+
const st = this.st;
|
|
49
|
+
st[wordIdx(0, 0)] = (st[wordIdx(0, 0)] ^ m[0]) >>> 0;
|
|
50
|
+
st[wordIdx(0, 1)] = (st[wordIdx(0, 1)] ^ m[1]) >>> 0;
|
|
51
|
+
st[wordIdx(0, 2)] = (st[wordIdx(0, 2)] ^ m[2]) >>> 0;
|
|
52
|
+
st[wordIdx(0, 3)] = (st[wordIdx(0, 3)] ^ m[3]) >>> 0;
|
|
53
|
+
}
|
|
54
|
+
/**
|
|
55
|
+
* Update state with a message block.
|
|
56
|
+
*/
|
|
57
|
+
update(m) {
|
|
58
|
+
this.aegisRound();
|
|
59
|
+
this.absorbRate(m);
|
|
60
|
+
}
|
|
61
|
+
/**
|
|
62
|
+
* Initializes the state with a key and nonce.
|
|
63
|
+
* @param key - 32-byte encryption key
|
|
64
|
+
* @param nonce - 32-byte nonce (must be unique per message)
|
|
65
|
+
*/
|
|
66
|
+
init(key, nonce) {
|
|
67
|
+
const k0 = createAesBlock();
|
|
68
|
+
const k1 = createAesBlock();
|
|
69
|
+
const n0 = createAesBlock();
|
|
70
|
+
const n1 = createAesBlock();
|
|
71
|
+
const k0n0 = createAesBlock();
|
|
72
|
+
const k1n1 = createAesBlock();
|
|
73
|
+
const k0c0 = createAesBlock();
|
|
74
|
+
const k1c1 = createAesBlock();
|
|
75
|
+
blockFromBytes(k0, key.subarray(0, 16));
|
|
76
|
+
blockFromBytes(k1, key.subarray(16, 32));
|
|
77
|
+
blockFromBytes(n0, nonce.subarray(0, 16));
|
|
78
|
+
blockFromBytes(n1, nonce.subarray(16, 32));
|
|
79
|
+
blockXor(k0n0, k0, n0);
|
|
80
|
+
blockXor(k1n1, k1, n1);
|
|
81
|
+
blockXor(k0c0, k0, C0);
|
|
82
|
+
blockXor(k1c1, k1, C1);
|
|
83
|
+
this.st.fill(0);
|
|
84
|
+
blocksPut(this.st, k0n0, 0);
|
|
85
|
+
blocksPut(this.st, k1n1, 1);
|
|
86
|
+
blocksPut(this.st, C1, 2);
|
|
87
|
+
blocksPut(this.st, C0, 3);
|
|
88
|
+
blocksPut(this.st, k0c0, 4);
|
|
89
|
+
blocksPut(this.st, k1c1, 5);
|
|
90
|
+
for (let i = 0; i < 4; i++) {
|
|
91
|
+
this.update(k0);
|
|
92
|
+
this.update(k1);
|
|
93
|
+
this.update(k0n0);
|
|
94
|
+
this.update(k1n1);
|
|
95
|
+
}
|
|
96
|
+
}
|
|
97
|
+
/**
|
|
98
|
+
* Absorbs a 16-byte associated data block into the state.
|
|
99
|
+
* @param ai - 16-byte associated data block
|
|
100
|
+
*/
|
|
101
|
+
absorb(ai) {
|
|
102
|
+
const msg = this.tmp;
|
|
103
|
+
blockFromBytes(msg, ai);
|
|
104
|
+
this.update(msg);
|
|
105
|
+
}
|
|
106
|
+
/**
|
|
107
|
+
* Encrypts a 16-byte plaintext block and writes to output buffer.
|
|
108
|
+
* @param xi - 16-byte plaintext block
|
|
109
|
+
* @param out - 16-byte output buffer
|
|
110
|
+
*/
|
|
111
|
+
encTo(xi, out) {
|
|
112
|
+
const st = this.st;
|
|
113
|
+
const z = this.tmp;
|
|
114
|
+
const t = createAesBlock();
|
|
115
|
+
for (let i = 0; i < 4; i++) {
|
|
116
|
+
z[i] =
|
|
117
|
+
(st[wordIdx(1, i)] ^
|
|
118
|
+
st[wordIdx(4, i)] ^
|
|
119
|
+
st[wordIdx(5, i)] ^
|
|
120
|
+
(st[wordIdx(2, i)] & st[wordIdx(3, i)])) >>>
|
|
121
|
+
0;
|
|
122
|
+
}
|
|
123
|
+
blockFromBytes(t, xi);
|
|
124
|
+
const outBlock = createAesBlock();
|
|
125
|
+
blockXor(outBlock, t, z);
|
|
126
|
+
blockToBytes(out, outBlock);
|
|
127
|
+
this.update(t);
|
|
128
|
+
}
|
|
129
|
+
/**
|
|
130
|
+
* Encrypts a 16-byte plaintext block.
|
|
131
|
+
* @param xi - 16-byte plaintext block
|
|
132
|
+
* @returns 16-byte ciphertext block
|
|
133
|
+
*/
|
|
134
|
+
enc(xi) {
|
|
135
|
+
const out = new Uint8Array(16);
|
|
136
|
+
this.encTo(xi, out);
|
|
137
|
+
return out;
|
|
138
|
+
}
|
|
139
|
+
/**
|
|
140
|
+
* Decrypts a 16-byte ciphertext block and writes to output buffer.
|
|
141
|
+
* @param ci - 16-byte ciphertext block
|
|
142
|
+
* @param out - 16-byte output buffer
|
|
143
|
+
*/
|
|
144
|
+
decTo(ci, out) {
|
|
145
|
+
const st = this.st;
|
|
146
|
+
const msg = this.tmp;
|
|
147
|
+
blockFromBytes(msg, ci);
|
|
148
|
+
for (let i = 0; i < 4; i++) {
|
|
149
|
+
msg[i] =
|
|
150
|
+
(msg[i] ^
|
|
151
|
+
st[wordIdx(1, i)] ^
|
|
152
|
+
st[wordIdx(4, i)] ^
|
|
153
|
+
st[wordIdx(5, i)] ^
|
|
154
|
+
(st[wordIdx(2, i)] & st[wordIdx(3, i)])) >>>
|
|
155
|
+
0;
|
|
156
|
+
}
|
|
157
|
+
this.update(msg);
|
|
158
|
+
blockToBytes(out, msg);
|
|
159
|
+
}
|
|
160
|
+
/**
|
|
161
|
+
* Decrypts a 16-byte ciphertext block.
|
|
162
|
+
* @param ci - 16-byte ciphertext block
|
|
163
|
+
* @returns 16-byte plaintext block
|
|
164
|
+
*/
|
|
165
|
+
dec(ci) {
|
|
166
|
+
const out = new Uint8Array(16);
|
|
167
|
+
this.decTo(ci, out);
|
|
168
|
+
return out;
|
|
169
|
+
}
|
|
170
|
+
/**
|
|
171
|
+
* Decrypts a partial (final) ciphertext block smaller than 16 bytes.
|
|
172
|
+
* @param cn - Partial ciphertext block (1-15 bytes)
|
|
173
|
+
* @returns Decrypted plaintext of the same length
|
|
174
|
+
*/
|
|
175
|
+
decPartial(cn) {
|
|
176
|
+
const st = this.st;
|
|
177
|
+
const msg = this.tmp;
|
|
178
|
+
const padded = zeroPad(cn, RATE);
|
|
179
|
+
blockFromBytes(msg, padded);
|
|
180
|
+
for (let i = 0; i < 4; i++) {
|
|
181
|
+
msg[i] =
|
|
182
|
+
(msg[i] ^
|
|
183
|
+
st[wordIdx(1, i)] ^
|
|
184
|
+
st[wordIdx(4, i)] ^
|
|
185
|
+
st[wordIdx(5, i)] ^
|
|
186
|
+
(st[wordIdx(2, i)] & st[wordIdx(3, i)])) >>>
|
|
187
|
+
0;
|
|
188
|
+
}
|
|
189
|
+
const pad = new Uint8Array(RATE);
|
|
190
|
+
blockToBytes(pad, msg);
|
|
191
|
+
const xn = new Uint8Array(pad.subarray(0, cn.length));
|
|
192
|
+
pad.fill(0, cn.length);
|
|
193
|
+
blockFromBytes(msg, pad);
|
|
194
|
+
this.aegisRound();
|
|
195
|
+
this.absorbRate(msg);
|
|
196
|
+
return xn;
|
|
197
|
+
}
|
|
198
|
+
/**
|
|
199
|
+
* Finalizes encryption/decryption and produces an authentication tag.
|
|
200
|
+
* @param adLen - Associated data length in bytes
|
|
201
|
+
* @param msgLen - Message length in bytes
|
|
202
|
+
* @param tagLen - Tag length (16 or 32 bytes)
|
|
203
|
+
* @returns Authentication tag
|
|
204
|
+
*/
|
|
205
|
+
finalize(adLen, msgLen, tagLen = 16) {
|
|
206
|
+
const st = this.st;
|
|
207
|
+
const tmp = this.tmp;
|
|
208
|
+
tmp[0] = ((adLen * 8) & 0xffffffff) >>> 0;
|
|
209
|
+
tmp[1] = Math.floor((adLen * 8) / 0x100000000) >>> 0;
|
|
210
|
+
tmp[2] = ((msgLen * 8) & 0xffffffff) >>> 0;
|
|
211
|
+
tmp[3] = Math.floor((msgLen * 8) / 0x100000000) >>> 0;
|
|
212
|
+
tmp[0] = (tmp[0] ^ st[wordIdx(3, 0)]) >>> 0;
|
|
213
|
+
tmp[1] = (tmp[1] ^ st[wordIdx(3, 1)]) >>> 0;
|
|
214
|
+
tmp[2] = (tmp[2] ^ st[wordIdx(3, 2)]) >>> 0;
|
|
215
|
+
tmp[3] = (tmp[3] ^ st[wordIdx(3, 3)]) >>> 0;
|
|
216
|
+
for (let i = 0; i < 7; i++) {
|
|
217
|
+
this.update(tmp);
|
|
218
|
+
}
|
|
219
|
+
if (tagLen === 16) {
|
|
220
|
+
const tag = new Uint8Array(16);
|
|
221
|
+
const tagBlock = createAesBlock();
|
|
222
|
+
for (let i = 0; i < 4; i++) {
|
|
223
|
+
tagBlock[i] =
|
|
224
|
+
(st[wordIdx(0, i)] ^
|
|
225
|
+
st[wordIdx(1, i)] ^
|
|
226
|
+
st[wordIdx(2, i)] ^
|
|
227
|
+
st[wordIdx(3, i)] ^
|
|
228
|
+
st[wordIdx(4, i)] ^
|
|
229
|
+
st[wordIdx(5, i)]) >>>
|
|
230
|
+
0;
|
|
231
|
+
}
|
|
232
|
+
blockToBytes(tag, tagBlock);
|
|
233
|
+
return tag;
|
|
234
|
+
}
|
|
235
|
+
else {
|
|
236
|
+
const tag = new Uint8Array(32);
|
|
237
|
+
const tagBlock0 = createAesBlock();
|
|
238
|
+
const tagBlock1 = createAesBlock();
|
|
239
|
+
for (let i = 0; i < 4; i++) {
|
|
240
|
+
tagBlock0[i] =
|
|
241
|
+
(st[wordIdx(0, i)] ^ st[wordIdx(1, i)] ^ st[wordIdx(2, i)]) >>> 0;
|
|
242
|
+
}
|
|
243
|
+
for (let i = 0; i < 4; i++) {
|
|
244
|
+
tagBlock1[i] =
|
|
245
|
+
(st[wordIdx(3, i)] ^ st[wordIdx(4, i)] ^ st[wordIdx(5, i)]) >>> 0;
|
|
246
|
+
}
|
|
247
|
+
blockToBytes(tag.subarray(0, 16), tagBlock0);
|
|
248
|
+
blockToBytes(tag.subarray(16, 32), tagBlock1);
|
|
249
|
+
return tag;
|
|
250
|
+
}
|
|
251
|
+
}
|
|
252
|
+
}
|
|
253
|
+
/**
|
|
254
|
+
* Encrypts a message using bitsliced AEGIS-256 (detached mode).
|
|
255
|
+
* @param msg - Plaintext message
|
|
256
|
+
* @param ad - Associated data (authenticated but not encrypted)
|
|
257
|
+
* @param key - 32-byte encryption key
|
|
258
|
+
* @param nonce - 32-byte nonce (must be unique per message with the same key)
|
|
259
|
+
* @param tagLen - Authentication tag length: 16 or 32 bytes (default: 16)
|
|
260
|
+
* @returns Object containing ciphertext and authentication tag separately
|
|
261
|
+
*/
|
|
262
|
+
export function aegis256BsEncryptDetached(msg, ad, key, nonce, tagLen = 16) {
|
|
263
|
+
const state = new Aegis256BsState();
|
|
264
|
+
state.init(key, nonce);
|
|
265
|
+
const adPadded = zeroPad(ad, RATE);
|
|
266
|
+
for (let i = 0; i + RATE <= adPadded.length; i += RATE) {
|
|
267
|
+
state.absorb(adPadded.subarray(i, i + RATE));
|
|
268
|
+
}
|
|
269
|
+
const ciphertext = new Uint8Array(msg.length);
|
|
270
|
+
const fullBlocks = Math.floor(msg.length / RATE) * RATE;
|
|
271
|
+
for (let i = 0; i < fullBlocks; i += RATE) {
|
|
272
|
+
state.encTo(msg.subarray(i, i + RATE), ciphertext.subarray(i, i + RATE));
|
|
273
|
+
}
|
|
274
|
+
if (msg.length > fullBlocks) {
|
|
275
|
+
const lastBlock = zeroPad(msg.subarray(fullBlocks), RATE);
|
|
276
|
+
const encBlock = state.enc(lastBlock);
|
|
277
|
+
ciphertext.set(encBlock.subarray(0, msg.length - fullBlocks), fullBlocks);
|
|
278
|
+
}
|
|
279
|
+
const tag = state.finalize(ad.length, msg.length, tagLen);
|
|
280
|
+
return { ciphertext, tag };
|
|
281
|
+
}
|
|
282
|
+
/**
|
|
283
|
+
* Decrypts a message using bitsliced AEGIS-256 (detached mode).
|
|
284
|
+
* @param ct - Ciphertext
|
|
285
|
+
* @param tag - Authentication tag (16 or 32 bytes)
|
|
286
|
+
* @param ad - Associated data (must match what was used during encryption)
|
|
287
|
+
* @param key - 32-byte encryption key
|
|
288
|
+
* @param nonce - 32-byte nonce (must match what was used during encryption)
|
|
289
|
+
* @returns Decrypted plaintext, or null if authentication fails
|
|
290
|
+
*/
|
|
291
|
+
export function aegis256BsDecryptDetached(ct, tag, ad, key, nonce) {
|
|
292
|
+
const tagLen = tag.length;
|
|
293
|
+
const state = new Aegis256BsState();
|
|
294
|
+
state.init(key, nonce);
|
|
295
|
+
const adPadded = zeroPad(ad, RATE);
|
|
296
|
+
for (let i = 0; i + RATE <= adPadded.length; i += RATE) {
|
|
297
|
+
state.absorb(adPadded.subarray(i, i + RATE));
|
|
298
|
+
}
|
|
299
|
+
const msg = new Uint8Array(ct.length);
|
|
300
|
+
const fullBlocks = Math.floor(ct.length / RATE) * RATE;
|
|
301
|
+
for (let i = 0; i < fullBlocks; i += RATE) {
|
|
302
|
+
state.decTo(ct.subarray(i, i + RATE), msg.subarray(i, i + RATE));
|
|
303
|
+
}
|
|
304
|
+
if (ct.length > fullBlocks) {
|
|
305
|
+
msg.set(state.decPartial(ct.subarray(fullBlocks)), fullBlocks);
|
|
306
|
+
}
|
|
307
|
+
const expectedTag = state.finalize(ad.length, msg.length, tagLen);
|
|
308
|
+
if (!constantTimeEqual(tag, expectedTag)) {
|
|
309
|
+
msg.fill(0);
|
|
310
|
+
return null;
|
|
311
|
+
}
|
|
312
|
+
return msg;
|
|
313
|
+
}
|
|
314
|
+
export const AEGIS_256_BS_NONCE_SIZE = 32;
|
|
315
|
+
export const AEGIS_256_BS_KEY_SIZE = 32;
|
|
316
|
+
/**
|
|
317
|
+
* Encrypts a message using bitsliced AEGIS-256.
|
|
318
|
+
* Returns a single buffer containing nonce || ciphertext || tag.
|
|
319
|
+
* @param msg - Plaintext message
|
|
320
|
+
* @param ad - Associated data (authenticated but not encrypted)
|
|
321
|
+
* @param key - 32-byte encryption key
|
|
322
|
+
* @param nonce - 32-byte nonce (optional, generates random nonce if not provided)
|
|
323
|
+
* @param tagLen - Authentication tag length: 16 or 32 bytes (default: 16)
|
|
324
|
+
* @returns Concatenated nonce || ciphertext || tag
|
|
325
|
+
*/
|
|
326
|
+
export function aegis256BsEncrypt(msg, ad, key, nonce = null, tagLen = 16) {
|
|
327
|
+
const actualNonce = nonce ?? randomBytes(AEGIS_256_BS_NONCE_SIZE);
|
|
328
|
+
const { ciphertext, tag } = aegis256BsEncryptDetached(msg, ad, key, actualNonce, tagLen);
|
|
329
|
+
const result = new Uint8Array(AEGIS_256_BS_NONCE_SIZE + ciphertext.length + tagLen);
|
|
330
|
+
result.set(actualNonce, 0);
|
|
331
|
+
result.set(ciphertext, AEGIS_256_BS_NONCE_SIZE);
|
|
332
|
+
result.set(tag, AEGIS_256_BS_NONCE_SIZE + ciphertext.length);
|
|
333
|
+
return result;
|
|
334
|
+
}
|
|
335
|
+
/**
|
|
336
|
+
* Decrypts a message using bitsliced AEGIS-256.
|
|
337
|
+
* Expects input as nonce || ciphertext || tag.
|
|
338
|
+
* @param sealed - Concatenated nonce || ciphertext || tag
|
|
339
|
+
* @param ad - Associated data (must match what was used during encryption)
|
|
340
|
+
* @param key - 32-byte encryption key
|
|
341
|
+
* @param tagLen - Authentication tag length: 16 or 32 bytes (default: 16)
|
|
342
|
+
* @returns Decrypted plaintext, or null if authentication fails
|
|
343
|
+
*/
|
|
344
|
+
export function aegis256BsDecrypt(sealed, ad, key, tagLen = 16) {
|
|
345
|
+
const nonceSize = AEGIS_256_BS_NONCE_SIZE;
|
|
346
|
+
if (sealed.length < nonceSize + tagLen) {
|
|
347
|
+
return null;
|
|
348
|
+
}
|
|
349
|
+
const nonce = sealed.subarray(0, nonceSize);
|
|
350
|
+
const ct = sealed.subarray(nonceSize, sealed.length - tagLen);
|
|
351
|
+
const tag = sealed.subarray(sealed.length - tagLen);
|
|
352
|
+
return aegis256BsDecryptDetached(ct, tag, ad, key, nonce);
|
|
353
|
+
}
|
|
354
|
+
/**
|
|
355
|
+
* Computes a MAC (Message Authentication Code) using bitsliced AEGIS-256.
|
|
356
|
+
* @param data - Data to authenticate
|
|
357
|
+
* @param key - 32-byte key
|
|
358
|
+
* @param nonce - 32-byte nonce (optional, uses zero nonce if null)
|
|
359
|
+
* @param tagLen - Tag length: 16 or 32 bytes (default: 16)
|
|
360
|
+
* @returns Authentication tag
|
|
361
|
+
*/
|
|
362
|
+
export function aegis256BsMac(data, key, nonce = null, tagLen = 16) {
|
|
363
|
+
const state = new Aegis256BsState();
|
|
364
|
+
state.init(key, nonce ?? new Uint8Array(32));
|
|
365
|
+
const dataPadded = zeroPad(data, RATE);
|
|
366
|
+
for (let i = 0; i + RATE <= dataPadded.length; i += RATE) {
|
|
367
|
+
state.absorb(dataPadded.subarray(i, i + RATE));
|
|
368
|
+
}
|
|
369
|
+
return state.finalize(data.length, tagLen, tagLen);
|
|
370
|
+
}
|
|
371
|
+
/**
|
|
372
|
+
* Verifies a MAC computed using bitsliced AEGIS-256.
|
|
373
|
+
* @param data - Data to verify
|
|
374
|
+
* @param tag - Expected authentication tag (16 or 32 bytes)
|
|
375
|
+
* @param key - 32-byte key
|
|
376
|
+
* @param nonce - 32-byte nonce (optional, uses zero nonce if null)
|
|
377
|
+
* @returns True if the tag is valid, false otherwise
|
|
378
|
+
*/
|
|
379
|
+
export function aegis256BsMacVerify(data, tag, key, nonce = null) {
|
|
380
|
+
const tagLen = tag.length;
|
|
381
|
+
const expectedTag = aegis256BsMac(data, key, nonce, tagLen);
|
|
382
|
+
return constantTimeEqual(tag, expectedTag);
|
|
383
|
+
}
|
|
384
|
+
/**
|
|
385
|
+
* Generates a random 32-byte key for bitsliced AEGIS-256.
|
|
386
|
+
* @returns 32-byte encryption key
|
|
387
|
+
*/
|
|
388
|
+
export function aegis256BsCreateKey() {
|
|
389
|
+
return randomBytes(AEGIS_256_BS_KEY_SIZE);
|
|
390
|
+
}
|
|
391
|
+
/**
|
|
392
|
+
* Generates a random 32-byte nonce for bitsliced AEGIS-256.
|
|
393
|
+
* @returns 32-byte nonce
|
|
394
|
+
*/
|
|
395
|
+
export function aegis256BsCreateNonce() {
|
|
396
|
+
return randomBytes(AEGIS_256_BS_NONCE_SIZE);
|
|
397
|
+
}
|
|
398
|
+
//# sourceMappingURL=aegis256-bs.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"aegis256-bs.js","sourceRoot":"","sources":["../src/aegis256-bs.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,iBAAiB,EAAE,OAAO,EAAE,MAAM,UAAU,CAAC;AACtD,OAAO,EAGN,QAAQ,EACR,cAAc,EACd,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,cAAc,EACd,eAAe,EACf,IAAI,EACJ,MAAM,EACN,OAAO,GACP,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,MAAM,IAAI,GAAG,EAAE,CAAC;AAEhB,MAAM,EAAE,GAAa,IAAI,WAAW,CAAC;IACpC,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU;CAC9C,CAAC,CAAC;AACH,MAAM,EAAE,GAAa,IAAI,WAAW,CAAC;IACpC,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU;CAC9C,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,OAAO,eAAe;IAK3B;QACC,IAAI,CAAC,EAAE,GAAG,eAAe,EAAE,CAAC;QAC5B,IAAI,CAAC,GAAG,GAAG,eAAe,EAAE,CAAC;QAC7B,IAAI,CAAC,GAAG,GAAG,cAAc,EAAE,CAAC;IAC7B,CAAC;IAED;;;OAGG;IACK,UAAU;QACjB,MAAM,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;QAErB,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACZ,IAAI,CAAC,GAAG,CAAC,CAAC;QACV,QAAQ,CAAC,GAAG,CAAC,CAAC;QACd,MAAM,CAAC,GAAG,CAAC,CAAC;QAEZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;YACzB,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,CAAC;YACxE,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,CAAC;YACxE,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,CAAC;YACxE,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,CAAC;QACzE,CAAC;IACF,CAAC;IAED;;OAEG;IACK,UAAU,CAAC,CAAW;QAC7B,MAAM,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;QACnB,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,CAAC;QACvD,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,CAAC;QACvD,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,CAAC;QACvD,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,CAAC;IACxD,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,CAAW;QACzB,IAAI,CAAC,UAAU,EAAE,CAAC;QAClB,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAED;;;;OAIG;IACH,IAAI,CAAC,GAAe,EAAE,KAAiB;QACtC,MAAM,EAAE,GAAG,cAAc,EAAE,CAAC;QAC5B,MAAM,EAAE,GAAG,cAAc,EAAE,CAAC;QAC5B,MAAM,EAAE,GAAG,cAAc,EAAE,CAAC;QAC5B,MAAM,EAAE,GAAG,cAAc,EAAE,CAAC;QAC5B,MAAM,IAAI,GAAG,cAAc,EAAE,CAAC;QAC9B,MAAM,IAAI,GAAG,cAAc,EAAE,CAAC;QAC9B,MAAM,IAAI,GAAG,cAAc,EAAE,CAAC;QAC9B,MAAM,IAAI,GAAG,cAAc,EAAE,CAAC;QAE9B,cAAc,CAAC,EAAE,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;QACxC,cAAc,CAAC,EAAE,EAAE,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;QACzC,cAAc,CAAC,EAAE,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;QAC1C,cAAc,CAAC,EAAE,EAAE,KAAK,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;QAC3C,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;QACvB,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;QACvB,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;QACvB,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;QAEvB,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChB,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC5B,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC5B,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;QAC1B,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;QAC1B,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC5B,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAE5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAClB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACnB,CAAC;IACF,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,EAAc;QACpB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;QACrB,cAAc,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACxB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAClB,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,EAAc,EAAE,GAAe;QACpC,MAAM,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;QACnB,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC;QACnB,MAAM,CAAC,GAAG,cAAc,EAAE,CAAC;QAE3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,CAAC,CAAC,CAAC,CAAC;gBACH,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE;oBAClB,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE;oBAClB,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE;oBAClB,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAC,CAAC;oBAC3C,CAAC,CAAC;QACJ,CAAC;QAED,cAAc,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAEtB,MAAM,QAAQ,GAAG,cAAc,EAAE,CAAC;QAClC,QAAQ,CAAC,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QACzB,YAAY,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAE5B,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAChB,CAAC;IAED;;;;OAIG;IACH,GAAG,CAAC,EAAc;QACjB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;QAC/B,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QACpB,OAAO,GAAG,CAAC;IACZ,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,EAAc,EAAE,GAAe;QACpC,MAAM,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;QAErB,cAAc,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAExB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,GAAG,CAAC,CAAC,CAAC;gBACL,CAAC,GAAG,CAAC,CAAC,CAAE;oBACP,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE;oBAClB,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE;oBAClB,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE;oBAClB,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAC,CAAC;oBAC3C,CAAC,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjB,YAAY,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACxB,CAAC;IAED;;;;OAIG;IACH,GAAG,CAAC,EAAc;QACjB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;QAC/B,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QACpB,OAAO,GAAG,CAAC;IACZ,CAAC;IAED;;;;OAIG;IACH,UAAU,CAAC,EAAc;QACxB,MAAM,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;QAErB,MAAM,MAAM,GAAG,OAAO,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;QACjC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAE5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,GAAG,CAAC,CAAC,CAAC;gBACL,CAAC,GAAG,CAAC,CAAC,CAAE;oBACP,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE;oBAClB,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE;oBAClB,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE;oBAClB,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAC,CAAC;oBAC3C,CAAC,CAAC;QACJ,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC;QACjC,YAAY,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAEvB,MAAM,EAAE,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;QAEtD,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC;QACvB,cAAc,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAEzB,IAAI,CAAC,UAAU,EAAE,CAAC;QAClB,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QAErB,OAAO,EAAE,CAAC;IACX,CAAC;IAED;;;;;;OAMG;IACH,QAAQ,CAAC,KAAa,EAAE,MAAc,EAAE,SAAkB,EAAE;QAC3D,MAAM,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;QAErB,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;QAC1C,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;QACrD,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;QAC3C,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;QAEtD,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAE,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,CAAC;QAC9C,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAE,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,CAAC;QAC9C,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAE,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,CAAC;QAC9C,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAE,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,CAAC;QAE9C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAClB,CAAC;QAED,IAAI,MAAM,KAAK,EAAE,EAAE,CAAC;YACnB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;YAC/B,MAAM,QAAQ,GAAG,cAAc,EAAE,CAAC;YAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC5B,QAAQ,CAAC,CAAC,CAAC;oBACV,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE;wBAClB,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE;wBAClB,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE;wBAClB,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE;wBAClB,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE;wBAClB,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAC;wBACpB,CAAC,CAAC;YACJ,CAAC;YACD,YAAY,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YAC5B,OAAO,GAAG,CAAC;QACZ,CAAC;aAAM,CAAC;YACP,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;YAC/B,MAAM,SAAS,GAAG,cAAc,EAAE,CAAC;YACnC,MAAM,SAAS,GAAG,cAAc,EAAE,CAAC;YACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC5B,SAAS,CAAC,CAAC,CAAC;oBACX,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,CAAC;YACvE,CAAC;YACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC5B,SAAS,CAAC,CAAC,CAAC;oBACX,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,CAAC;YACvE,CAAC;YACD,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,SAAS,CAAC,CAAC;YAC7C,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,SAAS,CAAC,CAAC;YAC9C,OAAO,GAAG,CAAC;QACZ,CAAC;IACF,CAAC;CACD;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,yBAAyB,CACxC,GAAe,EACf,EAAc,EACd,GAAe,EACf,KAAiB,EACjB,SAAkB,EAAE;IAEpB,MAAM,KAAK,GAAG,IAAI,eAAe,EAAE,CAAC;IACpC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAEvB,MAAM,QAAQ,GAAG,OAAO,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;IACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC;QACxD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;IAC9C,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;IAExD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC;QAC3C,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;IAC1E,CAAC;IAED,IAAI,GAAG,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;QAC7B,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,CAAC;QAC1D,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACtC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,GAAG,UAAU,CAAC,EAAE,UAAU,CAAC,CAAC;IAC3E,CAAC;IAED,MAAM,GAAG,GAAG,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE1D,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC;AAC5B,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,yBAAyB,CACxC,EAAc,EACd,GAAe,EACf,EAAc,EACd,GAAe,EACf,KAAiB;IAEjB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAiB,CAAC;IACrC,MAAM,KAAK,GAAG,IAAI,eAAe,EAAE,CAAC;IACpC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAEvB,MAAM,QAAQ,GAAG,OAAO,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;IACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC;QACxD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;IAC9C,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;IAEvD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC;QAC3C,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;IAClE,CAAC;IAED,IAAI,EAAE,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;QAC5B,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,WAAW,GAAG,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAElE,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,WAAW,CAAC,EAAE,CAAC;QAC1C,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACZ,OAAO,IAAI,CAAC;IACb,CAAC;IAED,OAAO,GAAG,CAAC;AACZ,CAAC;AAED,MAAM,CAAC,MAAM,uBAAuB,GAAG,EAAE,CAAC;AAC1C,MAAM,CAAC,MAAM,qBAAqB,GAAG,EAAE,CAAC;AAExC;;;;;;;;;GASG;AACH,MAAM,UAAU,iBAAiB,CAChC,GAAe,EACf,EAAc,EACd,GAAe,EACf,QAA2B,IAAI,EAC/B,SAAkB,EAAE;IAEpB,MAAM,WAAW,GAAG,KAAK,IAAI,WAAW,CAAC,uBAAuB,CAAC,CAAC;IAClE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,yBAAyB,CACpD,GAAG,EACH,EAAE,EACF,GAAG,EACH,WAAW,EACX,MAAM,CACN,CAAC;IAEF,MAAM,MAAM,GAAG,IAAI,UAAU,CAC5B,uBAAuB,GAAG,UAAU,CAAC,MAAM,GAAG,MAAM,CACpD,CAAC;IACF,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;IAC3B,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,uBAAuB,CAAC,CAAC;IAChD,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,uBAAuB,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IAE7D,OAAO,MAAM,CAAC;AACf,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,iBAAiB,CAChC,MAAkB,EAClB,EAAc,EACd,GAAe,EACf,SAAkB,EAAE;IAEpB,MAAM,SAAS,GAAG,uBAAuB,CAAC;IAC1C,IAAI,MAAM,CAAC,MAAM,GAAG,SAAS,GAAG,MAAM,EAAE,CAAC;QACxC,OAAO,IAAI,CAAC;IACb,CAAC;IACD,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;IAC5C,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC;IAC9D,MAAM,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC;IACpD,OAAO,yBAAyB,CAAC,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,aAAa,CAC5B,IAAgB,EAChB,GAAe,EACf,QAA2B,IAAI,EAC/B,SAAkB,EAAE;IAEpB,MAAM,KAAK,GAAG,IAAI,eAAe,EAAE,CAAC;IACpC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,IAAI,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;IAE7C,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC;QAC1D,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;AACpD,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CAClC,IAAgB,EAChB,GAAe,EACf,GAAe,EACf,QAA2B,IAAI;IAE/B,MAAM,MAAM,GAAG,GAAG,CAAC,MAAiB,CAAC;IACrC,MAAM,WAAW,GAAG,aAAa,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAC5D,OAAO,iBAAiB,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;AAC5C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB;IAClC,OAAO,WAAW,CAAC,qBAAqB,CAAC,CAAC;AAC3C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB;IACpC,OAAO,WAAW,CAAC,uBAAuB,CAAC,CAAC;AAC7C,CAAC"}
|
package/dist/aegis256.d.ts
CHANGED
|
@@ -72,20 +72,20 @@ export declare class Aegis256State {
|
|
|
72
72
|
finalize(adLenBits: bigint, msgLenBits: bigint, tagLen?: 16 | 32): Uint8Array;
|
|
73
73
|
}
|
|
74
74
|
/**
|
|
75
|
-
* Encrypts a message using AEGIS-256.
|
|
75
|
+
* Encrypts a message using AEGIS-256 (detached mode).
|
|
76
76
|
* @param msg - Plaintext message
|
|
77
77
|
* @param ad - Associated data (authenticated but not encrypted)
|
|
78
78
|
* @param key - 32-byte encryption key
|
|
79
79
|
* @param nonce - 32-byte nonce (must be unique per message with the same key)
|
|
80
80
|
* @param tagLen - Authentication tag length: 16 or 32 bytes (default: 16)
|
|
81
|
-
* @returns Object containing ciphertext and authentication tag
|
|
81
|
+
* @returns Object containing ciphertext and authentication tag separately
|
|
82
82
|
*/
|
|
83
|
-
export declare function
|
|
83
|
+
export declare function aegis256EncryptDetached(msg: Uint8Array, ad: Uint8Array, key: Uint8Array, nonce: Uint8Array, tagLen?: 16 | 32): {
|
|
84
84
|
ciphertext: Uint8Array;
|
|
85
85
|
tag: Uint8Array;
|
|
86
86
|
};
|
|
87
87
|
/**
|
|
88
|
-
* Decrypts a message using AEGIS-256.
|
|
88
|
+
* Decrypts a message using AEGIS-256 (detached mode).
|
|
89
89
|
* @param ct - Ciphertext
|
|
90
90
|
* @param tag - Authentication tag (16 or 32 bytes)
|
|
91
91
|
* @param ad - Associated data (must match what was used during encryption)
|
|
@@ -93,7 +93,32 @@ export declare function aegis256Encrypt(msg: Uint8Array, ad: Uint8Array, key: Ui
|
|
|
93
93
|
* @param nonce - 32-byte nonce (must match what was used during encryption)
|
|
94
94
|
* @returns Decrypted plaintext, or null if authentication fails
|
|
95
95
|
*/
|
|
96
|
-
export declare function
|
|
96
|
+
export declare function aegis256DecryptDetached(ct: Uint8Array, tag: Uint8Array, ad: Uint8Array, key: Uint8Array, nonce: Uint8Array): Uint8Array | null;
|
|
97
|
+
/** Nonce size for AEGIS-256 in bytes. */
|
|
98
|
+
export declare const AEGIS_256_NONCE_SIZE = 32;
|
|
99
|
+
/** Key size for AEGIS-256 in bytes. */
|
|
100
|
+
export declare const AEGIS_256_KEY_SIZE = 32;
|
|
101
|
+
/**
|
|
102
|
+
* Encrypts a message using AEGIS-256.
|
|
103
|
+
* Returns a single buffer containing nonce || ciphertext || tag.
|
|
104
|
+
* @param msg - Plaintext message
|
|
105
|
+
* @param ad - Associated data (authenticated but not encrypted)
|
|
106
|
+
* @param key - 32-byte encryption key
|
|
107
|
+
* @param nonce - 32-byte nonce (optional, generates random nonce if not provided)
|
|
108
|
+
* @param tagLen - Authentication tag length: 16 or 32 bytes (default: 16)
|
|
109
|
+
* @returns Concatenated nonce || ciphertext || tag
|
|
110
|
+
*/
|
|
111
|
+
export declare function aegis256Encrypt(msg: Uint8Array, ad: Uint8Array, key: Uint8Array, nonce?: Uint8Array | null, tagLen?: 16 | 32): Uint8Array;
|
|
112
|
+
/**
|
|
113
|
+
* Decrypts a message using AEGIS-256.
|
|
114
|
+
* Expects input as nonce || ciphertext || tag.
|
|
115
|
+
* @param sealed - Concatenated nonce || ciphertext || tag
|
|
116
|
+
* @param ad - Associated data (must match what was used during encryption)
|
|
117
|
+
* @param key - 32-byte encryption key
|
|
118
|
+
* @param tagLen - Authentication tag length: 16 or 32 bytes (default: 16)
|
|
119
|
+
* @returns Decrypted plaintext, or null if authentication fails
|
|
120
|
+
*/
|
|
121
|
+
export declare function aegis256Decrypt(sealed: Uint8Array, ad: Uint8Array, key: Uint8Array, tagLen?: 16 | 32): Uint8Array | null;
|
|
97
122
|
/**
|
|
98
123
|
* Computes a MAC (Message Authentication Code) using AEGIS-256.
|
|
99
124
|
* @param data - Data to authenticate
|
|
@@ -112,4 +137,16 @@ export declare function aegis256Mac(data: Uint8Array, key: Uint8Array, nonce?: U
|
|
|
112
137
|
* @returns True if the tag is valid, false otherwise
|
|
113
138
|
*/
|
|
114
139
|
export declare function aegis256MacVerify(data: Uint8Array, tag: Uint8Array, key: Uint8Array, nonce?: Uint8Array | null): boolean;
|
|
140
|
+
/**
|
|
141
|
+
* Generates a random 32-byte key for AEGIS-256.
|
|
142
|
+
* @returns 32-byte encryption key
|
|
143
|
+
* @throws Error if no cryptographic random source is available
|
|
144
|
+
*/
|
|
145
|
+
export declare function aegis256CreateKey(): Uint8Array;
|
|
146
|
+
/**
|
|
147
|
+
* Generates a random 32-byte nonce for AEGIS-256.
|
|
148
|
+
* @returns 32-byte nonce
|
|
149
|
+
* @throws Error if no cryptographic random source is available
|
|
150
|
+
*/
|
|
151
|
+
export declare function aegis256CreateNonce(): Uint8Array;
|
|
115
152
|
//# sourceMappingURL=aegis256.d.ts.map
|
package/dist/aegis256.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"aegis256.d.ts","sourceRoot":"","sources":["../src/aegis256.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"aegis256.d.ts","sourceRoot":"","sources":["../src/aegis256.ts"],"names":[],"mappings":"AAYA;;;GAGG;AACH,qBAAa,aAAa;IACzB,OAAO,CAAC,EAAE,CAAa;IACvB,OAAO,CAAC,EAAE,CAAa;IACvB,OAAO,CAAC,EAAE,CAAa;IACvB,OAAO,CAAC,EAAE,CAAa;IACvB,OAAO,CAAC,EAAE,CAAa;IACvB,OAAO,CAAC,EAAE,CAAa;IACvB,OAAO,CAAC,GAAG,CAAa;IACxB,OAAO,CAAC,CAAC,CAAa;IACtB,OAAO,CAAC,IAAI,CAAe;IAC3B,OAAO,CAAC,IAAI,CAAa;;IAezB,IAAI,CAAC,IAAI,UAAU,EAAE,CAEpB;IAED,IAAI,CAAC,CAAC,MAAM,EAAE,UAAU,EAAE,EAOzB;IAED;;;;OAIG;IACH,IAAI,CAAC,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,UAAU,GAAG,IAAI;IA0B9C;;;OAGG;IACH,MAAM,CAAC,CAAC,EAAE,SAAS,CAAC,MAAM,CAAC,GAAG,IAAI;IAmBlC;;;OAGG;IACH,MAAM,CAAC,EAAE,EAAE,UAAU,GAAG,IAAI;IAI5B;;;;OAIG;IACH,KAAK,CAAC,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,GAAG,IAAI;IAc5C;;;;OAIG;IACH,GAAG,CAAC,EAAE,EAAE,UAAU,GAAG,UAAU;IAM/B;;;;OAIG;IACH,KAAK,CAAC,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,GAAG,IAAI;IAa5C;;;;OAIG;IACH,GAAG,CAAC,EAAE,EAAE,UAAU,GAAG,UAAU;IAM/B;;;;OAIG;IACH,UAAU,CAAC,EAAE,EAAE,UAAU,GAAG,UAAU;IAoBtC;;;;;;OAMG;IACH,QAAQ,CACP,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,MAAM,GAAE,EAAE,GAAG,EAAO,GAClB,UAAU;CAiCb;AAED;;;;;;;;GAQG;AACH,wBAAgB,uBAAuB,CACtC,GAAG,EAAE,UAAU,EACf,EAAE,EAAE,UAAU,EACd,GAAG,EAAE,UAAU,EACf,KAAK,EAAE,UAAU,EACjB,MAAM,GAAE,EAAE,GAAG,EAAO,GAClB;IAAE,UAAU,EAAE,UAAU,CAAC;IAAC,GAAG,EAAE,UAAU,CAAA;CAAE,CAuB7C;AAED;;;;;;;;GAQG;AACH,wBAAgB,uBAAuB,CACtC,EAAE,EAAE,UAAU,EACd,GAAG,EAAE,UAAU,EACf,EAAE,EAAE,UAAU,EACd,GAAG,EAAE,UAAU,EACf,KAAK,EAAE,UAAU,GACf,UAAU,GAAG,IAAI,CAkCnB;AAED,yCAAyC;AACzC,eAAO,MAAM,oBAAoB,KAAK,CAAC;AAEvC,uCAAuC;AACvC,eAAO,MAAM,kBAAkB,KAAK,CAAC;AAErC;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAC9B,GAAG,EAAE,UAAU,EACf,EAAE,EAAE,UAAU,EACd,GAAG,EAAE,UAAU,EACf,KAAK,GAAE,UAAU,GAAG,IAAW,EAC/B,MAAM,GAAE,EAAE,GAAG,EAAO,GAClB,UAAU,CAuCZ;AAED;;;;;;;;GAQG;AACH,wBAAgB,eAAe,CAC9B,MAAM,EAAE,UAAU,EAClB,EAAE,EAAE,UAAU,EACd,GAAG,EAAE,UAAU,EACf,MAAM,GAAE,EAAE,GAAG,EAAO,GAClB,UAAU,GAAG,IAAI,CASnB;AAED;;;;;;;GAOG;AACH,wBAAgB,WAAW,CAC1B,IAAI,EAAE,UAAU,EAChB,GAAG,EAAE,UAAU,EACf,KAAK,GAAE,UAAU,GAAG,IAAW,EAC/B,MAAM,GAAE,EAAE,GAAG,EAAO,GAClB,UAAU,CAUZ;AAED;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAChC,IAAI,EAAE,UAAU,EAChB,GAAG,EAAE,UAAU,EACf,GAAG,EAAE,UAAU,EACf,KAAK,GAAE,UAAU,GAAG,IAAW,GAC7B,OAAO,CAIT;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,IAAI,UAAU,CAE9C;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,IAAI,UAAU,CAEhD"}
|