npm - mumpix - Versions diffs - 1.0.2 → 1.0.5 - Mend

mumpix 1.0.2 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -257,3 +257,26 @@ node examples/verified-mode.js  # Compliance audit log export
 Proprietary — COMMERCIAL RESTRICTED. See [LICENSE](LICENSE) for terms.
 Copyright © 2026 Mumpix (vdsx.cloud). All Rights Reserved.
+---
+## Licensing & Tiers
+Mumpix requires a license key for commercial use and advanced features.
+| Feature | Free | Pro ($79/mo) | Enterprise ($5K) |
+|---|---|---|---|
+| Max Records | 100 | Unlimited | Unlimited |
+| `strict` mode | ✅ | ✅ | ✅ |
+| `verified` mode | ❌ | ✅ | ✅ |
+| Offline Use | ✅ | ✅ | ✅ |
+### Using a License Key
+```javascript
+const db = await Mumpix.open('./agent.mumpix', {
+  licenseKey: 'your-license-key-here'
+});
+```
+Get your key at [mumpixdb.com](https://mumpixdb.com).

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "mumpix",
-  "version": "1.0.2",
+  "version": "1.0.5",
   "description": "SQLite for AI — embedded, zero-config memory database for AI agents and LLM applications",
   "main": "src/index.js",
   "bin": {
@@ -37,12 +37,5 @@
     "README.md",
     "LICENSE"
   ],
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/mumpix/mumpix.git"
-  },
-  "bugs": {
-    "url": "https://github.com/mumpix/mumpix/issues"
-  },
-  "homepage": "https://mumpix.dev"
+  "homepage": "https://mumpixdb.com"
 }

package/src/core/MumpixDB.js CHANGED Viewed

@@ -16,6 +16,7 @@
 const { MumpixStore } = require('./store');
 const { MumpixAudit } = require('./audit');
 const { recall, recallMany } = require('./recall');
+const { LicenseManager } = require('./license');
 const VALID_MODES = ['eventual', 'strict', 'verified'];
@@ -23,13 +24,15 @@ class MumpixDB {
   /**
    * @param {MumpixStore} store
    * @param {MumpixAudit|null} audit
+   * @param {LicenseManager} license
    * @param {object} opts
    */
-  constructor(store, audit, opts = {}) {
-    this._store   = store;
-    this._audit   = audit;   // non-null only in 'verified' mode
-    this._opts    = opts;
-    this._closed  = false;
+  constructor(store, audit, license, opts = {}) {
+    this._store = store;
+    this._audit = audit;   // non-null only in 'verified' mode
+    this._opts = opts;
+    this._closed = false;
+    this._license = license;
   }
   // ─────────────────────────────────────────
@@ -43,9 +46,10 @@ class MumpixDB {
    * @param {object} [opts]
    * @param {string} [opts.consistency]  'eventual' | 'strict' | 'verified' (default: 'eventual')
    * @param {Function} [opts.embedFn]    async (texts: string[]) => number[][] — optional custom embeddings
-   * @returns {MumpixDB}
+   * @param {string} [opts.licenseKey]   Commercial license key for Pro/Enterprise features
+   * @returns {Promise<MumpixDB>}
    */
-  static open(filePath, opts = {}) {
+  static async open(filePath, opts = {}) {
     if (!filePath || typeof filePath !== 'string') {
       throw new TypeError('Mumpix.open() requires a file path string');
     }
@@ -55,6 +59,14 @@ class MumpixDB {
       throw new Error(`Invalid consistency mode "${consistency}". Valid: ${VALID_MODES.join(', ')}`);
     }
+    // License Initialization & Check
+    const license = new LicenseManager(opts.licenseKey);
+    await license.init();
+    if (consistency === 'verified') {
+      license.checkLimit('mode', 'verified');
+    }
     const store = new MumpixStore(filePath);
     store.open({ consistency });
@@ -64,7 +76,7 @@ class MumpixDB {
       auditLog.open();
     }
-    return new MumpixDB(store, auditLog, { ...opts, consistency });
+    return new MumpixDB(store, auditLog, license, { ...opts, consistency });
   }
   // ─────────────────────────────────────────
@@ -83,6 +95,9 @@ class MumpixDB {
       throw new TypeError('remember() requires a non-empty string');
     }
+    // License Check for Record Limit
+    this._license.checkLimit('records', this._store.records.length);
     const record = this._store.write(content);
     if (this._audit) {
@@ -90,8 +105,8 @@ class MumpixDB {
     }
     return {
-      written:     true,
-      id:          record.id,
+      written: true,
+      id: record.id,
       consistency: this._store.header.consistency,
     };
   }
@@ -115,7 +130,7 @@ class MumpixDB {
     const records = this._store.all();
     if (!records.length) return null;
-    const t0     = Date.now();
+    const t0 = Date.now();
     const result = await recall(query, records, {
       embedFn: this._opts.embedFn,
       ...opts,
@@ -153,10 +168,10 @@ class MumpixDB {
     });
     return results.map(r => ({
-      id:      r.id,
+      id: r.id,
       content: r.content,
-      ts:      r.ts,
-      score:   r._score,
+      ts: r.ts,
+      score: r._score,
     }));
   }
@@ -168,9 +183,9 @@ class MumpixDB {
   async list() {
     this._assertOpen();
     return this._store.all().map(r => ({
-      id:      r.id,
+      id: r.id,
       content: r.content,
-      ts:      r.ts,
+      ts: r.ts,
     }));
   }
@@ -238,6 +253,10 @@ class MumpixDB {
    */
   async close() {
     if (this._closed) return;
+    // Sync usage metrics in background on close
+    this._license.syncUsage(this._store.stats()).catch(() => { });
     this._store.close();
     if (this._audit) this._audit.close();
     this._closed = true;

package/src/core/license.js ADDED Viewed

@@ -0,0 +1,101 @@
+'use strict';
+const crypto = require('crypto');
+const os = require('os');
+const https = require('https');
+const path = require('path');
+// Master Public Key (ML-DSA-44 / Dilithium2 - NIST Standard)
+const MASTER_PUBLIC_KEY_B64 = `szA4EoME83k0zoSQnzMWSC5BOEnr1VazfZlyP4JKqufZHIjlc0TalnK4gi4Jsn0PMHAJlzEOp/0PvUiW8L0RN3rj0pKEkuwDY5c1Q5C2u1Dh7VfcyiCzj+JusviaANuJQxoEdi6yeBUXJO7tZpwpTrekF5hrc5V9ccY0U3gAofg+4prZz0bA7aaLxK+/WIYXtO+PR7VOAavMzR536FAdJtfcgz08L1hu7RUiE38hQnAH2yRuBkmcGesw4k0XSx3HZXjVwaVxZsOZpL3DihS2EwbluDIzrb3Tz5nf7a2ak/FRFcTS+LLjM4ywxuq6toKT/laAOt/0AEVp67nFGVm8OU4blpmgO3gA0APpglrVMGFcxrBQyYLqMsgwxmb6dQMydILriHQ9vN+jR8jD3qs5f14FwsZkkMtBgBMNRFybQvrXOxvPF36rknnkeDuE0W+9sSpzOdzM8/UZKInzh+v0yOYPIW1y9oiJb2RtoIz0kJkg0IwR8JOIZ7Svfa62ifT/CFhIsBr6zIVdK7mlxmDqiD3MnlLvfqhyPfdgIbCRLmClXI6Jjpt4d7shzBHvOxCpEGwYw4hVCGTnVhPne8UWmgqU3BkSVBQsHU/7s6jNH/tvZjfkOgWoz81RrnrE8xMGRh5yn/F/bEa0igbyJ/4XlmAPRMkQ+CCIo/NbBlYtKvnMHTwatj3B4Z06hTFl0rnuGbQ9u9JXp/1x7bVztMdSM/T65VW8H/zcvZ7aZTbEMzcTUqMdo9IwOWVfyb6lwg5FSCANKzmyT//CJQtpacS9TjPZ0m4AOFyAwhj57fxY7xMPSYQIyTrpMRkoNACJ9QoSSAnyJ0u1aBTMbiFr8IgjgZm0XL2giz8yD5bi/kS+85qPGut+Hvx66VztumAQUoLpJYJSgVXO4ZYMNY0DraTE48l3Y2RG/KmerSGbjAjZjXPJlKxF94M8Y4Su18iy0BVpS7Ax+8nEzDPVfTqPUoSJctv/YLY6bdMqhi9/rTIrE/3Htm5YwHfZP+BV59JLFflT7iud4nBuRZ5rF7ONGMDELg/sglBOHqkv7bDaSoxgcD2SA0L3sptnW57ohUHwmFWuSE8zYkoUsT0sCwvClbmpcgPUxisSY3duAEC3Q+l+NibYhXsavUuHZ9h/O2oMUUvIxtmcF1t17c1f6QwhYpZlJYuYZ/wWTGWqD5MADslUUHCvla5hoZRhWOsDdQspP8O1Sa2Cpzh8zWuKAr2YaSNsUQi/orwzfWFZ56ss9JAH9d+W1Sqc0qOxeQgMoSF3UmHalDQ+xrRl/b1fcN5ZBNmDaM1o0JHGNl7gB7q0Va7NXH2KD1k21f7POPIAdTXlqquFS+MOdy+atPnhncht3bVzSRcerelIk/YGxKCJbsXqFB38s2tR7u4D56B6LiIl/1x4UmP9MmgvJDPMDwrpD9ExgCIyoordPiixYuOeq5LVG6VanIrrVgRlrGmW2lbVX5PMZfZsfhCPW9/JrvrqBPVtnqAjcappUGG4yJyHYFIXeE6Z1nd5DKdBHXEl6zACV6SwxJJ6qgapyOrXCnTmXqkmtI0ebJWGRJ+NHtgl29FF4LXV7HmNgrYrSFdgc6tv/ZBycEFPmsc/HK2Omo+dQKmVI/6w95ctKOsTQmim+pqz5QcZYE8LnCm+U/8iosivWaJ2s6jB+YXQ6Y4+IF9vSPonyqOViw97Moe9uq7qkSM+sfm2pL/oyGTsluOUftREbtIWFK4f4L9EEIWp9em/dAP6mQ==`;
+class LicenseManager {
+  constructor(key = null) {
+    this.key = key;
+    this.tier = 'free';
+    this.expiry = null;
+    this.verified = false;
+    this.userId = 'guest';
+    this._ml_dsa = null;
+  }
+  async init() {
+    if (!this.key) return false;
+    try {
+      if (typeof globalThis.crypto === 'undefined') {
+        globalThis.crypto = require('node:crypto').webcrypto;
+      }
+      const mlDsaPath = 'file://' + path.resolve(__dirname, 'ml-dsa.mjs');
+      const { ml_dsa44 } = await import(mlDsaPath);
+      this._ml_dsa = ml_dsa44;
+      return await this.validate(this.key);
+    } catch (e) {
+      console.error('Mumpix Licensing Initialization Failed:', e.message);
+      return false;
+    }
+  }
+  async validate(key) {
+    try {
+      const [payloadB64, signatureB64] = key.split('.');
+      if (!payloadB64 || !signatureB64) throw new Error('Invalid key format');
+      const payloadRaw = Buffer.from(payloadB64, 'base64').toString();
+      const payload = JSON.parse(payloadRaw);
+      // Verify Quantum-Safe Signature (ML-DSA-44)
+      const msg = Buffer.from(payloadB64, 'utf-8');
+      const sig = Buffer.from(signatureB64, 'base64');
+      const pub = Buffer.from(MASTER_PUBLIC_KEY_B64, 'base64');
+      const isValid = this._ml_dsa.verify(sig, msg, pub);
+      if (!isValid) throw new Error('Quantum signature verification failed');
+      if (payload.exp && Date.now() > payload.exp) {
+        throw new Error('License key has expired');
+      }
+      this.userId = payload.id;
+      this.tier = payload.tier || 'free';
+      this.expiry = payload.exp;
+      this.verified = true;
+      return true;
+    } catch (e) {
+      this.verified = false;
+      this.tier = 'free';
+      return false;
+    }
+  }
+  checkLimit(type, currentCount) {
+    if (this.tier === 'free') {
+      if (type === 'records' && currentCount >= 100) {
+        throw new Error('MumpixDB Free Tier Limit Reached: 100 records. Upgrade at mumpixdb.com for unlimited.');
+      }
+      if (type === 'mode' && currentCount === 'verified') {
+        throw new Error('MumpixDB "verified" consistency mode is a Pro feature. Upgrade at mumpixdb.com.');
+      }
+    }
+    return true;
+  }
+  async syncUsage(stats) {
+    if (process.env.MUMPIX_DISABLE_TELEMETRY === 'true') return;
+    const body = JSON.stringify({
+      userId: this.userId, tier: this.tier, machine: os.hostname(),
+      platform: os.platform(), stats: stats, ts: Date.now()
+    });
+    const options = {
+      hostname: 'api.vdsx.cloud', port: 443, path: '/api/mumpix/usage',
+      method: 'POST', headers: {
+        'Content-Type': 'application/json', 'Content-Length': body.length,
+        'X-Mumpix-Key': this.key || 'free'
+      }, timeout: 2000
+    };
+    const req = https.request(options);
+    req.on('error', () => { });
+    req.write(body);
+    req.end();
+  }
+}
+module.exports = { LicenseManager };

package/src/core/ml-dsa.mjs ADDED Viewed

@@ -0,0 +1,25 @@
+// Patch for browser and server environment
+if (typeof window !== 'undefined') {
+  if (typeof window.require === 'undefined') {
+    window.require = function (name) {
+      if (name === 'semver') return window.semver;
+      return {};
+    };
+  }
+}
+const require = (typeof window !== 'undefined') ? window.require : function (n) { return {}; };
+/* esm.sh - @noble/post-quantum@0.5.2/ml-dsa */
+function Mt(t) { return t instanceof Uint8Array || ArrayBuffer.isView(t) && t.constructor.name === "Uint8Array" } function Ut(t, e = "") { if (!Number.isSafeInteger(t) || t < 0) { let n = e && `"${e}" `; throw new Error(`${n}expected integer >= 0, got ${t} `) } } function A(t, e, n = "") { let o = Mt(t), r = t?.length, i = e !== void 0; if (!o || i && r !== e) { let c = n && `"${n}" `, a = i ? ` of length ${e} ` : "", g = o ? `length = ${r} ` : `type = ${typeof t} `; throw new Error(c + "expected Uint8Array" + a + ", got " + g) } return t } function Ht(t, e = !0) { if (t.destroyed) throw new Error("Hash instance has been destroyed"); if (e && t.finished) throw new Error("Hash#digest() has already been called") } function ce(t, e) { A(t, void 0, "digestInto() output"); let n = e.outputLen; if (t.length < n) throw new Error('"digestInto() output" expected to be of length >=' + n) } function ie(t) { return new Uint32Array(t.buffer, t.byteOffset, Math.floor(t.byteLength / 4)) } function St(...t) { for (let e = 0; e < t.length; e++)t[e].fill(0) } var je = new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68; function Ne(t) { return t << 24 & 4278190080 | t << 8 & 16711680 | t >>> 8 & 65280 | t >>> 24 & 255 } function Fe(t) { for (let e = 0; e < t.length; e++)t[e] = Ne(t[e]); return t } var Ct = je ? t => t : Fe; function Rt(...t) { let e = 0; for (let o = 0; o < t.length; o++) { let r = t[o]; A(r), e += r.length } let n = new Uint8Array(e); for (let o = 0, r = 0; o < t.length; o++) { let i = t[o]; n.set(i, r), r += i.length } return n } function fe(t, e = {}) { let n = (r, i) => t(i).update(r).digest(), o = t(void 0); return n.outputLen = o.outputLen, n.blockLen = o.blockLen, n.create = r => t(r), Object.assign(n, e), Object.freeze(n) } function ue(t = 32) { let e = typeof globalThis == "object" ? globalThis.crypto : null; if (typeof e?.getRandomValues != "function") throw new Error("crypto.getRandomValues must be defined"); return e.getRandomValues(new Uint8Array(t)) } var vt = t => ({ oid: Uint8Array.from([6, 9, 96, 134, 72, 1, 101, 3, 4, 2, t]) }); function le(t, e = "") { if (typeof t != "boolean") { let n = e && `"${e}" `; throw new Error(n + "expected boolean, got type=" + typeof t) } return t } var Et = BigInt(4294967295), ae = BigInt(32); function $e(t, e = !1) { return e ? { h: Number(t & Et), l: Number(t >> ae & Et) } : { h: Number(t >> ae & Et) | 0, l: Number(t & Et) | 0 } } function de(t, e = !1) { let n = t.length, o = new Uint32Array(n), r = new Uint32Array(n); for (let i = 0; i < n; i++) { let { h: c, l: a } = $e(t[i], e);[o[i], r[i]] = [c, a] } return [o, r] } var he = (t, e, n) => t << n | e >>> 32 - n, pe = (t, e, n) => e << n | t >>> 32 - n, ge = (t, e, n) => e << n - 32 | t >>> 64 - n, ye = (t, e, n) => t << n - 32 | e >>> 64 - n; var Ge = BigInt(0), dt = BigInt(1), Ke = BigInt(2), De = BigInt(7), Ye = BigInt(256), Xe = BigInt(113), be = [], me = [], Ae = []; for (let t = 0, e = dt, n = 1, o = 0; t < 24; t++) { [n, o] = [o, (2 * n + 3 * o) % 5], be.push(2 * (5 * o + n)), me.push((t + 1) * (t + 2) / 2 % 64); let r = Ge; for (let i = 0; i < 7; i++)e = (e << dt ^ (e >> De) * Xe) % Ye, e & Ke && (r ^= dt << (dt << BigInt(i)) - dt); Ae.push(r) } var Ee = de(Ae, !0), Ve = Ee[0], Ze = Ee[1], xe = (t, e, n) => n > 32 ? ge(t, e, n) : he(t, e, n), we = (t, e, n) => n > 32 ? ye(t, e, n) : pe(t, e, n); function ze(t, e = 24) { let n = new Uint32Array(10); for (let o = 24 - e; o < 24; o++) { for (let c = 0; c < 10; c++)n[c] = t[c] ^ t[c + 10] ^ t[c + 20] ^ t[c + 30] ^ t[c + 40]; for (let c = 0; c < 10; c += 2) { let a = (c + 8) % 10, g = (c + 2) % 10, E = n[g], y = n[g + 1], C = xe(E, y, 1) ^ n[a], z = we(E, y, 1) ^ n[a + 1]; for (let R = 0; R < 50; R += 10)t[c + R] ^= C, t[c + R + 1] ^= z } let r = t[2], i = t[3]; for (let c = 0; c < 24; c++) { let a = me[c], g = xe(r, i, a), E = we(r, i, a), y = be[c]; r = t[y], i = t[y + 1], t[y] = g, t[y + 1] = E } for (let c = 0; c < 50; c += 10) { for (let a = 0; a < 10; a++)n[a] = t[c + a]; for (let a = 0; a < 10; a++)t[c + a] ^= ~n[(a + 2) % 10] & n[(a + 4) % 10] } t[0] ^= Ve[o], t[1] ^= Ze[o] } St(n) } var Pt = class t { state; pos = 0; posOut = 0; finished = !1; state32; destroyed = !1; blockLen; suffix; outputLen; enableXOF = !1; rounds; constructor(e, n, o, r = !1, i = 24) { if (this.blockLen = e, this.suffix = n, this.outputLen = o, this.enableXOF = r, this.rounds = i, Ut(o, "outputLen"), !(0 < e && e < 200)) throw new Error("only keccak-f1600 function is supported"); this.state = new Uint8Array(200), this.state32 = ie(this.state) } clone() { return this._cloneInto() } keccak() { Ct(this.state32), ze(this.state32, this.rounds), Ct(this.state32), this.posOut = 0, this.pos = 0 } update(e) { Ht(this), A(e); let { blockLen: n, state: o } = this, r = e.length; for (let i = 0; i < r;) { let c = Math.min(n - this.pos, r - i); for (let a = 0; a < c; a++)o[this.pos++] ^= e[i++]; this.pos === n && this.keccak() } return this } finish() { if (this.finished) return; this.finished = !0; let { state: e, suffix: n, pos: o, blockLen: r } = this; e[o] ^= n, (n & 128) !== 0 && o === r - 1 && this.keccak(), e[r - 1] ^= 128, this.keccak() } writeInto(e) { Ht(this, !1), A(e), this.finish(); let n = this.state, { blockLen: o } = this; for (let r = 0, i = e.length; r < i;) { this.posOut >= o && this.keccak(); let c = Math.min(o - this.posOut, i - r); e.set(n.subarray(this.posOut, this.posOut + c), r), this.posOut += c, r += c } return e } xofInto(e) { if (!this.enableXOF) throw new Error("XOF is not possible for this instance"); return this.writeInto(e) } xof(e) { return Ut(e), this.xofInto(new Uint8Array(e)) } digestInto(e) { if (ce(e, this), this.finished) throw new Error("digest() was already called"); return this.writeInto(e), this.destroy(), e } digest() { return this.digestInto(new Uint8Array(this.outputLen)) } destroy() { this.destroyed = !0, St(this.state) } _cloneInto(e) { let { blockLen: n, suffix: o, outputLen: r, rounds: i, enableXOF: c } = this; return e ||= new t(n, o, r, c, i), e.state32.set(this.state32), e.pos = this.pos, e.posOut = this.posOut, e.finished = this.finished, e.rounds = i, e.suffix = o, e.outputLen = r, e.enableXOF = c, e.destroyed = this.destroyed, e } }; var Be = (t, e, n, o = {}) => fe((r = {}) => new Pt(e, t, r.dkLen === void 0 ? n : r.dkLen, !0), o), Te = Be(31, 168, 16, vt(11)), P = Be(31, 136, 32, vt(12)); function jt(t) { if (!Number.isSafeInteger(t) || t < 0 || t > 4294967295) throw new Error("wrong u32 integer:" + t); return t } function ke(t) { return jt(t), (t & t - 1) === 0 && t !== 0 } function Nt(t, e) { jt(t); let n = 0; for (let o = 0; o < e; o++, t >>>= 1)n = n << 1 | t & 1; return n } function _e(t) { return jt(t), 31 - Math.clz32(t) } function Le(t) { let e = t.length; if (e < 2 || !ke(e)) throw new Error("n must be a power of 2 and greater than 1. Got " + e); let n = _e(e); for (let o = 0; o < e; o++) { let r = Nt(o, n); if (o < r) { let i = t[o]; t[o] = t[r], t[r] = i } } return t } var Ft = (t, e) => { let { N: n, roots: o, dit: r, invertButterflies: i = !1, skipStages: c = 0, brp: a = !0 } = e, g = _e(n); if (!ke(n)) throw new Error("FFT: Polynomial size should be power of two"); let E = r !== i; return y => { if (y.length !== n) throw new Error("FFT: wrong Polynomial length"); r && a && Le(y); for (let C = 0, z = 1; C < g - c; C++) { let R = r ? C + 1 + c : g - C, q = 1 << R, J = q >> 1, yt = n >> R; for (let rt = 0; rt < n; rt += q)for (let p = 0, w = z++; p < J; p++) { let I = i ? r ? n - w : w : p * yt, K = rt + p, j = rt + p + J, D = o[I], H = y[j], B = y[K]; if (E) { let S = t.mul(H, D); y[K] = t.add(B, S), y[j] = t.sub(B, S) } else i ? (y[K] = t.add(H, B), y[j] = t.mul(t.sub(H, B), D)) : (y[K] = t.add(B, H), y[j] = t.mul(t.sub(B, H), D)) } } return !r && a && Le(y), y } }; var $t = ue; function Gt(t, e) { if (t.length !== e.length) return !1; let n = 0; for (let o = 0; o < t.length; o++)n |= t[o] ^ e[o]; return n === 0 } function Kt(t) { if (typeof t != "object" || t === null || Mt(t)) throw new Error("expected opts to be an object") } function Bt(t) { Kt(t), t.context !== void 0 && A(t.context, void 0, "opts.context") } function Tt(t) { Bt(t), t.extraEntropy !== !1 && t.extraEntropy !== void 0 && A(t.extraEntropy, void 0, "opts.extraEntropy") } function ht(t, ...e) { let n = r => typeof r == "number" ? r : r.bytesLen, o = e.reduce((r, i) => r + n(i), 0); return { bytesLen: o, encode: r => { let i = new Uint8Array(o); for (let c = 0, a = 0; c < e.length; c++) { let g = e[c], E = n(g), y = typeof g == "number" ? r[c] : g.encode(r[c]); A(y, E, t), i.set(y, a), typeof g != "number" && y.fill(0), a += E } return i }, decode: r => { A(r, o, t); let i = []; for (let c of e) { let a = n(c), g = r.subarray(0, a); i.push(typeof c == "number" ? g : c.decode(g)), r = r.subarray(a) } return i } } } function st(t, e) { let n = e * t.bytesLen; return { bytesLen: n, encode: o => { if (o.length !== e) throw new Error(`vecCoder.encode: wrong length = ${o.length}.Expected: ${e} `); let r = new Uint8Array(n); for (let i = 0, c = 0; i < o.length; i++) { let a = t.encode(o[i]); r.set(a, c), a.fill(0), c += a.length } return r }, decode: o => { A(o, n); let r = []; for (let i = 0; i < o.length; i += t.bytesLen)r.push(t.decode(o.subarray(i, i + t.bytesLen))); return r } } } function Z(...t) { for (let e of t) if (Array.isArray(e)) for (let n of e) n.fill(0); else e.fill(0) } function Dt(t) { return (1 << t) - 1 } var Oe = Uint8Array.of(); function Yt(t, e = Oe) { if (A(t), A(e), e.length > 255) throw new Error("context should be less than 255 bytes"); return Rt(new Uint8Array([0, e.length]), e, t) } var qe = Uint8Array.from([6, 9, 96, 134, 72, 1, 101, 3, 4, 2]); function Ie(t, e = 0) { if (!t.oid || !Gt(t.oid.subarray(0, 10), qe)) throw new Error("hash.oid is invalid: expected NIST hash"); let n = t.outputLen * 8 / 2; if (e > n) throw new Error("Pre-hash security strength too low: " + n + ", required: " + e) } function Xt(t, e, n = Oe) { if (A(e), A(n), n.length > 255) throw new Error("context should be less than 255 bytes"); let o = t(e); return Rt(new Uint8Array([1, n.length]), n, t.oid, o) } var Me = t => { let { newPoly: e, N: n, Q: o, F: r, ROOT_OF_UNITY: i, brvBits: c, isKyber: a } = t, g = (p, w = o) => { let I = p % w | 0; return (I >= 0 ? I | 0 : w + I | 0) | 0 }, E = (p, w = o) => { let I = g(p, w) | 0; return (I > w >> 1 ? I - w | 0 : I) | 0 }; function y() { let p = e(n); for (let w = 0; w < n; w++) { let I = Nt(w, c), K = BigInt(i) ** BigInt(I) % BigInt(o); p[w] = Number(K) | 0 } return p } let C = y(), z = { add: (p, w) => g((p | 0) + (w | 0)) | 0, sub: (p, w) => g((p | 0) - (w | 0)) | 0, mul: (p, w) => g((p | 0) * (w | 0)) | 0, inv: p => { throw new Error("not implemented") } }, R = { N: n, roots: C, invertButterflies: !0, skipStages: a ? 1 : 0, brp: !1 }, q = Ft(z, { dit: !1, ...R }), J = Ft(z, { dit: !0, ...R }); return { mod: g, smod: E, nttZetas: C, NTT: { encode: p => q(p), decode: p => { J(p); for (let w = 0; w < p.length; w++)p[w] = g(r * p[w]); return p } }, bitsCoder: (p, w) => { let I = Dt(p), K = p * (n / 8); return { bytesLen: K, encode: j => { let D = new Uint8Array(K); for (let H = 0, B = 0, S = 0, ft = 0; H < j.length; H++)for (B |= (w.encode(j[H]) & I) << S, S += p; S >= 8; S -= 8, B >>= 8)D[ft++] = B & Dt(S); return D }, decode: j => { let D = e(n); for (let H = 0, B = 0, S = 0, ft = 0; H < j.length; H++)for (B |= j[H] << S, S += 8; S >= p; S -= p, B >>= p)D[ft++] = w.decode(B & I); return D } } } } }, Ue = t => (e, n) => { n || (n = t.blockLen); let o = new Uint8Array(e.length + 2); o.set(e); let r = e.length, i = new Uint8Array(n), c = t.create({}), a = 0, g = 0; return { stats: () => ({ calls: a, xofs: g }), get: (E, y) => (o[r + 0] = E, o[r + 1] = y, c.destroy(), c = t.create({}).update(o), a++, () => (g++, c.xofInto(i))), clean: () => { c.destroy(), Z(i, o) } } }, Lt = Ue(Te), kt = Ue(P); function He(t) { Kt(t), t.externalMu !== void 0 && le(t.externalMu, "opts.externalMu") } var m = 256, ot = 8380417, We = 1753, Qe = 8347681, it = 13, Vt = Math.floor((ot - 1) / 88) | 0, Zt = Math.floor((ot - 1) / 32) | 0, zt = { 2: { K: 4, L: 4, D: it, GAMMA1: 2 ** 17, GAMMA2: Vt, TAU: 39, ETA: 2, OMEGA: 80 }, 3: { K: 6, L: 5, D: it, GAMMA1: 2 ** 19, GAMMA2: Zt, TAU: 49, ETA: 4, OMEGA: 55 }, 5: { K: 8, L: 7, D: it, GAMMA1: 2 ** 19, GAMMA2: Zt, TAU: 60, ETA: 2, OMEGA: 75 } }, $ = t => new Int32Array(t), { mod: ct, smod: Ot, NTT: O, bitsCoder: Je } = Me({ N: m, Q: ot, F: Qe, ROOT_OF_UNITY: We, newPoly: $, isKyber: !1, brvBits: 8 }), Se = t => t, pt = (t, e = Se, n = Se) => Je(t, { encode: o => e(n(o)), decode: o => n(e(o)) }), et = (t, e) => { for (let n = 0; n < t.length; n++)t[n] = ct(t[n] + e[n]); return t }, Ce = (t, e) => { for (let n = 0; n < t.length; n++)t[n] = ct(t[n] - e[n]); return t }, tn = t => { for (let e = 0; e < m; e++)t[e] <<= it; return t }, gt = (t, e) => { for (let n = 0; n < m; n++)if (Math.abs(Ot(t[n])) >= e) return !0; return !1 }, nt = (t, e) => { let n = $(m); for (let o = 0; o < t.length; o++)n[o] = ct(t[o] * e[o]); return n }; function _t(t) { let e = $(m); for (let n = 0; n < m;) { let o = t(); if (o.length % 3) throw new Error("RejNTTPoly: unaligned block"); for (let r = 0; n < m && r <= o.length - 3; r += 3) { let i = (o[r + 0] | o[r + 1] << 8 | o[r + 2] << 16) & 8388607; i < ot && (e[n++] = i) } } return e } function qt(t) { let { K: e, L: n, GAMMA1: o, GAMMA2: r, TAU: i, ETA: c, OMEGA: a } = t, { CRH_BYTES: g, TR_BYTES: E, C_TILDE_BYTES: y, XOF128: C, XOF256: z, securityLevel: R } = t; if (![2, 4].includes(c)) throw new Error("Wrong ETA"); if (![1 << 17, 1 << 19].includes(o)) throw new Error("Wrong GAMMA1"); if (![Vt, Zt].includes(r)) throw new Error("Wrong GAMMA2"); let q = i * c, J = s => { let l = ct(s), f = Ot(l, 2 * r) | 0; return l - f === ot - 1 ? { r1: 0, r0: f - 1 | 0 } : { r1: Math.floor((l - f) / (2 * r)) | 0, r0: f } }, yt = s => J(s).r1, rt = s => J(s).r0, p = (s, l) => s <= r || s > ot - r || s === ot - r && l === 0 ? 0 : 1, w = (s, l) => { let f = Math.floor((ot - 1) / (2 * r)), { r1: u, r0: h } = J(l); return s === 1 ? h > 0 ? ct(u + 1, f) | 0 : ct(u - 1, f) | 0 : u | 0 }, I = s => { let l = ct(s), f = Ot(l, 2 ** it) | 0; return { r1: Math.floor((l - f) / 2 ** it) | 0, r0: f } }, K = { bytesLen: a + e, encode: s => { if (s === !1) throw new Error("hint.encode: hint is false"); let l = new Uint8Array(a + e); for (let f = 0, u = 0; f < e; f++) { for (let h = 0; h < m; h++)s[f][h] !== 0 && (l[u++] = h); l[a + f] = u } return l }, decode: s => { let l = [], f = 0; for (let u = 0; u < e; u++) { let h = $(m); if (s[a + u] < f || s[a + u] > a) return !1; for (let x = f; x < s[a + u]; x++) { if (x > f && s[x] <= s[x - 1]) return !1; h[s[x]] = 1 } f = s[a + u], l.push(h) } for (let u = f; u < a; u++)if (s[u] !== 0) return !1; return l } }, j = pt(c === 2 ? 3 : 4, s => c - s, s => { if (!(-c <= s && s <= c)) throw new Error(`malformed key s1 / s3 ${s} outside of ETA range[${-c}, ${c}]`); return s }), D = pt(13, s => (1 << it - 1) - s), H = pt(10), B = pt(o === 1 << 17 ? 18 : 20, s => Ot(o - s)), S = pt(r === Vt ? 6 : 4), ft = st(S, e), xt = ht("publicKey", 32, st(H, e)), wt = ht("secretKey", 32, 32, E, st(j, n), st(j, e), st(D, e)), bt = ht("signature", y, st(B, n), K), Wt = c === 2 ? s => s < 15 ? 2 - s % 5 : !1 : s => s < 9 ? 4 - s : !1; function Qt(s) { let l = $(m); for (let f = 0; f < m;) { let u = s(); for (let h = 0; f < m && h < u.length; h += 1) { let x = Wt(u[h] & 15), M = Wt(u[h] >> 4 & 15); x !== !1 && (l[f++] = x), f < m && M !== !1 && (l[f++] = M) } } return l } let Jt = s => { let l = $(m), f = P.create({}).update(s), u = new Uint8Array(P.blockLen); f.xofInto(u); let h = u.slice(0, 8); for (let x = m - i, M = 8, v = 0, T = 0; x < m; x++) { let L = x + 1; for (; L > x;)L = u[M++], !(M < P.blockLen) && (f.xofInto(u), M = 0); l[x] = l[L], l[L] = 1 - ((h[v] >> T++ & 1) << 1), T >= 8 && (v++, T = 0) } return l }, te = s => { let l = $(m), f = $(m); for (let u = 0; u < s.length; u++) { let { r0: h, r1: x } = I(s[u]); l[u] = h, f[u] = x } return { r0: l, r1: f } }, Re = (s, l) => { for (let f = 0; f < m; f++)s[f] = w(l[f], s[f]); return s }, ve = (s, l) => { let f = $(m), u = 0; for (let h = 0; h < m; h++) { let x = p(s[h], l[h]); f[h] = x, u += x } return { v: f, cnt: u } }, ee = 32, ne = ht("seed", 32, 64, 32), Y = { info: { type: "internal-ml-dsa" }, lengths: { secretKey: wt.bytesLen, publicKey: xt.bytesLen, seed: 32, signature: bt.bytesLen, signRand: ee }, keygen: s => { let l = new Uint8Array(34), f = s === void 0; f && (s = $t(32)), A(s, 32, "seed"), l.set(s), f && Z(s), l[32] = e, l[33] = n; let [u, h, x] = ne.decode(P(l, { dkLen: ne.bytesLen })), M = z(h), v = []; for (let d = 0; d < n; d++)v.push(Qt(M.get(d & 255, d >> 8 & 255))); let T = []; for (let d = n; d < n + e; d++)T.push(Qt(M.get(d & 255, d >> 8 & 255))); let L = v.map(d => O.encode(d.slice())), k = [], U = [], W = C(u), _ = $(m); for (let d = 0; d < e; d++) { Z(_); for (let F = 0; F < n; F++) { let V = _t(W.get(F, d)); et(_, nt(V, L[F])) } O.decode(_); let { r0: G, r1: N } = te(et(_, T[d])); k.push(G), U.push(N) } let X = xt.encode([u, U]), Q = P(X, { dkLen: E }), ut = wt.encode([u, x, Q, v, T, k]); return W.clean(), M.clean(), Z(u, h, x, v, T, L, _, k, U, Q, l), { publicKey: X, secretKey: ut } }, getPublicKey: s => { let [l, f, u, h, x, M] = wt.decode(s), v = C(l), T = h.map(U => O.encode(U.slice())), L = [], k = $(m); for (let U = 0; U < e; U++) { k.fill(0); for (let _ = 0; _ < n; _++) { let X = _t(v.get(_, U)); et(k, nt(X, T[_])) } O.decode(k), et(k, x[U]); let { r1: W } = te(k); L.push(W) } return v.clean(), Z(k, T, M, h, x), xt.encode([l, L]) }, sign: (s, l, f = {}) => { Tt(f), He(f); let { extraEntropy: u, externalMu: h = !1 } = f, [x, M, v, T, L, k] = wt.decode(l), U = [], W = C(x); for (let d = 0; d < e; d++) { let G = []; for (let N = 0; N < n; N++)G.push(_t(W.get(N, d))); U.push(G) } W.clean(); for (let d = 0; d < n; d++)O.encode(T[d]); for (let d = 0; d < e; d++)O.encode(L[d]), O.encode(k[d]); let _ = h ? s : P.create({ dkLen: g }).update(v).update(s).digest(), X = u === !1 ? new Uint8Array(32) : u === void 0 ? $t(ee) : u; A(X, 32, "extraEntropy"); let Q = P.create({ dkLen: g }).update(M).update(X).update(_).digest(); A(Q, g); let ut = z(Q, B.bytesLen); t: for (let d = 0; ;) { let G = []; for (let b = 0; b < n; b++, d++)G.push(B.decode(ut.get(d & 255, d >> 8)())); let N = G.map(b => O.encode(b.slice())), F = []; for (let b = 0; b < e; b++) { let at = $(m); for (let tt = 0; tt < n; tt++)et(at, nt(U[b][tt], N[tt])); O.decode(at), F.push(at) } let V = F.map(b => b.map(yt)), lt = P.create({ dkLen: y }).update(_).update(ft.encode(V)).digest(), mt = O.encode(Jt(lt)), At = T.map(b => nt(b, mt)); for (let b = 0; b < n; b++)if (et(O.decode(At[b]), G[b]), gt(At[b], o - q)) continue t; let oe = 0, It = []; for (let b = 0; b < e; b++) { let at = O.decode(nt(L[b], mt)), tt = Ce(F[b], at).map(rt); if (gt(tt, r - q)) continue t; let re = O.decode(nt(k[b], mt)); if (gt(re, r)) continue t; et(tt, re); let se = ve(tt, V[b]); It.push(se.v), oe += se.cnt } if (oe > a) continue; ut.clean(); let Pe = bt.encode([lt, At, It]); return Z(lt, At, It, mt, V, F, N, G, Q, _, T, L, k, ...U), Pe } throw new Error("Unreachable code path reached, report this error") }, verify: (s, l, f, u = {}) => { He(u); let { externalMu: h = !1 } = u, [x, M] = xt.decode(f), v = P(f, { dkLen: E }); if (s.length !== bt.bytesLen) return !1; let [T, L, k] = bt.decode(s); if (k === !1) return !1; for (let d = 0; d < n; d++)if (gt(L[d], o - q)) return !1; let U = h ? l : P.create({ dkLen: g }).update(v).update(l).digest(), W = O.encode(Jt(T)), _ = L.map(d => d.slice()); for (let d = 0; d < n; d++)O.encode(_[d]); let X = [], Q = C(x); for (let d = 0; d < e; d++) { let G = nt(O.encode(tn(M[d])), W), N = $(m); for (let V = 0; V < n; V++) { let lt = _t(Q.get(V, d)); et(N, nt(lt, _[V])) } let F = O.decode(Ce(N, G)); X.push(Re(F, k[d])) } Q.clean(); let ut = P.create({ dkLen: y }).update(U).update(ft.encode(X)).digest(); for (let d of k) if (!(d.reduce((N, F) => N + F, 0) <= a)) return !1; for (let d of L) if (gt(d, o - q)) return !1; return Gt(T, ut) } }; return { info: { type: "ml-dsa" }, internal: Y, securityLevel: R, keygen: Y.keygen, lengths: Y.lengths, getPublicKey: Y.getPublicKey, sign: (s, l, f = {}) => { Tt(f); let u = Yt(s, f.context), h = Y.sign(u, l, f); return Z(u), h }, verify: (s, l, f, u = {}) => (Bt(u), Y.verify(s, Yt(l, u.context), f)), prehash: s => (Ie(s, R), { info: { type: "hashml-dsa" }, securityLevel: R, lengths: Y.lengths, keygen: Y.keygen, getPublicKey: Y.getPublicKey, sign: (l, f, u = {}) => { Tt(u); let h = Xt(s, l, u.context), x = Y.sign(h, f, u); return Z(h), x }, verify: (l, f, u, h = {}) => (Bt(h), Y.verify(l, Xt(s, f, h.context), u)) }) } } var mn = qt({ ...zt[2], CRH_BYTES: 64, TR_BYTES: 64, C_TILDE_BYTES: 32, XOF128: Lt, XOF256: kt, securityLevel: 128 }), An = qt({ ...zt[3], CRH_BYTES: 64, TR_BYTES: 64, C_TILDE_BYTES: 48, XOF128: Lt, XOF256: kt, securityLevel: 192 }), En = qt({ ...zt[5], CRH_BYTES: 64, TR_BYTES: 64, C_TILDE_BYTES: 64, XOF128: Lt, XOF256: kt, securityLevel: 256 }); export { zt as PARAMS, mn as ml_dsa44, An as ml_dsa65, En as ml_dsa87 };
+/*! Bundled license information:
+@noble/hashes/utils.js:
+  (*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
+@noble/curves/utils.js:
+  (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
+@noble/post-quantum/utils.js:
+@noble/post-quantum/_crystals.js:
+@noble/post-quantum/ml-dsa.js:
+  (*! noble-post-quantum - MIT License (c) 2024 Paul Miller (paulmillr.com) *)
+*/

package/src/core/ml-kem.mjs ADDED Viewed

@@ -0,0 +1,32 @@
+// Patch for browser and server environment
+if (typeof window !== 'undefined') {
+  if (typeof window.require === 'undefined') {
+    window.require = function (name) {
+      if (name === 'semver') {
+        return {
+          valid: () => true,
+          clean: (v) => v,
+          satisfies: () => true,
+          gt: () => false,
+          lt: () => false,
+          coerce: (v) => v
+        };
+      }
+      return {};
+    };
+  }
+}
+const require = (typeof window !== 'undefined') ? window.require : function (n) { return {}; };
+/* esm.sh - @noble/post-quantum@0.5.2/ml-kem */
+var $ = BigInt(4294967295), ut = BigInt(32); function Ct(t, e = !1) { return e ? { h: Number(t & $), l: Number(t >> ut & $) } : { h: Number(t >> ut & $) | 0, l: Number(t & $) | 0 } } function lt(t, e = !1) { let n = t.length, r = new Uint32Array(n), o = new Uint32Array(n); for (let c = 0; c < n; c++) { let { h: s, l: i } = Ct(t[c], e);[r[c], o[c]] = [s, i] } return [r, o] } var at = (t, e, n) => t << n | e >>> 32 - n, dt = (t, e, n) => e << n | t >>> 32 - n, pt = (t, e, n) => e << n - 32 | t >>> 64 - n, ht = (t, e, n) => t << n - 32 | e >>> 64 - n; function yt(t) { return t instanceof Uint8Array || ArrayBuffer.isView(t) && t.constructor.name === "Uint8Array" } function Y(t, e = "") { if (!Number.isSafeInteger(t) || t < 0) { let n = e && `"${e}" `; throw new Error(`${n}expected integer >= 0, got ${t}`) } } function O(t, e, n = "") { let r = yt(t), o = t?.length, c = e !== void 0; if (!r || c && o !== e) { let s = n && `"${n}" `, i = c ? ` of length ${e}` : "", a = r ? `length=${o}` : `type=${typeof t}`; throw new Error(s + "expected Uint8Array" + i + ", got " + a) } return t } function Q(t, e = !0) { if (t.destroyed) throw new Error("Hash instance has been destroyed"); if (e && t.finished) throw new Error("Hash#digest() has already been called") } function gt(t, e) { O(t, void 0, "digestInto() output"); let n = e.outputLen; if (t.length < n) throw new Error('"digestInto() output" expected to be of length >=' + n) } function X(t) { return new Uint32Array(t.buffer, t.byteOffset, Math.floor(t.byteLength / 4)) } function J(...t) { for (let e = 0; e < t.length; e++)t[e].fill(0) } var Pt = new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68; function jt(t) { return t << 24 & 4278190080 | t << 8 & 16711680 | t >>> 8 & 65280 | t >>> 24 & 255 } function vt(t) { for (let e = 0; e < t.length; e++)t[e] = jt(t[e]); return t } var W = Pt ? t => t : vt; function tt(t, e = {}) { let n = (o, c) => t(c).update(o).digest(), r = t(void 0); return n.outputLen = r.outputLen, n.blockLen = r.blockLen, n.create = o => t(o), Object.assign(n, e), Object.freeze(n) } function xt(t = 32) { let e = typeof globalThis == "object" ? globalThis.crypto : null; if (typeof e?.getRandomValues != "function") throw new Error("crypto.getRandomValues must be defined"); return e.getRandomValues(new Uint8Array(t)) } var R = t => ({ oid: Uint8Array.from([6, 9, 96, 134, 72, 1, 101, 3, 4, 2, t]) }); var Mt = BigInt(0), F = BigInt(1), $t = BigInt(2), Xt = BigInt(7), Dt = BigInt(256), Vt = BigInt(113), mt = [], At = [], kt = []; for (let t = 0, e = F, n = 1, r = 0; t < 24; t++) { [n, r] = [r, (2 * n + 3 * r) % 5], mt.push(2 * (5 * r + n)), At.push((t + 1) * (t + 2) / 2 % 64); let o = Mt; for (let c = 0; c < 7; c++)e = (e << F ^ (e >> Xt) * Vt) % Dt, e & $t && (o ^= F << (F << BigInt(c)) - F); kt.push(o) } var Et = lt(kt, !0), Zt = Et[0], zt = Et[1], bt = (t, e, n) => n > 32 ? pt(t, e, n) : at(t, e, n), wt = (t, e, n) => n > 32 ? ht(t, e, n) : dt(t, e, n); function Gt(t, e = 24) { let n = new Uint32Array(10); for (let r = 24 - e; r < 24; r++) { for (let s = 0; s < 10; s++)n[s] = t[s] ^ t[s + 10] ^ t[s + 20] ^ t[s + 30] ^ t[s + 40]; for (let s = 0; s < 10; s += 2) { let i = (s + 8) % 10, a = (s + 2) % 10, w = n[a], f = n[a + 1], p = bt(w, f, 1) ^ n[i], b = wt(w, f, 1) ^ n[i + 1]; for (let d = 0; d < 50; d += 10)t[s + d] ^= p, t[s + d + 1] ^= b } let o = t[2], c = t[3]; for (let s = 0; s < 24; s++) { let i = At[s], a = bt(o, c, i), w = wt(o, c, i), f = mt[s]; o = t[f], c = t[f + 1], t[f] = a, t[f + 1] = w } for (let s = 0; s < 50; s += 10) { for (let i = 0; i < 10; i++)n[i] = t[s + i]; for (let i = 0; i < 10; i++)t[s + i] ^= ~n[(i + 2) % 10] & n[(i + 4) % 10] } t[0] ^= Zt[r], t[1] ^= zt[r] } J(n) } var D = class t { state; pos = 0; posOut = 0; finished = !1; state32; destroyed = !1; blockLen; suffix; outputLen; enableXOF = !1; rounds; constructor(e, n, r, o = !1, c = 24) { if (this.blockLen = e, this.suffix = n, this.outputLen = r, this.enableXOF = o, this.rounds = c, Y(r, "outputLen"), !(0 < e && e < 200)) throw new Error("only keccak-f1600 function is supported"); this.state = new Uint8Array(200), this.state32 = X(this.state) } clone() { return this._cloneInto() } keccak() { W(this.state32), Gt(this.state32, this.rounds), W(this.state32), this.posOut = 0, this.pos = 0 } update(e) { Q(this), O(e); let { blockLen: n, state: r } = this, o = e.length; for (let c = 0; c < o;) { let s = Math.min(n - this.pos, o - c); for (let i = 0; i < s; i++)r[this.pos++] ^= e[c++]; this.pos === n && this.keccak() } return this } finish() { if (this.finished) return; this.finished = !0; let { state: e, suffix: n, pos: r, blockLen: o } = this; e[r] ^= n, (n & 128) !== 0 && r === o - 1 && this.keccak(), e[o - 1] ^= 128, this.keccak() } writeInto(e) { Q(this, !1), O(e), this.finish(); let n = this.state, { blockLen: r } = this; for (let o = 0, c = e.length; o < c;) { this.posOut >= r && this.keccak(); let s = Math.min(r - this.posOut, c - o); e.set(n.subarray(this.posOut, this.posOut + s), o), this.posOut += s, o += s } return e } xofInto(e) { if (!this.enableXOF) throw new Error("XOF is not possible for this instance"); return this.writeInto(e) } xof(e) { return Y(e), this.xofInto(new Uint8Array(e)) } digestInto(e) { if (gt(e, this), this.finished) throw new Error("digest() was already called"); return this.writeInto(e), this.destroy(), e } digest() { return this.digestInto(new Uint8Array(this.outputLen)) } destroy() { this.destroyed = !0, J(this.state) } _cloneInto(e) { let { blockLen: n, suffix: r, outputLen: o, rounds: c, enableXOF: s } = this; return e ||= new t(n, r, o, s, c), e.state32.set(this.state32), e.pos = this.pos, e.posOut = this.posOut, e.finished = this.finished, e.rounds = c, e.suffix = r, e.outputLen = o, e.enableXOF = s, e.destroyed = this.destroyed, e } }, Bt = (t, e, n, r = {}) => tt(() => new D(e, t, n), r); var Ot = Bt(6, 136, 32, R(8)); var Lt = Bt(6, 72, 64, R(10)); var Tt = (t, e, n, r = {}) => tt((o = {}) => new D(e, t, o.dkLen === void 0 ? n : o.dkLen, !0), r), _t = Tt(31, 168, 16, R(11)), V = Tt(31, 136, 32, R(12)); function et(t) { if (!Number.isSafeInteger(t) || t < 0 || t > 4294967295) throw new Error("wrong u32 integer:" + t); return t } function It(t) { return et(t), (t & t - 1) === 0 && t !== 0 } function nt(t, e) { et(t); let n = 0; for (let r = 0; r < e; r++, t >>>= 1)n = n << 1 | t & 1; return n } function Ut(t) { return et(t), 31 - Math.clz32(t) } function Ht(t) { let e = t.length; if (e < 2 || !It(e)) throw new Error("n must be a power of 2 and greater than 1. Got " + e); let n = Ut(e); for (let r = 0; r < e; r++) { let o = nt(r, n); if (r < o) { let c = t[r]; t[r] = t[o], t[o] = c } } return t } var rt = (t, e) => { let { N: n, roots: r, dit: o, invertButterflies: c = !1, skipStages: s = 0, brp: i = !0 } = e, a = Ut(n); if (!It(n)) throw new Error("FFT: Polynomial size should be power of two"); let w = o !== c; return f => { if (f.length !== n) throw new Error("FFT: wrong Polynomial length"); o && i && Ht(f); for (let p = 0, b = 1; p < a - s; p++) { let d = o ? p + 1 + s : a - p, B = 1 << d, I = B >> 1, H = n >> d; for (let L = 0; L < n; L += B)for (let u = 0, l = b++; u < I; u++) { let y = c ? o ? n - l : l : u * H, g = L + u, x = L + u + I, A = r[y], m = f[x], h = f[g]; if (w) { let k = t.mul(m, A); f[g] = t.add(h, k), f[x] = t.sub(h, k) } else c ? (f[g] = t.add(m, h), f[x] = t.mul(t.sub(m, h), A)) : (f[g] = t.add(h, m), f[x] = t.mul(t.sub(h, m), A)) } } return !o && i && Ht(f), f } }; var ot = xt; function Z(t, e) { if (t.length !== e.length) return !1; let n = 0; for (let r = 0; r < t.length; r++)n |= t[r] ^ e[r]; return n === 0 } function St(t) { return Uint8Array.from(t) } function N(t, ...e) { let n = o => typeof o == "number" ? o : o.bytesLen, r = e.reduce((o, c) => o + n(c), 0); return { bytesLen: r, encode: o => { let c = new Uint8Array(r); for (let s = 0, i = 0; s < e.length; s++) { let a = e[s], w = n(a), f = typeof a == "number" ? o[s] : a.encode(o[s]); O(f, w, t), c.set(f, i), typeof a != "number" && f.fill(0), i += w } return c }, decode: o => { O(o, r, t); let c = []; for (let s of e) { let i = n(s), a = o.subarray(0, i); c.push(typeof s == "number" ? a : s.decode(a)), o = o.subarray(i) } return c } } } function z(t, e) { let n = e * t.bytesLen; return { bytesLen: n, encode: r => { if (r.length !== e) throw new Error(`vecCoder.encode: wrong length=${r.length}. Expected: ${e}`); let o = new Uint8Array(n); for (let c = 0, s = 0; c < r.length; c++) { let i = t.encode(r[c]); o.set(i, s), i.fill(0), s += i.length } return o }, decode: r => { O(r, n); let o = []; for (let c = 0; c < r.length; c += t.bytesLen)o.push(t.decode(r.subarray(c, c + t.bytesLen))); return o } } } function _(...t) { for (let e of t) if (Array.isArray(e)) for (let n of e) n.fill(0); else e.fill(0) } function st(t) { return (1 << t) - 1 } var pe = Uint8Array.of(); var Kt = t => { let { newPoly: e, N: n, Q: r, F: o, ROOT_OF_UNITY: c, brvBits: s, isKyber: i } = t, a = (u, l = r) => { let y = u % l | 0; return (y >= 0 ? y | 0 : l + y | 0) | 0 }, w = (u, l = r) => { let y = a(u, l) | 0; return (y > l >> 1 ? y - l | 0 : y) | 0 }; function f() { let u = e(n); for (let l = 0; l < n; l++) { let y = nt(l, s), g = BigInt(c) ** BigInt(y) % BigInt(r); u[l] = Number(g) | 0 } return u } let p = f(), b = { add: (u, l) => a((u | 0) + (l | 0)) | 0, sub: (u, l) => a((u | 0) - (l | 0)) | 0, mul: (u, l) => a((u | 0) * (l | 0)) | 0, inv: u => { throw new Error("not implemented") } }, d = { N: n, roots: p, invertButterflies: !0, skipStages: i ? 1 : 0, brp: !1 }, B = rt(b, { dit: !1, ...d }), I = rt(b, { dit: !0, ...d }); return { mod: a, smod: w, nttZetas: p, NTT: { encode: u => B(u), decode: u => { I(u); for (let l = 0; l < u.length; l++)u[l] = a(o * u[l]); return u } }, bitsCoder: (u, l) => { let y = st(u), g = u * (n / 8); return { bytesLen: g, encode: x => { let A = new Uint8Array(g); for (let m = 0, h = 0, k = 0, E = 0; m < x.length; m++)for (h |= (l.encode(x[m]) & y) << k, k += u; k >= 8; k -= 8, h >>= 8)A[E++] = h & st(k); return A }, decode: x => { let A = e(n); for (let m = 0, h = 0, k = 0, E = 0; m < x.length; m++)for (h |= x[m] << k, k += 8; k >= u; k -= u, h >>= u)A[E++] = l.decode(h & y); return A } } } } }, qt = t => (e, n) => { n || (n = t.blockLen); let r = new Uint8Array(e.length + 2); r.set(e); let o = e.length, c = new Uint8Array(n), s = t.create({}), i = 0, a = 0; return { stats: () => ({ calls: i, xofs: a }), get: (w, f) => (r[o + 0] = w, r[o + 1] = f, s.destroy(), s = t.create({}).update(r), i++, () => (a++, s.xofInto(c))), clean: () => { s.destroy(), _(c, r) } } }, Rt = qt(_t); var T = 256, U = 3329, Yt = 3303, Qt = 17, { mod: j, nttZetas: Jt, NTT: S, bitsCoder: Wt } = Kt({ N: T, Q: U, F: Yt, ROOT_OF_UNITY: Qt, newPoly: t => new Uint16Array(t), brvBits: 7, isKyber: !0 }), ct = { 512: { N: T, Q: U, K: 2, ETA1: 3, ETA2: 2, du: 10, dv: 4, RBGstrength: 128 }, 768: { N: T, Q: U, K: 3, ETA1: 2, ETA2: 2, du: 10, dv: 4, RBGstrength: 192 }, 1024: { N: T, Q: U, K: 4, ETA1: 2, ETA2: 2, du: 11, dv: 5, RBGstrength: 256 } }, te = t => { if (t >= 12) return { encode: n => n, decode: n => n }; let e = 2 ** (t - 1); return { encode: n => ((n << t) + U / 2) / U, decode: n => n * U + e >>> t } }, C = t => Wt(t, te(t)); function K(t, e) { for (let n = 0; n < T; n++)t[n] = j(t[n] + e[n]) } function ee(t, e) { for (let n = 0; n < T; n++)t[n] = j(t[n] - e[n]) } function ne(t, e, n, r, o) { let c = j(e * r * o + t * n), s = j(t * r + e * n); return { c0: c, c1: s } } function G(t, e) { for (let n = 0; n < T / 2; n++) { let r = Jt[64 + (n >> 1)]; n & 1 && (r = -r); let { c0: o, c1: c } = ne(t[2 * n + 0], t[2 * n + 1], e[2 * n + 0], e[2 * n + 1], r); t[2 * n + 0] = o, t[2 * n + 1] = c } return t } function Ft(t) { let e = new Uint16Array(T); for (let n = 0; n < T;) { let r = t(); if (r.length % 3) throw new Error("SampleNTT: unaligned block"); for (let o = 0; n < T && o + 3 <= r.length; o += 3) { let c = (r[o + 0] >> 0 | r[o + 1] << 8) & 4095, s = (r[o + 1] >> 4 | r[o + 2] << 4) & 4095; c < U && (e[n++] = c), n < T && s < U && (e[n++] = s) } } return e } function P(t, e, n, r) { let o = t(r * T / 4, e, n), c = new Uint16Array(T), s = X(o), i = 0; for (let a = 0, w = 0, f = 0, p = 0; a < s.length; a++) { let b = s[a]; for (let d = 0; d < 32; d++)f += b & 1, b >>= 1, i += 1, i === r ? (p = f, f = 0) : i === 2 * r && (c[w++] = j(p - f), f = 0, i = 0) } if (i) throw new Error(`sampleCBD: leftover bits: ${i}`); return c } var re = t => { let { K: e, PRF: n, XOF: r, HASH512: o, ETA1: c, ETA2: s, du: i, dv: a } = t, w = C(1), f = C(a), p = C(i), b = N("publicKey", z(C(12), e), 32), d = z(C(12), e), B = N("ciphertext", z(p, e), f), I = N("seed", 32, 32); return { secretCoder: d, lengths: { secretKey: d.bytesLen, publicKey: b.bytesLen, cipherText: B.bytesLen }, keygen: H => { O(H, 32, "seed"); let L = new Uint8Array(33); L.set(H), L[32] = e; let u = o(L), [l, y] = I.decode(u), g = [], x = []; for (let h = 0; h < e; h++)g.push(S.encode(P(n, y, h, c))); let A = r(l); for (let h = 0; h < e; h++) { let k = S.encode(P(n, y, e + h, c)); for (let E = 0; E < e; E++) { let v = Ft(A.get(E, h)); K(k, G(v, g[E])) } x.push(k) } A.clean(); let m = { publicKey: b.encode([x, l]), secretKey: d.encode(g) }; return _(l, y, g, x, L, u), m }, encrypt: (H, L, u) => { let [l, y] = b.decode(H), g = []; for (let E = 0; E < e; E++)g.push(S.encode(P(n, u, E, c))); let x = r(y), A = new Uint16Array(T), m = []; for (let E = 0; E < e; E++) { let v = P(n, u, e + E, s), q = new Uint16Array(T); for (let M = 0; M < e; M++) { let Nt = Ft(x.get(E, M)); K(q, G(Nt, g[M])) } K(v, S.decode(q)), m.push(v), K(A, G(l[E], g[E])), _(q) } x.clean(); let h = P(n, u, 2 * e, s); K(h, S.decode(A)); let k = w.decode(L); return K(k, h), _(l, g, A, h), B.encode([m, k]) }, decrypt: (H, L) => { let [u, l] = B.decode(H), y = d.decode(L), g = new Uint16Array(T); for (let x = 0; x < e; x++)K(g, G(y[x], S.encode(u[x]))); return ee(l, S.decode(g)), _(g, y, u), w.encode(l) } } }; function it(t) { let e = re(t), { HASH256: n, HASH512: r, KDF: o } = t, { secretCoder: c, lengths: s } = e, i = N("secretKey", s.secretKey, s.publicKey, 32, 32), a = 32, w = 64; return { info: { type: "ml-kem" }, lengths: { ...s, seed: w, msg: a, msgRand: a, secretKey: i.bytesLen }, keygen: (f = ot(w)) => { O(f, w, "seed"); let { publicKey: p, secretKey: b } = e.keygen(f.subarray(0, 32)), d = n(p), B = i.encode([b, p, d, f.subarray(32)]); return _(b, d), { publicKey: p, secretKey: B } }, getPublicKey: f => { let [p, b, d, B] = i.decode(f); return Uint8Array.from(b) }, encapsulate: (f, p = ot(a)) => { O(f, s.publicKey, "publicKey"), O(p, a, "message"); let b = f.subarray(0, 384 * t.K), d = c.encode(c.decode(St(b))); if (!Z(d, b)) throw _(d), new Error("ML-KEM.encapsulate: wrong publicKey modulus"); _(d); let B = r.create().update(p).update(n(f)).digest(), I = e.encrypt(f, p, B.subarray(32, 64)); return _(B.subarray(32)), { cipherText: I, sharedSecret: B.subarray(0, 32) } }, decapsulate: (f, p) => { O(p, i.bytesLen, "secretKey"), O(f, s.cipherText, "cipherText"); let b = i.bytesLen - 96, d = b + 32, B = n(p.subarray(b / 2, d)); if (!Z(B, p.subarray(d, d + 32))) throw new Error("invalid secretKey: hash check failed"); let [I, H, L, u] = i.decode(p), l = e.decrypt(f, I), y = r.create().update(l).update(L).digest(), g = y.subarray(0, 32), x = e.encrypt(H, l, y.subarray(32, 64)), A = Z(f, x), m = o.create({ dkLen: 32 }).update(u).update(f).digest(); return _(l, x, A ? m : g), A ? g : m } } } function oe(t, e, n) { return V.create({ dkLen: t }).update(e).update(new Uint8Array([n])).digest() } var ft = { HASH256: Ot, HASH512: Lt, KDF: V, XOF: Rt, PRF: oe }, Be = it({ ...ft, ...ct[512] }), Oe = it({ ...ft, ...ct[768] }), Le = it({ ...ft, ...ct[1024] }); export { ct as PARAMS, Le as ml_kem1024, Be as ml_kem512, Oe as ml_kem768 };
+/*! Bundled license information:
+@noble/hashes/utils.js:
+  (*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
+@noble/post-quantum/utils.js:
+@noble/post-quantum/_crystals.js:
+@noble/post-quantum/ml-kem.js:
+  (*! noble-post-quantum - MIT License (c) 2024 Paul Miller (paulmillr.com) *)
+*/