npm - salty-crypto - Versions diffs - 0.0.1 - Mend

salty-crypto 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/README.md +63 -0
package/dist/salty-crypto.js +1 -0
package/package.json +39 -0
package/rollup.config.js +9 -0
package/src/aead.ts +86 -0
package/src/blake2.ts +135 -0
package/src/chacha20.ts +72 -0
package/src/index.ts +12 -0
package/src/noise.ts +368 -0
package/src/patterns.ts +59 -0
package/src/poly1305.ts +369 -0
package/src/profiles.ts +65 -0
package/src/random.ts +36 -0
package/src/x25519.ts +596 -0
package/test/harness.ts +73 -0
package/test/tests/aead.test.ts +49 -0
package/test/tests/blake2.test.ts +41 -0
package/test/tests/chacha20.test.ts +81 -0
package/test/tests/noise.test.ts +144 -0
package/test/tests/poly1305.test.ts +16 -0
package/test-vectors/noise-c-basic.txt +19684 -0
package/test-vectors/snow.txt +10348 -0
package/tsconfig.json +18 -0

package/src/x25519.ts ADDED Viewed

@@ -0,0 +1,596 @@
+/// SPDX-License-Identifier: MIT
+/// SPDX-FileCopyrightText: Copyright © 2023 Tony Garnock-Jones <tonyg@leastfixedpoint.com>
+// TypeScript port of the X25519 code from nacl-fast.js from tweetnacl.
+//
+// The comment in that file reads as follows:
+//
+// // Ported in 2014 by Dmitry Chestnykh and Devi Mandiri.
+// // Public domain.
+// //
+// // Implementation derived from TweetNaCl version 20140427.
+// // See for details: http://tweetnacl.cr.yp.to/
+export const crypto_scalarmult_BYTES = 32;
+export const crypto_scalarmult_SCALARBYTES = 32;
+function gf(): Float64Array {
+    return new Float64Array(16);
+}
+const _9 = new Uint8Array(32);
+_9[0] = 9;
+const _121665 = gf();
+_121665[0] = 0xdb41;
+_121665[1] = 1;
+function car25519(o: Float64Array) {
+    let c = 1;
+    for (let i = 0; i < 16; i++) {
+        const v = o[i] + c + 65535;
+        c = Math.floor(v / 65536);
+        o[i] = v - c * 65536;
+    }
+    o[0] += c-1 + 37 * (c-1);
+}
+function sel25519(p: Float64Array, q: Float64Array, b: number) {
+    const c = ~(b-1);
+    for (let i = 0; i < 16; i++) {
+        const t = c & (p[i] ^ q[i]);
+        p[i] ^= t;
+        q[i] ^= t;
+    }
+}
+function pack25519(o: Uint8Array, n: Float64Array) {
+    const m = gf();
+    const t = gf();
+    for (let i = 0; i < 16; i++) t[i] = n[i];
+    car25519(t);
+    car25519(t);
+    car25519(t);
+    for (let j = 0; j < 2; j++) {
+        m[0] = t[0] - 0xffed;
+        for (let i = 1; i < 15; i++) {
+            m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1);
+            m[i-1] &= 0xffff;
+        }
+        m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1);
+        const b = (m[15]>>16) & 1;
+        m[14] &= 0xffff;
+        sel25519(t, m, 1-b);
+    }
+    for (let i = 0; i < 16; i++) {
+        o[2*i] = t[i] & 0xff;
+        o[2*i+1] = t[i]>>8;
+    }
+}
+function unpack25519(o: Float64Array, n: Uint8Array) {
+    for (let i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8);
+    o[15] &= 0x7fff;
+}
+function A(o: Float64Array, a: Float64Array, b: Float64Array) {
+    for (let i = 0; i < 16; i++) o[i] = a[i] + b[i];
+}
+function Z(o: Float64Array, a: Float64Array, b: Float64Array) {
+    for (let i = 0; i < 16; i++) o[i] = a[i] - b[i];
+}
+function M(o: Float64Array, a: Float64Array, b: Float64Array) {
+    let t0 = 0;
+    let t1 = 0;
+    let t2 = 0;
+    let t3 = 0;
+    let t4 = 0;
+    let t5 = 0;
+    let t6 = 0;
+    let t7 = 0;
+    let t8 = 0;
+    let t9 = 0;
+    let t10 = 0;
+    let t11 = 0;
+    let t12 = 0;
+    let t13 = 0;
+    let t14 = 0;
+    let t15 = 0;
+    let t16 = 0;
+    let t17 = 0;
+    let t18 = 0;
+    let t19 = 0;
+    let t20 = 0;
+    let t21 = 0;
+    let t22 = 0;
+    let t23 = 0;
+    let t24 = 0;
+    let t25 = 0;
+    let t26 = 0;
+    let t27 = 0;
+    let t28 = 0;
+    let t29 = 0;
+    let t30 = 0;
+    const b0 = b[0];
+    const b1 = b[1];
+    const b2 = b[2];
+    const b3 = b[3];
+    const b4 = b[4];
+    const b5 = b[5];
+    const b6 = b[6];
+    const b7 = b[7];
+    const b8 = b[8];
+    const b9 = b[9];
+    const b10 = b[10];
+    const b11 = b[11];
+    const b12 = b[12];
+    const b13 = b[13];
+    const b14 = b[14];
+    const b15 = b[15];
+    let v = a[0];
+    t0 += v * b0;
+    t1 += v * b1;
+    t2 += v * b2;
+    t3 += v * b3;
+    t4 += v * b4;
+    t5 += v * b5;
+    t6 += v * b6;
+    t7 += v * b7;
+    t8 += v * b8;
+    t9 += v * b9;
+    t10 += v * b10;
+    t11 += v * b11;
+    t12 += v * b12;
+    t13 += v * b13;
+    t14 += v * b14;
+    t15 += v * b15;
+    v = a[1];
+    t1 += v * b0;
+    t2 += v * b1;
+    t3 += v * b2;
+    t4 += v * b3;
+    t5 += v * b4;
+    t6 += v * b5;
+    t7 += v * b6;
+    t8 += v * b7;
+    t9 += v * b8;
+    t10 += v * b9;
+    t11 += v * b10;
+    t12 += v * b11;
+    t13 += v * b12;
+    t14 += v * b13;
+    t15 += v * b14;
+    t16 += v * b15;
+    v = a[2];
+    t2 += v * b0;
+    t3 += v * b1;
+    t4 += v * b2;
+    t5 += v * b3;
+    t6 += v * b4;
+    t7 += v * b5;
+    t8 += v * b6;
+    t9 += v * b7;
+    t10 += v * b8;
+    t11 += v * b9;
+    t12 += v * b10;
+    t13 += v * b11;
+    t14 += v * b12;
+    t15 += v * b13;
+    t16 += v * b14;
+    t17 += v * b15;
+    v = a[3];
+    t3 += v * b0;
+    t4 += v * b1;
+    t5 += v * b2;
+    t6 += v * b3;
+    t7 += v * b4;
+    t8 += v * b5;
+    t9 += v * b6;
+    t10 += v * b7;
+    t11 += v * b8;
+    t12 += v * b9;
+    t13 += v * b10;
+    t14 += v * b11;
+    t15 += v * b12;
+    t16 += v * b13;
+    t17 += v * b14;
+    t18 += v * b15;
+    v = a[4];
+    t4 += v * b0;
+    t5 += v * b1;
+    t6 += v * b2;
+    t7 += v * b3;
+    t8 += v * b4;
+    t9 += v * b5;
+    t10 += v * b6;
+    t11 += v * b7;
+    t12 += v * b8;
+    t13 += v * b9;
+    t14 += v * b10;
+    t15 += v * b11;
+    t16 += v * b12;
+    t17 += v * b13;
+    t18 += v * b14;
+    t19 += v * b15;
+    v = a[5];
+    t5 += v * b0;
+    t6 += v * b1;
+    t7 += v * b2;
+    t8 += v * b3;
+    t9 += v * b4;
+    t10 += v * b5;
+    t11 += v * b6;
+    t12 += v * b7;
+    t13 += v * b8;
+    t14 += v * b9;
+    t15 += v * b10;
+    t16 += v * b11;
+    t17 += v * b12;
+    t18 += v * b13;
+    t19 += v * b14;
+    t20 += v * b15;
+    v = a[6];
+    t6 += v * b0;
+    t7 += v * b1;
+    t8 += v * b2;
+    t9 += v * b3;
+    t10 += v * b4;
+    t11 += v * b5;
+    t12 += v * b6;
+    t13 += v * b7;
+    t14 += v * b8;
+    t15 += v * b9;
+    t16 += v * b10;
+    t17 += v * b11;
+    t18 += v * b12;
+    t19 += v * b13;
+    t20 += v * b14;
+    t21 += v * b15;
+    v = a[7];
+    t7 += v * b0;
+    t8 += v * b1;
+    t9 += v * b2;
+    t10 += v * b3;
+    t11 += v * b4;
+    t12 += v * b5;
+    t13 += v * b6;
+    t14 += v * b7;
+    t15 += v * b8;
+    t16 += v * b9;
+    t17 += v * b10;
+    t18 += v * b11;
+    t19 += v * b12;
+    t20 += v * b13;
+    t21 += v * b14;
+    t22 += v * b15;
+    v = a[8];
+    t8 += v * b0;
+    t9 += v * b1;
+    t10 += v * b2;
+    t11 += v * b3;
+    t12 += v * b4;
+    t13 += v * b5;
+    t14 += v * b6;
+    t15 += v * b7;
+    t16 += v * b8;
+    t17 += v * b9;
+    t18 += v * b10;
+    t19 += v * b11;
+    t20 += v * b12;
+    t21 += v * b13;
+    t22 += v * b14;
+    t23 += v * b15;
+    v = a[9];
+    t9 += v * b0;
+    t10 += v * b1;
+    t11 += v * b2;
+    t12 += v * b3;
+    t13 += v * b4;
+    t14 += v * b5;
+    t15 += v * b6;
+    t16 += v * b7;
+    t17 += v * b8;
+    t18 += v * b9;
+    t19 += v * b10;
+    t20 += v * b11;
+    t21 += v * b12;
+    t22 += v * b13;
+    t23 += v * b14;
+    t24 += v * b15;
+    v = a[10];
+    t10 += v * b0;
+    t11 += v * b1;
+    t12 += v * b2;
+    t13 += v * b3;
+    t14 += v * b4;
+    t15 += v * b5;
+    t16 += v * b6;
+    t17 += v * b7;
+    t18 += v * b8;
+    t19 += v * b9;
+    t20 += v * b10;
+    t21 += v * b11;
+    t22 += v * b12;
+    t23 += v * b13;
+    t24 += v * b14;
+    t25 += v * b15;
+    v = a[11];
+    t11 += v * b0;
+    t12 += v * b1;
+    t13 += v * b2;
+    t14 += v * b3;
+    t15 += v * b4;
+    t16 += v * b5;
+    t17 += v * b6;
+    t18 += v * b7;
+    t19 += v * b8;
+    t20 += v * b9;
+    t21 += v * b10;
+    t22 += v * b11;
+    t23 += v * b12;
+    t24 += v * b13;
+    t25 += v * b14;
+    t26 += v * b15;
+    v = a[12];
+    t12 += v * b0;
+    t13 += v * b1;
+    t14 += v * b2;
+    t15 += v * b3;
+    t16 += v * b4;
+    t17 += v * b5;
+    t18 += v * b6;
+    t19 += v * b7;
+    t20 += v * b8;
+    t21 += v * b9;
+    t22 += v * b10;
+    t23 += v * b11;
+    t24 += v * b12;
+    t25 += v * b13;
+    t26 += v * b14;
+    t27 += v * b15;
+    v = a[13];
+    t13 += v * b0;
+    t14 += v * b1;
+    t15 += v * b2;
+    t16 += v * b3;
+    t17 += v * b4;
+    t18 += v * b5;
+    t19 += v * b6;
+    t20 += v * b7;
+    t21 += v * b8;
+    t22 += v * b9;
+    t23 += v * b10;
+    t24 += v * b11;
+    t25 += v * b12;
+    t26 += v * b13;
+    t27 += v * b14;
+    t28 += v * b15;
+    v = a[14];
+    t14 += v * b0;
+    t15 += v * b1;
+    t16 += v * b2;
+    t17 += v * b3;
+    t18 += v * b4;
+    t19 += v * b5;
+    t20 += v * b6;
+    t21 += v * b7;
+    t22 += v * b8;
+    t23 += v * b9;
+    t24 += v * b10;
+    t25 += v * b11;
+    t26 += v * b12;
+    t27 += v * b13;
+    t28 += v * b14;
+    t29 += v * b15;
+    v = a[15];
+    t15 += v * b0;
+    t16 += v * b1;
+    t17 += v * b2;
+    t18 += v * b3;
+    t19 += v * b4;
+    t20 += v * b5;
+    t21 += v * b6;
+    t22 += v * b7;
+    t23 += v * b8;
+    t24 += v * b9;
+    t25 += v * b10;
+    t26 += v * b11;
+    t27 += v * b12;
+    t28 += v * b13;
+    t29 += v * b14;
+    t30 += v * b15;
+    t0  += 38 * t16;
+    t1  += 38 * t17;
+    t2  += 38 * t18;
+    t3  += 38 * t19;
+    t4  += 38 * t20;
+    t5  += 38 * t21;
+    t6  += 38 * t22;
+    t7  += 38 * t23;
+    t8  += 38 * t24;
+    t9  += 38 * t25;
+    t10 += 38 * t26;
+    t11 += 38 * t27;
+    t12 += 38 * t28;
+    t13 += 38 * t29;
+    t14 += 38 * t30;
+    // t15 left as is
+    // first car
+    let c = 1;
+    v =  t0 + c + 65535; c = Math.floor(v / 65536);  t0 = v - c * 65536;
+    v =  t1 + c + 65535; c = Math.floor(v / 65536);  t1 = v - c * 65536;
+    v =  t2 + c + 65535; c = Math.floor(v / 65536);  t2 = v - c * 65536;
+    v =  t3 + c + 65535; c = Math.floor(v / 65536);  t3 = v - c * 65536;
+    v =  t4 + c + 65535; c = Math.floor(v / 65536);  t4 = v - c * 65536;
+    v =  t5 + c + 65535; c = Math.floor(v / 65536);  t5 = v - c * 65536;
+    v =  t6 + c + 65535; c = Math.floor(v / 65536);  t6 = v - c * 65536;
+    v =  t7 + c + 65535; c = Math.floor(v / 65536);  t7 = v - c * 65536;
+    v =  t8 + c + 65535; c = Math.floor(v / 65536);  t8 = v - c * 65536;
+    v =  t9 + c + 65535; c = Math.floor(v / 65536);  t9 = v - c * 65536;
+    v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;
+    v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;
+    v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;
+    v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;
+    v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;
+    v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;
+    t0 += c-1 + 37 * (c-1);
+    // second car
+    c = 1;
+    v =  t0 + c + 65535; c = Math.floor(v / 65536);  t0 = v - c * 65536;
+    v =  t1 + c + 65535; c = Math.floor(v / 65536);  t1 = v - c * 65536;
+    v =  t2 + c + 65535; c = Math.floor(v / 65536);  t2 = v - c * 65536;
+    v =  t3 + c + 65535; c = Math.floor(v / 65536);  t3 = v - c * 65536;
+    v =  t4 + c + 65535; c = Math.floor(v / 65536);  t4 = v - c * 65536;
+    v =  t5 + c + 65535; c = Math.floor(v / 65536);  t5 = v - c * 65536;
+    v =  t6 + c + 65535; c = Math.floor(v / 65536);  t6 = v - c * 65536;
+    v =  t7 + c + 65535; c = Math.floor(v / 65536);  t7 = v - c * 65536;
+    v =  t8 + c + 65535; c = Math.floor(v / 65536);  t8 = v - c * 65536;
+    v =  t9 + c + 65535; c = Math.floor(v / 65536);  t9 = v - c * 65536;
+    v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;
+    v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;
+    v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;
+    v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;
+    v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;
+    v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;
+    t0 += c-1 + 37 * (c-1);
+    o[ 0] = t0;
+    o[ 1] = t1;
+    o[ 2] = t2;
+    o[ 3] = t3;
+    o[ 4] = t4;
+    o[ 5] = t5;
+    o[ 6] = t6;
+    o[ 7] = t7;
+    o[ 8] = t8;
+    o[ 9] = t9;
+    o[10] = t10;
+    o[11] = t11;
+    o[12] = t12;
+    o[13] = t13;
+    o[14] = t14;
+    o[15] = t15;
+}
+function S(o: Float64Array, a: Float64Array) {
+    M(o, a, a);
+}
+function inv25519(o: Float64Array, i: Float64Array) {
+    const c = gf();
+    for (let a = 0; a < 16; a++) c[a] = i[a];
+    for (let a = 253; a >= 0; a--) {
+        S(c, c);
+        if (a !== 2 && a !== 4) M(c, c, i);
+    }
+    for (let a = 0; a < 16; a++) o[a] = c[a];
+}
+export function crypto_scalarmult(q: Uint8Array, n: Uint8Array, p: Uint8Array) {
+    const z = new Uint8Array(32);
+    const x = new Float64Array(80);
+    const a = gf();
+    const b = gf();
+    const c = gf();
+    const d = gf();
+    const e = gf();
+    const f = gf();
+    for (let i = 0; i < 31; i++) z[i] = n[i];
+    z[31]=(n[31]&127)|64;
+    z[0]&=248;
+    unpack25519(x,p);
+    for (let i = 0; i < 16; i++) {
+        b[i]=x[i];
+        d[i]=a[i]=c[i]=0;
+    }
+    a[0]=d[0]=1;
+    for (let i=254; i>=0; --i) {
+        const r=(z[i>>>3]>>>(i&7))&1;
+        sel25519(a,b,r);
+        sel25519(c,d,r);
+        A(e,a,c);
+        Z(a,a,c);
+        A(c,b,d);
+        Z(b,b,d);
+        S(d,e);
+        S(f,a);
+        M(a,c,a);
+        M(c,b,e);
+        A(e,a,c);
+        Z(a,a,c);
+        S(b,a);
+        Z(c,d,f);
+        M(a,c,_121665);
+        A(a,a,d);
+        M(c,c,a);
+        M(a,d,f);
+        M(d,b,x);
+        S(b,e);
+        sel25519(a,b,r);
+        sel25519(c,d,r);
+    }
+    for (let i = 0; i < 16; i++) {
+        x[i+16]=a[i];
+        x[i+32]=c[i];
+        x[i+48]=b[i];
+        x[i+64]=d[i];
+    }
+    const x32 = x.subarray(32);
+    const x16 = x.subarray(16);
+    inv25519(x32,x32);
+    M(x16,x16,x32);
+    pack25519(q,x16);
+}
+export function crypto_scalarmult_base(q: Uint8Array, n: Uint8Array) {
+    crypto_scalarmult(q, n, _9);
+}
+/* High-level API */
+export function scalarMult(n: Uint8Array, p: Uint8Array): Uint8Array {
+    if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size');
+    if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size');
+    const q = new Uint8Array(crypto_scalarmult_BYTES);
+    crypto_scalarmult(q, n, p);
+    return q;
+}
+export function scalarMultBase(n: Uint8Array): Uint8Array {
+    if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size');
+    const q = new Uint8Array(crypto_scalarmult_BYTES);
+    crypto_scalarmult_base(q, n);
+    return q;
+}
+scalarMult.scalarLength = crypto_scalarmult_SCALARBYTES;
+scalarMult.groupElementLength = crypto_scalarmult_BYTES;

package/test/harness.ts ADDED Viewed

@@ -0,0 +1,73 @@
+export { expect } from 'expect';
+import { JestAssertionError } from 'expect';
+import { glob } from 'glob';
+import path from 'path';
+export class Stats {
+    total = 0;
+    passed = 0;
+    failed = 0;
+    errors = 0;
+    merge(s: Stats) {
+        this.total += s.total;
+        this.passed += s.passed;
+        this.failed += s.failed;
+        this.errors += s.errors;
+    }
+}
+export let testDepth = 0;
+export let testStats = new Stats();
+function indent(msg: string) {
+    let str = '';
+    for (let i = 0; i < testDepth; i++) str = str + '    ';
+    console.log(str + msg);
+}
+export async function describe(what: string, f: () => (Promise<void> | void)) {
+    indent('- ' + what);
+    testDepth++;
+    await f();
+    testDepth--;
+}
+export async function it(what: string, f: () => (Promise<void> | void)) {
+    try {
+        testStats.total++;
+        await f();
+        testStats.passed++;
+        indent('✓ ' + what);
+    } catch (exn) {
+        if (exn instanceof JestAssertionError) {
+            testStats.failed++;
+            indent('\x1b[33m✗ ' + what + '\x1b[0m')
+            console.error(`${'\x1b[31m'}${exn.message}${'\x1b[0m'}`);
+        } else {
+            testStats.errors++;
+            throw exn;
+        }
+    }
+}
+export async function runTests(patterns: string[]): Promise<void> {
+    for (const pattern of patterns) {
+        const files = glob.sync(pattern, { nodir: true });
+        for (const mod of files) {
+            await describe(mod, async () => {
+                await import(path.resolve(process.cwd(), mod));
+            });
+        }
+    }
+}
+if (Object.is(require.main, module)) {
+    console.time('tests');
+    let patterns = process.argv.slice(2);
+    if (patterns.length === 0) patterns = ['./lib/**/*.test.js'];
+    runTests(patterns).then(() => {
+        console.timeEnd('tests');
+        console.log(testStats);
+    });
+}

package/test/tests/aead.test.ts ADDED Viewed

@@ -0,0 +1,49 @@
+import { AEAD_CHACHA20_POLY1305_TAGBYTES, aead_encrypt_detached, aead_decrypt_detached } from '../../src/aead';
+import { it, expect } from '../harness';
+it('section 2.8.2 from rfc 8439', () => {
+    const sunscreen_str = "Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it.";
+    const sunscreen = new TextEncoder().encode(sunscreen_str);
+    const associated_data = new Uint8Array([
+        0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
+        0xc4, 0xc5, 0xc6, 0xc7,
+    ]);
+    const key = new DataView(new Uint8Array([
+        0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+        0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+        0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+        0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
+    ]).buffer);
+    const nonce = new DataView(new Uint8Array([
+        0x07, 0x00, 0x00, 0x00,
+        0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+    ]).buffer);
+    const tag = new Uint8Array(AEAD_CHACHA20_POLY1305_TAGBYTES);
+    aead_encrypt_detached(sunscreen, sunscreen, sunscreen.byteLength, tag, key, nonce, associated_data);
+    expect(sunscreen).toEqual(new Uint8Array([
+        0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
+        0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe, 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
+        0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12, 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
+        0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
+        0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c, 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
+        0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94, 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
+        0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
+        0x61, 0x16,
+    ]));
+    expect(tag).toEqual(new Uint8Array([
+        0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
+        0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91,
+    ]));
+    const sunscreen2 = Uint8Array.from(sunscreen);
+    expect(aead_decrypt_detached(sunscreen2, sunscreen2, sunscreen2.byteLength, tag, key, nonce, associated_data)).toBe(true);
+    expect(new TextDecoder().decode(sunscreen2)).toBe(sunscreen_str);
+    tag[0]++;
+    expect(aead_decrypt_detached(sunscreen, sunscreen, sunscreen.byteLength, tag, key, nonce, associated_data)).toBe(false);
+    expect(sunscreen).toEqual(new Uint8Array(sunscreen_str.length));
+});