sm-crypto-v2 1.10.0 → 1.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -444,6 +444,9 @@ var __publicField = function(obj, key, value) {
444
444
  // src/index.ts
445
445
  var src_exports = {};
446
446
  __export(src_exports, {
447
+ kdf: function() {
448
+ return kdf;
449
+ },
447
450
  sm2: function() {
448
451
  return sm2_exports;
449
452
  },
@@ -1227,7 +1230,7 @@ function nLength(n, nBitLength) {
1227
1230
  };
1228
1231
  }
1229
1232
  function Field(ORDER, bitLen2) {
1230
- var isLE2 = arguments.length > 2 && arguments[2] !== void 0 ? arguments[2] : false, redef = arguments.length > 3 && arguments[3] !== void 0 ? arguments[3] : {};
1233
+ var isLE3 = arguments.length > 2 && arguments[2] !== void 0 ? arguments[2] : false, redef = arguments.length > 3 && arguments[3] !== void 0 ? arguments[3] : {};
1231
1234
  if (ORDER <= _0n2) throw new Error("Expected Fp ORDER > 0, got ".concat(ORDER));
1232
1235
  var _nLength = nLength(ORDER, bitLen2), BITS = _nLength.nBitLength, BYTES = _nLength.nByteLength;
1233
1236
  if (BYTES > 2048) throw new Error("Field lengths over 2048 bytes are not supported");
@@ -1304,22 +1307,22 @@ function Field(ORDER, bitLen2) {
1304
1307
  return c ? b : a;
1305
1308
  },
1306
1309
  toBytes: function(num) {
1307
- return isLE2 ? numberToBytesLE(num, BYTES) : numberToBytesBE(num, BYTES);
1310
+ return isLE3 ? numberToBytesLE(num, BYTES) : numberToBytesBE(num, BYTES);
1308
1311
  },
1309
1312
  fromBytes: function(bytes) {
1310
1313
  if (bytes.length !== BYTES) throw new Error("Fp.fromBytes: expected ".concat(BYTES, ", got ").concat(bytes.length));
1311
- return isLE2 ? bytesToNumberLE(bytes) : bytesToNumberBE(bytes);
1314
+ return isLE3 ? bytesToNumberLE(bytes) : bytesToNumberBE(bytes);
1312
1315
  }
1313
1316
  });
1314
1317
  return Object.freeze(f);
1315
1318
  }
1316
1319
  function hashToPrivateScalar(hash, groupOrder) {
1317
- var isLE2 = arguments.length > 2 && arguments[2] !== void 0 ? arguments[2] : false;
1320
+ var isLE3 = arguments.length > 2 && arguments[2] !== void 0 ? arguments[2] : false;
1318
1321
  hash = ensureBytes("privateHash", hash);
1319
1322
  var hashLen = hash.length;
1320
1323
  var minLen = nLength(groupOrder).nByteLength + 8;
1321
1324
  if (minLen < 24 || hashLen < minLen || hashLen > 1024) throw new Error("hashToPrivateScalar: expected ".concat(minLen, "-1024 bytes of input, got ").concat(hashLen));
1322
- var num = isLE2 ? bytesToNumberLE(hash) : bytesToNumberBE(hash);
1325
+ var num = isLE3 ? bytesToNumberLE(hash) : bytesToNumberBE(hash);
1323
1326
  return mod(num, groupOrder - _1n2) + _1n2;
1324
1327
  }
1325
1328
  // node_modules/.pnpm/@noble+curves@1.1.0/node_modules/@noble/curves/esm/abstract/curve.js
@@ -1564,7 +1567,7 @@ function weierstrassPoints(opts) {
1564
1567
  };
1565
1568
  var CURVE = validatePointOpts(opts);
1566
1569
  var Fp = CURVE.Fp;
1567
- var toBytes2 = CURVE.toBytes || function(c, point, isCompressed) {
1570
+ var toBytes3 = CURVE.toBytes || function(c, point, isCompressed) {
1568
1571
  var a = point.toAffine();
1569
1572
  return concatBytes(Uint8Array.from([
1570
1573
  4
@@ -1910,7 +1913,7 @@ function weierstrassPoints(opts) {
1910
1913
  value: function toRawBytes() {
1911
1914
  var isCompressed = arguments.length > 0 && arguments[0] !== void 0 ? arguments[0] : true;
1912
1915
  this.assertValidity();
1913
- return toBytes2(Point, this, isCompressed);
1916
+ return toBytes3(Point, this, isCompressed);
1914
1917
  }
1915
1918
  },
1916
1919
  {
@@ -2542,16 +2545,16 @@ var BoolB = function(A, B, C) {
2542
2545
  var BoolC = function(A, B, C) {
2543
2546
  return A & B | ~A & C;
2544
2547
  };
2545
- function setBigUint64(view, byteOffset, value, isLE2) {
2546
- if (typeof view.setBigUint64 === "function") return view.setBigUint64(byteOffset, value, isLE2);
2548
+ function setBigUint64(view, byteOffset, value, isLE3) {
2549
+ if (typeof view.setBigUint64 === "function") return view.setBigUint64(byteOffset, value, isLE3);
2547
2550
  var _32n = BigInt(32);
2548
2551
  var _u32_max = BigInt(4294967295);
2549
2552
  var wh = Number(value >> _32n & _u32_max);
2550
2553
  var wl = Number(value & _u32_max);
2551
- var h = isLE2 ? 4 : 0;
2552
- var l = isLE2 ? 0 : 4;
2553
- view.setUint32(byteOffset + h, wh, isLE2);
2554
- view.setUint32(byteOffset + l, wl, isLE2);
2554
+ var h = isLE3 ? 4 : 0;
2555
+ var l = isLE3 ? 0 : 4;
2556
+ view.setUint32(byteOffset + h, wh, isLE3);
2557
+ view.setUint32(byteOffset + l, wl, isLE3);
2555
2558
  }
2556
2559
  function rotl(x2, n) {
2557
2560
  var s = n & 31;
@@ -2566,14 +2569,14 @@ function P1(X) {
2566
2569
  var SHA2 = /*#__PURE__*/ function(Hash) {
2567
2570
  _inherits(SHA2, Hash);
2568
2571
  var _super = _create_super(SHA2);
2569
- function SHA2(blockLen, outputLen, padOffset, isLE2) {
2572
+ function SHA2(blockLen, outputLen, padOffset, isLE3) {
2570
2573
  _class_call_check(this, SHA2);
2571
2574
  var _this;
2572
2575
  _this = _super.call(this);
2573
2576
  _this.blockLen = blockLen;
2574
2577
  _this.outputLen = outputLen;
2575
2578
  _this.padOffset = padOffset;
2576
- _this.isLE = isLE2;
2579
+ _this.isLE = isLE3;
2577
2580
  // For partial updates less than block size
2578
2581
  __publicField(_assert_this_initialized(_this), "buffer");
2579
2582
  __publicField(_assert_this_initialized(_this), "view");
@@ -2616,7 +2619,7 @@ var SHA2 = /*#__PURE__*/ function(Hash) {
2616
2619
  key: "digestInto",
2617
2620
  value: function digestInto(out) {
2618
2621
  this.finished = true;
2619
- var _this = this, buffer = _this.buffer, view = _this.view, blockLen = _this.blockLen, isLE2 = _this.isLE;
2622
+ var _this = this, buffer = _this.buffer, view = _this.view, blockLen = _this.blockLen, isLE3 = _this.isLE;
2620
2623
  var pos = this.pos;
2621
2624
  buffer[pos++] = 128;
2622
2625
  this.buffer.subarray(pos).fill(0);
@@ -2625,7 +2628,7 @@ var SHA2 = /*#__PURE__*/ function(Hash) {
2625
2628
  pos = 0;
2626
2629
  }
2627
2630
  for(var i = pos; i < blockLen; i++)buffer[i] = 0;
2628
- setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE2);
2631
+ setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE3);
2629
2632
  this.process(view, 0);
2630
2633
  var oview = createView(out);
2631
2634
  var len = this.outputLen;
@@ -2633,7 +2636,7 @@ var SHA2 = /*#__PURE__*/ function(Hash) {
2633
2636
  var outLen = len / 4;
2634
2637
  var state = this.get();
2635
2638
  if (outLen > state.length) throw new Error("_sha2: outputLen bigger than state");
2636
- for(var i1 = 0; i1 < outLen; i1++)oview.setUint32(4 * i1, state[i1], isLE2);
2639
+ for(var i1 = 0; i1 < outLen; i1++)oview.setUint32(4 * i1, state[i1], isLE3);
2637
2640
  }
2638
2641
  },
2639
2642
  {
@@ -2976,10 +2979,48 @@ function comparePublicKeyHex(publicKey1, publicKey2) {
2976
2979
  if (!point2) return false;
2977
2980
  return point1.equals(point2);
2978
2981
  }
2979
- // src/sm2/kx.ts
2980
- var wPow2 = hexToNumber("80000000000000000000000000000000");
2981
- var wPow2Sub1 = hexToNumber("7fffffffffffffffffffffffffffffff");
2982
- function hkdf(z, keylen) {
2982
+ // src/sm3/index.ts
2983
+ function utf8ToArray(str) {
2984
+ var arr = [];
2985
+ for(var i = 0, len = str.length; i < len; i++){
2986
+ var point = str.codePointAt(i);
2987
+ if (point <= 127) {
2988
+ arr.push(point);
2989
+ } else if (point <= 2047) {
2990
+ arr.push(192 | point >>> 6);
2991
+ arr.push(128 | point & 63);
2992
+ } else if (point <= 55295 || point >= 57344 && point <= 65535) {
2993
+ arr.push(224 | point >>> 12);
2994
+ arr.push(128 | point >>> 6 & 63);
2995
+ arr.push(128 | point & 63);
2996
+ } else if (point >= 65536 && point <= 1114111) {
2997
+ i++;
2998
+ arr.push(240 | point >>> 18 & 28);
2999
+ arr.push(128 | point >>> 12 & 63);
3000
+ arr.push(128 | point >>> 6 & 63);
3001
+ arr.push(128 | point & 63);
3002
+ } else {
3003
+ arr.push(point);
3004
+ throw new Error("input is not supported");
3005
+ }
3006
+ }
3007
+ return new Uint8Array(arr);
3008
+ }
3009
+ function sm32(input, options) {
3010
+ input = typeof input === "string" ? utf8ToArray(input) : input;
3011
+ if (options) {
3012
+ var mode = options.mode || "hmac";
3013
+ if (mode !== "hmac") throw new Error("invalid mode");
3014
+ var key = options.key;
3015
+ if (!key) throw new Error("invalid key");
3016
+ key = typeof key === "string" ? hexToArray(key) : key;
3017
+ return bytesToHex2(hmac(sm3, key, input));
3018
+ }
3019
+ return bytesToHex2(sm3(input));
3020
+ }
3021
+ // src/sm2/kdf.ts
3022
+ function kdf(z, keylen) {
3023
+ z = typeof z === "string" ? utf8ToArray(z) : z;
2983
3024
  var msg = new Uint8Array(keylen);
2984
3025
  var ct = 1;
2985
3026
  var offset = 0;
@@ -3001,6 +3042,9 @@ function hkdf(z, keylen) {
3001
3042
  }
3002
3043
  return msg;
3003
3044
  }
3045
+ // src/sm2/kx.ts
3046
+ var wPow2 = hexToNumber("80000000000000000000000000000000");
3047
+ var wPow2Sub1 = hexToNumber("7fffffffffffffffffffffffffffffff");
3004
3048
  function calculateSharedKey(keypairA, ephemeralKeypairA, publicKeyB, ephemeralPublicKeyB, sharedKeyLength) {
3005
3049
  var isRecipient = arguments.length > 5 && arguments[5] !== void 0 ? arguments[5] : false, idA = arguments.length > 6 && arguments[6] !== void 0 ? arguments[6] : "1234567812345678", idB = arguments.length > 7 && arguments[7] !== void 0 ? arguments[7] : "1234567812345678";
3006
3050
  var RA = sm2Curve.ProjectivePoint.fromHex(ephemeralKeypairA.publicKey);
@@ -3025,10 +3069,16 @@ function calculateSharedKey(keypairA, ephemeralKeypairA, publicKeyB, ephemeralPu
3025
3069
  var U = RB.multiply(x2_).add(PB).multiply(tA);
3026
3070
  var xU = hexToArray(leftPad(numberToHexUnpadded(U.x), 64));
3027
3071
  var yU = hexToArray(leftPad(numberToHexUnpadded(U.y), 64));
3028
- var KA = hkdf(concatBytes(xU, yU, ZA, ZB), sharedKeyLength);
3072
+ var KA = kdf(concatBytes(xU, yU, ZA, ZB), sharedKeyLength);
3029
3073
  return KA;
3030
3074
  }
3031
3075
  // src/sm2/index.ts
3076
+ function xorCipherStream(x2, y2, msg) {
3077
+ var stream = kdf(concatBytes(x2, y2), msg.length);
3078
+ for(var i = 0, len = msg.length; i < len; i++){
3079
+ msg[i] ^= stream[i] & 255;
3080
+ }
3081
+ }
3032
3082
  var C1C2C3 = 0;
3033
3083
  var EmptyArray = new Uint8Array();
3034
3084
  function doEncrypt(msg, publicKey) {
@@ -3052,28 +3102,9 @@ function doEncrypt(msg, publicKey) {
3052
3102
  }
3053
3103
  return cipherMode === C1C2C3 ? c1 + c2 + c3 : c1 + c3 + c2;
3054
3104
  }
3055
- function xorCipherStream(x2, y2, msg) {
3056
- var ct = 1;
3057
- var offset = 0;
3058
- var t = EmptyArray;
3059
- var ctShift = new Uint8Array(4);
3060
- var nextT = function() {
3061
- ctShift[0] = ct >> 24 & 255;
3062
- ctShift[1] = ct >> 16 & 255;
3063
- ctShift[2] = ct >> 8 & 255;
3064
- ctShift[3] = ct & 255;
3065
- t = sm3(concatBytes(x2, y2, ctShift));
3066
- ct++;
3067
- offset = 0;
3068
- };
3069
- nextT();
3070
- for(var i = 0, len = msg.length; i < len; i++){
3071
- if (offset === t.length) nextT();
3072
- msg[i] ^= t[offset++] & 255;
3073
- }
3074
- }
3075
3105
  function doDecrypt(encryptData, privateKey) {
3076
- var cipherMode = arguments.length > 2 && arguments[2] !== void 0 ? arguments[2] : 1, _ref = arguments.length > 3 && arguments[3] !== void 0 ? arguments[3] : {}, _ref_output = _ref.output, output = _ref_output === void 0 ? "string" : _ref_output, _ref_asn1 = _ref.asn1, asn1 = _ref_asn1 === void 0 ? false : _ref_asn1;
3106
+ var cipherMode = arguments.length > 2 && arguments[2] !== void 0 ? arguments[2] : 1, options = arguments.length > 3 ? arguments[3] : void 0;
3107
+ var _ref = options || {}, _ref_output = _ref.output, output = _ref_output === void 0 ? "string" : _ref_output, _ref_asn1 = _ref.asn1, asn1 = _ref_asn1 === void 0 ? false : _ref_asn1;
3077
3108
  var privateKeyInteger = hexToNumber(privateKey);
3078
3109
  var c1;
3079
3110
  var c2;
@@ -3219,45 +3250,6 @@ function getPoint() {
3219
3250
  x1: PA.x
3220
3251
  });
3221
3252
  }
3222
- // src/sm3/index.ts
3223
- function utf8ToArray(str) {
3224
- var arr = [];
3225
- for(var i = 0, len = str.length; i < len; i++){
3226
- var point = str.codePointAt(i);
3227
- if (point <= 127) {
3228
- arr.push(point);
3229
- } else if (point <= 2047) {
3230
- arr.push(192 | point >>> 6);
3231
- arr.push(128 | point & 63);
3232
- } else if (point <= 55295 || point >= 57344 && point <= 65535) {
3233
- arr.push(224 | point >>> 12);
3234
- arr.push(128 | point >>> 6 & 63);
3235
- arr.push(128 | point & 63);
3236
- } else if (point >= 65536 && point <= 1114111) {
3237
- i++;
3238
- arr.push(240 | point >>> 18 & 28);
3239
- arr.push(128 | point >>> 12 & 63);
3240
- arr.push(128 | point >>> 6 & 63);
3241
- arr.push(128 | point & 63);
3242
- } else {
3243
- arr.push(point);
3244
- throw new Error("input is not supported");
3245
- }
3246
- }
3247
- return new Uint8Array(arr);
3248
- }
3249
- function sm32(input, options) {
3250
- input = typeof input === "string" ? utf8ToArray(input) : input;
3251
- if (options) {
3252
- var mode = options.mode || "hmac";
3253
- if (mode !== "hmac") throw new Error("invalid mode");
3254
- var key = options.key;
3255
- if (!key) throw new Error("invalid key");
3256
- key = typeof key === "string" ? hexToArray(key) : key;
3257
- return bytesToHex2(hmac(sm3, key, input));
3258
- }
3259
- return bytesToHex2(sm3(input));
3260
- }
3261
3253
  // src/sm4/index.ts
3262
3254
  var sm4_exports = {};
3263
3255
  __export(sm4_exports, {
@@ -3271,8 +3263,337 @@ __export(sm4_exports, {
3271
3263
  return sm4;
3272
3264
  }
3273
3265
  });
3274
- var import_polyval = require("@noble/ciphers/_polyval");
3275
- var import_utils14 = require("@noble/ciphers/utils");
3266
+ // node_modules/.pnpm/@noble+ciphers@1.2.1/node_modules/@noble/ciphers/esm/_assert.js
3267
+ function isBytes(a) {
3268
+ return _instanceof(a, Uint8Array) || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
3269
+ }
3270
+ function abytes(b) {
3271
+ for(var _len = arguments.length, lengths = new Array(_len > 1 ? _len - 1 : 0), _key = 1; _key < _len; _key++){
3272
+ lengths[_key - 1] = arguments[_key];
3273
+ }
3274
+ if (!isBytes(b)) throw new Error("Uint8Array expected");
3275
+ if (lengths.length > 0 && !lengths.includes(b.length)) throw new Error("Uint8Array expected of length " + lengths + ", got length=" + b.length);
3276
+ }
3277
+ function aexists(instance) {
3278
+ var checkFinished = arguments.length > 1 && arguments[1] !== void 0 ? arguments[1] : true;
3279
+ if (instance.destroyed) throw new Error("Hash instance has been destroyed");
3280
+ if (checkFinished && instance.finished) throw new Error("Hash#digest() has already been called");
3281
+ }
3282
+ function aoutput(out, instance) {
3283
+ abytes(out);
3284
+ var min = instance.outputLen;
3285
+ if (out.length < min) {
3286
+ throw new Error("digestInto() expects output buffer of length at least " + min);
3287
+ }
3288
+ }
3289
+ // node_modules/.pnpm/@noble+ciphers@1.2.1/node_modules/@noble/ciphers/esm/utils.js
3290
+ var u32 = function(arr) {
3291
+ return new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));
3292
+ };
3293
+ var createView2 = function(arr) {
3294
+ return new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
3295
+ };
3296
+ var isLE2 = new Uint8Array(new Uint32Array([
3297
+ 287454020
3298
+ ]).buffer)[0] === 68;
3299
+ if (!isLE2) throw new Error("Non little-endian hardware is not supported");
3300
+ function utf8ToBytes3(str) {
3301
+ if (typeof str !== "string") throw new Error("string expected");
3302
+ return new Uint8Array(new TextEncoder().encode(str));
3303
+ }
3304
+ function toBytes2(data) {
3305
+ if (typeof data === "string") data = utf8ToBytes3(data);
3306
+ else if (isBytes(data)) data = copyBytes(data);
3307
+ else throw new Error("Uint8Array expected, got " + (typeof data === "undefined" ? "undefined" : _type_of(data)));
3308
+ return data;
3309
+ }
3310
+ function setBigUint642(view, byteOffset, value, isLE3) {
3311
+ if (typeof view.setBigUint64 === "function") return view.setBigUint64(byteOffset, value, isLE3);
3312
+ var _32n = BigInt(32);
3313
+ var _u32_max = BigInt(4294967295);
3314
+ var wh = Number(value >> _32n & _u32_max);
3315
+ var wl = Number(value & _u32_max);
3316
+ var h = isLE3 ? 4 : 0;
3317
+ var l = isLE3 ? 0 : 4;
3318
+ view.setUint32(byteOffset + h, wh, isLE3);
3319
+ view.setUint32(byteOffset + l, wl, isLE3);
3320
+ }
3321
+ function copyBytes(bytes) {
3322
+ return Uint8Array.from(bytes);
3323
+ }
3324
+ function clean() {
3325
+ for(var _len = arguments.length, arrays = new Array(_len), _key = 0; _key < _len; _key++){
3326
+ arrays[_key] = arguments[_key];
3327
+ }
3328
+ for(var i = 0; i < arrays.length; i++){
3329
+ arrays[i].fill(0);
3330
+ }
3331
+ }
3332
+ // node_modules/.pnpm/@noble+ciphers@1.2.1/node_modules/@noble/ciphers/esm/_polyval.js
3333
+ var BLOCK_SIZE = 16;
3334
+ var ZEROS16 = /* @__PURE__ */ new Uint8Array(16);
3335
+ var ZEROS32 = u32(ZEROS16);
3336
+ var POLY = 225;
3337
+ var mul2 = function(s0, s1, s2, s3) {
3338
+ var hiBit = s3 & 1;
3339
+ return {
3340
+ s3: s2 << 31 | s3 >>> 1,
3341
+ s2: s1 << 31 | s2 >>> 1,
3342
+ s1: s0 << 31 | s1 >>> 1,
3343
+ s0: s0 >>> 1 ^ POLY << 24 & -(hiBit & 1)
3344
+ };
3345
+ };
3346
+ var swapLE = function(n) {
3347
+ return (n >>> 0 & 255) << 24 | (n >>> 8 & 255) << 16 | (n >>> 16 & 255) << 8 | n >>> 24 & 255 | 0;
3348
+ };
3349
+ function _toGHASHKey(k) {
3350
+ k.reverse();
3351
+ var hiBit = k[15] & 1;
3352
+ var carry = 0;
3353
+ for(var i = 0; i < k.length; i++){
3354
+ var t = k[i];
3355
+ k[i] = t >>> 1 | carry;
3356
+ carry = (t & 1) << 7;
3357
+ }
3358
+ k[0] ^= -hiBit & 225;
3359
+ return k;
3360
+ }
3361
+ var estimateWindow = function(bytes) {
3362
+ if (bytes > 64 * 1024) return 8;
3363
+ if (bytes > 1024) return 4;
3364
+ return 2;
3365
+ };
3366
+ var GHASH = /*#__PURE__*/ function() {
3367
+ function GHASH(key, expectedLength) {
3368
+ _class_call_check(this, GHASH);
3369
+ this.blockLen = BLOCK_SIZE;
3370
+ this.outputLen = BLOCK_SIZE;
3371
+ this.s0 = 0;
3372
+ this.s1 = 0;
3373
+ this.s2 = 0;
3374
+ this.s3 = 0;
3375
+ this.finished = false;
3376
+ key = toBytes2(key);
3377
+ abytes(key, 16);
3378
+ var kView = createView2(key);
3379
+ var k0 = kView.getUint32(0, false);
3380
+ var k1 = kView.getUint32(4, false);
3381
+ var k2 = kView.getUint32(8, false);
3382
+ var k3 = kView.getUint32(12, false);
3383
+ var doubles = [];
3384
+ for(var i = 0; i < 128; i++){
3385
+ doubles.push({
3386
+ s0: swapLE(k0),
3387
+ s1: swapLE(k1),
3388
+ s2: swapLE(k2),
3389
+ s3: swapLE(k3)
3390
+ });
3391
+ var ref;
3392
+ ref = mul2(k0, k1, k2, k3), k0 = ref.s0, k1 = ref.s1, k2 = ref.s2, k3 = ref.s3, ref;
3393
+ }
3394
+ var W = estimateWindow(expectedLength || 1024);
3395
+ if (![
3396
+ 1,
3397
+ 2,
3398
+ 4,
3399
+ 8
3400
+ ].includes(W)) throw new Error("ghash: invalid window size, expected 2, 4 or 8");
3401
+ this.W = W;
3402
+ var bits = 128;
3403
+ var windows = bits / W;
3404
+ var windowSize = this.windowSize = Math.pow(2, W);
3405
+ var items = [];
3406
+ for(var w = 0; w < windows; w++){
3407
+ for(var byte = 0; byte < windowSize; byte++){
3408
+ var s0 = 0, s1 = 0, s2 = 0, s3 = 0;
3409
+ for(var j = 0; j < W; j++){
3410
+ var bit = byte >>> W - j - 1 & 1;
3411
+ if (!bit) continue;
3412
+ var _doubles_ = doubles[W * w + j], d0 = _doubles_.s0, d1 = _doubles_.s1, d2 = _doubles_.s2, d3 = _doubles_.s3;
3413
+ s0 ^= d0, s1 ^= d1, s2 ^= d2, s3 ^= d3;
3414
+ }
3415
+ items.push({
3416
+ s0: s0,
3417
+ s1: s1,
3418
+ s2: s2,
3419
+ s3: s3
3420
+ });
3421
+ }
3422
+ }
3423
+ this.t = items;
3424
+ }
3425
+ _create_class(GHASH, [
3426
+ {
3427
+ key: "_updateBlock",
3428
+ value: function _updateBlock(s0, s1, s2, s3) {
3429
+ s0 ^= this.s0, s1 ^= this.s1, s2 ^= this.s2, s3 ^= this.s3;
3430
+ var _this = this, W = _this.W, t = _this.t, windowSize = _this.windowSize;
3431
+ var o0 = 0, o1 = 0, o2 = 0, o3 = 0;
3432
+ var mask = (1 << W) - 1;
3433
+ var w = 0;
3434
+ for(var _i = 0, _iter = [
3435
+ s0,
3436
+ s1,
3437
+ s2,
3438
+ s3
3439
+ ]; _i < _iter.length; _i++){
3440
+ var num = _iter[_i];
3441
+ for(var bytePos = 0; bytePos < 4; bytePos++){
3442
+ var byte = num >>> 8 * bytePos & 255;
3443
+ for(var bitPos = 8 / W - 1; bitPos >= 0; bitPos--){
3444
+ var bit = byte >>> W * bitPos & mask;
3445
+ var _t_ = t[w * windowSize + bit], e0 = _t_.s0, e1 = _t_.s1, e2 = _t_.s2, e3 = _t_.s3;
3446
+ o0 ^= e0, o1 ^= e1, o2 ^= e2, o3 ^= e3;
3447
+ w += 1;
3448
+ }
3449
+ }
3450
+ }
3451
+ this.s0 = o0;
3452
+ this.s1 = o1;
3453
+ this.s2 = o2;
3454
+ this.s3 = o3;
3455
+ }
3456
+ },
3457
+ {
3458
+ key: "update",
3459
+ value: function update(data) {
3460
+ data = toBytes2(data);
3461
+ aexists(this);
3462
+ var b32 = u32(data);
3463
+ var blocks = Math.floor(data.length / BLOCK_SIZE);
3464
+ var left = data.length % BLOCK_SIZE;
3465
+ for(var i = 0; i < blocks; i++){
3466
+ this._updateBlock(b32[i * 4 + 0], b32[i * 4 + 1], b32[i * 4 + 2], b32[i * 4 + 3]);
3467
+ }
3468
+ if (left) {
3469
+ ZEROS16.set(data.subarray(blocks * BLOCK_SIZE));
3470
+ this._updateBlock(ZEROS32[0], ZEROS32[1], ZEROS32[2], ZEROS32[3]);
3471
+ clean(ZEROS32);
3472
+ }
3473
+ return this;
3474
+ }
3475
+ },
3476
+ {
3477
+ key: "destroy",
3478
+ value: function destroy() {
3479
+ var t = this.t;
3480
+ var _iteratorNormalCompletion = true, _didIteratorError = false, _iteratorError = undefined;
3481
+ try {
3482
+ for(var _iterator = t[Symbol.iterator](), _step; !(_iteratorNormalCompletion = (_step = _iterator.next()).done); _iteratorNormalCompletion = true){
3483
+ var elm = _step.value;
3484
+ elm.s0 = 0, elm.s1 = 0, elm.s2 = 0, elm.s3 = 0;
3485
+ }
3486
+ } catch (err) {
3487
+ _didIteratorError = true;
3488
+ _iteratorError = err;
3489
+ } finally{
3490
+ try {
3491
+ if (!_iteratorNormalCompletion && _iterator.return != null) {
3492
+ _iterator.return();
3493
+ }
3494
+ } finally{
3495
+ if (_didIteratorError) {
3496
+ throw _iteratorError;
3497
+ }
3498
+ }
3499
+ }
3500
+ }
3501
+ },
3502
+ {
3503
+ key: "digestInto",
3504
+ value: function digestInto(out) {
3505
+ aexists(this);
3506
+ aoutput(out, this);
3507
+ this.finished = true;
3508
+ var _this = this, s0 = _this.s0, s1 = _this.s1, s2 = _this.s2, s3 = _this.s3;
3509
+ var o32 = u32(out);
3510
+ o32[0] = s0;
3511
+ o32[1] = s1;
3512
+ o32[2] = s2;
3513
+ o32[3] = s3;
3514
+ return out;
3515
+ }
3516
+ },
3517
+ {
3518
+ key: "digest",
3519
+ value: function digest() {
3520
+ var res = new Uint8Array(BLOCK_SIZE);
3521
+ this.digestInto(res);
3522
+ this.destroy();
3523
+ return res;
3524
+ }
3525
+ }
3526
+ ]);
3527
+ return GHASH;
3528
+ }();
3529
+ var Polyval = /*#__PURE__*/ function(GHASH) {
3530
+ _inherits(Polyval, GHASH);
3531
+ var _super = _create_super(Polyval);
3532
+ function Polyval(key, expectedLength) {
3533
+ _class_call_check(this, Polyval);
3534
+ key = toBytes2(key);
3535
+ var ghKey = _toGHASHKey(copyBytes(key));
3536
+ var _this = _super.call(this, ghKey, expectedLength);
3537
+ clean(ghKey);
3538
+ return _this;
3539
+ }
3540
+ _create_class(Polyval, [
3541
+ {
3542
+ key: "update",
3543
+ value: function update(data) {
3544
+ data = toBytes2(data);
3545
+ aexists(this);
3546
+ var b32 = u32(data);
3547
+ var left = data.length % BLOCK_SIZE;
3548
+ var blocks = Math.floor(data.length / BLOCK_SIZE);
3549
+ for(var i = 0; i < blocks; i++){
3550
+ this._updateBlock(swapLE(b32[i * 4 + 3]), swapLE(b32[i * 4 + 2]), swapLE(b32[i * 4 + 1]), swapLE(b32[i * 4 + 0]));
3551
+ }
3552
+ if (left) {
3553
+ ZEROS16.set(data.subarray(blocks * BLOCK_SIZE));
3554
+ this._updateBlock(swapLE(ZEROS32[3]), swapLE(ZEROS32[2]), swapLE(ZEROS32[1]), swapLE(ZEROS32[0]));
3555
+ clean(ZEROS32);
3556
+ }
3557
+ return this;
3558
+ }
3559
+ },
3560
+ {
3561
+ key: "digestInto",
3562
+ value: function digestInto(out) {
3563
+ aexists(this);
3564
+ aoutput(out, this);
3565
+ this.finished = true;
3566
+ var _this = this, s0 = _this.s0, s1 = _this.s1, s2 = _this.s2, s3 = _this.s3;
3567
+ var o32 = u32(out);
3568
+ o32[0] = s0;
3569
+ o32[1] = s1;
3570
+ o32[2] = s2;
3571
+ o32[3] = s3;
3572
+ return out.reverse();
3573
+ }
3574
+ }
3575
+ ]);
3576
+ return Polyval;
3577
+ }(GHASH);
3578
+ function wrapConstructorWithKey(hashCons) {
3579
+ var hashC = function(msg, key) {
3580
+ return hashCons(key, msg.length).update(toBytes2(msg)).digest();
3581
+ };
3582
+ var tmp2 = hashCons(new Uint8Array(16), 0);
3583
+ hashC.outputLen = tmp2.outputLen;
3584
+ hashC.blockLen = tmp2.blockLen;
3585
+ hashC.create = function(key, expectedLength) {
3586
+ return hashCons(key, expectedLength);
3587
+ };
3588
+ return hashC;
3589
+ }
3590
+ var ghash = wrapConstructorWithKey(function(key, expectedLength) {
3591
+ return new GHASH(key, expectedLength);
3592
+ });
3593
+ var polyval = wrapConstructorWithKey(function(key, expectedLength) {
3594
+ return new Polyval(key, expectedLength);
3595
+ });
3596
+ // src/sm4/index.ts
3276
3597
  var DECRYPT = 0;
3277
3598
  var ROUND = 32;
3278
3599
  var BLOCK = 16;
@@ -3683,11 +4004,11 @@ function sm4Gcm(inArray, key, ivArray, aadArray, cryptFlag, tagArray) {
3683
4004
  j02.set(ivArray, 0);
3684
4005
  j02[15] = 1;
3685
4006
  } else {
3686
- var g = import_polyval.ghash.create(h2);
4007
+ var g = ghash.create(h2);
3687
4008
  g.update(ivArray);
3688
4009
  var lenIv = new Uint8Array(16);
3689
- var view = (0, import_utils14.createView)(lenIv);
3690
- (0, import_utils14.setBigUint64)(view, 8, BigInt(ivArray.length * 8), false);
4010
+ var view = createView2(lenIv);
4011
+ setBigUint642(view, 8, BigInt(ivArray.length * 8), false);
3691
4012
  g.update(lenIv);
3692
4013
  j02 = g.digest();
3693
4014
  }
@@ -3706,15 +4027,15 @@ function sm4Gcm(inArray, key, ivArray, aadArray, cryptFlag, tagArray) {
3706
4027
  var computeTag = function computeTag(h2, data) {
3707
4028
  var aadLength = aadArray.length;
3708
4029
  var dataLength = data.length;
3709
- var g = import_polyval.ghash.create(h2);
4030
+ var g = ghash.create(h2);
3710
4031
  if (aadLength > 0) {
3711
4032
  g.update(aadArray);
3712
4033
  }
3713
4034
  g.update(data);
3714
4035
  var lenBlock = new Uint8Array(16);
3715
- var view = (0, import_utils14.createView)(lenBlock);
3716
- (0, import_utils14.setBigUint64)(view, 0, BigInt(aadLength * 8), false);
3717
- (0, import_utils14.setBigUint64)(view, 8, BigInt(dataLength * 8), false);
4036
+ var view = createView2(lenBlock);
4037
+ setBigUint642(view, 0, BigInt(aadLength * 8), false);
4038
+ setBigUint642(view, 8, BigInt(dataLength * 8), false);
3718
4039
  g.update(lenBlock);
3719
4040
  return g.digest();
3720
4041
  };
@@ -3897,6 +4218,7 @@ function decrypt(inArray, key) {
3897
4218
  }
3898
4219
  // Annotate the CommonJS export names for ESM import in node:
3899
4220
  0 && (module.exports = {
4221
+ kdf: kdf,
3900
4222
  sm2: sm2,
3901
4223
  sm3: sm3,
3902
4224
  sm4: sm4
@@ -3913,4 +4235,7 @@ function decrypt(inArray, key) {
3913
4235
 
3914
4236
  @noble/curves/esm/abstract/weierstrass.js:
3915
4237
  (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
4238
+
4239
+ @noble/ciphers/esm/utils.js:
4240
+ (*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) *)
3916
4241
  */