UNPKG

@protontech/openpgp

Version:

OpenPGP.js is a Javascript implementation of the OpenPGP protocol. This is defined in RFC 4880.

openpgpjs.org

ProtonMail/openpgpjs

6 lines (5 loc) 12.7 kB
1
2
3
4
5
6
/*! OpenPGP.js v6.1.1-patch.4 - 2025-07-14 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ "undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self&&self;import{c as e,r as t,l as n,s as r,f as o,g as c,m as s,d}from"./sha3.min.mjs"; /*! noble-post-quantum - MIT License (c) 2024 Paul Miller (paulmillr.com) */const l=e,u=t;function f(e,t){if(e.length!==t.length)return!1;let n=0;for(let r=0;r<e.length;r++)n|=e[r]^t[r];return 0===n}function i(...e){const t=e=>"number"==typeof e?e:e.bytesLen,n=e.reduce(((e,n)=>e+t(n)),0);return{bytesLen:n,encode:r=>{const o=new Uint8Array(n);for(let n=0,c=0;n<e.length;n++){const s=e[n],d=t(s),u="number"==typeof s?r[n]:s.encode(r[n]);l(u,d),o.set(u,c),"number"!=typeof s&&u.fill(0),c+=d}return o},decode:r=>{l(r,n);const o=[];for(const n of e){const e=t(n),c=r.subarray(0,e);o.push("number"==typeof n?c:n.decode(c)),r=r.subarray(e)}return o}}}function a(e,t){const n=t*e.bytesLen;return{bytesLen:n,encode:r=>{if(r.length!==t)throw Error(`vecCoder.encode: wrong length=${r.length}. Expected: ${t}`);const o=new Uint8Array(n);for(let t=0,n=0;t<r.length;t++){const c=e.encode(r[t]);o.set(c,n),c.fill(0),n+=c.length}return o},decode:t=>{l(t,n);const r=[];for(let n=0;n<t.length;n+=e.bytesLen)r.push(e.decode(t.subarray(n,n+e.bytesLen)));return r}}}function y(...e){for(const t of e)if(Array.isArray(t))for(const e of t)e.fill(0);else t.fill(0)}function p(e){return(1<<e)-1} /*! noble-post-quantum - MIT License (c) 2024 Paul Miller (paulmillr.com) */function h(e,t=8){const n=e.toString(2).padStart(8,"0").slice(-t).padStart(7,"0").split("").reverse().join("");return Number.parseInt(n,2)}const g=e=>{const{newPoly:t,N:n,Q:r,F:o,ROOT_OF_UNITY:c,brvBits:s,isKyber:d}=e,l=(e,t=r)=>{const n=e%t|0;return 0|(n>=0?n:t+n)};const u=function(){const e=t(n);for(let t=0;t<n;t++){const n=h(t,s),o=BigInt(c)**BigInt(n)%BigInt(r);e[t]=0|Number(o)}return e}(),f=d?128:n,i=d?1:0,a={encode:e=>{for(let t=1,r=128;r>i;r>>=1)for(let o=0;o<n;o+=2*r){const n=u[t++];for(let t=o;t<o+r;t++){const o=l(n*e[t+r]);e[t+r]=0|l(e[t]-o),e[t]=0|l(e[t]+o)}}return e},decode:e=>{for(let t=f-1,r=1+i;r<f+i;r<<=1)for(let o=0;o<n;o+=2*r){const n=u[t--];for(let t=o;t<o+r;t++){const o=e[t];e[t]=l(o+e[t+r]),e[t+r]=l(n*(e[t+r]-o))}}for(let t=0;t<e.length;t++)e[t]=l(o*e[t]);return e}};return{mod:l,smod:(e,t=r)=>{const n=0|l(e,t);return 0|(n>t>>1?n-t:n)},nttZetas:u,NTT:a,bitsCoder:(e,r)=>{const o=p(e),c=e*(n/8);return{bytesLen:c,encode:t=>{const n=new Uint8Array(c);for(let c=0,s=0,d=0,l=0;c<t.length;c++)for(s|=(r.encode(t[c])&o)<<d,d+=e;d>=8;d-=8,s>>=8)n[l++]=s&p(d);return n},decode:c=>{const s=t(n);for(let t=0,n=0,d=0,l=0;t<c.length;t++)for(n|=c[t]<<d,d+=8;d>=e;d-=e,n>>=e)s[l++]=r.decode(n&o);return s}}}}},b=e=>(t,n)=>{n||(n=e.blockLen);const r=new Uint8Array(t.length+2);r.set(t);const o=t.length,c=new Uint8Array(n);let s=e.create({}),d=0,l=0;return{stats:()=>({calls:d,xofs:l}),get:(t,n)=>(r[o+0]=t,r[o+1]=n,s.destroy(),s=e.create({}).update(r),d++,()=>(l++,s.xofInto(c))),clean:()=>{s.destroy(),c.fill(0),r.fill(0)}}},A=/* @__PURE__ */b(n),L=/* @__PURE__ */b(r),w=256,T=3329,{mod:E,nttZetas:m,NTT:K,bitsCoder:U}=g({N:w,Q:T,F:3303,ROOT_OF_UNITY:17,newPoly:e=>new Uint16Array(e),brvBits:7,isKyber:!0}),k=e=>U(e,(e=>{if(e>=12)return{encode:e=>e,decode:e=>e};const t=2**(e-1);return{encode:t=>((t<<e)+T/2)/T,decode:n=>n*T+t>>>e}})(e));function M(e,t){for(let n=0;n<w;n++)e[n]=E(e[n]+t[n])}function B(e,t){for(let s=0;s<128;s++){let d=m[64+(s>>1)];1&s&&(d=-d);const{c0:l,c1:u}=(n=e[2*s+0],r=e[2*s+1],o=t[2*s+0],c=t[2*s+1],{c0:E(r*c*d+n*o),c1:E(n*c+r*o)});e[2*s+0]=l,e[2*s+1]=u}var n,r,o,c;return e}function O(e){const t=new Uint16Array(w);for(let n=0;n<w;){const r=e();if(r.length%3)throw Error("SampleNTT: unaligned block");for(let e=0;n<w&&e+3<=r.length;e+=3){const o=4095&(r[e+0]|r[e+1]<<8),c=4095&(r[e+1]>>4|r[e+2]<<4);o<T&&(t[n++]=o),n<w&&c<T&&(t[n++]=c)}}return t}function F(e,t,n,r){const o=e(r*w/4,t,n),c=new Uint16Array(w),d=s(o);let l=0;for(let e=0,t=0,n=0,o=0;e<d.length;e++){let s=d[e];for(let e=0;e<32;e++)n+=1&s,s>>=1,l+=1,l===r?(o=n,n=0):l===2*r&&(c[t++]=E(o-n),n=0,l=0)}if(l)throw Error("sampleCBD: leftover bits: "+l);return c}const S=e=>{const{K:t,PRF:n,XOF:r,HASH512:o,ETA1:c,ETA2:s,du:d,dv:l}=e,u=k(1),f=k(l),p=k(d),h=i(a(k(12),t),32),g=a(k(12),t),b=i(a(p,t),f),A=i(32,32);return{secretCoder:g,secretKeyLen:g.bytesLen,publicKeyLen:h.bytesLen,cipherTextLen:b.bytesLen,keygen:e=>{const s=new Uint8Array(33);s.set(e),s[32]=t;const d=o(s),[l,u]=A.decode(d),f=[],i=[];for(let e=0;e<t;e++)f.push(K.encode(F(n,u,e,c)));const a=r(l);for(let e=0;e<t;e++){const r=K.encode(F(n,u,t+e,c));for(let n=0;n<t;n++){M(r,B(O(a.get(n,e)),f[n]))}i.push(r)}a.clean();const p={publicKey:h.encode([i,l]),secretKey:g.encode(f)};return y(l,u,f,i,s,d),p},encrypt:(e,o,d)=>{const[l,f]=h.decode(e),i=[];for(let e=0;e<t;e++)i.push(K.encode(F(n,d,e,c)));const a=r(f),p=new Uint16Array(w),g=[];for(let e=0;e<t;e++){const r=F(n,d,t+e,s),o=new Uint16Array(w);for(let n=0;n<t;n++){M(o,B(O(a.get(e,n)),i[n]))}M(r,K.decode(o)),g.push(r),M(p,B(l[e],i[e])),o.fill(0)}a.clean();const A=F(n,d,2*t,s);M(A,K.decode(p));const L=u.decode(o);return M(L,A),y(l,i,p,A),b.encode([g,L])},decrypt:(e,n)=>{const[r,o]=b.decode(e),c=g.decode(n),s=new Uint16Array(w);for(let e=0;e<t;e++)M(s,B(c[e],K.encode(r[e])));return function(e,t){for(let n=0;n<w;n++)e[n]=E(e[n]-t[n])}(o,K.decode(s)),y(s,c,r),u.encode(o)}}};function v(e){const t=S(e),{HASH256:n,HASH512:r,KDF:o}=e,{secretCoder:c,cipherTextLen:s}=t,d=t.publicKeyLen,a=i(t.secretKeyLen,t.publicKeyLen,32,32),p=a.bytesLen;return{publicKeyLen:d,msgLen:32,keygen:(e=u(64))=>{l(e,64);const{publicKey:r,secretKey:o}=t.keygen(e.subarray(0,32)),c=n(r),s=a.encode([o,r,c,e.subarray(32)]);return y(o,c),{publicKey:r,secretKey:s}},encapsulate:(o,s=u(32))=>{l(o,d),l(s,32);const i=o.subarray(0,384*e.K),a=c.encode(c.decode(i.slice()));if(!f(a,i))throw y(a),Error("ML-KEM.encapsulate: wrong publicKey modulus");y(a);const p=r.create().update(s).update(n(o)).digest(),h=t.encrypt(o,s,p.subarray(32,64));return p.subarray(32).fill(0),{cipherText:h,sharedSecret:p.subarray(0,32)}},decapsulate:(e,n)=>{l(n,p),l(e,s);const[c,d,u,i]=a.decode(n),h=t.decrypt(e,c),g=r.create().update(h).update(u).digest(),b=g.subarray(0,32),A=t.encrypt(d,h,g.subarray(32,64)),L=f(e,A),w=o.create({dkLen:32}).update(i).update(e).digest();return y(h,A,L?w:b),L?b:w}}}const N=/* @__PURE__ */v({...{HASH256:o,HASH512:c,KDF:r,XOF:A,PRF:function(e,t,n){return r.create({dkLen:e}).update(t).update(new Uint8Array([n])).digest()}},...{N:w,Q:T,K:3,ETA1:2,ETA2:2,du:10,dv:4,RBGstrength:192}}),R=256,_=8380417,I=13,H=0|Math.floor((_-1)/88),C=0|Math.floor((_-1)/32),x={K:6,L:5,D:I,GAMMA1:2**19,GAMMA2:C,TAU:49,ETA:4,OMEGA:55},G=e=>new Int32Array(e),{mod:Y,smod:D,NTT:P,bitsCoder:X}=g({N:R,Q:_,F:8347681,ROOT_OF_UNITY:1753,newPoly:G,isKyber:!1,brvBits:8}),$=e=>e,Q=(e,t=$,n=$)=>X(e,{encode:e=>t(n(e)),decode:e=>n(t(e))}),j=(e,t)=>{for(let n=0;n<e.length;n++)e[n]=Y(e[n]+t[n]);return e},W=(e,t)=>{for(let n=0;n<e.length;n++)e[n]=Y(e[n]-t[n]);return e},Z=e=>{for(let t=0;t<R;t++)e[t]<<=I;return e},q=(e,t)=>{for(let n=0;n<R;n++)if(Math.abs(D(e[n]))>=t)return!0;return!1},z=(e,t)=>{const n=G(R);for(let r=0;r<e.length;r++)n[r]=Y(e[r]*t[r]);return n};function J(e){const t=G(R);for(let n=0;n<R;){const r=e();if(r.length%3)throw Error("RejNTTPoly: unaligned block");for(let e=0;n<R&&e<=r.length-3;e+=3){const o=8388607&(r[e+0]|r[e+1]<<8|r[e+2]<<16);o<_&&(t[n++]=o)}}return t}const V=new Uint8Array(0);function ee(e){const{K:t,L:n,GAMMA1:o,GAMMA2:c,TAU:s,ETA:p,OMEGA:h}=e,{CRH_BYTES:g,TR_BYTES:b,C_TILDE_BYTES:A,XOF128:L,XOF256:w}=e;if(![2,4].includes(p))throw Error("Wrong ETA");if(![1<<17,1<<19].includes(o))throw Error("Wrong GAMMA1");if(![H,C].includes(c))throw Error("Wrong GAMMA2");const T=s*p,E=e=>{const t=Y(e),n=0|D(t,2*c);if(t-n==_-1)return{r1:0,r0:n-1|0};return{r1:0|Math.floor((t-n)/(2*c)),r0:n}},m=e=>E(e).r1,K=e=>E(e).r0,U=(e,t)=>{const n=Math.floor((_-1)/(2*c)),{r1:r,r0:o}=E(t);return 1===e?o>0?0|Y(r+1,n):0|Y(r-1,n):0|r},k=e=>{const t=Y(e),n=0|D(t,8192);return{r1:0|Math.floor((t-n)/8192),r0:n}},M={bytesLen:h+t,encode:e=>{if(!1===e)throw Error("hint.encode: hint is false");const n=new Uint8Array(h+t);for(let r=0,o=0;r<t;r++){for(let t=0;t<R;t++)0!==e[r][t]&&(n[o++]=t);n[h+r]=o}return n},decode:e=>{const n=[];let r=0;for(let o=0;o<t;o++){const t=G(R);if(e[h+o]<r||e[h+o]>h)return!1;for(let n=r;n<e[h+o];n++){if(n>r&&e[n]<=e[n-1])return!1;t[e[n]]=1}r=e[h+o],n.push(t)}for(let t=r;t<h;t++)if(0!==e[t])return!1;return n}},B=Q(2===p?3:4,(e=>p-e),(e=>{if(!(-p<=e&&e<=p))throw Error(`malformed key s1/s3 ${e} outside of ETA range [${-p}, ${p}]`);return e})),O=Q(13,(e=>4096-e)),F=Q(10),S=Q(o===1<<17?18:20,(e=>D(o-e))),v=a(Q(c===H?6:4),t),N=i(32,a(F,t)),I=i(32,32,b,a(B,n),a(B,t),a(O,t)),x=i(A,a(S,n),M),X=2===p?e=>e<15&&2-e%5:e=>e<9&&4-e;function $(e){const t=G(R);for(let n=0;n<R;){const r=e();for(let e=0;n<R&&e<r.length;e+=1){const o=X(15&r[e]),c=X(r[e]>>4&15);!1!==o&&(t[n++]=o),n<R&&!1!==c&&(t[n++]=c)}}return t}const ee=e=>{const t=G(R),n=r.create({}).update(e),o=new Uint8Array(r.blockLen);n.xofInto(o);const c=o.slice(0,8);for(let e=R-s,d=8,l=0,u=0;e<R;e++){let s=e+1;for(;s>e;)s=o[d++],d<r.blockLen||(n.xofInto(o),d=0);t[e]=t[s],t[s]=1-((c[l]>>u++&1)<<1),u>=8&&(l++,u=0)}return t},te=e=>{const t=G(R),n=G(R);for(let r=0;r<e.length;r++){const{r0:o,r1:c}=k(e[r]);t[r]=o,n[r]=c}return{r0:t,r1:n}},ne=(e,t)=>{for(let n=0;n<R;n++)e[n]=U(t[n],e[n]);return e},re=(e,t)=>{const n=G(R);let r=0;for(let d=0;d<R;d++){const l=(o=e[d],s=t[d],o<=c||o>_-c||o===_-c&&0===s?0:1);n[d]=l,r+=l}var o,s;return{v:n,cnt:r}},oe=i(32,64,32),ce={signRandBytes:32,keygen:(e=u(32))=>{const o=new Uint8Array(34);o.set(e),o[32]=t,o[33]=n;const[c,s,d]=oe.decode(r(o,{dkLen:oe.bytesLen})),l=w(s),f=[];for(let e=0;e<n;e++)f.push($(l.get(255&e,e>>8&255)));const i=[];for(let e=n;e<n+t;e++)i.push($(l.get(255&e,e>>8&255)));const a=f.map((e=>P.encode(e.slice()))),p=[],h=[],g=L(c),A=G(R);for(let e=0;e<t;e++){A.fill(0);for(let t=0;t<n;t++){const n=J(g.get(t,e));j(A,z(n,a[t]))}P.decode(A);const{r0:t,r1:r}=te(j(A,i[e]));p.push(t),h.push(r)}const T=N.encode([c,h]),E=r(T,{dkLen:b}),m=I.encode([c,d,E,f,i,p]);return g.clean(),l.clean(),y(c,s,d,f,i,a,A,p,h,E,o),{publicKey:T,secretKey:m}},sign:(e,s,d)=>{const[u,f,i,a,p,b]=I.decode(e),E=[],U=L(u);for(let e=0;e<t;e++){const t=[];for(let r=0;r<n;r++)t.push(J(U.get(r,e)));E.push(t)}U.clean();for(let e=0;e<n;e++)P.encode(a[e]);for(let e=0;e<t;e++)P.encode(p[e]),P.encode(b[e]);const k=r.create({dkLen:g}).update(i).update(s).digest(),M=d||new Uint8Array(32);l(M);const B=r.create({dkLen:g}).update(f).update(M).update(k).digest();l(B,g);const O=w(B,S.bytesLen);e:for(let e=0;;){const s=[];for(let t=0;t<n;t++,e++)s.push(S.decode(O.get(255&e,e>>8)()));const d=s.map((e=>P.encode(e.slice()))),l=[];for(let e=0;e<t;e++){const t=G(R);for(let r=0;r<n;r++)j(t,z(E[e][r],d[r]));P.decode(t),l.push(t)}const u=l.map((e=>e.map(m))),f=r.create({dkLen:A}).update(k).update(v.encode(u)).digest(),i=P.encode(ee(f)),g=a.map((e=>z(e,i)));for(let e=0;e<n;e++)if(j(P.decode(g[e]),s[e]),q(g[e],o-T))continue e;let L=0;const w=[];for(let e=0;e<t;e++){const t=P.decode(z(p[e],i)),n=W(l[e],t).map(K);if(q(n,c-T))continue e;const r=P.decode(z(b[e],i));if(q(r,c))continue e;j(n,r);const o=re(n,u[e]);w.push(o.v),L+=o.cnt}if(L>h)continue;O.clean();const U=x.encode([f,g,w]);return y(f,g,w,i,u,l,d,s,B,k,a,p,b,...E),U}throw Error("Unreachable code path reached, report this error")},verify:(e,c,s)=>{const[d,l]=N.decode(e),u=r(e,{dkLen:b});if(s.length!==x.bytesLen)return!1;const[i,a,y]=x.decode(s);if(!1===y)return!1;for(let e=0;e<n;e++)if(q(a[e],o-T))return!1;const p=r.create({dkLen:g}).update(u).update(c).digest(),w=P.encode(ee(i)),E=a.map((e=>e.slice()));for(let e=0;e<n;e++)P.encode(E[e]);const m=[],K=L(d);for(let e=0;e<t;e++){const t=z(P.encode(Z(l[e])),w),r=G(R);for(let t=0;t<n;t++){const n=J(K.get(t,e));j(r,z(n,E[t]))}const o=P.decode(W(r,t));m.push(ne(o,y[e]))}K.clean();const U=r.create({dkLen:A}).update(p).update(v.encode(m)).digest();for(const e of y){if(!(e.reduce(((e,t)=>e+t),0)<=h))return!1}for(const e of a)if(q(e,o-T))return!1;return f(i,U)}},se=(e,t=V)=>{if(l(e),l(t),t.length>255)throw Error("context should be less than 255 bytes");return d(new Uint8Array([0,t.length]),t,e)};return{internal:ce,keygen:ce.keygen,signRandBytes:ce.signRandBytes,sign:(e,t,n=V,r)=>{const o=se(t,n),c=ce.sign(e,o,r);return o.fill(0),c},verify:(e,t,n,r=V)=>ce.verify(e,se(t,r),n)}}const te=/* @__PURE__ */ee({...x,CRH_BYTES:64,TR_BYTES:64,C_TILDE_BYTES:48,XOF128:A,XOF256:L});export{te as ml_dsa65,N as ml_kem768}; //# sourceMappingURL=noble_post_quantum.min.mjs.map