crystals-kyber-js/script/src/sha3/_u64.js

An ML-KEM/CRYSTALS-KYBER implementation written in TypeScript for various JavaScript runtimes

/**
 * This file is based on noble-hashes (https://github.com/paulmillr/noble-hashes).
 *
 * noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com)
 *
 * The original file is located at:
 * https://github.com/paulmillr/noble-hashes/blob/4e358a46d682adfb005ae6314ec999f2513086b9/src/_u64.ts
 */
(function (factory) {
    if (typeof module === "object" && typeof module.exports === "object") {
        var v = factory(require, exports);
        if (v !== undefined) module.exports = v;
    }
    else if (typeof define === "function" && define.amd) {
        define(["require", "exports"], factory);
    }
})(function (require, exports) {
    "use strict";
    Object.defineProperty(exports, "__esModule", { value: true });
    exports.toBig = exports.shrSL = exports.shrSH = exports.rotrSL = exports.rotrSH = exports.rotrBL = exports.rotrBH = exports.rotr32L = exports.rotr32H = exports.rotlSL = exports.rotlSH = exports.rotlBL = exports.rotlBH = exports.add5L = exports.add5H = exports.add4L = exports.add4H = exports.add3L = exports.add3H = void 0;
    exports.add = add;
    exports.fromBig = fromBig;
    exports.split = split;
    /**
     * Internal helpers for u64. BigUint64Array is too slow as per 2025, so we implement it using Uint32Array.
     * @todo re-check https://issues.chromium.org/issues/42212588
     * @module
     */
    const U32_MASK64 = 0xffffffffn;
    const _32n = 32n;
    function fromBig(n, le = false) {
        if (le) {
            return { h: Number(n & U32_MASK64), l: Number((n >> _32n) & U32_MASK64) };
        }
        return {
            h: Number((n >> _32n) & U32_MASK64) | 0,
            l: Number(n & U32_MASK64) | 0,
        };
    }
    function split(lst, le = false) {
        const len = lst.length;
        const Ah = new Uint32Array(len);
        const Al = new Uint32Array(len);
        for (let i = 0; i < len; i++) {
            const { h, l } = fromBig(lst[i], le);
            [Ah[i], Al[i]] = [h, l];
        }
        return [Ah, Al];
    }
    const toBig = (h, l) => (BigInt(h >>> 0) << _32n) | BigInt(l >>> 0);
    exports.toBig = toBig;
    // for Shift in [0, 32)
    const shrSH = (h, _l, s) => h >>> s;
    exports.shrSH = shrSH;
    const shrSL = (h, l, s) => (h << (32 - s)) | (l >>> s);
    exports.shrSL = shrSL;
    // Right rotate for Shift in [1, 32)
    const rotrSH = (h, l, s) => (h >>> s) | (l << (32 - s));
    exports.rotrSH = rotrSH;
    const rotrSL = (h, l, s) => (h << (32 - s)) | (l >>> s);
    exports.rotrSL = rotrSL;
    // Right rotate for Shift in (32, 64), NOTE: 32 is special case.
    const rotrBH = (h, l, s) => (h << (64 - s)) | (l >>> (s - 32));
    exports.rotrBH = rotrBH;
    const rotrBL = (h, l, s) => (h >>> (s - 32)) | (l << (64 - s));
    exports.rotrBL = rotrBL;
    // Right rotate for shift===32 (just swaps l&h)
    const rotr32H = (_h, l) => l;
    exports.rotr32H = rotr32H;
    const rotr32L = (h, _l) => h;
    exports.rotr32L = rotr32L;
    // Left rotate for Shift in [1, 32)
    const rotlSH = (h, l, s) => (h << s) | (l >>> (32 - s));
    exports.rotlSH = rotlSH;
    const rotlSL = (h, l, s) => (l << s) | (h >>> (32 - s));
    exports.rotlSL = rotlSL;
    // Left rotate for Shift in (32, 64), NOTE: 32 is special case.
    const rotlBH = (h, l, s) => (l << (s - 32)) | (h >>> (64 - s));
    exports.rotlBH = rotlBH;
    const rotlBL = (h, l, s) => (h << (s - 32)) | (l >>> (64 - s));
    exports.rotlBL = rotlBL;
    // JS uses 32-bit signed integers for bitwise operations which means we cannot
    // simple take carry out of low bit sum by shift, we need to use division.
    function add(Ah, Al, Bh, Bl) {
        const l = (Al >>> 0) + (Bl >>> 0);
        return { h: (Ah + Bh + ((l / 2 ** 32) | 0)) | 0, l: l | 0 };
    }
    // Addition with more than 2 elements
    const add3L = (Al, Bl, Cl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0);
    exports.add3L = add3L;
    const add3H = (low, Ah, Bh, Ch) => (Ah + Bh + Ch + ((low / 2 ** 32) | 0)) | 0;
    exports.add3H = add3H;
    const add4L = (Al, Bl, Cl, Dl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0);
    exports.add4L = add4L;
    const add4H = (low, Ah, Bh, Ch, Dh) => (Ah + Bh + Ch + Dh + ((low / 2 ** 32) | 0)) | 0;
    exports.add4H = add4H;
    const add5L = (Al, Bl, Cl, Dl, El) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0) + (El >>> 0);
    exports.add5L = add5L;
    const add5H = (low, Ah, Bh, Ch, Dh, Eh) => (Ah + Bh + Ch + Dh + Eh + ((low / 2 ** 32) | 0)) | 0;
    exports.add5H = add5H;
    // prettier-ignore
    const u64 = {
        fromBig,
        split,
        toBig,
        shrSH,
        shrSL,
        rotrSH,
        rotrSL,
        rotrBH,
        rotrBL,
        rotr32H,
        rotr32L,
        rotlSH,
        rotlSL,
        rotlBH,
        rotlBL,
        add,
        add3L,
        add3H,
        add4L,
        add4H,
        add5H,
        add5L,
    };
    exports.default = u64;
});