gnablib/dist/crypto/sym/Ascon.js

A lean, zero dependency library to provide a useful base for your project.

/*! Copyright 2023-2025 the gnablib contributors MPL-1.1 */
var t,s=this&&this.__classPrivateFieldSet||function(t,s,i,e,h){if("m"===e)throw new TypeError("Private method is not writable");if("a"===e&&!h)throw new TypeError("Private accessor was defined without a setter");if("function"==typeof s?t!==s||!h:!s.has(t))throw new TypeError("Cannot write private member to an object whose class did not declare it");return"a"===e?h.call(t,i):h?h.value=i:s.set(t,i),i},i=this&&this.__classPrivateFieldGet||function(t,s,i,e){if("a"===i&&!e)throw new TypeError("Private accessor was defined without a getter");if("function"==typeof s?t!==s||!e:!s.has(t))throw new TypeError("Cannot read private member from an object whose class did not declare it");return"m"===i?e:"a"===i?e.call(t):e?e.value:s.get(t)};import{U32 as e}from"../../primitive/number/U32Static.js";import{sLen as h}from"../../safe/safe.js";import{xorEq as o}from"../../primitive/xtUint8Array.js";import{ByteWriter as r}from"../../primitive/ByteWriter.js";const a=Uint8Array.of(240,225,210,195,180,165,150,135,120,105,90,75);function n(t,s,i,e){e<<=1,t[s<<=1]^=i[e],t[s+1]^=i[e+1]}function c(t,s){t[s<<=1]=~t[s],t[s+1]=~t[s+1]}function l(t,s,i,e){e<<=1,t[s<<=1]&=i[e],t[s+1]&=i[e+1]}function f(t,s,i){let h=s<<=3,o=s+4;(i&=63)>=32&&(h+=4,o=s,i-=32);const a=e.fromBytesBE(t,h),n=e.fromBytesBE(t,o),c=32-i,l=r.mount(t);l.skip(s),e.intoBytesBE(a>>>i|n<<c,l),e.intoBytesBE(n>>>i|a<<c,l)}class u{constructor(t,s,i){this.blockSize=t,this.aRound=s,this.bRound=i,this.state=new Uint8Array(40),this.s32=new Uint32Array(this.state.buffer),this._sPos=0}p(t){for(let s=0;s<t;s++){this.state[23]^=a[12-t+s],n(this.s32,0,this.s32,4),n(this.s32,4,this.s32,3),n(this.s32,2,this.s32,1);const i=this.s32.slice();c(i,0),c(i,1),c(i,2),c(i,3),c(i,4),l(i,0,this.s32,1),l(i,1,this.s32,2),l(i,2,this.s32,3),l(i,3,this.s32,4),l(i,4,this.s32,0),n(this.s32,0,i,1),n(this.s32,1,i,2),n(this.s32,2,i,3),n(this.s32,3,i,4),n(this.s32,4,i,0),n(this.s32,1,this.s32,0),n(this.s32,0,this.s32,4),n(this.s32,3,this.s32,2),c(this.s32,2);const e=this.state.slice(),h=this.state.slice();f(e,0,19),f(h,0,28),f(e,1,61),f(h,1,39),f(e,2,1),f(h,2,6),f(e,3,10),f(h,3,17),f(e,4,7),f(h,4,41);const o=new Uint32Array(e.buffer),r=new Uint32Array(h.buffer);n(this.s32,0,o,0),n(this.s32,0,r,0),n(this.s32,1,o,1),n(this.s32,1,r,1),n(this.s32,2,o,2),n(this.s32,2,r,2),n(this.s32,3,o,3),n(this.s32,3,r,3),n(this.s32,4,o,4),n(this.s32,4,r,4)}this._sPos=0}}class p extends u{constructor(i,e,r,a,n){super(r,a,n),this.tagSize=16,t.set(this,void 0),this._stage=0,h("nonce",e).exactly(16).throwNot(),s(this,t,i,"f"),this.state[0]=i.length<<3,this.state[1]=r<<3,this.state[2]=a,this.state[3]=n;const c=20-i.length+4;this.state.set(i,c),this.state.set(e,24),this.p(a),o(this.state.subarray(40-i.length),i)}writeAD(t){if(this._stage>1)throw new Error("Associated data can no longer be written");this._stage=1;let s=t.length,i=0;for(;s>=this.blockSize;){for(let s=0;s<this.blockSize;s++)this.state[this._sPos++]^=t[i++];this.p(this.bRound),s-=this.blockSize}for(;i<t.length;)this.state[this._sPos++]^=t[i++]}finalizeAD(){1===this._stage&&(this.state[this._sPos]^=128,this.p(this.bRound)),this.state[39]^=1,this._stage=2}encryptInto(t,s){if(this._stage<2)this.finalizeAD();else if(3==this._stage)throw new Error("Cannot encrypt data after finalization");this._stage=2;let i=s.length,e=0,h=0;for(;i>=this.blockSize;){for(;this._sPos<this.blockSize;)this.state[this._sPos++]^=s[e++];t.set(this.state.subarray(0,this.blockSize),h),this.p(this.bRound),i-=this.blockSize,h+=this.blockSize}if(e<s.length){for(;e<s.length;)this.state[this._sPos++]^=s[e++];t.set(this.state.subarray(0,this._sPos),e-this._sPos)}}decryptInto(t,s){if(this._stage<2)this.finalizeAD();else if(3==this._stage)throw new Error("Cannot decrypt data after finalization");this._stage=2;let i=s.length,e=0,h=this.blockSize-this._sPos;for(t.set(s);i>=this.blockSize;){for(;this._sPos<this.blockSize;)t[e++]^=this.state[this._sPos++];this.state.set(s.subarray(e-h,e)),this.p(this.bRound),i-=this.blockSize,h=this.blockSize}if(e<t.length){for(h=t.length-e;e<t.length;)t[e++]^=this.state[this._sPos++];this.state.set(s.subarray(e-h))}}verify(s){this._stage<2&&this.finalizeAD(),this.state[this._sPos]^=128,this._stage=3;for(let s=0;s<i(this,t,"f").length;s++)this.state[this.blockSize+s]^=i(this,t,"f")[s];this.p(this.aRound);const e=i(this,t,"f").length<16?i(this,t,"f").length:16;for(let s=40-e,h=i(this,t,"f").length-e;s<40;)this.state[s++]^=i(this,t,"f")[h++];let h=0;for(let t=0;t<s.length;t++)h|=s[t]^this.state[24+t];return 0===h}finalize(){this._stage<2&&this.finalizeAD(),this.state[this._sPos++]^=128,this._stage=3;for(let s=0;s<i(this,t,"f").length;s++)this.state[this.blockSize+s]^=i(this,t,"f")[s];this.p(this.aRound);const s=i(this,t,"f").length<16?i(this,t,"f").length:16;for(let e=40-s,h=i(this,t,"f").length-s;e<40;)this.state[e++]^=i(this,t,"f")[h++];return this.state.slice(24)}encryptSize(t){return t}}t=new WeakMap;export class Ascon128 extends p{constructor(t,s){super(t,s,8,12,6),h("key",t).exactly(16).throwNot()}}export class Ascon128a extends p{constructor(t,s){super(t,s,16,12,8),h("key",t).exactly(16).throwNot()}}export class Ascon80pq extends p{constructor(t,s){super(t,s,8,12,6),h("key",t).exactly(20).throwNot()}}class b extends u{constructor(t,s,i,e,h){super(t,s,i),this.size=e,this.xof=h,this.state[1]=t<<3,this.state[2]=s,this.state[3]=s-i,this.xof||(this.state[6]=1),this.p(s)}write(t){let s=t.length,i=this.blockSize-this._sPos,e=0;for(;s>=i;){for(;this._sPos<this.blockSize;)this.state[this._sPos++]^=t[e++];this.p(this.bRound),s-=this.blockSize,i=this.blockSize}for(;e<t.length;)this.state[this._sPos++]^=t[e++]}sum(){return this.clone().sumIn()}sumIn(){this.state[this._sPos++]^=128;const t=new Uint8Array(this.size);this.p(this.aRound);let s=0;for(;s+this.blockSize<this.size;)t.set(this.state.subarray(0,this.blockSize),s),s+=this.blockSize,this.p(this.bRound);return t.set(this.state.subarray(0,this.size-s),s),t}reset(){this.s32.fill(0),this.state[1]=this.blockSize<<3,this.state[2]=this.aRound,this.state[3]=this.aRound-this.bRound,this.xof||(this.state[6]=1),this._sPos=0,this.p(this.aRound)}newEmpty(){return new b(this.blockSize,this.aRound,this.bRound,this.size,this.xof)}clone(){const t=new b(this.blockSize,this.aRound,this.bRound,this.size,this.xof);return t.state.set(this.state),t._sPos=this._sPos,t}}export class AsconHash extends b{constructor(){super(8,12,12,32,!1)}}export class AsconHashA extends b{constructor(){super(8,12,8,32,!1)}}export class AsconXof extends b{constructor(t){super(8,12,12,t,!0)}}export class AsconXofA extends b{constructor(t){super(8,12,8,t,!0)}}