kyberkotlin
Version:
ML-KEM (NIST FIPS 203) optimized implementation on 100% Kotlin.
1,149 lines • 73.2 kB
JavaScript
(function (factory) {
if (typeof define === 'function' && define.amd)
define(['exports', './kotlin-kotlin-stdlib.js', './KeccakKotlin.js', './random-library-crypto-rand.js'], factory);
else if (typeof exports === 'object')
factory(module.exports, require('./kotlin-kotlin-stdlib.js'), require('./KeccakKotlin.js'), require('./random-library-crypto-rand.js'));
else {
if (typeof globalThis['kotlin-kotlin-stdlib'] === 'undefined') {
throw new Error("Error loading module 'asia.hombre:KyberKotlin'. Its dependency 'kotlin-kotlin-stdlib' was not found. Please, check whether 'kotlin-kotlin-stdlib' is loaded prior to 'asia.hombre:KyberKotlin'.");
}
if (typeof KeccakKotlin === 'undefined') {
throw new Error("Error loading module 'asia.hombre:KyberKotlin'. Its dependency 'KeccakKotlin' was not found. Please, check whether 'KeccakKotlin' is loaded prior to 'asia.hombre:KyberKotlin'.");
}
if (typeof globalThis['random-library-crypto-rand'] === 'undefined') {
throw new Error("Error loading module 'asia.hombre:KyberKotlin'. Its dependency 'random-library-crypto-rand' was not found. Please, check whether 'random-library-crypto-rand' is loaded prior to 'asia.hombre:KyberKotlin'.");
}
globalThis['asia.hombre:KyberKotlin'] = factory(typeof globalThis['asia.hombre:KyberKotlin'] === 'undefined' ? {} : globalThis['asia.hombre:KyberKotlin'], globalThis['kotlin-kotlin-stdlib'], KeccakKotlin, globalThis['random-library-crypto-rand']);
}
}(function (_, kotlin_kotlin, kotlin_asia_hombre_KeccakKotlin, kotlin_org_kotlincrypto_random_crypto_rand) {
'use strict';
//region block: imports
var imul = Math.imul;
var copyOfRange = kotlin_kotlin.$_$.t;
var protoOf = kotlin_kotlin.$_$.q1;
var initMetadataForCompanion = kotlin_kotlin.$_$.i1;
var arrayCopy = kotlin_kotlin.$_$.p;
var Unit_instance = kotlin_kotlin.$_$.o;
var getKClassFromExpression = kotlin_kotlin.$_$.a;
var THROW_CCE = kotlin_kotlin.$_$.c2;
var contentEquals = kotlin_kotlin.$_$.q;
var contentHashCode = kotlin_kotlin.$_$.r;
var defineProp = kotlin_kotlin.$_$.e1;
var initMetadataForClass = kotlin_kotlin.$_$.h1;
var initMetadataForObject = kotlin_kotlin.$_$.j1;
var KeccakHash_instance = kotlin_asia_hombre_KeccakKotlin.$_$.f;
var KeccakParameter_SHA3_256_getInstance = kotlin_asia_hombre_KeccakKotlin.$_$.b;
var Default_getInstance = kotlin_org_kotlincrypto_random_crypto_rand.$_$.a;
var KeccakParameter_SHA3_512_getInstance = kotlin_asia_hombre_KeccakKotlin.$_$.c;
var fill = kotlin_kotlin.$_$.w;
var fillArrayVal = kotlin_kotlin.$_$.f1;
var toByte = kotlin_kotlin.$_$.r1;
var fill_0 = kotlin_kotlin.$_$.v;
var THROW_IAE = kotlin_kotlin.$_$.d2;
var Enum = kotlin_kotlin.$_$.y1;
var VOID = kotlin_kotlin.$_$.b;
var Exception = kotlin_kotlin.$_$.z1;
var Exception_init_$Init$ = kotlin_kotlin.$_$.e;
var captureStack = kotlin_kotlin.$_$.b1;
var copyOfRange_0 = kotlin_kotlin.$_$.s;
var KeccakParameter_SHAKE_256_getInstance = kotlin_asia_hombre_KeccakKotlin.$_$.e;
var compareTo = kotlin_kotlin.$_$.d1;
var booleanArray = kotlin_kotlin.$_$.z;
var _UByte___init__impl__g9hnc4 = kotlin_kotlin.$_$.k;
var _UByte___get_data__impl__jof9qr = kotlin_kotlin.$_$.l;
var ArithmeticException_init_$Create$ = kotlin_kotlin.$_$.c;
var until = kotlin_kotlin.$_$.v1;
var step = kotlin_kotlin.$_$.u1;
var KeccakParameter_SHAKE_128_getInstance = kotlin_asia_hombre_KeccakKotlin.$_$.d;
var KeccakByteStream = kotlin_asia_hombre_KeccakKotlin.$_$.a;
var get_lastIndex = kotlin_kotlin.$_$.y;
//endregion
//region block: pre-declaration
initMetadataForCompanion(Companion);
initMetadataForClass(KyberCipherText, 'KyberCipherText');
initMetadataForObject(KyberConstants, 'KyberConstants');
initMetadataForCompanion(Companion_0);
initMetadataForClass(KyberDecapsulationKey, 'KyberDecapsulationKey');
initMetadataForCompanion(Companion_1);
initMetadataForClass(KyberDecryptionKey, 'KyberDecryptionKey');
initMetadataForCompanion(Companion_2);
initMetadataForClass(KyberEncapsulationKey, 'KyberEncapsulationKey');
initMetadataForClass(KyberEncapsulationResult, 'KyberEncapsulationResult');
initMetadataForCompanion(Companion_3);
initMetadataForClass(KyberEncryptionKey, 'KyberEncryptionKey');
initMetadataForClass(KyberKEMKeyPair, 'KyberKEMKeyPair');
initMetadataForObject(PKEGenerator, 'PKEGenerator');
initMetadataForObject(KyberKeyGenerator, 'KyberKeyGenerator');
initMetadataForClass(KyberPKEKeyPair, 'KyberPKEKeyPair');
initMetadataForCompanion(Companion_4);
initMetadataForClass(KyberParameter, 'KyberParameter', VOID, Enum);
initMetadataForClass(InvalidKyberKeyException, 'InvalidKyberKeyException', VOID, Exception);
initMetadataForClass(UnsupportedKyberVariantException, 'UnsupportedKyberVariantException', VOID, Exception);
initMetadataForObject(KyberAgreement, 'KyberAgreement');
initMetadataForObject(KyberMath, 'KyberMath');
//endregion
function Companion() {
}
protoOf(Companion).fromBytes = function (bytes) {
var parameter = Companion_instance_4.findByCipherTextSize(bytes.length);
var encodedCoefficientsSize = imul(32, imul(parameter.DU, parameter.K));
return new KyberCipherText(Companion_instance_4.findByCipherTextSize(bytes.length), copyOfRange(bytes, 0, encodedCoefficientsSize), copyOfRange(bytes, encodedCoefficientsSize, bytes.length));
};
var Companion_instance;
function Companion_getInstance() {
return Companion_instance;
}
function KyberCipherText(parameter, encodedCoefficients, encodedTerms) {
this.parameter = parameter;
var tmp = this;
// Inline function 'kotlin.collections.copyOf' call
// Inline function 'kotlin.js.asDynamic' call
tmp.i4_1 = encodedCoefficients.slice();
var tmp_0 = this;
// Inline function 'kotlin.collections.copyOf' call
// Inline function 'kotlin.js.asDynamic' call
tmp_0.j4_1 = encodedTerms.slice();
}
protoOf(KyberCipherText).k4 = function () {
return this.parameter;
};
protoOf(KyberCipherText).l4 = function () {
return this.i4_1;
};
protoOf(KyberCipherText).m4 = function () {
return this.j4_1;
};
protoOf(KyberCipherText).n4 = function () {
var output = new Int8Array(this.parameter.CIPHERTEXT_LENGTH);
var tmp0 = this.i4_1;
// Inline function 'kotlin.collections.copyInto' call
var endIndex = tmp0.length;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
var tmp = tmp0;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
arrayCopy(tmp, output, 0, 0, endIndex);
var tmp5 = this.j4_1;
// Inline function 'kotlin.collections.copyInto' call
var destinationOffset = this.i4_1.length;
var endIndex_0 = tmp5.length;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
var tmp_0 = tmp5;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
arrayCopy(tmp_0, output, destinationOffset, 0, endIndex_0);
return output;
};
protoOf(KyberCipherText).copy = function () {
return new KyberCipherText(this.parameter, this.i4_1, this.j4_1);
};
protoOf(KyberCipherText).decapsulate = function (decapsulationKey) {
return KyberAgreement_instance.o4(decapsulationKey, this);
};
protoOf(KyberCipherText).equals = function (other) {
if (this === other)
return true;
if (other == null || !getKClassFromExpression(this).equals(getKClassFromExpression(other)))
return false;
if (!(other instanceof KyberCipherText))
THROW_CCE();
if (!this.parameter.equals(other.parameter))
return false;
if (!contentEquals(this.i4_1, other.i4_1))
return false;
if (!contentEquals(this.j4_1, other.j4_1))
return false;
return true;
};
protoOf(KyberCipherText).hashCode = function () {
var result = this.parameter.hashCode();
result = imul(31, result) + contentHashCode(this.i4_1) | 0;
result = imul(31, result) + contentHashCode(this.j4_1) | 0;
return result;
};
function KyberConstants() {
KyberConstants_instance = this;
this.N = 256;
this.N_BYTES = 32;
this.Q = 3329;
this.Q_INV = -62209;
this.Q_HALF = 1665;
this.BARRETT_APPROX = 20159;
this.MONT_R2 = 1353;
this.SECRET_KEY_LENGTH = 32;
this.ENCODE_SIZE = 384;
var tmp = this;
// Inline function 'kotlin.intArrayOf' call
tmp.PRECOMPUTED_ZETAS_TABLE = new Int32Array([1, 2571, 2970, 1812, 1493, 1422, 287, 202, 3158, 622, 1577, 182, 962, 2127, 1855, 1468, 573, 2004, 264, 383, 2500, 1458, 1727, 3199, 2648, 1017, 732, 608, 1787, 411, 3124, 1758, 1223, 652, 2777, 1015, 2036, 1491, 3047, 1785, 516, 3321, 3009, 2663, 1711, 2167, 126, 1469, 2476, 3239, 3058, 830, 107, 1908, 3082, 2378, 2931, 961, 1821, 2604, 448, 2264, 677, 2054, 2226, 430, 555, 843, 2078, 871, 1550, 105, 422, 587, 177, 3094, 3038, 2869, 1574, 1653, 3083, 778, 1159, 3182, 2552, 1483, 2727, 1119, 1739, 644, 2457, 349, 418, 329, 3173, 3254, 817, 1097, 603, 610, 1322, 2044, 1864, 384, 2114, 3193, 1218, 1994, 2455, 220, 2142, 1670, 2144, 1799, 2051, 794, 1819, 2475, 2459, 478, 3221, 3021, 996, 991, 958, 1869, 1522, 1628]);
var tmp_0 = this;
// Inline function 'kotlin.intArrayOf' call
tmp_0.PRECOMPUTED_GAMMAS_TABLE = new Int32Array([2226, 1103, 430, 2899, 555, 2774, 843, 2486, 2078, 1251, 871, 2458, 1550, 1779, 105, 3224, 422, 2907, 587, 2742, 177, 3152, 3094, 235, 3038, 291, 2869, 460, 1574, 1755, 1653, 1676, 3083, 246, 778, 2551, 1159, 2170, 3182, 147, 2552, 777, 1483, 1846, 2727, 602, 1119, 2210, 1739, 1590, 644, 2685, 2457, 872, 349, 2980, 418, 2911, 329, 3000, 3173, 156, 3254, 75, 817, 2512, 1097, 2232, 603, 2726, 610, 2719, 1322, 2007, 2044, 1285, 1864, 1465, 384, 2945, 2114, 1215, 3193, 136, 1218, 2111, 1994, 1335, 2455, 874, 220, 3109, 2142, 1187, 1670, 1659, 2144, 1185, 1799, 1530, 2051, 1278, 794, 2535, 1819, 1510, 2475, 854, 2459, 870, 478, 2851, 3221, 108, 3021, 308, 996, 2333, 991, 2338, 958, 2371, 1869, 1460, 1522, 1807, 1628, 1701]);
}
protoOf(KyberConstants).p4 = function () {
return this.N;
};
protoOf(KyberConstants).q4 = function () {
return this.N_BYTES;
};
protoOf(KyberConstants).r4 = function () {
return this.Q;
};
protoOf(KyberConstants).s4 = function () {
return this.Q_INV;
};
protoOf(KyberConstants).t4 = function () {
return this.Q_HALF;
};
protoOf(KyberConstants).u4 = function () {
return this.BARRETT_APPROX;
};
protoOf(KyberConstants).v4 = function () {
return this.MONT_R2;
};
protoOf(KyberConstants).w4 = function () {
return this.SECRET_KEY_LENGTH;
};
protoOf(KyberConstants).x4 = function () {
return this.ENCODE_SIZE;
};
protoOf(KyberConstants).y4 = function () {
return this.PRECOMPUTED_ZETAS_TABLE;
};
protoOf(KyberConstants).z4 = function () {
return this.PRECOMPUTED_GAMMAS_TABLE;
};
var KyberConstants_instance;
function KyberConstants_getInstance() {
if (KyberConstants_instance == null)
new KyberConstants();
return KyberConstants_instance;
}
function Companion_0() {
}
protoOf(Companion_0).fromBytes = function (bytes) {
var parameter = Companion_instance_4.findByDecapsulationKeySize(bytes.length);
var decryptionKey = Companion_instance_1.fromBytes(copyOfRange(bytes, 0, parameter.DECRYPTION_KEY_LENGTH));
var encryptionKey = Companion_instance_3.fromBytes(copyOfRange(bytes, parameter.DECRYPTION_KEY_LENGTH, parameter.DECRYPTION_KEY_LENGTH + parameter.ENCRYPTION_KEY_LENGTH | 0));
var hash = copyOfRange(bytes, bytes.length - 64 | 0, bytes.length - 32 | 0);
var randomSeed = copyOfRange(bytes, bytes.length - 32 | 0, bytes.length);
return new KyberDecapsulationKey(decryptionKey, encryptionKey, hash, randomSeed);
};
var Companion_instance_0;
function Companion_getInstance_0() {
return Companion_instance_0;
}
function KyberDecapsulationKey(key, encryptionKey, hash, randomSeed) {
this.a5_1 = key;
this.encryptionKey = encryptionKey;
var tmp = this;
// Inline function 'kotlin.collections.copyOf' call
// Inline function 'kotlin.js.asDynamic' call
tmp.b5_1 = hash.slice();
var tmp_0 = this;
// Inline function 'kotlin.collections.copyOf' call
// Inline function 'kotlin.js.asDynamic' call
tmp_0.c5_1 = randomSeed.slice();
var ekHash = KeccakHash_instance.generate(KeccakParameter_SHA3_256_getInstance(), this.encryptionKey.fullBytes, 32);
if (!contentEquals(ekHash, hash))
throw new InvalidKyberKeyException('Hash Check failed! This is not a valid Decapsulation Key.');
this.parameter = this.a5_1.d5_1;
}
protoOf(KyberDecapsulationKey).f5 = function () {
return this.a5_1;
};
protoOf(KyberDecapsulationKey).g5 = function () {
return this.encryptionKey;
};
protoOf(KyberDecapsulationKey).h5 = function () {
return this.b5_1;
};
protoOf(KyberDecapsulationKey).i5 = function () {
return this.c5_1;
};
protoOf(KyberDecapsulationKey).k4 = function () {
return this.parameter;
};
protoOf(KyberDecapsulationKey).n4 = function () {
var output = new Int8Array(this.a5_1.d5_1.DECAPSULATION_KEY_LENGTH);
var tmp0 = this.a5_1.e5_1;
// Inline function 'kotlin.collections.copyInto' call
var endIndex = tmp0.length;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
var tmp = tmp0;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
arrayCopy(tmp, output, 0, 0, endIndex);
var tmp5 = this.encryptionKey.fullBytes;
// Inline function 'kotlin.collections.copyInto' call
var destinationOffset = this.a5_1.e5_1.length;
var endIndex_0 = tmp5.length;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
var tmp_0 = tmp5;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
arrayCopy(tmp_0, output, destinationOffset, 0, endIndex_0);
var tmp10 = this.b5_1;
// Inline function 'kotlin.collections.copyInto' call
var destinationOffset_0 = this.a5_1.e5_1.length + this.encryptionKey.fullBytes.length | 0;
var endIndex_1 = tmp10.length;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
var tmp_1 = tmp10;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
arrayCopy(tmp_1, output, destinationOffset_0, 0, endIndex_1);
var tmp15 = this.c5_1;
// Inline function 'kotlin.collections.copyInto' call
var destinationOffset_1 = output.length - this.c5_1.length | 0;
var endIndex_2 = tmp15.length;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
var tmp_2 = tmp15;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
arrayCopy(tmp_2, output, destinationOffset_1, 0, endIndex_2);
return output;
};
protoOf(KyberDecapsulationKey).copy = function () {
return new KyberDecapsulationKey(this.a5_1.copy(), this.encryptionKey, this.b5_1, this.c5_1);
};
protoOf(KyberDecapsulationKey).decapsulate = function (cipherText) {
return KyberAgreement_instance.o4(this, cipherText);
};
protoOf(KyberDecapsulationKey).equals = function (other) {
if (this === other)
return true;
if (other == null || !getKClassFromExpression(this).equals(getKClassFromExpression(other)))
return false;
if (!(other instanceof KyberDecapsulationKey))
THROW_CCE();
if (!this.a5_1.equals(other.a5_1))
return false;
if (!this.encryptionKey.equals(other.encryptionKey))
return false;
if (!contentEquals(this.b5_1, other.b5_1))
return false;
if (!contentEquals(this.c5_1, other.c5_1))
return false;
if (!this.parameter.equals(other.parameter))
return false;
return true;
};
protoOf(KyberDecapsulationKey).hashCode = function () {
var result = this.a5_1.hashCode();
result = imul(31, result) + this.encryptionKey.hashCode() | 0;
result = imul(31, result) + contentHashCode(this.b5_1) | 0;
result = imul(31, result) + contentHashCode(this.c5_1) | 0;
result = imul(31, result) + this.parameter.hashCode() | 0;
return result;
};
function Companion_1() {
}
protoOf(Companion_1).fromBytes = function (bytes) {
return new KyberDecryptionKey(Companion_instance_4.findByDecryptionKeySize(bytes.length), bytes);
};
var Companion_instance_1;
function Companion_getInstance_1() {
return Companion_instance_1;
}
function KyberDecryptionKey(parameter, keyBytes) {
this.d5_1 = parameter;
var tmp = this;
// Inline function 'kotlin.collections.copyOf' call
// Inline function 'kotlin.js.asDynamic' call
tmp.e5_1 = keyBytes.slice();
var coefficients = KyberMath_instance.j5(keyBytes, 12);
var inductionVariable = 0;
var last = coefficients.length;
while (inductionVariable < last) {
var c = coefficients[inductionVariable];
inductionVariable = inductionVariable + 1 | 0;
if (!KyberMath_instance.k5(c))
throw new InvalidKyberKeyException('Not modulus of 3329');
}
}
protoOf(KyberDecryptionKey).k4 = function () {
return this.d5_1;
};
protoOf(KyberDecryptionKey).l5 = function () {
return this.e5_1;
};
protoOf(KyberDecryptionKey).n4 = function () {
// Inline function 'kotlin.collections.copyOf' call
// Inline function 'kotlin.js.asDynamic' call
return this.e5_1.slice();
};
protoOf(KyberDecryptionKey).copy = function () {
return new KyberDecryptionKey(this.d5_1, this.e5_1);
};
protoOf(KyberDecryptionKey).equals = function (other) {
if (this === other)
return true;
if (other == null || !getKClassFromExpression(this).equals(getKClassFromExpression(other)))
return false;
if (!(other instanceof KyberDecryptionKey))
THROW_CCE();
if (!this.d5_1.equals(other.d5_1))
return false;
if (!contentEquals(this.e5_1, other.e5_1))
return false;
return true;
};
protoOf(KyberDecryptionKey).hashCode = function () {
var result = this.d5_1.hashCode();
result = imul(31, result) + contentHashCode(this.e5_1) | 0;
return result;
};
function Companion_2() {
}
protoOf(Companion_2).fromBytes = function (bytes) {
return new KyberEncapsulationKey(Companion_instance_3.fromBytes(bytes));
};
var Companion_instance_2;
function Companion_getInstance_2() {
return Companion_instance_2;
}
function KyberEncapsulationKey(key) {
this.m5_1 = key;
}
protoOf(KyberEncapsulationKey).f5 = function () {
return this.m5_1;
};
protoOf(KyberEncapsulationKey).n4 = function () {
// Inline function 'kotlin.collections.copyOf' call
// Inline function 'kotlin.js.asDynamic' call
return this.m5_1.fullBytes.slice();
};
protoOf(KyberEncapsulationKey).copy = function () {
return new KyberEncapsulationKey(this.m5_1.copy());
};
protoOf(KyberEncapsulationKey).encapsulate = function () {
var tmp = KyberAgreement_instance;
// Inline function 'kotlin.apply' call
var this_0 = new Int8Array(32);
// Inline function 'asia.hombre.kyber.KyberEncapsulationKey.encapsulate.<anonymous>' call
Default_getInstance().a3(this_0);
return tmp.n5(this, this_0);
};
protoOf(KyberEncapsulationKey).equals = function (other) {
if (this === other)
return true;
if (other == null || !getKClassFromExpression(this).equals(getKClassFromExpression(other)))
return false;
if (!(other instanceof KyberEncapsulationKey))
THROW_CCE();
return this.m5_1.equals(other.m5_1);
};
protoOf(KyberEncapsulationKey).hashCode = function () {
return this.m5_1.hashCode();
};
function KyberEncapsulationResult(sharedSecretKey_, cipherText_) {
this.o5_1 = sharedSecretKey_;
this.p5_1 = cipherText_;
}
protoOf(KyberEncapsulationResult).q5 = function () {
// Inline function 'kotlin.collections.copyOf' call
// Inline function 'kotlin.js.asDynamic' call
return this.o5_1.slice();
};
protoOf(KyberEncapsulationResult).r5 = function () {
return this.sharedSecretKey;
};
protoOf(KyberEncapsulationResult).s5 = function () {
return this.p5_1.copy();
};
function Companion_3() {
}
protoOf(Companion_3).fromBytes = function (bytes) {
var keyLength = bytes.length - 32 | 0;
return new KyberEncryptionKey(Companion_instance_4.findByEncryptionKeySize(bytes.length), copyOfRange(bytes, 0, keyLength), copyOfRange(bytes, keyLength, bytes.length));
};
var Companion_instance_3;
function Companion_getInstance_3() {
return Companion_instance_3;
}
function KyberEncryptionKey(parameter, keyBytes, nttSeed) {
this.t5_1 = parameter;
var tmp = this;
// Inline function 'kotlin.collections.copyOf' call
// Inline function 'kotlin.js.asDynamic' call
tmp.u5_1 = keyBytes.slice();
var tmp_0 = this;
// Inline function 'kotlin.collections.copyOf' call
// Inline function 'kotlin.js.asDynamic' call
tmp_0.v5_1 = nttSeed.slice();
var coefficients = KyberMath_instance.j5(keyBytes, 12);
var inductionVariable = 0;
var last = coefficients.length;
while (inductionVariable < last) {
var c = coefficients[inductionVariable];
inductionVariable = inductionVariable + 1 | 0;
if (!KyberMath_instance.k5(c))
throw new InvalidKyberKeyException('Not modulus of 3329');
}
}
protoOf(KyberEncryptionKey).k4 = function () {
return this.t5_1;
};
protoOf(KyberEncryptionKey).l5 = function () {
return this.u5_1;
};
protoOf(KyberEncryptionKey).w5 = function () {
return this.v5_1;
};
protoOf(KyberEncryptionKey).n4 = function () {
var output = new Int8Array(this.t5_1.ENCAPSULATION_KEY_LENGTH);
var tmp0 = this.u5_1;
// Inline function 'kotlin.collections.copyInto' call
var endIndex = tmp0.length;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
var tmp = tmp0;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
arrayCopy(tmp, output, 0, 0, endIndex);
var tmp5 = this.v5_1;
// Inline function 'kotlin.collections.copyInto' call
var destinationOffset = this.u5_1.length;
var endIndex_0 = tmp5.length;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
var tmp_0 = tmp5;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
arrayCopy(tmp_0, output, destinationOffset, 0, endIndex_0);
return output;
};
protoOf(KyberEncryptionKey).copy = function () {
return new KyberEncryptionKey(this.t5_1, this.u5_1, this.v5_1);
};
protoOf(KyberEncryptionKey).equals = function (other) {
if (this === other)
return true;
if (other == null || !getKClassFromExpression(this).equals(getKClassFromExpression(other)))
return false;
if (!(other instanceof KyberEncryptionKey))
THROW_CCE();
if (!this.t5_1.equals(other.t5_1))
return false;
if (!contentEquals(this.u5_1, other.u5_1))
return false;
if (!contentEquals(this.v5_1, other.v5_1))
return false;
return true;
};
protoOf(KyberEncryptionKey).hashCode = function () {
var result = this.t5_1.hashCode();
result = imul(31, result) + contentHashCode(this.u5_1) | 0;
result = imul(31, result) + contentHashCode(this.v5_1) | 0;
return result;
};
function KyberKEMKeyPair(encapsulationKey, decapsulationKey) {
this.encapsulationKey = encapsulationKey;
this.decapsulationKey = decapsulationKey;
}
protoOf(KyberKEMKeyPair).x5 = function () {
return this.encapsulationKey;
};
protoOf(KyberKEMKeyPair).y5 = function () {
return this.decapsulationKey;
};
protoOf(KyberKEMKeyPair).copy = function () {
return new KyberKEMKeyPair(this.encapsulationKey.copy(), this.decapsulationKey.copy());
};
protoOf(KyberKEMKeyPair).equals = function (other) {
if (this === other)
return true;
if (other == null || !getKClassFromExpression(this).equals(getKClassFromExpression(other)))
return false;
if (!(other instanceof KyberKEMKeyPair))
THROW_CCE();
if (!this.encapsulationKey.equals(other.encapsulationKey))
return false;
if (!this.decapsulationKey.equals(other.decapsulationKey))
return false;
return true;
};
protoOf(KyberKEMKeyPair).hashCode = function () {
var result = this.encapsulationKey.hashCode();
result = imul(31, result) + this.decapsulationKey.hashCode() | 0;
return result;
};
function PKEGenerator() {
}
protoOf(PKEGenerator).z5 = function (parameter, byteArray) {
var seeds = KeccakHash_instance.generate(KeccakParameter_SHA3_512_getInstance(), byteArray);
fill(byteArray, 0);
var nttSeed = copyOfRange(seeds, 0, 32);
var cbdSeed = copyOfRange(seeds, 32, 64);
fill(seeds, 0);
var tmp = 0;
var tmp_0 = parameter.K;
// Inline function 'kotlin.arrayOfNulls' call
var tmp_1 = fillArrayVal(Array(tmp_0), null);
while (tmp < tmp_0) {
var tmp_2 = tmp;
var tmp_3 = 0;
var tmp_4 = parameter.K;
// Inline function 'kotlin.arrayOfNulls' call
var tmp_5 = fillArrayVal(Array(tmp_4), null);
while (tmp_3 < tmp_4) {
tmp_5[tmp_3] = new Int32Array(256);
tmp_3 = tmp_3 + 1 | 0;
}
tmp_1[tmp_2] = tmp_5;
tmp = tmp + 1 | 0;
}
var matrix = tmp_1;
var tmp_6 = 0;
var tmp_7 = parameter.K;
// Inline function 'kotlin.arrayOfNulls' call
var tmp_8 = fillArrayVal(Array(tmp_7), null);
while (tmp_6 < tmp_7) {
tmp_8[tmp_6] = new Int32Array(256);
tmp_6 = tmp_6 + 1 | 0;
}
var secretVector = tmp_8;
var tmp_9 = 0;
var tmp_10 = parameter.K;
// Inline function 'kotlin.arrayOfNulls' call
var tmp_11 = fillArrayVal(Array(tmp_10), null);
while (tmp_9 < tmp_10) {
tmp_11[tmp_9] = new Int32Array(256);
tmp_9 = tmp_9 + 1 | 0;
}
var noiseVector = tmp_11;
var inductionVariable = 0;
var last = parameter.K;
if (inductionVariable < last)
do {
var nonce = inductionVariable;
var i = inductionVariable;
inductionVariable = inductionVariable + 1 | 0;
var inductionVariable_0 = 0;
var last_0 = parameter.K;
if (inductionVariable_0 < last_0)
do {
var j = inductionVariable_0;
inductionVariable_0 = inductionVariable_0 + 1 | 0;
matrix[i][j] = KyberMath_instance.b6(KyberMath_instance.a6(nttSeed, toByte(i), toByte(j)));
}
while (inductionVariable_0 < last_0);
secretVector[i] = KyberMath_instance.d6(parameter.ETA1, KyberMath_instance.c6(parameter.ETA1, cbdSeed, toByte(nonce)));
secretVector[i] = KyberMath_instance.e6(secretVector[i]);
noiseVector[i] = KyberMath_instance.d6(parameter.ETA1, KyberMath_instance.c6(parameter.ETA1, cbdSeed, toByte(nonce + parameter.K | 0)));
noiseVector[i] = KyberMath_instance.e6(noiseVector[i]);
}
while (inductionVariable < last);
fill(cbdSeed, 0);
var systemVector = KyberMath_instance.g6(KyberMath_instance.f6(matrix, secretVector, true), noiseVector);
var encryptionKeyBytes = new Int8Array(parameter.ENCRYPTION_KEY_LENGTH - 32 | 0);
var decryptionKeyBytes = new Int8Array(parameter.DECRYPTION_KEY_LENGTH);
var inductionVariable_1 = 0;
var last_1 = parameter.K;
if (inductionVariable_1 < last_1)
do {
var i_0 = inductionVariable_1;
inductionVariable_1 = inductionVariable_1 + 1 | 0;
var inductionVariable_2 = 0;
var last_2 = parameter.K;
if (inductionVariable_2 < last_2)
do {
var j_0 = inductionVariable_2;
inductionVariable_2 = inductionVariable_2 + 1 | 0;
fill_0(matrix[i_0][j_0], 0);
}
while (inductionVariable_2 < last_2);
fill_0(noiseVector[i_0], 0);
var tmp4 = KyberMath_instance.i6(KyberMath_instance.h6(systemVector[i_0]), 12);
// Inline function 'kotlin.collections.copyInto' call
var destinationOffset = imul(i_0, 384);
var endIndex = tmp4.length;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
var tmp_12 = tmp4;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
arrayCopy(tmp_12, encryptionKeyBytes, destinationOffset, 0, endIndex);
var tmp9 = KyberMath_instance.i6(KyberMath_instance.h6(secretVector[i_0]), 12);
// Inline function 'kotlin.collections.copyInto' call
var destinationOffset_0 = imul(i_0, 384);
var endIndex_0 = tmp9.length;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
var tmp_13 = tmp9;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
arrayCopy(tmp_13, decryptionKeyBytes, destinationOffset_0, 0, endIndex_0);
}
while (inductionVariable_1 < last_1);
return new KyberPKEKeyPair(new KyberEncryptionKey(parameter, encryptionKeyBytes, nttSeed), new KyberDecryptionKey(parameter, decryptionKeyBytes));
};
var PKEGenerator_instance;
function PKEGenerator_getInstance() {
return PKEGenerator_instance;
}
function KyberKeyGenerator() {
}
protoOf(KyberKeyGenerator).generate = function (parameter) {
// Inline function 'kotlin.apply' call
var this_0 = new Int8Array(32);
// Inline function 'asia.hombre.kyber.KyberKeyGenerator.generate.<anonymous>' call
Default_getInstance().a3(this_0);
var tmp = this_0;
// Inline function 'kotlin.apply' call
var this_1 = new Int8Array(32);
// Inline function 'asia.hombre.kyber.KyberKeyGenerator.generate.<anonymous>' call
Default_getInstance().a3(this_1);
return this.j6(parameter, tmp, this_1);
};
protoOf(KyberKeyGenerator).j6 = function (parameter, randomSeed, pkeSeed) {
var pkeKeyPair = PKEGenerator_instance.z5(parameter, pkeSeed);
var hash = KeccakHash_instance.generate(KeccakParameter_SHA3_256_getInstance(), pkeKeyPair.encryptionKey.fullBytes, 32);
return new KyberKEMKeyPair(new KyberEncapsulationKey(pkeKeyPair.encryptionKey), new KyberDecapsulationKey(pkeKeyPair.decryptionKey, pkeKeyPair.encryptionKey, hash, randomSeed));
};
var KyberKeyGenerator_instance;
function KyberKeyGenerator_getInstance() {
return KyberKeyGenerator_instance;
}
function KyberPKEKeyPair(encryptionKey, decryptionKey) {
this.encryptionKey = encryptionKey;
this.decryptionKey = decryptionKey;
}
protoOf(KyberPKEKeyPair).g5 = function () {
return this.encryptionKey;
};
protoOf(KyberPKEKeyPair).k6 = function () {
return this.decryptionKey;
};
protoOf(KyberPKEKeyPair).copy = function () {
return new KyberPKEKeyPair(this.encryptionKey.copy(), this.decryptionKey.copy());
};
protoOf(KyberPKEKeyPair).equals = function (other) {
if (this === other)
return true;
if (other == null || !getKClassFromExpression(this).equals(getKClassFromExpression(other)))
return false;
if (!(other instanceof KyberPKEKeyPair))
THROW_CCE();
if (!this.encryptionKey.equals(other.encryptionKey))
return false;
if (!this.decryptionKey.equals(other.decryptionKey))
return false;
return true;
};
protoOf(KyberPKEKeyPair).hashCode = function () {
var result = this.encryptionKey.hashCode();
result = imul(31, result) + this.decryptionKey.hashCode() | 0;
return result;
};
var KyberParameter_ML_KEM_512_instance;
var KyberParameter_ML_KEM_768_instance;
var KyberParameter_ML_KEM_1024_instance;
function Companion_4() {
}
protoOf(Companion_4).findByCipherTextSize = function (length) {
var tmp;
if (length === KyberParameter_ML_KEM_512_getInstance().CIPHERTEXT_LENGTH) {
tmp = KyberParameter_ML_KEM_512_getInstance();
} else if (length === KyberParameter_ML_KEM_768_getInstance().CIPHERTEXT_LENGTH) {
tmp = KyberParameter_ML_KEM_768_getInstance();
} else if (length === KyberParameter_ML_KEM_1024_getInstance().CIPHERTEXT_LENGTH) {
tmp = KyberParameter_ML_KEM_1024_getInstance();
} else {
throw new UnsupportedKyberVariantException('Cipher Text byte length is either bigger or smaller than expected.');
}
return tmp;
};
protoOf(Companion_4).findByEncryptionKeySize = function (length) {
var tmp;
if (length === KyberParameter_ML_KEM_512_getInstance().ENCAPSULATION_KEY_LENGTH) {
tmp = KyberParameter_ML_KEM_512_getInstance();
} else if (length === KyberParameter_ML_KEM_768_getInstance().ENCAPSULATION_KEY_LENGTH) {
tmp = KyberParameter_ML_KEM_768_getInstance();
} else if (length === KyberParameter_ML_KEM_1024_getInstance().ENCAPSULATION_KEY_LENGTH) {
tmp = KyberParameter_ML_KEM_1024_getInstance();
} else {
throw new UnsupportedKyberVariantException('Encryption Key byte length is either bigger or smaller than expected.');
}
return tmp;
};
protoOf(Companion_4).findByEncapsulationKeySize = function (length) {
var tmp;
try {
tmp = this.findByEncryptionKeySize(length);
} catch ($p) {
var tmp_0;
if ($p instanceof UnsupportedKyberVariantException) {
var exception = $p;
throw new UnsupportedKyberVariantException('Encapsulation Key byte length is either bigger or smaller than expected.');
} else {
throw $p;
}
}
return tmp;
};
protoOf(Companion_4).findByDecryptionKeySize = function (length) {
var tmp;
if (length === KyberParameter_ML_KEM_512_getInstance().DECRYPTION_KEY_LENGTH) {
tmp = KyberParameter_ML_KEM_512_getInstance();
} else if (length === KyberParameter_ML_KEM_768_getInstance().DECRYPTION_KEY_LENGTH) {
tmp = KyberParameter_ML_KEM_768_getInstance();
} else if (length === KyberParameter_ML_KEM_1024_getInstance().DECRYPTION_KEY_LENGTH) {
tmp = KyberParameter_ML_KEM_1024_getInstance();
} else {
throw new UnsupportedKyberVariantException('Decryption Key byte length is either bigger or smaller than expected.');
}
return tmp;
};
protoOf(Companion_4).findByDecapsulationKeySize = function (length) {
var tmp;
if (length === KyberParameter_ML_KEM_512_getInstance().DECAPSULATION_KEY_LENGTH) {
tmp = KyberParameter_ML_KEM_512_getInstance();
} else if (length === KyberParameter_ML_KEM_768_getInstance().DECAPSULATION_KEY_LENGTH) {
tmp = KyberParameter_ML_KEM_768_getInstance();
} else if (length === KyberParameter_ML_KEM_1024_getInstance().DECAPSULATION_KEY_LENGTH) {
tmp = KyberParameter_ML_KEM_1024_getInstance();
} else {
throw new UnsupportedKyberVariantException('Decapsulation Key byte length is either bigger or smaller than expected.');
}
return tmp;
};
var Companion_instance_4;
function Companion_getInstance_4() {
return Companion_instance_4;
}
function values() {
return [KyberParameter_ML_KEM_512_getInstance(), KyberParameter_ML_KEM_768_getInstance(), KyberParameter_ML_KEM_1024_getInstance()];
}
function valueOf(value) {
switch (value) {
case 'ML_KEM_512':
return KyberParameter_ML_KEM_512_getInstance();
case 'ML_KEM_768':
return KyberParameter_ML_KEM_768_getInstance();
case 'ML_KEM_1024':
return KyberParameter_ML_KEM_1024_getInstance();
default:
KyberParameter_initEntries();
THROW_IAE('No enum constant value.');
break;
}
}
var KyberParameter_entriesInitialized;
function KyberParameter_initEntries() {
if (KyberParameter_entriesInitialized)
return Unit_instance;
KyberParameter_entriesInitialized = true;
KyberParameter_ML_KEM_512_instance = new KyberParameter('ML_KEM_512', 0, 2, 3, 2, 10, 4);
KyberParameter_ML_KEM_768_instance = new KyberParameter('ML_KEM_768', 1, 3, 2, 2, 10, 4);
KyberParameter_ML_KEM_1024_instance = new KyberParameter('ML_KEM_1024', 2, 4, 2, 2, 11, 5);
}
function KyberParameter(name, ordinal, K, ETA1, ETA2, DU, DV) {
Enum.call(this, name, ordinal);
this.K = K;
this.ETA1 = ETA1;
this.ETA2 = ETA2;
this.DU = DU;
this.DV = DV;
this.CIPHERTEXT_LENGTH = imul(32, imul(this.DU, this.K) + this.DV | 0);
this.DECRYPTION_KEY_LENGTH = imul(384, this.K);
this.ENCRYPTION_KEY_LENGTH = this.DECRYPTION_KEY_LENGTH + 32 | 0;
this.ENCAPSULATION_KEY_LENGTH = this.ENCRYPTION_KEY_LENGTH;
this.DECAPSULATION_KEY_LENGTH = (this.ENCAPSULATION_KEY_LENGTH + this.DECRYPTION_KEY_LENGTH | 0) + 64 | 0;
}
protoOf(KyberParameter).l6 = function () {
return this.K;
};
protoOf(KyberParameter).m6 = function () {
return this.ETA1;
};
protoOf(KyberParameter).n6 = function () {
return this.ETA2;
};
protoOf(KyberParameter).o6 = function () {
return this.DU;
};
protoOf(KyberParameter).p6 = function () {
return this.DV;
};
protoOf(KyberParameter).q6 = function () {
return this.CIPHERTEXT_LENGTH;
};
protoOf(KyberParameter).r6 = function () {
return this.DECRYPTION_KEY_LENGTH;
};
protoOf(KyberParameter).s6 = function () {
return this.ENCRYPTION_KEY_LENGTH;
};
protoOf(KyberParameter).t6 = function () {
return this.ENCAPSULATION_KEY_LENGTH;
};
protoOf(KyberParameter).u6 = function () {
return this.DECAPSULATION_KEY_LENGTH;
};
function KyberParameter_ML_KEM_512_getInstance() {
KyberParameter_initEntries();
return KyberParameter_ML_KEM_512_instance;
}
function KyberParameter_ML_KEM_768_getInstance() {
KyberParameter_initEntries();
return KyberParameter_ML_KEM_768_instance;
}
function KyberParameter_ML_KEM_1024_getInstance() {
KyberParameter_initEntries();
return KyberParameter_ML_KEM_1024_instance;
}
function InvalidKyberKeyException(message) {
Exception_init_$Init$('This may not be an ML-KEM Key! Reason: ' + message, this);
captureStack(this, InvalidKyberKeyException);
this.v6_1 = message;
}
protoOf(InvalidKyberKeyException).m1 = function () {
return this.v6_1;
};
function UnsupportedKyberVariantException(message) {
Exception_init_$Init$('This ML-KEM variant is not yet supported! Reason: ' + message, this);
captureStack(this, UnsupportedKyberVariantException);
this.w6_1 = message;
}
protoOf(UnsupportedKyberVariantException).m1 = function () {
return this.w6_1;
};
function toCipherText($this, encryptionKey, plainText, randomness) {
var parameter = encryptionKey.t5_1;
var decodedKey = KyberMath_instance.j5(encryptionKey.u5_1, 12);
var tmp = 0;
var tmp_0 = parameter.K;
// Inline function 'kotlin.arrayOfNulls' call
var tmp_1 = fillArrayVal(Array(tmp_0), null);
while (tmp < tmp_0) {
tmp_1[tmp] = new Int32Array(256);
tmp = tmp + 1 | 0;
}
var nttKeyVector = tmp_1;
var nttSeed = encryptionKey.v5_1;
var tmp_2 = 0;
var tmp_3 = parameter.K;
// Inline function 'kotlin.arrayOfNulls' call
var tmp_4 = fillArrayVal(Array(tmp_3), null);
while (tmp_2 < tmp_3) {
var tmp_5 = tmp_2;
var tmp_6 = 0;
var tmp_7 = parameter.K;
// Inline function 'kotlin.arrayOfNulls' call
var tmp_8 = fillArrayVal(Array(tmp_7), null);
while (tmp_6 < tmp_7) {
tmp_8[tmp_6] = new Int32Array(256);
tmp_6 = tmp_6 + 1 | 0;
}
tmp_4[tmp_5] = tmp_8;
tmp_2 = tmp_2 + 1 | 0;
}
var matrix = tmp_4;
var tmp_9 = 0;
var tmp_10 = parameter.K;
// Inline function 'kotlin.arrayOfNulls' call
var tmp_11 = fillArrayVal(Array(tmp_10), null);
while (tmp_9 < tmp_10) {
tmp_11[tmp_9] = new Int32Array(256);
tmp_9 = tmp_9 + 1 | 0;
}
var randomnessVector = tmp_11;
var tmp_12 = 0;
var tmp_13 = parameter.K;
// Inline function 'kotlin.arrayOfNulls' call
var tmp_14 = fillArrayVal(Array(tmp_13), null);
while (tmp_12 < tmp_13) {
tmp_14[tmp_12] = new Int32Array(256);
tmp_12 = tmp_12 + 1 | 0;
}
var noiseVector = tmp_14;
var inductionVariable = 0;
var last = parameter.K;
if (inductionVariable < last)
do {
var n = inductionVariable;
var i = inductionVariable;
inductionVariable = inductionVariable + 1 | 0;
var tmp6 = nttKeyVector[i];
var tmp8 = imul(256, i);
// Inline function 'kotlin.collections.copyInto' call
var endIndex = imul(256, i + 1 | 0);
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
var tmp_15 = decodedKey;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
arrayCopy(tmp_15, tmp6, 0, tmp8, endIndex);
nttKeyVector[i] = KyberMath_instance.x6(nttKeyVector[i]);
randomnessVector[i] = KyberMath_instance.d6(parameter.ETA1, KyberMath_instance.c6(parameter.ETA1, randomness, toByte(n)));
randomnessVector[i] = KyberMath_instance.e6(randomnessVector[i]);
noiseVector[i] = KyberMath_instance.d6(parameter.ETA2, KyberMath_instance.c6(parameter.ETA2, randomness, toByte(n + parameter.K | 0)));
var inductionVariable_0 = 0;
var last_0 = parameter.K;
if (inductionVariable_0 < last_0)
do {
var j = inductionVariable_0;
inductionVariable_0 = inductionVariable_0 + 1 | 0;
matrix[i][j] = KyberMath_instance.b6(KyberMath_instance.a6(nttSeed, toByte(i), toByte(j)));
}
while (inductionVariable_0 < last_0);
}
while (inductionVariable < last);
var noiseTerm = KyberMath_instance.d6(parameter.ETA2, KyberMath_instance.c6(parameter.ETA2, randomness, toByte(imul(parameter.K, 2) + 1 | 0)));
var muse = KyberMath_instance.z6(KyberMath_instance.y6(plainText));
var coefficients = KyberMath_instance.a7(matrix, randomnessVector);
var constantTerm = new Int32Array(256);
var inductionVariable_1 = 0;
var last_1 = parameter.K;
if (inductionVariable_1 < last_1)
do {
var i_0 = inductionVariable_1;
inductionVariable_1 = inductionVariable_1 + 1 | 0;
coefficients[i_0] = KyberMath_instance.b7(coefficients[i_0]);
coefficients[i_0] = KyberMath_instance.c7(coefficients[i_0], noiseVector[i_0]);
constantTerm = KyberMath_instance.c7(constantTerm, KyberMath_instance.d7(nttKeyVector[i_0], randomnessVector[i_0]));
var inductionVariable_2 = 0;
var last_2 = parameter.K;
if (inductionVariable_2 < last_2)
do {
var j_0 = inductionVariable_2;
inductionVariable_2 = inductionVariable_2 + 1 | 0;
fill_0(matrix[i_0][j_0], 0);
}
while (inductionVariable_2 < last_2);
fill_0(noiseVector[i_0], 0);
fill_0(nttKeyVector[i_0], 0);
fill_0(randomnessVector[i_0], 0);
}
while (inductionVariable_1 < last_1);
constantTerm = KyberMath_instance.b7(constantTerm);
constantTerm = KyberMath_instance.c7(constantTerm, noiseTerm);
constantTerm = KyberMath_instance.c7(constantTerm, muse);
fill_0(muse, 0);
var encodedCoefficients = new Int8Array(imul(32, imul(parameter.DU, parameter.K)));
var encodedTerms = new Int8Array(imul(32, parameter.DV));
var inductionVariable_3 = 0;
var last_3 = parameter.K;
if (inductionVariable_3 < last_3)
do {
var i_1 = inductionVariable_3;
inductionVariable_3 = inductionVariable_3 + 1 | 0;
var tmp10 = KyberMath_instance.i6(KyberMath_instance.e7(KyberMath_instance.h6(coefficients[i_1]), parameter.DU), parameter.DU);
// Inline function 'kotlin.collections.copyInto' call
var destinationOffset = imul(imul(i_1, 32), parameter.DU);
var endIndex_0 = tmp10.length;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
var tmp_16 = tmp10;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
arrayCopy(tmp_16, encodedCoefficients, destinationOffset, 0, endIndex_0);
}
while (inductionVariable_3 < last_3);
var tmp15 = KyberMath_instance.i6(KyberMath_instance.e7(KyberMath_instance.h6(constantTerm), parameter.DV), parameter.DV);
// Inline function 'kotlin.collections.copyInto' call
var endIndex_1 = tmp15.length;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
var tmp_17 = tmp15;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
arrayCopy(tmp_17, encodedTerms, 0, 0, endIndex_1);
return new KyberCipherText(parameter, encodedCoefficients, encodedTerms);
}
function KyberAgreement() {
}
protoOf(KyberAgreement).f7 = function (decryptionKey, kyberCipherText) {
var parameter = kyberCipherText.parameter;
var tmp = 0;
var tmp_0 = kyberCipherText.parameter.K;
// Inline function 'kotlin.arrayOfNulls' call
var tmp_1 = fillArrayVal(Array(tmp_0), null);
while (tmp < tmp_0) {
tmp_1[tmp] = new Int32Array(256);
tmp = tmp + 1 | 0;
}
var coefficients = tmp_1;
var inductionVariable = 0;
var last = parameter.K;
if (inductionVariable < last)
do {
var i = inductionVariable;
inductionVariable = inductionVariable + 1 | 0;
coefficients[i] = KyberMath_instance.g7(KyberMath_instance.j5(copyOfRange(kyberCipherText.i4_1, imul(imul(i, 32), parameter.DU), imul(imul(i + 1 | 0, 32), parameter.DU)), parameter.DU), parameter.DU);
coefficients[i] = KyberMath_instance.x6(coefficients[i]);
}
while (inductionVariable < last);
var constantTerms = KyberMath_instance.g7(KyberMath_instance.j5(kyberCipherText.j4_1, parameter.DV), parameter.DV);
constantTerms = KyberMath_instance.x6(constantTerms);
var secretVector = KyberMath_instance.j5(decryptionKey.e5_1, 12);
var inductionVariable_0 = 0;
var last_0 = parameter.K;
if (inductionVariable_0 < last_0)
do {
var i_0 = inductionVariable_0;
inductionVariable_0 = inductionVariable_0 + 1 | 0;
var subtraction = KyberMath_instance.b7(KyberMath_instance.d7(KyberMath_instance.x6(copyOfRange_0(secretVector, imul(i_0, 256), imul(i_0 + 1 | 0, 256))), KyberMath_instance.e6(coefficients[i_0])));
var inductionVariable_1 = 0;
if (inductionVariable_1 < 256)
do {
var j = inductionVariable_1;
inductionVariable_1 = inductionVariable_1 + 1 | 0;
constantTerms[j] = KyberMath_instance.h7(constantTerms[j] - subtraction[j] | 0);
}
while (inductionVariable_1 < 256);
}
while (inductionVariable_0 < last_0);
constantTerms = KyberMath_instance.h6(constantTerms);
return KyberMath_instance.i6(KyberMath_instance.e7(constantTerms, 1), 1);
};
protoOf(KyberAgreement).n5 = function (kyberEncapsulationKey, plainText) {
var sha3512Bytes = new Int8Array(plainText.length + (KeccakParameter_SHA3_256_getInstance().maxLength / 8 | 0) | 0);
// Inline function 'kotlin.collections.copyInto' call
var endIndex = plainText.length;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
var tmp = plainText;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
arrayCopy(tmp, sha3512Bytes, 0, 0, endIndex);
var tmp5 = KeccakHash_instance.generate(KeccakParameter_SHA3_256_getInstance(), kyberEncapsulationKey.m5_1.fullBytes);
// Inline function 'kotlin.collections.copyInto' call
var destinationOffset = plainText.length;
var endIndex_0 = tmp5.length;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
var tmp_0 = tmp5;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
arrayCopy(tmp_0, sha3512Bytes, destinationOffset, 0, endIndex_0);
var sharedKeyAndRandomness = KeccakHash_instance.generate(KeccakParameter_SHA3_512_getInstance(), sha3512Bytes);
var cipherText = toCipherText(this, kyberEncapsulationKey.m5_1, plainText, copyOfRange(sharedKeyAndRandomness, 32, sharedKeyAndRandomness.length));
return new KyberEncapsulationResult(copyOfRange(sharedKeyAndRandomness, 0, 32), cipherText);
};
protoOf(KyberAgreement).o4 = function (decapsulationKey, kyberCipherText) {
var recoveredPlainText = this.f7(decapsulationKey.a5_1, kyberCipherText);
var sha3512Bytes = new Int8Array(recoveredPlainText.length + decapsulationKey.b5_1.length | 0);
// Inline function 'kotlin.collections.copyInto' call
var endIndex = recoveredPlainText.length;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
var tmp = recoveredPlainText;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
arrayCopy(tmp, sha3512Bytes, 0, 0, endIndex);
var tmp5 = decapsulationKey.b5_1;
// Inline function 'kotlin.collections.copyInto' call
var destinationOffset = recoveredPlainText.length;
var endIndex_0 = tmp5.length;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDynamic' call
var tmp_0 = tmp5;
// Inline function 'kotlin.js.unsafeCast' call
// Inline function 'kotlin.js.asDy