UNPKG

mlkem

Version:

An ML-KEM/CRYSTALS-KYBER implementation written in TypeScript for various JavaScript runtimes

github.com/dajiaji/crystals-kyber-js

dajiaji/crystals-kyber-js

114 lines (113 loc) 3.01 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
import * as dntShim from "../_dnt.shims.js"; import { shake256 } from "./deps.js"; export function byte(n) { return n % 256; } export function int16(n) { const end = -32768; const start = 32767; if (n >= end && n <= start) { return n; } if (n < end) { n = n + 32769; n = n % 65536; return start + n; } // if (n > start) { n = n - 32768; n = n % 65536; return end + n; } export function uint16(n) { return n % 65536; } export function int32(n) { const end = -2147483648; const start = 2147483647; if (n >= end && n <= start) { return n; } if (n < end) { n = n + 2147483649; n = n % 4294967296; return start + n; } // if (n > start) { n = n - 2147483648; n = n % 4294967296; return end + n; } // any bit operations to be done in uint32 must have >>> 0 // javascript calculates bitwise in SIGNED 32 bit so you need to convert export function uint32(n) { return n % 4294967296; } /** * compares two arrays * @returns 1 if they are the same or 0 if not */ export function constantTimeCompare(x, y) { // check array lengths if (x.length != y.length) { return 0; } const v = new Uint8Array([0]); for (let i = 0; i < x.length; i++) { v[0] |= x[i] ^ y[i]; } // constantTimeByteEq const z = new Uint8Array([0]); z[0] = ~(v[0] ^ z[0]); z[0] &= z[0] >> 4; z[0] &= z[0] >> 2; z[0] &= z[0] >> 1; return z[0]; } export function equalUint8Array(x, y) { if (x.length != y.length) { return false; } for (let i = 0; i < x.length; i++) { if (x[i] !== y[i]) { return false; } } return true; } export async function loadCrypto() { if (typeof dntShim.dntGlobalThis !== "undefined" && globalThis.crypto !== undefined) { // Browsers, Node.js >= v19, Cloudflare Workers, Bun, etc. return globalThis.crypto; } // Node.js <= v18 try { // @ts-ignore: to ignore "crypto" const { webcrypto } = await import("crypto"); // node:crypto return webcrypto; } catch (_e) { throw new Error("failed to load Crypto"); } } // prf provides a pseudo-random function (PRF) which returns // a byte array of length `l`, using the provided key and nonce // to instantiate the PRF's underlying hash function. export function prf(len, seed, nonce) { return shake256.create({ dkLen: len }).update(seed).update(new Uint8Array([nonce])).digest(); } // byteopsLoad24 returns a 32-bit unsigned integer loaded from byte x. export function byteopsLoad24(x) { let r = uint32(x[0]); r |= uint32(x[1]) << 8; r |= uint32(x[2]) << 16; return r; } // byteopsLoad32 returns a 32-bit unsigned integer loaded from byte x. export function byteopsLoad32(x) { let r = uint32(x[0]); r |= uint32(x[1]) << 8; r |= uint32(x[2]) << 16; r |= uint32(x[3]) << 24; return uint32(r); }