@omnituum/pqc-shared 0.3.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/crypto/index.cjs +29 -71
- package/dist/crypto/index.d.cts +38 -45
- package/dist/crypto/index.d.ts +38 -45
- package/dist/crypto/index.js +28 -72
- package/dist/crypto/safe/index.cjs +556 -0
- package/dist/crypto/safe/index.d.cts +341 -0
- package/dist/crypto/safe/index.d.ts +341 -0
- package/dist/crypto/safe/index.js +524 -0
- package/dist/fs/index.cjs +6 -34
- package/dist/fs/index.js +6 -34
- package/dist/index.cjs +29 -71
- package/dist/index.d.cts +4 -4
- package/dist/index.d.ts +4 -4
- package/dist/index.js +28 -72
- package/dist/{integrity-CCYjrap3.d.ts → integrity-BPvNsC50.d.ts} +1 -1
- package/dist/{integrity-Dx9jukMH.d.cts → integrity-ByMp24VA.d.cts} +1 -1
- package/dist/{types-61c7Q9ri.d.ts → types-Dx_AFqow.d.cts} +54 -2
- package/dist/{types-Ch0y-n7K.d.cts → types-Dx_AFqow.d.ts} +54 -2
- package/dist/utils/index.d.cts +2 -3
- package/dist/utils/index.d.ts +2 -3
- package/dist/vault/index.cjs +13 -41
- package/dist/vault/index.d.cts +2 -3
- package/dist/vault/index.d.ts +2 -3
- package/dist/vault/index.js +13 -41
- package/package.json +27 -13
- package/src/crypto/dilithium.ts +8 -4
- package/src/crypto/hybrid.ts +13 -29
- package/src/crypto/index.ts +3 -0
- package/src/crypto/kyber.ts +63 -121
- package/src/crypto/safe/adapters.ts +306 -0
- package/src/crypto/safe/dilithium.ts +74 -0
- package/src/crypto/safe/index.ts +97 -0
- package/src/crypto/safe/kyber.ts +47 -0
- package/src/crypto/safe/manifests.ts +192 -0
- package/src/crypto/safe/secretbox.ts +24 -0
- package/src/crypto/safe/types.ts +88 -0
- package/src/crypto/safe/x25519.ts +31 -0
- package/src/index.ts +7 -4
- package/src/version.ts +9 -4
- package/dist/version-BygzPVGs.d.cts +0 -55
- package/dist/version-BygzPVGs.d.ts +0 -55
package/dist/crypto/index.cjs
CHANGED
|
@@ -3,6 +3,8 @@
|
|
|
3
3
|
var sha2_js = require('@noble/hashes/sha2.js');
|
|
4
4
|
var hmac_js = require('@noble/hashes/hmac.js');
|
|
5
5
|
var nacl = require('tweetnacl');
|
|
6
|
+
var mlKem_js = require('@noble/post-quantum/ml-kem.js');
|
|
7
|
+
var envelopeRegistry = require('@omnituum/envelope-registry');
|
|
6
8
|
var blake3_js = require('@noble/hashes/blake3.js');
|
|
7
9
|
var chacha_js = require('@noble/ciphers/chacha.js');
|
|
8
10
|
var hkdf_js = require('@noble/hashes/hkdf.js');
|
|
@@ -198,78 +200,37 @@ function x25519SharedSecret(ourSecretKey, theirPublicKey) {
|
|
|
198
200
|
function deriveKeyFromShared(shared, salt, info) {
|
|
199
201
|
return hkdfSha256(shared, { salt: u8(salt), info: u8(info), length: 32 });
|
|
200
202
|
}
|
|
201
|
-
var
|
|
202
|
-
async function loadKyber() {
|
|
203
|
-
if (kyberModule) return kyberModule;
|
|
204
|
-
try {
|
|
205
|
-
const m = await import('kyber-crystals');
|
|
206
|
-
const k = m.default ?? m;
|
|
207
|
-
kyberModule = k.kyber ?? k;
|
|
208
|
-
return kyberModule;
|
|
209
|
-
} catch (e) {
|
|
210
|
-
console.warn("[Kyber] Failed to load kyber-crystals:", e);
|
|
211
|
-
return null;
|
|
212
|
-
}
|
|
213
|
-
}
|
|
203
|
+
var KYBER_SUITE = "ML-KEM-1024-FIPS203";
|
|
214
204
|
async function isKyberAvailable() {
|
|
215
|
-
|
|
216
|
-
return mod !== null;
|
|
205
|
+
return true;
|
|
217
206
|
}
|
|
218
207
|
async function generateKyberKeypair() {
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
}
|
|
230
|
-
const kp = await fn.call(mod);
|
|
231
|
-
const pub = kp?.publicKey ?? kp?.public ?? kp?.pk;
|
|
232
|
-
const priv = kp?.privateKey ?? kp?.secretKey ?? kp?.secret ?? kp?.sk;
|
|
233
|
-
if (!pub || !priv) {
|
|
234
|
-
console.warn("[Kyber] Invalid keypair result");
|
|
235
|
-
return null;
|
|
236
|
-
}
|
|
237
|
-
return {
|
|
238
|
-
publicB64: b64(new Uint8Array(pub)),
|
|
239
|
-
secretB64: b64(new Uint8Array(priv))
|
|
240
|
-
};
|
|
241
|
-
} catch (e) {
|
|
242
|
-
console.warn("[Kyber] Key generation failed:", e);
|
|
243
|
-
return null;
|
|
208
|
+
const seed = randN(64);
|
|
209
|
+
const kp = mlKem_js.ml_kem1024.keygen(seed);
|
|
210
|
+
return {
|
|
211
|
+
publicB64: b64(kp.publicKey),
|
|
212
|
+
secretB64: b64(kp.secretKey)
|
|
213
|
+
};
|
|
214
|
+
}
|
|
215
|
+
function generateKyberKeypairFromSeed(seed) {
|
|
216
|
+
if (seed.length !== 64) {
|
|
217
|
+
throw new Error("Kyber seed must be 64 bytes");
|
|
244
218
|
}
|
|
219
|
+
const kp = mlKem_js.ml_kem1024.keygen(seed);
|
|
220
|
+
return { publicKey: kp.publicKey, secretKey: kp.secretKey };
|
|
245
221
|
}
|
|
246
222
|
async function kyberEncapsulate(pubKeyB64) {
|
|
247
|
-
const kyber = await loadKyber();
|
|
248
|
-
if (!kyber?.encrypt) {
|
|
249
|
-
throw new Error("Kyber encrypt not available");
|
|
250
|
-
}
|
|
251
223
|
const pk = ub64(pubKeyB64);
|
|
252
|
-
const
|
|
253
|
-
const ctRaw = r?.ciphertext ?? r?.cyphertext ?? r?.ct ?? r?.bytes?.ciphertext ?? r?.bytes?.cyphertext ?? r?.bytes?.ct ?? (Array.isArray(r) ? r[0] : void 0);
|
|
254
|
-
const ssRaw = r?.key ?? r?.sharedSecret ?? r?.secret ?? r?.bytes?.key ?? r?.bytes?.sharedSecret ?? (Array.isArray(r) ? r[1] : void 0);
|
|
255
|
-
if (!ctRaw || !ssRaw) {
|
|
256
|
-
throw new Error("Kyber encapsulate failed: missing ciphertext or shared secret");
|
|
257
|
-
}
|
|
224
|
+
const enc = mlKem_js.ml_kem1024.encapsulate(pk);
|
|
258
225
|
return {
|
|
259
|
-
ciphertext:
|
|
260
|
-
sharedSecret:
|
|
226
|
+
ciphertext: enc.cipherText,
|
|
227
|
+
sharedSecret: enc.sharedSecret
|
|
261
228
|
};
|
|
262
229
|
}
|
|
263
230
|
async function kyberDecapsulate(kemCiphertextB64, secretKeyB64) {
|
|
264
|
-
const kyber = await loadKyber();
|
|
265
|
-
if (!kyber?.decrypt && !kyber?.decapsulate) {
|
|
266
|
-
throw new Error("Kyber decrypt/decapsulate not available");
|
|
267
|
-
}
|
|
268
231
|
const ct = ub64(kemCiphertextB64);
|
|
269
232
|
const sk = ub64(secretKeyB64);
|
|
270
|
-
|
|
271
|
-
const key = r && (r.key ?? r.sharedSecret) ? r.key ?? r.sharedSecret : r;
|
|
272
|
-
return new Uint8Array(key);
|
|
233
|
+
return mlKem_js.ml_kem1024.decapsulate(ct, sk);
|
|
273
234
|
}
|
|
274
235
|
function kyberWrapKey(sharedSecret, msgKey32) {
|
|
275
236
|
if (msgKey32.length !== 32) {
|
|
@@ -278,10 +239,7 @@ function kyberWrapKey(sharedSecret, msgKey32) {
|
|
|
278
239
|
const kek = sha256(sharedSecret);
|
|
279
240
|
const nonce = globalThis.crypto.getRandomValues(new Uint8Array(24));
|
|
280
241
|
const wrapped = nacl__default.default.secretbox(msgKey32, nonce, kek);
|
|
281
|
-
return {
|
|
282
|
-
nonce: b64(nonce),
|
|
283
|
-
wrapped: b64(wrapped)
|
|
284
|
-
};
|
|
242
|
+
return { nonce: b64(nonce), wrapped: b64(wrapped) };
|
|
285
243
|
}
|
|
286
244
|
function kyberUnwrapKey(sharedSecret, nonceB64, wrappedB64) {
|
|
287
245
|
const kek = sha256(sharedSecret);
|
|
@@ -344,7 +302,7 @@ async function dilithiumSign(message, secretKeyB64) {
|
|
|
344
302
|
}
|
|
345
303
|
const sk = fromB64(secretKeyB64);
|
|
346
304
|
const msg = typeof message === "string" ? new TextEncoder().encode(message) : message;
|
|
347
|
-
const signature = mod.sign(
|
|
305
|
+
const signature = mod.sign(msg, sk);
|
|
348
306
|
return {
|
|
349
307
|
signature: toB64(signature),
|
|
350
308
|
algorithm: "ML-DSA-65"
|
|
@@ -355,7 +313,7 @@ async function dilithiumSignRaw(message, secretKey) {
|
|
|
355
313
|
if (!mod) {
|
|
356
314
|
throw new Error("Dilithium library not available");
|
|
357
315
|
}
|
|
358
|
-
return mod.sign(
|
|
316
|
+
return mod.sign(message, secretKey);
|
|
359
317
|
}
|
|
360
318
|
async function dilithiumVerify(message, signatureB64, publicKeyB64) {
|
|
361
319
|
const mod = await loadDilithium();
|
|
@@ -366,7 +324,7 @@ async function dilithiumVerify(message, signatureB64, publicKeyB64) {
|
|
|
366
324
|
const sig = fromB64(signatureB64);
|
|
367
325
|
const msg = typeof message === "string" ? new TextEncoder().encode(message) : message;
|
|
368
326
|
try {
|
|
369
|
-
return mod.verify(
|
|
327
|
+
return mod.verify(sig, msg, pk);
|
|
370
328
|
} catch {
|
|
371
329
|
return false;
|
|
372
330
|
}
|
|
@@ -377,7 +335,7 @@ async function dilithiumVerifyRaw(message, signature, publicKey) {
|
|
|
377
335
|
throw new Error("Dilithium library not available");
|
|
378
336
|
}
|
|
379
337
|
try {
|
|
380
|
-
return mod.verify(
|
|
338
|
+
return mod.verify(signature, message, publicKey);
|
|
381
339
|
} catch {
|
|
382
340
|
return false;
|
|
383
341
|
}
|
|
@@ -386,10 +344,8 @@ var DILITHIUM_PUBLIC_KEY_SIZE = 1952;
|
|
|
386
344
|
var DILITHIUM_SECRET_KEY_SIZE = 4032;
|
|
387
345
|
var DILITHIUM_SIGNATURE_SIZE = 3309;
|
|
388
346
|
var DILITHIUM_ALGORITHM = "ML-DSA-65";
|
|
389
|
-
|
|
390
|
-
|
|
391
|
-
var ENVELOPE_VERSION = "omnituum.hybrid.v1";
|
|
392
|
-
var ENVELOPE_VERSION_LEGACY = "pqc-demo.hybrid.v1";
|
|
347
|
+
var ENVELOPE_VERSION = envelopeRegistry.OMNI_VERSIONS.HYBRID_V1;
|
|
348
|
+
var ENVELOPE_VERSION_LEGACY = envelopeRegistry.DEPRECATED_VERSIONS.PQC_DEMO_HYBRID_V1;
|
|
393
349
|
var ENVELOPE_SUITE = "x25519+kyber768";
|
|
394
350
|
var ENVELOPE_AEAD = "xsalsa20poly1305";
|
|
395
351
|
var SUPPORTED_ENVELOPE_VERSIONS = [
|
|
@@ -733,6 +689,7 @@ exports.HKDF_SHA256_MAX_OUTPUT = HKDF_SHA256_MAX_OUTPUT;
|
|
|
733
689
|
exports.HKDF_SHA256_OUTPUT_SIZE = HKDF_SHA256_OUTPUT_SIZE;
|
|
734
690
|
exports.HKDF_SHA512_MAX_OUTPUT = HKDF_SHA512_MAX_OUTPUT;
|
|
735
691
|
exports.HKDF_SHA512_OUTPUT_SIZE = HKDF_SHA512_OUTPUT_SIZE;
|
|
692
|
+
exports.KYBER_SUITE = KYBER_SUITE;
|
|
736
693
|
exports.POLY1305_TAG_SIZE = POLY1305_TAG_SIZE;
|
|
737
694
|
exports.SECRETBOX_KEY_SIZE = SECRETBOX_KEY_SIZE;
|
|
738
695
|
exports.SECRETBOX_NONCE_SIZE = SECRETBOX_NONCE_SIZE;
|
|
@@ -763,6 +720,7 @@ exports.generateDilithiumKeypair = generateDilithiumKeypair;
|
|
|
763
720
|
exports.generateDilithiumKeypairFromSeed = generateDilithiumKeypairFromSeed;
|
|
764
721
|
exports.generateHybridIdentity = generateHybridIdentity;
|
|
765
722
|
exports.generateKyberKeypair = generateKyberKeypair;
|
|
723
|
+
exports.generateKyberKeypairFromSeed = generateKyberKeypairFromSeed;
|
|
766
724
|
exports.generateX25519Keypair = generateX25519Keypair;
|
|
767
725
|
exports.generateX25519KeypairFromSeed = generateX25519KeypairFromSeed;
|
|
768
726
|
exports.getPublicKeys = getPublicKeys;
|
package/dist/crypto/index.d.cts
CHANGED
|
@@ -1,11 +1,24 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { OmniHybridV1 } from '@omnituum/envelope-registry';
|
|
2
2
|
import * as _noble_ciphers_utils_js from '@noble/ciphers/utils.js';
|
|
3
3
|
|
|
4
4
|
/**
|
|
5
|
-
* Omnituum PQC Shared
|
|
5
|
+
* Omnituum PQC Shared — Kyber (ML-KEM-1024, FIPS 203)
|
|
6
6
|
*
|
|
7
|
-
*
|
|
8
|
-
*
|
|
7
|
+
* Backend: @noble/post-quantum `ml_kem1024`. NIST FIPS 203 (final, 2024).
|
|
8
|
+
*
|
|
9
|
+
* Wire-format note: previous releases (<= 0.3.x) of this package were backed by
|
|
10
|
+
* `kyber-crystals`, which implements an earlier draft of Kyber and is NOT
|
|
11
|
+
* interoperable with FIPS 203 — see `tests/interop/historical/` and
|
|
12
|
+
* `package-docs/GAPS_AND_TASKS.md` (PQC-02 result). 0.4.0 is an intentional
|
|
13
|
+
* clean break: legacy draft-Kyber material cannot be read by this version.
|
|
14
|
+
*
|
|
15
|
+
* Sizes (ML-KEM-1024):
|
|
16
|
+
* publicKey 1568 bytes
|
|
17
|
+
* secretKey 3168 bytes
|
|
18
|
+
* ciphertext 1568 bytes
|
|
19
|
+
* sharedSecret 32 bytes
|
|
20
|
+
*
|
|
21
|
+
* Suite tag for new material: "ML-KEM-1024-FIPS203".
|
|
9
22
|
*/
|
|
10
23
|
interface KyberKeypair {
|
|
11
24
|
publicKey: Uint8Array;
|
|
@@ -19,29 +32,34 @@ interface KyberEncapsulation {
|
|
|
19
32
|
ciphertext: Uint8Array;
|
|
20
33
|
sharedSecret: Uint8Array;
|
|
21
34
|
}
|
|
35
|
+
/** Canonical suite identifier for new material produced by this package. */
|
|
36
|
+
declare const KYBER_SUITE: "ML-KEM-1024-FIPS203";
|
|
37
|
+
type KyberSuite = typeof KYBER_SUITE;
|
|
38
|
+
/**
|
|
39
|
+
* @deprecated Always returns true. Retained for API stability across the
|
|
40
|
+
* 0.3.x → 0.4.x cut. The noble backend is statically imported and always
|
|
41
|
+
* present; there is no runtime feature-detection path.
|
|
42
|
+
*/
|
|
22
43
|
declare function isKyberAvailable(): Promise<boolean>;
|
|
23
44
|
/**
|
|
24
|
-
* Generate a
|
|
45
|
+
* Generate a fresh ML-KEM-1024 keypair using a cryptographically random seed.
|
|
25
46
|
*/
|
|
26
47
|
declare function generateKyberKeypair(): Promise<KyberKeypairB64 | null>;
|
|
27
48
|
/**
|
|
28
|
-
*
|
|
49
|
+
* Derive a deterministic ML-KEM-1024 keypair from a 64-byte seed.
|
|
50
|
+
* Same seed → byte-identical keypair, across runtimes (Node, browser).
|
|
51
|
+
*
|
|
52
|
+
* The seed is passed verbatim to the FIPS 203 keygen. Callers that need
|
|
53
|
+
* domain separation between Kyber and other key types must apply it
|
|
54
|
+
* upstream (e.g. via SHA-256 with a domain tag) before calling.
|
|
29
55
|
*/
|
|
56
|
+
declare function generateKyberKeypairFromSeed(seed: Uint8Array): KyberKeypair;
|
|
30
57
|
declare function kyberEncapsulate(pubKeyB64: string): Promise<KyberEncapsulation>;
|
|
31
|
-
/**
|
|
32
|
-
* Decapsulate a shared secret using Kyber ML-KEM-768.
|
|
33
|
-
*/
|
|
34
58
|
declare function kyberDecapsulate(kemCiphertextB64: string, secretKeyB64: string): Promise<Uint8Array>;
|
|
35
|
-
/**
|
|
36
|
-
* Wrap a message key using Kyber shared secret.
|
|
37
|
-
*/
|
|
38
59
|
declare function kyberWrapKey(sharedSecret: Uint8Array, msgKey32: Uint8Array): {
|
|
39
60
|
nonce: string;
|
|
40
61
|
wrapped: string;
|
|
41
62
|
};
|
|
42
|
-
/**
|
|
43
|
-
* Unwrap a message key using Kyber shared secret.
|
|
44
|
-
*/
|
|
45
63
|
declare function kyberUnwrapKey(sharedSecret: Uint8Array, nonceB64: string, wrappedB64: string): Uint8Array | null;
|
|
46
64
|
|
|
47
65
|
/**
|
|
@@ -87,38 +105,13 @@ interface HybridSecretKeys {
|
|
|
87
105
|
/** Kyber secret key (base64) */
|
|
88
106
|
kyberSecB64: string;
|
|
89
107
|
}
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
/** Algorithm suite */
|
|
94
|
-
suite: typeof ENVELOPE_SUITE;
|
|
95
|
-
/** AEAD algorithm */
|
|
96
|
-
aead: typeof ENVELOPE_AEAD;
|
|
97
|
-
/** X25519 ephemeral public key (hex) */
|
|
98
|
-
x25519Epk: string;
|
|
99
|
-
/** X25519 wrapped content key */
|
|
100
|
-
x25519Wrap: {
|
|
101
|
-
nonce: string;
|
|
102
|
-
wrapped: string;
|
|
103
|
-
};
|
|
104
|
-
/** Kyber KEM ciphertext (base64) */
|
|
105
|
-
kyberKemCt: string;
|
|
106
|
-
/** Kyber wrapped content key */
|
|
107
|
-
kyberWrap: {
|
|
108
|
-
nonce: string;
|
|
109
|
-
wrapped: string;
|
|
110
|
-
};
|
|
111
|
-
/** Content encryption nonce (base64) */
|
|
112
|
-
contentNonce: string;
|
|
113
|
-
/** Encrypted content (base64) */
|
|
114
|
-
ciphertext: string;
|
|
115
|
-
/** Metadata */
|
|
116
|
-
meta: {
|
|
117
|
-
createdAt: string;
|
|
108
|
+
|
|
109
|
+
type HybridEnvelope = Omit<OmniHybridV1, 'meta'> & {
|
|
110
|
+
meta: OmniHybridV1['meta'] & {
|
|
118
111
|
senderName?: string;
|
|
119
112
|
senderId?: string;
|
|
120
113
|
};
|
|
121
|
-
}
|
|
114
|
+
};
|
|
122
115
|
/**
|
|
123
116
|
* Generate a new hybrid identity with both X25519 and Kyber keys.
|
|
124
117
|
*/
|
|
@@ -638,4 +631,4 @@ declare const BOX_KEY_SIZE: number;
|
|
|
638
631
|
/** NaCl box nonce size (24 bytes) */
|
|
639
632
|
declare const BOX_NONCE_SIZE: number;
|
|
640
633
|
|
|
641
|
-
export { BLAKE3_BLOCK_SIZE, BLAKE3_KEY_LENGTH, BLAKE3_OUTPUT_LENGTH, BOX_KEY_SIZE, BOX_NONCE_SIZE, type Blake3Options, type BoxPayload, CHACHA20_KEY_SIZE, CHACHA20_NONCE_SIZE, type ChaChaPayload, type ClassicalWrap, DILITHIUM_ALGORITHM, DILITHIUM_PUBLIC_KEY_SIZE, DILITHIUM_SECRET_KEY_SIZE, DILITHIUM_SIGNATURE_SIZE, type DilithiumKeypair, type DilithiumKeypairB64, type DilithiumSignature, HKDF_SHA256_MAX_OUTPUT, HKDF_SHA256_OUTPUT_SIZE, HKDF_SHA512_MAX_OUTPUT, HKDF_SHA512_OUTPUT_SIZE, type HkdfHash, type HkdfOptions, type HybridEnvelope, type HybridIdentity, type HybridPublicKeys, type HybridSecretKeys, type KyberEncapsulation, type KyberKeypair, type KyberKeypairB64, POLY1305_TAG_SIZE, SECRETBOX_KEY_SIZE, SECRETBOX_NONCE_SIZE, SECRETBOX_OVERHEAD, type SecretboxPayload, type X25519Keypair, type X25519KeypairHex, XCHACHA20_NONCE_SIZE, assertLen, b64, blake3, blake3DeriveKey, blake3Hex, blake3Mac, boxDecrypt, boxEncrypt, boxUnwrapWithX25519, boxWrapWithX25519, chaCha20Poly1305Decrypt, chaCha20Poly1305Encrypt, createChaCha20Poly1305, createXChaCha20Poly1305, deriveKeyFromShared, dilithiumSign, dilithiumSignRaw, dilithiumVerify, dilithiumVerifyRaw, fromB64, fromHex, generateDilithiumKeypair, generateDilithiumKeypairFromSeed, generateHybridIdentity, generateKyberKeypair, generateX25519Keypair, generateX25519KeypairFromSeed, getPublicKeys, getSecretKeys, hkdfDerive, hkdfExpand, hkdfExtract, hkdfSha256, hkdfSplitForNoise, hkdfTripleSplitForNoise, hybridDecrypt, hybridDecryptToString, hybridEncrypt, isDilithiumAvailable, isKyberAvailable, kyberDecapsulate, kyberEncapsulate, kyberUnwrapKey, kyberWrapKey, rand12, rand24, rand32, randN, rotateHybridIdentity, secretboxDecrypt, secretboxDecryptString, secretboxEncrypt, secretboxEncryptString, secretboxOpenRaw, secretboxRaw, sha256, sha256String, textDecoder, textEncoder, toB64, toHex, u8, ub64, x25519SharedSecret, xChaCha20Poly1305Decrypt, xChaCha20Poly1305Encrypt };
|
|
634
|
+
export { BLAKE3_BLOCK_SIZE, BLAKE3_KEY_LENGTH, BLAKE3_OUTPUT_LENGTH, BOX_KEY_SIZE, BOX_NONCE_SIZE, type Blake3Options, type BoxPayload, CHACHA20_KEY_SIZE, CHACHA20_NONCE_SIZE, type ChaChaPayload, type ClassicalWrap, DILITHIUM_ALGORITHM, DILITHIUM_PUBLIC_KEY_SIZE, DILITHIUM_SECRET_KEY_SIZE, DILITHIUM_SIGNATURE_SIZE, type DilithiumKeypair, type DilithiumKeypairB64, type DilithiumSignature, HKDF_SHA256_MAX_OUTPUT, HKDF_SHA256_OUTPUT_SIZE, HKDF_SHA512_MAX_OUTPUT, HKDF_SHA512_OUTPUT_SIZE, type HkdfHash, type HkdfOptions, type HybridEnvelope, type HybridIdentity, type HybridPublicKeys, type HybridSecretKeys, KYBER_SUITE, type KyberEncapsulation, type KyberKeypair, type KyberKeypairB64, type KyberSuite, POLY1305_TAG_SIZE, SECRETBOX_KEY_SIZE, SECRETBOX_NONCE_SIZE, SECRETBOX_OVERHEAD, type SecretboxPayload, type X25519Keypair, type X25519KeypairHex, XCHACHA20_NONCE_SIZE, assertLen, b64, blake3, blake3DeriveKey, blake3Hex, blake3Mac, boxDecrypt, boxEncrypt, boxUnwrapWithX25519, boxWrapWithX25519, chaCha20Poly1305Decrypt, chaCha20Poly1305Encrypt, createChaCha20Poly1305, createXChaCha20Poly1305, deriveKeyFromShared, dilithiumSign, dilithiumSignRaw, dilithiumVerify, dilithiumVerifyRaw, fromB64, fromHex, generateDilithiumKeypair, generateDilithiumKeypairFromSeed, generateHybridIdentity, generateKyberKeypair, generateKyberKeypairFromSeed, generateX25519Keypair, generateX25519KeypairFromSeed, getPublicKeys, getSecretKeys, hkdfDerive, hkdfExpand, hkdfExtract, hkdfSha256, hkdfSplitForNoise, hkdfTripleSplitForNoise, hybridDecrypt, hybridDecryptToString, hybridEncrypt, isDilithiumAvailable, isKyberAvailable, kyberDecapsulate, kyberEncapsulate, kyberUnwrapKey, kyberWrapKey, rand12, rand24, rand32, randN, rotateHybridIdentity, secretboxDecrypt, secretboxDecryptString, secretboxEncrypt, secretboxEncryptString, secretboxOpenRaw, secretboxRaw, sha256, sha256String, textDecoder, textEncoder, toB64, toHex, u8, ub64, x25519SharedSecret, xChaCha20Poly1305Decrypt, xChaCha20Poly1305Encrypt };
|
package/dist/crypto/index.d.ts
CHANGED
|
@@ -1,11 +1,24 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { OmniHybridV1 } from '@omnituum/envelope-registry';
|
|
2
2
|
import * as _noble_ciphers_utils_js from '@noble/ciphers/utils.js';
|
|
3
3
|
|
|
4
4
|
/**
|
|
5
|
-
* Omnituum PQC Shared
|
|
5
|
+
* Omnituum PQC Shared — Kyber (ML-KEM-1024, FIPS 203)
|
|
6
6
|
*
|
|
7
|
-
*
|
|
8
|
-
*
|
|
7
|
+
* Backend: @noble/post-quantum `ml_kem1024`. NIST FIPS 203 (final, 2024).
|
|
8
|
+
*
|
|
9
|
+
* Wire-format note: previous releases (<= 0.3.x) of this package were backed by
|
|
10
|
+
* `kyber-crystals`, which implements an earlier draft of Kyber and is NOT
|
|
11
|
+
* interoperable with FIPS 203 — see `tests/interop/historical/` and
|
|
12
|
+
* `package-docs/GAPS_AND_TASKS.md` (PQC-02 result). 0.4.0 is an intentional
|
|
13
|
+
* clean break: legacy draft-Kyber material cannot be read by this version.
|
|
14
|
+
*
|
|
15
|
+
* Sizes (ML-KEM-1024):
|
|
16
|
+
* publicKey 1568 bytes
|
|
17
|
+
* secretKey 3168 bytes
|
|
18
|
+
* ciphertext 1568 bytes
|
|
19
|
+
* sharedSecret 32 bytes
|
|
20
|
+
*
|
|
21
|
+
* Suite tag for new material: "ML-KEM-1024-FIPS203".
|
|
9
22
|
*/
|
|
10
23
|
interface KyberKeypair {
|
|
11
24
|
publicKey: Uint8Array;
|
|
@@ -19,29 +32,34 @@ interface KyberEncapsulation {
|
|
|
19
32
|
ciphertext: Uint8Array;
|
|
20
33
|
sharedSecret: Uint8Array;
|
|
21
34
|
}
|
|
35
|
+
/** Canonical suite identifier for new material produced by this package. */
|
|
36
|
+
declare const KYBER_SUITE: "ML-KEM-1024-FIPS203";
|
|
37
|
+
type KyberSuite = typeof KYBER_SUITE;
|
|
38
|
+
/**
|
|
39
|
+
* @deprecated Always returns true. Retained for API stability across the
|
|
40
|
+
* 0.3.x → 0.4.x cut. The noble backend is statically imported and always
|
|
41
|
+
* present; there is no runtime feature-detection path.
|
|
42
|
+
*/
|
|
22
43
|
declare function isKyberAvailable(): Promise<boolean>;
|
|
23
44
|
/**
|
|
24
|
-
* Generate a
|
|
45
|
+
* Generate a fresh ML-KEM-1024 keypair using a cryptographically random seed.
|
|
25
46
|
*/
|
|
26
47
|
declare function generateKyberKeypair(): Promise<KyberKeypairB64 | null>;
|
|
27
48
|
/**
|
|
28
|
-
*
|
|
49
|
+
* Derive a deterministic ML-KEM-1024 keypair from a 64-byte seed.
|
|
50
|
+
* Same seed → byte-identical keypair, across runtimes (Node, browser).
|
|
51
|
+
*
|
|
52
|
+
* The seed is passed verbatim to the FIPS 203 keygen. Callers that need
|
|
53
|
+
* domain separation between Kyber and other key types must apply it
|
|
54
|
+
* upstream (e.g. via SHA-256 with a domain tag) before calling.
|
|
29
55
|
*/
|
|
56
|
+
declare function generateKyberKeypairFromSeed(seed: Uint8Array): KyberKeypair;
|
|
30
57
|
declare function kyberEncapsulate(pubKeyB64: string): Promise<KyberEncapsulation>;
|
|
31
|
-
/**
|
|
32
|
-
* Decapsulate a shared secret using Kyber ML-KEM-768.
|
|
33
|
-
*/
|
|
34
58
|
declare function kyberDecapsulate(kemCiphertextB64: string, secretKeyB64: string): Promise<Uint8Array>;
|
|
35
|
-
/**
|
|
36
|
-
* Wrap a message key using Kyber shared secret.
|
|
37
|
-
*/
|
|
38
59
|
declare function kyberWrapKey(sharedSecret: Uint8Array, msgKey32: Uint8Array): {
|
|
39
60
|
nonce: string;
|
|
40
61
|
wrapped: string;
|
|
41
62
|
};
|
|
42
|
-
/**
|
|
43
|
-
* Unwrap a message key using Kyber shared secret.
|
|
44
|
-
*/
|
|
45
63
|
declare function kyberUnwrapKey(sharedSecret: Uint8Array, nonceB64: string, wrappedB64: string): Uint8Array | null;
|
|
46
64
|
|
|
47
65
|
/**
|
|
@@ -87,38 +105,13 @@ interface HybridSecretKeys {
|
|
|
87
105
|
/** Kyber secret key (base64) */
|
|
88
106
|
kyberSecB64: string;
|
|
89
107
|
}
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
/** Algorithm suite */
|
|
94
|
-
suite: typeof ENVELOPE_SUITE;
|
|
95
|
-
/** AEAD algorithm */
|
|
96
|
-
aead: typeof ENVELOPE_AEAD;
|
|
97
|
-
/** X25519 ephemeral public key (hex) */
|
|
98
|
-
x25519Epk: string;
|
|
99
|
-
/** X25519 wrapped content key */
|
|
100
|
-
x25519Wrap: {
|
|
101
|
-
nonce: string;
|
|
102
|
-
wrapped: string;
|
|
103
|
-
};
|
|
104
|
-
/** Kyber KEM ciphertext (base64) */
|
|
105
|
-
kyberKemCt: string;
|
|
106
|
-
/** Kyber wrapped content key */
|
|
107
|
-
kyberWrap: {
|
|
108
|
-
nonce: string;
|
|
109
|
-
wrapped: string;
|
|
110
|
-
};
|
|
111
|
-
/** Content encryption nonce (base64) */
|
|
112
|
-
contentNonce: string;
|
|
113
|
-
/** Encrypted content (base64) */
|
|
114
|
-
ciphertext: string;
|
|
115
|
-
/** Metadata */
|
|
116
|
-
meta: {
|
|
117
|
-
createdAt: string;
|
|
108
|
+
|
|
109
|
+
type HybridEnvelope = Omit<OmniHybridV1, 'meta'> & {
|
|
110
|
+
meta: OmniHybridV1['meta'] & {
|
|
118
111
|
senderName?: string;
|
|
119
112
|
senderId?: string;
|
|
120
113
|
};
|
|
121
|
-
}
|
|
114
|
+
};
|
|
122
115
|
/**
|
|
123
116
|
* Generate a new hybrid identity with both X25519 and Kyber keys.
|
|
124
117
|
*/
|
|
@@ -638,4 +631,4 @@ declare const BOX_KEY_SIZE: number;
|
|
|
638
631
|
/** NaCl box nonce size (24 bytes) */
|
|
639
632
|
declare const BOX_NONCE_SIZE: number;
|
|
640
633
|
|
|
641
|
-
export { BLAKE3_BLOCK_SIZE, BLAKE3_KEY_LENGTH, BLAKE3_OUTPUT_LENGTH, BOX_KEY_SIZE, BOX_NONCE_SIZE, type Blake3Options, type BoxPayload, CHACHA20_KEY_SIZE, CHACHA20_NONCE_SIZE, type ChaChaPayload, type ClassicalWrap, DILITHIUM_ALGORITHM, DILITHIUM_PUBLIC_KEY_SIZE, DILITHIUM_SECRET_KEY_SIZE, DILITHIUM_SIGNATURE_SIZE, type DilithiumKeypair, type DilithiumKeypairB64, type DilithiumSignature, HKDF_SHA256_MAX_OUTPUT, HKDF_SHA256_OUTPUT_SIZE, HKDF_SHA512_MAX_OUTPUT, HKDF_SHA512_OUTPUT_SIZE, type HkdfHash, type HkdfOptions, type HybridEnvelope, type HybridIdentity, type HybridPublicKeys, type HybridSecretKeys, type KyberEncapsulation, type KyberKeypair, type KyberKeypairB64, POLY1305_TAG_SIZE, SECRETBOX_KEY_SIZE, SECRETBOX_NONCE_SIZE, SECRETBOX_OVERHEAD, type SecretboxPayload, type X25519Keypair, type X25519KeypairHex, XCHACHA20_NONCE_SIZE, assertLen, b64, blake3, blake3DeriveKey, blake3Hex, blake3Mac, boxDecrypt, boxEncrypt, boxUnwrapWithX25519, boxWrapWithX25519, chaCha20Poly1305Decrypt, chaCha20Poly1305Encrypt, createChaCha20Poly1305, createXChaCha20Poly1305, deriveKeyFromShared, dilithiumSign, dilithiumSignRaw, dilithiumVerify, dilithiumVerifyRaw, fromB64, fromHex, generateDilithiumKeypair, generateDilithiumKeypairFromSeed, generateHybridIdentity, generateKyberKeypair, generateX25519Keypair, generateX25519KeypairFromSeed, getPublicKeys, getSecretKeys, hkdfDerive, hkdfExpand, hkdfExtract, hkdfSha256, hkdfSplitForNoise, hkdfTripleSplitForNoise, hybridDecrypt, hybridDecryptToString, hybridEncrypt, isDilithiumAvailable, isKyberAvailable, kyberDecapsulate, kyberEncapsulate, kyberUnwrapKey, kyberWrapKey, rand12, rand24, rand32, randN, rotateHybridIdentity, secretboxDecrypt, secretboxDecryptString, secretboxEncrypt, secretboxEncryptString, secretboxOpenRaw, secretboxRaw, sha256, sha256String, textDecoder, textEncoder, toB64, toHex, u8, ub64, x25519SharedSecret, xChaCha20Poly1305Decrypt, xChaCha20Poly1305Encrypt };
|
|
634
|
+
export { BLAKE3_BLOCK_SIZE, BLAKE3_KEY_LENGTH, BLAKE3_OUTPUT_LENGTH, BOX_KEY_SIZE, BOX_NONCE_SIZE, type Blake3Options, type BoxPayload, CHACHA20_KEY_SIZE, CHACHA20_NONCE_SIZE, type ChaChaPayload, type ClassicalWrap, DILITHIUM_ALGORITHM, DILITHIUM_PUBLIC_KEY_SIZE, DILITHIUM_SECRET_KEY_SIZE, DILITHIUM_SIGNATURE_SIZE, type DilithiumKeypair, type DilithiumKeypairB64, type DilithiumSignature, HKDF_SHA256_MAX_OUTPUT, HKDF_SHA256_OUTPUT_SIZE, HKDF_SHA512_MAX_OUTPUT, HKDF_SHA512_OUTPUT_SIZE, type HkdfHash, type HkdfOptions, type HybridEnvelope, type HybridIdentity, type HybridPublicKeys, type HybridSecretKeys, KYBER_SUITE, type KyberEncapsulation, type KyberKeypair, type KyberKeypairB64, type KyberSuite, POLY1305_TAG_SIZE, SECRETBOX_KEY_SIZE, SECRETBOX_NONCE_SIZE, SECRETBOX_OVERHEAD, type SecretboxPayload, type X25519Keypair, type X25519KeypairHex, XCHACHA20_NONCE_SIZE, assertLen, b64, blake3, blake3DeriveKey, blake3Hex, blake3Mac, boxDecrypt, boxEncrypt, boxUnwrapWithX25519, boxWrapWithX25519, chaCha20Poly1305Decrypt, chaCha20Poly1305Encrypt, createChaCha20Poly1305, createXChaCha20Poly1305, deriveKeyFromShared, dilithiumSign, dilithiumSignRaw, dilithiumVerify, dilithiumVerifyRaw, fromB64, fromHex, generateDilithiumKeypair, generateDilithiumKeypairFromSeed, generateHybridIdentity, generateKyberKeypair, generateKyberKeypairFromSeed, generateX25519Keypair, generateX25519KeypairFromSeed, getPublicKeys, getSecretKeys, hkdfDerive, hkdfExpand, hkdfExtract, hkdfSha256, hkdfSplitForNoise, hkdfTripleSplitForNoise, hybridDecrypt, hybridDecryptToString, hybridEncrypt, isDilithiumAvailable, isKyberAvailable, kyberDecapsulate, kyberEncapsulate, kyberUnwrapKey, kyberWrapKey, rand12, rand24, rand32, randN, rotateHybridIdentity, secretboxDecrypt, secretboxDecryptString, secretboxEncrypt, secretboxEncryptString, secretboxOpenRaw, secretboxRaw, sha256, sha256String, textDecoder, textEncoder, toB64, toHex, u8, ub64, x25519SharedSecret, xChaCha20Poly1305Decrypt, xChaCha20Poly1305Encrypt };
|
package/dist/crypto/index.js
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
import { sha256 as sha256$1, sha512 } from '@noble/hashes/sha2.js';
|
|
2
2
|
import { hmac } from '@noble/hashes/hmac.js';
|
|
3
3
|
import nacl from 'tweetnacl';
|
|
4
|
+
import { ml_kem1024 } from '@noble/post-quantum/ml-kem.js';
|
|
5
|
+
import { OMNI_VERSIONS, DEPRECATED_VERSIONS } from '@omnituum/envelope-registry';
|
|
4
6
|
import { blake3 as blake3$1 } from '@noble/hashes/blake3.js';
|
|
5
7
|
import { chacha20poly1305, xchacha20poly1305 } from '@noble/ciphers/chacha.js';
|
|
6
8
|
import { hkdf, extract, expand } from '@noble/hashes/hkdf.js';
|
|
@@ -192,78 +194,37 @@ function x25519SharedSecret(ourSecretKey, theirPublicKey) {
|
|
|
192
194
|
function deriveKeyFromShared(shared, salt, info) {
|
|
193
195
|
return hkdfSha256(shared, { salt: u8(salt), info: u8(info), length: 32 });
|
|
194
196
|
}
|
|
195
|
-
var
|
|
196
|
-
async function loadKyber() {
|
|
197
|
-
if (kyberModule) return kyberModule;
|
|
198
|
-
try {
|
|
199
|
-
const m = await import('kyber-crystals');
|
|
200
|
-
const k = m.default ?? m;
|
|
201
|
-
kyberModule = k.kyber ?? k;
|
|
202
|
-
return kyberModule;
|
|
203
|
-
} catch (e) {
|
|
204
|
-
console.warn("[Kyber] Failed to load kyber-crystals:", e);
|
|
205
|
-
return null;
|
|
206
|
-
}
|
|
207
|
-
}
|
|
197
|
+
var KYBER_SUITE = "ML-KEM-1024-FIPS203";
|
|
208
198
|
async function isKyberAvailable() {
|
|
209
|
-
|
|
210
|
-
return mod !== null;
|
|
199
|
+
return true;
|
|
211
200
|
}
|
|
212
201
|
async function generateKyberKeypair() {
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
}
|
|
224
|
-
const kp = await fn.call(mod);
|
|
225
|
-
const pub = kp?.publicKey ?? kp?.public ?? kp?.pk;
|
|
226
|
-
const priv = kp?.privateKey ?? kp?.secretKey ?? kp?.secret ?? kp?.sk;
|
|
227
|
-
if (!pub || !priv) {
|
|
228
|
-
console.warn("[Kyber] Invalid keypair result");
|
|
229
|
-
return null;
|
|
230
|
-
}
|
|
231
|
-
return {
|
|
232
|
-
publicB64: b64(new Uint8Array(pub)),
|
|
233
|
-
secretB64: b64(new Uint8Array(priv))
|
|
234
|
-
};
|
|
235
|
-
} catch (e) {
|
|
236
|
-
console.warn("[Kyber] Key generation failed:", e);
|
|
237
|
-
return null;
|
|
202
|
+
const seed = randN(64);
|
|
203
|
+
const kp = ml_kem1024.keygen(seed);
|
|
204
|
+
return {
|
|
205
|
+
publicB64: b64(kp.publicKey),
|
|
206
|
+
secretB64: b64(kp.secretKey)
|
|
207
|
+
};
|
|
208
|
+
}
|
|
209
|
+
function generateKyberKeypairFromSeed(seed) {
|
|
210
|
+
if (seed.length !== 64) {
|
|
211
|
+
throw new Error("Kyber seed must be 64 bytes");
|
|
238
212
|
}
|
|
213
|
+
const kp = ml_kem1024.keygen(seed);
|
|
214
|
+
return { publicKey: kp.publicKey, secretKey: kp.secretKey };
|
|
239
215
|
}
|
|
240
216
|
async function kyberEncapsulate(pubKeyB64) {
|
|
241
|
-
const kyber = await loadKyber();
|
|
242
|
-
if (!kyber?.encrypt) {
|
|
243
|
-
throw new Error("Kyber encrypt not available");
|
|
244
|
-
}
|
|
245
217
|
const pk = ub64(pubKeyB64);
|
|
246
|
-
const
|
|
247
|
-
const ctRaw = r?.ciphertext ?? r?.cyphertext ?? r?.ct ?? r?.bytes?.ciphertext ?? r?.bytes?.cyphertext ?? r?.bytes?.ct ?? (Array.isArray(r) ? r[0] : void 0);
|
|
248
|
-
const ssRaw = r?.key ?? r?.sharedSecret ?? r?.secret ?? r?.bytes?.key ?? r?.bytes?.sharedSecret ?? (Array.isArray(r) ? r[1] : void 0);
|
|
249
|
-
if (!ctRaw || !ssRaw) {
|
|
250
|
-
throw new Error("Kyber encapsulate failed: missing ciphertext or shared secret");
|
|
251
|
-
}
|
|
218
|
+
const enc = ml_kem1024.encapsulate(pk);
|
|
252
219
|
return {
|
|
253
|
-
ciphertext:
|
|
254
|
-
sharedSecret:
|
|
220
|
+
ciphertext: enc.cipherText,
|
|
221
|
+
sharedSecret: enc.sharedSecret
|
|
255
222
|
};
|
|
256
223
|
}
|
|
257
224
|
async function kyberDecapsulate(kemCiphertextB64, secretKeyB64) {
|
|
258
|
-
const kyber = await loadKyber();
|
|
259
|
-
if (!kyber?.decrypt && !kyber?.decapsulate) {
|
|
260
|
-
throw new Error("Kyber decrypt/decapsulate not available");
|
|
261
|
-
}
|
|
262
225
|
const ct = ub64(kemCiphertextB64);
|
|
263
226
|
const sk = ub64(secretKeyB64);
|
|
264
|
-
|
|
265
|
-
const key = r && (r.key ?? r.sharedSecret) ? r.key ?? r.sharedSecret : r;
|
|
266
|
-
return new Uint8Array(key);
|
|
227
|
+
return ml_kem1024.decapsulate(ct, sk);
|
|
267
228
|
}
|
|
268
229
|
function kyberWrapKey(sharedSecret, msgKey32) {
|
|
269
230
|
if (msgKey32.length !== 32) {
|
|
@@ -272,10 +233,7 @@ function kyberWrapKey(sharedSecret, msgKey32) {
|
|
|
272
233
|
const kek = sha256(sharedSecret);
|
|
273
234
|
const nonce = globalThis.crypto.getRandomValues(new Uint8Array(24));
|
|
274
235
|
const wrapped = nacl.secretbox(msgKey32, nonce, kek);
|
|
275
|
-
return {
|
|
276
|
-
nonce: b64(nonce),
|
|
277
|
-
wrapped: b64(wrapped)
|
|
278
|
-
};
|
|
236
|
+
return { nonce: b64(nonce), wrapped: b64(wrapped) };
|
|
279
237
|
}
|
|
280
238
|
function kyberUnwrapKey(sharedSecret, nonceB64, wrappedB64) {
|
|
281
239
|
const kek = sha256(sharedSecret);
|
|
@@ -338,7 +296,7 @@ async function dilithiumSign(message, secretKeyB64) {
|
|
|
338
296
|
}
|
|
339
297
|
const sk = fromB64(secretKeyB64);
|
|
340
298
|
const msg = typeof message === "string" ? new TextEncoder().encode(message) : message;
|
|
341
|
-
const signature = mod.sign(
|
|
299
|
+
const signature = mod.sign(msg, sk);
|
|
342
300
|
return {
|
|
343
301
|
signature: toB64(signature),
|
|
344
302
|
algorithm: "ML-DSA-65"
|
|
@@ -349,7 +307,7 @@ async function dilithiumSignRaw(message, secretKey) {
|
|
|
349
307
|
if (!mod) {
|
|
350
308
|
throw new Error("Dilithium library not available");
|
|
351
309
|
}
|
|
352
|
-
return mod.sign(
|
|
310
|
+
return mod.sign(message, secretKey);
|
|
353
311
|
}
|
|
354
312
|
async function dilithiumVerify(message, signatureB64, publicKeyB64) {
|
|
355
313
|
const mod = await loadDilithium();
|
|
@@ -360,7 +318,7 @@ async function dilithiumVerify(message, signatureB64, publicKeyB64) {
|
|
|
360
318
|
const sig = fromB64(signatureB64);
|
|
361
319
|
const msg = typeof message === "string" ? new TextEncoder().encode(message) : message;
|
|
362
320
|
try {
|
|
363
|
-
return mod.verify(
|
|
321
|
+
return mod.verify(sig, msg, pk);
|
|
364
322
|
} catch {
|
|
365
323
|
return false;
|
|
366
324
|
}
|
|
@@ -371,7 +329,7 @@ async function dilithiumVerifyRaw(message, signature, publicKey) {
|
|
|
371
329
|
throw new Error("Dilithium library not available");
|
|
372
330
|
}
|
|
373
331
|
try {
|
|
374
|
-
return mod.verify(
|
|
332
|
+
return mod.verify(signature, message, publicKey);
|
|
375
333
|
} catch {
|
|
376
334
|
return false;
|
|
377
335
|
}
|
|
@@ -380,10 +338,8 @@ var DILITHIUM_PUBLIC_KEY_SIZE = 1952;
|
|
|
380
338
|
var DILITHIUM_SECRET_KEY_SIZE = 4032;
|
|
381
339
|
var DILITHIUM_SIGNATURE_SIZE = 3309;
|
|
382
340
|
var DILITHIUM_ALGORITHM = "ML-DSA-65";
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
var ENVELOPE_VERSION = "omnituum.hybrid.v1";
|
|
386
|
-
var ENVELOPE_VERSION_LEGACY = "pqc-demo.hybrid.v1";
|
|
341
|
+
var ENVELOPE_VERSION = OMNI_VERSIONS.HYBRID_V1;
|
|
342
|
+
var ENVELOPE_VERSION_LEGACY = DEPRECATED_VERSIONS.PQC_DEMO_HYBRID_V1;
|
|
387
343
|
var ENVELOPE_SUITE = "x25519+kyber768";
|
|
388
344
|
var ENVELOPE_AEAD = "xsalsa20poly1305";
|
|
389
345
|
var SUPPORTED_ENVELOPE_VERSIONS = [
|
|
@@ -712,4 +668,4 @@ var HKDF_SHA512_OUTPUT_SIZE = 64;
|
|
|
712
668
|
var HKDF_SHA256_MAX_OUTPUT = 255 * 32;
|
|
713
669
|
var HKDF_SHA512_MAX_OUTPUT = 255 * 64;
|
|
714
670
|
|
|
715
|
-
export { BLAKE3_BLOCK_SIZE, BLAKE3_KEY_LENGTH, BLAKE3_OUTPUT_LENGTH, BOX_KEY_SIZE, BOX_NONCE_SIZE, CHACHA20_KEY_SIZE, CHACHA20_NONCE_SIZE, DILITHIUM_ALGORITHM, DILITHIUM_PUBLIC_KEY_SIZE, DILITHIUM_SECRET_KEY_SIZE, DILITHIUM_SIGNATURE_SIZE, HKDF_SHA256_MAX_OUTPUT, HKDF_SHA256_OUTPUT_SIZE, HKDF_SHA512_MAX_OUTPUT, HKDF_SHA512_OUTPUT_SIZE, POLY1305_TAG_SIZE, SECRETBOX_KEY_SIZE, SECRETBOX_NONCE_SIZE, SECRETBOX_OVERHEAD, XCHACHA20_NONCE_SIZE, assertLen, b64, blake3, blake3DeriveKey, blake3Hex, blake3Mac, boxDecrypt, boxEncrypt, boxUnwrapWithX25519, boxWrapWithX25519, chaCha20Poly1305Decrypt, chaCha20Poly1305Encrypt, createChaCha20Poly1305, createXChaCha20Poly1305, deriveKeyFromShared, dilithiumSign, dilithiumSignRaw, dilithiumVerify, dilithiumVerifyRaw, fromB64, fromHex, generateDilithiumKeypair, generateDilithiumKeypairFromSeed, generateHybridIdentity, generateKyberKeypair, generateX25519Keypair, generateX25519KeypairFromSeed, getPublicKeys, getSecretKeys, hkdfDerive, hkdfExpand, hkdfExtract, hkdfSha256, hkdfSplitForNoise, hkdfTripleSplitForNoise, hybridDecrypt, hybridDecryptToString, hybridEncrypt, isDilithiumAvailable, isKyberAvailable, kyberDecapsulate, kyberEncapsulate, kyberUnwrapKey, kyberWrapKey, rand12, rand24, rand32, randN, rotateHybridIdentity, secretboxDecrypt, secretboxDecryptString, secretboxEncrypt, secretboxEncryptString, secretboxOpenRaw, secretboxRaw, sha256, sha256String, textDecoder, textEncoder, toB64, toHex, u8, ub64, x25519SharedSecret, xChaCha20Poly1305Decrypt, xChaCha20Poly1305Encrypt };
|
|
671
|
+
export { BLAKE3_BLOCK_SIZE, BLAKE3_KEY_LENGTH, BLAKE3_OUTPUT_LENGTH, BOX_KEY_SIZE, BOX_NONCE_SIZE, CHACHA20_KEY_SIZE, CHACHA20_NONCE_SIZE, DILITHIUM_ALGORITHM, DILITHIUM_PUBLIC_KEY_SIZE, DILITHIUM_SECRET_KEY_SIZE, DILITHIUM_SIGNATURE_SIZE, HKDF_SHA256_MAX_OUTPUT, HKDF_SHA256_OUTPUT_SIZE, HKDF_SHA512_MAX_OUTPUT, HKDF_SHA512_OUTPUT_SIZE, KYBER_SUITE, POLY1305_TAG_SIZE, SECRETBOX_KEY_SIZE, SECRETBOX_NONCE_SIZE, SECRETBOX_OVERHEAD, XCHACHA20_NONCE_SIZE, assertLen, b64, blake3, blake3DeriveKey, blake3Hex, blake3Mac, boxDecrypt, boxEncrypt, boxUnwrapWithX25519, boxWrapWithX25519, chaCha20Poly1305Decrypt, chaCha20Poly1305Encrypt, createChaCha20Poly1305, createXChaCha20Poly1305, deriveKeyFromShared, dilithiumSign, dilithiumSignRaw, dilithiumVerify, dilithiumVerifyRaw, fromB64, fromHex, generateDilithiumKeypair, generateDilithiumKeypairFromSeed, generateHybridIdentity, generateKyberKeypair, generateKyberKeypairFromSeed, generateX25519Keypair, generateX25519KeypairFromSeed, getPublicKeys, getSecretKeys, hkdfDerive, hkdfExpand, hkdfExtract, hkdfSha256, hkdfSplitForNoise, hkdfTripleSplitForNoise, hybridDecrypt, hybridDecryptToString, hybridEncrypt, isDilithiumAvailable, isKyberAvailable, kyberDecapsulate, kyberEncapsulate, kyberUnwrapKey, kyberWrapKey, rand12, rand24, rand32, randN, rotateHybridIdentity, secretboxDecrypt, secretboxDecryptString, secretboxEncrypt, secretboxEncryptString, secretboxOpenRaw, secretboxRaw, sha256, sha256String, textDecoder, textEncoder, toB64, toHex, u8, ub64, x25519SharedSecret, xChaCha20Poly1305Decrypt, xChaCha20Poly1305Encrypt };
|