@omnituum/pqc-shared 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/dist/crypto/index.cjs +29 -71
  2. package/dist/crypto/index.d.cts +38 -45
  3. package/dist/crypto/index.d.ts +38 -45
  4. package/dist/crypto/index.js +28 -72
  5. package/dist/crypto/safe/index.cjs +556 -0
  6. package/dist/crypto/safe/index.d.cts +341 -0
  7. package/dist/crypto/safe/index.d.ts +341 -0
  8. package/dist/crypto/safe/index.js +524 -0
  9. package/dist/fs/index.cjs +6 -34
  10. package/dist/fs/index.js +6 -34
  11. package/dist/index.cjs +29 -71
  12. package/dist/index.d.cts +4 -4
  13. package/dist/index.d.ts +4 -4
  14. package/dist/index.js +28 -72
  15. package/dist/{integrity-CCYjrap3.d.ts → integrity-BPvNsC50.d.ts} +1 -1
  16. package/dist/{integrity-Dx9jukMH.d.cts → integrity-ByMp24VA.d.cts} +1 -1
  17. package/dist/{types-61c7Q9ri.d.ts → types-Dx_AFqow.d.cts} +54 -2
  18. package/dist/{types-Ch0y-n7K.d.cts → types-Dx_AFqow.d.ts} +54 -2
  19. package/dist/utils/index.d.cts +2 -3
  20. package/dist/utils/index.d.ts +2 -3
  21. package/dist/vault/index.cjs +13 -41
  22. package/dist/vault/index.d.cts +2 -3
  23. package/dist/vault/index.d.ts +2 -3
  24. package/dist/vault/index.js +13 -41
  25. package/package.json +27 -13
  26. package/src/crypto/dilithium.ts +8 -4
  27. package/src/crypto/hybrid.ts +13 -29
  28. package/src/crypto/index.ts +3 -0
  29. package/src/crypto/kyber.ts +63 -121
  30. package/src/crypto/safe/adapters.ts +306 -0
  31. package/src/crypto/safe/dilithium.ts +74 -0
  32. package/src/crypto/safe/index.ts +97 -0
  33. package/src/crypto/safe/kyber.ts +47 -0
  34. package/src/crypto/safe/manifests.ts +192 -0
  35. package/src/crypto/safe/secretbox.ts +24 -0
  36. package/src/crypto/safe/types.ts +88 -0
  37. package/src/crypto/safe/x25519.ts +31 -0
  38. package/src/index.ts +7 -4
  39. package/src/version.ts +9 -4
  40. package/dist/version-BygzPVGs.d.cts +0 -55
  41. package/dist/version-BygzPVGs.d.ts +0 -55
@@ -3,6 +3,8 @@
3
3
  var sha2_js = require('@noble/hashes/sha2.js');
4
4
  var hmac_js = require('@noble/hashes/hmac.js');
5
5
  var nacl = require('tweetnacl');
6
+ var mlKem_js = require('@noble/post-quantum/ml-kem.js');
7
+ var envelopeRegistry = require('@omnituum/envelope-registry');
6
8
  var blake3_js = require('@noble/hashes/blake3.js');
7
9
  var chacha_js = require('@noble/ciphers/chacha.js');
8
10
  var hkdf_js = require('@noble/hashes/hkdf.js');
@@ -198,78 +200,37 @@ function x25519SharedSecret(ourSecretKey, theirPublicKey) {
198
200
  function deriveKeyFromShared(shared, salt, info) {
199
201
  return hkdfSha256(shared, { salt: u8(salt), info: u8(info), length: 32 });
200
202
  }
201
- var kyberModule = null;
202
- async function loadKyber() {
203
- if (kyberModule) return kyberModule;
204
- try {
205
- const m = await import('kyber-crystals');
206
- const k = m.default ?? m;
207
- kyberModule = k.kyber ?? k;
208
- return kyberModule;
209
- } catch (e) {
210
- console.warn("[Kyber] Failed to load kyber-crystals:", e);
211
- return null;
212
- }
213
- }
203
+ var KYBER_SUITE = "ML-KEM-1024-FIPS203";
214
204
  async function isKyberAvailable() {
215
- const mod = await loadKyber();
216
- return mod !== null;
205
+ return true;
217
206
  }
218
207
  async function generateKyberKeypair() {
219
- try {
220
- const mod = await loadKyber();
221
- if (!mod) return null;
222
- if (mod?.ready?.then) {
223
- await mod.ready;
224
- }
225
- const fn = mod?.keypair ?? mod?.keyPair ?? mod?.generateKeyPair ?? null;
226
- if (typeof fn !== "function") {
227
- console.warn("[Kyber] No keypair function found");
228
- return null;
229
- }
230
- const kp = await fn.call(mod);
231
- const pub = kp?.publicKey ?? kp?.public ?? kp?.pk;
232
- const priv = kp?.privateKey ?? kp?.secretKey ?? kp?.secret ?? kp?.sk;
233
- if (!pub || !priv) {
234
- console.warn("[Kyber] Invalid keypair result");
235
- return null;
236
- }
237
- return {
238
- publicB64: b64(new Uint8Array(pub)),
239
- secretB64: b64(new Uint8Array(priv))
240
- };
241
- } catch (e) {
242
- console.warn("[Kyber] Key generation failed:", e);
243
- return null;
208
+ const seed = randN(64);
209
+ const kp = mlKem_js.ml_kem1024.keygen(seed);
210
+ return {
211
+ publicB64: b64(kp.publicKey),
212
+ secretB64: b64(kp.secretKey)
213
+ };
214
+ }
215
+ function generateKyberKeypairFromSeed(seed) {
216
+ if (seed.length !== 64) {
217
+ throw new Error("Kyber seed must be 64 bytes");
244
218
  }
219
+ const kp = mlKem_js.ml_kem1024.keygen(seed);
220
+ return { publicKey: kp.publicKey, secretKey: kp.secretKey };
245
221
  }
246
222
  async function kyberEncapsulate(pubKeyB64) {
247
- const kyber = await loadKyber();
248
- if (!kyber?.encrypt) {
249
- throw new Error("Kyber encrypt not available");
250
- }
251
223
  const pk = ub64(pubKeyB64);
252
- const r = await kyber.encrypt(pk);
253
- const ctRaw = r?.ciphertext ?? r?.cyphertext ?? r?.ct ?? r?.bytes?.ciphertext ?? r?.bytes?.cyphertext ?? r?.bytes?.ct ?? (Array.isArray(r) ? r[0] : void 0);
254
- const ssRaw = r?.key ?? r?.sharedSecret ?? r?.secret ?? r?.bytes?.key ?? r?.bytes?.sharedSecret ?? (Array.isArray(r) ? r[1] : void 0);
255
- if (!ctRaw || !ssRaw) {
256
- throw new Error("Kyber encapsulate failed: missing ciphertext or shared secret");
257
- }
224
+ const enc = mlKem_js.ml_kem1024.encapsulate(pk);
258
225
  return {
259
- ciphertext: new Uint8Array(ctRaw),
260
- sharedSecret: new Uint8Array(ssRaw)
226
+ ciphertext: enc.cipherText,
227
+ sharedSecret: enc.sharedSecret
261
228
  };
262
229
  }
263
230
  async function kyberDecapsulate(kemCiphertextB64, secretKeyB64) {
264
- const kyber = await loadKyber();
265
- if (!kyber?.decrypt && !kyber?.decapsulate) {
266
- throw new Error("Kyber decrypt/decapsulate not available");
267
- }
268
231
  const ct = ub64(kemCiphertextB64);
269
232
  const sk = ub64(secretKeyB64);
270
- const r = kyber.decrypt ? await kyber.decrypt(ct, sk) : await kyber.decapsulate(ct, sk);
271
- const key = r && (r.key ?? r.sharedSecret) ? r.key ?? r.sharedSecret : r;
272
- return new Uint8Array(key);
233
+ return mlKem_js.ml_kem1024.decapsulate(ct, sk);
273
234
  }
274
235
  function kyberWrapKey(sharedSecret, msgKey32) {
275
236
  if (msgKey32.length !== 32) {
@@ -278,10 +239,7 @@ function kyberWrapKey(sharedSecret, msgKey32) {
278
239
  const kek = sha256(sharedSecret);
279
240
  const nonce = globalThis.crypto.getRandomValues(new Uint8Array(24));
280
241
  const wrapped = nacl__default.default.secretbox(msgKey32, nonce, kek);
281
- return {
282
- nonce: b64(nonce),
283
- wrapped: b64(wrapped)
284
- };
242
+ return { nonce: b64(nonce), wrapped: b64(wrapped) };
285
243
  }
286
244
  function kyberUnwrapKey(sharedSecret, nonceB64, wrappedB64) {
287
245
  const kek = sha256(sharedSecret);
@@ -344,7 +302,7 @@ async function dilithiumSign(message, secretKeyB64) {
344
302
  }
345
303
  const sk = fromB64(secretKeyB64);
346
304
  const msg = typeof message === "string" ? new TextEncoder().encode(message) : message;
347
- const signature = mod.sign(sk, msg);
305
+ const signature = mod.sign(msg, sk);
348
306
  return {
349
307
  signature: toB64(signature),
350
308
  algorithm: "ML-DSA-65"
@@ -355,7 +313,7 @@ async function dilithiumSignRaw(message, secretKey) {
355
313
  if (!mod) {
356
314
  throw new Error("Dilithium library not available");
357
315
  }
358
- return mod.sign(secretKey, message);
316
+ return mod.sign(message, secretKey);
359
317
  }
360
318
  async function dilithiumVerify(message, signatureB64, publicKeyB64) {
361
319
  const mod = await loadDilithium();
@@ -366,7 +324,7 @@ async function dilithiumVerify(message, signatureB64, publicKeyB64) {
366
324
  const sig = fromB64(signatureB64);
367
325
  const msg = typeof message === "string" ? new TextEncoder().encode(message) : message;
368
326
  try {
369
- return mod.verify(pk, msg, sig);
327
+ return mod.verify(sig, msg, pk);
370
328
  } catch {
371
329
  return false;
372
330
  }
@@ -377,7 +335,7 @@ async function dilithiumVerifyRaw(message, signature, publicKey) {
377
335
  throw new Error("Dilithium library not available");
378
336
  }
379
337
  try {
380
- return mod.verify(publicKey, message, signature);
338
+ return mod.verify(signature, message, publicKey);
381
339
  } catch {
382
340
  return false;
383
341
  }
@@ -386,10 +344,8 @@ var DILITHIUM_PUBLIC_KEY_SIZE = 1952;
386
344
  var DILITHIUM_SECRET_KEY_SIZE = 4032;
387
345
  var DILITHIUM_SIGNATURE_SIZE = 3309;
388
346
  var DILITHIUM_ALGORITHM = "ML-DSA-65";
389
-
390
- // src/version.ts
391
- var ENVELOPE_VERSION = "omnituum.hybrid.v1";
392
- var ENVELOPE_VERSION_LEGACY = "pqc-demo.hybrid.v1";
347
+ var ENVELOPE_VERSION = envelopeRegistry.OMNI_VERSIONS.HYBRID_V1;
348
+ var ENVELOPE_VERSION_LEGACY = envelopeRegistry.DEPRECATED_VERSIONS.PQC_DEMO_HYBRID_V1;
393
349
  var ENVELOPE_SUITE = "x25519+kyber768";
394
350
  var ENVELOPE_AEAD = "xsalsa20poly1305";
395
351
  var SUPPORTED_ENVELOPE_VERSIONS = [
@@ -733,6 +689,7 @@ exports.HKDF_SHA256_MAX_OUTPUT = HKDF_SHA256_MAX_OUTPUT;
733
689
  exports.HKDF_SHA256_OUTPUT_SIZE = HKDF_SHA256_OUTPUT_SIZE;
734
690
  exports.HKDF_SHA512_MAX_OUTPUT = HKDF_SHA512_MAX_OUTPUT;
735
691
  exports.HKDF_SHA512_OUTPUT_SIZE = HKDF_SHA512_OUTPUT_SIZE;
692
+ exports.KYBER_SUITE = KYBER_SUITE;
736
693
  exports.POLY1305_TAG_SIZE = POLY1305_TAG_SIZE;
737
694
  exports.SECRETBOX_KEY_SIZE = SECRETBOX_KEY_SIZE;
738
695
  exports.SECRETBOX_NONCE_SIZE = SECRETBOX_NONCE_SIZE;
@@ -763,6 +720,7 @@ exports.generateDilithiumKeypair = generateDilithiumKeypair;
763
720
  exports.generateDilithiumKeypairFromSeed = generateDilithiumKeypairFromSeed;
764
721
  exports.generateHybridIdentity = generateHybridIdentity;
765
722
  exports.generateKyberKeypair = generateKyberKeypair;
723
+ exports.generateKyberKeypairFromSeed = generateKyberKeypairFromSeed;
766
724
  exports.generateX25519Keypair = generateX25519Keypair;
767
725
  exports.generateX25519KeypairFromSeed = generateX25519KeypairFromSeed;
768
726
  exports.getPublicKeys = getPublicKeys;
@@ -1,11 +1,24 @@
1
- import { E as ENVELOPE_VERSION, f as ENVELOPE_SUITE, g as ENVELOPE_AEAD } from '../version-BygzPVGs.cjs';
1
+ import { OmniHybridV1 } from '@omnituum/envelope-registry';
2
2
  import * as _noble_ciphers_utils_js from '@noble/ciphers/utils.js';
3
3
 
4
4
  /**
5
- * Omnituum PQC Shared - Kyber ML-KEM-768
5
+ * Omnituum PQC Shared Kyber (ML-KEM-1024, FIPS 203)
6
6
  *
7
- * Browser-compatible Kyber operations using kyber-crystals.
8
- * NIST Level 3 security - quantum-resistant.
7
+ * Backend: @noble/post-quantum `ml_kem1024`. NIST FIPS 203 (final, 2024).
8
+ *
9
+ * Wire-format note: previous releases (<= 0.3.x) of this package were backed by
10
+ * `kyber-crystals`, which implements an earlier draft of Kyber and is NOT
11
+ * interoperable with FIPS 203 — see `tests/interop/historical/` and
12
+ * `package-docs/GAPS_AND_TASKS.md` (PQC-02 result). 0.4.0 is an intentional
13
+ * clean break: legacy draft-Kyber material cannot be read by this version.
14
+ *
15
+ * Sizes (ML-KEM-1024):
16
+ * publicKey 1568 bytes
17
+ * secretKey 3168 bytes
18
+ * ciphertext 1568 bytes
19
+ * sharedSecret 32 bytes
20
+ *
21
+ * Suite tag for new material: "ML-KEM-1024-FIPS203".
9
22
  */
10
23
  interface KyberKeypair {
11
24
  publicKey: Uint8Array;
@@ -19,29 +32,34 @@ interface KyberEncapsulation {
19
32
  ciphertext: Uint8Array;
20
33
  sharedSecret: Uint8Array;
21
34
  }
35
+ /** Canonical suite identifier for new material produced by this package. */
36
+ declare const KYBER_SUITE: "ML-KEM-1024-FIPS203";
37
+ type KyberSuite = typeof KYBER_SUITE;
38
+ /**
39
+ * @deprecated Always returns true. Retained for API stability across the
40
+ * 0.3.x → 0.4.x cut. The noble backend is statically imported and always
41
+ * present; there is no runtime feature-detection path.
42
+ */
22
43
  declare function isKyberAvailable(): Promise<boolean>;
23
44
  /**
24
- * Generate a Kyber ML-KEM-768 keypair.
45
+ * Generate a fresh ML-KEM-1024 keypair using a cryptographically random seed.
25
46
  */
26
47
  declare function generateKyberKeypair(): Promise<KyberKeypairB64 | null>;
27
48
  /**
28
- * Encapsulate a shared secret using Kyber ML-KEM-768.
49
+ * Derive a deterministic ML-KEM-1024 keypair from a 64-byte seed.
50
+ * Same seed → byte-identical keypair, across runtimes (Node, browser).
51
+ *
52
+ * The seed is passed verbatim to the FIPS 203 keygen. Callers that need
53
+ * domain separation between Kyber and other key types must apply it
54
+ * upstream (e.g. via SHA-256 with a domain tag) before calling.
29
55
  */
56
+ declare function generateKyberKeypairFromSeed(seed: Uint8Array): KyberKeypair;
30
57
  declare function kyberEncapsulate(pubKeyB64: string): Promise<KyberEncapsulation>;
31
- /**
32
- * Decapsulate a shared secret using Kyber ML-KEM-768.
33
- */
34
58
  declare function kyberDecapsulate(kemCiphertextB64: string, secretKeyB64: string): Promise<Uint8Array>;
35
- /**
36
- * Wrap a message key using Kyber shared secret.
37
- */
38
59
  declare function kyberWrapKey(sharedSecret: Uint8Array, msgKey32: Uint8Array): {
39
60
  nonce: string;
40
61
  wrapped: string;
41
62
  };
42
- /**
43
- * Unwrap a message key using Kyber shared secret.
44
- */
45
63
  declare function kyberUnwrapKey(sharedSecret: Uint8Array, nonceB64: string, wrappedB64: string): Uint8Array | null;
46
64
 
47
65
  /**
@@ -87,38 +105,13 @@ interface HybridSecretKeys {
87
105
  /** Kyber secret key (base64) */
88
106
  kyberSecB64: string;
89
107
  }
90
- interface HybridEnvelope {
91
- /** Version identifier (FROZEN - see pqc-docs/specs/envelope.v1.md) */
92
- v: typeof ENVELOPE_VERSION;
93
- /** Algorithm suite */
94
- suite: typeof ENVELOPE_SUITE;
95
- /** AEAD algorithm */
96
- aead: typeof ENVELOPE_AEAD;
97
- /** X25519 ephemeral public key (hex) */
98
- x25519Epk: string;
99
- /** X25519 wrapped content key */
100
- x25519Wrap: {
101
- nonce: string;
102
- wrapped: string;
103
- };
104
- /** Kyber KEM ciphertext (base64) */
105
- kyberKemCt: string;
106
- /** Kyber wrapped content key */
107
- kyberWrap: {
108
- nonce: string;
109
- wrapped: string;
110
- };
111
- /** Content encryption nonce (base64) */
112
- contentNonce: string;
113
- /** Encrypted content (base64) */
114
- ciphertext: string;
115
- /** Metadata */
116
- meta: {
117
- createdAt: string;
108
+
109
+ type HybridEnvelope = Omit<OmniHybridV1, 'meta'> & {
110
+ meta: OmniHybridV1['meta'] & {
118
111
  senderName?: string;
119
112
  senderId?: string;
120
113
  };
121
- }
114
+ };
122
115
  /**
123
116
  * Generate a new hybrid identity with both X25519 and Kyber keys.
124
117
  */
@@ -638,4 +631,4 @@ declare const BOX_KEY_SIZE: number;
638
631
  /** NaCl box nonce size (24 bytes) */
639
632
  declare const BOX_NONCE_SIZE: number;
640
633
 
641
- export { BLAKE3_BLOCK_SIZE, BLAKE3_KEY_LENGTH, BLAKE3_OUTPUT_LENGTH, BOX_KEY_SIZE, BOX_NONCE_SIZE, type Blake3Options, type BoxPayload, CHACHA20_KEY_SIZE, CHACHA20_NONCE_SIZE, type ChaChaPayload, type ClassicalWrap, DILITHIUM_ALGORITHM, DILITHIUM_PUBLIC_KEY_SIZE, DILITHIUM_SECRET_KEY_SIZE, DILITHIUM_SIGNATURE_SIZE, type DilithiumKeypair, type DilithiumKeypairB64, type DilithiumSignature, HKDF_SHA256_MAX_OUTPUT, HKDF_SHA256_OUTPUT_SIZE, HKDF_SHA512_MAX_OUTPUT, HKDF_SHA512_OUTPUT_SIZE, type HkdfHash, type HkdfOptions, type HybridEnvelope, type HybridIdentity, type HybridPublicKeys, type HybridSecretKeys, type KyberEncapsulation, type KyberKeypair, type KyberKeypairB64, POLY1305_TAG_SIZE, SECRETBOX_KEY_SIZE, SECRETBOX_NONCE_SIZE, SECRETBOX_OVERHEAD, type SecretboxPayload, type X25519Keypair, type X25519KeypairHex, XCHACHA20_NONCE_SIZE, assertLen, b64, blake3, blake3DeriveKey, blake3Hex, blake3Mac, boxDecrypt, boxEncrypt, boxUnwrapWithX25519, boxWrapWithX25519, chaCha20Poly1305Decrypt, chaCha20Poly1305Encrypt, createChaCha20Poly1305, createXChaCha20Poly1305, deriveKeyFromShared, dilithiumSign, dilithiumSignRaw, dilithiumVerify, dilithiumVerifyRaw, fromB64, fromHex, generateDilithiumKeypair, generateDilithiumKeypairFromSeed, generateHybridIdentity, generateKyberKeypair, generateX25519Keypair, generateX25519KeypairFromSeed, getPublicKeys, getSecretKeys, hkdfDerive, hkdfExpand, hkdfExtract, hkdfSha256, hkdfSplitForNoise, hkdfTripleSplitForNoise, hybridDecrypt, hybridDecryptToString, hybridEncrypt, isDilithiumAvailable, isKyberAvailable, kyberDecapsulate, kyberEncapsulate, kyberUnwrapKey, kyberWrapKey, rand12, rand24, rand32, randN, rotateHybridIdentity, secretboxDecrypt, secretboxDecryptString, secretboxEncrypt, secretboxEncryptString, secretboxOpenRaw, secretboxRaw, sha256, sha256String, textDecoder, textEncoder, toB64, toHex, u8, ub64, x25519SharedSecret, xChaCha20Poly1305Decrypt, xChaCha20Poly1305Encrypt };
634
+ export { BLAKE3_BLOCK_SIZE, BLAKE3_KEY_LENGTH, BLAKE3_OUTPUT_LENGTH, BOX_KEY_SIZE, BOX_NONCE_SIZE, type Blake3Options, type BoxPayload, CHACHA20_KEY_SIZE, CHACHA20_NONCE_SIZE, type ChaChaPayload, type ClassicalWrap, DILITHIUM_ALGORITHM, DILITHIUM_PUBLIC_KEY_SIZE, DILITHIUM_SECRET_KEY_SIZE, DILITHIUM_SIGNATURE_SIZE, type DilithiumKeypair, type DilithiumKeypairB64, type DilithiumSignature, HKDF_SHA256_MAX_OUTPUT, HKDF_SHA256_OUTPUT_SIZE, HKDF_SHA512_MAX_OUTPUT, HKDF_SHA512_OUTPUT_SIZE, type HkdfHash, type HkdfOptions, type HybridEnvelope, type HybridIdentity, type HybridPublicKeys, type HybridSecretKeys, KYBER_SUITE, type KyberEncapsulation, type KyberKeypair, type KyberKeypairB64, type KyberSuite, POLY1305_TAG_SIZE, SECRETBOX_KEY_SIZE, SECRETBOX_NONCE_SIZE, SECRETBOX_OVERHEAD, type SecretboxPayload, type X25519Keypair, type X25519KeypairHex, XCHACHA20_NONCE_SIZE, assertLen, b64, blake3, blake3DeriveKey, blake3Hex, blake3Mac, boxDecrypt, boxEncrypt, boxUnwrapWithX25519, boxWrapWithX25519, chaCha20Poly1305Decrypt, chaCha20Poly1305Encrypt, createChaCha20Poly1305, createXChaCha20Poly1305, deriveKeyFromShared, dilithiumSign, dilithiumSignRaw, dilithiumVerify, dilithiumVerifyRaw, fromB64, fromHex, generateDilithiumKeypair, generateDilithiumKeypairFromSeed, generateHybridIdentity, generateKyberKeypair, generateKyberKeypairFromSeed, generateX25519Keypair, generateX25519KeypairFromSeed, getPublicKeys, getSecretKeys, hkdfDerive, hkdfExpand, hkdfExtract, hkdfSha256, hkdfSplitForNoise, hkdfTripleSplitForNoise, hybridDecrypt, hybridDecryptToString, hybridEncrypt, isDilithiumAvailable, isKyberAvailable, kyberDecapsulate, kyberEncapsulate, kyberUnwrapKey, kyberWrapKey, rand12, rand24, rand32, randN, rotateHybridIdentity, secretboxDecrypt, secretboxDecryptString, secretboxEncrypt, secretboxEncryptString, secretboxOpenRaw, secretboxRaw, sha256, sha256String, textDecoder, textEncoder, toB64, toHex, u8, ub64, x25519SharedSecret, xChaCha20Poly1305Decrypt, xChaCha20Poly1305Encrypt };
@@ -1,11 +1,24 @@
1
- import { E as ENVELOPE_VERSION, f as ENVELOPE_SUITE, g as ENVELOPE_AEAD } from '../version-BygzPVGs.js';
1
+ import { OmniHybridV1 } from '@omnituum/envelope-registry';
2
2
  import * as _noble_ciphers_utils_js from '@noble/ciphers/utils.js';
3
3
 
4
4
  /**
5
- * Omnituum PQC Shared - Kyber ML-KEM-768
5
+ * Omnituum PQC Shared Kyber (ML-KEM-1024, FIPS 203)
6
6
  *
7
- * Browser-compatible Kyber operations using kyber-crystals.
8
- * NIST Level 3 security - quantum-resistant.
7
+ * Backend: @noble/post-quantum `ml_kem1024`. NIST FIPS 203 (final, 2024).
8
+ *
9
+ * Wire-format note: previous releases (<= 0.3.x) of this package were backed by
10
+ * `kyber-crystals`, which implements an earlier draft of Kyber and is NOT
11
+ * interoperable with FIPS 203 — see `tests/interop/historical/` and
12
+ * `package-docs/GAPS_AND_TASKS.md` (PQC-02 result). 0.4.0 is an intentional
13
+ * clean break: legacy draft-Kyber material cannot be read by this version.
14
+ *
15
+ * Sizes (ML-KEM-1024):
16
+ * publicKey 1568 bytes
17
+ * secretKey 3168 bytes
18
+ * ciphertext 1568 bytes
19
+ * sharedSecret 32 bytes
20
+ *
21
+ * Suite tag for new material: "ML-KEM-1024-FIPS203".
9
22
  */
10
23
  interface KyberKeypair {
11
24
  publicKey: Uint8Array;
@@ -19,29 +32,34 @@ interface KyberEncapsulation {
19
32
  ciphertext: Uint8Array;
20
33
  sharedSecret: Uint8Array;
21
34
  }
35
+ /** Canonical suite identifier for new material produced by this package. */
36
+ declare const KYBER_SUITE: "ML-KEM-1024-FIPS203";
37
+ type KyberSuite = typeof KYBER_SUITE;
38
+ /**
39
+ * @deprecated Always returns true. Retained for API stability across the
40
+ * 0.3.x → 0.4.x cut. The noble backend is statically imported and always
41
+ * present; there is no runtime feature-detection path.
42
+ */
22
43
  declare function isKyberAvailable(): Promise<boolean>;
23
44
  /**
24
- * Generate a Kyber ML-KEM-768 keypair.
45
+ * Generate a fresh ML-KEM-1024 keypair using a cryptographically random seed.
25
46
  */
26
47
  declare function generateKyberKeypair(): Promise<KyberKeypairB64 | null>;
27
48
  /**
28
- * Encapsulate a shared secret using Kyber ML-KEM-768.
49
+ * Derive a deterministic ML-KEM-1024 keypair from a 64-byte seed.
50
+ * Same seed → byte-identical keypair, across runtimes (Node, browser).
51
+ *
52
+ * The seed is passed verbatim to the FIPS 203 keygen. Callers that need
53
+ * domain separation between Kyber and other key types must apply it
54
+ * upstream (e.g. via SHA-256 with a domain tag) before calling.
29
55
  */
56
+ declare function generateKyberKeypairFromSeed(seed: Uint8Array): KyberKeypair;
30
57
  declare function kyberEncapsulate(pubKeyB64: string): Promise<KyberEncapsulation>;
31
- /**
32
- * Decapsulate a shared secret using Kyber ML-KEM-768.
33
- */
34
58
  declare function kyberDecapsulate(kemCiphertextB64: string, secretKeyB64: string): Promise<Uint8Array>;
35
- /**
36
- * Wrap a message key using Kyber shared secret.
37
- */
38
59
  declare function kyberWrapKey(sharedSecret: Uint8Array, msgKey32: Uint8Array): {
39
60
  nonce: string;
40
61
  wrapped: string;
41
62
  };
42
- /**
43
- * Unwrap a message key using Kyber shared secret.
44
- */
45
63
  declare function kyberUnwrapKey(sharedSecret: Uint8Array, nonceB64: string, wrappedB64: string): Uint8Array | null;
46
64
 
47
65
  /**
@@ -87,38 +105,13 @@ interface HybridSecretKeys {
87
105
  /** Kyber secret key (base64) */
88
106
  kyberSecB64: string;
89
107
  }
90
- interface HybridEnvelope {
91
- /** Version identifier (FROZEN - see pqc-docs/specs/envelope.v1.md) */
92
- v: typeof ENVELOPE_VERSION;
93
- /** Algorithm suite */
94
- suite: typeof ENVELOPE_SUITE;
95
- /** AEAD algorithm */
96
- aead: typeof ENVELOPE_AEAD;
97
- /** X25519 ephemeral public key (hex) */
98
- x25519Epk: string;
99
- /** X25519 wrapped content key */
100
- x25519Wrap: {
101
- nonce: string;
102
- wrapped: string;
103
- };
104
- /** Kyber KEM ciphertext (base64) */
105
- kyberKemCt: string;
106
- /** Kyber wrapped content key */
107
- kyberWrap: {
108
- nonce: string;
109
- wrapped: string;
110
- };
111
- /** Content encryption nonce (base64) */
112
- contentNonce: string;
113
- /** Encrypted content (base64) */
114
- ciphertext: string;
115
- /** Metadata */
116
- meta: {
117
- createdAt: string;
108
+
109
+ type HybridEnvelope = Omit<OmniHybridV1, 'meta'> & {
110
+ meta: OmniHybridV1['meta'] & {
118
111
  senderName?: string;
119
112
  senderId?: string;
120
113
  };
121
- }
114
+ };
122
115
  /**
123
116
  * Generate a new hybrid identity with both X25519 and Kyber keys.
124
117
  */
@@ -638,4 +631,4 @@ declare const BOX_KEY_SIZE: number;
638
631
  /** NaCl box nonce size (24 bytes) */
639
632
  declare const BOX_NONCE_SIZE: number;
640
633
 
641
- export { BLAKE3_BLOCK_SIZE, BLAKE3_KEY_LENGTH, BLAKE3_OUTPUT_LENGTH, BOX_KEY_SIZE, BOX_NONCE_SIZE, type Blake3Options, type BoxPayload, CHACHA20_KEY_SIZE, CHACHA20_NONCE_SIZE, type ChaChaPayload, type ClassicalWrap, DILITHIUM_ALGORITHM, DILITHIUM_PUBLIC_KEY_SIZE, DILITHIUM_SECRET_KEY_SIZE, DILITHIUM_SIGNATURE_SIZE, type DilithiumKeypair, type DilithiumKeypairB64, type DilithiumSignature, HKDF_SHA256_MAX_OUTPUT, HKDF_SHA256_OUTPUT_SIZE, HKDF_SHA512_MAX_OUTPUT, HKDF_SHA512_OUTPUT_SIZE, type HkdfHash, type HkdfOptions, type HybridEnvelope, type HybridIdentity, type HybridPublicKeys, type HybridSecretKeys, type KyberEncapsulation, type KyberKeypair, type KyberKeypairB64, POLY1305_TAG_SIZE, SECRETBOX_KEY_SIZE, SECRETBOX_NONCE_SIZE, SECRETBOX_OVERHEAD, type SecretboxPayload, type X25519Keypair, type X25519KeypairHex, XCHACHA20_NONCE_SIZE, assertLen, b64, blake3, blake3DeriveKey, blake3Hex, blake3Mac, boxDecrypt, boxEncrypt, boxUnwrapWithX25519, boxWrapWithX25519, chaCha20Poly1305Decrypt, chaCha20Poly1305Encrypt, createChaCha20Poly1305, createXChaCha20Poly1305, deriveKeyFromShared, dilithiumSign, dilithiumSignRaw, dilithiumVerify, dilithiumVerifyRaw, fromB64, fromHex, generateDilithiumKeypair, generateDilithiumKeypairFromSeed, generateHybridIdentity, generateKyberKeypair, generateX25519Keypair, generateX25519KeypairFromSeed, getPublicKeys, getSecretKeys, hkdfDerive, hkdfExpand, hkdfExtract, hkdfSha256, hkdfSplitForNoise, hkdfTripleSplitForNoise, hybridDecrypt, hybridDecryptToString, hybridEncrypt, isDilithiumAvailable, isKyberAvailable, kyberDecapsulate, kyberEncapsulate, kyberUnwrapKey, kyberWrapKey, rand12, rand24, rand32, randN, rotateHybridIdentity, secretboxDecrypt, secretboxDecryptString, secretboxEncrypt, secretboxEncryptString, secretboxOpenRaw, secretboxRaw, sha256, sha256String, textDecoder, textEncoder, toB64, toHex, u8, ub64, x25519SharedSecret, xChaCha20Poly1305Decrypt, xChaCha20Poly1305Encrypt };
634
+ export { BLAKE3_BLOCK_SIZE, BLAKE3_KEY_LENGTH, BLAKE3_OUTPUT_LENGTH, BOX_KEY_SIZE, BOX_NONCE_SIZE, type Blake3Options, type BoxPayload, CHACHA20_KEY_SIZE, CHACHA20_NONCE_SIZE, type ChaChaPayload, type ClassicalWrap, DILITHIUM_ALGORITHM, DILITHIUM_PUBLIC_KEY_SIZE, DILITHIUM_SECRET_KEY_SIZE, DILITHIUM_SIGNATURE_SIZE, type DilithiumKeypair, type DilithiumKeypairB64, type DilithiumSignature, HKDF_SHA256_MAX_OUTPUT, HKDF_SHA256_OUTPUT_SIZE, HKDF_SHA512_MAX_OUTPUT, HKDF_SHA512_OUTPUT_SIZE, type HkdfHash, type HkdfOptions, type HybridEnvelope, type HybridIdentity, type HybridPublicKeys, type HybridSecretKeys, KYBER_SUITE, type KyberEncapsulation, type KyberKeypair, type KyberKeypairB64, type KyberSuite, POLY1305_TAG_SIZE, SECRETBOX_KEY_SIZE, SECRETBOX_NONCE_SIZE, SECRETBOX_OVERHEAD, type SecretboxPayload, type X25519Keypair, type X25519KeypairHex, XCHACHA20_NONCE_SIZE, assertLen, b64, blake3, blake3DeriveKey, blake3Hex, blake3Mac, boxDecrypt, boxEncrypt, boxUnwrapWithX25519, boxWrapWithX25519, chaCha20Poly1305Decrypt, chaCha20Poly1305Encrypt, createChaCha20Poly1305, createXChaCha20Poly1305, deriveKeyFromShared, dilithiumSign, dilithiumSignRaw, dilithiumVerify, dilithiumVerifyRaw, fromB64, fromHex, generateDilithiumKeypair, generateDilithiumKeypairFromSeed, generateHybridIdentity, generateKyberKeypair, generateKyberKeypairFromSeed, generateX25519Keypair, generateX25519KeypairFromSeed, getPublicKeys, getSecretKeys, hkdfDerive, hkdfExpand, hkdfExtract, hkdfSha256, hkdfSplitForNoise, hkdfTripleSplitForNoise, hybridDecrypt, hybridDecryptToString, hybridEncrypt, isDilithiumAvailable, isKyberAvailable, kyberDecapsulate, kyberEncapsulate, kyberUnwrapKey, kyberWrapKey, rand12, rand24, rand32, randN, rotateHybridIdentity, secretboxDecrypt, secretboxDecryptString, secretboxEncrypt, secretboxEncryptString, secretboxOpenRaw, secretboxRaw, sha256, sha256String, textDecoder, textEncoder, toB64, toHex, u8, ub64, x25519SharedSecret, xChaCha20Poly1305Decrypt, xChaCha20Poly1305Encrypt };
@@ -1,6 +1,8 @@
1
1
  import { sha256 as sha256$1, sha512 } from '@noble/hashes/sha2.js';
2
2
  import { hmac } from '@noble/hashes/hmac.js';
3
3
  import nacl from 'tweetnacl';
4
+ import { ml_kem1024 } from '@noble/post-quantum/ml-kem.js';
5
+ import { OMNI_VERSIONS, DEPRECATED_VERSIONS } from '@omnituum/envelope-registry';
4
6
  import { blake3 as blake3$1 } from '@noble/hashes/blake3.js';
5
7
  import { chacha20poly1305, xchacha20poly1305 } from '@noble/ciphers/chacha.js';
6
8
  import { hkdf, extract, expand } from '@noble/hashes/hkdf.js';
@@ -192,78 +194,37 @@ function x25519SharedSecret(ourSecretKey, theirPublicKey) {
192
194
  function deriveKeyFromShared(shared, salt, info) {
193
195
  return hkdfSha256(shared, { salt: u8(salt), info: u8(info), length: 32 });
194
196
  }
195
- var kyberModule = null;
196
- async function loadKyber() {
197
- if (kyberModule) return kyberModule;
198
- try {
199
- const m = await import('kyber-crystals');
200
- const k = m.default ?? m;
201
- kyberModule = k.kyber ?? k;
202
- return kyberModule;
203
- } catch (e) {
204
- console.warn("[Kyber] Failed to load kyber-crystals:", e);
205
- return null;
206
- }
207
- }
197
+ var KYBER_SUITE = "ML-KEM-1024-FIPS203";
208
198
  async function isKyberAvailable() {
209
- const mod = await loadKyber();
210
- return mod !== null;
199
+ return true;
211
200
  }
212
201
  async function generateKyberKeypair() {
213
- try {
214
- const mod = await loadKyber();
215
- if (!mod) return null;
216
- if (mod?.ready?.then) {
217
- await mod.ready;
218
- }
219
- const fn = mod?.keypair ?? mod?.keyPair ?? mod?.generateKeyPair ?? null;
220
- if (typeof fn !== "function") {
221
- console.warn("[Kyber] No keypair function found");
222
- return null;
223
- }
224
- const kp = await fn.call(mod);
225
- const pub = kp?.publicKey ?? kp?.public ?? kp?.pk;
226
- const priv = kp?.privateKey ?? kp?.secretKey ?? kp?.secret ?? kp?.sk;
227
- if (!pub || !priv) {
228
- console.warn("[Kyber] Invalid keypair result");
229
- return null;
230
- }
231
- return {
232
- publicB64: b64(new Uint8Array(pub)),
233
- secretB64: b64(new Uint8Array(priv))
234
- };
235
- } catch (e) {
236
- console.warn("[Kyber] Key generation failed:", e);
237
- return null;
202
+ const seed = randN(64);
203
+ const kp = ml_kem1024.keygen(seed);
204
+ return {
205
+ publicB64: b64(kp.publicKey),
206
+ secretB64: b64(kp.secretKey)
207
+ };
208
+ }
209
+ function generateKyberKeypairFromSeed(seed) {
210
+ if (seed.length !== 64) {
211
+ throw new Error("Kyber seed must be 64 bytes");
238
212
  }
213
+ const kp = ml_kem1024.keygen(seed);
214
+ return { publicKey: kp.publicKey, secretKey: kp.secretKey };
239
215
  }
240
216
  async function kyberEncapsulate(pubKeyB64) {
241
- const kyber = await loadKyber();
242
- if (!kyber?.encrypt) {
243
- throw new Error("Kyber encrypt not available");
244
- }
245
217
  const pk = ub64(pubKeyB64);
246
- const r = await kyber.encrypt(pk);
247
- const ctRaw = r?.ciphertext ?? r?.cyphertext ?? r?.ct ?? r?.bytes?.ciphertext ?? r?.bytes?.cyphertext ?? r?.bytes?.ct ?? (Array.isArray(r) ? r[0] : void 0);
248
- const ssRaw = r?.key ?? r?.sharedSecret ?? r?.secret ?? r?.bytes?.key ?? r?.bytes?.sharedSecret ?? (Array.isArray(r) ? r[1] : void 0);
249
- if (!ctRaw || !ssRaw) {
250
- throw new Error("Kyber encapsulate failed: missing ciphertext or shared secret");
251
- }
218
+ const enc = ml_kem1024.encapsulate(pk);
252
219
  return {
253
- ciphertext: new Uint8Array(ctRaw),
254
- sharedSecret: new Uint8Array(ssRaw)
220
+ ciphertext: enc.cipherText,
221
+ sharedSecret: enc.sharedSecret
255
222
  };
256
223
  }
257
224
  async function kyberDecapsulate(kemCiphertextB64, secretKeyB64) {
258
- const kyber = await loadKyber();
259
- if (!kyber?.decrypt && !kyber?.decapsulate) {
260
- throw new Error("Kyber decrypt/decapsulate not available");
261
- }
262
225
  const ct = ub64(kemCiphertextB64);
263
226
  const sk = ub64(secretKeyB64);
264
- const r = kyber.decrypt ? await kyber.decrypt(ct, sk) : await kyber.decapsulate(ct, sk);
265
- const key = r && (r.key ?? r.sharedSecret) ? r.key ?? r.sharedSecret : r;
266
- return new Uint8Array(key);
227
+ return ml_kem1024.decapsulate(ct, sk);
267
228
  }
268
229
  function kyberWrapKey(sharedSecret, msgKey32) {
269
230
  if (msgKey32.length !== 32) {
@@ -272,10 +233,7 @@ function kyberWrapKey(sharedSecret, msgKey32) {
272
233
  const kek = sha256(sharedSecret);
273
234
  const nonce = globalThis.crypto.getRandomValues(new Uint8Array(24));
274
235
  const wrapped = nacl.secretbox(msgKey32, nonce, kek);
275
- return {
276
- nonce: b64(nonce),
277
- wrapped: b64(wrapped)
278
- };
236
+ return { nonce: b64(nonce), wrapped: b64(wrapped) };
279
237
  }
280
238
  function kyberUnwrapKey(sharedSecret, nonceB64, wrappedB64) {
281
239
  const kek = sha256(sharedSecret);
@@ -338,7 +296,7 @@ async function dilithiumSign(message, secretKeyB64) {
338
296
  }
339
297
  const sk = fromB64(secretKeyB64);
340
298
  const msg = typeof message === "string" ? new TextEncoder().encode(message) : message;
341
- const signature = mod.sign(sk, msg);
299
+ const signature = mod.sign(msg, sk);
342
300
  return {
343
301
  signature: toB64(signature),
344
302
  algorithm: "ML-DSA-65"
@@ -349,7 +307,7 @@ async function dilithiumSignRaw(message, secretKey) {
349
307
  if (!mod) {
350
308
  throw new Error("Dilithium library not available");
351
309
  }
352
- return mod.sign(secretKey, message);
310
+ return mod.sign(message, secretKey);
353
311
  }
354
312
  async function dilithiumVerify(message, signatureB64, publicKeyB64) {
355
313
  const mod = await loadDilithium();
@@ -360,7 +318,7 @@ async function dilithiumVerify(message, signatureB64, publicKeyB64) {
360
318
  const sig = fromB64(signatureB64);
361
319
  const msg = typeof message === "string" ? new TextEncoder().encode(message) : message;
362
320
  try {
363
- return mod.verify(pk, msg, sig);
321
+ return mod.verify(sig, msg, pk);
364
322
  } catch {
365
323
  return false;
366
324
  }
@@ -371,7 +329,7 @@ async function dilithiumVerifyRaw(message, signature, publicKey) {
371
329
  throw new Error("Dilithium library not available");
372
330
  }
373
331
  try {
374
- return mod.verify(publicKey, message, signature);
332
+ return mod.verify(signature, message, publicKey);
375
333
  } catch {
376
334
  return false;
377
335
  }
@@ -380,10 +338,8 @@ var DILITHIUM_PUBLIC_KEY_SIZE = 1952;
380
338
  var DILITHIUM_SECRET_KEY_SIZE = 4032;
381
339
  var DILITHIUM_SIGNATURE_SIZE = 3309;
382
340
  var DILITHIUM_ALGORITHM = "ML-DSA-65";
383
-
384
- // src/version.ts
385
- var ENVELOPE_VERSION = "omnituum.hybrid.v1";
386
- var ENVELOPE_VERSION_LEGACY = "pqc-demo.hybrid.v1";
341
+ var ENVELOPE_VERSION = OMNI_VERSIONS.HYBRID_V1;
342
+ var ENVELOPE_VERSION_LEGACY = DEPRECATED_VERSIONS.PQC_DEMO_HYBRID_V1;
387
343
  var ENVELOPE_SUITE = "x25519+kyber768";
388
344
  var ENVELOPE_AEAD = "xsalsa20poly1305";
389
345
  var SUPPORTED_ENVELOPE_VERSIONS = [
@@ -712,4 +668,4 @@ var HKDF_SHA512_OUTPUT_SIZE = 64;
712
668
  var HKDF_SHA256_MAX_OUTPUT = 255 * 32;
713
669
  var HKDF_SHA512_MAX_OUTPUT = 255 * 64;
714
670
 
715
- export { BLAKE3_BLOCK_SIZE, BLAKE3_KEY_LENGTH, BLAKE3_OUTPUT_LENGTH, BOX_KEY_SIZE, BOX_NONCE_SIZE, CHACHA20_KEY_SIZE, CHACHA20_NONCE_SIZE, DILITHIUM_ALGORITHM, DILITHIUM_PUBLIC_KEY_SIZE, DILITHIUM_SECRET_KEY_SIZE, DILITHIUM_SIGNATURE_SIZE, HKDF_SHA256_MAX_OUTPUT, HKDF_SHA256_OUTPUT_SIZE, HKDF_SHA512_MAX_OUTPUT, HKDF_SHA512_OUTPUT_SIZE, POLY1305_TAG_SIZE, SECRETBOX_KEY_SIZE, SECRETBOX_NONCE_SIZE, SECRETBOX_OVERHEAD, XCHACHA20_NONCE_SIZE, assertLen, b64, blake3, blake3DeriveKey, blake3Hex, blake3Mac, boxDecrypt, boxEncrypt, boxUnwrapWithX25519, boxWrapWithX25519, chaCha20Poly1305Decrypt, chaCha20Poly1305Encrypt, createChaCha20Poly1305, createXChaCha20Poly1305, deriveKeyFromShared, dilithiumSign, dilithiumSignRaw, dilithiumVerify, dilithiumVerifyRaw, fromB64, fromHex, generateDilithiumKeypair, generateDilithiumKeypairFromSeed, generateHybridIdentity, generateKyberKeypair, generateX25519Keypair, generateX25519KeypairFromSeed, getPublicKeys, getSecretKeys, hkdfDerive, hkdfExpand, hkdfExtract, hkdfSha256, hkdfSplitForNoise, hkdfTripleSplitForNoise, hybridDecrypt, hybridDecryptToString, hybridEncrypt, isDilithiumAvailable, isKyberAvailable, kyberDecapsulate, kyberEncapsulate, kyberUnwrapKey, kyberWrapKey, rand12, rand24, rand32, randN, rotateHybridIdentity, secretboxDecrypt, secretboxDecryptString, secretboxEncrypt, secretboxEncryptString, secretboxOpenRaw, secretboxRaw, sha256, sha256String, textDecoder, textEncoder, toB64, toHex, u8, ub64, x25519SharedSecret, xChaCha20Poly1305Decrypt, xChaCha20Poly1305Encrypt };
671
+ export { BLAKE3_BLOCK_SIZE, BLAKE3_KEY_LENGTH, BLAKE3_OUTPUT_LENGTH, BOX_KEY_SIZE, BOX_NONCE_SIZE, CHACHA20_KEY_SIZE, CHACHA20_NONCE_SIZE, DILITHIUM_ALGORITHM, DILITHIUM_PUBLIC_KEY_SIZE, DILITHIUM_SECRET_KEY_SIZE, DILITHIUM_SIGNATURE_SIZE, HKDF_SHA256_MAX_OUTPUT, HKDF_SHA256_OUTPUT_SIZE, HKDF_SHA512_MAX_OUTPUT, HKDF_SHA512_OUTPUT_SIZE, KYBER_SUITE, POLY1305_TAG_SIZE, SECRETBOX_KEY_SIZE, SECRETBOX_NONCE_SIZE, SECRETBOX_OVERHEAD, XCHACHA20_NONCE_SIZE, assertLen, b64, blake3, blake3DeriveKey, blake3Hex, blake3Mac, boxDecrypt, boxEncrypt, boxUnwrapWithX25519, boxWrapWithX25519, chaCha20Poly1305Decrypt, chaCha20Poly1305Encrypt, createChaCha20Poly1305, createXChaCha20Poly1305, deriveKeyFromShared, dilithiumSign, dilithiumSignRaw, dilithiumVerify, dilithiumVerifyRaw, fromB64, fromHex, generateDilithiumKeypair, generateDilithiumKeypairFromSeed, generateHybridIdentity, generateKyberKeypair, generateKyberKeypairFromSeed, generateX25519Keypair, generateX25519KeypairFromSeed, getPublicKeys, getSecretKeys, hkdfDerive, hkdfExpand, hkdfExtract, hkdfSha256, hkdfSplitForNoise, hkdfTripleSplitForNoise, hybridDecrypt, hybridDecryptToString, hybridEncrypt, isDilithiumAvailable, isKyberAvailable, kyberDecapsulate, kyberEncapsulate, kyberUnwrapKey, kyberWrapKey, rand12, rand24, rand32, randN, rotateHybridIdentity, secretboxDecrypt, secretboxDecryptString, secretboxEncrypt, secretboxEncryptString, secretboxOpenRaw, secretboxRaw, sha256, sha256String, textDecoder, textEncoder, toB64, toHex, u8, ub64, x25519SharedSecret, xChaCha20Poly1305Decrypt, xChaCha20Poly1305Encrypt };