npm - @oqs/liboqs-js - Versions diffs - 0.15.0 - Mend

@oqs/liboqs-js 0.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (317) hide show

package/LICENSE.md +50 -0
package/README.md +829 -0
package/bin/cli.js +16 -0
package/dist/classic-mceliece-348864.deno.js +0 -0
package/dist/classic-mceliece-348864.min.js +0 -0
package/dist/classic-mceliece-348864f.deno.js +0 -0
package/dist/classic-mceliece-348864f.min.js +0 -0
package/dist/classic-mceliece-460896.deno.js +0 -0
package/dist/classic-mceliece-460896.min.js +0 -0
package/dist/classic-mceliece-460896f.deno.js +0 -0
package/dist/classic-mceliece-460896f.min.js +0 -0
package/dist/classic-mceliece-6688128.deno.js +0 -0
package/dist/classic-mceliece-6688128.min.js +0 -0
package/dist/classic-mceliece-6688128f.deno.js +0 -0
package/dist/classic-mceliece-6688128f.min.js +0 -0
package/dist/classic-mceliece-6960119.deno.js +0 -0
package/dist/classic-mceliece-6960119.min.js +0 -0
package/dist/classic-mceliece-6960119f.deno.js +0 -0
package/dist/classic-mceliece-6960119f.min.js +0 -0
package/dist/classic-mceliece-8192128.deno.js +0 -0
package/dist/classic-mceliece-8192128.min.js +0 -0
package/dist/classic-mceliece-8192128f.deno.js +0 -0
package/dist/classic-mceliece-8192128f.min.js +0 -0
package/dist/cross-rsdp-128-balanced.deno.js +0 -0
package/dist/cross-rsdp-128-balanced.min.js +0 -0
package/dist/cross-rsdp-128-fast.deno.js +0 -0
package/dist/cross-rsdp-128-fast.min.js +0 -0
package/dist/cross-rsdp-128-small.deno.js +0 -0
package/dist/cross-rsdp-128-small.min.js +0 -0
package/dist/cross-rsdp-192-balanced.deno.js +0 -0
package/dist/cross-rsdp-192-balanced.min.js +0 -0
package/dist/cross-rsdp-192-fast.deno.js +0 -0
package/dist/cross-rsdp-192-fast.min.js +0 -0
package/dist/cross-rsdp-192-small.deno.js +0 -0
package/dist/cross-rsdp-192-small.min.js +0 -0
package/dist/cross-rsdp-256-balanced.deno.js +0 -0
package/dist/cross-rsdp-256-balanced.min.js +0 -0
package/dist/cross-rsdp-256-fast.deno.js +0 -0
package/dist/cross-rsdp-256-fast.min.js +0 -0
package/dist/cross-rsdp-256-small.deno.js +0 -0
package/dist/cross-rsdp-256-small.min.js +0 -0
package/dist/cross-rsdpg-128-balanced.deno.js +0 -0
package/dist/cross-rsdpg-128-balanced.min.js +0 -0
package/dist/cross-rsdpg-128-fast.deno.js +0 -0
package/dist/cross-rsdpg-128-fast.min.js +0 -0
package/dist/cross-rsdpg-128-small.deno.js +0 -0
package/dist/cross-rsdpg-128-small.min.js +0 -0
package/dist/cross-rsdpg-192-balanced.deno.js +0 -0
package/dist/cross-rsdpg-192-balanced.min.js +0 -0
package/dist/cross-rsdpg-192-fast.deno.js +0 -0
package/dist/cross-rsdpg-192-fast.min.js +0 -0
package/dist/cross-rsdpg-192-small.deno.js +0 -0
package/dist/cross-rsdpg-192-small.min.js +0 -0
package/dist/cross-rsdpg-256-balanced.deno.js +0 -0
package/dist/cross-rsdpg-256-balanced.min.js +0 -0
package/dist/cross-rsdpg-256-fast.deno.js +0 -0
package/dist/cross-rsdpg-256-fast.min.js +0 -0
package/dist/cross-rsdpg-256-small.deno.js +0 -0
package/dist/cross-rsdpg-256-small.min.js +0 -0
package/dist/falcon-1024.deno.js +0 -0
package/dist/falcon-1024.min.js +0 -0
package/dist/falcon-512.deno.js +0 -0
package/dist/falcon-512.min.js +0 -0
package/dist/falcon-padded-1024.deno.js +0 -0
package/dist/falcon-padded-1024.min.js +0 -0
package/dist/falcon-padded-512.deno.js +0 -0
package/dist/falcon-padded-512.min.js +0 -0
package/dist/frodokem-1344-aes.deno.js +0 -0
package/dist/frodokem-1344-aes.min.js +0 -0
package/dist/frodokem-1344-shake.deno.js +0 -0
package/dist/frodokem-1344-shake.min.js +0 -0
package/dist/frodokem-640-aes.deno.js +0 -0
package/dist/frodokem-640-aes.min.js +0 -0
package/dist/frodokem-640-shake.deno.js +0 -0
package/dist/frodokem-640-shake.min.js +0 -0
package/dist/frodokem-976-aes.deno.js +0 -0
package/dist/frodokem-976-aes.min.js +0 -0
package/dist/frodokem-976-shake.deno.js +0 -0
package/dist/frodokem-976-shake.min.js +0 -0
package/dist/hqc-128.deno.js +0 -0
package/dist/hqc-128.min.js +0 -0
package/dist/hqc-192.deno.js +0 -0
package/dist/hqc-192.min.js +0 -0
package/dist/hqc-256.deno.js +0 -0
package/dist/hqc-256.min.js +0 -0
package/dist/kyber-1024.deno.js +0 -0
package/dist/kyber-1024.min.js +0 -0
package/dist/kyber-512.deno.js +0 -0
package/dist/kyber-512.min.js +0 -0
package/dist/kyber-768.deno.js +0 -0
package/dist/kyber-768.min.js +0 -0
package/dist/mayo-1.deno.js +0 -0
package/dist/mayo-1.min.js +0 -0
package/dist/mayo-2.deno.js +0 -0
package/dist/mayo-2.min.js +0 -0
package/dist/mayo-3.deno.js +0 -0
package/dist/mayo-3.min.js +0 -0
package/dist/mayo-5.deno.js +0 -0
package/dist/mayo-5.min.js +0 -0
package/dist/ml-dsa-44.deno.js +0 -0
package/dist/ml-dsa-44.min.js +0 -0
package/dist/ml-dsa-65.deno.js +0 -0
package/dist/ml-dsa-65.min.js +0 -0
package/dist/ml-dsa-87.deno.js +0 -0
package/dist/ml-dsa-87.min.js +0 -0
package/dist/ml-kem-1024.deno.js +0 -0
package/dist/ml-kem-1024.min.js +0 -0
package/dist/ml-kem-512.deno.js +0 -0
package/dist/ml-kem-512.min.js +0 -0
package/dist/ml-kem-768.deno.js +0 -0
package/dist/ml-kem-768.min.js +0 -0
package/dist/ntru-hps-2048-509.deno.js +0 -0
package/dist/ntru-hps-2048-509.min.js +0 -0
package/dist/ntru-hps-2048-677.deno.js +0 -0
package/dist/ntru-hps-2048-677.min.js +0 -0
package/dist/ntru-hps-4096-1229.deno.js +0 -0
package/dist/ntru-hps-4096-1229.min.js +0 -0
package/dist/ntru-hps-4096-821.deno.js +0 -0
package/dist/ntru-hps-4096-821.min.js +0 -0
package/dist/ntru-hrss-1373.deno.js +0 -0
package/dist/ntru-hrss-1373.min.js +0 -0
package/dist/ntru-hrss-701.deno.js +0 -0
package/dist/ntru-hrss-701.min.js +0 -0
package/dist/ov-iii-pkc-skc.deno.js +0 -0
package/dist/ov-iii-pkc-skc.min.js +0 -0
package/dist/ov-iii-pkc.deno.js +0 -0
package/dist/ov-iii-pkc.min.js +0 -0
package/dist/ov-iii.deno.js +0 -0
package/dist/ov-iii.min.js +0 -0
package/dist/ov-ip-pkc-skc.deno.js +0 -0
package/dist/ov-ip-pkc-skc.min.js +0 -0
package/dist/ov-ip-pkc.deno.js +0 -0
package/dist/ov-ip-pkc.min.js +0 -0
package/dist/ov-ip.deno.js +0 -0
package/dist/ov-ip.min.js +0 -0
package/dist/ov-is-pkc-skc.deno.js +0 -0
package/dist/ov-is-pkc-skc.min.js +0 -0
package/dist/ov-is-pkc.deno.js +0 -0
package/dist/ov-is-pkc.min.js +0 -0
package/dist/ov-is.deno.js +0 -0
package/dist/ov-is.min.js +0 -0
package/dist/ov-v-pkc-skc.deno.js +0 -0
package/dist/ov-v-pkc-skc.min.js +0 -0
package/dist/ov-v-pkc.deno.js +0 -0
package/dist/ov-v-pkc.min.js +0 -0
package/dist/ov-v.deno.js +0 -0
package/dist/ov-v.min.js +0 -0
package/dist/slh-dsa-sha2-128f.deno.js +0 -0
package/dist/slh-dsa-sha2-128f.min.js +0 -0
package/dist/slh-dsa-sha2-128s.deno.js +0 -0
package/dist/slh-dsa-sha2-128s.min.js +0 -0
package/dist/slh-dsa-sha2-192f.deno.js +0 -0
package/dist/slh-dsa-sha2-192f.min.js +0 -0
package/dist/slh-dsa-sha2-192s.deno.js +0 -0
package/dist/slh-dsa-sha2-192s.min.js +0 -0
package/dist/slh-dsa-sha2-256f.deno.js +0 -0
package/dist/slh-dsa-sha2-256f.min.js +0 -0
package/dist/slh-dsa-sha2-256s.deno.js +0 -0
package/dist/slh-dsa-sha2-256s.min.js +0 -0
package/dist/slh-dsa-shake-128f.deno.js +0 -0
package/dist/slh-dsa-shake-128f.min.js +0 -0
package/dist/slh-dsa-shake-128s.deno.js +0 -0
package/dist/slh-dsa-shake-128s.min.js +0 -0
package/dist/slh-dsa-shake-192f.deno.js +0 -0
package/dist/slh-dsa-shake-192f.min.js +0 -0
package/dist/slh-dsa-shake-192s.deno.js +0 -0
package/dist/slh-dsa-shake-192s.min.js +0 -0
package/dist/slh-dsa-shake-256f.deno.js +0 -0
package/dist/slh-dsa-shake-256f.min.js +0 -0
package/dist/slh-dsa-shake-256s.deno.js +0 -0
package/dist/slh-dsa-shake-256s.min.js +0 -0
package/dist/snova-24-5-4-esk.deno.js +0 -0
package/dist/snova-24-5-4-esk.min.js +0 -0
package/dist/snova-24-5-4-shake-esk.deno.js +0 -0
package/dist/snova-24-5-4-shake-esk.min.js +0 -0
package/dist/snova-24-5-4-shake.deno.js +0 -0
package/dist/snova-24-5-4-shake.min.js +0 -0
package/dist/snova-24-5-4.deno.js +0 -0
package/dist/snova-24-5-4.min.js +0 -0
package/dist/snova-24-5-5.deno.js +0 -0
package/dist/snova-24-5-5.min.js +0 -0
package/dist/snova-25-8-3.deno.js +0 -0
package/dist/snova-25-8-3.min.js +0 -0
package/dist/snova-29-6-5.deno.js +0 -0
package/dist/snova-29-6-5.min.js +0 -0
package/dist/snova-37-17-2.deno.js +0 -0
package/dist/snova-37-17-2.min.js +0 -0
package/dist/snova-37-8-4.deno.js +0 -0
package/dist/snova-37-8-4.min.js +0 -0
package/dist/snova-49-11-3.deno.js +0 -0
package/dist/snova-49-11-3.min.js +0 -0
package/dist/snova-56-25-2.deno.js +0 -0
package/dist/snova-56-25-2.min.js +0 -0
package/dist/snova-60-10-4.deno.js +0 -0
package/dist/snova-60-10-4.min.js +0 -0
package/dist/sntrup761.deno.js +0 -0
package/dist/sntrup761.min.js +0 -0
package/package.json +108 -0
package/src/algorithms/kem/classic-mceliece/classic-mceliece-348864.js +336 -0
package/src/algorithms/kem/classic-mceliece/classic-mceliece-348864f.js +336 -0
package/src/algorithms/kem/classic-mceliece/classic-mceliece-460896.js +336 -0
package/src/algorithms/kem/classic-mceliece/classic-mceliece-460896f.js +336 -0
package/src/algorithms/kem/classic-mceliece/classic-mceliece-6688128.js +336 -0
package/src/algorithms/kem/classic-mceliece/classic-mceliece-6688128f.js +336 -0
package/src/algorithms/kem/classic-mceliece/classic-mceliece-6960119.js +336 -0
package/src/algorithms/kem/classic-mceliece/classic-mceliece-6960119f.js +336 -0
package/src/algorithms/kem/classic-mceliece/classic-mceliece-8192128.js +336 -0
package/src/algorithms/kem/classic-mceliece/classic-mceliece-8192128f.js +336 -0
package/src/algorithms/kem/frodokem/efrodokem-1344-aes.js +366 -0
package/src/algorithms/kem/frodokem/efrodokem-1344-shake.js +366 -0
package/src/algorithms/kem/frodokem/efrodokem-640-aes.js +366 -0
package/src/algorithms/kem/frodokem/efrodokem-640-shake.js +366 -0
package/src/algorithms/kem/frodokem/efrodokem-976-aes.js +366 -0
package/src/algorithms/kem/frodokem/efrodokem-976-shake.js +366 -0
package/src/algorithms/kem/frodokem/frodokem-1344-aes.js +366 -0
package/src/algorithms/kem/frodokem/frodokem-1344-shake.js +366 -0
package/src/algorithms/kem/frodokem/frodokem-640-aes.js +366 -0
package/src/algorithms/kem/frodokem/frodokem-640-shake.js +366 -0
package/src/algorithms/kem/frodokem/frodokem-976-aes.js +366 -0
package/src/algorithms/kem/frodokem/frodokem-976-shake.js +366 -0
package/src/algorithms/kem/hqc/hqc-128.js +366 -0
package/src/algorithms/kem/hqc/hqc-192.js +366 -0
package/src/algorithms/kem/hqc/hqc-256.js +366 -0
package/src/algorithms/kem/kyber/kyber-1024.js +349 -0
package/src/algorithms/kem/kyber/kyber-512.js +347 -0
package/src/algorithms/kem/kyber/kyber-768.js +348 -0
package/src/algorithms/kem/ml-kem/ml-kem-1024.js +345 -0
package/src/algorithms/kem/ml-kem/ml-kem-512.js +345 -0
package/src/algorithms/kem/ml-kem/ml-kem-768.js +344 -0
package/src/algorithms/kem/ntru/ntru-hps-2048-509.js +366 -0
package/src/algorithms/kem/ntru/ntru-hps-2048-677.js +366 -0
package/src/algorithms/kem/ntru/ntru-hps-4096-1229.js +366 -0
package/src/algorithms/kem/ntru/ntru-hps-4096-821.js +366 -0
package/src/algorithms/kem/ntru/ntru-hrss-1373.js +366 -0
package/src/algorithms/kem/ntru/ntru-hrss-701.js +366 -0
package/src/algorithms/kem/ntru/sntrup761.js +367 -0
package/src/algorithms/sig/cross/cross-rsdp-128-balanced.js +391 -0
package/src/algorithms/sig/cross/cross-rsdp-128-fast.js +391 -0
package/src/algorithms/sig/cross/cross-rsdp-128-small.js +391 -0
package/src/algorithms/sig/cross/cross-rsdp-192-balanced.js +391 -0
package/src/algorithms/sig/cross/cross-rsdp-192-fast.js +391 -0
package/src/algorithms/sig/cross/cross-rsdp-192-small.js +391 -0
package/src/algorithms/sig/cross/cross-rsdp-256-balanced.js +391 -0
package/src/algorithms/sig/cross/cross-rsdp-256-fast.js +391 -0
package/src/algorithms/sig/cross/cross-rsdp-256-small.js +391 -0
package/src/algorithms/sig/cross/cross-rsdpg-128-balanced.js +391 -0
package/src/algorithms/sig/cross/cross-rsdpg-128-fast.js +391 -0
package/src/algorithms/sig/cross/cross-rsdpg-128-small.js +391 -0
package/src/algorithms/sig/cross/cross-rsdpg-192-balanced.js +391 -0
package/src/algorithms/sig/cross/cross-rsdpg-192-fast.js +391 -0
package/src/algorithms/sig/cross/cross-rsdpg-192-small.js +391 -0
package/src/algorithms/sig/cross/cross-rsdpg-256-balanced.js +391 -0
package/src/algorithms/sig/cross/cross-rsdpg-256-fast.js +391 -0
package/src/algorithms/sig/cross/cross-rsdpg-256-small.js +391 -0
package/src/algorithms/sig/falcon/falcon-1024.js +378 -0
package/src/algorithms/sig/falcon/falcon-512.js +379 -0
package/src/algorithms/sig/falcon/falcon-padded-1024.js +380 -0
package/src/algorithms/sig/falcon/falcon-padded-512.js +380 -0
package/src/algorithms/sig/mayo/mayo-1.js +390 -0
package/src/algorithms/sig/mayo/mayo-2.js +390 -0
package/src/algorithms/sig/mayo/mayo-3.js +390 -0
package/src/algorithms/sig/mayo/mayo-5.js +390 -0
package/src/algorithms/sig/ml-dsa/ml-dsa-44.js +338 -0
package/src/algorithms/sig/ml-dsa/ml-dsa-65.js +338 -0
package/src/algorithms/sig/ml-dsa/ml-dsa-87.js +338 -0
package/src/algorithms/sig/slh-dsa/slh-dsa-sha2-128f.js +367 -0
package/src/algorithms/sig/slh-dsa/slh-dsa-sha2-128s.js +367 -0
package/src/algorithms/sig/slh-dsa/slh-dsa-sha2-192f.js +367 -0
package/src/algorithms/sig/slh-dsa/slh-dsa-sha2-192s.js +367 -0
package/src/algorithms/sig/slh-dsa/slh-dsa-sha2-256f.js +367 -0
package/src/algorithms/sig/slh-dsa/slh-dsa-sha2-256s.js +367 -0
package/src/algorithms/sig/slh-dsa/slh-dsa-shake-128f.js +367 -0
package/src/algorithms/sig/slh-dsa/slh-dsa-shake-128s.js +367 -0
package/src/algorithms/sig/slh-dsa/slh-dsa-shake-192f.js +367 -0
package/src/algorithms/sig/slh-dsa/slh-dsa-shake-192s.js +367 -0
package/src/algorithms/sig/slh-dsa/slh-dsa-shake-256f.js +367 -0
package/src/algorithms/sig/slh-dsa/slh-dsa-shake-256s.js +367 -0
package/src/algorithms/sig/snova/snova-24-5-4-esk.js +391 -0
package/src/algorithms/sig/snova/snova-24-5-4-shake-esk.js +391 -0
package/src/algorithms/sig/snova/snova-24-5-4-shake.js +391 -0
package/src/algorithms/sig/snova/snova-24-5-4.js +391 -0
package/src/algorithms/sig/snova/snova-24-5-5.js +391 -0
package/src/algorithms/sig/snova/snova-25-8-3.js +391 -0
package/src/algorithms/sig/snova/snova-29-6-5.js +391 -0
package/src/algorithms/sig/snova/snova-37-17-2.js +391 -0
package/src/algorithms/sig/snova/snova-37-8-4.js +391 -0
package/src/algorithms/sig/snova/snova-49-11-3.js +391 -0
package/src/algorithms/sig/snova/snova-56-25-2.js +391 -0
package/src/algorithms/sig/snova/snova-60-10-4.js +391 -0
package/src/algorithms/sig/uov/ov-iii-pkc-skc.js +390 -0
package/src/algorithms/sig/uov/ov-iii-pkc.js +390 -0
package/src/algorithms/sig/uov/ov-iii.js +390 -0
package/src/algorithms/sig/uov/ov-ip-pkc-skc.js +390 -0
package/src/algorithms/sig/uov/ov-ip-pkc.js +390 -0
package/src/algorithms/sig/uov/ov-ip.js +390 -0
package/src/algorithms/sig/uov/ov-is-pkc-skc.js +390 -0
package/src/algorithms/sig/uov/ov-is-pkc.js +390 -0
package/src/algorithms/sig/uov/ov-is.js +390 -0
package/src/algorithms/sig/uov/ov-v-pkc-skc.js +390 -0
package/src/algorithms/sig/uov/ov-v-pkc.js +390 -0
package/src/algorithms/sig/uov/ov-v.js +390 -0
package/src/cli/algorithms.js +254 -0
package/src/cli/commands/info.js +35 -0
package/src/cli/commands/kem.js +91 -0
package/src/cli/commands/list.js +30 -0
package/src/cli/commands/sig.js +98 -0
package/src/cli/index.js +86 -0
package/src/cli/io.js +147 -0
package/src/cli/parser.js +64 -0
package/src/core/errors.js +75 -0
package/src/core/validation.js +28 -0
package/src/index.js +164 -0
package/src/kem.js +60 -0
package/src/sig.js +87 -0
package/src/types/algorithms.d.ts +1543 -0
package/src/types/errors.d.ts +60 -0
package/src/types/index.d.ts +9 -0

package/src/algorithms/sig/ml-dsa/ml-dsa-44.js ADDED Viewed

@@ -0,0 +1,338 @@
+/**
+ * @fileoverview ML-DSA-44 signature algorithm implementation
+ * @module algorithms/sig/ml-dsa/ml-dsa-44
+ * @description
+ * ML-DSA-44 is a lattice-based digital signature algorithm providing NIST security level 2.
+ * It is part of the NIST FIPS 204 standard (Module-Lattice-Based Digital Signature Algorithm).
+ *
+ * Key features:
+ * - Lattice-based cryptography (Module-LWE and Module-SIS problems)
+ * - Security Level 2 (128-bit classical, quantum-resistant)
+ * - NIST FIPS 204 standardized
+ * - Strong existential unforgeability under chosen message attack (SUF-CMA)
+ * - Deterministic signing with optional hedged mode
+ *
+ * @see {@link https://csrc.nist.gov/pubs/fips/204/final} - NIST FIPS 204 specification
+ */
+import { LibOQSError, LibOQSInitError, LibOQSOperationError, LibOQSValidationError } from '../../../core/errors.js';
+import { isUint8Array } from '../../../core/validation.js';
+// Dynamic module loading for cross-runtime compatibility
+async function loadModule() {
+  const isDeno = typeof Deno !== 'undefined';
+  const modulePath = isDeno
+    ? `../../../../dist/ml-dsa-44.deno.js`
+    : `../../../../dist/ml-dsa-44.min.js`;
+  const module = await import(modulePath);
+  return module.default;
+}
+/**
+ * ML-DSA-44-INFO algorithm constants and metadata
+ * @type {{readonly name: 'ML-DSA-44', readonly identifier: 'ML-DSA-44', readonly type: 'sig', readonly securityLevel: 2, readonly standardized: true, readonly description: string, readonly keySize: {readonly publicKey: 1312, readonly secretKey: 2560, readonly signature: 2420}}}
+ */
+export const ML_DSA_44_INFO = {
+  name: 'ML-DSA-44',
+  identifier: 'ML-DSA-44',
+  type: 'sig',
+  securityLevel: 2,
+  standardized: true,
+  description: 'NIST FIPS 204 ML-DSA-44 lattice-based signature (NIST Level 2, 128-bit quantum security)',
+  keySize: {
+    publicKey: 1312,
+    secretKey: 2560,
+    signature: 2420
+  }
+};
+/**
+ * Load and initialize ML-DSA-44 module
+ * @returns {Promise<MLDSA44>} Initialized ML-DSA-44 instance
+ * @throws {LibOQSInitError} If initialization fails
+ * @example
+ * import { createMLDSA44 } from '@oqs/liboqs-js';
+ * const sig = await createMLDSA44();
+ */
+export async function createMLDSA44() {
+  const moduleFactory = await loadModule();
+  const wasmModule = await moduleFactory();
+  wasmModule._OQS_init();
+  const algoName = ML_DSA_44_INFO.identifier;
+  const nameLen = wasmModule.lengthBytesUTF8(algoName);
+  const namePtr = wasmModule._malloc(nameLen + 1);
+  wasmModule.stringToUTF8(algoName, namePtr, nameLen + 1);
+  const sigPtr = wasmModule._OQS_SIG_new(namePtr);
+  wasmModule._free(namePtr);
+  if (!sigPtr) {
+    throw new LibOQSInitError('ML-DSA-44', 'Failed to create SIG instance');
+  }
+  return new MLDSA44(wasmModule, sigPtr);
+}
+/**
+ * ML-DSA-44 digital signature wrapper class
+ *
+ * Provides high-level interface for ML-DSA-44 digital signature operations.
+ * Automatically manages WASM memory and validates inputs.
+ *
+ * @class MLDSA44
+ * @example
+ * const sig = await createMLDSA44();
+ * const { publicKey, secretKey } = sig.generateKeyPair();
+ *
+ * const message = new TextEncoder().encode('Hello, quantum world!');
+ * const signature = sig.sign(message, secretKey);
+ *
+ * const isValid = sig.verify(message, signature, publicKey);
+ * console.log('Valid:', isValid); // true
+ *
+ * sig.destroy();
+ */
+export class MLDSA44 {
+  #wasmModule;
+  #sigPtr;
+  #destroyed = false;
+  /**
+   * @param {Object} wasmModule - Emscripten WASM module
+   * @param {number} sigPtr - Pointer to OQS_SIG structure
+   * @private
+   */
+  constructor(wasmModule, sigPtr) {
+    this.#wasmModule = wasmModule;
+    this.#sigPtr = sigPtr;
+  }
+  /**
+   * Generate a new ML-DSA-44 keypair
+   *
+   * Creates a new public/private keypair for digital signatures.
+   * The secret key must be kept confidential.
+   *
+   * @returns {{publicKey: Uint8Array, secretKey: Uint8Array}}
+   * @throws {LibOQSOperationError} If key generation fails
+   * @example
+   * const { publicKey, secretKey } = sig.generateKeyPair();
+   */
+  generateKeyPair() {
+    this.#checkDestroyed();
+    const publicKey = new Uint8Array(ML_DSA_44_INFO.keySize.publicKey);
+    const secretKey = new Uint8Array(ML_DSA_44_INFO.keySize.secretKey);
+    const pkPtr = this.#wasmModule._malloc(publicKey.length);
+    const skPtr = this.#wasmModule._malloc(secretKey.length);
+    try {
+      const result = this.#wasmModule._OQS_SIG_keypair(this.#sigPtr, pkPtr, skPtr);
+      if (result !== 0) {
+        throw new LibOQSOperationError('generateKeyPair', 'ML-DSA-44', 'Key generation failed');
+      }
+      publicKey.set(this.#wasmModule.HEAPU8.subarray(pkPtr, pkPtr + publicKey.length));
+      secretKey.set(this.#wasmModule.HEAPU8.subarray(skPtr, skPtr + secretKey.length));
+      return { publicKey, secretKey };
+    } finally {
+      this.#wasmModule._free(pkPtr);
+      this.#wasmModule._free(skPtr);
+    }
+  }
+  /**
+   * Sign a message using the secret key
+   *
+   * Generates a digital signature for the provided message.
+   * The signature can be verified using the corresponding public key.
+   *
+   * @param {Uint8Array} message - Message to sign (arbitrary length)
+   * @param {Uint8Array} secretKey - Secret key for signing (2560 bytes)
+   * @returns {Uint8Array} Digital signature (up to 2420 bytes)
+   * @throws {LibOQSValidationError} If inputs are invalid
+   * @throws {LibOQSOperationError} If signing fails
+   * @example
+   * const message = new TextEncoder().encode('Hello!');
+   * const signature = sig.sign(message, secretKey);
+   */
+  sign(message, secretKey) {
+    this.#checkDestroyed();
+    this.#validateMessage(message);
+    this.#validateSecretKey(secretKey);
+    const signature = new Uint8Array(ML_DSA_44_INFO.keySize.signature);
+    const sigPtr = this.#wasmModule._malloc(signature.length);
+    const sigLenPtr = this.#wasmModule._malloc(8); // size_t
+    const msgPtr = this.#wasmModule._malloc(message.length);
+    const skPtr = this.#wasmModule._malloc(secretKey.length);
+    try {
+      this.#wasmModule.HEAPU8.set(message, msgPtr);
+      this.#wasmModule.HEAPU8.set(secretKey, skPtr);
+      this.#wasmModule.setValue(sigLenPtr, signature.length, 'i64');
+      const result = this.#wasmModule._OQS_SIG_sign(
+        this.#sigPtr,
+        sigPtr,
+        sigLenPtr,
+        msgPtr,
+        message.length,
+        skPtr
+      );
+      if (result !== 0) {
+        throw new LibOQSOperationError('sign', 'ML-DSA-44', 'Signing failed');
+      }
+      const actualSigLen = this.#wasmModule.getValue(sigLenPtr, 'i32');
+      const actualSignature = new Uint8Array(actualSigLen);
+      actualSignature.set(this.#wasmModule.HEAPU8.subarray(sigPtr, sigPtr + actualSigLen));
+      return actualSignature;
+    } finally {
+      this.#wasmModule._free(sigPtr);
+      this.#wasmModule._free(sigLenPtr);
+      this.#wasmModule._free(msgPtr);
+      this.#wasmModule._free(skPtr);
+    }
+  }
+  /**
+   * Verify a signature against a message using the public key
+   *
+   * Verifies that the signature is valid for the given message and public key.
+   *
+   * @param {Uint8Array} message - Original message that was signed
+   * @param {Uint8Array} signature - Signature to verify
+   * @param {Uint8Array} publicKey - Public key for verification (1312 bytes)
+   * @returns {boolean} True if signature is valid, false otherwise
+   * @throws {LibOQSValidationError} If inputs are invalid
+   * @example
+   * const isValid = sig.verify(message, signature, publicKey);
+   * if (isValid) {
+   *   console.log('Signature is valid!');
+   * }
+   */
+  verify(message, signature, publicKey) {
+    this.#checkDestroyed();
+    this.#validateMessage(message);
+    this.#validateSignature(signature);
+    this.#validatePublicKey(publicKey);
+    const msgPtr = this.#wasmModule._malloc(message.length);
+    const sigPtr = this.#wasmModule._malloc(signature.length);
+    const pkPtr = this.#wasmModule._malloc(publicKey.length);
+    try {
+      this.#wasmModule.HEAPU8.set(message, msgPtr);
+      this.#wasmModule.HEAPU8.set(signature, sigPtr);
+      this.#wasmModule.HEAPU8.set(publicKey, pkPtr);
+      const result = this.#wasmModule._OQS_SIG_verify(
+        this.#sigPtr,
+        msgPtr,
+        message.length,
+        sigPtr,
+        signature.length,
+        pkPtr
+      );
+      return result === 0;
+    } finally {
+      this.#wasmModule._free(msgPtr);
+      this.#wasmModule._free(sigPtr);
+      this.#wasmModule._free(pkPtr);
+    }
+  }
+  /**
+   * Clean up WASM resources
+   *
+   * Frees the native signature structure. The instance cannot be used after calling destroy().
+   *
+   * @example
+   * sig.destroy();
+   */
+  destroy() {
+    if (!this.#destroyed) {
+      if (this.#sigPtr) {
+        this.#wasmModule._OQS_SIG_free(this.#sigPtr);
+        this.#sigPtr = null;
+      }
+      this.#destroyed = true;
+    }
+  }
+  /**
+   * Enables automatic cleanup via `using` declarations
+   * @example
+   * using instance = await create...();
+   * // automatically cleaned up at end of scope
+   */
+  [Symbol.dispose]() {
+    this.destroy();
+  }
+  /**
+   * Get algorithm information
+   * @returns {typeof ML_DSA_44_INFO} Algorithm metadata
+   */
+  get info() {
+    return ML_DSA_44_INFO;
+  }
+  #checkDestroyed() {
+    if (this.#destroyed) {
+      throw new LibOQSError('Instance has been destroyed', 'ML-DSA-44');
+    }
+  }
+  #validateMessage(message) {
+    if (!ArrayBuffer.isView(message) || message.constructor.name !== 'Uint8Array') {
+      throw new LibOQSValidationError(
+        'Message must be Uint8Array',
+        'ML-DSA-44'
+      );
+    }
+  }
+  #validatePublicKey(publicKey) {
+    if (!isUint8Array(publicKey) || publicKey.length !== ML_DSA_44_INFO.keySize.publicKey) {
+      throw new LibOQSValidationError(
+        `Invalid public key: expected ${ML_DSA_44_INFO.keySize.publicKey} bytes, got ${publicKey?.length ?? 'null'}`,
+        'ML-DSA-44'
+      );
+    }
+  }
+  #validateSecretKey(secretKey) {
+    if (!isUint8Array(secretKey) || secretKey.length !== ML_DSA_44_INFO.keySize.secretKey) {
+      throw new LibOQSValidationError(
+        `Invalid secret key: expected ${ML_DSA_44_INFO.keySize.secretKey} bytes, got ${secretKey?.length ?? 'null'}`,
+        'ML-DSA-44'
+      );
+    }
+  }
+  #validateSignature(signature) {
+    if (!isUint8Array(signature)) {
+      throw new LibOQSValidationError(
+        'Signature must be Uint8Array',
+        'ML-DSA-44'
+      );
+    }
+    if (signature.length === 0 || signature.length > ML_DSA_44_INFO.keySize.signature) {
+      throw new LibOQSValidationError(
+        `Invalid signature length: expected up to ${ML_DSA_44_INFO.keySize.signature} bytes, got ${signature.length}`,
+        'ML-DSA-44'
+      );
+    }
+  }
+}

package/src/algorithms/sig/ml-dsa/ml-dsa-65.js ADDED Viewed

@@ -0,0 +1,338 @@
+/**
+ * @fileoverview ML-DSA-65 signature algorithm implementation
+ * @module algorithms/sig/ml-dsa/ml-dsa-65
+ * @description
+ * ML-DSA-65 is a lattice-based digital signature algorithm providing NIST security level 3.
+ * It is part of the NIST FIPS 204 standard (Module-Lattice-Based Digital Signature Algorithm).
+ *
+ * Key features:
+ * - Lattice-based cryptography (Module-LWE and Module-SIS problems)
+ * - Security Level 3 (192-bit classical, quantum-resistant)
+ * - NIST FIPS 204 standardized
+ * - Strong existential unforgeability under chosen message attack (SUF-CMA)
+ * - Deterministic signing with optional hedged mode
+ *
+ * @see {@link https://csrc.nist.gov/pubs/fips/204/final} - NIST FIPS 204 specification
+ */
+import { LibOQSError, LibOQSInitError, LibOQSOperationError, LibOQSValidationError } from '../../../core/errors.js';
+import { isUint8Array } from '../../../core/validation.js';
+// Dynamic module loading for cross-runtime compatibility
+async function loadModule() {
+  const isDeno = typeof Deno !== 'undefined';
+  const modulePath = isDeno
+    ? `../../../../dist/ml-dsa-65.deno.js`
+    : `../../../../dist/ml-dsa-65.min.js`;
+  const module = await import(modulePath);
+  return module.default;
+}
+/**
+ * ML-DSA-65-INFO algorithm constants and metadata
+ * @type {{readonly name: 'ML-DSA-65', readonly identifier: 'ML-DSA-65', readonly type: 'sig', readonly securityLevel: 3, readonly standardized: true, readonly description: string, readonly keySize: {readonly publicKey: 1952, readonly secretKey: 4032, readonly signature: 3309}}}
+ */
+export const ML_DSA_65_INFO = {
+  name: 'ML-DSA-65',
+  identifier: 'ML-DSA-65',
+  type: 'sig',
+  securityLevel: 3,
+  standardized: true,
+  description: 'NIST FIPS 204 ML-DSA-65 lattice-based signature (NIST Level 3, 192-bit quantum security)',
+  keySize: {
+    publicKey: 1952,
+    secretKey: 4032,
+    signature: 3309
+  }
+};
+/**
+ * Load and initialize ML-DSA-65 module
+ * @returns {Promise<MLDSA65>} Initialized ML-DSA-65 instance
+ * @throws {LibOQSInitError} If initialization fails
+ * @example
+ * import { createMLDSA65 } from '@oqs/liboqs-js';
+ * const sig = await createMLDSA65();
+ */
+export async function createMLDSA65() {
+  const moduleFactory = await loadModule();
+  const wasmModule = await moduleFactory();
+  wasmModule._OQS_init();
+  const algoName = ML_DSA_65_INFO.identifier;
+  const nameLen = wasmModule.lengthBytesUTF8(algoName);
+  const namePtr = wasmModule._malloc(nameLen + 1);
+  wasmModule.stringToUTF8(algoName, namePtr, nameLen + 1);
+  const sigPtr = wasmModule._OQS_SIG_new(namePtr);
+  wasmModule._free(namePtr);
+  if (!sigPtr) {
+    throw new LibOQSInitError('ML-DSA-65', 'Failed to create SIG instance');
+  }
+  return new MLDSA65(wasmModule, sigPtr);
+}
+/**
+ * ML-DSA-65 digital signature wrapper class
+ *
+ * Provides high-level interface for ML-DSA-65 digital signature operations.
+ * Automatically manages WASM memory and validates inputs.
+ *
+ * @class MLDSA65
+ * @example
+ * const sig = await createMLDSA65();
+ * const { publicKey, secretKey } = sig.generateKeyPair();
+ *
+ * const message = new TextEncoder().encode('Hello, quantum world!');
+ * const signature = sig.sign(message, secretKey);
+ *
+ * const isValid = sig.verify(message, signature, publicKey);
+ * console.log('Valid:', isValid); // true
+ *
+ * sig.destroy();
+ */
+export class MLDSA65 {
+  #wasmModule;
+  #sigPtr;
+  #destroyed = false;
+  /**
+   * @param {Object} wasmModule - Emscripten WASM module
+   * @param {number} sigPtr - Pointer to OQS_SIG structure
+   * @private
+   */
+  constructor(wasmModule, sigPtr) {
+    this.#wasmModule = wasmModule;
+    this.#sigPtr = sigPtr;
+  }
+  /**
+   * Generate a new ML-DSA-65 keypair
+   *
+   * Creates a new public/private keypair for digital signatures.
+   * The secret key must be kept confidential.
+   *
+   * @returns {{publicKey: Uint8Array, secretKey: Uint8Array}}
+   * @throws {LibOQSOperationError} If key generation fails
+   * @example
+   * const { publicKey, secretKey } = sig.generateKeyPair();
+   */
+  generateKeyPair() {
+    this.#checkDestroyed();
+    const publicKey = new Uint8Array(ML_DSA_65_INFO.keySize.publicKey);
+    const secretKey = new Uint8Array(ML_DSA_65_INFO.keySize.secretKey);
+    const pkPtr = this.#wasmModule._malloc(publicKey.length);
+    const skPtr = this.#wasmModule._malloc(secretKey.length);
+    try {
+      const result = this.#wasmModule._OQS_SIG_keypair(this.#sigPtr, pkPtr, skPtr);
+      if (result !== 0) {
+        throw new LibOQSOperationError('generateKeyPair', 'ML-DSA-65', 'Key generation failed');
+      }
+      publicKey.set(this.#wasmModule.HEAPU8.subarray(pkPtr, pkPtr + publicKey.length));
+      secretKey.set(this.#wasmModule.HEAPU8.subarray(skPtr, skPtr + secretKey.length));
+      return { publicKey, secretKey };
+    } finally {
+      this.#wasmModule._free(pkPtr);
+      this.#wasmModule._free(skPtr);
+    }
+  }
+  /**
+   * Sign a message using the secret key
+   *
+   * Generates a digital signature for the provided message.
+   * The signature can be verified using the corresponding public key.
+   *
+   * @param {Uint8Array} message - Message to sign (arbitrary length)
+   * @param {Uint8Array} secretKey - Secret key for signing (4032 bytes)
+   * @returns {Uint8Array} Digital signature (up to 3309 bytes)
+   * @throws {LibOQSValidationError} If inputs are invalid
+   * @throws {LibOQSOperationError} If signing fails
+   * @example
+   * const message = new TextEncoder().encode('Hello!');
+   * const signature = sig.sign(message, secretKey);
+   */
+  sign(message, secretKey) {
+    this.#checkDestroyed();
+    this.#validateMessage(message);
+    this.#validateSecretKey(secretKey);
+    const signature = new Uint8Array(ML_DSA_65_INFO.keySize.signature);
+    const sigPtr = this.#wasmModule._malloc(signature.length);
+    const sigLenPtr = this.#wasmModule._malloc(8); // size_t
+    const msgPtr = this.#wasmModule._malloc(message.length);
+    const skPtr = this.#wasmModule._malloc(secretKey.length);
+    try {
+      this.#wasmModule.HEAPU8.set(message, msgPtr);
+      this.#wasmModule.HEAPU8.set(secretKey, skPtr);
+      this.#wasmModule.setValue(sigLenPtr, signature.length, 'i64');
+      const result = this.#wasmModule._OQS_SIG_sign(
+        this.#sigPtr,
+        sigPtr,
+        sigLenPtr,
+        msgPtr,
+        message.length,
+        skPtr
+      );
+      if (result !== 0) {
+        throw new LibOQSOperationError('sign', 'ML-DSA-65', 'Signing failed');
+      }
+      const actualSigLen = this.#wasmModule.getValue(sigLenPtr, 'i32');
+      const actualSignature = new Uint8Array(actualSigLen);
+      actualSignature.set(this.#wasmModule.HEAPU8.subarray(sigPtr, sigPtr + actualSigLen));
+      return actualSignature;
+    } finally {
+      this.#wasmModule._free(sigPtr);
+      this.#wasmModule._free(sigLenPtr);
+      this.#wasmModule._free(msgPtr);
+      this.#wasmModule._free(skPtr);
+    }
+  }
+  /**
+   * Verify a signature against a message using the public key
+   *
+   * Verifies that the signature is valid for the given message and public key.
+   *
+   * @param {Uint8Array} message - Original message that was signed
+   * @param {Uint8Array} signature - Signature to verify
+   * @param {Uint8Array} publicKey - Public key for verification (1952 bytes)
+   * @returns {boolean} True if signature is valid, false otherwise
+   * @throws {LibOQSValidationError} If inputs are invalid
+   * @example
+   * const isValid = sig.verify(message, signature, publicKey);
+   * if (isValid) {
+   *   console.log('Signature is valid!');
+   * }
+   */
+  verify(message, signature, publicKey) {
+    this.#checkDestroyed();
+    this.#validateMessage(message);
+    this.#validateSignature(signature);
+    this.#validatePublicKey(publicKey);
+    const msgPtr = this.#wasmModule._malloc(message.length);
+    const sigPtr = this.#wasmModule._malloc(signature.length);
+    const pkPtr = this.#wasmModule._malloc(publicKey.length);
+    try {
+      this.#wasmModule.HEAPU8.set(message, msgPtr);
+      this.#wasmModule.HEAPU8.set(signature, sigPtr);
+      this.#wasmModule.HEAPU8.set(publicKey, pkPtr);
+      const result = this.#wasmModule._OQS_SIG_verify(
+        this.#sigPtr,
+        msgPtr,
+        message.length,
+        sigPtr,
+        signature.length,
+        pkPtr
+      );
+      return result === 0;
+    } finally {
+      this.#wasmModule._free(msgPtr);
+      this.#wasmModule._free(sigPtr);
+      this.#wasmModule._free(pkPtr);
+    }
+  }
+  /**
+   * Clean up WASM resources
+   *
+   * Frees the native signature structure. The instance cannot be used after calling destroy().
+   *
+   * @example
+   * sig.destroy();
+   */
+  destroy() {
+    if (!this.#destroyed) {
+      if (this.#sigPtr) {
+        this.#wasmModule._OQS_SIG_free(this.#sigPtr);
+        this.#sigPtr = null;
+      }
+      this.#destroyed = true;
+    }
+  }
+  /**
+   * Enables automatic cleanup via `using` declarations
+   * @example
+   * using instance = await create...();
+   * // automatically cleaned up at end of scope
+   */
+  [Symbol.dispose]() {
+    this.destroy();
+  }
+  /**
+   * Get algorithm information
+   * @returns {typeof ML_DSA_65_INFO} Algorithm metadata
+   */
+  get info() {
+    return ML_DSA_65_INFO;
+  }
+  #checkDestroyed() {
+    if (this.#destroyed) {
+      throw new LibOQSError('Instance has been destroyed', 'ML-DSA-65');
+    }
+  }
+  #validateMessage(message) {
+    if (!ArrayBuffer.isView(message) || message.constructor.name !== 'Uint8Array') {
+      throw new LibOQSValidationError(
+        'Message must be Uint8Array',
+        'ML-DSA-65'
+      );
+    }
+  }
+  #validatePublicKey(publicKey) {
+    if (!isUint8Array(publicKey) || publicKey.length !== ML_DSA_65_INFO.keySize.publicKey) {
+      throw new LibOQSValidationError(
+        `Invalid public key: expected ${ML_DSA_65_INFO.keySize.publicKey} bytes, got ${publicKey?.length ?? 'null'}`,
+        'ML-DSA-65'
+      );
+    }
+  }
+  #validateSecretKey(secretKey) {
+    if (!isUint8Array(secretKey) || secretKey.length !== ML_DSA_65_INFO.keySize.secretKey) {
+      throw new LibOQSValidationError(
+        `Invalid secret key: expected ${ML_DSA_65_INFO.keySize.secretKey} bytes, got ${secretKey?.length ?? 'null'}`,
+        'ML-DSA-65'
+      );
+    }
+  }
+  #validateSignature(signature) {
+    if (!isUint8Array(signature)) {
+      throw new LibOQSValidationError(
+        'Signature must be Uint8Array',
+        'ML-DSA-65'
+      );
+    }
+    if (signature.length === 0 || signature.length > ML_DSA_65_INFO.keySize.signature) {
+      throw new LibOQSValidationError(
+        `Invalid signature length: expected up to ${ML_DSA_65_INFO.keySize.signature} bytes, got ${signature.length}`,
+        'ML-DSA-65'
+      );
+    }
+  }
+}