npm - @oqs/liboqs-js - Versions diffs - 0.15.0 - Mend

@oqs/liboqs-js 0.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (317) hide show

package/LICENSE.md +50 -0
package/README.md +829 -0
package/bin/cli.js +16 -0
package/dist/classic-mceliece-348864.deno.js +0 -0
package/dist/classic-mceliece-348864.min.js +0 -0
package/dist/classic-mceliece-348864f.deno.js +0 -0
package/dist/classic-mceliece-348864f.min.js +0 -0
package/dist/classic-mceliece-460896.deno.js +0 -0
package/dist/classic-mceliece-460896.min.js +0 -0
package/dist/classic-mceliece-460896f.deno.js +0 -0
package/dist/classic-mceliece-460896f.min.js +0 -0
package/dist/classic-mceliece-6688128.deno.js +0 -0
package/dist/classic-mceliece-6688128.min.js +0 -0
package/dist/classic-mceliece-6688128f.deno.js +0 -0
package/dist/classic-mceliece-6688128f.min.js +0 -0
package/dist/classic-mceliece-6960119.deno.js +0 -0
package/dist/classic-mceliece-6960119.min.js +0 -0
package/dist/classic-mceliece-6960119f.deno.js +0 -0
package/dist/classic-mceliece-6960119f.min.js +0 -0
package/dist/classic-mceliece-8192128.deno.js +0 -0
package/dist/classic-mceliece-8192128.min.js +0 -0
package/dist/classic-mceliece-8192128f.deno.js +0 -0
package/dist/classic-mceliece-8192128f.min.js +0 -0
package/dist/cross-rsdp-128-balanced.deno.js +0 -0
package/dist/cross-rsdp-128-balanced.min.js +0 -0
package/dist/cross-rsdp-128-fast.deno.js +0 -0
package/dist/cross-rsdp-128-fast.min.js +0 -0
package/dist/cross-rsdp-128-small.deno.js +0 -0
package/dist/cross-rsdp-128-small.min.js +0 -0
package/dist/cross-rsdp-192-balanced.deno.js +0 -0
package/dist/cross-rsdp-192-balanced.min.js +0 -0
package/dist/cross-rsdp-192-fast.deno.js +0 -0
package/dist/cross-rsdp-192-fast.min.js +0 -0
package/dist/cross-rsdp-192-small.deno.js +0 -0
package/dist/cross-rsdp-192-small.min.js +0 -0
package/dist/cross-rsdp-256-balanced.deno.js +0 -0
package/dist/cross-rsdp-256-balanced.min.js +0 -0
package/dist/cross-rsdp-256-fast.deno.js +0 -0
package/dist/cross-rsdp-256-fast.min.js +0 -0
package/dist/cross-rsdp-256-small.deno.js +0 -0
package/dist/cross-rsdp-256-small.min.js +0 -0
package/dist/cross-rsdpg-128-balanced.deno.js +0 -0
package/dist/cross-rsdpg-128-balanced.min.js +0 -0
package/dist/cross-rsdpg-128-fast.deno.js +0 -0
package/dist/cross-rsdpg-128-fast.min.js +0 -0
package/dist/cross-rsdpg-128-small.deno.js +0 -0
package/dist/cross-rsdpg-128-small.min.js +0 -0
package/dist/cross-rsdpg-192-balanced.deno.js +0 -0
package/dist/cross-rsdpg-192-balanced.min.js +0 -0
package/dist/cross-rsdpg-192-fast.deno.js +0 -0
package/dist/cross-rsdpg-192-fast.min.js +0 -0
package/dist/cross-rsdpg-192-small.deno.js +0 -0
package/dist/cross-rsdpg-192-small.min.js +0 -0
package/dist/cross-rsdpg-256-balanced.deno.js +0 -0
package/dist/cross-rsdpg-256-balanced.min.js +0 -0
package/dist/cross-rsdpg-256-fast.deno.js +0 -0
package/dist/cross-rsdpg-256-fast.min.js +0 -0
package/dist/cross-rsdpg-256-small.deno.js +0 -0
package/dist/cross-rsdpg-256-small.min.js +0 -0
package/dist/falcon-1024.deno.js +0 -0
package/dist/falcon-1024.min.js +0 -0
package/dist/falcon-512.deno.js +0 -0
package/dist/falcon-512.min.js +0 -0
package/dist/falcon-padded-1024.deno.js +0 -0
package/dist/falcon-padded-1024.min.js +0 -0
package/dist/falcon-padded-512.deno.js +0 -0
package/dist/falcon-padded-512.min.js +0 -0
package/dist/frodokem-1344-aes.deno.js +0 -0
package/dist/frodokem-1344-aes.min.js +0 -0
package/dist/frodokem-1344-shake.deno.js +0 -0
package/dist/frodokem-1344-shake.min.js +0 -0
package/dist/frodokem-640-aes.deno.js +0 -0
package/dist/frodokem-640-aes.min.js +0 -0
package/dist/frodokem-640-shake.deno.js +0 -0
package/dist/frodokem-640-shake.min.js +0 -0
package/dist/frodokem-976-aes.deno.js +0 -0
package/dist/frodokem-976-aes.min.js +0 -0
package/dist/frodokem-976-shake.deno.js +0 -0
package/dist/frodokem-976-shake.min.js +0 -0
package/dist/hqc-128.deno.js +0 -0
package/dist/hqc-128.min.js +0 -0
package/dist/hqc-192.deno.js +0 -0
package/dist/hqc-192.min.js +0 -0
package/dist/hqc-256.deno.js +0 -0
package/dist/hqc-256.min.js +0 -0
package/dist/kyber-1024.deno.js +0 -0
package/dist/kyber-1024.min.js +0 -0
package/dist/kyber-512.deno.js +0 -0
package/dist/kyber-512.min.js +0 -0
package/dist/kyber-768.deno.js +0 -0
package/dist/kyber-768.min.js +0 -0
package/dist/mayo-1.deno.js +0 -0
package/dist/mayo-1.min.js +0 -0
package/dist/mayo-2.deno.js +0 -0
package/dist/mayo-2.min.js +0 -0
package/dist/mayo-3.deno.js +0 -0
package/dist/mayo-3.min.js +0 -0
package/dist/mayo-5.deno.js +0 -0
package/dist/mayo-5.min.js +0 -0
package/dist/ml-dsa-44.deno.js +0 -0
package/dist/ml-dsa-44.min.js +0 -0
package/dist/ml-dsa-65.deno.js +0 -0
package/dist/ml-dsa-65.min.js +0 -0
package/dist/ml-dsa-87.deno.js +0 -0
package/dist/ml-dsa-87.min.js +0 -0
package/dist/ml-kem-1024.deno.js +0 -0
package/dist/ml-kem-1024.min.js +0 -0
package/dist/ml-kem-512.deno.js +0 -0
package/dist/ml-kem-512.min.js +0 -0
package/dist/ml-kem-768.deno.js +0 -0
package/dist/ml-kem-768.min.js +0 -0
package/dist/ntru-hps-2048-509.deno.js +0 -0
package/dist/ntru-hps-2048-509.min.js +0 -0
package/dist/ntru-hps-2048-677.deno.js +0 -0
package/dist/ntru-hps-2048-677.min.js +0 -0
package/dist/ntru-hps-4096-1229.deno.js +0 -0
package/dist/ntru-hps-4096-1229.min.js +0 -0
package/dist/ntru-hps-4096-821.deno.js +0 -0
package/dist/ntru-hps-4096-821.min.js +0 -0
package/dist/ntru-hrss-1373.deno.js +0 -0
package/dist/ntru-hrss-1373.min.js +0 -0
package/dist/ntru-hrss-701.deno.js +0 -0
package/dist/ntru-hrss-701.min.js +0 -0
package/dist/ov-iii-pkc-skc.deno.js +0 -0
package/dist/ov-iii-pkc-skc.min.js +0 -0
package/dist/ov-iii-pkc.deno.js +0 -0
package/dist/ov-iii-pkc.min.js +0 -0
package/dist/ov-iii.deno.js +0 -0
package/dist/ov-iii.min.js +0 -0
package/dist/ov-ip-pkc-skc.deno.js +0 -0
package/dist/ov-ip-pkc-skc.min.js +0 -0
package/dist/ov-ip-pkc.deno.js +0 -0
package/dist/ov-ip-pkc.min.js +0 -0
package/dist/ov-ip.deno.js +0 -0
package/dist/ov-ip.min.js +0 -0
package/dist/ov-is-pkc-skc.deno.js +0 -0
package/dist/ov-is-pkc-skc.min.js +0 -0
package/dist/ov-is-pkc.deno.js +0 -0
package/dist/ov-is-pkc.min.js +0 -0
package/dist/ov-is.deno.js +0 -0
package/dist/ov-is.min.js +0 -0
package/dist/ov-v-pkc-skc.deno.js +0 -0
package/dist/ov-v-pkc-skc.min.js +0 -0
package/dist/ov-v-pkc.deno.js +0 -0
package/dist/ov-v-pkc.min.js +0 -0
package/dist/ov-v.deno.js +0 -0
package/dist/ov-v.min.js +0 -0
package/dist/slh-dsa-sha2-128f.deno.js +0 -0
package/dist/slh-dsa-sha2-128f.min.js +0 -0
package/dist/slh-dsa-sha2-128s.deno.js +0 -0
package/dist/slh-dsa-sha2-128s.min.js +0 -0
package/dist/slh-dsa-sha2-192f.deno.js +0 -0
package/dist/slh-dsa-sha2-192f.min.js +0 -0
package/dist/slh-dsa-sha2-192s.deno.js +0 -0
package/dist/slh-dsa-sha2-192s.min.js +0 -0
package/dist/slh-dsa-sha2-256f.deno.js +0 -0
package/dist/slh-dsa-sha2-256f.min.js +0 -0
package/dist/slh-dsa-sha2-256s.deno.js +0 -0
package/dist/slh-dsa-sha2-256s.min.js +0 -0
package/dist/slh-dsa-shake-128f.deno.js +0 -0
package/dist/slh-dsa-shake-128f.min.js +0 -0
package/dist/slh-dsa-shake-128s.deno.js +0 -0
package/dist/slh-dsa-shake-128s.min.js +0 -0
package/dist/slh-dsa-shake-192f.deno.js +0 -0
package/dist/slh-dsa-shake-192f.min.js +0 -0
package/dist/slh-dsa-shake-192s.deno.js +0 -0
package/dist/slh-dsa-shake-192s.min.js +0 -0
package/dist/slh-dsa-shake-256f.deno.js +0 -0
package/dist/slh-dsa-shake-256f.min.js +0 -0
package/dist/slh-dsa-shake-256s.deno.js +0 -0
package/dist/slh-dsa-shake-256s.min.js +0 -0
package/dist/snova-24-5-4-esk.deno.js +0 -0
package/dist/snova-24-5-4-esk.min.js +0 -0
package/dist/snova-24-5-4-shake-esk.deno.js +0 -0
package/dist/snova-24-5-4-shake-esk.min.js +0 -0
package/dist/snova-24-5-4-shake.deno.js +0 -0
package/dist/snova-24-5-4-shake.min.js +0 -0
package/dist/snova-24-5-4.deno.js +0 -0
package/dist/snova-24-5-4.min.js +0 -0
package/dist/snova-24-5-5.deno.js +0 -0
package/dist/snova-24-5-5.min.js +0 -0
package/dist/snova-25-8-3.deno.js +0 -0
package/dist/snova-25-8-3.min.js +0 -0
package/dist/snova-29-6-5.deno.js +0 -0
package/dist/snova-29-6-5.min.js +0 -0
package/dist/snova-37-17-2.deno.js +0 -0
package/dist/snova-37-17-2.min.js +0 -0
package/dist/snova-37-8-4.deno.js +0 -0
package/dist/snova-37-8-4.min.js +0 -0
package/dist/snova-49-11-3.deno.js +0 -0
package/dist/snova-49-11-3.min.js +0 -0
package/dist/snova-56-25-2.deno.js +0 -0
package/dist/snova-56-25-2.min.js +0 -0
package/dist/snova-60-10-4.deno.js +0 -0
package/dist/snova-60-10-4.min.js +0 -0
package/dist/sntrup761.deno.js +0 -0
package/dist/sntrup761.min.js +0 -0
package/package.json +108 -0
package/src/algorithms/kem/classic-mceliece/classic-mceliece-348864.js +336 -0
package/src/algorithms/kem/classic-mceliece/classic-mceliece-348864f.js +336 -0
package/src/algorithms/kem/classic-mceliece/classic-mceliece-460896.js +336 -0
package/src/algorithms/kem/classic-mceliece/classic-mceliece-460896f.js +336 -0
package/src/algorithms/kem/classic-mceliece/classic-mceliece-6688128.js +336 -0
package/src/algorithms/kem/classic-mceliece/classic-mceliece-6688128f.js +336 -0
package/src/algorithms/kem/classic-mceliece/classic-mceliece-6960119.js +336 -0
package/src/algorithms/kem/classic-mceliece/classic-mceliece-6960119f.js +336 -0
package/src/algorithms/kem/classic-mceliece/classic-mceliece-8192128.js +336 -0
package/src/algorithms/kem/classic-mceliece/classic-mceliece-8192128f.js +336 -0
package/src/algorithms/kem/frodokem/efrodokem-1344-aes.js +366 -0
package/src/algorithms/kem/frodokem/efrodokem-1344-shake.js +366 -0
package/src/algorithms/kem/frodokem/efrodokem-640-aes.js +366 -0
package/src/algorithms/kem/frodokem/efrodokem-640-shake.js +366 -0
package/src/algorithms/kem/frodokem/efrodokem-976-aes.js +366 -0
package/src/algorithms/kem/frodokem/efrodokem-976-shake.js +366 -0
package/src/algorithms/kem/frodokem/frodokem-1344-aes.js +366 -0
package/src/algorithms/kem/frodokem/frodokem-1344-shake.js +366 -0
package/src/algorithms/kem/frodokem/frodokem-640-aes.js +366 -0
package/src/algorithms/kem/frodokem/frodokem-640-shake.js +366 -0
package/src/algorithms/kem/frodokem/frodokem-976-aes.js +366 -0
package/src/algorithms/kem/frodokem/frodokem-976-shake.js +366 -0
package/src/algorithms/kem/hqc/hqc-128.js +366 -0
package/src/algorithms/kem/hqc/hqc-192.js +366 -0
package/src/algorithms/kem/hqc/hqc-256.js +366 -0
package/src/algorithms/kem/kyber/kyber-1024.js +349 -0
package/src/algorithms/kem/kyber/kyber-512.js +347 -0
package/src/algorithms/kem/kyber/kyber-768.js +348 -0
package/src/algorithms/kem/ml-kem/ml-kem-1024.js +345 -0
package/src/algorithms/kem/ml-kem/ml-kem-512.js +345 -0
package/src/algorithms/kem/ml-kem/ml-kem-768.js +344 -0
package/src/algorithms/kem/ntru/ntru-hps-2048-509.js +366 -0
package/src/algorithms/kem/ntru/ntru-hps-2048-677.js +366 -0
package/src/algorithms/kem/ntru/ntru-hps-4096-1229.js +366 -0
package/src/algorithms/kem/ntru/ntru-hps-4096-821.js +366 -0
package/src/algorithms/kem/ntru/ntru-hrss-1373.js +366 -0
package/src/algorithms/kem/ntru/ntru-hrss-701.js +366 -0
package/src/algorithms/kem/ntru/sntrup761.js +367 -0
package/src/algorithms/sig/cross/cross-rsdp-128-balanced.js +391 -0
package/src/algorithms/sig/cross/cross-rsdp-128-fast.js +391 -0
package/src/algorithms/sig/cross/cross-rsdp-128-small.js +391 -0
package/src/algorithms/sig/cross/cross-rsdp-192-balanced.js +391 -0
package/src/algorithms/sig/cross/cross-rsdp-192-fast.js +391 -0
package/src/algorithms/sig/cross/cross-rsdp-192-small.js +391 -0
package/src/algorithms/sig/cross/cross-rsdp-256-balanced.js +391 -0
package/src/algorithms/sig/cross/cross-rsdp-256-fast.js +391 -0
package/src/algorithms/sig/cross/cross-rsdp-256-small.js +391 -0
package/src/algorithms/sig/cross/cross-rsdpg-128-balanced.js +391 -0
package/src/algorithms/sig/cross/cross-rsdpg-128-fast.js +391 -0
package/src/algorithms/sig/cross/cross-rsdpg-128-small.js +391 -0
package/src/algorithms/sig/cross/cross-rsdpg-192-balanced.js +391 -0
package/src/algorithms/sig/cross/cross-rsdpg-192-fast.js +391 -0
package/src/algorithms/sig/cross/cross-rsdpg-192-small.js +391 -0
package/src/algorithms/sig/cross/cross-rsdpg-256-balanced.js +391 -0
package/src/algorithms/sig/cross/cross-rsdpg-256-fast.js +391 -0
package/src/algorithms/sig/cross/cross-rsdpg-256-small.js +391 -0
package/src/algorithms/sig/falcon/falcon-1024.js +378 -0
package/src/algorithms/sig/falcon/falcon-512.js +379 -0
package/src/algorithms/sig/falcon/falcon-padded-1024.js +380 -0
package/src/algorithms/sig/falcon/falcon-padded-512.js +380 -0
package/src/algorithms/sig/mayo/mayo-1.js +390 -0
package/src/algorithms/sig/mayo/mayo-2.js +390 -0
package/src/algorithms/sig/mayo/mayo-3.js +390 -0
package/src/algorithms/sig/mayo/mayo-5.js +390 -0
package/src/algorithms/sig/ml-dsa/ml-dsa-44.js +338 -0
package/src/algorithms/sig/ml-dsa/ml-dsa-65.js +338 -0
package/src/algorithms/sig/ml-dsa/ml-dsa-87.js +338 -0
package/src/algorithms/sig/slh-dsa/slh-dsa-sha2-128f.js +367 -0
package/src/algorithms/sig/slh-dsa/slh-dsa-sha2-128s.js +367 -0
package/src/algorithms/sig/slh-dsa/slh-dsa-sha2-192f.js +367 -0
package/src/algorithms/sig/slh-dsa/slh-dsa-sha2-192s.js +367 -0
package/src/algorithms/sig/slh-dsa/slh-dsa-sha2-256f.js +367 -0
package/src/algorithms/sig/slh-dsa/slh-dsa-sha2-256s.js +367 -0
package/src/algorithms/sig/slh-dsa/slh-dsa-shake-128f.js +367 -0
package/src/algorithms/sig/slh-dsa/slh-dsa-shake-128s.js +367 -0
package/src/algorithms/sig/slh-dsa/slh-dsa-shake-192f.js +367 -0
package/src/algorithms/sig/slh-dsa/slh-dsa-shake-192s.js +367 -0
package/src/algorithms/sig/slh-dsa/slh-dsa-shake-256f.js +367 -0
package/src/algorithms/sig/slh-dsa/slh-dsa-shake-256s.js +367 -0
package/src/algorithms/sig/snova/snova-24-5-4-esk.js +391 -0
package/src/algorithms/sig/snova/snova-24-5-4-shake-esk.js +391 -0
package/src/algorithms/sig/snova/snova-24-5-4-shake.js +391 -0
package/src/algorithms/sig/snova/snova-24-5-4.js +391 -0
package/src/algorithms/sig/snova/snova-24-5-5.js +391 -0
package/src/algorithms/sig/snova/snova-25-8-3.js +391 -0
package/src/algorithms/sig/snova/snova-29-6-5.js +391 -0
package/src/algorithms/sig/snova/snova-37-17-2.js +391 -0
package/src/algorithms/sig/snova/snova-37-8-4.js +391 -0
package/src/algorithms/sig/snova/snova-49-11-3.js +391 -0
package/src/algorithms/sig/snova/snova-56-25-2.js +391 -0
package/src/algorithms/sig/snova/snova-60-10-4.js +391 -0
package/src/algorithms/sig/uov/ov-iii-pkc-skc.js +390 -0
package/src/algorithms/sig/uov/ov-iii-pkc.js +390 -0
package/src/algorithms/sig/uov/ov-iii.js +390 -0
package/src/algorithms/sig/uov/ov-ip-pkc-skc.js +390 -0
package/src/algorithms/sig/uov/ov-ip-pkc.js +390 -0
package/src/algorithms/sig/uov/ov-ip.js +390 -0
package/src/algorithms/sig/uov/ov-is-pkc-skc.js +390 -0
package/src/algorithms/sig/uov/ov-is-pkc.js +390 -0
package/src/algorithms/sig/uov/ov-is.js +390 -0
package/src/algorithms/sig/uov/ov-v-pkc-skc.js +390 -0
package/src/algorithms/sig/uov/ov-v-pkc.js +390 -0
package/src/algorithms/sig/uov/ov-v.js +390 -0
package/src/cli/algorithms.js +254 -0
package/src/cli/commands/info.js +35 -0
package/src/cli/commands/kem.js +91 -0
package/src/cli/commands/list.js +30 -0
package/src/cli/commands/sig.js +98 -0
package/src/cli/index.js +86 -0
package/src/cli/io.js +147 -0
package/src/cli/parser.js +64 -0
package/src/core/errors.js +75 -0
package/src/core/validation.js +28 -0
package/src/index.js +164 -0
package/src/kem.js +60 -0
package/src/sig.js +87 -0
package/src/types/algorithms.d.ts +1543 -0
package/src/types/errors.d.ts +60 -0
package/src/types/index.d.ts +9 -0

package/src/algorithms/sig/ml-dsa/ml-dsa-87.js ADDED Viewed

@@ -0,0 +1,338 @@
+/**
+ * @fileoverview ML-DSA-87 signature algorithm implementation
+ * @module algorithms/sig/ml-dsa/ml-dsa-87
+ * @description
+ * ML-DSA-87 is a lattice-based digital signature algorithm providing NIST security level 5.
+ * It is part of the NIST FIPS 204 standard (Module-Lattice-Based Digital Signature Algorithm).
+ *
+ * Key features:
+ * - Lattice-based cryptography (Module-LWE and Module-SIS problems)
+ * - Security Level 5 (256-bit classical, quantum-resistant)
+ * - NIST FIPS 204 standardized
+ * - Strong existential unforgeability under chosen message attack (SUF-CMA)
+ * - Deterministic signing with optional hedged mode
+ *
+ * @see {@link https://csrc.nist.gov/pubs/fips/204/final} - NIST FIPS 204 specification
+ */
+import { LibOQSError, LibOQSInitError, LibOQSOperationError, LibOQSValidationError } from '../../../core/errors.js';
+import { isUint8Array } from '../../../core/validation.js';
+// Dynamic module loading for cross-runtime compatibility
+async function loadModule() {
+  const isDeno = typeof Deno !== 'undefined';
+  const modulePath = isDeno
+    ? `../../../../dist/ml-dsa-87.deno.js`
+    : `../../../../dist/ml-dsa-87.min.js`;
+  const module = await import(modulePath);
+  return module.default;
+}
+/**
+ * ML-DSA-87-INFO algorithm constants and metadata
+ * @type {{readonly name: 'ML-DSA-87', readonly identifier: 'ML-DSA-87', readonly type: 'sig', readonly securityLevel: 5, readonly standardized: true, readonly description: string, readonly keySize: {readonly publicKey: 2592, readonly secretKey: 4896, readonly signature: 4627}}}
+ */
+export const ML_DSA_87_INFO = {
+  name: 'ML-DSA-87',
+  identifier: 'ML-DSA-87',
+  type: 'sig',
+  securityLevel: 5,
+  standardized: true,
+  description: 'NIST FIPS 204 ML-DSA-87 lattice-based signature (NIST Level 5, 256-bit quantum security)',
+  keySize: {
+    publicKey: 2592,
+    secretKey: 4896,
+    signature: 4627
+  }
+};
+/**
+ * Load and initialize ML-DSA-87 module
+ * @returns {Promise<MLDSA87>} Initialized ML-DSA-87 instance
+ * @throws {LibOQSInitError} If initialization fails
+ * @example
+ * import { createMLDSA87 } from '@oqs/liboqs-js';
+ * const sig = await createMLDSA87();
+ */
+export async function createMLDSA87() {
+  const moduleFactory = await loadModule();
+  const wasmModule = await moduleFactory();
+  wasmModule._OQS_init();
+  const algoName = ML_DSA_87_INFO.identifier;
+  const nameLen = wasmModule.lengthBytesUTF8(algoName);
+  const namePtr = wasmModule._malloc(nameLen + 1);
+  wasmModule.stringToUTF8(algoName, namePtr, nameLen + 1);
+  const sigPtr = wasmModule._OQS_SIG_new(namePtr);
+  wasmModule._free(namePtr);
+  if (!sigPtr) {
+    throw new LibOQSInitError('ML-DSA-87', 'Failed to create SIG instance');
+  }
+  return new MLDSA87(wasmModule, sigPtr);
+}
+/**
+ * ML-DSA-87 digital signature wrapper class
+ *
+ * Provides high-level interface for ML-DSA-87 digital signature operations.
+ * Automatically manages WASM memory and validates inputs.
+ *
+ * @class MLDSA87
+ * @example
+ * const sig = await createMLDSA87();
+ * const { publicKey, secretKey } = sig.generateKeyPair();
+ *
+ * const message = new TextEncoder().encode('Hello, quantum world!');
+ * const signature = sig.sign(message, secretKey);
+ *
+ * const isValid = sig.verify(message, signature, publicKey);
+ * console.log('Valid:', isValid); // true
+ *
+ * sig.destroy();
+ */
+export class MLDSA87 {
+  #wasmModule;
+  #sigPtr;
+  #destroyed = false;
+  /**
+   * @param {Object} wasmModule - Emscripten WASM module
+   * @param {number} sigPtr - Pointer to OQS_SIG structure
+   * @private
+   */
+  constructor(wasmModule, sigPtr) {
+    this.#wasmModule = wasmModule;
+    this.#sigPtr = sigPtr;
+  }
+  /**
+   * Generate a new ML-DSA-87 keypair
+   *
+   * Creates a new public/private keypair for digital signatures.
+   * The secret key must be kept confidential.
+   *
+   * @returns {{publicKey: Uint8Array, secretKey: Uint8Array}}
+   * @throws {LibOQSOperationError} If key generation fails
+   * @example
+   * const { publicKey, secretKey } = sig.generateKeyPair();
+   */
+  generateKeyPair() {
+    this.#checkDestroyed();
+    const publicKey = new Uint8Array(ML_DSA_87_INFO.keySize.publicKey);
+    const secretKey = new Uint8Array(ML_DSA_87_INFO.keySize.secretKey);
+    const pkPtr = this.#wasmModule._malloc(publicKey.length);
+    const skPtr = this.#wasmModule._malloc(secretKey.length);
+    try {
+      const result = this.#wasmModule._OQS_SIG_keypair(this.#sigPtr, pkPtr, skPtr);
+      if (result !== 0) {
+        throw new LibOQSOperationError('generateKeyPair', 'ML-DSA-87', 'Key generation failed');
+      }
+      publicKey.set(this.#wasmModule.HEAPU8.subarray(pkPtr, pkPtr + publicKey.length));
+      secretKey.set(this.#wasmModule.HEAPU8.subarray(skPtr, skPtr + secretKey.length));
+      return { publicKey, secretKey };
+    } finally {
+      this.#wasmModule._free(pkPtr);
+      this.#wasmModule._free(skPtr);
+    }
+  }
+  /**
+   * Sign a message using the secret key
+   *
+   * Generates a digital signature for the provided message.
+   * The signature can be verified using the corresponding public key.
+   *
+   * @param {Uint8Array} message - Message to sign (arbitrary length)
+   * @param {Uint8Array} secretKey - Secret key for signing (4896 bytes)
+   * @returns {Uint8Array} Digital signature (up to 4627 bytes)
+   * @throws {LibOQSValidationError} If inputs are invalid
+   * @throws {LibOQSOperationError} If signing fails
+   * @example
+   * const message = new TextEncoder().encode('Hello!');
+   * const signature = sig.sign(message, secretKey);
+   */
+  sign(message, secretKey) {
+    this.#checkDestroyed();
+    this.#validateMessage(message);
+    this.#validateSecretKey(secretKey);
+    const signature = new Uint8Array(ML_DSA_87_INFO.keySize.signature);
+    const sigPtr = this.#wasmModule._malloc(signature.length);
+    const sigLenPtr = this.#wasmModule._malloc(8); // size_t
+    const msgPtr = this.#wasmModule._malloc(message.length);
+    const skPtr = this.#wasmModule._malloc(secretKey.length);
+    try {
+      this.#wasmModule.HEAPU8.set(message, msgPtr);
+      this.#wasmModule.HEAPU8.set(secretKey, skPtr);
+      this.#wasmModule.setValue(sigLenPtr, signature.length, 'i64');
+      const result = this.#wasmModule._OQS_SIG_sign(
+        this.#sigPtr,
+        sigPtr,
+        sigLenPtr,
+        msgPtr,
+        message.length,
+        skPtr
+      );
+      if (result !== 0) {
+        throw new LibOQSOperationError('sign', 'ML-DSA-87', 'Signing failed');
+      }
+      const actualSigLen = this.#wasmModule.getValue(sigLenPtr, 'i32');
+      const actualSignature = new Uint8Array(actualSigLen);
+      actualSignature.set(this.#wasmModule.HEAPU8.subarray(sigPtr, sigPtr + actualSigLen));
+      return actualSignature;
+    } finally {
+      this.#wasmModule._free(sigPtr);
+      this.#wasmModule._free(sigLenPtr);
+      this.#wasmModule._free(msgPtr);
+      this.#wasmModule._free(skPtr);
+    }
+  }
+  /**
+   * Verify a signature against a message using the public key
+   *
+   * Verifies that the signature is valid for the given message and public key.
+   *
+   * @param {Uint8Array} message - Original message that was signed
+   * @param {Uint8Array} signature - Signature to verify
+   * @param {Uint8Array} publicKey - Public key for verification (2592 bytes)
+   * @returns {boolean} True if signature is valid, false otherwise
+   * @throws {LibOQSValidationError} If inputs are invalid
+   * @example
+   * const isValid = sig.verify(message, signature, publicKey);
+   * if (isValid) {
+   *   console.log('Signature is valid!');
+   * }
+   */
+  verify(message, signature, publicKey) {
+    this.#checkDestroyed();
+    this.#validateMessage(message);
+    this.#validateSignature(signature);
+    this.#validatePublicKey(publicKey);
+    const msgPtr = this.#wasmModule._malloc(message.length);
+    const sigPtr = this.#wasmModule._malloc(signature.length);
+    const pkPtr = this.#wasmModule._malloc(publicKey.length);
+    try {
+      this.#wasmModule.HEAPU8.set(message, msgPtr);
+      this.#wasmModule.HEAPU8.set(signature, sigPtr);
+      this.#wasmModule.HEAPU8.set(publicKey, pkPtr);
+      const result = this.#wasmModule._OQS_SIG_verify(
+        this.#sigPtr,
+        msgPtr,
+        message.length,
+        sigPtr,
+        signature.length,
+        pkPtr
+      );
+      return result === 0;
+    } finally {
+      this.#wasmModule._free(msgPtr);
+      this.#wasmModule._free(sigPtr);
+      this.#wasmModule._free(pkPtr);
+    }
+  }
+  /**
+   * Clean up WASM resources
+   *
+   * Frees the native signature structure. The instance cannot be used after calling destroy().
+   *
+   * @example
+   * sig.destroy();
+   */
+  destroy() {
+    if (!this.#destroyed) {
+      if (this.#sigPtr) {
+        this.#wasmModule._OQS_SIG_free(this.#sigPtr);
+        this.#sigPtr = null;
+      }
+      this.#destroyed = true;
+    }
+  }
+  /**
+   * Enables automatic cleanup via `using` declarations
+   * @example
+   * using instance = await create...();
+   * // automatically cleaned up at end of scope
+   */
+  [Symbol.dispose]() {
+    this.destroy();
+  }
+  /**
+   * Get algorithm information
+   * @returns {typeof ML_DSA_87_INFO} Algorithm metadata
+   */
+  get info() {
+    return ML_DSA_87_INFO;
+  }
+  #checkDestroyed() {
+    if (this.#destroyed) {
+      throw new LibOQSError('Instance has been destroyed', 'ML-DSA-87');
+    }
+  }
+  #validateMessage(message) {
+    if (!ArrayBuffer.isView(message) || message.constructor.name !== 'Uint8Array') {
+      throw new LibOQSValidationError(
+        'Message must be Uint8Array',
+        'ML-DSA-87'
+      );
+    }
+  }
+  #validatePublicKey(publicKey) {
+    if (!isUint8Array(publicKey) || publicKey.length !== ML_DSA_87_INFO.keySize.publicKey) {
+      throw new LibOQSValidationError(
+        `Invalid public key: expected ${ML_DSA_87_INFO.keySize.publicKey} bytes, got ${publicKey?.length ?? 'null'}`,
+        'ML-DSA-87'
+      );
+    }
+  }
+  #validateSecretKey(secretKey) {
+    if (!isUint8Array(secretKey) || secretKey.length !== ML_DSA_87_INFO.keySize.secretKey) {
+      throw new LibOQSValidationError(
+        `Invalid secret key: expected ${ML_DSA_87_INFO.keySize.secretKey} bytes, got ${secretKey?.length ?? 'null'}`,
+        'ML-DSA-87'
+      );
+    }
+  }
+  #validateSignature(signature) {
+    if (!isUint8Array(signature)) {
+      throw new LibOQSValidationError(
+        'Signature must be Uint8Array',
+        'ML-DSA-87'
+      );
+    }
+    if (signature.length === 0 || signature.length > ML_DSA_87_INFO.keySize.signature) {
+      throw new LibOQSValidationError(
+        `Invalid signature length: expected up to ${ML_DSA_87_INFO.keySize.signature} bytes, got ${signature.length}`,
+        'ML-DSA-87'
+      );
+    }
+  }
+}

package/src/algorithms/sig/slh-dsa/slh-dsa-sha2-128f.js ADDED Viewed

@@ -0,0 +1,367 @@
+/**
+ * @fileoverview SLH-DSA-SHA2-128f signature algorithm implementation
+ * @module algorithms/sig/slh-dsa/slh-dsa-sha2-128f
+ * @description
+ * SLH-DSA-SHA2-128f is a stateless hash-based signature scheme providing NIST security level 1.
+ * This variant uses SHA2 for hashing and is optimized for speed (fast mode).
+ *
+ * Key features:
+ * - Stateless hash-based signatures
+ * - Security Level 1 (128-bit classical, quantum-resistant)
+ * - SHA2 hash function
+ * - Fast signing/verification
+ * - FIPS 205 standardized
+ *
+ * @see {@link https://csrc.nist.gov/pubs/fips/205/final} - FIPS 205: SLH-DSA specification
+ */
+import { LibOQSError, LibOQSInitError, LibOQSOperationError, LibOQSValidationError } from '../../../core/errors.js';
+import { isUint8Array } from '../../../core/validation.js';
+// Dynamic module loading for cross-runtime compatibility
+async function loadModule() {
+  const isDeno = typeof Deno !== 'undefined';
+  const modulePath = isDeno
+    ? `../../../../dist/slh-dsa-sha2-128f.deno.js`
+    : `../../../../dist/slh-dsa-sha2-128f.min.js`;
+  const module = await import(modulePath);
+  return module.default;
+}
+/**
+ * SLH-DSA-SHA2-128F-INFO algorithm constants and metadata
+ * @type {{readonly name: 'SLH-DSA-SHA2-128f', readonly identifier: 'SLH_DSA_PURE_SHA2_128F', readonly type: 'sig', readonly securityLevel: 1, readonly standardized: true, readonly description: string, readonly keySize: {readonly publicKey: 32, readonly secretKey: 64, readonly signature: 17088}}}
+ */
+export const SLH_DSA_SHA2_128F_INFO = {
+  name: 'SLH-DSA-SHA2-128f',
+  identifier: 'SLH_DSA_PURE_SHA2_128F',
+  type: 'sig',
+  securityLevel: 1,
+  standardized: true,
+  description: 'SLH-DSA-SHA2-128f hash-based signature (NIST Level 1, 128-bit quantum security, SHA2, fast, FIPS 205)',
+  keySize: {
+    publicKey: 32,
+    secretKey: 64,
+    signature: 17088
+  }
+};
+/**
+ * Factory function to create a SLH-DSA-SHA2-128f signature instance
+ *
+ * @async
+ * @function createSlhDsaSha2128f
+ * @returns {Promise<SlhDsaSha2128f>} Initialized SLH-DSA-SHA2-128f instance
+ * @throws {LibOQSInitError} If module initialization fails
+ *
+ * @example
+ * import { createSlhDsaSha2128f } from '@oqs/liboqs-js';
+ *
+ * const sig = await createSlhDsaSha2128f();
+ * const { publicKey, secretKey } = sig.generateKeyPair();
+ * sig.destroy();
+ */
+export async function createSlhDsaSha2128f() {
+  const moduleFactory = await loadModule();
+  const wasmModule = await moduleFactory();
+  wasmModule._OQS_init();
+  const algoName = SLH_DSA_SHA2_128F_INFO.identifier;
+  const nameLen = wasmModule.lengthBytesUTF8(algoName);
+  const namePtr = wasmModule._malloc(nameLen + 1);
+  wasmModule.stringToUTF8(algoName, namePtr, nameLen + 1);
+  const sigPtr = wasmModule._OQS_SIG_new(namePtr);
+  wasmModule._free(namePtr);
+  if (!sigPtr) {
+    throw new LibOQSInitError('SLH-DSA-SHA2-128f', 'Failed to create SIG instance');
+  }
+  return new SlhDsaSha2128f(wasmModule, sigPtr);
+}
+/**
+ * SLH-DSA-SHA2-128f signature scheme wrapper class
+ *
+ * @class SlhDsaSha2128f
+ * @description
+ * High-level wrapper for SLH-DSA-SHA2-128f signature operations. Provides secure key generation,
+ * signing, and verification with automatic memory management.
+ *
+ * Memory Management:
+ * - All WASM memory is managed internally
+ * - Call destroy() when finished to free resources
+ * - Do not use instance after calling destroy()
+ *
+ * @example
+ * const sig = await createSlhDsaSha2128f();
+ *
+ * // Generate keypair
+ * const { publicKey, secretKey } = sig.generateKeyPair();
+ *
+ * // Sign message
+ * const message = new TextEncoder().encode('Hello, world!');
+ * const signature = sig.sign(message, secretKey);
+ *
+ * // Verify signature
+ * const isValid = sig.verify(message, signature, publicKey);
+ *
+ * // Cleanup
+ * sig.destroy();
+ */
+export class SlhDsaSha2128f {
+  /** @type {Object} @private */ #wasmModule;
+  /** @type {number} @private */ #sigPtr;
+  /** @type {boolean} @private */ #destroyed = false;
+  /**
+   * @private
+   * @constructor
+   * @param {Object} wasmModule - Emscripten WASM module
+   * @param {number} sigPtr - Pointer to OQS_SIG structure
+   */
+  constructor(wasmModule, sigPtr) {
+    this.#wasmModule = wasmModule;
+    this.#sigPtr = sigPtr;
+  }
+  /**
+   * Generate a new SLH-DSA-SHA2-128f keypair
+   *
+   * @async
+   * @returns {{publicKey: Uint8Array, secretKey: Uint8Array}}
+   * @throws {LibOQSError} If instance is destroyed
+   * @throws {LibOQSOperationError} If key generation fails
+   *
+   * @example
+   * const { publicKey, secretKey } = sig.generateKeyPair();
+   * console.log('Public key:', publicKey.length);  // 32 bytes
+   * console.log('Secret key:', secretKey.length);  // 64 bytes
+   */
+  generateKeyPair() {
+    this.#checkDestroyed();
+    const publicKey = new Uint8Array(SLH_DSA_SHA2_128F_INFO.keySize.publicKey);
+    const secretKey = new Uint8Array(SLH_DSA_SHA2_128F_INFO.keySize.secretKey);
+    const publicKeyPtr = this.#wasmModule._malloc(publicKey.length);
+    const secretKeyPtr = this.#wasmModule._malloc(secretKey.length);
+    try {
+      const result = this.#wasmModule._OQS_SIG_keypair(this.#sigPtr, publicKeyPtr, secretKeyPtr);
+      if (result !== 0) {
+        throw new LibOQSOperationError('generateKeyPair', 'SLH-DSA-SHA2-128f', 'Key generation failed');
+      }
+      publicKey.set(this.#wasmModule.HEAPU8.subarray(publicKeyPtr, publicKeyPtr + publicKey.length));
+      secretKey.set(this.#wasmModule.HEAPU8.subarray(secretKeyPtr, secretKeyPtr + secretKey.length));
+      return { publicKey, secretKey };
+    } finally {
+      this.#wasmModule._free(publicKeyPtr);
+      this.#wasmModule._free(secretKeyPtr);
+    }
+  }
+  /**
+   * Sign a message using a secret key
+   *
+   * @async
+   * @param {Uint8Array} message - Message to sign (any length)
+   * @param {Uint8Array} secretKey - Secret key (64 bytes)
+   * @returns {Uint8Array} Signature (17088 bytes)
+   * @throws {LibOQSError} If instance is destroyed
+   * @throws {LibOQSValidationError} If secret key size is invalid
+   * @throws {LibOQSOperationError} If signing fails
+   *
+   * @example
+   * const message = new TextEncoder().encode('Hello, world!');
+   * const signature = sig.sign(message, secretKey);
+   * console.log('Signature:', signature.length);  // 17088 bytes
+   */
+  sign(message, secretKey) {
+    this.#checkDestroyed();
+    this.#validateSecretKey(secretKey);
+    const signatureMaxLen = SLH_DSA_SHA2_128F_INFO.keySize.signature;
+    const signature = new Uint8Array(signatureMaxLen);
+    const messagePtr = this.#wasmModule._malloc(message.length);
+    const secretKeyPtr = this.#wasmModule._malloc(secretKey.length);
+    const signaturePtr = this.#wasmModule._malloc(signatureMaxLen);
+    const signatureLenPtr = this.#wasmModule._malloc(8);
+    try {
+      this.#wasmModule.HEAPU8.set(message, messagePtr);
+      this.#wasmModule.HEAPU8.set(secretKey, secretKeyPtr);
+      const result = this.#wasmModule._OQS_SIG_sign(
+        this.#sigPtr,
+        signaturePtr,
+        signatureLenPtr,
+        messagePtr,
+        message.length,
+        secretKeyPtr
+      );
+      if (result !== 0) {
+        throw new LibOQSOperationError('sign', 'SLH-DSA-SHA2-128f', 'Signing failed');
+      }
+      const actualSignatureLen = this.#wasmModule.getValue(signatureLenPtr, 'i32');
+      signature.set(this.#wasmModule.HEAPU8.subarray(signaturePtr, signaturePtr + actualSignatureLen));
+      return signature.slice(0, actualSignatureLen);
+    } finally {
+      this.#wasmModule._free(messagePtr);
+      this.#wasmModule._free(secretKeyPtr);
+      this.#wasmModule._free(signaturePtr);
+      this.#wasmModule._free(signatureLenPtr);
+    }
+  }
+  /**
+   * Verify a signature using a public key
+   *
+   * @async
+   * @param {Uint8Array} message - Original message (any length)
+   * @param {Uint8Array} signature - Signature to verify
+   * @param {Uint8Array} publicKey - Public key (32 bytes)
+   * @returns {boolean} True if signature is valid, false otherwise
+   * @throws {LibOQSError} If instance is destroyed
+   * @throws {LibOQSValidationError} If public key or signature size is invalid
+   *
+   * @example
+   * const isValid = sig.verify(message, signature, publicKey);
+   * console.log('Signature valid:', isValid);
+   */
+  verify(message, signature, publicKey) {
+    this.#checkDestroyed();
+    this.#validatePublicKey(publicKey);
+    this.#validateSignature(signature);
+    const messagePtr = this.#wasmModule._malloc(message.length);
+    const signaturePtr = this.#wasmModule._malloc(signature.length);
+    const publicKeyPtr = this.#wasmModule._malloc(publicKey.length);
+    try {
+      this.#wasmModule.HEAPU8.set(message, messagePtr);
+      this.#wasmModule.HEAPU8.set(signature, signaturePtr);
+      this.#wasmModule.HEAPU8.set(publicKey, publicKeyPtr);
+      const result = this.#wasmModule._OQS_SIG_verify(
+        this.#sigPtr,
+        messagePtr,
+        message.length,
+        signaturePtr,
+        signature.length,
+        publicKeyPtr
+      );
+      return result === 0;
+    } finally {
+      this.#wasmModule._free(messagePtr);
+      this.#wasmModule._free(signaturePtr);
+      this.#wasmModule._free(publicKeyPtr);
+    }
+  }
+  /**
+   * Free WASM resources
+   *
+   * @description
+   * Releases all WASM memory associated with this instance.
+   * The instance cannot be used after calling destroy().
+   *
+   * @example
+   * sig.destroy();
+   * // sig is now unusable
+   */
+  destroy() {
+    if (!this.#destroyed && this.#sigPtr) {
+      this.#wasmModule._OQS_SIG_free(this.#sigPtr);
+      this.#sigPtr = null;
+      this.#destroyed = true;
+    }
+  }
+  /**
+   * Enables automatic cleanup via `using` declarations
+   * @example
+   * using instance = await create...();
+   * // automatically cleaned up at end of scope
+   */
+  [Symbol.dispose]() {
+    this.destroy();
+  }
+  /**
+   * Get algorithm information
+   *
+   * @readonly
+   * @returns {typeof SLH_DSA_SHA2_128F_INFO} Algorithm metadata
+   *
+   * @example
+   * console.log(sig.info.name);           // 'SLH-DSA-SHA2-128f'
+   * console.log(sig.info.securityLevel);  // 1
+   * console.log(sig.info.keySize);        // { publicKey: 32, secretKey: 64, signature: 17088 }
+   */
+  get info() {
+    return SLH_DSA_SHA2_128F_INFO;
+  }
+  /**
+   * @private
+   * @throws {LibOQSError} If instance is destroyed
+   */
+  #checkDestroyed() {
+    if (this.#destroyed) {
+      throw new LibOQSError('Instance has been destroyed', 'SLH-DSA-SHA2-128f');
+    }
+  }
+  /**
+   * @private
+   * @param {Uint8Array} publicKey
+   * @throws {LibOQSValidationError} If public key size is invalid
+   */
+  #validatePublicKey(publicKey) {
+    if (!isUint8Array(publicKey) || publicKey.length !== SLH_DSA_SHA2_128F_INFO.keySize.publicKey) {
+      throw new LibOQSValidationError(
+        `Invalid public key: expected ${SLH_DSA_SHA2_128F_INFO.keySize.publicKey} bytes, got ${publicKey?.length ?? 'null'}`,
+        'SLH-DSA-SHA2-128f'
+      );
+    }
+  }
+  /**
+   * @private
+   * @param {Uint8Array} secretKey
+   * @throws {LibOQSValidationError} If secret key size is invalid
+   */
+  #validateSecretKey(secretKey) {
+    if (!isUint8Array(secretKey) || secretKey.length !== SLH_DSA_SHA2_128F_INFO.keySize.secretKey) {
+      throw new LibOQSValidationError(
+        `Invalid secret key: expected ${SLH_DSA_SHA2_128F_INFO.keySize.secretKey} bytes, got ${secretKey?.length ?? 'null'}`,
+        'SLH-DSA-SHA2-128f'
+      );
+    }
+  }
+  /**
+   * @private
+   * @param {Uint8Array} signature
+   * @throws {LibOQSValidationError} If signature size is invalid
+   */
+  #validateSignature(signature) {
+    if (!isUint8Array(signature) || signature.length === 0 || signature.length > SLH_DSA_SHA2_128F_INFO.keySize.signature) {
+      throw new LibOQSValidationError(
+        `Invalid signature: expected 0 < length <= ${SLH_DSA_SHA2_128F_INFO.keySize.signature} bytes, got ${signature?.length ?? 'null'}`,
+        'SLH-DSA-SHA2-128f'
+      );
+    }
+  }
+}