leviathan-crypto 1.0.0

package/dist/serpent/stream.js

@@ -0,0 +1,205 @@
+//                  ▄▄▄▄▄▄▄▄▄▄
+//           ▄████████████████████▄▄          ▒  ▄▀▀ ▒ ▒ █ ▄▀▄ ▀█▀ █ ▒ ▄▀▄ █▀▄
+//        ▄██████████████████████ ▀████▄      ▓  ▓▀  ▓ ▓ ▓ ▓▄▓  ▓  ▓▀▓ ▓▄▓ ▓ ▓
+//      ▄█████████▀▀▀     ▀███████▄▄███████▌  ▀▄ ▀▄▄ ▀▄▀ ▒ ▒ ▒  ▒  ▒ █ ▒ ▒ ▒ █
+//     ▐████████▀   ▄▄▄▄     ▀████████▀██▀█▌
+//     ████████      ███▀▀     ████▀  █▀ █▀       Leviathan Crypto Library
+//     ███████▌    ▀██▀         ███
+//      ███████   ▀███           ▀██ ▀█▄      Repository & Mirror:
+//       ▀██████   ▄▄██            ▀▀  ██▄    github.com/xero/leviathan-crypto
+//         ▀█████▄   ▄██▄             ▄▀▄▀    unpkg.com/leviathan-crypto
+//            ▀████▄   ▄██▄
+//              ▐████   ▐███                  Author: xero (https://x-e.ro)
+//       ▄▄██████████    ▐███         ▄▄      License: MIT
+//    ▄██▀▀▀▀▀▀▀▀▀▀     ▄████      ▄██▀
+//  ▄▀  ▄▄█████████▄▄  ▀▀▀▀▀     ▄███         This file is provided completely
+//   ▄██████▀▀▀▀▀▀██████▄ ▀▄▄▄▄████▀          free, "as is", and without
+//  ████▀    ▄▄▄▄▄▄▄ ▀████▄ ▀█████▀  ▄▄▄▄     warranty of any kind. The author
+//  █████▄▄█████▀▀▀▀▀▀▄ ▀███▄      ▄████      assumes absolutely no liability
+//   ▀██████▀             ▀████▄▄▄████▀       for its {ab,mis,}use.
+//                           ▀█████▀▀
+//
+// src/ts/serpent/stream.ts
+//
+// SerpentStream — chunked authenticated encryption for large payloads.
+// Tier 2 pure-TS composition: SerpentCtr + HMAC_SHA256 + HKDF_SHA256.
+import { SerpentCtr, _serpentReady } from './index.js';
+import { HMAC_SHA256, HKDF_SHA256, _sha2Ready } from '../sha2/index.js';
+import { constantTimeEqual } from '../utils.js';
+// ── Constants ─────────────────────────────────────────────────────────────────
+const DOMAIN = 'serpent-stream-v1'; // UTF-8, 17 bytes
+const ZERO_IV = new Uint8Array(16); // fixed zero IV for CTR
+const CHUNK_MIN = 1024; // 1 KB
+const CHUNK_MAX = 65536; // 64 KB
+const CHUNK_DEF = 65536; // default
+// ── Internal helpers ──────────────────────────────────────────────────────────
+export function u32be(n) {
+    const b = new Uint8Array(4);
+    b[0] = (n >>> 24) & 0xff;
+    b[1] = (n >>> 16) & 0xff;
+    b[2] = (n >>> 8) & 0xff;
+    b[3] = n & 0xff;
+    return b;
+}
+export function u64be(n) {
+    const b = new Uint8Array(8);
+    // high 32 bits (safe for n < 2^53)
+    const hi = Math.floor(n / 0x100000000);
+    const lo = n >>> 0;
+    b[0] = (hi >>> 24) & 0xff;
+    b[1] = (hi >>> 16) & 0xff;
+    b[2] = (hi >>> 8) & 0xff;
+    b[3] = hi & 0xff;
+    b[4] = (lo >>> 24) & 0xff;
+    b[5] = (lo >>> 16) & 0xff;
+    b[6] = (lo >>> 8) & 0xff;
+    b[7] = lo & 0xff;
+    return b;
+}
+const DOMAIN_BYTES = new TextEncoder().encode(DOMAIN);
+export function chunkInfo(streamNonce, chunkSize, chunkCount, index, isLast) {
+    // 17 + 16 + 4 + 8 + 8 + 1 = 54 bytes
+    const info = new Uint8Array(54);
+    let off = 0;
+    info.set(DOMAIN_BYTES, off);
+    off += 17;
+    info.set(streamNonce, off);
+    off += 16;
+    info.set(u32be(chunkSize), off);
+    off += 4;
+    info.set(u64be(chunkCount), off);
+    off += 8;
+    info.set(u64be(index), off);
+    off += 8;
+    info[off] = isLast ? 0x01 : 0x00;
+    return info;
+}
+export function deriveChunkKeys(hkdf, masterKey, streamNonce, chunkSize, chunkCount, index, isLast) {
+    const info = chunkInfo(streamNonce, chunkSize, chunkCount, index, isLast);
+    const derived = hkdf.derive(masterKey, streamNonce, info, 64);
+    return {
+        encKey: derived.subarray(0, 32),
+        macKey: derived.subarray(32, 64),
+    };
+}
+// ── Exported chunk-level ops (used by Part 2 pool worker) ─────────────────────
+/**
+ * Encrypt one chunk. Returns ciphertext || hmac_tag (32 bytes).
+ * Does not generate keys -- caller provides encKey and macKey.
+ */
+export function sealChunk(ctr, hmac, encKey, macKey, chunk) {
+    ctr.beginEncrypt(encKey, ZERO_IV);
+    const ciphertext = ctr.encryptChunk(chunk);
+    const tag = hmac.hash(macKey, ciphertext);
+    const out = new Uint8Array(ciphertext.length + 32);
+    out.set(ciphertext, 0);
+    out.set(tag, ciphertext.length);
+    return out;
+}
+/**
+ * Decrypt one chunk. Throws 'SerpentStream: authentication failed' on bad tag.
+ * Returns plaintext.
+ */
+export function openChunk(ctr, hmac, encKey, macKey, wire) {
+    if (wire.length < 32)
+        throw new RangeError('SerpentStream: chunk wire data too short');
+    const ciphertext = wire.subarray(0, wire.length - 32);
+    const tag = wire.subarray(wire.length - 32);
+    const expectedTag = hmac.hash(macKey, ciphertext);
+    if (!constantTimeEqual(tag, expectedTag))
+        throw new Error('SerpentStream: authentication failed');
+    ctr.beginEncrypt(encKey, ZERO_IV);
+    return ctr.encryptChunk(ciphertext);
+}
+// ── SerpentStream class ───────────────────────────────────────────────────────
+export class SerpentStream {
+    _ctr;
+    _hmac;
+    _hkdf;
+    constructor() {
+        if (!_serpentReady() || !_sha2Ready())
+            throw new Error('leviathan-crypto: call init([\'serpent\', \'sha2\']) before using SerpentStream');
+        this._ctr = new SerpentCtr({ dangerUnauthenticated: true });
+        this._hmac = new HMAC_SHA256();
+        this._hkdf = new HKDF_SHA256();
+    }
+    // _nonce: test seam only — inject a fixed nonce for deterministic KAT vectors
+    seal(key, plaintext, chunkSize, _nonce) {
+        if (key.length !== 32)
+            throw new RangeError(`SerpentStream key must be 32 bytes (got ${key.length})`);
+        const cs = chunkSize ?? CHUNK_DEF;
+        if (cs < CHUNK_MIN || cs > CHUNK_MAX)
+            throw new RangeError(`SerpentStream chunkSize must be ${CHUNK_MIN}..${CHUNK_MAX} (got ${cs})`);
+        const streamNonce = (_nonce && _nonce.length === 16) ? _nonce : new Uint8Array(16);
+        if (!_nonce || _nonce.length !== 16)
+            crypto.getRandomValues(streamNonce);
+        const chunkCount = plaintext.length === 0 ? 1 : Math.ceil(plaintext.length / cs);
+        // Compute total output size
+        let totalWire = 28; // header
+        for (let i = 0; i < chunkCount; i++) {
+            const start = i * cs;
+            const end = Math.min(start + cs, plaintext.length);
+            totalWire += (end - start) + 32;
+        }
+        const out = new Uint8Array(totalWire);
+        // Write header
+        out.set(streamNonce, 0);
+        out.set(u32be(cs), 16);
+        out.set(u64be(chunkCount), 20);
+        let pos = 28;
+        for (let i = 0; i < chunkCount; i++) {
+            const start = i * cs;
+            const end = Math.min(start + cs, plaintext.length);
+            const slice = plaintext.subarray(start, end);
+            const isLast = i === chunkCount - 1;
+            const { encKey, macKey } = deriveChunkKeys(this._hkdf, key, streamNonce, cs, chunkCount, i, isLast);
+            const wire = sealChunk(this._ctr, this._hmac, encKey, macKey, slice);
+            out.set(wire, pos);
+            pos += wire.length;
+        }
+        return out;
+    }
+    open(key, ciphertext) {
+        if (key.length !== 32)
+            throw new RangeError(`SerpentStream key must be 32 bytes (got ${key.length})`);
+        if (ciphertext.length < 28 + 32)
+            throw new RangeError('SerpentStream: ciphertext too short');
+        // Parse header
+        const streamNonce = ciphertext.subarray(0, 16);
+        const csView = ciphertext.subarray(16, 20);
+        const cs = (csView[0] << 24) | (csView[1] << 16) | (csView[2] << 8) | csView[3];
+        const ccView = ciphertext.subarray(20, 28);
+        let chunkCount = 0;
+        for (let i = 0; i < 8; i++)
+            chunkCount = chunkCount * 256 + ccView[i];
+        // Compute total plaintext size
+        let totalPt = 0;
+        let pos = 28;
+        for (let i = 0; i < chunkCount; i++) {
+            const isLast = i === chunkCount - 1;
+            const wireLen = isLast ? ciphertext.length - pos : cs + 32;
+            totalPt += wireLen - 32;
+            if (!isLast)
+                pos += wireLen;
+        }
+        const plaintext = new Uint8Array(totalPt);
+        pos = 28;
+        let ptPos = 0;
+        for (let i = 0; i < chunkCount; i++) {
+            const isLast = i === chunkCount - 1;
+            const wireLen = isLast ? ciphertext.length - pos : cs + 32;
+            const wireSlice = ciphertext.subarray(pos, pos + wireLen);
+            const { encKey, macKey } = deriveChunkKeys(this._hkdf, key, streamNonce, cs, chunkCount, i, isLast);
+            const pt = openChunk(this._ctr, this._hmac, encKey, macKey, wireSlice);
+            plaintext.set(pt, ptPos);
+            ptPos += pt.length;
+            pos += wireLen;
+        }
+        return plaintext;
+    }
+    dispose() {
+        this._ctr.dispose();
+        this._hmac.dispose();
+        this._hkdf.dispose();
+    }
+}

package/dist/serpent/stream.worker.d.ts

@@ -0,0 +1,32 @@
+interface SerpentExports {
+    memory: WebAssembly.Memory;
+    getKeyOffset: () => number;
+    getNonceOffset: () => number;
+    getChunkPtOffset: () => number;
+    getChunkCtOffset: () => number;
+    getChunkSize: () => number;
+    loadKey: (n: number) => number;
+    resetCounter: () => void;
+    encryptChunk: (n: number) => number;
+    wipeBuffers: () => void;
+}
+interface Sha2Exports {
+    memory: WebAssembly.Memory;
+    getSha256InputOffset: () => number;
+    getSha256OutOffset: () => number;
+    sha256Init: () => void;
+    sha256Update: (len: number) => void;
+    sha256Final: () => void;
+    hmac256Init: (keyLen: number) => void;
+    hmac256Update: (len: number) => void;
+    hmac256Final: () => void;
+    wipeBuffers: () => void;
+}
+declare let sx: SerpentExports | undefined;
+declare let hx: Sha2Exports | undefined;
+declare const ZERO_IV: Uint8Array<ArrayBuffer>;
+declare function hmacSha256(hx: Sha2Exports, key: Uint8Array, msg: Uint8Array): Uint8Array;
+declare function ctrEncrypt(sx: SerpentExports, key: Uint8Array, chunk: Uint8Array): Uint8Array;
+declare function constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean;
+declare function workerSealChunk(encKey: Uint8Array, macKey: Uint8Array, chunk: Uint8Array): Uint8Array;
+declare function workerOpenChunk(encKey: Uint8Array, macKey: Uint8Array, wire: Uint8Array): Uint8Array;

package/dist/serpent/stream.worker.js

@@ -0,0 +1,117 @@
+"use strict";
+// / <reference lib="webworker" />
+// src/ts/serpent/stream.worker.ts
+//
+// Worker entry point for SerpentStreamPool. Runs in a Web Worker —
+// no access to the main thread's module cache. Owns its own
+// serpent.wasm and sha2.wasm instances with isolated linear memory.
+// Implements sealChunk/openChunk inline using raw WASM exports.
+let sx;
+let hx;
+const ZERO_IV = new Uint8Array(16);
+// ── Inline chunk ops ──────────────────────────────────────────────────────────
+function hmacSha256(hx, key, msg) {
+    // RFC 2104 §3: keys longer than block size (64 bytes) are pre-hashed.
+    // mac_key is always 32 bytes in normal usage (half of HKDF 64-byte output),
+    // but this guard must match the main-thread HMAC_SHA256.hash() behaviour
+    // exactly — any divergence would cause authentication failures if key sizes
+    // ever change.
+    let k = key;
+    if (k.length > 64) {
+        hx.sha256Init();
+        let pos = 0;
+        while (pos < k.length) {
+            const n = Math.min(k.length - pos, 64);
+            new Uint8Array(hx.memory.buffer).set(k.subarray(pos, pos + n), hx.getSha256InputOffset());
+            hx.sha256Update(n);
+            pos += n;
+        }
+        hx.sha256Final();
+        const out = new Uint8Array(hx.memory.buffer);
+        k = out.slice(hx.getSha256OutOffset(), hx.getSha256OutOffset() + 32);
+    }
+    const mem = new Uint8Array(hx.memory.buffer);
+    const inputOff = hx.getSha256InputOffset();
+    mem.set(k, inputOff);
+    hx.hmac256Init(k.length);
+    let pos = 0;
+    while (pos < msg.length) {
+        const n = Math.min(msg.length - pos, 64);
+        new Uint8Array(hx.memory.buffer).set(msg.subarray(pos, pos + n), inputOff);
+        hx.hmac256Update(n);
+        pos += n;
+    }
+    hx.hmac256Final();
+    const out = new Uint8Array(hx.memory.buffer);
+    return out.slice(hx.getSha256OutOffset(), hx.getSha256OutOffset() + 32);
+}
+function ctrEncrypt(sx, key, chunk) {
+    const mem = new Uint8Array(sx.memory.buffer);
+    mem.set(key, sx.getKeyOffset());
+    mem.set(ZERO_IV, sx.getNonceOffset());
+    sx.loadKey(key.length);
+    sx.resetCounter();
+    new Uint8Array(sx.memory.buffer).set(chunk, sx.getChunkPtOffset());
+    sx.encryptChunk(chunk.length);
+    const out = new Uint8Array(sx.memory.buffer);
+    return out.slice(sx.getChunkCtOffset(), sx.getChunkCtOffset() + chunk.length);
+}
+function constantTimeEqual(a, b) {
+    if (a.length !== b.length)
+        return false;
+    let diff = 0;
+    for (let i = 0; i < a.length; i++)
+        diff |= a[i] ^ b[i];
+    return diff === 0;
+}
+function workerSealChunk(encKey, macKey, chunk) {
+    const ciphertext = ctrEncrypt(sx, encKey, chunk);
+    const tag = hmacSha256(hx, macKey, ciphertext);
+    const out = new Uint8Array(ciphertext.length + 32);
+    out.set(ciphertext, 0);
+    out.set(tag, ciphertext.length);
+    return out;
+}
+function workerOpenChunk(encKey, macKey, wire) {
+    if (wire.length < 32)
+        throw new RangeError('SerpentStream: chunk wire data too short');
+    const ciphertext = wire.subarray(0, wire.length - 32);
+    const tag = wire.subarray(wire.length - 32);
+    const expectedTag = hmacSha256(hx, macKey, ciphertext);
+    if (!constantTimeEqual(tag, expectedTag))
+        throw new Error('SerpentStream: authentication failed');
+    return ctrEncrypt(sx, encKey, ciphertext);
+}
+// ── Message handler ───────────────────────────────────────────────────────────
+self.onmessage = async (e) => {
+    const msg = e.data;
+    if (msg.type === 'init') {
+        try {
+            const serpentMem = new WebAssembly.Memory({ initial: 3, maximum: 3 });
+            const sha2Mem = new WebAssembly.Memory({ initial: 3, maximum: 3 });
+            const serpentInst = await WebAssembly.instantiate(msg.serpentModule, { env: { memory: serpentMem } });
+            const sha2Inst = await WebAssembly.instantiate(msg.sha2Module, { env: { memory: sha2Mem } });
+            sx = serpentInst.exports;
+            hx = sha2Inst.exports;
+            self.postMessage({ type: 'ready' });
+        }
+        catch (err) {
+            self.postMessage({ type: 'error', id: -1, message: err.message });
+        }
+        return;
+    }
+    if (!sx || !hx) {
+        self.postMessage({ type: 'error', id: msg.id, message: 'worker not initialized' });
+        return;
+    }
+    try {
+        const { id, op, encKey, macKey, data } = msg;
+        const result = op === 'seal'
+            ? workerSealChunk(encKey, macKey, data)
+            : workerOpenChunk(encKey, macKey, data);
+        self.postMessage({ type: 'result', id, data: result }, [result.buffer]);
+    }
+    catch (err) {
+        self.postMessage({ type: 'error', id: msg.id, message: err.message });
+    }
+};

package/dist/serpent/types.d.ts

@@ -0,0 +1,5 @@
+/** WASM exports for the serpent module */
+export interface SerpentExports {
+    memory: WebAssembly.Memory;
+    getModuleId(): number;
+}

package/dist/serpent/types.js

@@ -0,0 +1 @@
+export {};

package/dist/sha2/hkdf.d.ts

@@ -0,0 +1,16 @@
+export declare class HKDF_SHA256 {
+    private readonly hmac;
+    constructor();
+    extract(salt: Uint8Array | null, ikm: Uint8Array): Uint8Array;
+    expand(prk: Uint8Array, info: Uint8Array, length: number): Uint8Array;
+    derive(ikm: Uint8Array, salt: Uint8Array | null, info: Uint8Array, length: number): Uint8Array;
+    dispose(): void;
+}
+export declare class HKDF_SHA512 {
+    private readonly hmac;
+    constructor();
+    extract(salt: Uint8Array | null, ikm: Uint8Array): Uint8Array;
+    expand(prk: Uint8Array, info: Uint8Array, length: number): Uint8Array;
+    derive(ikm: Uint8Array, salt: Uint8Array | null, info: Uint8Array, length: number): Uint8Array;
+    dispose(): void;
+}

package/dist/sha2/hkdf.js

@@ -0,0 +1,108 @@
+//                  ▄▄▄▄▄▄▄▄▄▄
+//           ▄████████████████████▄▄          ▒  ▄▀▀ ▒ ▒ █ ▄▀▄ ▀█▀ █ ▒ ▄▀▄ █▀▄
+//        ▄██████████████████████ ▀████▄      ▓  ▓▀  ▓ ▓ ▓ ▓▄▓  ▓  ▓▀▓ ▓▄▓ ▓ ▓
+//      ▄█████████▀▀▀     ▀███████▄▄███████▌  ▀▄ ▀▄▄ ▀▄▀ ▒ ▒ ▒  ▒  ▒ █ ▒ ▒ ▒ █
+//     ▐████████▀   ▄▄▄▄     ▀████████▀██▀█▌
+//     ████████      ███▀▀     ████▀  █▀ █▀       Leviathan Crypto Library
+//     ███████▌    ▀██▀         ███
+//      ███████   ▀███           ▀██ ▀█▄      Repository & Mirror:
+//       ▀██████   ▄▄██            ▀▀  ██▄    github.com/xero/leviathan-crypto
+//         ▀█████▄   ▄██▄             ▄▀▄▀    unpkg.com/leviathan-crypto
+//            ▀████▄   ▄██▄
+//              ▐████   ▐███                  Author: xero (https://x-e.ro)
+//       ▄▄██████████    ▐███         ▄▄      License: MIT
+//    ▄██▀▀▀▀▀▀▀▀▀▀     ▄████      ▄██▀
+//  ▄▀  ▄▄█████████▄▄  ▀▀▀▀▀     ▄███         This file is provided completely
+//   ▄██████▀▀▀▀▀▀██████▄ ▀▄▄▄▄████▀          free, "as is", and without
+//  ████▀    ▄▄▄▄▄▄▄ ▀████▄ ▀█████▀  ▄▄▄▄     warranty of any kind. The author
+//  █████▄▄█████▀▀▀▀▀▀▄ ▀███▄      ▄████      assumes absolutely no liability
+//   ▀██████▀             ▀████▄▄▄████▀       for its {ab,mis,}use.
+//                           ▀█████▀▀
+//
+// src/ts/sha2/hkdf.ts
+//
+// RFC 5869 — HKDF (HMAC-based Extract-and-Expand Key Derivation Function)
+// Pure TS composition over HMAC_SHA256 and HMAC_SHA512.
+import { HMAC_SHA256, HMAC_SHA512 } from './index.js';
+// ── HKDF_SHA256 ─────────────────────────────────────────────────────────────
+export class HKDF_SHA256 {
+    hmac;
+    constructor() {
+        this.hmac = new HMAC_SHA256();
+    }
+    // RFC 5869 §2.2 — Extract
+    extract(salt, ikm) {
+        const s = (!salt || salt.length === 0) ? new Uint8Array(32) : salt;
+        return this.hmac.hash(s, ikm);
+    }
+    // RFC 5869 §2.3 — Expand
+    expand(prk, info, length) {
+        if (prk.length !== 32)
+            throw new RangeError('HKDF expand: PRK must be 32 bytes');
+        if (length < 1)
+            throw new RangeError('HKDF expand: length must be at least 1');
+        if (length > 255 * 32)
+            throw new RangeError(`HKDF expand: length exceeds maximum (${255 * 32} bytes)`);
+        const N = Math.ceil(length / 32);
+        const okm = new Uint8Array(N * 32);
+        let prev = new Uint8Array(0);
+        for (let i = 1; i <= N; i++) {
+            const buf = new Uint8Array(prev.length + info.length + 1);
+            buf.set(prev, 0);
+            buf.set(info, prev.length);
+            buf[prev.length + info.length] = i;
+            prev = this.hmac.hash(prk, buf);
+            okm.set(prev, (i - 1) * 32);
+        }
+        return okm.slice(0, length);
+    }
+    // One-shot: extract then expand
+    derive(ikm, salt, info, length) {
+        const prk = this.extract(salt, ikm);
+        return this.expand(prk, info, length);
+    }
+    dispose() {
+        this.hmac.dispose();
+    }
+}
+// ── HKDF_SHA512 ─────────────────────────────────────────────────────────────
+export class HKDF_SHA512 {
+    hmac;
+    constructor() {
+        this.hmac = new HMAC_SHA512();
+    }
+    // RFC 5869 §2.2 — Extract
+    extract(salt, ikm) {
+        const s = (!salt || salt.length === 0) ? new Uint8Array(64) : salt;
+        return this.hmac.hash(s, ikm);
+    }
+    // RFC 5869 §2.3 — Expand
+    expand(prk, info, length) {
+        if (prk.length !== 64)
+            throw new RangeError('HKDF expand: PRK must be 64 bytes');
+        if (length < 1)
+            throw new RangeError('HKDF expand: length must be at least 1');
+        if (length > 255 * 64)
+            throw new RangeError(`HKDF expand: length exceeds maximum (${255 * 64} bytes)`);
+        const N = Math.ceil(length / 64);
+        const okm = new Uint8Array(N * 64);
+        let prev = new Uint8Array(0);
+        for (let i = 1; i <= N; i++) {
+            const buf = new Uint8Array(prev.length + info.length + 1);
+            buf.set(prev, 0);
+            buf.set(info, prev.length);
+            buf[prev.length + info.length] = i;
+            prev = this.hmac.hash(prk, buf);
+            okm.set(prev, (i - 1) * 64);
+        }
+        return okm.slice(0, length);
+    }
+    // One-shot: extract then expand
+    derive(ikm, salt, info, length) {
+        const prk = this.extract(salt, ikm);
+        return this.expand(prk, info, length);
+    }
+    dispose() {
+        this.hmac.dispose();
+    }
+}

package/dist/sha2/index.d.ts

@@ -0,0 +1,40 @@
+import type { Mode, InitOpts } from '../init.js';
+export declare function sha2Init(mode?: Mode, opts?: InitOpts): Promise<void>;
+export declare function _sha2Ready(): boolean;
+export declare class SHA256 {
+    private readonly x;
+    constructor();
+    hash(msg: Uint8Array): Uint8Array;
+    dispose(): void;
+}
+export declare class SHA512 {
+    private readonly x;
+    constructor();
+    hash(msg: Uint8Array): Uint8Array;
+    dispose(): void;
+}
+export declare class SHA384 {
+    private readonly x;
+    constructor();
+    hash(msg: Uint8Array): Uint8Array;
+    dispose(): void;
+}
+export declare class HMAC_SHA256 {
+    private readonly x;
+    constructor();
+    hash(key: Uint8Array, msg: Uint8Array): Uint8Array;
+    dispose(): void;
+}
+export declare class HMAC_SHA512 {
+    private readonly x;
+    constructor();
+    hash(key: Uint8Array, msg: Uint8Array): Uint8Array;
+    dispose(): void;
+}
+export declare class HMAC_SHA384 {
+    private readonly x;
+    constructor();
+    hash(key: Uint8Array, msg: Uint8Array): Uint8Array;
+    dispose(): void;
+}
+export { HKDF_SHA256, HKDF_SHA512 } from './hkdf.js';