npm - leviathan-crypto - Versions diffs - 1.3.1 → 2.0.0 - Mend

leviathan-crypto 1.3.1 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (124) hide show

package/CLAUDE.md +129 -76
package/README.md +166 -221
package/SECURITY.md +89 -37
package/dist/chacha20/cipher-suite.d.ts +4 -0
package/dist/chacha20/cipher-suite.js +78 -0
package/dist/chacha20/embedded.d.ts +1 -0
package/dist/chacha20/embedded.js +27 -0
package/dist/chacha20/index.d.ts +20 -7
package/dist/chacha20/index.js +41 -14
package/dist/chacha20/ops.d.ts +1 -1
package/dist/chacha20/ops.js +19 -18
package/dist/chacha20/pool-worker.js +77 -0
package/dist/ct-wasm.d.ts +1 -0
package/dist/ct-wasm.js +3 -0
package/dist/ct.wasm +0 -0
package/dist/docs/aead.md +320 -0
package/dist/docs/architecture.md +419 -285
package/dist/docs/argon2id.md +42 -30
package/dist/docs/chacha20.md +218 -150
package/dist/docs/exports.md +241 -0
package/dist/docs/fortuna.md +65 -74
package/dist/docs/init.md +172 -178
package/dist/docs/loader.md +87 -132
package/dist/docs/serpent.md +134 -565
package/dist/docs/sha2.md +91 -103
package/dist/docs/sha3.md +70 -36
package/dist/docs/types.md +93 -16
package/dist/docs/utils.md +114 -41
package/dist/embedded/chacha20.d.ts +1 -1
package/dist/embedded/chacha20.js +2 -1
package/dist/embedded/kyber.d.ts +1 -0
package/dist/embedded/kyber.js +3 -0
package/dist/embedded/serpent.d.ts +1 -1
package/dist/embedded/serpent.js +2 -1
package/dist/embedded/sha2.d.ts +1 -1
package/dist/embedded/sha2.js +2 -1
package/dist/embedded/sha3.d.ts +1 -1
package/dist/embedded/sha3.js +2 -1
package/dist/errors.d.ts +10 -0
package/dist/{serpent/seal.js → errors.js} +14 -46
package/dist/fortuna.d.ts +2 -8
package/dist/fortuna.js +11 -9
package/dist/index.d.ts +25 -9
package/dist/index.js +36 -7
package/dist/init.d.ts +3 -7
package/dist/init.js +18 -35
package/dist/keccak/embedded.d.ts +1 -0
package/dist/keccak/embedded.js +27 -0
package/dist/keccak/index.d.ts +4 -0
package/dist/keccak/index.js +31 -0
package/dist/kyber/embedded.d.ts +1 -0
package/dist/kyber/embedded.js +27 -0
package/dist/kyber/indcpa.d.ts +49 -0
package/dist/kyber/indcpa.js +352 -0
package/dist/kyber/index.d.ts +38 -0
package/dist/kyber/index.js +150 -0
package/dist/kyber/kem.d.ts +21 -0
package/dist/kyber/kem.js +160 -0
package/dist/kyber/params.d.ts +14 -0
package/dist/kyber/params.js +37 -0
package/dist/kyber/suite.d.ts +13 -0
package/dist/kyber/suite.js +93 -0
package/dist/kyber/types.d.ts +98 -0
package/dist/kyber/types.js +25 -0
package/dist/kyber/validate.d.ts +19 -0
package/dist/kyber/validate.js +68 -0
package/dist/kyber.wasm +0 -0
package/dist/loader.d.ts +19 -4
package/dist/loader.js +91 -25
package/dist/serpent/cipher-suite.d.ts +4 -0
package/dist/serpent/cipher-suite.js +121 -0
package/dist/serpent/embedded.d.ts +1 -0
package/dist/serpent/embedded.js +27 -0
package/dist/serpent/index.d.ts +6 -37
package/dist/serpent/index.js +9 -118
package/dist/serpent/pool-worker.d.ts +1 -0
package/dist/serpent/pool-worker.js +202 -0
package/dist/serpent/serpent-cbc.d.ts +30 -0
package/dist/serpent/serpent-cbc.js +136 -0
package/dist/sha2/embedded.d.ts +1 -0
package/dist/sha2/embedded.js +27 -0
package/dist/sha2/hkdf.js +6 -2
package/dist/sha2/index.d.ts +3 -2
package/dist/sha2/index.js +3 -4
package/dist/sha3/embedded.d.ts +1 -0
package/dist/sha3/embedded.js +27 -0
package/dist/sha3/index.d.ts +3 -2
package/dist/sha3/index.js +3 -4
package/dist/stream/constants.d.ts +6 -0
package/dist/stream/constants.js +30 -0
package/dist/stream/header.d.ts +9 -0
package/dist/stream/header.js +77 -0
package/dist/stream/index.d.ts +7 -0
package/dist/stream/index.js +27 -0
package/dist/stream/open-stream.d.ts +21 -0
package/dist/stream/open-stream.js +146 -0
package/dist/stream/seal-stream-pool.d.ts +38 -0
package/dist/stream/seal-stream-pool.js +391 -0
package/dist/stream/seal-stream.d.ts +20 -0
package/dist/stream/seal-stream.js +142 -0
package/dist/stream/seal.d.ts +9 -0
package/dist/stream/seal.js +75 -0
package/dist/stream/types.d.ts +24 -0
package/dist/stream/types.js +26 -0
package/dist/utils.d.ts +12 -7
package/dist/utils.js +75 -19
package/dist/wasm-source.d.ts +12 -0
package/dist/wasm-source.js +26 -0
package/package.json +13 -5
package/dist/chacha20/pool.d.ts +0 -52
package/dist/chacha20/pool.js +0 -188
package/dist/chacha20/pool.worker.js +0 -37
package/dist/docs/chacha20_pool.md +0 -309
package/dist/docs/wasm.md +0 -194
package/dist/serpent/seal.d.ts +0 -8
package/dist/serpent/stream-pool.d.ts +0 -48
package/dist/serpent/stream-pool.js +0 -285
package/dist/serpent/stream-sealer.d.ts +0 -50
package/dist/serpent/stream-sealer.js +0 -341
package/dist/serpent/stream.d.ts +0 -28
package/dist/serpent/stream.js +0 -205
package/dist/serpent/stream.worker.d.ts +0 -32
package/dist/serpent/stream.worker.js +0 -117
/package/dist/chacha20/{pool.worker.d.ts → pool-worker.d.ts} +0 -0

package/dist/serpent/stream.worker.js DELETED Viewed

@@ -1,117 +0,0 @@
-"use strict";
-// / <reference lib="webworker" />
-// src/ts/serpent/stream.worker.ts
-//
-// Worker entry point for SerpentStreamPool. Runs in a Web Worker —
-// no access to the main thread's module cache. Owns its own
-// serpent.wasm and sha2.wasm instances with isolated linear memory.
-// Implements sealChunk/openChunk inline using raw WASM exports.
-let sx;
-let hx;
-const ZERO_IV = new Uint8Array(16);
-// ── Inline chunk ops ──────────────────────────────────────────────────────────
-function hmacSha256(hx, key, msg) {
-    // RFC 2104 §3: keys longer than block size (64 bytes) are pre-hashed.
-    // mac_key is always 32 bytes in normal usage (half of HKDF 64-byte output),
-    // but this guard must match the main-thread HMAC_SHA256.hash() behaviour
-    // exactly — any divergence would cause authentication failures if key sizes
-    // ever change.
-    let k = key;
-    if (k.length > 64) {
-        hx.sha256Init();
-        let pos = 0;
-        while (pos < k.length) {
-            const n = Math.min(k.length - pos, 64);
-            new Uint8Array(hx.memory.buffer).set(k.subarray(pos, pos + n), hx.getSha256InputOffset());
-            hx.sha256Update(n);
-            pos += n;
-        }
-        hx.sha256Final();
-        const out = new Uint8Array(hx.memory.buffer);
-        k = out.slice(hx.getSha256OutOffset(), hx.getSha256OutOffset() + 32);
-    }
-    const mem = new Uint8Array(hx.memory.buffer);
-    const inputOff = hx.getSha256InputOffset();
-    mem.set(k, inputOff);
-    hx.hmac256Init(k.length);
-    let pos = 0;
-    while (pos < msg.length) {
-        const n = Math.min(msg.length - pos, 64);
-        new Uint8Array(hx.memory.buffer).set(msg.subarray(pos, pos + n), inputOff);
-        hx.hmac256Update(n);
-        pos += n;
-    }
-    hx.hmac256Final();
-    const out = new Uint8Array(hx.memory.buffer);
-    return out.slice(hx.getSha256OutOffset(), hx.getSha256OutOffset() + 32);
-}
-function ctrEncrypt(sx, key, chunk) {
-    const mem = new Uint8Array(sx.memory.buffer);
-    mem.set(key, sx.getKeyOffset());
-    mem.set(ZERO_IV, sx.getNonceOffset());
-    sx.loadKey(key.length);
-    sx.resetCounter();
-    new Uint8Array(sx.memory.buffer).set(chunk, sx.getChunkPtOffset());
-    sx.encryptChunk(chunk.length);
-    const out = new Uint8Array(sx.memory.buffer);
-    return out.slice(sx.getChunkCtOffset(), sx.getChunkCtOffset() + chunk.length);
-}
-function constantTimeEqual(a, b) {
-    if (a.length !== b.length)
-        return false;
-    let diff = 0;
-    for (let i = 0; i < a.length; i++)
-        diff |= a[i] ^ b[i];
-    return diff === 0;
-}
-function workerSealChunk(encKey, macKey, chunk) {
-    const ciphertext = ctrEncrypt(sx, encKey, chunk);
-    const tag = hmacSha256(hx, macKey, ciphertext);
-    const out = new Uint8Array(ciphertext.length + 32);
-    out.set(ciphertext, 0);
-    out.set(tag, ciphertext.length);
-    return out;
-}
-function workerOpenChunk(encKey, macKey, wire) {
-    if (wire.length < 32)
-        throw new RangeError('SerpentStream: chunk wire data too short');
-    const ciphertext = wire.subarray(0, wire.length - 32);
-    const tag = wire.subarray(wire.length - 32);
-    const expectedTag = hmacSha256(hx, macKey, ciphertext);
-    if (!constantTimeEqual(tag, expectedTag))
-        throw new Error('SerpentStream: authentication failed');
-    return ctrEncrypt(sx, encKey, ciphertext);
-}
-// ── Message handler ───────────────────────────────────────────────────────────
-self.onmessage = async (e) => {
-    const msg = e.data;
-    if (msg.type === 'init') {
-        try {
-            const serpentMem = new WebAssembly.Memory({ initial: 3, maximum: 3 });
-            const sha2Mem = new WebAssembly.Memory({ initial: 3, maximum: 3 });
-            const serpentInst = await WebAssembly.instantiate(msg.serpentModule, { env: { memory: serpentMem } });
-            const sha2Inst = await WebAssembly.instantiate(msg.sha2Module, { env: { memory: sha2Mem } });
-            sx = serpentInst.exports;
-            hx = sha2Inst.exports;
-            self.postMessage({ type: 'ready' });
-        }
-        catch (err) {
-            self.postMessage({ type: 'error', id: -1, message: err.message });
-        }
-        return;
-    }
-    if (!sx || !hx) {
-        self.postMessage({ type: 'error', id: msg.id, message: 'worker not initialized' });
-        return;
-    }
-    try {
-        const { id, op, encKey, macKey, data } = msg;
-        const result = op === 'seal'
-            ? workerSealChunk(encKey, macKey, data)
-            : workerOpenChunk(encKey, macKey, data);
-        self.postMessage({ type: 'result', id, data: result }, [result.buffer]);
-    }
-    catch (err) {
-        self.postMessage({ type: 'error', id: msg.id, message: err.message });
-    }
-};

/package/dist/chacha20/{pool.worker.d.ts → pool-worker.d.ts} RENAMED Viewed

File without changes