leviathan-crypto 1.4.0 → 2.0.1

package/dist/loader.js

@@ -1,13 +1,27 @@
 import { base64ToBytes as _b64 } from './utils.js';
+// Each WASM module gets its own fresh Memory — never shared between instances.
+function makeImports() {
+    return { env: { memory: new WebAssembly.Memory({ initial: 3, maximum: 3 }) } };
+}
+// TS 5.9 generified Uint8Array<TArrayBuffer> with default ArrayBufferLike, which
+// no longer satisfies BufferSource = ArrayBufferView<ArrayBuffer> | ArrayBuffer.
+// Convert Uint8Array to a proper ArrayBuffer before calling WebAssembly APIs.
+function toArrayBuffer(bytes) {
+    if (bytes.byteOffset === 0 && bytes.byteLength === bytes.buffer.byteLength)
+        return bytes.buffer;
+    const buf = new ArrayBuffer(bytes.byteLength);
+    new Uint8Array(buf).set(bytes);
+    return buf;
+}
 /**
  * Decode a gzip+base64 embedded WASM string to raw bytes.
- * Throws if the base64 is malformed (should never happen for build artifacts).
- * Used by loadEmbedded() and the pool worker launchers.
+ * Guards against missing DecompressionStream (Node <18, non-browser runtimes).
+ * Exported for pool worker launchers that decode blobs before spawning threads.
  */
 export async function decodeWasm(b64) {
     if (typeof DecompressionStream === 'undefined')
         throw new Error('leviathan-crypto: DecompressionStream not available — '
-            + 'use streaming or manual init mode in this runtime');
+            + 'use a URL, ArrayBuffer, or WebAssembly.Module source in this runtime');
     const compressed = _b64(b64);
     if (!compressed)
         throw new Error('leviathan-crypto: corrupt embedded WASM — base64 decode failed');
@@ -30,23 +44,53 @@ export async function decodeWasm(b64) {
     }
     return out;
 }
-async function instantiateFromBytes(bytes) {
-    const result = await WebAssembly.instantiate(bytes.buffer, { env: { memory: new WebAssembly.Memory({ initial: 3, maximum: 3 }) } });
-    return result.instance;
-}
-export async function loadEmbedded(thunk) {
-    const b64 = await thunk();
-    const bytes = await decodeWasm(b64);
-    return instantiateFromBytes(bytes);
-}
-export async function loadStreaming(_mod, baseUrl, filename) {
-    const url = new URL(filename, baseUrl).href;
-    const result = await WebAssembly.instantiateStreaming(fetch(url), {
-        env: { memory: new WebAssembly.Memory({ initial: 3, maximum: 3 }) },
-    });
-    return result.instance;
+/**
+ * Compile a WASM source to a Module without instantiating.
+ * Used by pool infrastructure to send compiled modules to workers.
+ */
+export async function compileWasm(source) {
+    if (typeof source === 'string') {
+        if (source.length === 0)
+            throw new TypeError('leviathan-crypto: invalid WasmSource — empty string');
+        return WebAssembly.compile(toArrayBuffer(await decodeWasm(source)));
+    }
+    if (source instanceof URL)
+        return WebAssembly.compileStreaming(fetch(source.href));
+    if (source instanceof ArrayBuffer)
+        return WebAssembly.compile(source);
+    if (source instanceof Uint8Array)
+        return WebAssembly.compile(toArrayBuffer(source));
+    if (source instanceof WebAssembly.Module)
+        return source;
+    if (typeof Response !== 'undefined' && source instanceof Response)
+        return WebAssembly.compileStreaming(source);
+    if (source != null && typeof source.then === 'function')
+        return WebAssembly.compileStreaming(source);
+    throw new TypeError(`leviathan-crypto: invalid WasmSource — got ${source === null ? 'null' : typeof source}`);
 }
-export async function loadManual(binary) {
-    const bytes = binary instanceof ArrayBuffer ? new Uint8Array(binary) : binary;
-    return instantiateFromBytes(bytes);
+/**
+ * Load a WASM module from any accepted source type.
+ * The loading strategy is inferred from the argument type — no mode string.
+ *
+ * Throws `TypeError` for null, numeric, or unrecognised inputs.
+ */
+export async function loadWasm(source) {
+    if (typeof source === 'string') {
+        if (source.length === 0)
+            throw new TypeError('leviathan-crypto: invalid WasmSource — empty string');
+        return (await WebAssembly.instantiate(toArrayBuffer(await decodeWasm(source)), makeImports())).instance;
+    }
+    if (source instanceof URL)
+        return (await WebAssembly.instantiateStreaming(fetch(source.href), makeImports())).instance;
+    if (source instanceof ArrayBuffer)
+        return (await WebAssembly.instantiate(source, makeImports())).instance;
+    if (source instanceof Uint8Array)
+        return (await WebAssembly.instantiate(toArrayBuffer(source), makeImports())).instance;
+    if (source instanceof WebAssembly.Module)
+        return WebAssembly.instantiate(source, makeImports());
+    if (typeof Response !== 'undefined' && source instanceof Response)
+        return (await WebAssembly.instantiateStreaming(source, makeImports())).instance;
+    if (source != null && typeof source.then === 'function')
+        return (await WebAssembly.instantiateStreaming(source, makeImports())).instance;
+    throw new TypeError(`leviathan-crypto: invalid WasmSource — got ${source === null ? 'null' : typeof source}`);
 }

package/dist/serpent/cipher-suite.d.ts

@@ -0,0 +1,4 @@
+import type { CipherSuite } from '../stream/types.js';
+export declare const SerpentCipher: CipherSuite & {
+    keygen(): Uint8Array;
+};

package/dist/serpent/cipher-suite.js

@@ -0,0 +1,122 @@
+//                  ▄▄▄▄▄▄▄▄▄▄
+//           ▄████████████████████▄▄          ▒  ▄▀▀ ▒ ▒ █ ▄▀▄ ▀█▀ █ ▒ ▄▀▄ █▀▄
+//        ▄██████████████████████ ▀████▄      ▓  ▓▀  ▓ ▓ ▓ ▓▄▓  ▓  ▓▀▓ ▓▄▓ ▓ ▓
+//      ▄█████████▀▀▀     ▀███████▄▄███████▌  ▀▄ ▀▄▄ ▀▄▀ ▒ ▒ ▒  ▒  ▒ █ ▒ ▒ ▒ █
+//     ▐████████▀   ▄▄▄▄     ▀████████▀██▀█▌
+//     ████████      ███▀▀     ████▀  █▀ █▀       Leviathan Crypto Library
+//     ███████▌    ▀██▀         ███
+//      ███████   ▀███           ▀██ ▀█▄      Repository & Mirror:
+//       ▀██████   ▄▄██            ▀▀  ██▄    github.com/xero/leviathan-crypto
+//         ▀█████▄   ▄██▄             ▄▀▄▀    unpkg.com/leviathan-crypto
+//            ▀████▄   ▄██▄
+//              ▐████   ▐███                  Author: xero (https://x-e.ro)
+//       ▄▄██████████    ▐███         ▄▄      License: MIT
+//    ▄██▀▀▀▀▀▀▀▀▀▀     ▄████      ▄██▀
+//  ▄▀  ▄▄█████████▄▄  ▀▀▀▀▀     ▄███         This file is provided completely
+//   ▄██████▀▀▀▀▀▀██████▄ ▀▄▄▄▄████▀          free, "as is", and without
+//  ████▀    ▄▄▄▄▄▄▄ ▀████▄ ▀█████▀  ▄▄▄▄     warranty of any kind. The author
+//  █████▄▄█████▀▀▀▀▀▀▄ ▀███▄      ▄████      assumes absolutely no liability
+//   ▀██████▀             ▀████▄▄▄████▀       for its {ab,mis,}use.
+//                           ▀█████▀▀
+//
+// src/ts/serpent/cipher-suite.ts
+//
+// SerpentCipher — CipherSuite implementation for the STREAM construction.
+// 3-key HKDF derivation, HMAC-derived CBC IV, Serpent-CBC + HMAC-SHA-256.
+// Verify-then-decrypt ordering prevents padding oracle attacks (Vaudenay 2002).
+import { SerpentCbc } from './serpent-cbc.js';
+import { HKDF_SHA256, HMAC_SHA256 } from '../sha2/index.js';
+import { constantTimeEqual, wipe, concat, randomBytes } from '../utils.js';
+import { AuthenticationError } from '../errors.js';
+import { getInstance } from '../init.js';
+const INFO = new TextEncoder().encode('serpent-sealstream-v2');
+export const SerpentCipher = {
+    formatEnum: 0x02,
+    formatName: 'serpent',
+    hkdfInfo: 'serpent-sealstream-v2',
+    keySize: 32,
+    kemCtSize: 0,
+    tagSize: 32,
+    padded: true,
+    wasmChunkSize: 65552, // src/asm/serpent/buffers.ts CHUNK_SIZE (65536 + 16 PKCS7 max overhead)
+    wasmModules: ['serpent', 'sha2'],
+    keygen() {
+        return randomBytes(32);
+    },
+    deriveKeys(masterKey, nonce, _kemCt) {
+        const hkdf = new HKDF_SHA256();
+        const derived = hkdf.derive(masterKey, nonce, INFO, 96);
+        hkdf.dispose();
+        // bytes[0:32]=enc_key, bytes[32:64]=mac_key, bytes[64:96]=iv_key
+        return { bytes: derived };
+    },
+    sealChunk(keys, counterNonce, chunk, aad) {
+        const encKey = keys.bytes.subarray(0, 32);
+        const macKey = keys.bytes.subarray(32, 64);
+        const ivKey = keys.bytes.subarray(64, 96);
+        const aadBytes = aad ?? new Uint8Array(0);
+        const hmac = new HMAC_SHA256();
+        // Derive IV from counter nonce
+        const ivFull = hmac.hash(ivKey, counterNonce);
+        const iv = ivFull.slice(0, 16);
+        wipe(ivFull);
+        // Encrypt: Serpent-CBC with PKCS7 padding
+        const cbc = new SerpentCbc({ dangerUnauthenticated: true });
+        const ct = cbc.encrypt(encKey, iv, chunk);
+        cbc.dispose();
+        // Compute HMAC tag: HMAC-SHA-256(mac_key, counterNonce || u32be(aad_len) || aad || ct)
+        const aadLenBuf = new Uint8Array(4);
+        new DataView(aadLenBuf.buffer).setUint32(0, aadBytes.length, false);
+        const tagInput = concat(counterNonce, aadLenBuf, aadBytes, ct);
+        const tag = hmac.hash(macKey, tagInput);
+        hmac.dispose();
+        wipe(iv);
+        wipe(tagInput);
+        // Output: ct || tag (IV is NOT included)
+        return concat(ct, tag);
+    },
+    openChunk(keys, counterNonce, chunk, aad) {
+        if (chunk.length < 32)
+            throw new RangeError(`chunk too short for 32-byte tag (got ${chunk.length})`);
+        const encKey = keys.bytes.subarray(0, 32);
+        const macKey = keys.bytes.subarray(32, 64);
+        const ivKey = keys.bytes.subarray(64, 96);
+        const aadBytes = aad ?? new Uint8Array(0);
+        const ct = chunk.subarray(0, chunk.length - 32);
+        const receivedTag = chunk.subarray(chunk.length - 32);
+        const hmac = new HMAC_SHA256();
+        // Derive IV from counter nonce
+        const ivFull = hmac.hash(ivKey, counterNonce);
+        const iv = ivFull.slice(0, 16);
+        wipe(ivFull);
+        // Compute expected tag: HMAC-SHA-256(mac_key, counterNonce || u32be(aad_len) || aad || ct)
+        const aadLenBuf = new Uint8Array(4);
+        new DataView(aadLenBuf.buffer).setUint32(0, aadBytes.length, false);
+        const tagInput = concat(counterNonce, aadLenBuf, aadBytes, ct);
+        const expectedTag = hmac.hash(macKey, tagInput);
+        hmac.dispose();
+        // CRITICAL: Verify HMAC BEFORE decrypting.
+        // Evaluating PKCS7 padding on unauthenticated data is a padding oracle (Vaudenay 2002).
+        if (!constantTimeEqual(expectedTag, receivedTag)) {
+            wipe(iv);
+            wipe(tagInput);
+            wipe(expectedTag);
+            getInstance('serpent').exports.wipeBuffers();
+            throw new AuthenticationError('serpent');
+        }
+        wipe(tagInput);
+        wipe(expectedTag);
+        // ONLY decrypt after authentication succeeds
+        const cbc = new SerpentCbc({ dangerUnauthenticated: true });
+        const plaintext = cbc.decrypt(encKey, iv, ct);
+        cbc.dispose();
+        wipe(iv);
+        return plaintext;
+    },
+    wipeKeys(keys) {
+        wipe(keys.bytes);
+    },
+    createPoolWorker() {
+        return new Worker(new URL('./pool-worker.js', import.meta.url), { type: 'module' });
+    },
+};

package/dist/serpent/embedded.d.ts

@@ -0,0 +1 @@
+export { WASM_GZ_BASE64 as serpentWasm } from '../embedded/serpent.js';

package/dist/serpent/embedded.js

@@ -0,0 +1,27 @@
+//                  ▄▄▄▄▄▄▄▄▄▄
+//           ▄████████████████████▄▄          ▒  ▄▀▀ ▒ ▒ █ ▄▀▄ ▀█▀ █ ▒ ▄▀▄ █▀▄
+//        ▄██████████████████████ ▀████▄      ▓  ▓▀  ▓ ▓ ▓ ▓▄▓  ▓  ▓▀▓ ▓▄▓ ▓ ▓
+//      ▄█████████▀▀▀     ▀███████▄▄███████▌  ▀▄ ▀▄▄ ▀▄▀ ▒ ▒ ▒  ▒  ▒ █ ▒ ▒ ▒ █
+//     ▐████████▀   ▄▄▄▄     ▀████████▀██▀█▌
+//     ████████      ███▀▀     ████▀  █▀ █▀       Leviathan Crypto Library
+//     ███████▌    ▀██▀         ███
+//      ███████   ▀███           ▀██ ▀█▄      Repository & Mirror:
+//       ▀██████   ▄▄██            ▀▀  ██▄    github.com/xero/leviathan-crypto
+//         ▀█████▄   ▄██▄             ▄▀▄▀    unpkg.com/leviathan-crypto
+//            ▀████▄   ▄██▄
+//              ▐████   ▐███                  Author: xero (https://x-e.ro)
+//       ▄▄██████████    ▐███         ▄▄      License: MIT
+//    ▄██▀▀▀▀▀▀▀▀▀▀     ▄████      ▄██▀
+//  ▄▀  ▄▄█████████▄▄  ▀▀▀▀▀     ▄███         This file is provided completely
+//   ▄██████▀▀▀▀▀▀██████▄ ▀▄▄▄▄████▀          free, "as is", and without
+//  ████▀    ▄▄▄▄▄▄▄ ▀████▄ ▀█████▀  ▄▄▄▄     warranty of any kind. The author
+//  █████▄▄█████▀▀▀▀▀▀▄ ▀███▄      ▄████      assumes absolutely no liability
+//   ▀██████▀             ▀████▄▄▄████▀       for its {ab,mis,}use.
+//                           ▀█████▀▀
+//
+// src/ts/serpent/embedded.ts
+//
+// Exports the gzip+base64 serpent WASM blob for use as a WasmSource.
+// This is the only file in the serpent subpath that references the embedded blob.
+// Import via `leviathan-crypto/serpent/embedded`.
+export { WASM_GZ_BASE64 as serpentWasm } from '../embedded/serpent.js';

package/dist/serpent/index.d.ts

@@ -1,5 +1,6 @@
-import type { Mode, InitOpts } from '../init.js';
-export declare function serpentInit(mode?: Mode, opts?: InitOpts): Promise<void>;
+import type { WasmSource } from '../wasm-source.js';
+export declare function serpentInit(source: WasmSource): Promise<void>;
+export type { WasmSource };
 export declare class Serpent {
     private readonly x;
     constructor();
@@ -26,39 +27,7 @@ export declare class SerpentCtr {
     decryptChunk(chunk: Uint8Array): Uint8Array;
     dispose(): void;
 }
-/**
- * Serpent-256 in CBC mode with PKCS7 padding.
- *
- * **WARNING: CBC mode is unauthenticated.** Always authenticate the output
- * with HMAC-SHA256 (Encrypt-then-MAC) or use `XChaCha20Poly1305` instead.
- */
-export declare class SerpentCbc {
-    private readonly x;
-    constructor(opts?: {
-        dangerUnauthenticated: true;
-    });
-    private get mem();
-    /**
-   * Encrypt plaintext with Serpent-256 CBC + PKCS7 padding.
-   *
-   * @param key       16, 24, or 32 bytes
-   * @param iv        16 bytes — must be random and unique per (key, message)
-   * @param plaintext any length — PKCS7 padding applied automatically
-   * @returns         ciphertext (length = ceil((plaintext.length + 1) / 16) * 16)
-   */
-    encrypt(key: Uint8Array, iv: Uint8Array, plaintext: Uint8Array): Uint8Array;
-    /**
-   * Decrypt Serpent-256 CBC + PKCS7.
-   * Throws if ciphertext length is not a non-zero multiple of 16 or PKCS7 is invalid.
-   */
-    decrypt(key: Uint8Array, iv: Uint8Array, ciphertext: Uint8Array): Uint8Array;
-    dispose(): void;
-    private _loadKey;
-    private _setIv;
-}
-export { SerpentSeal } from './seal.js';
-export { SerpentStream, sealChunk, openChunk } from './stream.js';
-export { SerpentStreamPool } from './stream-pool.js';
-export type { StreamPoolOpts } from './stream-pool.js';
-export { SerpentStreamSealer, SerpentStreamOpener } from './stream-sealer.js';
+export { SerpentCbc } from './serpent-cbc.js';
+export { AuthenticationError } from '../errors.js';
+export { SerpentCipher } from './cipher-suite.js';
 export declare function _serpentReady(): boolean;

package/dist/serpent/index.js

@@ -22,12 +22,10 @@
 // src/ts/serpent/index.ts
 //
 // Public API classes for the Serpent-256 WASM module.
-// Uses the init() module cache — call init('serpent') before constructing.
+// Uses the init() module cache — call serpentInit(source) before constructing.
 import { getInstance, initModule } from '../init.js';
-import { hasSIMD } from '../utils.js';
-const _embedded = () => import('../embedded/serpent.js').then(m => m.WASM_GZ_BASE64);
-export async function serpentInit(mode = 'embedded', opts) {
-    return initModule('serpent', _embedded, mode, opts);
+export async function serpentInit(source) {
+    return initModule('serpent', source);
 }
 function getExports() {
     return getInstance('serpent').exports;
@@ -82,7 +80,7 @@ export class SerpentCtr {
     x;
     constructor(opts) {
         if (!opts?.dangerUnauthenticated) {
-            throw new Error('leviathan-crypto: SerpentCtr is unauthenticated — use SerpentSeal instead. ' +
+            throw new Error('leviathan-crypto: SerpentCtr is unauthenticated — use Seal with SerpentCipher instead. ' +
                 'To use SerpentCtr directly, pass { dangerUnauthenticated: true }.');
         }
         this.x = getExports();
@@ -106,8 +104,7 @@ export class SerpentCtr {
         const ptOff = this.x.getChunkPtOffset();
         const ctOff = this.x.getChunkCtOffset();
         mem.set(chunk, ptOff);
-        const fn = hasSIMD() ? this.x.encryptChunk_simd : this.x.encryptChunk;
-        fn(chunk.length);
+        this.x.encryptChunk_simd(chunk.length);
         return mem.slice(ctOff, ctOff + chunk.length);
     }
     beginDecrypt(key, nonce) {
@@ -120,117 +117,11 @@ export class SerpentCtr {
         this.x.wipeBuffers();
     }
 }
-// ── PKCS7 helpers ────────────────────────────────────────────────────────────
-function pkcs7Pad(data) {
-    const padLen = 16 - (data.length % 16); // 1..16
-    const out = new Uint8Array(data.length + padLen);
-    out.set(data);
-    out.fill(padLen, data.length);
-    return out;
-}
-function pkcs7Strip(data) {
-    if (data.length === 0)
-        throw new RangeError('empty ciphertext');
-    const padLen = data[data.length - 1];
-    if (padLen === 0 || padLen > 16)
-        throw new RangeError(`invalid PKCS7 padding byte: ${padLen}`);
-    if (padLen > data.length)
-        throw new RangeError(`invalid PKCS7 padding: pad length ${padLen} exceeds data length ${data.length}`);
-    let bad = 0;
-    for (let i = data.length - padLen; i < data.length; i++)
-        bad |= data[i] ^ padLen;
-    if (bad !== 0)
-        throw new RangeError('invalid PKCS7 padding');
-    return data.subarray(0, data.length - padLen);
-}
 // ── SerpentCbc ───────────────────────────────────────────────────────────────
-/**
- * Serpent-256 in CBC mode with PKCS7 padding.
- *
- * **WARNING: CBC mode is unauthenticated.** Always authenticate the output
- * with HMAC-SHA256 (Encrypt-then-MAC) or use `XChaCha20Poly1305` instead.
- */
-export class SerpentCbc {
-    x;
-    constructor(opts) {
-        if (!opts?.dangerUnauthenticated) {
-            throw new Error('leviathan-crypto: SerpentCbc is unauthenticated — use SerpentSeal instead. ' +
-                'To use SerpentCbc directly, pass { dangerUnauthenticated: true }.');
-        }
-        this.x = getExports();
-    }
-    get mem() {
-        return new Uint8Array(this.x.memory.buffer);
-    }
-    /**
-   * Encrypt plaintext with Serpent-256 CBC + PKCS7 padding.
-   *
-   * @param key       16, 24, or 32 bytes
-   * @param iv        16 bytes — must be random and unique per (key, message)
-   * @param plaintext any length — PKCS7 padding applied automatically
-   * @returns         ciphertext (length = ceil((plaintext.length + 1) / 16) * 16)
-   */
-    encrypt(key, iv, plaintext) {
-        this._loadKey(key);
-        this._setIv(iv);
-        const padded = pkcs7Pad(plaintext);
-        const output = new Uint8Array(padded.length);
-        const ptOff = this.x.getChunkPtOffset();
-        const ctOff = this.x.getChunkCtOffset();
-        const maxChunk = 65536;
-        for (let off = 0; off < padded.length; off += maxChunk) {
-            const chunk = padded.subarray(off, Math.min(off + maxChunk, padded.length));
-            this.mem.set(chunk, ptOff);
-            this.x.cbcEncryptChunk(chunk.length);
-            output.set(new Uint8Array(this.x.memory.buffer).subarray(ctOff, ctOff + chunk.length), off);
-        }
-        return output;
-    }
-    /**
-   * Decrypt Serpent-256 CBC + PKCS7.
-   * Throws if ciphertext length is not a non-zero multiple of 16 or PKCS7 is invalid.
-   */
-    decrypt(key, iv, ciphertext) {
-        if (ciphertext.length === 0 || ciphertext.length % 16 !== 0)
-            throw new RangeError('ciphertext length must be a non-zero multiple of 16');
-        this._loadKey(key);
-        this._setIv(iv);
-        const output = new Uint8Array(ciphertext.length);
-        const ctOff = this.x.getChunkCtOffset();
-        const ptOff = this.x.getChunkPtOffset();
-        const maxChunk = 65536;
-        for (let off = 0; off < ciphertext.length; off += maxChunk) {
-            const chunk = ciphertext.subarray(off, Math.min(off + maxChunk, ciphertext.length));
-            this.mem.set(chunk, ctOff);
-            const fn = hasSIMD() ? this.x.cbcDecryptChunk_simd : this.x.cbcDecryptChunk;
-            fn(chunk.length);
-            output.set(new Uint8Array(this.x.memory.buffer).subarray(ptOff, ptOff + chunk.length), off);
-        }
-        return pkcs7Strip(output);
-    }
-    dispose() {
-        this.x.wipeBuffers();
-    }
-    _loadKey(key) {
-        if (key.length !== 16 && key.length !== 24 && key.length !== 32)
-            throw new RangeError(`Serpent key must be 16, 24, or 32 bytes (got ${key.length})`);
-        this.mem.set(key, this.x.getKeyOffset());
-        this.x.loadKey(key.length);
-    }
-    _setIv(iv) {
-        if (iv.length !== 16)
-            throw new RangeError(`CBC IV must be 16 bytes (got ${iv.length})`);
-        this.mem.set(iv, this.x.getCbcIvOffset());
-    }
-}
-// ── SerpentSeal re-export ─────────────────────────────────────────────────────
-export { SerpentSeal } from './seal.js';
-// ── SerpentStream re-export ───────────────────────────────────────────────────
-export { SerpentStream, sealChunk, openChunk } from './stream.js';
-// ── SerpentStreamPool re-export ───────────────────────────────────────────────
-export { SerpentStreamPool } from './stream-pool.js';
-// ── SerpentStreamSealer / SerpentStreamOpener re-export ───────────────────────
-export { SerpentStreamSealer, SerpentStreamOpener } from './stream-sealer.js';
+export { SerpentCbc } from './serpent-cbc.js';
+export { AuthenticationError } from '../errors.js';
+// ── SerpentCipher re-export ───────────────────────────────────────────────────
+export { SerpentCipher } from './cipher-suite.js';
 // ── Ready check ──────────────────────────────────────────────────────────────
 export function _serpentReady() {
     try {

package/dist/serpent/pool-worker.d.ts

@@ -0,0 +1 @@
+export {};