leviathan-crypto 1.4.0 → 2.0.1

package/dist/docs/chacha20_pool.md

@@ -1,309 +0,0 @@
-# XChaCha20Poly1305Pool: Parallel Worker Pool for Authenticated Encryption
-
-> [!NOTE]
-> A worker pool that dispatches independent XChaCha20-Poly1305 AEAD operations
-> across multiple Web Workers, each with its own isolated WebAssembly instance.
->
-> See [ChaCha20-Poly1305 implementation audit](./chacha_audit.md) for algorithm correctness verifications.
-
-## Overview
-
-`XChaCha20Poly1305Pool` parallelizes XChaCha20-Poly1305 encrypt and decrypt
-operations across Web Workers. Each worker owns its own `WebAssembly.Instance`
-with its own linear memory -- there is no shared state between workers.
-
-Use the pool when you need to process many independent AEAD operations
-concurrently. Typical use cases include encrypting multiple independent messages,
-batch processing encrypted records, or any scenario where multiple independent
-encrypt/decrypt operations could benefit from parallelism.
-
-Use the single-instance `XChaCha20Poly1305` when operations are sequential, when
-you only process one message at a time, or when the overhead of worker
-communication is not justified by the operation size.
-
-**Throughput ceiling:** CPU-bound WASM throughput plateaus at
-`navigator.hardwareConcurrency`. Adding more workers beyond this adds scheduling
-overhead with no parallelism gain.
-
-**Per-job size limit:** Each job is limited to 64 KB, the same limit as the
-single-instance path. This is not a workaround limitation -- it is the correct
-security boundary for independent AEAD operations. Each job is one complete,
-independently authenticated AEAD operation. Do not split one logical message
-across multiple pool calls and concatenate results -- this provides no
-stream-level authenticity (reordering and truncation attacks go undetected).
-
----
-
-## Security Notes
-
-- **Input buffers are transferred (neutered) after dispatch.** Once you call
-  `encrypt()` or `decrypt()`, the `key`, `nonce`, `plaintext`/`ciphertext`, and
-  `aad` buffers are transferred to the worker via `Transferable`. The caller's
-  `Uint8Array` views become detached -- reading them after the call returns
-  zero-length buffers. If you need to retain any input after calling
-  `encrypt()`/`decrypt()`, copy it first with `.slice()`.
-
-- **64 KB limit is per independent AEAD operation.** Do not split one logical
-  message across multiple pool calls and concatenate the results. This creates a
-  stream without authentication -- an attacker can reorder, duplicate, or
-  truncate chunks without detection. A future chunked-AEAD streaming API is the
-  correct tool for large files.
-
-- **All XChaCha20-Poly1305 security properties apply.** Nonce uniqueness per key
-  is required. The 24-byte nonce is safe for random generation via
-  `crypto.getRandomValues()` (collision probability is negligible for 2^64
-  messages).
-
-- **Each worker owns isolated WASM memory.** Key material in one worker's linear
-  memory cannot leak to another worker, even in theory.
-
-- **Workers are terminated on `dispose()`.** All WASM memory is released when
-  the worker process ends. There is no lingering key material.
-
----
-
-## API Reference
-
-### `PoolOpts`
-
-```typescript
-interface PoolOpts {
-  /** Number of workers. Default: navigator.hardwareConcurrency ?? 4 */
-  workers?: number;
-}
-```
-
----
-
-### `XChaCha20Poly1305Pool.create(opts?)`
-
-Static async factory. Returns a `Promise<XChaCha20Poly1305Pool>`.
-
-```typescript
-static async create(opts?: PoolOpts): Promise<XChaCha20Poly1305Pool>
-```
-
-| Parameter | Type | Default | Description |
-|-----------|------|---------|-------------|
-| `opts.workers` | `number` | `navigator.hardwareConcurrency ?? 4` | Number of workers to spawn. |
-
-Throws if `init(['chacha20'])` has not been called.
-
-Direct construction with `new XChaCha20Poly1305Pool()` is not possible -- the
-constructor is private.
-
----
-
-### `encrypt(key, nonce, plaintext, aad?)`
-
-Encrypt plaintext with XChaCha20-Poly1305.
-
-```typescript
-encrypt(
-  key: Uint8Array,       // 32 bytes
-  nonce: Uint8Array,     // 24 bytes
-  plaintext: Uint8Array, // up to 64 KB
-  aad?: Uint8Array,      // optional additional authenticated data
-): Promise<Uint8Array>   // ciphertext || tag (plaintext.length + 16 bytes)
-```
-
-| Parameter | Type | Constraints | Description |
-|-----------|------|-------------|-------------|
-| `key` | `Uint8Array` | 32 bytes | Encryption key |
-| `nonce` | `Uint8Array` | 24 bytes | Unique nonce |
-| `plaintext` | `Uint8Array` | 0--65536 bytes | Data to encrypt |
-| `aad` | `Uint8Array` | any length | Additional authenticated data (default: empty) |
-
-Returns `ciphertext || tag` (`plaintext.length + 16` bytes).
-
-> [!WARNING]
-> All input buffers are transferred and neutered after dispatch.
-
-### `decrypt(key, nonce, ciphertext, aad?)`
-
-Decrypt ciphertext with XChaCha20-Poly1305.
-
-```typescript
-decrypt(
-  key: Uint8Array,        // 32 bytes
-  nonce: Uint8Array,      // 24 bytes
-  ciphertext: Uint8Array, // ciphertext || tag (at least 16 bytes)
-  aad?: Uint8Array,       // must match the AAD used during encryption
-): Promise<Uint8Array>    // plaintext
-```
-
-| Parameter | Type | Constraints | Description |
-|-----------|------|-------------|-------------|
-| `key` | `Uint8Array` | 32 bytes | Decryption key |
-| `nonce` | `Uint8Array` | 24 bytes | Same nonce used for encryption |
-| `ciphertext` | `Uint8Array` | >= 16 bytes | `ciphertext || tag` from `encrypt()` |
-| `aad` | `Uint8Array` | any length | Same AAD used during encryption (default: empty) |
-
-Returns the decrypted plaintext.
-
-Rejects with `Error('ChaCha20Poly1305: authentication failed')` if the tag does
-not match (tampered ciphertext, wrong key, wrong nonce, or wrong AAD).
-
-> [!WARNING]
-> All input buffers are transferred and neutered after dispatch.
-
-### `dispose()`
-
-Terminate all workers and reject all pending and queued jobs.
-
-```typescript
-dispose(): void
-```
-
-After `dispose()`, all calls to `encrypt()` and `decrypt()` reject immediately.
-Calling `dispose()` multiple times is safe (idempotent).
-
----
-
-### `size`
-
-Number of workers in the pool.
-
-```typescript
-get size(): number
-```
-
----
-
-### `queueDepth`
-
-Number of jobs currently queued (waiting for a free worker).
-
-```typescript
-get queueDepth(): number
-```
-
-Returns 0 when all workers are idle.
-
----
-
-## Performance Notes
-
-Throughput plateaus at `navigator.hardwareConcurrency` workers for CPU-bound
-WASM operations. Adding more workers beyond this count introduces scheduling
-overhead without additional parallelism.
-
-The `workers` option lets you tune the count:
-- **Default** (`navigator.hardwareConcurrency ?? 4`) -- optimal for most systems
-- **Fewer workers** -- useful if you need to leave cores available for other work
-- **More workers** -- only beneficial on hyperthreaded CPUs where
-  `hardwareConcurrency` includes virtual cores that provide some additional
-  throughput
-
-Each worker carries a fixed overhead: one `WebAssembly.Instance` (192 KB linear
-memory) plus the worker thread itself. For most workloads, the default is correct.
-
-Job dispatch uses `Transferable` buffers to avoid copy overhead on 64 KB payloads.
-The downside is that input buffers are neutered on the calling side -- see
-Security Notes.
-
----
-
-## Usage Examples
-
-### Basic -- create pool, encrypt/decrypt one message
-
-```typescript
-import { init, XChaCha20Poly1305Pool, randomBytes } from 'leviathan-crypto'
-
-await init(['chacha20'])
-
-const pool = await XChaCha20Poly1305Pool.create()
-
-const key   = randomBytes(32)
-const nonce = randomBytes(24)
-const plaintext = new TextEncoder().encode('Hello, world!')
-
-// Copy inputs before passing to the pool (they will be neutered)
-const ct = await pool.encrypt(key.slice(), nonce.slice(), plaintext.slice())
-const pt = await pool.decrypt(key.slice(), nonce.slice(), ct)
-console.log(new TextDecoder().decode(pt))  // "Hello, world!"
-
-pool.dispose()
-```
-
-### Concurrent burst -- `Promise.all()` over many independent messages
-
-```typescript
-import { init, XChaCha20Poly1305Pool, randomBytes } from 'leviathan-crypto'
-
-await init(['chacha20'])
-const pool = await XChaCha20Poly1305Pool.create()
-
-const messages = ['message-1', 'message-2', 'message-3', 'message-4']
-const key = randomBytes(32)
-
-// Each message gets its own nonce -- all encrypt concurrently
-const encrypted = await Promise.all(
-  messages.map(msg => {
-    const nonce = randomBytes(24)
-    const pt = new TextEncoder().encode(msg)
-    return pool.encrypt(key.slice(), nonce, pt)
-  })
-)
-
-pool.dispose()
-```
-
-### Manual worker count
-
-```typescript
-const pool = await XChaCha20Poly1305Pool.create({ workers: 4 })
-console.log(pool.size)  // 4
-```
-
-### Correct dispose pattern -- `try/finally`
-
-```typescript
-const pool = await XChaCha20Poly1305Pool.create()
-try {
-  const ct = await pool.encrypt(key, nonce, plaintext)
-  // ... use ct ...
-} finally {
-  pool.dispose()
-}
-```
-
-### What NOT to do -- splitting one message across pool calls
-
-```typescript
-// WRONG -- this is NOT secure
-const chunk1 = await pool.encrypt(key, nonce1, largeFile.subarray(0, 65536))
-const chunk2 = await pool.encrypt(key, nonce2, largeFile.subarray(65536))
-const result = concat(chunk1, chunk2)
-// ^ An attacker can reorder, duplicate, or truncate chunks undetected.
-//   There is no stream-level authentication.
-//   Use a future chunked-AEAD streaming API for large files.
-```
-
----
-
-## Error Conditions
-
-| Condition | What happens |
-|-----------|-------------|
-| `init()` not called | `create()` throws: `leviathan-crypto: call init(['chacha20']) before using XChaCha20Poly1305Pool` |
-| `new XChaCha20Poly1305Pool()` | Compile-time error -- the constructor is private |
-| Wrong key length | `encrypt()`/`decrypt()` reject with `RangeError` |
-| Wrong nonce length | `encrypt()`/`decrypt()` reject with `RangeError` |
-| Ciphertext shorter than 16 bytes | `decrypt()` rejects with `RangeError` |
-| Authentication failure | `decrypt()` rejects with `Error('ChaCha20Poly1305: authentication failed')` |
-| Pool disposed | `encrypt()`/`decrypt()` reject with `Error('leviathan-crypto: pool is disposed')` |
-| Worker init failure | `create()` rejects with error message from the worker |
-
----
-
-> ## Cross-References
->
-> - [index](./README.md) — Project Documentation index
-> - [chacha20](./chacha20.md) — single-instance XChaCha20-Poly1305 API
-> - [asm_chacha](./asm_chacha.md) — WASM implementation details (quarter-round, Poly1305 accumulator, HChaCha20)
-> - [wasm](./wasm.md) — WebAssembly primer: how one compiled module spawns many worker instances
-> - [fortuna](./fortuna.md) — another class using the `static async create()` factory pattern
-> - [architecture](./architecture.md) — architecture overview, module relationships, buffer layouts, and build pipeline
-> - [chacha_audit.md](./chacha_audit.md) — XChaCha20-Poly1305 implementation audit

package/dist/docs/wasm.md

@@ -1,194 +0,0 @@
-# WebAssembly Primer
-
-> [!NOTE]
-> - A short introduction to WebAssembly concepts as they apply to the leviathan-crypto library.
-> - If you already understand WASM, skip to [Project-Specific Concepts](#project-specific-concepts).
-> - WebAssembly specification and documentation: [webassembly.org](https://webassembly.org/)
-
-## What is WebAssembly?
-
-WebAssembly (WASM) is a binary instruction format that runs in browsers and
-server-side runtimes alongside JavaScript. Rather than a programming language
-one writes by hand, it serves as a compilation target. Code is written in a higher-level
-language, compiled to `.wasm`, and then executed by the browser.
-
-Consider it a small, fast virtual machine built into every modern browser.
-JavaScript can load a `.wasm` binary, call its exported functions, and read
-its results. The WASM code runs in its own sandboxed memory space, and thus cannot
-touch the DOM, access JavaScript variables, or reach the network. It computes
-and returns values, and that is its sole function.
-
----
-
-## How It Runs
-
-When a browser encounters a `.wasm` binary, it performs two steps:
-
-1. Compilation: The binary is validated and compiled into native machine code.
-   This is fast because WASM is already a low-level format, requiring less
-   work for the compiler compared to parsing and optimizing JavaScript.
-
-2. Instantiation: The compiled module is paired with its imports, such as a
-   memory object, to create a live instance. The instance's exported functions
-   are then callable from JavaScript.
-
-Once instantiated, calling a WASM function is similar to calling any JavaScript
-function: you pass arguments, it runs, and it returns a result. The key difference
-lies in how it runs. WASM execution is deterministic and not subject to the
-JIT compiler's speculative optimizations. Unlike JavaScript, the browser does not rewrite, inline,
-or de-optimize WASM code paths based on runtime profiling.
-
----
-
-## Why We Use It
-
-Leviathan performs all cryptographic computations in WASM because JavaScript
-engines offer no formal constant-time guarantees for arbitrary code. The JIT
-compiler can introduce timing variations that leak information about secret
-data; WASM execution avoids this class of problem.
-
-For architectural details and security rationale, see [architecture.md](./architecture.md).
-
-**TLDR:** _TypeScript handles the API, and WASM handles the math._
-
----
-
-## Core Concepts
-
-### Module
-
-A `WebAssembly.Module` is a compiled `.wasm` binary and a stateless
-template for creating instances. You can compile a module once and create
-multiple instances from it. For example, [XChaCha20Poly1305Pool](./chacha20_pool.md)
-uses one compiled module to create many worker instances.
-
----
-
-### Instance
-
-A WebAssembly.Instance is a live, runnable copy of a module, complete with
-its own memory and state. When you call `init('serpent')`, the library
-compiles the Serpent WASM binary and creates a single instance. All
-Serpent classes (`Serpent`, `SerpentCtr`, `SerpentCbc`) share this instance.
-
----
-
-### Memory
-
-A `WebAssembly.Memory` is a contiguous block of bytes, essentially a
- `Uint8Array` that WASM functions can read and write, also known as **linear
-memory**. Each of our WASM modules gets its own memory (3 pages = 192 KB).
-
-The TypeScript layer communicates with WASM by writing inputs to specific offsets
-in this memory, calling a WASM function, and then reading the outputs from other
-offsets. There is no other communication channel, no function arguments for
-large data, and no return values beyond a single number. Memory is the data bus.
-
----
-
-### Exports
-
-A WASM instance exposes exports: functions and memory that JavaScript can
-access. In leviathan-crypto, every WASM module exports:
-
-- **Getter functions** like getKeyOffset() and getChunkPtOffset(): these
-  return the memory offsets where the TypeScript layer should write inputs
-  or read outputs.
-- **Operation functions** like chachaEncryptChunk() and sha256Final():
-  these perform the actual cryptographic computation on data already in memory.
-- **wipeBuffers():** this zeros all sensitive regions of memory and is called
-  by every class's dispose() method.
-- **memory:** the linear memory object itself, which allows the TypeScript
-  layer to create Uint8Array views over it.
-
----
-
-### Imports
-
-When instantiating a module, you can pass **imports:** objects the WASM code
-needs from the host. Our modules import only one thing: the Memory object.
-We create the memory on the JavaScript side and pass it in, giving us
-control over its size and lifecycle.
-
----
-
-## Project-Specific Concepts
-
-### AssemblyScript
-
-The WASM binaries in this project are written in [AssemblyScript](https://www.assemblyscript.org/):
-a TypeScript-like language that compiles to WebAssembly. It resembles
-TypeScript but targets WASM instead of JavaScript. The source code
-resides in `src/asm/` and compiles into `.wasm` binaries in `build/`.
-
-AssemblyScript was selected because its syntax is familiar to TypeScript
-developers. It produces small binaries and grants low-level control over
-memory layout without requiring C, C++, or Rust.
-
----
-
-### Thunks
-
-In this project, a **thunk** is a base64-encoded WASM binary embedded directly
-within a TypeScript file. The files in `src/ts/embedded/`
-(such as chacha20.ts and serpent.ts) each export a single constant:
-
-```typescript
-export const WASM_BASE64 = 'AGFzbQEAAAAB...'
-```
-
-This represents the entire compiled .wasm binary, encoded as a base64 string. When
-you call init('chacha20') in embedded mode (the default), the library
-imports this string, decodes it back into bytes, and compiles it into a
-`WebAssembly.Module`.
-
-Why embed the binary as a string? This approach enables the library to function with zero
-configuration. There's no need to serve .wasm files from a CDN, configure MIME
-types, or establish a build plugin to manage binary imports. Simply npm install and
-import. The tradeoff is bundle size, as base64 encoding increases the size by
-approximately 33% compared to the raw binary. For production deployments where bundle size is
-critical, the library also supports [streaming and manual loading modes](./loader.md).
-
-**TLDR:** Thunks are build artifacts generated by `scripts/embed-wasm.ts`.
-They are gitignored and regenerated during each build. Avoid manual edits.
-
----
-
-### Buffer Layout
-
-Each WASM module divides its linear memory into fixed regions at known offsets.
-For example, the ChaCha20 module has a region for the key, a region for the
-nonce, a region for plaintext input, a region for ciphertext output, and so on.
-These offsets are defined in `src/asm/*/buffers.ts` and never change at runtime.
-The TypeScript layer calls getter functions (like `getKeyOffset()`) to
-determine where each region starts, then reads and writes `Uint8Array` slices at those
-positions. This is the only way data moves between TypeScript and
-WASM. There is no serialization, no copying to intermediate buffers, and no function call
-overhead for large data. Data is transferred via direct byte writes to shared memory.
-
-The buffer layouts for each module are documented in [architecture.md](./architecture.md).
-
----
-
-### The `init()` Gate
-
-WASM modules must be compiled and instantiated before use. Because compilation
-returns a Promise, this is an asynchronous operation. Rather than hiding this
-behind lazy auto-initialization, which would make every cryptographic call
-implicitly asynchronous and create race conditions, the library requires an explicit
-`init()` call up front. If you forget, every class immediately throws an error message
-indicating which `init(init()` call is missing. _This is deliberate._
-
-See [init.md](./init.md) for the full API.
-
----
-
-> ## Cross-References
->
-> - [index](./README.md) — Project Documentation index
-> - [architecture](./architecture.md) — architecture overview, module relationships, buffer layouts, and build pipeline
-> - [serpent_simd_bench](./serpent_simd_bench.md) Serpent-256 SIMD benchmark results: CTR and CBC-decrypt inter-block 4-wide, scalar vs SIMD across V8, SpiderMonkey, and JSC
-> - [chacha_simd_bench](./chacha_simd_bench.md) ChaCha20 SIMD benchmark results: 4-wide inter-block parallelism, scalar vs SIMD across V8, SpiderMonkey, and JSC. Includes documented negative result for intra-block approach
-> - [init](./init.md) — `init()` API and the three loading modes
-> - [loader](./loader.md) — how WASM binaries are loaded and instantiated
-> - [chacha20_pool](./chacha20_pool.md) — example of one compiled module spawning many instances across workers

package/dist/serpent/seal.d.ts

@@ -1,8 +0,0 @@
-export declare class SerpentSeal {
-    private readonly _cbc;
-    private readonly _hmac;
-    constructor();
-    encrypt(key: Uint8Array, plaintext: Uint8Array, aad?: Uint8Array, _iv?: Uint8Array): Uint8Array;
-    decrypt(key: Uint8Array, data: Uint8Array, aad?: Uint8Array): Uint8Array;
-    dispose(): void;
-}

package/dist/serpent/seal.js

@@ -1,72 +0,0 @@
-//                  ▄▄▄▄▄▄▄▄▄▄
-//           ▄████████████████████▄▄          ▒  ▄▀▀ ▒ ▒ █ ▄▀▄ ▀█▀ █ ▒ ▄▀▄ █▀▄
-//        ▄██████████████████████ ▀████▄      ▓  ▓▀  ▓ ▓ ▓ ▓▄▓  ▓  ▓▀▓ ▓▄▓ ▓ ▓
-//      ▄█████████▀▀▀     ▀███████▄▄███████▌  ▀▄ ▀▄▄ ▀▄▀ ▒ ▒ ▒  ▒  ▒ █ ▒ ▒ ▒ █
-//     ▐████████▀   ▄▄▄▄     ▀████████▀██▀█▌
-//     ████████      ███▀▀     ████▀  █▀ █▀       Leviathan Crypto Library
-//     ███████▌    ▀██▀         ███
-//      ███████   ▀███           ▀██ ▀█▄      Repository & Mirror:
-//       ▀██████   ▄▄██            ▀▀  ██▄    github.com/xero/leviathan-crypto
-//         ▀█████▄   ▄██▄             ▄▀▄▀    unpkg.com/leviathan-crypto
-//            ▀████▄   ▄██▄
-//              ▐████   ▐███                  Author: xero (https://x-e.ro)
-//       ▄▄██████████    ▐███         ▄▄      License: MIT
-//    ▄██▀▀▀▀▀▀▀▀▀▀     ▄████      ▄██▀
-//  ▄▀  ▄▄█████████▄▄  ▀▀▀▀▀     ▄███         This file is provided completely
-//   ▄██████▀▀▀▀▀▀██████▄ ▀▄▄▄▄████▀          free, "as is", and without
-//  ████▀    ▄▄▄▄▄▄▄ ▀████▄ ▀█████▀  ▄▄▄▄     warranty of any kind. The author
-//  █████▄▄█████▀▀▀▀▀▀▄ ▀███▄      ▄████      assumes absolutely no liability
-//   ▀██████▀             ▀████▄▄▄████▀       for its {ab,mis,}use.
-//                           ▀█████▀▀
-//
-// src/ts/serpent/seal.ts
-//
-// SerpentSeal — authenticated Serpent-256 encryption.
-// Encrypt-then-MAC: SerpentCbc + HMAC-SHA256. Tier 2 pure-TS composition.
-import { SerpentCbc, _serpentReady } from './index.js';
-import { HMAC_SHA256, _sha2Ready } from '../sha2/index.js';
-import { concat, constantTimeEqual } from '../utils.js';
-import { u32be } from './stream.js';
-export class SerpentSeal {
-    _cbc;
-    _hmac;
-    constructor() {
-        if (!_serpentReady() || !_sha2Ready())
-            throw new Error('leviathan-crypto: call init([\'serpent\', \'sha2\']) before using SerpentSeal');
-        this._cbc = new SerpentCbc({ dangerUnauthenticated: true });
-        this._hmac = new HMAC_SHA256();
-    }
-    // _iv: test seam only — inject a fixed IV for deterministic KAT vectors
-    // aad: authenticated but not encrypted; bound into HMAC-SHA256 tag
-    encrypt(key, plaintext, aad = new Uint8Array(0), _iv) {
-        if (key.length !== 64)
-            throw new RangeError(`SerpentSeal key must be 64 bytes (got ${key.length})`);
-        const encKey = key.subarray(0, 32);
-        const macKey = key.subarray(32, 64);
-        const iv = (_iv && _iv.length === 16) ? _iv : new Uint8Array(16);
-        if (!_iv || _iv.length !== 16)
-            crypto.getRandomValues(iv);
-        const ciphertext = this._cbc.encrypt(encKey, iv, plaintext);
-        const tag = this._hmac.hash(macKey, concat(u32be(aad.length), aad, iv, ciphertext));
-        return concat(iv, ciphertext, tag);
-    }
-    decrypt(key, data, aad = new Uint8Array(0)) {
-        if (key.length !== 64)
-            throw new RangeError(`SerpentSeal key must be 64 bytes (got ${key.length})`);
-        if (data.length < 64)
-            throw new RangeError('SerpentSeal ciphertext too short');
-        const encKey = key.subarray(0, 32);
-        const macKey = key.subarray(32, 64);
-        const iv = data.subarray(0, 16);
-        const tag = data.subarray(data.length - 32);
-        const ciphertext = data.subarray(16, data.length - 32);
-        const expectedTag = this._hmac.hash(macKey, concat(u32be(aad.length), aad, iv, ciphertext));
-        if (!constantTimeEqual(tag, expectedTag))
-            throw new Error('SerpentSeal: authentication failed');
-        return this._cbc.decrypt(encKey, iv, ciphertext);
-    }
-    dispose() {
-        this._cbc.dispose();
-        this._hmac.dispose();
-    }
-}

package/dist/serpent/stream-pool.d.ts

@@ -1,48 +0,0 @@
-export interface StreamPoolOpts {
-    /** Number of workers. Default: navigator.hardwareConcurrency ?? 4 */
-    workers?: number;
-}
-/**
- * Parallel worker pool for SerpentStream chunked authenticated encryption.
- *
- * Each worker owns its own `serpent.wasm` and `sha2.wasm` instances with
- * isolated linear memory. Key derivation happens on the main thread; workers
- * receive pre-derived encKey/macKey per chunk.
- *
- * Produces the same wire format as `SerpentStream` -- either can decrypt
- * the other's output.
- */
-export declare class SerpentStreamPool {
-    private readonly _workers;
-    private readonly _idle;
-    private readonly _queue;
-    private readonly _pending;
-    private readonly _hkdf;
-    private _nextId;
-    private _disposed;
-    private constructor();
-    /**
-     * Create a new pool. Requires `init(['serpent', 'sha2'])` to have been called.
-     * Compiles both WASM modules once and distributes them to all workers.
-     */
-    static create(opts?: StreamPoolOpts): Promise<SerpentStreamPool>;
-    /**
-     * Encrypt plaintext with SerpentStream chunked authenticated encryption.
-     * Returns the complete wire format (header + encrypted chunks).
-     */
-    seal(key: Uint8Array, plaintext: Uint8Array, chunkSize?: number): Promise<Uint8Array>;
-    /**
-     * Decrypt SerpentStream wire format.
-     * If any chunk fails authentication, rejects immediately -- no partial plaintext.
-     */
-    open(key: Uint8Array, ciphertext: Uint8Array): Promise<Uint8Array>;
-    /** Terminates all workers. Rejects all pending and queued jobs. */
-    dispose(): void;
-    /** Number of workers in the pool. */
-    get size(): number;
-    /** Number of jobs currently queued (waiting for a free worker). */
-    get queueDepth(): number;
-    private _dispatch;
-    private _send;
-    private _onMessage;
-}