npm - leviathan-crypto - Versions diffs - 2.0.1 → 3.0.0 - Mend

leviathan-crypto 2.0.1 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (312) hide show

package/CLAUDE.md +88 -281
package/LICENSE +4 -0
package/README.md +275 -87
package/dist/aes/aes-cbc.d.ts +40 -0
package/dist/aes/aes-cbc.js +158 -0
package/dist/aes/aes-ctr.d.ts +50 -0
package/dist/aes/aes-ctr.js +141 -0
package/dist/aes/aes-gcm-siv.d.ts +67 -0
package/dist/aes/aes-gcm-siv.js +217 -0
package/dist/aes/aes-gcm.d.ts +61 -0
package/dist/aes/aes-gcm.js +226 -0
package/dist/aes/cipher-suite.d.ts +21 -0
package/dist/aes/cipher-suite.js +179 -0
package/dist/aes/embedded.d.ts +1 -0
package/dist/aes/embedded.js +26 -0
package/dist/aes/generator.d.ts +14 -0
package/dist/aes/generator.js +103 -0
package/dist/aes/index.d.ts +58 -0
package/dist/aes/index.js +125 -0
package/dist/aes/ops.d.ts +60 -0
package/dist/aes/ops.js +164 -0
package/dist/aes/pool-worker.d.ts +1 -0
package/dist/aes/pool-worker.js +92 -0
package/dist/aes/types.d.ts +1 -0
package/dist/aes/types.js +23 -0
package/dist/aes.wasm +0 -0
package/dist/blake3/embedded.d.ts +1 -0
package/dist/blake3/embedded.js +26 -0
package/dist/blake3/index.d.ts +143 -0
package/dist/blake3/index.js +620 -0
package/dist/blake3/types.d.ts +102 -0
package/dist/blake3/types.js +31 -0
package/dist/blake3/validate.d.ts +29 -0
package/dist/blake3/validate.js +80 -0
package/dist/blake3.wasm +0 -0
package/dist/chacha20/cipher-suite.d.ts +10 -0
package/dist/chacha20/cipher-suite.js +98 -13
package/dist/chacha20/generator.d.ts +12 -0
package/dist/chacha20/generator.js +91 -0
package/dist/chacha20/index.d.ts +100 -3
package/dist/chacha20/index.js +169 -35
package/dist/chacha20/ops.d.ts +57 -6
package/dist/chacha20/ops.js +107 -27
package/dist/chacha20/pool-worker.js +14 -0
package/dist/chacha20/types.d.ts +1 -32
package/dist/cte-wasm.d.ts +1 -0
package/dist/cte-wasm.js +3 -0
package/dist/cte.wasm +0 -0
package/dist/curve25519.wasm +0 -0
package/dist/ecdsa/der.d.ts +23 -0
package/dist/ecdsa/der.js +192 -0
package/dist/ecdsa/ecprivatekey-der.d.ts +32 -0
package/dist/ecdsa/ecprivatekey-der.js +230 -0
package/dist/ecdsa/embedded.d.ts +1 -0
package/dist/ecdsa/embedded.js +25 -0
package/dist/ecdsa/index.d.ts +124 -0
package/dist/ecdsa/index.js +366 -0
package/dist/ecdsa/types.d.ts +31 -0
package/dist/ecdsa/types.js +28 -0
package/dist/ecdsa/validate.d.ts +18 -0
package/dist/ecdsa/validate.js +92 -0
package/dist/ed25519/embedded.d.ts +1 -0
package/dist/ed25519/embedded.js +31 -0
package/dist/ed25519/index.d.ts +70 -0
package/dist/ed25519/index.js +308 -0
package/dist/ed25519/types.d.ts +27 -0
package/dist/ed25519/types.js +27 -0
package/dist/ed25519/validate.d.ts +7 -0
package/dist/ed25519/validate.js +77 -0
package/dist/embedded/aes-pool-worker.d.ts +1 -0
package/dist/embedded/aes-pool-worker.js +5 -0
package/dist/embedded/aes.d.ts +1 -0
package/dist/embedded/aes.js +3 -0
package/dist/embedded/blake3.d.ts +1 -0
package/dist/embedded/blake3.js +3 -0
package/dist/embedded/chacha20-pool-worker.d.ts +1 -0
package/dist/embedded/chacha20-pool-worker.js +5 -0
package/dist/embedded/chacha20.d.ts +1 -1
package/dist/embedded/chacha20.js +2 -2
package/dist/embedded/curve25519.d.ts +1 -0
package/dist/embedded/curve25519.js +3 -0
package/dist/embedded/mldsa.d.ts +1 -0
package/dist/embedded/mldsa.js +3 -0
package/dist/embedded/mlkem.d.ts +1 -0
package/dist/embedded/mlkem.js +3 -0
package/dist/embedded/p256.d.ts +1 -0
package/dist/embedded/p256.js +3 -0
package/dist/embedded/serpent-pool-worker.d.ts +1 -0
package/dist/embedded/serpent-pool-worker.js +5 -0
package/dist/embedded/serpent.d.ts +1 -1
package/dist/embedded/serpent.js +2 -2
package/dist/embedded/sha2.d.ts +1 -1
package/dist/embedded/sha2.js +2 -2
package/dist/embedded/sha3.d.ts +1 -1
package/dist/embedded/sha3.js +2 -2
package/dist/embedded/slhdsa.d.ts +1 -0
package/dist/embedded/slhdsa.js +3 -0
package/dist/errors.d.ts +92 -1
package/dist/errors.js +111 -1
package/dist/fortuna.d.ts +18 -12
package/dist/fortuna.js +166 -99
package/dist/index.d.ts +42 -11
package/dist/index.js +65 -20
package/dist/init.d.ts +1 -3
package/dist/init.js +73 -7
package/dist/keccak/embedded.js +1 -1
package/dist/keccak/index.d.ts +2 -0
package/dist/keccak/index.js +4 -2
package/dist/loader.d.ts +1 -19
package/dist/loader.js +26 -32
package/dist/merkle/blake3-tree.d.ts +35 -0
package/dist/merkle/blake3-tree.js +187 -0
package/dist/merkle/checkpoint.d.ts +58 -0
package/dist/merkle/checkpoint.js +217 -0
package/dist/merkle/index.d.ts +19 -0
package/dist/merkle/index.js +37 -0
package/dist/merkle/merkle-log.d.ts +130 -0
package/dist/merkle/merkle-log.js +207 -0
package/dist/merkle/merkle-verifier.d.ts +126 -0
package/dist/merkle/merkle-verifier.js +296 -0
package/dist/merkle/proof.d.ts +70 -0
package/dist/merkle/proof.js +300 -0
package/dist/merkle/sha256-tree.d.ts +33 -0
package/dist/merkle/sha256-tree.js +145 -0
package/dist/merkle/signed-log.d.ts +156 -0
package/dist/merkle/signed-log.js +356 -0
package/dist/merkle/signed-note.d.ts +309 -0
package/dist/merkle/signed-note.js +648 -0
package/dist/merkle/sth.d.ts +31 -0
package/dist/merkle/sth.js +31 -0
package/dist/merkle/storage.d.ts +40 -0
package/dist/merkle/storage.js +71 -0
package/dist/merkle/tree.d.ts +68 -0
package/dist/merkle/tree.js +94 -0
package/dist/mldsa/embedded.d.ts +1 -0
package/dist/{kyber → mldsa}/embedded.js +5 -5
package/dist/mldsa/expand.d.ts +53 -0
package/dist/mldsa/expand.js +188 -0
package/dist/mldsa/format.d.ts +16 -0
package/dist/mldsa/format.js +68 -0
package/dist/mldsa/hashvariant.d.ts +32 -0
package/dist/mldsa/hashvariant.js +248 -0
package/dist/mldsa/index.d.ts +142 -0
package/dist/mldsa/index.js +463 -0
package/dist/mldsa/keygen.d.ts +16 -0
package/dist/mldsa/keygen.js +232 -0
package/dist/mldsa/params.d.ts +21 -0
package/dist/mldsa/params.js +55 -0
package/dist/mldsa/sha3-helpers.d.ts +30 -0
package/dist/mldsa/sha3-helpers.js +124 -0
package/dist/mldsa/sign.d.ts +36 -0
package/dist/mldsa/sign.js +380 -0
package/dist/mldsa/types.d.ts +91 -0
package/dist/mldsa/types.js +25 -0
package/dist/mldsa/validate.d.ts +55 -0
package/dist/mldsa/validate.js +125 -0
package/dist/mldsa/verify.d.ts +29 -0
package/dist/mldsa/verify.js +269 -0
package/dist/mldsa.wasm +0 -0
package/dist/mlkem/embedded.d.ts +1 -0
package/dist/mlkem/embedded.js +27 -0
package/dist/mlkem/indcpa.d.ts +49 -0
package/dist/{kyber → mlkem}/indcpa.js +48 -48
package/dist/mlkem/index.d.ts +37 -0
package/dist/{kyber → mlkem}/index.js +41 -31
package/dist/mlkem/kem.d.ts +21 -0
package/dist/{kyber → mlkem}/kem.js +48 -13
package/dist/{kyber → mlkem}/params.d.ts +4 -4
package/dist/{kyber → mlkem}/params.js +2 -2
package/dist/mlkem/suite.d.ts +12 -0
package/dist/{kyber → mlkem}/suite.js +17 -12
package/dist/{kyber → mlkem}/types.d.ts +4 -3
package/dist/{kyber → mlkem}/types.js +1 -1
package/dist/mlkem/validate.d.ts +23 -0
package/dist/{kyber → mlkem}/validate.js +24 -20
package/dist/{kyber.wasm → mlkem.wasm} +0 -0
package/dist/p256.wasm +0 -0
package/dist/ratchet/index.d.ts +8 -0
package/dist/ratchet/index.js +38 -0
package/dist/ratchet/kdf-chain.d.ts +13 -0
package/dist/ratchet/kdf-chain.js +85 -0
package/dist/ratchet/ratchet-keypair.d.ts +9 -0
package/dist/ratchet/ratchet-keypair.js +61 -0
package/dist/ratchet/root-kdf.d.ts +4 -0
package/dist/ratchet/root-kdf.js +124 -0
package/dist/ratchet/skipped-key-store.d.ts +14 -0
package/dist/ratchet/skipped-key-store.js +154 -0
package/dist/ratchet/types.d.ts +36 -0
package/dist/ratchet/types.js +26 -0
package/dist/serpent/cipher-suite.d.ts +10 -0
package/dist/serpent/cipher-suite.js +144 -56
package/dist/serpent/generator.d.ts +12 -0
package/dist/serpent/generator.js +97 -0
package/dist/serpent/index.d.ts +62 -1
package/dist/serpent/index.js +97 -21
package/dist/serpent/pool-worker.js +28 -102
package/dist/serpent/serpent-cbc.d.ts +16 -6
package/dist/serpent/serpent-cbc.js +58 -37
package/dist/serpent/shared-ops.d.ts +63 -0
package/dist/serpent/shared-ops.js +178 -0
package/dist/serpent/types.d.ts +1 -5
package/dist/serpent.wasm +0 -0
package/dist/sha2/hash.d.ts +2 -0
package/dist/sha2/hash.js +53 -0
package/dist/sha2/hkdf.js +5 -5
package/dist/sha2/index.d.ts +22 -1
package/dist/sha2/index.js +80 -11
package/dist/sha2/types.d.ts +41 -2
package/dist/sha2.wasm +0 -0
package/dist/sha3/hash.d.ts +2 -0
package/dist/sha3/hash.js +53 -0
package/dist/sha3/index.d.ts +87 -3
package/dist/sha3/index.js +317 -19
package/dist/sha3/kmac.d.ts +121 -0
package/dist/sha3/kmac.js +800 -0
package/dist/sha3.wasm +0 -0
package/dist/shared/pkcs7.d.ts +22 -0
package/dist/shared/pkcs7.js +84 -0
package/dist/sign/ctx.d.ts +41 -0
package/dist/sign/ctx.js +102 -0
package/dist/sign/envelope.d.ts +45 -0
package/dist/sign/envelope.js +152 -0
package/dist/sign/hasher.d.ts +9 -0
package/dist/sign/hasher.js +132 -0
package/dist/sign/index.d.ts +11 -0
package/dist/sign/index.js +34 -0
package/dist/sign/sign-stream.d.ts +25 -0
package/dist/sign/sign-stream.js +112 -0
package/dist/sign/suites/ecdsa-p256.d.ts +2 -0
package/dist/sign/suites/ecdsa-p256.js +120 -0
package/dist/sign/suites/ed25519.d.ts +3 -0
package/dist/sign/suites/ed25519.js +165 -0
package/dist/sign/suites/hybrid-classical.d.ts +23 -0
package/dist/sign/suites/hybrid-classical.js +526 -0
package/dist/sign/suites/hybrid-pq.d.ts +4 -0
package/dist/sign/suites/hybrid-pq.js +234 -0
package/dist/sign/suites/mldsa.d.ts +7 -0
package/dist/sign/suites/mldsa.js +161 -0
package/dist/sign/suites/slhdsa.d.ts +7 -0
package/dist/sign/suites/slhdsa.js +176 -0
package/dist/sign/types.d.ts +106 -0
package/dist/sign/types.js +28 -0
package/dist/sign/verify-stream.d.ts +30 -0
package/dist/sign/verify-stream.js +227 -0
package/dist/slhdsa/embedded.d.ts +1 -0
package/dist/slhdsa/embedded.js +26 -0
package/dist/slhdsa/index.d.ts +149 -0
package/dist/slhdsa/index.js +493 -0
package/dist/slhdsa/params.d.ts +26 -0
package/dist/slhdsa/params.js +70 -0
package/dist/slhdsa/prehash.d.ts +68 -0
package/dist/slhdsa/prehash.js +307 -0
package/dist/slhdsa/sign.d.ts +39 -0
package/dist/slhdsa/sign.js +116 -0
package/dist/slhdsa/types.d.ts +129 -0
package/dist/slhdsa/types.js +27 -0
package/dist/slhdsa/validate.d.ts +60 -0
package/dist/slhdsa/validate.js +127 -0
package/dist/slhdsa/verify.d.ts +32 -0
package/dist/slhdsa/verify.js +107 -0
package/dist/slhdsa.wasm +0 -0
package/dist/stream/header.js +8 -8
package/dist/stream/index.d.ts +1 -0
package/dist/stream/index.js +1 -0
package/dist/stream/open-stream.js +65 -22
package/dist/stream/seal-stream-pool.d.ts +2 -0
package/dist/stream/seal-stream-pool.js +100 -33
package/dist/stream/seal-stream.d.ts +1 -1
package/dist/stream/seal-stream.js +48 -19
package/dist/stream/seal.js +6 -6
package/dist/stream/types.d.ts +3 -1
package/dist/stream/types.js +1 -1
package/dist/types.d.ts +22 -1
package/dist/types.js +1 -1
package/dist/utils.d.ts +9 -10
package/dist/utils.js +84 -59
package/dist/wasm-source.d.ts +9 -8
package/dist/wasm-source.js +1 -1
package/dist/x25519/embedded.d.ts +1 -0
package/dist/x25519/embedded.js +31 -0
package/dist/x25519/index.d.ts +43 -0
package/dist/x25519/index.js +159 -0
package/dist/x25519/types.d.ts +25 -0
package/dist/x25519/types.js +27 -0
package/dist/x25519/validate.d.ts +2 -0
package/dist/x25519/validate.js +39 -0
package/package.json +123 -64
package/SECURITY.md +0 -276
package/dist/ct-wasm.d.ts +0 -1
package/dist/ct-wasm.js +0 -3
package/dist/ct.wasm +0 -0
package/dist/docs/aead.md +0 -323
package/dist/docs/architecture.md +0 -932
package/dist/docs/argon2id.md +0 -302
package/dist/docs/chacha20.md +0 -674
package/dist/docs/exports.md +0 -241
package/dist/docs/fortuna.md +0 -313
package/dist/docs/init.md +0 -302
package/dist/docs/loader.md +0 -161
package/dist/docs/serpent.md +0 -519
package/dist/docs/sha2.md +0 -613
package/dist/docs/sha3.md +0 -546
package/dist/docs/types.md +0 -276
package/dist/docs/utils.md +0 -367
package/dist/embedded/kyber.d.ts +0 -1
package/dist/embedded/kyber.js +0 -3
package/dist/kyber/embedded.d.ts +0 -1
package/dist/kyber/indcpa.d.ts +0 -49
package/dist/kyber/index.d.ts +0 -38
package/dist/kyber/kem.d.ts +0 -21
package/dist/kyber/suite.d.ts +0 -13
package/dist/kyber/validate.d.ts +0 -19

package/dist/sha3/index.js CHANGED Viewed

@@ -22,23 +22,15 @@
 // src/ts/sha3/index.ts
 //
 // Public API classes for the SHA-3 WASM module.
-// Uses the init() module cache — call sha3Init(source) before constructing.
-import { getInstance, initModule } from '../init.js';
+// Uses the init() module cache, call sha3Init(source) before constructing.
+import { getInstance, initModule, _acquireModule, _releaseModule, _assertNotOwned } from '../init.js';
 export async function sha3Init(source) {
     return initModule('sha3', source);
 }
+export { isInitialized } from '../init.js';
 function getExports() {
     return getInstance('sha3').exports;
 }
-export function _sha3Ready() {
-    try {
-        getInstance('sha3');
-        return true;
-    }
-    catch {
-        return false;
-    }
-}
 // Write msg into INPUT_OFFSET in chunks of 168 bytes (max rate)
 function absorb(x, msg) {
     const mem = new Uint8Array(x.memory.buffer);
@@ -58,6 +50,7 @@ export class SHA3_256 {
         this.x = getExports();
     }
     hash(msg) {
+        _assertNotOwned('sha3');
         this.x.sha3_256Init();
         absorb(this.x, msg);
         this.x.sha3_256Final();
@@ -65,6 +58,7 @@ export class SHA3_256 {
         return mem.slice(this.x.getOutOffset(), this.x.getOutOffset() + 32);
     }
     dispose() {
+        _assertNotOwned('sha3');
         this.x.wipeBuffers();
     }
 }
@@ -75,6 +69,7 @@ export class SHA3_512 {
         this.x = getExports();
     }
     hash(msg) {
+        _assertNotOwned('sha3');
         this.x.sha3_512Init();
         absorb(this.x, msg);
         this.x.sha3_512Final();
@@ -82,6 +77,7 @@ export class SHA3_512 {
         return mem.slice(this.x.getOutOffset(), this.x.getOutOffset() + 64);
     }
     dispose() {
+        _assertNotOwned('sha3');
         this.x.wipeBuffers();
     }
 }
@@ -92,6 +88,7 @@ export class SHA3_384 {
         this.x = getExports();
     }
     hash(msg) {
+        _assertNotOwned('sha3');
         this.x.sha3_384Init();
         absorb(this.x, msg);
         this.x.sha3_384Final();
@@ -99,6 +96,7 @@ export class SHA3_384 {
         return mem.slice(this.x.getOutOffset(), this.x.getOutOffset() + 48);
     }
     dispose() {
+        _assertNotOwned('sha3');
         this.x.wipeBuffers();
     }
 }
@@ -109,6 +107,7 @@ export class SHA3_224 {
         this.x = getExports();
     }
     hash(msg) {
+        _assertNotOwned('sha3');
         this.x.sha3_224Init();
         absorb(this.x, msg);
         this.x.sha3_224Final();
@@ -116,22 +115,40 @@ export class SHA3_224 {
         return mem.slice(this.x.getOutOffset(), this.x.getOutOffset() + 28);
     }
     dispose() {
+        _assertNotOwned('sha3');
         this.x.wipeBuffers();
     }
 }
 // ── SHAKE128 ────────────────────────────────────────────────────────────────
-/** SHAKE128 XOF — extendable output, multi-squeeze capable. */
+/**
+ * SHAKE128 XOF, extendable output, multi-squeeze capable.
+ *
+ * Holds exclusive access to the `sha3` WASM module from construction until
+ * `dispose()`. Constructing a second SHAKE128/SHAKE256 or any other sha3
+ * user while this instance is live throws. Call `dispose()` when done.
+ */
 export class SHAKE128 {
     x;
     _rate = 168;
     _squeezing = false;
     _block = new Uint8Array(168);
     _blockPos = 168;
+    _tok;
     constructor() {
         this.x = getExports();
-        this.x.shake128Init();
+        this._tok = _acquireModule('sha3');
+        try {
+            this.x.shake128Init();
+        }
+        catch (e) {
+            _releaseModule('sha3', this._tok);
+            this._tok = undefined;
+            throw e;
+        }
     }
     reset() {
+        if (this._tok === undefined)
+            throw new Error('SHAKE128: instance has been disposed');
         this.x.shake128Init();
         this._squeezing = false;
         this._block.fill(0);
@@ -139,12 +156,16 @@ export class SHAKE128 {
         return this;
     }
     absorb(msg) {
+        if (this._tok === undefined)
+            throw new Error('SHAKE128: instance has been disposed');
         if (this._squeezing)
-            throw new Error('SHAKE128: cannot absorb after squeeze — call reset() first');
+            throw new Error('SHAKE128: cannot absorb after squeeze, call reset() first');
         absorb(this.x, msg);
         return this;
     }
     squeeze(n) {
+        if (this._tok === undefined)
+            throw new Error('SHAKE128: instance has been disposed');
         if (n < 1)
             throw new RangeError(`squeeze length must be >= 1 (got ${n})`);
         if (!this._squeezing) {
@@ -170,6 +191,8 @@ export class SHAKE128 {
         return out;
     }
     hash(msg, outputLength) {
+        if (this._tok === undefined)
+            throw new Error('SHAKE128: instance has been disposed');
         if (outputLength < 1)
             throw new RangeError(`outputLength must be >= 1 (got ${outputLength})`);
         this.reset();
@@ -177,23 +200,48 @@ export class SHAKE128 {
         return this.squeeze(outputLength);
     }
     dispose() {
+        if (this._tok === undefined)
+            return;
         this._block.fill(0);
-        this.x.wipeBuffers();
+        try {
+            this.x.wipeBuffers();
+        }
+        finally {
+            _releaseModule('sha3', this._tok);
+            this._tok = undefined;
+        }
     }
 }
 // ── SHAKE256 ────────────────────────────────────────────────────────────────
-/** SHAKE256 XOF — extendable output, multi-squeeze capable. */
+/**
+ * SHAKE256 XOF, extendable output, multi-squeeze capable.
+ *
+ * Holds exclusive access to the `sha3` WASM module from construction until
+ * `dispose()`. Constructing a second SHAKE128/SHAKE256 or any other sha3
+ * user while this instance is live throws. Call `dispose()` when done.
+ */
 export class SHAKE256 {
     x;
     _rate = 136;
     _squeezing = false;
     _block = new Uint8Array(136);
     _blockPos = 136;
+    _tok;
     constructor() {
         this.x = getExports();
-        this.x.shake256Init();
+        this._tok = _acquireModule('sha3');
+        try {
+            this.x.shake256Init();
+        }
+        catch (e) {
+            _releaseModule('sha3', this._tok);
+            this._tok = undefined;
+            throw e;
+        }
     }
     reset() {
+        if (this._tok === undefined)
+            throw new Error('SHAKE256: instance has been disposed');
         this.x.shake256Init();
         this._squeezing = false;
         this._block.fill(0);
@@ -201,12 +249,16 @@ export class SHAKE256 {
         return this;
     }
     absorb(msg) {
+        if (this._tok === undefined)
+            throw new Error('SHAKE256: instance has been disposed');
         if (this._squeezing)
-            throw new Error('SHAKE256: cannot absorb after squeeze — call reset() first');
+            throw new Error('SHAKE256: cannot absorb after squeeze, call reset() first');
         absorb(this.x, msg);
         return this;
     }
     squeeze(n) {
+        if (this._tok === undefined)
+            throw new Error('SHAKE256: instance has been disposed');
         if (n < 1)
             throw new RangeError(`squeeze length must be >= 1 (got ${n})`);
         if (!this._squeezing) {
@@ -232,6 +284,8 @@ export class SHAKE256 {
         return out;
     }
     hash(msg, outputLength) {
+        if (this._tok === undefined)
+            throw new Error('SHAKE256: instance has been disposed');
         if (outputLength < 1)
             throw new RangeError(`outputLength must be >= 1 (got ${outputLength})`);
         this.reset();
@@ -239,7 +293,251 @@ export class SHAKE256 {
         return this.squeeze(outputLength);
     }
     dispose() {
+        if (this._tok === undefined)
+            return;
         this._block.fill(0);
-        this.x.wipeBuffers();
+        try {
+            this.x.wipeBuffers();
+        }
+        finally {
+            _releaseModule('sha3', this._tok);
+            this._tok = undefined;
+        }
+    }
+}
+// ── SHA3_256Stream ──────────────────────────────────────────────────────────
+/**
+ * Incremental SHA3-256. Construct, `update()` chunks (any size), `finalize()`
+ * to get the 32-byte digest. Finalize disposes the instance.
+ *
+ * Holds exclusive access to the `sha3` WASM module from construction until
+ * `dispose()` or `finalize()`. Mirrors SHAKE128 lifecycle.
+ */
+export class SHA3_256Stream {
+    x;
+    _tok;
+    constructor() {
+        this.x = getExports();
+        this._tok = _acquireModule('sha3');
+        try {
+            this.x.sha3_256Init();
+        }
+        catch (e) {
+            _releaseModule('sha3', this._tok);
+            this._tok = undefined;
+            throw e;
+        }
+    }
+    update(chunk) {
+        if (this._tok === undefined)
+            throw new Error('SHA3_256Stream: instance has been disposed');
+        absorb(this.x, chunk);
+        return this;
+    }
+    finalize() {
+        if (this._tok === undefined)
+            throw new Error('SHA3_256Stream: instance has been disposed');
+        this.x.sha3_256Final();
+        const mem = new Uint8Array(this.x.memory.buffer);
+        const off = this.x.getOutOffset();
+        const out = mem.slice(off, off + 32);
+        this.dispose();
+        return out;
+    }
+    dispose() {
+        if (this._tok === undefined)
+            return;
+        try {
+            this.x.wipeBuffers();
+        }
+        finally {
+            _releaseModule('sha3', this._tok);
+            this._tok = undefined;
+        }
+    }
+}
+// ── SHA3_512Stream ──────────────────────────────────────────────────────────
+/**
+ * Incremental SHA3-512. Construct, `update()` chunks (any size), `finalize()`
+ * to get the 64-byte digest. Finalize disposes the instance.
+ *
+ * Holds exclusive access to the `sha3` WASM module from construction until
+ * `dispose()` or `finalize()`. Mirrors SHAKE128 lifecycle.
+ */
+export class SHA3_512Stream {
+    x;
+    _tok;
+    constructor() {
+        this.x = getExports();
+        this._tok = _acquireModule('sha3');
+        try {
+            this.x.sha3_512Init();
+        }
+        catch (e) {
+            _releaseModule('sha3', this._tok);
+            this._tok = undefined;
+            throw e;
+        }
+    }
+    update(chunk) {
+        if (this._tok === undefined)
+            throw new Error('SHA3_512Stream: instance has been disposed');
+        absorb(this.x, chunk);
+        return this;
+    }
+    finalize() {
+        if (this._tok === undefined)
+            throw new Error('SHA3_512Stream: instance has been disposed');
+        this.x.sha3_512Final();
+        const mem = new Uint8Array(this.x.memory.buffer);
+        const off = this.x.getOutOffset();
+        const out = mem.slice(off, off + 64);
+        this.dispose();
+        return out;
+    }
+    dispose() {
+        if (this._tok === undefined)
+            return;
+        try {
+            this.x.wipeBuffers();
+        }
+        finally {
+            _releaseModule('sha3', this._tok);
+            this._tok = undefined;
+        }
+    }
+}
+// ── SHAKE128Stream ──────────────────────────────────────────────────────────
+/**
+ * Single-shot streaming SHAKE128. `outputLen` is bound at construction;
+ * `update()` absorbs chunks of any size, `finalize()` pads and squeezes
+ * exactly `outputLen` bytes, then disposes the instance.
+ *
+ * Used by `createRunningHash` in the sign layer: each StreamableSignatureSuite
+ * with `prehashAlgorithm: 'shake-128'` declares its `prehashSize` and that
+ * value is passed in here at construction time. The multi-squeeze
+ * `SHAKE128` class above remains for the XOF surface; this class is the
+ * fixed-output cousin that matches the RunningHash contract.
+ *
+ * Holds exclusive access to the `sha3` WASM module from construction until
+ * `dispose()` or `finalize()`. Mirrors `SHA3_256Stream` lifecycle.
+ */
+export class SHAKE128Stream {
+    x;
+    _rate = 168;
+    outputLen;
+    _tok;
+    constructor(outputLen) {
+        if (outputLen < 1)
+            throw new RangeError(`outputLen must be >= 1 (got ${outputLen})`);
+        this.outputLen = outputLen;
+        this.x = getExports();
+        this._tok = _acquireModule('sha3');
+        try {
+            this.x.shake128Init();
+        }
+        catch (e) {
+            _releaseModule('sha3', this._tok);
+            this._tok = undefined;
+            throw e;
+        }
+    }
+    update(chunk) {
+        if (this._tok === undefined)
+            throw new Error('SHAKE128Stream: instance has been disposed');
+        absorb(this.x, chunk);
+        return this;
+    }
+    finalize() {
+        if (this._tok === undefined)
+            throw new Error('SHAKE128Stream: instance has been disposed');
+        this.x.shakePad();
+        const out = new Uint8Array(this.outputLen);
+        const mem = new Uint8Array(this.x.memory.buffer);
+        const off = this.x.getOutOffset();
+        let pos = 0;
+        while (pos < this.outputLen) {
+            this.x.shakeSqueezeBlock();
+            const take = Math.min(this.outputLen - pos, this._rate);
+            out.set(mem.subarray(off, off + take), pos);
+            pos += take;
+        }
+        this.dispose();
+        return out;
+    }
+    dispose() {
+        if (this._tok === undefined)
+            return;
+        try {
+            this.x.wipeBuffers();
+        }
+        finally {
+            _releaseModule('sha3', this._tok);
+            this._tok = undefined;
+        }
+    }
+}
+// ── SHAKE256Stream ──────────────────────────────────────────────────────────
+/**
+ * Single-shot streaming SHAKE256. `outputLen` is bound at construction;
+ * mirrors `SHAKE128Stream`. See that class for usage notes.
+ */
+export class SHAKE256Stream {
+    x;
+    _rate = 136;
+    outputLen;
+    _tok;
+    constructor(outputLen) {
+        if (outputLen < 1)
+            throw new RangeError(`outputLen must be >= 1 (got ${outputLen})`);
+        this.outputLen = outputLen;
+        this.x = getExports();
+        this._tok = _acquireModule('sha3');
+        try {
+            this.x.shake256Init();
+        }
+        catch (e) {
+            _releaseModule('sha3', this._tok);
+            this._tok = undefined;
+            throw e;
+        }
+    }
+    update(chunk) {
+        if (this._tok === undefined)
+            throw new Error('SHAKE256Stream: instance has been disposed');
+        absorb(this.x, chunk);
+        return this;
+    }
+    finalize() {
+        if (this._tok === undefined)
+            throw new Error('SHAKE256Stream: instance has been disposed');
+        this.x.shakePad();
+        const out = new Uint8Array(this.outputLen);
+        const mem = new Uint8Array(this.x.memory.buffer);
+        const off = this.x.getOutOffset();
+        let pos = 0;
+        while (pos < this.outputLen) {
+            this.x.shakeSqueezeBlock();
+            const take = Math.min(this.outputLen - pos, this._rate);
+            out.set(mem.subarray(off, off + take), pos);
+            pos += take;
+        }
+        this.dispose();
+        return out;
+    }
+    dispose() {
+        if (this._tok === undefined)
+            return;
+        try {
+            this.x.wipeBuffers();
+        }
+        finally {
+            _releaseModule('sha3', this._tok);
+            this._tok = undefined;
+        }
     }
 }
+// ── SHA3_256Hash ────────────────────────────────────────────────────────────
+export { SHA3_256Hash } from './hash.js';
+// ── cSHAKE / KMAC (SP 800-185) ──────────────────────────────────────────────
+export { CSHAKE128, CSHAKE256, KMAC128, KMAC256, KMACXOF128, KMACXOF256 } from './kmac.js';

package/dist/sha3/kmac.d.ts ADDED Viewed

@@ -0,0 +1,121 @@
+/**
+ * cSHAKE128, customizable SHAKE128 (SP 800-185 §3).
+ *
+ * Holds exclusive access to the `sha3` WASM module from construction until
+ * `dispose()`. Constructing any other sha3 user (SHAKE128/256, SHA3_*,
+ * KMAC*, CSHAKE*) while this instance is live throws.
+ */
+export declare class CSHAKE128 {
+    private readonly x;
+    private readonly _rate;
+    private readonly _prefix;
+    private _squeezing;
+    private _block;
+    private _blockPos;
+    private _tok;
+    constructor(customization: Uint8Array);
+    reset(): this;
+    absorb(msg: Uint8Array): this;
+    squeeze(n: number): Uint8Array;
+    hash(msg: Uint8Array, outputLength: number): Uint8Array;
+    dispose(): void;
+}
+/**
+ * cSHAKE256, customizable SHAKE256 (SP 800-185 §3).
+ *
+ * Holds exclusive access to the `sha3` WASM module from construction until
+ * `dispose()`.
+ */
+export declare class CSHAKE256 {
+    private readonly x;
+    private readonly _rate;
+    private readonly _prefix;
+    private _squeezing;
+    private _block;
+    private _blockPos;
+    private _tok;
+    constructor(customization: Uint8Array);
+    reset(): this;
+    absorb(msg: Uint8Array): this;
+    squeeze(n: number): Uint8Array;
+    hash(msg: Uint8Array, outputLength: number): Uint8Array;
+    dispose(): void;
+}
+/**
+ * KMAC128, keyed Keccak MAC, fixed-output (SP 800-185 §4).
+ *
+ * Bound to a specific output length at construction (the spec's right_encode(L)
+ * suffix is a function of L). Use `KMACXOF128` for arbitrary-length output.
+ *
+ * Holds exclusive access to the `sha3` WASM module from construction until
+ * `dispose()`.
+ */
+export declare class KMAC128 {
+    private readonly x;
+    private readonly _rate;
+    private readonly _outLen;
+    private _finalized;
+    private _tok;
+    constructor(key: Uint8Array, outLen: number, customization: Uint8Array);
+    update(chunk: Uint8Array): this;
+    finalize(): Uint8Array;
+    mac(msg: Uint8Array): Uint8Array;
+    dispose(): void;
+    /**
+     * Constant-time tag verification. Throws `AuthenticationError('kmac128')`
+     * on mismatch (matches the lib's AEAD pattern). Returns `true` on success.
+     *
+     * Atomic, does not hold the sha3 module beyond the internal compute.
+     */
+    static verify(tag: Uint8Array, key: Uint8Array, msg: Uint8Array, customization: Uint8Array): true;
+}
+/**
+ * KMAC256, 256-bit-strength keyed Keccak MAC, fixed-output (SP 800-185 §4).
+ */
+export declare class KMAC256 {
+    private readonly x;
+    private readonly _rate;
+    private readonly _outLen;
+    private _finalized;
+    private _tok;
+    constructor(key: Uint8Array, outLen: number, customization: Uint8Array);
+    update(chunk: Uint8Array): this;
+    finalize(): Uint8Array;
+    mac(msg: Uint8Array): Uint8Array;
+    dispose(): void;
+    static verify(tag: Uint8Array, key: Uint8Array, msg: Uint8Array, customization: Uint8Array): true;
+}
+/**
+ * KMACXOF128, XOF variant of KMAC128 (SP 800-185 §4.3.1). Output length
+ * is caller-chosen per squeeze; the spec's right_encode(0) suffix marks the
+ * XOF mode.
+ */
+export declare class KMACXOF128 {
+    private readonly x;
+    private readonly _rate;
+    private _squeezing;
+    private _block;
+    private _blockPos;
+    private _tok;
+    constructor(key: Uint8Array, customization: Uint8Array);
+    update(chunk: Uint8Array): this;
+    squeeze(n: number): Uint8Array;
+    mac(msg: Uint8Array, outLen: number): Uint8Array;
+    dispose(): void;
+}
+/**
+ * KMACXOF256, XOF variant of KMAC256 (SP 800-185 §4.3.1).
+ */
+export declare class KMACXOF256 {
+    private readonly x;
+    private readonly _rate;
+    private _squeezing;
+    private _block;
+    private _blockPos;
+    private _tok;
+    constructor(key: Uint8Array, customization: Uint8Array);
+    update(chunk: Uint8Array): this;
+    squeeze(n: number): Uint8Array;
+    mac(msg: Uint8Array, outLen: number): Uint8Array;
+    dispose(): void;
+}