npm - leviathan-crypto - Versions diffs - 2.0.1 → 3.0.0 - Mend

leviathan-crypto 2.0.1 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (312) hide show

package/CLAUDE.md +88 -281
package/LICENSE +4 -0
package/README.md +275 -87
package/dist/aes/aes-cbc.d.ts +40 -0
package/dist/aes/aes-cbc.js +158 -0
package/dist/aes/aes-ctr.d.ts +50 -0
package/dist/aes/aes-ctr.js +141 -0
package/dist/aes/aes-gcm-siv.d.ts +67 -0
package/dist/aes/aes-gcm-siv.js +217 -0
package/dist/aes/aes-gcm.d.ts +61 -0
package/dist/aes/aes-gcm.js +226 -0
package/dist/aes/cipher-suite.d.ts +21 -0
package/dist/aes/cipher-suite.js +179 -0
package/dist/aes/embedded.d.ts +1 -0
package/dist/aes/embedded.js +26 -0
package/dist/aes/generator.d.ts +14 -0
package/dist/aes/generator.js +103 -0
package/dist/aes/index.d.ts +58 -0
package/dist/aes/index.js +125 -0
package/dist/aes/ops.d.ts +60 -0
package/dist/aes/ops.js +164 -0
package/dist/aes/pool-worker.d.ts +1 -0
package/dist/aes/pool-worker.js +92 -0
package/dist/aes/types.d.ts +1 -0
package/dist/aes/types.js +23 -0
package/dist/aes.wasm +0 -0
package/dist/blake3/embedded.d.ts +1 -0
package/dist/blake3/embedded.js +26 -0
package/dist/blake3/index.d.ts +143 -0
package/dist/blake3/index.js +620 -0
package/dist/blake3/types.d.ts +102 -0
package/dist/blake3/types.js +31 -0
package/dist/blake3/validate.d.ts +29 -0
package/dist/blake3/validate.js +80 -0
package/dist/blake3.wasm +0 -0
package/dist/chacha20/cipher-suite.d.ts +10 -0
package/dist/chacha20/cipher-suite.js +98 -13
package/dist/chacha20/generator.d.ts +12 -0
package/dist/chacha20/generator.js +91 -0
package/dist/chacha20/index.d.ts +100 -3
package/dist/chacha20/index.js +169 -35
package/dist/chacha20/ops.d.ts +57 -6
package/dist/chacha20/ops.js +107 -27
package/dist/chacha20/pool-worker.js +14 -0
package/dist/chacha20/types.d.ts +1 -32
package/dist/cte-wasm.d.ts +1 -0
package/dist/cte-wasm.js +3 -0
package/dist/cte.wasm +0 -0
package/dist/curve25519.wasm +0 -0
package/dist/ecdsa/der.d.ts +23 -0
package/dist/ecdsa/der.js +192 -0
package/dist/ecdsa/ecprivatekey-der.d.ts +32 -0
package/dist/ecdsa/ecprivatekey-der.js +230 -0
package/dist/ecdsa/embedded.d.ts +1 -0
package/dist/ecdsa/embedded.js +25 -0
package/dist/ecdsa/index.d.ts +124 -0
package/dist/ecdsa/index.js +366 -0
package/dist/ecdsa/types.d.ts +31 -0
package/dist/ecdsa/types.js +28 -0
package/dist/ecdsa/validate.d.ts +18 -0
package/dist/ecdsa/validate.js +92 -0
package/dist/ed25519/embedded.d.ts +1 -0
package/dist/ed25519/embedded.js +31 -0
package/dist/ed25519/index.d.ts +70 -0
package/dist/ed25519/index.js +308 -0
package/dist/ed25519/types.d.ts +27 -0
package/dist/ed25519/types.js +27 -0
package/dist/ed25519/validate.d.ts +7 -0
package/dist/ed25519/validate.js +77 -0
package/dist/embedded/aes-pool-worker.d.ts +1 -0
package/dist/embedded/aes-pool-worker.js +5 -0
package/dist/embedded/aes.d.ts +1 -0
package/dist/embedded/aes.js +3 -0
package/dist/embedded/blake3.d.ts +1 -0
package/dist/embedded/blake3.js +3 -0
package/dist/embedded/chacha20-pool-worker.d.ts +1 -0
package/dist/embedded/chacha20-pool-worker.js +5 -0
package/dist/embedded/chacha20.d.ts +1 -1
package/dist/embedded/chacha20.js +2 -2
package/dist/embedded/curve25519.d.ts +1 -0
package/dist/embedded/curve25519.js +3 -0
package/dist/embedded/mldsa.d.ts +1 -0
package/dist/embedded/mldsa.js +3 -0
package/dist/embedded/mlkem.d.ts +1 -0
package/dist/embedded/mlkem.js +3 -0
package/dist/embedded/p256.d.ts +1 -0
package/dist/embedded/p256.js +3 -0
package/dist/embedded/serpent-pool-worker.d.ts +1 -0
package/dist/embedded/serpent-pool-worker.js +5 -0
package/dist/embedded/serpent.d.ts +1 -1
package/dist/embedded/serpent.js +2 -2
package/dist/embedded/sha2.d.ts +1 -1
package/dist/embedded/sha2.js +2 -2
package/dist/embedded/sha3.d.ts +1 -1
package/dist/embedded/sha3.js +2 -2
package/dist/embedded/slhdsa.d.ts +1 -0
package/dist/embedded/slhdsa.js +3 -0
package/dist/errors.d.ts +92 -1
package/dist/errors.js +111 -1
package/dist/fortuna.d.ts +18 -12
package/dist/fortuna.js +166 -99
package/dist/index.d.ts +42 -11
package/dist/index.js +65 -20
package/dist/init.d.ts +1 -3
package/dist/init.js +73 -7
package/dist/keccak/embedded.js +1 -1
package/dist/keccak/index.d.ts +2 -0
package/dist/keccak/index.js +4 -2
package/dist/loader.d.ts +1 -19
package/dist/loader.js +26 -32
package/dist/merkle/blake3-tree.d.ts +35 -0
package/dist/merkle/blake3-tree.js +187 -0
package/dist/merkle/checkpoint.d.ts +58 -0
package/dist/merkle/checkpoint.js +217 -0
package/dist/merkle/index.d.ts +19 -0
package/dist/merkle/index.js +37 -0
package/dist/merkle/merkle-log.d.ts +130 -0
package/dist/merkle/merkle-log.js +207 -0
package/dist/merkle/merkle-verifier.d.ts +126 -0
package/dist/merkle/merkle-verifier.js +296 -0
package/dist/merkle/proof.d.ts +70 -0
package/dist/merkle/proof.js +300 -0
package/dist/merkle/sha256-tree.d.ts +33 -0
package/dist/merkle/sha256-tree.js +145 -0
package/dist/merkle/signed-log.d.ts +156 -0
package/dist/merkle/signed-log.js +356 -0
package/dist/merkle/signed-note.d.ts +309 -0
package/dist/merkle/signed-note.js +648 -0
package/dist/merkle/sth.d.ts +31 -0
package/dist/merkle/sth.js +31 -0
package/dist/merkle/storage.d.ts +40 -0
package/dist/merkle/storage.js +71 -0
package/dist/merkle/tree.d.ts +68 -0
package/dist/merkle/tree.js +94 -0
package/dist/mldsa/embedded.d.ts +1 -0
package/dist/{kyber → mldsa}/embedded.js +5 -5
package/dist/mldsa/expand.d.ts +53 -0
package/dist/mldsa/expand.js +188 -0
package/dist/mldsa/format.d.ts +16 -0
package/dist/mldsa/format.js +68 -0
package/dist/mldsa/hashvariant.d.ts +32 -0
package/dist/mldsa/hashvariant.js +248 -0
package/dist/mldsa/index.d.ts +142 -0
package/dist/mldsa/index.js +463 -0
package/dist/mldsa/keygen.d.ts +16 -0
package/dist/mldsa/keygen.js +232 -0
package/dist/mldsa/params.d.ts +21 -0
package/dist/mldsa/params.js +55 -0
package/dist/mldsa/sha3-helpers.d.ts +30 -0
package/dist/mldsa/sha3-helpers.js +124 -0
package/dist/mldsa/sign.d.ts +36 -0
package/dist/mldsa/sign.js +380 -0
package/dist/mldsa/types.d.ts +91 -0
package/dist/mldsa/types.js +25 -0
package/dist/mldsa/validate.d.ts +55 -0
package/dist/mldsa/validate.js +125 -0
package/dist/mldsa/verify.d.ts +29 -0
package/dist/mldsa/verify.js +269 -0
package/dist/mldsa.wasm +0 -0
package/dist/mlkem/embedded.d.ts +1 -0
package/dist/mlkem/embedded.js +27 -0
package/dist/mlkem/indcpa.d.ts +49 -0
package/dist/{kyber → mlkem}/indcpa.js +48 -48
package/dist/mlkem/index.d.ts +37 -0
package/dist/{kyber → mlkem}/index.js +41 -31
package/dist/mlkem/kem.d.ts +21 -0
package/dist/{kyber → mlkem}/kem.js +48 -13
package/dist/{kyber → mlkem}/params.d.ts +4 -4
package/dist/{kyber → mlkem}/params.js +2 -2
package/dist/mlkem/suite.d.ts +12 -0
package/dist/{kyber → mlkem}/suite.js +17 -12
package/dist/{kyber → mlkem}/types.d.ts +4 -3
package/dist/{kyber → mlkem}/types.js +1 -1
package/dist/mlkem/validate.d.ts +23 -0
package/dist/{kyber → mlkem}/validate.js +24 -20
package/dist/{kyber.wasm → mlkem.wasm} +0 -0
package/dist/p256.wasm +0 -0
package/dist/ratchet/index.d.ts +8 -0
package/dist/ratchet/index.js +38 -0
package/dist/ratchet/kdf-chain.d.ts +13 -0
package/dist/ratchet/kdf-chain.js +85 -0
package/dist/ratchet/ratchet-keypair.d.ts +9 -0
package/dist/ratchet/ratchet-keypair.js +61 -0
package/dist/ratchet/root-kdf.d.ts +4 -0
package/dist/ratchet/root-kdf.js +124 -0
package/dist/ratchet/skipped-key-store.d.ts +14 -0
package/dist/ratchet/skipped-key-store.js +154 -0
package/dist/ratchet/types.d.ts +36 -0
package/dist/ratchet/types.js +26 -0
package/dist/serpent/cipher-suite.d.ts +10 -0
package/dist/serpent/cipher-suite.js +144 -56
package/dist/serpent/generator.d.ts +12 -0
package/dist/serpent/generator.js +97 -0
package/dist/serpent/index.d.ts +62 -1
package/dist/serpent/index.js +97 -21
package/dist/serpent/pool-worker.js +28 -102
package/dist/serpent/serpent-cbc.d.ts +16 -6
package/dist/serpent/serpent-cbc.js +58 -37
package/dist/serpent/shared-ops.d.ts +63 -0
package/dist/serpent/shared-ops.js +178 -0
package/dist/serpent/types.d.ts +1 -5
package/dist/serpent.wasm +0 -0
package/dist/sha2/hash.d.ts +2 -0
package/dist/sha2/hash.js +53 -0
package/dist/sha2/hkdf.js +5 -5
package/dist/sha2/index.d.ts +22 -1
package/dist/sha2/index.js +80 -11
package/dist/sha2/types.d.ts +41 -2
package/dist/sha2.wasm +0 -0
package/dist/sha3/hash.d.ts +2 -0
package/dist/sha3/hash.js +53 -0
package/dist/sha3/index.d.ts +87 -3
package/dist/sha3/index.js +317 -19
package/dist/sha3/kmac.d.ts +121 -0
package/dist/sha3/kmac.js +800 -0
package/dist/sha3.wasm +0 -0
package/dist/shared/pkcs7.d.ts +22 -0
package/dist/shared/pkcs7.js +84 -0
package/dist/sign/ctx.d.ts +41 -0
package/dist/sign/ctx.js +102 -0
package/dist/sign/envelope.d.ts +45 -0
package/dist/sign/envelope.js +152 -0
package/dist/sign/hasher.d.ts +9 -0
package/dist/sign/hasher.js +132 -0
package/dist/sign/index.d.ts +11 -0
package/dist/sign/index.js +34 -0
package/dist/sign/sign-stream.d.ts +25 -0
package/dist/sign/sign-stream.js +112 -0
package/dist/sign/suites/ecdsa-p256.d.ts +2 -0
package/dist/sign/suites/ecdsa-p256.js +120 -0
package/dist/sign/suites/ed25519.d.ts +3 -0
package/dist/sign/suites/ed25519.js +165 -0
package/dist/sign/suites/hybrid-classical.d.ts +23 -0
package/dist/sign/suites/hybrid-classical.js +526 -0
package/dist/sign/suites/hybrid-pq.d.ts +4 -0
package/dist/sign/suites/hybrid-pq.js +234 -0
package/dist/sign/suites/mldsa.d.ts +7 -0
package/dist/sign/suites/mldsa.js +161 -0
package/dist/sign/suites/slhdsa.d.ts +7 -0
package/dist/sign/suites/slhdsa.js +176 -0
package/dist/sign/types.d.ts +106 -0
package/dist/sign/types.js +28 -0
package/dist/sign/verify-stream.d.ts +30 -0
package/dist/sign/verify-stream.js +227 -0
package/dist/slhdsa/embedded.d.ts +1 -0
package/dist/slhdsa/embedded.js +26 -0
package/dist/slhdsa/index.d.ts +149 -0
package/dist/slhdsa/index.js +493 -0
package/dist/slhdsa/params.d.ts +26 -0
package/dist/slhdsa/params.js +70 -0
package/dist/slhdsa/prehash.d.ts +68 -0
package/dist/slhdsa/prehash.js +307 -0
package/dist/slhdsa/sign.d.ts +39 -0
package/dist/slhdsa/sign.js +116 -0
package/dist/slhdsa/types.d.ts +129 -0
package/dist/slhdsa/types.js +27 -0
package/dist/slhdsa/validate.d.ts +60 -0
package/dist/slhdsa/validate.js +127 -0
package/dist/slhdsa/verify.d.ts +32 -0
package/dist/slhdsa/verify.js +107 -0
package/dist/slhdsa.wasm +0 -0
package/dist/stream/header.js +8 -8
package/dist/stream/index.d.ts +1 -0
package/dist/stream/index.js +1 -0
package/dist/stream/open-stream.js +65 -22
package/dist/stream/seal-stream-pool.d.ts +2 -0
package/dist/stream/seal-stream-pool.js +100 -33
package/dist/stream/seal-stream.d.ts +1 -1
package/dist/stream/seal-stream.js +48 -19
package/dist/stream/seal.js +6 -6
package/dist/stream/types.d.ts +3 -1
package/dist/stream/types.js +1 -1
package/dist/types.d.ts +22 -1
package/dist/types.js +1 -1
package/dist/utils.d.ts +9 -10
package/dist/utils.js +84 -59
package/dist/wasm-source.d.ts +9 -8
package/dist/wasm-source.js +1 -1
package/dist/x25519/embedded.d.ts +1 -0
package/dist/x25519/embedded.js +31 -0
package/dist/x25519/index.d.ts +43 -0
package/dist/x25519/index.js +159 -0
package/dist/x25519/types.d.ts +25 -0
package/dist/x25519/types.js +27 -0
package/dist/x25519/validate.d.ts +2 -0
package/dist/x25519/validate.js +39 -0
package/package.json +123 -64
package/SECURITY.md +0 -276
package/dist/ct-wasm.d.ts +0 -1
package/dist/ct-wasm.js +0 -3
package/dist/ct.wasm +0 -0
package/dist/docs/aead.md +0 -323
package/dist/docs/architecture.md +0 -932
package/dist/docs/argon2id.md +0 -302
package/dist/docs/chacha20.md +0 -674
package/dist/docs/exports.md +0 -241
package/dist/docs/fortuna.md +0 -313
package/dist/docs/init.md +0 -302
package/dist/docs/loader.md +0 -161
package/dist/docs/serpent.md +0 -519
package/dist/docs/sha2.md +0 -613
package/dist/docs/sha3.md +0 -546
package/dist/docs/types.md +0 -276
package/dist/docs/utils.md +0 -367
package/dist/embedded/kyber.d.ts +0 -1
package/dist/embedded/kyber.js +0 -3
package/dist/kyber/embedded.d.ts +0 -1
package/dist/kyber/indcpa.d.ts +0 -49
package/dist/kyber/index.d.ts +0 -38
package/dist/kyber/kem.d.ts +0 -21
package/dist/kyber/suite.d.ts +0 -13
package/dist/kyber/validate.d.ts +0 -19

package/dist/sign/sign-stream.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+import type { StreamableSignatureSuite } from './types.js';
+export declare class SignStream {
+    private readonly suite;
+    private readonly sk;
+    private readonly ctx;
+    private hasher;
+    private finalized;
+    private disposed;
+    constructor(suite: StreamableSignatureSuite, sk: Uint8Array, ctx: Uint8Array);
+    /**
+     * Build the wire-format preamble for `payloadLength`. Available at
+     * any point in the stream lifecycle. See
+     * docs/signing.md#attached-envelope.
+     */
+    buildPreamble(payloadLength: number): Uint8Array;
+    /** Feed a chunk to the running prehash. */
+    update(chunk: Uint8Array): void;
+    /**
+     * Finalize the running prehash and sign. Returns the signature bytes.
+     * Caller writes these as the last segment of the output stream.
+     */
+    finalize(): Uint8Array;
+    /** Wipe lib-owned state. Idempotent. */
+    dispose(): void;
+}

package/dist/sign/sign-stream.js ADDED Viewed

@@ -0,0 +1,112 @@
+//                  ▄▄▄▄▄▄▄▄▄▄
+//           ▄████████████████████▄▄          ▒  ▄▀▀ ▒ ▒ █ ▄▀▄ ▀█▀ █ ▒ ▄▀▄ █▀▄
+//        ▄██████████████████████ ▀████▄      ▓  ▓▀  ▓ ▓ ▓ ▓▄▓  ▓  ▓▀▓ ▓▄▓ ▓ ▓
+//      ▄█████████▀▀▀     ▀███████▄▄███████▌  ▀▄ ▀▄▄ ▀▄▀ ▒ ▒ ▒  ▒  ▒ █ ▒ ▒ ▒ █
+//     ▐████████▀   ▄▄▄▄     ▀████████▀██▀█▌
+//     ████████      ███▀▀     ████▀  █▀ █▀       Leviathan Crypto Library
+//     ███████▌    ▀██▀         ███
+//      ███████   ▀███           ▀██ ▀█▄      Repository & Mirror:
+//       ▀██████   ▄▄██            ▀▀  ██▄    github.com/xero/leviathan-crypto
+//         ▀█████▄   ▄██▄             ▄▀▄▀    unpkg.com/leviathan-crypto
+//            ▀████▄   ▄██▄
+//              ▐████   ▐███                  Author: xero (https://x-e.ro)
+//       ▄▄██████████    ▐███         ▄▄      License: MIT
+//    ▄██▀▀▀▀▀▀▀▀▀▀     ▄████      ▄██▀
+//  ▄▀  ▄▄█████████▄▄  ▀▀▀▀▀     ▄███         This file is provided completely
+//   ▄██████▀▀▀▀▀▀██████▄ ▀▄▄▄▄████▀          free, "as is", and without
+//  ████▀    ▄▄▄▄▄▄▄ ▀████▄ ▀█████▀  ▄▄▄▄     warranty of any kind. The author
+//  █████▄▄█████▀▀▀▀▀▀▄ ▀███▄      ▄████      assumes absolutely no liability
+//   ▀██████▀             ▀████▄▄▄████▀       for its {ab,mis,}use.
+//                           ▀█████▀▀
+//
+// src/ts/sign/sign-stream.ts
+//
+// SignStream class, streaming signature production for StreamableSignatureSuite.
+// Sender writes: preamble + payload bytes + sig (from finalize). Wire format
+// is identical to Sign.sign output.
+import { SigningError } from '../errors.js';
+import { wipe } from '../utils.js';
+import { USER_CTX_MAX } from './ctx.js';
+import { createRunningHash } from './hasher.js';
+export class SignStream {
+    suite;
+    sk;
+    ctx;
+    hasher;
+    finalized = false;
+    disposed = false;
+    constructor(suite, sk, ctx) {
+        this.suite = suite;
+        this.sk = sk;
+        if (ctx.length > USER_CTX_MAX)
+            throw new SigningError('sig-ctx-too-long', `user_ctx length ${ctx.length} > ${USER_CTX_MAX}`);
+        // Copy ctx so a later caller-side mutation cannot retroactively
+        // change the bytes the preamble emits.
+        this.ctx = new Uint8Array(ctx);
+        this.hasher = createRunningHash(suite.prehashAlgorithm);
+    }
+    /**
+     * Build the wire-format preamble for `payloadLength`. Available at
+     * any point in the stream lifecycle. See
+     * docs/signing.md#attached-envelope.
+     */
+    buildPreamble(payloadLength) {
+        if (!Number.isInteger(payloadLength) || payloadLength < 0)
+            throw new SigningError('sig-malformed-input', `payloadLength must be a non-negative integer, got ${payloadLength}`);
+        if (payloadLength > 0xFFFFFFFF)
+            throw new SigningError('sig-malformed-input', `payloadLength ${payloadLength} > 2^32 - 1 (wire format payload_len is u32)`);
+        const out = new Uint8Array(2 + this.ctx.length + 4);
+        let pos = 0;
+        out[pos++] = this.suite.formatEnum;
+        out[pos++] = this.ctx.length;
+        out.set(this.ctx, pos);
+        pos += this.ctx.length;
+        out[pos++] = (payloadLength >>> 24) & 0xFF;
+        out[pos++] = (payloadLength >>> 16) & 0xFF;
+        out[pos++] = (payloadLength >>> 8) & 0xFF;
+        out[pos] = payloadLength & 0xFF;
+        return out;
+    }
+    /** Feed a chunk to the running prehash. */
+    update(chunk) {
+        if (this.disposed)
+            throw new SigningError('sig-stream-disposed');
+        if (this.finalized)
+            throw new SigningError('sig-stream-finalized');
+        this.hasher.update(chunk);
+    }
+    /**
+     * Finalize the running prehash and sign. Returns the signature bytes.
+     * Caller writes these as the last segment of the output stream.
+     */
+    finalize() {
+        if (this.disposed)
+            throw new SigningError('sig-stream-disposed');
+        if (this.finalized)
+            throw new SigningError('sig-stream-finalized');
+        this.finalized = true;
+        const h = this.hasher;
+        let digest;
+        try {
+            digest = h.finalize();
+            return this.suite.signPrehashed(this.sk, digest, this.ctx);
+        }
+        finally {
+            if (digest !== undefined)
+                wipe(digest);
+            h.dispose();
+            this.hasher = undefined;
+        }
+    }
+    /** Wipe lib-owned state. Idempotent. */
+    dispose() {
+        if (this.disposed)
+            return;
+        this.disposed = true;
+        if (this.hasher !== undefined) {
+            this.hasher.dispose();
+            this.hasher = undefined;
+        }
+        wipe(this.ctx);
+    }
+}

package/dist/sign/suites/ecdsa-p256.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import type { StreamableSignatureSuite } from '../types.js';
2	+ export declare const EcdsaP256Suite: StreamableSignatureSuite;

package/dist/sign/suites/ecdsa-p256.js ADDED Viewed

@@ -0,0 +1,120 @@
+//                  ▄▄▄▄▄▄▄▄▄▄
+//           ▄████████████████████▄▄          ▒  ▄▀▀ ▒ ▒ █ ▄▀▄ ▀█▀ █ ▒ ▄▀▄ █▀▄
+//        ▄██████████████████████ ▀████▄      ▓  ▓▀  ▓ ▓ ▓ ▓▄▓  ▓  ▓▀▓ ▓▄▓ ▓ ▓
+//      ▄█████████▀▀▀     ▀███████▄▄███████▌  ▀▄ ▀▄▄ ▀▄▀ ▒ ▒ ▒  ▒  ▒ █ ▒ ▒ ▒ █
+//     ▐████████▀   ▄▄▄▄     ▀████████▀██▀█▌
+//     ████████      ███▀▀     ████▀  █▀ █▀       Leviathan Crypto Library
+//     ███████▌    ▀██▀         ███
+//      ███████   ▀███           ▀██ ▀█▄      Repository & Mirror:
+//       ▀██████   ▄▄██            ▀▀  ██▄    github.com/xero/leviathan-crypto
+//         ▀█████▄   ▄██▄             ▄▀▄▀    unpkg.com/leviathan-crypto
+//            ▀████▄   ▄██▄
+//              ▐████   ▐███                  Author: xero (https://x-e.ro)
+//       ▄▄██████████    ▐███         ▄▄      License: MIT
+//    ▄██▀▀▀▀▀▀▀▀▀▀     ▄████      ▄██▀
+//  ▄▀  ▄▄█████████▄▄  ▀▀▀▀▀     ▄███         This file is provided completely
+//   ▄██████▀▀▀▀▀▀██████▄ ▀▄▄▄▄████▀          free, "as is", and without
+//  ████▀    ▄▄▄▄▄▄▄ ▀████▄ ▀█████▀  ▄▄▄▄     warranty of any kind. The author
+//  █████▄▄█████▀▀▀▀▀▀▄ ▀███▄      ▄████      assumes absolutely no liability
+//   ▀██████▀             ▀████▄▄▄████▀       for its {ab,mis,}use.
+//                           ▀█████▀▀
+//
+// src/ts/sign/suites/ecdsa-p256.ts
+//
+// EcdsaP256Suite (0x02, FIPS 186-5 §6.4 over SHA-256). Hedged-by-default
+// per draft-irtf-cfrg-det-sigs-with-noise-05.
+//
+// Catalog + sizes: docs/signaturesuite.md. Suite reference: docs/ecdsa-p256.md.
+import { SigningError } from '../../errors.js';
+import { EcdsaP256 } from '../../ecdsa/index.js';
+import { randomBytes, utf8ToBytes, wipe } from '../../utils.js';
+import { CTX_DOMAIN_MAX } from '../ctx.js';
+import { sha256OneShot } from '../hasher.js';
+function EcdsaP256SuiteFactory(formatEnum, formatName, ctxDomain) {
+    if (utf8ToBytes(ctxDomain).length > CTX_DOMAIN_MAX)
+        throw new Error(`leviathan-crypto: ctxDomain '${ctxDomain}' too long for ${formatName}`);
+    const wasmModules = Object.freeze(['p256', 'sha2']);
+    const prehashAlgorithm = 'sha-256';
+    const prehashSize = 32;
+    function rejectCtx(ctx) {
+        if (ctx.length > 0)
+            throw new SigningError('sig-ctx-unsupported', `${formatName} does not support user context; ECDSA-P256 has `
+                + 'no native ctx parameter in FIPS 186-5 §6.4. Use the '
+                + 'classical+PQ hybrid suites (catalog 0x22 / 0x23) for '
+                + 'context-bound ECDSA-P256 signatures.');
+    }
+    return {
+        formatEnum,
+        formatName,
+        ctxDomain,
+        pkSize: 33,
+        skSize: 32,
+        sigMaxSize: 64,
+        wasmModules,
+        prehashAlgorithm,
+        prehashSize,
+        sign(sk, msg, ctx) {
+            rejectCtx(ctx);
+            const digest = sha256OneShot(msg);
+            const rnd = randomBytes(32);
+            const inst = new EcdsaP256();
+            try {
+                return inst._signInternalPk(sk, digest, rnd);
+            }
+            finally {
+                wipe(rnd);
+                wipe(digest);
+                inst.dispose();
+            }
+        },
+        verify(pk, msg, sig, ctx) {
+            rejectCtx(ctx);
+            const digest = sha256OneShot(msg);
+            const inst = new EcdsaP256();
+            try {
+                return inst.verify(pk, digest, sig);
+            }
+            finally {
+                inst.dispose();
+                wipe(digest);
+            }
+        },
+        keygen() {
+            const inst = new EcdsaP256();
+            try {
+                const kp = inst.keygen();
+                return { pk: kp.publicKey, sk: kp.secretKey };
+            }
+            finally {
+                inst.dispose();
+            }
+        },
+        signPrehashed(sk, digest, ctx) {
+            rejectCtx(ctx);
+            if (digest.length !== prehashSize)
+                throw new SigningError('sig-malformed-input', `digest length ${digest.length} != expected ${prehashSize} for ${formatName}`);
+            const rnd = randomBytes(32);
+            const inst = new EcdsaP256();
+            try {
+                return inst._signInternalPk(sk, digest, rnd);
+            }
+            finally {
+                wipe(rnd);
+                inst.dispose();
+            }
+        },
+        verifyPrehashed(pk, digest, sig, ctx) {
+            rejectCtx(ctx);
+            if (digest.length !== prehashSize)
+                throw new SigningError('sig-malformed-input', `digest length ${digest.length} != expected ${prehashSize} for ${formatName}`);
+            const inst = new EcdsaP256();
+            try {
+                return inst.verify(pk, digest, sig);
+            }
+            finally {
+                inst.dispose();
+            }
+        },
+    };
+}
+export const EcdsaP256Suite = EcdsaP256SuiteFactory(0x02, 'ecdsa-p256', 'ecdsa-p256-envelope-v3');

package/dist/sign/suites/ed25519.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { SignatureSuite, StreamableSignatureSuite } from '../types.js';
+export declare const Ed25519Suite: SignatureSuite;
+export declare const Ed25519PreHashSuite: StreamableSignatureSuite;

package/dist/sign/suites/ed25519.js ADDED Viewed

@@ -0,0 +1,165 @@
+//                  ▄▄▄▄▄▄▄▄▄▄
+//           ▄████████████████████▄▄          ▒  ▄▀▀ ▒ ▒ █ ▄▀▄ ▀█▀ █ ▒ ▄▀▄ █▀▄
+//        ▄██████████████████████ ▀████▄      ▓  ▓▀  ▓ ▓ ▓ ▓▄▓  ▓  ▓▀▓ ▓▄▓ ▓ ▓
+//      ▄█████████▀▀▀     ▀███████▄▄███████▌  ▀▄ ▀▄▄ ▀▄▀ ▒ ▒ ▒  ▒  ▒ █ ▒ ▒ ▒ █
+//     ▐████████▀   ▄▄▄▄     ▀████████▀██▀█▌
+//     ████████      ███▀▀     ████▀  █▀ █▀       Leviathan Crypto Library
+//     ███████▌    ▀██▀         ███
+//      ███████   ▀███           ▀██ ▀█▄      Repository & Mirror:
+//       ▀██████   ▄▄██            ▀▀  ██▄    github.com/xero/leviathan-crypto
+//         ▀█████▄   ▄██▄             ▄▀▄▀    unpkg.com/leviathan-crypto
+//            ▀████▄   ▄██▄
+//              ▐████   ▐███                  Author: xero (https://x-e.ro)
+//       ▄▄██████████    ▐███         ▄▄      License: MIT
+//    ▄██▀▀▀▀▀▀▀▀▀▀     ▄████      ▄██▀
+//  ▄▀  ▄▄█████████▄▄  ▀▀▀▀▀     ▄███         This file is provided completely
+//   ▄██████▀▀▀▀▀▀██████▄ ▀▄▄▄▄████▀          free, "as is", and without
+//  ████▀    ▄▄▄▄▄▄▄ ▀████▄ ▀█████▀  ▄▄▄▄     warranty of any kind. The author
+//  █████▄▄█████▀▀▀▀▀▀▄ ▀███▄      ▄████      assumes absolutely no liability
+//   ▀██████▀             ▀████▄▄▄████▀       for its {ab,mis,}use.
+//                           ▀█████▀▀
+//
+// src/ts/sign/suites/ed25519.ts
+//
+// Ed25519Suite (0x01, RFC 8032 §5.1.6) and Ed25519PreHashSuite
+// (0x11, Ed25519ph, RFC 8032 §5.1.7).
+//
+// Catalog + sizes: docs/signaturesuite.md. Suite reference: docs/ed25519.md.
+import { utf8ToBytes, wipe } from '../../utils.js';
+import { SigningError } from '../../errors.js';
+import { Ed25519 } from '../../ed25519/index.js';
+import { buildEffectiveCtx, CTX_DOMAIN_MAX, } from '../ctx.js';
+import { sha512OneShot } from '../hasher.js';
+// ── Pure-mode factory ───────────────────────────────────────────────────────
+function Ed25519PureSuite(formatEnum, formatName, ctxDomain) {
+    if (utf8ToBytes(ctxDomain).length > CTX_DOMAIN_MAX)
+        throw new Error(`leviathan-crypto: ctxDomain '${ctxDomain}' too long for ${formatName}`);
+    const wasmModules = Object.freeze(['curve25519']);
+    return {
+        formatEnum,
+        formatName,
+        ctxDomain,
+        pkSize: 32,
+        skSize: 32,
+        sigMaxSize: 64,
+        wasmModules,
+        sign(sk, msg, ctx) {
+            if (ctx.length > 0)
+                throw new SigningError('sig-ctx-unsupported', `${formatName} (pure Ed25519) does not support user context; `
+                    + 'use Ed25519PreHashSuite (formatEnum 0x11) for context-bound signatures');
+            const inst = new Ed25519();
+            try {
+                return inst._signInternalPk(sk, msg);
+            }
+            finally {
+                inst.dispose();
+            }
+        },
+        verify(pk, msg, sig, ctx) {
+            if (ctx.length > 0)
+                throw new SigningError('sig-ctx-unsupported', `${formatName} (pure Ed25519) does not support user context; `
+                    + 'use Ed25519PreHashSuite (formatEnum 0x11) for context-bound signatures');
+            const inst = new Ed25519();
+            try {
+                return inst.verify(pk, msg, sig);
+            }
+            finally {
+                inst.dispose();
+            }
+        },
+        keygen() {
+            const inst = new Ed25519();
+            try {
+                const kp = inst.keygen();
+                return { pk: kp.publicKey, sk: kp.secretKey };
+            }
+            finally {
+                inst.dispose();
+            }
+        },
+    };
+}
+// ── Prehash-mode factory ────────────────────────────────────────────────────
+function Ed25519PrehashSuite(formatEnum, formatName, ctxDomain) {
+    if (utf8ToBytes(ctxDomain).length > CTX_DOMAIN_MAX)
+        throw new Error(`leviathan-crypto: ctxDomain '${ctxDomain}' too long for ${formatName}`);
+    const wasmModules = Object.freeze(['curve25519', 'sha2']);
+    const prehashAlgorithm = 'sha-512';
+    const prehashSize = 64;
+    return {
+        formatEnum,
+        formatName,
+        ctxDomain,
+        pkSize: 32,
+        skSize: 32,
+        sigMaxSize: 64,
+        wasmModules,
+        prehashAlgorithm,
+        prehashSize,
+        sign(sk, msg, ctx) {
+            const effectiveCtx = buildEffectiveCtx(ctxDomain, ctx);
+            const digest = sha512OneShot(msg);
+            const inst = new Ed25519();
+            try {
+                return inst._signPrehashedInternalPk(sk, digest, effectiveCtx);
+            }
+            finally {
+                inst.dispose();
+                wipe(digest);
+                wipe(effectiveCtx);
+            }
+        },
+        verify(pk, msg, sig, ctx) {
+            const effectiveCtx = buildEffectiveCtx(ctxDomain, ctx);
+            const digest = sha512OneShot(msg);
+            const inst = new Ed25519();
+            try {
+                return inst.verifyPrehashed(pk, digest, effectiveCtx, sig);
+            }
+            finally {
+                inst.dispose();
+                wipe(digest);
+                wipe(effectiveCtx);
+            }
+        },
+        keygen() {
+            const inst = new Ed25519();
+            try {
+                const kp = inst.keygen();
+                return { pk: kp.publicKey, sk: kp.secretKey };
+            }
+            finally {
+                inst.dispose();
+            }
+        },
+        signPrehashed(sk, digest, ctx) {
+            if (digest.length !== prehashSize)
+                throw new SigningError('sig-malformed-input', `digest length ${digest.length} != expected ${prehashSize} for ${formatName}`);
+            const effectiveCtx = buildEffectiveCtx(ctxDomain, ctx);
+            const inst = new Ed25519();
+            try {
+                return inst._signPrehashedInternalPk(sk, digest, effectiveCtx);
+            }
+            finally {
+                inst.dispose();
+                wipe(effectiveCtx);
+            }
+        },
+        verifyPrehashed(pk, digest, sig, ctx) {
+            if (digest.length !== prehashSize)
+                throw new SigningError('sig-malformed-input', `digest length ${digest.length} != expected ${prehashSize} for ${formatName}`);
+            const effectiveCtx = buildEffectiveCtx(ctxDomain, ctx);
+            const inst = new Ed25519();
+            try {
+                return inst.verifyPrehashed(pk, digest, effectiveCtx, sig);
+            }
+            finally {
+                inst.dispose();
+                wipe(effectiveCtx);
+            }
+        },
+    };
+}
+// ── Exported suite consts ───────────────────────────────────────────────────
+export const Ed25519Suite = Ed25519PureSuite(0x01, 'ed25519', 'ed25519-envelope-v3');
+export const Ed25519PreHashSuite = Ed25519PrehashSuite(0x11, 'ed25519-prehash', 'ed25519-prehash-envelope-v3');

package/dist/sign/suites/hybrid-classical.d.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import type { StreamableSignatureSuite } from '../types.js';
+/**
+ * Composite ML-DSA-44 + Ed25519 with SHA-512 prehash.
+ * composite-sigs §6, id-MLDSA44-Ed25519-SHA512 (OID 1.3.6.1.5.5.7.6.39).
+ */
+export declare const MlDsa44Ed25519Suite: StreamableSignatureSuite;
+/**
+ * Composite ML-DSA-65 + Ed25519 with SHA-512 prehash.
+ * composite-sigs §6, id-MLDSA65-Ed25519-SHA512 (OID 1.3.6.1.5.5.7.6.48).
+ */
+export declare const MlDsa65Ed25519Suite: StreamableSignatureSuite;
+/**
+ * Composite ML-DSA-44 + ECDSA-P256 with SHA-256 prehash.
+ * composite-sigs §6, id-MLDSA44-ECDSA-P256-SHA256 (OID 1.3.6.1.5.5.7.6.40).
+ */
+export declare const MlDsa44EcdsaP256Suite: StreamableSignatureSuite;
+/**
+ * Composite ML-DSA-65 + ECDSA-P256 with SHA-512 prehash on the composite
+ * layer; the ECDSA half still hashes M' with SHA-256 per composite-sigs §6
+ * `ecdsa-with-SHA256` and §10.1 (deployment-fit rationale).
+ * composite-sigs §6, id-MLDSA65-ECDSA-P256-SHA512 (OID 1.3.6.1.5.5.7.6.45).
+ */
+export declare const MlDsa65EcdsaP256Suite: StreamableSignatureSuite;