npm - leviathan-crypto - Versions diffs - 2.1.0 → 3.0.0 - Mend

leviathan-crypto 2.1.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (296) hide show

package/CLAUDE.md +86 -443
package/README.md +198 -65
package/dist/aes/aes-cbc.d.ts +40 -0
package/dist/aes/aes-cbc.js +158 -0
package/dist/aes/aes-ctr.d.ts +50 -0
package/dist/aes/aes-ctr.js +141 -0
package/dist/aes/aes-gcm-siv.d.ts +67 -0
package/dist/aes/aes-gcm-siv.js +217 -0
package/dist/aes/aes-gcm.d.ts +61 -0
package/dist/aes/aes-gcm.js +226 -0
package/dist/aes/cipher-suite.d.ts +21 -0
package/dist/aes/cipher-suite.js +179 -0
package/dist/aes/embedded.d.ts +1 -0
package/dist/aes/embedded.js +26 -0
package/dist/aes/generator.d.ts +14 -0
package/dist/aes/generator.js +103 -0
package/dist/aes/index.d.ts +58 -0
package/dist/aes/index.js +125 -0
package/dist/aes/ops.d.ts +60 -0
package/dist/aes/ops.js +164 -0
package/dist/aes/pool-worker.d.ts +1 -0
package/dist/aes/pool-worker.js +92 -0
package/dist/aes/types.d.ts +1 -0
package/dist/aes/types.js +23 -0
package/dist/aes.wasm +0 -0
package/dist/blake3/embedded.d.ts +1 -0
package/dist/blake3/embedded.js +26 -0
package/dist/blake3/index.d.ts +143 -0
package/dist/blake3/index.js +620 -0
package/dist/blake3/types.d.ts +102 -0
package/dist/blake3/types.js +31 -0
package/dist/blake3/validate.d.ts +29 -0
package/dist/blake3/validate.js +80 -0
package/dist/blake3.wasm +0 -0
package/dist/chacha20/cipher-suite.js +47 -25
package/dist/chacha20/generator.d.ts +2 -2
package/dist/chacha20/generator.js +4 -4
package/dist/chacha20/index.d.ts +16 -15
package/dist/chacha20/index.js +52 -46
package/dist/chacha20/ops.d.ts +7 -7
package/dist/chacha20/ops.js +34 -34
package/dist/chacha20/pool-worker.js +5 -3
package/dist/cte-wasm.d.ts +1 -0
package/dist/cte-wasm.js +3 -0
package/dist/curve25519.wasm +0 -0
package/dist/ecdsa/der.d.ts +23 -0
package/dist/ecdsa/der.js +192 -0
package/dist/ecdsa/ecprivatekey-der.d.ts +32 -0
package/dist/ecdsa/ecprivatekey-der.js +230 -0
package/dist/ecdsa/embedded.d.ts +1 -0
package/dist/ecdsa/embedded.js +25 -0
package/dist/ecdsa/index.d.ts +124 -0
package/dist/ecdsa/index.js +366 -0
package/dist/ecdsa/types.d.ts +31 -0
package/dist/ecdsa/types.js +28 -0
package/dist/ecdsa/validate.d.ts +18 -0
package/dist/ecdsa/validate.js +92 -0
package/dist/ed25519/embedded.d.ts +1 -0
package/dist/ed25519/embedded.js +31 -0
package/dist/ed25519/index.d.ts +70 -0
package/dist/ed25519/index.js +308 -0
package/dist/ed25519/types.d.ts +27 -0
package/dist/ed25519/types.js +27 -0
package/dist/ed25519/validate.d.ts +7 -0
package/dist/ed25519/validate.js +77 -0
package/dist/embedded/aes-pool-worker.d.ts +1 -0
package/dist/embedded/aes-pool-worker.js +5 -0
package/dist/embedded/aes.d.ts +1 -0
package/dist/embedded/aes.js +3 -0
package/dist/embedded/blake3.d.ts +1 -0
package/dist/embedded/blake3.js +3 -0
package/dist/embedded/chacha20-pool-worker.d.ts +1 -1
package/dist/embedded/chacha20-pool-worker.js +2 -2
package/dist/embedded/chacha20.d.ts +1 -1
package/dist/embedded/chacha20.js +2 -2
package/dist/embedded/curve25519.d.ts +1 -0
package/dist/embedded/curve25519.js +3 -0
package/dist/embedded/mldsa.d.ts +1 -0
package/dist/embedded/mldsa.js +3 -0
package/dist/embedded/mlkem.d.ts +1 -0
package/dist/embedded/mlkem.js +3 -0
package/dist/embedded/p256.d.ts +1 -0
package/dist/embedded/p256.js +3 -0
package/dist/embedded/serpent-pool-worker.d.ts +1 -1
package/dist/embedded/serpent-pool-worker.js +2 -2
package/dist/embedded/serpent.d.ts +1 -1
package/dist/embedded/serpent.js +2 -2
package/dist/embedded/sha2.d.ts +1 -1
package/dist/embedded/sha2.js +2 -2
package/dist/embedded/sha3.d.ts +1 -1
package/dist/embedded/sha3.js +2 -2
package/dist/embedded/slhdsa.d.ts +1 -0
package/dist/embedded/slhdsa.js +3 -0
package/dist/errors.d.ts +92 -1
package/dist/errors.js +111 -1
package/dist/fortuna.d.ts +5 -5
package/dist/fortuna.js +37 -64
package/dist/index.d.ts +38 -9
package/dist/index.js +63 -19
package/dist/init.d.ts +1 -1
package/dist/init.js +11 -25
package/dist/keccak/embedded.js +1 -1
package/dist/keccak/index.d.ts +2 -0
package/dist/keccak/index.js +4 -2
package/dist/loader.d.ts +1 -24
package/dist/loader.js +13 -16
package/dist/merkle/blake3-tree.d.ts +35 -0
package/dist/merkle/blake3-tree.js +187 -0
package/dist/merkle/checkpoint.d.ts +58 -0
package/dist/merkle/checkpoint.js +217 -0
package/dist/merkle/index.d.ts +19 -0
package/dist/merkle/index.js +37 -0
package/dist/merkle/merkle-log.d.ts +130 -0
package/dist/merkle/merkle-log.js +207 -0
package/dist/merkle/merkle-verifier.d.ts +126 -0
package/dist/merkle/merkle-verifier.js +296 -0
package/dist/merkle/proof.d.ts +70 -0
package/dist/merkle/proof.js +300 -0
package/dist/merkle/sha256-tree.d.ts +33 -0
package/dist/merkle/sha256-tree.js +145 -0
package/dist/merkle/signed-log.d.ts +156 -0
package/dist/merkle/signed-log.js +356 -0
package/dist/merkle/signed-note.d.ts +309 -0
package/dist/merkle/signed-note.js +648 -0
package/dist/merkle/sth.d.ts +31 -0
package/dist/merkle/sth.js +31 -0
package/dist/merkle/storage.d.ts +40 -0
package/dist/merkle/storage.js +71 -0
package/dist/merkle/tree.d.ts +68 -0
package/dist/merkle/tree.js +94 -0
package/dist/mldsa/embedded.d.ts +1 -0
package/dist/{kyber → mldsa}/embedded.js +5 -5
package/dist/mldsa/expand.d.ts +53 -0
package/dist/mldsa/expand.js +188 -0
package/dist/mldsa/format.d.ts +16 -0
package/dist/mldsa/format.js +68 -0
package/dist/mldsa/hashvariant.d.ts +32 -0
package/dist/mldsa/hashvariant.js +248 -0
package/dist/mldsa/index.d.ts +142 -0
package/dist/mldsa/index.js +463 -0
package/dist/mldsa/keygen.d.ts +16 -0
package/dist/mldsa/keygen.js +232 -0
package/dist/mldsa/params.d.ts +21 -0
package/dist/mldsa/params.js +55 -0
package/dist/mldsa/sha3-helpers.d.ts +30 -0
package/dist/mldsa/sha3-helpers.js +124 -0
package/dist/mldsa/sign.d.ts +36 -0
package/dist/mldsa/sign.js +380 -0
package/dist/mldsa/types.d.ts +91 -0
package/dist/mldsa/types.js +25 -0
package/dist/mldsa/validate.d.ts +55 -0
package/dist/mldsa/validate.js +125 -0
package/dist/mldsa/verify.d.ts +29 -0
package/dist/mldsa/verify.js +269 -0
package/dist/mldsa.wasm +0 -0
package/dist/mlkem/embedded.d.ts +1 -0
package/dist/mlkem/embedded.js +27 -0
package/dist/mlkem/indcpa.d.ts +49 -0
package/dist/{kyber → mlkem}/indcpa.js +44 -44
package/dist/mlkem/index.d.ts +37 -0
package/dist/{kyber → mlkem}/index.js +24 -34
package/dist/mlkem/kem.d.ts +21 -0
package/dist/{kyber → mlkem}/kem.js +44 -64
package/dist/{kyber → mlkem}/params.d.ts +4 -4
package/dist/{kyber → mlkem}/params.js +2 -2
package/dist/mlkem/suite.d.ts +12 -0
package/dist/{kyber → mlkem}/suite.js +17 -12
package/dist/{kyber → mlkem}/types.d.ts +3 -3
package/dist/{kyber → mlkem}/types.js +1 -1
package/dist/{kyber → mlkem}/validate.d.ts +7 -7
package/dist/{kyber → mlkem}/validate.js +7 -7
package/dist/{kyber.wasm → mlkem.wasm} +0 -0
package/dist/p256.wasm +0 -0
package/dist/ratchet/index.d.ts +2 -0
package/dist/ratchet/index.js +1 -0
package/dist/ratchet/kdf-chain.js +3 -3
package/dist/ratchet/ratchet-keypair.js +2 -2
package/dist/ratchet/root-kdf.js +7 -7
package/dist/ratchet/skipped-key-store.js +4 -4
package/dist/ratchet/types.d.ts +1 -1
package/dist/serpent/cipher-suite.js +20 -17
package/dist/serpent/generator.d.ts +1 -1
package/dist/serpent/generator.js +2 -2
package/dist/serpent/index.d.ts +8 -7
package/dist/serpent/index.js +18 -27
package/dist/serpent/pool-worker.js +7 -5
package/dist/serpent/serpent-cbc.d.ts +4 -4
package/dist/serpent/serpent-cbc.js +11 -8
package/dist/serpent/shared-ops.d.ts +3 -23
package/dist/serpent/shared-ops.js +50 -85
package/dist/serpent.wasm +0 -0
package/dist/sha2/hkdf.js +5 -5
package/dist/sha2/index.d.ts +21 -1
package/dist/sha2/index.js +65 -10
package/dist/sha2/types.d.ts +41 -2
package/dist/sha2.wasm +0 -0
package/dist/sha3/index.d.ts +72 -3
package/dist/sha3/index.js +240 -14
package/dist/sha3/kmac.d.ts +121 -0
package/dist/sha3/kmac.js +800 -0
package/dist/sha3.wasm +0 -0
package/dist/shared/pkcs7.d.ts +22 -0
package/dist/shared/pkcs7.js +84 -0
package/dist/sign/ctx.d.ts +41 -0
package/dist/sign/ctx.js +102 -0
package/dist/sign/envelope.d.ts +45 -0
package/dist/sign/envelope.js +152 -0
package/dist/sign/hasher.d.ts +9 -0
package/dist/sign/hasher.js +132 -0
package/dist/sign/index.d.ts +11 -0
package/dist/sign/index.js +34 -0
package/dist/sign/sign-stream.d.ts +25 -0
package/dist/sign/sign-stream.js +112 -0
package/dist/sign/suites/ecdsa-p256.d.ts +2 -0
package/dist/sign/suites/ecdsa-p256.js +120 -0
package/dist/sign/suites/ed25519.d.ts +3 -0
package/dist/sign/suites/ed25519.js +165 -0
package/dist/sign/suites/hybrid-classical.d.ts +23 -0
package/dist/sign/suites/hybrid-classical.js +526 -0
package/dist/sign/suites/hybrid-pq.d.ts +4 -0
package/dist/sign/suites/hybrid-pq.js +234 -0
package/dist/sign/suites/mldsa.d.ts +7 -0
package/dist/sign/suites/mldsa.js +161 -0
package/dist/sign/suites/slhdsa.d.ts +7 -0
package/dist/sign/suites/slhdsa.js +176 -0
package/dist/sign/types.d.ts +106 -0
package/dist/sign/types.js +28 -0
package/dist/sign/verify-stream.d.ts +30 -0
package/dist/sign/verify-stream.js +227 -0
package/dist/slhdsa/embedded.d.ts +1 -0
package/dist/slhdsa/embedded.js +26 -0
package/dist/slhdsa/index.d.ts +149 -0
package/dist/slhdsa/index.js +493 -0
package/dist/slhdsa/params.d.ts +26 -0
package/dist/slhdsa/params.js +70 -0
package/dist/slhdsa/prehash.d.ts +68 -0
package/dist/slhdsa/prehash.js +307 -0
package/dist/slhdsa/sign.d.ts +39 -0
package/dist/slhdsa/sign.js +116 -0
package/dist/slhdsa/types.d.ts +129 -0
package/dist/slhdsa/types.js +27 -0
package/dist/slhdsa/validate.d.ts +60 -0
package/dist/slhdsa/validate.js +127 -0
package/dist/slhdsa/verify.d.ts +32 -0
package/dist/slhdsa/verify.js +107 -0
package/dist/slhdsa.wasm +0 -0
package/dist/stream/header.js +3 -3
package/dist/stream/index.d.ts +1 -0
package/dist/stream/index.js +1 -0
package/dist/stream/open-stream.js +31 -10
package/dist/stream/seal-stream-pool.d.ts +1 -0
package/dist/stream/seal-stream-pool.js +63 -26
package/dist/stream/seal-stream.d.ts +1 -1
package/dist/stream/seal-stream.js +20 -9
package/dist/stream/seal.js +6 -6
package/dist/stream/types.d.ts +3 -1
package/dist/stream/types.js +1 -1
package/dist/types.d.ts +1 -1
package/dist/types.js +1 -1
package/dist/utils.d.ts +3 -3
package/dist/utils.js +46 -54
package/dist/wasm-source.d.ts +7 -7
package/dist/wasm-source.js +1 -1
package/dist/x25519/embedded.d.ts +1 -0
package/dist/x25519/embedded.js +31 -0
package/dist/x25519/index.d.ts +43 -0
package/dist/x25519/index.js +159 -0
package/dist/x25519/types.d.ts +25 -0
package/dist/x25519/types.js +27 -0
package/dist/x25519/validate.d.ts +2 -0
package/dist/x25519/validate.js +39 -0
package/package.json +70 -26
package/SECURITY.md +0 -163
package/dist/ct-wasm.d.ts +0 -1
package/dist/ct-wasm.js +0 -3
package/dist/docs/aead.md +0 -363
package/dist/docs/architecture.md +0 -1011
package/dist/docs/argon2id.md +0 -305
package/dist/docs/chacha20.md +0 -781
package/dist/docs/exports.md +0 -277
package/dist/docs/fortuna.md +0 -530
package/dist/docs/init.md +0 -301
package/dist/docs/loader.md +0 -256
package/dist/docs/serpent.md +0 -617
package/dist/docs/sha2.md +0 -671
package/dist/docs/sha3.md +0 -612
package/dist/docs/types.md +0 -416
package/dist/docs/utils.md +0 -457
package/dist/embedded/kyber.d.ts +0 -1
package/dist/embedded/kyber.js +0 -3
package/dist/kyber/embedded.d.ts +0 -1
package/dist/kyber/indcpa.d.ts +0 -49
package/dist/kyber/index.d.ts +0 -38
package/dist/kyber/kem.d.ts +0 -21
package/dist/kyber/suite.d.ts +0 -12
/package/dist/{ct.wasm → cte.wasm} +0 -0

package/dist/sha3/index.js CHANGED Viewed

@@ -22,23 +22,15 @@
 // src/ts/sha3/index.ts
 //
 // Public API classes for the SHA-3 WASM module.
-// Uses the init() module cache — call sha3Init(source) before constructing.
+// Uses the init() module cache, call sha3Init(source) before constructing.
 import { getInstance, initModule, _acquireModule, _releaseModule, _assertNotOwned } from '../init.js';
 export async function sha3Init(source) {
     return initModule('sha3', source);
 }
+export { isInitialized } from '../init.js';
 function getExports() {
     return getInstance('sha3').exports;
 }
-export function _sha3Ready() {
-    try {
-        getInstance('sha3');
-        return true;
-    }
-    catch {
-        return false;
-    }
-}
 // Write msg into INPUT_OFFSET in chunks of 168 bytes (max rate)
 function absorb(x, msg) {
     const mem = new Uint8Array(x.memory.buffer);
@@ -129,7 +121,7 @@ export class SHA3_224 {
 }
 // ── SHAKE128 ────────────────────────────────────────────────────────────────
 /**
- * SHAKE128 XOF — extendable output, multi-squeeze capable.
+ * SHAKE128 XOF, extendable output, multi-squeeze capable.
  *
  * Holds exclusive access to the `sha3` WASM module from construction until
  * `dispose()`. Constructing a second SHAKE128/SHAKE256 or any other sha3
@@ -167,7 +159,7 @@ export class SHAKE128 {
         if (this._tok === undefined)
             throw new Error('SHAKE128: instance has been disposed');
         if (this._squeezing)
-            throw new Error('SHAKE128: cannot absorb after squeeze — call reset() first');
+            throw new Error('SHAKE128: cannot absorb after squeeze, call reset() first');
         absorb(this.x, msg);
         return this;
     }
@@ -222,7 +214,7 @@ export class SHAKE128 {
 }
 // ── SHAKE256 ────────────────────────────────────────────────────────────────
 /**
- * SHAKE256 XOF — extendable output, multi-squeeze capable.
+ * SHAKE256 XOF, extendable output, multi-squeeze capable.
  *
  * Holds exclusive access to the `sha3` WASM module from construction until
  * `dispose()`. Constructing a second SHAKE128/SHAKE256 or any other sha3
@@ -260,7 +252,7 @@ export class SHAKE256 {
         if (this._tok === undefined)
             throw new Error('SHAKE256: instance has been disposed');
         if (this._squeezing)
-            throw new Error('SHAKE256: cannot absorb after squeeze — call reset() first');
+            throw new Error('SHAKE256: cannot absorb after squeeze, call reset() first');
         absorb(this.x, msg);
         return this;
     }
@@ -313,5 +305,239 @@ export class SHAKE256 {
         }
     }
 }
+// ── SHA3_256Stream ──────────────────────────────────────────────────────────
+/**
+ * Incremental SHA3-256. Construct, `update()` chunks (any size), `finalize()`
+ * to get the 32-byte digest. Finalize disposes the instance.
+ *
+ * Holds exclusive access to the `sha3` WASM module from construction until
+ * `dispose()` or `finalize()`. Mirrors SHAKE128 lifecycle.
+ */
+export class SHA3_256Stream {
+    x;
+    _tok;
+    constructor() {
+        this.x = getExports();
+        this._tok = _acquireModule('sha3');
+        try {
+            this.x.sha3_256Init();
+        }
+        catch (e) {
+            _releaseModule('sha3', this._tok);
+            this._tok = undefined;
+            throw e;
+        }
+    }
+    update(chunk) {
+        if (this._tok === undefined)
+            throw new Error('SHA3_256Stream: instance has been disposed');
+        absorb(this.x, chunk);
+        return this;
+    }
+    finalize() {
+        if (this._tok === undefined)
+            throw new Error('SHA3_256Stream: instance has been disposed');
+        this.x.sha3_256Final();
+        const mem = new Uint8Array(this.x.memory.buffer);
+        const off = this.x.getOutOffset();
+        const out = mem.slice(off, off + 32);
+        this.dispose();
+        return out;
+    }
+    dispose() {
+        if (this._tok === undefined)
+            return;
+        try {
+            this.x.wipeBuffers();
+        }
+        finally {
+            _releaseModule('sha3', this._tok);
+            this._tok = undefined;
+        }
+    }
+}
+// ── SHA3_512Stream ──────────────────────────────────────────────────────────
+/**
+ * Incremental SHA3-512. Construct, `update()` chunks (any size), `finalize()`
+ * to get the 64-byte digest. Finalize disposes the instance.
+ *
+ * Holds exclusive access to the `sha3` WASM module from construction until
+ * `dispose()` or `finalize()`. Mirrors SHAKE128 lifecycle.
+ */
+export class SHA3_512Stream {
+    x;
+    _tok;
+    constructor() {
+        this.x = getExports();
+        this._tok = _acquireModule('sha3');
+        try {
+            this.x.sha3_512Init();
+        }
+        catch (e) {
+            _releaseModule('sha3', this._tok);
+            this._tok = undefined;
+            throw e;
+        }
+    }
+    update(chunk) {
+        if (this._tok === undefined)
+            throw new Error('SHA3_512Stream: instance has been disposed');
+        absorb(this.x, chunk);
+        return this;
+    }
+    finalize() {
+        if (this._tok === undefined)
+            throw new Error('SHA3_512Stream: instance has been disposed');
+        this.x.sha3_512Final();
+        const mem = new Uint8Array(this.x.memory.buffer);
+        const off = this.x.getOutOffset();
+        const out = mem.slice(off, off + 64);
+        this.dispose();
+        return out;
+    }
+    dispose() {
+        if (this._tok === undefined)
+            return;
+        try {
+            this.x.wipeBuffers();
+        }
+        finally {
+            _releaseModule('sha3', this._tok);
+            this._tok = undefined;
+        }
+    }
+}
+// ── SHAKE128Stream ──────────────────────────────────────────────────────────
+/**
+ * Single-shot streaming SHAKE128. `outputLen` is bound at construction;
+ * `update()` absorbs chunks of any size, `finalize()` pads and squeezes
+ * exactly `outputLen` bytes, then disposes the instance.
+ *
+ * Used by `createRunningHash` in the sign layer: each StreamableSignatureSuite
+ * with `prehashAlgorithm: 'shake-128'` declares its `prehashSize` and that
+ * value is passed in here at construction time. The multi-squeeze
+ * `SHAKE128` class above remains for the XOF surface; this class is the
+ * fixed-output cousin that matches the RunningHash contract.
+ *
+ * Holds exclusive access to the `sha3` WASM module from construction until
+ * `dispose()` or `finalize()`. Mirrors `SHA3_256Stream` lifecycle.
+ */
+export class SHAKE128Stream {
+    x;
+    _rate = 168;
+    outputLen;
+    _tok;
+    constructor(outputLen) {
+        if (outputLen < 1)
+            throw new RangeError(`outputLen must be >= 1 (got ${outputLen})`);
+        this.outputLen = outputLen;
+        this.x = getExports();
+        this._tok = _acquireModule('sha3');
+        try {
+            this.x.shake128Init();
+        }
+        catch (e) {
+            _releaseModule('sha3', this._tok);
+            this._tok = undefined;
+            throw e;
+        }
+    }
+    update(chunk) {
+        if (this._tok === undefined)
+            throw new Error('SHAKE128Stream: instance has been disposed');
+        absorb(this.x, chunk);
+        return this;
+    }
+    finalize() {
+        if (this._tok === undefined)
+            throw new Error('SHAKE128Stream: instance has been disposed');
+        this.x.shakePad();
+        const out = new Uint8Array(this.outputLen);
+        const mem = new Uint8Array(this.x.memory.buffer);
+        const off = this.x.getOutOffset();
+        let pos = 0;
+        while (pos < this.outputLen) {
+            this.x.shakeSqueezeBlock();
+            const take = Math.min(this.outputLen - pos, this._rate);
+            out.set(mem.subarray(off, off + take), pos);
+            pos += take;
+        }
+        this.dispose();
+        return out;
+    }
+    dispose() {
+        if (this._tok === undefined)
+            return;
+        try {
+            this.x.wipeBuffers();
+        }
+        finally {
+            _releaseModule('sha3', this._tok);
+            this._tok = undefined;
+        }
+    }
+}
+// ── SHAKE256Stream ──────────────────────────────────────────────────────────
+/**
+ * Single-shot streaming SHAKE256. `outputLen` is bound at construction;
+ * mirrors `SHAKE128Stream`. See that class for usage notes.
+ */
+export class SHAKE256Stream {
+    x;
+    _rate = 136;
+    outputLen;
+    _tok;
+    constructor(outputLen) {
+        if (outputLen < 1)
+            throw new RangeError(`outputLen must be >= 1 (got ${outputLen})`);
+        this.outputLen = outputLen;
+        this.x = getExports();
+        this._tok = _acquireModule('sha3');
+        try {
+            this.x.shake256Init();
+        }
+        catch (e) {
+            _releaseModule('sha3', this._tok);
+            this._tok = undefined;
+            throw e;
+        }
+    }
+    update(chunk) {
+        if (this._tok === undefined)
+            throw new Error('SHAKE256Stream: instance has been disposed');
+        absorb(this.x, chunk);
+        return this;
+    }
+    finalize() {
+        if (this._tok === undefined)
+            throw new Error('SHAKE256Stream: instance has been disposed');
+        this.x.shakePad();
+        const out = new Uint8Array(this.outputLen);
+        const mem = new Uint8Array(this.x.memory.buffer);
+        const off = this.x.getOutOffset();
+        let pos = 0;
+        while (pos < this.outputLen) {
+            this.x.shakeSqueezeBlock();
+            const take = Math.min(this.outputLen - pos, this._rate);
+            out.set(mem.subarray(off, off + take), pos);
+            pos += take;
+        }
+        this.dispose();
+        return out;
+    }
+    dispose() {
+        if (this._tok === undefined)
+            return;
+        try {
+            this.x.wipeBuffers();
+        }
+        finally {
+            _releaseModule('sha3', this._tok);
+            this._tok = undefined;
+        }
+    }
+}
 // ── SHA3_256Hash ────────────────────────────────────────────────────────────
 export { SHA3_256Hash } from './hash.js';
+// ── cSHAKE / KMAC (SP 800-185) ──────────────────────────────────────────────
+export { CSHAKE128, CSHAKE256, KMAC128, KMAC256, KMACXOF128, KMACXOF256 } from './kmac.js';

package/dist/sha3/kmac.d.ts ADDED Viewed

@@ -0,0 +1,121 @@
+/**
+ * cSHAKE128, customizable SHAKE128 (SP 800-185 §3).
+ *
+ * Holds exclusive access to the `sha3` WASM module from construction until
+ * `dispose()`. Constructing any other sha3 user (SHAKE128/256, SHA3_*,
+ * KMAC*, CSHAKE*) while this instance is live throws.
+ */
+export declare class CSHAKE128 {
+    private readonly x;
+    private readonly _rate;
+    private readonly _prefix;
+    private _squeezing;
+    private _block;
+    private _blockPos;
+    private _tok;
+    constructor(customization: Uint8Array);
+    reset(): this;
+    absorb(msg: Uint8Array): this;
+    squeeze(n: number): Uint8Array;
+    hash(msg: Uint8Array, outputLength: number): Uint8Array;
+    dispose(): void;
+}
+/**
+ * cSHAKE256, customizable SHAKE256 (SP 800-185 §3).
+ *
+ * Holds exclusive access to the `sha3` WASM module from construction until
+ * `dispose()`.
+ */
+export declare class CSHAKE256 {
+    private readonly x;
+    private readonly _rate;
+    private readonly _prefix;
+    private _squeezing;
+    private _block;
+    private _blockPos;
+    private _tok;
+    constructor(customization: Uint8Array);
+    reset(): this;
+    absorb(msg: Uint8Array): this;
+    squeeze(n: number): Uint8Array;
+    hash(msg: Uint8Array, outputLength: number): Uint8Array;
+    dispose(): void;
+}
+/**
+ * KMAC128, keyed Keccak MAC, fixed-output (SP 800-185 §4).
+ *
+ * Bound to a specific output length at construction (the spec's right_encode(L)
+ * suffix is a function of L). Use `KMACXOF128` for arbitrary-length output.
+ *
+ * Holds exclusive access to the `sha3` WASM module from construction until
+ * `dispose()`.
+ */
+export declare class KMAC128 {
+    private readonly x;
+    private readonly _rate;
+    private readonly _outLen;
+    private _finalized;
+    private _tok;
+    constructor(key: Uint8Array, outLen: number, customization: Uint8Array);
+    update(chunk: Uint8Array): this;
+    finalize(): Uint8Array;
+    mac(msg: Uint8Array): Uint8Array;
+    dispose(): void;
+    /**
+     * Constant-time tag verification. Throws `AuthenticationError('kmac128')`
+     * on mismatch (matches the lib's AEAD pattern). Returns `true` on success.
+     *
+     * Atomic, does not hold the sha3 module beyond the internal compute.
+     */
+    static verify(tag: Uint8Array, key: Uint8Array, msg: Uint8Array, customization: Uint8Array): true;
+}
+/**
+ * KMAC256, 256-bit-strength keyed Keccak MAC, fixed-output (SP 800-185 §4).
+ */
+export declare class KMAC256 {
+    private readonly x;
+    private readonly _rate;
+    private readonly _outLen;
+    private _finalized;
+    private _tok;
+    constructor(key: Uint8Array, outLen: number, customization: Uint8Array);
+    update(chunk: Uint8Array): this;
+    finalize(): Uint8Array;
+    mac(msg: Uint8Array): Uint8Array;
+    dispose(): void;
+    static verify(tag: Uint8Array, key: Uint8Array, msg: Uint8Array, customization: Uint8Array): true;
+}
+/**
+ * KMACXOF128, XOF variant of KMAC128 (SP 800-185 §4.3.1). Output length
+ * is caller-chosen per squeeze; the spec's right_encode(0) suffix marks the
+ * XOF mode.
+ */
+export declare class KMACXOF128 {
+    private readonly x;
+    private readonly _rate;
+    private _squeezing;
+    private _block;
+    private _blockPos;
+    private _tok;
+    constructor(key: Uint8Array, customization: Uint8Array);
+    update(chunk: Uint8Array): this;
+    squeeze(n: number): Uint8Array;
+    mac(msg: Uint8Array, outLen: number): Uint8Array;
+    dispose(): void;
+}
+/**
+ * KMACXOF256, XOF variant of KMAC256 (SP 800-185 §4.3.1).
+ */
+export declare class KMACXOF256 {
+    private readonly x;
+    private readonly _rate;
+    private _squeezing;
+    private _block;
+    private _blockPos;
+    private _tok;
+    constructor(key: Uint8Array, customization: Uint8Array);
+    update(chunk: Uint8Array): this;
+    squeeze(n: number): Uint8Array;
+    mac(msg: Uint8Array, outLen: number): Uint8Array;
+    dispose(): void;
+}