salty-crypto 0.0.5 → 0.1.0

package/src/noise.ts

@@ -1,368 +1,18 @@
 /// SPDX-License-Identifier: MIT
 /// SPDX-FileCopyrightText: Copyright © 2023 Tony Garnock-Jones <tonyg@leastfixedpoint.com>
 
-export type DHKeyPair = { public: Uint8Array, secret: Uint8Array };
-
-export class Nonce {
-    constructor(public lo = 0, public hi = 0) {}
-
-    increment() {
-        const oldLo = this.lo;
-        const newLo = (oldLo + 1) | 0;
-        this.lo = newLo;
-        if (newLo < oldLo) this.hi = (this.hi + 1) | 0;
-    }
-
-    reset(lo = 0, hi = 0) {
-        this.lo = lo;
-        this.hi = hi;
-    }
-
-    static get MAX(): Nonce {
-        return new Nonce(0xffffffff, 0xffffffff);
-    }
-}
-
-export function bytesXor(a: Uint8Array, b: Uint8Array): Uint8Array {
-    const len = Math.min(a.byteLength, b.byteLength);
-    const r = new Uint8Array(len);
-    for (let i = 0; i < len; i++) r[i] = a[i] ^ b[i];
-    return r;
-}
-
-export function bytesAppend(a: Uint8Array, b: Uint8Array): Uint8Array {
-    const r = new Uint8Array(a.byteLength + b.byteLength);
-    r.set(a, 0);
-    r.set(b, a.byteLength);
-    return r;
-}
-
-const EMPTY_BYTES = new Uint8Array(0);
-
-export type HMAC = (key: Uint8Array, data: Uint8Array) => Uint8Array;
-
-function makeHMAC(algorithms: NoiseProtocolAlgorithms): HMAC {
-    const HMAC_IPAD = new Uint8Array(algorithms.hashBlocklen()); HMAC_IPAD.fill(0x36);
-    const HMAC_OPAD = new Uint8Array(algorithms.hashBlocklen()); HMAC_OPAD.fill(0x5c);
-    return (key0, data) => {
-        const key = algorithms._padOrHash(key0, algorithms.hashBlocklen());
-        return algorithms.hash(bytesAppend(bytesXor(key, HMAC_OPAD),
-                                           algorithms.hash(bytesAppend(bytesXor(key, HMAC_IPAD),
-                                                                       data))));
-    };
-}
-
-export abstract class NoiseProtocolAlgorithms {
-    readonly dhlen: number;
-    readonly hmac: HMAC;
-
-    constructor (hmac?: HMAC) {
-        const tmp = this.generateKeypair();
-        this.dhlen = this.dh(tmp, tmp.public).byteLength;
-        this.hmac = hmac ?? makeHMAC(this);
-    }
-
-    abstract dhName(): string;
-    abstract generateKeypair(): DHKeyPair;
-    abstract dh(kp: DHKeyPair, pk: Uint8Array): Uint8Array;
-
-    abstract cipherName(): string;
-    abstract encrypt(key: DataView, nonce: Nonce, p: Uint8Array, associated_data?: Uint8Array): Uint8Array;
-    abstract decrypt(key: DataView, nonce: Nonce, c: Uint8Array, associated_data?: Uint8Array): Uint8Array;
-
-    abstract hashName(): string;
-    abstract hash(data: Uint8Array): Uint8Array;
-    abstract hashBlocklen(): number;
-
-    rekey(k: DataView): DataView {
-        return new DataView(this.encrypt(k, Nonce.MAX, new Uint8Array(32)).buffer);
-    }
-
-    _padOrHash(bs0: Uint8Array, len: number): Uint8Array {
-        const bs = bs0.byteLength > len ? this.hash(bs0) : bs0;
-        return bytesAppend(bs, new Uint8Array(len - bs.byteLength));
-    }
-
-    hkdf(chainingKey: Uint8Array, input: Uint8Array, numOutputs: 2): [Uint8Array, Uint8Array];
-    hkdf(chainingKey: Uint8Array, input: Uint8Array, numOutputs: 3): [Uint8Array, Uint8Array, Uint8Array];
-    hkdf(chainingKey: Uint8Array, input: Uint8Array, numOutputs: 2 | 3): Uint8Array[] {
-        const tempKey = this.hmac(chainingKey, input);
-        const o1 = this.hmac(tempKey, Uint8Array.from([1]));
-        const o2 = this.hmac(tempKey, bytesAppend(o1, Uint8Array.from([2])));
-        switch (numOutputs) {
-            case 2: return [o1, o2];
-            case 3: return [o1, o2, this.hmac(tempKey, bytesAppend(o2, Uint8Array.from([3])))];
-        }
-    }
-
-    matchingPattern(protocol_name: string): string | null {
-        const r = new RegExp(`^Noise_([A-Za-z0-9+]+)_${this.dhName()}_${this.cipherName()}_${this.hashName()}$`);
-        const m = r.exec(protocol_name);
-        if (m === null) return null;
-        return m[1];
-    }
-}
-
-export interface HandshakePattern {
-    name: string; // e.g. "NNpsk2"
-    baseName: string; // e.g. "NN"
-    messages: Token[][];
-    initiatorPreMessage: PreMessage;
-    responderPreMessage: PreMessage;
-}
-
-export class CipherState {
-    view: DataView | null = null;
-    nonce = new Nonce();
-
-    constructor (public algorithms: NoiseProtocolAlgorithms,
-                 key?: Uint8Array)
-    {
-        if (key !== void 0) this.view = new DataView(key.buffer);
-    }
-
-    encrypt(plaintext: Uint8Array, associated_data?: Uint8Array): Uint8Array {
-        if (this.view === null) return plaintext;
-        const ciphertext = this.algorithms.encrypt(this.view, this.nonce, plaintext, associated_data);
-        this.nonce.increment();
-        return ciphertext;
-    }
-
-    decrypt(ciphertext: Uint8Array, associated_data?: Uint8Array): Uint8Array {
-        if (this.view === null) return ciphertext;
-        const plaintext = this.algorithms.decrypt(this.view, this.nonce, ciphertext, associated_data);
-        this.nonce.increment();
-        return plaintext;
-    }
-
-    rekey() {
-        if (this.view === null) return;
-        this.view = this.algorithms.rekey(this.view);
-    }
-}
-
-export type Role = 'initiator' | 'responder';
-
-export type NoiseProtocolOptions = {
-    prologue?: Uint8Array,
-    staticKeypair?: DHKeyPair,
-    remoteStaticPublicKey?: Uint8Array,
-    pregeneratedEphemeralKeypair?: DHKeyPair,
-    remotePregeneratedEphemeralPublicKey?: Uint8Array,
-    preSharedKeys?: Uint8Array[],
-};
-
-export type KeyTransferToken = 'e' | 's';
-export type KeyMixToken = 'ee' | 'es' | 'se' | 'ss' | 'psk';
-export type Token = KeyTransferToken | KeyMixToken;
-export type PreMessage = ['e'] | ['s'] | ['e', 's'] | [];
-
-export type TransportState = { send: CipherState, recv: CipherState };
-
-export class NoiseHandshake {
-    staticKeypair: DHKeyPair;
-    remoteStaticPublicKey: Uint8Array | null;
-    ephemeralKeypair: DHKeyPair;
-    remoteEphemeralPublicKey: Uint8Array | null;
-    preSharedKeys?: Uint8Array[];
-    stepIndex = 0;
-    cipherState: CipherState;
-    chainingKey: Uint8Array;
-    handshakeHash: Uint8Array;
-
-    constructor (public algorithms: NoiseProtocolAlgorithms,
-                 public pattern: HandshakePattern,
-                 public role: Role,
-                 options: NoiseProtocolOptions = {})
-    {
-        this.staticKeypair = options.staticKeypair ?? this.algorithms.generateKeypair();
-        this.remoteStaticPublicKey = options.remoteStaticPublicKey ?? null;
-        this.ephemeralKeypair = options.pregeneratedEphemeralKeypair ?? this.algorithms.generateKeypair();
-        this.remoteEphemeralPublicKey = options.remotePregeneratedEphemeralPublicKey ?? null;
-        this.preSharedKeys = options.preSharedKeys;
-        if (this.preSharedKeys) {
-            this.preSharedKeys = this.preSharedKeys.slice();
-            if (this.preSharedKeys.length === 0) this.preSharedKeys = void 0;
-        }
-
-        const protocolName = new TextEncoder().encode(
-            'Noise_' + this.pattern.name +
-                '_' + this.algorithms.dhName() +
-                '_' + this.algorithms.cipherName() +
-                '_' + this.algorithms.hashName());
-
-        this.cipherState = new CipherState(this.algorithms);
-        this.chainingKey = this.algorithms._padOrHash(
-            protocolName,
-            this.algorithms.hash(EMPTY_BYTES).byteLength);
-        this.handshakeHash = this.chainingKey;
-
-        this.mixHash(options.prologue ?? EMPTY_BYTES);
-        this.pattern.initiatorPreMessage.forEach(t => this.mixHash(t === 'e'
-            ? (this.isInitiator ? this.ephemeralKeypair.public : this.remoteEphemeralPublicKey!)
-            : (this.isInitiator ? this.staticKeypair.public : this.remoteStaticPublicKey!)));
-        this.pattern.responderPreMessage.forEach(t => this.mixHash(t === 'e'
-            ? (!this.isInitiator ? this.ephemeralKeypair.public : this.remoteEphemeralPublicKey!)
-            : (!this.isInitiator ? this.staticKeypair.public : this.remoteStaticPublicKey!)));
-    }
-
-    get isInitiator(): boolean {
-        return this.role === 'initiator';
-    }
-
-    mixHash(data: Uint8Array) {
-        this.handshakeHash = this.algorithms.hash(bytesAppend(this.handshakeHash, data));
-    }
-
-    mixKey(input: Uint8Array) {
-        const [newCk, k] = this.algorithms.hkdf(this.chainingKey, input, 2);
-        this.chainingKey = newCk;
-        this.cipherState = new CipherState(this.algorithms, k);
-    }
-
-    mixKeyAndHashNextPSK() {
-        const psk = this.preSharedKeys!.shift()!;
-        const [newCk, tempH, k] = this.algorithms.hkdf(this.chainingKey, psk, 3);
-        this.chainingKey = newCk;
-        this.mixHash(tempH);
-        this.cipherState = new CipherState(this.algorithms, k);
-    }
-
-    encryptAndHash(p: Uint8Array) {
-        const c = this.cipherState.encrypt(p, this.handshakeHash);
-        this.mixHash(c);
-        return c;
-    }
-
-    decryptAndHash(c: Uint8Array) {
-        const p = this.cipherState.decrypt(c, this.handshakeHash);
-        this.mixHash(c);
-        return p;
-    }
-
-    _split(): TransportState | null {
-        if (this.stepIndex < this.pattern.messages.length) {
-            return null;
-        } else {
-            let [kI, kR] = this.algorithms.hkdf(this.chainingKey, EMPTY_BYTES, 2)
-                .map(k => new CipherState(this.algorithms, k));
-            return this.isInitiator ? { send: kI, recv: kR } : { send: kR, recv: kI };
-        }
-    }
-
-    _nextStep(): Token[] {
-        if (this.stepIndex >= this.pattern.messages.length) {
-            throw new Error("Handshake already complete, cannot continue");
-        }
-        return this.pattern.messages[this.stepIndex++];
-    }
-
-    _processKeyMixToken(t: KeyMixToken) {
-        switch (t) {
-            case 'ee':
-                this.mixKey(this.algorithms.dh(this.ephemeralKeypair, this.remoteEphemeralPublicKey!));
-                break;
-
-            case 'es':
-                this.mixKey(this.isInitiator
-                    ? this.algorithms.dh(this.ephemeralKeypair, this.remoteStaticPublicKey!)
-                    : this.algorithms.dh(this.staticKeypair, this.remoteEphemeralPublicKey!));
-                break;
-
-            case 'se':
-                this.mixKey(!this.isInitiator
-                    ? this.algorithms.dh(this.ephemeralKeypair, this.remoteStaticPublicKey!)
-                    : this.algorithms.dh(this.staticKeypair, this.remoteEphemeralPublicKey!));
-                break;
-
-            case 'ss':
-                this.mixKey(this.algorithms.dh(this.staticKeypair, this.remoteStaticPublicKey!));
-                break;
-
-            case 'psk':
-                this.mixKeyAndHashNextPSK();
-                break;
-        }
-    }
-
-    writeMessage(payload: Uint8Array): { packet: Uint8Array, finished: TransportState | null } {
-        const pieces = [];
-        this._nextStep().forEach(t => {
-            switch (t) {
-                case 'e':
-                    pieces.push(this.ephemeralKeypair.public);
-                    this.mixHash(this.ephemeralKeypair.public);
-                    if (this.preSharedKeys) this.mixKey(this.ephemeralKeypair.public);
-                    break;
-
-                case 's':
-                    pieces.push(this.encryptAndHash(this.staticKeypair.public));
-                    break;
-
-                default:
-                    this._processKeyMixToken(t);
-                    break;
-            }
-        });
-        pieces.push(this.encryptAndHash(payload));
-
-        let packet: Uint8Array;
-        if (pieces.length === 1) {
-            packet = pieces[0];
-        } else {
-            packet = new Uint8Array(pieces.reduce((ac, p) => ac + p.byteLength, 0));
-            let offset = 0;
-            pieces.forEach(p => { packet.set(p, offset); offset += p.byteLength; });
-        }
-
-        return { packet, finished: this._split() };
-    }
-
-    readMessage(packet: Uint8Array): { message: Uint8Array, finished: TransportState | null } {
-        const take = (n: number): Uint8Array => {
-            const bs = packet.slice(0, n);
-            packet = packet.subarray(n);
-            return bs;
-        };
-        this._nextStep().forEach(t => {
-            switch (t) {
-                case 'e':
-                    this.remoteEphemeralPublicKey = take(this.algorithms.dhlen);
-                    this.mixHash(this.remoteEphemeralPublicKey);
-                    if (this.preSharedKeys) this.mixKey(this.remoteEphemeralPublicKey);
-                    break;
-
-                case 's':
-                    this.remoteStaticPublicKey = this.decryptAndHash(take(
-                        this.algorithms.dhlen + (this.cipherState.view ? 16 : 0)));
-                    break;
-
-                default:
-                    this._processKeyMixToken(t);
-                    break;
-            }
-        });
-
-        const message = this.decryptAndHash(packet);
-        return { message, finished: this._split() };
-    }
-
-    async completeHandshake(writePacket: (packet: Uint8Array) => Promise<void>,
-                            readPacket: () => Promise<Uint8Array>,
-                            handleMessage = async (_m: Uint8Array): Promise<void> => {},
-                            produceMessage = async (): Promise<Uint8Array> => new Uint8Array(0))
-    : Promise<TransportState>
-    {
-        const W = async (): Promise<TransportState> => {
-            const { packet, finished } = this.writeMessage(await produceMessage());
-            await writePacket(packet);
-            return finished || R();
-        };
-        const R = async (): Promise<TransportState> => {
-            const { message, finished } = this.readMessage(await readPacket());
-            await handleMessage(message);
-            return finished || W();
-        };
-        return (this.isInitiator ? W() : R());
-    }
-}
+export { Algorithms, matchPattern } from './noise/algorithms';
+export { CipherState } from './noise/cipherstate';
+export { Role, HandshakeOptions, TransportState, Handshake } from './noise/handshake';
+export {
+    HandshakePattern,
+    KeyMixToken,
+    KeyTransferToken,
+    PATTERNS,
+    PreMessage,
+    Token,
+    isOneWay,
+    lookupPattern,
+} from './noise/patterns';
+export { Noise_25519_ChaChaPoly_BLAKE2s } from './noise/profiles';
+export { Rekey } from './noise/rekey';

package/src/nonce.ts

@@ -0,0 +1,23 @@
+/// SPDX-License-Identifier: MIT
+/// SPDX-FileCopyrightText: Copyright © 2023 Tony Garnock-Jones <tonyg@leastfixedpoint.com>
+
+export class Nonce {
+    constructor(public lo = 0, public hi = 0, public extra = 0) {}
+
+    increment() {
+        const oldLo = this.lo;
+        const newLo = (oldLo + 1) | 0;
+        this.lo = newLo;
+        if (newLo < oldLo) this.hi = (this.hi + 1) | 0;
+    }
+
+    reset(lo = 0, hi = 0, extra = 0) {
+        this.lo = lo;
+        this.hi = hi;
+        this.extra = extra;
+    }
+
+    static get MAX(): Nonce {
+        return new Nonce(0xffffffff, 0xffffffff);
+    }
+}

package/test/tests/aead.test.ts

@@ -1,5 +1,4 @@
-import { AEAD } from '../../dist/salty-crypto.js';
-const { AEAD_CHACHA20_POLY1305_TAGBYTES, aead_encrypt_detached, aead_decrypt_detached } = AEAD;
+import { ChaCha20Poly1305_RFC8439, Nonce } from '../../dist/salty-crypto.js';
 import { it, expect } from '../harness';
 
 it('section 2.8.2 from rfc 8439', () => {
@@ -18,10 +17,7 @@ it('section 2.8.2 from rfc 8439', () => {
         0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
     ]).buffer);
 
-    const nonce = new DataView(new Uint8Array([
-        0x07, 0x00, 0x00, 0x00,
-        0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
-    ]).buffer);
+    const nonce = new Nonce(0x43424140, 0x47464544, 0x7);
 
     const expectedEncrypted = new Uint8Array([
         0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
@@ -34,8 +30,9 @@ it('section 2.8.2 from rfc 8439', () => {
         0x61, 0x16,
     ]);
 
-    const tag = new Uint8Array(AEAD_CHACHA20_POLY1305_TAGBYTES);
-    aead_encrypt_detached(sunscreen, sunscreen, sunscreen.byteLength, tag, key, nonce, associated_data);
+    const tag = new Uint8Array(ChaCha20Poly1305_RFC8439.TAGBYTES);
+    ChaCha20Poly1305_RFC8439.encrypt_detached(
+        sunscreen, sunscreen, sunscreen.byteLength, tag, key, nonce, associated_data);
     expect(sunscreen).toEqual(expectedEncrypted);
     expect(tag).toEqual(new Uint8Array([
         0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
@@ -43,10 +40,13 @@ it('section 2.8.2 from rfc 8439', () => {
     ]));
 
     const sunscreen2 = Uint8Array.from(sunscreen);
-    expect(aead_decrypt_detached(sunscreen2, sunscreen2, sunscreen2.byteLength, tag, key, nonce, associated_data)).toBe(true);
+    expect(ChaCha20Poly1305_RFC8439.decrypt_detached(
+        sunscreen2, sunscreen2, sunscreen2.byteLength, tag, key, nonce, associated_data))
+        .toBe(true);
     expect(new TextDecoder().decode(sunscreen2)).toBe(sunscreen_str);
 
     tag[0]++;
-    expect(aead_decrypt_detached(sunscreen, sunscreen, sunscreen.byteLength, tag, key, nonce, associated_data)).toBe(false);
+    expect(ChaCha20Poly1305_RFC8439.decrypt_detached(
+        sunscreen, sunscreen, sunscreen.byteLength, tag, key, nonce, associated_data)).toBe(false);
     expect(sunscreen).toEqual(expectedEncrypted);
 });

package/test/tests/blake2.test.ts

@@ -1,5 +1,4 @@
-import { BLAKE2 } from '../../dist/salty-crypto.js';
-const { BLAKE2s } = BLAKE2;
+import { BLAKE2s } from '../../dist/salty-crypto.js';
 import { it, expect } from '../harness';
 
 it('Appendix B of RFC 7693', () => {
@@ -28,8 +27,8 @@ it('Appendix E of RFC 7693', () => {
     [16, 20, 28, 32].forEach(outlen => {
         [0, 3, 64, 65, 255, 1024].forEach(inlen => {
             const input = seq(inlen, inlen);
-            ctx.update(BLAKE2s.digest(input, outlen));
-            ctx.update(BLAKE2s.digest(input, outlen, seq(outlen, outlen)));
+            ctx.update(BLAKE2s.digest(input, void 0, outlen));
+            ctx.update(BLAKE2s.digest(input, seq(outlen, outlen), outlen));
         });
     });
 

package/test/tests/chacha20.test.ts

@@ -1,4 +1,5 @@
-import { ChaCha20 as ChaCha } from '../../dist/salty-crypto.js';
+import { ChaCha20, INTERNALS, Nonce } from '../../dist/salty-crypto.js';
+const { chacha20_quarter_round, chacha20_block } = INTERNALS.cipher.chacha20;
 import { it, expect } from '../harness';
 
 it('chacha20_quarter_round 1', () => {
@@ -7,7 +8,7 @@ it('chacha20_quarter_round 1', () => {
     s[1] = 0x01020304;
     s[2] = 0x9b8d6f43;
     s[3] = 0x01234567;
-    ChaCha.chacha20_quarter_round(s, 0, 1, 2, 3);
+    chacha20_quarter_round(s, 0, 1, 2, 3);
     expect(Array.from(s)).toEqual([0xea2a92f4, 0xcb1cf8ce, 0x4581472e, 0x5881c4bb]);
 });
 
@@ -18,7 +19,7 @@ it('chacha20_quarter_round 2', () => {
         0x53372767, 0xb00a5631, 0x974c541a, 0x359e9963,
         0x5c971061, 0x3d631689, 0x2098d9d6, 0x91dbd320,
     ]);
-    ChaCha.chacha20_quarter_round(s, 2, 7, 8, 13);
+    chacha20_quarter_round(s, 2, 7, 8, 13);
     expect(s).toEqual(Uint32Array.from([
         0x879531e0, 0xc5ecf37d, 0xbdb886dc, 0xc9a62f8a,
         0x44c20ef3, 0x3390af7f, 0xd9fc690b, 0xcfacafd2,
@@ -28,18 +29,18 @@ it('chacha20_quarter_round 2', () => {
 });
 
 it('chacha20_block', () => {
-    const key8 = new Uint8Array(ChaCha.CHACHA20_KEYBYTES);
+    const key8 = new Uint8Array(ChaCha20.KEYBYTES);
     for (let i = 0; i < key8.length; i++) key8[i] = i;
     const key = new DataView(key8.buffer);
 
-    const nonce8 = new Uint8Array(ChaCha.CHACHA20_NONCEBYTES);
+    const nonce8 = new Uint8Array(ChaCha20.NONCEBYTES);
     nonce8[3] = 0x09;
     nonce8[7] = 0x4a;
     const nonce = new DataView(nonce8.buffer);
 
     const block = 1;
 
-    const output = ChaCha.chacha20_block(key, block, nonce);
+    const output = chacha20_block(key, block, nonce);
     expect(output).toEqual(Uint32Array.from([
         0xe4e7f110, 0x15593bd1, 0x1fdd0f50, 0xc47120a3,
         0xc7f4d1c7, 0x0368c033, 0x9aaa2204, 0x4e6cd4c3,
@@ -49,13 +50,11 @@ it('chacha20_block', () => {
 });
 
 it('chacha20', () => {
-    const key8 = new Uint8Array(ChaCha.CHACHA20_KEYBYTES);
+    const key8 = new Uint8Array(ChaCha20.KEYBYTES);
     for (let i = 0; i < key8.length; i++) key8[i] = i;
     const key = new DataView(key8.buffer);
 
-    const nonce8 = new Uint8Array(ChaCha.CHACHA20_NONCEBYTES);
-    nonce8[7] = 0x4a;
-    const nonce = new DataView(nonce8.buffer);
+    const nonce = new Nonce(0x4a000000, 0, 0);
 
     const initial_counter = 1;
 
@@ -63,7 +62,7 @@ it('chacha20', () => {
     const sunscreen = new TextEncoder().encode(sunscreen_str);
     const output = new Uint8Array(sunscreen.byteLength);
 
-    ChaCha.chacha20(key, nonce, sunscreen, output, initial_counter);
+    ChaCha20.stream_xor(key, nonce, sunscreen, output, initial_counter);
     expect(output).toEqual(Uint8Array.from([
         0x6e, 0x2e, 0x35, 0x9a, 0x25, 0x68, 0xf9, 0x80, 0x41, 0xba, 0x07, 0x28, 0xdd, 0x0d, 0x69, 0x81,
         0xe9, 0x7e, 0x7a, 0xec, 0x1d, 0x43, 0x60, 0xc2, 0x0a, 0x27, 0xaf, 0xcc, 0xfd, 0x9f, 0xae, 0x0b,
@@ -76,6 +75,6 @@ it('chacha20', () => {
     ]));
 
     // Test in-place encryption
-    ChaCha.chacha20(key, nonce, sunscreen, sunscreen, initial_counter);
+    ChaCha20.stream_xor(key, nonce, sunscreen, sunscreen, initial_counter);
     expect(sunscreen).toEqual(output);
 });

package/test/tests/noise.test.ts

@@ -1,16 +1,14 @@
-import { Noise, Patterns, NoiseProfiles, X25519 } from '../../dist/salty-crypto.js';
-
-type DHKeyPair = Noise.DHKeyPair;
-type TransportState = Noise.TransportState;
-type NoiseProtocolAlgorithms = Noise.NoiseProtocolAlgorithms;
-const { NoiseHandshake } = Noise;
-
-const { isOneWay, lookupPattern } = Patterns;
-
-const { Noise_25519_ChaChaPoly_BLAKE2s } = NoiseProfiles;
-
-const { scalarMultBase } = X25519;
-
+import {
+    Algorithms,
+    DHKeyPair,
+    Handshake,
+    INTERNALS,
+    Noise_25519_ChaChaPoly_BLAKE2s,
+    TransportState,
+    isOneWay,
+    lookupPattern,
+    matchPattern,
+} from '../../dist/salty-crypto.js';
 import { describe, it, expect } from '../harness';
 
 import fs from 'fs';
@@ -75,30 +73,30 @@ function hex(bs: Uint8Array): string {
 function skToKeypair(sk: Uint8Array | undefined): DHKeyPair | undefined {
     if (sk === void 0) return void 0;
     return {
-        public: scalarMultBase(sk),
+        public: INTERNALS.dh.x25519.scalarMultBase(sk),
         secret: sk,
     };
 }
 
 const unit = (v: string | undefined): [string] | undefined => v === void 0 ? void 0 : [v];
 
-async function testsuite_test(t: Test, algorithms: NoiseProtocolAlgorithms) {
+async function testsuite_test(t: Test, algorithms: Algorithms) {
     const isOld = 'name' in t;
-    const patternName = algorithms.matchingPattern(isOld ? t.name : t.protocol_name);
+    const patternName = matchPattern(algorithms, isOld ? t.name : t.protocol_name);
     if (!patternName) return;
     const pattern = lookupPattern(patternName);
     if (!pattern) return;
     const oneWay = isOneWay(pattern);
 
     await it(pattern.name, async () => {
-        const I = new NoiseHandshake(algorithms, pattern, 'initiator', {
+        const I = new Handshake(algorithms, pattern, 'initiator', {
             prologue: unhex(t.init_prologue),
             staticKeypair: skToKeypair(unhex(t.init_static)),
             remoteStaticPublicKey: unhex(t.init_remote_static),
             pregeneratedEphemeralKeypair: skToKeypair(unhex(t.init_ephemeral)),
             preSharedKeys: (isOld ? unit(t.init_psk) : t.init_psks)?.map(k => unhex(k)),
         });
-        const R = new NoiseHandshake(algorithms, pattern, 'responder', {
+        const R = new Handshake(algorithms, pattern, 'responder', {
             prologue: unhex(t.resp_prologue),
             staticKeypair: skToKeypair(unhex(t.resp_static)),
             remoteStaticPublicKey: unhex(t.resp_remote_static),
@@ -137,7 +135,7 @@ async function testsuite_test(t: Test, algorithms: NoiseProtocolAlgorithms) {
 }
 
 (async () => {
-    const algorithms = new Noise_25519_ChaChaPoly_BLAKE2s();
+    const algorithms = Noise_25519_ChaChaPoly_BLAKE2s;
     const load = (n: string) => JSON.parse(fs.readFileSync(path.join('test-vectors', n), 'utf-8'));
 
     await describe('https://github.com/mcginty/snow/', async () => {

package/test/tests/poly1305.test.ts

@@ -1,5 +1,4 @@
-import { Poly1305 as P } from '../../dist/salty-crypto.js';
-const { Poly1305 } = P;
+import { Poly1305 } from '../../dist/salty-crypto.js';
 
 import { it, expect } from '../harness';
 
@@ -11,7 +10,7 @@ it('section 2.5.2 from rfc 8439', () => {
         0x4a, 0xbf, 0xf6, 0xaf, 0x41, 0x49, 0xf5, 0x1b,
     ]);
     const message = new TextEncoder().encode("Cryptographic Forum Research Group");
-    expect(Poly1305.digest(key, message)).toEqual(Uint8Array.from([
+    expect(Poly1305.digest(message, key)).toEqual(Uint8Array.from([
         0xa8, 0x06, 0x1d, 0xc1, 0x30, 0x51, 0x36, 0xc6,
         0xc2, 0x2b, 0x8b, 0xaf, 0x0c, 0x01, 0x27, 0xa9,
     ]));