shogun-core 5.2.0 → 5.2.1

package/dist/browser/defaultVendors-node_modules_hpke_hybridkem-x-wing_esm_mod_js.shogun-core.js

@@ -0,0 +1,844 @@
+"use strict";
+(this["webpackChunkShogunCore"] = this["webpackChunkShogunCore"] || []).push([["defaultVendors-node_modules_hpke_hybridkem-x-wing_esm_mod_js"],{
+
+/***/ "./node_modules/@hpke/hybridkem-x-wing/esm/mod.js":
+/*!********************************************************************!*\
+  !*** ./node_modules/@hpke/hybridkem-x-wing/esm/mod.js + 5 modules ***!
+  \********************************************************************/
+/***/ ((__unused_webpack___webpack_module__, __webpack_exports__, __webpack_require__) => {
+
+// ESM COMPAT FLAG
+__webpack_require__.r(__webpack_exports__);
+
+// EXPORTS
+__webpack_require__.d(__webpack_exports__, {
+  XWing: () => (/* reexport */ XWing)
+});
+
+// EXTERNAL MODULE: ./node_modules/mlkem/esm/mod.js + 12 modules
+var mod = __webpack_require__("./node_modules/mlkem/esm/mod.js");
+// EXTERNAL MODULE: ./node_modules/@hpke/common/esm/mod.js + 23 modules
+var esm_mod = __webpack_require__("./node_modules/@hpke/common/esm/mod.js");
+;// ./node_modules/@hpke/dhkem-x25519/esm/src/primitives/x25519.js
+/**
+ * This file is based on noble-curves (https://github.com/paulmillr/noble-curves).
+ *
+ * noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com)
+ *
+ * The original file is located at:
+ * https://github.com/paulmillr/noble-curves/blob/b9d49d2b41d550571a0c5be443ecb62109fa3373/src/ed25519.ts
+ */
+/**
+ * ed25519 Twisted Edwards curve with following addons:
+ * - X25519 ECDH
+ * - Ristretto cofactor elimination
+ * - Elligator hash-to-group / point indistinguishability
+ * @module
+ */
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+
+const _1n = BigInt(1);
+const _2n = BigInt(2);
+const _3n = BigInt(3);
+const _5n = BigInt(5);
+// P = 2n**255n - 19n
+const ed25519_CURVE_p = BigInt("0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed");
+function ed25519_pow_2_252_3(x) {
+    const _10n = BigInt(10);
+    const _20n = BigInt(20);
+    const _40n = BigInt(40);
+    const _80n = BigInt(80);
+    const P = ed25519_CURVE_p;
+    const x2 = (x * x) % P;
+    const b2 = (x2 * x) % P; // x^3, 11
+    const b4 = ((0,esm_mod.pow2)(b2, _2n, P) * b2) % P; // x^15, 1111
+    const b5 = ((0,esm_mod.pow2)(b4, _1n, P) * x) % P; // x^31
+    const b10 = ((0,esm_mod.pow2)(b5, _5n, P) * b5) % P;
+    const b20 = ((0,esm_mod.pow2)(b10, _10n, P) * b10) % P;
+    const b40 = ((0,esm_mod.pow2)(b20, _20n, P) * b20) % P;
+    const b80 = ((0,esm_mod.pow2)(b40, _40n, P) * b40) % P;
+    const b160 = ((0,esm_mod.pow2)(b80, _80n, P) * b80) % P;
+    const b240 = ((0,esm_mod.pow2)(b160, _80n, P) * b80) % P;
+    const b250 = ((0,esm_mod.pow2)(b240, _10n, P) * b10) % P;
+    const pow_p_5_8 = ((0,esm_mod.pow2)(b250, _2n, P) * x) % P;
+    // ^ To pow to (p+3)/8, multiply it by x.
+    return { pow_p_5_8, b2 };
+}
+function adjustScalarBytes(bytes) {
+    // Section 5: For X25519, in order to decode 32 random bytes as an integer scalar,
+    // set the three least significant bits of the first byte
+    bytes[0] &= 248; // 0b1111_1000
+    // and the most significant bit of the last to zero,
+    bytes[31] &= 127; // 0b0111_1111
+    // set the second most significant bit of the last byte to 1
+    bytes[31] |= 64; // 0b0100_0000
+    return bytes;
+}
+const x25519 = /* @__PURE__ */ (() => {
+    const P = ed25519_CURVE_p;
+    return (0,esm_mod.montgomery)({
+        P,
+        type: "x25519",
+        powPminus2: (x) => {
+            // x^(p-2) aka x^(2^255-21)
+            const { pow_p_5_8, b2 } = ed25519_pow_2_252_3(x);
+            return (0,esm_mod.mod)((0,esm_mod.pow2)(pow_p_5_8, _3n, P) * b2, P);
+        },
+        adjustScalarBytes,
+    });
+})();
+
+;// ./node_modules/@hpke/dhkem-x25519/esm/src/hkdfSha256.js
+
+class HkdfSha256 extends esm_mod.HkdfSha256Native {
+    async extract(salt, ikm) {
+        await this._setup();
+        if (salt.byteLength === 0) {
+            salt = new ArrayBuffer(this.hashSize);
+        }
+        if (salt.byteLength !== this.hashSize) {
+            return (0,esm_mod.hmac)(esm_mod.sha256, new Uint8Array(salt), new Uint8Array(ikm))
+                .buffer;
+        }
+        const key = await this._api.importKey("raw", salt, this.algHash, false, [
+            "sign",
+        ]);
+        return await this._api.sign("HMAC", key, ikm);
+    }
+}
+
+;// ./node_modules/@hpke/dhkem-x25519/esm/src/dhkemX25519.js
+
+
+
+const ALG_NAME = "X25519";
+class X25519 {
+    constructor(hkdf) {
+        Object.defineProperty(this, "_hkdf", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        Object.defineProperty(this, "_nPk", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        Object.defineProperty(this, "_nSk", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        this._hkdf = hkdf;
+        this._nPk = 32;
+        this._nSk = 32;
+    }
+    async serializePublicKey(key) {
+        try {
+            return await this._serializePublicKey(key);
+        }
+        catch (e) {
+            throw new esm_mod.SerializeError(e);
+        }
+    }
+    async deserializePublicKey(key) {
+        try {
+            return await this._importRawKey(key, true);
+        }
+        catch (e) {
+            throw new esm_mod.DeserializeError(e);
+        }
+    }
+    async serializePrivateKey(key) {
+        try {
+            return await this._serializePrivateKey(key);
+        }
+        catch (e) {
+            throw new esm_mod.SerializeError(e);
+        }
+    }
+    async deserializePrivateKey(key) {
+        try {
+            return await this._importRawKey(key, false);
+        }
+        catch (e) {
+            throw new esm_mod.DeserializeError(e);
+        }
+    }
+    async importKey(format, key, isPublic) {
+        try {
+            if (format === "raw") {
+                return await this._importRawKey(key, isPublic);
+            }
+            // jwk
+            if (key instanceof ArrayBuffer) {
+                throw new Error("Invalid jwk key format");
+            }
+            return await this._importJWK(key, isPublic);
+        }
+        catch (e) {
+            throw new esm_mod.DeserializeError(e);
+        }
+    }
+    async generateKeyPair() {
+        try {
+            const rawSk = await x25519.utils.randomSecretKey();
+            const sk = new esm_mod.XCryptoKey(ALG_NAME, rawSk, "private", esm_mod.KEM_USAGES);
+            const pk = await this.derivePublicKey(sk);
+            return { publicKey: pk, privateKey: sk };
+        }
+        catch (e) {
+            throw new esm_mod.NotSupportedError(e);
+        }
+    }
+    async deriveKeyPair(ikm) {
+        try {
+            const dkpPrk = await this._hkdf.labeledExtract(esm_mod.EMPTY.buffer, esm_mod.LABEL_DKP_PRK, new Uint8Array(ikm));
+            const rawSk = await this._hkdf.labeledExpand(dkpPrk, esm_mod.LABEL_SK, esm_mod.EMPTY, this._nSk);
+            const sk = new esm_mod.XCryptoKey(ALG_NAME, new Uint8Array(rawSk), "private", esm_mod.KEM_USAGES);
+            return {
+                privateKey: sk,
+                publicKey: await this.derivePublicKey(sk),
+            };
+        }
+        catch (e) {
+            throw new esm_mod.DeriveKeyPairError(e);
+        }
+    }
+    async derivePublicKey(key) {
+        try {
+            return await this._derivePublicKey(key);
+        }
+        catch (e) {
+            throw new esm_mod.DeserializeError(e);
+        }
+    }
+    async dh(sk, pk) {
+        try {
+            return await this._dh(sk, pk);
+        }
+        catch (e) {
+            throw new esm_mod.SerializeError(e);
+        }
+    }
+    async derive(sk, pk) {
+        try {
+            return await this._derive(sk, pk);
+        }
+        catch (e) {
+            throw new esm_mod.SerializeError(e);
+        }
+    }
+    _serializePublicKey(k) {
+        return new Promise((resolve) => {
+            resolve(k.key.buffer);
+        });
+    }
+    _serializePrivateKey(k) {
+        return new Promise((resolve) => {
+            resolve(k.key.buffer);
+        });
+    }
+    _importRawKey(key, isPublic) {
+        return new Promise((resolve, reject) => {
+            if (isPublic && key.byteLength !== this._nPk) {
+                reject(new Error("Invalid length of the key"));
+            }
+            if (!isPublic && key.byteLength !== this._nSk) {
+                reject(new Error("Invalid length of the key"));
+            }
+            resolve(new esm_mod.XCryptoKey(ALG_NAME, new Uint8Array(key), isPublic ? "public" : "private", isPublic ? [] : esm_mod.KEM_USAGES));
+        });
+    }
+    _importJWK(key, isPublic) {
+        return new Promise((resolve, reject) => {
+            if (typeof key.kty === "undefined" || key.kty !== "OKP") {
+                reject(new Error(`Invalid kty: ${key.kty}`));
+            }
+            if (typeof key.crv === "undefined" || key.crv !== "X25519") {
+                reject(new Error(`Invalid crv: ${key.crv}`));
+            }
+            if (isPublic) {
+                if (typeof key.d !== "undefined") {
+                    reject(new Error("Invalid key: `d` should not be set"));
+                }
+                if (typeof key.x === "undefined") {
+                    reject(new Error("Invalid key: `x` not found"));
+                }
+                resolve(new esm_mod.XCryptoKey(ALG_NAME, (0,esm_mod.base64UrlToBytes)(key.x), "public"));
+            }
+            else {
+                if (typeof key.d !== "string") {
+                    reject(new Error("Invalid key: `d` not found"));
+                }
+                resolve(new esm_mod.XCryptoKey(ALG_NAME, (0,esm_mod.base64UrlToBytes)(key.d), "private", esm_mod.KEM_USAGES));
+            }
+        });
+    }
+    _derivePublicKey(k) {
+        return new Promise((resolve, reject) => {
+            try {
+                const pk = x25519.getPublicKey(k.key);
+                resolve(new esm_mod.XCryptoKey(ALG_NAME, pk, "public"));
+            }
+            catch (e) {
+                reject(e);
+            }
+        });
+    }
+    _dh(sk, pk) {
+        return new Promise((resolve, reject) => {
+            try {
+                resolve(x25519.getSharedSecret(sk.key, pk.key).buffer);
+            }
+            catch (e) {
+                reject(e);
+            }
+        });
+    }
+    _derive(sk, pk) {
+        return new Promise((resolve, reject) => {
+            try {
+                resolve(x25519.getSharedSecret(sk, pk));
+            }
+            catch (e) {
+                reject(e);
+            }
+        });
+    }
+}
+/**
+ * The DHKEM(X25519, HKDF-SHA256) for HPKE KEM implementing {@link KemInterface}.
+ *
+ * This class is implemented using
+ * {@link https://github.com/paulmillr/noble-curves | @noble/curves}.
+ *
+ * The instance of this class can be specified to the
+ * {@link https://jsr.io/@hpke/core/doc/~/CipherSuiteParams | CipherSuiteParams} as follows:
+ *
+ * @example Use with `@hpke/core`:
+ *
+ * ```ts
+ * import {
+ *   Aes128Gcm,
+ *   CipherSuite,
+ *   HkdfSha256,
+ * } from "@hpke/core";
+ * import { DhkemX25519HkdfSha256 } from "@hpke/dhkem-x25519";
+ *
+ * const suite = new CipherSuite({
+ *   kem: new DhkemX25519HkdfSha256(),
+ *   kdf: new HkdfSha256(),
+ *   aead: new Aes128Gcm(),
+ * });
+ * ```
+ */
+class DhkemX25519HkdfSha256 extends esm_mod.Dhkem {
+    constructor() {
+        const kdf = new HkdfSha256();
+        super(esm_mod.KemId.DhkemX25519HkdfSha256, new X25519(kdf), kdf);
+        /** KemId.DhkemX25519HkdfSha256 (0x0020) */
+        Object.defineProperty(this, "id", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: esm_mod.KemId.DhkemX25519HkdfSha256
+        });
+        /** 32 */
+        Object.defineProperty(this, "secretSize", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: 32
+        });
+        /** 32 */
+        Object.defineProperty(this, "encSize", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: 32
+        });
+        /** 32 */
+        Object.defineProperty(this, "publicKeySize", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: 32
+        });
+        /** 32 */
+        Object.defineProperty(this, "privateKeySize", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: 32
+        });
+    }
+}
+
+;// ./node_modules/@hpke/dhkem-x25519/esm/mod.js
+
+
+
+;// ./node_modules/@hpke/hybridkem-x-wing/esm/src/xWing.js
+// @ts-ignore: Unreachable code error
+
+
+const xWing_ALG_NAME = "X-Wing";
+
+// deno-fmt-ignore
+const X25519_BASE = new Uint8Array([
+    0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+]);
+// XWingLabel = concat(
+//   "\./",
+//   "/^\",
+// );
+// deno-fmt-ignore
+const XWING_LABEL = new Uint8Array([92, 46, 47, 47, 94, 92]);
+function combiner(ssM, ssX, ctX, pkX) {
+    const ret = new Uint8Array(ssM.length + ssX.length + ctX.length + pkX.length + XWING_LABEL.length);
+    ret.set(ssM, 0);
+    ret.set(ssX, ssM.length);
+    ret.set(ctX, ssM.length + ssX.length);
+    ret.set(pkX, ssM.length + ssX.length + ctX.length);
+    ret.set(XWING_LABEL, ssM.length + ssX.length + ctX.length + pkX.length);
+    return mod.sha3_256.create().update(ret).digest();
+}
+/**
+ * The Hybrid Post-Quantum KEM (X25519, Kyber768).
+ *
+ * This class is implemented using
+ * {@link https://github.com/Argyle-Software/kyber | pqc-kyber }.
+ *
+ * The instance of this class can be specified to the
+ * {@link https://jsr.io/@hpke/core/doc/~/CipherSuiteParams | CipherSuiteParams} as follows:
+ *
+ * @example Use with `@hpke/core`:
+ *
+ * ```ts
+ * import { Aes128Gcm, CipherSuite, HkdfSha256 } from "@hpke/core";
+ * import { XWing } from "@hpke/hybridkem-x-wing";
+ * const suite = new CipherSuite({
+ *   kem: new XWing(),
+ *   kdf: new HkdfSha256(),
+ *   aead: new Aes128Gcm(),
+ * });
+ * ```
+ */
+class XWing {
+    constructor() {
+        Object.defineProperty(this, "id", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: esm_mod.KemId.XWing
+        });
+        Object.defineProperty(this, "name", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: xWing_ALG_NAME
+        });
+        Object.defineProperty(this, "secretSize", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: 32
+        });
+        Object.defineProperty(this, "encSize", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: 1120
+        });
+        Object.defineProperty(this, "publicKeySize", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: 1216
+        });
+        Object.defineProperty(this, "privateKeySize", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: 32
+        });
+        Object.defineProperty(this, "auth", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: false
+        });
+        Object.defineProperty(this, "_m", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        Object.defineProperty(this, "_x25519", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        Object.defineProperty(this, "_api", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: undefined
+        });
+        this._m = new mod.MlKem768();
+        this._x25519 = new X25519(new HkdfSha256());
+    }
+    async serializePublicKey(key) {
+        await this._setup();
+        try {
+            return await this._serializePublicKey(key);
+        }
+        catch (e) {
+            throw new esm_mod.SerializeError(e);
+        }
+    }
+    async deserializePublicKey(key) {
+        await this._setup();
+        try {
+            return await this._deserializePublicKey(key);
+        }
+        catch (e) {
+            throw new esm_mod.DeserializeError(e);
+        }
+    }
+    async serializePrivateKey(key) {
+        await this._setup();
+        try {
+            return await this._serializePrivateKey(key);
+        }
+        catch (e) {
+            throw new esm_mod.SerializeError(e);
+        }
+    }
+    async deserializePrivateKey(key) {
+        await this._setup();
+        try {
+            return await this._deserializePrivateKey(key);
+        }
+        catch (e) {
+            throw new esm_mod.DeserializeError(e);
+        }
+    }
+    /**
+     * Generates a new key pair.
+     *
+     * @returns {Promise<CryptoKeyPair>} A promise that resolves with a new key pair.
+     */
+    async generateKeyPair() {
+        await this._setup();
+        const sk = new Uint8Array(32);
+        try {
+            this._api.getRandomValues(sk);
+        }
+        catch (e) {
+            throw new esm_mod.NotSupportedError(e);
+        }
+        try {
+            const [_sk, pk] = await this._generateKeyPairDerand(sk);
+            const dSk = await this.deserializePrivateKey(sk.buffer);
+            const dPk = await this.deserializePublicKey(pk.buffer);
+            return { privateKey: dSk, publicKey: dPk };
+        }
+        catch (e) {
+            throw new esm_mod.DeriveKeyPairError(e);
+        }
+    }
+    /**
+     * Generates a key pair from the secret key.
+     * @param sk The secret key.
+     * @returns {Promise<CryptoKeyPair>} A promise that resolves with a new key pair.
+     * @throws {InvalidParamError} Thrown if the length of the secret key is not 32 bytes.
+     * @throws {DeriveKeyPairError} Thrown if the key pair cannot be derived.
+     */
+    async generateKeyPairDerand(sk) {
+        if (sk.byteLength !== 32) {
+            throw new esm_mod.InvalidParamError("Invalid length of sk");
+        }
+        try {
+            const [_sk, pk] = await this._generateKeyPairDerand(sk);
+            const dSk = await this.deserializePrivateKey(sk.buffer);
+            const dPk = await this.deserializePublicKey(pk.buffer);
+            return { privateKey: dSk, publicKey: dPk };
+        }
+        catch (e) {
+            throw new esm_mod.DeriveKeyPairError(e);
+        }
+    }
+    /**
+     * Derives a key pair from the input keying material.
+     *
+     * @param {ArrayBuffer} ikm The input keying material.
+     * @returns {Promise<CryptoKeyPair>} A promise that resolves with a new key pair.
+     * @throws {DeriveKeyPairError} Thrown if the key pair cannot be derived.
+     * @throws {InvalidParamError} Thrown if the length of the IKM is not 32 bytes.
+     */
+    async deriveKeyPair(ikm) {
+        await this._setup();
+        try {
+            const sk = mod.shake256.create({ dkLen: 32 })
+                .update(new Uint8Array(ikm))
+                .digest();
+            const [_sk, pk] = await this._generateKeyPairDerand(sk);
+            const dSk = await this.deserializePrivateKey(sk.buffer);
+            const dPk = await this.deserializePublicKey(pk.buffer);
+            return { privateKey: dSk, publicKey: dPk };
+        }
+        catch (e) {
+            throw new esm_mod.DeriveKeyPairError(e);
+        }
+    }
+    /**
+     * Imports a key from the input.
+     * @param format The format of the key. "raw" or "jwk" can be specified.
+     * @param key The key to import. If the format is "raw", the key must be an ArrayBuffer. If the format is "jwk", the key must be a JsonWebKey.
+     * @param isPublic A boolean indicating whether the key is public or not. The default is true.
+     * @returns {Promise<CryptoKey>} A promise that resolves with the imported key.
+     * @throws {DeserializeError} Thrown if the key cannot be imported.
+     */
+    async importKey(format, key, isPublic = true) {
+        await this._setup();
+        try {
+            let ret;
+            if (format === "jwk") {
+                if (key instanceof ArrayBuffer || key instanceof Uint8Array) {
+                    throw new Error("Invalid jwk key format");
+                }
+                ret = await this._importJWK(key, isPublic);
+            }
+            else {
+                if (key instanceof ArrayBuffer) {
+                    ret = new Uint8Array(key);
+                }
+                else if (key instanceof Uint8Array) {
+                    ret = key;
+                }
+                else {
+                    throw new Error("Invalid key format");
+                }
+            }
+            if (isPublic && ret.byteLength !== this.publicKeySize) {
+                throw new Error("Invalid length of the key");
+            }
+            if (!isPublic && ret.byteLength !== this.privateKeySize) {
+                throw new Error("Invalid length of the key");
+            }
+            return new esm_mod.XCryptoKey(xWing_ALG_NAME, ret, isPublic ? "public" : "private", isPublic ? [] : esm_mod.KEM_USAGES);
+        }
+        catch (e) {
+            throw new esm_mod.DeserializeError(e);
+        }
+    }
+    /**
+     * Encapsulates the shared secret and the `ct` (ciphertext) as `enc`.
+     * @param params The parameters for encapsulation.
+     * @returns {Promise<{ sharedSecret: ArrayBuffer; enc: ArrayBuffer }>} A promise that resolves with the `ss` (shared secret) as `sharedSecret` and the `ct` (ciphertext) as `enc`.
+     * @throws {InvalidParamError} Thrown if the length of the `ekm` is not 64 bytes.
+     * @throws {EncapError} Thrown if the shared secret cannot be encapsulated.
+     */
+    async encap(params) {
+        let ekm = undefined;
+        if (params.ekm !== undefined && !(0,esm_mod.isCryptoKeyPair)(params.ekm)) {
+            if (params.ekm.byteLength !== 64) {
+                throw new esm_mod.InvalidParamError("ekm must be 64 bytes in length");
+            }
+            ekm = params.ekm;
+        }
+        let ekM = undefined;
+        let ekX;
+        if (ekm !== undefined) {
+            const ek = new Uint8Array(ekm);
+            ekM = ek.subarray(0, 32);
+            ekX = ek.subarray(32, 64);
+        }
+        else {
+            ekX = new Uint8Array(32);
+            try {
+                this._api.getRandomValues(ekX);
+            }
+            catch (e) {
+                throw new esm_mod.NotSupportedError(e);
+            }
+        }
+        const pk = new Uint8Array(await this.serializePublicKey(params.recipientPublicKey));
+        if (pk.byteLength !== 1216) {
+            throw new esm_mod.InvalidParamError("Invalid length of recipientPublicKey");
+        }
+        await this._setup();
+        try {
+            const pkM = pk.subarray(0, 1184);
+            const pkX = pk.subarray(1184, 1216);
+            const ctX = await this._x25519.derive(ekX, X25519_BASE);
+            const ssX = await this._x25519.derive(ekX, pkX);
+            const [ctM, ssM] = await this._m.encap(pkM, ekM);
+            return {
+                sharedSecret: combiner(ssM, ssX, ctX, pkX).buffer,
+                enc: (0,esm_mod.concat)(ctM, ctX).buffer,
+            };
+        }
+        catch (e) {
+            throw new esm_mod.EncapError(e);
+        }
+    }
+    /**
+     * Decapsulates the `ss` (shared secret) from the `enc` and the recipient's private key.
+     * The `enc` is the same as the `ct` (ciphertext) resulting from `X-Wing::Encapsulate(),
+     * which is executed under the `encap()`.
+     * @param params The parameters for decapsulation.
+     * @returns {Promise<ArrayBuffer>} A promise that resolves with the shared secret.
+     * @throws {InvalidParamError} Thrown if the length of the `enc` is not 1120 bytes.
+     * @throws {DecapError} Thrown if the shared secret cannot be decapsulated.
+     */
+    async decap(params) {
+        const rSk = (0,esm_mod.isCryptoKeyPair)(params.recipientKey)
+            ? params.recipientKey.privateKey
+            : params.recipientKey;
+        if (params.enc.byteLength !== 1120) {
+            throw new esm_mod.InvalidParamError("Invalid length of enc");
+        }
+        const sk = new Uint8Array(await this.serializePrivateKey(rSk));
+        if (sk.byteLength !== 32) {
+            throw new esm_mod.InvalidParamError("Invalid length of recipientKey");
+        }
+        await this._setup();
+        try {
+            const [skM, skX, _pkM, pkX] = await this._expandDecapsulationKey(sk);
+            const ct = new Uint8Array(params.enc);
+            const ctM = ct.subarray(0, 1088);
+            const ctX = ct.subarray(1088);
+            const ssM = await this._m.decap(ctM, skM);
+            const ssX = await this._x25519.derive(skX, ctX);
+            return combiner(ssM, ssX, ctX, pkX).buffer;
+        }
+        catch (e) {
+            throw new esm_mod.DecapError(e);
+        }
+    }
+    /**
+     * Sets up the MlKemBase instance by loading the necessary crypto library.
+     * If the crypto library is already loaded, this method does nothing.
+     * @returns {Promise<void>} A promise that resolves when the setup is complete.
+     */
+    async _setup() {
+        if (this._api !== undefined) {
+            return;
+        }
+        this._api = await (0,esm_mod.loadCrypto)();
+    }
+    /**
+     * Generates a key pair from the secret key.
+     * @param sk The secret key.
+     * @returns {Promise<[Uint8Array, Uint8Array]>} A promise that resolves with the key pair derived from the secret key.
+     */
+    async _generateKeyPairDerand(sk) {
+        const [_skM, _skX, pkM, pkX] = await this._expandDecapsulationKey(sk);
+        return [sk, (0,esm_mod.concat)(pkM, pkX)];
+    }
+    /**
+     * Expands the decapsulation key.
+     * @param sk The secret key.
+     * @returns {Promise<[Uint8Array, Uint8Array, Uint8Array, Uint8Array]>} A promise that resolves with the keys derived by expanding the secret key.
+     */
+    async _expandDecapsulationKey(sk) {
+        const expanded = mod.shake256.create({ dkLen: 96 }).update(sk).digest();
+        const [pkM, skM] = await this._m.deriveKeyPair(expanded.subarray(0, 64));
+        const skX = expanded.subarray(64, 96);
+        const pkX = await this._x25519.derive(skX, X25519_BASE);
+        return [skM, skX, pkM, pkX];
+    }
+    _serializePublicKey(k) {
+        return new Promise((resolve, reject) => {
+            if (k.type !== "public") {
+                reject(new Error("Not public key"));
+            }
+            if (k.algorithm.name !== this.name) {
+                reject(new Error(`Invalid algorithm name: ${k.algorithm.name}`));
+            }
+            if (k.key.byteLength !== this.publicKeySize) {
+                reject(new Error(`Invalid key length: ${k.key.byteLength}`));
+            }
+            resolve(k.key.buffer);
+        });
+    }
+    _deserializePublicKey(k) {
+        return new Promise((resolve, reject) => {
+            if (k.byteLength !== this.publicKeySize) {
+                reject(new Error(`Invalid key length: ${k.byteLength}`));
+            }
+            resolve(new esm_mod.XCryptoKey(this.name, new Uint8Array(k), "public"));
+        });
+    }
+    _serializePrivateKey(k) {
+        return new Promise((resolve, reject) => {
+            if (k.type !== "private") {
+                reject(new Error("Not private key"));
+            }
+            if (k.algorithm.name !== this.name) {
+                reject(new Error(`Invalid algorithm name: ${k.algorithm.name}`));
+            }
+            if (k.key.byteLength !== this.privateKeySize) {
+                reject(new Error(`Invalid key length: ${k.key.byteLength}`));
+            }
+            resolve(k.key.buffer);
+        });
+    }
+    _deserializePrivateKey(k) {
+        return new Promise((resolve, reject) => {
+            if (k.byteLength !== this.privateKeySize) {
+                reject(new Error(`Invalid key length: ${k.byteLength}`));
+            }
+            resolve(new esm_mod.XCryptoKey(this.name, new Uint8Array(k), "private", ["deriveBits"]));
+        });
+    }
+    _importJWK(key, isPublic) {
+        return new Promise((resolve, reject) => {
+            if (typeof key.kty === "undefined" || key.kty !== "AKP") {
+                reject(new Error(`Invalid kty: ${key.kty}`));
+            }
+            if (typeof key.alg === "undefined" || key.alg !== xWing_ALG_NAME) {
+                reject(new Error(`Invalid alg: ${key.alg}`));
+            }
+            if (!isPublic) {
+                if (typeof key.priv === "undefined") {
+                    reject(new Error("Invalid key: `priv` not found"));
+                }
+                if (typeof key.key_ops !== "undefined" &&
+                    (key.key_ops.length !== 1 || key.key_ops[0] !== "deriveBits")) {
+                    reject(new Error("Invalid key: `key_ops` should be ['deriveBits']"));
+                }
+                resolve((0,esm_mod.base64UrlToBytes)(key.priv));
+            }
+            if (typeof key.priv !== "undefined") {
+                reject(new Error("Invalid key: `priv` should not be set"));
+            }
+            if (typeof key.pub === "undefined") {
+                reject(new Error("Invalid key: `pub` not found"));
+            }
+            if (typeof key.key_ops !== "undefined" && key.key_ops.length > 0) {
+                reject(new Error("Invalid key: `key_ops` should not be set"));
+            }
+            resolve((0,esm_mod.base64UrlToBytes)(key.pub));
+        });
+    }
+}
+
+;// ./node_modules/@hpke/hybridkem-x-wing/esm/mod.js
+
+
+
+/***/ })
+
+}]);
+//# sourceMappingURL=defaultVendors-node_modules_hpke_hybridkem-x-wing_esm_mod_js.shogun-core.js.map