wasm-pqc-subtle 0.1.3 → 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/README.md +217 -6
  2. package/package.json +2 -2
  3. package/wasm_pqc_subtle.d.ts +169 -2
  4. package/wasm_pqc_subtle.js +536 -16
  5. package/wasm_pqc_subtle_bg.wasm +0 -0
package/README.md CHANGED
@@ -1,10 +1,221 @@
1
1
  # wasm-pqc-subtle
2
2
 
3
- Library for post-quantum encryption
3
+ Post-quantum key encapsulation, digital signatures, and password hashing for the browser. A WebAssembly library implementing [ML-KEM](https://csrc.nist.gov/pubs/fips/203/final) (FIPS 203), [ML-DSA](https://csrc.nist.gov/pubs/fips/204/final) (FIPS 204), and [Argon2](https://datatracker.ietf.org/doc/html/rfc9106), compiled from Rust.
4
4
 
5
- # Prerequisites
6
- - Rust
7
- - wasm-pack
5
+ ## Overview
8
6
 
9
- ## Build
10
- `make all`
7
+ This library provides ML-KEM, ML-DSA, and Argon2 via WebAssembly, enabling post-quantum key exchange, digital signatures, and modern password hashing in web applications. It wraps the [`ml-kem`](https://crates.io/crates/ml-kem), [`ml-dsa`](https://crates.io/crates/ml-dsa), and [`argon2`](https://crates.io/crates/argon2) Rust crates using [`wasm-bindgen`](https://crates.io/crates/wasm-bindgen) and targets the `wasm32-unknown-unknown` platform.
8
+
9
+ **WASM binary size:** ~68 KB (optimized with LTO + binaryen)
10
+
11
+ ### Supported Algorithms
12
+
13
+ | Algorithm | NIST Security Level | Use Case |
14
+ |-----------|-------------------|----------|
15
+ | ML-KEM-768 | Level 3 (~192-bit) | Default. Recommended for most applications. |
16
+ | ML-KEM-1024 | Level 5 (~256-bit) | Higher security margin. |
17
+ | ML-DSA-44 | Level 2 (~128-bit) | Digital signatures (compact). |
18
+ | ML-DSA-65 | Level 3 (~192-bit) | Standard digital signatures. |
19
+ | ML-DSA-87 | Level 5 (~256-bit) | High-security digital signatures. |
20
+
21
+ ## Installation
22
+
23
+ ```bash
24
+ npm install wasm-pqc-subtle
25
+ ```
26
+
27
+ ## Usage
28
+
29
+ ### Key Encapsulation (ML-KEM)
30
+
31
+ ```javascript
32
+ import init, {
33
+ ml_kem_768_generate_keypair,
34
+ ml_kem_768_encapsulate,
35
+ ml_kem_768_decapsulate,
36
+ } from "wasm-pqc-subtle";
37
+
38
+ await init();
39
+
40
+ // Generate a keypair
41
+ const keypair = ml_kem_768_generate_keypair();
42
+
43
+ // Encapsulate: produce a ciphertext and shared secret from the public key
44
+ const result = ml_kem_768_encapsulate(keypair.public_key);
45
+
46
+ // Decapsulate: recover the shared secret from the ciphertext and secret key
47
+ const sharedSecret = ml_kem_768_decapsulate(keypair.secret_key, result.ciphertext);
48
+
49
+ // result.shared_secret and sharedSecret are identical
50
+ ```
51
+
52
+ ML-KEM-1024 functions follow the same pattern (`ml_kem_1024_generate_keypair`, etc.). Convenience aliases `kem_generate_keypair`, `kem_encapsulate`, and `kem_decapsulate` default to ML-KEM-768.
53
+
54
+ ### Digital Signatures (ML-DSA)
55
+
56
+ ```javascript
57
+ import init, {
58
+ ml_dsa_65_generate_keypair,
59
+ ml_dsa_65_sign,
60
+ ml_dsa_65_verify,
61
+ } from "wasm-pqc-subtle";
62
+
63
+ await init();
64
+
65
+ const message = new TextEncoder().encode("Hello Post-Quantum!");
66
+
67
+ // Generate a keypair
68
+ const keypair = ml_dsa_65_generate_keypair();
69
+
70
+ // Sign
71
+ const signature = ml_dsa_65_sign(keypair.secret_key, message);
72
+
73
+ // Verify
74
+ const isValid = ml_dsa_65_verify(keypair.public_key, message, signature);
75
+ ```
76
+
77
+ ML-DSA-44 and ML-DSA-87 functions follow the same pattern (`ml_dsa_44_generate_keypair`, etc.). Convenience aliases `dsa_generate_keypair`, `dsa_sign`, and `dsa_verify` default to ML-DSA-65.
78
+
79
+ ### Password Hashing (Argon2)
80
+
81
+ ```javascript
82
+ import init, { argon2id_hash, argon2_verify } from "wasm-pqc-subtle";
83
+
84
+ await init();
85
+
86
+ const password = new TextEncoder().encode("correct horse battery staple");
87
+
88
+ // Hash using Argon2id with a random salt and recommended defaults
89
+ const phc = argon2id_hash(password); // returns a PHC string like "$argon2id$v=19$m=...$...$..."
90
+
91
+ // Verify
92
+ const ok = argon2_verify(password, phc); // true
93
+ const bad = argon2_verify(new TextEncoder().encode("wrong"), phc); // false
94
+ ```
95
+
96
+ Notes:
97
+ - `argon2id_hash` generates a secure random salt internally and returns a standard PHC string.
98
+ - `argon2_verify` parses the PHC string and verifies using parameters embedded in it.
99
+ - Defaults are tuned by the upstream `argon2` crate and suitable for browsers; adjust at build-time if you need stricter limits.
100
+
101
+ ## API
102
+
103
+ ### ML-KEM API
104
+
105
+ #### `ml_kem_768_generate_keypair() -> KemKeyPair`
106
+
107
+ Generates an ML-KEM-768 key pair.
108
+
109
+ #### `ml_kem_768_encapsulate(public_key: Uint8Array) -> CiphertextAndSharedSecret`
110
+
111
+ Encapsulates against a public key, returning a ciphertext and shared secret.
112
+
113
+ #### `ml_kem_768_decapsulate(secret_key: Uint8Array, ciphertext: Uint8Array) -> Uint8Array`
114
+
115
+ Decapsulates a ciphertext with a secret key, returning the shared secret.
116
+
117
+ #### `ml_kem_1024_generate_keypair()` / `ml_kem_1024_encapsulate()` / `ml_kem_1024_decapsulate()`
118
+
119
+ Same interface as above, using ML-KEM-1024 parameters.
120
+
121
+ #### `kem_generate_keypair()` / `kem_encapsulate()` / `kem_decapsulate()`
122
+
123
+ Convenience aliases that use ML-KEM-768.
124
+
125
+ ### ML-DSA API
126
+
127
+ #### `ml_dsa_65_generate_keypair() -> DsaKeyPair`
128
+
129
+ Generates an ML-DSA-65 key pair.
130
+
131
+ #### `ml_dsa_65_sign(secret_key: Uint8Array, message: Uint8Array) -> Uint8Array`
132
+
133
+ Signs a message with a secret key.
134
+
135
+ #### `ml_dsa_65_verify(public_key: Uint8Array, message: Uint8Array, signature: Uint8Array) -> boolean`
136
+
137
+ Verifies a signature against a public key and message.
138
+
139
+ #### `ml_dsa_44_generate_keypair()` / `ml_dsa_44_sign()` / `ml_dsa_44_verify()`
140
+ #### `ml_dsa_87_generate_keypair()` / `ml_dsa_87_sign()` / `ml_dsa_87_verify()`
141
+
142
+ Same interface as above, using ML-DSA-44 or ML-DSA-87 parameters.
143
+
144
+ #### `dsa_generate_keypair()` / `dsa_sign()` / `dsa_verify()`
145
+
146
+ Convenience aliases that use ML-DSA-65.
147
+
148
+ ### Argon2 API
149
+
150
+ #### `argon2id_hash(password: Uint8Array) -> string`
151
+
152
+ Hashes a password using Argon2id (v=0x13) with a securely generated random salt. Returns a PHC-formatted string suitable for storage.
153
+
154
+ #### `argon2_verify(password: Uint8Array, phc: string) -> boolean`
155
+
156
+ Verifies a password against a PHC-formatted Argon2 hash.
157
+
158
+ ### Types
159
+
160
+ ```typescript
161
+ class KemKeyPair {
162
+ readonly public_key: Uint8Array;
163
+ readonly secret_key: Uint8Array;
164
+ }
165
+
166
+ class DsaKeyPair {
167
+ readonly public_key: Uint8Array;
168
+ readonly secret_key: Uint8Array;
169
+ }
170
+
171
+ class CiphertextAndSharedSecret {
172
+ readonly ciphertext: Uint8Array;
173
+ readonly shared_secret: Uint8Array;
174
+ }
175
+ ```
176
+
177
+ ## Building from Source
178
+
179
+ ### Prerequisites
180
+
181
+ - [Rust](https://rustup.rs/)
182
+ - [wasm-pack](https://rustwasm.github.io/wasm-pack/installer/)
183
+ - [binaryen](https://github.com/WebAssembly/binaryen) (for `wasm-opt`)
184
+
185
+ ### Build
186
+
187
+ ```bash
188
+ make all
189
+ ```
190
+
191
+ This runs `wasm-pack build --target web --release` followed by `wasm-opt -Oz` for size optimization. Output goes to `./pkg/`.
192
+
193
+ ### Test
194
+
195
+ Open `index.html` in a browser (served over HTTP) to run the ML-KEM, ML-DSA, and Argon2 test suite.
196
+
197
+ ### Publish
198
+
199
+ ```bash
200
+ make publish
201
+ ```
202
+
203
+ ## Export Control Notice
204
+
205
+ This software implements cryptographic functionality and is subject to export controls.
206
+
207
+ **ECCN:** 5D002 — This software is classified under Export Control Classification Number 5D002 ("Information Security" software) on the Commerce Control List (CCL).
208
+
209
+ **License Exception:** This software is publicly available open-source encryption source code, distributed under License Exception TSU (Technology and Software Unrestricted) pursuant to 15 CFR 740.13(e) of the U.S. Export Administration Regulations (EAR). The compiled WebAssembly binary is distributed under License Exception ENC pursuant to 15 CFR 740.17(b).
210
+
211
+ **Notification:** In accordance with 15 CFR 742.15(b), a notification has been or should be submitted to the Bureau of Industry and Security (crypt@bis.gov) and the ENC Encryption Request Coordinator (enc@nsa.gov) prior to or concurrent with the first public release of this software.
212
+
213
+ **Restrictions:** This software may not be exported or re-exported to any country in U.S. Country Group E:1 (currently Cuba, Iran, North Korea, Syria, and the Crimea/Donetsk/Luhansk regions of Ukraine) or to any person or entity on the BIS Denied Persons List, Entity List, or Unverified List.
214
+
215
+ **International:** Users outside the United States should be aware that similar controls may apply under the Wassenaar Arrangement, EU Dual-Use Regulation (EU 2021/821), and other national export control regimes. The Wassenaar Arrangement's General Software Note provides decontrol for software that is "in the public domain," though implementation varies by jurisdiction.
216
+
217
+ **This is not legal advice.** Export control regulations are complex and subject to change. Consult a qualified export control attorney for compliance guidance specific to your circumstances.
218
+
219
+ ## License
220
+
221
+ See repository for license terms.
package/package.json CHANGED
@@ -4,8 +4,8 @@
4
4
  "collaborators": [
5
5
  "github.com/geoffsee"
6
6
  ],
7
- "description": "Library for post-quantum encryption",
8
- "version": "0.1.3",
7
+ "description": "Library for cross-platform post-quantum cryptography",
8
+ "version": "0.2.4",
9
9
  "repository": {
10
10
  "type": "git",
11
11
  "url": "https://github.com/geoffsee/wasm-pqc-subtle"
package/wasm_pqc_subtle.d.ts CHANGED
@@ -1,38 +1,187 @@
1
1
  /* tslint:disable */
2
2
  /* eslint-disable */
3
3
 
4
+ /**
5
+ * Container for ML-KEM ciphertext + derived shared secret
6
+ */
4
7
  export class CiphertextAndSharedSecret {
5
8
  private constructor();
6
9
  free(): void;
7
10
  [Symbol.dispose](): void;
11
+ /**
12
+ * Returns a copy of the ML-KEM ciphertext
13
+ */
8
14
  readonly ciphertext: Uint8Array;
15
+ /**
16
+ * Returns a copy of the 32-byte shared secret derived from encapsulation
17
+ */
9
18
  readonly shared_secret: Uint8Array;
10
19
  }
11
20
 
21
+ /**
22
+ * Key pair for ML-DSA (post-quantum digital signature scheme)
23
+ */
24
+ export class DsaKeyPair {
25
+ private constructor();
26
+ free(): void;
27
+ [Symbol.dispose](): void;
28
+ /**
29
+ * Returns a copy of the ML-DSA verifying (public) key as bytes
30
+ */
31
+ readonly public_key: Uint8Array;
32
+ /**
33
+ * Returns a copy of the ML-DSA signing (secret) key as bytes
34
+ */
35
+ readonly secret_key: Uint8Array;
36
+ }
37
+
38
+ /**
39
+ * Key pair for ML-KEM (post-quantum KEM)
40
+ */
12
41
  export class KemKeyPair {
13
42
  private constructor();
14
43
  free(): void;
15
44
  [Symbol.dispose](): void;
45
+ /**
46
+ * Returns a copy of the ML-KEM public key (encapsulation key) as bytes
47
+ */
16
48
  readonly public_key: Uint8Array;
49
+ /**
50
+ * Returns a copy of the ML-KEM secret key (decapsulation key) as bytes
51
+ */
17
52
  readonly secret_key: Uint8Array;
18
53
  }
19
54
 
55
+ /**
56
+ * Verifies that the provided password matches the stored PHC hash string.
57
+ *
58
+ * Returns `true` if the password is correct.
59
+ */
60
+ export function argon2_verify(password: Uint8Array, phc: string): boolean;
61
+
62
+ /**
63
+ * Hashes a password using Argon2id (v=0x13, default/recommended parameters) and returns PHC string.
64
+ *
65
+ * Suitable for password storage. Includes random salt.
66
+ */
67
+ export function argon2id_hash(password: Uint8Array): string;
68
+
69
+ /**
70
+ * Alias: generate ML-DSA-65 key pair (current default security level)
71
+ */
72
+ export function dsa_generate_keypair(): DsaKeyPair;
73
+
74
+ /**
75
+ * Alias: sign with ML-DSA-65
76
+ */
77
+ export function dsa_sign(secret_key_bytes: Uint8Array, message: Uint8Array): Uint8Array;
78
+
79
+ /**
80
+ * Alias: verify with ML-DSA-65
81
+ */
82
+ export function dsa_verify(public_key_bytes: Uint8Array, message: Uint8Array, signature_bytes: Uint8Array): boolean;
83
+
84
+ /**
85
+ * Alias: decapsulate using ML-KEM-768 secret key + ciphertext
86
+ */
20
87
  export function kem_decapsulate(secret_key_bytes: Uint8Array, ciphertext_bytes: Uint8Array): Uint8Array;
21
88
 
89
+ /**
90
+ * Alias: encapsulate using ML-KEM-768 public key
91
+ */
22
92
  export function kem_encapsulate(public_key_bytes: Uint8Array): CiphertextAndSharedSecret;
23
93
 
94
+ /**
95
+ * Alias: generate ML-KEM-768 key pair
96
+ */
24
97
  export function kem_generate_keypair(): KemKeyPair;
25
98
 
99
+ /**
100
+ * Generates a fresh ML-DSA-44 key pair.
101
+ */
102
+ export function ml_dsa_44_generate_keypair(): DsaKeyPair;
103
+
104
+ /**
105
+ * Signs a message using an ML-DSA-44 secret key.
106
+ */
107
+ export function ml_dsa_44_sign(secret_key_bytes: Uint8Array, message: Uint8Array): Uint8Array;
108
+
109
+ /**
110
+ * Verifies an ML-DSA-44 signature against a message and public key.
111
+ */
112
+ export function ml_dsa_44_verify(public_key_bytes: Uint8Array, message: Uint8Array, signature_bytes: Uint8Array): boolean;
113
+
114
+ /**
115
+ * Generates a fresh ML-DSA-65 key pair.
116
+ */
117
+ export function ml_dsa_65_generate_keypair(): DsaKeyPair;
118
+
119
+ /**
120
+ * Signs a message using an ML-DSA-65 secret key.
121
+ */
122
+ export function ml_dsa_65_sign(secret_key_bytes: Uint8Array, message: Uint8Array): Uint8Array;
123
+
124
+ /**
125
+ * Verifies an ML-DSA-65 signature.
126
+ */
127
+ export function ml_dsa_65_verify(public_key_bytes: Uint8Array, message: Uint8Array, signature_bytes: Uint8Array): boolean;
128
+
129
+ /**
130
+ * Generates a fresh ML-DSA-87 key pair.
131
+ */
132
+ export function ml_dsa_87_generate_keypair(): DsaKeyPair;
133
+
134
+ /**
135
+ * Signs a message using an ML-DSA-87 secret key.
136
+ */
137
+ export function ml_dsa_87_sign(secret_key_bytes: Uint8Array, message: Uint8Array): Uint8Array;
138
+
139
+ /**
140
+ * Verifies an ML-DSA-87 signature.
141
+ */
142
+ export function ml_dsa_87_verify(public_key_bytes: Uint8Array, message: Uint8Array, signature_bytes: Uint8Array): boolean;
143
+
144
+ /**
145
+ * Performs ML-KEM-1024 decapsulation.
146
+ */
26
147
  export function ml_kem_1024_decapsulate(secret_key_bytes: Uint8Array, ciphertext_bytes: Uint8Array): Uint8Array;
27
148
 
149
+ /**
150
+ * Performs ML-KEM-1024 encapsulation.
151
+ */
28
152
  export function ml_kem_1024_encapsulate(public_key_bytes: Uint8Array): CiphertextAndSharedSecret;
29
153
 
154
+ /**
155
+ * Generates a fresh ML-KEM-1024 key pair using OS RNG.
156
+ */
30
157
  export function ml_kem_1024_generate_keypair(): KemKeyPair;
31
158
 
159
+ /**
160
+ * Performs ML-KEM-768 decapsulation to recover the shared secret.
161
+ *
162
+ * # Arguments
163
+ * * `secret_key_bytes` – Encoded ML-KEM-768 decapsulation key (2400 bytes)
164
+ * * `ciphertext_bytes` – ML-KEM-768 ciphertext (1088 bytes)
165
+ *
166
+ * Returns: 32-byte shared secret (or error)
167
+ */
32
168
  export function ml_kem_768_decapsulate(secret_key_bytes: Uint8Array, ciphertext_bytes: Uint8Array): Uint8Array;
33
169
 
170
+ /**
171
+ * Performs ML-KEM-768 encapsulation using the provided public key.
172
+ *
173
+ * # Arguments
174
+ * * `public_key_bytes` - Encoded ML-KEM-768 encapsulation key (1184 bytes)
175
+ *
176
+ * Returns: ciphertext + 32-byte shared secret
177
+ */
34
178
  export function ml_kem_768_encapsulate(public_key_bytes: Uint8Array): CiphertextAndSharedSecret;
35
179
 
180
+ /**
181
+ * Generates a fresh ML-KEM-768 key pair using OS RNG.
182
+ *
183
+ * Returns: `KemKeyPair` containing public & secret key bytes.
184
+ */
36
185
  export function ml_kem_768_generate_keypair(): KemKeyPair;
37
186
 
38
187
  export type InitInput = RequestInfo | URL | Response | BufferSource | WebAssembly.Module;
@@ -48,16 +197,34 @@ export interface InitOutput {
48
197
  readonly kem_generate_keypair: (a: number) => void;
49
198
  readonly kem_encapsulate: (a: number, b: number, c: number) => void;
50
199
  readonly kem_decapsulate: (a: number, b: number, c: number, d: number, e: number) => void;
200
+ readonly ml_dsa_44_generate_keypair: (a: number) => void;
201
+ readonly ml_dsa_44_sign: (a: number, b: number, c: number, d: number, e: number) => void;
202
+ readonly ml_dsa_44_verify: (a: number, b: number, c: number, d: number, e: number, f: number, g: number) => void;
203
+ readonly ml_dsa_87_generate_keypair: (a: number) => void;
204
+ readonly ml_dsa_87_sign: (a: number, b: number, c: number, d: number, e: number) => void;
205
+ readonly ml_dsa_87_verify: (a: number, b: number, c: number, d: number, e: number, f: number, g: number) => void;
206
+ readonly dsa_generate_keypair: (a: number) => void;
207
+ readonly dsa_sign: (a: number, b: number, c: number, d: number, e: number) => void;
208
+ readonly dsa_verify: (a: number, b: number, c: number, d: number, e: number, f: number, g: number) => void;
209
+ readonly argon2id_hash: (a: number, b: number, c: number) => void;
210
+ readonly argon2_verify: (a: number, b: number, c: number, d: number, e: number) => void;
51
211
  readonly ml_kem_768_decapsulate: (a: number, b: number, c: number, d: number, e: number) => void;
212
+ readonly ml_dsa_65_sign: (a: number, b: number, c: number, d: number, e: number) => void;
52
213
  readonly ml_kem_768_encapsulate: (a: number, b: number, c: number) => void;
214
+ readonly ml_dsa_65_verify: (a: number, b: number, c: number, d: number, e: number, f: number, g: number) => void;
53
215
  readonly ml_kem_768_generate_keypair: (a: number) => void;
216
+ readonly ml_dsa_65_generate_keypair: (a: number) => void;
54
217
  readonly kemkeypair_secret_key: (a: number, b: number) => void;
55
218
  readonly kemkeypair_public_key: (a: number, b: number) => void;
56
219
  readonly __wbg_kemkeypair_free: (a: number, b: number) => void;
220
+ readonly dsakeypair_secret_key: (a: number, b: number) => void;
221
+ readonly dsakeypair_public_key: (a: number, b: number) => void;
222
+ readonly __wbg_dsakeypair_free: (a: number, b: number) => void;
57
223
  readonly __wbindgen_export: (a: number) => void;
58
224
  readonly __wbindgen_add_to_stack_pointer: (a: number) => number;
59
- readonly __wbindgen_export2: (a: number, b: number, c: number) => void;
60
- readonly __wbindgen_export3: (a: number, b: number) => number;
225
+ readonly __wbindgen_export2: (a: number, b: number) => number;
226
+ readonly __wbindgen_export3: (a: number, b: number, c: number, d: number) => number;
227
+ readonly __wbindgen_export4: (a: number, b: number, c: number) => void;
61
228
  }
62
229
 
63
230
  export type SyncInitInput = BufferSource | WebAssembly.Module;
package/wasm_pqc_subtle.js CHANGED
@@ -1,5 +1,8 @@
1
1
  /* @ts-self-types="./wasm_pqc_subtle.d.ts" */
2
2
 
3
+ /**
4
+ * Container for ML-KEM ciphertext + derived shared secret
5
+ */
3
6
  export class CiphertextAndSharedSecret {
4
7
  static __wrap(ptr) {
5
8
  ptr = ptr >>> 0;
@@ -19,6 +22,7 @@ export class CiphertextAndSharedSecret {
19
22
  wasm.__wbg_ciphertextandsharedsecret_free(ptr, 0);
20
23
  }
21
24
  /**
25
+ * Returns a copy of the ML-KEM ciphertext
22
26
  * @returns {Uint8Array}
23
27
  */
24
28
  get ciphertext() {
@@ -28,13 +32,14 @@ export class CiphertextAndSharedSecret {
28
32
  var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
29
33
  var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
30
34
  var v1 = getArrayU8FromWasm0(r0, r1).slice();
31
- wasm.__wbindgen_export2(r0, r1 * 1, 1);
35
+ wasm.__wbindgen_export4(r0, r1 * 1, 1);
32
36
  return v1;
33
37
  } finally {
34
38
  wasm.__wbindgen_add_to_stack_pointer(16);
35
39
  }
36
40
  }
37
41
  /**
42
+ * Returns a copy of the 32-byte shared secret derived from encapsulation
38
43
  * @returns {Uint8Array}
39
44
  */
40
45
  get shared_secret() {
@@ -44,7 +49,7 @@ export class CiphertextAndSharedSecret {
44
49
  var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
45
50
  var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
46
51
  var v1 = getArrayU8FromWasm0(r0, r1).slice();
47
- wasm.__wbindgen_export2(r0, r1 * 1, 1);
52
+ wasm.__wbindgen_export4(r0, r1 * 1, 1);
48
53
  return v1;
49
54
  } finally {
50
55
  wasm.__wbindgen_add_to_stack_pointer(16);
@@ -53,6 +58,67 @@ export class CiphertextAndSharedSecret {
53
58
  }
54
59
  if (Symbol.dispose) CiphertextAndSharedSecret.prototype[Symbol.dispose] = CiphertextAndSharedSecret.prototype.free;
55
60
 
61
+ /**
62
+ * Key pair for ML-DSA (post-quantum digital signature scheme)
63
+ */
64
+ export class DsaKeyPair {
65
+ static __wrap(ptr) {
66
+ ptr = ptr >>> 0;
67
+ const obj = Object.create(DsaKeyPair.prototype);
68
+ obj.__wbg_ptr = ptr;
69
+ DsaKeyPairFinalization.register(obj, obj.__wbg_ptr, obj);
70
+ return obj;
71
+ }
72
+ __destroy_into_raw() {
73
+ const ptr = this.__wbg_ptr;
74
+ this.__wbg_ptr = 0;
75
+ DsaKeyPairFinalization.unregister(this);
76
+ return ptr;
77
+ }
78
+ free() {
79
+ const ptr = this.__destroy_into_raw();
80
+ wasm.__wbg_dsakeypair_free(ptr, 0);
81
+ }
82
+ /**
83
+ * Returns a copy of the ML-DSA verifying (public) key as bytes
84
+ * @returns {Uint8Array}
85
+ */
86
+ get public_key() {
87
+ try {
88
+ const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
89
+ wasm.ciphertextandsharedsecret_ciphertext(retptr, this.__wbg_ptr);
90
+ var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
91
+ var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
92
+ var v1 = getArrayU8FromWasm0(r0, r1).slice();
93
+ wasm.__wbindgen_export4(r0, r1 * 1, 1);
94
+ return v1;
95
+ } finally {
96
+ wasm.__wbindgen_add_to_stack_pointer(16);
97
+ }
98
+ }
99
+ /**
100
+ * Returns a copy of the ML-DSA signing (secret) key as bytes
101
+ * @returns {Uint8Array}
102
+ */
103
+ get secret_key() {
104
+ try {
105
+ const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
106
+ wasm.ciphertextandsharedsecret_shared_secret(retptr, this.__wbg_ptr);
107
+ var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
108
+ var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
109
+ var v1 = getArrayU8FromWasm0(r0, r1).slice();
110
+ wasm.__wbindgen_export4(r0, r1 * 1, 1);
111
+ return v1;
112
+ } finally {
113
+ wasm.__wbindgen_add_to_stack_pointer(16);
114
+ }
115
+ }
116
+ }
117
+ if (Symbol.dispose) DsaKeyPair.prototype[Symbol.dispose] = DsaKeyPair.prototype.free;
118
+
119
+ /**
120
+ * Key pair for ML-KEM (post-quantum KEM)
121
+ */
56
122
  export class KemKeyPair {
57
123
  static __wrap(ptr) {
58
124
  ptr = ptr >>> 0;
@@ -72,6 +138,7 @@ export class KemKeyPair {
72
138
  wasm.__wbg_kemkeypair_free(ptr, 0);
73
139
  }
74
140
  /**
141
+ * Returns a copy of the ML-KEM public key (encapsulation key) as bytes
75
142
  * @returns {Uint8Array}
76
143
  */
77
144
  get public_key() {
@@ -81,13 +148,14 @@ export class KemKeyPair {
81
148
  var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
82
149
  var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
83
150
  var v1 = getArrayU8FromWasm0(r0, r1).slice();
84
- wasm.__wbindgen_export2(r0, r1 * 1, 1);
151
+ wasm.__wbindgen_export4(r0, r1 * 1, 1);
85
152
  return v1;
86
153
  } finally {
87
154
  wasm.__wbindgen_add_to_stack_pointer(16);
88
155
  }
89
156
  }
90
157
  /**
158
+ * Returns a copy of the ML-KEM secret key (decapsulation key) as bytes
91
159
  * @returns {Uint8Array}
92
160
  */
93
161
  get secret_key() {
@@ -97,7 +165,7 @@ export class KemKeyPair {
97
165
  var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
98
166
  var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
99
167
  var v1 = getArrayU8FromWasm0(r0, r1).slice();
100
- wasm.__wbindgen_export2(r0, r1 * 1, 1);
168
+ wasm.__wbindgen_export4(r0, r1 * 1, 1);
101
169
  return v1;
102
170
  } finally {
103
171
  wasm.__wbindgen_add_to_stack_pointer(16);
@@ -107,6 +175,147 @@ export class KemKeyPair {
107
175
  if (Symbol.dispose) KemKeyPair.prototype[Symbol.dispose] = KemKeyPair.prototype.free;
108
176
 
109
177
  /**
178
+ * Verifies that the provided password matches the stored PHC hash string.
179
+ *
180
+ * Returns `true` if the password is correct.
181
+ * @param {Uint8Array} password
182
+ * @param {string} phc
183
+ * @returns {boolean}
184
+ */
185
+ export function argon2_verify(password, phc) {
186
+ try {
187
+ const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
188
+ const ptr0 = passArray8ToWasm0(password, wasm.__wbindgen_export2);
189
+ const len0 = WASM_VECTOR_LEN;
190
+ const ptr1 = passStringToWasm0(phc, wasm.__wbindgen_export2, wasm.__wbindgen_export3);
191
+ const len1 = WASM_VECTOR_LEN;
192
+ wasm.argon2_verify(retptr, ptr0, len0, ptr1, len1);
193
+ var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
194
+ var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
195
+ var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
196
+ if (r2) {
197
+ throw takeObject(r1);
198
+ }
199
+ return r0 !== 0;
200
+ } finally {
201
+ wasm.__wbindgen_add_to_stack_pointer(16);
202
+ }
203
+ }
204
+
205
+ /**
206
+ * Hashes a password using Argon2id (v=0x13, default/recommended parameters) and returns PHC string.
207
+ *
208
+ * Suitable for password storage. Includes random salt.
209
+ * @param {Uint8Array} password
210
+ * @returns {string}
211
+ */
212
+ export function argon2id_hash(password) {
213
+ let deferred3_0;
214
+ let deferred3_1;
215
+ try {
216
+ const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
217
+ const ptr0 = passArray8ToWasm0(password, wasm.__wbindgen_export2);
218
+ const len0 = WASM_VECTOR_LEN;
219
+ wasm.argon2id_hash(retptr, ptr0, len0);
220
+ var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
221
+ var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
222
+ var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
223
+ var r3 = getDataViewMemory0().getInt32(retptr + 4 * 3, true);
224
+ var ptr2 = r0;
225
+ var len2 = r1;
226
+ if (r3) {
227
+ ptr2 = 0; len2 = 0;
228
+ throw takeObject(r2);
229
+ }
230
+ deferred3_0 = ptr2;
231
+ deferred3_1 = len2;
232
+ return getStringFromWasm0(ptr2, len2);
233
+ } finally {
234
+ wasm.__wbindgen_add_to_stack_pointer(16);
235
+ wasm.__wbindgen_export4(deferred3_0, deferred3_1, 1);
236
+ }
237
+ }
238
+
239
+ /**
240
+ * Alias: generate ML-DSA-65 key pair (current default security level)
241
+ * @returns {DsaKeyPair}
242
+ */
243
+ export function dsa_generate_keypair() {
244
+ try {
245
+ const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
246
+ wasm.dsa_generate_keypair(retptr);
247
+ var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
248
+ var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
249
+ var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
250
+ if (r2) {
251
+ throw takeObject(r1);
252
+ }
253
+ return DsaKeyPair.__wrap(r0);
254
+ } finally {
255
+ wasm.__wbindgen_add_to_stack_pointer(16);
256
+ }
257
+ }
258
+
259
+ /**
260
+ * Alias: sign with ML-DSA-65
261
+ * @param {Uint8Array} secret_key_bytes
262
+ * @param {Uint8Array} message
263
+ * @returns {Uint8Array}
264
+ */
265
+ export function dsa_sign(secret_key_bytes, message) {
266
+ try {
267
+ const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
268
+ const ptr0 = passArray8ToWasm0(secret_key_bytes, wasm.__wbindgen_export2);
269
+ const len0 = WASM_VECTOR_LEN;
270
+ const ptr1 = passArray8ToWasm0(message, wasm.__wbindgen_export2);
271
+ const len1 = WASM_VECTOR_LEN;
272
+ wasm.dsa_sign(retptr, ptr0, len0, ptr1, len1);
273
+ var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
274
+ var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
275
+ var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
276
+ var r3 = getDataViewMemory0().getInt32(retptr + 4 * 3, true);
277
+ if (r3) {
278
+ throw takeObject(r2);
279
+ }
280
+ var v3 = getArrayU8FromWasm0(r0, r1).slice();
281
+ wasm.__wbindgen_export4(r0, r1 * 1, 1);
282
+ return v3;
283
+ } finally {
284
+ wasm.__wbindgen_add_to_stack_pointer(16);
285
+ }
286
+ }
287
+
288
+ /**
289
+ * Alias: verify with ML-DSA-65
290
+ * @param {Uint8Array} public_key_bytes
291
+ * @param {Uint8Array} message
292
+ * @param {Uint8Array} signature_bytes
293
+ * @returns {boolean}
294
+ */
295
+ export function dsa_verify(public_key_bytes, message, signature_bytes) {
296
+ try {
297
+ const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
298
+ const ptr0 = passArray8ToWasm0(public_key_bytes, wasm.__wbindgen_export2);
299
+ const len0 = WASM_VECTOR_LEN;
300
+ const ptr1 = passArray8ToWasm0(message, wasm.__wbindgen_export2);
301
+ const len1 = WASM_VECTOR_LEN;
302
+ const ptr2 = passArray8ToWasm0(signature_bytes, wasm.__wbindgen_export2);
303
+ const len2 = WASM_VECTOR_LEN;
304
+ wasm.dsa_verify(retptr, ptr0, len0, ptr1, len1, ptr2, len2);
305
+ var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
306
+ var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
307
+ var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
308
+ if (r2) {
309
+ throw takeObject(r1);
310
+ }
311
+ return r0 !== 0;
312
+ } finally {
313
+ wasm.__wbindgen_add_to_stack_pointer(16);
314
+ }
315
+ }
316
+
317
+ /**
318
+ * Alias: decapsulate using ML-KEM-768 secret key + ciphertext
110
319
  * @param {Uint8Array} secret_key_bytes
111
320
  * @param {Uint8Array} ciphertext_bytes
112
321
  * @returns {Uint8Array}
@@ -114,9 +323,9 @@ if (Symbol.dispose) KemKeyPair.prototype[Symbol.dispose] = KemKeyPair.prototype.
114
323
  export function kem_decapsulate(secret_key_bytes, ciphertext_bytes) {
115
324
  try {
116
325
  const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
117
- const ptr0 = passArray8ToWasm0(secret_key_bytes, wasm.__wbindgen_export3);
326
+ const ptr0 = passArray8ToWasm0(secret_key_bytes, wasm.__wbindgen_export2);
118
327
  const len0 = WASM_VECTOR_LEN;
119
- const ptr1 = passArray8ToWasm0(ciphertext_bytes, wasm.__wbindgen_export3);
328
+ const ptr1 = passArray8ToWasm0(ciphertext_bytes, wasm.__wbindgen_export2);
120
329
  const len1 = WASM_VECTOR_LEN;
121
330
  wasm.kem_decapsulate(retptr, ptr0, len0, ptr1, len1);
122
331
  var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
@@ -127,7 +336,7 @@ export function kem_decapsulate(secret_key_bytes, ciphertext_bytes) {
127
336
  throw takeObject(r2);
128
337
  }
129
338
  var v3 = getArrayU8FromWasm0(r0, r1).slice();
130
- wasm.__wbindgen_export2(r0, r1 * 1, 1);
339
+ wasm.__wbindgen_export4(r0, r1 * 1, 1);
131
340
  return v3;
132
341
  } finally {
133
342
  wasm.__wbindgen_add_to_stack_pointer(16);
@@ -135,13 +344,14 @@ export function kem_decapsulate(secret_key_bytes, ciphertext_bytes) {
135
344
  }
136
345
 
137
346
  /**
347
+ * Alias: encapsulate using ML-KEM-768 public key
138
348
  * @param {Uint8Array} public_key_bytes
139
349
  * @returns {CiphertextAndSharedSecret}
140
350
  */
141
351
  export function kem_encapsulate(public_key_bytes) {
142
352
  try {
143
353
  const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
144
- const ptr0 = passArray8ToWasm0(public_key_bytes, wasm.__wbindgen_export3);
354
+ const ptr0 = passArray8ToWasm0(public_key_bytes, wasm.__wbindgen_export2);
145
355
  const len0 = WASM_VECTOR_LEN;
146
356
  wasm.kem_encapsulate(retptr, ptr0, len0);
147
357
  var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
@@ -157,6 +367,7 @@ export function kem_encapsulate(public_key_bytes) {
157
367
  }
158
368
 
159
369
  /**
370
+ * Alias: generate ML-KEM-768 key pair
160
371
  * @returns {KemKeyPair}
161
372
  */
162
373
  export function kem_generate_keypair() {
@@ -176,6 +387,241 @@ export function kem_generate_keypair() {
176
387
  }
177
388
 
178
389
  /**
390
+ * Generates a fresh ML-DSA-44 key pair.
391
+ * @returns {DsaKeyPair}
392
+ */
393
+ export function ml_dsa_44_generate_keypair() {
394
+ try {
395
+ const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
396
+ wasm.ml_dsa_44_generate_keypair(retptr);
397
+ var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
398
+ var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
399
+ var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
400
+ if (r2) {
401
+ throw takeObject(r1);
402
+ }
403
+ return DsaKeyPair.__wrap(r0);
404
+ } finally {
405
+ wasm.__wbindgen_add_to_stack_pointer(16);
406
+ }
407
+ }
408
+
409
+ /**
410
+ * Signs a message using an ML-DSA-44 secret key.
411
+ * @param {Uint8Array} secret_key_bytes
412
+ * @param {Uint8Array} message
413
+ * @returns {Uint8Array}
414
+ */
415
+ export function ml_dsa_44_sign(secret_key_bytes, message) {
416
+ try {
417
+ const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
418
+ const ptr0 = passArray8ToWasm0(secret_key_bytes, wasm.__wbindgen_export2);
419
+ const len0 = WASM_VECTOR_LEN;
420
+ const ptr1 = passArray8ToWasm0(message, wasm.__wbindgen_export2);
421
+ const len1 = WASM_VECTOR_LEN;
422
+ wasm.ml_dsa_44_sign(retptr, ptr0, len0, ptr1, len1);
423
+ var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
424
+ var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
425
+ var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
426
+ var r3 = getDataViewMemory0().getInt32(retptr + 4 * 3, true);
427
+ if (r3) {
428
+ throw takeObject(r2);
429
+ }
430
+ var v3 = getArrayU8FromWasm0(r0, r1).slice();
431
+ wasm.__wbindgen_export4(r0, r1 * 1, 1);
432
+ return v3;
433
+ } finally {
434
+ wasm.__wbindgen_add_to_stack_pointer(16);
435
+ }
436
+ }
437
+
438
+ /**
439
+ * Verifies an ML-DSA-44 signature against a message and public key.
440
+ * @param {Uint8Array} public_key_bytes
441
+ * @param {Uint8Array} message
442
+ * @param {Uint8Array} signature_bytes
443
+ * @returns {boolean}
444
+ */
445
+ export function ml_dsa_44_verify(public_key_bytes, message, signature_bytes) {
446
+ try {
447
+ const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
448
+ const ptr0 = passArray8ToWasm0(public_key_bytes, wasm.__wbindgen_export2);
449
+ const len0 = WASM_VECTOR_LEN;
450
+ const ptr1 = passArray8ToWasm0(message, wasm.__wbindgen_export2);
451
+ const len1 = WASM_VECTOR_LEN;
452
+ const ptr2 = passArray8ToWasm0(signature_bytes, wasm.__wbindgen_export2);
453
+ const len2 = WASM_VECTOR_LEN;
454
+ wasm.ml_dsa_44_verify(retptr, ptr0, len0, ptr1, len1, ptr2, len2);
455
+ var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
456
+ var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
457
+ var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
458
+ if (r2) {
459
+ throw takeObject(r1);
460
+ }
461
+ return r0 !== 0;
462
+ } finally {
463
+ wasm.__wbindgen_add_to_stack_pointer(16);
464
+ }
465
+ }
466
+
467
+ /**
468
+ * Generates a fresh ML-DSA-65 key pair.
469
+ * @returns {DsaKeyPair}
470
+ */
471
+ export function ml_dsa_65_generate_keypair() {
472
+ try {
473
+ const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
474
+ wasm.dsa_generate_keypair(retptr);
475
+ var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
476
+ var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
477
+ var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
478
+ if (r2) {
479
+ throw takeObject(r1);
480
+ }
481
+ return DsaKeyPair.__wrap(r0);
482
+ } finally {
483
+ wasm.__wbindgen_add_to_stack_pointer(16);
484
+ }
485
+ }
486
+
487
+ /**
488
+ * Signs a message using an ML-DSA-65 secret key.
489
+ * @param {Uint8Array} secret_key_bytes
490
+ * @param {Uint8Array} message
491
+ * @returns {Uint8Array}
492
+ */
493
+ export function ml_dsa_65_sign(secret_key_bytes, message) {
494
+ try {
495
+ const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
496
+ const ptr0 = passArray8ToWasm0(secret_key_bytes, wasm.__wbindgen_export2);
497
+ const len0 = WASM_VECTOR_LEN;
498
+ const ptr1 = passArray8ToWasm0(message, wasm.__wbindgen_export2);
499
+ const len1 = WASM_VECTOR_LEN;
500
+ wasm.dsa_sign(retptr, ptr0, len0, ptr1, len1);
501
+ var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
502
+ var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
503
+ var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
504
+ var r3 = getDataViewMemory0().getInt32(retptr + 4 * 3, true);
505
+ if (r3) {
506
+ throw takeObject(r2);
507
+ }
508
+ var v3 = getArrayU8FromWasm0(r0, r1).slice();
509
+ wasm.__wbindgen_export4(r0, r1 * 1, 1);
510
+ return v3;
511
+ } finally {
512
+ wasm.__wbindgen_add_to_stack_pointer(16);
513
+ }
514
+ }
515
+
516
+ /**
517
+ * Verifies an ML-DSA-65 signature.
518
+ * @param {Uint8Array} public_key_bytes
519
+ * @param {Uint8Array} message
520
+ * @param {Uint8Array} signature_bytes
521
+ * @returns {boolean}
522
+ */
523
+ export function ml_dsa_65_verify(public_key_bytes, message, signature_bytes) {
524
+ try {
525
+ const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
526
+ const ptr0 = passArray8ToWasm0(public_key_bytes, wasm.__wbindgen_export2);
527
+ const len0 = WASM_VECTOR_LEN;
528
+ const ptr1 = passArray8ToWasm0(message, wasm.__wbindgen_export2);
529
+ const len1 = WASM_VECTOR_LEN;
530
+ const ptr2 = passArray8ToWasm0(signature_bytes, wasm.__wbindgen_export2);
531
+ const len2 = WASM_VECTOR_LEN;
532
+ wasm.dsa_verify(retptr, ptr0, len0, ptr1, len1, ptr2, len2);
533
+ var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
534
+ var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
535
+ var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
536
+ if (r2) {
537
+ throw takeObject(r1);
538
+ }
539
+ return r0 !== 0;
540
+ } finally {
541
+ wasm.__wbindgen_add_to_stack_pointer(16);
542
+ }
543
+ }
544
+
545
+ /**
546
+ * Generates a fresh ML-DSA-87 key pair.
547
+ * @returns {DsaKeyPair}
548
+ */
549
+ export function ml_dsa_87_generate_keypair() {
550
+ try {
551
+ const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
552
+ wasm.ml_dsa_87_generate_keypair(retptr);
553
+ var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
554
+ var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
555
+ var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
556
+ if (r2) {
557
+ throw takeObject(r1);
558
+ }
559
+ return DsaKeyPair.__wrap(r0);
560
+ } finally {
561
+ wasm.__wbindgen_add_to_stack_pointer(16);
562
+ }
563
+ }
564
+
565
+ /**
566
+ * Signs a message using an ML-DSA-87 secret key.
567
+ * @param {Uint8Array} secret_key_bytes
568
+ * @param {Uint8Array} message
569
+ * @returns {Uint8Array}
570
+ */
571
+ export function ml_dsa_87_sign(secret_key_bytes, message) {
572
+ try {
573
+ const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
574
+ const ptr0 = passArray8ToWasm0(secret_key_bytes, wasm.__wbindgen_export2);
575
+ const len0 = WASM_VECTOR_LEN;
576
+ const ptr1 = passArray8ToWasm0(message, wasm.__wbindgen_export2);
577
+ const len1 = WASM_VECTOR_LEN;
578
+ wasm.ml_dsa_87_sign(retptr, ptr0, len0, ptr1, len1);
579
+ var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
580
+ var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
581
+ var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
582
+ var r3 = getDataViewMemory0().getInt32(retptr + 4 * 3, true);
583
+ if (r3) {
584
+ throw takeObject(r2);
585
+ }
586
+ var v3 = getArrayU8FromWasm0(r0, r1).slice();
587
+ wasm.__wbindgen_export4(r0, r1 * 1, 1);
588
+ return v3;
589
+ } finally {
590
+ wasm.__wbindgen_add_to_stack_pointer(16);
591
+ }
592
+ }
593
+
594
+ /**
595
+ * Verifies an ML-DSA-87 signature.
596
+ * @param {Uint8Array} public_key_bytes
597
+ * @param {Uint8Array} message
598
+ * @param {Uint8Array} signature_bytes
599
+ * @returns {boolean}
600
+ */
601
+ export function ml_dsa_87_verify(public_key_bytes, message, signature_bytes) {
602
+ try {
603
+ const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
604
+ const ptr0 = passArray8ToWasm0(public_key_bytes, wasm.__wbindgen_export2);
605
+ const len0 = WASM_VECTOR_LEN;
606
+ const ptr1 = passArray8ToWasm0(message, wasm.__wbindgen_export2);
607
+ const len1 = WASM_VECTOR_LEN;
608
+ const ptr2 = passArray8ToWasm0(signature_bytes, wasm.__wbindgen_export2);
609
+ const len2 = WASM_VECTOR_LEN;
610
+ wasm.ml_dsa_87_verify(retptr, ptr0, len0, ptr1, len1, ptr2, len2);
611
+ var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
612
+ var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
613
+ var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
614
+ if (r2) {
615
+ throw takeObject(r1);
616
+ }
617
+ return r0 !== 0;
618
+ } finally {
619
+ wasm.__wbindgen_add_to_stack_pointer(16);
620
+ }
621
+ }
622
+
623
+ /**
624
+ * Performs ML-KEM-1024 decapsulation.
179
625
  * @param {Uint8Array} secret_key_bytes
180
626
  * @param {Uint8Array} ciphertext_bytes
181
627
  * @returns {Uint8Array}
@@ -183,9 +629,9 @@ export function kem_generate_keypair() {
183
629
  export function ml_kem_1024_decapsulate(secret_key_bytes, ciphertext_bytes) {
184
630
  try {
185
631
  const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
186
- const ptr0 = passArray8ToWasm0(secret_key_bytes, wasm.__wbindgen_export3);
632
+ const ptr0 = passArray8ToWasm0(secret_key_bytes, wasm.__wbindgen_export2);
187
633
  const len0 = WASM_VECTOR_LEN;
188
- const ptr1 = passArray8ToWasm0(ciphertext_bytes, wasm.__wbindgen_export3);
634
+ const ptr1 = passArray8ToWasm0(ciphertext_bytes, wasm.__wbindgen_export2);
189
635
  const len1 = WASM_VECTOR_LEN;
190
636
  wasm.ml_kem_1024_decapsulate(retptr, ptr0, len0, ptr1, len1);
191
637
  var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
@@ -196,7 +642,7 @@ export function ml_kem_1024_decapsulate(secret_key_bytes, ciphertext_bytes) {
196
642
  throw takeObject(r2);
197
643
  }
198
644
  var v3 = getArrayU8FromWasm0(r0, r1).slice();
199
- wasm.__wbindgen_export2(r0, r1 * 1, 1);
645
+ wasm.__wbindgen_export4(r0, r1 * 1, 1);
200
646
  return v3;
201
647
  } finally {
202
648
  wasm.__wbindgen_add_to_stack_pointer(16);
@@ -204,13 +650,14 @@ export function ml_kem_1024_decapsulate(secret_key_bytes, ciphertext_bytes) {
204
650
  }
205
651
 
206
652
  /**
653
+ * Performs ML-KEM-1024 encapsulation.
207
654
  * @param {Uint8Array} public_key_bytes
208
655
  * @returns {CiphertextAndSharedSecret}
209
656
  */
210
657
  export function ml_kem_1024_encapsulate(public_key_bytes) {
211
658
  try {
212
659
  const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
213
- const ptr0 = passArray8ToWasm0(public_key_bytes, wasm.__wbindgen_export3);
660
+ const ptr0 = passArray8ToWasm0(public_key_bytes, wasm.__wbindgen_export2);
214
661
  const len0 = WASM_VECTOR_LEN;
215
662
  wasm.ml_kem_1024_encapsulate(retptr, ptr0, len0);
216
663
  var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
@@ -226,6 +673,7 @@ export function ml_kem_1024_encapsulate(public_key_bytes) {
226
673
  }
227
674
 
228
675
  /**
676
+ * Generates a fresh ML-KEM-1024 key pair using OS RNG.
229
677
  * @returns {KemKeyPair}
230
678
  */
231
679
  export function ml_kem_1024_generate_keypair() {
@@ -245,6 +693,13 @@ export function ml_kem_1024_generate_keypair() {
245
693
  }
246
694
 
247
695
  /**
696
+ * Performs ML-KEM-768 decapsulation to recover the shared secret.
697
+ *
698
+ * # Arguments
699
+ * * `secret_key_bytes` – Encoded ML-KEM-768 decapsulation key (2400 bytes)
700
+ * * `ciphertext_bytes` – ML-KEM-768 ciphertext (1088 bytes)
701
+ *
702
+ * Returns: 32-byte shared secret (or error)
248
703
  * @param {Uint8Array} secret_key_bytes
249
704
  * @param {Uint8Array} ciphertext_bytes
250
705
  * @returns {Uint8Array}
@@ -252,9 +707,9 @@ export function ml_kem_1024_generate_keypair() {
252
707
  export function ml_kem_768_decapsulate(secret_key_bytes, ciphertext_bytes) {
253
708
  try {
254
709
  const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
255
- const ptr0 = passArray8ToWasm0(secret_key_bytes, wasm.__wbindgen_export3);
710
+ const ptr0 = passArray8ToWasm0(secret_key_bytes, wasm.__wbindgen_export2);
256
711
  const len0 = WASM_VECTOR_LEN;
257
- const ptr1 = passArray8ToWasm0(ciphertext_bytes, wasm.__wbindgen_export3);
712
+ const ptr1 = passArray8ToWasm0(ciphertext_bytes, wasm.__wbindgen_export2);
258
713
  const len1 = WASM_VECTOR_LEN;
259
714
  wasm.kem_decapsulate(retptr, ptr0, len0, ptr1, len1);
260
715
  var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
@@ -265,7 +720,7 @@ export function ml_kem_768_decapsulate(secret_key_bytes, ciphertext_bytes) {
265
720
  throw takeObject(r2);
266
721
  }
267
722
  var v3 = getArrayU8FromWasm0(r0, r1).slice();
268
- wasm.__wbindgen_export2(r0, r1 * 1, 1);
723
+ wasm.__wbindgen_export4(r0, r1 * 1, 1);
269
724
  return v3;
270
725
  } finally {
271
726
  wasm.__wbindgen_add_to_stack_pointer(16);
@@ -273,13 +728,19 @@ export function ml_kem_768_decapsulate(secret_key_bytes, ciphertext_bytes) {
273
728
  }
274
729
 
275
730
  /**
731
+ * Performs ML-KEM-768 encapsulation using the provided public key.
732
+ *
733
+ * # Arguments
734
+ * * `public_key_bytes` - Encoded ML-KEM-768 encapsulation key (1184 bytes)
735
+ *
736
+ * Returns: ciphertext + 32-byte shared secret
276
737
  * @param {Uint8Array} public_key_bytes
277
738
  * @returns {CiphertextAndSharedSecret}
278
739
  */
279
740
  export function ml_kem_768_encapsulate(public_key_bytes) {
280
741
  try {
281
742
  const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
282
- const ptr0 = passArray8ToWasm0(public_key_bytes, wasm.__wbindgen_export3);
743
+ const ptr0 = passArray8ToWasm0(public_key_bytes, wasm.__wbindgen_export2);
283
744
  const len0 = WASM_VECTOR_LEN;
284
745
  wasm.kem_encapsulate(retptr, ptr0, len0);
285
746
  var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
@@ -295,6 +756,9 @@ export function ml_kem_768_encapsulate(public_key_bytes) {
295
756
  }
296
757
 
297
758
  /**
759
+ * Generates a fresh ML-KEM-768 key pair using OS RNG.
760
+ *
761
+ * Returns: `KemKeyPair` containing public & secret key bytes.
298
762
  * @returns {KemKeyPair}
299
763
  */
300
764
  export function ml_kem_768_generate_keypair() {
@@ -348,6 +812,9 @@ function __wbg_get_imports() {
348
812
  const ret = getObject(arg0).crypto;
349
813
  return addHeapObject(ret);
350
814
  },
815
+ __wbg_getRandomValues_2a91986308c74a93: function() { return handleError(function (arg0, arg1) {
816
+ globalThis.crypto.getRandomValues(getArrayU8FromWasm0(arg0, arg1));
817
+ }, arguments); },
351
818
  __wbg_getRandomValues_b3f15fcbfabb0f8b: function() { return handleError(function (arg0, arg1) {
352
819
  getObject(arg0).getRandomValues(getObject(arg1));
353
820
  }, arguments); },
@@ -436,6 +903,9 @@ function __wbg_get_imports() {
436
903
  const CiphertextAndSharedSecretFinalization = (typeof FinalizationRegistry === 'undefined')
437
904
  ? { register: () => {}, unregister: () => {} }
438
905
  : new FinalizationRegistry(ptr => wasm.__wbg_ciphertextandsharedsecret_free(ptr >>> 0, 1));
906
+ const DsaKeyPairFinalization = (typeof FinalizationRegistry === 'undefined')
907
+ ? { register: () => {}, unregister: () => {} }
908
+ : new FinalizationRegistry(ptr => wasm.__wbg_dsakeypair_free(ptr >>> 0, 1));
439
909
  const KemKeyPairFinalization = (typeof FinalizationRegistry === 'undefined')
440
910
  ? { register: () => {}, unregister: () => {} }
441
911
  : new FinalizationRegistry(ptr => wasm.__wbg_kemkeypair_free(ptr >>> 0, 1));
@@ -507,6 +977,43 @@ function passArray8ToWasm0(arg, malloc) {
507
977
  return ptr;
508
978
  }
509
979
 
980
+ function passStringToWasm0(arg, malloc, realloc) {
981
+ if (realloc === undefined) {
982
+ const buf = cachedTextEncoder.encode(arg);
983
+ const ptr = malloc(buf.length, 1) >>> 0;
984
+ getUint8ArrayMemory0().subarray(ptr, ptr + buf.length).set(buf);
985
+ WASM_VECTOR_LEN = buf.length;
986
+ return ptr;
987
+ }
988
+
989
+ let len = arg.length;
990
+ let ptr = malloc(len, 1) >>> 0;
991
+
992
+ const mem = getUint8ArrayMemory0();
993
+
994
+ let offset = 0;
995
+
996
+ for (; offset < len; offset++) {
997
+ const code = arg.charCodeAt(offset);
998
+ if (code > 0x7F) break;
999
+ mem[ptr + offset] = code;
1000
+ }
1001
+ if (offset !== len) {
1002
+ if (offset !== 0) {
1003
+ arg = arg.slice(offset);
1004
+ }
1005
+ ptr = realloc(ptr, len, len = offset + arg.length * 3, 1) >>> 0;
1006
+ const view = getUint8ArrayMemory0().subarray(ptr + offset, ptr + len);
1007
+ const ret = cachedTextEncoder.encodeInto(arg, view);
1008
+
1009
+ offset += ret.written;
1010
+ ptr = realloc(ptr, len, offset, 1) >>> 0;
1011
+ }
1012
+
1013
+ WASM_VECTOR_LEN = offset;
1014
+ return ptr;
1015
+ }
1016
+
510
1017
  function takeObject(idx) {
511
1018
  const ret = getObject(idx);
512
1019
  dropObject(idx);
@@ -527,6 +1034,19 @@ function decodeText(ptr, len) {
527
1034
  return cachedTextDecoder.decode(getUint8ArrayMemory0().subarray(ptr, ptr + len));
528
1035
  }
529
1036
 
1037
+ const cachedTextEncoder = new TextEncoder();
1038
+
1039
+ if (!('encodeInto' in cachedTextEncoder)) {
1040
+ cachedTextEncoder.encodeInto = function (arg, view) {
1041
+ const buf = cachedTextEncoder.encode(arg);
1042
+ view.set(buf);
1043
+ return {
1044
+ read: arg.length,
1045
+ written: buf.length
1046
+ };
1047
+ };
1048
+ }
1049
+
530
1050
  let WASM_VECTOR_LEN = 0;
531
1051
 
532
1052
  let wasmModule, wasm;
package/wasm_pqc_subtle_bg.wasm CHANGED
Binary file