WebBuf WebBuf
Docs

Core buffers

webbuf

Rust/WASM optimized buffers

Install 

npm install webbuf

Usage 

import {
  // Core
  WebBuf,
  FixedBuf,

  // Numbers
  U8,
  U16BE,
  U16LE,
  U32BE,
  U32LE,
  U64BE,
  U64LE,
  U128BE,
  U128LE,
  U256BE,
  U256LE,

  // Buffer I/O
  BufReader,
  BufWriter,

  // Hashing
  blake3Hash,
  doubleBlake3Hash,
  blake3Mac,
  sha256Hash,
  doubleSha256Hash,
  sha256Hmac,
  ripemd160Hash,
  doubleRipemd160Hash,

  // Elliptic curves
  sign,
  verify,
  publicKeyCreate,
  publicKeyVerify,
  privateKeyVerify,
  sharedSecret,

  // Encryption
  aescbcEncrypt,
  aescbcDecrypt,
  acb3Encrypt,
  acb3Decrypt,
  acb3dhEncrypt,
  acb3dhDecrypt,
  acs2Encrypt,
  acs2Decrypt,
  acs2dhEncrypt,
  acs2dhDecrypt,
} from "webbuf";

API reference (232 exports)

Constants

AESGCM_MLKEM

const 
AESGCM_MLKEM: { readonly versionByte: 1; readonly kemCiphertextSize: 1088; readonly ivSize: 12; readonly tagSize: 16; readonly fixedOverhead: number; readonly hkdfInfo: "webbuf:aesgcm-mlkem v1"; }

AESGCM_P256DH_MLKEM

const 
AESGCM_P256DH_MLKEM: { readonly versionByte: 2; readonly kemCiphertextSize: 1088; readonly ivSize: 12; readonly tagSize: 16; readonly fixedOverhead: number; readonly hkdfInfo: "webbuf:aesgcm-p256dh-mlkem v1"; }

AESGCM_X25519DH_MLKEM

const 
AESGCM_X25519DH_MLKEM: { readonly versionByte: 3; readonly kemCiphertextSize: 1088; readonly ivSize: 12; readonly tagSize: 16; readonly fixedOverhead: number; readonly hkdfInfo: "webbuf:aesgcm-x25519dh-mlkem v1"; }

ML_DSA_44

const 
ML_DSA_44: { readonly verifyingKeySize: 1312; readonly signingKeySize: 2560; readonly signatureSize: 2420; }

ML_DSA_65

const 
ML_DSA_65: { readonly verifyingKeySize: 1952; readonly signingKeySize: 4032; readonly signatureSize: 3309; }

ML_DSA_87

const 
ML_DSA_87: { readonly verifyingKeySize: 2592; readonly signingKeySize: 4896; readonly signatureSize: 4627; }

ML_KEM_1024

const 
ML_KEM_1024: { readonly encapsulationKeySize: 1568; readonly decapsulationKeySize: 3168; readonly ciphertextSize: 1568; readonly sharedSecretSize: 32; }

ML_KEM_512

const 
ML_KEM_512: { readonly encapsulationKeySize: 800; readonly decapsulationKeySize: 1632; readonly ciphertextSize: 768; readonly sharedSecretSize: 32; }

ML_KEM_768

const 
ML_KEM_768: { readonly encapsulationKeySize: 1184; readonly decapsulationKeySize: 2400; readonly ciphertextSize: 1088; readonly sharedSecretSize: 32; }

SIG_ED25519_MLDSA

const 
SIG_ED25519_MLDSA: { readonly versionByte: 1; readonly ed25519SignatureSize: 64; readonly mldsaSignatureSize: 3309; readonly fixedSize: number; readonly ed25519PublicKeySize: 32; readonly ed25519PrivateKeySize: 32; readonly mldsaVerifyingKeySize: 1952; readonly mldsaSigningKeySize: 4032; }

SLH_DSA_SHA2_128F

const 
SLH_DSA_SHA2_128F: { readonly seedSize: 16; readonly verifyingKeySize: 32; readonly signingKeySize: 64; readonly signatureSize: 17088; }

SLH_DSA_SHA2_128S

const 
SLH_DSA_SHA2_128S: { readonly seedSize: 16; readonly verifyingKeySize: 32; readonly signingKeySize: 64; readonly signatureSize: 7856; }

SLH_DSA_SHA2_192F

const 
SLH_DSA_SHA2_192F: { readonly seedSize: 24; readonly verifyingKeySize: 48; readonly signingKeySize: 96; readonly signatureSize: 35664; }

SLH_DSA_SHA2_192S

const 
SLH_DSA_SHA2_192S: { readonly seedSize: 24; readonly verifyingKeySize: 48; readonly signingKeySize: 96; readonly signatureSize: 16224; }

SLH_DSA_SHA2_256F

const 
SLH_DSA_SHA2_256F: { readonly seedSize: 32; readonly verifyingKeySize: 64; readonly signingKeySize: 128; readonly signatureSize: 49856; }

SLH_DSA_SHA2_256S

const 
SLH_DSA_SHA2_256S: { readonly seedSize: 32; readonly verifyingKeySize: 64; readonly signingKeySize: 128; readonly signatureSize: 29792; }

SLH_DSA_SHAKE_128F

const 
SLH_DSA_SHAKE_128F: { readonly seedSize: 16; readonly verifyingKeySize: 32; readonly signingKeySize: 64; readonly signatureSize: 17088; }

SLH_DSA_SHAKE_128S

const 
SLH_DSA_SHAKE_128S: { readonly seedSize: 16; readonly verifyingKeySize: 32; readonly signingKeySize: 64; readonly signatureSize: 7856; }

SLH_DSA_SHAKE_192F

const 
SLH_DSA_SHAKE_192F: { readonly seedSize: 24; readonly verifyingKeySize: 48; readonly signingKeySize: 96; readonly signatureSize: 35664; }

SLH_DSA_SHAKE_192S

const 
SLH_DSA_SHAKE_192S: { readonly seedSize: 24; readonly verifyingKeySize: 48; readonly signingKeySize: 96; readonly signatureSize: 16224; }

SLH_DSA_SHAKE_256F

const 
SLH_DSA_SHAKE_256F: { readonly seedSize: 32; readonly verifyingKeySize: 64; readonly signingKeySize: 128; readonly signatureSize: 49856; }

SLH_DSA_SHAKE_256S

const 
SLH_DSA_SHAKE_256S: { readonly seedSize: 32; readonly verifyingKeySize: 64; readonly signingKeySize: 128; readonly signatureSize: 29792; }

Functions

_aesgcmMlkemEncryptDeterministic

function

Test/internal-only: encrypt with caller-supplied ML-KEM `m` and AES-GCM `iv`. Used by the KAT regression tests in `test/audit.test.ts` to assert byte-precise output against the captured fixtures from issue 0004 (empty AAD) and issue 0006 Experiment 2 (non-empty AAD). Application code should use `aesgcmMlkemEncrypt`.

_aesgcmMlkemEncryptDeterministic(recipientEncapKey: FixedBuf<1184>, plaintext: WebBuf, m: FixedBuf<32>, iv: FixedBuf<12>, aad?: WebBuf): WebBuf

_aesgcmP256dhMlkemEncryptDeterministic

function

Test/internal-only: encrypt with caller-supplied ML-KEM `m` and AES-GCM `iv`. Used by the KAT regression tests in `test/audit.test.ts` to assert byte-precise output against the fixtures from issue 0004 (empty AAD) and issue 0006 Experiment 2 (non-empty AAD). Application code should use `aesgcmP256dhMlkemEncrypt`.

_aesgcmP256dhMlkemEncryptDeterministic(senderPrivKey: FixedBuf<32>, recipientPubKey: FixedBuf<33>, recipientEncapKey: FixedBuf<1184>, plaintext: WebBuf, m: FixedBuf<32>, iv: FixedBuf<12>, aad?: WebBuf): WebBuf

_aesgcmX25519dhMlkemEncryptDeterministic

function

Test/internal-only: encrypt with caller-supplied ML-KEM `m` and AES-GCM `iv`. Used by the KAT regression tests in `test/audit.test.ts` to assert byte-precise output against the fixtures captured in issue 0007 Experiment 4. Application code should use `aesgcmX25519dhMlkemEncrypt`.

_aesgcmX25519dhMlkemEncryptDeterministic(senderPrivKey: FixedBuf<32>, recipientPubKey: FixedBuf<32>, recipientEncapKey: FixedBuf<1184>, plaintext: WebBuf, m: FixedBuf<32>, iv: FixedBuf<12>, aad?: WebBuf): WebBuf

_sigEd25519MldsaSignDeterministic

function

Test/internal-only: sign with deterministic ML-DSA-65 (FIPS 204 `Sign`, no per-call randomness). Used by KAT regression tests. Application code should never call this directly — the leading underscore signals deterministic randomness, which is unsafe in production per issue 0003. Use `sigEd25519MldsaSign` instead, which uses ML-DSA-65's hedged-signing default.

_sigEd25519MldsaSignDeterministic(ed25519Priv: FixedBuf<32>, mldsaSigningKey: FixedBuf<4032>, message: WebBuf): FixedBuf<3374>

acb3Decrypt

function

Decrypt data with AES + CBC mode and a Blake3 MAC. ACB3 = AES + CBC + Blake3 Mac

acb3Decrypt(ciphertext: WebBuf, aesKey: FixedBuf<32>): WebBuf

acb3dhDecrypt

function

Use Alice's private key and Bob's public key to derive a shared secret (Diffie-Hellman) and use that shared secret at the decryption key for ACB3 decryption.

acb3dhDecrypt(alicePrivKey: FixedBuf<32>, bobPubKey: FixedBuf<33>, ciphertext: WebBuf): WebBuf

acb3dhEncrypt

function

Use Alice's private key and Bob's public key to derive a shared secret (Diffie-Hellman) and use that shared secret at the encryption key for ACB3 encryption.

acb3dhEncrypt(alicePrivKey: FixedBuf<32>, bobPubKey: FixedBuf<33>, plaintext: WebBuf, iv?: FixedBuf<16>): WebBuf

acb3Encrypt

function

Encrypt data with AES + CBC mode and a Blake3 MAC. Good for small amounts of data, such as a short text message. ACB3 = AES + CBC + Blake3 Mac

acb3Encrypt(plaintext: WebBuf, aesKey: FixedBuf<32>, iv?: FixedBuf<16>): WebBuf

acb3p256dhDecrypt

function

Use Alice's private key and Bob's public key to derive a shared secret (Diffie-Hellman with P-256) and use that shared secret as the decryption key for ACB3 decryption.

acb3p256dhDecrypt(alicePrivKey: FixedBuf<32>, bobPubKey: FixedBuf<33>, ciphertext: WebBuf): WebBuf

acb3p256dhEncrypt

function

Use Alice's private key and Bob's public key to derive a shared secret (Diffie-Hellman with P-256) and use that shared secret as the encryption key for ACB3 encryption.

acb3p256dhEncrypt(alicePrivKey: FixedBuf<32>, bobPubKey: FixedBuf<33>, plaintext: WebBuf, iv?: FixedBuf<16>): WebBuf

acs2Decrypt

function

Decrypt data with AES + CBC mode and a SHA-256 HMAC. ACS2 = AES + CBC + SHA256 Hmac

acs2Decrypt(ciphertext: WebBuf, aesKey: FixedBuf<32>): WebBuf

acs2dhDecrypt

function

Use Alice's private key and Bob's public key to derive a shared secret (Diffie-Hellman) and use that shared secret at the decryption key for ACS2 decryption.

acs2dhDecrypt(alicePrivKey: FixedBuf<32>, bobPubKey: FixedBuf<33>, ciphertext: WebBuf): WebBuf

acs2dhEncrypt

function

Use Alice's private key and Bob's public key to derive a shared secret (Diffie-Hellman) and use that shared secret at the encryption key for ACS2 encryption.

acs2dhEncrypt(alicePrivKey: FixedBuf<32>, bobPubKey: FixedBuf<33>, plaintext: WebBuf, iv?: FixedBuf<16>): WebBuf

acs2Encrypt

function

Encrypt data with AES + CBC mode and a SHA-256 HMAC. Good for small amounts of data, such as a short text message. ACS2 = AES + CBC + SHA256 Hmac

acs2Encrypt(plaintext: WebBuf, aesKey: FixedBuf<32>, iv?: FixedBuf<16>): WebBuf

acs2p256dhDecrypt

function

Use Alice's private key and Bob's public key to derive a shared secret (Diffie-Hellman with P-256) and use that shared secret as the decryption key for ACS2 decryption.

acs2p256dhDecrypt(alicePrivKey: FixedBuf<32>, bobPubKey: FixedBuf<33>, ciphertext: WebBuf): WebBuf

acs2p256dhEncrypt

function

Use Alice's private key and Bob's public key to derive a shared secret (Diffie-Hellman with P-256) and use that shared secret as the encryption key for ACS2 encryption.

acs2p256dhEncrypt(alicePrivKey: FixedBuf<32>, bobPubKey: FixedBuf<33>, plaintext: WebBuf, iv?: FixedBuf<16>): WebBuf

aescbcDecrypt

function

Decrypts a ciphertext using AES-CBC with the provided key and IV. If the IV is not provided, the first 16 bytes of the ciphertext are used.

aescbcDecrypt(ciphertext: WebBuf, aesKey: FixedBuf<16> | FixedBuf<24> | FixedBuf<32>): WebBuf

aescbcEncrypt

function

Encrypts a plaintext using AES-CBC with the provided key and IV. If the IV is not provided, a random IV is generated.

aescbcEncrypt(plaintext: WebBuf, aesKey: FixedBuf<16> | FixedBuf<24> | FixedBuf<32>, iv?: FixedBuf<16>): WebBuf

aesgcmDecrypt

function

AES-GCM authenticated decryption. Expects input layout `iv (12) || ciphertext || tag (16)` (the format produced by `aesgcmEncrypt`). The `aad` parameter must match the AAD supplied at encryption time, or AES-GCM authentication fails and this function throws. Empty AAD is the default.

aesgcmDecrypt(ciphertext: WebBuf, aesKey: FixedBuf<16> | FixedBuf<32>, aad?: WebBuf): WebBuf

aesgcmEncrypt

function

AES-GCM authenticated encryption. `aad` is optional Additional Authenticated Data — bytes that are authenticated by the AES-GCM tag but not encrypted and not transmitted in the output. The recipient must supply the same `aad` bytes the sender used; any mismatch causes `aesgcmDecrypt` to throw. Empty AAD is the default and produces output identical to AES-GCM with no AAD. Returns `iv (12 bytes) || ciphertext || tag (16 bytes)`.

aesgcmEncrypt(plaintext: WebBuf, aesKey: FixedBuf<16> | FixedBuf<32>, iv?: FixedBuf<12>, aad?: WebBuf): WebBuf

aesgcmMlkemDecrypt

function

Decrypt an `@webbuf/aesgcm-mlkem` ciphertext using an ML-KEM-768 decapsulation key. Validates the version byte and minimum length, decapsulates the shared secret, derives the AES key, and decrypts. Throws if the version byte is wrong, the ciphertext is truncated, or AES-GCM authentication fails (which catches tampered KEM ciphertext, tampered AES ciphertext, tampered IV, AAD mismatch, or wrong recipient key).

aesgcmMlkemDecrypt(decapKey: FixedBuf<2400>, ciphertext: WebBuf, aad?: WebBuf): WebBuf

aesgcmMlkemEncrypt

function

Encrypt a message under an ML-KEM-768 encapsulation key. Generates fresh ML-KEM encapsulation randomness and a fresh AES-GCM IV per call via `FixedBuf.fromRandom`. Two calls with identical `recipientEncapKey` and `plaintext` produce different ciphertexts. `aad` is optional Additional Authenticated Data — bytes that are authenticated by the AES-GCM tag but not encrypted and not transmitted in the output. The recipient must supply the same `aad` bytes the sender used; any mismatch causes `aesgcmMlkemDecrypt` to throw. Empty AAD is the default and matches the original issue 0004 behavior. Output layout: [0..1) version byte (0x01) [1..1089) ML-KEM-768 ciphertext (1088 bytes) [1089..1101) AES-GCM IV (12 bytes) [1101..1101+N) AES-GCM ciphertext (N bytes; same length as plaintext) [1101+N..1117+N) AES-GCM authentication tag (16 bytes)

aesgcmMlkemEncrypt(recipientEncapKey: FixedBuf<1184>, plaintext: WebBuf, aad?: WebBuf): WebBuf

aesgcmP256dhDecrypt

function

Use Alice's private key and Bob's public key to derive a shared secret (Diffie-Hellman with P-256) and use that shared secret as the decryption key for AES-GCM decryption.

aesgcmP256dhDecrypt(alicePrivKey: FixedBuf<32>, bobPubKey: FixedBuf<33>, ciphertext: WebBuf): WebBuf

aesgcmP256dhEncrypt

function

Use Alice's private key and Bob's public key to derive a shared secret (Diffie-Hellman with P-256) and use that shared secret as the encryption key for AES-GCM encryption. Key derivation: SHA-256(P-256-ECDH(privKey, pubKey)) -> 32-byte AES-256-GCM key

aesgcmP256dhEncrypt(alicePrivKey: FixedBuf<32>, bobPubKey: FixedBuf<33>, plaintext: WebBuf, iv?: FixedBuf<12>): WebBuf

aesgcmP256dhMlkemDecrypt

function

Decrypt an `@webbuf/aesgcm-p256dh-mlkem` ciphertext. Validates the version byte and minimum length, computes the same hybrid key by combining ECDH and decapsulated KEM shared secrets, and decrypts. Throws on version-byte mismatch, truncation, or AES-GCM authentication failure (which catches tampered KEM ciphertext, tampered AES ciphertext, tampered IV, AAD mismatch, or any wrong input key — including a wrong P-256 sender pub, wrong P-256 recipient priv, or wrong ML-KEM decapsulation key).

aesgcmP256dhMlkemDecrypt(recipientPrivKey: FixedBuf<32>, senderPubKey: FixedBuf<33>, decapKey: FixedBuf<2400>, ciphertext: WebBuf, aad?: WebBuf): WebBuf

aesgcmP256dhMlkemEncrypt

function

Encrypt a message with hybrid P-256 ECDH + ML-KEM-768 key exchange. Both parties use persistent (static-static) P-256 keypairs. The sender provides their own private P-256 key and the recipient's public P-256 key plus ML-KEM-768 encapsulation key. The AES key is derived from the concatenation of the raw 32-byte ECDH X-coordinate and the 32-byte ML-KEM shared secret via HKDF-SHA-256. `aad` is optional Additional Authenticated Data — bytes that are authenticated by the AES-GCM tag but not encrypted and not transmitted in the output. The recipient must supply the same `aad` bytes the sender used; any mismatch causes `aesgcmP256dhMlkemDecrypt` to throw. Empty AAD is the default and matches the original issue 0004 behavior. Output layout: [0..1) version byte (0x02) [1..1089) ML-KEM-768 ciphertext (1088 bytes) [1089..1101) AES-GCM IV (12 bytes) [1101..1101+N) AES-GCM ciphertext (N bytes; same length as plaintext) [1101+N..1117+N) AES-GCM authentication tag (16 bytes)

aesgcmP256dhMlkemEncrypt(senderPrivKey: FixedBuf<32>, recipientPubKey: FixedBuf<33>, recipientEncapKey: FixedBuf<1184>, plaintext: WebBuf, aad?: WebBuf): WebBuf

aesgcmX25519dhMlkemDecrypt

function

Decrypt an `@webbuf/aesgcm-x25519dh-mlkem` ciphertext. Validates the version byte and minimum length, computes the same hybrid key by combining X25519 ECDH and decapsulated KEM shared secrets, and decrypts. Throws on version-byte mismatch, truncation, or AES-GCM authentication failure (which catches tampered KEM ciphertext, tampered AES ciphertext, tampered IV, AAD mismatch, or any wrong input key — including a wrong X25519 sender pub, wrong X25519 recipient priv, or wrong ML-KEM decapsulation key). Also throws if the X25519 shared secret with the supplied sender pub key is non-contributory (small-order public key). This propagates the `@webbuf/x25519` strict-rejection guarantee through the hybrid layer.

aesgcmX25519dhMlkemDecrypt(recipientPrivKey: FixedBuf<32>, senderPubKey: FixedBuf<32>, decapKey: FixedBuf<2400>, ciphertext: WebBuf, aad?: WebBuf): WebBuf

aesgcmX25519dhMlkemEncrypt

function

Encrypt a message with hybrid X25519 ECDH + ML-KEM-768 key exchange. Both parties use persistent (static-static) X25519 keypairs. The sender provides their own private X25519 key and the recipient's public X25519 key plus ML-KEM-768 encapsulation key. The AES key is derived from the concatenation of the raw 32-byte X25519 ECDH shared secret and the 32-byte ML-KEM shared secret via HKDF-SHA-256. **Small-order rejection.** `x25519SharedSecretRaw` throws if the recipient's public key is small-order (the resulting shared secret is non-contributory). This protects the hybrid construction from being collapsed to PQ-only by a malicious peer presenting a small-order public key. `aad` is optional Additional Authenticated Data — bytes that are authenticated by the AES-GCM tag but not encrypted and not transmitted in the output. The recipient must supply the same `aad` bytes the sender used; any mismatch causes `aesgcmX25519dhMlkemDecrypt` to throw. Output layout: [0..1) version byte (0x03) [1..1089) ML-KEM-768 ciphertext (1088 bytes) [1089..1101) AES-GCM IV (12 bytes) [1101..1101+N) AES-GCM ciphertext (N bytes; same length as plaintext) [1101+N..1117+N) AES-GCM authentication tag (16 bytes)

aesgcmX25519dhMlkemEncrypt(senderPrivKey: FixedBuf<32>, recipientPubKey: FixedBuf<32>, recipientEncapKey: FixedBuf<1184>, plaintext: WebBuf, aad?: WebBuf): WebBuf

blake3Hash

function 
blake3Hash(buf: WebBuf): FixedBuf<32>

blake3Mac

function 
blake3Mac(key: FixedBuf<32>, message: WebBuf): FixedBuf<32>

doubleBlake3Hash

function 
doubleBlake3Hash(buf: WebBuf): FixedBuf<32>

doubleRipemd160Hash

function 
doubleRipemd160Hash(buf: WebBuf): FixedBuf<20>

doubleSha256Hash

function 
doubleSha256Hash(buf: WebBuf): FixedBuf<32>

ed25519PublicKeyCreate

function

Derive the 32-byte Ed25519 public key from a 32-byte seed (RFC 8032 §5.1.5 secret key). The 32-byte input is the seed (what the RFC calls the secret key), not the 64-byte expanded form some libraries expose. This matches OpenSSH, OpenPGP, and the convention used by `ed25519-dalek 2.x`'s `SigningKey::from_bytes`.

ed25519PublicKeyCreate(privKey: FixedBuf<32>): FixedBuf<32>

ed25519Sign

function

Sign a message with PureEdDSA (RFC 8032 §5.1.6). Produces a 64-byte `(R || S)` signature. The signer consumes the raw message bytes directly — no prehash, no Ed25519ph. Consumers who want to sign a digest should hash externally and pass the digest as the `message` argument. PureEdDSA is deterministic: the same `(privKey, message)` pair always produces the same signature.

ed25519Sign(privKey: FixedBuf<32>, message: WebBuf): FixedBuf<64>

ed25519Verify

function

Verify a 64-byte PureEdDSA signature against the public key and message (RFC 8032 §5.1.7). Returns `true` for a valid signature. Returns `false` for any rejection: wrong key, tampered message, tampered signature, non-canonical S, malformed point, small-order R. **Throws** only on malformed-length input — that's the only failure mode treated as an error; verification failure itself is a value, not an exception. Strict RFC 8032 §5.1.7 semantics are enforced. The wrapper calls `VerifyingKey::verify_strict` (not the cofactored `verify`), which rejects small-order public keys, non-canonical R, and non-canonical S. This is necessary to close the universal-forgery hole that exists when a malicious peer presents the identity element as their public key.

ed25519Verify(pubKey: FixedBuf<32>, message: WebBuf, signature: FixedBuf<64>): boolean

mlDsa44KeyPair

function 
mlDsa44KeyPair(): MlDsaKeyPair<1312, 2560>
mlDsa44KeyPair(seed: FixedBuf<32>): MlDsaKeyPair<1312, 2560>

mlDsa44KeyPairDeterministic

function 
mlDsa44KeyPairDeterministic(seed: FixedBuf<32>): MlDsaKeyPair<1312, 2560>

mlDsa44Sign

function 
mlDsa44Sign(signingKey: FixedBuf<2560>, message: WebBuf, context?: WebBuf): FixedBuf<2420>

mlDsa44SignDeterministic

function 
mlDsa44SignDeterministic(signingKey: FixedBuf<2560>, message: WebBuf, context?: WebBuf): FixedBuf<2420>

mlDsa44SignInternal

function 
mlDsa44SignInternal(signingKey: FixedBuf<2560>, message: WebBuf, rnd: FixedBuf<32>): FixedBuf<2420>

mlDsa44Verify

function 
mlDsa44Verify(verifyingKey: FixedBuf<1312>, message: WebBuf, signature: FixedBuf<2420>, context?: WebBuf): boolean

mlDsa44VerifyInternal

function 
mlDsa44VerifyInternal(verifyingKey: FixedBuf<1312>, message: WebBuf, signature: FixedBuf<2420>): boolean

mlDsa65KeyPair

function 
mlDsa65KeyPair(): MlDsaKeyPair<1952, 4032>
mlDsa65KeyPair(seed: FixedBuf<32>): MlDsaKeyPair<1952, 4032>

mlDsa65KeyPairDeterministic

function 
mlDsa65KeyPairDeterministic(seed: FixedBuf<32>): MlDsaKeyPair<1952, 4032>

mlDsa65Sign

function 
mlDsa65Sign(signingKey: FixedBuf<4032>, message: WebBuf, context?: WebBuf): FixedBuf<3309>

mlDsa65SignDeterministic

function 
mlDsa65SignDeterministic(signingKey: FixedBuf<4032>, message: WebBuf, context?: WebBuf): FixedBuf<3309>

mlDsa65SignInternal

function 
mlDsa65SignInternal(signingKey: FixedBuf<4032>, message: WebBuf, rnd: FixedBuf<32>): FixedBuf<3309>

mlDsa65Verify

function 
mlDsa65Verify(verifyingKey: FixedBuf<1952>, message: WebBuf, signature: FixedBuf<3309>, context?: WebBuf): boolean

mlDsa65VerifyInternal

function 
mlDsa65VerifyInternal(verifyingKey: FixedBuf<1952>, message: WebBuf, signature: FixedBuf<3309>): boolean

mlDsa87KeyPair

function 
mlDsa87KeyPair(): MlDsaKeyPair<2592, 4896>
mlDsa87KeyPair(seed: FixedBuf<32>): MlDsaKeyPair<2592, 4896>

mlDsa87KeyPairDeterministic

function 
mlDsa87KeyPairDeterministic(seed: FixedBuf<32>): MlDsaKeyPair<2592, 4896>

mlDsa87Sign

function 
mlDsa87Sign(signingKey: FixedBuf<4896>, message: WebBuf, context?: WebBuf): FixedBuf<4627>

mlDsa87SignDeterministic

function 
mlDsa87SignDeterministic(signingKey: FixedBuf<4896>, message: WebBuf, context?: WebBuf): FixedBuf<4627>

mlDsa87SignInternal

function 
mlDsa87SignInternal(signingKey: FixedBuf<4896>, message: WebBuf, rnd: FixedBuf<32>): FixedBuf<4627>

mlDsa87Verify

function 
mlDsa87Verify(verifyingKey: FixedBuf<2592>, message: WebBuf, signature: FixedBuf<4627>, context?: WebBuf): boolean

mlDsa87VerifyInternal

function 
mlDsa87VerifyInternal(verifyingKey: FixedBuf<2592>, message: WebBuf, signature: FixedBuf<4627>): boolean

mlKem1024Decapsulate

function 
mlKem1024Decapsulate(decapsulationKey: FixedBuf<3168>, ciphertext: FixedBuf<1568>): FixedBuf<32>

mlKem1024Encapsulate

function 
mlKem1024Encapsulate(encapsulationKey: FixedBuf<1568>): MlKemEncapResult<1568, 32>
mlKem1024Encapsulate(encapsulationKey: FixedBuf<1568>, m: FixedBuf<32>): MlKemEncapResult<1568, 32>

mlKem1024EncapsulateDeterministic

function 
mlKem1024EncapsulateDeterministic(encapsulationKey: FixedBuf<1568>, m: FixedBuf<32>): MlKemEncapResult<1568, 32>

mlKem1024KeyPair

function 
mlKem1024KeyPair(): MlKemKeyPair<1568, 3168>
mlKem1024KeyPair(d: FixedBuf<32>, z: FixedBuf<32>): MlKemKeyPair<1568, 3168>

mlKem1024KeyPairDeterministic

function 
mlKem1024KeyPairDeterministic(d: FixedBuf<32>, z: FixedBuf<32>): MlKemKeyPair<1568, 3168>

mlKem512Decapsulate

function 
mlKem512Decapsulate(decapsulationKey: FixedBuf<1632>, ciphertext: FixedBuf<768>): FixedBuf<32>

mlKem512Encapsulate

function 
mlKem512Encapsulate(encapsulationKey: FixedBuf<800>): MlKemEncapResult<768, 32>
mlKem512Encapsulate(encapsulationKey: FixedBuf<800>, m: FixedBuf<32>): MlKemEncapResult<768, 32>

mlKem512EncapsulateDeterministic

function 
mlKem512EncapsulateDeterministic(encapsulationKey: FixedBuf<800>, m: FixedBuf<32>): MlKemEncapResult<768, 32>

mlKem512KeyPair

function 
mlKem512KeyPair(): MlKemKeyPair<800, 1632>
mlKem512KeyPair(d: FixedBuf<32>, z: FixedBuf<32>): MlKemKeyPair<800, 1632>

mlKem512KeyPairDeterministic

function 
mlKem512KeyPairDeterministic(d: FixedBuf<32>, z: FixedBuf<32>): MlKemKeyPair<800, 1632>

mlKem768Decapsulate

function 
mlKem768Decapsulate(decapsulationKey: FixedBuf<2400>, ciphertext: FixedBuf<1088>): FixedBuf<32>

mlKem768Encapsulate

function 
mlKem768Encapsulate(encapsulationKey: FixedBuf<1184>): MlKemEncapResult<1088, 32>
mlKem768Encapsulate(encapsulationKey: FixedBuf<1184>, m: FixedBuf<32>): MlKemEncapResult<1088, 32>

mlKem768EncapsulateDeterministic

function 
mlKem768EncapsulateDeterministic(encapsulationKey: FixedBuf<1184>, m: FixedBuf<32>): MlKemEncapResult<1088, 32>

mlKem768KeyPair

function 
mlKem768KeyPair(): MlKemKeyPair<1184, 2400>
mlKem768KeyPair(d: FixedBuf<32>, z: FixedBuf<32>): MlKemKeyPair<1184, 2400>

mlKem768KeyPairDeterministic

function 
mlKem768KeyPairDeterministic(d: FixedBuf<32>, z: FixedBuf<32>): MlKemKeyPair<1184, 2400>

p256PrivateKeyAdd

function 
p256PrivateKeyAdd(privKey1: FixedBuf<32>, privKey2: FixedBuf<32>): FixedBuf<32>

p256PrivateKeyToJwk

function

Convert a raw 32-byte P-256 private key scalar to a JsonWebKey, ready to pass to `crypto.subtle.importKey("jwk", jwk, ...)`. Internally derives the associated public key (Web Crypto requires `x` and `y` alongside `d`).

p256PrivateKeyToJwk(privateKey: FixedBuf<32>): P256PrivateKeyJwk

p256PrivateKeyVerify

function 
p256PrivateKeyVerify(privateKey: FixedBuf<32>): boolean

p256PublicKeyAdd

function 
p256PublicKeyAdd(publicKey1: FixedBuf<33>, publicKey2: FixedBuf<33>): FixedBuf<33>

p256PublicKeyCompress

function

Compress a 65-byte SEC1 uncompressed P-256 public key into its 33-byte compressed form. Throws if the point is not on the curve.

p256PublicKeyCompress(uncompressed: FixedBuf<65>): FixedBuf<33>

p256PublicKeyCreate

function 
p256PublicKeyCreate(privateKey: FixedBuf<32>): FixedBuf<33>

p256PublicKeyDecompress

function

Decompress a 33-byte SEC1 compressed P-256 public key into its 65-byte uncompressed form (`0x04 || X || Y`). Useful for `crypto.subtle.importKey("raw", ...)`.

p256PublicKeyDecompress(compressed: FixedBuf<33>): FixedBuf<65>

p256PublicKeyFromJwk

function

Reconstruct a compressed 33-byte P-256 public key from a JsonWebKey's `x` and `y` coordinates. Validates that the point is on the curve.

p256PublicKeyFromJwk(jwk: { x: string; y: string; }): FixedBuf<33>

p256PublicKeyToJwk

function

Convert a compressed P-256 public key to a JsonWebKey, ready to pass to `crypto.subtle.importKey("jwk", jwk, ...)`.

p256PublicKeyToJwk(compressed: FixedBuf<33>): P256PublicKeyJwk

p256PublicKeyVerify

function 
p256PublicKeyVerify(publicKey: FixedBuf<33>): boolean

p256SharedSecret

function 
p256SharedSecret(privateKey: FixedBuf<32>, publicKey: FixedBuf<33>): FixedBuf<33>

p256SharedSecretRaw

function

P-256 ECDH shared secret as the raw 32-byte X-coordinate. This is the SEC1 X9.63 "Z" value used as input to a KDF in NIST SP 800-56A §5.7.1.2 and the IETF hybrid KEM combiners. Equivalent to `p256SharedSecret` with the SEC1 prefix byte stripped — the prefix is deterministic given the X-coordinate, so removing it loses no entropy. Use this when feeding the ECDH output into an HKDF-based key schedule.

p256SharedSecretRaw(privateKey: FixedBuf<32>, publicKey: FixedBuf<33>): FixedBuf<32>

p256Sign

function 
p256Sign(digest: FixedBuf<32>, privateKey: FixedBuf<32>, k: FixedBuf<32>): FixedBuf<64>

p256Verify

function 
p256Verify(signature: FixedBuf<64>, digest: FixedBuf<32>, publicKey: FixedBuf<33>): boolean

pbkdf2Sha256

function 
pbkdf2Sha256<N extends number>(password: WebBuf, salt: WebBuf, iterations: number, keyLen: N): FixedBuf<N>

privateKeyAdd

function 
privateKeyAdd(privKey1: FixedBuf<32>, privKey2: FixedBuf<32>): FixedBuf<32>

privateKeyVerify

function 
privateKeyVerify(privateKey: FixedBuf<32>): boolean

publicKeyAdd

function 
publicKeyAdd(publicKey1: FixedBuf<33>, publicKey2: FixedBuf<33>): FixedBuf<33>

publicKeyCreate

function 
publicKeyCreate(privateKey: FixedBuf<32>): FixedBuf<33>

publicKeyVerify

function 
publicKeyVerify(publicKey: FixedBuf<33>): boolean

ripemd160Hash

function 
ripemd160Hash(buf: WebBuf): FixedBuf<20>

sha256Hash

function 
sha256Hash(buf: WebBuf): FixedBuf<32>

sha256Hmac

function 
sha256Hmac(key: WebBuf, message: WebBuf): FixedBuf<32>

sharedSecret

function 
sharedSecret(privateKey: FixedBuf<32>, publicKey: FixedBuf<33>): FixedBuf<33>

sigEd25519MldsaSign

function

Composite Ed25519 + ML-DSA-65 signature over a message. Signs the raw message bytes with both PureEdDSA (RFC 8032 §5.1.6) and FIPS 204 ML-DSA-65 Sign. Both signers consume the message verbatim — no prehash, no digest indirection. Returns the wire-format concatenation: `version || ed25519_sig (64) || mldsa_sig (3309)` = 3374 bytes. Determinism: PureEdDSA is RFC-deterministic; ML-DSA-65 is hedged by default (issue 0003). The composite signature is therefore non-deterministic by default — the Ed25519 half is stable for a given (seed, message), but the ML-DSA half varies per call.

sigEd25519MldsaSign(ed25519Priv: FixedBuf<32>, mldsaSigningKey: FixedBuf<4032>, message: WebBuf): FixedBuf<3374>

sigEd25519MldsaVerify

function

Composite Ed25519 + ML-DSA-65 signature verification. Both halves must verify against their respective public keys for the composite to verify. Returns `true` iff both pass; returns `false` for any rejection (wrong key on either side, tampered message, tampered signature, version-byte mismatch, malformed Ed25519 point, non-canonical Ed25519 S, etc.). Throws **only** on input-length errors at the top level. Strict Ed25519 verification (`verify_strict` under the hood) is enforced via `@webbuf/ed25519` — small-order Ed25519 public keys and non-canonical S are rejected, closing the universal-forgery hole that fooled the experiment-3 wrapper before the Codex fix. Both halves are verified regardless of either half's individual result, so this does not short-circuit. Neither primitive's underlying verifier is constant-time, however — the abstraction does not add timing safety we don't already have at the primitive layer.

sigEd25519MldsaVerify(ed25519Pub: FixedBuf<32>, mldsaVerifyingKey: FixedBuf<1952>, message: WebBuf, signature: FixedBuf<3374>): boolean

sign

function 
sign(digest: FixedBuf<32>, privateKey: FixedBuf<32>, k: FixedBuf<32>): FixedBuf<64>

slhDsaSha2_128fKeyPair

function 
slhDsaSha2_128fKeyPair(): SlhDsaKeyPair<32, 64>
slhDsaSha2_128fKeyPair(skSeed: FixedBuf<16>, skPrf: FixedBuf<16>, pkSeed: FixedBuf<16>): SlhDsaKeyPair<32, 64>

slhDsaSha2_128fKeyPairDeterministic

function 
slhDsaSha2_128fKeyPairDeterministic(skSeed: FixedBuf<16>, skPrf: FixedBuf<16>, pkSeed: FixedBuf<16>): SlhDsaKeyPair<32, 64>

slhDsaSha2_128fSign

function 
slhDsaSha2_128fSign(signingKey: FixedBuf<64>, message: WebBuf, context?: WebBuf): FixedBuf<17088>

slhDsaSha2_128fSignDeterministic

function 
slhDsaSha2_128fSignDeterministic(signingKey: FixedBuf<64>, message: WebBuf, context?: WebBuf): FixedBuf<17088>

slhDsaSha2_128fSignInternal

function 
slhDsaSha2_128fSignInternal(signingKey: FixedBuf<64>, message: WebBuf, addrnd?: FixedBuf<16>): FixedBuf<17088>

slhDsaSha2_128fVerify

function 
slhDsaSha2_128fVerify(verifyingKey: FixedBuf<32>, message: WebBuf, signature: FixedBuf<17088>, context?: WebBuf): boolean

slhDsaSha2_128fVerifyInternal

function 
slhDsaSha2_128fVerifyInternal(verifyingKey: FixedBuf<32>, message: WebBuf, signature: FixedBuf<17088>): boolean

slhDsaSha2_128sKeyPair

function 
slhDsaSha2_128sKeyPair(): SlhDsaKeyPair<32, 64>
slhDsaSha2_128sKeyPair(skSeed: FixedBuf<16>, skPrf: FixedBuf<16>, pkSeed: FixedBuf<16>): SlhDsaKeyPair<32, 64>

slhDsaSha2_128sKeyPairDeterministic

function 
slhDsaSha2_128sKeyPairDeterministic(skSeed: FixedBuf<16>, skPrf: FixedBuf<16>, pkSeed: FixedBuf<16>): SlhDsaKeyPair<32, 64>

slhDsaSha2_128sSign

function 
slhDsaSha2_128sSign(signingKey: FixedBuf<64>, message: WebBuf, context?: WebBuf): FixedBuf<7856>

slhDsaSha2_128sSignDeterministic

function 
slhDsaSha2_128sSignDeterministic(signingKey: FixedBuf<64>, message: WebBuf, context?: WebBuf): FixedBuf<7856>

slhDsaSha2_128sSignInternal

function 
slhDsaSha2_128sSignInternal(signingKey: FixedBuf<64>, message: WebBuf, addrnd?: FixedBuf<16>): FixedBuf<7856>

slhDsaSha2_128sVerify

function 
slhDsaSha2_128sVerify(verifyingKey: FixedBuf<32>, message: WebBuf, signature: FixedBuf<7856>, context?: WebBuf): boolean

slhDsaSha2_128sVerifyInternal

function 
slhDsaSha2_128sVerifyInternal(verifyingKey: FixedBuf<32>, message: WebBuf, signature: FixedBuf<7856>): boolean

slhDsaSha2_192fKeyPair

function 
slhDsaSha2_192fKeyPair(): SlhDsaKeyPair<48, 96>
slhDsaSha2_192fKeyPair(skSeed: FixedBuf<24>, skPrf: FixedBuf<24>, pkSeed: FixedBuf<24>): SlhDsaKeyPair<48, 96>

slhDsaSha2_192fKeyPairDeterministic

function 
slhDsaSha2_192fKeyPairDeterministic(skSeed: FixedBuf<24>, skPrf: FixedBuf<24>, pkSeed: FixedBuf<24>): SlhDsaKeyPair<48, 96>

slhDsaSha2_192fSign

function 
slhDsaSha2_192fSign(signingKey: FixedBuf<96>, message: WebBuf, context?: WebBuf): FixedBuf<35664>

slhDsaSha2_192fSignDeterministic

function 
slhDsaSha2_192fSignDeterministic(signingKey: FixedBuf<96>, message: WebBuf, context?: WebBuf): FixedBuf<35664>

slhDsaSha2_192fSignInternal

function 
slhDsaSha2_192fSignInternal(signingKey: FixedBuf<96>, message: WebBuf, addrnd?: FixedBuf<24>): FixedBuf<35664>

slhDsaSha2_192fVerify

function 
slhDsaSha2_192fVerify(verifyingKey: FixedBuf<48>, message: WebBuf, signature: FixedBuf<35664>, context?: WebBuf): boolean

slhDsaSha2_192fVerifyInternal

function 
slhDsaSha2_192fVerifyInternal(verifyingKey: FixedBuf<48>, message: WebBuf, signature: FixedBuf<35664>): boolean

slhDsaSha2_192sKeyPair

function 
slhDsaSha2_192sKeyPair(): SlhDsaKeyPair<48, 96>
slhDsaSha2_192sKeyPair(skSeed: FixedBuf<24>, skPrf: FixedBuf<24>, pkSeed: FixedBuf<24>): SlhDsaKeyPair<48, 96>

slhDsaSha2_192sKeyPairDeterministic

function 
slhDsaSha2_192sKeyPairDeterministic(skSeed: FixedBuf<24>, skPrf: FixedBuf<24>, pkSeed: FixedBuf<24>): SlhDsaKeyPair<48, 96>

slhDsaSha2_192sSign

function 
slhDsaSha2_192sSign(signingKey: FixedBuf<96>, message: WebBuf, context?: WebBuf): FixedBuf<16224>

slhDsaSha2_192sSignDeterministic

function 
slhDsaSha2_192sSignDeterministic(signingKey: FixedBuf<96>, message: WebBuf, context?: WebBuf): FixedBuf<16224>

slhDsaSha2_192sSignInternal

function 
slhDsaSha2_192sSignInternal(signingKey: FixedBuf<96>, message: WebBuf, addrnd?: FixedBuf<24>): FixedBuf<16224>

slhDsaSha2_192sVerify

function 
slhDsaSha2_192sVerify(verifyingKey: FixedBuf<48>, message: WebBuf, signature: FixedBuf<16224>, context?: WebBuf): boolean

slhDsaSha2_192sVerifyInternal

function 
slhDsaSha2_192sVerifyInternal(verifyingKey: FixedBuf<48>, message: WebBuf, signature: FixedBuf<16224>): boolean

slhDsaSha2_256fKeyPair

function 
slhDsaSha2_256fKeyPair(): SlhDsaKeyPair<64, 128>
slhDsaSha2_256fKeyPair(skSeed: FixedBuf<32>, skPrf: FixedBuf<32>, pkSeed: FixedBuf<32>): SlhDsaKeyPair<64, 128>

slhDsaSha2_256fKeyPairDeterministic

function 
slhDsaSha2_256fKeyPairDeterministic(skSeed: FixedBuf<32>, skPrf: FixedBuf<32>, pkSeed: FixedBuf<32>): SlhDsaKeyPair<64, 128>

slhDsaSha2_256fSign

function 
slhDsaSha2_256fSign(signingKey: FixedBuf<128>, message: WebBuf, context?: WebBuf): FixedBuf<49856>

slhDsaSha2_256fSignDeterministic

function 
slhDsaSha2_256fSignDeterministic(signingKey: FixedBuf<128>, message: WebBuf, context?: WebBuf): FixedBuf<49856>

slhDsaSha2_256fSignInternal

function 
slhDsaSha2_256fSignInternal(signingKey: FixedBuf<128>, message: WebBuf, addrnd?: FixedBuf<32>): FixedBuf<49856>

slhDsaSha2_256fVerify

function 
slhDsaSha2_256fVerify(verifyingKey: FixedBuf<64>, message: WebBuf, signature: FixedBuf<49856>, context?: WebBuf): boolean

slhDsaSha2_256fVerifyInternal

function 
slhDsaSha2_256fVerifyInternal(verifyingKey: FixedBuf<64>, message: WebBuf, signature: FixedBuf<49856>): boolean

slhDsaSha2_256sKeyPair

function 
slhDsaSha2_256sKeyPair(): SlhDsaKeyPair<64, 128>
slhDsaSha2_256sKeyPair(skSeed: FixedBuf<32>, skPrf: FixedBuf<32>, pkSeed: FixedBuf<32>): SlhDsaKeyPair<64, 128>

slhDsaSha2_256sKeyPairDeterministic

function 
slhDsaSha2_256sKeyPairDeterministic(skSeed: FixedBuf<32>, skPrf: FixedBuf<32>, pkSeed: FixedBuf<32>): SlhDsaKeyPair<64, 128>

slhDsaSha2_256sSign

function 
slhDsaSha2_256sSign(signingKey: FixedBuf<128>, message: WebBuf, context?: WebBuf): FixedBuf<29792>

slhDsaSha2_256sSignDeterministic

function 
slhDsaSha2_256sSignDeterministic(signingKey: FixedBuf<128>, message: WebBuf, context?: WebBuf): FixedBuf<29792>

slhDsaSha2_256sSignInternal

function 
slhDsaSha2_256sSignInternal(signingKey: FixedBuf<128>, message: WebBuf, addrnd?: FixedBuf<32>): FixedBuf<29792>

slhDsaSha2_256sVerify

function 
slhDsaSha2_256sVerify(verifyingKey: FixedBuf<64>, message: WebBuf, signature: FixedBuf<29792>, context?: WebBuf): boolean

slhDsaSha2_256sVerifyInternal

function 
slhDsaSha2_256sVerifyInternal(verifyingKey: FixedBuf<64>, message: WebBuf, signature: FixedBuf<29792>): boolean

slhDsaShake_128fKeyPair

function 
slhDsaShake_128fKeyPair(): SlhDsaKeyPair<32, 64>
slhDsaShake_128fKeyPair(skSeed: FixedBuf<16>, skPrf: FixedBuf<16>, pkSeed: FixedBuf<16>): SlhDsaKeyPair<32, 64>

slhDsaShake_128fKeyPairDeterministic

function 
slhDsaShake_128fKeyPairDeterministic(skSeed: FixedBuf<16>, skPrf: FixedBuf<16>, pkSeed: FixedBuf<16>): SlhDsaKeyPair<32, 64>

slhDsaShake_128fSign

function 
slhDsaShake_128fSign(signingKey: FixedBuf<64>, message: WebBuf, context?: WebBuf): FixedBuf<17088>

slhDsaShake_128fSignDeterministic

function 
slhDsaShake_128fSignDeterministic(signingKey: FixedBuf<64>, message: WebBuf, context?: WebBuf): FixedBuf<17088>

slhDsaShake_128fSignInternal

function 
slhDsaShake_128fSignInternal(signingKey: FixedBuf<64>, message: WebBuf, addrnd?: FixedBuf<16>): FixedBuf<17088>

slhDsaShake_128fVerify

function 
slhDsaShake_128fVerify(verifyingKey: FixedBuf<32>, message: WebBuf, signature: FixedBuf<17088>, context?: WebBuf): boolean

slhDsaShake_128fVerifyInternal

function 
slhDsaShake_128fVerifyInternal(verifyingKey: FixedBuf<32>, message: WebBuf, signature: FixedBuf<17088>): boolean

slhDsaShake_128sKeyPair

function 
slhDsaShake_128sKeyPair(): SlhDsaKeyPair<32, 64>
slhDsaShake_128sKeyPair(skSeed: FixedBuf<16>, skPrf: FixedBuf<16>, pkSeed: FixedBuf<16>): SlhDsaKeyPair<32, 64>

slhDsaShake_128sKeyPairDeterministic

function 
slhDsaShake_128sKeyPairDeterministic(skSeed: FixedBuf<16>, skPrf: FixedBuf<16>, pkSeed: FixedBuf<16>): SlhDsaKeyPair<32, 64>

slhDsaShake_128sSign

function 
slhDsaShake_128sSign(signingKey: FixedBuf<64>, message: WebBuf, context?: WebBuf): FixedBuf<7856>

slhDsaShake_128sSignDeterministic

function 
slhDsaShake_128sSignDeterministic(signingKey: FixedBuf<64>, message: WebBuf, context?: WebBuf): FixedBuf<7856>

slhDsaShake_128sSignInternal

function 
slhDsaShake_128sSignInternal(signingKey: FixedBuf<64>, message: WebBuf, addrnd?: FixedBuf<16>): FixedBuf<7856>

slhDsaShake_128sVerify

function 
slhDsaShake_128sVerify(verifyingKey: FixedBuf<32>, message: WebBuf, signature: FixedBuf<7856>, context?: WebBuf): boolean

slhDsaShake_128sVerifyInternal

function 
slhDsaShake_128sVerifyInternal(verifyingKey: FixedBuf<32>, message: WebBuf, signature: FixedBuf<7856>): boolean

slhDsaShake_192fKeyPair

function 
slhDsaShake_192fKeyPair(): SlhDsaKeyPair<48, 96>
slhDsaShake_192fKeyPair(skSeed: FixedBuf<24>, skPrf: FixedBuf<24>, pkSeed: FixedBuf<24>): SlhDsaKeyPair<48, 96>

slhDsaShake_192fKeyPairDeterministic

function 
slhDsaShake_192fKeyPairDeterministic(skSeed: FixedBuf<24>, skPrf: FixedBuf<24>, pkSeed: FixedBuf<24>): SlhDsaKeyPair<48, 96>

slhDsaShake_192fSign

function 
slhDsaShake_192fSign(signingKey: FixedBuf<96>, message: WebBuf, context?: WebBuf): FixedBuf<35664>

slhDsaShake_192fSignDeterministic

function 
slhDsaShake_192fSignDeterministic(signingKey: FixedBuf<96>, message: WebBuf, context?: WebBuf): FixedBuf<35664>

slhDsaShake_192fSignInternal

function 
slhDsaShake_192fSignInternal(signingKey: FixedBuf<96>, message: WebBuf, addrnd?: FixedBuf<24>): FixedBuf<35664>

slhDsaShake_192fVerify

function 
slhDsaShake_192fVerify(verifyingKey: FixedBuf<48>, message: WebBuf, signature: FixedBuf<35664>, context?: WebBuf): boolean

slhDsaShake_192fVerifyInternal

function 
slhDsaShake_192fVerifyInternal(verifyingKey: FixedBuf<48>, message: WebBuf, signature: FixedBuf<35664>): boolean

slhDsaShake_192sKeyPair

function 
slhDsaShake_192sKeyPair(): SlhDsaKeyPair<48, 96>
slhDsaShake_192sKeyPair(skSeed: FixedBuf<24>, skPrf: FixedBuf<24>, pkSeed: FixedBuf<24>): SlhDsaKeyPair<48, 96>

slhDsaShake_192sKeyPairDeterministic

function 
slhDsaShake_192sKeyPairDeterministic(skSeed: FixedBuf<24>, skPrf: FixedBuf<24>, pkSeed: FixedBuf<24>): SlhDsaKeyPair<48, 96>

slhDsaShake_192sSign

function 
slhDsaShake_192sSign(signingKey: FixedBuf<96>, message: WebBuf, context?: WebBuf): FixedBuf<16224>

slhDsaShake_192sSignDeterministic

function 
slhDsaShake_192sSignDeterministic(signingKey: FixedBuf<96>, message: WebBuf, context?: WebBuf): FixedBuf<16224>

slhDsaShake_192sSignInternal

function 
slhDsaShake_192sSignInternal(signingKey: FixedBuf<96>, message: WebBuf, addrnd?: FixedBuf<24>): FixedBuf<16224>

slhDsaShake_192sVerify

function 
slhDsaShake_192sVerify(verifyingKey: FixedBuf<48>, message: WebBuf, signature: FixedBuf<16224>, context?: WebBuf): boolean

slhDsaShake_192sVerifyInternal

function 
slhDsaShake_192sVerifyInternal(verifyingKey: FixedBuf<48>, message: WebBuf, signature: FixedBuf<16224>): boolean

slhDsaShake_256fKeyPair

function 
slhDsaShake_256fKeyPair(): SlhDsaKeyPair<64, 128>
slhDsaShake_256fKeyPair(skSeed: FixedBuf<32>, skPrf: FixedBuf<32>, pkSeed: FixedBuf<32>): SlhDsaKeyPair<64, 128>

slhDsaShake_256fKeyPairDeterministic

function 
slhDsaShake_256fKeyPairDeterministic(skSeed: FixedBuf<32>, skPrf: FixedBuf<32>, pkSeed: FixedBuf<32>): SlhDsaKeyPair<64, 128>

slhDsaShake_256fSign

function 
slhDsaShake_256fSign(signingKey: FixedBuf<128>, message: WebBuf, context?: WebBuf): FixedBuf<49856>

slhDsaShake_256fSignDeterministic

function 
slhDsaShake_256fSignDeterministic(signingKey: FixedBuf<128>, message: WebBuf, context?: WebBuf): FixedBuf<49856>

slhDsaShake_256fSignInternal

function 
slhDsaShake_256fSignInternal(signingKey: FixedBuf<128>, message: WebBuf, addrnd?: FixedBuf<32>): FixedBuf<49856>

slhDsaShake_256fVerify

function 
slhDsaShake_256fVerify(verifyingKey: FixedBuf<64>, message: WebBuf, signature: FixedBuf<49856>, context?: WebBuf): boolean

slhDsaShake_256fVerifyInternal

function 
slhDsaShake_256fVerifyInternal(verifyingKey: FixedBuf<64>, message: WebBuf, signature: FixedBuf<49856>): boolean

slhDsaShake_256sKeyPair

function 
slhDsaShake_256sKeyPair(): SlhDsaKeyPair<64, 128>
slhDsaShake_256sKeyPair(skSeed: FixedBuf<32>, skPrf: FixedBuf<32>, pkSeed: FixedBuf<32>): SlhDsaKeyPair<64, 128>

slhDsaShake_256sKeyPairDeterministic

function 
slhDsaShake_256sKeyPairDeterministic(skSeed: FixedBuf<32>, skPrf: FixedBuf<32>, pkSeed: FixedBuf<32>): SlhDsaKeyPair<64, 128>

slhDsaShake_256sSign

function 
slhDsaShake_256sSign(signingKey: FixedBuf<128>, message: WebBuf, context?: WebBuf): FixedBuf<29792>

slhDsaShake_256sSignDeterministic

function 
slhDsaShake_256sSignDeterministic(signingKey: FixedBuf<128>, message: WebBuf, context?: WebBuf): FixedBuf<29792>

slhDsaShake_256sSignInternal

function 
slhDsaShake_256sSignInternal(signingKey: FixedBuf<128>, message: WebBuf, addrnd?: FixedBuf<32>): FixedBuf<29792>

slhDsaShake_256sVerify

function 
slhDsaShake_256sVerify(verifyingKey: FixedBuf<64>, message: WebBuf, signature: FixedBuf<29792>, context?: WebBuf): boolean

slhDsaShake_256sVerifyInternal

function 
slhDsaShake_256sVerifyInternal(verifyingKey: FixedBuf<64>, message: WebBuf, signature: FixedBuf<29792>): boolean

verify

function 
verify(signature: FixedBuf<64>, digest: FixedBuf<32>, publicKey: FixedBuf<33>): boolean

x25519PublicKeyCreate

function

Compute the X25519 public key (RFC 7748 §5) for a 32-byte private key. Accepts any 32 raw bytes; clamping per RFC 7748 §5 ("decodeScalar25519") is applied internally — callers do not need to pre-clamp.

x25519PublicKeyCreate(privKey: FixedBuf<32>): FixedBuf<32>

x25519SharedSecretRaw

function

Compute the raw 32-byte X25519 ECDH shared secret (RFC 7748 §6.1). Throws if the resulting shared secret is non-contributory — i.e. if the peer's public key is small-order. This protects hybrid encryption schemes from being collapsed to PQ-only by a malicious peer's small-order public key.

x25519SharedSecretRaw(privKey: FixedBuf<32>, pubKey: FixedBuf<32>): FixedBuf<32>

Classes

BufReader

class 
constructor(buf: WebBuf): BufReader
buf: WebBuf
pos: number
eof(): boolean
read(len: number): WebBuf
readFixed<N extends number>(len: N): FixedBuf<N>
readRemainder(): WebBuf
readU8(): U8
readU16BE(): U16BE
readU32BE(): U32BE
readU64BE(): U64BE
readU128BE(): U128BE
readU256BE(): U256BE
readVarIntBEBuf(): WebBuf
readVarIntU64BE(): U64BE

BufWriter

class 
constructor(bufs?: WebBuf[]): BufWriter
static varIntU64BEBuf(bn: U64BE): WebBuf
bufs: WebBuf[]
getLength(): number
toBuf(): WebBuf
write(buf: WebBuf): BufWriter
writeU8(u8: U8): BufWriter
writeU16BE(u16: U16BE): BufWriter
writeU32BE(u32: U32BE): BufWriter
writeU64BE(u64: U64BE): BufWriter
writeU128BE(u128: U128BE): BufWriter
writeU256BE(u256: U256BE): BufWriter
writeVarIntU64BE(u64: U64BE): BufWriter

FixedBuf

class 
constructor<N extends number>(size: N, buf: WebBuf): FixedBuf<N>
static fromBuf<N extends number>(size: N, buf: WebBuf): FixedBuf<N>
static alloc<N extends number>(size: N, fill?: number): FixedBuf<N>
static fromHex<N extends number>(size: N, hex: string): FixedBuf<N>
static fromBase64(size: number, base64: string): FixedBuf<number>
static fromBase32<N extends number>(size: N, str: string, options?: Base32Options): FixedBuf<N>
static fromRandom<N extends number>(size: N): FixedBuf<N>
buf: WebBuf
toHex(): string
toBase64(): string
toBase32(options?: Base32Options): string
clone(): FixedBuf<N>
toReverse(): FixedBuf<N>
wipe(): void

FixedNum

class 
constructor<N extends number>(buf: FixedBuf<N>): FixedNum<N>
buf: FixedBuf<N>
toBn(): bigint
add(other: FixedNum<N>): FixedNum<N>
sub(other: FixedNum<N>): FixedNum<N>
mul(other: FixedNum<N>): FixedNum<N>
div(other: FixedNum<N>): FixedNum<N>
toBEBuf(): FixedBuf<N>
toLEBuf(): FixedBuf<N>
toHex(): string
n: number
bn: bigint

U128BE

class 
constructor(buf: FixedBuf<16> | number | bigint): U128BE
static fromBn(bn: bigint): U128BE
static fromN(n: number): U128BE
static fromBEBuf(buf: FixedBuf<16> | WebBuf): U128BE
static fromLEBuf(buf: FixedBuf<16> | WebBuf): U128BE
static fromHex(hex: string): U128BE
toBn(): bigint
add(other: U128BE): U128BE
sub(other: U128BE): U128BE
mul(other: U128BE): U128BE
div(other: U128BE): U128BE
toBEBuf(): FixedBuf<16>
toLEBuf(): FixedBuf<16>
toHex(): string
n: number
bn: bigint
buf: FixedBuf<16>

U128LE

class 
constructor(buf: FixedBuf<16> | number | bigint): U128LE
static fromBn(bn: bigint): U128LE
static fromN(n: number): U128LE
static fromBEBuf(buf: FixedBuf<16> | WebBuf): U128LE
static fromLEBuf(buf: FixedBuf<16> | WebBuf): U128LE
static fromHex(hex: string): U128LE
toBn(): bigint
add(other: U128LE): U128LE
sub(other: U128LE): U128LE
mul(other: U128LE): U128LE
div(other: U128LE): U128LE
toBEBuf(): FixedBuf<16>
toLEBuf(): FixedBuf<16>
toHex(): string
n: number
bn: bigint
buf: FixedBuf<16>

U16BE

class 
constructor(buf: FixedBuf<2> | number | bigint): U16BE
static fromBn(bn: bigint): U16BE
static fromN(n: number): U16BE
static fromBEBuf(buf: FixedBuf<2> | WebBuf): U16BE
static fromLEBuf(buf: FixedBuf<2> | WebBuf): U16BE
static fromHex(hex: string): U16BE
toBn(): bigint
add(other: U16BE): U16BE
sub(other: U16BE): U16BE
mul(other: U16BE): U16BE
div(other: U16BE): U16BE
toBEBuf(): FixedBuf<2>
toLEBuf(): FixedBuf<2>
toHex(): string
n: number
bn: bigint
buf: FixedBuf<2>

U16LE

class 
constructor(buf: FixedBuf<2> | number | bigint): U16LE
static fromBn(bn: bigint): U16LE
static fromN(n: number): U16LE
static fromBEBuf(buf: FixedBuf<2> | WebBuf): U16LE
static fromLEBuf(buf: FixedBuf<2> | WebBuf): U16LE
static fromHex(hex: string): U16LE
toBn(): bigint
add(other: U16LE): U16LE
sub(other: U16LE): U16LE
mul(other: U16LE): U16LE
div(other: U16LE): U16LE
toBEBuf(): FixedBuf<2>
toLEBuf(): FixedBuf<2>
toHex(): string
n: number
bn: bigint
buf: FixedBuf<2>

U256BE

class 
constructor(buf: FixedBuf<32> | number | bigint): U256BE
static fromBn(bn: bigint): U256BE
static fromN(n: number): U256BE
static fromBEBuf(buf: FixedBuf<32> | WebBuf): U256BE
static fromLEBuf(buf: FixedBuf<32> | WebBuf): U256BE
static fromHex(hex: string): U256BE
toBn(): bigint
add(other: U256BE): U256BE
sub(other: U256BE): U256BE
mul(other: U256BE): U256BE
div(other: U256BE): U256BE
toBEBuf(): FixedBuf<32>
toLEBuf(): FixedBuf<32>
toHex(): string
n: number
bn: bigint
buf: FixedBuf<32>

U256LE

class 
constructor(buf: FixedBuf<32> | number | bigint): U256LE
static fromBn(bn: bigint): U256LE
static fromN(n: number): U256LE
static fromBEBuf(buf: FixedBuf<32> | WebBuf): U256LE
static fromLEBuf(buf: FixedBuf<32> | WebBuf): U256LE
static fromHex(hex: string): U256LE
toBn(): bigint
add(other: U256LE): U256LE
sub(other: U256LE): U256LE
mul(other: U256LE): U256LE
div(other: U256LE): U256LE
toBEBuf(): FixedBuf<32>
toLEBuf(): FixedBuf<32>
toHex(): string
n: number
bn: bigint
buf: FixedBuf<32>

U32BE

class 
constructor(buf: FixedBuf<4> | number | bigint): U32BE
static fromBn(bn: bigint): U32BE
static fromN(n: number): U32BE
static fromBEBuf(buf: FixedBuf<4> | WebBuf): U32BE
static fromLEBuf(buf: FixedBuf<4> | WebBuf): U32BE
static fromHex(hex: string): U32BE
toBn(): bigint
add(other: U32BE): U32BE
sub(other: U32BE): U32BE
mul(other: U32BE): U32BE
div(other: U32BE): U32BE
toBEBuf(): FixedBuf<4>
toLEBuf(): FixedBuf<4>
toHex(): string
n: number
bn: bigint
buf: FixedBuf<4>

U32LE

class 
constructor(buf: FixedBuf<4> | number | bigint): U32LE
static fromBn(bn: bigint): U32LE
static fromN(n: number): U32LE
static fromBEBuf(buf: FixedBuf<4> | WebBuf): U32LE
static fromLEBuf(buf: FixedBuf<4> | WebBuf): U32LE
static fromHex(hex: string): U32LE
toBn(): bigint
add(other: U32LE): U32LE
sub(other: U32LE): U32LE
mul(other: U32LE): U32LE
div(other: U32LE): U32LE
toBEBuf(): FixedBuf<4>
toLEBuf(): FixedBuf<4>
toHex(): string
n: number
bn: bigint
buf: FixedBuf<4>

U64BE

class 
constructor(buf: FixedBuf<8> | number | bigint): U64BE
static fromBn(bn: bigint): U64BE
static fromN(n: number): U64BE
static fromBEBuf(buf: FixedBuf<8> | WebBuf): U64BE
static fromLEBuf(buf: FixedBuf<8> | WebBuf): U64BE
static fromHex(hex: string): U64BE
toBn(): bigint
add(other: U64BE): U64BE
sub(other: U64BE): U64BE
mul(other: U64BE): U64BE
div(other: U64BE): U64BE
toBEBuf(): FixedBuf<8>
toLEBuf(): FixedBuf<8>
toHex(): string
n: number
bn: bigint
buf: FixedBuf<8>

U64LE

class 
constructor(buf: FixedBuf<8> | number | bigint): U64LE
static fromBn(bn: bigint): U64LE
static fromN(n: number): U64LE
static fromBEBuf(buf: FixedBuf<8> | WebBuf): U64LE
static fromLEBuf(buf: FixedBuf<8> | WebBuf): U64LE
static fromHex(hex: string): U64LE
toBn(): bigint
add(other: U64LE): U64LE
sub(other: U64LE): U64LE
mul(other: U64LE): U64LE
div(other: U64LE): U64LE
toBEBuf(): FixedBuf<8>
toLEBuf(): FixedBuf<8>
toHex(): string
n: number
bn: bigint
buf: FixedBuf<8>

U8

class 
constructor(buf: FixedBuf<1> | number | bigint): U8
static fromBn(bn: bigint): U8
static fromN(n: number): U8
static fromBEBuf(buf: FixedBuf<1> | WebBuf): U8
static fromLEBuf(buf: FixedBuf<1> | WebBuf): U8
static fromHex(hex: string): U8
toBn(): bigint
add(other: U8): U8
sub(other: U8): U8
mul(other: U8): U8
div(other: U8): U8
toBEBuf(): FixedBuf<1>
toLEBuf(): FixedBuf<1>
toHex(): string
n: number
bn: bigint
buf: FixedBuf<1>

WebBuf

class 
constructor(length: number): WebBuf
constructor(array: ArrayLike<number>): WebBuf
constructor(buffer: ArrayBuffer, byteOffset?: number, length?: number): WebBuf
constructor(buffer: ArrayBuffer, byteOffset?: number, length?: number): WebBuf
constructor(array: ArrayLike<number> | ArrayBuffer): WebBuf
constructor(elements: Iterable<number>): WebBuf
constructor(): WebBuf
static concat(list: Uint8Array[]): WebBuf
static alloc(size: number, fill?: number): WebBuf
static view(buffer: Uint8Array): WebBuf
static fromUint8Array(buffer: Uint8Array): WebBuf
static fromArray(array: number[]): WebBuf
static fromUtf8(str: string): WebBuf
static fromString(str: string, encoding?: "utf8" | "hex" | "base64"): WebBuf
static FROM_BASE64_ALGO_THRESHOLD: number
static TO_BASE64_ALGO_THRESHOLD: number
static FROM_HEX_ALGO_THRESHOLD: number
static TO_HEX_ALGO_THRESHOLD: number
static fromHexPureJs(hex: string): WebBuf
static fromHexWasm(hex: string): WebBuf
static fromHex(hex: string): WebBuf
static fromBase64PureJs(b64: string, stripWhitespace?: boolean): WebBuf
static fromBase64Wasm(b64: string, stripWhitespace?: boolean): WebBuf
static fromBase64(b64: string, stripWhitespace?: boolean): WebBuf
static fromBase32(str: string, options?: Base32Options): WebBuf
static from(source: ArrayLike<number> | Iterable<number> | string, mapFn?: ((v: number, k: number) => number) | string, thisArg?: unknown): WebBuf
static compare(buf1: WebBuf, buf2: WebBuf): number
fill(value: number, start?: number, end?: number): WebBuf
slice(start?: number, end?: number): WebBuf
subarray(start?: number, end?: number): WebBuf
reverse(): WebBuf
clone(): WebBuf
toReverse(): WebBuf
copy(target: WebBuf, targetStart?: number, sourceStart?: number, sourceEnd?: number): number
toHexPureJs(): string
toHexWasm(): string
toHex(): string
toBase64PureJs(): string
toBase64Wasm(): string
toBase64(): string
toBase32(options?: Base32Options): string
toUtf8(): string
toString(encoding?: "utf8" | "hex" | "base64"): string
inspect(): string
toArray(): number[]
compare(other: WebBuf): number
equals(other: WebBuf): boolean
write(buf: WebBuf, offset?: number): number
read(offset: number, ext: number): WebBuf
wipe(): void

Interfaces

Base32Options

interface

Options for base32 encoding/decoding

alphabet: Base32Alphabet
padding: boolean

MlDsaKeyPair

interface 
verifyingKey: FixedBuf<VkSize>
signingKey: FixedBuf<SkSize>

MlKemEncapResult

interface 
ciphertext: FixedBuf<CtSize>
sharedSecret: FixedBuf<SsSize>

MlKemKeyPair

interface 
encapsulationKey: FixedBuf<EkSize>
decapsulationKey: FixedBuf<DkSize>

P256PrivateKeyJwk

interface

JWK representation of a P-256 private key, suitable for `crypto.subtle.importKey("jwk", jwk, ...)`. Includes the public key coordinates (`x`, `y`) as required by Web Crypto.

d: string
kty: "EC"
crv: "P-256"
x: string
y: string

P256PublicKeyJwk

interface

JWK representation of a P-256 public key, suitable for `crypto.subtle.importKey("jwk", jwk, ...)`.

kty: "EC"
crv: "P-256"
x: string
y: string

SlhDsaKeyPair

interface 
verifyingKey: FixedBuf<VkSize>
signingKey: FixedBuf<SkSize>

Type aliases

Base32Alphabet

type

Base32 alphabet types matching the Rust base32 crate

type Base32Alphabet = any