/**
 * Key Derivation Function (KDF) Module
 *
 * Provides a unified interface for key derivation supporting both:
 * - Legacy PBKDF2 (v1)
 * - Modern Argon2id with Two-Secret Key Derivation (v2)
 *
 * Issue #1649
 */
import type { KdfConfig, KdfResult } from "./types";
export * from "./types";
export { base64ToUint8Array, uint8ArrayToBase64, xorBytes, normalizePassword, generateRandomBytes, generateSalt, constantTimeEqual, } from "./utils";
export { derivePbkdf2 } from "./pbkdf2";
export { deriveArgon2id, setArgon2Module, isArgon2Available, createArgon2idConfig, } from "./argon2";
export { deriveTwoSecretKdf, isValidLocalSecret } from "./twoSecretKdf";
/**
 * Derive a key using the appropriate KDF based on configuration
 *
 * This is the main entry point for key derivation. It automatically
 * selects the correct algorithm based on the config.
 *
 * @param password - User's password
 * @param config - KDF configuration from Cognito attributes
 * @param localSecret - Optional LocalSecret for 2SKD (required for Argon2id with requires_local_secret)
 * @returns KdfResult containing the derived key
 * @throws LocalSecretRequiredError if LocalSecret is required but not provided
 * @throws UnknownKdfAlgorithmError if the algorithm is not recognized
 */
export declare function deriveKey(password: string, config: KdfConfig, localSecret?: Uint8Array | null): Promise<KdfResult>;
/**
 * Check if a KDF configuration requires LocalSecret
 *
 * @param config - KDF configuration
 * @returns true if LocalSecret is required
 */
export declare function requiresLocalSecret(config: KdfConfig): boolean;
/**
 * Get the KDF version from configuration
 *
 * @param config - KDF configuration
 * @returns Version number (1 for PBKDF2, 2 for Argon2id with 2SKD)
 */
export declare function getKdfVersion(config: KdfConfig): number;