@agentunion/fastaun-browser 0.2.20 → 0.3.0

package/dist/v2/crypto/aead.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"aead.d.ts","sourceRoot":"","sources":["../../../src/v2/crypto/aead.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH;;;;GAIG;AACH,wBAAsB,aAAa,CACjC,GAAG,EAAE,UAAU,EACf,KAAK,EAAE,UAAU,EACjB,SAAS,EAAE,UAAU,EACrB,GAAG,EAAE,UAAU,GACd,OAAO,CAAC;IAAE,UAAU,EAAE,UAAU,CAAC;IAAC,GAAG,EAAE,UAAU,CAAA;CAAE,CAAC,CA8BtD;AAED;;GAEG;AACH,wBAAsB,aAAa,CACjC,GAAG,EAAE,UAAU,EACf,KAAK,EAAE,UAAU,EACjB,UAAU,EAAE,UAAU,EACtB,GAAG,EAAE,UAAU,EACf,GAAG,EAAE,UAAU,GACd,OAAO,CAAC,UAAU,CAAC,CA6BrB"}

package/dist/v2/crypto/aead.js

@@ -0,0 +1,63 @@
+/**
+ * AUN E2EE V2: AES-256-GCM AEAD
+ *
+ * 规范引用: §3.3 / §5.1
+ * - key:   32 字节
+ * - nonce: 12 字节（不可重用）
+ * - tag:   16 字节
+ *
+ * 浏览器实现：使用 WebCrypto subtle.encrypt/decrypt('AES-GCM').
+ * - WebCrypto 输出 ciphertext || tag(16B)，与 Python cryptography / Node crypto 一致。
+ * - 解密时需要将 ciphertext 与 tag 拼接成单一 buffer 传入 decrypt。
+ */
+const TAG_LENGTH = 16;
+/**
+ * AES-256-GCM 加密。
+ *
+ * @returns { ciphertext, tag } — 分离形式
+ */
+export async function aesGcmEncrypt(key, nonce, plaintext, aad) {
+    if (key.length !== 32)
+        throw new Error(`AES-256-GCM key must be 32 bytes, got ${key.length}`);
+    if (nonce.length !== 12)
+        throw new Error(`AES-GCM nonce must be 12 bytes, got ${nonce.length}`);
+    const cryptoKey = await crypto.subtle.importKey('raw', key.slice().buffer, { name: 'AES-GCM' }, false, ['encrypt']);
+    const ctWithTag = await crypto.subtle.encrypt({
+        name: 'AES-GCM',
+        iv: nonce.slice().buffer,
+        additionalData: aad.slice().buffer,
+        tagLength: TAG_LENGTH * 8,
+    }, cryptoKey, plaintext.slice().buffer);
+    const buf = new Uint8Array(ctWithTag);
+    if (buf.length < TAG_LENGTH) {
+        throw new Error(`AES-GCM output too short: ${buf.length}`);
+    }
+    // copy 出独立缓冲区，避免对外暴露 subarray 视图导致后续 slice 行为出乎意料
+    const ciphertext = buf.slice(0, buf.length - TAG_LENGTH);
+    const tag = buf.slice(buf.length - TAG_LENGTH);
+    return { ciphertext, tag };
+}
+/**
+ * AES-256-GCM 解密。
+ */
+export async function aesGcmDecrypt(key, nonce, ciphertext, tag, aad) {
+    if (key.length !== 32)
+        throw new Error(`AES-256-GCM key must be 32 bytes, got ${key.length}`);
+    if (nonce.length !== 12)
+        throw new Error(`AES-GCM nonce must be 12 bytes, got ${nonce.length}`);
+    if (tag.length !== TAG_LENGTH) {
+        throw new Error(`AES-GCM tag must be 16 bytes, got ${tag.length}`);
+    }
+    const ctWithTag = new Uint8Array(ciphertext.length + tag.length);
+    ctWithTag.set(ciphertext, 0);
+    ctWithTag.set(tag, ciphertext.length);
+    const cryptoKey = await crypto.subtle.importKey('raw', key.slice().buffer, { name: 'AES-GCM' }, false, ['decrypt']);
+    const pt = await crypto.subtle.decrypt({
+        name: 'AES-GCM',
+        iv: nonce.slice().buffer,
+        additionalData: aad.slice().buffer,
+        tagLength: TAG_LENGTH * 8,
+    }, cryptoKey, ctWithTag.buffer);
+    return new Uint8Array(pt);
+}
+//# sourceMappingURL=aead.js.map

package/dist/v2/crypto/aead.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aead.js","sourceRoot":"","sources":["../../../src/v2/crypto/aead.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,MAAM,UAAU,GAAG,EAAE,CAAC;AAEtB;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,GAAe,EACf,KAAiB,EACjB,SAAqB,EACrB,GAAe;IAEf,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,yCAAyC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC9F,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IAEhG,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC7C,KAAK,EACL,GAAG,CAAC,KAAK,EAAE,CAAC,MAAM,EAClB,EAAE,IAAI,EAAE,SAAS,EAAE,EACnB,KAAK,EACL,CAAC,SAAS,CAAC,CACZ,CAAC;IACF,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAC3C;QACE,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,MAAM;QACxB,cAAc,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,MAAM;QAClC,SAAS,EAAE,UAAU,GAAG,CAAC;KAC1B,EACD,SAAS,EACT,SAAS,CAAC,KAAK,EAAE,CAAC,MAAM,CACzB,CAAC;IAEF,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;IACtC,IAAI,GAAG,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,6BAA6B,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7D,CAAC;IACD,kDAAkD;IAClD,MAAM,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,GAAG,UAAU,CAAC,CAAC;IACzD,MAAM,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,GAAG,UAAU,CAAC,CAAC;IAC/C,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,GAAe,EACf,KAAiB,EACjB,UAAsB,EACtB,GAAe,EACf,GAAe;IAEf,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,yCAAyC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC9F,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IAChG,IAAI,GAAG,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,qCAAqC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;IACjE,SAAS,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;IAC7B,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;IAEtC,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC7C,KAAK,EACL,GAAG,CAAC,KAAK,EAAE,CAAC,MAAM,EAClB,EAAE,IAAI,EAAE,SAAS,EAAE,EACnB,KAAK,EACL,CAAC,SAAS,CAAC,CACZ,CAAC;IACF,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CACpC;QACE,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,MAAM;QACxB,cAAc,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,MAAM;QAClC,SAAS,EAAE,UAAU,GAAG,CAAC;KAC1B,EACD,SAAS,EACT,SAAS,CAAC,MAAM,CACjB,CAAC;IACF,OAAO,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;AAC5B,CAAC"}

package/dist/v2/crypto/canonical.d.ts

@@ -0,0 +1,21 @@
+/**
+ * AUN E2EE V2: Canonical JSON 序列化
+ *
+ * 规范引用: §10.2
+ * 规则:
+ * - 键递归字典序排序
+ * - UTF-8 直出（非 ASCII 不转义）
+ * - 数值无前导零、不科学计数法
+ * - 字符串最小转义（仅 " \\ \b \f \n \r \t，其它控制字符 \u00XX）
+ * - 无空格分隔（紧凑格式）
+ * - null / true / false 字面
+ * - 数组顺序保留（不排序）
+ *
+ * 输出: UTF-8 编码的 Uint8Array
+ */
+/**
+ * 将任意 JS 值序列化为 Canonical JSON 的 UTF-8 字节。
+ * 所有 SDK 的输出必须字节级一致。
+ */
+export declare function canonicalJson(obj: unknown): Uint8Array;
+//# sourceMappingURL=canonical.d.ts.map

package/dist/v2/crypto/canonical.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"canonical.d.ts","sourceRoot":"","sources":["../../../src/v2/crypto/canonical.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAIH;;;GAGG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,OAAO,GAAG,UAAU,CAEtD"}

package/dist/v2/crypto/canonical.js

@@ -0,0 +1,111 @@
+/**
+ * AUN E2EE V2: Canonical JSON 序列化
+ *
+ * 规范引用: §10.2
+ * 规则:
+ * - 键递归字典序排序
+ * - UTF-8 直出（非 ASCII 不转义）
+ * - 数值无前导零、不科学计数法
+ * - 字符串最小转义（仅 " \\ \b \f \n \r \t，其它控制字符 \u00XX）
+ * - 无空格分隔（紧凑格式）
+ * - null / true / false 字面
+ * - 数组顺序保留（不排序）
+ *
+ * 输出: UTF-8 编码的 Uint8Array
+ */
+const encoder = new TextEncoder();
+/**
+ * 将任意 JS 值序列化为 Canonical JSON 的 UTF-8 字节。
+ * 所有 SDK 的输出必须字节级一致。
+ */
+export function canonicalJson(obj) {
+    return encoder.encode(serialize(obj));
+}
+function serialize(obj) {
+    if (obj === null)
+        return 'null';
+    if (obj === true)
+        return 'true';
+    if (obj === false)
+        return 'false';
+    if (typeof obj === 'number') {
+        return serializeNumber(obj);
+    }
+    if (typeof obj === 'string') {
+        return serializeString(obj);
+    }
+    if (Array.isArray(obj)) {
+        return serializeArray(obj);
+    }
+    if (typeof obj === 'object') {
+        return serializeObject(obj);
+    }
+    throw new TypeError(`canonicalJson: unsupported type ${typeof obj}`);
+}
+function serializeNumber(n) {
+    if (!isFinite(n)) {
+        throw new RangeError('canonicalJson: Infinity and NaN not allowed');
+    }
+    if (Number.isInteger(n)) {
+        // 整数：直接 toString，无前导零、无科学计数法（安全整数范围内）
+        return n.toString(10);
+    }
+    // 浮点数：确保不使用科学计数法
+    let s = String(n);
+    if (s.includes('e') || s.includes('E')) {
+        // 科学计数法 → 转为定点
+        s = n.toFixed(20).replace(/0+$/, '');
+        if (s.endsWith('.')) {
+            s += '0';
+        }
+    }
+    return s;
+}
+function serializeString(s) {
+    let result = '"';
+    for (let i = 0; i < s.length; i++) {
+        const ch = s[i];
+        const code = s.charCodeAt(i);
+        if (ch === '"') {
+            result += '\\"';
+        }
+        else if (ch === '\\') {
+            result += '\\\\';
+        }
+        else if (ch === '\b') {
+            result += '\\b';
+        }
+        else if (ch === '\f') {
+            result += '\\f';
+        }
+        else if (ch === '\n') {
+            result += '\\n';
+        }
+        else if (ch === '\r') {
+            result += '\\r';
+        }
+        else if (ch === '\t') {
+            result += '\\t';
+        }
+        else if (code < 0x20) {
+            // 其它控制字符用 \u00XX
+            result += '\\u' + code.toString(16).padStart(4, '0');
+        }
+        else {
+            // 非 ASCII 直出（UTF-8 直出）
+            result += ch;
+        }
+    }
+    result += '"';
+    return result;
+}
+function serializeArray(arr) {
+    const items = arr.map((item) => serialize(item));
+    return '[' + items.join(',') + ']';
+}
+function serializeObject(obj) {
+    const sortedKeys = Object.keys(obj).sort();
+    const pairs = sortedKeys.map((key) => serializeString(key) + ':' + serialize(obj[key]));
+    return '{' + pairs.join(',') + '}';
+}
+//# sourceMappingURL=canonical.js.map

package/dist/v2/crypto/canonical.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"canonical.js","sourceRoot":"","sources":["../../../src/v2/crypto/canonical.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;AAElC;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,GAAY;IACxC,OAAO,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,SAAS,CAAC,GAAY;IAC7B,IAAI,GAAG,KAAK,IAAI;QAAE,OAAO,MAAM,CAAC;IAChC,IAAI,GAAG,KAAK,IAAI;QAAE,OAAO,MAAM,CAAC;IAChC,IAAI,GAAG,KAAK,KAAK;QAAE,OAAO,OAAO,CAAC;IAElC,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,eAAe,CAAC,GAAG,CAAC,CAAC;IAC9B,CAAC;IACD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,eAAe,CAAC,GAAG,CAAC,CAAC;IAC9B,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,cAAc,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IACD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,eAAe,CAAC,GAA8B,CAAC,CAAC;IACzD,CAAC;IACD,MAAM,IAAI,SAAS,CAAC,mCAAmC,OAAO,GAAG,EAAE,CAAC,CAAC;AACvE,CAAC;AAED,SAAS,eAAe,CAAC,CAAS;IAChC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;QACjB,MAAM,IAAI,UAAU,CAAC,6CAA6C,CAAC,CAAC;IACtE,CAAC;IACD,IAAI,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;QACxB,sCAAsC;QACtC,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IACxB,CAAC;IACD,iBAAiB;IACjB,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IAClB,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACvC,eAAe;QACf,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACrC,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACpB,CAAC,IAAI,GAAG,CAAC;QACX,CAAC;IACH,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,eAAe,CAAC,CAAS;IAChC,IAAI,MAAM,GAAG,GAAG,CAAC;IACjB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAChB,MAAM,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAE7B,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC;QAClB,CAAC;aAAM,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;YACvB,MAAM,IAAI,MAAM,CAAC;QACnB,CAAC;aAAM,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC;QAClB,CAAC;aAAM,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC;QAClB,CAAC;aAAM,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC;QAClB,CAAC;aAAM,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC;QAClB,CAAC;aAAM,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC;QAClB,CAAC;aAAM,IAAI,IAAI,GAAG,IAAI,EAAE,CAAC;YACvB,iBAAiB;YACjB,MAAM,IAAI,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACvD,CAAC;aAAM,CAAC;YACN,uBAAuB;YACvB,MAAM,IAAI,EAAE,CAAC;QACf,CAAC;IACH,CAAC;IACD,MAAM,IAAI,GAAG,CAAC;IACd,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,cAAc,CAAC,GAAc;IACpC,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;IACjD,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;AACrC,CAAC;AAED,SAAS,eAAe,CAAC,GAA4B;IACnD,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAC3C,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAC1B,CAAC,GAAG,EAAE,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,GAAG,GAAG,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAC1D,CAAC;IACF,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;AACrC,CAAC"}

package/dist/v2/crypto/dh-path.d.ts

@@ -0,0 +1,21 @@
+export declare const INFO_3DH: Uint8Array<ArrayBuffer>;
+export declare const INFO_1DH: Uint8Array<ArrayBuffer>;
+export declare const WRAP_KEY_LENGTH = 32;
+/**
+ * 计算 3DH wrap_key。
+ *
+ * - DH1 = ECDH(sender_session_priv, recv_ik_pub)
+ * - DH2 = ECDH(sender_master_priv,  recv_spk_pub)
+ * - DH3 = ECDH(sender_session_priv, recv_spk_pub)
+ * - ikm = DH1 || DH2 || DH3 (96B)
+ * - wrap_key = HKDF-SHA256(ikm, salt, "AUN-V2-3DH", 32)
+ */
+export declare function compute3DHWrap(senderSessionPriv: Uint8Array, senderMasterPriv: Uint8Array, recvIKPub: Uint8Array, recvSPKPub: Uint8Array, salt: Uint8Array): Promise<Uint8Array>;
+/**
+ * 计算 1DH wrap_key。
+ *
+ * - DH1 = ECDH(sender_session_priv, recv_ik_pub)
+ * - wrap_key = HKDF-SHA256(DH1, salt, "AUN-V2-1DH", 32)
+ */
+export declare function compute1DHWrap(senderSessionPriv: Uint8Array, recvIKPub: Uint8Array, salt: Uint8Array): Promise<Uint8Array>;
+//# sourceMappingURL=dh-path.d.ts.map

package/dist/v2/crypto/dh-path.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dh-path.d.ts","sourceRoot":"","sources":["../../../src/v2/crypto/dh-path.ts"],"names":[],"mappings":"AAYA,eAAO,MAAM,QAAQ,yBAAyC,CAAC;AAC/D,eAAO,MAAM,QAAQ,yBAAyC,CAAC;AAC/D,eAAO,MAAM,eAAe,KAAK,CAAC;AAElC;;;;;;;;GAQG;AACH,wBAAsB,cAAc,CAClC,iBAAiB,EAAE,UAAU,EAC7B,gBAAgB,EAAE,UAAU,EAC5B,SAAS,EAAE,UAAU,EACrB,UAAU,EAAE,UAAU,EACtB,IAAI,EAAE,UAAU,GACf,OAAO,CAAC,UAAU,CAAC,CAcrB;AAED;;;;;GAKG;AACH,wBAAsB,cAAc,CAClC,iBAAiB,EAAE,UAAU,EAC7B,SAAS,EAAE,UAAU,EACrB,IAAI,EAAE,UAAU,GACf,OAAO,CAAC,UAAU,CAAC,CAMrB"}

package/dist/v2/crypto/dh-path.js

@@ -0,0 +1,50 @@
+/**
+ * AUN E2EE V2: DH 派生路径
+ *
+ * 规范引用: §3.1 / §5.2
+ * - 1DH: ECDH(sender_session_priv, recv_ik_pub) → HKDF
+ * - 3DH: 三个 ECDH 拼接 → HKDF
+ *
+ * 浏览器实现：组合 ecdh.ts + hkdf.ts。
+ */
+import { ecdhComputeShared } from './ecdh';
+import { hkdfSha256 } from './hkdf';
+export const INFO_3DH = new TextEncoder().encode('AUN-V2-3DH');
+export const INFO_1DH = new TextEncoder().encode('AUN-V2-1DH');
+export const WRAP_KEY_LENGTH = 32;
+/**
+ * 计算 3DH wrap_key。
+ *
+ * - DH1 = ECDH(sender_session_priv, recv_ik_pub)
+ * - DH2 = ECDH(sender_master_priv,  recv_spk_pub)
+ * - DH3 = ECDH(sender_session_priv, recv_spk_pub)
+ * - ikm = DH1 || DH2 || DH3 (96B)
+ * - wrap_key = HKDF-SHA256(ikm, salt, "AUN-V2-3DH", 32)
+ */
+export async function compute3DHWrap(senderSessionPriv, senderMasterPriv, recvIKPub, recvSPKPub, salt) {
+    const dh1 = await ecdhComputeShared(senderSessionPriv, recvIKPub);
+    const dh2 = await ecdhComputeShared(senderMasterPriv, recvSPKPub);
+    const dh3 = await ecdhComputeShared(senderSessionPriv, recvSPKPub);
+    if (dh1.length !== 32 || dh2.length !== 32 || dh3.length !== 32) {
+        throw new Error(`3DH expected 32B shares, got dh1=${dh1.length} dh2=${dh2.length} dh3=${dh3.length}`);
+    }
+    const ikm = new Uint8Array(96);
+    ikm.set(dh1, 0);
+    ikm.set(dh2, 32);
+    ikm.set(dh3, 64);
+    return hkdfSha256(ikm, salt, INFO_3DH, WRAP_KEY_LENGTH);
+}
+/**
+ * 计算 1DH wrap_key。
+ *
+ * - DH1 = ECDH(sender_session_priv, recv_ik_pub)
+ * - wrap_key = HKDF-SHA256(DH1, salt, "AUN-V2-1DH", 32)
+ */
+export async function compute1DHWrap(senderSessionPriv, recvIKPub, salt) {
+    const dh1 = await ecdhComputeShared(senderSessionPriv, recvIKPub);
+    if (dh1.length !== 32) {
+        throw new Error(`1DH expected 32B share, got ${dh1.length}`);
+    }
+    return hkdfSha256(dh1, salt, INFO_1DH, WRAP_KEY_LENGTH);
+}
+//# sourceMappingURL=dh-path.js.map

package/dist/v2/crypto/dh-path.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dh-path.js","sourceRoot":"","sources":["../../../src/v2/crypto/dh-path.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AACH,OAAO,EAAE,iBAAiB,EAAE,MAAM,QAAQ,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAEpC,MAAM,CAAC,MAAM,QAAQ,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;AAC/D,MAAM,CAAC,MAAM,QAAQ,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;AAC/D,MAAM,CAAC,MAAM,eAAe,GAAG,EAAE,CAAC;AAElC;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,iBAA6B,EAC7B,gBAA4B,EAC5B,SAAqB,EACrB,UAAsB,EACtB,IAAgB;IAEhB,MAAM,GAAG,GAAG,MAAM,iBAAiB,CAAC,iBAAiB,EAAE,SAAS,CAAC,CAAC;IAClE,MAAM,GAAG,GAAG,MAAM,iBAAiB,CAAC,gBAAgB,EAAE,UAAU,CAAC,CAAC;IAClE,MAAM,GAAG,GAAG,MAAM,iBAAiB,CAAC,iBAAiB,EAAE,UAAU,CAAC,CAAC;IACnE,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CACb,oCAAoC,GAAG,CAAC,MAAM,QAAQ,GAAG,CAAC,MAAM,QAAQ,GAAG,CAAC,MAAM,EAAE,CACrF,CAAC;IACJ,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAC/B,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IAChB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IACjB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IACjB,OAAO,UAAU,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,eAAe,CAAC,CAAC;AAC1D,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,iBAA6B,EAC7B,SAAqB,EACrB,IAAgB;IAEhB,MAAM,GAAG,GAAG,MAAM,iBAAiB,CAAC,iBAAiB,EAAE,SAAS,CAAC,CAAC;IAClE,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,+BAA+B,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC/D,CAAC;IACD,OAAO,UAAU,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,eAAe,CAAC,CAAC;AAC1D,CAAC"}

package/dist/v2/crypto/ecdh.d.ts

@@ -0,0 +1,19 @@
+/**
+ * 计算 ECDH 共享秘密（P-256 X 坐标，32 字节）。
+ *
+ * @param privateKeyScalar 私钥标量（32 字节 big-endian）
+ * @param peerPublicKeyDer 对端公钥（DER SubjectPublicKeyInfo 编码）
+ * @returns 32 字节共享秘密（椭圆曲线点 X 坐标）
+ */
+export declare function ecdhComputeShared(privateKeyScalar: Uint8Array, peerPublicKeyDer: Uint8Array): Promise<Uint8Array>;
+/**
+ * 生成 P-256 密钥对。
+ *
+ * @returns [privateKeyScalar 32B, publicKeyDer SubjectPublicKeyInfo]
+ */
+export declare function generateP256Keypair(): Promise<[Uint8Array, Uint8Array]>;
+/**
+ * 从私钥标量导出公钥 DER (SubjectPublicKeyInfo)。
+ */
+export declare function privateToPublicDer(privateKeyScalar: Uint8Array): Promise<Uint8Array>;
+//# sourceMappingURL=ecdh.d.ts.map

package/dist/v2/crypto/ecdh.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ecdh.d.ts","sourceRoot":"","sources":["../../../src/v2/crypto/ecdh.ts"],"names":[],"mappings":"AA0CA;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,gBAAgB,EAAE,UAAU,EAC5B,gBAAgB,EAAE,UAAU,GAC3B,OAAO,CAAC,UAAU,CAAC,CA6CrB;AAED;;;;GAIG;AACH,wBAAsB,mBAAmB,IAAI,OAAO,CAAC,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC,CAe7E;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CAAC,gBAAgB,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAgB1F"}

package/dist/v2/crypto/ecdh.js

@@ -0,0 +1,101 @@
+/**
+ * AUN E2EE V2: ECDH P-256
+ *
+ * 规范引用: §3.1
+ * - 曲线: P-256 (secp256r1)
+ * - 输出: 椭圆曲线点 X 坐标字节（32 字节，无前缀）
+ *
+ * 浏览器实现：使用 WebCrypto (crypto.subtle) 完成 ECDH 派生。
+ * - 私钥输入是 32 字节 raw scalar，借助 @noble/curves 推算公钥点 (X, Y)，
+ *   然后构造 JWK 格式导入 WebCrypto。
+ * - 公钥输入是 DER SubjectPublicKeyInfo，直接走 spki 导入。
+ * - deriveBits(256) 返回 32 字节 X 坐标，与 Python cryptography 库行为一致。
+ */
+import { p256 } from '@noble/curves/nist.js';
+/** base64url（无 padding）编码，用于 JWK 字段 */
+function bytesToB64Url(bytes) {
+    let bin = '';
+    for (let i = 0; i < bytes.length; i++)
+        bin += String.fromCharCode(bytes[i]);
+    return btoa(bin).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+}
+/** base64url 解码 */
+function b64UrlToBytes(s) {
+    const std = s.replace(/-/g, '+').replace(/_/g, '/');
+    const pad = std.length % 4 === 0 ? '' : '='.repeat(4 - (std.length % 4));
+    const bin = atob(std + pad);
+    const out = new Uint8Array(bin.length);
+    for (let i = 0; i < bin.length; i++)
+        out[i] = bin.charCodeAt(i);
+    return out;
+}
+/** 从 raw 32B scalar 推算 P-256 公钥的未压缩 (X, Y) 字节，各 32B */
+function p256PublicXY(privateKeyScalar) {
+    // p256.getPublicKey(secretKey, isCompressed=false) → 65 字节 0x04 || X || Y
+    const pub = p256.getPublicKey(privateKeyScalar, false);
+    if (pub.length !== 65 || pub[0] !== 0x04) {
+        throw new Error(`unexpected uncompressed public key encoding: len=${pub.length}`);
+    }
+    return { x: pub.subarray(1, 33), y: pub.subarray(33, 65) };
+}
+/**
+ * 计算 ECDH 共享秘密（P-256 X 坐标，32 字节）。
+ *
+ * @param privateKeyScalar 私钥标量（32 字节 big-endian）
+ * @param peerPublicKeyDer 对端公钥（DER SubjectPublicKeyInfo 编码）
+ * @returns 32 字节共享秘密（椭圆曲线点 X 坐标）
+ */
+export async function ecdhComputeShared(privateKeyScalar, peerPublicKeyDer) {
+    if (privateKeyScalar.length !== 32) {
+        throw new Error(`P-256 private scalar must be 32 bytes, got ${privateKeyScalar.length}`);
+    }
+    // 推算公钥点用于构造 JWK（WebCrypto 不接受 raw scalar）
+    const { x, y } = p256PublicXY(privateKeyScalar);
+    const privJwk = {
+        kty: 'EC',
+        crv: 'P-256',
+        d: bytesToB64Url(privateKeyScalar),
+        x: bytesToB64Url(x),
+        y: bytesToB64Url(y),
+        ext: true,
+    };
+    const privKey = await crypto.subtle.importKey('jwk', privJwk, { name: 'ECDH', namedCurve: 'P-256' }, false, ['deriveBits']);
+    const pubKey = await crypto.subtle.importKey('spki', 
+    // BufferSource：copy 到独立 ArrayBuffer，避免传入 SharedArrayBuffer/视图歧义
+    peerPublicKeyDer.slice().buffer, { name: 'ECDH', namedCurve: 'P-256' }, false, []);
+    const sharedBits = await crypto.subtle.deriveBits({ name: 'ECDH', public: pubKey }, privKey, 256);
+    const out = new Uint8Array(sharedBits);
+    if (out.length !== 32) {
+        throw new Error(`ECDH derive returned ${out.length} bytes, expected 32`);
+    }
+    return out;
+}
+/**
+ * 生成 P-256 密钥对。
+ *
+ * @returns [privateKeyScalar 32B, publicKeyDer SubjectPublicKeyInfo]
+ */
+export async function generateP256Keypair() {
+    const keyPair = await crypto.subtle.generateKey({ name: 'ECDH', namedCurve: 'P-256' }, true, ['deriveBits']);
+    const jwk = await crypto.subtle.exportKey('jwk', keyPair.privateKey);
+    if (!jwk.d) {
+        throw new Error('exportKey(jwk) returned no private component');
+    }
+    const priv = b64UrlToBytes(jwk.d);
+    const pubDerBuf = await crypto.subtle.exportKey('spki', keyPair.publicKey);
+    return [priv, new Uint8Array(pubDerBuf)];
+}
+/**
+ * 从私钥标量导出公钥 DER (SubjectPublicKeyInfo)。
+ */
+export async function privateToPublicDer(privateKeyScalar) {
+    if (privateKeyScalar.length !== 32) {
+        throw new Error(`P-256 private scalar must be 32 bytes, got ${privateKeyScalar.length}`);
+    }
+    const { x, y } = p256PublicXY(privateKeyScalar);
+    // 仅导入公钥点，再以 spki 导出
+    const pubKey = await crypto.subtle.importKey('jwk', { kty: 'EC', crv: 'P-256', x: bytesToB64Url(x), y: bytesToB64Url(y), ext: true }, { name: 'ECDH', namedCurve: 'P-256' }, true, []);
+    const der = await crypto.subtle.exportKey('spki', pubKey);
+    return new Uint8Array(der);
+}
+//# sourceMappingURL=ecdh.js.map

package/dist/v2/crypto/ecdh.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ecdh.js","sourceRoot":"","sources":["../../../src/v2/crypto/ecdh.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AACH,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAE7C,uCAAuC;AACvC,SAAS,aAAa,CAAC,KAAiB;IACtC,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5E,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED,mBAAmB;AACnB,SAAS,aAAa,CAAC,CAAS;IAC9B,MAAM,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACpD,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;IACzE,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC;IAC5B,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAChE,OAAO,GAAG,CAAC;AACb,CAAC;AAED,uDAAuD;AACvD,SAAS,YAAY,CAAC,gBAA4B;IAChD,0EAA0E;IAC1E,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,gBAAgB,EAAE,KAAK,CAAe,CAAC;IACrE,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,oDAAoD,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IACpF,CAAC;IACD,OAAO,EAAE,CAAC,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC;AAC7D,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,gBAA4B,EAC5B,gBAA4B;IAE5B,IAAI,gBAAgB,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,8CAA8C,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3F,CAAC;IAED,0CAA0C;IAC1C,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,YAAY,CAAC,gBAAgB,CAAC,CAAC;IAEhD,MAAM,OAAO,GAAe;QAC1B,GAAG,EAAE,IAAI;QACT,GAAG,EAAE,OAAO;QACZ,CAAC,EAAE,aAAa,CAAC,gBAAgB,CAAC;QAClC,CAAC,EAAE,aAAa,CAAC,CAAC,CAAC;QACnB,CAAC,EAAE,aAAa,CAAC,CAAC,CAAC;QACnB,GAAG,EAAE,IAAI;KACV,CAAC;IAEF,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC3C,KAAK,EACL,OAAO,EACP,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,EACrC,KAAK,EACL,CAAC,YAAY,CAAC,CACf,CAAC;IAEF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC1C,MAAM;IACN,gEAAgE;IAChE,gBAAgB,CAAC,KAAK,EAAE,CAAC,MAAM,EAC/B,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,EACrC,KAAK,EACL,EAAE,CACH,CAAC;IAEF,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,UAAU,CAC/C,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,EAChC,OAAO,EACP,GAAG,CACJ,CAAC;IAEF,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;IACvC,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,CAAC,MAAM,qBAAqB,CAAC,CAAC;IAC3E,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACvC,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAC7C,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,EACrC,IAAI,EACJ,CAAC,YAAY,CAAC,CACf,CAAC;IAEF,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IACrE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IACD,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAElC,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAC3E,OAAO,CAAC,IAAI,EAAE,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,gBAA4B;IACnE,IAAI,gBAAgB,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,8CAA8C,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3F,CAAC;IACD,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,YAAY,CAAC,gBAAgB,CAAC,CAAC;IAEhD,oBAAoB;IACpB,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC1C,KAAK,EACL,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,EAChF,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,EACrC,IAAI,EACJ,EAAE,CACH,CAAC;IACF,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1D,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC"}

package/dist/v2/crypto/ecdsa.d.ts

@@ -0,0 +1,16 @@
+/**
+ * ECDSA-SHA256 RAW 签名（RFC 6979 deterministic, r||s 64 字节）。
+ *
+ * @param privateKeyScalar 32 字节 P-256 私钥标量
+ * @param message          原始消息（noble 内部 SHA-256）
+ */
+export declare function ecdsaSignRaw(privateKeyScalar: Uint8Array, message: Uint8Array): Promise<Uint8Array>;
+/**
+ * ECDSA-SHA256 RAW 验签。
+ *
+ * @param publicKeyDer SPKI DER 公钥
+ * @param signatureRaw 64 字节 r||s
+ * @param message      原始消息（内部做 SHA-256）
+ */
+export declare function ecdsaVerifyRaw(publicKeyDer: Uint8Array, signatureRaw: Uint8Array, message: Uint8Array): Promise<boolean>;
+//# sourceMappingURL=ecdsa.d.ts.map

package/dist/v2/crypto/ecdsa.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ecdsa.d.ts","sourceRoot":"","sources":["../../../src/v2/crypto/ecdsa.ts"],"names":[],"mappings":"AAeA;;;;;GAKG;AACH,wBAAsB,YAAY,CAChC,gBAAgB,EAAE,UAAU,EAC5B,OAAO,EAAE,UAAU,GAClB,OAAO,CAAC,UAAU,CAAC,CAWrB;AAED;;;;;;GAMG;AACH,wBAAsB,cAAc,CAClC,YAAY,EAAE,UAAU,EACxB,YAAY,EAAE,UAAU,EACxB,OAAO,EAAE,UAAU,GAClB,OAAO,CAAC,OAAO,CAAC,CAoBlB"}

package/dist/v2/crypto/ecdsa.js

@@ -0,0 +1,52 @@
+/**
+ * AUN E2EE V2: ECDSA P-256 + SHA-256 RAW（r||s, 64B）
+ *
+ * 规范引用: §3.4 / §5.1 / §10
+ *
+ * 浏览器实现：
+ * - 签名：使用 @noble/curves p256（RFC 6979 deterministic），保持与 Python /
+ *   Go SDK 字节一致。WebCrypto 的 ECDSA 签名是不确定性的（每次随机 k），
+ *   无法用于 golden 比对，因此签名走 noble。
+ * - 验签：用 WebCrypto subtle.verify，公钥从 SPKI DER 导入。
+ * - 哈希：noble p256.sign 默认 prehash=true（自带 SHA-256），与 Python /
+ *   Go ECDSA-SHA256 行为一致；显式传 prehash 让意图更明确。
+ */
+import { p256 } from '@noble/curves/nist.js';
+/**
+ * ECDSA-SHA256 RAW 签名（RFC 6979 deterministic, r||s 64 字节）。
+ *
+ * @param privateKeyScalar 32 字节 P-256 私钥标量
+ * @param message          原始消息（noble 内部 SHA-256）
+ */
+export async function ecdsaSignRaw(privateKeyScalar, message) {
+    if (privateKeyScalar.length !== 32) {
+        throw new Error(`ECDSA private key must be 32 bytes, got ${privateKeyScalar.length}`);
+    }
+    // noble v2: sign 直接返回 Uint8Array（默认 format='compact' 即 r||s 64B）
+    // lowS=false 与 Python cryptography / Go ecdsa 行为一致
+    const sig = p256.sign(message, privateKeyScalar, { lowS: false, prehash: true });
+    if (!(sig instanceof Uint8Array) || sig.length !== 64) {
+        throw new Error(`unexpected ECDSA signature shape: ${sig?.constructor?.name} len=${sig?.length}`);
+    }
+    return sig;
+}
+/**
+ * ECDSA-SHA256 RAW 验签。
+ *
+ * @param publicKeyDer SPKI DER 公钥
+ * @param signatureRaw 64 字节 r||s
+ * @param message      原始消息（内部做 SHA-256）
+ */
+export async function ecdsaVerifyRaw(publicKeyDer, signatureRaw, message) {
+    if (signatureRaw.length !== 64)
+        return false;
+    try {
+        const pubKey = await crypto.subtle.importKey('spki', publicKeyDer.slice().buffer, { name: 'ECDSA', namedCurve: 'P-256' }, false, ['verify']);
+        const ok = await crypto.subtle.verify({ name: 'ECDSA', hash: { name: 'SHA-256' } }, pubKey, signatureRaw.slice().buffer, message.slice().buffer);
+        return Boolean(ok);
+    }
+    catch {
+        return false;
+    }
+}
+//# sourceMappingURL=ecdsa.js.map

package/dist/v2/crypto/ecdsa.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ecdsa.js","sourceRoot":"","sources":["../../../src/v2/crypto/ecdsa.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AACH,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAE7C;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,gBAA4B,EAC5B,OAAmB;IAEnB,IAAI,gBAAgB,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,2CAA2C,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;IACxF,CAAC;IACD,iEAAiE;IACjE,mDAAmD;IACnD,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,gBAAgB,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IACjF,IAAI,CAAC,CAAC,GAAG,YAAY,UAAU,CAAC,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CAAC,qCAAqC,GAAG,EAAE,WAAW,EAAE,IAAI,QAAS,GAA2B,EAAE,MAAM,EAAE,CAAC,CAAC;IAC7H,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,YAAwB,EACxB,YAAwB,EACxB,OAAmB;IAEnB,IAAI,YAAY,CAAC,MAAM,KAAK,EAAE;QAAE,OAAO,KAAK,CAAC;IAC7C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC1C,MAAM,EACN,YAAY,CAAC,KAAK,EAAE,CAAC,MAAM,EAC3B,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,EACtC,KAAK,EACL,CAAC,QAAQ,CAAC,CACX,CAAC;QACF,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CACnC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAC5C,MAAM,EACN,YAAY,CAAC,KAAK,EAAE,CAAC,MAAM,EAC3B,OAAO,CAAC,KAAK,EAAE,CAAC,MAAM,CACvB,CAAC;QACF,OAAO,OAAO,CAAC,EAAE,CAAC,CAAC;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/dist/v2/crypto/hkdf.d.ts

@@ -0,0 +1,21 @@
+/**
+ * AUN E2EE V2: HKDF-SHA256
+ *
+ * 规范引用: §3.2 / §5.2 / §10
+ *
+ * 浏览器实现：使用 WebCrypto subtle.deriveBits 完成 HKDF。
+ * - salt 长度为 0 时按 RFC 5869 规则替换为 32 字节零（与 Python sdk 行为一致）。
+ * - info 必须是 BufferSource（Uint8Array 即可）。
+ * - 输出长度由 `length` 控制（字节数）。
+ */
+/**
+ * 计算 HKDF-SHA256(ikm, salt, info, length)。
+ *
+ * @param ikm    输入密钥材料
+ * @param salt   盐（可空）
+ * @param info   上下文/信息字段
+ * @param length 输出字节数
+ * @returns      派生密钥
+ */
+export declare function hkdfSha256(ikm: Uint8Array, salt: Uint8Array, info: Uint8Array, length: number): Promise<Uint8Array>;
+//# sourceMappingURL=hkdf.d.ts.map

package/dist/v2/crypto/hkdf.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hkdf.d.ts","sourceRoot":"","sources":["../../../src/v2/crypto/hkdf.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH;;;;;;;;GAQG;AACH,wBAAsB,UAAU,CAC9B,GAAG,EAAE,UAAU,EACf,IAAI,EAAE,UAAU,EAChB,IAAI,EAAE,UAAU,EAChB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,UAAU,CAAC,CAqBrB"}

package/dist/v2/crypto/hkdf.js

@@ -0,0 +1,32 @@
+/**
+ * AUN E2EE V2: HKDF-SHA256
+ *
+ * 规范引用: §3.2 / §5.2 / §10
+ *
+ * 浏览器实现：使用 WebCrypto subtle.deriveBits 完成 HKDF。
+ * - salt 长度为 0 时按 RFC 5869 规则替换为 32 字节零（与 Python sdk 行为一致）。
+ * - info 必须是 BufferSource（Uint8Array 即可）。
+ * - 输出长度由 `length` 控制（字节数）。
+ */
+/**
+ * 计算 HKDF-SHA256(ikm, salt, info, length)。
+ *
+ * @param ikm    输入密钥材料
+ * @param salt   盐（可空）
+ * @param info   上下文/信息字段
+ * @param length 输出字节数
+ * @returns      派生密钥
+ */
+export async function hkdfSha256(ikm, salt, info, length) {
+    const realSalt = salt.length === 0 ? new Uint8Array(32) : salt;
+    // ikm 必须是独立 ArrayBuffer，避免视图歧义
+    const baseKey = await crypto.subtle.importKey('raw', ikm.slice().buffer, 'HKDF', false, ['deriveBits']);
+    const bits = await crypto.subtle.deriveBits({
+        name: 'HKDF',
+        hash: 'SHA-256',
+        salt: realSalt.slice().buffer,
+        info: info.slice().buffer,
+    }, baseKey, length * 8);
+    return new Uint8Array(bits);
+}
+//# sourceMappingURL=hkdf.js.map

package/dist/v2/crypto/hkdf.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hkdf.js","sourceRoot":"","sources":["../../../src/v2/crypto/hkdf.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,GAAe,EACf,IAAgB,EAChB,IAAgB,EAChB,MAAc;IAEd,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC/D,+BAA+B;IAC/B,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC3C,KAAK,EACL,GAAG,CAAC,KAAK,EAAE,CAAC,MAAM,EAClB,MAAM,EACN,KAAK,EACL,CAAC,YAAY,CAAC,CACf,CAAC;IACF,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,UAAU,CACzC;QACE,IAAI,EAAE,MAAM;QACZ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,MAAM;QAC7B,IAAI,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,MAAM;KACZ,EACf,OAAO,EACP,MAAM,GAAG,CAAC,CACX,CAAC;IACF,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC;AAC9B,CAAC"}

package/dist/v2/crypto/index.d.ts

@@ -0,0 +1,9 @@
+export { canonicalJson } from './canonical';
+export { ecdhComputeShared, generateP256Keypair, privateToPublicDer, } from './ecdh';
+export { hkdfSha256 } from './hkdf';
+export { aesGcmEncrypt, aesGcmDecrypt } from './aead';
+export { ecdsaSignRaw, ecdsaVerifyRaw } from './ecdsa';
+export { compute1DHWrap, compute3DHWrap, INFO_1DH, INFO_3DH, WRAP_KEY_LENGTH, } from './dh-path';
+export { sortRecipients, computeLeafHash, computeMerkleRoot, computeMerkleProof, verifyMerkleProof, computeRecipientsDigest, } from './recipients';
+export type { ProofStep } from './recipients';
+//# sourceMappingURL=index.d.ts.map

package/dist/v2/crypto/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/v2/crypto/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,kBAAkB,GACnB,MAAM,QAAQ,CAAC;AAChB,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACpC,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AACvD,OAAO,EACL,cAAc,EACd,cAAc,EACd,QAAQ,EACR,QAAQ,EACR,eAAe,GAChB,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,EACjB,uBAAuB,GACxB,MAAM,cAAc,CAAC;AACtB,YAAY,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC"}

package/dist/v2/crypto/index.js

@@ -0,0 +1,8 @@
+export { canonicalJson } from './canonical';
+export { ecdhComputeShared, generateP256Keypair, privateToPublicDer, } from './ecdh';
+export { hkdfSha256 } from './hkdf';
+export { aesGcmEncrypt, aesGcmDecrypt } from './aead';
+export { ecdsaSignRaw, ecdsaVerifyRaw } from './ecdsa';
+export { compute1DHWrap, compute3DHWrap, INFO_1DH, INFO_3DH, WRAP_KEY_LENGTH, } from './dh-path';
+export { sortRecipients, computeLeafHash, computeMerkleRoot, computeMerkleProof, verifyMerkleProof, computeRecipientsDigest, } from './recipients';
+//# sourceMappingURL=index.js.map

package/dist/v2/crypto/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/v2/crypto/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,kBAAkB,GACnB,MAAM,QAAQ,CAAC;AAChB,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACpC,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AACvD,OAAO,EACL,cAAc,EACd,cAAc,EACd,QAAQ,EACR,QAAQ,EACR,eAAe,GAChB,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,EACjB,uBAAuB,GACxB,MAAM,cAAc,CAAC"}