npm - @agentunion/fastaun - Versions diffs - 0.2.19 → 0.3.0 - Mend

@agentunion/fastaun 0.2.19 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (162) hide show

package/dist/v2/crypto/canonical.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"canonical.js","sourceRoot":"","sources":["../../../src/v2/crypto/canonical.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;AAElC;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,GAAY;IACxC,OAAO,OAAO,CAAC,MAAM,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAc;IAC/C,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,MAAM,CAAC;IAClC,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,MAAM,CAAC;IAClC,IAAI,KAAK,KAAK,KAAK;QAAE,OAAO,OAAO,CAAC;IAEpC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,YAAY,CAAC,KAAK,CAAC,CAAC;IAC7B,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,YAAY,CAAC,KAAK,CAAC,CAAC;IAC7B,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC;QAC5D,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IACrC,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,KAAgC,CAAC,CAAC,IAAI,EAAE,CAAC;QAClE,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CACpB,CAAC,CAAC,EAAE,EAAE,CACJ,YAAY,CAAC,CAAC,CAAC;YACf,GAAG;YACH,kBAAkB,CAAE,KAAiC,CAAC,CAAC,CAAC,CAAC,CAC5D,CAAC;QACF,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IACrC,CAAC;IAED,qCAAqC;IACrC,MAAM,IAAI,KAAK,CAAC,mCAAmC,OAAO,KAAK,EAAE,CAAC,CAAC;AACrE,CAAC;AAED,SAAS,YAAY,CAAC,CAAS;IAC7B,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,EAAE,CAAC,CAAC;IAC1D,CAAC;IACD,YAAY;IACZ,IAAI,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;QACxB,+BAA+B;QAC/B,2BAA2B;QAC3B,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,EAAE,CAAC;YACvB,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACtB,CAAC;QACD,gCAAgC;QAChC,OAAO,kBAAkB,CAAC,CAAC,CAAC,CAAC;IAC/B,CAAC;IACD,kCAAkC;IAClC,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,CAAS;IACnC,qBAAqB;IACrB,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;AAC9B,CAAC;AAED;;;;GAIG;AACH,SAAS,YAAY,CAAC,CAAS;IAC7B,IAAI,MAAM,GAAG,GAAG,CAAC;IACjB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,MAAM,EAAE,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAC3B,QAAQ,EAAE,EAAE,CAAC;YACX,KAAK,IAAI,EAAE,IAAI;gBACb,MAAM,IAAI,KAAK,CAAC;gBAChB,MAAM;YACR,KAAK,IAAI,EAAE,IAAI;gBACb,MAAM,IAAI,MAAM,CAAC;gBACjB,MAAM;YACR,KAAK,IAAI,EAAE,KAAK;gBACd,MAAM,IAAI,KAAK,CAAC;gBAChB,MAAM;YACR,KAAK,IAAI,EAAE,KAAK;gBACd,MAAM,IAAI,KAAK,CAAC;gBAChB,MAAM;YACR,KAAK,IAAI,EAAE,KAAK;gBACd,MAAM,IAAI,KAAK,CAAC;gBAChB,MAAM;YACR,KAAK,IAAI,EAAE,KAAK;gBACd,MAAM,IAAI,KAAK,CAAC;gBAChB,MAAM;YACR,KAAK,IAAI,EAAE,KAAK;gBACd,MAAM,IAAI,KAAK,CAAC;gBAChB,MAAM;YACR;gBACE,IAAI,EAAE,GAAG,IAAI,EAAE,CAAC;oBACd,iBAAiB;oBACjB,MAAM,IAAI,KAAK,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;gBACrD,CAAC;qBAAM,CAAC;oBACN,qBAAqB;oBACrB,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;gBACjB,CAAC;QACL,CAAC;IACH,CAAC;IACD,MAAM,IAAI,GAAG,CAAC;IACd,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/v2/crypto/dh-path.d.ts ADDED Viewed

@@ -0,0 +1,39 @@
+/**
+ * AUN E2EE V2: 1DH / 3DH wrap_key 派生
+ *
+ * 规范引用：§4.x
+ *
+ * 3DH（活跃会话）:
+ *   DH1 = ECDH(senderSessionPriv, recvIKPub)
+ *   DH2 = ECDH(senderMasterPriv,  recvSPKPub)
+ *   DH3 = ECDH(senderSessionPriv, recvSPKPub)
+ *   ikm = DH1 || DH2 || DH3
+ *   wrap_key = HKDF-SHA256(ikm, salt, info="AUN-V2-3DH", 32)
+ *
+ * 1DH（无 SPK 的回退路径）:
+ *   DH  = ECDH(senderSessionPriv, recvIKPub)
+ *   wrap_key = HKDF-SHA256(DH, salt, info="AUN-V2-1DH", 32)
+ */
+export declare const INFO_3DH: Uint8Array;
+export declare const INFO_1DH: Uint8Array;
+export declare const WRAP_KEY_LENGTH = 32;
+/**
+ * 计算 3DH wrap_key。
+ *
+ * @param senderSessionPriv 发送方会话私钥（32B 标量）
+ * @param senderMasterPriv  发送方 AID 长期主私钥（32B 标量）
+ * @param recvIKPub         接收方身份公钥 IK（DER SPKI）
+ * @param recvSPKPub        接收方 Signed PreKey 公钥 SPK（DER SPKI）
+ * @param salt              HKDF salt
+ * @returns 32 字节 wrap_key
+ */
+export declare function compute3DHWrap(senderSessionPriv: Uint8Array, senderMasterPriv: Uint8Array, recvIKPub: Uint8Array, recvSPKPub: Uint8Array, salt: Uint8Array): Uint8Array;
+/**
+ * 计算 1DH wrap_key（fallback）。
+ *
+ * @param senderSessionPriv 发送方会话私钥（32B 标量）
+ * @param recvIKPub         接收方身份公钥 IK（DER SPKI）
+ * @param salt              HKDF salt
+ * @returns 32 字节 wrap_key
+ */
+export declare function compute1DHWrap(senderSessionPriv: Uint8Array, recvIKPub: Uint8Array, salt: Uint8Array): Uint8Array;

package/dist/v2/crypto/dh-path.js ADDED Viewed

@@ -0,0 +1,55 @@
+/**
+ * AUN E2EE V2: 1DH / 3DH wrap_key 派生
+ *
+ * 规范引用：§4.x
+ *
+ * 3DH（活跃会话）:
+ *   DH1 = ECDH(senderSessionPriv, recvIKPub)
+ *   DH2 = ECDH(senderMasterPriv,  recvSPKPub)
+ *   DH3 = ECDH(senderSessionPriv, recvSPKPub)
+ *   ikm = DH1 || DH2 || DH3
+ *   wrap_key = HKDF-SHA256(ikm, salt, info="AUN-V2-3DH", 32)
+ *
+ * 1DH（无 SPK 的回退路径）:
+ *   DH  = ECDH(senderSessionPriv, recvIKPub)
+ *   wrap_key = HKDF-SHA256(DH, salt, info="AUN-V2-1DH", 32)
+ */
+import { ecdhComputeShared } from './ecdh.js';
+import { hkdfSha256 } from './hkdf.js';
+const TEXT = new TextEncoder();
+export const INFO_3DH = TEXT.encode('AUN-V2-3DH');
+export const INFO_1DH = TEXT.encode('AUN-V2-1DH');
+export const WRAP_KEY_LENGTH = 32;
+/**
+ * 计算 3DH wrap_key。
+ *
+ * @param senderSessionPriv 发送方会话私钥（32B 标量）
+ * @param senderMasterPriv  发送方 AID 长期主私钥（32B 标量）
+ * @param recvIKPub         接收方身份公钥 IK（DER SPKI）
+ * @param recvSPKPub        接收方 Signed PreKey 公钥 SPK（DER SPKI）
+ * @param salt              HKDF salt
+ * @returns 32 字节 wrap_key
+ */
+export function compute3DHWrap(senderSessionPriv, senderMasterPriv, recvIKPub, recvSPKPub, salt) {
+    const dh1 = ecdhComputeShared(senderSessionPriv, recvIKPub);
+    const dh2 = ecdhComputeShared(senderMasterPriv, recvSPKPub);
+    const dh3 = ecdhComputeShared(senderSessionPriv, recvSPKPub);
+    const ikm = new Uint8Array(96);
+    ikm.set(dh1, 0);
+    ikm.set(dh2, 32);
+    ikm.set(dh3, 64);
+    return hkdfSha256(ikm, salt, INFO_3DH, WRAP_KEY_LENGTH);
+}
+/**
+ * 计算 1DH wrap_key（fallback）。
+ *
+ * @param senderSessionPriv 发送方会话私钥（32B 标量）
+ * @param recvIKPub         接收方身份公钥 IK（DER SPKI）
+ * @param salt              HKDF salt
+ * @returns 32 字节 wrap_key
+ */
+export function compute1DHWrap(senderSessionPriv, recvIKPub, salt) {
+    const dh = ecdhComputeShared(senderSessionPriv, recvIKPub);
+    return hkdfSha256(dh, salt, INFO_1DH, WRAP_KEY_LENGTH);
+}
+//# sourceMappingURL=dh-path.js.map

package/dist/v2/crypto/dh-path.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"dh-path.js","sourceRoot":"","sources":["../../../src/v2/crypto/dh-path.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAEvC,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC;AAC/B,MAAM,CAAC,MAAM,QAAQ,GAAe,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;AAC9D,MAAM,CAAC,MAAM,QAAQ,GAAe,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;AAC9D,MAAM,CAAC,MAAM,eAAe,GAAG,EAAE,CAAC;AAElC;;;;;;;;;GASG;AACH,MAAM,UAAU,cAAc,CAC5B,iBAA6B,EAC7B,gBAA4B,EAC5B,SAAqB,EACrB,UAAsB,EACtB,IAAgB;IAEhB,MAAM,GAAG,GAAG,iBAAiB,CAAC,iBAAiB,EAAE,SAAS,CAAC,CAAC;IAC5D,MAAM,GAAG,GAAG,iBAAiB,CAAC,gBAAgB,EAAE,UAAU,CAAC,CAAC;IAC5D,MAAM,GAAG,GAAG,iBAAiB,CAAC,iBAAiB,EAAE,UAAU,CAAC,CAAC;IAC7D,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAC/B,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IAChB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IACjB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IACjB,OAAO,UAAU,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,eAAe,CAAC,CAAC;AAC1D,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,cAAc,CAC5B,iBAA6B,EAC7B,SAAqB,EACrB,IAAgB;IAEhB,MAAM,EAAE,GAAG,iBAAiB,CAAC,iBAAiB,EAAE,SAAS,CAAC,CAAC;IAC3D,OAAO,UAAU,CAAC,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,eAAe,CAAC,CAAC;AACzD,CAAC"}

package/dist/v2/crypto/ecdh.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * ECDH P-256 — AUN E2EE V2 协议要求所有 SDK 的 ECDH 输出字节级一致。
+ *
+ * 共享秘密为 P-256 曲线点乘后的 X 坐标（32 字节，big-endian）。
+ *
+ * 实现选型：
+ * - 使用 Node `crypto` 模块（非 WebCrypto，TS SDK 目标为 Node 环境）
+ * - `createECDH('prime256v1')` 计算 X 坐标
+ * - 公钥使用 DER SubjectPublicKeyInfo 编码（与 Python/Go SDK 对齐）
+ * - 通过 JWK 中转完成 DER ↔ 未压缩点（0x04 || X || Y）的转换
+ */
+/**
+ * 计算 ECDH 共享秘密（P-256 X 坐标，32 字节）。
+ *
+ * @param privateKeyScalar 32 字节 P-256 私钥标量（big-endian）
+ * @param peerPublicKeyDer DER SubjectPublicKeyInfo 编码的对端公钥
+ * @returns 32 字节共享秘密（X 坐标 big-endian）
+ */
+export declare function ecdhComputeShared(privateKeyScalar: Uint8Array, peerPublicKeyDer: Uint8Array): Uint8Array;
+/**
+ * 生成 P-256 密钥对。
+ *
+ * @returns [privateKeyScalar 32B, publicKeyDer SPKI]
+ */
+export declare function generateP256Keypair(): [Uint8Array, Uint8Array];
+/**
+ * 从私钥标量导出公钥 DER（SPKI 编码）。
+ */
+export declare function privateToPublicDer(privateKeyScalar: Uint8Array): Uint8Array;

package/dist/v2/crypto/ecdh.js ADDED Viewed

@@ -0,0 +1,122 @@
+/**
+ * ECDH P-256 — AUN E2EE V2 协议要求所有 SDK 的 ECDH 输出字节级一致。
+ *
+ * 共享秘密为 P-256 曲线点乘后的 X 坐标（32 字节，big-endian）。
+ *
+ * 实现选型：
+ * - 使用 Node `crypto` 模块（非 WebCrypto，TS SDK 目标为 Node 环境）
+ * - `createECDH('prime256v1')` 计算 X 坐标
+ * - 公钥使用 DER SubjectPublicKeyInfo 编码（与 Python/Go SDK 对齐）
+ * - 通过 JWK 中转完成 DER ↔ 未压缩点（0x04 || X || Y）的转换
+ */
+import { createECDH, createPublicKey } from 'node:crypto';
+/**
+ * 把 base64url 字符串解码为 32 字节大端序无前导零填充的字节数组。
+ * 解决 JWK x/y 可能因高位为 0 而被截短的问题。
+ */
+function b64uToFixed32(b64url) {
+    const buf = Buffer.from(b64url, 'base64url');
+    if (buf.length === 32)
+        return buf;
+    if (buf.length < 32) {
+        const padded = Buffer.alloc(32);
+        buf.copy(padded, 32 - buf.length);
+        return padded;
+    }
+    // 长度 > 32：去掉前导 0x00 填充
+    const start = buf.length - 32;
+    for (let i = 0; i < start; i++) {
+        if (buf[i] !== 0) {
+            throw new Error(`invalid EC coordinate: length=${buf.length}, leading non-zero byte`);
+        }
+    }
+    return buf.subarray(start, buf.length);
+}
+/**
+ * 把未压缩点（0x04 || X(32) || Y(32)）的 X/Y 坐标转换为 SPKI DER 公钥。
+ */
+function uncompressedPointToDer(uncompressed) {
+    if (uncompressed.length !== 65 || uncompressed[0] !== 0x04) {
+        throw new Error('invalid uncompressed P-256 point');
+    }
+    const x = uncompressed.subarray(1, 33);
+    const y = uncompressed.subarray(33, 65);
+    const pubKey = createPublicKey({
+        key: {
+            kty: 'EC',
+            crv: 'P-256',
+            x: x.toString('base64url'),
+            y: y.toString('base64url'),
+        },
+        format: 'jwk',
+    });
+    return pubKey.export({ format: 'der', type: 'spki' });
+}
+/**
+ * 计算 ECDH 共享秘密（P-256 X 坐标，32 字节）。
+ *
+ * @param privateKeyScalar 32 字节 P-256 私钥标量（big-endian）
+ * @param peerPublicKeyDer DER SubjectPublicKeyInfo 编码的对端公钥
+ * @returns 32 字节共享秘密（X 坐标 big-endian）
+ */
+export function ecdhComputeShared(privateKeyScalar, peerPublicKeyDer) {
+    if (privateKeyScalar.length !== 32) {
+        throw new Error(`expected 32-byte P-256 private scalar, got ${privateKeyScalar.length}`);
+    }
+    const ecdh = createECDH('prime256v1');
+    ecdh.setPrivateKey(Buffer.from(privateKeyScalar));
+    // 解析 DER SPKI 公钥 → 提取未压缩点（0x04 || X || Y）
+    const peerPubKey = createPublicKey({
+        key: Buffer.from(peerPublicKeyDer),
+        format: 'der',
+        type: 'spki',
+    });
+    const jwk = peerPubKey.export({ format: 'jwk' });
+    if (jwk.kty !== 'EC' || jwk.crv !== 'P-256' || !jwk.x || !jwk.y) {
+        throw new Error('peer public key is not a P-256 EC key');
+    }
+    const x = b64uToFixed32(jwk.x);
+    const y = b64uToFixed32(jwk.y);
+    const uncompressed = Buffer.concat([Buffer.from([0x04]), x, y]);
+    // ECDH.computeSecret 默认返回 X 坐标（32 字节大端序）
+    const shared = ecdh.computeSecret(uncompressed);
+    return new Uint8Array(shared);
+}
+/**
+ * 生成 P-256 密钥对。
+ *
+ * @returns [privateKeyScalar 32B, publicKeyDer SPKI]
+ */
+export function generateP256Keypair() {
+    const ecdh = createECDH('prime256v1');
+    const pubUncompressed = ecdh.generateKeys();
+    const priv = ecdh.getPrivateKey();
+    // setPrivateKey/generateKeys 返回的 priv 可能少于 32 字节（高位为 0），左零填充
+    let privPadded;
+    if (priv.length === 32) {
+        privPadded = priv;
+    }
+    else if (priv.length < 32) {
+        privPadded = Buffer.alloc(32);
+        priv.copy(privPadded, 32 - priv.length);
+    }
+    else {
+        throw new Error(`unexpected P-256 private key length: ${priv.length}`);
+    }
+    const pubDer = uncompressedPointToDer(pubUncompressed);
+    return [new Uint8Array(privPadded), new Uint8Array(pubDer)];
+}
+/**
+ * 从私钥标量导出公钥 DER（SPKI 编码）。
+ */
+export function privateToPublicDer(privateKeyScalar) {
+    if (privateKeyScalar.length !== 32) {
+        throw new Error(`expected 32-byte P-256 private scalar, got ${privateKeyScalar.length}`);
+    }
+    const ecdh = createECDH('prime256v1');
+    ecdh.setPrivateKey(Buffer.from(privateKeyScalar));
+    const pubUncompressed = ecdh.getPublicKey();
+    const pubDer = uncompressedPointToDer(pubUncompressed);
+    return new Uint8Array(pubDer);
+}
+//# sourceMappingURL=ecdh.js.map

package/dist/v2/crypto/ecdh.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ecdh.js","sourceRoot":"","sources":["../../../src/v2/crypto/ecdh.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE1D;;;GAGG;AACH,SAAS,aAAa,CAAC,MAAc;IACnC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAC7C,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE;QAAE,OAAO,GAAG,CAAC;IAClC,IAAI,GAAG,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACpB,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAChC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;QAClC,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,uBAAuB;IACvB,MAAM,KAAK,GAAG,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC;IAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;QAC/B,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,iCAAiC,GAAG,CAAC,MAAM,yBAAyB,CAAC,CAAC;QACxF,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC,QAAQ,CAAC,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;AACzC,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAAC,YAAoB;IAClD,IAAI,YAAY,CAAC,MAAM,KAAK,EAAE,IAAI,YAAY,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IACD,MAAM,CAAC,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACvC,MAAM,CAAC,GAAG,YAAY,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,eAAe,CAAC;QAC7B,GAAG,EAAE;YACH,GAAG,EAAE,IAAI;YACT,GAAG,EAAE,OAAO;YACZ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC;YAC1B,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC;SAC3B;QACD,MAAM,EAAE,KAAK;KACd,CAAC,CAAC;IACH,OAAO,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;AACxD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAC/B,gBAA4B,EAC5B,gBAA4B;IAE5B,IAAI,gBAAgB,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,8CAA8C,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3F,CAAC;IAED,MAAM,IAAI,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC;IACtC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAElD,0CAA0C;IAC1C,MAAM,UAAU,GAAG,eAAe,CAAC;QACjC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC;QAClC,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,MAAM;KACb,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,UAAU,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IACjD,IAAI,GAAG,CAAC,GAAG,KAAK,IAAI,IAAI,GAAG,CAAC,GAAG,KAAK,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAC/B,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAC/B,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAEhE,yCAAyC;IACzC,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;IAChD,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,mBAAmB;IACjC,MAAM,IAAI,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC;IACtC,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;IAC5C,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;IAElC,6DAA6D;IAC7D,IAAI,UAAkB,CAAC;IACvB,IAAI,IAAI,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACvB,UAAU,GAAG,IAAI,CAAC;IACpB,CAAC;SAAM,IAAI,IAAI,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC5B,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC9B,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,wCAAwC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,MAAM,GAAG,sBAAsB,CAAC,eAAe,CAAC,CAAC;IACvD,OAAO,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;AAC9D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,gBAA4B;IAC7D,IAAI,gBAAgB,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,8CAA8C,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3F,CAAC;IACD,MAAM,IAAI,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC;IACtC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAClD,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;IAC5C,MAAM,MAAM,GAAG,sBAAsB,CAAC,eAAe,CAAC,CAAC;IACvD,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC"}

package/dist/v2/crypto/ecdsa.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * AUN E2EE V2: ECDSA-SHA256 RAW（RFC 6979 deterministic）
+ *
+ * 规范引用：§3.1
+ * - 曲线 P-256
+ * - RFC 6979 deterministic nonce（必须）
+ * - 输出 RAW 编码 r(32B)||s(32B)
+ *
+ * 实现选型：
+ * - 使用 @noble/curves/nist 提供 deterministic ECDSA
+ * - 公钥使用 DER SubjectPublicKeyInfo（与 Python/Go 对齐）
+ *   通过 Node createPublicKey 提取未压缩点（0x04||X||Y）后传给 noble
+ */
+/**
+ * ECDSA-SHA256 签名（RFC 6979 deterministic），输出 RAW 编码 r||s（64 字节）。
+ *
+ * @param privateKeyScalar P-256 私钥标量（32 字节 big-endian）
+ * @param message 待签名消息原文
+ * @returns 64 字节签名
+ */
+export declare function ecdsaSignRaw(privateKeyScalar: Uint8Array, message: Uint8Array): Uint8Array;
+/**
+ * ECDSA-SHA256 验签（RAW 64 字节签名）。
+ */
+export declare function ecdsaVerifyRaw(publicKeyDer: Uint8Array, signatureRaw: Uint8Array, message: Uint8Array): boolean;
+/**
+ * 仅用于本地校验：根据 P-256 私钥派生公钥的 DER SPKI 编码。
+ */
+export declare function privateScalarToPublicDer(privateKeyScalar: Uint8Array): Uint8Array;

package/dist/v2/crypto/ecdsa.js ADDED Viewed

@@ -0,0 +1,120 @@
+/**
+ * AUN E2EE V2: ECDSA-SHA256 RAW（RFC 6979 deterministic）
+ *
+ * 规范引用：§3.1
+ * - 曲线 P-256
+ * - RFC 6979 deterministic nonce（必须）
+ * - 输出 RAW 编码 r(32B)||s(32B)
+ *
+ * 实现选型：
+ * - 使用 @noble/curves/nist 提供 deterministic ECDSA
+ * - 公钥使用 DER SubjectPublicKeyInfo（与 Python/Go 对齐）
+ *   通过 Node createPublicKey 提取未压缩点（0x04||X||Y）后传给 noble
+ */
+import { p256 } from '@noble/curves/nist.js';
+import { createPublicKey } from 'node:crypto';
+/**
+ * 把 base64url 字符串解码为 32 字节大端序无前导零填充的字节数组。
+ */
+function b64uToFixed32(b64url) {
+    const buf = Buffer.from(b64url, 'base64url');
+    if (buf.length === 32)
+        return buf;
+    if (buf.length < 32) {
+        const padded = Buffer.alloc(32);
+        buf.copy(padded, 32 - buf.length);
+        return padded;
+    }
+    const start = buf.length - 32;
+    for (let i = 0; i < start; i++) {
+        if (buf[i] !== 0) {
+            throw new Error(`invalid EC coordinate: length=${buf.length}, leading non-zero byte`);
+        }
+    }
+    return buf.subarray(start, buf.length);
+}
+/**
+ * 从 DER SPKI 编码公钥提取未压缩点（0x04||X||Y），共 65 字节。
+ */
+function derSpkiToUncompressed(publicKeyDer) {
+    const pub = createPublicKey({
+        key: Buffer.from(publicKeyDer),
+        format: 'der',
+        type: 'spki',
+    });
+    const jwk = pub.export({ format: 'jwk' });
+    if (jwk.kty !== 'EC' || jwk.crv !== 'P-256' || !jwk.x || !jwk.y) {
+        throw new Error('public key is not a P-256 EC key');
+    }
+    const x = b64uToFixed32(jwk.x);
+    const y = b64uToFixed32(jwk.y);
+    return Buffer.concat([Buffer.from([0x04]), x, y]);
+}
+/**
+ * ECDSA-SHA256 签名（RFC 6979 deterministic），输出 RAW 编码 r||s（64 字节）。
+ *
+ * @param privateKeyScalar P-256 私钥标量（32 字节 big-endian）
+ * @param message 待签名消息原文
+ * @returns 64 字节签名
+ */
+export function ecdsaSignRaw(privateKeyScalar, message) {
+    if (privateKeyScalar.length !== 32) {
+        throw new Error(`expected 32-byte P-256 private scalar, got ${privateKeyScalar.length}`);
+    }
+    // 显式 prehash=true（默认值），noble 会用 SHA-256 摘要。
+    // lowS=false 与 Python/Go SDK 行为对齐（不强制低 S）。
+    // format='compact' 是默认值，输出 64B = r||s。
+    const sig = p256.sign(message, privateKeyScalar, {
+        prehash: true,
+        lowS: false,
+        format: 'compact',
+    });
+    if (sig.length !== 64) {
+        throw new Error(`unexpected signature length: ${sig.length}`);
+    }
+    return sig;
+}
+/**
+ * ECDSA-SHA256 验签（RAW 64 字节签名）。
+ */
+export function ecdsaVerifyRaw(publicKeyDer, signatureRaw, message) {
+    if (signatureRaw.length !== 64)
+        return false;
+    try {
+        const uncompressed = derSpkiToUncompressed(publicKeyDer);
+        return p256.verify(signatureRaw, message, uncompressed, {
+            prehash: true,
+            lowS: false,
+            format: 'compact',
+        });
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * 仅用于本地校验：根据 P-256 私钥派生公钥的 DER SPKI 编码。
+ */
+export function privateScalarToPublicDer(privateKeyScalar) {
+    if (privateKeyScalar.length !== 32) {
+        throw new Error(`expected 32-byte P-256 private scalar, got ${privateKeyScalar.length}`);
+    }
+    // noble 返回未压缩 65 字节
+    const uncompressed = p256.getPublicKey(privateKeyScalar, false);
+    if (uncompressed.length !== 65 || uncompressed[0] !== 0x04) {
+        throw new Error('failed to derive uncompressed P-256 public key');
+    }
+    const x = uncompressed.subarray(1, 33);
+    const y = uncompressed.subarray(33, 65);
+    const pubKey = createPublicKey({
+        key: {
+            kty: 'EC',
+            crv: 'P-256',
+            x: Buffer.from(x).toString('base64url'),
+            y: Buffer.from(y).toString('base64url'),
+        },
+        format: 'jwk',
+    });
+    return new Uint8Array(pubKey.export({ format: 'der', type: 'spki' }));
+}
+//# sourceMappingURL=ecdsa.js.map

package/dist/v2/crypto/ecdsa.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ecdsa.js","sourceRoot":"","sources":["../../../src/v2/crypto/ecdsa.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAC7C,OAAO,EAAc,eAAe,EAAE,MAAM,aAAa,CAAC;AAE1D;;GAEG;AACH,SAAS,aAAa,CAAC,MAAc;IACnC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAC7C,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE;QAAE,OAAO,GAAG,CAAC;IAClC,IAAI,GAAG,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACpB,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAChC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;QAClC,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,MAAM,KAAK,GAAG,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC;IAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;QAC/B,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,iCAAiC,GAAG,CAAC,MAAM,yBAAyB,CAAC,CAAC;QACxF,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC,QAAQ,CAAC,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;AACzC,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAAC,YAAwB;IACrD,MAAM,GAAG,GAAG,eAAe,CAAC;QAC1B,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC;QAC9B,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,MAAM;KACb,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IAC1C,IAAI,GAAG,CAAC,GAAG,KAAK,IAAI,IAAI,GAAG,CAAC,GAAG,KAAK,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IACD,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAC/B,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAC/B,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;AACpD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,YAAY,CAC1B,gBAA4B,EAC5B,OAAmB;IAEnB,IAAI,gBAAgB,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,8CAA8C,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3F,CAAC;IACD,4CAA4C;IAC5C,2CAA2C;IAC3C,uCAAuC;IACvC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,gBAAgB,EAAE;QAC/C,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,KAAK;QACX,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;IACH,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,gCAAgC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAC5B,YAAwB,EACxB,YAAwB,EACxB,OAAmB;IAEnB,IAAI,YAAY,CAAC,MAAM,KAAK,EAAE;QAAE,OAAO,KAAK,CAAC;IAC7C,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,qBAAqB,CAAC,YAAY,CAAC,CAAC;QACzD,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,OAAO,EAAE,YAAY,EAAE;YACtD,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,KAAK;YACX,MAAM,EAAE,SAAS;SAClB,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,wBAAwB,CAAC,gBAA4B;IACnE,IAAI,gBAAgB,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,8CAA8C,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3F,CAAC;IACD,oBAAoB;IACpB,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC;IAChE,IAAI,YAAY,CAAC,MAAM,KAAK,EAAE,IAAI,YAAY,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IACD,MAAM,CAAC,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACvC,MAAM,CAAC,GAAG,YAAY,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,eAAe,CAAC;QAC7B,GAAG,EAAE;YACH,GAAG,EAAE,IAAI;YACT,GAAG,EAAE,OAAO;YACZ,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC;YACvC,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC;SACxC;QACD,MAAM,EAAE,KAAK;KACd,CAAC,CAAC;IACH,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;AACxE,CAAC"}

package/dist/v2/crypto/hkdf.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+/**
+ * AUN E2EE V2: HKDF-SHA256（RFC 5869）
+ *
+ * 规范引用：用于 1DH/3DH wrap_key 派生（info 分别为 "AUN-V2-1DH" 和 "AUN-V2-3DH"）。
+ *
+ * 实现选型：
+ * - Node `crypto` 模块 HMAC-SHA256
+ * - 空 salt 视为 32 字节零（HashLen）
+ */
+/**
+ * HKDF-SHA256（RFC 5869）。
+ *
+ * @param ikm  Input keying material
+ * @param salt Salt（可为空，空时按规范用 HashLen 字节零填充）
+ * @param info Optional context and application specific information
+ * @param length 期望输出字节长度（不能超过 255 * HashLen）
+ * @returns OKM（output keying material）
+ */
+export declare function hkdfSha256(ikm: Uint8Array, salt: Uint8Array, info: Uint8Array, length: number): Uint8Array;

package/dist/v2/crypto/hkdf.js ADDED Viewed

@@ -0,0 +1,47 @@
+/**
+ * AUN E2EE V2: HKDF-SHA256（RFC 5869）
+ *
+ * 规范引用：用于 1DH/3DH wrap_key 派生（info 分别为 "AUN-V2-1DH" 和 "AUN-V2-3DH"）。
+ *
+ * 实现选型：
+ * - Node `crypto` 模块 HMAC-SHA256
+ * - 空 salt 视为 32 字节零（HashLen）
+ */
+import { createHmac } from 'node:crypto';
+const HASH_LEN = 32; // SHA-256 输出长度
+/**
+ * HKDF-SHA256（RFC 5869）。
+ *
+ * @param ikm  Input keying material
+ * @param salt Salt（可为空，空时按规范用 HashLen 字节零填充）
+ * @param info Optional context and application specific information
+ * @param length 期望输出字节长度（不能超过 255 * HashLen）
+ * @returns OKM（output keying material）
+ */
+export function hkdfSha256(ikm, salt, info, length) {
+    if (length < 0 || length > 255 * HASH_LEN) {
+        throw new Error(`HKDF length out of range: ${length}`);
+    }
+    // RFC 5869 §2.2: salt 为空时使用 HashLen 字节零
+    const realSalt = salt.length === 0 ? new Uint8Array(HASH_LEN) : salt;
+    // Extract: PRK = HMAC-SHA256(salt, IKM)
+    const prk = createHmac('sha256', realSalt).update(ikm).digest();
+    // Expand: T(i) = HMAC-SHA256(PRK, T(i-1) || info || i)
+    const out = new Uint8Array(length);
+    let t = new Uint8Array(0);
+    let pos = 0;
+    let counter = 1;
+    while (pos < length) {
+        const hmac = createHmac('sha256', prk);
+        hmac.update(t);
+        hmac.update(info);
+        hmac.update(Uint8Array.of(counter));
+        t = hmac.digest();
+        const remaining = length - pos;
+        out.set(t.subarray(0, Math.min(remaining, t.length)), pos);
+        pos += t.length;
+        counter++;
+    }
+    return out;
+}
+//# sourceMappingURL=hkdf.js.map

package/dist/v2/crypto/hkdf.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"hkdf.js","sourceRoot":"","sources":["../../../src/v2/crypto/hkdf.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,MAAM,QAAQ,GAAG,EAAE,CAAC,CAAC,eAAe;AAEpC;;;;;;;;GAQG;AACH,MAAM,UAAU,UAAU,CACxB,GAAe,EACf,IAAgB,EAChB,IAAgB,EAChB,MAAc;IAEd,IAAI,MAAM,GAAG,CAAC,IAAI,MAAM,GAAG,GAAG,GAAG,QAAQ,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,6BAA6B,MAAM,EAAE,CAAC,CAAC;IACzD,CAAC;IACD,wCAAwC;IACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAErE,wCAAwC;IACxC,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC;IAEhE,uDAAuD;IACvD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;IACnC,IAAI,CAAC,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IAC1B,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,OAAO,GAAG,GAAG,MAAM,EAAE,CAAC;QACpB,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QACvC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAClB,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;QACpC,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QAClB,MAAM,SAAS,GAAG,MAAM,GAAG,GAAG,CAAC;QAC/B,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAC3D,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC;QAChB,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/v2/crypto/index.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+export { canonicalJson, canonicalStringify } from './canonical.js';
+export { ecdhComputeShared, generateP256Keypair, privateToPublicDer } from './ecdh.js';
+export { hkdfSha256 } from './hkdf.js';
+export { aesGcmEncrypt, aesGcmDecrypt } from './aead.js';
+export { ecdsaSignRaw, ecdsaVerifyRaw, privateScalarToPublicDer } from './ecdsa.js';
+export { compute1DHWrap, compute3DHWrap, INFO_1DH, INFO_3DH, WRAP_KEY_LENGTH, } from './dh-path.js';
+export { sortRecipients, computeLeafHash, computeMerkleRoot, computeMerkleProof, verifyMerkleProof, computeRecipientsDigest, } from './recipients.js';
+export type { ProofStep } from './recipients.js';

package/dist/v2/crypto/index.js ADDED Viewed

@@ -0,0 +1,8 @@
+export { canonicalJson, canonicalStringify } from './canonical.js';
+export { ecdhComputeShared, generateP256Keypair, privateToPublicDer } from './ecdh.js';
+export { hkdfSha256 } from './hkdf.js';
+export { aesGcmEncrypt, aesGcmDecrypt } from './aead.js';
+export { ecdsaSignRaw, ecdsaVerifyRaw, privateScalarToPublicDer } from './ecdsa.js';
+export { compute1DHWrap, compute3DHWrap, INFO_1DH, INFO_3DH, WRAP_KEY_LENGTH, } from './dh-path.js';
+export { sortRecipients, computeLeafHash, computeMerkleRoot, computeMerkleProof, verifyMerkleProof, computeRecipientsDigest, } from './recipients.js';
+//# sourceMappingURL=index.js.map

package/dist/v2/crypto/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/v2/crypto/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC;AACvF,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAC;AACpF,OAAO,EACL,cAAc,EACd,cAAc,EACd,QAAQ,EACR,QAAQ,EACR,eAAe,GAChB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,EACjB,uBAAuB,GACxB,MAAM,iBAAiB,CAAC"}

package/dist/v2/crypto/recipients.d.ts ADDED Viewed

@@ -0,0 +1,32 @@
+/**
+ * AUN E2EE V2: Recipients 排序与 Merkle Digest
+ *
+ * 规范引用：§5.3 / §10.3
+ *
+ * - 行排序：(aid asc, device_id asc, role asc) 字典序
+ * - 每行固定 8 字段：[aid, device_id, role, key_source, fp, spk_id, wrap_nonce, wrapped_key]
+ * - Digest = Merkle root（leaf/inner 各有独立前缀）
+ * - 奇数节点复制最后一个
+ */
+export interface ProofStep {
+    sibling: string;
+    position: 'L' | 'R';
+}
+/** 按 (aid, device_id, role) 字典序稳定排序 recipients。 */
+export declare function sortRecipients(rows: string[][]): string[][];
+/** 计算单个 recipient 行的 leaf hash（32 字节）。 */
+export declare function computeLeafHash(row: string[]): Uint8Array;
+/**
+ * 计算 recipients 的 Merkle root（hex）。空列表返回空字符串（与 Python 一致）。
+ */
+export declare function computeMerkleRoot(rows: string[][]): string;
+/** 兼容入口，等价 computeMerkleRoot。调用方应先调 sortRecipients。 */
+export declare function computeRecipientsDigest(rows: string[][]): string;
+/**
+ * 为 targetIndex 行生成 Merkle proof（log N 步）。
+ */
+export declare function computeMerkleProof(rows: string[][], targetIndex: number): ProofStep[];
+/**
+ * 验证 leaf + proof 重建出的 root 与期望值一致。
+ */
+export declare function verifyMerkleProof(leaf: Uint8Array, proof: ProofStep[], expectedRootHex: string): boolean;