@agora-sdk/secure-chat-crypto 0.3.0 → 0.4.0

package/dist/esm/ts-mls/ciphersuite.d.ts

@@ -0,0 +1,26 @@
+import { type CiphersuiteName, type CiphersuiteImpl } from "ts-mls";
+/** RFC 9420 mandatory-to-implement baseline; our default. */
+export declare const DEFAULT_CIPHERSUITE_ID: 1;
+/**
+ * Resolve a ts-mls suite name from a numeric contract id.
+ *
+ * @param id - The numeric MLS ciphersuite id (RFC 9420).
+ * @returns The ts-mls suite name.
+ * @throws {Error} When the id is not a supported ciphersuite.
+ */
+export declare function ciphersuiteNameFromId(id: number): CiphersuiteName;
+/**
+ * Resolve the numeric contract id from a ts-mls suite name.
+ *
+ * @param name - The ts-mls suite name.
+ * @returns The numeric MLS ciphersuite id.
+ */
+export declare function ciphersuiteIdFromName(name: CiphersuiteName): number;
+/**
+ * Load a ready {@link CiphersuiteImpl} (the crypto primitives) for a numeric ciphersuite id.
+ *
+ * @param id - The numeric MLS ciphersuite id (RFC 9420).
+ * @returns The ciphersuite implementation (hash/signature/hpke/kdf/rng).
+ * @throws {Error} When the id is not a supported ciphersuite.
+ */
+export declare function loadCiphersuite(id: number): Promise<CiphersuiteImpl>;

package/dist/esm/ts-mls/ciphersuite.js

@@ -0,0 +1,41 @@
+// Maps the wire contract's numeric MLS ciphersuite id (RFC 9420 / IANA) to ts-mls's string name and
+// back, owns the suite-1 default, and loads a usable CiphersuiteImpl. One place so adding a suite is a
+// one-line change and an unknown id fails closed rather than silently picking a wrong suite.
+import { ciphersuites, getCiphersuiteFromName, getCiphersuiteImpl, } from "ts-mls";
+/** RFC 9420 mandatory-to-implement baseline; our default. */
+export const DEFAULT_CIPHERSUITE_ID = 1;
+// Invert ts-mls's name→id constant once.
+const ID_TO_NAME = new Map(Object.entries(ciphersuites).map(([name, id]) => [id, name]));
+/**
+ * Resolve a ts-mls suite name from a numeric contract id.
+ *
+ * @param id - The numeric MLS ciphersuite id (RFC 9420).
+ * @returns The ts-mls suite name.
+ * @throws {Error} When the id is not a supported ciphersuite.
+ */
+export function ciphersuiteNameFromId(id) {
+    const name = ID_TO_NAME.get(id);
+    if (!name)
+        throw new Error(`secure-chat: unsupported MLS ciphersuite id ${id}`);
+    return name;
+}
+/**
+ * Resolve the numeric contract id from a ts-mls suite name.
+ *
+ * @param name - The ts-mls suite name.
+ * @returns The numeric MLS ciphersuite id.
+ */
+export function ciphersuiteIdFromName(name) {
+    return ciphersuites[name];
+}
+/**
+ * Load a ready {@link CiphersuiteImpl} (the crypto primitives) for a numeric ciphersuite id.
+ *
+ * @param id - The numeric MLS ciphersuite id (RFC 9420).
+ * @returns The ciphersuite implementation (hash/signature/hpke/kdf/rng).
+ * @throws {Error} When the id is not a supported ciphersuite.
+ */
+export function loadCiphersuite(id) {
+    return getCiphersuiteImpl(getCiphersuiteFromName(ciphersuiteNameFromId(id)));
+}
+//# sourceMappingURL=ciphersuite.js.map

package/dist/esm/ts-mls/ciphersuite.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ciphersuite.js","sourceRoot":"","sources":["../../../src/ts-mls/ciphersuite.ts"],"names":[],"mappings":"AAAA,oGAAoG;AACpG,uGAAuG;AACvG,6FAA6F;AAC7F,OAAO,EACL,YAAY,EACZ,sBAAsB,EACtB,kBAAkB,GAGnB,MAAM,QAAQ,CAAC;AAEhB,6DAA6D;AAC7D,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAU,CAAC;AAEjD,yCAAyC;AACzC,MAAM,UAAU,GAAG,IAAI,GAAG,CACvB,MAAM,CAAC,OAAO,CAAC,YAAY,CAAiC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,CAC9F,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CAAC,EAAU;IAC9C,MAAM,IAAI,GAAG,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChC,IAAI,CAAC,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,+CAA+C,EAAE,EAAE,CAAC,CAAC;IAChF,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,IAAqB;IACzD,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC;AAC5B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,eAAe,CAAC,EAAU;IACxC,OAAO,kBAAkB,CAAC,sBAAsB,CAAC,qBAAqB,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;AAC/E,CAAC"}

package/dist/esm/ts-mls/crypto.d.ts

@@ -0,0 +1,82 @@
+import { type CiphersuiteImpl, type KeyPackage, type PrivateKeyPackage, type ClientState } from "ts-mls";
+import type { SecureChatCrypto, DeviceIdentity, KeyPackageBundle, GroupHandle, CommitResult, TargetedWelcome, PassphraseBackup } from "../interface.js";
+interface DeviceState {
+    deviceId: string;
+    ciphersuite: number;
+    signKey: Uint8Array;
+    publicKey: Uint8Array;
+}
+/** One retained, not-yet-consumed KeyPackage (public for re-publish/debug, private to join with). */
+interface PendingKeyPackage {
+    publicPackage: KeyPackage;
+    privatePackage: PrivateKeyPackage;
+}
+/** Options for {@link TsMlsSecureChatCrypto}. */
+export interface TsMlsSecureChatCryptoOptions {
+    /** Numeric MLS ciphersuite id (RFC 9420). Defaults to 1 (the MTI baseline). */
+    ciphersuite?: number;
+}
+/**
+ * Real RFC 9420 MLS implementation of {@link SecureChatCrypto}, built on ts-mls. Construct via
+ * `createTsMlsSecureChatCrypto`; inject into `<SecureChatProvider crypto={…}>`.
+ */
+export declare class TsMlsSecureChatCrypto implements SecureChatCrypto {
+    private readonly ciphersuiteId;
+    private csImpl;
+    private device?;
+    private credential?;
+    protected readonly pending: Map<string, PendingKeyPackage>;
+    protected readonly groups: Map<string, ClientState>;
+    constructor(options?: TsMlsSecureChatCryptoOptions);
+    /** Lazily load + memoize the ciphersuite primitives. */
+    protected cs(): Promise<CiphersuiteImpl>;
+    protected requireDevice(): DeviceState;
+    generateDeviceIdentity(opts: {
+        deviceId: string;
+        ciphersuite?: number;
+    }): Promise<{
+        identity: DeviceIdentity;
+        privateState: Uint8Array;
+    }>;
+    generateKeyPackages(count: number): Promise<KeyPackageBundle[]>;
+    createGroup(opts: {
+        mlsGroupId?: Uint8Array;
+        initialMembers: {
+            deviceId: string;
+            keyPackage: Uint8Array;
+        }[];
+    }): Promise<{
+        group: GroupHandle;
+        welcomes: TargetedWelcome[];
+    }>;
+    addMember(group: GroupHandle, newDevice: {
+        deviceId: string;
+        keyPackage: Uint8Array;
+    }): Promise<CommitResult>;
+    removeMember(_group: GroupHandle, _leafDeviceId: string): Promise<CommitResult>;
+    encryptMessage(group: GroupHandle, plaintext: Uint8Array): Promise<{
+        ciphertext: Uint8Array;
+        epoch: bigint;
+    }>;
+    decryptMessage(group: GroupHandle, ciphertext: Uint8Array): Promise<{
+        plaintext: Uint8Array;
+        senderDeviceId: string;
+        epoch: bigint;
+    }>;
+    processWelcome(welcomePayload: Uint8Array): Promise<GroupHandle>;
+    processCommit(group: GroupHandle, commit: Uint8Array): Promise<GroupHandle>;
+    processProposal(group: GroupHandle, proposal: Uint8Array): Promise<void>;
+    exportGroupState(group: GroupHandle): Promise<Uint8Array>;
+    importGroupState(state: Uint8Array): Promise<GroupHandle>;
+    exportDeviceState(): Promise<Uint8Array>;
+    importDeviceState(state: Uint8Array): Promise<DeviceIdentity>;
+    exportBackup(_passphrase: string): Promise<PassphraseBackup>;
+    importBackup(_passphrase: string, _backup: PassphraseBackup): Promise<void>;
+    /** Serialize identity (incl. signature private key) + the pending KeyPackage store to an opaque blob. */
+    protected serializeDeviceState(): Uint8Array;
+    private peerDeviceId;
+    /** @internal */ protected zeroize(consumed: Uint8Array[]): void;
+    /** @internal */ protected lookupGroup(group: GroupHandle): ClientState;
+    /** @internal */ protected decodeKeyPackage(bytes: Uint8Array): KeyPackage;
+}
+export {};

package/dist/esm/ts-mls/crypto.js

@@ -0,0 +1,284 @@
+// TsMlsSecureChatCrypto — the real RFC 9420 implementation of the SecureChatCrypto seam, on ts-mls.
+//
+// Where it sits in the blind-server model: ALL MLS crypto is here, client-side. Only ciphertext,
+// public KeyPackages, and Welcomes/Commits ever cross the wire; group secrets and private keys never
+// leave this object. It mirrors MockSecureChatCrypto's shape — an in-memory Map<groupIdHex, ClientState>
+// keyed by GroupHandle.mlsGroupId — so the interface and all call sites are unchanged.
+//
+// Security (CLAUDE.md #1): randomness is the platform CSPRNG (crypto.getRandomValues) + ts-mls/@noble;
+// failed decode/decrypt/join fail closed (throw, drop); consumed key material is zeroized.
+import { generateKeyPackageWithKey, defaultCapabilities, defaultLifetime, createGroup, createCommit, joinGroup, createApplicationMessage, processMessage, encodeMlsMessage, decodeMlsMessage, encodeGroupState, decodeGroupState, zeroOutUint8Array, acceptAll, emptyPskIndex, } from "ts-mls";
+// makeKeyPackageRef + getGroupMembers + defaultClientConfig aren't re-exported from the package root;
+// ts-mls exposes every module via its "./*.js" export, so deep-import them.
+import { makeKeyPackageRef } from "ts-mls/keyPackage.js";
+import { getGroupMembers } from "ts-mls/clientState.js";
+import { defaultClientConfig } from "ts-mls/clientConfig.js";
+import { DEFAULT_CIPHERSUITE_ID, loadCiphersuite } from "./ciphersuite.js";
+import { toHex, fromHex } from "./hex.js";
+const utf8 = (s) => new TextEncoder().encode(s);
+const MLS_VERSION = "mls10";
+/**
+ * Real RFC 9420 MLS implementation of {@link SecureChatCrypto}, built on ts-mls. Construct via
+ * `createTsMlsSecureChatCrypto`; inject into `<SecureChatProvider crypto={…}>`.
+ */
+export class TsMlsSecureChatCrypto {
+    constructor(options = {}) {
+        this.csImpl = null;
+        this.pending = new Map(); // hex(ref) → kp
+        this.groups = new Map(); // hex(groupId) → state
+        this.ciphersuiteId = options.ciphersuite ?? DEFAULT_CIPHERSUITE_ID;
+    }
+    /** Lazily load + memoize the ciphersuite primitives. */
+    async cs() {
+        if (!this.csImpl)
+            this.csImpl = await loadCiphersuite(this.ciphersuiteId);
+        return this.csImpl;
+    }
+    requireDevice() {
+        if (!this.device || !this.credential) {
+            throw new Error("secure-chat: no device identity (call generateDeviceIdentity or importDeviceState first)");
+        }
+        return this.device;
+    }
+    async generateDeviceIdentity(opts) {
+        const cs = await this.cs();
+        const { publicKey, signKey } = await cs.signature.keygen();
+        const credential = { credentialType: "basic", identity: utf8(opts.deviceId) };
+        this.device = { deviceId: opts.deviceId, ciphersuite: this.ciphersuiteId, signKey, publicKey };
+        this.credential = credential;
+        const identity = {
+            deviceId: opts.deviceId,
+            signaturePublicKey: publicKey,
+            credential: utf8(opts.deviceId), // opaque to the blind server; peers use the claimed KeyPackage
+            ciphersuite: this.ciphersuiteId,
+        };
+        return { identity, privateState: this.serializeDeviceState() };
+    }
+    async generateKeyPackages(count) {
+        const cs = await this.cs();
+        const dev = this.requireDevice();
+        const out = [];
+        for (let i = 0; i < count; i++) {
+            const { publicPackage, privatePackage } = await generateKeyPackageWithKey(this.credential, defaultCapabilities(), defaultLifetime, [], { signKey: dev.signKey, publicKey: dev.publicKey }, cs);
+            const ref = await makeKeyPackageRef(publicPackage, cs.hash);
+            const refHex = toHex(ref);
+            this.pending.set(refHex, { publicPackage, privatePackage });
+            out.push({
+                keyPackageRef: refHex,
+                keyPackage: encodeMlsMessage({ version: MLS_VERSION, wireformat: "mls_key_package", keyPackage: publicPackage }),
+                ciphersuite: dev.ciphersuite,
+            });
+        }
+        return out;
+    }
+    async createGroup(opts) {
+        const cs = await this.cs();
+        const dev = this.requireDevice();
+        const groupId = opts.mlsGroupId ?? crypto.getRandomValues(new Uint8Array(32));
+        // Seed the group with a fresh self KeyPackage (local-only; never published).
+        const self = await generateKeyPackageWithKey(this.credential, defaultCapabilities(), defaultLifetime, [], { signKey: dev.signKey, publicKey: dev.publicKey }, cs);
+        let state = await createGroup(groupId, self.publicPackage, self.privatePackage, [], cs);
+        const adds = opts.initialMembers.map((m) => ({
+            proposalType: "add", add: { keyPackage: this.decodeKeyPackage(m.keyPackage) },
+        }));
+        const commit = await createCommit({ state, cipherSuite: cs }, { extraProposals: adds, ratchetTreeExtension: true });
+        state = commit.newState;
+        this.zeroize(commit.consumed);
+        this.groups.set(toHex(groupId), state);
+        // ratchetTreeExtension:true → the tree rides inside the Welcome, so a recipient joins from it ALONE.
+        const welcomeBytes = encodeMlsMessage({ version: MLS_VERSION, wireformat: "mls_welcome", welcome: commit.welcome });
+        const welcomes = opts.initialMembers.map((m) => ({ targetDeviceId: m.deviceId, payload: welcomeBytes }));
+        return { group: { mlsGroupId: groupId, epoch: state.groupContext.epoch }, welcomes };
+    }
+    async addMember(group, newDevice) {
+        const cs = await this.cs();
+        const state = this.lookupGroup(group);
+        const commit = await createCommit({ state, cipherSuite: cs }, { extraProposals: [{ proposalType: "add", add: { keyPackage: this.decodeKeyPackage(newDevice.keyPackage) } }], ratchetTreeExtension: true });
+        this.zeroize(commit.consumed);
+        this.groups.set(toHex(group.mlsGroupId), commit.newState);
+        return {
+            commit: encodeMlsMessage(commit.commit),
+            welcomes: [{
+                    targetDeviceId: newDevice.deviceId,
+                    payload: encodeMlsMessage({ version: MLS_VERSION, wireformat: "mls_welcome", welcome: commit.welcome }),
+                }],
+            epoch: commit.newState.groupContext.epoch,
+        };
+    }
+    // Membership churn (remove/leave) is Phase 3 (multi-device). Fail closed rather than ship untested
+    // leaf-index handling: the DM happy path never calls this.
+    removeMember(_group, _leafDeviceId) {
+        throw new Error("secure-chat: removeMember is not implemented in the Phase 2 web core (Phase 3)");
+    }
+    async encryptMessage(group, plaintext) {
+        const cs = await this.cs();
+        const state = this.lookupGroup(group);
+        const res = await createApplicationMessage(state, plaintext, cs);
+        this.zeroize(res.consumed);
+        this.groups.set(toHex(group.mlsGroupId), res.newState);
+        return {
+            ciphertext: encodeMlsMessage({ version: MLS_VERSION, wireformat: "mls_private_message", privateMessage: res.privateMessage }),
+            epoch: res.newState.groupContext.epoch,
+        };
+    }
+    async decryptMessage(group, ciphertext) {
+        const cs = await this.cs();
+        const state = this.lookupGroup(group);
+        const decoded = decodeMlsMessage(ciphertext, 0);
+        if (!decoded)
+            throw new Error("secure-chat: malformed MLS message");
+        const res = await processMessage(decoded[0], state, emptyPskIndex, acceptAll, cs);
+        this.zeroize(res.consumed);
+        this.groups.set(toHex(group.mlsGroupId), res.newState);
+        if (res.kind !== "applicationMessage")
+            throw new Error("secure-chat: expected an application message");
+        return { plaintext: res.message, senderDeviceId: this.peerDeviceId(res.newState), epoch: res.newState.groupContext.epoch };
+    }
+    async processWelcome(welcomePayload) {
+        const cs = await this.cs();
+        const decoded = decodeMlsMessage(welcomePayload, 0);
+        if (!decoded || decoded[0].wireformat !== "mls_welcome")
+            throw new Error("secure-chat: malformed Welcome");
+        const welcome = decoded[0].welcome;
+        // Match the Welcome to one of our pending KeyPackages by its MLS ref (welcome.secrets[].newMember).
+        let matchedRef;
+        let matched;
+        for (const s of welcome.secrets) {
+            const refHex = toHex(s.newMember);
+            const kp = this.pending.get(refHex);
+            if (kp) {
+                matchedRef = refHex;
+                matched = kp;
+                break;
+            }
+        }
+        if (!matched || !matchedRef)
+            throw new Error("secure-chat: no matching KeyPackage for this Welcome");
+        // ratchetTree omitted — it rode in via the creator's ratchetTreeExtension.
+        const state = await joinGroup(welcome, matched.publicPackage, matched.privatePackage, emptyPskIndex, cs);
+        this.pending.delete(matchedRef); // one-time: consumed
+        this.groups.set(toHex(state.groupContext.groupId), state);
+        return { mlsGroupId: state.groupContext.groupId, epoch: state.groupContext.epoch };
+    }
+    async processCommit(group, commit) {
+        const cs = await this.cs();
+        const state = this.lookupGroup(group);
+        const decoded = decodeMlsMessage(commit, 0);
+        if (!decoded)
+            throw new Error("secure-chat: malformed commit");
+        const res = await processMessage(decoded[0], state, emptyPskIndex, acceptAll, cs);
+        this.zeroize(res.consumed);
+        if (res.kind !== "newState")
+            throw new Error("secure-chat: expected a commit/proposal, got an application message");
+        this.groups.set(toHex(group.mlsGroupId), res.newState);
+        return { mlsGroupId: group.mlsGroupId, epoch: res.newState.groupContext.epoch };
+    }
+    async processProposal(group, proposal) {
+        const cs = await this.cs();
+        const state = this.lookupGroup(group);
+        const decoded = decodeMlsMessage(proposal, 0);
+        if (!decoded)
+            throw new Error("secure-chat: malformed proposal");
+        const res = await processMessage(decoded[0], state, emptyPskIndex, acceptAll, cs);
+        this.zeroize(res.consumed);
+        if (res.kind === "newState")
+            this.groups.set(toHex(group.mlsGroupId), res.newState);
+    }
+    async exportGroupState(group) {
+        // ClientState = GroupState & { clientConfig }. encodeGroupState serializes the GroupState; the
+        // clientConfig (which holds non-serializable callbacks) is reattached from the default on import.
+        return encodeGroupState(this.lookupGroup(group));
+    }
+    async importGroupState(state) {
+        const decoded = decodeGroupState(state, 0);
+        if (!decoded)
+            throw new Error("secure-chat: corrupt group state");
+        const clientState = { ...decoded[0], clientConfig: defaultClientConfig };
+        this.groups.set(toHex(clientState.groupContext.groupId), clientState);
+        return { mlsGroupId: clientState.groupContext.groupId, epoch: clientState.groupContext.epoch };
+    }
+    async exportDeviceState() {
+        return this.serializeDeviceState();
+    }
+    async importDeviceState(state) {
+        const p = JSON.parse(new TextDecoder().decode(state));
+        if (p.v !== 1)
+            throw new Error(`secure-chat: unsupported device-state version ${p.v}`);
+        this.device = {
+            deviceId: p.deviceId, ciphersuite: p.ciphersuite, signKey: fromHex(p.signKey), publicKey: fromHex(p.publicKey),
+        };
+        this.credential = { credentialType: "basic", identity: utf8(p.deviceId) };
+        this.pending.clear();
+        for (const e of p.pending) {
+            this.pending.set(e.ref, {
+                publicPackage: this.decodeKeyPackage(fromHex(e.publicPackage)),
+                privatePackage: {
+                    initPrivateKey: fromHex(e.initPrivateKey),
+                    hpkePrivateKey: fromHex(e.hpkePrivateKey),
+                    signaturePrivateKey: fromHex(e.signaturePrivateKey),
+                },
+            });
+        }
+        return { deviceId: p.deviceId, signaturePublicKey: this.device.publicKey, credential: utf8(p.deviceId), ciphersuite: p.ciphersuite };
+    }
+    // Backup/restore UX (real argon2id KDF + AEAD) is Phase 2 task 5. async so callers get a rejected
+    // promise, not a synchronous throw.
+    async exportBackup(_passphrase) {
+        throw new Error("secure-chat: passphrase backup is not implemented in this core yet (Phase 2 task 5)");
+    }
+    async importBackup(_passphrase, _backup) {
+        throw new Error("secure-chat: passphrase restore is not implemented in this core yet (Phase 2 task 5)");
+    }
+    /** Serialize identity (incl. signature private key) + the pending KeyPackage store to an opaque blob. */
+    serializeDeviceState() {
+        const dev = this.requireDevice();
+        const payload = {
+            v: 1,
+            deviceId: dev.deviceId,
+            ciphersuite: dev.ciphersuite,
+            signKey: toHex(dev.signKey),
+            publicKey: toHex(dev.publicKey),
+            pending: [...this.pending.entries()].map(([ref, kp]) => ({
+                ref,
+                publicPackage: toHex(encodeMlsMessage({ version: MLS_VERSION, wireformat: "mls_key_package", keyPackage: kp.publicPackage })),
+                initPrivateKey: toHex(kp.privatePackage.initPrivateKey),
+                hpkePrivateKey: toHex(kp.privatePackage.hpkePrivateKey),
+                signaturePrivateKey: toHex(kp.privatePackage.signaturePrivateKey),
+            })),
+        };
+        return utf8(JSON.stringify(payload));
+    }
+    // Best-effort sender attribution for a DM: the one member that isn't us. Real per-message sender
+    // attribution for >2-member groups arrives with multi-device (Phase 3); the server also attests
+    // senderDeviceId on the message row independently, so a "" here degrades gracefully.
+    peerDeviceId(state) {
+        try {
+            const me = toHex(this.device.publicKey);
+            for (const leaf of getGroupMembers(state)) {
+                if (leaf.credential.credentialType === "basic" && toHex(leaf.signaturePublicKey) !== me) {
+                    return new TextDecoder().decode(leaf.credential.identity);
+                }
+            }
+        }
+        catch {
+            /* fall through to unknown */
+        }
+        return "";
+    }
+    // Helpers used across tasks 4–5.
+    /** @internal */ zeroize(consumed) { for (const c of consumed)
+        zeroOutUint8Array(c); }
+    /** @internal */ lookupGroup(group) {
+        const state = this.groups.get(toHex(group.mlsGroupId));
+        if (!state)
+            throw new Error("secure-chat: unknown group (not joined or evicted)");
+        return state;
+    }
+    /** @internal */ decodeKeyPackage(bytes) {
+        const d = decodeMlsMessage(bytes, 0);
+        if (!d || d[0].wireformat !== "mls_key_package")
+            throw new Error("secure-chat: malformed KeyPackage");
+        return d[0].keyPackage;
+    }
+}
+//# sourceMappingURL=crypto.js.map

package/dist/esm/ts-mls/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../../src/ts-mls/crypto.ts"],"names":[],"mappings":"AAAA,oGAAoG;AACpG,EAAE;AACF,iGAAiG;AACjG,qGAAqG;AACrG,yGAAyG;AACzG,uFAAuF;AACvF,EAAE;AACF,uGAAuG;AACvG,2FAA2F;AAC3F,OAAO,EACL,yBAAyB,EAAE,mBAAmB,EAAE,eAAe,EAC/D,WAAW,EAAE,YAAY,EAAE,SAAS,EAAE,wBAAwB,EAAE,cAAc,EAC9E,gBAAgB,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,SAAS,EAAE,aAAa,GAEpH,MAAM,QAAQ,CAAC;AAChB,sGAAsG;AACtG,4EAA4E;AAC5E,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAI7D,OAAO,EAAE,sBAAsB,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAC3E,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,UAAU,CAAC;AAE1C,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;AACxD,MAAM,WAAW,GAAG,OAAgB,CAAC;AAqBrC;;;GAGG;AACH,MAAM,OAAO,qBAAqB;IAQhC,YAAY,UAAwC,EAAE;QAN9C,WAAM,GAA2B,IAAI,CAAC;QAG3B,YAAO,GAAG,IAAI,GAAG,EAA6B,CAAC,CAAC,gBAAgB;QAChE,WAAM,GAAG,IAAI,GAAG,EAAuB,CAAC,CAAQ,uBAAuB;QAGxF,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,WAAW,IAAI,sBAAsB,CAAC;IACrE,CAAC;IAED,wDAAwD;IAC9C,KAAK,CAAC,EAAE;QAChB,IAAI,CAAC,IAAI,CAAC,MAAM;YAAE,IAAI,CAAC,MAAM,GAAG,MAAM,eAAe,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC1E,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAES,aAAa;QACrB,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,0FAA0F,CAAC,CAAC;QAC9G,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,IAAgD;QAG3E,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,EAAE,EAAE,CAAC;QAC3B,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,MAAM,EAAE,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;QAC3D,MAAM,UAAU,GAAe,EAAE,cAAc,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1F,IAAI,CAAC,MAAM,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,WAAW,EAAE,IAAI,CAAC,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;QAC/F,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,MAAM,QAAQ,GAAmB;YAC/B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,kBAAkB,EAAE,SAAS;YAC7B,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,+DAA+D;YAChG,WAAW,EAAE,IAAI,CAAC,aAAa;SAChC,CAAC;QACF,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,CAAC,oBAAoB,EAAE,EAAE,CAAC;IACjE,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,KAAa;QACrC,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,EAAE,EAAE,CAAC;QAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACjC,MAAM,GAAG,GAAuB,EAAE,CAAC;QACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;YAC/B,MAAM,EAAE,aAAa,EAAE,cAAc,EAAE,GAAG,MAAM,yBAAyB,CACvE,IAAI,CAAC,UAAW,EAAE,mBAAmB,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,EAAE,EAAE,CACrH,CAAC;YACF,MAAM,GAAG,GAAG,MAAM,iBAAiB,CAAC,aAAa,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC;YAC5D,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC;YAC1B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,aAAa,EAAE,cAAc,EAAE,CAAC,CAAC;YAC5D,GAAG,CAAC,IAAI,CAAC;gBACP,aAAa,EAAE,MAAM;gBACrB,UAAU,EAAE,gBAAgB,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,iBAAiB,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC;gBAChH,WAAW,EAAE,GAAG,CAAC,WAAW;aAC7B,CAAC,CAAC;QACL,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,IAGjB;QACC,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,EAAE,EAAE,CAAC;QAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACjC,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,IAAI,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;QAE9E,6EAA6E;QAC7E,MAAM,IAAI,GAAG,MAAM,yBAAyB,CAC1C,IAAI,CAAC,UAAW,EAAE,mBAAmB,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,EAAE,EAAE,CACrH,CAAC;QACF,IAAI,KAAK,GAAG,MAAM,WAAW,CAAC,OAAO,EAAE,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,cAAc,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;QAExF,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC3C,YAAY,EAAE,KAAc,EAAE,GAAG,EAAE,EAAE,UAAU,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE;SACvF,CAAC,CAAC,CAAC;QACJ,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,oBAAoB,EAAE,IAAI,EAAE,CAAC,CAAC;QACpH,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC;QACxB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC9B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,KAAK,CAAC,CAAC;QAEvC,qGAAqG;QACrG,MAAM,YAAY,GAAG,gBAAgB,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,CAAC,OAAQ,EAAE,CAAC,CAAC;QACrH,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC;QACzG,OAAO,EAAE,KAAK,EAAE,EAAE,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,YAAY,CAAC,KAAK,EAAE,EAAE,QAAQ,EAAE,CAAC;IACvF,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,KAAkB,EAAE,SAAuD;QACzF,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,EAAE,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,MAAM,YAAY,CAC/B,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,EAAE,EAC1B,EAAE,cAAc,EAAE,CAAC,EAAE,YAAY,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,UAAU,EAAE,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC,EAAE,oBAAoB,EAAE,IAAI,EAAE,CAC5I,CAAC;QACF,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC9B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC1D,OAAO;YACL,MAAM,EAAE,gBAAgB,CAAC,MAAM,CAAC,MAAM,CAAC;YACvC,QAAQ,EAAE,CAAC;oBACT,cAAc,EAAE,SAAS,CAAC,QAAQ;oBAClC,OAAO,EAAE,gBAAgB,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,CAAC,OAAQ,EAAE,CAAC;iBACzG,CAAC;YACF,KAAK,EAAE,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,KAAK;SAC1C,CAAC;IACJ,CAAC;IAED,mGAAmG;IACnG,2DAA2D;IAC3D,YAAY,CAAC,MAAmB,EAAE,aAAqB;QACrD,MAAM,IAAI,KAAK,CAAC,gFAAgF,CAAC,CAAC;IACpG,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,KAAkB,EAAE,SAAqB;QAC5D,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,EAAE,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACtC,MAAM,GAAG,GAAG,MAAM,wBAAwB,CAAC,KAAK,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QACjE,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC3B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QACvD,OAAO;YACL,UAAU,EAAE,gBAAgB,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,qBAAqB,EAAE,cAAc,EAAE,GAAG,CAAC,cAAc,EAAE,CAAC;YAC7H,KAAK,EAAE,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC,KAAK;SACvC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,KAAkB,EAAE,UAAsB;QAG7D,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,EAAE,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,gBAAgB,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;QAChD,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACpE,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,CAAC,CAAU,EAAE,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QAC3F,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC3B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QACvD,IAAI,GAAG,CAAC,IAAI,KAAK,oBAAoB;YAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;QACvG,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,OAAO,EAAE,cAAc,EAAE,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;IAC7H,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,cAA0B;QAC7C,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,EAAE,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,gBAAgB,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC;QACpD,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC,UAAU,KAAK,aAAa;YAAE,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QAC3G,MAAM,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QACnC,oGAAoG;QACpG,IAAI,UAA8B,CAAC;QACnC,IAAI,OAAsC,CAAC;QAC3C,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YAChC,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;YAClC,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACpC,IAAI,EAAE,EAAE,CAAC;gBAAC,UAAU,GAAG,MAAM,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;gBAAC,MAAM;YAAC,CAAC;QACvD,CAAC;QACD,IAAI,CAAC,OAAO,IAAI,CAAC,UAAU;YAAE,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;QACrG,2EAA2E;QAC3E,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,cAAc,EAAE,aAAa,EAAE,EAAE,CAAC,CAAC;QACzG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,qBAAqB;QACtD,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,KAAK,CAAC,CAAC;QAC1D,OAAO,EAAE,UAAU,EAAE,KAAK,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;IACrF,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,KAAkB,EAAE,MAAkB;QACxD,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,EAAE,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAC5C,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QAC/D,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,CAAC,CAAU,EAAE,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QAC3F,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC3B,IAAI,GAAG,CAAC,IAAI,KAAK,UAAU;YAAE,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAC;QACpH,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QACvD,OAAO,EAAE,UAAU,EAAE,KAAK,CAAC,UAAU,EAAE,KAAK,EAAE,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;IAClF,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,KAAkB,EAAE,QAAoB;QAC5D,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,EAAE,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,gBAAgB,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC9C,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACjE,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,CAAC,CAAU,EAAE,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QAC3F,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC3B,IAAI,GAAG,CAAC,IAAI,KAAK,UAAU;YAAE,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;IACtF,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,KAAkB;QACvC,+FAA+F;QAC/F,kGAAkG;QAClG,OAAO,gBAAgB,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,KAAiB;QACtC,MAAM,OAAO,GAAG,gBAAgB,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAC3C,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QAClE,MAAM,WAAW,GAAgB,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,mBAAmB,EAAE,CAAC;QACtF,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,WAAW,CAAC,CAAC;QACtE,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,EAAE,WAAW,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;IACjG,CAAC;IAED,KAAK,CAAC,iBAAiB;QACrB,OAAO,IAAI,CAAC,oBAAoB,EAAE,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,KAAiB;QACvC,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAGnD,CAAC;QACF,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACvF,IAAI,CAAC,MAAM,GAAG;YACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,WAAW,EAAE,CAAC,CAAC,WAAW,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/G,CAAC;QACF,IAAI,CAAC,UAAU,GAAG,EAAE,cAAc,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1E,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACrB,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;YAC1B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE;gBACtB,aAAa,EAAE,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;gBAC9D,cAAc,EAAE;oBACd,cAAc,EAAE,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC;oBACzC,cAAc,EAAE,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC;oBACzC,mBAAmB,EAAE,OAAO,CAAC,CAAC,CAAC,mBAAmB,CAAC;iBACpD;aACF,CAAC,CAAC;QACL,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,kBAAkB,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACvI,CAAC;IAED,kGAAkG;IAClG,oCAAoC;IACpC,KAAK,CAAC,YAAY,CAAC,WAAmB;QACpC,MAAM,IAAI,KAAK,CAAC,qFAAqF,CAAC,CAAC;IACzG,CAAC;IACD,KAAK,CAAC,YAAY,CAAC,WAAmB,EAAE,OAAyB;QAC/D,MAAM,IAAI,KAAK,CAAC,sFAAsF,CAAC,CAAC;IAC1G,CAAC;IAED,yGAAyG;IAC/F,oBAAoB;QAC5B,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACjC,MAAM,OAAO,GAAG;YACd,CAAC,EAAE,CAAC;YACJ,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,WAAW,EAAE,GAAG,CAAC,WAAW;YAC5B,OAAO,EAAE,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC;YAC3B,SAAS,EAAE,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC;YAC/B,OAAO,EAAE,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;gBACvD,GAAG;gBACH,aAAa,EAAE,KAAK,CAAC,gBAAgB,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,iBAAiB,EAAE,UAAU,EAAE,EAAE,CAAC,aAAa,EAAE,CAAC,CAAC;gBAC7H,cAAc,EAAE,KAAK,CAAC,EAAE,CAAC,cAAc,CAAC,cAAc,CAAC;gBACvD,cAAc,EAAE,KAAK,CAAC,EAAE,CAAC,cAAc,CAAC,cAAc,CAAC;gBACvD,mBAAmB,EAAE,KAAK,CAAC,EAAE,CAAC,cAAc,CAAC,mBAAmB,CAAC;aAClE,CAAC,CAAC;SACJ,CAAC;QACF,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;IACvC,CAAC;IAED,iGAAiG;IACjG,gGAAgG;IAChG,qFAAqF;IAC7E,YAAY,CAAC,KAAkB;QACrC,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,MAAO,CAAC,SAAS,CAAC,CAAC;YACzC,KAAK,MAAM,IAAI,IAAI,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC1C,IAAI,IAAI,CAAC,UAAU,CAAC,cAAc,KAAK,OAAO,IAAI,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,KAAK,EAAE,EAAE,CAAC;oBACxF,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;gBAC5D,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,6BAA6B;QAC/B,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,iCAAiC;IACjC,gBAAgB,CAAW,OAAO,CAAC,QAAsB,IAAU,KAAK,MAAM,CAAC,IAAI,QAAQ;QAAE,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACpH,gBAAgB,CAAW,WAAW,CAAC,KAAkB;QACvD,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC;QACvD,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QAClF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,gBAAgB,CAAW,gBAAgB,CAAC,KAAiB;QAC3D,MAAM,CAAC,GAAG,gBAAgB,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACrC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,KAAK,iBAAiB;YAAE,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACtG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;IACzB,CAAC;CACF"}

package/dist/esm/ts-mls/hex.d.ts

@@ -0,0 +1,4 @@
+/** Encode bytes as a lowercase hex string. */
+export declare function toHex(b: Uint8Array): string;
+/** Decode a lowercase/uppercase hex string back to bytes. */
+export declare function fromHex(s: string): Uint8Array;

package/dist/esm/ts-mls/hex.js

@@ -0,0 +1,18 @@
+// Local hex helpers so this package stays free of the core's base64 (the seam works in Uint8Array;
+// the network layer base64-encodes at the wire boundary). Used to key in-memory maps and to serialize
+// raw key bytes in device-state JSON.
+/** Encode bytes as a lowercase hex string. */
+export function toHex(b) {
+    let s = "";
+    for (const x of b)
+        s += x.toString(16).padStart(2, "0");
+    return s;
+}
+/** Decode a lowercase/uppercase hex string back to bytes. */
+export function fromHex(s) {
+    const out = new Uint8Array(s.length / 2);
+    for (let i = 0; i < out.length; i++)
+        out[i] = parseInt(s.slice(i * 2, i * 2 + 2), 16);
+    return out;
+}
+//# sourceMappingURL=hex.js.map

package/dist/esm/ts-mls/hex.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hex.js","sourceRoot":"","sources":["../../../src/ts-mls/hex.ts"],"names":[],"mappings":"AAAA,mGAAmG;AACnG,sGAAsG;AACtG,sCAAsC;AAEtC,8CAA8C;AAC9C,MAAM,UAAU,KAAK,CAAC,CAAa;IACjC,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,KAAK,MAAM,CAAC,IAAI,CAAC;QAAE,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACxD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,6DAA6D;AAC7D,MAAM,UAAU,OAAO,CAAC,CAAS;IAC/B,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACtF,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/esm/ts-mls/index.d.ts

@@ -0,0 +1,15 @@
+import { type TsMlsSecureChatCryptoOptions } from "./crypto.js";
+import type { SecureChatCrypto } from "../interface.js";
+export { TsMlsSecureChatCrypto, type TsMlsSecureChatCryptoOptions } from "./crypto.js";
+/**
+ * Create the real ts-mls {@link SecureChatCrypto} for injection into `<SecureChatProvider crypto={…}>`.
+ *
+ * @param options - {@link TsMlsSecureChatCryptoOptions}; defaults to ciphersuite 1.
+ * @returns A ready `SecureChatCrypto` backed by ts-mls.
+ * @example
+ * ```ts
+ * import { createTsMlsSecureChatCrypto } from "@agora-sdk/secure-chat-crypto/ts-mls";
+ * const crypto = createTsMlsSecureChatCrypto();
+ * ```
+ */
+export declare function createTsMlsSecureChatCrypto(options?: TsMlsSecureChatCryptoOptions): SecureChatCrypto;

package/dist/esm/ts-mls/index.js

@@ -0,0 +1,21 @@
+// @agora-sdk/secure-chat-crypto/ts-mls — the real RFC 9420 MLS core (ESM-only; pulls in ts-mls).
+//
+// Opt-in subpath so the heavy core is loaded ONLY by consumers that import it; the bare entry
+// (interface) and ./testing (mock) stay dependency-free. ESM-only because ts-mls is ESM-only.
+import { TsMlsSecureChatCrypto } from "./crypto.js";
+export { TsMlsSecureChatCrypto } from "./crypto.js";
+/**
+ * Create the real ts-mls {@link SecureChatCrypto} for injection into `<SecureChatProvider crypto={…}>`.
+ *
+ * @param options - {@link TsMlsSecureChatCryptoOptions}; defaults to ciphersuite 1.
+ * @returns A ready `SecureChatCrypto` backed by ts-mls.
+ * @example
+ * ```ts
+ * import { createTsMlsSecureChatCrypto } from "@agora-sdk/secure-chat-crypto/ts-mls";
+ * const crypto = createTsMlsSecureChatCrypto();
+ * ```
+ */
+export function createTsMlsSecureChatCrypto(options) {
+    return new TsMlsSecureChatCrypto(options);
+}
+//# sourceMappingURL=index.js.map

package/dist/esm/ts-mls/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/ts-mls/index.ts"],"names":[],"mappings":"AAAA,iGAAiG;AACjG,EAAE;AACF,8FAA8F;AAC9F,8FAA8F;AAC9F,OAAO,EAAE,qBAAqB,EAAqC,MAAM,aAAa,CAAC;AAGvF,OAAO,EAAE,qBAAqB,EAAqC,MAAM,aAAa,CAAC;AAEvF;;;;;;;;;;GAUG;AACH,MAAM,UAAU,2BAA2B,CAAC,OAAsC;IAChF,OAAO,IAAI,qBAAqB,CAAC,OAAO,CAAC,CAAC;AAC5C,CAAC"}

package/package.json

@@ -1,10 +1,10 @@
 {
   "name": "@agora-sdk/secure-chat-crypto",
-  "version": "0.3.0",
+  "version": "0.4.0",
   "private": false,
   "license": "Apache-2.0",
   "author": "Agora SDK Plus, maintained by Jenova Marie",
-  "description": "The SecureChatCrypto seam for Agora end-to-end-encrypted chat (MLS / RFC 9420): the client crypto interface + a deterministic mock. Dependency-free; the real ts-mls/OpenMLS cores plug in behind the interface.",
+  "description": "The SecureChatCrypto seam for Agora end-to-end-encrypted chat (MLS / RFC 9420): the client crypto interface + a deterministic mock (./testing) + the real ts-mls core (./ts-mls, ESM-only). The bare entry and ./testing are dependency-free.",
   "keywords": [
     "agora",
     "secure-chat",
@@ -37,6 +37,10 @@
       "types": "./dist/esm/testing.d.ts",
       "import": "./dist/esm/testing.js",
       "require": "./dist/cjs/testing.js"
+    },
+    "./ts-mls": {
+      "types": "./dist/esm/ts-mls/index.d.ts",
+      "import": "./dist/esm/ts-mls/index.js"
     }
   },
   "publishConfig": {
@@ -45,6 +49,12 @@
   "files": [
     "dist"
   ],
+  "dependencies": {
+    "@noble/ciphers": "2.1.1",
+    "@noble/curves": "2.0.1",
+    "@noble/hashes": "2.0.1",
+    "ts-mls": "1.6.2"
+  },
   "scripts": {
     "build:esm": "tsc -p tsconfig.esm.json",
     "build:cjs": "tsc -p tsconfig.cjs.json && echo '{\"type\":\"commonjs\"}' > dist/cjs/package.json",