@avalabs/avacloud-waas-react 1.0.14-nightly.20250704 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (72) hide show
  1. package/dist/_esm-QWLX263D.mjs +3919 -0
  2. package/dist/ccip-ZGPV4OUI.mjs +14 -0
  3. package/dist/chunk-CASSC3OP.mjs +67 -0
  4. package/dist/chunk-G3BBITEG.mjs +367 -0
  5. package/dist/chunk-H4SP2TEB.mjs +2343 -0
  6. package/dist/chunk-TMRHATUE.mjs +5868 -0
  7. package/dist/dejavu-mono-latin-400-normal-IE7EMRRJ.woff2 +0 -0
  8. package/dist/dejavu-mono-latin-400-normal-MXASKUMG.woff +0 -0
  9. package/dist/dejavu-mono-latin-700-normal-4E6K55SY.woff +0 -0
  10. package/dist/dejavu-mono-latin-700-normal-4R4GZIXF.woff2 +0 -0
  11. package/dist/index.css +473 -0
  12. package/dist/index.js +1 -1
  13. package/dist/index.mjs +1 -1
  14. package/dist/inter-cyrillic-400-normal-KFLOZ6L3.woff2 +0 -0
  15. package/dist/inter-cyrillic-400-normal-UGV3X2ZX.woff +0 -0
  16. package/dist/inter-cyrillic-500-normal-5QURBI26.woff +0 -0
  17. package/dist/inter-cyrillic-500-normal-MRQZIV3H.woff2 +0 -0
  18. package/dist/inter-cyrillic-600-normal-EDUIRGIU.woff +0 -0
  19. package/dist/inter-cyrillic-600-normal-VQSXM56D.woff2 +0 -0
  20. package/dist/inter-cyrillic-700-normal-6AC775OW.woff2 +0 -0
  21. package/dist/inter-cyrillic-700-normal-D4IEZ3GW.woff +0 -0
  22. package/dist/inter-cyrillic-ext-400-normal-JB453SGZ.woff2 +0 -0
  23. package/dist/inter-cyrillic-ext-400-normal-UT7C7CGZ.woff +0 -0
  24. package/dist/inter-cyrillic-ext-500-normal-JTQKN4HY.woff2 +0 -0
  25. package/dist/inter-cyrillic-ext-500-normal-WLOKRQXN.woff +0 -0
  26. package/dist/inter-cyrillic-ext-600-normal-EFECVKGZ.woff2 +0 -0
  27. package/dist/inter-cyrillic-ext-600-normal-NBG3W4IU.woff +0 -0
  28. package/dist/inter-cyrillic-ext-700-normal-4PBXEWDR.woff +0 -0
  29. package/dist/inter-cyrillic-ext-700-normal-SJP7DRTO.woff2 +0 -0
  30. package/dist/inter-greek-400-normal-7Y67TOYM.woff +0 -0
  31. package/dist/inter-greek-400-normal-BRMJUT6T.woff2 +0 -0
  32. package/dist/inter-greek-500-normal-LCPH243Y.woff +0 -0
  33. package/dist/inter-greek-500-normal-PQX5SJVP.woff2 +0 -0
  34. package/dist/inter-greek-600-normal-PKJBTQPQ.woff2 +0 -0
  35. package/dist/inter-greek-600-normal-UPKYUUFH.woff +0 -0
  36. package/dist/inter-greek-700-normal-5N2Y4K7P.woff2 +0 -0
  37. package/dist/inter-greek-700-normal-OE26ANW4.woff +0 -0
  38. package/dist/inter-greek-ext-400-normal-4HYCVGMS.woff +0 -0
  39. package/dist/inter-greek-ext-400-normal-QIS4ONLW.woff2 +0 -0
  40. package/dist/inter-greek-ext-500-normal-AOIZUIP4.woff +0 -0
  41. package/dist/inter-greek-ext-500-normal-Z2CEJP2K.woff2 +0 -0
  42. package/dist/inter-greek-ext-600-normal-FQPCNDF3.woff +0 -0
  43. package/dist/inter-greek-ext-600-normal-KM6XRHAQ.woff2 +0 -0
  44. package/dist/inter-greek-ext-700-normal-FDEUQJ34.woff +0 -0
  45. package/dist/inter-greek-ext-700-normal-LWL55ZDD.woff2 +0 -0
  46. package/dist/inter-latin-400-normal-O6KIPRV2.woff +0 -0
  47. package/dist/inter-latin-400-normal-VQ3UBCDI.woff2 +0 -0
  48. package/dist/inter-latin-500-normal-OD7WVACW.woff +0 -0
  49. package/dist/inter-latin-500-normal-PUEXTTCT.woff2 +0 -0
  50. package/dist/inter-latin-600-normal-5WVF6G4B.woff +0 -0
  51. package/dist/inter-latin-600-normal-GQRH5MIF.woff2 +0 -0
  52. package/dist/inter-latin-700-normal-5OESYTDS.woff2 +0 -0
  53. package/dist/inter-latin-700-normal-ZQVBARDV.woff +0 -0
  54. package/dist/inter-latin-ext-400-normal-BTAMM2KL.woff2 +0 -0
  55. package/dist/inter-latin-ext-400-normal-YUALTDTA.woff +0 -0
  56. package/dist/inter-latin-ext-500-normal-DV5RJSXI.woff2 +0 -0
  57. package/dist/inter-latin-ext-500-normal-KJKTVLML.woff +0 -0
  58. package/dist/inter-latin-ext-600-normal-AOYWYIP3.woff2 +0 -0
  59. package/dist/inter-latin-ext-600-normal-L5SWE5DY.woff +0 -0
  60. package/dist/inter-latin-ext-700-normal-2RDPBVFQ.woff2 +0 -0
  61. package/dist/inter-latin-ext-700-normal-XQIRBHUR.woff +0 -0
  62. package/dist/inter-vietnamese-400-normal-724F3VTF.woff +0 -0
  63. package/dist/inter-vietnamese-400-normal-KH5NGGJJ.woff2 +0 -0
  64. package/dist/inter-vietnamese-500-normal-F77QXW2X.woff2 +0 -0
  65. package/dist/inter-vietnamese-500-normal-ZTDWBSHR.woff +0 -0
  66. package/dist/inter-vietnamese-600-normal-47DK6MCQ.woff2 +0 -0
  67. package/dist/inter-vietnamese-600-normal-M4XR4C4S.woff +0 -0
  68. package/dist/inter-vietnamese-700-normal-ONTG3SOY.woff +0 -0
  69. package/dist/inter-vietnamese-700-normal-T2WXKRNY.woff2 +0 -0
  70. package/dist/mod-LKCIPMBZ.mjs +2628 -0
  71. package/dist/secp256k1-AYCAE7S6.mjs +16 -0
  72. package/package.json +12 -10
package/dist/mod-LKCIPMBZ.mjs ADDED
@@ -0,0 +1,2628 @@
1
+ import {
2
+ __esm
3
+ } from "./chunk-CASSC3OP.mjs";
4
+
5
+ // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/errors.js
6
+ var HpkeError, InvalidParamError, ValidationError, SerializeError, DeserializeError, EncapError, DecapError, ExportError, SealError, OpenError, MessageLimitReachedError, DeriveKeyPairError, NotSupportedError;
7
+ var init_errors = __esm({
8
+ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/errors.js"() {
9
+ "use strict";
10
+ HpkeError = class extends Error {
11
+ constructor(e) {
12
+ let message;
13
+ if (e instanceof Error) {
14
+ message = e.message;
15
+ } else if (typeof e === "string") {
16
+ message = e;
17
+ } else {
18
+ message = "";
19
+ }
20
+ super(message);
21
+ this.name = this.constructor.name;
22
+ }
23
+ };
24
+ InvalidParamError = class extends HpkeError {
25
+ };
26
+ ValidationError = class extends HpkeError {
27
+ };
28
+ SerializeError = class extends HpkeError {
29
+ };
30
+ DeserializeError = class extends HpkeError {
31
+ };
32
+ EncapError = class extends HpkeError {
33
+ };
34
+ DecapError = class extends HpkeError {
35
+ };
36
+ ExportError = class extends HpkeError {
37
+ };
38
+ SealError = class extends HpkeError {
39
+ };
40
+ OpenError = class extends HpkeError {
41
+ };
42
+ MessageLimitReachedError = class extends HpkeError {
43
+ };
44
+ DeriveKeyPairError = class extends HpkeError {
45
+ };
46
+ NotSupportedError = class extends HpkeError {
47
+ };
48
+ }
49
+ });
50
+
51
+ // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/_dnt.shims.js
52
+ function createMergeProxy(baseObj, extObj) {
53
+ return new Proxy(baseObj, {
54
+ get(_target, prop, _receiver) {
55
+ if (prop in extObj) {
56
+ return extObj[prop];
57
+ } else {
58
+ return baseObj[prop];
59
+ }
60
+ },
61
+ set(_target, prop, value) {
62
+ if (prop in extObj) {
63
+ delete extObj[prop];
64
+ }
65
+ baseObj[prop] = value;
66
+ return true;
67
+ },
68
+ deleteProperty(_target, prop) {
69
+ let success = false;
70
+ if (prop in extObj) {
71
+ delete extObj[prop];
72
+ success = true;
73
+ }
74
+ if (prop in baseObj) {
75
+ delete baseObj[prop];
76
+ success = true;
77
+ }
78
+ return success;
79
+ },
80
+ ownKeys(_target) {
81
+ const baseKeys = Reflect.ownKeys(baseObj);
82
+ const extKeys = Reflect.ownKeys(extObj);
83
+ const extKeysSet = new Set(extKeys);
84
+ return [...baseKeys.filter((k) => !extKeysSet.has(k)), ...extKeys];
85
+ },
86
+ defineProperty(_target, prop, desc) {
87
+ if (prop in extObj) {
88
+ delete extObj[prop];
89
+ }
90
+ Reflect.defineProperty(baseObj, prop, desc);
91
+ return true;
92
+ },
93
+ getOwnPropertyDescriptor(_target, prop) {
94
+ if (prop in extObj) {
95
+ return Reflect.getOwnPropertyDescriptor(extObj, prop);
96
+ } else {
97
+ return Reflect.getOwnPropertyDescriptor(baseObj, prop);
98
+ }
99
+ },
100
+ has(_target, prop) {
101
+ return prop in extObj || prop in baseObj;
102
+ }
103
+ });
104
+ }
105
+ var dntGlobals, dntGlobalThis;
106
+ var init_dnt_shims = __esm({
107
+ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/_dnt.shims.js"() {
108
+ "use strict";
109
+ dntGlobals = {};
110
+ dntGlobalThis = createMergeProxy(globalThis, dntGlobals);
111
+ }
112
+ });
113
+
114
+ // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/algorithm.js
115
+ async function loadSubtleCrypto() {
116
+ if (dntGlobalThis !== void 0 && globalThis.crypto !== void 0) {
117
+ return globalThis.crypto.subtle;
118
+ }
119
+ try {
120
+ const { webcrypto } = await import("crypto");
121
+ return webcrypto.subtle;
122
+ } catch (e) {
123
+ throw new NotSupportedError(e);
124
+ }
125
+ }
126
+ var NativeAlgorithm;
127
+ var init_algorithm = __esm({
128
+ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/algorithm.js"() {
129
+ "use strict";
130
+ init_dnt_shims();
131
+ init_errors();
132
+ NativeAlgorithm = class {
133
+ constructor() {
134
+ Object.defineProperty(this, "_api", {
135
+ enumerable: true,
136
+ configurable: true,
137
+ writable: true,
138
+ value: void 0
139
+ });
140
+ }
141
+ async _setup() {
142
+ if (this._api !== void 0) {
143
+ return;
144
+ }
145
+ this._api = await loadSubtleCrypto();
146
+ }
147
+ };
148
+ }
149
+ });
150
+
151
+ // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/identifiers.js
152
+ var Mode, KemId, KdfId, AeadId;
153
+ var init_identifiers = __esm({
154
+ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/identifiers.js"() {
155
+ "use strict";
156
+ Mode = {
157
+ Base: 0,
158
+ Psk: 1,
159
+ Auth: 2,
160
+ AuthPsk: 3
161
+ };
162
+ KemId = {
163
+ NotAssigned: 0,
164
+ DhkemP256HkdfSha256: 16,
165
+ DhkemP384HkdfSha384: 17,
166
+ DhkemP521HkdfSha512: 18,
167
+ DhkemSecp256k1HkdfSha256: 19,
168
+ DhkemX25519HkdfSha256: 32,
169
+ DhkemX448HkdfSha512: 33,
170
+ HybridkemX25519Kyber768: 48,
171
+ MlKem512: 64,
172
+ MlKem768: 65,
173
+ MlKem1024: 66,
174
+ XWing: 25722
175
+ };
176
+ KdfId = {
177
+ HkdfSha256: 1,
178
+ HkdfSha384: 2,
179
+ HkdfSha512: 3
180
+ };
181
+ AeadId = {
182
+ Aes128Gcm: 1,
183
+ Aes256Gcm: 2,
184
+ Chacha20Poly1305: 3,
185
+ ExportOnly: 65535
186
+ };
187
+ }
188
+ });
189
+
190
+ // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/consts.js
191
+ var INPUT_LENGTH_LIMIT, MINIMUM_PSK_LENGTH, EMPTY;
192
+ var init_consts = __esm({
193
+ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/consts.js"() {
194
+ "use strict";
195
+ INPUT_LENGTH_LIMIT = 8192;
196
+ MINIMUM_PSK_LENGTH = 32;
197
+ EMPTY = new Uint8Array(0);
198
+ }
199
+ });
200
+
201
+ // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/interfaces/kemInterface.js
202
+ var SUITE_ID_HEADER_KEM;
203
+ var init_kemInterface = __esm({
204
+ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/interfaces/kemInterface.js"() {
205
+ "use strict";
206
+ SUITE_ID_HEADER_KEM = new Uint8Array([
207
+ 75,
208
+ 69,
209
+ 77,
210
+ 0,
211
+ 0
212
+ ]);
213
+ }
214
+ });
215
+
216
+ // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/utils/misc.js
217
+ function i2Osp(n, w) {
218
+ if (w <= 0) {
219
+ throw new Error("i2Osp: too small size");
220
+ }
221
+ if (n >= 256 ** w) {
222
+ throw new Error("i2Osp: too large integer");
223
+ }
224
+ const ret = new Uint8Array(w);
225
+ for (let i = 0; i < w && n; i++) {
226
+ ret[w - (i + 1)] = n % 256;
227
+ n = n >> 8;
228
+ }
229
+ return ret;
230
+ }
231
+ function concat(a, b) {
232
+ const ret = new Uint8Array(a.length + b.length);
233
+ ret.set(a, 0);
234
+ ret.set(b, a.length);
235
+ return ret;
236
+ }
237
+ function base64UrlToBytes(v) {
238
+ const base64 = v.replace(/-/g, "+").replace(/_/g, "/");
239
+ const byteString = atob(base64);
240
+ const ret = new Uint8Array(byteString.length);
241
+ for (let i = 0; i < byteString.length; i++) {
242
+ ret[i] = byteString.charCodeAt(i);
243
+ }
244
+ return ret;
245
+ }
246
+ function xor(a, b) {
247
+ if (a.byteLength !== b.byteLength) {
248
+ throw new Error("xor: different length inputs");
249
+ }
250
+ const buf = new Uint8Array(a.byteLength);
251
+ for (let i = 0; i < a.byteLength; i++) {
252
+ buf[i] = a[i] ^ b[i];
253
+ }
254
+ return buf;
255
+ }
256
+ var isCryptoKeyPair;
257
+ var init_misc = __esm({
258
+ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/utils/misc.js"() {
259
+ "use strict";
260
+ init_dnt_shims();
261
+ init_identifiers();
262
+ isCryptoKeyPair = (x) => typeof x === "object" && x !== null && typeof x.privateKey === "object" && typeof x.publicKey === "object";
263
+ }
264
+ });
265
+
266
+ // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/kems/dhkem.js
267
+ function concat3(a, b, c) {
268
+ const ret = new Uint8Array(a.length + b.length + c.length);
269
+ ret.set(a, 0);
270
+ ret.set(b, a.length);
271
+ ret.set(c, a.length + b.length);
272
+ return ret;
273
+ }
274
+ var LABEL_EAE_PRK, LABEL_SHARED_SECRET, Dhkem;
275
+ var init_dhkem = __esm({
276
+ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/kems/dhkem.js"() {
277
+ "use strict";
278
+ init_consts();
279
+ init_errors();
280
+ init_kemInterface();
281
+ init_misc();
282
+ LABEL_EAE_PRK = new Uint8Array([101, 97, 101, 95, 112, 114, 107]);
283
+ LABEL_SHARED_SECRET = new Uint8Array([
284
+ 115,
285
+ 104,
286
+ 97,
287
+ 114,
288
+ 101,
289
+ 100,
290
+ 95,
291
+ 115,
292
+ 101,
293
+ 99,
294
+ 114,
295
+ 101,
296
+ 116
297
+ ]);
298
+ Dhkem = class {
299
+ constructor(id, prim, kdf) {
300
+ Object.defineProperty(this, "id", {
301
+ enumerable: true,
302
+ configurable: true,
303
+ writable: true,
304
+ value: void 0
305
+ });
306
+ Object.defineProperty(this, "secretSize", {
307
+ enumerable: true,
308
+ configurable: true,
309
+ writable: true,
310
+ value: 0
311
+ });
312
+ Object.defineProperty(this, "encSize", {
313
+ enumerable: true,
314
+ configurable: true,
315
+ writable: true,
316
+ value: 0
317
+ });
318
+ Object.defineProperty(this, "publicKeySize", {
319
+ enumerable: true,
320
+ configurable: true,
321
+ writable: true,
322
+ value: 0
323
+ });
324
+ Object.defineProperty(this, "privateKeySize", {
325
+ enumerable: true,
326
+ configurable: true,
327
+ writable: true,
328
+ value: 0
329
+ });
330
+ Object.defineProperty(this, "_prim", {
331
+ enumerable: true,
332
+ configurable: true,
333
+ writable: true,
334
+ value: void 0
335
+ });
336
+ Object.defineProperty(this, "_kdf", {
337
+ enumerable: true,
338
+ configurable: true,
339
+ writable: true,
340
+ value: void 0
341
+ });
342
+ this.id = id;
343
+ this._prim = prim;
344
+ this._kdf = kdf;
345
+ const suiteId = new Uint8Array(SUITE_ID_HEADER_KEM);
346
+ suiteId.set(i2Osp(this.id, 2), 3);
347
+ this._kdf.init(suiteId);
348
+ }
349
+ async serializePublicKey(key) {
350
+ return await this._prim.serializePublicKey(key);
351
+ }
352
+ async deserializePublicKey(key) {
353
+ return await this._prim.deserializePublicKey(key);
354
+ }
355
+ async serializePrivateKey(key) {
356
+ return await this._prim.serializePrivateKey(key);
357
+ }
358
+ async deserializePrivateKey(key) {
359
+ return await this._prim.deserializePrivateKey(key);
360
+ }
361
+ async importKey(format, key, isPublic = true) {
362
+ return await this._prim.importKey(format, key, isPublic);
363
+ }
364
+ async generateKeyPair() {
365
+ return await this._prim.generateKeyPair();
366
+ }
367
+ async deriveKeyPair(ikm) {
368
+ if (ikm.byteLength > INPUT_LENGTH_LIMIT) {
369
+ throw new InvalidParamError("Too long ikm");
370
+ }
371
+ return await this._prim.deriveKeyPair(ikm);
372
+ }
373
+ async encap(params) {
374
+ let ke;
375
+ if (params.ekm === void 0) {
376
+ ke = await this.generateKeyPair();
377
+ } else if (isCryptoKeyPair(params.ekm)) {
378
+ ke = params.ekm;
379
+ } else {
380
+ ke = await this.deriveKeyPair(params.ekm);
381
+ }
382
+ const enc = await this._prim.serializePublicKey(ke.publicKey);
383
+ const pkrm = await this._prim.serializePublicKey(params.recipientPublicKey);
384
+ try {
385
+ let dh;
386
+ if (params.senderKey === void 0) {
387
+ dh = new Uint8Array(await this._prim.dh(ke.privateKey, params.recipientPublicKey));
388
+ } else {
389
+ const sks = isCryptoKeyPair(params.senderKey) ? params.senderKey.privateKey : params.senderKey;
390
+ const dh1 = new Uint8Array(await this._prim.dh(ke.privateKey, params.recipientPublicKey));
391
+ const dh2 = new Uint8Array(await this._prim.dh(sks, params.recipientPublicKey));
392
+ dh = concat(dh1, dh2);
393
+ }
394
+ let kemContext;
395
+ if (params.senderKey === void 0) {
396
+ kemContext = concat(new Uint8Array(enc), new Uint8Array(pkrm));
397
+ } else {
398
+ const pks = isCryptoKeyPair(params.senderKey) ? params.senderKey.publicKey : await this._prim.derivePublicKey(params.senderKey);
399
+ const pksm = await this._prim.serializePublicKey(pks);
400
+ kemContext = concat3(new Uint8Array(enc), new Uint8Array(pkrm), new Uint8Array(pksm));
401
+ }
402
+ const sharedSecret = await this._generateSharedSecret(dh, kemContext);
403
+ return {
404
+ enc,
405
+ sharedSecret
406
+ };
407
+ } catch (e) {
408
+ throw new EncapError(e);
409
+ }
410
+ }
411
+ async decap(params) {
412
+ const pke = await this._prim.deserializePublicKey(params.enc);
413
+ const skr = isCryptoKeyPair(params.recipientKey) ? params.recipientKey.privateKey : params.recipientKey;
414
+ const pkr = isCryptoKeyPair(params.recipientKey) ? params.recipientKey.publicKey : await this._prim.derivePublicKey(params.recipientKey);
415
+ const pkrm = await this._prim.serializePublicKey(pkr);
416
+ try {
417
+ let dh;
418
+ if (params.senderPublicKey === void 0) {
419
+ dh = new Uint8Array(await this._prim.dh(skr, pke));
420
+ } else {
421
+ const dh1 = new Uint8Array(await this._prim.dh(skr, pke));
422
+ const dh2 = new Uint8Array(await this._prim.dh(skr, params.senderPublicKey));
423
+ dh = concat(dh1, dh2);
424
+ }
425
+ let kemContext;
426
+ if (params.senderPublicKey === void 0) {
427
+ kemContext = concat(new Uint8Array(params.enc), new Uint8Array(pkrm));
428
+ } else {
429
+ const pksm = await this._prim.serializePublicKey(params.senderPublicKey);
430
+ kemContext = new Uint8Array(params.enc.byteLength + pkrm.byteLength + pksm.byteLength);
431
+ kemContext.set(new Uint8Array(params.enc), 0);
432
+ kemContext.set(new Uint8Array(pkrm), params.enc.byteLength);
433
+ kemContext.set(new Uint8Array(pksm), params.enc.byteLength + pkrm.byteLength);
434
+ }
435
+ return await this._generateSharedSecret(dh, kemContext);
436
+ } catch (e) {
437
+ throw new DecapError(e);
438
+ }
439
+ }
440
+ async _generateSharedSecret(dh, kemContext) {
441
+ const labeledIkm = this._kdf.buildLabeledIkm(LABEL_EAE_PRK, dh);
442
+ const labeledInfo = this._kdf.buildLabeledInfo(LABEL_SHARED_SECRET, kemContext, this.secretSize);
443
+ return await this._kdf.extractAndExpand(EMPTY.buffer, labeledIkm.buffer, labeledInfo.buffer, this.secretSize);
444
+ }
445
+ };
446
+ }
447
+ });
448
+
449
+ // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/interfaces/dhkemPrimitives.js
450
+ var KEM_USAGES, LABEL_DKP_PRK, LABEL_SK;
451
+ var init_dhkemPrimitives = __esm({
452
+ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/interfaces/dhkemPrimitives.js"() {
453
+ "use strict";
454
+ KEM_USAGES = ["deriveBits"];
455
+ LABEL_DKP_PRK = new Uint8Array([
456
+ 100,
457
+ 107,
458
+ 112,
459
+ 95,
460
+ 112,
461
+ 114,
462
+ 107
463
+ ]);
464
+ LABEL_SK = new Uint8Array([115, 107]);
465
+ }
466
+ });
467
+
468
+ // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/utils/bignum.js
469
+ var Bignum;
470
+ var init_bignum = __esm({
471
+ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/utils/bignum.js"() {
472
+ "use strict";
473
+ Bignum = class {
474
+ constructor(size) {
475
+ Object.defineProperty(this, "_num", {
476
+ enumerable: true,
477
+ configurable: true,
478
+ writable: true,
479
+ value: void 0
480
+ });
481
+ this._num = new Uint8Array(size);
482
+ }
483
+ val() {
484
+ return this._num;
485
+ }
486
+ reset() {
487
+ this._num.fill(0);
488
+ }
489
+ set(src) {
490
+ if (src.length !== this._num.length) {
491
+ throw new Error("Bignum.set: invalid argument");
492
+ }
493
+ this._num.set(src);
494
+ }
495
+ isZero() {
496
+ for (let i = 0; i < this._num.length; i++) {
497
+ if (this._num[i] !== 0) {
498
+ return false;
499
+ }
500
+ }
501
+ return true;
502
+ }
503
+ lessThan(v) {
504
+ if (v.length !== this._num.length) {
505
+ throw new Error("Bignum.lessThan: invalid argument");
506
+ }
507
+ for (let i = 0; i < this._num.length; i++) {
508
+ if (this._num[i] < v[i]) {
509
+ return true;
510
+ }
511
+ if (this._num[i] > v[i]) {
512
+ return false;
513
+ }
514
+ }
515
+ return false;
516
+ }
517
+ };
518
+ }
519
+ });
520
+
521
+ // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/kems/dhkemPrimitives/ec.js
522
+ var LABEL_CANDIDATE, ORDER_P_256, ORDER_P_384, ORDER_P_521, PKCS8_ALG_ID_P_256, PKCS8_ALG_ID_P_384, PKCS8_ALG_ID_P_521, Ec;
523
+ var init_ec = __esm({
524
+ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/kems/dhkemPrimitives/ec.js"() {
525
+ "use strict";
526
+ init_algorithm();
527
+ init_consts();
528
+ init_errors();
529
+ init_identifiers();
530
+ init_dhkemPrimitives();
531
+ init_bignum();
532
+ init_misc();
533
+ LABEL_CANDIDATE = new Uint8Array([
534
+ 99,
535
+ 97,
536
+ 110,
537
+ 100,
538
+ 105,
539
+ 100,
540
+ 97,
541
+ 116,
542
+ 101
543
+ ]);
544
+ ORDER_P_256 = new Uint8Array([
545
+ 255,
546
+ 255,
547
+ 255,
548
+ 255,
549
+ 0,
550
+ 0,
551
+ 0,
552
+ 0,
553
+ 255,
554
+ 255,
555
+ 255,
556
+ 255,
557
+ 255,
558
+ 255,
559
+ 255,
560
+ 255,
561
+ 188,
562
+ 230,
563
+ 250,
564
+ 173,
565
+ 167,
566
+ 23,
567
+ 158,
568
+ 132,
569
+ 243,
570
+ 185,
571
+ 202,
572
+ 194,
573
+ 252,
574
+ 99,
575
+ 37,
576
+ 81
577
+ ]);
578
+ ORDER_P_384 = new Uint8Array([
579
+ 255,
580
+ 255,
581
+ 255,
582
+ 255,
583
+ 255,
584
+ 255,
585
+ 255,
586
+ 255,
587
+ 255,
588
+ 255,
589
+ 255,
590
+ 255,
591
+ 255,
592
+ 255,
593
+ 255,
594
+ 255,
595
+ 255,
596
+ 255,
597
+ 255,
598
+ 255,
599
+ 255,
600
+ 255,
601
+ 255,
602
+ 255,
603
+ 199,
604
+ 99,
605
+ 77,
606
+ 129,
607
+ 244,
608
+ 55,
609
+ 45,
610
+ 223,
611
+ 88,
612
+ 26,
613
+ 13,
614
+ 178,
615
+ 72,
616
+ 176,
617
+ 167,
618
+ 122,
619
+ 236,
620
+ 236,
621
+ 25,
622
+ 106,
623
+ 204,
624
+ 197,
625
+ 41,
626
+ 115
627
+ ]);
628
+ ORDER_P_521 = new Uint8Array([
629
+ 1,
630
+ 255,
631
+ 255,
632
+ 255,
633
+ 255,
634
+ 255,
635
+ 255,
636
+ 255,
637
+ 255,
638
+ 255,
639
+ 255,
640
+ 255,
641
+ 255,
642
+ 255,
643
+ 255,
644
+ 255,
645
+ 255,
646
+ 255,
647
+ 255,
648
+ 255,
649
+ 255,
650
+ 255,
651
+ 255,
652
+ 255,
653
+ 255,
654
+ 255,
655
+ 255,
656
+ 255,
657
+ 255,
658
+ 255,
659
+ 255,
660
+ 255,
661
+ 255,
662
+ 250,
663
+ 81,
664
+ 134,
665
+ 135,
666
+ 131,
667
+ 191,
668
+ 47,
669
+ 150,
670
+ 107,
671
+ 127,
672
+ 204,
673
+ 1,
674
+ 72,
675
+ 247,
676
+ 9,
677
+ 165,
678
+ 208,
679
+ 59,
680
+ 181,
681
+ 201,
682
+ 184,
683
+ 137,
684
+ 156,
685
+ 71,
686
+ 174,
687
+ 187,
688
+ 111,
689
+ 183,
690
+ 30,
691
+ 145,
692
+ 56,
693
+ 100,
694
+ 9
695
+ ]);
696
+ PKCS8_ALG_ID_P_256 = new Uint8Array([
697
+ 48,
698
+ 65,
699
+ 2,
700
+ 1,
701
+ 0,
702
+ 48,
703
+ 19,
704
+ 6,
705
+ 7,
706
+ 42,
707
+ 134,
708
+ 72,
709
+ 206,
710
+ 61,
711
+ 2,
712
+ 1,
713
+ 6,
714
+ 8,
715
+ 42,
716
+ 134,
717
+ 72,
718
+ 206,
719
+ 61,
720
+ 3,
721
+ 1,
722
+ 7,
723
+ 4,
724
+ 39,
725
+ 48,
726
+ 37,
727
+ 2,
728
+ 1,
729
+ 1,
730
+ 4,
731
+ 32
732
+ ]);
733
+ PKCS8_ALG_ID_P_384 = new Uint8Array([
734
+ 48,
735
+ 78,
736
+ 2,
737
+ 1,
738
+ 0,
739
+ 48,
740
+ 16,
741
+ 6,
742
+ 7,
743
+ 42,
744
+ 134,
745
+ 72,
746
+ 206,
747
+ 61,
748
+ 2,
749
+ 1,
750
+ 6,
751
+ 5,
752
+ 43,
753
+ 129,
754
+ 4,
755
+ 0,
756
+ 34,
757
+ 4,
758
+ 55,
759
+ 48,
760
+ 53,
761
+ 2,
762
+ 1,
763
+ 1,
764
+ 4,
765
+ 48
766
+ ]);
767
+ PKCS8_ALG_ID_P_521 = new Uint8Array([
768
+ 48,
769
+ 96,
770
+ 2,
771
+ 1,
772
+ 0,
773
+ 48,
774
+ 16,
775
+ 6,
776
+ 7,
777
+ 42,
778
+ 134,
779
+ 72,
780
+ 206,
781
+ 61,
782
+ 2,
783
+ 1,
784
+ 6,
785
+ 5,
786
+ 43,
787
+ 129,
788
+ 4,
789
+ 0,
790
+ 35,
791
+ 4,
792
+ 73,
793
+ 48,
794
+ 71,
795
+ 2,
796
+ 1,
797
+ 1,
798
+ 4,
799
+ 66
800
+ ]);
801
+ Ec = class extends NativeAlgorithm {
802
+ constructor(kem, hkdf) {
803
+ super();
804
+ Object.defineProperty(this, "_hkdf", {
805
+ enumerable: true,
806
+ configurable: true,
807
+ writable: true,
808
+ value: void 0
809
+ });
810
+ Object.defineProperty(this, "_alg", {
811
+ enumerable: true,
812
+ configurable: true,
813
+ writable: true,
814
+ value: void 0
815
+ });
816
+ Object.defineProperty(this, "_nPk", {
817
+ enumerable: true,
818
+ configurable: true,
819
+ writable: true,
820
+ value: void 0
821
+ });
822
+ Object.defineProperty(this, "_nSk", {
823
+ enumerable: true,
824
+ configurable: true,
825
+ writable: true,
826
+ value: void 0
827
+ });
828
+ Object.defineProperty(this, "_nDh", {
829
+ enumerable: true,
830
+ configurable: true,
831
+ writable: true,
832
+ value: void 0
833
+ });
834
+ Object.defineProperty(this, "_order", {
835
+ enumerable: true,
836
+ configurable: true,
837
+ writable: true,
838
+ value: void 0
839
+ });
840
+ Object.defineProperty(this, "_bitmask", {
841
+ enumerable: true,
842
+ configurable: true,
843
+ writable: true,
844
+ value: void 0
845
+ });
846
+ Object.defineProperty(this, "_pkcs8AlgId", {
847
+ enumerable: true,
848
+ configurable: true,
849
+ writable: true,
850
+ value: void 0
851
+ });
852
+ this._hkdf = hkdf;
853
+ switch (kem) {
854
+ case KemId.DhkemP256HkdfSha256:
855
+ this._alg = { name: "ECDH", namedCurve: "P-256" };
856
+ this._nPk = 65;
857
+ this._nSk = 32;
858
+ this._nDh = 32;
859
+ this._order = ORDER_P_256;
860
+ this._bitmask = 255;
861
+ this._pkcs8AlgId = PKCS8_ALG_ID_P_256;
862
+ break;
863
+ case KemId.DhkemP384HkdfSha384:
864
+ this._alg = { name: "ECDH", namedCurve: "P-384" };
865
+ this._nPk = 97;
866
+ this._nSk = 48;
867
+ this._nDh = 48;
868
+ this._order = ORDER_P_384;
869
+ this._bitmask = 255;
870
+ this._pkcs8AlgId = PKCS8_ALG_ID_P_384;
871
+ break;
872
+ default:
873
+ this._alg = { name: "ECDH", namedCurve: "P-521" };
874
+ this._nPk = 133;
875
+ this._nSk = 66;
876
+ this._nDh = 66;
877
+ this._order = ORDER_P_521;
878
+ this._bitmask = 1;
879
+ this._pkcs8AlgId = PKCS8_ALG_ID_P_521;
880
+ break;
881
+ }
882
+ }
883
+ async serializePublicKey(key) {
884
+ await this._setup();
885
+ try {
886
+ return await this._api.exportKey("raw", key);
887
+ } catch (e) {
888
+ throw new SerializeError(e);
889
+ }
890
+ }
891
+ async deserializePublicKey(key) {
892
+ await this._setup();
893
+ try {
894
+ return await this._importRawKey(key, true);
895
+ } catch (e) {
896
+ throw new DeserializeError(e);
897
+ }
898
+ }
899
+ async serializePrivateKey(key) {
900
+ await this._setup();
901
+ try {
902
+ const jwk = await this._api.exportKey("jwk", key);
903
+ if (!("d" in jwk)) {
904
+ throw new Error("Not private key");
905
+ }
906
+ return base64UrlToBytes(jwk["d"]).buffer;
907
+ } catch (e) {
908
+ throw new SerializeError(e);
909
+ }
910
+ }
911
+ async deserializePrivateKey(key) {
912
+ await this._setup();
913
+ try {
914
+ return await this._importRawKey(key, false);
915
+ } catch (e) {
916
+ throw new DeserializeError(e);
917
+ }
918
+ }
919
+ async importKey(format, key, isPublic) {
920
+ await this._setup();
921
+ try {
922
+ if (format === "raw") {
923
+ return await this._importRawKey(key, isPublic);
924
+ }
925
+ if (key instanceof ArrayBuffer) {
926
+ throw new Error("Invalid jwk key format");
927
+ }
928
+ return await this._importJWK(key, isPublic);
929
+ } catch (e) {
930
+ throw new DeserializeError(e);
931
+ }
932
+ }
933
+ async generateKeyPair() {
934
+ await this._setup();
935
+ try {
936
+ return await this._api.generateKey(this._alg, true, KEM_USAGES);
937
+ } catch (e) {
938
+ throw new NotSupportedError(e);
939
+ }
940
+ }
941
+ async deriveKeyPair(ikm) {
942
+ await this._setup();
943
+ try {
944
+ const dkpPrk = await this._hkdf.labeledExtract(EMPTY.buffer, LABEL_DKP_PRK, new Uint8Array(ikm));
945
+ const bn = new Bignum(this._nSk);
946
+ for (let counter = 0; bn.isZero() || !bn.lessThan(this._order); counter++) {
947
+ if (counter > 255) {
948
+ throw new Error("Faild to derive a key pair");
949
+ }
950
+ const bytes = new Uint8Array(await this._hkdf.labeledExpand(dkpPrk, LABEL_CANDIDATE, i2Osp(counter, 1), this._nSk));
951
+ bytes[0] = bytes[0] & this._bitmask;
952
+ bn.set(bytes);
953
+ }
954
+ const sk = await this._deserializePkcs8Key(bn.val());
955
+ bn.reset();
956
+ return {
957
+ privateKey: sk,
958
+ publicKey: await this.derivePublicKey(sk)
959
+ };
960
+ } catch (e) {
961
+ throw new DeriveKeyPairError(e);
962
+ }
963
+ }
964
+ async derivePublicKey(key) {
965
+ await this._setup();
966
+ try {
967
+ const jwk = await this._api.exportKey("jwk", key);
968
+ delete jwk["d"];
969
+ delete jwk["key_ops"];
970
+ return await this._api.importKey("jwk", jwk, this._alg, true, []);
971
+ } catch (e) {
972
+ throw new DeserializeError(e);
973
+ }
974
+ }
975
+ async dh(sk, pk) {
976
+ try {
977
+ await this._setup();
978
+ const bits = await this._api.deriveBits({
979
+ name: "ECDH",
980
+ public: pk
981
+ }, sk, this._nDh * 8);
982
+ return bits;
983
+ } catch (e) {
984
+ throw new SerializeError(e);
985
+ }
986
+ }
987
+ async _importRawKey(key, isPublic) {
988
+ if (isPublic && key.byteLength !== this._nPk) {
989
+ throw new Error("Invalid public key for the ciphersuite");
990
+ }
991
+ if (!isPublic && key.byteLength !== this._nSk) {
992
+ throw new Error("Invalid private key for the ciphersuite");
993
+ }
994
+ if (isPublic) {
995
+ return await this._api.importKey("raw", key, this._alg, true, []);
996
+ }
997
+ return await this._deserializePkcs8Key(new Uint8Array(key));
998
+ }
999
+ async _importJWK(key, isPublic) {
1000
+ if (typeof key.crv === "undefined" || key.crv !== this._alg.namedCurve) {
1001
+ throw new Error(`Invalid crv: ${key.crv}`);
1002
+ }
1003
+ if (isPublic) {
1004
+ if (typeof key.d !== "undefined") {
1005
+ throw new Error("Invalid key: `d` should not be set");
1006
+ }
1007
+ return await this._api.importKey("jwk", key, this._alg, true, []);
1008
+ }
1009
+ if (typeof key.d === "undefined") {
1010
+ throw new Error("Invalid key: `d` not found");
1011
+ }
1012
+ return await this._api.importKey("jwk", key, this._alg, true, KEM_USAGES);
1013
+ }
1014
+ async _deserializePkcs8Key(k) {
1015
+ const pkcs8Key = new Uint8Array(this._pkcs8AlgId.length + k.length);
1016
+ pkcs8Key.set(this._pkcs8AlgId, 0);
1017
+ pkcs8Key.set(k, this._pkcs8AlgId.length);
1018
+ return await this._api.importKey("pkcs8", pkcs8Key, this._alg, true, KEM_USAGES);
1019
+ }
1020
+ };
1021
+ }
1022
+ });
1023
+
1024
+ // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/xCryptoKey.js
1025
+ var init_xCryptoKey = __esm({
1026
+ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/xCryptoKey.js"() {
1027
+ "use strict";
1028
+ }
1029
+ });
1030
+
1031
+ // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/kems/hybridkem.js
1032
+ var init_hybridkem = __esm({
1033
+ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/kems/hybridkem.js"() {
1034
+ "use strict";
1035
+ init_consts();
1036
+ init_errors();
1037
+ init_identifiers();
1038
+ init_dhkemPrimitives();
1039
+ init_kemInterface();
1040
+ init_misc();
1041
+ init_xCryptoKey();
1042
+ }
1043
+ });
1044
+
1045
+ // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/kdfs/hkdf.js
1046
+ var HPKE_VERSION, HkdfNative, HkdfSha256Native, HkdfSha384Native, HkdfSha512Native;
1047
+ var init_hkdf = __esm({
1048
+ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/kdfs/hkdf.js"() {
1049
+ "use strict";
1050
+ init_consts();
1051
+ init_errors();
1052
+ init_identifiers();
1053
+ init_algorithm();
1054
+ HPKE_VERSION = new Uint8Array([72, 80, 75, 69, 45, 118, 49]);
1055
+ HkdfNative = class extends NativeAlgorithm {
1056
+ constructor() {
1057
+ super();
1058
+ Object.defineProperty(this, "id", {
1059
+ enumerable: true,
1060
+ configurable: true,
1061
+ writable: true,
1062
+ value: KdfId.HkdfSha256
1063
+ });
1064
+ Object.defineProperty(this, "hashSize", {
1065
+ enumerable: true,
1066
+ configurable: true,
1067
+ writable: true,
1068
+ value: 0
1069
+ });
1070
+ Object.defineProperty(this, "_suiteId", {
1071
+ enumerable: true,
1072
+ configurable: true,
1073
+ writable: true,
1074
+ value: EMPTY
1075
+ });
1076
+ Object.defineProperty(this, "algHash", {
1077
+ enumerable: true,
1078
+ configurable: true,
1079
+ writable: true,
1080
+ value: {
1081
+ name: "HMAC",
1082
+ hash: "SHA-256",
1083
+ length: 256
1084
+ }
1085
+ });
1086
+ }
1087
+ init(suiteId) {
1088
+ this._suiteId = suiteId;
1089
+ }
1090
+ buildLabeledIkm(label, ikm) {
1091
+ this._checkInit();
1092
+ const ret = new Uint8Array(7 + this._suiteId.byteLength + label.byteLength + ikm.byteLength);
1093
+ ret.set(HPKE_VERSION, 0);
1094
+ ret.set(this._suiteId, 7);
1095
+ ret.set(label, 7 + this._suiteId.byteLength);
1096
+ ret.set(ikm, 7 + this._suiteId.byteLength + label.byteLength);
1097
+ return ret;
1098
+ }
1099
+ buildLabeledInfo(label, info, len) {
1100
+ this._checkInit();
1101
+ const ret = new Uint8Array(9 + this._suiteId.byteLength + label.byteLength + info.byteLength);
1102
+ ret.set(new Uint8Array([0, len]), 0);
1103
+ ret.set(HPKE_VERSION, 2);
1104
+ ret.set(this._suiteId, 9);
1105
+ ret.set(label, 9 + this._suiteId.byteLength);
1106
+ ret.set(info, 9 + this._suiteId.byteLength + label.byteLength);
1107
+ return ret;
1108
+ }
1109
+ async extract(salt, ikm) {
1110
+ await this._setup();
1111
+ if (salt.byteLength === 0) {
1112
+ salt = new ArrayBuffer(this.hashSize);
1113
+ }
1114
+ if (salt.byteLength !== this.hashSize) {
1115
+ throw new InvalidParamError("The salt length must be the same as the hashSize");
1116
+ }
1117
+ const key = await this._api.importKey("raw", salt, this.algHash, false, [
1118
+ "sign"
1119
+ ]);
1120
+ return await this._api.sign("HMAC", key, ikm);
1121
+ }
1122
+ async expand(prk, info, len) {
1123
+ await this._setup();
1124
+ const key = await this._api.importKey("raw", prk, this.algHash, false, [
1125
+ "sign"
1126
+ ]);
1127
+ const okm = new ArrayBuffer(len);
1128
+ const p = new Uint8Array(okm);
1129
+ let prev = EMPTY;
1130
+ const mid = new Uint8Array(info);
1131
+ const tail = new Uint8Array(1);
1132
+ if (len > 255 * this.hashSize) {
1133
+ throw new Error("Entropy limit reached");
1134
+ }
1135
+ const tmp = new Uint8Array(this.hashSize + mid.length + 1);
1136
+ for (let i = 1, cur = 0; cur < p.length; i++) {
1137
+ tail[0] = i;
1138
+ tmp.set(prev, 0);
1139
+ tmp.set(mid, prev.length);
1140
+ tmp.set(tail, prev.length + mid.length);
1141
+ prev = new Uint8Array(await this._api.sign("HMAC", key, tmp.slice(0, prev.length + mid.length + 1)));
1142
+ if (p.length - cur >= prev.length) {
1143
+ p.set(prev, cur);
1144
+ cur += prev.length;
1145
+ } else {
1146
+ p.set(prev.slice(0, p.length - cur), cur);
1147
+ cur += p.length - cur;
1148
+ }
1149
+ }
1150
+ return okm;
1151
+ }
1152
+ async extractAndExpand(salt, ikm, info, len) {
1153
+ await this._setup();
1154
+ const baseKey = await this._api.importKey("raw", ikm, "HKDF", false, ["deriveBits"]);
1155
+ return await this._api.deriveBits({
1156
+ name: "HKDF",
1157
+ hash: this.algHash.hash,
1158
+ salt,
1159
+ info
1160
+ }, baseKey, len * 8);
1161
+ }
1162
+ async labeledExtract(salt, label, ikm) {
1163
+ return await this.extract(salt, this.buildLabeledIkm(label, ikm).buffer);
1164
+ }
1165
+ async labeledExpand(prk, label, info, len) {
1166
+ return await this.expand(prk, this.buildLabeledInfo(label, info, len).buffer, len);
1167
+ }
1168
+ _checkInit() {
1169
+ if (this._suiteId === EMPTY) {
1170
+ throw new Error("Not initialized. Call init()");
1171
+ }
1172
+ }
1173
+ };
1174
+ HkdfSha256Native = class extends HkdfNative {
1175
+ constructor() {
1176
+ super(...arguments);
1177
+ Object.defineProperty(this, "id", {
1178
+ enumerable: true,
1179
+ configurable: true,
1180
+ writable: true,
1181
+ value: KdfId.HkdfSha256
1182
+ });
1183
+ Object.defineProperty(this, "hashSize", {
1184
+ enumerable: true,
1185
+ configurable: true,
1186
+ writable: true,
1187
+ value: 32
1188
+ });
1189
+ Object.defineProperty(this, "algHash", {
1190
+ enumerable: true,
1191
+ configurable: true,
1192
+ writable: true,
1193
+ value: {
1194
+ name: "HMAC",
1195
+ hash: "SHA-256",
1196
+ length: 256
1197
+ }
1198
+ });
1199
+ }
1200
+ };
1201
+ HkdfSha384Native = class extends HkdfNative {
1202
+ constructor() {
1203
+ super(...arguments);
1204
+ Object.defineProperty(this, "id", {
1205
+ enumerable: true,
1206
+ configurable: true,
1207
+ writable: true,
1208
+ value: KdfId.HkdfSha384
1209
+ });
1210
+ Object.defineProperty(this, "hashSize", {
1211
+ enumerable: true,
1212
+ configurable: true,
1213
+ writable: true,
1214
+ value: 48
1215
+ });
1216
+ Object.defineProperty(this, "algHash", {
1217
+ enumerable: true,
1218
+ configurable: true,
1219
+ writable: true,
1220
+ value: {
1221
+ name: "HMAC",
1222
+ hash: "SHA-384",
1223
+ length: 384
1224
+ }
1225
+ });
1226
+ }
1227
+ };
1228
+ HkdfSha512Native = class extends HkdfNative {
1229
+ constructor() {
1230
+ super(...arguments);
1231
+ Object.defineProperty(this, "id", {
1232
+ enumerable: true,
1233
+ configurable: true,
1234
+ writable: true,
1235
+ value: KdfId.HkdfSha512
1236
+ });
1237
+ Object.defineProperty(this, "hashSize", {
1238
+ enumerable: true,
1239
+ configurable: true,
1240
+ writable: true,
1241
+ value: 64
1242
+ });
1243
+ Object.defineProperty(this, "algHash", {
1244
+ enumerable: true,
1245
+ configurable: true,
1246
+ writable: true,
1247
+ value: {
1248
+ name: "HMAC",
1249
+ hash: "SHA-512",
1250
+ length: 512
1251
+ }
1252
+ });
1253
+ }
1254
+ };
1255
+ }
1256
+ });
1257
+
1258
+ // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/interfaces/aeadEncryptionContext.js
1259
+ var AEAD_USAGES;
1260
+ var init_aeadEncryptionContext = __esm({
1261
+ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/interfaces/aeadEncryptionContext.js"() {
1262
+ "use strict";
1263
+ AEAD_USAGES = ["encrypt", "decrypt"];
1264
+ }
1265
+ });
1266
+
1267
+ // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/mod.js
1268
+ var init_mod = __esm({
1269
+ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/mod.js"() {
1270
+ "use strict";
1271
+ init_errors();
1272
+ init_algorithm();
1273
+ init_identifiers();
1274
+ init_dhkem();
1275
+ init_ec();
1276
+ init_hybridkem();
1277
+ init_xCryptoKey();
1278
+ init_hkdf();
1279
+ init_aeadEncryptionContext();
1280
+ init_dhkemPrimitives();
1281
+ init_dhkemPrimitives();
1282
+ init_kemInterface();
1283
+ init_consts();
1284
+ init_misc();
1285
+ }
1286
+ });
1287
+
1288
+ // ../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/aeads/aesGcm.js
1289
+ var AesGcmContext, Aes128Gcm, Aes256Gcm;
1290
+ var init_aesGcm = __esm({
1291
+ "../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/aeads/aesGcm.js"() {
1292
+ "use strict";
1293
+ init_mod();
1294
+ AesGcmContext = class extends NativeAlgorithm {
1295
+ constructor(key) {
1296
+ super();
1297
+ Object.defineProperty(this, "_rawKey", {
1298
+ enumerable: true,
1299
+ configurable: true,
1300
+ writable: true,
1301
+ value: void 0
1302
+ });
1303
+ Object.defineProperty(this, "_key", {
1304
+ enumerable: true,
1305
+ configurable: true,
1306
+ writable: true,
1307
+ value: void 0
1308
+ });
1309
+ this._rawKey = key;
1310
+ }
1311
+ async seal(iv, data, aad) {
1312
+ await this._setupKey();
1313
+ const alg = {
1314
+ name: "AES-GCM",
1315
+ iv,
1316
+ additionalData: aad
1317
+ };
1318
+ const ct = await this._api.encrypt(alg, this._key, data);
1319
+ return ct;
1320
+ }
1321
+ async open(iv, data, aad) {
1322
+ await this._setupKey();
1323
+ const alg = {
1324
+ name: "AES-GCM",
1325
+ iv,
1326
+ additionalData: aad
1327
+ };
1328
+ const pt = await this._api.decrypt(alg, this._key, data);
1329
+ return pt;
1330
+ }
1331
+ async _setupKey() {
1332
+ if (this._key !== void 0) {
1333
+ return;
1334
+ }
1335
+ await this._setup();
1336
+ const key = await this._importKey(this._rawKey);
1337
+ new Uint8Array(this._rawKey).fill(0);
1338
+ this._key = key;
1339
+ return;
1340
+ }
1341
+ async _importKey(key) {
1342
+ return await this._api.importKey("raw", key, { name: "AES-GCM" }, true, AEAD_USAGES);
1343
+ }
1344
+ };
1345
+ Aes128Gcm = class {
1346
+ constructor() {
1347
+ Object.defineProperty(this, "id", {
1348
+ enumerable: true,
1349
+ configurable: true,
1350
+ writable: true,
1351
+ value: AeadId.Aes128Gcm
1352
+ });
1353
+ Object.defineProperty(this, "keySize", {
1354
+ enumerable: true,
1355
+ configurable: true,
1356
+ writable: true,
1357
+ value: 16
1358
+ });
1359
+ Object.defineProperty(this, "nonceSize", {
1360
+ enumerable: true,
1361
+ configurable: true,
1362
+ writable: true,
1363
+ value: 12
1364
+ });
1365
+ Object.defineProperty(this, "tagSize", {
1366
+ enumerable: true,
1367
+ configurable: true,
1368
+ writable: true,
1369
+ value: 16
1370
+ });
1371
+ }
1372
+ createEncryptionContext(key) {
1373
+ return new AesGcmContext(key);
1374
+ }
1375
+ };
1376
+ Aes256Gcm = class extends Aes128Gcm {
1377
+ constructor() {
1378
+ super(...arguments);
1379
+ Object.defineProperty(this, "id", {
1380
+ enumerable: true,
1381
+ configurable: true,
1382
+ writable: true,
1383
+ value: AeadId.Aes256Gcm
1384
+ });
1385
+ Object.defineProperty(this, "keySize", {
1386
+ enumerable: true,
1387
+ configurable: true,
1388
+ writable: true,
1389
+ value: 32
1390
+ });
1391
+ Object.defineProperty(this, "nonceSize", {
1392
+ enumerable: true,
1393
+ configurable: true,
1394
+ writable: true,
1395
+ value: 12
1396
+ });
1397
+ Object.defineProperty(this, "tagSize", {
1398
+ enumerable: true,
1399
+ configurable: true,
1400
+ writable: true,
1401
+ value: 16
1402
+ });
1403
+ }
1404
+ };
1405
+ }
1406
+ });
1407
+
1408
+ // ../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/aeads/exportOnly.js
1409
+ var ExportOnly;
1410
+ var init_exportOnly = __esm({
1411
+ "../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/aeads/exportOnly.js"() {
1412
+ "use strict";
1413
+ init_mod();
1414
+ ExportOnly = class {
1415
+ constructor() {
1416
+ Object.defineProperty(this, "id", {
1417
+ enumerable: true,
1418
+ configurable: true,
1419
+ writable: true,
1420
+ value: AeadId.ExportOnly
1421
+ });
1422
+ Object.defineProperty(this, "keySize", {
1423
+ enumerable: true,
1424
+ configurable: true,
1425
+ writable: true,
1426
+ value: 0
1427
+ });
1428
+ Object.defineProperty(this, "nonceSize", {
1429
+ enumerable: true,
1430
+ configurable: true,
1431
+ writable: true,
1432
+ value: 0
1433
+ });
1434
+ Object.defineProperty(this, "tagSize", {
1435
+ enumerable: true,
1436
+ configurable: true,
1437
+ writable: true,
1438
+ value: 0
1439
+ });
1440
+ }
1441
+ createEncryptionContext(_key) {
1442
+ throw new NotSupportedError("Export only");
1443
+ }
1444
+ };
1445
+ }
1446
+ });
1447
+
1448
+ // ../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/utils/emitNotSupported.js
1449
+ function emitNotSupported() {
1450
+ return new Promise((_resolve, reject) => {
1451
+ reject(new NotSupportedError("Not supported"));
1452
+ });
1453
+ }
1454
+ var init_emitNotSupported = __esm({
1455
+ "../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/utils/emitNotSupported.js"() {
1456
+ "use strict";
1457
+ init_mod();
1458
+ }
1459
+ });
1460
+
1461
+ // ../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/exporterContext.js
1462
+ var LABEL_SEC, ExporterContextImpl, RecipientExporterContextImpl, SenderExporterContextImpl;
1463
+ var init_exporterContext = __esm({
1464
+ "../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/exporterContext.js"() {
1465
+ "use strict";
1466
+ init_mod();
1467
+ init_emitNotSupported();
1468
+ LABEL_SEC = new Uint8Array([115, 101, 99]);
1469
+ ExporterContextImpl = class {
1470
+ constructor(api, kdf, exporterSecret) {
1471
+ Object.defineProperty(this, "_api", {
1472
+ enumerable: true,
1473
+ configurable: true,
1474
+ writable: true,
1475
+ value: void 0
1476
+ });
1477
+ Object.defineProperty(this, "exporterSecret", {
1478
+ enumerable: true,
1479
+ configurable: true,
1480
+ writable: true,
1481
+ value: void 0
1482
+ });
1483
+ Object.defineProperty(this, "_kdf", {
1484
+ enumerable: true,
1485
+ configurable: true,
1486
+ writable: true,
1487
+ value: void 0
1488
+ });
1489
+ this._api = api;
1490
+ this._kdf = kdf;
1491
+ this.exporterSecret = exporterSecret;
1492
+ }
1493
+ async seal(_data, _aad) {
1494
+ return await emitNotSupported();
1495
+ }
1496
+ async open(_data, _aad) {
1497
+ return await emitNotSupported();
1498
+ }
1499
+ async export(exporterContext, len) {
1500
+ if (exporterContext.byteLength > INPUT_LENGTH_LIMIT) {
1501
+ throw new InvalidParamError("Too long exporter context");
1502
+ }
1503
+ try {
1504
+ return await this._kdf.labeledExpand(this.exporterSecret, LABEL_SEC, new Uint8Array(exporterContext), len);
1505
+ } catch (e) {
1506
+ throw new ExportError(e);
1507
+ }
1508
+ }
1509
+ };
1510
+ RecipientExporterContextImpl = class extends ExporterContextImpl {
1511
+ };
1512
+ SenderExporterContextImpl = class extends ExporterContextImpl {
1513
+ constructor(api, kdf, exporterSecret, enc) {
1514
+ super(api, kdf, exporterSecret);
1515
+ Object.defineProperty(this, "enc", {
1516
+ enumerable: true,
1517
+ configurable: true,
1518
+ writable: true,
1519
+ value: void 0
1520
+ });
1521
+ this.enc = enc;
1522
+ return;
1523
+ }
1524
+ };
1525
+ }
1526
+ });
1527
+
1528
+ // ../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/encryptionContext.js
1529
+ var EncryptionContextImpl;
1530
+ var init_encryptionContext = __esm({
1531
+ "../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/encryptionContext.js"() {
1532
+ "use strict";
1533
+ init_mod();
1534
+ init_exporterContext();
1535
+ EncryptionContextImpl = class extends ExporterContextImpl {
1536
+ constructor(api, kdf, params) {
1537
+ super(api, kdf, params.exporterSecret);
1538
+ Object.defineProperty(this, "_aead", {
1539
+ enumerable: true,
1540
+ configurable: true,
1541
+ writable: true,
1542
+ value: void 0
1543
+ });
1544
+ Object.defineProperty(this, "_nK", {
1545
+ enumerable: true,
1546
+ configurable: true,
1547
+ writable: true,
1548
+ value: void 0
1549
+ });
1550
+ Object.defineProperty(this, "_nN", {
1551
+ enumerable: true,
1552
+ configurable: true,
1553
+ writable: true,
1554
+ value: void 0
1555
+ });
1556
+ Object.defineProperty(this, "_nT", {
1557
+ enumerable: true,
1558
+ configurable: true,
1559
+ writable: true,
1560
+ value: void 0
1561
+ });
1562
+ Object.defineProperty(this, "_ctx", {
1563
+ enumerable: true,
1564
+ configurable: true,
1565
+ writable: true,
1566
+ value: void 0
1567
+ });
1568
+ if (params.key === void 0 || params.baseNonce === void 0 || params.seq === void 0) {
1569
+ throw new Error("Required parameters are missing");
1570
+ }
1571
+ this._aead = params.aead;
1572
+ this._nK = this._aead.keySize;
1573
+ this._nN = this._aead.nonceSize;
1574
+ this._nT = this._aead.tagSize;
1575
+ const key = this._aead.createEncryptionContext(params.key);
1576
+ this._ctx = {
1577
+ key,
1578
+ baseNonce: params.baseNonce,
1579
+ seq: params.seq
1580
+ };
1581
+ }
1582
+ computeNonce(k) {
1583
+ const seqBytes = i2Osp(k.seq, k.baseNonce.byteLength);
1584
+ return xor(k.baseNonce, seqBytes).buffer;
1585
+ }
1586
+ incrementSeq(k) {
1587
+ if (k.seq > Number.MAX_SAFE_INTEGER) {
1588
+ throw new MessageLimitReachedError("Message limit reached");
1589
+ }
1590
+ k.seq += 1;
1591
+ return;
1592
+ }
1593
+ };
1594
+ }
1595
+ });
1596
+
1597
+ // ../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/recipientContext.js
1598
+ var RecipientContextImpl;
1599
+ var init_recipientContext = __esm({
1600
+ "../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/recipientContext.js"() {
1601
+ "use strict";
1602
+ init_mod();
1603
+ init_encryptionContext();
1604
+ RecipientContextImpl = class extends EncryptionContextImpl {
1605
+ async open(data, aad = EMPTY.buffer) {
1606
+ let pt;
1607
+ try {
1608
+ pt = await this._ctx.key.open(this.computeNonce(this._ctx), data, aad);
1609
+ } catch (e) {
1610
+ throw new OpenError(e);
1611
+ }
1612
+ this.incrementSeq(this._ctx);
1613
+ return pt;
1614
+ }
1615
+ };
1616
+ }
1617
+ });
1618
+
1619
+ // ../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/senderContext.js
1620
+ var SenderContextImpl;
1621
+ var init_senderContext = __esm({
1622
+ "../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/senderContext.js"() {
1623
+ "use strict";
1624
+ init_mod();
1625
+ init_encryptionContext();
1626
+ SenderContextImpl = class extends EncryptionContextImpl {
1627
+ constructor(api, kdf, params, enc) {
1628
+ super(api, kdf, params);
1629
+ Object.defineProperty(this, "enc", {
1630
+ enumerable: true,
1631
+ configurable: true,
1632
+ writable: true,
1633
+ value: void 0
1634
+ });
1635
+ this.enc = enc;
1636
+ }
1637
+ async seal(data, aad = EMPTY.buffer) {
1638
+ let ct;
1639
+ try {
1640
+ ct = await this._ctx.key.seal(this.computeNonce(this._ctx), data, aad);
1641
+ } catch (e) {
1642
+ throw new SealError(e);
1643
+ }
1644
+ this.incrementSeq(this._ctx);
1645
+ return ct;
1646
+ }
1647
+ };
1648
+ }
1649
+ });
1650
+
1651
+ // ../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/cipherSuiteNative.js
1652
+ var LABEL_BASE_NONCE, LABEL_EXP, LABEL_INFO_HASH, LABEL_KEY, LABEL_PSK_ID_HASH, LABEL_SECRET, SUITE_ID_HEADER_HPKE, CipherSuiteNative;
1653
+ var init_cipherSuiteNative = __esm({
1654
+ "../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/cipherSuiteNative.js"() {
1655
+ "use strict";
1656
+ init_mod();
1657
+ init_exporterContext();
1658
+ init_recipientContext();
1659
+ init_senderContext();
1660
+ LABEL_BASE_NONCE = new Uint8Array([
1661
+ 98,
1662
+ 97,
1663
+ 115,
1664
+ 101,
1665
+ 95,
1666
+ 110,
1667
+ 111,
1668
+ 110,
1669
+ 99,
1670
+ 101
1671
+ ]);
1672
+ LABEL_EXP = new Uint8Array([101, 120, 112]);
1673
+ LABEL_INFO_HASH = new Uint8Array([
1674
+ 105,
1675
+ 110,
1676
+ 102,
1677
+ 111,
1678
+ 95,
1679
+ 104,
1680
+ 97,
1681
+ 115,
1682
+ 104
1683
+ ]);
1684
+ LABEL_KEY = new Uint8Array([107, 101, 121]);
1685
+ LABEL_PSK_ID_HASH = new Uint8Array([
1686
+ 112,
1687
+ 115,
1688
+ 107,
1689
+ 95,
1690
+ 105,
1691
+ 100,
1692
+ 95,
1693
+ 104,
1694
+ 97,
1695
+ 115,
1696
+ 104
1697
+ ]);
1698
+ LABEL_SECRET = new Uint8Array([115, 101, 99, 114, 101, 116]);
1699
+ SUITE_ID_HEADER_HPKE = new Uint8Array([
1700
+ 72,
1701
+ 80,
1702
+ 75,
1703
+ 69,
1704
+ 0,
1705
+ 0,
1706
+ 0,
1707
+ 0,
1708
+ 0,
1709
+ 0
1710
+ ]);
1711
+ CipherSuiteNative = class extends NativeAlgorithm {
1712
+ /**
1713
+ * @param params A set of parameters for building a cipher suite.
1714
+ *
1715
+ * If the error occurred, throws {@link InvalidParamError}.
1716
+ *
1717
+ * @throws {@link InvalidParamError}
1718
+ */
1719
+ constructor(params) {
1720
+ super();
1721
+ Object.defineProperty(this, "_kem", {
1722
+ enumerable: true,
1723
+ configurable: true,
1724
+ writable: true,
1725
+ value: void 0
1726
+ });
1727
+ Object.defineProperty(this, "_kdf", {
1728
+ enumerable: true,
1729
+ configurable: true,
1730
+ writable: true,
1731
+ value: void 0
1732
+ });
1733
+ Object.defineProperty(this, "_aead", {
1734
+ enumerable: true,
1735
+ configurable: true,
1736
+ writable: true,
1737
+ value: void 0
1738
+ });
1739
+ Object.defineProperty(this, "_suiteId", {
1740
+ enumerable: true,
1741
+ configurable: true,
1742
+ writable: true,
1743
+ value: void 0
1744
+ });
1745
+ if (typeof params.kem === "number") {
1746
+ throw new InvalidParamError("KemId cannot be used");
1747
+ }
1748
+ this._kem = params.kem;
1749
+ if (typeof params.kdf === "number") {
1750
+ throw new InvalidParamError("KdfId cannot be used");
1751
+ }
1752
+ this._kdf = params.kdf;
1753
+ if (typeof params.aead === "number") {
1754
+ throw new InvalidParamError("AeadId cannot be used");
1755
+ }
1756
+ this._aead = params.aead;
1757
+ this._suiteId = new Uint8Array(SUITE_ID_HEADER_HPKE);
1758
+ this._suiteId.set(i2Osp(this._kem.id, 2), 4);
1759
+ this._suiteId.set(i2Osp(this._kdf.id, 2), 6);
1760
+ this._suiteId.set(i2Osp(this._aead.id, 2), 8);
1761
+ this._kdf.init(this._suiteId);
1762
+ }
1763
+ /**
1764
+ * Gets the KEM context of the ciphersuite.
1765
+ */
1766
+ get kem() {
1767
+ return this._kem;
1768
+ }
1769
+ /**
1770
+ * Gets the KDF context of the ciphersuite.
1771
+ */
1772
+ get kdf() {
1773
+ return this._kdf;
1774
+ }
1775
+ /**
1776
+ * Gets the AEAD context of the ciphersuite.
1777
+ */
1778
+ get aead() {
1779
+ return this._aead;
1780
+ }
1781
+ /**
1782
+ * Creates an encryption context for a sender.
1783
+ *
1784
+ * If the error occurred, throws {@link DecapError} | {@link ValidationError}.
1785
+ *
1786
+ * @param params A set of parameters for the sender encryption context.
1787
+ * @returns A sender encryption context.
1788
+ * @throws {@link EncapError}, {@link ValidationError}
1789
+ */
1790
+ async createSenderContext(params) {
1791
+ this._validateInputLength(params);
1792
+ await this._setup();
1793
+ const dh = await this._kem.encap(params);
1794
+ let mode;
1795
+ if (params.psk !== void 0) {
1796
+ mode = params.senderKey !== void 0 ? Mode.AuthPsk : Mode.Psk;
1797
+ } else {
1798
+ mode = params.senderKey !== void 0 ? Mode.Auth : Mode.Base;
1799
+ }
1800
+ return await this._keyScheduleS(mode, dh.sharedSecret, dh.enc, params);
1801
+ }
1802
+ /**
1803
+ * Creates an encryption context for a recipient.
1804
+ *
1805
+ * If the error occurred, throws {@link DecapError}
1806
+ * | {@link DeserializeError} | {@link ValidationError}.
1807
+ *
1808
+ * @param params A set of parameters for the recipient encryption context.
1809
+ * @returns A recipient encryption context.
1810
+ * @throws {@link DecapError}, {@link DeserializeError}, {@link ValidationError}
1811
+ */
1812
+ async createRecipientContext(params) {
1813
+ this._validateInputLength(params);
1814
+ await this._setup();
1815
+ const sharedSecret = await this._kem.decap(params);
1816
+ let mode;
1817
+ if (params.psk !== void 0) {
1818
+ mode = params.senderPublicKey !== void 0 ? Mode.AuthPsk : Mode.Psk;
1819
+ } else {
1820
+ mode = params.senderPublicKey !== void 0 ? Mode.Auth : Mode.Base;
1821
+ }
1822
+ return await this._keyScheduleR(mode, sharedSecret, params);
1823
+ }
1824
+ /**
1825
+ * Encrypts a message to a recipient.
1826
+ *
1827
+ * If the error occurred, throws `EncapError` | `MessageLimitReachedError` | `SealError` | `ValidationError`.
1828
+ *
1829
+ * @param params A set of parameters for building a sender encryption context.
1830
+ * @param pt A plain text as bytes to be encrypted.
1831
+ * @param aad Additional authenticated data as bytes fed by an application.
1832
+ * @returns A cipher text and an encapsulated key as bytes.
1833
+ * @throws {@link EncapError}, {@link MessageLimitReachedError}, {@link SealError}, {@link ValidationError}
1834
+ */
1835
+ async seal(params, pt, aad = EMPTY.buffer) {
1836
+ const ctx = await this.createSenderContext(params);
1837
+ return {
1838
+ ct: await ctx.seal(pt, aad),
1839
+ enc: ctx.enc
1840
+ };
1841
+ }
1842
+ /**
1843
+ * Decrypts a message from a sender.
1844
+ *
1845
+ * If the error occurred, throws `DecapError` | `DeserializeError` | `OpenError` | `ValidationError`.
1846
+ *
1847
+ * @param params A set of parameters for building a recipient encryption context.
1848
+ * @param ct An encrypted text as bytes to be decrypted.
1849
+ * @param aad Additional authenticated data as bytes fed by an application.
1850
+ * @returns A decrypted plain text as bytes.
1851
+ * @throws {@link DecapError}, {@link DeserializeError}, {@link OpenError}, {@link ValidationError}
1852
+ */
1853
+ async open(params, ct, aad = EMPTY.buffer) {
1854
+ const ctx = await this.createRecipientContext(params);
1855
+ return await ctx.open(ct, aad);
1856
+ }
1857
+ // private verifyPskInputs(mode: Mode, params: KeyScheduleParams) {
1858
+ // const gotPsk = (params.psk !== undefined);
1859
+ // const gotPskId = (params.psk !== undefined && params.psk.id.byteLength > 0);
1860
+ // if (gotPsk !== gotPskId) {
1861
+ // throw new Error('Inconsistent PSK inputs');
1862
+ // }
1863
+ // if (gotPsk && (mode === Mode.Base || mode === Mode.Auth)) {
1864
+ // throw new Error('PSK input provided when not needed');
1865
+ // }
1866
+ // if (!gotPsk && (mode === Mode.Psk || mode === Mode.AuthPsk)) {
1867
+ // throw new Error('Missing required PSK input');
1868
+ // }
1869
+ // return;
1870
+ // }
1871
+ async _keySchedule(mode, sharedSecret, params) {
1872
+ const pskId = params.psk === void 0 ? EMPTY : new Uint8Array(params.psk.id);
1873
+ const pskIdHash = await this._kdf.labeledExtract(EMPTY.buffer, LABEL_PSK_ID_HASH, pskId);
1874
+ const info = params.info === void 0 ? EMPTY : new Uint8Array(params.info);
1875
+ const infoHash = await this._kdf.labeledExtract(EMPTY.buffer, LABEL_INFO_HASH, info);
1876
+ const keyScheduleContext = new Uint8Array(1 + pskIdHash.byteLength + infoHash.byteLength);
1877
+ keyScheduleContext.set(new Uint8Array([mode]), 0);
1878
+ keyScheduleContext.set(new Uint8Array(pskIdHash), 1);
1879
+ keyScheduleContext.set(new Uint8Array(infoHash), 1 + pskIdHash.byteLength);
1880
+ const psk = params.psk === void 0 ? EMPTY : new Uint8Array(params.psk.key);
1881
+ const ikm = this._kdf.buildLabeledIkm(LABEL_SECRET, psk).buffer;
1882
+ const exporterSecretInfo = this._kdf.buildLabeledInfo(LABEL_EXP, keyScheduleContext, this._kdf.hashSize).buffer;
1883
+ const exporterSecret = await this._kdf.extractAndExpand(sharedSecret, ikm, exporterSecretInfo, this._kdf.hashSize);
1884
+ if (this._aead.id === AeadId.ExportOnly) {
1885
+ return { aead: this._aead, exporterSecret };
1886
+ }
1887
+ const keyInfo = this._kdf.buildLabeledInfo(LABEL_KEY, keyScheduleContext, this._aead.keySize).buffer;
1888
+ const key = await this._kdf.extractAndExpand(sharedSecret, ikm, keyInfo, this._aead.keySize);
1889
+ const baseNonceInfo = this._kdf.buildLabeledInfo(LABEL_BASE_NONCE, keyScheduleContext, this._aead.nonceSize).buffer;
1890
+ const baseNonce = await this._kdf.extractAndExpand(sharedSecret, ikm, baseNonceInfo, this._aead.nonceSize);
1891
+ return {
1892
+ aead: this._aead,
1893
+ exporterSecret,
1894
+ key,
1895
+ baseNonce: new Uint8Array(baseNonce),
1896
+ seq: 0
1897
+ };
1898
+ }
1899
+ async _keyScheduleS(mode, sharedSecret, enc, params) {
1900
+ const res = await this._keySchedule(mode, sharedSecret, params);
1901
+ if (res.key === void 0) {
1902
+ return new SenderExporterContextImpl(this._api, this._kdf, res.exporterSecret, enc);
1903
+ }
1904
+ return new SenderContextImpl(this._api, this._kdf, res, enc);
1905
+ }
1906
+ async _keyScheduleR(mode, sharedSecret, params) {
1907
+ const res = await this._keySchedule(mode, sharedSecret, params);
1908
+ if (res.key === void 0) {
1909
+ return new RecipientExporterContextImpl(this._api, this._kdf, res.exporterSecret);
1910
+ }
1911
+ return new RecipientContextImpl(this._api, this._kdf, res);
1912
+ }
1913
+ _validateInputLength(params) {
1914
+ if (params.info !== void 0 && params.info.byteLength > INPUT_LENGTH_LIMIT) {
1915
+ throw new InvalidParamError("Too long info");
1916
+ }
1917
+ if (params.psk !== void 0) {
1918
+ if (params.psk.key.byteLength < MINIMUM_PSK_LENGTH) {
1919
+ throw new InvalidParamError(`PSK must have at least ${MINIMUM_PSK_LENGTH} bytes`);
1920
+ }
1921
+ if (params.psk.key.byteLength > INPUT_LENGTH_LIMIT) {
1922
+ throw new InvalidParamError("Too long psk.key");
1923
+ }
1924
+ if (params.psk.id.byteLength > INPUT_LENGTH_LIMIT) {
1925
+ throw new InvalidParamError("Too long psk.id");
1926
+ }
1927
+ }
1928
+ return;
1929
+ }
1930
+ };
1931
+ }
1932
+ });
1933
+
1934
+ // ../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/kems/dhkemNative.js
1935
+ var DhkemP256HkdfSha256Native, DhkemP384HkdfSha384Native, DhkemP521HkdfSha512Native;
1936
+ var init_dhkemNative = __esm({
1937
+ "../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/kems/dhkemNative.js"() {
1938
+ "use strict";
1939
+ init_mod();
1940
+ DhkemP256HkdfSha256Native = class extends Dhkem {
1941
+ constructor() {
1942
+ const kdf = new HkdfSha256Native();
1943
+ const prim = new Ec(KemId.DhkemP256HkdfSha256, kdf);
1944
+ super(KemId.DhkemP256HkdfSha256, prim, kdf);
1945
+ Object.defineProperty(this, "id", {
1946
+ enumerable: true,
1947
+ configurable: true,
1948
+ writable: true,
1949
+ value: KemId.DhkemP256HkdfSha256
1950
+ });
1951
+ Object.defineProperty(this, "secretSize", {
1952
+ enumerable: true,
1953
+ configurable: true,
1954
+ writable: true,
1955
+ value: 32
1956
+ });
1957
+ Object.defineProperty(this, "encSize", {
1958
+ enumerable: true,
1959
+ configurable: true,
1960
+ writable: true,
1961
+ value: 65
1962
+ });
1963
+ Object.defineProperty(this, "publicKeySize", {
1964
+ enumerable: true,
1965
+ configurable: true,
1966
+ writable: true,
1967
+ value: 65
1968
+ });
1969
+ Object.defineProperty(this, "privateKeySize", {
1970
+ enumerable: true,
1971
+ configurable: true,
1972
+ writable: true,
1973
+ value: 32
1974
+ });
1975
+ }
1976
+ };
1977
+ DhkemP384HkdfSha384Native = class extends Dhkem {
1978
+ constructor() {
1979
+ const kdf = new HkdfSha384Native();
1980
+ const prim = new Ec(KemId.DhkemP384HkdfSha384, kdf);
1981
+ super(KemId.DhkemP384HkdfSha384, prim, kdf);
1982
+ Object.defineProperty(this, "id", {
1983
+ enumerable: true,
1984
+ configurable: true,
1985
+ writable: true,
1986
+ value: KemId.DhkemP384HkdfSha384
1987
+ });
1988
+ Object.defineProperty(this, "secretSize", {
1989
+ enumerable: true,
1990
+ configurable: true,
1991
+ writable: true,
1992
+ value: 48
1993
+ });
1994
+ Object.defineProperty(this, "encSize", {
1995
+ enumerable: true,
1996
+ configurable: true,
1997
+ writable: true,
1998
+ value: 97
1999
+ });
2000
+ Object.defineProperty(this, "publicKeySize", {
2001
+ enumerable: true,
2002
+ configurable: true,
2003
+ writable: true,
2004
+ value: 97
2005
+ });
2006
+ Object.defineProperty(this, "privateKeySize", {
2007
+ enumerable: true,
2008
+ configurable: true,
2009
+ writable: true,
2010
+ value: 48
2011
+ });
2012
+ }
2013
+ };
2014
+ DhkemP521HkdfSha512Native = class extends Dhkem {
2015
+ constructor() {
2016
+ const kdf = new HkdfSha512Native();
2017
+ const prim = new Ec(KemId.DhkemP521HkdfSha512, kdf);
2018
+ super(KemId.DhkemP521HkdfSha512, prim, kdf);
2019
+ Object.defineProperty(this, "id", {
2020
+ enumerable: true,
2021
+ configurable: true,
2022
+ writable: true,
2023
+ value: KemId.DhkemP521HkdfSha512
2024
+ });
2025
+ Object.defineProperty(this, "secretSize", {
2026
+ enumerable: true,
2027
+ configurable: true,
2028
+ writable: true,
2029
+ value: 64
2030
+ });
2031
+ Object.defineProperty(this, "encSize", {
2032
+ enumerable: true,
2033
+ configurable: true,
2034
+ writable: true,
2035
+ value: 133
2036
+ });
2037
+ Object.defineProperty(this, "publicKeySize", {
2038
+ enumerable: true,
2039
+ configurable: true,
2040
+ writable: true,
2041
+ value: 133
2042
+ });
2043
+ Object.defineProperty(this, "privateKeySize", {
2044
+ enumerable: true,
2045
+ configurable: true,
2046
+ writable: true,
2047
+ value: 64
2048
+ });
2049
+ }
2050
+ };
2051
+ }
2052
+ });
2053
+
2054
+ // ../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/native.js
2055
+ var CipherSuite, DhkemP256HkdfSha256, DhkemP384HkdfSha384, DhkemP521HkdfSha512, HkdfSha256, HkdfSha384, HkdfSha512;
2056
+ var init_native = __esm({
2057
+ "../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/native.js"() {
2058
+ "use strict";
2059
+ init_mod();
2060
+ init_cipherSuiteNative();
2061
+ init_dhkemNative();
2062
+ CipherSuite = class extends CipherSuiteNative {
2063
+ };
2064
+ DhkemP256HkdfSha256 = class extends DhkemP256HkdfSha256Native {
2065
+ };
2066
+ DhkemP384HkdfSha384 = class extends DhkemP384HkdfSha384Native {
2067
+ };
2068
+ DhkemP521HkdfSha512 = class extends DhkemP521HkdfSha512Native {
2069
+ };
2070
+ HkdfSha256 = class extends HkdfSha256Native {
2071
+ };
2072
+ HkdfSha384 = class extends HkdfSha384Native {
2073
+ };
2074
+ HkdfSha512 = class extends HkdfSha512Native {
2075
+ };
2076
+ }
2077
+ });
2078
+
2079
+ // ../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/kems/dhkemPrimitives/x25519.js
2080
+ var ALG_NAME, PKCS8_ALG_ID_X25519, X25519;
2081
+ var init_x25519 = __esm({
2082
+ "../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/kems/dhkemPrimitives/x25519.js"() {
2083
+ "use strict";
2084
+ init_mod();
2085
+ ALG_NAME = "X25519";
2086
+ PKCS8_ALG_ID_X25519 = new Uint8Array([
2087
+ 48,
2088
+ 46,
2089
+ 2,
2090
+ 1,
2091
+ 0,
2092
+ 48,
2093
+ 5,
2094
+ 6,
2095
+ 3,
2096
+ 43,
2097
+ 101,
2098
+ 110,
2099
+ 4,
2100
+ 34,
2101
+ 4,
2102
+ 32
2103
+ ]);
2104
+ X25519 = class extends NativeAlgorithm {
2105
+ constructor(hkdf) {
2106
+ super();
2107
+ Object.defineProperty(this, "_hkdf", {
2108
+ enumerable: true,
2109
+ configurable: true,
2110
+ writable: true,
2111
+ value: void 0
2112
+ });
2113
+ Object.defineProperty(this, "_alg", {
2114
+ enumerable: true,
2115
+ configurable: true,
2116
+ writable: true,
2117
+ value: void 0
2118
+ });
2119
+ Object.defineProperty(this, "_nPk", {
2120
+ enumerable: true,
2121
+ configurable: true,
2122
+ writable: true,
2123
+ value: void 0
2124
+ });
2125
+ Object.defineProperty(this, "_nSk", {
2126
+ enumerable: true,
2127
+ configurable: true,
2128
+ writable: true,
2129
+ value: void 0
2130
+ });
2131
+ Object.defineProperty(this, "_nDh", {
2132
+ enumerable: true,
2133
+ configurable: true,
2134
+ writable: true,
2135
+ value: void 0
2136
+ });
2137
+ Object.defineProperty(this, "_pkcs8AlgId", {
2138
+ enumerable: true,
2139
+ configurable: true,
2140
+ writable: true,
2141
+ value: void 0
2142
+ });
2143
+ this._alg = { name: ALG_NAME };
2144
+ this._hkdf = hkdf;
2145
+ this._nPk = 32;
2146
+ this._nSk = 32;
2147
+ this._nDh = 32;
2148
+ this._pkcs8AlgId = PKCS8_ALG_ID_X25519;
2149
+ }
2150
+ async serializePublicKey(key) {
2151
+ await this._setup();
2152
+ try {
2153
+ return await this._api.exportKey("raw", key);
2154
+ } catch (e) {
2155
+ throw new SerializeError(e);
2156
+ }
2157
+ }
2158
+ async deserializePublicKey(key) {
2159
+ await this._setup();
2160
+ try {
2161
+ return await this._importRawKey(key, true);
2162
+ } catch (e) {
2163
+ throw new DeserializeError(e);
2164
+ }
2165
+ }
2166
+ async serializePrivateKey(key) {
2167
+ await this._setup();
2168
+ try {
2169
+ const jwk = await this._api.exportKey("jwk", key);
2170
+ if (!("d" in jwk)) {
2171
+ throw new Error("Not private key");
2172
+ }
2173
+ return base64UrlToBytes(jwk["d"]).buffer;
2174
+ } catch (e) {
2175
+ throw new SerializeError(e);
2176
+ }
2177
+ }
2178
+ async deserializePrivateKey(key) {
2179
+ await this._setup();
2180
+ try {
2181
+ return await this._importRawKey(key, false);
2182
+ } catch (e) {
2183
+ throw new DeserializeError(e);
2184
+ }
2185
+ }
2186
+ async importKey(format, key, isPublic) {
2187
+ await this._setup();
2188
+ try {
2189
+ if (format === "raw") {
2190
+ return await this._importRawKey(key, isPublic);
2191
+ }
2192
+ if (key instanceof ArrayBuffer) {
2193
+ throw new Error("Invalid jwk key format");
2194
+ }
2195
+ return await this._importJWK(key, isPublic);
2196
+ } catch (e) {
2197
+ throw new DeserializeError(e);
2198
+ }
2199
+ }
2200
+ async generateKeyPair() {
2201
+ await this._setup();
2202
+ try {
2203
+ return await this._api.generateKey(ALG_NAME, true, KEM_USAGES);
2204
+ } catch (e) {
2205
+ throw new NotSupportedError(e);
2206
+ }
2207
+ }
2208
+ async deriveKeyPair(ikm) {
2209
+ await this._setup();
2210
+ try {
2211
+ const dkpPrk = await this._hkdf.labeledExtract(EMPTY.buffer, LABEL_DKP_PRK, new Uint8Array(ikm));
2212
+ const rawSk = await this._hkdf.labeledExpand(dkpPrk, LABEL_SK, EMPTY, this._nSk);
2213
+ const rawSkBytes = new Uint8Array(rawSk);
2214
+ const sk = await this._deserializePkcs8Key(rawSkBytes);
2215
+ rawSkBytes.fill(0);
2216
+ return {
2217
+ privateKey: sk,
2218
+ publicKey: await this.derivePublicKey(sk)
2219
+ };
2220
+ } catch (e) {
2221
+ throw new DeriveKeyPairError(e);
2222
+ }
2223
+ }
2224
+ async derivePublicKey(key) {
2225
+ await this._setup();
2226
+ try {
2227
+ const jwk = await this._api.exportKey("jwk", key);
2228
+ delete jwk["d"];
2229
+ delete jwk["key_ops"];
2230
+ return await this._api.importKey("jwk", jwk, this._alg, true, []);
2231
+ } catch (e) {
2232
+ throw new DeserializeError(e);
2233
+ }
2234
+ }
2235
+ async dh(sk, pk) {
2236
+ await this._setup();
2237
+ try {
2238
+ const bits = await this._api.deriveBits({
2239
+ name: ALG_NAME,
2240
+ public: pk
2241
+ }, sk, this._nDh * 8);
2242
+ return bits;
2243
+ } catch (e) {
2244
+ throw new SerializeError(e);
2245
+ }
2246
+ }
2247
+ async _importRawKey(key, isPublic) {
2248
+ if (isPublic && key.byteLength !== this._nPk) {
2249
+ throw new Error("Invalid public key for the ciphersuite");
2250
+ }
2251
+ if (!isPublic && key.byteLength !== this._nSk) {
2252
+ throw new Error("Invalid private key for the ciphersuite");
2253
+ }
2254
+ if (isPublic) {
2255
+ return await this._api.importKey("raw", key, this._alg, true, []);
2256
+ }
2257
+ return await this._deserializePkcs8Key(new Uint8Array(key));
2258
+ }
2259
+ async _importJWK(key, isPublic) {
2260
+ if (typeof key.kty === "undefined" || key.kty !== "OKP") {
2261
+ throw new Error(`Invalid kty: ${key.crv}`);
2262
+ }
2263
+ if (typeof key.crv === "undefined" || key.crv !== ALG_NAME) {
2264
+ throw new Error(`Invalid crv: ${key.crv}`);
2265
+ }
2266
+ if (isPublic) {
2267
+ if (typeof key.d !== "undefined") {
2268
+ throw new Error("Invalid key: `d` should not be set");
2269
+ }
2270
+ return await this._api.importKey("jwk", key, this._alg, true, []);
2271
+ }
2272
+ if (typeof key.d === "undefined") {
2273
+ throw new Error("Invalid key: `d` not found");
2274
+ }
2275
+ return await this._api.importKey("jwk", key, this._alg, true, KEM_USAGES);
2276
+ }
2277
+ async _deserializePkcs8Key(k) {
2278
+ const pkcs8Key = new Uint8Array(this._pkcs8AlgId.length + k.length);
2279
+ pkcs8Key.set(this._pkcs8AlgId, 0);
2280
+ pkcs8Key.set(k, this._pkcs8AlgId.length);
2281
+ return await this._api.importKey("pkcs8", pkcs8Key, this._alg, true, KEM_USAGES);
2282
+ }
2283
+ };
2284
+ }
2285
+ });
2286
+
2287
+ // ../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/kems/dhkemX25519.js
2288
+ var DhkemX25519HkdfSha256;
2289
+ var init_dhkemX25519 = __esm({
2290
+ "../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/kems/dhkemX25519.js"() {
2291
+ "use strict";
2292
+ init_mod();
2293
+ init_x25519();
2294
+ DhkemX25519HkdfSha256 = class extends Dhkem {
2295
+ constructor() {
2296
+ const kdf = new HkdfSha256Native();
2297
+ super(KemId.DhkemX25519HkdfSha256, new X25519(kdf), kdf);
2298
+ Object.defineProperty(this, "id", {
2299
+ enumerable: true,
2300
+ configurable: true,
2301
+ writable: true,
2302
+ value: KemId.DhkemX25519HkdfSha256
2303
+ });
2304
+ Object.defineProperty(this, "secretSize", {
2305
+ enumerable: true,
2306
+ configurable: true,
2307
+ writable: true,
2308
+ value: 32
2309
+ });
2310
+ Object.defineProperty(this, "encSize", {
2311
+ enumerable: true,
2312
+ configurable: true,
2313
+ writable: true,
2314
+ value: 32
2315
+ });
2316
+ Object.defineProperty(this, "publicKeySize", {
2317
+ enumerable: true,
2318
+ configurable: true,
2319
+ writable: true,
2320
+ value: 32
2321
+ });
2322
+ Object.defineProperty(this, "privateKeySize", {
2323
+ enumerable: true,
2324
+ configurable: true,
2325
+ writable: true,
2326
+ value: 32
2327
+ });
2328
+ }
2329
+ };
2330
+ }
2331
+ });
2332
+
2333
+ // ../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/kems/dhkemPrimitives/x448.js
2334
+ var ALG_NAME2, PKCS8_ALG_ID_X448, X448;
2335
+ var init_x448 = __esm({
2336
+ "../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/kems/dhkemPrimitives/x448.js"() {
2337
+ "use strict";
2338
+ init_mod();
2339
+ ALG_NAME2 = "X448";
2340
+ PKCS8_ALG_ID_X448 = new Uint8Array([
2341
+ 48,
2342
+ 70,
2343
+ 2,
2344
+ 1,
2345
+ 0,
2346
+ 48,
2347
+ 5,
2348
+ 6,
2349
+ 3,
2350
+ 43,
2351
+ 101,
2352
+ 111,
2353
+ 4,
2354
+ 58,
2355
+ 4,
2356
+ 56
2357
+ ]);
2358
+ X448 = class extends NativeAlgorithm {
2359
+ constructor(hkdf) {
2360
+ super();
2361
+ Object.defineProperty(this, "_hkdf", {
2362
+ enumerable: true,
2363
+ configurable: true,
2364
+ writable: true,
2365
+ value: void 0
2366
+ });
2367
+ Object.defineProperty(this, "_alg", {
2368
+ enumerable: true,
2369
+ configurable: true,
2370
+ writable: true,
2371
+ value: void 0
2372
+ });
2373
+ Object.defineProperty(this, "_nPk", {
2374
+ enumerable: true,
2375
+ configurable: true,
2376
+ writable: true,
2377
+ value: void 0
2378
+ });
2379
+ Object.defineProperty(this, "_nSk", {
2380
+ enumerable: true,
2381
+ configurable: true,
2382
+ writable: true,
2383
+ value: void 0
2384
+ });
2385
+ Object.defineProperty(this, "_nDh", {
2386
+ enumerable: true,
2387
+ configurable: true,
2388
+ writable: true,
2389
+ value: void 0
2390
+ });
2391
+ Object.defineProperty(this, "_pkcs8AlgId", {
2392
+ enumerable: true,
2393
+ configurable: true,
2394
+ writable: true,
2395
+ value: void 0
2396
+ });
2397
+ this._alg = { name: ALG_NAME2 };
2398
+ this._hkdf = hkdf;
2399
+ this._nPk = 56;
2400
+ this._nSk = 56;
2401
+ this._nDh = 56;
2402
+ this._pkcs8AlgId = PKCS8_ALG_ID_X448;
2403
+ }
2404
+ async serializePublicKey(key) {
2405
+ await this._setup();
2406
+ try {
2407
+ return await this._api.exportKey("raw", key);
2408
+ } catch (e) {
2409
+ throw new SerializeError(e);
2410
+ }
2411
+ }
2412
+ async deserializePublicKey(key) {
2413
+ await this._setup();
2414
+ try {
2415
+ return await this._importRawKey(key, true);
2416
+ } catch (e) {
2417
+ throw new DeserializeError(e);
2418
+ }
2419
+ }
2420
+ async serializePrivateKey(key) {
2421
+ await this._setup();
2422
+ try {
2423
+ const jwk = await this._api.exportKey("jwk", key);
2424
+ if (!("d" in jwk)) {
2425
+ throw new Error("Not private key");
2426
+ }
2427
+ return base64UrlToBytes(jwk["d"]).buffer;
2428
+ } catch (e) {
2429
+ throw new SerializeError(e);
2430
+ }
2431
+ }
2432
+ async deserializePrivateKey(key) {
2433
+ await this._setup();
2434
+ try {
2435
+ return await this._importRawKey(key, false);
2436
+ } catch (e) {
2437
+ throw new DeserializeError(e);
2438
+ }
2439
+ }
2440
+ async importKey(format, key, isPublic) {
2441
+ await this._setup();
2442
+ try {
2443
+ if (format === "raw") {
2444
+ return await this._importRawKey(key, isPublic);
2445
+ }
2446
+ if (key instanceof ArrayBuffer) {
2447
+ throw new Error("Invalid jwk key format");
2448
+ }
2449
+ return await this._importJWK(key, isPublic);
2450
+ } catch (e) {
2451
+ throw new DeserializeError(e);
2452
+ }
2453
+ }
2454
+ async generateKeyPair() {
2455
+ await this._setup();
2456
+ try {
2457
+ return await this._api.generateKey(ALG_NAME2, true, KEM_USAGES);
2458
+ } catch (e) {
2459
+ throw new NotSupportedError(e);
2460
+ }
2461
+ }
2462
+ async deriveKeyPair(ikm) {
2463
+ await this._setup();
2464
+ try {
2465
+ const dkpPrk = await this._hkdf.labeledExtract(EMPTY.buffer, LABEL_DKP_PRK, new Uint8Array(ikm));
2466
+ const rawSk = await this._hkdf.labeledExpand(dkpPrk, LABEL_SK, EMPTY, this._nSk);
2467
+ const rawSkBytes = new Uint8Array(rawSk);
2468
+ const sk = await this._deserializePkcs8Key(rawSkBytes);
2469
+ rawSkBytes.fill(0);
2470
+ return {
2471
+ privateKey: sk,
2472
+ publicKey: await this.derivePublicKey(sk)
2473
+ };
2474
+ } catch (e) {
2475
+ throw new DeriveKeyPairError(e);
2476
+ }
2477
+ }
2478
+ async derivePublicKey(key) {
2479
+ await this._setup();
2480
+ try {
2481
+ const jwk = await this._api.exportKey("jwk", key);
2482
+ delete jwk["d"];
2483
+ delete jwk["key_ops"];
2484
+ return await this._api.importKey("jwk", jwk, this._alg, true, []);
2485
+ } catch (e) {
2486
+ throw new DeserializeError(e);
2487
+ }
2488
+ }
2489
+ async dh(sk, pk) {
2490
+ await this._setup();
2491
+ try {
2492
+ const bits = await this._api.deriveBits({
2493
+ name: ALG_NAME2,
2494
+ public: pk
2495
+ }, sk, this._nDh * 8);
2496
+ return bits;
2497
+ } catch (e) {
2498
+ throw new SerializeError(e);
2499
+ }
2500
+ }
2501
+ async _importRawKey(key, isPublic) {
2502
+ if (isPublic && key.byteLength !== this._nPk) {
2503
+ throw new Error("Invalid public key for the ciphersuite");
2504
+ }
2505
+ if (!isPublic && key.byteLength !== this._nSk) {
2506
+ throw new Error("Invalid private key for the ciphersuite");
2507
+ }
2508
+ if (isPublic) {
2509
+ return await this._api.importKey("raw", key, this._alg, true, []);
2510
+ }
2511
+ return await this._deserializePkcs8Key(new Uint8Array(key));
2512
+ }
2513
+ async _importJWK(key, isPublic) {
2514
+ if (typeof key.kty === "undefined" || key.kty !== "OKP") {
2515
+ throw new Error(`Invalid kty: ${key.crv}`);
2516
+ }
2517
+ if (typeof key.crv === "undefined" || key.crv !== ALG_NAME2) {
2518
+ throw new Error(`Invalid crv: ${key.crv}`);
2519
+ }
2520
+ if (isPublic) {
2521
+ if (typeof key.d !== "undefined") {
2522
+ throw new Error("Invalid key: `d` should not be set");
2523
+ }
2524
+ return await this._api.importKey("jwk", key, this._alg, true, []);
2525
+ }
2526
+ if (typeof key.d === "undefined") {
2527
+ throw new Error("Invalid key: `d` not found");
2528
+ }
2529
+ return await this._api.importKey("jwk", key, this._alg, true, KEM_USAGES);
2530
+ }
2531
+ async _deserializePkcs8Key(k) {
2532
+ const pkcs8Key = new Uint8Array(this._pkcs8AlgId.length + k.length);
2533
+ pkcs8Key.set(this._pkcs8AlgId, 0);
2534
+ pkcs8Key.set(k, this._pkcs8AlgId.length);
2535
+ return await this._api.importKey("pkcs8", pkcs8Key, this._alg, true, KEM_USAGES);
2536
+ }
2537
+ };
2538
+ }
2539
+ });
2540
+
2541
+ // ../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/kems/dhkemX448.js
2542
+ var DhkemX448HkdfSha512;
2543
+ var init_dhkemX448 = __esm({
2544
+ "../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/kems/dhkemX448.js"() {
2545
+ "use strict";
2546
+ init_mod();
2547
+ init_x448();
2548
+ DhkemX448HkdfSha512 = class extends Dhkem {
2549
+ constructor() {
2550
+ const kdf = new HkdfSha512Native();
2551
+ super(KemId.DhkemX448HkdfSha512, new X448(kdf), kdf);
2552
+ Object.defineProperty(this, "id", {
2553
+ enumerable: true,
2554
+ configurable: true,
2555
+ writable: true,
2556
+ value: KemId.DhkemX448HkdfSha512
2557
+ });
2558
+ Object.defineProperty(this, "secretSize", {
2559
+ enumerable: true,
2560
+ configurable: true,
2561
+ writable: true,
2562
+ value: 64
2563
+ });
2564
+ Object.defineProperty(this, "encSize", {
2565
+ enumerable: true,
2566
+ configurable: true,
2567
+ writable: true,
2568
+ value: 56
2569
+ });
2570
+ Object.defineProperty(this, "publicKeySize", {
2571
+ enumerable: true,
2572
+ configurable: true,
2573
+ writable: true,
2574
+ value: 56
2575
+ });
2576
+ Object.defineProperty(this, "privateKeySize", {
2577
+ enumerable: true,
2578
+ configurable: true,
2579
+ writable: true,
2580
+ value: 56
2581
+ });
2582
+ }
2583
+ };
2584
+ }
2585
+ });
2586
+
2587
+ // ../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/mod.js
2588
+ var init_mod2 = __esm({
2589
+ "../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/mod.js"() {
2590
+ init_mod();
2591
+ init_aesGcm();
2592
+ init_exportOnly();
2593
+ init_native();
2594
+ init_dhkemX25519();
2595
+ init_dhkemX448();
2596
+ }
2597
+ });
2598
+ init_mod2();
2599
+ export {
2600
+ AeadId,
2601
+ Aes128Gcm,
2602
+ Aes256Gcm,
2603
+ CipherSuite,
2604
+ DecapError,
2605
+ DeriveKeyPairError,
2606
+ DeserializeError,
2607
+ DhkemP256HkdfSha256,
2608
+ DhkemP384HkdfSha384,
2609
+ DhkemP521HkdfSha512,
2610
+ DhkemX25519HkdfSha256,
2611
+ DhkemX448HkdfSha512,
2612
+ EncapError,
2613
+ ExportError,
2614
+ ExportOnly,
2615
+ HkdfSha256,
2616
+ HkdfSha384,
2617
+ HkdfSha512,
2618
+ HpkeError,
2619
+ InvalidParamError,
2620
+ KdfId,
2621
+ KemId,
2622
+ MessageLimitReachedError,
2623
+ NotSupportedError,
2624
+ OpenError,
2625
+ SealError,
2626
+ SerializeError,
2627
+ ValidationError
2628
+ };