@bananalink-sdk/protocol 1.2.7

package/dist/crypto/providers/node-provider.js

@@ -0,0 +1,306 @@
+import { registerCryptoProvider } from '../../chunk-TCVKC227.js';
+import { __name, __require } from '../../chunk-WCQVDF3K.js';
+
+// src/crypto/providers/node-provider.ts
+var _NodeCryptoKeyWrapper = class _NodeCryptoKeyWrapper {
+  constructor(keyObject, keyType) {
+    this.keyObject = keyObject;
+    this.keyType = keyType;
+  }
+  get type() {
+    return this.keyType;
+  }
+  get algorithm() {
+    return "ECDH-P256";
+  }
+  get extractable() {
+    return true;
+  }
+  get usages() {
+    return this.keyType === "secret" ? ["encrypt", "decrypt"] : ["deriveKey"];
+  }
+  get nativeKey() {
+    return this.keyObject;
+  }
+};
+__name(_NodeCryptoKeyWrapper, "NodeCryptoKeyWrapper");
+var NodeCryptoKeyWrapper = _NodeCryptoKeyWrapper;
+function unwrapKeyObject(keyLike) {
+  if (keyLike instanceof NodeCryptoKeyWrapper) {
+    return keyLike.nativeKey;
+  }
+  return keyLike;
+}
+__name(unwrapKeyObject, "unwrapKeyObject");
+var _NodeCryptoProvider = class _NodeCryptoProvider {
+  constructor(logger) {
+    this.name = "NodeCrypto";
+    this.cryptoModule = null;
+    if (!this.isAvailable) {
+      throw new Error("Node.js crypto module not available in this environment");
+    }
+    this.logger = logger?.child({ component: "NodeCryptoProvider" });
+  }
+  get isAvailable() {
+    try {
+      if (typeof process === "undefined" || !process.versions?.node) {
+        return false;
+      }
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Get crypto module instance via dynamic import
+   * This prevents Metro bundler from trying to resolve 'crypto' at build time
+   */
+  async getCrypto() {
+    if (!this.cryptoModule) {
+      try {
+        this.cryptoModule = await import('crypto');
+      } catch {
+        throw new Error(
+          "Failed to load Node.js crypto module. This provider requires a Node.js environment."
+        );
+      }
+    }
+    return this.cryptoModule;
+  }
+  /**
+   * Generate ECDH P-256 key pair using Node.js crypto
+   */
+  async generateKeyPair() {
+    this.logger?.debug("Generating ECDH P-256 key pair with Node.js crypto");
+    const cryptoModule = await this.getCrypto();
+    return new Promise((resolve, reject) => {
+      cryptoModule.generateKeyPair(
+        "ec",
+        {
+          namedCurve: "prime256v1",
+          // P-256
+          publicKeyEncoding: { type: "spki", format: "der" },
+          privateKeyEncoding: { type: "pkcs8", format: "der" }
+        },
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        (err, publicKey, privateKey) => {
+          if (err) {
+            this.logger?.error("Key pair generation failed", { error: err });
+            reject(err);
+            return;
+          }
+          this.logger?.debug("Key pair generation completed");
+          resolve({
+            publicKey: new NodeCryptoKeyWrapper(publicKey, "public"),
+            privateKey: new NodeCryptoKeyWrapper(privateKey, "private")
+          });
+        }
+      );
+    });
+  }
+  /**
+   * Export public key to raw ArrayBuffer format (65 bytes uncompressed)
+   */
+  async exportPublicKey(publicKey) {
+    this.logger?.debug("Exporting public key");
+    const cryptoModule = await this.getCrypto();
+    const keyObject = unwrapKeyObject(publicKey);
+    const keyObj = keyObject instanceof Buffer ? cryptoModule.createPublicKey({ key: keyObject, format: "der", type: "spki" }) : keyObject;
+    const jwk = keyObj.export({ format: "jwk" });
+    const x = Buffer.from(jwk.x, "base64url");
+    const y = Buffer.from(jwk.y, "base64url");
+    const uncompressed = Buffer.concat([Buffer.from([4]), x, y]);
+    return await Promise.resolve(
+      uncompressed.buffer.slice(
+        uncompressed.byteOffset,
+        uncompressed.byteOffset + uncompressed.byteLength
+      )
+    );
+  }
+  /**
+   * Export private key to raw ArrayBuffer format (32 bytes)
+   */
+  async exportPrivateKey(privateKey) {
+    this.logger?.debug("Exporting private key");
+    const cryptoModule = await this.getCrypto();
+    const keyObject = unwrapKeyObject(privateKey);
+    const keyBuffer = keyObject instanceof Buffer ? keyObject : Buffer.from(keyObject);
+    const keyObj = cryptoModule.createPrivateKey({
+      key: keyBuffer,
+      format: "der",
+      type: "pkcs8"
+    });
+    const jwk = keyObj.export({ format: "jwk" });
+    const dValue = Buffer.from(jwk.d, "base64url");
+    return await Promise.resolve(
+      dValue.buffer.slice(dValue.byteOffset, dValue.byteOffset + dValue.byteLength)
+    );
+  }
+  /**
+   * Import public key from raw ArrayBuffer format
+   */
+  async importPublicKey(keyData) {
+    this.logger?.debug("Importing public key");
+    const cryptoModule = await this.getCrypto();
+    const keyBuffer = Buffer.from(keyData);
+    if (keyBuffer.length !== 65 || keyBuffer[0] !== 4) {
+      throw new Error("Invalid public key format: expected 65 bytes uncompressed point");
+    }
+    const x = keyBuffer.slice(1, 33);
+    const y = keyBuffer.slice(33, 65);
+    const jwk = {
+      kty: "EC",
+      crv: "P-256",
+      x: x.toString("base64url"),
+      y: y.toString("base64url")
+    };
+    const keyObject = cryptoModule.createPublicKey({ key: jwk, format: "jwk" });
+    return await Promise.resolve(new NodeCryptoKeyWrapper(keyObject, "public"));
+  }
+  /**
+   * Import private key from raw ArrayBuffer format
+   */
+  async importPrivateKey(keyData) {
+    this.logger?.debug("Importing private key");
+    const cryptoModule = await this.getCrypto();
+    const keyBuffer = Buffer.from(keyData);
+    if (keyBuffer.length !== 32) {
+      throw new Error("Invalid private key format: expected 32 bytes");
+    }
+    const jwk = {
+      kty: "EC",
+      crv: "P-256",
+      d: keyBuffer.toString("base64url")
+    };
+    const keyObject = cryptoModule.createPrivateKey({ key: jwk, format: "jwk" });
+    return await Promise.resolve(new NodeCryptoKeyWrapper(keyObject, "private"));
+  }
+  /**
+   * Derive shared secret using ECDH
+   */
+  async deriveSharedSecret(privateKey, publicKey) {
+    this.logger?.debug("Deriving shared secret");
+    const cryptoModule = await this.getCrypto();
+    const ecdh = cryptoModule.createECDH("prime256v1");
+    const privateRaw = await this.exportPrivateKey(privateKey);
+    ecdh.setPrivateKey(Buffer.from(privateRaw));
+    const publicRaw = await this.exportPublicKey(publicKey);
+    const sharedSecret = ecdh.computeSecret(Buffer.from(publicRaw));
+    const keyObject = cryptoModule.createSecretKey(sharedSecret);
+    return new NodeCryptoKeyWrapper(keyObject, "secret");
+  }
+  /**
+   * Derive AES-GCM encryption key using HKDF-SHA256
+   */
+  async deriveEncryptionKey(sharedSecret, salt, info) {
+    this.logger?.debug("Deriving AES-GCM encryption key");
+    const cryptoModule = await this.getCrypto();
+    const keyObject = unwrapKeyObject(sharedSecret);
+    const sharedSecretRaw = keyObject.export();
+    const derivedKey = cryptoModule.hkdfSync(
+      "sha256",
+      Buffer.isBuffer(sharedSecretRaw) ? sharedSecretRaw : Buffer.from(sharedSecretRaw),
+      Buffer.from(salt),
+      Buffer.from(info),
+      32
+      // 256 bits
+    );
+    const aesKeyObject = cryptoModule.createSecretKey(derivedKey);
+    return await Promise.resolve(new NodeCryptoKeyWrapper(aesKeyObject, "secret"));
+  }
+  /**
+   * Encrypt data using AES-256-GCM
+   */
+  async encrypt(key, data, iv) {
+    this.logger?.debug("Encrypting with AES-256-GCM");
+    const cryptoModule = await this.getCrypto();
+    const keyObject = unwrapKeyObject(key);
+    const cipher = cryptoModule.createCipheriv(
+      "aes-256-gcm",
+      // eslint-disable-next-line @typescript-eslint/no-unsafe-argument, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any
+      keyObject.export(),
+      Buffer.from(iv)
+    );
+    const encrypted = Buffer.concat([
+      cipher.update(Buffer.from(data)),
+      cipher.final(),
+      cipher.getAuthTag()
+    ]);
+    return await Promise.resolve(
+      encrypted.buffer.slice(
+        encrypted.byteOffset,
+        encrypted.byteOffset + encrypted.byteLength
+      )
+    );
+  }
+  /**
+   * Decrypt data using AES-256-GCM
+   */
+  async decrypt(key, data, iv) {
+    this.logger?.debug("Decrypting with AES-256-GCM");
+    const cryptoModule = await this.getCrypto();
+    const keyObject = unwrapKeyObject(key);
+    const dataBuffer = Buffer.from(data);
+    const authTag = dataBuffer.slice(-16);
+    const ciphertext = dataBuffer.slice(0, -16);
+    const decipher = cryptoModule.createDecipheriv(
+      "aes-256-gcm",
+      // eslint-disable-next-line @typescript-eslint/no-unsafe-argument, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any
+      keyObject.export(),
+      Buffer.from(iv)
+    );
+    decipher.setAuthTag(authTag);
+    const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+    return await Promise.resolve(
+      decrypted.buffer.slice(
+        decrypted.byteOffset,
+        decrypted.byteOffset + decrypted.byteLength
+      )
+    );
+  }
+  /**
+   * Generate HMAC-SHA256 authentication code
+   */
+  async generateHMAC(key, data) {
+    this.logger?.debug("Generating HMAC-SHA256");
+    const cryptoModule = await this.getCrypto();
+    const keyObject = unwrapKeyObject(key);
+    const hmac = cryptoModule.createHmac("sha256", keyObject.export());
+    hmac.update(Buffer.from(data));
+    const mac = hmac.digest();
+    return await Promise.resolve(mac.buffer.slice(mac.byteOffset, mac.byteOffset + mac.byteLength));
+  }
+  /**
+   * Verify HMAC-SHA256 authentication code
+   */
+  async verifyHMAC(key, data, mac) {
+    this.logger?.debug("Verifying HMAC-SHA256");
+    const cryptoModule = await this.getCrypto();
+    const computed = await this.generateHMAC(key, data);
+    const expected = new Uint8Array(mac);
+    const actual = new Uint8Array(computed);
+    if (expected.length !== actual.length) {
+      return false;
+    }
+    return cryptoModule.timingSafeEqual(
+      Buffer.from(expected),
+      Buffer.from(actual)
+    );
+  }
+  /**
+   * Generate cryptographically secure random bytes
+   * Note: This is a synchronous method, so it uses require() instead of dynamic import
+   */
+  randomBytes(length) {
+    const cryptoModule = this.cryptoModule ?? __require("crypto");
+    const buffer = cryptoModule.randomBytes(length);
+    return buffer.buffer.slice(buffer.byteOffset, buffer.byteOffset + buffer.byteLength);
+  }
+};
+__name(_NodeCryptoProvider, "NodeCryptoProvider");
+var NodeCryptoProvider = _NodeCryptoProvider;
+registerCryptoProvider("node", (logger) => new NodeCryptoProvider(logger));
+
+export { NodeCryptoProvider };
+//# sourceMappingURL=node-provider.js.map
+//# sourceMappingURL=node-provider.js.map

package/dist/crypto/providers/node-provider.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/crypto/providers/node-provider.ts"],"names":[],"mappings":";;;;AAaA,IAAM,qBAAA,GAAN,MAAM,qBAAA,CAA8C;AAAA,EAClD,WAAA,CACmB,WACA,OAAA,EACjB;AAFiB,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA,EAChB;AAAA,EAEH,IAAI,IAAA,GAAwC;AAC1C,IAAA,OAAO,IAAA,CAAK,OAAA;AAAA,EACd;AAAA,EAEA,IAAI,SAAA,GAAoB;AACtB,IAAA,OAAO,WAAA;AAAA,EACT;AAAA,EAEA,IAAI,WAAA,GAAuB;AACzB,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,IAAI,MAAA,GAA4B;AAC9B,IAAA,OAAO,IAAA,CAAK,YAAY,QAAA,GAAW,CAAC,WAAW,SAAS,CAAA,GAAI,CAAC,WAAW,CAAA;AAAA,EAC1E;AAAA,EAEA,IAAI,SAAA,GAAqB;AACvB,IAAA,OAAO,IAAA,CAAK,SAAA;AAAA,EACd;AACF,CAAA;AAzBoD,MAAA,CAAA,qBAAA,EAAA,sBAAA,CAAA;AAApD,IAAM,oBAAA,GAAN,qBAAA;AA8BA,SAAS,gBAAgB,OAAA,EAAiC;AACxD,EAAA,IAAI,mBAAmB,oBAAA,EAAsB;AAC3C,IAAA,OAAO,OAAA,CAAQ,SAAA;AAAA,EACjB;AAEA,EAAA,OAAO,OAAA;AACT;AANS,MAAA,CAAA,eAAA,EAAA,iBAAA,CAAA;AAyBF,IAAM,mBAAA,GAAN,MAAM,mBAAA,CAA6C;AAAA,EAkBxD,YAAY,MAAA,EAAiB;AAjB7B,IAAA,IAAA,CAAgB,IAAA,GAAO,YAAA;AAEvB,IAAA,IAAA,CAAQ,YAAA,GAAkC,IAAA;AAgBxC,IAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACrB,MAAA,MAAM,IAAI,MAAM,yDAAyD,CAAA;AAAA,IAC3E;AACA,IAAA,IAAA,CAAK,SAAS,MAAA,EAAQ,KAAA,CAAM,EAAE,SAAA,EAAW,sBAAsB,CAAA;AAAA,EACjE;AAAA,EAlBA,IAAW,WAAA,GAAuB;AAChC,IAAA,IAAI;AAEF,MAAA,IAAI,OAAO,OAAA,KAAY,WAAA,IAAe,CAAC,OAAA,CAAQ,UAAU,IAAA,EAAM;AAC7D,QAAA,OAAO,KAAA;AAAA,MACT;AAEA,MAAA,OAAO,IAAA;AAAA,IACT,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAc,SAAA,GAAiC;AAC7C,IAAA,IAAI,CAAC,KAAK,YAAA,EAAc;AACtB,MAAA,IAAI;AAEF,QAAA,IAAA,CAAK,YAAA,GAAe,MAAM,OAAO,QAAQ,CAAA;AAAA,MAC3C,CAAA,CAAA,MAAQ;AACN,QAAA,MAAM,IAAI,KAAA;AAAA,UACR;AAAA,SAEF;AAAA,MACF;AAAA,IACF;AACA,IAAA,OAAO,IAAA,CAAK,YAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eAAA,GAA4C;AAChD,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,oDAAoD,CAAA;AACvE,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAE1C,IAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,OAAA,EAAS,MAAA,KAAW;AACtC,MAAA,YAAA,CAAa,eAAA;AAAA,QACX,IAAA;AAAA,QACA;AAAA,UACE,UAAA,EAAY,YAAA;AAAA;AAAA,UACZ,iBAAA,EAAmB,EAAE,IAAA,EAAM,MAAA,EAAQ,QAAQ,KAAA,EAAM;AAAA,UACjD,kBAAA,EAAoB,EAAE,IAAA,EAAM,OAAA,EAAS,QAAQ,KAAA;AAAM,SACrD;AAAA;AAAA,QAEA,CAAC,GAAA,EAAmB,SAAA,EAAgB,UAAA,KAAoB;AACtD,UAAA,IAAI,GAAA,EAAK;AACP,YAAA,IAAA,CAAK,QAAQ,KAAA,CAAM,4BAAA,EAA8B,EAAE,KAAA,EAAO,KAAK,CAAA;AAC/D,YAAA,MAAA,CAAO,GAAG,CAAA;AACV,YAAA;AAAA,UACF;AAEA,UAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,+BAA+B,CAAA;AAClD,UAAA,OAAA,CAAQ;AAAA,YACN,SAAA,EAAW,IAAI,oBAAA,CAAqB,SAAA,EAAW,QAAQ,CAAA;AAAA,YACvD,UAAA,EAAY,IAAI,oBAAA,CAAqB,UAAA,EAAY,SAAS;AAAA,WAC3D,CAAA;AAAA,QACH;AAAA,OACF;AAAA,IACF,CAAC,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,SAAA,EAAgD;AACpE,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,sBAAsB,CAAA;AACzC,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,SAAS,CAAA;AAG3C,IAAA,MAAM,MAAA,GAAS,SAAA,YAAqB,MAAA,GAChC,YAAA,CAAa,eAAA,CAAgB,EAAE,GAAA,EAAK,SAAA,EAAW,MAAA,EAAQ,KAAA,EAAO,IAAA,EAAM,MAAA,EAAQ,CAAA,GAC5E,SAAA;AAIJ,IAAA,MAAM,MAAO,MAAA,CAAe,MAAA,CAAO,EAAE,MAAA,EAAQ,OAAO,CAAA;AAEpD,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,IAAA,CAAK,GAAA,CAAI,GAAa,WAAW,CAAA;AAElD,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,IAAA,CAAK,GAAA,CAAI,GAAa,WAAW,CAAA;AAGlD,IAAA,MAAM,YAAA,GAAe,MAAA,CAAO,MAAA,CAAO,CAAC,MAAA,CAAO,IAAA,CAAK,CAAC,CAAI,CAAC,CAAA,EAAG,CAAA,EAAG,CAAC,CAAC,CAAA;AAE9D,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA;AAAA,MACnB,aAAa,MAAA,CAAO,KAAA;AAAA,QAClB,YAAA,CAAa,UAAA;AAAA,QACb,YAAA,CAAa,aAAa,YAAA,CAAa;AAAA;AACzC,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iBAAiB,UAAA,EAAiD;AACtE,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,uBAAuB,CAAA;AAC1C,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,UAAU,CAAA;AAG5C,IAAA,MAAM,YAAY,SAAA,YAAqB,MAAA,GAAS,SAAA,GAAY,MAAA,CAAO,KAAK,SAAwB,CAAA;AAChG,IAAA,MAAM,MAAA,GAAS,aAAa,gBAAA,CAAiB;AAAA,MAC3C,GAAA,EAAK,SAAA;AAAA,MACL,MAAA,EAAQ,KAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAGD,IAAA,MAAM,MAAM,MAAA,CAAO,MAAA,CAAO,EAAE,MAAA,EAAQ,OAAO,CAAA;AAC3C,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,IAAA,CAAK,GAAA,CAAI,GAAa,WAAW,CAAA;AAEvD,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA;AAAA,MACnB,MAAA,CAAO,OAAO,KAAA,CAAM,MAAA,CAAO,YAAY,MAAA,CAAO,UAAA,GAAa,OAAO,UAAU;AAAA,KAC9E;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,OAAA,EAA8C;AAClE,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,sBAAsB,CAAA;AACzC,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,MAAA,CAAO,IAAA,CAAK,OAAO,CAAA;AAGrC,IAAA,IAAI,UAAU,MAAA,KAAW,EAAA,IAAM,SAAA,CAAU,CAAC,MAAM,CAAA,EAAM;AACpD,MAAA,MAAM,IAAI,MAAM,iEAAiE,CAAA;AAAA,IACnF;AAIA,IAAA,MAAM,CAAA,GAAI,SAAA,CAAU,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA;AAC/B,IAAA,MAAM,CAAA,GAAI,SAAA,CAAU,KAAA,CAAM,EAAA,EAAI,EAAE,CAAA;AAGhC,IAAA,MAAM,GAAA,GAAM;AAAA,MACV,GAAA,EAAK,IAAA;AAAA,MACL,GAAA,EAAK,OAAA;AAAA,MACL,CAAA,EAAG,CAAA,CAAE,QAAA,CAAS,WAAW,CAAA;AAAA,MACzB,CAAA,EAAG,CAAA,CAAE,QAAA,CAAS,WAAW;AAAA,KAC3B;AAEA,IAAA,MAAM,SAAA,GAAY,aAAa,eAAA,CAAgB,EAAE,KAAK,GAAA,EAAK,MAAA,EAAQ,OAAO,CAAA;AAC1E,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA,CAAQ,IAAI,oBAAA,CAAqB,SAAA,EAAW,QAAQ,CAAC,CAAA;AAAA,EAC5E;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iBAAiB,OAAA,EAA8C;AACnE,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,uBAAuB,CAAA;AAC1C,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,MAAA,CAAO,IAAA,CAAK,OAAO,CAAA;AAErC,IAAA,IAAI,SAAA,CAAU,WAAW,EAAA,EAAI;AAC3B,MAAA,MAAM,IAAI,MAAM,+CAA+C,CAAA;AAAA,IACjE;AAGA,IAAA,MAAM,GAAA,GAAM;AAAA,MACV,GAAA,EAAK,IAAA;AAAA,MACL,GAAA,EAAK,OAAA;AAAA,MACL,CAAA,EAAG,SAAA,CAAU,QAAA,CAAS,WAAW;AAAA,KACnC;AAEA,IAAA,MAAM,SAAA,GAAY,aAAa,gBAAA,CAAiB,EAAE,KAAK,GAAA,EAAK,MAAA,EAAQ,OAAO,CAAA;AAC3E,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA,CAAQ,IAAI,oBAAA,CAAqB,SAAA,EAAW,SAAS,CAAC,CAAA;AAAA,EAC7E;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,kBAAA,CAAmB,UAAA,EAA2B,SAAA,EAAkD;AACpG,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,wBAAwB,CAAA;AAC3C,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAG1C,IAAA,MAAM,IAAA,GAAO,YAAA,CAAa,UAAA,CAAW,YAAY,CAAA;AAGjD,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,gBAAA,CAAiB,UAAU,CAAA;AACzD,IAAA,IAAA,CAAK,aAAA,CAAc,MAAA,CAAO,IAAA,CAAK,UAAU,CAAC,CAAA;AAG1C,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,eAAA,CAAgB,SAAS,CAAA;AACtD,IAAA,MAAM,eAAe,IAAA,CAAK,aAAA,CAAc,MAAA,CAAO,IAAA,CAAK,SAAS,CAAC,CAAA;AAG9D,IAAA,MAAM,SAAA,GAAY,YAAA,CAAa,eAAA,CAAgB,YAAY,CAAA;AAC3D,IAAA,OAAO,IAAI,oBAAA,CAAqB,SAAA,EAAW,QAAQ,CAAA;AAAA,EACrD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBAAA,CACJ,YAAA,EACA,IAAA,EACA,IAAA,EACwB;AACxB,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,iCAAiC,CAAA;AACpD,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAG1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,YAAY,CAAA;AAE9C,IAAA,MAAM,eAAA,GAAmB,UAAkB,MAAA,EAAO;AAGlD,IAAA,MAAM,aAAa,YAAA,CAAa,QAAA;AAAA,MAC9B,QAAA;AAAA,MACA,OAAO,QAAA,CAAS,eAAe,IAAI,eAAA,GAAkB,MAAA,CAAO,KAAK,eAAe,CAAA;AAAA,MAChF,MAAA,CAAO,KAAK,IAAI,CAAA;AAAA,MAChB,MAAA,CAAO,KAAK,IAAI,CAAA;AAAA,MAChB;AAAA;AAAA,KACF;AAGA,IAAA,MAAM,YAAA,GAAe,YAAA,CAAa,eAAA,CAAgB,UAAU,CAAA;AAC5D,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA,CAAQ,IAAI,oBAAA,CAAqB,YAAA,EAAc,QAAQ,CAAC,CAAA;AAAA,EAC/E;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAA,CAAQ,GAAA,EAAoB,IAAA,EAAmB,EAAA,EAAuC;AAC1F,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,6BAA6B,CAAA;AAChD,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,GAAG,CAAA;AAErC,IAAA,MAAM,SAAS,YAAA,CAAa,cAAA;AAAA,MAC1B,aAAA;AAAA;AAAA,MAEC,UAAkB,MAAA,EAAO;AAAA,MAC1B,MAAA,CAAO,KAAK,EAAE;AAAA,KAChB;AAEA,IAAA,MAAM,SAAA,GAAY,OAAO,MAAA,CAAO;AAAA,MAC9B,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,CAAA;AAAA,MAC/B,OAAO,KAAA,EAAM;AAAA,MACb,OAAO,UAAA;AAAW,KACnB,CAAA;AAED,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA;AAAA,MACnB,UAAU,MAAA,CAAO,KAAA;AAAA,QACf,SAAA,CAAU,UAAA;AAAA,QACV,SAAA,CAAU,aAAa,SAAA,CAAU;AAAA;AACnC,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAA,CAAQ,GAAA,EAAoB,IAAA,EAAmB,EAAA,EAAuC;AAC1F,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,6BAA6B,CAAA;AAChD,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,GAAG,CAAA;AACrC,IAAA,MAAM,UAAA,GAAa,MAAA,CAAO,IAAA,CAAK,IAAI,CAAA;AAGnC,IAAA,MAAM,OAAA,GAAU,UAAA,CAAW,KAAA,CAAM,GAAG,CAAA;AACpC,IAAA,MAAM,UAAA,GAAa,UAAA,CAAW,KAAA,CAAM,CAAA,EAAG,GAAG,CAAA;AAE1C,IAAA,MAAM,WAAW,YAAA,CAAa,gBAAA;AAAA,MAC5B,aAAA;AAAA;AAAA,MAEC,UAAkB,MAAA,EAAO;AAAA,MAC1B,MAAA,CAAO,KAAK,EAAE;AAAA,KAChB;AACA,IAAA,QAAA,CAAS,WAAW,OAAO,CAAA;AAE3B,IAAA,MAAM,SAAA,GAAY,MAAA,CAAO,MAAA,CAAO,CAAC,QAAA,CAAS,MAAA,CAAO,UAAU,CAAA,EAAG,QAAA,CAAS,KAAA,EAAO,CAAC,CAAA;AAE/E,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA;AAAA,MACnB,UAAU,MAAA,CAAO,KAAA;AAAA,QACf,SAAA,CAAU,UAAA;AAAA,QACV,SAAA,CAAU,aAAa,SAAA,CAAU;AAAA;AACnC,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YAAA,CAAa,GAAA,EAAoB,IAAA,EAAyC;AAC9E,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,wBAAwB,CAAA;AAC3C,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,GAAG,CAAA;AAGrC,IAAA,MAAM,OAAO,YAAA,CAAa,UAAA,CAAW,QAAA,EAAW,SAAA,CAAkB,QAAQ,CAAA;AAC1E,IAAA,IAAA,CAAK,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,CAAA;AAC7B,IAAA,MAAM,GAAA,GAAM,KAAK,MAAA,EAAO;AAExB,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,MAAA,CAAO,KAAA,CAAM,GAAA,CAAI,UAAA,EAAY,GAAA,CAAI,UAAA,GAAa,GAAA,CAAI,UAAU,CAAC,CAAA;AAAA,EAChG;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAA,CAAW,GAAA,EAAoB,IAAA,EAAmB,GAAA,EAAoC;AAC1F,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,uBAAuB,CAAA;AAC1C,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,YAAA,CAAa,KAAK,IAAI,CAAA;AAClD,IAAA,MAAM,QAAA,GAAW,IAAI,UAAA,CAAW,GAAG,CAAA;AACnC,IAAA,MAAM,MAAA,GAAS,IAAI,UAAA,CAAW,QAAQ,CAAA;AAEtC,IAAA,IAAI,QAAA,CAAS,MAAA,KAAW,MAAA,CAAO,MAAA,EAAQ;AACrC,MAAA,OAAO,KAAA;AAAA,IACT;AAGA,IAAA,OAAO,YAAA,CAAa,eAAA;AAAA,MAClB,MAAA,CAAO,KAAK,QAAQ,CAAA;AAAA,MACpB,MAAA,CAAO,KAAK,MAAM;AAAA,KACpB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,YAAY,MAAA,EAA6B;AAGvC,IAAA,MAAM,YAAA,GAAe,IAAA,CAAK,YAAA,IAAgB,SAAA,CAAQ,QAAQ,CAAA;AAC1D,IAAA,MAAM,MAAA,GAAS,YAAA,CAAa,WAAA,CAAY,MAAM,CAAA;AAC9C,IAAA,OAAO,MAAA,CAAO,OAAO,KAAA,CAAM,MAAA,CAAO,YAAY,MAAA,CAAO,UAAA,GAAa,OAAO,UAAU,CAAA;AAAA,EACrF;AACF,CAAA;AA5V0D,MAAA,CAAA,mBAAA,EAAA,oBAAA,CAAA;AAAnD,IAAM,kBAAA,GAAN;AAkWP,sBAAA,CAAuB,QAAQ,CAAC,MAAA,KAAW,IAAI,kBAAA,CAAmB,MAAM,CAAC,CAAA","file":"node-provider.js","sourcesContent":["import type { Logger } from '@bananalink-sdk/logger';\nimport type { CryptoProvider, CryptoKeyLike, ProviderKeyPair } from '../../types/crypto-provider';\nimport { registerCryptoProvider } from './registry';\n\n/**\n * Type definition for Node.js crypto module (loaded dynamically to prevent Metro bundling)\n */\ntype NodeCrypto = typeof import('crypto');\n\n/**\n * Node.js crypto.KeyObject wrapper to implement CryptoKeyLike interface\n * Note: keyObject type is unknown at compile time (crypto.KeyObject | Buffer at runtime)\n */\nclass NodeCryptoKeyWrapper implements CryptoKeyLike {\n  constructor(\n    private readonly keyObject: unknown, // crypto.KeyObject | Buffer at runtime\n    private readonly keyType: 'public' | 'private' | 'secret'\n  ) {}\n\n  get type(): 'public' | 'private' | 'secret' {\n    return this.keyType;\n  }\n\n  get algorithm(): string {\n    return 'ECDH-P256';\n  }\n\n  get extractable(): boolean {\n    return true;\n  }\n\n  get usages(): readonly string[] {\n    return this.keyType === 'secret' ? ['encrypt', 'decrypt'] : ['deriveKey'];\n  }\n\n  get nativeKey(): unknown {\n    return this.keyObject;\n  }\n}\n\n/**\n * Helper function to unwrap CryptoKeyLike to native KeyObject or Buffer\n */\nfunction unwrapKeyObject(keyLike: CryptoKeyLike): unknown {\n  if (keyLike instanceof NodeCryptoKeyWrapper) {\n    return keyLike.nativeKey;\n  }\n  // Assume it's already a KeyObject\n  return keyLike;\n}\n\n/**\n * Node.js crypto module implementation of CryptoProvider\n * Optimized for backend services with native crypto performance\n *\n * This provider uses the native Node.js crypto module which provides:\n * - Superior performance compared to Web Crypto API in Node.js\n * - Direct access to OpenSSL optimizations\n * - Zero additional dependencies\n * - Full support for ECDH P-256 and AES-256-GCM\n *\n * @example\n * ```typescript\n * import { NodeCryptoProvider } from '@bananalink-sdk/protocol/crypto/provider/node';\n * const provider = new NodeCryptoProvider();\n * const keyPair = await provider.generateKeyPair();\n * ```\n */\nexport class NodeCryptoProvider implements CryptoProvider {\n  public readonly name = 'NodeCrypto';\n  private readonly logger?: Logger;\n  private cryptoModule: NodeCrypto | null = null;\n\n  public get isAvailable(): boolean {\n    try {\n      // Check if we're in Node.js environment\n      if (typeof process === 'undefined' || !process.versions?.node) {\n        return false;\n      }\n      // Crypto module availability will be checked when getCrypto() is called\n      return true;\n    } catch {\n      return false;\n    }\n  }\n\n  constructor(logger?: Logger) {\n    if (!this.isAvailable) {\n      throw new Error('Node.js crypto module not available in this environment');\n    }\n    this.logger = logger?.child({ component: 'NodeCryptoProvider' });\n  }\n\n  /**\n   * Get crypto module instance via dynamic import\n   * This prevents Metro bundler from trying to resolve 'crypto' at build time\n   */\n  private async getCrypto(): Promise<NodeCrypto> {\n    if (!this.cryptoModule) {\n      try {\n        // Dynamic import prevents static analysis by bundlers\n        this.cryptoModule = await import('crypto');\n      } catch {\n        throw new Error(\n          'Failed to load Node.js crypto module. ' +\n          'This provider requires a Node.js environment.'\n        );\n      }\n    }\n    return this.cryptoModule;\n  }\n\n  /**\n   * Generate ECDH P-256 key pair using Node.js crypto\n   */\n  async generateKeyPair(): Promise<ProviderKeyPair> {\n    this.logger?.debug('Generating ECDH P-256 key pair with Node.js crypto');\n    const cryptoModule = await this.getCrypto();\n\n    return new Promise((resolve, reject) => {\n      cryptoModule.generateKeyPair(\n        'ec',\n        {\n          namedCurve: 'prime256v1', // P-256\n          publicKeyEncoding: { type: 'spki', format: 'der' },\n          privateKeyEncoding: { type: 'pkcs8', format: 'der' },\n        },\n        // eslint-disable-next-line @typescript-eslint/no-explicit-any\n        (err: Error | null, publicKey: any, privateKey: any) => {\n          if (err) {\n            this.logger?.error('Key pair generation failed', { error: err });\n            reject(err);\n            return;\n          }\n\n          this.logger?.debug('Key pair generation completed');\n          resolve({\n            publicKey: new NodeCryptoKeyWrapper(publicKey, 'public'),\n            privateKey: new NodeCryptoKeyWrapper(privateKey, 'private'),\n          });\n        }\n      );\n    });\n  }\n\n  /**\n   * Export public key to raw ArrayBuffer format (65 bytes uncompressed)\n   */\n  async exportPublicKey(publicKey: CryptoKeyLike): Promise<ArrayBuffer> {\n    this.logger?.debug('Exporting public key');\n    const cryptoModule = await this.getCrypto();\n    const keyObject = unwrapKeyObject(publicKey);\n\n    // If it's a Buffer (DER format from generateKeyPair), convert to KeyObject first\n    const keyObj = keyObject instanceof Buffer\n      ? cryptoModule.createPublicKey({ key: keyObject, format: 'der', type: 'spki' })\n      : keyObject;\n\n    // Export as JWK to get X/Y coordinates\n    // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any\n    const jwk = (keyObj as any).export({ format: 'jwk' });\n    // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n    const x = Buffer.from(jwk.x as string, 'base64url');\n    // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n    const y = Buffer.from(jwk.y as string, 'base64url');\n\n    // Construct 65-byte uncompressed point: 0x04 + X (32 bytes) + Y (32 bytes)\n    const uncompressed = Buffer.concat([Buffer.from([0x04]), x, y]);\n\n    return await Promise.resolve(\n      uncompressed.buffer.slice(\n        uncompressed.byteOffset,\n        uncompressed.byteOffset + uncompressed.byteLength\n      )\n    );\n  }\n\n  /**\n   * Export private key to raw ArrayBuffer format (32 bytes)\n   */\n  async exportPrivateKey(privateKey: CryptoKeyLike): Promise<ArrayBuffer> {\n    this.logger?.debug('Exporting private key');\n    const cryptoModule = await this.getCrypto();\n    const keyObject = unwrapKeyObject(privateKey);\n\n    // Convert KeyObject to raw format\n    const keyBuffer = keyObject instanceof Buffer ? keyObject : Buffer.from(keyObject as ArrayBuffer);\n    const keyObj = cryptoModule.createPrivateKey({\n      key: keyBuffer,\n      format: 'der',\n      type: 'pkcs8',\n    });\n\n    // Export as raw scalar (32 bytes)\n    const jwk = keyObj.export({ format: 'jwk' });\n    const dValue = Buffer.from(jwk.d as string, 'base64url');\n\n    return await Promise.resolve(\n      dValue.buffer.slice(dValue.byteOffset, dValue.byteOffset + dValue.byteLength)\n    );\n  }\n\n  /**\n   * Import public key from raw ArrayBuffer format\n   */\n  async importPublicKey(keyData: ArrayBuffer): Promise<CryptoKeyLike> {\n    this.logger?.debug('Importing public key');\n    const cryptoModule = await this.getCrypto();\n    const keyBuffer = Buffer.from(keyData);\n\n    // Ensure it's uncompressed format (65 bytes starting with 0x04)\n    if (keyBuffer.length !== 65 || keyBuffer[0] !== 0x04) {\n      throw new Error('Invalid public key format: expected 65 bytes uncompressed point');\n    }\n\n    // Create KeyObject from raw uncompressed point\n    // We need to wrap it in DER format\n    const x = keyBuffer.slice(1, 33);\n    const y = keyBuffer.slice(33, 65);\n\n    // Create JWK representation\n    const jwk = {\n      kty: 'EC' as const,\n      crv: 'P-256' as const,\n      x: x.toString('base64url'),\n      y: y.toString('base64url'),\n    };\n\n    const keyObject = cryptoModule.createPublicKey({ key: jwk, format: 'jwk' });\n    return await Promise.resolve(new NodeCryptoKeyWrapper(keyObject, 'public'));\n  }\n\n  /**\n   * Import private key from raw ArrayBuffer format\n   */\n  async importPrivateKey(keyData: ArrayBuffer): Promise<CryptoKeyLike> {\n    this.logger?.debug('Importing private key');\n    const cryptoModule = await this.getCrypto();\n    const keyBuffer = Buffer.from(keyData);\n\n    if (keyBuffer.length !== 32) {\n      throw new Error('Invalid private key format: expected 32 bytes');\n    }\n\n    // Create JWK representation\n    const jwk = {\n      kty: 'EC' as const,\n      crv: 'P-256' as const,\n      d: keyBuffer.toString('base64url'),\n    };\n\n    const keyObject = cryptoModule.createPrivateKey({ key: jwk, format: 'jwk' });\n    return await Promise.resolve(new NodeCryptoKeyWrapper(keyObject, 'private'));\n  }\n\n  /**\n   * Derive shared secret using ECDH\n   */\n  async deriveSharedSecret(privateKey: CryptoKeyLike, publicKey: CryptoKeyLike): Promise<CryptoKeyLike> {\n    this.logger?.debug('Deriving shared secret');\n    const cryptoModule = await this.getCrypto();\n\n    // Create ECDH object\n    const ecdh = cryptoModule.createECDH('prime256v1');\n\n    // Set private key\n    const privateRaw = await this.exportPrivateKey(privateKey);\n    ecdh.setPrivateKey(Buffer.from(privateRaw));\n\n    // Compute shared secret\n    const publicRaw = await this.exportPublicKey(publicKey);\n    const sharedSecret = ecdh.computeSecret(Buffer.from(publicRaw));\n\n    // Wrap as secret key\n    const keyObject = cryptoModule.createSecretKey(sharedSecret);\n    return new NodeCryptoKeyWrapper(keyObject, 'secret');\n  }\n\n  /**\n   * Derive AES-GCM encryption key using HKDF-SHA256\n   */\n  async deriveEncryptionKey(\n    sharedSecret: CryptoKeyLike,\n    salt: ArrayBuffer,\n    info: ArrayBuffer\n  ): Promise<CryptoKeyLike> {\n    this.logger?.debug('Deriving AES-GCM encryption key');\n    const cryptoModule = await this.getCrypto();\n\n    // Extract raw shared secret\n    const keyObject = unwrapKeyObject(sharedSecret);\n    // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any\n    const sharedSecretRaw = (keyObject as any).export();\n\n    // Use HKDF to derive 32-byte key\n    const derivedKey = cryptoModule.hkdfSync(\n      'sha256',\n      Buffer.isBuffer(sharedSecretRaw) ? sharedSecretRaw : Buffer.from(sharedSecretRaw),\n      Buffer.from(salt),\n      Buffer.from(info),\n      32 // 256 bits\n    ) as Buffer;\n\n    // Create secret key object\n    const aesKeyObject = cryptoModule.createSecretKey(derivedKey);\n    return await Promise.resolve(new NodeCryptoKeyWrapper(aesKeyObject, 'secret'));\n  }\n\n  /**\n   * Encrypt data using AES-256-GCM\n   */\n  async encrypt(key: CryptoKeyLike, data: ArrayBuffer, iv: ArrayBuffer): Promise<ArrayBuffer> {\n    this.logger?.debug('Encrypting with AES-256-GCM');\n    const cryptoModule = await this.getCrypto();\n    const keyObject = unwrapKeyObject(key);\n\n    const cipher = cryptoModule.createCipheriv(\n      'aes-256-gcm',\n      // eslint-disable-next-line @typescript-eslint/no-unsafe-argument, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any\n      (keyObject as any).export(),\n      Buffer.from(iv)\n    );\n\n    const encrypted = Buffer.concat([\n      cipher.update(Buffer.from(data)),\n      cipher.final(),\n      cipher.getAuthTag(),\n    ]);\n\n    return await Promise.resolve(\n      encrypted.buffer.slice(\n        encrypted.byteOffset,\n        encrypted.byteOffset + encrypted.byteLength\n      )\n    );\n  }\n\n  /**\n   * Decrypt data using AES-256-GCM\n   */\n  async decrypt(key: CryptoKeyLike, data: ArrayBuffer, iv: ArrayBuffer): Promise<ArrayBuffer> {\n    this.logger?.debug('Decrypting with AES-256-GCM');\n    const cryptoModule = await this.getCrypto();\n    const keyObject = unwrapKeyObject(key);\n    const dataBuffer = Buffer.from(data);\n\n    // Last 16 bytes are the auth tag\n    const authTag = dataBuffer.slice(-16);\n    const ciphertext = dataBuffer.slice(0, -16);\n\n    const decipher = cryptoModule.createDecipheriv(\n      'aes-256-gcm',\n      // eslint-disable-next-line @typescript-eslint/no-unsafe-argument, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any\n      (keyObject as any).export(),\n      Buffer.from(iv)\n    );\n    decipher.setAuthTag(authTag);\n\n    const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);\n\n    return await Promise.resolve(\n      decrypted.buffer.slice(\n        decrypted.byteOffset,\n        decrypted.byteOffset + decrypted.byteLength\n      )\n    );\n  }\n\n  /**\n   * Generate HMAC-SHA256 authentication code\n   */\n  async generateHMAC(key: CryptoKeyLike, data: ArrayBuffer): Promise<ArrayBuffer> {\n    this.logger?.debug('Generating HMAC-SHA256');\n    const cryptoModule = await this.getCrypto();\n    const keyObject = unwrapKeyObject(key);\n\n    // eslint-disable-next-line @typescript-eslint/no-unsafe-argument, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any\n    const hmac = cryptoModule.createHmac('sha256', (keyObject as any).export());\n    hmac.update(Buffer.from(data));\n    const mac = hmac.digest();\n\n    return await Promise.resolve(mac.buffer.slice(mac.byteOffset, mac.byteOffset + mac.byteLength));\n  }\n\n  /**\n   * Verify HMAC-SHA256 authentication code\n   */\n  async verifyHMAC(key: CryptoKeyLike, data: ArrayBuffer, mac: ArrayBuffer): Promise<boolean> {\n    this.logger?.debug('Verifying HMAC-SHA256');\n    const cryptoModule = await this.getCrypto();\n    const computed = await this.generateHMAC(key, data);\n    const expected = new Uint8Array(mac);\n    const actual = new Uint8Array(computed);\n\n    if (expected.length !== actual.length) {\n      return false;\n    }\n\n    // Constant-time comparison\n    return cryptoModule.timingSafeEqual(\n      Buffer.from(expected),\n      Buffer.from(actual)\n    );\n  }\n\n  /**\n   * Generate cryptographically secure random bytes\n   * Note: This is a synchronous method, so it uses require() instead of dynamic import\n   */\n  randomBytes(length: number): ArrayBuffer {\n    // Use cached module if available, otherwise use synchronous require\n    // eslint-disable-next-line @typescript-eslint/no-require-imports\n    const cryptoModule = this.cryptoModule ?? require('crypto') as NodeCrypto;\n    const buffer = cryptoModule.randomBytes(length);\n    return buffer.buffer.slice(buffer.byteOffset, buffer.byteOffset + buffer.byteLength);\n  }\n}\n\n/**\n * Self-register Node provider on import\n * This allows the provider to be available when explicitly imported\n */\nregisterCryptoProvider('node', (logger) => new NodeCryptoProvider(logger));\n\n// TypeScript module augmentation to track this provider is available\ndeclare global {\n  // eslint-disable-next-line @typescript-eslint/no-namespace\n  namespace BananaLink {\n    interface RegisteredCryptoProviders {\n      node: true;\n    }\n  }\n}\n"]}