@bananalink-sdk/protocol 1.2.7

package/dist/crypto/providers/webcrypto-provider.js

@@ -0,0 +1,308 @@
+import { registerCryptoProvider } from '../../chunk-TCVKC227.js';
+import { __name } from '../../chunk-WCQVDF3K.js';
+
+// src/crypto/providers/webcrypto-provider.ts
+var _WebCryptoKeyWrapper = class _WebCryptoKeyWrapper {
+  constructor(cryptoKey) {
+    this.cryptoKey = cryptoKey;
+  }
+  get type() {
+    return this.cryptoKey.type;
+  }
+  get algorithm() {
+    if (typeof this.cryptoKey.algorithm === "string") {
+      return this.cryptoKey.algorithm;
+    }
+    return this.cryptoKey.algorithm.name;
+  }
+  get extractable() {
+    return this.cryptoKey.extractable;
+  }
+  get usages() {
+    return this.cryptoKey.usages;
+  }
+  get nativeKey() {
+    return this.cryptoKey;
+  }
+};
+__name(_WebCryptoKeyWrapper, "WebCryptoKeyWrapper");
+var WebCryptoKeyWrapper = _WebCryptoKeyWrapper;
+function unwrapCryptoKey(keyLike) {
+  if (keyLike instanceof WebCryptoKeyWrapper) {
+    return keyLike.nativeKey;
+  }
+  return keyLike;
+}
+__name(unwrapCryptoKey, "unwrapCryptoKey");
+var _WebCryptoProvider = class _WebCryptoProvider {
+  constructor(logger) {
+    this.name = "WebCrypto";
+    if (!this.isAvailable) {
+      throw new Error("Web Crypto API not available in this environment");
+    }
+    this.logger = logger?.child({ component: "WebCryptoProvider" });
+  }
+  get isAvailable() {
+    return typeof crypto !== "undefined" && typeof crypto.subtle !== "undefined";
+  }
+  /**
+   * Generate ECDH P-256 key pair
+   */
+  async generateKeyPair() {
+    this.logger?.debug("Generating ECDH P-256 key pair");
+    const keyPair = await crypto.subtle.generateKey(
+      {
+        name: "ECDH",
+        namedCurve: "P-256"
+      },
+      true,
+      // extractable
+      ["deriveKey"]
+    );
+    this.logger?.debug("Key pair generation completed");
+    return {
+      publicKey: new WebCryptoKeyWrapper(keyPair.publicKey),
+      privateKey: new WebCryptoKeyWrapper(keyPair.privateKey)
+    };
+  }
+  /**
+   * Export public key to ArrayBuffer (raw format)
+   */
+  async exportPublicKey(publicKey) {
+    return crypto.subtle.exportKey("raw", unwrapCryptoKey(publicKey));
+  }
+  /**
+   * Export private key to ArrayBuffer (raw format)
+   */
+  async exportPrivateKey(privateKey) {
+    const jwk = await crypto.subtle.exportKey("jwk", unwrapCryptoKey(privateKey));
+    const dValue = new Uint8Array(Buffer.from(jwk.d, "base64url"));
+    return dValue.buffer.slice(dValue.byteOffset, dValue.byteOffset + dValue.byteLength);
+  }
+  /**
+   * Import public key from ArrayBuffer (raw format)
+   */
+  async importPublicKey(keyData) {
+    const keyBytes = new Uint8Array(keyData);
+    this.logger?.debug("importPublicKey called", {
+      keyLength: keyBytes.length,
+      keyBytesFirst20: Array.from(keyBytes.slice(0, 20)).map((b) => b.toString(16).padStart(2, "0")).join(" ")
+    });
+    try {
+      const cryptoKey = await crypto.subtle.importKey(
+        "raw",
+        keyData,
+        {
+          name: "ECDH",
+          namedCurve: "P-256"
+        },
+        true,
+        []
+      );
+      this.logger?.debug("Public key import successful");
+      return new WebCryptoKeyWrapper(cryptoKey);
+    } catch (error) {
+      this.logger?.error("Public key import failed", {
+        error: {
+          message: error instanceof Error ? error.message : String(error),
+          stack: error instanceof Error ? error.stack : void 0
+        }
+      });
+      throw new Error(`Invalid P-256 public key: ${String(error)}`);
+    }
+  }
+  /**
+   * Import private key from ArrayBuffer (raw format)
+   */
+  async importPrivateKey(keyData) {
+    this.logger?.debug("Importing private key", {
+      keyLength: keyData.byteLength
+    });
+    try {
+      const cryptoKey = await crypto.subtle.importKey(
+        "raw",
+        keyData,
+        {
+          name: "ECDH",
+          namedCurve: "P-256"
+        },
+        true,
+        ["deriveKey"]
+      );
+      this.logger?.debug("Private key import successful");
+      return new WebCryptoKeyWrapper(cryptoKey);
+    } catch (error) {
+      this.logger?.error("Private key import failed", {
+        error: {
+          message: error instanceof Error ? error.message : String(error),
+          stack: error instanceof Error ? error.stack : void 0
+        }
+      });
+      throw new Error(`Invalid P-256 private key: ${String(error)}`);
+    }
+  }
+  /**
+   * Derive shared secret from ECDH key agreement
+   */
+  async deriveSharedSecret(privateKey, publicKey) {
+    this.logger?.debug("Deriving shared secret using ECDH");
+    try {
+      const derivedKey = await crypto.subtle.deriveKey(
+        {
+          name: "ECDH",
+          public: unwrapCryptoKey(publicKey)
+        },
+        unwrapCryptoKey(privateKey),
+        {
+          name: "AES-GCM",
+          length: 256
+        },
+        true,
+        ["encrypt", "decrypt"]
+      );
+      this.logger?.debug("Shared secret derivation completed");
+      return new WebCryptoKeyWrapper(derivedKey);
+    } catch (error) {
+      this.logger?.error("Shared secret derivation failed", {
+        error: {
+          message: error instanceof Error ? error.message : String(error),
+          stack: error instanceof Error ? error.stack : void 0
+        }
+      });
+      throw error;
+    }
+  }
+  /**
+   * Derive AES-GCM key from shared secret using HKDF
+   */
+  async deriveEncryptionKey(sharedSecret, salt, info) {
+    const baseKey = await crypto.subtle.importKey(
+      "raw",
+      await crypto.subtle.exportKey("raw", unwrapCryptoKey(sharedSecret)),
+      { name: "HKDF" },
+      false,
+      ["deriveKey"]
+    );
+    const derivedKey = await crypto.subtle.deriveKey(
+      {
+        name: "HKDF",
+        salt,
+        info,
+        hash: "SHA-256"
+      },
+      baseKey,
+      { name: "AES-GCM", length: 256 },
+      true,
+      ["encrypt", "decrypt"]
+    );
+    return new WebCryptoKeyWrapper(derivedKey);
+  }
+  /**
+   * Generate random bytes
+   */
+  randomBytes(length) {
+    const buffer = new ArrayBuffer(length);
+    const view = new Uint8Array(buffer);
+    crypto.getRandomValues(view);
+    return buffer;
+  }
+  /**
+   * Encrypt data using AES-GCM
+   */
+  async encrypt(key, data, iv) {
+    this.logger?.debug("Encrypting data with AES-GCM", {
+      dataSize: data.byteLength,
+      ivSize: iv.byteLength
+    });
+    try {
+      const ciphertext = await crypto.subtle.encrypt(
+        {
+          name: "AES-GCM",
+          iv,
+          tagLength: 128
+          // 128-bit tag
+        },
+        unwrapCryptoKey(key),
+        data
+      );
+      this.logger?.debug("Encryption completed", {
+        ciphertextSize: ciphertext.byteLength
+      });
+      return ciphertext;
+    } catch (error) {
+      this.logger?.error("Encryption failed", {
+        error: {
+          message: error instanceof Error ? error.message : String(error),
+          stack: error instanceof Error ? error.stack : void 0
+        }
+      });
+      throw error;
+    }
+  }
+  /**
+   * Decrypt data using AES-GCM
+   */
+  async decrypt(key, data, iv) {
+    this.logger?.debug("Decrypting data with AES-GCM", {
+      dataSize: data.byteLength,
+      ivSize: iv.byteLength
+    });
+    try {
+      const plaintext = await crypto.subtle.decrypt(
+        {
+          name: "AES-GCM",
+          iv,
+          tagLength: 128
+          // 128-bit tag
+        },
+        unwrapCryptoKey(key),
+        data
+      );
+      this.logger?.debug("Decryption completed", {
+        plaintextSize: plaintext.byteLength
+      });
+      return plaintext;
+    } catch (error) {
+      this.logger?.error("Decryption failed", {
+        error: {
+          message: error instanceof Error ? error.message : String(error),
+          stack: error instanceof Error ? error.stack : void 0
+        }
+      });
+      throw error;
+    }
+  }
+  /**
+   * Generate HMAC-SHA256
+   */
+  async generateHMAC(key, data) {
+    const hmacKey = await crypto.subtle.importKey(
+      "raw",
+      await crypto.subtle.exportKey("raw", unwrapCryptoKey(key)),
+      { name: "HMAC", hash: "SHA-256" },
+      false,
+      ["sign"]
+    );
+    return crypto.subtle.sign("HMAC", hmacKey, data);
+  }
+  /**
+   * Verify HMAC-SHA256
+   */
+  async verifyHMAC(key, data, mac) {
+    const hmacKey = await crypto.subtle.importKey(
+      "raw",
+      await crypto.subtle.exportKey("raw", unwrapCryptoKey(key)),
+      { name: "HMAC", hash: "SHA-256" },
+      false,
+      ["verify"]
+    );
+    return crypto.subtle.verify("HMAC", hmacKey, mac, data);
+  }
+};
+__name(_WebCryptoProvider, "WebCryptoProvider");
+var WebCryptoProvider = _WebCryptoProvider;
+registerCryptoProvider("webcrypto", () => new WebCryptoProvider());
+
+export { WebCryptoProvider };
+//# sourceMappingURL=webcrypto-provider.js.map
+//# sourceMappingURL=webcrypto-provider.js.map

package/dist/crypto/providers/webcrypto-provider.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/crypto/providers/webcrypto-provider.ts"],"names":[],"mappings":";;;;AAOA,IAAM,oBAAA,GAAN,MAAM,oBAAA,CAA6C;AAAA,EACjD,YAA6B,SAAA,EAAsB;AAAtB,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AAAA,EAAuB;AAAA,EAEpD,IAAI,IAAA,GAAwC;AAC1C,IAAA,OAAO,KAAK,SAAA,CAAU,IAAA;AAAA,EACxB;AAAA,EAEA,IAAI,SAAA,GAAoB;AACtB,IAAA,IAAI,OAAO,IAAA,CAAK,SAAA,CAAU,SAAA,KAAc,QAAA,EAAU;AAChD,MAAA,OAAO,KAAK,SAAA,CAAU,SAAA;AAAA,IACxB;AACA,IAAA,OAAO,IAAA,CAAK,UAAU,SAAA,CAAU,IAAA;AAAA,EAClC;AAAA,EAEA,IAAI,WAAA,GAAuB;AACzB,IAAA,OAAO,KAAK,SAAA,CAAU,WAAA;AAAA,EACxB;AAAA,EAEA,IAAI,MAAA,GAA4B;AAC9B,IAAA,OAAO,KAAK,SAAA,CAAU,MAAA;AAAA,EACxB;AAAA,EAEA,IAAI,SAAA,GAAuB;AACzB,IAAA,OAAO,IAAA,CAAK,SAAA;AAAA,EACd;AACF,CAAA;AAzBmD,MAAA,CAAA,oBAAA,EAAA,qBAAA,CAAA;AAAnD,IAAM,mBAAA,GAAN,oBAAA;AA8BA,SAAS,gBAAgB,OAAA,EAAmC;AAC1D,EAAA,IAAI,mBAAmB,mBAAA,EAAqB;AAC1C,IAAA,OAAO,OAAA,CAAQ,SAAA;AAAA,EACjB;AAEA,EAAA,OAAO,OAAA;AACT;AANS,MAAA,CAAA,eAAA,EAAA,iBAAA,CAAA;AAYF,IAAM,kBAAA,GAAN,MAAM,kBAAA,CAA4C;AAAA,EAQvD,YAAY,MAAA,EAAiB;AAP7B,IAAA,IAAA,CAAgB,IAAA,GAAO,WAAA;AAQrB,IAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACrB,MAAA,MAAM,IAAI,MAAM,kDAAkD,CAAA;AAAA,IACpE;AACA,IAAA,IAAA,CAAK,SAAS,MAAA,EAAQ,KAAA,CAAM,EAAE,SAAA,EAAW,qBAAqB,CAAA;AAAA,EAChE;AAAA,EATA,IAAW,WAAA,GAAuB;AAChC,IAAA,OAAO,OAAO,MAAA,KAAW,WAAA,IAAe,OAAO,OAAO,MAAA,KAAW,WAAA;AAAA,EACnE;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,eAAA,GAA4C;AAChD,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,gCAAgC,CAAA;AAEnD,IAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,MAAA,CAAO,WAAA;AAAA,MAClC;AAAA,QACE,IAAA,EAAM,MAAA;AAAA,QACN,UAAA,EAAY;AAAA,OACd;AAAA,MACA,IAAA;AAAA;AAAA,MACA,CAAC,WAAW;AAAA,KACd;AAEA,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,+BAA+B,CAAA;AAClD,IAAA,OAAO;AAAA,MACL,SAAA,EAAW,IAAI,mBAAA,CAAoB,OAAA,CAAQ,SAAS,CAAA;AAAA,MACpD,UAAA,EAAY,IAAI,mBAAA,CAAoB,OAAA,CAAQ,UAAU;AAAA,KACxD;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,SAAA,EAAgD;AACpE,IAAA,OAAO,OAAO,MAAA,CAAO,SAAA,CAAU,KAAA,EAAO,eAAA,CAAgB,SAAS,CAAC,CAAA;AAAA,EAClE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iBAAiB,UAAA,EAAiD;AAGtE,IAAA,MAAM,GAAA,GAAM,MAAM,MAAA,CAAO,MAAA,CAAO,UAAU,KAAA,EAAO,eAAA,CAAgB,UAAU,CAAC,CAAA;AAC5E,IAAA,MAAM,MAAA,GAAS,IAAI,UAAA,CAAW,MAAA,CAAO,KAAK,GAAA,CAAI,CAAA,EAAa,WAAW,CAAC,CAAA;AACvE,IAAA,OAAO,MAAA,CAAO,OAAO,KAAA,CAAM,MAAA,CAAO,YAAY,MAAA,CAAO,UAAA,GAAa,OAAO,UAAU,CAAA;AAAA,EACrF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,OAAA,EAA8C;AAClE,IAAA,MAAM,QAAA,GAAW,IAAI,UAAA,CAAW,OAAO,CAAA;AAEvC,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,wBAAA,EAA0B;AAAA,MAC3C,WAAW,QAAA,CAAS,MAAA;AAAA,MACpB,eAAA,EAAiB,MAAM,IAAA,CAAK,QAAA,CAAS,MAAM,CAAA,EAAG,EAAE,CAAC,CAAA,CAAE,GAAA,CAAI,OAAK,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,GAAG,GAAG,CAAC,CAAA,CAAE,IAAA,CAAK,GAAG;AAAA,KACtG,CAAA;AAED,IAAA,IAAI;AACF,MAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,QACpC,KAAA;AAAA,QACA,OAAA;AAAA,QACA;AAAA,UACE,IAAA,EAAM,MAAA;AAAA,UACN,UAAA,EAAY;AAAA,SACd;AAAA,QACA,IAAA;AAAA,QACA;AAAC,OACH;AAEA,MAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,8BAA8B,CAAA;AACjD,MAAA,OAAO,IAAI,oBAAoB,SAAS,CAAA;AAAA,IAC1C,SAAS,KAAA,EAAO;AACd,MAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,0BAAA,EAA4B;AAAA,QAC7C,KAAA,EAAO;AAAA,UACL,SAAS,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,OAAO,KAAK,CAAA;AAAA,UAC9D,KAAA,EAAO,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,KAAA,GAAQ;AAAA;AAChD,OACD,CAAA;AACD,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,0BAAA,EAA6B,MAAA,CAAO,KAAK,CAAC,CAAA,CAAE,CAAA;AAAA,IAC9D;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iBAAiB,OAAA,EAA8C;AACnE,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,uBAAA,EAAyB;AAAA,MAC1C,WAAW,OAAA,CAAQ;AAAA,KACpB,CAAA;AAED,IAAA,IAAI;AACF,MAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,QACpC,KAAA;AAAA,QACA,OAAA;AAAA,QACA;AAAA,UACE,IAAA,EAAM,MAAA;AAAA,UACN,UAAA,EAAY;AAAA,SACd;AAAA,QACA,IAAA;AAAA,QACA,CAAC,WAAW;AAAA,OACd;AAEA,MAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,+BAA+B,CAAA;AAClD,MAAA,OAAO,IAAI,oBAAoB,SAAS,CAAA;AAAA,IAC1C,SAAS,KAAA,EAAO;AACd,MAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,2BAAA,EAA6B;AAAA,QAC9C,KAAA,EAAO;AAAA,UACL,SAAS,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,OAAO,KAAK,CAAA;AAAA,UAC9D,KAAA,EAAO,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,KAAA,GAAQ;AAAA;AAChD,OACD,CAAA;AACD,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,2BAAA,EAA8B,MAAA,CAAO,KAAK,CAAC,CAAA,CAAE,CAAA;AAAA,IAC/D;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,kBAAA,CAAmB,UAAA,EAA2B,SAAA,EAAkD;AACpG,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,mCAAmC,CAAA;AAEtD,IAAA,IAAI;AACF,MAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,QACrC;AAAA,UACE,IAAA,EAAM,MAAA;AAAA,UACN,MAAA,EAAQ,gBAAgB,SAAS;AAAA,SACnC;AAAA,QACA,gBAAgB,UAAU,CAAA;AAAA,QAC1B;AAAA,UACE,IAAA,EAAM,SAAA;AAAA,UACN,MAAA,EAAQ;AAAA,SACV;AAAA,QACA,IAAA;AAAA,QACA,CAAC,WAAW,SAAS;AAAA,OACvB;AAEA,MAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,oCAAoC,CAAA;AACvD,MAAA,OAAO,IAAI,oBAAoB,UAAU,CAAA;AAAA,IAC3C,SAAS,KAAA,EAAO;AACd,MAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,iCAAA,EAAmC;AAAA,QACpD,KAAA,EAAO;AAAA,UACL,SAAS,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,OAAO,KAAK,CAAA;AAAA,UAC9D,KAAA,EAAO,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,KAAA,GAAQ;AAAA;AAChD,OACD,CAAA;AACD,MAAA,MAAM,KAAA;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBAAA,CAAoB,YAAA,EAA6B,IAAA,EAAmB,IAAA,EAA2C;AAEnH,IAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,MAClC,KAAA;AAAA,MACA,MAAM,MAAA,CAAO,MAAA,CAAO,UAAU,KAAA,EAAO,eAAA,CAAgB,YAAY,CAAC,CAAA;AAAA,MAClE,EAAE,MAAM,MAAA,EAAO;AAAA,MACf,KAAA;AAAA,MACA,CAAC,WAAW;AAAA,KACd;AAGA,IAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,MACrC;AAAA,QACE,IAAA,EAAM,MAAA;AAAA,QACN,IAAA;AAAA,QACA,IAAA;AAAA,QACA,IAAA,EAAM;AAAA,OACR;AAAA,MACA,OAAA;AAAA,MACA,EAAE,IAAA,EAAM,SAAA,EAAW,MAAA,EAAQ,GAAA,EAAI;AAAA,MAC/B,IAAA;AAAA,MACA,CAAC,WAAW,SAAS;AAAA,KACvB;AACA,IAAA,OAAO,IAAI,oBAAoB,UAAU,CAAA;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA,EAKA,YAAY,MAAA,EAA6B;AACvC,IAAA,MAAM,MAAA,GAAS,IAAI,WAAA,CAAY,MAAM,CAAA;AACrC,IAAA,MAAM,IAAA,GAAO,IAAI,UAAA,CAAW,MAAM,CAAA;AAClC,IAAA,MAAA,CAAO,gBAAgB,IAAI,CAAA;AAC3B,IAAA,OAAO,MAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAA,CAAQ,GAAA,EAAoB,IAAA,EAAmB,EAAA,EAAuC;AAC1F,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,8BAAA,EAAgC;AAAA,MACjD,UAAU,IAAA,CAAK,UAAA;AAAA,MACf,QAAQ,EAAA,CAAG;AAAA,KACZ,CAAA;AAED,IAAA,IAAI;AACF,MAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,MAAA,CAAO,OAAA;AAAA,QACrC;AAAA,UACE,IAAA,EAAM,SAAA;AAAA,UACN,EAAA;AAAA,UACA,SAAA,EAAW;AAAA;AAAA,SACb;AAAA,QACA,gBAAgB,GAAG,CAAA;AAAA,QACnB;AAAA,OACF;AAEA,MAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,sBAAA,EAAwB;AAAA,QACzC,gBAAgB,UAAA,CAAW;AAAA,OAC5B,CAAA;AACD,MAAA,OAAO,UAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,mBAAA,EAAqB;AAAA,QACtC,KAAA,EAAO;AAAA,UACL,SAAS,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,OAAO,KAAK,CAAA;AAAA,UAC9D,KAAA,EAAO,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,KAAA,GAAQ;AAAA;AAChD,OACD,CAAA;AACD,MAAA,MAAM,KAAA;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAA,CAAQ,GAAA,EAAoB,IAAA,EAAmB,EAAA,EAAuC;AAC1F,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,8BAAA,EAAgC;AAAA,MACjD,UAAU,IAAA,CAAK,UAAA;AAAA,MACf,QAAQ,EAAA,CAAG;AAAA,KACZ,CAAA;AAED,IAAA,IAAI;AACF,MAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,MAAA,CAAO,OAAA;AAAA,QACpC;AAAA,UACE,IAAA,EAAM,SAAA;AAAA,UACN,EAAA;AAAA,UACA,SAAA,EAAW;AAAA;AAAA,SACb;AAAA,QACA,gBAAgB,GAAG,CAAA;AAAA,QACnB;AAAA,OACF;AAEA,MAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,sBAAA,EAAwB;AAAA,QACzC,eAAe,SAAA,CAAU;AAAA,OAC1B,CAAA;AACD,MAAA,OAAO,SAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,mBAAA,EAAqB;AAAA,QACtC,KAAA,EAAO;AAAA,UACL,SAAS,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,OAAO,KAAK,CAAA;AAAA,UAC9D,KAAA,EAAO,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,KAAA,GAAQ;AAAA;AAChD,OACD,CAAA;AACD,MAAA,MAAM,KAAA;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YAAA,CAAa,GAAA,EAAoB,IAAA,EAAyC;AAE9E,IAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,MAClC,KAAA;AAAA,MACA,MAAM,MAAA,CAAO,MAAA,CAAO,UAAU,KAAA,EAAO,eAAA,CAAgB,GAAG,CAAC,CAAA;AAAA,MACzD,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,SAAA,EAAU;AAAA,MAChC,KAAA;AAAA,MACA,CAAC,MAAM;AAAA,KACT;AAEA,IAAA,OAAO,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,MAAA,EAAQ,SAAS,IAAI,CAAA;AAAA,EACjD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAA,CAAW,GAAA,EAAoB,IAAA,EAAmB,GAAA,EAAoC;AAE1F,IAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,MAClC,KAAA;AAAA,MACA,MAAM,MAAA,CAAO,MAAA,CAAO,UAAU,KAAA,EAAO,eAAA,CAAgB,GAAG,CAAC,CAAA;AAAA,MACzD,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,SAAA,EAAU;AAAA,MAChC,KAAA;AAAA,MACA,CAAC,QAAQ;AAAA,KACX;AAEA,IAAA,OAAO,OAAO,MAAA,CAAO,MAAA,CAAO,MAAA,EAAQ,OAAA,EAAS,KAAK,IAAI,CAAA;AAAA,EACxD;AACF,CAAA;AA1SyD,MAAA,CAAA,kBAAA,EAAA,mBAAA,CAAA;AAAlD,IAAM,iBAAA,GAAN;AAgTP,sBAAA,CAAuB,WAAA,EAAa,MAAM,IAAI,iBAAA,EAAmB,CAAA","file":"webcrypto-provider.js","sourcesContent":["import type { Logger } from '@bananalink-sdk/logger';\nimport type { CryptoProvider, CryptoKeyLike, ProviderKeyPair } from '../../types/crypto-provider';\nimport { registerCryptoProvider } from './registry';\n\n/**\n * WebCrypto CryptoKey wrapper to implement CryptoKeyLike interface\n */\nclass WebCryptoKeyWrapper implements CryptoKeyLike {\n  constructor(private readonly cryptoKey: CryptoKey) {}\n\n  get type(): 'public' | 'private' | 'secret' {\n    return this.cryptoKey.type as 'public' | 'private' | 'secret';\n  }\n\n  get algorithm(): string {\n    if (typeof this.cryptoKey.algorithm === 'string') {\n      return this.cryptoKey.algorithm;\n    }\n    return this.cryptoKey.algorithm.name;\n  }\n\n  get extractable(): boolean {\n    return this.cryptoKey.extractable;\n  }\n\n  get usages(): readonly string[] {\n    return this.cryptoKey.usages;\n  }\n\n  get nativeKey(): CryptoKey {\n    return this.cryptoKey;\n  }\n}\n\n/**\n * Helper function to unwrap CryptoKeyLike to native CryptoKey\n */\nfunction unwrapCryptoKey(keyLike: CryptoKeyLike): CryptoKey {\n  if (keyLike instanceof WebCryptoKeyWrapper) {\n    return keyLike.nativeKey;\n  }\n  // For backward compatibility, assume it's already a CryptoKey\n  return keyLike as unknown as CryptoKey;\n}\n\n/**\n * Web Crypto API implementation of CryptoProvider\n * Works in browsers and Node.js environments with Web Crypto support\n */\nexport class WebCryptoProvider implements CryptoProvider {\n  public readonly name = 'WebCrypto';\n  private readonly logger?: Logger;\n\n  public get isAvailable(): boolean {\n    return typeof crypto !== 'undefined' && typeof crypto.subtle !== 'undefined';\n  }\n\n  constructor(logger?: Logger) {\n    if (!this.isAvailable) {\n      throw new Error('Web Crypto API not available in this environment');\n    }\n    this.logger = logger?.child({ component: 'WebCryptoProvider' });\n  }\n\n  /**\n   * Generate ECDH P-256 key pair\n   */\n  async generateKeyPair(): Promise<ProviderKeyPair> {\n    this.logger?.debug('Generating ECDH P-256 key pair');\n\n    const keyPair = await crypto.subtle.generateKey(\n      {\n        name: 'ECDH',\n        namedCurve: 'P-256',\n      },\n      true, // extractable\n      ['deriveKey']\n    );\n\n    this.logger?.debug('Key pair generation completed');\n    return {\n      publicKey: new WebCryptoKeyWrapper(keyPair.publicKey),\n      privateKey: new WebCryptoKeyWrapper(keyPair.privateKey),\n    };\n  }\n\n  /**\n   * Export public key to ArrayBuffer (raw format)\n   */\n  async exportPublicKey(publicKey: CryptoKeyLike): Promise<ArrayBuffer> {\n    return crypto.subtle.exportKey('raw', unwrapCryptoKey(publicKey));\n  }\n\n  /**\n   * Export private key to ArrayBuffer (raw format)\n   */\n  async exportPrivateKey(privateKey: CryptoKeyLike): Promise<ArrayBuffer> {\n    // WebCrypto doesn't support 'raw' export for ECDH private keys\n    // Use JWK export and extract the d-value (32 bytes)\n    const jwk = await crypto.subtle.exportKey('jwk', unwrapCryptoKey(privateKey));\n    const dValue = new Uint8Array(Buffer.from(jwk.d as string, 'base64url'));\n    return dValue.buffer.slice(dValue.byteOffset, dValue.byteOffset + dValue.byteLength);\n  }\n\n  /**\n   * Import public key from ArrayBuffer (raw format)\n   */\n  async importPublicKey(keyData: ArrayBuffer): Promise<CryptoKeyLike> {\n    const keyBytes = new Uint8Array(keyData);\n\n    this.logger?.debug('importPublicKey called', {\n      keyLength: keyBytes.length,\n      keyBytesFirst20: Array.from(keyBytes.slice(0, 20)).map(b => b.toString(16).padStart(2, '0')).join(' ')\n    });\n\n    try {\n      const cryptoKey = await crypto.subtle.importKey(\n        'raw',\n        keyData,\n        {\n          name: 'ECDH',\n          namedCurve: 'P-256',\n        },\n        true,\n        []\n      );\n\n      this.logger?.debug('Public key import successful');\n      return new WebCryptoKeyWrapper(cryptoKey);\n    } catch (error) {\n      this.logger?.error('Public key import failed', {\n        error: {\n          message: error instanceof Error ? error.message : String(error),\n          stack: error instanceof Error ? error.stack : undefined\n        }\n      });\n      throw new Error(`Invalid P-256 public key: ${String(error)}`);\n    }\n  }\n\n  /**\n   * Import private key from ArrayBuffer (raw format)\n   */\n  async importPrivateKey(keyData: ArrayBuffer): Promise<CryptoKeyLike> {\n    this.logger?.debug('Importing private key', {\n      keyLength: keyData.byteLength\n    });\n\n    try {\n      const cryptoKey = await crypto.subtle.importKey(\n        'raw',\n        keyData,\n        {\n          name: 'ECDH',\n          namedCurve: 'P-256',\n        },\n        true,\n        ['deriveKey']\n      );\n\n      this.logger?.debug('Private key import successful');\n      return new WebCryptoKeyWrapper(cryptoKey);\n    } catch (error) {\n      this.logger?.error('Private key import failed', {\n        error: {\n          message: error instanceof Error ? error.message : String(error),\n          stack: error instanceof Error ? error.stack : undefined\n        }\n      });\n      throw new Error(`Invalid P-256 private key: ${String(error)}`);\n    }\n  }\n\n  /**\n   * Derive shared secret from ECDH key agreement\n   */\n  async deriveSharedSecret(privateKey: CryptoKeyLike, publicKey: CryptoKeyLike): Promise<CryptoKeyLike> {\n    this.logger?.debug('Deriving shared secret using ECDH');\n\n    try {\n      const derivedKey = await crypto.subtle.deriveKey(\n        {\n          name: 'ECDH',\n          public: unwrapCryptoKey(publicKey),\n        },\n        unwrapCryptoKey(privateKey),\n        {\n          name: 'AES-GCM',\n          length: 256,\n        },\n        true,\n        ['encrypt', 'decrypt']\n      );\n\n      this.logger?.debug('Shared secret derivation completed');\n      return new WebCryptoKeyWrapper(derivedKey);\n    } catch (error) {\n      this.logger?.error('Shared secret derivation failed', {\n        error: {\n          message: error instanceof Error ? error.message : String(error),\n          stack: error instanceof Error ? error.stack : undefined\n        }\n      });\n      throw error;\n    }\n  }\n\n  /**\n   * Derive AES-GCM key from shared secret using HKDF\n   */\n  async deriveEncryptionKey(sharedSecret: CryptoKeyLike, salt: ArrayBuffer, info: ArrayBuffer): Promise<CryptoKeyLike> {\n    // Import shared secret as HKDF base key\n    const baseKey = await crypto.subtle.importKey(\n      'raw',\n      await crypto.subtle.exportKey('raw', unwrapCryptoKey(sharedSecret)),\n      { name: 'HKDF' },\n      false,\n      ['deriveKey']\n    );\n\n    // Derive encryption key using HKDF\n    const derivedKey = await crypto.subtle.deriveKey(\n      {\n        name: 'HKDF',\n        salt: salt,\n        info: info,\n        hash: 'SHA-256',\n      },\n      baseKey,\n      { name: 'AES-GCM', length: 256 },\n      true,\n      ['encrypt', 'decrypt']\n    );\n    return new WebCryptoKeyWrapper(derivedKey);\n  }\n\n  /**\n   * Generate random bytes\n   */\n  randomBytes(length: number): ArrayBuffer {\n    const buffer = new ArrayBuffer(length);\n    const view = new Uint8Array(buffer);\n    crypto.getRandomValues(view);\n    return buffer;\n  }\n\n  /**\n   * Encrypt data using AES-GCM\n   */\n  async encrypt(key: CryptoKeyLike, data: ArrayBuffer, iv: ArrayBuffer): Promise<ArrayBuffer> {\n    this.logger?.debug('Encrypting data with AES-GCM', {\n      dataSize: data.byteLength,\n      ivSize: iv.byteLength\n    });\n\n    try {\n      const ciphertext = await crypto.subtle.encrypt(\n        {\n          name: 'AES-GCM',\n          iv: iv,\n          tagLength: 128, // 128-bit tag\n        },\n        unwrapCryptoKey(key),\n        data\n      );\n\n      this.logger?.debug('Encryption completed', {\n        ciphertextSize: ciphertext.byteLength\n      });\n      return ciphertext;\n    } catch (error) {\n      this.logger?.error('Encryption failed', {\n        error: {\n          message: error instanceof Error ? error.message : String(error),\n          stack: error instanceof Error ? error.stack : undefined\n        }\n      });\n      throw error;\n    }\n  }\n\n  /**\n   * Decrypt data using AES-GCM\n   */\n  async decrypt(key: CryptoKeyLike, data: ArrayBuffer, iv: ArrayBuffer): Promise<ArrayBuffer> {\n    this.logger?.debug('Decrypting data with AES-GCM', {\n      dataSize: data.byteLength,\n      ivSize: iv.byteLength\n    });\n\n    try {\n      const plaintext = await crypto.subtle.decrypt(\n        {\n          name: 'AES-GCM',\n          iv: iv,\n          tagLength: 128, // 128-bit tag\n        },\n        unwrapCryptoKey(key),\n        data\n      );\n\n      this.logger?.debug('Decryption completed', {\n        plaintextSize: plaintext.byteLength\n      });\n      return plaintext;\n    } catch (error) {\n      this.logger?.error('Decryption failed', {\n        error: {\n          message: error instanceof Error ? error.message : String(error),\n          stack: error instanceof Error ? error.stack : undefined\n        }\n      });\n      throw error;\n    }\n  }\n\n  /**\n   * Generate HMAC-SHA256\n   */\n  async generateHMAC(key: CryptoKeyLike, data: ArrayBuffer): Promise<ArrayBuffer> {\n    // Convert AES key to HMAC key\n    const hmacKey = await crypto.subtle.importKey(\n      'raw',\n      await crypto.subtle.exportKey('raw', unwrapCryptoKey(key)),\n      { name: 'HMAC', hash: 'SHA-256' },\n      false,\n      ['sign']\n    );\n\n    return crypto.subtle.sign('HMAC', hmacKey, data);\n  }\n\n  /**\n   * Verify HMAC-SHA256\n   */\n  async verifyHMAC(key: CryptoKeyLike, data: ArrayBuffer, mac: ArrayBuffer): Promise<boolean> {\n    // Convert AES key to HMAC key\n    const hmacKey = await crypto.subtle.importKey(\n      'raw',\n      await crypto.subtle.exportKey('raw', unwrapCryptoKey(key)),\n      { name: 'HMAC', hash: 'SHA-256' },\n      false,\n      ['verify']\n    );\n\n    return crypto.subtle.verify('HMAC', hmacKey, mac, data);\n  }\n}\n\n/**\n * Self-register WebCrypto provider on import\n * This allows the provider to be available when explicitly imported\n */\nregisterCryptoProvider('webcrypto', () => new WebCryptoProvider());\n\n// TypeScript module augmentation to track this provider is available\ndeclare global {\n  // eslint-disable-next-line @typescript-eslint/no-namespace\n  namespace BananaLink {\n    interface RegisteredCryptoProviders {\n      webcrypto: true;\n    }\n  }\n}\n"]}

package/dist/crypto-BUS06Qz-.d.cts

@@ -0,0 +1,40 @@
+interface KeyExchange {
+    algorithm: 'ECDH';
+    namedCurve: 'P-256';
+}
+interface Encryption {
+    algorithm: 'AES-GCM' | 'plaintext';
+    keyLength?: 256;
+    tagLength?: 128;
+}
+interface PublicKeyJWK {
+    kty: 'EC';
+    crv: 'P-256';
+    x: string;
+    y: string;
+    use: 'enc';
+    key_ops: ['deriveKey'];
+}
+interface CryptoParameters {
+    iv?: string;
+    timestamp: string;
+    sessionId: string;
+}
+interface KeyDerivation {
+    algorithm: 'HKDF';
+    hash: 'SHA-256';
+    info: 'message-exchange-v1';
+    salt: string;
+}
+interface CryptoPayload {
+    version: '1.0';
+    keyExchange?: KeyExchange;
+    encryption: Encryption & {
+        algorithm: 'AES-GCM' | 'plaintext';
+    };
+    publicKey?: PublicKeyJWK;
+    parameters: CryptoParameters;
+    derivation?: KeyDerivation;
+}
+
+export type { CryptoParameters as C, Encryption as E, KeyExchange as K, PublicKeyJWK as P, KeyDerivation as a, CryptoPayload as b };

package/dist/crypto-BUS06Qz-.d.ts

@@ -0,0 +1,40 @@
+interface KeyExchange {
+    algorithm: 'ECDH';
+    namedCurve: 'P-256';
+}
+interface Encryption {
+    algorithm: 'AES-GCM' | 'plaintext';
+    keyLength?: 256;
+    tagLength?: 128;
+}
+interface PublicKeyJWK {
+    kty: 'EC';
+    crv: 'P-256';
+    x: string;
+    y: string;
+    use: 'enc';
+    key_ops: ['deriveKey'];
+}
+interface CryptoParameters {
+    iv?: string;
+    timestamp: string;
+    sessionId: string;
+}
+interface KeyDerivation {
+    algorithm: 'HKDF';
+    hash: 'SHA-256';
+    info: 'message-exchange-v1';
+    salt: string;
+}
+interface CryptoPayload {
+    version: '1.0';
+    keyExchange?: KeyExchange;
+    encryption: Encryption & {
+        algorithm: 'AES-GCM' | 'plaintext';
+    };
+    publicKey?: PublicKeyJWK;
+    parameters: CryptoParameters;
+    derivation?: KeyDerivation;
+}
+
+export type { CryptoParameters as C, Encryption as E, KeyExchange as K, PublicKeyJWK as P, KeyDerivation as a, CryptoPayload as b };