@bananalink-sdk/protocol 1.2.8 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (83) hide show
  1. package/dist/{chunk-32OWUOZ3.js → chunk-KJ7QIHAY.js} +11 -7
  2. package/dist/chunk-KJ7QIHAY.js.map +1 -0
  3. package/dist/{chunk-VXLUSU5B.cjs → chunk-MUYKP6UQ.cjs} +63 -8
  4. package/dist/chunk-MUYKP6UQ.cjs.map +1 -0
  5. package/dist/{chunk-MCZG7QEM.cjs → chunk-NGPP7HUR.cjs} +11 -7
  6. package/dist/chunk-NGPP7HUR.cjs.map +1 -0
  7. package/dist/{chunk-LELPCIE7.js → chunk-OBJR2TL4.js} +54 -4
  8. package/dist/chunk-OBJR2TL4.js.map +1 -0
  9. package/dist/{chunk-KNGZKGRS.cjs → chunk-RZPN2GDJ.cjs} +13 -4
  10. package/dist/chunk-RZPN2GDJ.cjs.map +1 -0
  11. package/dist/{chunk-7KYDLL3B.js → chunk-XCMAKN3P.js} +13 -5
  12. package/dist/chunk-XCMAKN3P.js.map +1 -0
  13. package/dist/{client-session-claim-C4lUik3b.d.cts → client-session-claim-CkRKTG50.d.cts} +12 -2
  14. package/dist/{client-session-claim-3QF3noOr.d.ts → client-session-claim-CrIDASkZ.d.ts} +12 -2
  15. package/dist/crypto/providers/noble-provider.cjs +2 -3
  16. package/dist/crypto/providers/noble-provider.d.cts +0 -7
  17. package/dist/crypto/providers/noble-provider.d.ts +0 -7
  18. package/dist/crypto/providers/noble-provider.js +1 -2
  19. package/dist/crypto/providers/node-provider.cjs +7 -29
  20. package/dist/crypto/providers/node-provider.cjs.map +1 -1
  21. package/dist/crypto/providers/node-provider.d.cts +0 -7
  22. package/dist/crypto/providers/node-provider.d.ts +0 -7
  23. package/dist/crypto/providers/node-provider.js +7 -29
  24. package/dist/crypto/providers/node-provider.js.map +1 -1
  25. package/dist/crypto/providers/quickcrypto-provider.cjs +8 -46
  26. package/dist/crypto/providers/quickcrypto-provider.cjs.map +1 -1
  27. package/dist/crypto/providers/quickcrypto-provider.d.cts +0 -9
  28. package/dist/crypto/providers/quickcrypto-provider.d.ts +0 -9
  29. package/dist/crypto/providers/quickcrypto-provider.js +7 -45
  30. package/dist/crypto/providers/quickcrypto-provider.js.map +1 -1
  31. package/dist/crypto/providers/webcrypto-provider.cjs +0 -2
  32. package/dist/crypto/providers/webcrypto-provider.cjs.map +1 -1
  33. package/dist/crypto/providers/webcrypto-provider.d.cts +0 -7
  34. package/dist/crypto/providers/webcrypto-provider.d.ts +0 -7
  35. package/dist/crypto/providers/webcrypto-provider.js +0 -2
  36. package/dist/crypto/providers/webcrypto-provider.js.map +1 -1
  37. package/dist/{crypto-BUS06Qz-.d.cts → crypto-BK0Ile6V.d.cts} +1 -1
  38. package/dist/{crypto-BUS06Qz-.d.ts → crypto-BK0Ile6V.d.ts} +1 -1
  39. package/dist/crypto-export.cjs +50 -51
  40. package/dist/crypto-export.cjs.map +1 -1
  41. package/dist/crypto-export.d.cts +1 -1
  42. package/dist/crypto-export.d.ts +1 -1
  43. package/dist/crypto-export.js +2 -4
  44. package/dist/crypto-export.js.map +1 -1
  45. package/dist/index.cjs +8 -4
  46. package/dist/index.cjs.map +1 -1
  47. package/dist/index.d.cts +31 -4
  48. package/dist/index.d.ts +31 -4
  49. package/dist/index.js +7 -4
  50. package/dist/index.js.map +1 -1
  51. package/dist/schemas-export.cjs +76 -72
  52. package/dist/schemas-export.d.cts +116 -1
  53. package/dist/schemas-export.d.ts +116 -1
  54. package/dist/schemas-export.js +1 -1
  55. package/dist/testing.d.cts +2 -2
  56. package/dist/testing.d.ts +2 -2
  57. package/dist/validation-export.cjs +76 -72
  58. package/dist/validation-export.d.cts +1 -1
  59. package/dist/validation-export.d.ts +1 -1
  60. package/dist/validation-export.js +1 -1
  61. package/package.json +1 -1
  62. package/src/crypto/providers/noble-provider.ts +44 -49
  63. package/src/crypto/providers/node-provider.ts +18 -59
  64. package/src/crypto/providers/quickcrypto-provider.ts +25 -84
  65. package/src/crypto/providers/registry.ts +14 -9
  66. package/src/crypto/providers/webcrypto-provider.ts +28 -43
  67. package/src/index.ts +1 -0
  68. package/src/schemas/client-messages.ts +14 -0
  69. package/src/schemas/wallet-messages.ts +4 -0
  70. package/src/types/client-messages.ts +26 -1
  71. package/src/types/index.ts +9 -0
  72. package/src/types/persistence.ts +32 -0
  73. package/src/types/wallet-messages.ts +6 -2
  74. package/dist/chunk-32OWUOZ3.js.map +0 -1
  75. package/dist/chunk-7KYDLL3B.js.map +0 -1
  76. package/dist/chunk-A6FLEJ7R.cjs +0 -62
  77. package/dist/chunk-A6FLEJ7R.cjs.map +0 -1
  78. package/dist/chunk-KNGZKGRS.cjs.map +0 -1
  79. package/dist/chunk-LELPCIE7.js.map +0 -1
  80. package/dist/chunk-MCZG7QEM.cjs.map +0 -1
  81. package/dist/chunk-TCVKC227.js +0 -56
  82. package/dist/chunk-TCVKC227.js.map +0 -1
  83. package/dist/chunk-VXLUSU5B.cjs.map +0 -1
package/dist/{client-session-claim-3QF3noOr.d.ts → client-session-claim-CrIDASkZ.d.ts} RENAMED
@@ -51,12 +51,19 @@ interface ClientSessionClaim {
51
51
  }
52
52
  interface ClientReconnectPayload {
53
53
  type: 'client_reconnect';
54
+ sessionClaim: ClientSessionClaim;
55
+ clientPublicKey: string;
56
+ }
57
+ interface ClientHandshakeMessage {
58
+ type: 'client_handshake';
59
+ clientPublicKey: string;
60
+ timestamp: number;
54
61
  }
55
62
  interface CloseSessionPayload {
56
63
  type: 'close_session';
57
64
  reason?: string;
58
65
  }
59
- type ClientMessagePayload = ClientReconnectPayload | CloseSessionPayload | SignMessageRequestPayload | SignTypedDataRequestPayload | SignTransactionRequestPayload;
66
+ type ClientMessagePayload = ClientReconnectPayload | CloseSessionPayload | ClientHandshakeMessage | SignMessageRequestPayload | SignTypedDataRequestPayload | SignTransactionRequestPayload;
60
67
  interface ClientMessageEnvelope {
61
68
  sessionId: string;
62
69
  clientSessionClaim: ClientSessionClaim;
@@ -64,6 +71,7 @@ interface ClientMessageEnvelope {
64
71
  }
65
72
  declare function isClientReconnectPayload(payload: ClientMessagePayload): payload is ClientReconnectPayload;
66
73
  declare function isCloseSessionPayload(payload: ClientMessagePayload): payload is CloseSessionPayload;
74
+ declare function isClientHandshakeMessage(message: unknown): message is ClientHandshakeMessage;
67
75
 
68
76
  interface WalletSessionClaim {
69
77
  sessionNonce: string;
@@ -91,6 +99,7 @@ interface AuthenticateConnectionPayload {
91
99
  }
92
100
  interface WalletReconnectPayload {
93
101
  type: 'wallet_reconnect';
102
+ walletPublicKey: string;
94
103
  }
95
104
  type WalletMessagePayload = ClaimSessionPayload | PrefetchMetadataPayload | ConnectionRejectedPayload | AuthenticateConnectionPayload | WalletReconnectPayload | CloseSessionPayload | RequestFulfilledPayload | RequestRejectedPayload;
96
105
  interface RejectionData {
@@ -133,6 +142,7 @@ interface PrefetchMetadataResponse {
133
142
  sessionConfig?: SessionConfig;
134
143
  }
135
144
  type RelayToDAppMessage = WalletHandshakeMessage | ConnectionRejectedMessage | ConnectionAuthenticatedMessage;
145
+ type RelayToWalletMessage = ClientHandshakeMessage;
136
146
  declare function isClaimSessionPayload(payload: WalletMessagePayload): payload is ClaimSessionPayload;
137
147
  declare function isPrefetchMetadataPayload(payload: WalletMessagePayload): payload is PrefetchMetadataPayload;
138
148
  declare function isConnectionRejectedPayload(payload: WalletMessagePayload): payload is ConnectionRejectedPayload;
@@ -194,4 +204,4 @@ declare function validateClientMessageEnvelope(envelope: ClientMessageEnvelope):
194
204
  errors: string[];
195
205
  };
196
206
 
197
- export { type AuthenticateConnectionPayload as A, type ClientMessagePayload as B, type ClientSessionClaim as C, type DisplayInfo as D, type EncryptedPayload as E, type ClientMessageEnvelope as F, isClientReconnectPayload as G, isCloseSessionPayload as H, WalletSessionClaimManager as I, createWalletMessageEnvelope as J, stripWalletSessionClaim as K, validateClaimTimestamp as L, validateWalletMessageEnvelope as M, ClientSessionClaimManager as N, createClientMessageEnvelope as O, type PrefetchMetadataPayload as P, type QRPayload as Q, type RelayMessageType as R, stripClientSessionClaim as S, validateClientClaimTimestamp as T, validateClientMessageEnvelope as U, type WalletSessionClaim as W, type WalletSessionClaimStorage as a, type ClientSessionClaimStorage as b, type RelayMessage as c, type WalletMessageEnvelope as d, type ClaimSessionPayload as e, type ConnectionRejectedPayload as f, type WalletReconnectPayload as g, type WalletMessagePayload as h, type RejectionData as i, type AuthenticationData as j, type WalletMetadata as k, type WalletHandshakeMessage as l, type ConnectionRejectedMessage as m, type ConnectionAuthenticatedMessage as n, type PrefetchMetadataResponse as o, type RelayToDAppMessage as p, isClaimSessionPayload as q, isPrefetchMetadataPayload as r, isConnectionRejectedPayload as s, isAuthenticateConnectionPayload as t, isWalletReconnectPayload as u, isWalletHandshakeMessage as v, isConnectionRejectedMessage as w, isConnectionAuthenticatedMessage as x, type ClientReconnectPayload as y, type CloseSessionPayload as z };
207
+ export { type AuthenticateConnectionPayload as A, type ClientHandshakeMessage as B, type ClientSessionClaim as C, type DisplayInfo as D, type EncryptedPayload as E, type CloseSessionPayload as F, type ClientMessagePayload as G, type ClientMessageEnvelope as H, isClientReconnectPayload as I, isCloseSessionPayload as J, isClientHandshakeMessage as K, WalletSessionClaimManager as L, createWalletMessageEnvelope as M, stripWalletSessionClaim as N, validateClaimTimestamp as O, type PrefetchMetadataPayload as P, type QRPayload as Q, type RelayMessageType as R, validateWalletMessageEnvelope as S, ClientSessionClaimManager as T, createClientMessageEnvelope as U, stripClientSessionClaim as V, type WalletSessionClaim as W, validateClientClaimTimestamp as X, validateClientMessageEnvelope as Y, type WalletSessionClaimStorage as a, type ClientSessionClaimStorage as b, type RelayMessage as c, type WalletMessageEnvelope as d, type ClaimSessionPayload as e, type ConnectionRejectedPayload as f, type WalletReconnectPayload as g, type WalletMessagePayload as h, type RejectionData as i, type AuthenticationData as j, type WalletMetadata as k, type WalletHandshakeMessage as l, type ConnectionRejectedMessage as m, type ConnectionAuthenticatedMessage as n, type PrefetchMetadataResponse as o, type RelayToDAppMessage as p, type RelayToWalletMessage as q, isClaimSessionPayload as r, isPrefetchMetadataPayload as s, isConnectionRejectedPayload as t, isAuthenticateConnectionPayload as u, isWalletReconnectPayload as v, isWalletHandshakeMessage as w, isConnectionRejectedMessage as x, isConnectionAuthenticatedMessage as y, type ClientReconnectPayload as z };
package/dist/crypto/providers/noble-provider.cjs CHANGED
@@ -1,14 +1,13 @@
1
1
  'use strict';
2
2
 
3
- var chunkMCZG7QEM_cjs = require('../../chunk-MCZG7QEM.cjs');
4
- require('../../chunk-A6FLEJ7R.cjs');
3
+ var chunkNGPP7HUR_cjs = require('../../chunk-NGPP7HUR.cjs');
5
4
  require('../../chunk-WGEGR3DF.cjs');
6
5
 
7
6
 
8
7
 
9
8
  Object.defineProperty(exports, "NobleCryptoProvider", {
10
9
  enumerable: true,
11
- get: function () { return chunkMCZG7QEM_cjs.NobleCryptoProvider; }
10
+ get: function () { return chunkNGPP7HUR_cjs.NobleCryptoProvider; }
12
11
  });
13
12
  //# sourceMappingURL=noble-provider.cjs.map
14
13
  //# sourceMappingURL=noble-provider.cjs.map
package/dist/crypto/providers/noble-provider.d.cts CHANGED
@@ -19,12 +19,5 @@ declare class NobleCryptoProvider implements CryptoProvider {
19
19
  generateHMAC(key: CryptoKeyLike, data: ArrayBuffer): Promise<ArrayBuffer>;
20
20
  verifyHMAC(key: CryptoKeyLike, data: ArrayBuffer, mac: ArrayBuffer): Promise<boolean>;
21
21
  }
22
- declare global {
23
- namespace BananaLink {
24
- interface RegisteredCryptoProviders {
25
- noble: true;
26
- }
27
- }
28
- }
29
22
 
30
23
  export { NobleCryptoProvider };
package/dist/crypto/providers/noble-provider.d.ts CHANGED
@@ -19,12 +19,5 @@ declare class NobleCryptoProvider implements CryptoProvider {
19
19
  generateHMAC(key: CryptoKeyLike, data: ArrayBuffer): Promise<ArrayBuffer>;
20
20
  verifyHMAC(key: CryptoKeyLike, data: ArrayBuffer, mac: ArrayBuffer): Promise<boolean>;
21
21
  }
22
- declare global {
23
- namespace BananaLink {
24
- interface RegisteredCryptoProviders {
25
- noble: true;
26
- }
27
- }
28
- }
29
22
 
30
23
  export { NobleCryptoProvider };
package/dist/crypto/providers/noble-provider.js CHANGED
@@ -1,5 +1,4 @@
1
- export { NobleCryptoProvider } from '../../chunk-32OWUOZ3.js';
2
- import '../../chunk-TCVKC227.js';
1
+ export { NobleCryptoProvider } from '../../chunk-KJ7QIHAY.js';
3
2
  import '../../chunk-WCQVDF3K.js';
4
3
  //# sourceMappingURL=noble-provider.js.map
5
4
  //# sourceMappingURL=noble-provider.js.map
package/dist/crypto/providers/node-provider.cjs CHANGED
@@ -1,6 +1,5 @@
1
1
  'use strict';
2
2
 
3
- var chunkA6FLEJ7R_cjs = require('../../chunk-A6FLEJ7R.cjs');
4
3
  var chunkWGEGR3DF_cjs = require('../../chunk-WGEGR3DF.cjs');
5
4
 
6
5
  // src/crypto/providers/node-provider.ts
@@ -62,9 +61,7 @@ var _NodeCryptoProvider = class _NodeCryptoProvider {
62
61
  try {
63
62
  this.cryptoModule = await import('crypto');
64
63
  } catch {
65
- throw new Error(
66
- "Failed to load Node.js crypto module. This provider requires a Node.js environment."
67
- );
64
+ throw new Error("Failed to load Node.js crypto module. This provider requires a Node.js environment.");
68
65
  }
69
66
  }
70
67
  return this.cryptoModule;
@@ -113,10 +110,7 @@ var _NodeCryptoProvider = class _NodeCryptoProvider {
113
110
  const y = Buffer.from(jwk.y, "base64url");
114
111
  const uncompressed = Buffer.concat([Buffer.from([4]), x, y]);
115
112
  return await Promise.resolve(
116
- uncompressed.buffer.slice(
117
- uncompressed.byteOffset,
118
- uncompressed.byteOffset + uncompressed.byteLength
119
- )
113
+ uncompressed.buffer.slice(uncompressed.byteOffset, uncompressed.byteOffset + uncompressed.byteLength)
120
114
  );
121
115
  }
122
116
  /**
@@ -134,9 +128,7 @@ var _NodeCryptoProvider = class _NodeCryptoProvider {
134
128
  });
135
129
  const jwk = keyObj.export({ format: "jwk" });
136
130
  const dValue = Buffer.from(jwk.d, "base64url");
137
- return await Promise.resolve(
138
- dValue.buffer.slice(dValue.byteOffset, dValue.byteOffset + dValue.byteLength)
139
- );
131
+ return await Promise.resolve(dValue.buffer.slice(dValue.byteOffset, dValue.byteOffset + dValue.byteLength));
140
132
  }
141
133
  /**
142
134
  * Import public key from raw ArrayBuffer format
@@ -223,16 +215,9 @@ var _NodeCryptoProvider = class _NodeCryptoProvider {
223
215
  keyObject.export(),
224
216
  Buffer.from(iv)
225
217
  );
226
- const encrypted = Buffer.concat([
227
- cipher.update(Buffer.from(data)),
228
- cipher.final(),
229
- cipher.getAuthTag()
230
- ]);
218
+ const encrypted = Buffer.concat([cipher.update(Buffer.from(data)), cipher.final(), cipher.getAuthTag()]);
231
219
  return await Promise.resolve(
232
- encrypted.buffer.slice(
233
- encrypted.byteOffset,
234
- encrypted.byteOffset + encrypted.byteLength
235
- )
220
+ encrypted.buffer.slice(encrypted.byteOffset, encrypted.byteOffset + encrypted.byteLength)
236
221
  );
237
222
  }
238
223
  /**
@@ -254,10 +239,7 @@ var _NodeCryptoProvider = class _NodeCryptoProvider {
254
239
  decipher.setAuthTag(authTag);
255
240
  const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
256
241
  return await Promise.resolve(
257
- decrypted.buffer.slice(
258
- decrypted.byteOffset,
259
- decrypted.byteOffset + decrypted.byteLength
260
- )
242
+ decrypted.buffer.slice(decrypted.byteOffset, decrypted.byteOffset + decrypted.byteLength)
261
243
  );
262
244
  }
263
245
  /**
@@ -284,10 +266,7 @@ var _NodeCryptoProvider = class _NodeCryptoProvider {
284
266
  if (expected.length !== actual.length) {
285
267
  return false;
286
268
  }
287
- return cryptoModule.timingSafeEqual(
288
- Buffer.from(expected),
289
- Buffer.from(actual)
290
- );
269
+ return cryptoModule.timingSafeEqual(Buffer.from(expected), Buffer.from(actual));
291
270
  }
292
271
  /**
293
272
  * Generate cryptographically secure random bytes
@@ -301,7 +280,6 @@ var _NodeCryptoProvider = class _NodeCryptoProvider {
301
280
  };
302
281
  chunkWGEGR3DF_cjs.__name(_NodeCryptoProvider, "NodeCryptoProvider");
303
282
  var NodeCryptoProvider = _NodeCryptoProvider;
304
- chunkA6FLEJ7R_cjs.registerCryptoProvider("node", (logger) => new NodeCryptoProvider(logger));
305
283
 
306
284
  exports.NodeCryptoProvider = NodeCryptoProvider;
307
285
  //# sourceMappingURL=node-provider.cjs.map
package/dist/crypto/providers/node-provider.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/crypto/providers/node-provider.ts"],"names":["__name","__require","registerCryptoProvider"],"mappings":";;;;;;AAaA,IAAM,qBAAA,GAAN,MAAM,qBAAA,CAA8C;AAAA,EAClD,WAAA,CACmB,WACA,OAAA,EACjB;AAFiB,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA,EAChB;AAAA,EAEH,IAAI,IAAA,GAAwC;AAC1C,IAAA,OAAO,IAAA,CAAK,OAAA;AAAA,EACd;AAAA,EAEA,IAAI,SAAA,GAAoB;AACtB,IAAA,OAAO,WAAA;AAAA,EACT;AAAA,EAEA,IAAI,WAAA,GAAuB;AACzB,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,IAAI,MAAA,GAA4B;AAC9B,IAAA,OAAO,IAAA,CAAK,YAAY,QAAA,GAAW,CAAC,WAAW,SAAS,CAAA,GAAI,CAAC,WAAW,CAAA;AAAA,EAC1E;AAAA,EAEA,IAAI,SAAA,GAAqB;AACvB,IAAA,OAAO,IAAA,CAAK,SAAA;AAAA,EACd;AACF,CAAA;AAzBoDA,wBAAA,CAAA,qBAAA,EAAA,sBAAA,CAAA;AAApD,IAAM,oBAAA,GAAN,qBAAA;AA8BA,SAAS,gBAAgB,OAAA,EAAiC;AACxD,EAAA,IAAI,mBAAmB,oBAAA,EAAsB;AAC3C,IAAA,OAAO,OAAA,CAAQ,SAAA;AAAA,EACjB;AAEA,EAAA,OAAO,OAAA;AACT;AANSA,wBAAA,CAAA,eAAA,EAAA,iBAAA,CAAA;AAyBF,IAAM,mBAAA,GAAN,MAAM,mBAAA,CAA6C;AAAA,EAkBxD,YAAY,MAAA,EAAiB;AAjB7B,IAAA,IAAA,CAAgB,IAAA,GAAO,YAAA;AAEvB,IAAA,IAAA,CAAQ,YAAA,GAAkC,IAAA;AAgBxC,IAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACrB,MAAA,MAAM,IAAI,MAAM,yDAAyD,CAAA;AAAA,IAC3E;AACA,IAAA,IAAA,CAAK,SAAS,MAAA,EAAQ,KAAA,CAAM,EAAE,SAAA,EAAW,sBAAsB,CAAA;AAAA,EACjE;AAAA,EAlBA,IAAW,WAAA,GAAuB;AAChC,IAAA,IAAI;AAEF,MAAA,IAAI,OAAO,OAAA,KAAY,WAAA,IAAe,CAAC,OAAA,CAAQ,UAAU,IAAA,EAAM;AAC7D,QAAA,OAAO,KAAA;AAAA,MACT;AAEA,MAAA,OAAO,IAAA;AAAA,IACT,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAc,SAAA,GAAiC;AAC7C,IAAA,IAAI,CAAC,KAAK,YAAA,EAAc;AACtB,MAAA,IAAI;AAEF,QAAA,IAAA,CAAK,YAAA,GAAe,MAAM,OAAO,QAAQ,CAAA;AAAA,MAC3C,CAAA,CAAA,MAAQ;AACN,QAAA,MAAM,IAAI,KAAA;AAAA,UACR;AAAA,SAEF;AAAA,MACF;AAAA,IACF;AACA,IAAA,OAAO,IAAA,CAAK,YAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eAAA,GAA4C;AAChD,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,oDAAoD,CAAA;AACvE,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAE1C,IAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,OAAA,EAAS,MAAA,KAAW;AACtC,MAAA,YAAA,CAAa,eAAA;AAAA,QACX,IAAA;AAAA,QACA;AAAA,UACE,UAAA,EAAY,YAAA;AAAA;AAAA,UACZ,iBAAA,EAAmB,EAAE,IAAA,EAAM,MAAA,EAAQ,QAAQ,KAAA,EAAM;AAAA,UACjD,kBAAA,EAAoB,EAAE,IAAA,EAAM,OAAA,EAAS,QAAQ,KAAA;AAAM,SACrD;AAAA;AAAA,QAEA,CAAC,GAAA,EAAmB,SAAA,EAAgB,UAAA,KAAoB;AACtD,UAAA,IAAI,GAAA,EAAK;AACP,YAAA,IAAA,CAAK,QAAQ,KAAA,CAAM,4BAAA,EAA8B,EAAE,KAAA,EAAO,KAAK,CAAA;AAC/D,YAAA,MAAA,CAAO,GAAG,CAAA;AACV,YAAA;AAAA,UACF;AAEA,UAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,+BAA+B,CAAA;AAClD,UAAA,OAAA,CAAQ;AAAA,YACN,SAAA,EAAW,IAAI,oBAAA,CAAqB,SAAA,EAAW,QAAQ,CAAA;AAAA,YACvD,UAAA,EAAY,IAAI,oBAAA,CAAqB,UAAA,EAAY,SAAS;AAAA,WAC3D,CAAA;AAAA,QACH;AAAA,OACF;AAAA,IACF,CAAC,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,SAAA,EAAgD;AACpE,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,sBAAsB,CAAA;AACzC,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,SAAS,CAAA;AAG3C,IAAA,MAAM,MAAA,GAAS,SAAA,YAAqB,MAAA,GAChC,YAAA,CAAa,eAAA,CAAgB,EAAE,GAAA,EAAK,SAAA,EAAW,MAAA,EAAQ,KAAA,EAAO,IAAA,EAAM,MAAA,EAAQ,CAAA,GAC5E,SAAA;AAIJ,IAAA,MAAM,MAAO,MAAA,CAAe,MAAA,CAAO,EAAE,MAAA,EAAQ,OAAO,CAAA;AAEpD,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,IAAA,CAAK,GAAA,CAAI,GAAa,WAAW,CAAA;AAElD,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,IAAA,CAAK,GAAA,CAAI,GAAa,WAAW,CAAA;AAGlD,IAAA,MAAM,YAAA,GAAe,MAAA,CAAO,MAAA,CAAO,CAAC,MAAA,CAAO,IAAA,CAAK,CAAC,CAAI,CAAC,CAAA,EAAG,CAAA,EAAG,CAAC,CAAC,CAAA;AAE9D,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA;AAAA,MACnB,aAAa,MAAA,CAAO,KAAA;AAAA,QAClB,YAAA,CAAa,UAAA;AAAA,QACb,YAAA,CAAa,aAAa,YAAA,CAAa;AAAA;AACzC,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iBAAiB,UAAA,EAAiD;AACtE,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,uBAAuB,CAAA;AAC1C,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,UAAU,CAAA;AAG5C,IAAA,MAAM,YAAY,SAAA,YAAqB,MAAA,GAAS,SAAA,GAAY,MAAA,CAAO,KAAK,SAAwB,CAAA;AAChG,IAAA,MAAM,MAAA,GAAS,aAAa,gBAAA,CAAiB;AAAA,MAC3C,GAAA,EAAK,SAAA;AAAA,MACL,MAAA,EAAQ,KAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAGD,IAAA,MAAM,MAAM,MAAA,CAAO,MAAA,CAAO,EAAE,MAAA,EAAQ,OAAO,CAAA;AAC3C,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,IAAA,CAAK,GAAA,CAAI,GAAa,WAAW,CAAA;AAEvD,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA;AAAA,MACnB,MAAA,CAAO,OAAO,KAAA,CAAM,MAAA,CAAO,YAAY,MAAA,CAAO,UAAA,GAAa,OAAO,UAAU;AAAA,KAC9E;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,OAAA,EAA8C;AAClE,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,sBAAsB,CAAA;AACzC,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,MAAA,CAAO,IAAA,CAAK,OAAO,CAAA;AAGrC,IAAA,IAAI,UAAU,MAAA,KAAW,EAAA,IAAM,SAAA,CAAU,CAAC,MAAM,CAAA,EAAM;AACpD,MAAA,MAAM,IAAI,MAAM,iEAAiE,CAAA;AAAA,IACnF;AAIA,IAAA,MAAM,CAAA,GAAI,SAAA,CAAU,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA;AAC/B,IAAA,MAAM,CAAA,GAAI,SAAA,CAAU,KAAA,CAAM,EAAA,EAAI,EAAE,CAAA;AAGhC,IAAA,MAAM,GAAA,GAAM;AAAA,MACV,GAAA,EAAK,IAAA;AAAA,MACL,GAAA,EAAK,OAAA;AAAA,MACL,CAAA,EAAG,CAAA,CAAE,QAAA,CAAS,WAAW,CAAA;AAAA,MACzB,CAAA,EAAG,CAAA,CAAE,QAAA,CAAS,WAAW;AAAA,KAC3B;AAEA,IAAA,MAAM,SAAA,GAAY,aAAa,eAAA,CAAgB,EAAE,KAAK,GAAA,EAAK,MAAA,EAAQ,OAAO,CAAA;AAC1E,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA,CAAQ,IAAI,oBAAA,CAAqB,SAAA,EAAW,QAAQ,CAAC,CAAA;AAAA,EAC5E;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iBAAiB,OAAA,EAA8C;AACnE,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,uBAAuB,CAAA;AAC1C,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,MAAA,CAAO,IAAA,CAAK,OAAO,CAAA;AAErC,IAAA,IAAI,SAAA,CAAU,WAAW,EAAA,EAAI;AAC3B,MAAA,MAAM,IAAI,MAAM,+CAA+C,CAAA;AAAA,IACjE;AAGA,IAAA,MAAM,GAAA,GAAM;AAAA,MACV,GAAA,EAAK,IAAA;AAAA,MACL,GAAA,EAAK,OAAA;AAAA,MACL,CAAA,EAAG,SAAA,CAAU,QAAA,CAAS,WAAW;AAAA,KACnC;AAEA,IAAA,MAAM,SAAA,GAAY,aAAa,gBAAA,CAAiB,EAAE,KAAK,GAAA,EAAK,MAAA,EAAQ,OAAO,CAAA;AAC3E,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA,CAAQ,IAAI,oBAAA,CAAqB,SAAA,EAAW,SAAS,CAAC,CAAA;AAAA,EAC7E;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,kBAAA,CAAmB,UAAA,EAA2B,SAAA,EAAkD;AACpG,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,wBAAwB,CAAA;AAC3C,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAG1C,IAAA,MAAM,IAAA,GAAO,YAAA,CAAa,UAAA,CAAW,YAAY,CAAA;AAGjD,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,gBAAA,CAAiB,UAAU,CAAA;AACzD,IAAA,IAAA,CAAK,aAAA,CAAc,MAAA,CAAO,IAAA,CAAK,UAAU,CAAC,CAAA;AAG1C,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,eAAA,CAAgB,SAAS,CAAA;AACtD,IAAA,MAAM,eAAe,IAAA,CAAK,aAAA,CAAc,MAAA,CAAO,IAAA,CAAK,SAAS,CAAC,CAAA;AAG9D,IAAA,MAAM,SAAA,GAAY,YAAA,CAAa,eAAA,CAAgB,YAAY,CAAA;AAC3D,IAAA,OAAO,IAAI,oBAAA,CAAqB,SAAA,EAAW,QAAQ,CAAA;AAAA,EACrD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBAAA,CACJ,YAAA,EACA,IAAA,EACA,IAAA,EACwB;AACxB,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,iCAAiC,CAAA;AACpD,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAG1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,YAAY,CAAA;AAE9C,IAAA,MAAM,eAAA,GAAmB,UAAkB,MAAA,EAAO;AAGlD,IAAA,MAAM,aAAa,YAAA,CAAa,QAAA;AAAA,MAC9B,QAAA;AAAA,MACA,OAAO,QAAA,CAAS,eAAe,IAAI,eAAA,GAAkB,MAAA,CAAO,KAAK,eAAe,CAAA;AAAA,MAChF,MAAA,CAAO,KAAK,IAAI,CAAA;AAAA,MAChB,MAAA,CAAO,KAAK,IAAI,CAAA;AAAA,MAChB;AAAA;AAAA,KACF;AAGA,IAAA,MAAM,YAAA,GAAe,YAAA,CAAa,eAAA,CAAgB,UAAU,CAAA;AAC5D,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA,CAAQ,IAAI,oBAAA,CAAqB,YAAA,EAAc,QAAQ,CAAC,CAAA;AAAA,EAC/E;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAA,CAAQ,GAAA,EAAoB,IAAA,EAAmB,EAAA,EAAuC;AAC1F,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,6BAA6B,CAAA;AAChD,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,GAAG,CAAA;AAErC,IAAA,MAAM,SAAS,YAAA,CAAa,cAAA;AAAA,MAC1B,aAAA;AAAA;AAAA,MAEC,UAAkB,MAAA,EAAO;AAAA,MAC1B,MAAA,CAAO,KAAK,EAAE;AAAA,KAChB;AAEA,IAAA,MAAM,SAAA,GAAY,OAAO,MAAA,CAAO;AAAA,MAC9B,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,CAAA;AAAA,MAC/B,OAAO,KAAA,EAAM;AAAA,MACb,OAAO,UAAA;AAAW,KACnB,CAAA;AAED,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA;AAAA,MACnB,UAAU,MAAA,CAAO,KAAA;AAAA,QACf,SAAA,CAAU,UAAA;AAAA,QACV,SAAA,CAAU,aAAa,SAAA,CAAU;AAAA;AACnC,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAA,CAAQ,GAAA,EAAoB,IAAA,EAAmB,EAAA,EAAuC;AAC1F,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,6BAA6B,CAAA;AAChD,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,GAAG,CAAA;AACrC,IAAA,MAAM,UAAA,GAAa,MAAA,CAAO,IAAA,CAAK,IAAI,CAAA;AAGnC,IAAA,MAAM,OAAA,GAAU,UAAA,CAAW,KAAA,CAAM,GAAG,CAAA;AACpC,IAAA,MAAM,UAAA,GAAa,UAAA,CAAW,KAAA,CAAM,CAAA,EAAG,GAAG,CAAA;AAE1C,IAAA,MAAM,WAAW,YAAA,CAAa,gBAAA;AAAA,MAC5B,aAAA;AAAA;AAAA,MAEC,UAAkB,MAAA,EAAO;AAAA,MAC1B,MAAA,CAAO,KAAK,EAAE;AAAA,KAChB;AACA,IAAA,QAAA,CAAS,WAAW,OAAO,CAAA;AAE3B,IAAA,MAAM,SAAA,GAAY,MAAA,CAAO,MAAA,CAAO,CAAC,QAAA,CAAS,MAAA,CAAO,UAAU,CAAA,EAAG,QAAA,CAAS,KAAA,EAAO,CAAC,CAAA;AAE/E,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA;AAAA,MACnB,UAAU,MAAA,CAAO,KAAA;AAAA,QACf,SAAA,CAAU,UAAA;AAAA,QACV,SAAA,CAAU,aAAa,SAAA,CAAU;AAAA;AACnC,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YAAA,CAAa,GAAA,EAAoB,IAAA,EAAyC;AAC9E,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,wBAAwB,CAAA;AAC3C,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,GAAG,CAAA;AAGrC,IAAA,MAAM,OAAO,YAAA,CAAa,UAAA,CAAW,QAAA,EAAW,SAAA,CAAkB,QAAQ,CAAA;AAC1E,IAAA,IAAA,CAAK,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,CAAA;AAC7B,IAAA,MAAM,GAAA,GAAM,KAAK,MAAA,EAAO;AAExB,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,MAAA,CAAO,KAAA,CAAM,GAAA,CAAI,UAAA,EAAY,GAAA,CAAI,UAAA,GAAa,GAAA,CAAI,UAAU,CAAC,CAAA;AAAA,EAChG;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAA,CAAW,GAAA,EAAoB,IAAA,EAAmB,GAAA,EAAoC;AAC1F,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,uBAAuB,CAAA;AAC1C,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,YAAA,CAAa,KAAK,IAAI,CAAA;AAClD,IAAA,MAAM,QAAA,GAAW,IAAI,UAAA,CAAW,GAAG,CAAA;AACnC,IAAA,MAAM,MAAA,GAAS,IAAI,UAAA,CAAW,QAAQ,CAAA;AAEtC,IAAA,IAAI,QAAA,CAAS,MAAA,KAAW,MAAA,CAAO,MAAA,EAAQ;AACrC,MAAA,OAAO,KAAA;AAAA,IACT;AAGA,IAAA,OAAO,YAAA,CAAa,eAAA;AAAA,MAClB,MAAA,CAAO,KAAK,QAAQ,CAAA;AAAA,MACpB,MAAA,CAAO,KAAK,MAAM;AAAA,KACpB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,YAAY,MAAA,EAA6B;AAGvC,IAAA,MAAM,YAAA,GAAe,IAAA,CAAK,YAAA,IAAgBC,2BAAA,CAAQ,QAAQ,CAAA;AAC1D,IAAA,MAAM,MAAA,GAAS,YAAA,CAAa,WAAA,CAAY,MAAM,CAAA;AAC9C,IAAA,OAAO,MAAA,CAAO,OAAO,KAAA,CAAM,MAAA,CAAO,YAAY,MAAA,CAAO,UAAA,GAAa,OAAO,UAAU,CAAA;AAAA,EACrF;AACF,CAAA;AA5V0DD,wBAAA,CAAA,mBAAA,EAAA,oBAAA,CAAA;AAAnD,IAAM,kBAAA,GAAN;AAkWPE,wCAAA,CAAuB,QAAQ,CAAC,MAAA,KAAW,IAAI,kBAAA,CAAmB,MAAM,CAAC,CAAA","file":"node-provider.cjs","sourcesContent":["import type { Logger } from '@bananalink-sdk/logger';\nimport type { CryptoProvider, CryptoKeyLike, ProviderKeyPair } from '../../types/crypto-provider';\nimport { registerCryptoProvider } from './registry';\n\n/**\n * Type definition for Node.js crypto module (loaded dynamically to prevent Metro bundling)\n */\ntype NodeCrypto = typeof import('crypto');\n\n/**\n * Node.js crypto.KeyObject wrapper to implement CryptoKeyLike interface\n * Note: keyObject type is unknown at compile time (crypto.KeyObject | Buffer at runtime)\n */\nclass NodeCryptoKeyWrapper implements CryptoKeyLike {\n constructor(\n private readonly keyObject: unknown, // crypto.KeyObject | Buffer at runtime\n private readonly keyType: 'public' | 'private' | 'secret'\n ) {}\n\n get type(): 'public' | 'private' | 'secret' {\n return this.keyType;\n }\n\n get algorithm(): string {\n return 'ECDH-P256';\n }\n\n get extractable(): boolean {\n return true;\n }\n\n get usages(): readonly string[] {\n return this.keyType === 'secret' ? ['encrypt', 'decrypt'] : ['deriveKey'];\n }\n\n get nativeKey(): unknown {\n return this.keyObject;\n }\n}\n\n/**\n * Helper function to unwrap CryptoKeyLike to native KeyObject or Buffer\n */\nfunction unwrapKeyObject(keyLike: CryptoKeyLike): unknown {\n if (keyLike instanceof NodeCryptoKeyWrapper) {\n return keyLike.nativeKey;\n }\n // Assume it's already a KeyObject\n return keyLike;\n}\n\n/**\n * Node.js crypto module implementation of CryptoProvider\n * Optimized for backend services with native crypto performance\n *\n * This provider uses the native Node.js crypto module which provides:\n * - Superior performance compared to Web Crypto API in Node.js\n * - Direct access to OpenSSL optimizations\n * - Zero additional dependencies\n * - Full support for ECDH P-256 and AES-256-GCM\n *\n * @example\n * ```typescript\n * import { NodeCryptoProvider } from '@bananalink-sdk/protocol/crypto/provider/node';\n * const provider = new NodeCryptoProvider();\n * const keyPair = await provider.generateKeyPair();\n * ```\n */\nexport class NodeCryptoProvider implements CryptoProvider {\n public readonly name = 'NodeCrypto';\n private readonly logger?: Logger;\n private cryptoModule: NodeCrypto | null = null;\n\n public get isAvailable(): boolean {\n try {\n // Check if we're in Node.js environment\n if (typeof process === 'undefined' || !process.versions?.node) {\n return false;\n }\n // Crypto module availability will be checked when getCrypto() is called\n return true;\n } catch {\n return false;\n }\n }\n\n constructor(logger?: Logger) {\n if (!this.isAvailable) {\n throw new Error('Node.js crypto module not available in this environment');\n }\n this.logger = logger?.child({ component: 'NodeCryptoProvider' });\n }\n\n /**\n * Get crypto module instance via dynamic import\n * This prevents Metro bundler from trying to resolve 'crypto' at build time\n */\n private async getCrypto(): Promise<NodeCrypto> {\n if (!this.cryptoModule) {\n try {\n // Dynamic import prevents static analysis by bundlers\n this.cryptoModule = await import('crypto');\n } catch {\n throw new Error(\n 'Failed to load Node.js crypto module. ' +\n 'This provider requires a Node.js environment.'\n );\n }\n }\n return this.cryptoModule;\n }\n\n /**\n * Generate ECDH P-256 key pair using Node.js crypto\n */\n async generateKeyPair(): Promise<ProviderKeyPair> {\n this.logger?.debug('Generating ECDH P-256 key pair with Node.js crypto');\n const cryptoModule = await this.getCrypto();\n\n return new Promise((resolve, reject) => {\n cryptoModule.generateKeyPair(\n 'ec',\n {\n namedCurve: 'prime256v1', // P-256\n publicKeyEncoding: { type: 'spki', format: 'der' },\n privateKeyEncoding: { type: 'pkcs8', format: 'der' },\n },\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n (err: Error | null, publicKey: any, privateKey: any) => {\n if (err) {\n this.logger?.error('Key pair generation failed', { error: err });\n reject(err);\n return;\n }\n\n this.logger?.debug('Key pair generation completed');\n resolve({\n publicKey: new NodeCryptoKeyWrapper(publicKey, 'public'),\n privateKey: new NodeCryptoKeyWrapper(privateKey, 'private'),\n });\n }\n );\n });\n }\n\n /**\n * Export public key to raw ArrayBuffer format (65 bytes uncompressed)\n */\n async exportPublicKey(publicKey: CryptoKeyLike): Promise<ArrayBuffer> {\n this.logger?.debug('Exporting public key');\n const cryptoModule = await this.getCrypto();\n const keyObject = unwrapKeyObject(publicKey);\n\n // If it's a Buffer (DER format from generateKeyPair), convert to KeyObject first\n const keyObj = keyObject instanceof Buffer\n ? cryptoModule.createPublicKey({ key: keyObject, format: 'der', type: 'spki' })\n : keyObject;\n\n // Export as JWK to get X/Y coordinates\n // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any\n const jwk = (keyObj as any).export({ format: 'jwk' });\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n const x = Buffer.from(jwk.x as string, 'base64url');\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n const y = Buffer.from(jwk.y as string, 'base64url');\n\n // Construct 65-byte uncompressed point: 0x04 + X (32 bytes) + Y (32 bytes)\n const uncompressed = Buffer.concat([Buffer.from([0x04]), x, y]);\n\n return await Promise.resolve(\n uncompressed.buffer.slice(\n uncompressed.byteOffset,\n uncompressed.byteOffset + uncompressed.byteLength\n )\n );\n }\n\n /**\n * Export private key to raw ArrayBuffer format (32 bytes)\n */\n async exportPrivateKey(privateKey: CryptoKeyLike): Promise<ArrayBuffer> {\n this.logger?.debug('Exporting private key');\n const cryptoModule = await this.getCrypto();\n const keyObject = unwrapKeyObject(privateKey);\n\n // Convert KeyObject to raw format\n const keyBuffer = keyObject instanceof Buffer ? keyObject : Buffer.from(keyObject as ArrayBuffer);\n const keyObj = cryptoModule.createPrivateKey({\n key: keyBuffer,\n format: 'der',\n type: 'pkcs8',\n });\n\n // Export as raw scalar (32 bytes)\n const jwk = keyObj.export({ format: 'jwk' });\n const dValue = Buffer.from(jwk.d as string, 'base64url');\n\n return await Promise.resolve(\n dValue.buffer.slice(dValue.byteOffset, dValue.byteOffset + dValue.byteLength)\n );\n }\n\n /**\n * Import public key from raw ArrayBuffer format\n */\n async importPublicKey(keyData: ArrayBuffer): Promise<CryptoKeyLike> {\n this.logger?.debug('Importing public key');\n const cryptoModule = await this.getCrypto();\n const keyBuffer = Buffer.from(keyData);\n\n // Ensure it's uncompressed format (65 bytes starting with 0x04)\n if (keyBuffer.length !== 65 || keyBuffer[0] !== 0x04) {\n throw new Error('Invalid public key format: expected 65 bytes uncompressed point');\n }\n\n // Create KeyObject from raw uncompressed point\n // We need to wrap it in DER format\n const x = keyBuffer.slice(1, 33);\n const y = keyBuffer.slice(33, 65);\n\n // Create JWK representation\n const jwk = {\n kty: 'EC' as const,\n crv: 'P-256' as const,\n x: x.toString('base64url'),\n y: y.toString('base64url'),\n };\n\n const keyObject = cryptoModule.createPublicKey({ key: jwk, format: 'jwk' });\n return await Promise.resolve(new NodeCryptoKeyWrapper(keyObject, 'public'));\n }\n\n /**\n * Import private key from raw ArrayBuffer format\n */\n async importPrivateKey(keyData: ArrayBuffer): Promise<CryptoKeyLike> {\n this.logger?.debug('Importing private key');\n const cryptoModule = await this.getCrypto();\n const keyBuffer = Buffer.from(keyData);\n\n if (keyBuffer.length !== 32) {\n throw new Error('Invalid private key format: expected 32 bytes');\n }\n\n // Create JWK representation\n const jwk = {\n kty: 'EC' as const,\n crv: 'P-256' as const,\n d: keyBuffer.toString('base64url'),\n };\n\n const keyObject = cryptoModule.createPrivateKey({ key: jwk, format: 'jwk' });\n return await Promise.resolve(new NodeCryptoKeyWrapper(keyObject, 'private'));\n }\n\n /**\n * Derive shared secret using ECDH\n */\n async deriveSharedSecret(privateKey: CryptoKeyLike, publicKey: CryptoKeyLike): Promise<CryptoKeyLike> {\n this.logger?.debug('Deriving shared secret');\n const cryptoModule = await this.getCrypto();\n\n // Create ECDH object\n const ecdh = cryptoModule.createECDH('prime256v1');\n\n // Set private key\n const privateRaw = await this.exportPrivateKey(privateKey);\n ecdh.setPrivateKey(Buffer.from(privateRaw));\n\n // Compute shared secret\n const publicRaw = await this.exportPublicKey(publicKey);\n const sharedSecret = ecdh.computeSecret(Buffer.from(publicRaw));\n\n // Wrap as secret key\n const keyObject = cryptoModule.createSecretKey(sharedSecret);\n return new NodeCryptoKeyWrapper(keyObject, 'secret');\n }\n\n /**\n * Derive AES-GCM encryption key using HKDF-SHA256\n */\n async deriveEncryptionKey(\n sharedSecret: CryptoKeyLike,\n salt: ArrayBuffer,\n info: ArrayBuffer\n ): Promise<CryptoKeyLike> {\n this.logger?.debug('Deriving AES-GCM encryption key');\n const cryptoModule = await this.getCrypto();\n\n // Extract raw shared secret\n const keyObject = unwrapKeyObject(sharedSecret);\n // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any\n const sharedSecretRaw = (keyObject as any).export();\n\n // Use HKDF to derive 32-byte key\n const derivedKey = cryptoModule.hkdfSync(\n 'sha256',\n Buffer.isBuffer(sharedSecretRaw) ? sharedSecretRaw : Buffer.from(sharedSecretRaw),\n Buffer.from(salt),\n Buffer.from(info),\n 32 // 256 bits\n ) as Buffer;\n\n // Create secret key object\n const aesKeyObject = cryptoModule.createSecretKey(derivedKey);\n return await Promise.resolve(new NodeCryptoKeyWrapper(aesKeyObject, 'secret'));\n }\n\n /**\n * Encrypt data using AES-256-GCM\n */\n async encrypt(key: CryptoKeyLike, data: ArrayBuffer, iv: ArrayBuffer): Promise<ArrayBuffer> {\n this.logger?.debug('Encrypting with AES-256-GCM');\n const cryptoModule = await this.getCrypto();\n const keyObject = unwrapKeyObject(key);\n\n const cipher = cryptoModule.createCipheriv(\n 'aes-256-gcm',\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any\n (keyObject as any).export(),\n Buffer.from(iv)\n );\n\n const encrypted = Buffer.concat([\n cipher.update(Buffer.from(data)),\n cipher.final(),\n cipher.getAuthTag(),\n ]);\n\n return await Promise.resolve(\n encrypted.buffer.slice(\n encrypted.byteOffset,\n encrypted.byteOffset + encrypted.byteLength\n )\n );\n }\n\n /**\n * Decrypt data using AES-256-GCM\n */\n async decrypt(key: CryptoKeyLike, data: ArrayBuffer, iv: ArrayBuffer): Promise<ArrayBuffer> {\n this.logger?.debug('Decrypting with AES-256-GCM');\n const cryptoModule = await this.getCrypto();\n const keyObject = unwrapKeyObject(key);\n const dataBuffer = Buffer.from(data);\n\n // Last 16 bytes are the auth tag\n const authTag = dataBuffer.slice(-16);\n const ciphertext = dataBuffer.slice(0, -16);\n\n const decipher = cryptoModule.createDecipheriv(\n 'aes-256-gcm',\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any\n (keyObject as any).export(),\n Buffer.from(iv)\n );\n decipher.setAuthTag(authTag);\n\n const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);\n\n return await Promise.resolve(\n decrypted.buffer.slice(\n decrypted.byteOffset,\n decrypted.byteOffset + decrypted.byteLength\n )\n );\n }\n\n /**\n * Generate HMAC-SHA256 authentication code\n */\n async generateHMAC(key: CryptoKeyLike, data: ArrayBuffer): Promise<ArrayBuffer> {\n this.logger?.debug('Generating HMAC-SHA256');\n const cryptoModule = await this.getCrypto();\n const keyObject = unwrapKeyObject(key);\n\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any\n const hmac = cryptoModule.createHmac('sha256', (keyObject as any).export());\n hmac.update(Buffer.from(data));\n const mac = hmac.digest();\n\n return await Promise.resolve(mac.buffer.slice(mac.byteOffset, mac.byteOffset + mac.byteLength));\n }\n\n /**\n * Verify HMAC-SHA256 authentication code\n */\n async verifyHMAC(key: CryptoKeyLike, data: ArrayBuffer, mac: ArrayBuffer): Promise<boolean> {\n this.logger?.debug('Verifying HMAC-SHA256');\n const cryptoModule = await this.getCrypto();\n const computed = await this.generateHMAC(key, data);\n const expected = new Uint8Array(mac);\n const actual = new Uint8Array(computed);\n\n if (expected.length !== actual.length) {\n return false;\n }\n\n // Constant-time comparison\n return cryptoModule.timingSafeEqual(\n Buffer.from(expected),\n Buffer.from(actual)\n );\n }\n\n /**\n * Generate cryptographically secure random bytes\n * Note: This is a synchronous method, so it uses require() instead of dynamic import\n */\n randomBytes(length: number): ArrayBuffer {\n // Use cached module if available, otherwise use synchronous require\n // eslint-disable-next-line @typescript-eslint/no-require-imports\n const cryptoModule = this.cryptoModule ?? require('crypto') as NodeCrypto;\n const buffer = cryptoModule.randomBytes(length);\n return buffer.buffer.slice(buffer.byteOffset, buffer.byteOffset + buffer.byteLength);\n }\n}\n\n/**\n * Self-register Node provider on import\n * This allows the provider to be available when explicitly imported\n */\nregisterCryptoProvider('node', (logger) => new NodeCryptoProvider(logger));\n\n// TypeScript module augmentation to track this provider is available\ndeclare global {\n // eslint-disable-next-line @typescript-eslint/no-namespace\n namespace BananaLink {\n interface RegisteredCryptoProviders {\n node: true;\n }\n }\n}\n"]}
1
+ {"version":3,"sources":["../../../src/crypto/providers/node-provider.ts"],"names":["__name","__require"],"mappings":";;;;;AAYA,IAAM,qBAAA,GAAN,MAAM,qBAAA,CAA8C;AAAA,EAClD,WAAA,CACmB,WACA,OAAA,EACjB;AAFiB,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA,EAChB;AAAA,EAEH,IAAI,IAAA,GAAwC;AAC1C,IAAA,OAAO,IAAA,CAAK,OAAA;AAAA,EACd;AAAA,EAEA,IAAI,SAAA,GAAoB;AACtB,IAAA,OAAO,WAAA;AAAA,EACT;AAAA,EAEA,IAAI,WAAA,GAAuB;AACzB,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,IAAI,MAAA,GAA4B;AAC9B,IAAA,OAAO,IAAA,CAAK,YAAY,QAAA,GAAW,CAAC,WAAW,SAAS,CAAA,GAAI,CAAC,WAAW,CAAA;AAAA,EAC1E;AAAA,EAEA,IAAI,SAAA,GAAqB;AACvB,IAAA,OAAO,IAAA,CAAK,SAAA;AAAA,EACd;AACF,CAAA;AAzBoDA,wBAAA,CAAA,qBAAA,EAAA,sBAAA,CAAA;AAApD,IAAM,oBAAA,GAAN,qBAAA;AA8BA,SAAS,gBAAgB,OAAA,EAAiC;AACxD,EAAA,IAAI,mBAAmB,oBAAA,EAAsB;AAC3C,IAAA,OAAO,OAAA,CAAQ,SAAA;AAAA,EACjB;AAEA,EAAA,OAAO,OAAA;AACT;AANSA,wBAAA,CAAA,eAAA,EAAA,iBAAA,CAAA;AAyBF,IAAM,mBAAA,GAAN,MAAM,mBAAA,CAA6C;AAAA,EAkBxD,YAAY,MAAA,EAAiB;AAjB7B,IAAA,IAAA,CAAgB,IAAA,GAAO,YAAA;AAEvB,IAAA,IAAA,CAAQ,YAAA,GAAkC,IAAA;AAgBxC,IAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACrB,MAAA,MAAM,IAAI,MAAM,yDAAyD,CAAA;AAAA,IAC3E;AACA,IAAA,IAAA,CAAK,SAAS,MAAA,EAAQ,KAAA,CAAM,EAAE,SAAA,EAAW,sBAAsB,CAAA;AAAA,EACjE;AAAA,EAlBA,IAAW,WAAA,GAAuB;AAChC,IAAA,IAAI;AAEF,MAAA,IAAI,OAAO,OAAA,KAAY,WAAA,IAAe,CAAC,OAAA,CAAQ,UAAU,IAAA,EAAM;AAC7D,QAAA,OAAO,KAAA;AAAA,MACT;AAEA,MAAA,OAAO,IAAA;AAAA,IACT,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAc,SAAA,GAAiC;AAC7C,IAAA,IAAI,CAAC,KAAK,YAAA,EAAc;AACtB,MAAA,IAAI;AAEF,QAAA,IAAA,CAAK,YAAA,GAAe,MAAM,OAAO,QAAQ,CAAA;AAAA,MAC3C,CAAA,CAAA,MAAQ;AACN,QAAA,MAAM,IAAI,MAAM,qFAA0F,CAAA;AAAA,MAC5G;AAAA,IACF;AACA,IAAA,OAAO,IAAA,CAAK,YAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eAAA,GAA4C;AAChD,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,oDAAoD,CAAA;AACvE,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAE1C,IAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,OAAA,EAAS,MAAA,KAAW;AACtC,MAAA,YAAA,CAAa,eAAA;AAAA,QACX,IAAA;AAAA,QACA;AAAA,UACE,UAAA,EAAY,YAAA;AAAA;AAAA,UACZ,iBAAA,EAAmB,EAAE,IAAA,EAAM,MAAA,EAAQ,QAAQ,KAAA,EAAM;AAAA,UACjD,kBAAA,EAAoB,EAAE,IAAA,EAAM,OAAA,EAAS,QAAQ,KAAA;AAAM,SACrD;AAAA;AAAA,QAEA,CAAC,GAAA,EAAmB,SAAA,EAAgB,UAAA,KAAoB;AACtD,UAAA,IAAI,GAAA,EAAK;AACP,YAAA,IAAA,CAAK,QAAQ,KAAA,CAAM,4BAAA,EAA8B,EAAE,KAAA,EAAO,KAAK,CAAA;AAC/D,YAAA,MAAA,CAAO,GAAG,CAAA;AACV,YAAA;AAAA,UACF;AAEA,UAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,+BAA+B,CAAA;AAClD,UAAA,OAAA,CAAQ;AAAA,YACN,SAAA,EAAW,IAAI,oBAAA,CAAqB,SAAA,EAAW,QAAQ,CAAA;AAAA,YACvD,UAAA,EAAY,IAAI,oBAAA,CAAqB,UAAA,EAAY,SAAS;AAAA,WAC3D,CAAA;AAAA,QACH;AAAA,OACF;AAAA,IACF,CAAC,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,SAAA,EAAgD;AACpE,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,sBAAsB,CAAA;AACzC,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,SAAS,CAAA;AAG3C,IAAA,MAAM,MAAA,GACJ,SAAA,YAAqB,MAAA,GACjB,YAAA,CAAa,eAAA,CAAgB,EAAE,GAAA,EAAK,SAAA,EAAW,MAAA,EAAQ,KAAA,EAAO,IAAA,EAAM,MAAA,EAAQ,CAAA,GAC5E,SAAA;AAIN,IAAA,MAAM,MAAO,MAAA,CAAe,MAAA,CAAO,EAAE,MAAA,EAAQ,OAAO,CAAA;AAEpD,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,IAAA,CAAK,GAAA,CAAI,GAAa,WAAW,CAAA;AAElD,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,IAAA,CAAK,GAAA,CAAI,GAAa,WAAW,CAAA;AAGlD,IAAA,MAAM,YAAA,GAAe,MAAA,CAAO,MAAA,CAAO,CAAC,MAAA,CAAO,IAAA,CAAK,CAAC,CAAI,CAAC,CAAA,EAAG,CAAA,EAAG,CAAC,CAAC,CAAA;AAE9D,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA;AAAA,MACnB,YAAA,CAAa,OAAO,KAAA,CAAM,YAAA,CAAa,YAAY,YAAA,CAAa,UAAA,GAAa,aAAa,UAAU;AAAA,KACtG;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iBAAiB,UAAA,EAAiD;AACtE,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,uBAAuB,CAAA;AAC1C,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,UAAU,CAAA;AAG5C,IAAA,MAAM,YAAY,SAAA,YAAqB,MAAA,GAAS,SAAA,GAAY,MAAA,CAAO,KAAK,SAAwB,CAAA;AAChG,IAAA,MAAM,MAAA,GAAS,aAAa,gBAAA,CAAiB;AAAA,MAC3C,GAAA,EAAK,SAAA;AAAA,MACL,MAAA,EAAQ,KAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAGD,IAAA,MAAM,MAAM,MAAA,CAAO,MAAA,CAAO,EAAE,MAAA,EAAQ,OAAO,CAAA;AAC3C,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,IAAA,CAAK,GAAA,CAAI,GAAa,WAAW,CAAA;AAEvD,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA,CAAQ,MAAA,CAAO,MAAA,CAAO,KAAA,CAAM,MAAA,CAAO,UAAA,EAAY,MAAA,CAAO,UAAA,GAAa,MAAA,CAAO,UAAU,CAAC,CAAA;AAAA,EAC5G;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,OAAA,EAA8C;AAClE,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,sBAAsB,CAAA;AACzC,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,MAAA,CAAO,IAAA,CAAK,OAAO,CAAA;AAGrC,IAAA,IAAI,UAAU,MAAA,KAAW,EAAA,IAAM,SAAA,CAAU,CAAC,MAAM,CAAA,EAAM;AACpD,MAAA,MAAM,IAAI,MAAM,iEAAiE,CAAA;AAAA,IACnF;AAIA,IAAA,MAAM,CAAA,GAAI,SAAA,CAAU,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA;AAC/B,IAAA,MAAM,CAAA,GAAI,SAAA,CAAU,KAAA,CAAM,EAAA,EAAI,EAAE,CAAA;AAGhC,IAAA,MAAM,GAAA,GAAM;AAAA,MACV,GAAA,EAAK,IAAA;AAAA,MACL,GAAA,EAAK,OAAA;AAAA,MACL,CAAA,EAAG,CAAA,CAAE,QAAA,CAAS,WAAW,CAAA;AAAA,MACzB,CAAA,EAAG,CAAA,CAAE,QAAA,CAAS,WAAW;AAAA,KAC3B;AAEA,IAAA,MAAM,SAAA,GAAY,aAAa,eAAA,CAAgB,EAAE,KAAK,GAAA,EAAK,MAAA,EAAQ,OAAO,CAAA;AAC1E,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA,CAAQ,IAAI,oBAAA,CAAqB,SAAA,EAAW,QAAQ,CAAC,CAAA;AAAA,EAC5E;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iBAAiB,OAAA,EAA8C;AACnE,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,uBAAuB,CAAA;AAC1C,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,MAAA,CAAO,IAAA,CAAK,OAAO,CAAA;AAErC,IAAA,IAAI,SAAA,CAAU,WAAW,EAAA,EAAI;AAC3B,MAAA,MAAM,IAAI,MAAM,+CAA+C,CAAA;AAAA,IACjE;AAGA,IAAA,MAAM,GAAA,GAAM;AAAA,MACV,GAAA,EAAK,IAAA;AAAA,MACL,GAAA,EAAK,OAAA;AAAA,MACL,CAAA,EAAG,SAAA,CAAU,QAAA,CAAS,WAAW;AAAA,KACnC;AAEA,IAAA,MAAM,SAAA,GAAY,aAAa,gBAAA,CAAiB,EAAE,KAAK,GAAA,EAAK,MAAA,EAAQ,OAAO,CAAA;AAC3E,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA,CAAQ,IAAI,oBAAA,CAAqB,SAAA,EAAW,SAAS,CAAC,CAAA;AAAA,EAC7E;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,kBAAA,CAAmB,UAAA,EAA2B,SAAA,EAAkD;AACpG,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,wBAAwB,CAAA;AAC3C,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAG1C,IAAA,MAAM,IAAA,GAAO,YAAA,CAAa,UAAA,CAAW,YAAY,CAAA;AAGjD,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,gBAAA,CAAiB,UAAU,CAAA;AACzD,IAAA,IAAA,CAAK,aAAA,CAAc,MAAA,CAAO,IAAA,CAAK,UAAU,CAAC,CAAA;AAG1C,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,eAAA,CAAgB,SAAS,CAAA;AACtD,IAAA,MAAM,eAAe,IAAA,CAAK,aAAA,CAAc,MAAA,CAAO,IAAA,CAAK,SAAS,CAAC,CAAA;AAG9D,IAAA,MAAM,SAAA,GAAY,YAAA,CAAa,eAAA,CAAgB,YAAY,CAAA;AAC3D,IAAA,OAAO,IAAI,oBAAA,CAAqB,SAAA,EAAW,QAAQ,CAAA;AAAA,EACrD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBAAA,CAAoB,YAAA,EAA6B,IAAA,EAAmB,IAAA,EAA2C;AACnH,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,iCAAiC,CAAA;AACpD,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAG1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,YAAY,CAAA;AAE9C,IAAA,MAAM,eAAA,GAAmB,UAAkB,MAAA,EAAO;AAGlD,IAAA,MAAM,aAAa,YAAA,CAAa,QAAA;AAAA,MAC9B,QAAA;AAAA,MACA,OAAO,QAAA,CAAS,eAAe,IAAI,eAAA,GAAkB,MAAA,CAAO,KAAK,eAAe,CAAA;AAAA,MAChF,MAAA,CAAO,KAAK,IAAI,CAAA;AAAA,MAChB,MAAA,CAAO,KAAK,IAAI,CAAA;AAAA,MAChB;AAAA;AAAA,KACF;AAGA,IAAA,MAAM,YAAA,GAAe,YAAA,CAAa,eAAA,CAAgB,UAAU,CAAA;AAC5D,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA,CAAQ,IAAI,oBAAA,CAAqB,YAAA,EAAc,QAAQ,CAAC,CAAA;AAAA,EAC/E;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAA,CAAQ,GAAA,EAAoB,IAAA,EAAmB,EAAA,EAAuC;AAC1F,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,6BAA6B,CAAA;AAChD,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,GAAG,CAAA;AAErC,IAAA,MAAM,SAAS,YAAA,CAAa,cAAA;AAAA,MAC1B,aAAA;AAAA;AAAA,MAEC,UAAkB,MAAA,EAAO;AAAA,MAC1B,MAAA,CAAO,KAAK,EAAE;AAAA,KAChB;AAEA,IAAA,MAAM,YAAY,MAAA,CAAO,MAAA,CAAO,CAAC,MAAA,CAAO,OAAO,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,GAAG,MAAA,CAAO,KAAA,IAAS,MAAA,CAAO,UAAA,EAAY,CAAC,CAAA;AAEvG,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA;AAAA,MACnB,SAAA,CAAU,OAAO,KAAA,CAAM,SAAA,CAAU,YAAY,SAAA,CAAU,UAAA,GAAa,UAAU,UAAU;AAAA,KAC1F;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAA,CAAQ,GAAA,EAAoB,IAAA,EAAmB,EAAA,EAAuC;AAC1F,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,6BAA6B,CAAA;AAChD,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,GAAG,CAAA;AACrC,IAAA,MAAM,UAAA,GAAa,MAAA,CAAO,IAAA,CAAK,IAAI,CAAA;AAGnC,IAAA,MAAM,OAAA,GAAU,UAAA,CAAW,KAAA,CAAM,GAAG,CAAA;AACpC,IAAA,MAAM,UAAA,GAAa,UAAA,CAAW,KAAA,CAAM,CAAA,EAAG,GAAG,CAAA;AAE1C,IAAA,MAAM,WAAW,YAAA,CAAa,gBAAA;AAAA,MAC5B,aAAA;AAAA;AAAA,MAEC,UAAkB,MAAA,EAAO;AAAA,MAC1B,MAAA,CAAO,KAAK,EAAE;AAAA,KAChB;AACA,IAAA,QAAA,CAAS,WAAW,OAAO,CAAA;AAE3B,IAAA,MAAM,SAAA,GAAY,MAAA,CAAO,MAAA,CAAO,CAAC,QAAA,CAAS,MAAA,CAAO,UAAU,CAAA,EAAG,QAAA,CAAS,KAAA,EAAO,CAAC,CAAA;AAE/E,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA;AAAA,MACnB,SAAA,CAAU,OAAO,KAAA,CAAM,SAAA,CAAU,YAAY,SAAA,CAAU,UAAA,GAAa,UAAU,UAAU;AAAA,KAC1F;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YAAA,CAAa,GAAA,EAAoB,IAAA,EAAyC;AAC9E,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,wBAAwB,CAAA;AAC3C,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,GAAG,CAAA;AAGrC,IAAA,MAAM,OAAO,YAAA,CAAa,UAAA,CAAW,QAAA,EAAW,SAAA,CAAkB,QAAQ,CAAA;AAC1E,IAAA,IAAA,CAAK,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,CAAA;AAC7B,IAAA,MAAM,GAAA,GAAM,KAAK,MAAA,EAAO;AAExB,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,MAAA,CAAO,KAAA,CAAM,GAAA,CAAI,UAAA,EAAY,GAAA,CAAI,UAAA,GAAa,GAAA,CAAI,UAAU,CAAC,CAAA;AAAA,EAChG;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAA,CAAW,GAAA,EAAoB,IAAA,EAAmB,GAAA,EAAoC;AAC1F,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,uBAAuB,CAAA;AAC1C,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,YAAA,CAAa,KAAK,IAAI,CAAA;AAClD,IAAA,MAAM,QAAA,GAAW,IAAI,UAAA,CAAW,GAAG,CAAA;AACnC,IAAA,MAAM,MAAA,GAAS,IAAI,UAAA,CAAW,QAAQ,CAAA;AAEtC,IAAA,IAAI,QAAA,CAAS,MAAA,KAAW,MAAA,CAAO,MAAA,EAAQ;AACrC,MAAA,OAAO,KAAA;AAAA,IACT;AAGA,IAAA,OAAO,YAAA,CAAa,gBAAgB,MAAA,CAAO,IAAA,CAAK,QAAQ,CAAA,EAAG,MAAA,CAAO,IAAA,CAAK,MAAM,CAAC,CAAA;AAAA,EAChF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,YAAY,MAAA,EAA6B;AAGvC,IAAA,MAAM,YAAA,GAAe,IAAA,CAAK,YAAA,IAAiBC,2BAAA,CAAQ,QAAQ,CAAA;AAC3D,IAAA,MAAM,MAAA,GAAS,YAAA,CAAa,WAAA,CAAY,MAAM,CAAA;AAC9C,IAAA,OAAO,MAAA,CAAO,OAAO,KAAA,CAAM,MAAA,CAAO,YAAY,MAAA,CAAO,UAAA,GAAa,OAAO,UAAU,CAAA;AAAA,EACrF;AACF,CAAA;AApU0DD,wBAAA,CAAA,mBAAA,EAAA,oBAAA,CAAA;AAAnD,IAAM,kBAAA,GAAN","file":"node-provider.cjs","sourcesContent":["import type { Logger } from '@bananalink-sdk/logger';\nimport type { CryptoProvider, CryptoKeyLike, ProviderKeyPair } from '../../types/crypto-provider';\n\n/**\n * Type definition for Node.js crypto module (loaded dynamically to prevent Metro bundling)\n */\ntype NodeCrypto = typeof import('crypto');\n\n/**\n * Node.js crypto.KeyObject wrapper to implement CryptoKeyLike interface\n * Note: keyObject type is unknown at compile time (crypto.KeyObject | Buffer at runtime)\n */\nclass NodeCryptoKeyWrapper implements CryptoKeyLike {\n constructor(\n private readonly keyObject: unknown, // crypto.KeyObject | Buffer at runtime\n private readonly keyType: 'public' | 'private' | 'secret',\n ) {}\n\n get type(): 'public' | 'private' | 'secret' {\n return this.keyType;\n }\n\n get algorithm(): string {\n return 'ECDH-P256';\n }\n\n get extractable(): boolean {\n return true;\n }\n\n get usages(): readonly string[] {\n return this.keyType === 'secret' ? ['encrypt', 'decrypt'] : ['deriveKey'];\n }\n\n get nativeKey(): unknown {\n return this.keyObject;\n }\n}\n\n/**\n * Helper function to unwrap CryptoKeyLike to native KeyObject or Buffer\n */\nfunction unwrapKeyObject(keyLike: CryptoKeyLike): unknown {\n if (keyLike instanceof NodeCryptoKeyWrapper) {\n return keyLike.nativeKey;\n }\n // Assume it's already a KeyObject\n return keyLike;\n}\n\n/**\n * Node.js crypto module implementation of CryptoProvider\n * Optimized for backend services with native crypto performance\n *\n * This provider uses the native Node.js crypto module which provides:\n * - Superior performance compared to Web Crypto API in Node.js\n * - Direct access to OpenSSL optimizations\n * - Zero additional dependencies\n * - Full support for ECDH P-256 and AES-256-GCM\n *\n * @example\n * ```typescript\n * import { NodeCryptoProvider } from '@bananalink-sdk/protocol/crypto/provider/node';\n * const provider = new NodeCryptoProvider();\n * const keyPair = await provider.generateKeyPair();\n * ```\n */\nexport class NodeCryptoProvider implements CryptoProvider {\n public readonly name = 'NodeCrypto';\n private readonly logger?: Logger;\n private cryptoModule: NodeCrypto | null = null;\n\n public get isAvailable(): boolean {\n try {\n // Check if we're in Node.js environment\n if (typeof process === 'undefined' || !process.versions?.node) {\n return false;\n }\n // Crypto module availability will be checked when getCrypto() is called\n return true;\n } catch {\n return false;\n }\n }\n\n constructor(logger?: Logger) {\n if (!this.isAvailable) {\n throw new Error('Node.js crypto module not available in this environment');\n }\n this.logger = logger?.child({ component: 'NodeCryptoProvider' });\n }\n\n /**\n * Get crypto module instance via dynamic import\n * This prevents Metro bundler from trying to resolve 'crypto' at build time\n */\n private async getCrypto(): Promise<NodeCrypto> {\n if (!this.cryptoModule) {\n try {\n // Dynamic import prevents static analysis by bundlers\n this.cryptoModule = await import('crypto');\n } catch {\n throw new Error('Failed to load Node.js crypto module. ' + 'This provider requires a Node.js environment.');\n }\n }\n return this.cryptoModule;\n }\n\n /**\n * Generate ECDH P-256 key pair using Node.js crypto\n */\n async generateKeyPair(): Promise<ProviderKeyPair> {\n this.logger?.debug('Generating ECDH P-256 key pair with Node.js crypto');\n const cryptoModule = await this.getCrypto();\n\n return new Promise((resolve, reject) => {\n cryptoModule.generateKeyPair(\n 'ec',\n {\n namedCurve: 'prime256v1', // P-256\n publicKeyEncoding: { type: 'spki', format: 'der' },\n privateKeyEncoding: { type: 'pkcs8', format: 'der' },\n },\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n (err: Error | null, publicKey: any, privateKey: any) => {\n if (err) {\n this.logger?.error('Key pair generation failed', { error: err });\n reject(err);\n return;\n }\n\n this.logger?.debug('Key pair generation completed');\n resolve({\n publicKey: new NodeCryptoKeyWrapper(publicKey, 'public'),\n privateKey: new NodeCryptoKeyWrapper(privateKey, 'private'),\n });\n },\n );\n });\n }\n\n /**\n * Export public key to raw ArrayBuffer format (65 bytes uncompressed)\n */\n async exportPublicKey(publicKey: CryptoKeyLike): Promise<ArrayBuffer> {\n this.logger?.debug('Exporting public key');\n const cryptoModule = await this.getCrypto();\n const keyObject = unwrapKeyObject(publicKey);\n\n // If it's a Buffer (DER format from generateKeyPair), convert to KeyObject first\n const keyObj =\n keyObject instanceof Buffer\n ? cryptoModule.createPublicKey({ key: keyObject, format: 'der', type: 'spki' })\n : keyObject;\n\n // Export as JWK to get X/Y coordinates\n // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any\n const jwk = (keyObj as any).export({ format: 'jwk' });\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n const x = Buffer.from(jwk.x as string, 'base64url');\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n const y = Buffer.from(jwk.y as string, 'base64url');\n\n // Construct 65-byte uncompressed point: 0x04 + X (32 bytes) + Y (32 bytes)\n const uncompressed = Buffer.concat([Buffer.from([0x04]), x, y]);\n\n return await Promise.resolve(\n uncompressed.buffer.slice(uncompressed.byteOffset, uncompressed.byteOffset + uncompressed.byteLength),\n );\n }\n\n /**\n * Export private key to raw ArrayBuffer format (32 bytes)\n */\n async exportPrivateKey(privateKey: CryptoKeyLike): Promise<ArrayBuffer> {\n this.logger?.debug('Exporting private key');\n const cryptoModule = await this.getCrypto();\n const keyObject = unwrapKeyObject(privateKey);\n\n // Convert KeyObject to raw format\n const keyBuffer = keyObject instanceof Buffer ? keyObject : Buffer.from(keyObject as ArrayBuffer);\n const keyObj = cryptoModule.createPrivateKey({\n key: keyBuffer,\n format: 'der',\n type: 'pkcs8',\n });\n\n // Export as raw scalar (32 bytes)\n const jwk = keyObj.export({ format: 'jwk' });\n const dValue = Buffer.from(jwk.d as string, 'base64url');\n\n return await Promise.resolve(dValue.buffer.slice(dValue.byteOffset, dValue.byteOffset + dValue.byteLength));\n }\n\n /**\n * Import public key from raw ArrayBuffer format\n */\n async importPublicKey(keyData: ArrayBuffer): Promise<CryptoKeyLike> {\n this.logger?.debug('Importing public key');\n const cryptoModule = await this.getCrypto();\n const keyBuffer = Buffer.from(keyData);\n\n // Ensure it's uncompressed format (65 bytes starting with 0x04)\n if (keyBuffer.length !== 65 || keyBuffer[0] !== 0x04) {\n throw new Error('Invalid public key format: expected 65 bytes uncompressed point');\n }\n\n // Create KeyObject from raw uncompressed point\n // We need to wrap it in DER format\n const x = keyBuffer.slice(1, 33);\n const y = keyBuffer.slice(33, 65);\n\n // Create JWK representation\n const jwk = {\n kty: 'EC' as const,\n crv: 'P-256' as const,\n x: x.toString('base64url'),\n y: y.toString('base64url'),\n };\n\n const keyObject = cryptoModule.createPublicKey({ key: jwk, format: 'jwk' });\n return await Promise.resolve(new NodeCryptoKeyWrapper(keyObject, 'public'));\n }\n\n /**\n * Import private key from raw ArrayBuffer format\n */\n async importPrivateKey(keyData: ArrayBuffer): Promise<CryptoKeyLike> {\n this.logger?.debug('Importing private key');\n const cryptoModule = await this.getCrypto();\n const keyBuffer = Buffer.from(keyData);\n\n if (keyBuffer.length !== 32) {\n throw new Error('Invalid private key format: expected 32 bytes');\n }\n\n // Create JWK representation\n const jwk = {\n kty: 'EC' as const,\n crv: 'P-256' as const,\n d: keyBuffer.toString('base64url'),\n };\n\n const keyObject = cryptoModule.createPrivateKey({ key: jwk, format: 'jwk' });\n return await Promise.resolve(new NodeCryptoKeyWrapper(keyObject, 'private'));\n }\n\n /**\n * Derive shared secret using ECDH\n */\n async deriveSharedSecret(privateKey: CryptoKeyLike, publicKey: CryptoKeyLike): Promise<CryptoKeyLike> {\n this.logger?.debug('Deriving shared secret');\n const cryptoModule = await this.getCrypto();\n\n // Create ECDH object\n const ecdh = cryptoModule.createECDH('prime256v1');\n\n // Set private key\n const privateRaw = await this.exportPrivateKey(privateKey);\n ecdh.setPrivateKey(Buffer.from(privateRaw));\n\n // Compute shared secret\n const publicRaw = await this.exportPublicKey(publicKey);\n const sharedSecret = ecdh.computeSecret(Buffer.from(publicRaw));\n\n // Wrap as secret key\n const keyObject = cryptoModule.createSecretKey(sharedSecret);\n return new NodeCryptoKeyWrapper(keyObject, 'secret');\n }\n\n /**\n * Derive AES-GCM encryption key using HKDF-SHA256\n */\n async deriveEncryptionKey(sharedSecret: CryptoKeyLike, salt: ArrayBuffer, info: ArrayBuffer): Promise<CryptoKeyLike> {\n this.logger?.debug('Deriving AES-GCM encryption key');\n const cryptoModule = await this.getCrypto();\n\n // Extract raw shared secret\n const keyObject = unwrapKeyObject(sharedSecret);\n // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any\n const sharedSecretRaw = (keyObject as any).export();\n\n // Use HKDF to derive 32-byte key\n const derivedKey = cryptoModule.hkdfSync(\n 'sha256',\n Buffer.isBuffer(sharedSecretRaw) ? sharedSecretRaw : Buffer.from(sharedSecretRaw),\n Buffer.from(salt),\n Buffer.from(info),\n 32, // 256 bits\n ) as Buffer;\n\n // Create secret key object\n const aesKeyObject = cryptoModule.createSecretKey(derivedKey);\n return await Promise.resolve(new NodeCryptoKeyWrapper(aesKeyObject, 'secret'));\n }\n\n /**\n * Encrypt data using AES-256-GCM\n */\n async encrypt(key: CryptoKeyLike, data: ArrayBuffer, iv: ArrayBuffer): Promise<ArrayBuffer> {\n this.logger?.debug('Encrypting with AES-256-GCM');\n const cryptoModule = await this.getCrypto();\n const keyObject = unwrapKeyObject(key);\n\n const cipher = cryptoModule.createCipheriv(\n 'aes-256-gcm',\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any\n (keyObject as any).export(),\n Buffer.from(iv),\n );\n\n const encrypted = Buffer.concat([cipher.update(Buffer.from(data)), cipher.final(), cipher.getAuthTag()]);\n\n return await Promise.resolve(\n encrypted.buffer.slice(encrypted.byteOffset, encrypted.byteOffset + encrypted.byteLength),\n );\n }\n\n /**\n * Decrypt data using AES-256-GCM\n */\n async decrypt(key: CryptoKeyLike, data: ArrayBuffer, iv: ArrayBuffer): Promise<ArrayBuffer> {\n this.logger?.debug('Decrypting with AES-256-GCM');\n const cryptoModule = await this.getCrypto();\n const keyObject = unwrapKeyObject(key);\n const dataBuffer = Buffer.from(data);\n\n // Last 16 bytes are the auth tag\n const authTag = dataBuffer.slice(-16);\n const ciphertext = dataBuffer.slice(0, -16);\n\n const decipher = cryptoModule.createDecipheriv(\n 'aes-256-gcm',\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any\n (keyObject as any).export(),\n Buffer.from(iv),\n );\n decipher.setAuthTag(authTag);\n\n const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);\n\n return await Promise.resolve(\n decrypted.buffer.slice(decrypted.byteOffset, decrypted.byteOffset + decrypted.byteLength),\n );\n }\n\n /**\n * Generate HMAC-SHA256 authentication code\n */\n async generateHMAC(key: CryptoKeyLike, data: ArrayBuffer): Promise<ArrayBuffer> {\n this.logger?.debug('Generating HMAC-SHA256');\n const cryptoModule = await this.getCrypto();\n const keyObject = unwrapKeyObject(key);\n\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any\n const hmac = cryptoModule.createHmac('sha256', (keyObject as any).export());\n hmac.update(Buffer.from(data));\n const mac = hmac.digest();\n\n return await Promise.resolve(mac.buffer.slice(mac.byteOffset, mac.byteOffset + mac.byteLength));\n }\n\n /**\n * Verify HMAC-SHA256 authentication code\n */\n async verifyHMAC(key: CryptoKeyLike, data: ArrayBuffer, mac: ArrayBuffer): Promise<boolean> {\n this.logger?.debug('Verifying HMAC-SHA256');\n const cryptoModule = await this.getCrypto();\n const computed = await this.generateHMAC(key, data);\n const expected = new Uint8Array(mac);\n const actual = new Uint8Array(computed);\n\n if (expected.length !== actual.length) {\n return false;\n }\n\n // Constant-time comparison\n return cryptoModule.timingSafeEqual(Buffer.from(expected), Buffer.from(actual));\n }\n\n /**\n * Generate cryptographically secure random bytes\n * Note: This is a synchronous method, so it uses require() instead of dynamic import\n */\n randomBytes(length: number): ArrayBuffer {\n // Use cached module if available, otherwise use synchronous require\n // eslint-disable-next-line @typescript-eslint/no-require-imports\n const cryptoModule = this.cryptoModule ?? (require('crypto') as NodeCrypto);\n const buffer = cryptoModule.randomBytes(length);\n return buffer.buffer.slice(buffer.byteOffset, buffer.byteOffset + buffer.byteLength);\n }\n}\n"]}
package/dist/crypto/providers/node-provider.d.cts CHANGED
@@ -21,12 +21,5 @@ declare class NodeCryptoProvider implements CryptoProvider {
21
21
  verifyHMAC(key: CryptoKeyLike, data: ArrayBuffer, mac: ArrayBuffer): Promise<boolean>;
22
22
  randomBytes(length: number): ArrayBuffer;
23
23
  }
24
- declare global {
25
- namespace BananaLink {
26
- interface RegisteredCryptoProviders {
27
- node: true;
28
- }
29
- }
30
- }
31
24
 
32
25
  export { NodeCryptoProvider };
package/dist/crypto/providers/node-provider.d.ts CHANGED
@@ -21,12 +21,5 @@ declare class NodeCryptoProvider implements CryptoProvider {
21
21
  verifyHMAC(key: CryptoKeyLike, data: ArrayBuffer, mac: ArrayBuffer): Promise<boolean>;
22
22
  randomBytes(length: number): ArrayBuffer;
23
23
  }
24
- declare global {
25
- namespace BananaLink {
26
- interface RegisteredCryptoProviders {
27
- node: true;
28
- }
29
- }
30
- }
31
24
 
32
25
  export { NodeCryptoProvider };
package/dist/crypto/providers/node-provider.js CHANGED
@@ -1,4 +1,3 @@
1
- import { registerCryptoProvider } from '../../chunk-TCVKC227.js';
2
1
  import { __name, __require } from '../../chunk-WCQVDF3K.js';
3
2
 
4
3
  // src/crypto/providers/node-provider.ts
@@ -60,9 +59,7 @@ var _NodeCryptoProvider = class _NodeCryptoProvider {
60
59
  try {
61
60
  this.cryptoModule = await import('crypto');
62
61
  } catch {
63
- throw new Error(
64
- "Failed to load Node.js crypto module. This provider requires a Node.js environment."
65
- );
62
+ throw new Error("Failed to load Node.js crypto module. This provider requires a Node.js environment.");
66
63
  }
67
64
  }
68
65
  return this.cryptoModule;
@@ -111,10 +108,7 @@ var _NodeCryptoProvider = class _NodeCryptoProvider {
111
108
  const y = Buffer.from(jwk.y, "base64url");
112
109
  const uncompressed = Buffer.concat([Buffer.from([4]), x, y]);
113
110
  return await Promise.resolve(
114
- uncompressed.buffer.slice(
115
- uncompressed.byteOffset,
116
- uncompressed.byteOffset + uncompressed.byteLength
117
- )
111
+ uncompressed.buffer.slice(uncompressed.byteOffset, uncompressed.byteOffset + uncompressed.byteLength)
118
112
  );
119
113
  }
120
114
  /**
@@ -132,9 +126,7 @@ var _NodeCryptoProvider = class _NodeCryptoProvider {
132
126
  });
133
127
  const jwk = keyObj.export({ format: "jwk" });
134
128
  const dValue = Buffer.from(jwk.d, "base64url");
135
- return await Promise.resolve(
136
- dValue.buffer.slice(dValue.byteOffset, dValue.byteOffset + dValue.byteLength)
137
- );
129
+ return await Promise.resolve(dValue.buffer.slice(dValue.byteOffset, dValue.byteOffset + dValue.byteLength));
138
130
  }
139
131
  /**
140
132
  * Import public key from raw ArrayBuffer format
@@ -221,16 +213,9 @@ var _NodeCryptoProvider = class _NodeCryptoProvider {
221
213
  keyObject.export(),
222
214
  Buffer.from(iv)
223
215
  );
224
- const encrypted = Buffer.concat([
225
- cipher.update(Buffer.from(data)),
226
- cipher.final(),
227
- cipher.getAuthTag()
228
- ]);
216
+ const encrypted = Buffer.concat([cipher.update(Buffer.from(data)), cipher.final(), cipher.getAuthTag()]);
229
217
  return await Promise.resolve(
230
- encrypted.buffer.slice(
231
- encrypted.byteOffset,
232
- encrypted.byteOffset + encrypted.byteLength
233
- )
218
+ encrypted.buffer.slice(encrypted.byteOffset, encrypted.byteOffset + encrypted.byteLength)
234
219
  );
235
220
  }
236
221
  /**
@@ -252,10 +237,7 @@ var _NodeCryptoProvider = class _NodeCryptoProvider {
252
237
  decipher.setAuthTag(authTag);
253
238
  const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
254
239
  return await Promise.resolve(
255
- decrypted.buffer.slice(
256
- decrypted.byteOffset,
257
- decrypted.byteOffset + decrypted.byteLength
258
- )
240
+ decrypted.buffer.slice(decrypted.byteOffset, decrypted.byteOffset + decrypted.byteLength)
259
241
  );
260
242
  }
261
243
  /**
@@ -282,10 +264,7 @@ var _NodeCryptoProvider = class _NodeCryptoProvider {
282
264
  if (expected.length !== actual.length) {
283
265
  return false;
284
266
  }
285
- return cryptoModule.timingSafeEqual(
286
- Buffer.from(expected),
287
- Buffer.from(actual)
288
- );
267
+ return cryptoModule.timingSafeEqual(Buffer.from(expected), Buffer.from(actual));
289
268
  }
290
269
  /**
291
270
  * Generate cryptographically secure random bytes
@@ -299,7 +278,6 @@ var _NodeCryptoProvider = class _NodeCryptoProvider {
299
278
  };
300
279
  __name(_NodeCryptoProvider, "NodeCryptoProvider");
301
280
  var NodeCryptoProvider = _NodeCryptoProvider;
302
- registerCryptoProvider("node", (logger) => new NodeCryptoProvider(logger));
303
281
 
304
282
  export { NodeCryptoProvider };
305
283
  //# sourceMappingURL=node-provider.js.map
package/dist/crypto/providers/node-provider.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/crypto/providers/node-provider.ts"],"names":[],"mappings":";;;;AAaA,IAAM,qBAAA,GAAN,MAAM,qBAAA,CAA8C;AAAA,EAClD,WAAA,CACmB,WACA,OAAA,EACjB;AAFiB,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA,EAChB;AAAA,EAEH,IAAI,IAAA,GAAwC;AAC1C,IAAA,OAAO,IAAA,CAAK,OAAA;AAAA,EACd;AAAA,EAEA,IAAI,SAAA,GAAoB;AACtB,IAAA,OAAO,WAAA;AAAA,EACT;AAAA,EAEA,IAAI,WAAA,GAAuB;AACzB,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,IAAI,MAAA,GAA4B;AAC9B,IAAA,OAAO,IAAA,CAAK,YAAY,QAAA,GAAW,CAAC,WAAW,SAAS,CAAA,GAAI,CAAC,WAAW,CAAA;AAAA,EAC1E;AAAA,EAEA,IAAI,SAAA,GAAqB;AACvB,IAAA,OAAO,IAAA,CAAK,SAAA;AAAA,EACd;AACF,CAAA;AAzBoD,MAAA,CAAA,qBAAA,EAAA,sBAAA,CAAA;AAApD,IAAM,oBAAA,GAAN,qBAAA;AA8BA,SAAS,gBAAgB,OAAA,EAAiC;AACxD,EAAA,IAAI,mBAAmB,oBAAA,EAAsB;AAC3C,IAAA,OAAO,OAAA,CAAQ,SAAA;AAAA,EACjB;AAEA,EAAA,OAAO,OAAA;AACT;AANS,MAAA,CAAA,eAAA,EAAA,iBAAA,CAAA;AAyBF,IAAM,mBAAA,GAAN,MAAM,mBAAA,CAA6C;AAAA,EAkBxD,YAAY,MAAA,EAAiB;AAjB7B,IAAA,IAAA,CAAgB,IAAA,GAAO,YAAA;AAEvB,IAAA,IAAA,CAAQ,YAAA,GAAkC,IAAA;AAgBxC,IAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACrB,MAAA,MAAM,IAAI,MAAM,yDAAyD,CAAA;AAAA,IAC3E;AACA,IAAA,IAAA,CAAK,SAAS,MAAA,EAAQ,KAAA,CAAM,EAAE,SAAA,EAAW,sBAAsB,CAAA;AAAA,EACjE;AAAA,EAlBA,IAAW,WAAA,GAAuB;AAChC,IAAA,IAAI;AAEF,MAAA,IAAI,OAAO,OAAA,KAAY,WAAA,IAAe,CAAC,OAAA,CAAQ,UAAU,IAAA,EAAM;AAC7D,QAAA,OAAO,KAAA;AAAA,MACT;AAEA,MAAA,OAAO,IAAA;AAAA,IACT,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAc,SAAA,GAAiC;AAC7C,IAAA,IAAI,CAAC,KAAK,YAAA,EAAc;AACtB,MAAA,IAAI;AAEF,QAAA,IAAA,CAAK,YAAA,GAAe,MAAM,OAAO,QAAQ,CAAA;AAAA,MAC3C,CAAA,CAAA,MAAQ;AACN,QAAA,MAAM,IAAI,KAAA;AAAA,UACR;AAAA,SAEF;AAAA,MACF;AAAA,IACF;AACA,IAAA,OAAO,IAAA,CAAK,YAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eAAA,GAA4C;AAChD,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,oDAAoD,CAAA;AACvE,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAE1C,IAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,OAAA,EAAS,MAAA,KAAW;AACtC,MAAA,YAAA,CAAa,eAAA;AAAA,QACX,IAAA;AAAA,QACA;AAAA,UACE,UAAA,EAAY,YAAA;AAAA;AAAA,UACZ,iBAAA,EAAmB,EAAE,IAAA,EAAM,MAAA,EAAQ,QAAQ,KAAA,EAAM;AAAA,UACjD,kBAAA,EAAoB,EAAE,IAAA,EAAM,OAAA,EAAS,QAAQ,KAAA;AAAM,SACrD;AAAA;AAAA,QAEA,CAAC,GAAA,EAAmB,SAAA,EAAgB,UAAA,KAAoB;AACtD,UAAA,IAAI,GAAA,EAAK;AACP,YAAA,IAAA,CAAK,QAAQ,KAAA,CAAM,4BAAA,EAA8B,EAAE,KAAA,EAAO,KAAK,CAAA;AAC/D,YAAA,MAAA,CAAO,GAAG,CAAA;AACV,YAAA;AAAA,UACF;AAEA,UAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,+BAA+B,CAAA;AAClD,UAAA,OAAA,CAAQ;AAAA,YACN,SAAA,EAAW,IAAI,oBAAA,CAAqB,SAAA,EAAW,QAAQ,CAAA;AAAA,YACvD,UAAA,EAAY,IAAI,oBAAA,CAAqB,UAAA,EAAY,SAAS;AAAA,WAC3D,CAAA;AAAA,QACH;AAAA,OACF;AAAA,IACF,CAAC,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,SAAA,EAAgD;AACpE,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,sBAAsB,CAAA;AACzC,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,SAAS,CAAA;AAG3C,IAAA,MAAM,MAAA,GAAS,SAAA,YAAqB,MAAA,GAChC,YAAA,CAAa,eAAA,CAAgB,EAAE,GAAA,EAAK,SAAA,EAAW,MAAA,EAAQ,KAAA,EAAO,IAAA,EAAM,MAAA,EAAQ,CAAA,GAC5E,SAAA;AAIJ,IAAA,MAAM,MAAO,MAAA,CAAe,MAAA,CAAO,EAAE,MAAA,EAAQ,OAAO,CAAA;AAEpD,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,IAAA,CAAK,GAAA,CAAI,GAAa,WAAW,CAAA;AAElD,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,IAAA,CAAK,GAAA,CAAI,GAAa,WAAW,CAAA;AAGlD,IAAA,MAAM,YAAA,GAAe,MAAA,CAAO,MAAA,CAAO,CAAC,MAAA,CAAO,IAAA,CAAK,CAAC,CAAI,CAAC,CAAA,EAAG,CAAA,EAAG,CAAC,CAAC,CAAA;AAE9D,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA;AAAA,MACnB,aAAa,MAAA,CAAO,KAAA;AAAA,QAClB,YAAA,CAAa,UAAA;AAAA,QACb,YAAA,CAAa,aAAa,YAAA,CAAa;AAAA;AACzC,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iBAAiB,UAAA,EAAiD;AACtE,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,uBAAuB,CAAA;AAC1C,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,UAAU,CAAA;AAG5C,IAAA,MAAM,YAAY,SAAA,YAAqB,MAAA,GAAS,SAAA,GAAY,MAAA,CAAO,KAAK,SAAwB,CAAA;AAChG,IAAA,MAAM,MAAA,GAAS,aAAa,gBAAA,CAAiB;AAAA,MAC3C,GAAA,EAAK,SAAA;AAAA,MACL,MAAA,EAAQ,KAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAGD,IAAA,MAAM,MAAM,MAAA,CAAO,MAAA,CAAO,EAAE,MAAA,EAAQ,OAAO,CAAA;AAC3C,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,IAAA,CAAK,GAAA,CAAI,GAAa,WAAW,CAAA;AAEvD,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA;AAAA,MACnB,MAAA,CAAO,OAAO,KAAA,CAAM,MAAA,CAAO,YAAY,MAAA,CAAO,UAAA,GAAa,OAAO,UAAU;AAAA,KAC9E;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,OAAA,EAA8C;AAClE,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,sBAAsB,CAAA;AACzC,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,MAAA,CAAO,IAAA,CAAK,OAAO,CAAA;AAGrC,IAAA,IAAI,UAAU,MAAA,KAAW,EAAA,IAAM,SAAA,CAAU,CAAC,MAAM,CAAA,EAAM;AACpD,MAAA,MAAM,IAAI,MAAM,iEAAiE,CAAA;AAAA,IACnF;AAIA,IAAA,MAAM,CAAA,GAAI,SAAA,CAAU,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA;AAC/B,IAAA,MAAM,CAAA,GAAI,SAAA,CAAU,KAAA,CAAM,EAAA,EAAI,EAAE,CAAA;AAGhC,IAAA,MAAM,GAAA,GAAM;AAAA,MACV,GAAA,EAAK,IAAA;AAAA,MACL,GAAA,EAAK,OAAA;AAAA,MACL,CAAA,EAAG,CAAA,CAAE,QAAA,CAAS,WAAW,CAAA;AAAA,MACzB,CAAA,EAAG,CAAA,CAAE,QAAA,CAAS,WAAW;AAAA,KAC3B;AAEA,IAAA,MAAM,SAAA,GAAY,aAAa,eAAA,CAAgB,EAAE,KAAK,GAAA,EAAK,MAAA,EAAQ,OAAO,CAAA;AAC1E,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA,CAAQ,IAAI,oBAAA,CAAqB,SAAA,EAAW,QAAQ,CAAC,CAAA;AAAA,EAC5E;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iBAAiB,OAAA,EAA8C;AACnE,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,uBAAuB,CAAA;AAC1C,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,MAAA,CAAO,IAAA,CAAK,OAAO,CAAA;AAErC,IAAA,IAAI,SAAA,CAAU,WAAW,EAAA,EAAI;AAC3B,MAAA,MAAM,IAAI,MAAM,+CAA+C,CAAA;AAAA,IACjE;AAGA,IAAA,MAAM,GAAA,GAAM;AAAA,MACV,GAAA,EAAK,IAAA;AAAA,MACL,GAAA,EAAK,OAAA;AAAA,MACL,CAAA,EAAG,SAAA,CAAU,QAAA,CAAS,WAAW;AAAA,KACnC;AAEA,IAAA,MAAM,SAAA,GAAY,aAAa,gBAAA,CAAiB,EAAE,KAAK,GAAA,EAAK,MAAA,EAAQ,OAAO,CAAA;AAC3E,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA,CAAQ,IAAI,oBAAA,CAAqB,SAAA,EAAW,SAAS,CAAC,CAAA;AAAA,EAC7E;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,kBAAA,CAAmB,UAAA,EAA2B,SAAA,EAAkD;AACpG,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,wBAAwB,CAAA;AAC3C,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAG1C,IAAA,MAAM,IAAA,GAAO,YAAA,CAAa,UAAA,CAAW,YAAY,CAAA;AAGjD,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,gBAAA,CAAiB,UAAU,CAAA;AACzD,IAAA,IAAA,CAAK,aAAA,CAAc,MAAA,CAAO,IAAA,CAAK,UAAU,CAAC,CAAA;AAG1C,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,eAAA,CAAgB,SAAS,CAAA;AACtD,IAAA,MAAM,eAAe,IAAA,CAAK,aAAA,CAAc,MAAA,CAAO,IAAA,CAAK,SAAS,CAAC,CAAA;AAG9D,IAAA,MAAM,SAAA,GAAY,YAAA,CAAa,eAAA,CAAgB,YAAY,CAAA;AAC3D,IAAA,OAAO,IAAI,oBAAA,CAAqB,SAAA,EAAW,QAAQ,CAAA;AAAA,EACrD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBAAA,CACJ,YAAA,EACA,IAAA,EACA,IAAA,EACwB;AACxB,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,iCAAiC,CAAA;AACpD,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAG1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,YAAY,CAAA;AAE9C,IAAA,MAAM,eAAA,GAAmB,UAAkB,MAAA,EAAO;AAGlD,IAAA,MAAM,aAAa,YAAA,CAAa,QAAA;AAAA,MAC9B,QAAA;AAAA,MACA,OAAO,QAAA,CAAS,eAAe,IAAI,eAAA,GAAkB,MAAA,CAAO,KAAK,eAAe,CAAA;AAAA,MAChF,MAAA,CAAO,KAAK,IAAI,CAAA;AAAA,MAChB,MAAA,CAAO,KAAK,IAAI,CAAA;AAAA,MAChB;AAAA;AAAA,KACF;AAGA,IAAA,MAAM,YAAA,GAAe,YAAA,CAAa,eAAA,CAAgB,UAAU,CAAA;AAC5D,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA,CAAQ,IAAI,oBAAA,CAAqB,YAAA,EAAc,QAAQ,CAAC,CAAA;AAAA,EAC/E;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAA,CAAQ,GAAA,EAAoB,IAAA,EAAmB,EAAA,EAAuC;AAC1F,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,6BAA6B,CAAA;AAChD,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,GAAG,CAAA;AAErC,IAAA,MAAM,SAAS,YAAA,CAAa,cAAA;AAAA,MAC1B,aAAA;AAAA;AAAA,MAEC,UAAkB,MAAA,EAAO;AAAA,MAC1B,MAAA,CAAO,KAAK,EAAE;AAAA,KAChB;AAEA,IAAA,MAAM,SAAA,GAAY,OAAO,MAAA,CAAO;AAAA,MAC9B,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,CAAA;AAAA,MAC/B,OAAO,KAAA,EAAM;AAAA,MACb,OAAO,UAAA;AAAW,KACnB,CAAA;AAED,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA;AAAA,MACnB,UAAU,MAAA,CAAO,KAAA;AAAA,QACf,SAAA,CAAU,UAAA;AAAA,QACV,SAAA,CAAU,aAAa,SAAA,CAAU;AAAA;AACnC,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAA,CAAQ,GAAA,EAAoB,IAAA,EAAmB,EAAA,EAAuC;AAC1F,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,6BAA6B,CAAA;AAChD,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,GAAG,CAAA;AACrC,IAAA,MAAM,UAAA,GAAa,MAAA,CAAO,IAAA,CAAK,IAAI,CAAA;AAGnC,IAAA,MAAM,OAAA,GAAU,UAAA,CAAW,KAAA,CAAM,GAAG,CAAA;AACpC,IAAA,MAAM,UAAA,GAAa,UAAA,CAAW,KAAA,CAAM,CAAA,EAAG,GAAG,CAAA;AAE1C,IAAA,MAAM,WAAW,YAAA,CAAa,gBAAA;AAAA,MAC5B,aAAA;AAAA;AAAA,MAEC,UAAkB,MAAA,EAAO;AAAA,MAC1B,MAAA,CAAO,KAAK,EAAE;AAAA,KAChB;AACA,IAAA,QAAA,CAAS,WAAW,OAAO,CAAA;AAE3B,IAAA,MAAM,SAAA,GAAY,MAAA,CAAO,MAAA,CAAO,CAAC,QAAA,CAAS,MAAA,CAAO,UAAU,CAAA,EAAG,QAAA,CAAS,KAAA,EAAO,CAAC,CAAA;AAE/E,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA;AAAA,MACnB,UAAU,MAAA,CAAO,KAAA;AAAA,QACf,SAAA,CAAU,UAAA;AAAA,QACV,SAAA,CAAU,aAAa,SAAA,CAAU;AAAA;AACnC,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YAAA,CAAa,GAAA,EAAoB,IAAA,EAAyC;AAC9E,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,wBAAwB,CAAA;AAC3C,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,GAAG,CAAA;AAGrC,IAAA,MAAM,OAAO,YAAA,CAAa,UAAA,CAAW,QAAA,EAAW,SAAA,CAAkB,QAAQ,CAAA;AAC1E,IAAA,IAAA,CAAK,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,CAAA;AAC7B,IAAA,MAAM,GAAA,GAAM,KAAK,MAAA,EAAO;AAExB,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,MAAA,CAAO,KAAA,CAAM,GAAA,CAAI,UAAA,EAAY,GAAA,CAAI,UAAA,GAAa,GAAA,CAAI,UAAU,CAAC,CAAA;AAAA,EAChG;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAA,CAAW,GAAA,EAAoB,IAAA,EAAmB,GAAA,EAAoC;AAC1F,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,uBAAuB,CAAA;AAC1C,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,YAAA,CAAa,KAAK,IAAI,CAAA;AAClD,IAAA,MAAM,QAAA,GAAW,IAAI,UAAA,CAAW,GAAG,CAAA;AACnC,IAAA,MAAM,MAAA,GAAS,IAAI,UAAA,CAAW,QAAQ,CAAA;AAEtC,IAAA,IAAI,QAAA,CAAS,MAAA,KAAW,MAAA,CAAO,MAAA,EAAQ;AACrC,MAAA,OAAO,KAAA;AAAA,IACT;AAGA,IAAA,OAAO,YAAA,CAAa,eAAA;AAAA,MAClB,MAAA,CAAO,KAAK,QAAQ,CAAA;AAAA,MACpB,MAAA,CAAO,KAAK,MAAM;AAAA,KACpB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,YAAY,MAAA,EAA6B;AAGvC,IAAA,MAAM,YAAA,GAAe,IAAA,CAAK,YAAA,IAAgB,SAAA,CAAQ,QAAQ,CAAA;AAC1D,IAAA,MAAM,MAAA,GAAS,YAAA,CAAa,WAAA,CAAY,MAAM,CAAA;AAC9C,IAAA,OAAO,MAAA,CAAO,OAAO,KAAA,CAAM,MAAA,CAAO,YAAY,MAAA,CAAO,UAAA,GAAa,OAAO,UAAU,CAAA;AAAA,EACrF;AACF,CAAA;AA5V0D,MAAA,CAAA,mBAAA,EAAA,oBAAA,CAAA;AAAnD,IAAM,kBAAA,GAAN;AAkWP,sBAAA,CAAuB,QAAQ,CAAC,MAAA,KAAW,IAAI,kBAAA,CAAmB,MAAM,CAAC,CAAA","file":"node-provider.js","sourcesContent":["import type { Logger } from '@bananalink-sdk/logger';\nimport type { CryptoProvider, CryptoKeyLike, ProviderKeyPair } from '../../types/crypto-provider';\nimport { registerCryptoProvider } from './registry';\n\n/**\n * Type definition for Node.js crypto module (loaded dynamically to prevent Metro bundling)\n */\ntype NodeCrypto = typeof import('crypto');\n\n/**\n * Node.js crypto.KeyObject wrapper to implement CryptoKeyLike interface\n * Note: keyObject type is unknown at compile time (crypto.KeyObject | Buffer at runtime)\n */\nclass NodeCryptoKeyWrapper implements CryptoKeyLike {\n constructor(\n private readonly keyObject: unknown, // crypto.KeyObject | Buffer at runtime\n private readonly keyType: 'public' | 'private' | 'secret'\n ) {}\n\n get type(): 'public' | 'private' | 'secret' {\n return this.keyType;\n }\n\n get algorithm(): string {\n return 'ECDH-P256';\n }\n\n get extractable(): boolean {\n return true;\n }\n\n get usages(): readonly string[] {\n return this.keyType === 'secret' ? ['encrypt', 'decrypt'] : ['deriveKey'];\n }\n\n get nativeKey(): unknown {\n return this.keyObject;\n }\n}\n\n/**\n * Helper function to unwrap CryptoKeyLike to native KeyObject or Buffer\n */\nfunction unwrapKeyObject(keyLike: CryptoKeyLike): unknown {\n if (keyLike instanceof NodeCryptoKeyWrapper) {\n return keyLike.nativeKey;\n }\n // Assume it's already a KeyObject\n return keyLike;\n}\n\n/**\n * Node.js crypto module implementation of CryptoProvider\n * Optimized for backend services with native crypto performance\n *\n * This provider uses the native Node.js crypto module which provides:\n * - Superior performance compared to Web Crypto API in Node.js\n * - Direct access to OpenSSL optimizations\n * - Zero additional dependencies\n * - Full support for ECDH P-256 and AES-256-GCM\n *\n * @example\n * ```typescript\n * import { NodeCryptoProvider } from '@bananalink-sdk/protocol/crypto/provider/node';\n * const provider = new NodeCryptoProvider();\n * const keyPair = await provider.generateKeyPair();\n * ```\n */\nexport class NodeCryptoProvider implements CryptoProvider {\n public readonly name = 'NodeCrypto';\n private readonly logger?: Logger;\n private cryptoModule: NodeCrypto | null = null;\n\n public get isAvailable(): boolean {\n try {\n // Check if we're in Node.js environment\n if (typeof process === 'undefined' || !process.versions?.node) {\n return false;\n }\n // Crypto module availability will be checked when getCrypto() is called\n return true;\n } catch {\n return false;\n }\n }\n\n constructor(logger?: Logger) {\n if (!this.isAvailable) {\n throw new Error('Node.js crypto module not available in this environment');\n }\n this.logger = logger?.child({ component: 'NodeCryptoProvider' });\n }\n\n /**\n * Get crypto module instance via dynamic import\n * This prevents Metro bundler from trying to resolve 'crypto' at build time\n */\n private async getCrypto(): Promise<NodeCrypto> {\n if (!this.cryptoModule) {\n try {\n // Dynamic import prevents static analysis by bundlers\n this.cryptoModule = await import('crypto');\n } catch {\n throw new Error(\n 'Failed to load Node.js crypto module. ' +\n 'This provider requires a Node.js environment.'\n );\n }\n }\n return this.cryptoModule;\n }\n\n /**\n * Generate ECDH P-256 key pair using Node.js crypto\n */\n async generateKeyPair(): Promise<ProviderKeyPair> {\n this.logger?.debug('Generating ECDH P-256 key pair with Node.js crypto');\n const cryptoModule = await this.getCrypto();\n\n return new Promise((resolve, reject) => {\n cryptoModule.generateKeyPair(\n 'ec',\n {\n namedCurve: 'prime256v1', // P-256\n publicKeyEncoding: { type: 'spki', format: 'der' },\n privateKeyEncoding: { type: 'pkcs8', format: 'der' },\n },\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n (err: Error | null, publicKey: any, privateKey: any) => {\n if (err) {\n this.logger?.error('Key pair generation failed', { error: err });\n reject(err);\n return;\n }\n\n this.logger?.debug('Key pair generation completed');\n resolve({\n publicKey: new NodeCryptoKeyWrapper(publicKey, 'public'),\n privateKey: new NodeCryptoKeyWrapper(privateKey, 'private'),\n });\n }\n );\n });\n }\n\n /**\n * Export public key to raw ArrayBuffer format (65 bytes uncompressed)\n */\n async exportPublicKey(publicKey: CryptoKeyLike): Promise<ArrayBuffer> {\n this.logger?.debug('Exporting public key');\n const cryptoModule = await this.getCrypto();\n const keyObject = unwrapKeyObject(publicKey);\n\n // If it's a Buffer (DER format from generateKeyPair), convert to KeyObject first\n const keyObj = keyObject instanceof Buffer\n ? cryptoModule.createPublicKey({ key: keyObject, format: 'der', type: 'spki' })\n : keyObject;\n\n // Export as JWK to get X/Y coordinates\n // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any\n const jwk = (keyObj as any).export({ format: 'jwk' });\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n const x = Buffer.from(jwk.x as string, 'base64url');\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n const y = Buffer.from(jwk.y as string, 'base64url');\n\n // Construct 65-byte uncompressed point: 0x04 + X (32 bytes) + Y (32 bytes)\n const uncompressed = Buffer.concat([Buffer.from([0x04]), x, y]);\n\n return await Promise.resolve(\n uncompressed.buffer.slice(\n uncompressed.byteOffset,\n uncompressed.byteOffset + uncompressed.byteLength\n )\n );\n }\n\n /**\n * Export private key to raw ArrayBuffer format (32 bytes)\n */\n async exportPrivateKey(privateKey: CryptoKeyLike): Promise<ArrayBuffer> {\n this.logger?.debug('Exporting private key');\n const cryptoModule = await this.getCrypto();\n const keyObject = unwrapKeyObject(privateKey);\n\n // Convert KeyObject to raw format\n const keyBuffer = keyObject instanceof Buffer ? keyObject : Buffer.from(keyObject as ArrayBuffer);\n const keyObj = cryptoModule.createPrivateKey({\n key: keyBuffer,\n format: 'der',\n type: 'pkcs8',\n });\n\n // Export as raw scalar (32 bytes)\n const jwk = keyObj.export({ format: 'jwk' });\n const dValue = Buffer.from(jwk.d as string, 'base64url');\n\n return await Promise.resolve(\n dValue.buffer.slice(dValue.byteOffset, dValue.byteOffset + dValue.byteLength)\n );\n }\n\n /**\n * Import public key from raw ArrayBuffer format\n */\n async importPublicKey(keyData: ArrayBuffer): Promise<CryptoKeyLike> {\n this.logger?.debug('Importing public key');\n const cryptoModule = await this.getCrypto();\n const keyBuffer = Buffer.from(keyData);\n\n // Ensure it's uncompressed format (65 bytes starting with 0x04)\n if (keyBuffer.length !== 65 || keyBuffer[0] !== 0x04) {\n throw new Error('Invalid public key format: expected 65 bytes uncompressed point');\n }\n\n // Create KeyObject from raw uncompressed point\n // We need to wrap it in DER format\n const x = keyBuffer.slice(1, 33);\n const y = keyBuffer.slice(33, 65);\n\n // Create JWK representation\n const jwk = {\n kty: 'EC' as const,\n crv: 'P-256' as const,\n x: x.toString('base64url'),\n y: y.toString('base64url'),\n };\n\n const keyObject = cryptoModule.createPublicKey({ key: jwk, format: 'jwk' });\n return await Promise.resolve(new NodeCryptoKeyWrapper(keyObject, 'public'));\n }\n\n /**\n * Import private key from raw ArrayBuffer format\n */\n async importPrivateKey(keyData: ArrayBuffer): Promise<CryptoKeyLike> {\n this.logger?.debug('Importing private key');\n const cryptoModule = await this.getCrypto();\n const keyBuffer = Buffer.from(keyData);\n\n if (keyBuffer.length !== 32) {\n throw new Error('Invalid private key format: expected 32 bytes');\n }\n\n // Create JWK representation\n const jwk = {\n kty: 'EC' as const,\n crv: 'P-256' as const,\n d: keyBuffer.toString('base64url'),\n };\n\n const keyObject = cryptoModule.createPrivateKey({ key: jwk, format: 'jwk' });\n return await Promise.resolve(new NodeCryptoKeyWrapper(keyObject, 'private'));\n }\n\n /**\n * Derive shared secret using ECDH\n */\n async deriveSharedSecret(privateKey: CryptoKeyLike, publicKey: CryptoKeyLike): Promise<CryptoKeyLike> {\n this.logger?.debug('Deriving shared secret');\n const cryptoModule = await this.getCrypto();\n\n // Create ECDH object\n const ecdh = cryptoModule.createECDH('prime256v1');\n\n // Set private key\n const privateRaw = await this.exportPrivateKey(privateKey);\n ecdh.setPrivateKey(Buffer.from(privateRaw));\n\n // Compute shared secret\n const publicRaw = await this.exportPublicKey(publicKey);\n const sharedSecret = ecdh.computeSecret(Buffer.from(publicRaw));\n\n // Wrap as secret key\n const keyObject = cryptoModule.createSecretKey(sharedSecret);\n return new NodeCryptoKeyWrapper(keyObject, 'secret');\n }\n\n /**\n * Derive AES-GCM encryption key using HKDF-SHA256\n */\n async deriveEncryptionKey(\n sharedSecret: CryptoKeyLike,\n salt: ArrayBuffer,\n info: ArrayBuffer\n ): Promise<CryptoKeyLike> {\n this.logger?.debug('Deriving AES-GCM encryption key');\n const cryptoModule = await this.getCrypto();\n\n // Extract raw shared secret\n const keyObject = unwrapKeyObject(sharedSecret);\n // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any\n const sharedSecretRaw = (keyObject as any).export();\n\n // Use HKDF to derive 32-byte key\n const derivedKey = cryptoModule.hkdfSync(\n 'sha256',\n Buffer.isBuffer(sharedSecretRaw) ? sharedSecretRaw : Buffer.from(sharedSecretRaw),\n Buffer.from(salt),\n Buffer.from(info),\n 32 // 256 bits\n ) as Buffer;\n\n // Create secret key object\n const aesKeyObject = cryptoModule.createSecretKey(derivedKey);\n return await Promise.resolve(new NodeCryptoKeyWrapper(aesKeyObject, 'secret'));\n }\n\n /**\n * Encrypt data using AES-256-GCM\n */\n async encrypt(key: CryptoKeyLike, data: ArrayBuffer, iv: ArrayBuffer): Promise<ArrayBuffer> {\n this.logger?.debug('Encrypting with AES-256-GCM');\n const cryptoModule = await this.getCrypto();\n const keyObject = unwrapKeyObject(key);\n\n const cipher = cryptoModule.createCipheriv(\n 'aes-256-gcm',\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any\n (keyObject as any).export(),\n Buffer.from(iv)\n );\n\n const encrypted = Buffer.concat([\n cipher.update(Buffer.from(data)),\n cipher.final(),\n cipher.getAuthTag(),\n ]);\n\n return await Promise.resolve(\n encrypted.buffer.slice(\n encrypted.byteOffset,\n encrypted.byteOffset + encrypted.byteLength\n )\n );\n }\n\n /**\n * Decrypt data using AES-256-GCM\n */\n async decrypt(key: CryptoKeyLike, data: ArrayBuffer, iv: ArrayBuffer): Promise<ArrayBuffer> {\n this.logger?.debug('Decrypting with AES-256-GCM');\n const cryptoModule = await this.getCrypto();\n const keyObject = unwrapKeyObject(key);\n const dataBuffer = Buffer.from(data);\n\n // Last 16 bytes are the auth tag\n const authTag = dataBuffer.slice(-16);\n const ciphertext = dataBuffer.slice(0, -16);\n\n const decipher = cryptoModule.createDecipheriv(\n 'aes-256-gcm',\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any\n (keyObject as any).export(),\n Buffer.from(iv)\n );\n decipher.setAuthTag(authTag);\n\n const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);\n\n return await Promise.resolve(\n decrypted.buffer.slice(\n decrypted.byteOffset,\n decrypted.byteOffset + decrypted.byteLength\n )\n );\n }\n\n /**\n * Generate HMAC-SHA256 authentication code\n */\n async generateHMAC(key: CryptoKeyLike, data: ArrayBuffer): Promise<ArrayBuffer> {\n this.logger?.debug('Generating HMAC-SHA256');\n const cryptoModule = await this.getCrypto();\n const keyObject = unwrapKeyObject(key);\n\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any\n const hmac = cryptoModule.createHmac('sha256', (keyObject as any).export());\n hmac.update(Buffer.from(data));\n const mac = hmac.digest();\n\n return await Promise.resolve(mac.buffer.slice(mac.byteOffset, mac.byteOffset + mac.byteLength));\n }\n\n /**\n * Verify HMAC-SHA256 authentication code\n */\n async verifyHMAC(key: CryptoKeyLike, data: ArrayBuffer, mac: ArrayBuffer): Promise<boolean> {\n this.logger?.debug('Verifying HMAC-SHA256');\n const cryptoModule = await this.getCrypto();\n const computed = await this.generateHMAC(key, data);\n const expected = new Uint8Array(mac);\n const actual = new Uint8Array(computed);\n\n if (expected.length !== actual.length) {\n return false;\n }\n\n // Constant-time comparison\n return cryptoModule.timingSafeEqual(\n Buffer.from(expected),\n Buffer.from(actual)\n );\n }\n\n /**\n * Generate cryptographically secure random bytes\n * Note: This is a synchronous method, so it uses require() instead of dynamic import\n */\n randomBytes(length: number): ArrayBuffer {\n // Use cached module if available, otherwise use synchronous require\n // eslint-disable-next-line @typescript-eslint/no-require-imports\n const cryptoModule = this.cryptoModule ?? require('crypto') as NodeCrypto;\n const buffer = cryptoModule.randomBytes(length);\n return buffer.buffer.slice(buffer.byteOffset, buffer.byteOffset + buffer.byteLength);\n }\n}\n\n/**\n * Self-register Node provider on import\n * This allows the provider to be available when explicitly imported\n */\nregisterCryptoProvider('node', (logger) => new NodeCryptoProvider(logger));\n\n// TypeScript module augmentation to track this provider is available\ndeclare global {\n // eslint-disable-next-line @typescript-eslint/no-namespace\n namespace BananaLink {\n interface RegisteredCryptoProviders {\n node: true;\n }\n }\n}\n"]}
1
+ {"version":3,"sources":["../../../src/crypto/providers/node-provider.ts"],"names":[],"mappings":";;;AAYA,IAAM,qBAAA,GAAN,MAAM,qBAAA,CAA8C;AAAA,EAClD,WAAA,CACmB,WACA,OAAA,EACjB;AAFiB,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA,EAChB;AAAA,EAEH,IAAI,IAAA,GAAwC;AAC1C,IAAA,OAAO,IAAA,CAAK,OAAA;AAAA,EACd;AAAA,EAEA,IAAI,SAAA,GAAoB;AACtB,IAAA,OAAO,WAAA;AAAA,EACT;AAAA,EAEA,IAAI,WAAA,GAAuB;AACzB,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,IAAI,MAAA,GAA4B;AAC9B,IAAA,OAAO,IAAA,CAAK,YAAY,QAAA,GAAW,CAAC,WAAW,SAAS,CAAA,GAAI,CAAC,WAAW,CAAA;AAAA,EAC1E;AAAA,EAEA,IAAI,SAAA,GAAqB;AACvB,IAAA,OAAO,IAAA,CAAK,SAAA;AAAA,EACd;AACF,CAAA;AAzBoD,MAAA,CAAA,qBAAA,EAAA,sBAAA,CAAA;AAApD,IAAM,oBAAA,GAAN,qBAAA;AA8BA,SAAS,gBAAgB,OAAA,EAAiC;AACxD,EAAA,IAAI,mBAAmB,oBAAA,EAAsB;AAC3C,IAAA,OAAO,OAAA,CAAQ,SAAA;AAAA,EACjB;AAEA,EAAA,OAAO,OAAA;AACT;AANS,MAAA,CAAA,eAAA,EAAA,iBAAA,CAAA;AAyBF,IAAM,mBAAA,GAAN,MAAM,mBAAA,CAA6C;AAAA,EAkBxD,YAAY,MAAA,EAAiB;AAjB7B,IAAA,IAAA,CAAgB,IAAA,GAAO,YAAA;AAEvB,IAAA,IAAA,CAAQ,YAAA,GAAkC,IAAA;AAgBxC,IAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACrB,MAAA,MAAM,IAAI,MAAM,yDAAyD,CAAA;AAAA,IAC3E;AACA,IAAA,IAAA,CAAK,SAAS,MAAA,EAAQ,KAAA,CAAM,EAAE,SAAA,EAAW,sBAAsB,CAAA;AAAA,EACjE;AAAA,EAlBA,IAAW,WAAA,GAAuB;AAChC,IAAA,IAAI;AAEF,MAAA,IAAI,OAAO,OAAA,KAAY,WAAA,IAAe,CAAC,OAAA,CAAQ,UAAU,IAAA,EAAM;AAC7D,QAAA,OAAO,KAAA;AAAA,MACT;AAEA,MAAA,OAAO,IAAA;AAAA,IACT,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAc,SAAA,GAAiC;AAC7C,IAAA,IAAI,CAAC,KAAK,YAAA,EAAc;AACtB,MAAA,IAAI;AAEF,QAAA,IAAA,CAAK,YAAA,GAAe,MAAM,OAAO,QAAQ,CAAA;AAAA,MAC3C,CAAA,CAAA,MAAQ;AACN,QAAA,MAAM,IAAI,MAAM,qFAA0F,CAAA;AAAA,MAC5G;AAAA,IACF;AACA,IAAA,OAAO,IAAA,CAAK,YAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eAAA,GAA4C;AAChD,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,oDAAoD,CAAA;AACvE,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAE1C,IAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,OAAA,EAAS,MAAA,KAAW;AACtC,MAAA,YAAA,CAAa,eAAA;AAAA,QACX,IAAA;AAAA,QACA;AAAA,UACE,UAAA,EAAY,YAAA;AAAA;AAAA,UACZ,iBAAA,EAAmB,EAAE,IAAA,EAAM,MAAA,EAAQ,QAAQ,KAAA,EAAM;AAAA,UACjD,kBAAA,EAAoB,EAAE,IAAA,EAAM,OAAA,EAAS,QAAQ,KAAA;AAAM,SACrD;AAAA;AAAA,QAEA,CAAC,GAAA,EAAmB,SAAA,EAAgB,UAAA,KAAoB;AACtD,UAAA,IAAI,GAAA,EAAK;AACP,YAAA,IAAA,CAAK,QAAQ,KAAA,CAAM,4BAAA,EAA8B,EAAE,KAAA,EAAO,KAAK,CAAA;AAC/D,YAAA,MAAA,CAAO,GAAG,CAAA;AACV,YAAA;AAAA,UACF;AAEA,UAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,+BAA+B,CAAA;AAClD,UAAA,OAAA,CAAQ;AAAA,YACN,SAAA,EAAW,IAAI,oBAAA,CAAqB,SAAA,EAAW,QAAQ,CAAA;AAAA,YACvD,UAAA,EAAY,IAAI,oBAAA,CAAqB,UAAA,EAAY,SAAS;AAAA,WAC3D,CAAA;AAAA,QACH;AAAA,OACF;AAAA,IACF,CAAC,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,SAAA,EAAgD;AACpE,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,sBAAsB,CAAA;AACzC,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,SAAS,CAAA;AAG3C,IAAA,MAAM,MAAA,GACJ,SAAA,YAAqB,MAAA,GACjB,YAAA,CAAa,eAAA,CAAgB,EAAE,GAAA,EAAK,SAAA,EAAW,MAAA,EAAQ,KAAA,EAAO,IAAA,EAAM,MAAA,EAAQ,CAAA,GAC5E,SAAA;AAIN,IAAA,MAAM,MAAO,MAAA,CAAe,MAAA,CAAO,EAAE,MAAA,EAAQ,OAAO,CAAA;AAEpD,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,IAAA,CAAK,GAAA,CAAI,GAAa,WAAW,CAAA;AAElD,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,IAAA,CAAK,GAAA,CAAI,GAAa,WAAW,CAAA;AAGlD,IAAA,MAAM,YAAA,GAAe,MAAA,CAAO,MAAA,CAAO,CAAC,MAAA,CAAO,IAAA,CAAK,CAAC,CAAI,CAAC,CAAA,EAAG,CAAA,EAAG,CAAC,CAAC,CAAA;AAE9D,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA;AAAA,MACnB,YAAA,CAAa,OAAO,KAAA,CAAM,YAAA,CAAa,YAAY,YAAA,CAAa,UAAA,GAAa,aAAa,UAAU;AAAA,KACtG;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iBAAiB,UAAA,EAAiD;AACtE,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,uBAAuB,CAAA;AAC1C,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,UAAU,CAAA;AAG5C,IAAA,MAAM,YAAY,SAAA,YAAqB,MAAA,GAAS,SAAA,GAAY,MAAA,CAAO,KAAK,SAAwB,CAAA;AAChG,IAAA,MAAM,MAAA,GAAS,aAAa,gBAAA,CAAiB;AAAA,MAC3C,GAAA,EAAK,SAAA;AAAA,MACL,MAAA,EAAQ,KAAA;AAAA,MACR,IAAA,EAAM;AAAA,KACP,CAAA;AAGD,IAAA,MAAM,MAAM,MAAA,CAAO,MAAA,CAAO,EAAE,MAAA,EAAQ,OAAO,CAAA;AAC3C,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,IAAA,CAAK,GAAA,CAAI,GAAa,WAAW,CAAA;AAEvD,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA,CAAQ,MAAA,CAAO,MAAA,CAAO,KAAA,CAAM,MAAA,CAAO,UAAA,EAAY,MAAA,CAAO,UAAA,GAAa,MAAA,CAAO,UAAU,CAAC,CAAA;AAAA,EAC5G;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,OAAA,EAA8C;AAClE,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,sBAAsB,CAAA;AACzC,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,MAAA,CAAO,IAAA,CAAK,OAAO,CAAA;AAGrC,IAAA,IAAI,UAAU,MAAA,KAAW,EAAA,IAAM,SAAA,CAAU,CAAC,MAAM,CAAA,EAAM;AACpD,MAAA,MAAM,IAAI,MAAM,iEAAiE,CAAA;AAAA,IACnF;AAIA,IAAA,MAAM,CAAA,GAAI,SAAA,CAAU,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA;AAC/B,IAAA,MAAM,CAAA,GAAI,SAAA,CAAU,KAAA,CAAM,EAAA,EAAI,EAAE,CAAA;AAGhC,IAAA,MAAM,GAAA,GAAM;AAAA,MACV,GAAA,EAAK,IAAA;AAAA,MACL,GAAA,EAAK,OAAA;AAAA,MACL,CAAA,EAAG,CAAA,CAAE,QAAA,CAAS,WAAW,CAAA;AAAA,MACzB,CAAA,EAAG,CAAA,CAAE,QAAA,CAAS,WAAW;AAAA,KAC3B;AAEA,IAAA,MAAM,SAAA,GAAY,aAAa,eAAA,CAAgB,EAAE,KAAK,GAAA,EAAK,MAAA,EAAQ,OAAO,CAAA;AAC1E,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA,CAAQ,IAAI,oBAAA,CAAqB,SAAA,EAAW,QAAQ,CAAC,CAAA;AAAA,EAC5E;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iBAAiB,OAAA,EAA8C;AACnE,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,uBAAuB,CAAA;AAC1C,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,MAAA,CAAO,IAAA,CAAK,OAAO,CAAA;AAErC,IAAA,IAAI,SAAA,CAAU,WAAW,EAAA,EAAI;AAC3B,MAAA,MAAM,IAAI,MAAM,+CAA+C,CAAA;AAAA,IACjE;AAGA,IAAA,MAAM,GAAA,GAAM;AAAA,MACV,GAAA,EAAK,IAAA;AAAA,MACL,GAAA,EAAK,OAAA;AAAA,MACL,CAAA,EAAG,SAAA,CAAU,QAAA,CAAS,WAAW;AAAA,KACnC;AAEA,IAAA,MAAM,SAAA,GAAY,aAAa,gBAAA,CAAiB,EAAE,KAAK,GAAA,EAAK,MAAA,EAAQ,OAAO,CAAA;AAC3E,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA,CAAQ,IAAI,oBAAA,CAAqB,SAAA,EAAW,SAAS,CAAC,CAAA;AAAA,EAC7E;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,kBAAA,CAAmB,UAAA,EAA2B,SAAA,EAAkD;AACpG,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,wBAAwB,CAAA;AAC3C,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAG1C,IAAA,MAAM,IAAA,GAAO,YAAA,CAAa,UAAA,CAAW,YAAY,CAAA;AAGjD,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,gBAAA,CAAiB,UAAU,CAAA;AACzD,IAAA,IAAA,CAAK,aAAA,CAAc,MAAA,CAAO,IAAA,CAAK,UAAU,CAAC,CAAA;AAG1C,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,eAAA,CAAgB,SAAS,CAAA;AACtD,IAAA,MAAM,eAAe,IAAA,CAAK,aAAA,CAAc,MAAA,CAAO,IAAA,CAAK,SAAS,CAAC,CAAA;AAG9D,IAAA,MAAM,SAAA,GAAY,YAAA,CAAa,eAAA,CAAgB,YAAY,CAAA;AAC3D,IAAA,OAAO,IAAI,oBAAA,CAAqB,SAAA,EAAW,QAAQ,CAAA;AAAA,EACrD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBAAA,CAAoB,YAAA,EAA6B,IAAA,EAAmB,IAAA,EAA2C;AACnH,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,iCAAiC,CAAA;AACpD,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAG1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,YAAY,CAAA;AAE9C,IAAA,MAAM,eAAA,GAAmB,UAAkB,MAAA,EAAO;AAGlD,IAAA,MAAM,aAAa,YAAA,CAAa,QAAA;AAAA,MAC9B,QAAA;AAAA,MACA,OAAO,QAAA,CAAS,eAAe,IAAI,eAAA,GAAkB,MAAA,CAAO,KAAK,eAAe,CAAA;AAAA,MAChF,MAAA,CAAO,KAAK,IAAI,CAAA;AAAA,MAChB,MAAA,CAAO,KAAK,IAAI,CAAA;AAAA,MAChB;AAAA;AAAA,KACF;AAGA,IAAA,MAAM,YAAA,GAAe,YAAA,CAAa,eAAA,CAAgB,UAAU,CAAA;AAC5D,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA,CAAQ,IAAI,oBAAA,CAAqB,YAAA,EAAc,QAAQ,CAAC,CAAA;AAAA,EAC/E;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAA,CAAQ,GAAA,EAAoB,IAAA,EAAmB,EAAA,EAAuC;AAC1F,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,6BAA6B,CAAA;AAChD,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,GAAG,CAAA;AAErC,IAAA,MAAM,SAAS,YAAA,CAAa,cAAA;AAAA,MAC1B,aAAA;AAAA;AAAA,MAEC,UAAkB,MAAA,EAAO;AAAA,MAC1B,MAAA,CAAO,KAAK,EAAE;AAAA,KAChB;AAEA,IAAA,MAAM,YAAY,MAAA,CAAO,MAAA,CAAO,CAAC,MAAA,CAAO,OAAO,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,GAAG,MAAA,CAAO,KAAA,IAAS,MAAA,CAAO,UAAA,EAAY,CAAC,CAAA;AAEvG,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA;AAAA,MACnB,SAAA,CAAU,OAAO,KAAA,CAAM,SAAA,CAAU,YAAY,SAAA,CAAU,UAAA,GAAa,UAAU,UAAU;AAAA,KAC1F;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAA,CAAQ,GAAA,EAAoB,IAAA,EAAmB,EAAA,EAAuC;AAC1F,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,6BAA6B,CAAA;AAChD,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,GAAG,CAAA;AACrC,IAAA,MAAM,UAAA,GAAa,MAAA,CAAO,IAAA,CAAK,IAAI,CAAA;AAGnC,IAAA,MAAM,OAAA,GAAU,UAAA,CAAW,KAAA,CAAM,GAAG,CAAA;AACpC,IAAA,MAAM,UAAA,GAAa,UAAA,CAAW,KAAA,CAAM,CAAA,EAAG,GAAG,CAAA;AAE1C,IAAA,MAAM,WAAW,YAAA,CAAa,gBAAA;AAAA,MAC5B,aAAA;AAAA;AAAA,MAEC,UAAkB,MAAA,EAAO;AAAA,MAC1B,MAAA,CAAO,KAAK,EAAE;AAAA,KAChB;AACA,IAAA,QAAA,CAAS,WAAW,OAAO,CAAA;AAE3B,IAAA,MAAM,SAAA,GAAY,MAAA,CAAO,MAAA,CAAO,CAAC,QAAA,CAAS,MAAA,CAAO,UAAU,CAAA,EAAG,QAAA,CAAS,KAAA,EAAO,CAAC,CAAA;AAE/E,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA;AAAA,MACnB,SAAA,CAAU,OAAO,KAAA,CAAM,SAAA,CAAU,YAAY,SAAA,CAAU,UAAA,GAAa,UAAU,UAAU;AAAA,KAC1F;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YAAA,CAAa,GAAA,EAAoB,IAAA,EAAyC;AAC9E,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,wBAAwB,CAAA;AAC3C,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,SAAA,GAAY,gBAAgB,GAAG,CAAA;AAGrC,IAAA,MAAM,OAAO,YAAA,CAAa,UAAA,CAAW,QAAA,EAAW,SAAA,CAAkB,QAAQ,CAAA;AAC1E,IAAA,IAAA,CAAK,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,CAAA;AAC7B,IAAA,MAAM,GAAA,GAAM,KAAK,MAAA,EAAO;AAExB,IAAA,OAAO,MAAM,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,MAAA,CAAO,KAAA,CAAM,GAAA,CAAI,UAAA,EAAY,GAAA,CAAI,UAAA,GAAa,GAAA,CAAI,UAAU,CAAC,CAAA;AAAA,EAChG;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAA,CAAW,GAAA,EAAoB,IAAA,EAAmB,GAAA,EAAoC;AAC1F,IAAA,IAAA,CAAK,MAAA,EAAQ,MAAM,uBAAuB,CAAA;AAC1C,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,SAAA,EAAU;AAC1C,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,YAAA,CAAa,KAAK,IAAI,CAAA;AAClD,IAAA,MAAM,QAAA,GAAW,IAAI,UAAA,CAAW,GAAG,CAAA;AACnC,IAAA,MAAM,MAAA,GAAS,IAAI,UAAA,CAAW,QAAQ,CAAA;AAEtC,IAAA,IAAI,QAAA,CAAS,MAAA,KAAW,MAAA,CAAO,MAAA,EAAQ;AACrC,MAAA,OAAO,KAAA;AAAA,IACT;AAGA,IAAA,OAAO,YAAA,CAAa,gBAAgB,MAAA,CAAO,IAAA,CAAK,QAAQ,CAAA,EAAG,MAAA,CAAO,IAAA,CAAK,MAAM,CAAC,CAAA;AAAA,EAChF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,YAAY,MAAA,EAA6B;AAGvC,IAAA,MAAM,YAAA,GAAe,IAAA,CAAK,YAAA,IAAiB,SAAA,CAAQ,QAAQ,CAAA;AAC3D,IAAA,MAAM,MAAA,GAAS,YAAA,CAAa,WAAA,CAAY,MAAM,CAAA;AAC9C,IAAA,OAAO,MAAA,CAAO,OAAO,KAAA,CAAM,MAAA,CAAO,YAAY,MAAA,CAAO,UAAA,GAAa,OAAO,UAAU,CAAA;AAAA,EACrF;AACF,CAAA;AApU0D,MAAA,CAAA,mBAAA,EAAA,oBAAA,CAAA;AAAnD,IAAM,kBAAA,GAAN","file":"node-provider.js","sourcesContent":["import type { Logger } from '@bananalink-sdk/logger';\nimport type { CryptoProvider, CryptoKeyLike, ProviderKeyPair } from '../../types/crypto-provider';\n\n/**\n * Type definition for Node.js crypto module (loaded dynamically to prevent Metro bundling)\n */\ntype NodeCrypto = typeof import('crypto');\n\n/**\n * Node.js crypto.KeyObject wrapper to implement CryptoKeyLike interface\n * Note: keyObject type is unknown at compile time (crypto.KeyObject | Buffer at runtime)\n */\nclass NodeCryptoKeyWrapper implements CryptoKeyLike {\n constructor(\n private readonly keyObject: unknown, // crypto.KeyObject | Buffer at runtime\n private readonly keyType: 'public' | 'private' | 'secret',\n ) {}\n\n get type(): 'public' | 'private' | 'secret' {\n return this.keyType;\n }\n\n get algorithm(): string {\n return 'ECDH-P256';\n }\n\n get extractable(): boolean {\n return true;\n }\n\n get usages(): readonly string[] {\n return this.keyType === 'secret' ? ['encrypt', 'decrypt'] : ['deriveKey'];\n }\n\n get nativeKey(): unknown {\n return this.keyObject;\n }\n}\n\n/**\n * Helper function to unwrap CryptoKeyLike to native KeyObject or Buffer\n */\nfunction unwrapKeyObject(keyLike: CryptoKeyLike): unknown {\n if (keyLike instanceof NodeCryptoKeyWrapper) {\n return keyLike.nativeKey;\n }\n // Assume it's already a KeyObject\n return keyLike;\n}\n\n/**\n * Node.js crypto module implementation of CryptoProvider\n * Optimized for backend services with native crypto performance\n *\n * This provider uses the native Node.js crypto module which provides:\n * - Superior performance compared to Web Crypto API in Node.js\n * - Direct access to OpenSSL optimizations\n * - Zero additional dependencies\n * - Full support for ECDH P-256 and AES-256-GCM\n *\n * @example\n * ```typescript\n * import { NodeCryptoProvider } from '@bananalink-sdk/protocol/crypto/provider/node';\n * const provider = new NodeCryptoProvider();\n * const keyPair = await provider.generateKeyPair();\n * ```\n */\nexport class NodeCryptoProvider implements CryptoProvider {\n public readonly name = 'NodeCrypto';\n private readonly logger?: Logger;\n private cryptoModule: NodeCrypto | null = null;\n\n public get isAvailable(): boolean {\n try {\n // Check if we're in Node.js environment\n if (typeof process === 'undefined' || !process.versions?.node) {\n return false;\n }\n // Crypto module availability will be checked when getCrypto() is called\n return true;\n } catch {\n return false;\n }\n }\n\n constructor(logger?: Logger) {\n if (!this.isAvailable) {\n throw new Error('Node.js crypto module not available in this environment');\n }\n this.logger = logger?.child({ component: 'NodeCryptoProvider' });\n }\n\n /**\n * Get crypto module instance via dynamic import\n * This prevents Metro bundler from trying to resolve 'crypto' at build time\n */\n private async getCrypto(): Promise<NodeCrypto> {\n if (!this.cryptoModule) {\n try {\n // Dynamic import prevents static analysis by bundlers\n this.cryptoModule = await import('crypto');\n } catch {\n throw new Error('Failed to load Node.js crypto module. ' + 'This provider requires a Node.js environment.');\n }\n }\n return this.cryptoModule;\n }\n\n /**\n * Generate ECDH P-256 key pair using Node.js crypto\n */\n async generateKeyPair(): Promise<ProviderKeyPair> {\n this.logger?.debug('Generating ECDH P-256 key pair with Node.js crypto');\n const cryptoModule = await this.getCrypto();\n\n return new Promise((resolve, reject) => {\n cryptoModule.generateKeyPair(\n 'ec',\n {\n namedCurve: 'prime256v1', // P-256\n publicKeyEncoding: { type: 'spki', format: 'der' },\n privateKeyEncoding: { type: 'pkcs8', format: 'der' },\n },\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n (err: Error | null, publicKey: any, privateKey: any) => {\n if (err) {\n this.logger?.error('Key pair generation failed', { error: err });\n reject(err);\n return;\n }\n\n this.logger?.debug('Key pair generation completed');\n resolve({\n publicKey: new NodeCryptoKeyWrapper(publicKey, 'public'),\n privateKey: new NodeCryptoKeyWrapper(privateKey, 'private'),\n });\n },\n );\n });\n }\n\n /**\n * Export public key to raw ArrayBuffer format (65 bytes uncompressed)\n */\n async exportPublicKey(publicKey: CryptoKeyLike): Promise<ArrayBuffer> {\n this.logger?.debug('Exporting public key');\n const cryptoModule = await this.getCrypto();\n const keyObject = unwrapKeyObject(publicKey);\n\n // If it's a Buffer (DER format from generateKeyPair), convert to KeyObject first\n const keyObj =\n keyObject instanceof Buffer\n ? cryptoModule.createPublicKey({ key: keyObject, format: 'der', type: 'spki' })\n : keyObject;\n\n // Export as JWK to get X/Y coordinates\n // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any\n const jwk = (keyObj as any).export({ format: 'jwk' });\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n const x = Buffer.from(jwk.x as string, 'base64url');\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n const y = Buffer.from(jwk.y as string, 'base64url');\n\n // Construct 65-byte uncompressed point: 0x04 + X (32 bytes) + Y (32 bytes)\n const uncompressed = Buffer.concat([Buffer.from([0x04]), x, y]);\n\n return await Promise.resolve(\n uncompressed.buffer.slice(uncompressed.byteOffset, uncompressed.byteOffset + uncompressed.byteLength),\n );\n }\n\n /**\n * Export private key to raw ArrayBuffer format (32 bytes)\n */\n async exportPrivateKey(privateKey: CryptoKeyLike): Promise<ArrayBuffer> {\n this.logger?.debug('Exporting private key');\n const cryptoModule = await this.getCrypto();\n const keyObject = unwrapKeyObject(privateKey);\n\n // Convert KeyObject to raw format\n const keyBuffer = keyObject instanceof Buffer ? keyObject : Buffer.from(keyObject as ArrayBuffer);\n const keyObj = cryptoModule.createPrivateKey({\n key: keyBuffer,\n format: 'der',\n type: 'pkcs8',\n });\n\n // Export as raw scalar (32 bytes)\n const jwk = keyObj.export({ format: 'jwk' });\n const dValue = Buffer.from(jwk.d as string, 'base64url');\n\n return await Promise.resolve(dValue.buffer.slice(dValue.byteOffset, dValue.byteOffset + dValue.byteLength));\n }\n\n /**\n * Import public key from raw ArrayBuffer format\n */\n async importPublicKey(keyData: ArrayBuffer): Promise<CryptoKeyLike> {\n this.logger?.debug('Importing public key');\n const cryptoModule = await this.getCrypto();\n const keyBuffer = Buffer.from(keyData);\n\n // Ensure it's uncompressed format (65 bytes starting with 0x04)\n if (keyBuffer.length !== 65 || keyBuffer[0] !== 0x04) {\n throw new Error('Invalid public key format: expected 65 bytes uncompressed point');\n }\n\n // Create KeyObject from raw uncompressed point\n // We need to wrap it in DER format\n const x = keyBuffer.slice(1, 33);\n const y = keyBuffer.slice(33, 65);\n\n // Create JWK representation\n const jwk = {\n kty: 'EC' as const,\n crv: 'P-256' as const,\n x: x.toString('base64url'),\n y: y.toString('base64url'),\n };\n\n const keyObject = cryptoModule.createPublicKey({ key: jwk, format: 'jwk' });\n return await Promise.resolve(new NodeCryptoKeyWrapper(keyObject, 'public'));\n }\n\n /**\n * Import private key from raw ArrayBuffer format\n */\n async importPrivateKey(keyData: ArrayBuffer): Promise<CryptoKeyLike> {\n this.logger?.debug('Importing private key');\n const cryptoModule = await this.getCrypto();\n const keyBuffer = Buffer.from(keyData);\n\n if (keyBuffer.length !== 32) {\n throw new Error('Invalid private key format: expected 32 bytes');\n }\n\n // Create JWK representation\n const jwk = {\n kty: 'EC' as const,\n crv: 'P-256' as const,\n d: keyBuffer.toString('base64url'),\n };\n\n const keyObject = cryptoModule.createPrivateKey({ key: jwk, format: 'jwk' });\n return await Promise.resolve(new NodeCryptoKeyWrapper(keyObject, 'private'));\n }\n\n /**\n * Derive shared secret using ECDH\n */\n async deriveSharedSecret(privateKey: CryptoKeyLike, publicKey: CryptoKeyLike): Promise<CryptoKeyLike> {\n this.logger?.debug('Deriving shared secret');\n const cryptoModule = await this.getCrypto();\n\n // Create ECDH object\n const ecdh = cryptoModule.createECDH('prime256v1');\n\n // Set private key\n const privateRaw = await this.exportPrivateKey(privateKey);\n ecdh.setPrivateKey(Buffer.from(privateRaw));\n\n // Compute shared secret\n const publicRaw = await this.exportPublicKey(publicKey);\n const sharedSecret = ecdh.computeSecret(Buffer.from(publicRaw));\n\n // Wrap as secret key\n const keyObject = cryptoModule.createSecretKey(sharedSecret);\n return new NodeCryptoKeyWrapper(keyObject, 'secret');\n }\n\n /**\n * Derive AES-GCM encryption key using HKDF-SHA256\n */\n async deriveEncryptionKey(sharedSecret: CryptoKeyLike, salt: ArrayBuffer, info: ArrayBuffer): Promise<CryptoKeyLike> {\n this.logger?.debug('Deriving AES-GCM encryption key');\n const cryptoModule = await this.getCrypto();\n\n // Extract raw shared secret\n const keyObject = unwrapKeyObject(sharedSecret);\n // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any\n const sharedSecretRaw = (keyObject as any).export();\n\n // Use HKDF to derive 32-byte key\n const derivedKey = cryptoModule.hkdfSync(\n 'sha256',\n Buffer.isBuffer(sharedSecretRaw) ? sharedSecretRaw : Buffer.from(sharedSecretRaw),\n Buffer.from(salt),\n Buffer.from(info),\n 32, // 256 bits\n ) as Buffer;\n\n // Create secret key object\n const aesKeyObject = cryptoModule.createSecretKey(derivedKey);\n return await Promise.resolve(new NodeCryptoKeyWrapper(aesKeyObject, 'secret'));\n }\n\n /**\n * Encrypt data using AES-256-GCM\n */\n async encrypt(key: CryptoKeyLike, data: ArrayBuffer, iv: ArrayBuffer): Promise<ArrayBuffer> {\n this.logger?.debug('Encrypting with AES-256-GCM');\n const cryptoModule = await this.getCrypto();\n const keyObject = unwrapKeyObject(key);\n\n const cipher = cryptoModule.createCipheriv(\n 'aes-256-gcm',\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any\n (keyObject as any).export(),\n Buffer.from(iv),\n );\n\n const encrypted = Buffer.concat([cipher.update(Buffer.from(data)), cipher.final(), cipher.getAuthTag()]);\n\n return await Promise.resolve(\n encrypted.buffer.slice(encrypted.byteOffset, encrypted.byteOffset + encrypted.byteLength),\n );\n }\n\n /**\n * Decrypt data using AES-256-GCM\n */\n async decrypt(key: CryptoKeyLike, data: ArrayBuffer, iv: ArrayBuffer): Promise<ArrayBuffer> {\n this.logger?.debug('Decrypting with AES-256-GCM');\n const cryptoModule = await this.getCrypto();\n const keyObject = unwrapKeyObject(key);\n const dataBuffer = Buffer.from(data);\n\n // Last 16 bytes are the auth tag\n const authTag = dataBuffer.slice(-16);\n const ciphertext = dataBuffer.slice(0, -16);\n\n const decipher = cryptoModule.createDecipheriv(\n 'aes-256-gcm',\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any\n (keyObject as any).export(),\n Buffer.from(iv),\n );\n decipher.setAuthTag(authTag);\n\n const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);\n\n return await Promise.resolve(\n decrypted.buffer.slice(decrypted.byteOffset, decrypted.byteOffset + decrypted.byteLength),\n );\n }\n\n /**\n * Generate HMAC-SHA256 authentication code\n */\n async generateHMAC(key: CryptoKeyLike, data: ArrayBuffer): Promise<ArrayBuffer> {\n this.logger?.debug('Generating HMAC-SHA256');\n const cryptoModule = await this.getCrypto();\n const keyObject = unwrapKeyObject(key);\n\n // eslint-disable-next-line @typescript-eslint/no-unsafe-argument, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any\n const hmac = cryptoModule.createHmac('sha256', (keyObject as any).export());\n hmac.update(Buffer.from(data));\n const mac = hmac.digest();\n\n return await Promise.resolve(mac.buffer.slice(mac.byteOffset, mac.byteOffset + mac.byteLength));\n }\n\n /**\n * Verify HMAC-SHA256 authentication code\n */\n async verifyHMAC(key: CryptoKeyLike, data: ArrayBuffer, mac: ArrayBuffer): Promise<boolean> {\n this.logger?.debug('Verifying HMAC-SHA256');\n const cryptoModule = await this.getCrypto();\n const computed = await this.generateHMAC(key, data);\n const expected = new Uint8Array(mac);\n const actual = new Uint8Array(computed);\n\n if (expected.length !== actual.length) {\n return false;\n }\n\n // Constant-time comparison\n return cryptoModule.timingSafeEqual(Buffer.from(expected), Buffer.from(actual));\n }\n\n /**\n * Generate cryptographically secure random bytes\n * Note: This is a synchronous method, so it uses require() instead of dynamic import\n */\n randomBytes(length: number): ArrayBuffer {\n // Use cached module if available, otherwise use synchronous require\n // eslint-disable-next-line @typescript-eslint/no-require-imports\n const cryptoModule = this.cryptoModule ?? (require('crypto') as NodeCrypto);\n const buffer = cryptoModule.randomBytes(length);\n return buffer.buffer.slice(buffer.byteOffset, buffer.byteOffset + buffer.byteLength);\n }\n}\n"]}