@brashkie/signalis-core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.mjs ADDED
@@ -0,0 +1,622 @@
1
+ // src/core.ts
2
+ import * as native from "../index.js";
3
+
4
+ // src/constants.ts
5
+ var CURVE25519_PRIVATE_KEY_SIZE = 32;
6
+ var CURVE25519_PUBLIC_KEY_SIZE = 32;
7
+ var CURVE25519_SHARED_SECRET_SIZE = 32;
8
+ var HKDF_PRK_SIZE = 32;
9
+ var HKDF_MAX_OUTPUT_SIZE = 8160;
10
+ var AES_256_KEY_SIZE = 32;
11
+ var AES_256_GCM_NONCE_SIZE = 12;
12
+ var AES_256_GCM_TAG_SIZE = 16;
13
+ var AES_256_CBC_IV_SIZE = 16;
14
+ var AES_BLOCK_SIZE = 16;
15
+ var SHA256_OUTPUT_SIZE = 32;
16
+ var HMAC_SHA256_TAG_SIZE = 32;
17
+ var SHA256_BLOCK_SIZE = 64;
18
+ var AES_GCM_MAX_PLAINTEXT_SIZE = 64 * 1024 * 1024 * 1024;
19
+ var AES_GCM_RECOMMENDED_MESSAGES_PER_KEY = 4294967296;
20
+
21
+ // src/errors.ts
22
+ var SignalisError = class extends Error {
23
+ /** Error code for programmatic handling. */
24
+ code;
25
+ constructor(message, code) {
26
+ super(message);
27
+ this.name = "SignalisError";
28
+ this.code = code;
29
+ if (typeof Error.captureStackTrace === "function") {
30
+ Error.captureStackTrace(this, this.constructor);
31
+ }
32
+ }
33
+ };
34
+ var ValidationError = class extends SignalisError {
35
+ /** Name of the parameter that failed validation. */
36
+ parameter;
37
+ /** Expected value description. */
38
+ expected;
39
+ /** Actual value received. */
40
+ actual;
41
+ constructor(message, options = {}) {
42
+ super(message, "VALIDATION_ERROR");
43
+ this.name = "ValidationError";
44
+ this.parameter = options.parameter;
45
+ this.expected = options.expected;
46
+ this.actual = options.actual;
47
+ }
48
+ };
49
+ var CryptoError = class extends SignalisError {
50
+ /** The crypto operation that failed. */
51
+ operation;
52
+ constructor(message, operation) {
53
+ super(message, "CRYPTO_ERROR");
54
+ this.name = "CryptoError";
55
+ this.operation = operation;
56
+ }
57
+ };
58
+ var AuthenticationError = class extends CryptoError {
59
+ constructor(message = "Authentication tag verification failed") {
60
+ super(message, "authenticate");
61
+ this.name = "AuthenticationError";
62
+ }
63
+ };
64
+ var KeyDerivationError = class extends CryptoError {
65
+ constructor(message) {
66
+ super(message, "derive_key");
67
+ this.name = "KeyDerivationError";
68
+ }
69
+ };
70
+ var LengthError = class extends ValidationError {
71
+ constructor(message, options = {}) {
72
+ super(message, options);
73
+ this.name = "LengthError";
74
+ }
75
+ };
76
+
77
+ // src/validators.ts
78
+ function assertBuffer(value, parameter) {
79
+ if (!Buffer.isBuffer(value)) {
80
+ throw new ValidationError(`${parameter} must be a Buffer`, {
81
+ parameter,
82
+ expected: "Buffer",
83
+ actual: typeof value
84
+ });
85
+ }
86
+ }
87
+ function assertBufferLength(value, expectedLength, parameter) {
88
+ if (value.length !== expectedLength) {
89
+ throw new ValidationError(
90
+ `${parameter} must be ${expectedLength} bytes, got ${value.length}`,
91
+ {
92
+ parameter,
93
+ expected: `${expectedLength} bytes`,
94
+ actual: value.length
95
+ }
96
+ );
97
+ }
98
+ }
99
+ function assertBufferOfSize(value, expectedLength, parameter) {
100
+ assertBuffer(value, parameter);
101
+ assertBufferLength(value, expectedLength, parameter);
102
+ }
103
+ function assertPositiveInteger(value, parameter) {
104
+ if (typeof value !== "number" || !Number.isInteger(value) || value < 0) {
105
+ throw new ValidationError(`${parameter} must be a non-negative integer`, {
106
+ parameter,
107
+ expected: "non-negative integer",
108
+ actual: String(value)
109
+ });
110
+ }
111
+ }
112
+ function assertHkdfLength(length) {
113
+ assertPositiveInteger(length, "length");
114
+ if (length > HKDF_MAX_OUTPUT_SIZE) {
115
+ throw new LengthError(
116
+ `HKDF output length cannot exceed ${HKDF_MAX_OUTPUT_SIZE} bytes (255 * 32)`,
117
+ {
118
+ expected: `<= ${HKDF_MAX_OUTPUT_SIZE}`,
119
+ actual: length
120
+ }
121
+ );
122
+ }
123
+ if (length === 0) {
124
+ throw new LengthError("HKDF output length must be greater than 0", {
125
+ expected: "> 0",
126
+ actual: 0
127
+ });
128
+ }
129
+ }
130
+ function buffersSameLength(a, b) {
131
+ return a.length === b.length;
132
+ }
133
+
134
+ // src/core.ts
135
+ var Curve25519 = Object.freeze({
136
+ /**
137
+ * Generate a new random Curve25519 keypair.
138
+ *
139
+ * Uses the OS's cryptographically secure RNG (via Rust's `OsRng`).
140
+ *
141
+ * @returns A {@link KeyPair} with private and public keys (32 bytes each)
142
+ */
143
+ generateKeyPair() {
144
+ const kp = native.curve25519GenerateKeypair();
145
+ return Object.freeze({
146
+ privateKey: kp.private,
147
+ publicKey: kp.public
148
+ });
149
+ },
150
+ /**
151
+ * Derive the public key corresponding to a given private key.
152
+ *
153
+ * @param privateKey - 32-byte private key
154
+ * @returns The corresponding 32-byte public key
155
+ * @throws {ValidationError} If `privateKey` is not a 32-byte Buffer.
156
+ */
157
+ publicFromPrivate(privateKey) {
158
+ assertBufferOfSize(privateKey, CURVE25519_PRIVATE_KEY_SIZE, "privateKey");
159
+ return native.curve25519PublicFromPrivate(privateKey);
160
+ },
161
+ /**
162
+ * Perform X25519 Diffie-Hellman key agreement.
163
+ *
164
+ * Both parties run this with swapped (private, peer-public) arguments
165
+ * and obtain the same 32-byte shared secret.
166
+ *
167
+ * **⚠️ CRITICAL:** Do NOT use the returned secret directly as an
168
+ * encryption key. Always derive an actual key through HKDF:
169
+ *
170
+ * @example
171
+ * ```ts
172
+ * const shared = Curve25519.diffieHellman(myPriv, theirPub);
173
+ * const key = HKDF.derive(salt, shared, Buffer.from('aes-key'), 32);
174
+ * ```
175
+ *
176
+ * @param privateKey - Your 32-byte private key
177
+ * @param peerPublicKey - Peer's 32-byte public key
178
+ * @returns 32-byte shared secret
179
+ * @throws {ValidationError} If keys are not 32 bytes.
180
+ * @throws {CryptoError} If the operation fails.
181
+ */
182
+ diffieHellman(privateKey, peerPublicKey) {
183
+ assertBufferOfSize(privateKey, CURVE25519_PRIVATE_KEY_SIZE, "privateKey");
184
+ assertBufferOfSize(peerPublicKey, CURVE25519_PUBLIC_KEY_SIZE, "peerPublicKey");
185
+ return native.curve25519DiffieHellman(privateKey, peerPublicKey);
186
+ },
187
+ /**
188
+ * The size of a Curve25519 private key in bytes (32).
189
+ */
190
+ PRIVATE_KEY_SIZE: CURVE25519_PRIVATE_KEY_SIZE,
191
+ /**
192
+ * The size of a Curve25519 public key in bytes (32).
193
+ */
194
+ PUBLIC_KEY_SIZE: CURVE25519_PUBLIC_KEY_SIZE,
195
+ /**
196
+ * The size of an X25519 shared secret in bytes (32).
197
+ */
198
+ SHARED_SECRET_SIZE: CURVE25519_SHARED_SECRET_SIZE
199
+ });
200
+ var HKDF = Object.freeze({
201
+ /**
202
+ * HKDF-Extract: produces a 32-byte pseudorandom key (PRK).
203
+ *
204
+ * @param salt - Optional salt (pass `Buffer.alloc(0)` if not available)
205
+ * @param ikm - Input keying material
206
+ * @returns 32-byte PRK
207
+ * @throws {ValidationError} If inputs are not Buffers.
208
+ */
209
+ extract(salt, ikm) {
210
+ assertBuffer(salt, "salt");
211
+ assertBuffer(ikm, "ikm");
212
+ return native.hkdfExtract(salt, ikm);
213
+ },
214
+ /**
215
+ * HKDF-Expand: produces `length` bytes of output keying material.
216
+ *
217
+ * @param prk - 32-byte pseudorandom key from {@link extract}
218
+ * @param info - Context-specific information (binds output to a usage)
219
+ * @param length - Desired output length (1 to 8160 bytes)
220
+ * @returns OKM of requested length
221
+ * @throws {ValidationError} If PRK is not 32 bytes or length is out of bounds.
222
+ */
223
+ expand(prk, info, length) {
224
+ assertBufferOfSize(prk, HKDF_PRK_SIZE, "prk");
225
+ assertBuffer(info, "info");
226
+ assertHkdfLength(length);
227
+ return native.hkdfExpand(prk, info, length);
228
+ },
229
+ /**
230
+ * HKDF one-shot: extract + expand in a single call.
231
+ *
232
+ * Use this whenever possible — it's the standard HKDF API.
233
+ *
234
+ * @param salt - Optional salt
235
+ * @param ikm - Input keying material
236
+ * @param info - Context info
237
+ * @param length - Desired output length
238
+ * @returns OKM of requested length
239
+ */
240
+ derive(salt, ikm, info, length) {
241
+ assertBuffer(salt, "salt");
242
+ assertBuffer(ikm, "ikm");
243
+ assertBuffer(info, "info");
244
+ assertHkdfLength(length);
245
+ return native.hkdfDerive(salt, ikm, info, length);
246
+ },
247
+ /**
248
+ * Derive multiple keys from the same shared secret in a single call.
249
+ *
250
+ * Useful for deriving e.g., a send key AND a receive key simultaneously.
251
+ *
252
+ * @example
253
+ * ```ts
254
+ * const [sendKey, recvKey] = HKDF.deriveMultiple(
255
+ * salt,
256
+ * sharedSecret,
257
+ * Buffer.from('signalis-channel-v1'),
258
+ * [32, 32],
259
+ * );
260
+ * ```
261
+ *
262
+ * @param salt - Optional salt
263
+ * @param ikm - Input keying material
264
+ * @param info - Context info
265
+ * @param lengths - Array of output lengths
266
+ * @returns Array of derived keys, one per requested length
267
+ */
268
+ deriveMultiple(salt, ikm, info, lengths) {
269
+ assertBuffer(salt, "salt");
270
+ assertBuffer(ikm, "ikm");
271
+ assertBuffer(info, "info");
272
+ if (!Array.isArray(lengths) || lengths.length === 0) {
273
+ throw new TypeError("lengths must be a non-empty array of integers");
274
+ }
275
+ const total = lengths.reduce((sum, len) => sum + len, 0);
276
+ assertHkdfLength(total);
277
+ const okm = this.derive(salt, ikm, info, total);
278
+ const results = [];
279
+ let offset = 0;
280
+ for (const len of lengths) {
281
+ results.push(okm.subarray(offset, offset + len));
282
+ offset += len;
283
+ }
284
+ return results;
285
+ },
286
+ /**
287
+ * Derive a key using an {@link HkdfParams} object (alternative API).
288
+ */
289
+ deriveFromParams(params) {
290
+ return this.derive(params.salt, params.ikm, params.info, params.length);
291
+ },
292
+ /**
293
+ * The size of an HKDF PRK in bytes (32).
294
+ */
295
+ PRK_SIZE: HKDF_PRK_SIZE
296
+ });
297
+ var AES_GCM = Object.freeze({
298
+ /**
299
+ * Encrypt plaintext.
300
+ *
301
+ * Returns: ciphertext || 16-byte authentication tag (concatenated).
302
+ *
303
+ * @param key - 32-byte symmetric key
304
+ * @param nonce - 12-byte unique nonce (NEVER reuse with same key)
305
+ * @param plaintext - Data to encrypt
306
+ * @returns Ciphertext + auth tag (output is `plaintext.length + 16` bytes)
307
+ * @throws {ValidationError} On invalid sizes.
308
+ * @throws {CryptoError} If the operation fails.
309
+ */
310
+ encrypt(key, nonce, plaintext) {
311
+ assertBufferOfSize(key, AES_256_KEY_SIZE, "key");
312
+ assertBufferOfSize(nonce, AES_256_GCM_NONCE_SIZE, "nonce");
313
+ assertBuffer(plaintext, "plaintext");
314
+ return native.aes256GcmEncrypt(key, nonce, plaintext);
315
+ },
316
+ /**
317
+ * Decrypt ciphertext and verify authentication tag.
318
+ *
319
+ * @param key - 32-byte symmetric key (same as encryption)
320
+ * @param nonce - 12-byte nonce (same as encryption)
321
+ * @param ciphertext - Ciphertext || auth tag
322
+ * @returns Original plaintext
323
+ * @throws {ValidationError} On invalid sizes.
324
+ * @throws {AuthenticationError} If the tag is invalid (tampered or wrong key).
325
+ */
326
+ decrypt(key, nonce, ciphertext) {
327
+ assertBufferOfSize(key, AES_256_KEY_SIZE, "key");
328
+ assertBufferOfSize(nonce, AES_256_GCM_NONCE_SIZE, "nonce");
329
+ assertBuffer(ciphertext, "ciphertext");
330
+ if (ciphertext.length < AES_256_GCM_TAG_SIZE) {
331
+ throw new CryptoError(
332
+ `Ciphertext too short: must be at least ${AES_256_GCM_TAG_SIZE} bytes (tag size)`,
333
+ "aes_gcm_decrypt"
334
+ );
335
+ }
336
+ try {
337
+ return native.aes256GcmDecrypt(key, nonce, ciphertext);
338
+ } catch (e) {
339
+ throw new AuthenticationError(
340
+ `AES-256-GCM authentication failed: ${e.message}`
341
+ );
342
+ }
343
+ },
344
+ /** Key size in bytes (32). */
345
+ KEY_SIZE: AES_256_KEY_SIZE,
346
+ /** Nonce size in bytes (12). */
347
+ NONCE_SIZE: AES_256_GCM_NONCE_SIZE,
348
+ /** Tag size in bytes (16). */
349
+ TAG_SIZE: AES_256_GCM_TAG_SIZE
350
+ });
351
+ var AES_CBC = Object.freeze({
352
+ /**
353
+ * Encrypt with PKCS#7 padding.
354
+ *
355
+ * @param key - 32-byte symmetric key
356
+ * @param iv - 16-byte initialization vector
357
+ * @param plaintext - Data to encrypt
358
+ * @returns Ciphertext (padded to nearest 16-byte block)
359
+ */
360
+ encrypt(key, iv, plaintext) {
361
+ assertBufferOfSize(key, AES_256_KEY_SIZE, "key");
362
+ assertBufferOfSize(iv, AES_256_CBC_IV_SIZE, "iv");
363
+ assertBuffer(plaintext, "plaintext");
364
+ return native.aes256CbcEncrypt(key, iv, plaintext);
365
+ },
366
+ /**
367
+ * Decrypt with PKCS#7 padding (no authentication).
368
+ *
369
+ * @param key - 32-byte symmetric key
370
+ * @param iv - 16-byte IV (same as encryption)
371
+ * @param ciphertext - Ciphertext
372
+ * @returns Original plaintext
373
+ * @throws {CryptoError} On padding errors.
374
+ */
375
+ decrypt(key, iv, ciphertext) {
376
+ assertBufferOfSize(key, AES_256_KEY_SIZE, "key");
377
+ assertBufferOfSize(iv, AES_256_CBC_IV_SIZE, "iv");
378
+ assertBuffer(ciphertext, "ciphertext");
379
+ try {
380
+ return native.aes256CbcDecrypt(key, iv, ciphertext);
381
+ } catch (e) {
382
+ throw new CryptoError(
383
+ `AES-256-CBC decryption failed: ${e.message}`,
384
+ "aes_cbc_decrypt"
385
+ );
386
+ }
387
+ },
388
+ /** Key size in bytes (32). */
389
+ KEY_SIZE: AES_256_KEY_SIZE,
390
+ /** IV size in bytes (16). */
391
+ IV_SIZE: AES_256_CBC_IV_SIZE
392
+ });
393
+ var HMAC = Object.freeze({
394
+ /**
395
+ * Compute HMAC-SHA256 of `data` using `key`.
396
+ *
397
+ * @param key - Authentication key (any length)
398
+ * @param data - Data to authenticate
399
+ * @returns 32-byte HMAC tag
400
+ */
401
+ sha256(key, data) {
402
+ assertBuffer(key, "key");
403
+ assertBuffer(data, "data");
404
+ return native.hmacSha256(key, data);
405
+ },
406
+ /**
407
+ * Verify an HMAC-SHA256 tag in **constant time**.
408
+ *
409
+ * Always use this instead of `===` to prevent timing attacks.
410
+ *
411
+ * @param key - Authentication key
412
+ * @param data - Original data
413
+ * @param expectedTag - Tag to verify
414
+ * @returns `true` if tag matches, `false` otherwise
415
+ */
416
+ verifySha256(key, data, expectedTag) {
417
+ assertBuffer(key, "key");
418
+ assertBuffer(data, "data");
419
+ assertBuffer(expectedTag, "expectedTag");
420
+ return native.hmacSha256Verify(key, data, expectedTag);
421
+ },
422
+ /** Tag size in bytes (32). */
423
+ TAG_SIZE: HMAC_SHA256_TAG_SIZE
424
+ });
425
+ var SHA256 = Object.freeze({
426
+ /**
427
+ * Compute SHA-256 hash of `data`.
428
+ *
429
+ * @param data - Data to hash
430
+ * @returns 32-byte digest
431
+ */
432
+ hash(data) {
433
+ assertBuffer(data, "data");
434
+ return native.sha256(data);
435
+ },
436
+ /**
437
+ * Hash multiple Buffers concatenated together.
438
+ *
439
+ * Equivalent to `SHA256.hash(Buffer.concat([...]))` but slightly more
440
+ * efficient (avoids the intermediate concat).
441
+ */
442
+ hashAll(buffers) {
443
+ if (!Array.isArray(buffers)) {
444
+ throw new TypeError("buffers must be an array");
445
+ }
446
+ for (let i = 0; i < buffers.length; i++) {
447
+ assertBuffer(buffers[i], `buffers[${i}]`);
448
+ }
449
+ return this.hash(Buffer.concat(buffers));
450
+ },
451
+ /** Output size in bytes (32). */
452
+ OUTPUT_SIZE: SHA256_OUTPUT_SIZE
453
+ });
454
+ var nativeVersion = native.version();
455
+
456
+ // src/types.ts
457
+ function asPublicKey(buf) {
458
+ return buf;
459
+ }
460
+ function asPrivateKey(buf) {
461
+ return buf;
462
+ }
463
+ function asSharedSecret(buf) {
464
+ return buf;
465
+ }
466
+
467
+ // src/utils.ts
468
+ import { randomBytes, timingSafeEqual } from "crypto";
469
+ function secureRandom(length) {
470
+ if (!Number.isInteger(length) || length < 0) {
471
+ throw new RangeError(`length must be a non-negative integer, got ${length}`);
472
+ }
473
+ return randomBytes(length);
474
+ }
475
+ function randomNonce() {
476
+ return randomBytes(12);
477
+ }
478
+ function randomIv() {
479
+ return randomBytes(16);
480
+ }
481
+ function randomKey() {
482
+ return randomBytes(32);
483
+ }
484
+ function toHex(buf) {
485
+ return buf.toString("hex");
486
+ }
487
+ function fromHex(hex) {
488
+ if (!/^[0-9a-fA-F]*$/.test(hex)) {
489
+ throw new Error("Invalid hex string: contains non-hex characters");
490
+ }
491
+ if (hex.length % 2 !== 0) {
492
+ throw new Error("Invalid hex string: odd number of characters");
493
+ }
494
+ return Buffer.from(hex, "hex");
495
+ }
496
+ function toBase64(buf) {
497
+ return buf.toString("base64");
498
+ }
499
+ function fromBase64(b64) {
500
+ return Buffer.from(b64, "base64");
501
+ }
502
+ function toBase64Url(buf) {
503
+ return buf.toString("base64url");
504
+ }
505
+ function fromBase64Url(b64url) {
506
+ return Buffer.from(b64url, "base64url");
507
+ }
508
+ function bufferToString(buf, encoding = "hex") {
509
+ return buf.toString(encoding);
510
+ }
511
+ function stringToBuffer(str, encoding = "hex") {
512
+ return Buffer.from(str, encoding);
513
+ }
514
+ function constantTimeEqual(a, b) {
515
+ if (a.length !== b.length) {
516
+ timingSafeEqual(a, a);
517
+ return false;
518
+ }
519
+ return timingSafeEqual(a, b);
520
+ }
521
+ function concat(buffers) {
522
+ return Buffer.concat(buffers);
523
+ }
524
+ function zeroize(buf) {
525
+ buf.fill(0);
526
+ }
527
+ function xor(a, b) {
528
+ if (a.length !== b.length) {
529
+ throw new Error(`XOR operands must have equal length: ${a.length} vs ${b.length}`);
530
+ }
531
+ const result = Buffer.alloc(a.length);
532
+ for (let i = 0; i < a.length; i++) {
533
+ result[i] = a[i] ^ b[i];
534
+ }
535
+ return result;
536
+ }
537
+
538
+ // src/index.ts
539
+ var VERSION = "0.1.0";
540
+ var SignalisCore = Object.freeze({
541
+ // Crypto primitives
542
+ Curve25519,
543
+ HKDF,
544
+ AES_GCM,
545
+ AES_CBC,
546
+ HMAC,
547
+ SHA256,
548
+ // Random
549
+ secureRandom,
550
+ randomNonce,
551
+ randomIv,
552
+ randomKey,
553
+ // Encoding
554
+ toHex,
555
+ fromHex,
556
+ toBase64,
557
+ fromBase64,
558
+ // Security
559
+ constantTimeEqual,
560
+ // Version
561
+ VERSION: "0.1.0",
562
+ nativeVersion
563
+ });
564
+ var index_default = SignalisCore;
565
+ export {
566
+ AES_256_CBC_IV_SIZE,
567
+ AES_256_GCM_NONCE_SIZE,
568
+ AES_256_GCM_TAG_SIZE,
569
+ AES_256_KEY_SIZE,
570
+ AES_BLOCK_SIZE,
571
+ AES_CBC,
572
+ AES_GCM,
573
+ AES_GCM_MAX_PLAINTEXT_SIZE,
574
+ AES_GCM_RECOMMENDED_MESSAGES_PER_KEY,
575
+ AuthenticationError,
576
+ CURVE25519_PRIVATE_KEY_SIZE,
577
+ CURVE25519_PUBLIC_KEY_SIZE,
578
+ CURVE25519_SHARED_SECRET_SIZE,
579
+ CryptoError,
580
+ Curve25519,
581
+ HKDF,
582
+ HKDF_MAX_OUTPUT_SIZE,
583
+ HKDF_PRK_SIZE,
584
+ HMAC,
585
+ HMAC_SHA256_TAG_SIZE,
586
+ KeyDerivationError,
587
+ LengthError,
588
+ SHA256,
589
+ SHA256_BLOCK_SIZE,
590
+ SHA256_OUTPUT_SIZE,
591
+ SignalisError,
592
+ VERSION,
593
+ ValidationError,
594
+ asPrivateKey,
595
+ asPublicKey,
596
+ asSharedSecret,
597
+ assertBuffer,
598
+ assertBufferLength,
599
+ assertBufferOfSize,
600
+ assertHkdfLength,
601
+ assertPositiveInteger,
602
+ bufferToString,
603
+ buffersSameLength,
604
+ concat,
605
+ constantTimeEqual,
606
+ index_default as default,
607
+ fromBase64,
608
+ fromBase64Url,
609
+ fromHex,
610
+ nativeVersion,
611
+ randomIv,
612
+ randomKey,
613
+ randomNonce,
614
+ secureRandom,
615
+ stringToBuffer,
616
+ toBase64,
617
+ toBase64Url,
618
+ toHex,
619
+ xor,
620
+ zeroize
621
+ };
622
+ //# sourceMappingURL=index.mjs.map