@cardanowall/crypto-core 0.3.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cbor.d.cts +6 -2
- package/dist/cbor.d.ts +6 -2
- package/dist/hash.cjs +10 -1
- package/dist/hash.cjs.map +1 -1
- package/dist/hash.d.cts +8 -1
- package/dist/hash.d.ts +8 -1
- package/dist/hash.js +10 -2
- package/dist/hash.js.map +1 -1
- package/dist/index.cjs +2123 -409
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +4 -5
- package/dist/index.d.ts +4 -5
- package/dist/index.js +2098 -400
- package/dist/index.js.map +1 -1
- package/dist/sealed-poe.cjs +1959 -332
- package/dist/sealed-poe.cjs.map +1 -1
- package/dist/sealed-poe.d.cts +141 -62
- package/dist/sealed-poe.d.ts +141 -62
- package/dist/sealed-poe.js +1940 -324
- package/dist/sealed-poe.js.map +1 -1
- package/dist/seed-derive.cjs +195 -0
- package/dist/seed-derive.cjs.map +1 -1
- package/dist/seed-derive.d.cts +12 -1
- package/dist/seed-derive.d.ts +12 -1
- package/dist/seed-derive.js +192 -1
- package/dist/seed-derive.js.map +1 -1
- package/package.json +1 -1
- package/dist/canonical-DHeJLYDR.d.cts +0 -7
- package/dist/canonical-DHeJLYDR.d.ts +0 -7
package/dist/sealed-poe.d.cts
CHANGED
|
@@ -1,31 +1,84 @@
|
|
|
1
|
-
|
|
1
|
+
declare const CARDANO_POE_ITEM_HASHES_PREFIX: Uint8Array;
|
|
2
|
+
declare const CARDANO_POE_SLOTS_TRANSCRIPT_PREFIX: Uint8Array;
|
|
3
|
+
declare const CARDANO_POE_PASSPHRASE_TRANSCRIPT_PREFIX: Uint8Array;
|
|
4
|
+
declare const CARDANO_POE_HKDF_INFO_SLOTS_MAC: Uint8Array;
|
|
5
|
+
declare const CARDANO_POE_HKDF_INFO_PASSPHRASE_MAC: Uint8Array;
|
|
6
|
+
declare const CARDANO_POE_HKDF_INFO_PAYLOAD: Uint8Array;
|
|
7
|
+
declare const CARDANO_POE_HKDF_INFO_PAYLOAD_PASSPHRASE: Uint8Array;
|
|
8
|
+
declare const CARDANO_POE_X25519_KEK_SALT_PREFIX: Uint8Array;
|
|
9
|
+
declare const CARDANO_POE_XWING_KEK_SALT_PREFIX: Uint8Array;
|
|
10
|
+
declare const CARDANO_POE_PW_NORM_PROFILE: "cardano-poe-pw-norm-v1";
|
|
11
|
+
declare const MAX_SLOTS = 1024;
|
|
12
|
+
declare const MAX_DECODED_ENVELOPE_BYTES = 65536;
|
|
13
|
+
type ItemHashes = Readonly<Record<string, Uint8Array>>;
|
|
14
|
+
declare function itemHashesHash(hashes: ItemHashes): Uint8Array;
|
|
15
|
+
declare function computeSlotsHash(args: {
|
|
16
|
+
aead: string;
|
|
17
|
+
kem: SealedKem;
|
|
18
|
+
nonce: Uint8Array;
|
|
19
|
+
slots: ReadonlyArray<X25519Slot | Mlkem768X25519Slot>;
|
|
20
|
+
hashesHash: Uint8Array;
|
|
21
|
+
}): Uint8Array;
|
|
22
|
+
declare function computePassphraseHash(args: {
|
|
23
|
+
aead: string;
|
|
24
|
+
nonce: Uint8Array;
|
|
25
|
+
hashesHash: Uint8Array;
|
|
26
|
+
salt: Uint8Array;
|
|
27
|
+
params: {
|
|
28
|
+
m: number;
|
|
29
|
+
t: number;
|
|
30
|
+
p: number;
|
|
31
|
+
};
|
|
32
|
+
}): Uint8Array;
|
|
33
|
+
declare function computeSlotsMac(args: {
|
|
34
|
+
cek: Uint8Array;
|
|
35
|
+
slotsHash: Uint8Array;
|
|
36
|
+
}): Uint8Array;
|
|
37
|
+
declare function computePassphraseCommitment(args: {
|
|
38
|
+
cek: Uint8Array;
|
|
39
|
+
pwHash: Uint8Array;
|
|
40
|
+
}): Uint8Array;
|
|
41
|
+
declare function slotsPayloadKey(args: {
|
|
42
|
+
cek: Uint8Array;
|
|
43
|
+
nonce: Uint8Array;
|
|
44
|
+
}): Uint8Array;
|
|
45
|
+
declare function passphrasePayloadKey(args: {
|
|
46
|
+
cek: Uint8Array;
|
|
47
|
+
nonce: Uint8Array;
|
|
48
|
+
}): Uint8Array;
|
|
49
|
+
declare function x25519KekSalt(args: {
|
|
50
|
+
nonce: Uint8Array;
|
|
51
|
+
epk: Uint8Array;
|
|
52
|
+
pubR: Uint8Array;
|
|
53
|
+
}): Uint8Array;
|
|
54
|
+
declare function xwingKekSalt(args: {
|
|
55
|
+
nonce: Uint8Array;
|
|
56
|
+
kemCt: Uint8Array;
|
|
57
|
+
pubR: Uint8Array;
|
|
58
|
+
}): Uint8Array;
|
|
2
59
|
|
|
3
60
|
type SealedKem = 'x25519' | 'mlkem768x25519';
|
|
4
|
-
declare
|
|
5
|
-
declare function joinKemCt(chunks: ReadonlyArray<Uint8Array>): Uint8Array;
|
|
6
|
-
declare function canonicalizeSlots(slots: ReadonlyArray<X25519Slot | Mlkem768X25519Slot>, kem: SealedKem): CanonicalCborValue;
|
|
7
|
-
|
|
61
|
+
declare const SEALED_POE_AEAD: "chacha20-poly1305-stream64k";
|
|
8
62
|
declare const CARDANO_POE_HKDF_INFO_KEK: Uint8Array;
|
|
9
63
|
declare const CARDANO_POE_HKDF_INFO_KEK_MLKEM768X25519: Uint8Array;
|
|
10
|
-
declare const CARDANO_POE_HKDF_INFO_SLOTS_MAC: Uint8Array;
|
|
11
64
|
interface X25519Slot {
|
|
12
65
|
readonly epk: Uint8Array;
|
|
13
66
|
readonly wrap: Uint8Array;
|
|
14
67
|
}
|
|
15
68
|
interface Mlkem768X25519Slot {
|
|
16
|
-
readonly kem_ct:
|
|
69
|
+
readonly kem_ct: Uint8Array;
|
|
17
70
|
readonly wrap: Uint8Array;
|
|
18
71
|
}
|
|
19
72
|
type SealedEnvelope = {
|
|
20
73
|
readonly scheme: 1;
|
|
21
|
-
readonly aead:
|
|
74
|
+
readonly aead: typeof SEALED_POE_AEAD;
|
|
22
75
|
readonly kem: 'x25519';
|
|
23
76
|
readonly nonce: Uint8Array;
|
|
24
77
|
readonly slots: ReadonlyArray<X25519Slot>;
|
|
25
78
|
readonly slots_mac: Uint8Array;
|
|
26
79
|
} | {
|
|
27
80
|
readonly scheme: 1;
|
|
28
|
-
readonly aead:
|
|
81
|
+
readonly aead: typeof SEALED_POE_AEAD;
|
|
29
82
|
readonly kem: 'mlkem768x25519';
|
|
30
83
|
readonly nonce: Uint8Array;
|
|
31
84
|
readonly slots: ReadonlyArray<Mlkem768X25519Slot>;
|
|
@@ -37,6 +90,7 @@ interface SealedPoeOutput {
|
|
|
37
90
|
}
|
|
38
91
|
interface WrapArgs {
|
|
39
92
|
readonly plaintext: Uint8Array;
|
|
93
|
+
readonly hashes: ItemHashes;
|
|
40
94
|
readonly recipientPublicKeys: ReadonlyArray<Uint8Array>;
|
|
41
95
|
readonly kem?: SealedKem;
|
|
42
96
|
readonly cek?: Uint8Array;
|
|
@@ -63,7 +117,7 @@ interface RecipientKeyBundle {
|
|
|
63
117
|
interface UnwrapArgsCommon {
|
|
64
118
|
readonly envelope: SealedEnvelope;
|
|
65
119
|
readonly ciphertext: Uint8Array;
|
|
66
|
-
readonly
|
|
120
|
+
readonly hashes: ItemHashes;
|
|
67
121
|
readonly _slotsAttemptedOut?: {
|
|
68
122
|
count: number;
|
|
69
123
|
perPrivCounts?: number[];
|
|
@@ -84,7 +138,7 @@ interface UnwrapArgsBundle extends UnwrapArgsCommon {
|
|
|
84
138
|
type UnwrapArgs = UnwrapArgsSinglePriv | UnwrapArgsMultiPriv | UnwrapArgsBundle;
|
|
85
139
|
interface TrialDecryptOnlyArgsCommon {
|
|
86
140
|
readonly envelope: SealedEnvelope;
|
|
87
|
-
readonly
|
|
141
|
+
readonly hashes: ItemHashes;
|
|
88
142
|
readonly _slotsAttemptedOut?: {
|
|
89
143
|
count: number;
|
|
90
144
|
perPrivCounts?: number[];
|
|
@@ -103,14 +157,12 @@ type TrialDecryptOnlyResult = {
|
|
|
103
157
|
readonly slotIdx: number;
|
|
104
158
|
readonly cek: Uint8Array;
|
|
105
159
|
} | {
|
|
106
|
-
readonly kind: '
|
|
107
|
-
} | {
|
|
108
|
-
readonly kind: 'aead_pass_no_mac_match';
|
|
160
|
+
readonly kind: 'no_match';
|
|
109
161
|
};
|
|
110
162
|
declare function eciesSealedPoeUnwrap(args: UnwrapArgs): UnwrapResult;
|
|
111
163
|
declare function eciesSealedPoeTrialDecrypt(args: TrialDecryptOnlyArgs): TrialDecryptOnlyResult;
|
|
112
164
|
|
|
113
|
-
type EciesSealedPoeErrorCode = 'ENC_SLOTS_EMPTY' | '
|
|
165
|
+
type EciesSealedPoeErrorCode = 'ENC_SLOTS_EMPTY' | 'ENC_SLOTS_MAC_INVALID_LENGTH' | 'ENC_SLOTS_DUPLICATE_KEM_MATERIAL' | 'ENC_SLOTS_TOO_MANY' | 'ENC_ENVELOPE_TOO_LARGE' | 'ENC_REQUIRES_CONTENT_HASH' | 'ENC_PASSPHRASE_EMPTY' | 'ENC_PASSPHRASE_UNNORMALIZABLE' | 'ENC_PASSPHRASE_ALG_UNSUPPORTED' | 'ENC_PASSPHRASE_SALT_TOO_SHORT' | 'ENC_PASSPHRASE_SALT_TOO_LONG' | 'ENC_PASSPHRASE_ARGON2_PARAMS_TOO_LOW' | 'KEM_EPK_LENGTH_MISMATCH' | 'KEM_CT_LENGTH_MISMATCH' | 'NONCE_LENGTH_MISMATCH' | 'WRAP_LENGTH_MISMATCH' | 'UNSUPPORTED_ENVELOPE_SCHEME' | 'UNSUPPORTED_AEAD_ALG' | 'UNSUPPORTED_KEM_ALG' | 'KDF_DERIVATION_FAILED' | 'INVALID_CEK_LENGTH' | 'INVALID_EPHEMERAL_SECRET_LENGTH' | 'EPHEMERAL_SECRETS_COUNT_MISMATCH' | 'INVALID_RECIPIENT_KEY' | 'INVALID_PASSPHRASE_PARAMS' | 'PASSPHRASE_INPUT_TOO_LONG';
|
|
114
166
|
declare class EciesSealedPoeError extends Error {
|
|
115
167
|
readonly code: EciesSealedPoeErrorCode;
|
|
116
168
|
constructor(code: EciesSealedPoeErrorCode, message: string, options?: {
|
|
@@ -118,59 +170,86 @@ declare class EciesSealedPoeError extends Error {
|
|
|
118
170
|
});
|
|
119
171
|
}
|
|
120
172
|
|
|
121
|
-
declare const
|
|
122
|
-
declare const
|
|
123
|
-
declare
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
declare const MAX_SEALED_PLAINTEXT = 274877906880;
|
|
129
|
-
declare const MAX_SEALED_CIPHERTEXT: number;
|
|
130
|
-
declare function assertPlaintextWithinBound(plaintextLength: number): void;
|
|
131
|
-
declare function assertCiphertextWithinBound(ciphertextLength: number): void;
|
|
132
|
-
declare class SealedPayloadTooLargeError extends Error {
|
|
133
|
-
constructor(message: string);
|
|
173
|
+
declare const CHUNK_SIZE = 65536;
|
|
174
|
+
declare const TAG_SIZE = 16;
|
|
175
|
+
declare class StreamTamperedError extends Error {
|
|
176
|
+
readonly code: "TAMPERED_CIPHERTEXT";
|
|
177
|
+
constructor(message: string, options?: {
|
|
178
|
+
cause?: unknown;
|
|
179
|
+
});
|
|
134
180
|
}
|
|
135
|
-
declare
|
|
136
|
-
|
|
137
|
-
nonce
|
|
138
|
-
|
|
181
|
+
declare class StreamSealer {
|
|
182
|
+
private readonly payloadKey;
|
|
183
|
+
private readonly nonce;
|
|
184
|
+
private chunkIndex;
|
|
185
|
+
constructor(payloadKey: Uint8Array);
|
|
186
|
+
sealChunk(plaintext: Uint8Array, final: boolean): Uint8Array;
|
|
187
|
+
}
|
|
188
|
+
declare class StreamOpener {
|
|
189
|
+
private readonly payloadKey;
|
|
190
|
+
private readonly nonce;
|
|
191
|
+
private chunkIndex;
|
|
192
|
+
constructor(payloadKey: Uint8Array);
|
|
193
|
+
openChunk(sealedChunk: Uint8Array, final: boolean): Uint8Array;
|
|
194
|
+
}
|
|
195
|
+
declare function streamSeal(args: {
|
|
196
|
+
payloadKey: Uint8Array;
|
|
197
|
+
plaintext: Uint8Array;
|
|
139
198
|
}): Uint8Array;
|
|
140
|
-
declare function
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
slotsHash: Uint8Array;
|
|
144
|
-
slotsMac: Uint8Array;
|
|
199
|
+
declare function streamOpen(args: {
|
|
200
|
+
payloadKey: Uint8Array;
|
|
201
|
+
ciphertext: Uint8Array;
|
|
145
202
|
}): Uint8Array;
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
203
|
+
|
|
204
|
+
interface PassphraseParams {
|
|
205
|
+
readonly m: number;
|
|
206
|
+
readonly t: number;
|
|
207
|
+
readonly p: number;
|
|
208
|
+
}
|
|
209
|
+
interface PassphraseSealedEnvelope {
|
|
210
|
+
readonly scheme: 1;
|
|
211
|
+
readonly aead: typeof SEALED_POE_AEAD;
|
|
212
|
+
readonly nonce: Uint8Array;
|
|
213
|
+
readonly passphrase: {
|
|
214
|
+
readonly alg: 'argon2id';
|
|
215
|
+
readonly salt: Uint8Array;
|
|
216
|
+
readonly params: PassphraseParams;
|
|
156
217
|
};
|
|
157
|
-
}
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
nonce
|
|
165
|
-
}
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
}
|
|
218
|
+
}
|
|
219
|
+
interface PassphraseSealArgs {
|
|
220
|
+
readonly plaintext: Uint8Array;
|
|
221
|
+
readonly hashes: ItemHashes;
|
|
222
|
+
readonly passphrase: string;
|
|
223
|
+
readonly salt?: Uint8Array;
|
|
224
|
+
readonly params?: PassphraseParams;
|
|
225
|
+
readonly nonce?: Uint8Array;
|
|
226
|
+
}
|
|
227
|
+
interface PassphraseSealedPoeOutput {
|
|
228
|
+
readonly envelope: PassphraseSealedEnvelope;
|
|
229
|
+
readonly blob: Uint8Array;
|
|
230
|
+
}
|
|
231
|
+
interface PassphraseOpenArgs {
|
|
232
|
+
readonly envelope: PassphraseSealedEnvelope;
|
|
233
|
+
readonly blob: Uint8Array;
|
|
234
|
+
readonly passphrase: string;
|
|
235
|
+
readonly hashes: ItemHashes;
|
|
236
|
+
}
|
|
237
|
+
type PassphraseOpenResult = {
|
|
238
|
+
readonly matched: true;
|
|
239
|
+
readonly plaintext: Uint8Array;
|
|
240
|
+
} | {
|
|
241
|
+
readonly matched: false;
|
|
242
|
+
readonly reason: 'TAMPERED_CIPHERTEXT';
|
|
243
|
+
};
|
|
244
|
+
declare function passphraseSealedPoeSeal(args: PassphraseSealArgs): Promise<PassphraseSealedPoeOutput>;
|
|
245
|
+
declare function passphraseSealedPoeOpen(args: PassphraseOpenArgs): Promise<PassphraseOpenResult>;
|
|
246
|
+
|
|
247
|
+
declare const MAX_PASSPHRASE_INPUT_BYTES = 4096;
|
|
248
|
+
declare function normalizePassphrase(passphrase: string): Uint8Array;
|
|
170
249
|
|
|
171
250
|
interface ParsedSlotShape {
|
|
172
251
|
readonly epk?: Uint8Array | undefined;
|
|
173
|
-
readonly kem_ct?:
|
|
252
|
+
readonly kem_ct?: Uint8Array | undefined;
|
|
174
253
|
readonly wrap?: Uint8Array | undefined;
|
|
175
254
|
}
|
|
176
255
|
interface ParsedEnvelopeShape {
|
|
@@ -183,4 +262,4 @@ interface ParsedEnvelopeShape {
|
|
|
183
262
|
}
|
|
184
263
|
declare function sealedEnvelopeFromParsed(enc: ParsedEnvelopeShape): SealedEnvelope | null;
|
|
185
264
|
|
|
186
|
-
export { CARDANO_POE_HKDF_INFO_KEK, CARDANO_POE_HKDF_INFO_KEK_MLKEM768X25519, CARDANO_POE_HKDF_INFO_PAYLOAD, CARDANO_POE_HKDF_INFO_PAYLOAD_PASSPHRASE, CARDANO_POE_HKDF_INFO_SLOTS_MAC, CARDANO_POE_PW_NORM_PROFILE, CARDANO_POE_SLOTS_TRANSCRIPT_PREFIX, CARDANO_POE_XWING_KEK_SALT_PREFIX, EciesSealedPoeError, type EciesSealedPoeErrorCode,
|
|
265
|
+
export { CARDANO_POE_HKDF_INFO_KEK, CARDANO_POE_HKDF_INFO_KEK_MLKEM768X25519, CARDANO_POE_HKDF_INFO_PASSPHRASE_MAC, CARDANO_POE_HKDF_INFO_PAYLOAD, CARDANO_POE_HKDF_INFO_PAYLOAD_PASSPHRASE, CARDANO_POE_HKDF_INFO_SLOTS_MAC, CARDANO_POE_ITEM_HASHES_PREFIX, CARDANO_POE_PASSPHRASE_TRANSCRIPT_PREFIX, CARDANO_POE_PW_NORM_PROFILE, CARDANO_POE_SLOTS_TRANSCRIPT_PREFIX, CARDANO_POE_X25519_KEK_SALT_PREFIX, CARDANO_POE_XWING_KEK_SALT_PREFIX, CHUNK_SIZE, EciesSealedPoeError, type EciesSealedPoeErrorCode, type ItemHashes, MAX_DECODED_ENVELOPE_BYTES, MAX_PASSPHRASE_INPUT_BYTES, MAX_SLOTS, type Mlkem768X25519Slot, type ParsedEnvelopeShape, type ParsedSlotShape, type PassphraseOpenArgs, type PassphraseOpenResult, type PassphraseParams, type PassphraseSealArgs, type PassphraseSealedEnvelope, type PassphraseSealedPoeOutput, type RecipientKeyBundle, SEALED_POE_AEAD, type SealedEnvelope, type SealedKem, type SealedPoeOutput, StreamOpener, StreamSealer, StreamTamperedError, TAG_SIZE, type TrialDecryptOnlyArgs, type TrialDecryptOnlyResult, type UnwrapArgs, type UnwrapArgsBundle, type UnwrapArgsMultiPriv, type UnwrapArgsSinglePriv, type UnwrapFailureReason, type UnwrapResult, type WrapArgs, type X25519Slot, computePassphraseCommitment, computePassphraseHash, computeSlotsHash, computeSlotsMac, eciesSealedPoeTrialDecrypt, eciesSealedPoeUnwrap, eciesSealedPoeWrap, itemHashesHash, normalizePassphrase, passphrasePayloadKey, passphraseSealedPoeOpen, passphraseSealedPoeSeal, sealedEnvelopeFromParsed, slotsPayloadKey, streamOpen, streamSeal, uniformIndexBelow, x25519KekSalt, xwingKekSalt };
|
package/dist/sealed-poe.d.ts
CHANGED
|
@@ -1,31 +1,84 @@
|
|
|
1
|
-
|
|
1
|
+
declare const CARDANO_POE_ITEM_HASHES_PREFIX: Uint8Array;
|
|
2
|
+
declare const CARDANO_POE_SLOTS_TRANSCRIPT_PREFIX: Uint8Array;
|
|
3
|
+
declare const CARDANO_POE_PASSPHRASE_TRANSCRIPT_PREFIX: Uint8Array;
|
|
4
|
+
declare const CARDANO_POE_HKDF_INFO_SLOTS_MAC: Uint8Array;
|
|
5
|
+
declare const CARDANO_POE_HKDF_INFO_PASSPHRASE_MAC: Uint8Array;
|
|
6
|
+
declare const CARDANO_POE_HKDF_INFO_PAYLOAD: Uint8Array;
|
|
7
|
+
declare const CARDANO_POE_HKDF_INFO_PAYLOAD_PASSPHRASE: Uint8Array;
|
|
8
|
+
declare const CARDANO_POE_X25519_KEK_SALT_PREFIX: Uint8Array;
|
|
9
|
+
declare const CARDANO_POE_XWING_KEK_SALT_PREFIX: Uint8Array;
|
|
10
|
+
declare const CARDANO_POE_PW_NORM_PROFILE: "cardano-poe-pw-norm-v1";
|
|
11
|
+
declare const MAX_SLOTS = 1024;
|
|
12
|
+
declare const MAX_DECODED_ENVELOPE_BYTES = 65536;
|
|
13
|
+
type ItemHashes = Readonly<Record<string, Uint8Array>>;
|
|
14
|
+
declare function itemHashesHash(hashes: ItemHashes): Uint8Array;
|
|
15
|
+
declare function computeSlotsHash(args: {
|
|
16
|
+
aead: string;
|
|
17
|
+
kem: SealedKem;
|
|
18
|
+
nonce: Uint8Array;
|
|
19
|
+
slots: ReadonlyArray<X25519Slot | Mlkem768X25519Slot>;
|
|
20
|
+
hashesHash: Uint8Array;
|
|
21
|
+
}): Uint8Array;
|
|
22
|
+
declare function computePassphraseHash(args: {
|
|
23
|
+
aead: string;
|
|
24
|
+
nonce: Uint8Array;
|
|
25
|
+
hashesHash: Uint8Array;
|
|
26
|
+
salt: Uint8Array;
|
|
27
|
+
params: {
|
|
28
|
+
m: number;
|
|
29
|
+
t: number;
|
|
30
|
+
p: number;
|
|
31
|
+
};
|
|
32
|
+
}): Uint8Array;
|
|
33
|
+
declare function computeSlotsMac(args: {
|
|
34
|
+
cek: Uint8Array;
|
|
35
|
+
slotsHash: Uint8Array;
|
|
36
|
+
}): Uint8Array;
|
|
37
|
+
declare function computePassphraseCommitment(args: {
|
|
38
|
+
cek: Uint8Array;
|
|
39
|
+
pwHash: Uint8Array;
|
|
40
|
+
}): Uint8Array;
|
|
41
|
+
declare function slotsPayloadKey(args: {
|
|
42
|
+
cek: Uint8Array;
|
|
43
|
+
nonce: Uint8Array;
|
|
44
|
+
}): Uint8Array;
|
|
45
|
+
declare function passphrasePayloadKey(args: {
|
|
46
|
+
cek: Uint8Array;
|
|
47
|
+
nonce: Uint8Array;
|
|
48
|
+
}): Uint8Array;
|
|
49
|
+
declare function x25519KekSalt(args: {
|
|
50
|
+
nonce: Uint8Array;
|
|
51
|
+
epk: Uint8Array;
|
|
52
|
+
pubR: Uint8Array;
|
|
53
|
+
}): Uint8Array;
|
|
54
|
+
declare function xwingKekSalt(args: {
|
|
55
|
+
nonce: Uint8Array;
|
|
56
|
+
kemCt: Uint8Array;
|
|
57
|
+
pubR: Uint8Array;
|
|
58
|
+
}): Uint8Array;
|
|
2
59
|
|
|
3
60
|
type SealedKem = 'x25519' | 'mlkem768x25519';
|
|
4
|
-
declare
|
|
5
|
-
declare function joinKemCt(chunks: ReadonlyArray<Uint8Array>): Uint8Array;
|
|
6
|
-
declare function canonicalizeSlots(slots: ReadonlyArray<X25519Slot | Mlkem768X25519Slot>, kem: SealedKem): CanonicalCborValue;
|
|
7
|
-
|
|
61
|
+
declare const SEALED_POE_AEAD: "chacha20-poly1305-stream64k";
|
|
8
62
|
declare const CARDANO_POE_HKDF_INFO_KEK: Uint8Array;
|
|
9
63
|
declare const CARDANO_POE_HKDF_INFO_KEK_MLKEM768X25519: Uint8Array;
|
|
10
|
-
declare const CARDANO_POE_HKDF_INFO_SLOTS_MAC: Uint8Array;
|
|
11
64
|
interface X25519Slot {
|
|
12
65
|
readonly epk: Uint8Array;
|
|
13
66
|
readonly wrap: Uint8Array;
|
|
14
67
|
}
|
|
15
68
|
interface Mlkem768X25519Slot {
|
|
16
|
-
readonly kem_ct:
|
|
69
|
+
readonly kem_ct: Uint8Array;
|
|
17
70
|
readonly wrap: Uint8Array;
|
|
18
71
|
}
|
|
19
72
|
type SealedEnvelope = {
|
|
20
73
|
readonly scheme: 1;
|
|
21
|
-
readonly aead:
|
|
74
|
+
readonly aead: typeof SEALED_POE_AEAD;
|
|
22
75
|
readonly kem: 'x25519';
|
|
23
76
|
readonly nonce: Uint8Array;
|
|
24
77
|
readonly slots: ReadonlyArray<X25519Slot>;
|
|
25
78
|
readonly slots_mac: Uint8Array;
|
|
26
79
|
} | {
|
|
27
80
|
readonly scheme: 1;
|
|
28
|
-
readonly aead:
|
|
81
|
+
readonly aead: typeof SEALED_POE_AEAD;
|
|
29
82
|
readonly kem: 'mlkem768x25519';
|
|
30
83
|
readonly nonce: Uint8Array;
|
|
31
84
|
readonly slots: ReadonlyArray<Mlkem768X25519Slot>;
|
|
@@ -37,6 +90,7 @@ interface SealedPoeOutput {
|
|
|
37
90
|
}
|
|
38
91
|
interface WrapArgs {
|
|
39
92
|
readonly plaintext: Uint8Array;
|
|
93
|
+
readonly hashes: ItemHashes;
|
|
40
94
|
readonly recipientPublicKeys: ReadonlyArray<Uint8Array>;
|
|
41
95
|
readonly kem?: SealedKem;
|
|
42
96
|
readonly cek?: Uint8Array;
|
|
@@ -63,7 +117,7 @@ interface RecipientKeyBundle {
|
|
|
63
117
|
interface UnwrapArgsCommon {
|
|
64
118
|
readonly envelope: SealedEnvelope;
|
|
65
119
|
readonly ciphertext: Uint8Array;
|
|
66
|
-
readonly
|
|
120
|
+
readonly hashes: ItemHashes;
|
|
67
121
|
readonly _slotsAttemptedOut?: {
|
|
68
122
|
count: number;
|
|
69
123
|
perPrivCounts?: number[];
|
|
@@ -84,7 +138,7 @@ interface UnwrapArgsBundle extends UnwrapArgsCommon {
|
|
|
84
138
|
type UnwrapArgs = UnwrapArgsSinglePriv | UnwrapArgsMultiPriv | UnwrapArgsBundle;
|
|
85
139
|
interface TrialDecryptOnlyArgsCommon {
|
|
86
140
|
readonly envelope: SealedEnvelope;
|
|
87
|
-
readonly
|
|
141
|
+
readonly hashes: ItemHashes;
|
|
88
142
|
readonly _slotsAttemptedOut?: {
|
|
89
143
|
count: number;
|
|
90
144
|
perPrivCounts?: number[];
|
|
@@ -103,14 +157,12 @@ type TrialDecryptOnlyResult = {
|
|
|
103
157
|
readonly slotIdx: number;
|
|
104
158
|
readonly cek: Uint8Array;
|
|
105
159
|
} | {
|
|
106
|
-
readonly kind: '
|
|
107
|
-
} | {
|
|
108
|
-
readonly kind: 'aead_pass_no_mac_match';
|
|
160
|
+
readonly kind: 'no_match';
|
|
109
161
|
};
|
|
110
162
|
declare function eciesSealedPoeUnwrap(args: UnwrapArgs): UnwrapResult;
|
|
111
163
|
declare function eciesSealedPoeTrialDecrypt(args: TrialDecryptOnlyArgs): TrialDecryptOnlyResult;
|
|
112
164
|
|
|
113
|
-
type EciesSealedPoeErrorCode = 'ENC_SLOTS_EMPTY' | '
|
|
165
|
+
type EciesSealedPoeErrorCode = 'ENC_SLOTS_EMPTY' | 'ENC_SLOTS_MAC_INVALID_LENGTH' | 'ENC_SLOTS_DUPLICATE_KEM_MATERIAL' | 'ENC_SLOTS_TOO_MANY' | 'ENC_ENVELOPE_TOO_LARGE' | 'ENC_REQUIRES_CONTENT_HASH' | 'ENC_PASSPHRASE_EMPTY' | 'ENC_PASSPHRASE_UNNORMALIZABLE' | 'ENC_PASSPHRASE_ALG_UNSUPPORTED' | 'ENC_PASSPHRASE_SALT_TOO_SHORT' | 'ENC_PASSPHRASE_SALT_TOO_LONG' | 'ENC_PASSPHRASE_ARGON2_PARAMS_TOO_LOW' | 'KEM_EPK_LENGTH_MISMATCH' | 'KEM_CT_LENGTH_MISMATCH' | 'NONCE_LENGTH_MISMATCH' | 'WRAP_LENGTH_MISMATCH' | 'UNSUPPORTED_ENVELOPE_SCHEME' | 'UNSUPPORTED_AEAD_ALG' | 'UNSUPPORTED_KEM_ALG' | 'KDF_DERIVATION_FAILED' | 'INVALID_CEK_LENGTH' | 'INVALID_EPHEMERAL_SECRET_LENGTH' | 'EPHEMERAL_SECRETS_COUNT_MISMATCH' | 'INVALID_RECIPIENT_KEY' | 'INVALID_PASSPHRASE_PARAMS' | 'PASSPHRASE_INPUT_TOO_LONG';
|
|
114
166
|
declare class EciesSealedPoeError extends Error {
|
|
115
167
|
readonly code: EciesSealedPoeErrorCode;
|
|
116
168
|
constructor(code: EciesSealedPoeErrorCode, message: string, options?: {
|
|
@@ -118,59 +170,86 @@ declare class EciesSealedPoeError extends Error {
|
|
|
118
170
|
});
|
|
119
171
|
}
|
|
120
172
|
|
|
121
|
-
declare const
|
|
122
|
-
declare const
|
|
123
|
-
declare
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
declare const MAX_SEALED_PLAINTEXT = 274877906880;
|
|
129
|
-
declare const MAX_SEALED_CIPHERTEXT: number;
|
|
130
|
-
declare function assertPlaintextWithinBound(plaintextLength: number): void;
|
|
131
|
-
declare function assertCiphertextWithinBound(ciphertextLength: number): void;
|
|
132
|
-
declare class SealedPayloadTooLargeError extends Error {
|
|
133
|
-
constructor(message: string);
|
|
173
|
+
declare const CHUNK_SIZE = 65536;
|
|
174
|
+
declare const TAG_SIZE = 16;
|
|
175
|
+
declare class StreamTamperedError extends Error {
|
|
176
|
+
readonly code: "TAMPERED_CIPHERTEXT";
|
|
177
|
+
constructor(message: string, options?: {
|
|
178
|
+
cause?: unknown;
|
|
179
|
+
});
|
|
134
180
|
}
|
|
135
|
-
declare
|
|
136
|
-
|
|
137
|
-
nonce
|
|
138
|
-
|
|
181
|
+
declare class StreamSealer {
|
|
182
|
+
private readonly payloadKey;
|
|
183
|
+
private readonly nonce;
|
|
184
|
+
private chunkIndex;
|
|
185
|
+
constructor(payloadKey: Uint8Array);
|
|
186
|
+
sealChunk(plaintext: Uint8Array, final: boolean): Uint8Array;
|
|
187
|
+
}
|
|
188
|
+
declare class StreamOpener {
|
|
189
|
+
private readonly payloadKey;
|
|
190
|
+
private readonly nonce;
|
|
191
|
+
private chunkIndex;
|
|
192
|
+
constructor(payloadKey: Uint8Array);
|
|
193
|
+
openChunk(sealedChunk: Uint8Array, final: boolean): Uint8Array;
|
|
194
|
+
}
|
|
195
|
+
declare function streamSeal(args: {
|
|
196
|
+
payloadKey: Uint8Array;
|
|
197
|
+
plaintext: Uint8Array;
|
|
139
198
|
}): Uint8Array;
|
|
140
|
-
declare function
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
slotsHash: Uint8Array;
|
|
144
|
-
slotsMac: Uint8Array;
|
|
199
|
+
declare function streamOpen(args: {
|
|
200
|
+
payloadKey: Uint8Array;
|
|
201
|
+
ciphertext: Uint8Array;
|
|
145
202
|
}): Uint8Array;
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
203
|
+
|
|
204
|
+
interface PassphraseParams {
|
|
205
|
+
readonly m: number;
|
|
206
|
+
readonly t: number;
|
|
207
|
+
readonly p: number;
|
|
208
|
+
}
|
|
209
|
+
interface PassphraseSealedEnvelope {
|
|
210
|
+
readonly scheme: 1;
|
|
211
|
+
readonly aead: typeof SEALED_POE_AEAD;
|
|
212
|
+
readonly nonce: Uint8Array;
|
|
213
|
+
readonly passphrase: {
|
|
214
|
+
readonly alg: 'argon2id';
|
|
215
|
+
readonly salt: Uint8Array;
|
|
216
|
+
readonly params: PassphraseParams;
|
|
156
217
|
};
|
|
157
|
-
}
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
nonce
|
|
165
|
-
}
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
}
|
|
218
|
+
}
|
|
219
|
+
interface PassphraseSealArgs {
|
|
220
|
+
readonly plaintext: Uint8Array;
|
|
221
|
+
readonly hashes: ItemHashes;
|
|
222
|
+
readonly passphrase: string;
|
|
223
|
+
readonly salt?: Uint8Array;
|
|
224
|
+
readonly params?: PassphraseParams;
|
|
225
|
+
readonly nonce?: Uint8Array;
|
|
226
|
+
}
|
|
227
|
+
interface PassphraseSealedPoeOutput {
|
|
228
|
+
readonly envelope: PassphraseSealedEnvelope;
|
|
229
|
+
readonly blob: Uint8Array;
|
|
230
|
+
}
|
|
231
|
+
interface PassphraseOpenArgs {
|
|
232
|
+
readonly envelope: PassphraseSealedEnvelope;
|
|
233
|
+
readonly blob: Uint8Array;
|
|
234
|
+
readonly passphrase: string;
|
|
235
|
+
readonly hashes: ItemHashes;
|
|
236
|
+
}
|
|
237
|
+
type PassphraseOpenResult = {
|
|
238
|
+
readonly matched: true;
|
|
239
|
+
readonly plaintext: Uint8Array;
|
|
240
|
+
} | {
|
|
241
|
+
readonly matched: false;
|
|
242
|
+
readonly reason: 'TAMPERED_CIPHERTEXT';
|
|
243
|
+
};
|
|
244
|
+
declare function passphraseSealedPoeSeal(args: PassphraseSealArgs): Promise<PassphraseSealedPoeOutput>;
|
|
245
|
+
declare function passphraseSealedPoeOpen(args: PassphraseOpenArgs): Promise<PassphraseOpenResult>;
|
|
246
|
+
|
|
247
|
+
declare const MAX_PASSPHRASE_INPUT_BYTES = 4096;
|
|
248
|
+
declare function normalizePassphrase(passphrase: string): Uint8Array;
|
|
170
249
|
|
|
171
250
|
interface ParsedSlotShape {
|
|
172
251
|
readonly epk?: Uint8Array | undefined;
|
|
173
|
-
readonly kem_ct?:
|
|
252
|
+
readonly kem_ct?: Uint8Array | undefined;
|
|
174
253
|
readonly wrap?: Uint8Array | undefined;
|
|
175
254
|
}
|
|
176
255
|
interface ParsedEnvelopeShape {
|
|
@@ -183,4 +262,4 @@ interface ParsedEnvelopeShape {
|
|
|
183
262
|
}
|
|
184
263
|
declare function sealedEnvelopeFromParsed(enc: ParsedEnvelopeShape): SealedEnvelope | null;
|
|
185
264
|
|
|
186
|
-
export { CARDANO_POE_HKDF_INFO_KEK, CARDANO_POE_HKDF_INFO_KEK_MLKEM768X25519, CARDANO_POE_HKDF_INFO_PAYLOAD, CARDANO_POE_HKDF_INFO_PAYLOAD_PASSPHRASE, CARDANO_POE_HKDF_INFO_SLOTS_MAC, CARDANO_POE_PW_NORM_PROFILE, CARDANO_POE_SLOTS_TRANSCRIPT_PREFIX, CARDANO_POE_XWING_KEK_SALT_PREFIX, EciesSealedPoeError, type EciesSealedPoeErrorCode,
|
|
265
|
+
export { CARDANO_POE_HKDF_INFO_KEK, CARDANO_POE_HKDF_INFO_KEK_MLKEM768X25519, CARDANO_POE_HKDF_INFO_PASSPHRASE_MAC, CARDANO_POE_HKDF_INFO_PAYLOAD, CARDANO_POE_HKDF_INFO_PAYLOAD_PASSPHRASE, CARDANO_POE_HKDF_INFO_SLOTS_MAC, CARDANO_POE_ITEM_HASHES_PREFIX, CARDANO_POE_PASSPHRASE_TRANSCRIPT_PREFIX, CARDANO_POE_PW_NORM_PROFILE, CARDANO_POE_SLOTS_TRANSCRIPT_PREFIX, CARDANO_POE_X25519_KEK_SALT_PREFIX, CARDANO_POE_XWING_KEK_SALT_PREFIX, CHUNK_SIZE, EciesSealedPoeError, type EciesSealedPoeErrorCode, type ItemHashes, MAX_DECODED_ENVELOPE_BYTES, MAX_PASSPHRASE_INPUT_BYTES, MAX_SLOTS, type Mlkem768X25519Slot, type ParsedEnvelopeShape, type ParsedSlotShape, type PassphraseOpenArgs, type PassphraseOpenResult, type PassphraseParams, type PassphraseSealArgs, type PassphraseSealedEnvelope, type PassphraseSealedPoeOutput, type RecipientKeyBundle, SEALED_POE_AEAD, type SealedEnvelope, type SealedKem, type SealedPoeOutput, StreamOpener, StreamSealer, StreamTamperedError, TAG_SIZE, type TrialDecryptOnlyArgs, type TrialDecryptOnlyResult, type UnwrapArgs, type UnwrapArgsBundle, type UnwrapArgsMultiPriv, type UnwrapArgsSinglePriv, type UnwrapFailureReason, type UnwrapResult, type WrapArgs, type X25519Slot, computePassphraseCommitment, computePassphraseHash, computeSlotsHash, computeSlotsMac, eciesSealedPoeTrialDecrypt, eciesSealedPoeUnwrap, eciesSealedPoeWrap, itemHashesHash, normalizePassphrase, passphrasePayloadKey, passphraseSealedPoeOpen, passphraseSealedPoeSeal, sealedEnvelopeFromParsed, slotsPayloadKey, streamOpen, streamSeal, uniformIndexBelow, x25519KekSalt, xwingKekSalt };
|