@cloudpss/crypto 0.5.24 → 0.5.26

package/src/encryption/module.ts

@@ -0,0 +1,94 @@
+import { toUint8Array } from '../utils.js';
+import {
+    AAD_LEN_SIZE,
+    AAD_MAX_SIZE,
+    AAD_PADDING,
+    MAGIC_NUMBER,
+    NONCE_SIZE,
+    padding,
+    parseEncrypted,
+    type PlainData,
+} from './common.js';
+
+/** 检查密码 */
+function assertPassphrase(passphrase: string): void {
+    if (typeof passphrase !== 'string') {
+        throw new TypeError('Invalid passphrase, must be a string');
+    }
+    if (passphrase.length === 0) {
+        throw new TypeError('Invalid passphrase, must not be empty');
+    }
+}
+
+/** 模块 */
+interface Module {
+    /**
+     * 加密数据
+     * @throws {TypeError} 如果密码无效
+     */
+    encrypt(data: BinaryData, passphrase: string): Promise<Uint8Array>;
+    /**
+     * 加密数据，包含不加密的附加数据
+     * @throws {TypeError} 如果密码无效
+     */
+    encryptAad(data: BinaryData, aad: BinaryData | undefined, passphrase: string): Promise<Uint8Array>;
+    /**
+     * 解密数据
+     * @throws {TypeError} 如果数据不是有效的加密数据
+     * @throws {TypeError} 如果密码无效
+     */
+    decrypt(data: BinaryData, passphrase: string): Promise<Uint8Array>;
+}
+
+/** 创建模块 */
+export function createModule(impl: typeof import('#encryption') | typeof import('./wasm.js')): Module {
+    const encryptAad: Module['encryptAad'] = async (data, aad, passphrase) => {
+        assertPassphrase(passphrase);
+        const aadSize = aad?.byteLength ?? 0;
+        if (aadSize > AAD_MAX_SIZE) {
+            throw new TypeError('Invalid AAD size');
+        }
+        const paddedAddSize = padding(aadSize, AAD_PADDING);
+        const plain: PlainData = {
+            aad: aadSize ? toUint8Array(aad!) : undefined,
+            data: toUint8Array(data),
+        };
+        const encrypted = await impl.encrypt(plain, passphrase);
+        const result = new Uint8Array(
+            MAGIC_NUMBER.length + NONCE_SIZE + AAD_LEN_SIZE + paddedAddSize + encrypted.data.length,
+        );
+        result.set(MAGIC_NUMBER);
+        result.set(encrypted.nonce, MAGIC_NUMBER.length);
+        if (aadSize) {
+            result[MAGIC_NUMBER.length + NONCE_SIZE] = aadSize >>> 24;
+            result[MAGIC_NUMBER.length + NONCE_SIZE + 1] = aadSize >>> 16;
+            result[MAGIC_NUMBER.length + NONCE_SIZE + 2] = aadSize >>> 8;
+            result[MAGIC_NUMBER.length + NONCE_SIZE + 3] = aadSize;
+            result.set(plain.aad!, MAGIC_NUMBER.length + NONCE_SIZE + AAD_LEN_SIZE);
+        }
+        result.set(encrypted.data, MAGIC_NUMBER.length + NONCE_SIZE + AAD_LEN_SIZE + paddedAddSize);
+        return result;
+    };
+    const encrypt: Module['encrypt'] = async (data, passphrase) => {
+        return await encryptAad(data, undefined, passphrase);
+    };
+
+    const decrypt: Module['decrypt'] = async (data, passphrase) => {
+        assertPassphrase(passphrase);
+        const encrypted = parseEncrypted(data);
+        if (encrypted == null) {
+            throw new TypeError('Invalid encrypted data');
+        }
+        try {
+            const result = await impl.decrypt(encrypted, passphrase);
+            return result.data;
+        } catch (ex) {
+            throw new Error('Wrong passphrase', { cause: ex });
+        }
+    };
+    return {
+        encrypt,
+        encryptAad,
+        decrypt,
+    };
+}

package/src/encryption/node.ts

@@ -1,30 +1,39 @@
 import { pbkdf2 as _pbkdf2, createCipheriv, createDecipheriv, randomBytes } from 'node:crypto';
-import { PBKDF2_ITERATIONS, PBKDF2_SALT_SIZE, type EncryptionResult, AES_IV_SIZE, AES_KEY_SIZE } from './common.js';
+import {
+    PBKDF2_ITERATIONS,
+    NONCE_SIZE,
+    AES_TAG_SIZE,
+    AES_KEY_SIZE,
+    type EncryptedData,
+    type PlainData,
+} from './common.js';
 import { promisify } from 'node:util';
 import { toUint8Array } from '../utils.js';
 
+const pbkdf2 = promisify(_pbkdf2);
 const aesKdf = (passphrase: string, salt: Uint8Array): Promise<Buffer> => {
-    return promisify(_pbkdf2)(passphrase, salt, PBKDF2_ITERATIONS, AES_KEY_SIZE, 'sha256');
+    return pbkdf2(passphrase, salt, PBKDF2_ITERATIONS, AES_KEY_SIZE, 'sha256');
 };
 
 /** nodejs encrypt */
-export async function encrypt(data: Uint8Array, passphrase: string): Promise<EncryptionResult> {
-    const salt = randomBytes(PBKDF2_SALT_SIZE);
-    const key = await aesKdf(passphrase, salt);
-    const iv = randomBytes(AES_IV_SIZE);
-    const cipher = createCipheriv('aes-256-cbc', key, iv);
-    const encrypted = Buffer.concat([cipher.update(data), cipher.final()]);
+export async function encrypt({ data, aad }: PlainData, passphrase: string): Promise<EncryptedData> {
+    const nonce = randomBytes(NONCE_SIZE);
+    const key = await aesKdf(passphrase, nonce);
+    const cipher = createCipheriv('aes-256-gcm', key, nonce, { authTagLength: AES_TAG_SIZE });
+    if (aad) cipher.setAAD(aad);
+    const encrypted = Buffer.concat([cipher.update(data), cipher.final(), cipher.getAuthTag()]);
     return {
-        salt: toUint8Array(salt),
-        iv: toUint8Array(iv),
+        nonce: toUint8Array(nonce),
         data: toUint8Array(encrypted),
     };
 }
 
 /** nodejs decrypt */
-export async function decrypt({ data, iv, salt }: EncryptionResult, passphrase: string): Promise<Uint8Array> {
-    const key = await aesKdf(passphrase, salt);
-    const decipher = createDecipheriv('aes-256-cbc', key, iv);
-    const decrypted = Buffer.concat([decipher.update(data), decipher.final()]);
-    return toUint8Array(decrypted);
+export async function decrypt({ nonce, aad, data }: EncryptedData, passphrase: string): Promise<PlainData> {
+    const key = await aesKdf(passphrase, nonce);
+    const decipher = createDecipheriv('aes-256-gcm', key, nonce, { authTagLength: AES_TAG_SIZE });
+    decipher.setAuthTag(data.subarray(data.length - AES_TAG_SIZE));
+    if (aad) decipher.setAAD(aad);
+    const decrypted = Buffer.concat([decipher.update(data.subarray(0, data.length - AES_TAG_SIZE)), decipher.final()]);
+    return { data: toUint8Array(decrypted) };
 }

package/src/encryption/wasm.ts

@@ -0,0 +1,46 @@
+import {
+    NONCE_SIZE,
+    AES_KEY_SIZE,
+    AES_TAG_SIZE,
+    type EncryptedData,
+    PBKDF2_ITERATIONS,
+    type PlainData,
+} from './common.js';
+import * as mod from '#lib-wasm';
+
+const EMPTY = new Uint8Array(0);
+const encoder = new TextEncoder();
+
+/** crypto-js encrypt */
+export function encrypt({ data, aad }: PlainData, passphrase: string): EncryptedData {
+    const nonce = crypto.getRandomValues(new Uint8Array(NONCE_SIZE));
+    const result = mod.encrypt(
+        encoder.encode(passphrase),
+        data,
+        aad ?? EMPTY,
+        nonce,
+        PBKDF2_ITERATIONS,
+        AES_KEY_SIZE,
+        AES_TAG_SIZE,
+    );
+    return {
+        nonce,
+        data: result,
+    };
+}
+
+/** crypto-js decrypt */
+export function decrypt({ data, aad, nonce }: EncryptedData, passphrase: string): PlainData {
+    const decrypted = mod.decrypt(
+        encoder.encode(passphrase),
+        data,
+        aad ?? EMPTY,
+        nonce,
+        PBKDF2_ITERATIONS,
+        AES_KEY_SIZE,
+        AES_TAG_SIZE,
+    );
+    return {
+        data: decrypted,
+    };
+}

package/src/encryption/web.ts

@@ -1,4 +1,11 @@
-import { AES_IV_SIZE, AES_KEY_SIZE, PBKDF2_SALT_SIZE, type EncryptionResult, PBKDF2_ITERATIONS } from './common.js';
+import {
+    NONCE_SIZE,
+    AES_TAG_SIZE,
+    AES_KEY_SIZE,
+    type EncryptedData,
+    type PlainData,
+    PBKDF2_ITERATIONS,
+} from './common.js';
 
 const encoder = new TextEncoder();
 
@@ -11,42 +18,44 @@ async function aesKdfWeb(passphrase: string, salt: Uint8Array): Promise<CryptoKe
         iterations: PBKDF2_ITERATIONS,
         hash: 'SHA-256',
     };
-    return await crypto.subtle.deriveKey(pbkdf2Params, pass, { name: 'AES-CBC', length: AES_KEY_SIZE * 8 }, false, [
+    return await crypto.subtle.deriveKey(pbkdf2Params, pass, { name: 'AES-GCM', length: AES_KEY_SIZE * 8 }, false, [
         'encrypt',
         'decrypt',
     ]);
 }
 
 /** webcrypto encrypt */
-export async function encrypt(data: Uint8Array, passphrase: string): Promise<EncryptionResult> {
-    const salt = crypto.getRandomValues(new Uint8Array(PBKDF2_SALT_SIZE));
-    const key = await aesKdfWeb(passphrase, salt);
-    const iv = crypto.getRandomValues(new Uint8Array(AES_IV_SIZE));
+export async function encrypt({ data, aad }: PlainData, passphrase: string): Promise<EncryptedData> {
+    const nonce = crypto.getRandomValues(new Uint8Array(NONCE_SIZE));
+    const key = await aesKdfWeb(passphrase, nonce);
     const encrypted = await crypto.subtle.encrypt(
         {
-            name: 'AES-CBC',
-            iv,
+            name: 'AES-GCM',
+            iv: nonce,
+            tagLength: AES_TAG_SIZE * 8,
+            additionalData: aad,
         },
         key,
         data,
     );
     return {
-        salt: salt,
-        iv: iv,
+        nonce,
         data: new Uint8Array(encrypted),
     };
 }
 
 /** webcrypto decrypt */
-export async function decrypt({ data, salt, iv }: EncryptionResult, passphrase: string): Promise<Uint8Array> {
-    const key = await aesKdfWeb(passphrase, salt);
+export async function decrypt({ data, nonce, aad }: EncryptedData, passphrase: string): Promise<PlainData> {
+    const key = await aesKdfWeb(passphrase, nonce);
     const decrypted = await crypto.subtle.decrypt(
         {
-            name: 'AES-CBC',
-            iv,
+            name: 'AES-GCM',
+            iv: nonce,
+            tagLength: AES_TAG_SIZE * 8,
+            additionalData: aad,
         },
         key,
         data,
     );
-    return new Uint8Array(decrypted);
+    return { data: new Uint8Array(decrypted) };
 }

package/src/index.ts

@@ -1 +1 @@
-export { isEncrypted, encrypt, decrypt } from './encryption/index.js';
+export { isEncrypted, encrypt, decrypt, encryptAad, extractAad } from './encryption/index.js';

package/tests/encryption.js

@@ -1,10 +1,20 @@
 import { MAGIC_NUMBER } from '../dist/encryption/index.js';
-import { isEncrypted, encrypt, decrypt } from '../dist/index.js';
+import { isEncrypted, encrypt, decrypt, encryptAad, extractAad } from '../dist/index.js';
 import { toUint8Array } from '../dist/utils.js';
+import { createModule } from '../dist/encryption/module.js';
 import * as nodeImpl from '../dist/encryption/node.js';
 import * as browserImpl from '../dist/encryption/browser.js';
 import * as webImpl from '../dist/encryption/web.js';
-import * as jsImpl from '../dist/encryption/pure-js.js';
+import * as wasmImpl from '../dist/encryption/wasm.js';
+
+const data = [
+    Buffer.from(''),
+    Buffer.from('Hello, World!'),
+    Buffer.from('Hello, World!'.repeat(100)),
+    new Uint8Array(100),
+    Buffer.from('Hello, World!'.repeat(1000)).buffer,
+].map((d) => ({ raw: d, length: d.byteLength, type: d.constructor.name }));
+const passphrase = 'test';
 
 describe('Encryption root export', () => {
     it('has MAGIC_NUMBER', () => {
@@ -13,13 +23,26 @@ describe('Encryption root export', () => {
     });
 
     it('check is encrypted', () => {
+        const nonce = Buffer.alloc(12);
+        const tag = Buffer.alloc(16);
+        const aadLength = Buffer.alloc(4);
+
         // @ts-expect-error bad type
         expect(() => isEncrypted({})).toThrow('Invalid data');
-        expect(isEncrypted(Buffer.from(MAGIC_NUMBER))).toBe(false);
-        expect(isEncrypted(Buffer.concat([MAGIC_NUMBER, Buffer.alloc(32)]))).toBe(false);
-        expect(isEncrypted(Buffer.concat([MAGIC_NUMBER, Buffer.alloc(33)]))).toBe(true);
         expect(isEncrypted(Buffer.alloc(40))).toBe(false);
         expect(isEncrypted(Buffer.alloc(41))).toBe(false);
+
+        expect(isEncrypted(Buffer.from(MAGIC_NUMBER))).toBe(false);
+
+        expect(isEncrypted(Buffer.concat([MAGIC_NUMBER, nonce, aadLength, tag]))).toBe(true);
+        expect(isEncrypted(Buffer.concat([MAGIC_NUMBER, nonce, aadLength, tag.subarray(1)]))).toBe(false);
+
+        aadLength.writeUInt32BE(100);
+        expect(isEncrypted(Buffer.concat([MAGIC_NUMBER, nonce, aadLength, Buffer.alloc(111), tag]))).toBe(false);
+        expect(isEncrypted(Buffer.concat([MAGIC_NUMBER, nonce, aadLength, Buffer.alloc(112), tag]))).toBe(true);
+
+        aadLength.writeUInt32BE(0xffff_fffe);
+        expect(isEncrypted(Buffer.concat([MAGIC_NUMBER, nonce, aadLength, Buffer.alloc(112), tag]))).toBe(false);
     });
 
     it('encrypt check', async () => {
@@ -40,71 +63,144 @@ describe('Encryption root export', () => {
         await expect(() => decrypt(Buffer.alloc(100), 'xx')).rejects.toThrow('Invalid encrypted data');
     });
 
-    it('encrypt/decrypt', async () => {
-        const data = [
-            Buffer.from(''),
-            Buffer.from('Hello, World!'),
-            Buffer.from('Hello, World!'.repeat(100)),
-            new Uint8Array(100),
-            Buffer.from('Hello, World!'.repeat(1000)).buffer,
-        ];
-        const passphrase = 'test';
-        for (const raw of data) {
-            const encrypted = await encrypt(raw, passphrase);
+    describe('aad', () => {
+        it('accepts empty aad', async () => {
+            const encrypted = await encryptAad(Buffer.alloc(0), Buffer.alloc(0), passphrase);
             expect(encrypted).toBeInstanceOf(Uint8Array);
-            expect(encrypted.byteLength).toBeGreaterThan(raw.byteLength);
-            expect(isEncrypted(encrypted)).toBe(true);
+            const extractedAad = extractAad(encrypted);
+            expect(extractedAad).toBeUndefined();
+        });
 
+        it('accepts undefined aad', async () => {
+            const encrypted = await encryptAad(Buffer.alloc(0), undefined, passphrase);
+            expect(encrypted).toBeInstanceOf(Uint8Array);
+            const extractedAad = extractAad(encrypted);
+            expect(extractedAad).toBeUndefined();
+        });
+
+        it('rejects invalid aad size', async () => {
+            const aad2 = Buffer.alloc(1024 * 1024 * 1024 + 1);
             await expect(async () => {
-                await decrypt(encrypted, 'xx');
-                throw new Error('This may not be thrown since cipher may not report error');
-            }).rejects.toThrow();
+                await encryptAad(Buffer.alloc(0), aad2, passphrase);
+            }).rejects.toThrow('Invalid AAD size');
+        });
 
-            const decrypted = await decrypt(encrypted, passphrase);
-            expect(decrypted).toBeInstanceOf(Uint8Array);
-            expect(decrypted).toEqual(toUint8Array(raw));
-        }
+        it('rejects invalid data', () => {
+            const data = Buffer.alloc(10);
+            expect(() => extractAad(data)).toThrow('Invalid encrypted data');
+        });
     });
+
+    checkModule({ encrypt, decrypt, encryptAad });
 });
 
 /**
- * 检查实现
- * @param {any} impl impl module
+ * 检查实现模块
+ * @param {any} module wrapped module
  */
-function checkImpl(impl) {
-    expect(impl).toMatchObject({
-        encrypt: expect.any(Function),
-        decrypt: expect.any(Function),
+function checkModule(module) {
+    it('has correct exports', () => {
+        expect(module).toMatchObject({
+            encrypt: expect.any(Function),
+            decrypt: expect.any(Function),
+            encryptAad: expect.any(Function),
+        });
+    });
+
+    // eslint-disable-next-line @typescript-eslint/unbound-method
+    const { encrypt, decrypt, encryptAad } = module;
+
+    it.each(data)('encrypt/decrypt $type[$length]', async ({ raw }) => {
+        const encrypted = await encrypt(raw, passphrase);
+        expect(encrypted).toBeInstanceOf(Uint8Array);
+        expect(encrypted.byteLength).toBeGreaterThan(raw.byteLength);
+        expect(isEncrypted(encrypted)).toBe(true);
+
+        await expect(async () => {
+            await decrypt(encrypted, 'xx');
+        }).rejects.toThrow();
+
+        const decrypted = await decrypt(encrypted, passphrase);
+        expect(decrypted).toBeInstanceOf(Uint8Array);
+        expect(decrypted).toEqual(toUint8Array(raw));
+    });
+
+    it.each(data)('encrypt/decrypt $type[$length] with aad', async ({ raw }) => {
+        const aad = Buffer.from('Hello, AAD!');
+        const encrypted = await encryptAad(raw, aad, passphrase);
+        expect(encrypted).toBeInstanceOf(Uint8Array);
+        expect(encrypted.byteLength).toBeGreaterThan(raw.byteLength);
+        expect(isEncrypted(encrypted)).toBe(true);
+
+        const extractedAad = extractAad(encrypted);
+        expect(extractedAad).toBeInstanceOf(Uint8Array);
+        expect(extractedAad).toEqual(toUint8Array(aad));
+
+        await expect(async () => {
+            await decrypt(encrypted, 'xx');
+        }).rejects.toThrow();
+
+        const decrypted = await decrypt(encrypted, passphrase);
+        expect(decrypted).toBeInstanceOf(Uint8Array);
+        expect(decrypted).toEqual(toUint8Array(raw));
     });
-    checkImplEncryption(impl.encrypt, impl.decrypt);
 }
 
 /**
  * 检查实现
- * @param {(arg0: Buffer, arg1: string) => any} encrypt encrypt
- * @param {(arg0: any, arg1: string) => any} decrypt decrypt
+ * @param {Function} encrypt encrypt
+ * @param {Function} decrypt decrypt
  */
 function checkImplEncryption(encrypt, decrypt) {
-    const data = [Buffer.alloc(0), Buffer.from('Hello, World!'), Buffer.from('Hello, World!'.repeat(100))];
-    const passphrase = 'test';
-    it.each(data.map((v) => ({ length: v.byteLength, buffer: v })))(
-        `len=$length`,
-        async ({ buffer: raw }) => {
-            const encrypted = await encrypt(raw, passphrase);
-            expect(encrypted.salt).toBeInstanceOf(Uint8Array);
-            expect(encrypted.salt.byteLength).toBe(16);
-            expect(encrypted.iv).toBeInstanceOf(Uint8Array);
-            expect(encrypted.iv.byteLength).toBe(16);
+    it.each(data)(
+        `$type[$length]`,
+        async ({ raw }) => {
+            const encrypted = await encrypt({ data: toUint8Array(raw) }, passphrase);
+            expect(encrypted.nonce).toBeInstanceOf(Uint8Array);
+            expect(encrypted.nonce.byteLength).toBe(12);
+            expect(encrypted.aad).toBeUndefined();
             expect(encrypted.data).toBeInstanceOf(Uint8Array);
 
             await expect(async () => {
                 await decrypt(encrypted, 'xx');
-                throw new Error('This may not be thrown since cipher may not report error');
             }).rejects.toThrow();
 
             const decrypted = await decrypt(encrypted, passphrase);
-            expect(decrypted).toBeInstanceOf(Uint8Array);
-            expect(decrypted).toEqual(toUint8Array(raw));
+            expect(decrypted.data).toBeInstanceOf(Uint8Array);
+            expect(decrypted.data).toEqual(toUint8Array(raw));
+            expect(decrypted.aad).toBeUndefined();
+        },
+        100_000,
+    );
+    it.each(data)(
+        `(aad) $type[$length]`,
+        async ({ raw }) => {
+            const aad = Buffer.from('Hello, AAD!');
+            const encrypted = await encrypt({ data: toUint8Array(raw), aad }, passphrase);
+            expect(encrypted.nonce).toBeInstanceOf(Uint8Array);
+            expect(encrypted.nonce.byteLength).toBe(12);
+            expect(encrypted.data).toBeInstanceOf(Uint8Array);
+
+            await expect(async () => {
+                await decrypt(
+                    {
+                        nonce: encrypted.nonce,
+                        data: encrypted.data,
+                    },
+                    passphrase,
+                );
+            }).rejects.toThrow();
+
+            const decrypted = await decrypt(
+                {
+                    nonce: encrypted.nonce,
+                    aad: toUint8Array(aad),
+                    data: encrypted.data,
+                },
+                passphrase,
+            );
+            expect(decrypted.data).toBeInstanceOf(Uint8Array);
+            expect(decrypted.data).toEqual(toUint8Array(raw));
         },
         100_000,
     );
@@ -115,10 +211,11 @@ describe('Encryption impl', () => {
         node: nodeImpl,
         browser: browserImpl,
         web: webImpl,
-        js: jsImpl,
+        wasm: wasmImpl,
     });
     describe.each(impls)('impl %s', (name, impl) => {
-        checkImpl(impl);
+        const module = createModule(impl);
+        checkModule(module);
     });
     describe.each(impls.slice(1))(`cross impl %s/${impls[0][0]}`, (name, impl) => {
         describe(`${impls[0][0]} -> ${name}`, () => {
@@ -131,15 +228,14 @@ describe('Encryption impl', () => {
 });
 
 describe('Encryption impl browser', () => {
-    describe('should work without crypto', () => {
-        const { crypto } = globalThis;
+    describe('should work without crypto subtle', () => {
+        const { subtle } = crypto;
         beforeAll(() => {
-            // @ts-expect-error remove crypto
-            globalThis.crypto = undefined;
+            Object.defineProperty(crypto, 'subtle', { value: undefined, configurable: true });
         });
         afterAll(() => {
-            globalThis.crypto = crypto;
+            Object.defineProperty(crypto, 'subtle', { value: subtle, configurable: true });
         });
-        checkImpl(browserImpl);
+        checkModule(createModule(browserImpl));
     });
 });

package/tsconfig.json

@@ -4,7 +4,8 @@
   "compilerOptions": {
     "outDir": "./dist",
     "paths": {
-      "#encryption": ["./src/encryption/node.ts", "./src/encryption/browser.ts"]
+      "#encryption": ["./src/encryption/node.ts", "./src/encryption/browser.ts"],
+      "#lib-wasm": ["./lib/wasm.d.ts"]
     }
   }
 }

package/wasm-build.js

@@ -0,0 +1,30 @@
+import path from 'node:path';
+import fs from 'node:fs/promises';
+import { spawn } from 'node:child_process';
+import { fileURLToPath } from 'node:url';
+import esbuild from 'esbuild';
+import { wasmLoader } from 'esbuild-plugin-wasm';
+import { once } from 'node:events';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+
+const wasmPack = spawn('wasm-pack', ['build', '--target', 'bundler', '--release'], {
+    stdio: 'inherit',
+    cwd: path.resolve(__dirname, './wasm'),
+});
+
+await once(wasmPack, 'exit');
+
+await esbuild.build({
+    entryPoints: [path.resolve(__dirname, './wasm/pkg/wasm.js')],
+    outdir: path.resolve(__dirname, './lib'),
+    charset: 'utf8',
+    target: 'es2022',
+    format: 'esm',
+    bundle: true,
+    minify: false,
+    plugins: [wasmLoader({ mode: 'embedded' })],
+});
+
+await fs.copyFile(path.resolve(__dirname, './wasm/pkg/wasm.d.ts'), path.resolve(__dirname, './lib/wasm.d.ts'));

package/dist/encryption/pure-js.d.ts

@@ -1,5 +0,0 @@
-import { type EncryptionResult } from './common.js';
-/** crypto-js encrypt */
-export declare function encrypt(data: Uint8Array, passphrase: string): Promise<EncryptionResult>;
-/** crypto-js decrypt */
-export declare function decrypt({ data, iv, salt }: EncryptionResult, passphrase: string): Promise<Uint8Array>;

package/dist/encryption/pure-js.js

@@ -1,54 +0,0 @@
-import { pbkdf2, createSHA256 } from 'hash-wasm';
-import AES from 'crypto-js/aes.js';
-import WordArray from 'crypto-js/lib-typedarrays.js';
-import { AES_IV_SIZE, AES_KEY_SIZE, PBKDF2_SALT_SIZE, PBKDF2_ITERATIONS } from './common.js';
-/** Convert word array to buffer data */
-function wordArrayToBuffer(wordArray) {
-    const { sigBytes, words } = wordArray;
-    if (sigBytes < 0 || words.length * 4 < sigBytes)
-        throw new Error('Invalid word array');
-    const result = new Uint8Array(sigBytes);
-    for (let i = 0; i < sigBytes; i++) {
-        result[i] = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
-    }
-    return result;
-}
-/** Convert buffer data to word array */
-function bufferToWordArray(buffer) {
-    return WordArray.create(buffer);
-}
-/** Create aes params */
-async function aesKdfJs(passphrase, salt) {
-    const result = await pbkdf2({
-        password: passphrase,
-        salt: salt,
-        iterations: PBKDF2_ITERATIONS,
-        hashLength: AES_KEY_SIZE,
-        hashFunction: createSHA256(),
-        outputType: 'binary',
-    });
-    return WordArray.create(result);
-}
-/** crypto-js encrypt */
-export async function encrypt(data, passphrase) {
-    const salt = wordArrayToBuffer(WordArray.random(PBKDF2_SALT_SIZE));
-    const key = await aesKdfJs(passphrase, salt);
-    const iv = WordArray.random(AES_IV_SIZE);
-    const encrypted = AES.encrypt(bufferToWordArray(data), key, { iv });
-    return {
-        salt: salt,
-        iv: wordArrayToBuffer(iv),
-        data: wordArrayToBuffer(encrypted.ciphertext),
-    };
-}
-/** crypto-js decrypt */
-export async function decrypt({ data, iv, salt }, passphrase) {
-    const key = await aesKdfJs(passphrase, salt);
-    const decrypted = AES.decrypt({
-        ciphertext: bufferToWordArray(data),
-    }, key, {
-        iv: bufferToWordArray(iv),
-    });
-    return wordArrayToBuffer(decrypted);
-}
-//# sourceMappingURL=pure-js.js.map

package/dist/encryption/pure-js.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"pure-js.js","sourceRoot":"","sources":["../../src/encryption/pure-js.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACjD,OAAO,GAAG,MAAM,kBAAkB,CAAC;AACnC,OAAO,SAAS,MAAM,8BAA8B,CAAC;AAErD,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,gBAAgB,EAAyB,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAEpH,wCAAwC;AACxC,SAAS,iBAAiB,CAAC,SAAoB;IAC3C,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,SAAS,CAAC;IACtC,IAAI,QAAQ,GAAG,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,GAAG,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACvF,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC;IACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,EAAE,CAAC,EAAE,EAAE,CAAC;QAChC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IAC/D,CAAC;IACD,OAAO,MAAM,CAAC;AAClB,CAAC;AAED,wCAAwC;AACxC,SAAS,iBAAiB,CAAC,MAAkB;IACzC,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;AACpC,CAAC;AAED,wBAAwB;AACxB,KAAK,UAAU,QAAQ,CAAC,UAAkB,EAAE,IAAgB;IACxD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC;QACxB,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,IAAI;QACV,UAAU,EAAE,iBAAiB;QAC7B,UAAU,EAAE,YAAY;QACxB,YAAY,EAAE,YAAY,EAAE;QAC5B,UAAU,EAAE,QAAQ;KACvB,CAAC,CAAC;IACH,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;AACpC,CAAC;AAED,wBAAwB;AACxB,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,IAAgB,EAAE,UAAkB;IAC9D,MAAM,IAAI,GAAG,iBAAiB,CAAC,SAAS,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACnE,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;IAC7C,MAAM,EAAE,GAAG,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACzC,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IACpE,OAAO;QACH,IAAI,EAAE,IAAI;QACV,EAAE,EAAE,iBAAiB,CAAC,EAAE,CAAC;QACzB,IAAI,EAAE,iBAAiB,CAAC,SAAS,CAAC,UAAU,CAAC;KAChD,CAAC;AACN,CAAC;AAED,wBAAwB;AACxB,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAoB,EAAE,UAAkB;IAClF,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;IAC7C,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CACzB;QACI,UAAU,EAAE,iBAAiB,CAAC,IAAI,CAAC;KACT,EAC9B,GAAG,EACH;QACI,EAAE,EAAE,iBAAiB,CAAC,EAAE,CAAC;KAC5B,CACJ,CAAC;IACF,OAAO,iBAAiB,CAAC,SAAS,CAAC,CAAC;AACxC,CAAC"}