@digitaldefiance/ecies-lib 4.4.11 → 4.4.14

package/src/secure-buffer.d.ts

@@ -0,0 +1,61 @@
+import type { IIdProvider } from './interfaces/id-provider';
+/**
+ * A secure string buffer is a buffer whose intent is to prevent the raw password from being stored in memory.
+ * The buffer is encrypted with a key derived from a random ID.
+ * The ID is stored in the clear, but the buffer is encrypted with a key derived from the ID.
+ * This allows the buffer to be decrypted, but only if the ID and salt are known.
+ *
+ * Supports explicit resource management (TC39 proposal) for automatic disposal:
+ * ```typescript
+ * using buffer = new SecureBuffer(sensitiveData);
+ * // buffer automatically disposed when leaving scope
+ * ```
+ */
+export declare class SecureBuffer implements Disposable {
+    private _disposed;
+    private readonly _id;
+    private readonly _idProvider;
+    private readonly _length;
+    private readonly _obfuscatedValue;
+    private readonly _key;
+    private readonly _obfuscatedChecksum;
+    private _disposedAt?;
+    constructor(data?: Uint8Array, idProvider?: IIdProvider);
+    dispose(): void;
+    /**
+     * Symbol.dispose implementation for explicit resource management
+     * Allows using 'using' keyword (TC39 proposal)
+     */
+    [Symbol.dispose](): void;
+    /**
+     * Factory method for backward compatibility that uses Constants.idProvider
+     * @param data Optional data to secure
+     * @returns A new SecureBuffer instance using the global ID provider
+     */
+    static create(data?: Uint8Array): SecureBuffer;
+    /**
+     * Static factory method that creates a SecureBuffer for a symmetric key
+     * Useful for managing encryption keys securely
+     */
+    static allocateKey(sizeBytes?: number): SecureBuffer;
+    private assertNotDisposed;
+    static fromString(data: string): SecureBuffer;
+    get disposedAtStack(): string | undefined;
+    get id(): string;
+    get idUint8Array(): Uint8Array;
+    get originalLength(): number;
+    get value(): Uint8Array;
+    get valueAsString(): string;
+    get valueAsHexString(): string;
+    get valueAsBase64String(): string;
+    get checksum(): string;
+    private generateSimpleChecksum;
+    private createSimpleObfuscatedChecksum;
+    private validateSimpleChecksum;
+    private timingSafeEqual;
+    private validateObfuscatedChecksum;
+    private obfuscateData;
+    private deobfuscateData;
+    get length(): number;
+}
+//# sourceMappingURL=secure-buffer.d.ts.map

package/src/secure-buffer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secure-buffer.d.ts","sourceRoot":"","sources":["../../../../packages/digitaldefiance-ecies-lib/src/secure-buffer.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAU5D;;;;;;;;;;;GAWG;AACH,qBAAa,YAAa,YAAW,UAAU;IAC7C,OAAO,CAAC,SAAS,CAAkB;IACnC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAa;IACjC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;IAC1C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAa;IAC9C,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAa;IAClC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAa;IACjD,OAAO,CAAC,WAAW,CAAC,CAAS;gBAG3B,IAAI,CAAC,EAAE,UAAU,EACjB,UAAU,GAAE,WAAiC;IAkBxC,OAAO,IAAI,IAAI;IAYtB;;;OAGG;IACH,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI;IAIxB;;;;OAIG;IACH,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,UAAU,GAAG,YAAY;IAK9C;;;OAGG;IACH,MAAM,CAAC,WAAW,CAAC,SAAS,GAAE,MAAW,GAAG,YAAY;IAMxD,OAAO,CAAC,iBAAiB;WAWX,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,YAAY;IAGpD,IAAW,eAAe,IAAI,MAAM,GAAG,SAAS,CAE/C;IACD,IAAW,EAAE,IAAI,MAAM,CAGtB;IACD,IAAW,YAAY,IAAI,UAAU,CAGpC;IACD,IAAW,cAAc,IAAI,MAAM,CAGlC;IACD,IAAW,KAAK,IAAI,UAAU,CA4B7B;IACD,IAAW,aAAa,IAAI,MAAM,CAGjC;IACD,IAAW,gBAAgB,IAAI,MAAM,CAGpC;IACD,IAAW,mBAAmB,IAAI,MAAM,CAGvC;IACD,IAAW,QAAQ,IAAI,MAAM,CAM5B;IACD,OAAO,CAAC,sBAAsB;IAS9B,OAAO,CAAC,8BAA8B;IAOtC,OAAO,CAAC,sBAAsB;IAU9B,OAAO,CAAC,eAAe;IAUvB,OAAO,CAAC,0BAA0B;IAMlC,OAAO,CAAC,aAAa;IAGrB,OAAO,CAAC,eAAe;IAGvB,IAAW,MAAM,IAAI,MAAM,CAG1B;CACF"}

package/src/secure-buffer.js

@@ -0,0 +1,201 @@
+/// <reference path="../../../types/global.d.ts" />
+import { SecureStorageErrorType } from './enumerations/secure-storage-error-type';
+import { DisposedError } from './errors/disposed';
+import { SecureStorageError } from './errors/secure-storage';
+import { ObjectIdProvider } from './lib/id-providers/objectid-provider';
+import { XorService } from './services/xor';
+import { uint8ArrayToHex } from './utils';
+/**
+ * Default ID provider (singleton, no circular dependency)
+ */
+const DEFAULT_ID_PROVIDER = new ObjectIdProvider();
+/**
+ * A secure string buffer is a buffer whose intent is to prevent the raw password from being stored in memory.
+ * The buffer is encrypted with a key derived from a random ID.
+ * The ID is stored in the clear, but the buffer is encrypted with a key derived from the ID.
+ * This allows the buffer to be decrypted, but only if the ID and salt are known.
+ *
+ * Supports explicit resource management (TC39 proposal) for automatic disposal:
+ * ```typescript
+ * using buffer = new SecureBuffer(sensitiveData);
+ * // buffer automatically disposed when leaving scope
+ * ```
+ */
+export class SecureBuffer {
+    _disposed = false;
+    _id;
+    _idProvider;
+    _length;
+    _obfuscatedValue;
+    _key;
+    _obfuscatedChecksum;
+    _disposedAt;
+    constructor(data, idProvider = DEFAULT_ID_PROVIDER) {
+        this._idProvider = idProvider;
+        this._id = this._idProvider.generate();
+        // don't bother encrypting an empty buffer
+        if (data === undefined || data.length === 0) {
+            this._length = 0;
+            this._obfuscatedValue = new Uint8Array(0);
+            this._key = new Uint8Array(0);
+            this._obfuscatedChecksum = new Uint8Array(0);
+            return;
+        }
+        this._length = data.length;
+        this._key = this._id;
+        this._obfuscatedValue = this.obfuscateData(data);
+        // Create a simple checksum without crypto for synchronous operation
+        this._obfuscatedChecksum = this.createSimpleObfuscatedChecksum(data);
+    }
+    dispose() {
+        const err = new DisposedError();
+        if (typeof Error.captureStackTrace === 'function') {
+            Error.captureStackTrace(err, this.dispose);
+        }
+        this._disposedAt = err.stack ?? 'stack unavailable';
+        this._obfuscatedValue.fill(0);
+        this._key.fill(0);
+        this._obfuscatedChecksum.fill(0);
+        this._disposed = true;
+    }
+    /**
+     * Symbol.dispose implementation for explicit resource management
+     * Allows using 'using' keyword (TC39 proposal)
+     */
+    [Symbol.dispose]() {
+        this.dispose();
+    }
+    /**
+     * Factory method for backward compatibility that uses Constants.idProvider
+     * @param data Optional data to secure
+     * @returns A new SecureBuffer instance using the global ID provider
+     */
+    static create(data) {
+        const { Constants } = require('./constants');
+        return new SecureBuffer(data, Constants.idProvider);
+    }
+    /**
+     * Static factory method that creates a SecureBuffer for a symmetric key
+     * Useful for managing encryption keys securely
+     */
+    static allocateKey(sizeBytes = 32) {
+        const keyData = new Uint8Array(sizeBytes);
+        // Will be filled by crypto.getRandomValues by caller
+        return new SecureBuffer(keyData);
+    }
+    assertNotDisposed() {
+        if (this._disposed) {
+            const e = new DisposedError();
+            try {
+                e.disposedAt = this._disposedAt;
+            }
+            catch {
+                // ignore if Error object is sealed/frozen
+            }
+            throw e;
+        }
+    }
+    static fromString(data) {
+        return new SecureBuffer(new TextEncoder().encode(data));
+    }
+    get disposedAtStack() {
+        return this._disposedAt;
+    }
+    get id() {
+        this.assertNotDisposed();
+        return this._idProvider.serialize(this._id);
+    }
+    get idUint8Array() {
+        this.assertNotDisposed();
+        return this._id;
+    }
+    get originalLength() {
+        this.assertNotDisposed();
+        return this._length;
+    }
+    get value() {
+        this.assertNotDisposed();
+        if (this._length === 0) {
+            return new Uint8Array(0);
+        }
+        try {
+            const deobfuscatedResult = this.deobfuscateData(this._obfuscatedValue);
+            if (deobfuscatedResult.length !== this._length) {
+                throw new SecureStorageError(SecureStorageErrorType.DecryptedValueLengthMismatch);
+            }
+            if (!this.validateObfuscatedChecksum(deobfuscatedResult)) {
+                throw new SecureStorageError(SecureStorageErrorType.DecryptedValueChecksumMismatch);
+            }
+            return deobfuscatedResult;
+        }
+        catch (error) {
+            // If it's already a SecureStorageError, re-throw it
+            if (error instanceof SecureStorageError) {
+                throw error;
+            }
+            // Convert any other error (including AES-GCM authentication errors) to SecureStorageError
+            throw new SecureStorageError(SecureStorageErrorType.DecryptedValueChecksumMismatch);
+        }
+    }
+    get valueAsString() {
+        this.assertNotDisposed();
+        return new TextDecoder().decode(this.value);
+    }
+    get valueAsHexString() {
+        this.assertNotDisposed();
+        return uint8ArrayToHex(this.value);
+    }
+    get valueAsBase64String() {
+        this.assertNotDisposed();
+        return btoa(String.fromCharCode(...this.value));
+    }
+    get checksum() {
+        this.assertNotDisposed();
+        const deobfuscatedChecksum = new TextDecoder().decode(this.deobfuscateData(this._obfuscatedChecksum));
+        return deobfuscatedChecksum;
+    }
+    generateSimpleChecksum(data) {
+        const dataBytes = typeof data === 'string' ? new TextEncoder().encode(data) : data;
+        let hash = 0;
+        for (let i = 0; i < dataBytes.length; i++) {
+            hash = ((hash << 5) - hash + dataBytes[i]) & 0xffffffff;
+        }
+        return hash.toString(16);
+    }
+    createSimpleObfuscatedChecksum(data) {
+        const checksum = this.generateSimpleChecksum(data);
+        const result = this.obfuscateData(new TextEncoder().encode(checksum));
+        return result;
+    }
+    validateSimpleChecksum(data, checksum) {
+        const generatedChecksum = this.generateSimpleChecksum(data);
+        const a = new TextEncoder().encode(generatedChecksum);
+        const b = new TextEncoder().encode(checksum);
+        return this.timingSafeEqual(a, b);
+    }
+    timingSafeEqual(a, b) {
+        if (a.length !== b.length) {
+            return false;
+        }
+        let result = 0;
+        for (let i = 0; i < a.length; i++) {
+            result |= a[i] ^ b[i];
+        }
+        return result === 0;
+    }
+    validateObfuscatedChecksum(data) {
+        const deobfuscatedChecksum = new TextDecoder().decode(this.deobfuscateData(this._obfuscatedChecksum));
+        return this.validateSimpleChecksum(data, deobfuscatedChecksum);
+    }
+    obfuscateData(data) {
+        return XorService.xor(data, this._key);
+    }
+    deobfuscateData(data) {
+        return XorService.xor(data, this._key);
+    }
+    get length() {
+        this.assertNotDisposed();
+        return this._length;
+    }
+}
+//# sourceMappingURL=secure-buffer.js.map

package/src/secure-buffer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secure-buffer.js","sourceRoot":"","sources":["../../../../packages/digitaldefiance-ecies-lib/src/secure-buffer.ts"],"names":[],"mappings":"AAAA,mDAAmD;AACnD,OAAO,EAAE,sBAAsB,EAAE,MAAM,0CAA0C,CAAC;AAClF,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AACxE,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAE1C;;GAEG;AACH,MAAM,mBAAmB,GAAG,IAAI,gBAAgB,EAAE,CAAC;AAEnD;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,YAAY;IACf,SAAS,GAAY,KAAK,CAAC;IAClB,GAAG,CAAa;IAChB,WAAW,CAAc;IACzB,OAAO,CAAS;IAChB,gBAAgB,CAAa;IAC7B,IAAI,CAAa;IACjB,mBAAmB,CAAa;IACzC,WAAW,CAAU;IAE7B,YACE,IAAiB,EACjB,aAA0B,mBAAmB;QAE7C,IAAI,CAAC,WAAW,GAAG,UAAU,CAAC;QAC9B,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;QACvC,0CAA0C;QAC1C,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5C,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC;YACjB,IAAI,CAAC,gBAAgB,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;YAC1C,IAAI,CAAC,IAAI,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;YAC9B,IAAI,CAAC,mBAAmB,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;YAC7C,OAAO;QACT,CAAC;QACD,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC;QAC3B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC;QACrB,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QACjD,oEAAoE;QACpE,IAAI,CAAC,mBAAmB,GAAG,IAAI,CAAC,8BAA8B,CAAC,IAAI,CAAC,CAAC;IACvE,CAAC;IACM,OAAO;QACZ,MAAM,GAAG,GAAG,IAAI,aAAa,EAAE,CAAC;QAChC,IAAI,OAAO,KAAK,CAAC,iBAAiB,KAAK,UAAU,EAAE,CAAC;YAClD,KAAK,CAAC,iBAAiB,CAAC,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QAC7C,CAAC;QACD,IAAI,CAAC,WAAW,GAAG,GAAG,CAAC,KAAK,IAAI,mBAAmB,CAAC;QACpD,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC9B,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;IACxB,CAAC;IAED;;;OAGG;IACH,CAAC,MAAM,CAAC,OAAO,CAAC;QACd,IAAI,CAAC,OAAO,EAAE,CAAC;IACjB,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,MAAM,CAAC,IAAiB;QAC7B,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;QAC7C,OAAO,IAAI,YAAY,CAAC,IAAI,EAAE,SAAS,CAAC,UAAU,CAAC,CAAC;IACtD,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,WAAW,CAAC,YAAoB,EAAE;QACvC,MAAM,OAAO,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;QAC1C,qDAAqD;QACrD,OAAO,IAAI,YAAY,CAAC,OAAO,CAAC,CAAC;IACnC,CAAC;IAEO,iBAAiB;QACvB,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,MAAM,CAAC,GAAG,IAAI,aAAa,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,CAAC,CAAC,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC;YAClC,CAAC;YAAC,MAAM,CAAC;gBACP,0CAA0C;YAC5C,CAAC;YACD,MAAM,CAAC,CAAC;QACV,CAAC;IACH,CAAC;IACM,MAAM,CAAC,UAAU,CAAC,IAAY;QACnC,OAAO,IAAI,YAAY,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IAC1D,CAAC;IACD,IAAW,eAAe;QACxB,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IACD,IAAW,EAAE;QACX,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC9C,CAAC;IACD,IAAW,YAAY;QACrB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC,GAAG,CAAC;IAClB,CAAC;IACD,IAAW,cAAc;QACvB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IACD,IAAW,KAAK;QACd,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,IAAI,IAAI,CAAC,OAAO,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;QAC3B,CAAC;QACD,IAAI,CAAC;YACH,MAAM,kBAAkB,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YACvE,IAAI,kBAAkB,CAAC,MAAM,KAAK,IAAI,CAAC,OAAO,EAAE,CAAC;gBAC/C,MAAM,IAAI,kBAAkB,CAC1B,sBAAsB,CAAC,4BAA4B,CACpD,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,0BAA0B,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBACzD,MAAM,IAAI,kBAAkB,CAC1B,sBAAsB,CAAC,8BAA8B,CACtD,CAAC;YACJ,CAAC;YACD,OAAO,kBAAkB,CAAC;QAC5B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,oDAAoD;YACpD,IAAI,KAAK,YAAY,kBAAkB,EAAE,CAAC;gBACxC,MAAM,KAAK,CAAC;YACd,CAAC;YACD,0FAA0F;YAC1F,MAAM,IAAI,kBAAkB,CAC1B,sBAAsB,CAAC,8BAA8B,CACtD,CAAC;QACJ,CAAC;IACH,CAAC;IACD,IAAW,aAAa;QACtB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9C,CAAC;IACD,IAAW,gBAAgB;QACzB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,OAAO,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IACD,IAAW,mBAAmB;QAC5B,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;IAClD,CAAC;IACD,IAAW,QAAQ;QACjB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,MAAM,oBAAoB,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CACnD,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAC/C,CAAC;QACF,OAAO,oBAAoB,CAAC;IAC9B,CAAC;IACO,sBAAsB,CAAC,IAAyB;QACtD,MAAM,SAAS,GACb,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACnE,IAAI,IAAI,GAAG,CAAC,CAAC;QACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC1C,IAAI,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC;QAC1D,CAAC;QACD,OAAO,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAC3B,CAAC;IACO,8BAA8B,CACpC,IAAyB;QAEzB,MAAM,QAAQ,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;QACnD,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QACtE,OAAO,MAAM,CAAC;IAChB,CAAC;IACO,sBAAsB,CAC5B,IAAyB,EACzB,QAAgB;QAEhB,MAAM,iBAAiB,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;QAC5D,MAAM,CAAC,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;QACtD,MAAM,CAAC,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC7C,OAAO,IAAI,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACpC,CAAC;IAEO,eAAe,CAAC,CAAa,EAAE,CAAa;QAClD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;YAC1B,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,MAAM,GAAG,CAAC,CAAC;QACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAClC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACxB,CAAC;QACD,OAAO,MAAM,KAAK,CAAC,CAAC;IACtB,CAAC;IACO,0BAA0B,CAAC,IAAyB;QAC1D,MAAM,oBAAoB,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CACnD,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAC/C,CAAC;QACF,OAAO,IAAI,CAAC,sBAAsB,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;IACjE,CAAC;IACO,aAAa,CAAC,IAAgB;QACpC,OAAO,UAAU,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IACzC,CAAC;IACO,eAAe,CAAC,IAAgB;QACtC,OAAO,UAAU,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IACzC,CAAC;IACD,IAAW,MAAM;QACf,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;CACF"}

package/src/secure-string.d.ts

@@ -0,0 +1,46 @@
+import type { IIdProvider } from './interfaces/id-provider';
+/**
+ * A secure string buffer is a buffer whose intent is to prevent the raw password from being stored in memory.
+ */
+export declare class SecureString {
+    private _disposed;
+    private readonly _isNull;
+    private readonly _id;
+    private readonly _idProvider;
+    private readonly _length;
+    private readonly _obfuscatedValue;
+    private readonly _key;
+    private readonly _obfuscatedChecksum;
+    private _disposedAt?;
+    constructor(data?: string | Uint8Array | null, idProvider?: IIdProvider);
+    /**
+     * Factory method for backward compatibility that uses Constants.idProvider
+     * @param data Optional data to secure
+     * @returns A new SecureString instance using the global ID provider
+     */
+    static create(data?: string | Uint8Array | null): SecureString;
+    private assertNotDisposed;
+    dispose(): void;
+    get disposedAtStack(): string | undefined;
+    get id(): string;
+    get idUint8Array(): Uint8Array;
+    get originalLength(): number;
+    get valueAsUint8Array(): Uint8Array;
+    get value(): string | null;
+    get notNullValue(): string;
+    get valueAsHexString(): string;
+    get valueAsBase64String(): string;
+    get hasValue(): boolean;
+    get checksum(): string;
+    get length(): number;
+    private generateChecksum;
+    private createSimpleChecksum;
+    private createSimpleObfuscatedChecksum;
+    private createObfuscatedChecksum;
+    private validateChecksum;
+    private timingSafeEqual;
+    private validateObfuscatedChecksum;
+    private obfuscateData;
+    private deobfuscateData;
+}
+//# sourceMappingURL=secure-string.d.ts.map

package/src/secure-string.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secure-string.d.ts","sourceRoot":"","sources":["../../../../packages/digitaldefiance-ecies-lib/src/secure-string.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAU5D;;GAEG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,SAAS,CAAkB;IACnC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;IAClC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAa;IACjC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;IAC1C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAa;IAC9C,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAa;IAClC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAa;IACjD,OAAO,CAAC,WAAW,CAAC,CAAS;gBAE3B,IAAI,CAAC,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI,EACjC,UAAU,GAAE,WAAiC;IA0B/C;;;;OAIG;IACH,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI,GAAG,YAAY;IAK9D,OAAO,CAAC,iBAAiB;IAWlB,OAAO,IAAI,IAAI;IAWtB,IAAW,eAAe,IAAI,MAAM,GAAG,SAAS,CAE/C;IACD,IAAW,EAAE,IAAI,MAAM,CAGtB;IACD,IAAW,YAAY,IAAI,UAAU,CAGpC;IACD,IAAW,cAAc,IAAI,MAAM,CAGlC;IACD,IAAW,iBAAiB,IAAI,UAAU,CAsCzC;IACD,IAAW,KAAK,IAAI,MAAM,GAAG,IAAI,CAMhC;IACD,IAAW,YAAY,IAAI,MAAM,CAMhC;IACD,IAAW,gBAAgB,IAAI,MAAM,CAGpC;IACD,IAAW,mBAAmB,IAAI,MAAM,CAGvC;IACD,IAAW,QAAQ,IAAI,OAAO,CAG7B;IACD,IAAW,QAAQ,IAAI,MAAM,CAM5B;IACD,IAAW,MAAM,IAAI,MAAM,CAG1B;YACa,gBAAgB;IAS9B,OAAO,CAAC,oBAAoB;IAQ5B,OAAO,CAAC,8BAA8B;YASxB,wBAAwB;YAOxB,gBAAgB;IAQ9B,OAAO,CAAC,eAAe;YAUT,0BAA0B;IAQxC,OAAO,CAAC,aAAa;IAGrB,OAAO,CAAC,eAAe;CAGxB"}

package/src/secure-string.js

@@ -0,0 +1,206 @@
+/// <reference path="../../../types/global.d.ts" />
+import { SecureStorageErrorType } from './enumerations/secure-storage-error-type';
+import { DisposedError } from './errors/disposed';
+import { SecureStorageError } from './errors/secure-storage';
+import { ObjectIdProvider } from './lib/id-providers/objectid-provider';
+import { XorService } from './services/xor';
+import { uint8ArrayToHex } from './utils';
+/**
+ * Default ID provider (singleton, no circular dependency)
+ */
+const DEFAULT_ID_PROVIDER = new ObjectIdProvider();
+/**
+ * A secure string buffer is a buffer whose intent is to prevent the raw password from being stored in memory.
+ */
+export class SecureString {
+    _disposed = false;
+    _isNull;
+    _id;
+    _idProvider;
+    _length;
+    _obfuscatedValue;
+    _key;
+    _obfuscatedChecksum;
+    _disposedAt;
+    constructor(data, idProvider = DEFAULT_ID_PROVIDER) {
+        this._idProvider = idProvider;
+        this._id = this._idProvider.generate();
+        // only treat null/undefined as null, empty strings/arrays are valid empty data
+        if (data === null || data === undefined) {
+            this._isNull = true;
+            this._length = 0;
+            this._obfuscatedValue = new Uint8Array(0);
+            this._key = new Uint8Array(0);
+            this._obfuscatedChecksum = new Uint8Array(0);
+            return;
+        }
+        this._isNull = false;
+        this._key = this._id;
+        const dataAsUint8Array = typeof data === 'string'
+            ? new TextEncoder().encode(data)
+            : data;
+        // Store the byte length, not the character length
+        this._length = dataAsUint8Array.length;
+        this._obfuscatedValue = this.obfuscateData(dataAsUint8Array);
+        this._obfuscatedChecksum =
+            this.createSimpleObfuscatedChecksum(dataAsUint8Array);
+    }
+    /**
+     * Factory method for backward compatibility that uses Constants.idProvider
+     * @param data Optional data to secure
+     * @returns A new SecureString instance using the global ID provider
+     */
+    static create(data) {
+        const { Constants } = require('./constants');
+        return new SecureString(data, Constants.idProvider);
+    }
+    assertNotDisposed() {
+        if (this._disposed) {
+            const e = new DisposedError();
+            try {
+                e.disposedAt = this._disposedAt;
+            }
+            catch {
+                // ignore if Error object is sealed/frozen
+            }
+            throw e;
+        }
+    }
+    dispose() {
+        const err = new DisposedError();
+        if (typeof Error.captureStackTrace === 'function') {
+            Error.captureStackTrace(err, this.dispose);
+        }
+        this._disposedAt = err.stack ?? 'stack unavailable';
+        this._obfuscatedValue.fill(0);
+        this._key.fill(0);
+        this._obfuscatedChecksum.fill(0);
+        this._disposed = true;
+    }
+    get disposedAtStack() {
+        return this._disposedAt;
+    }
+    get id() {
+        this.assertNotDisposed();
+        return this._idProvider.serialize(this._id);
+    }
+    get idUint8Array() {
+        this.assertNotDisposed();
+        return this._id;
+    }
+    get originalLength() {
+        this.assertNotDisposed();
+        return this._length;
+    }
+    get valueAsUint8Array() {
+        this.assertNotDisposed();
+        if (this._isNull) {
+            return new Uint8Array(0);
+        }
+        try {
+            const deobfuscatedResult = this.deobfuscateData(this._obfuscatedValue);
+            if (deobfuscatedResult.length !== this._length) {
+                throw new SecureStorageError(SecureStorageErrorType.DecryptedValueLengthMismatch);
+            }
+            // Validate checksum
+            const expectedChecksum = this.createSimpleChecksum(deobfuscatedResult);
+            const storedChecksum = new TextDecoder().decode(this.deobfuscateData(this._obfuscatedChecksum));
+            const expectedBytes = new TextEncoder().encode(expectedChecksum);
+            const storedBytes = new TextEncoder().encode(storedChecksum);
+            if (!this.timingSafeEqual(expectedBytes, storedBytes)) {
+                throw new SecureStorageError(SecureStorageErrorType.DecryptedValueChecksumMismatch);
+            }
+            return deobfuscatedResult;
+        }
+        catch (error) {
+            // If it's already a SecureStorageError, re-throw it
+            if (error instanceof SecureStorageError) {
+                throw error;
+            }
+            // Convert any other error to SecureStorageError
+            throw new SecureStorageError(SecureStorageErrorType.DecryptedValueChecksumMismatch);
+        }
+    }
+    get value() {
+        this.assertNotDisposed();
+        if (this._isNull) {
+            return null;
+        }
+        return new TextDecoder().decode(this.valueAsUint8Array);
+    }
+    get notNullValue() {
+        this.assertNotDisposed();
+        if (this._isNull) {
+            throw new SecureStorageError(SecureStorageErrorType.ValueIsNull);
+        }
+        return new TextDecoder().decode(this.valueAsUint8Array);
+    }
+    get valueAsHexString() {
+        this.assertNotDisposed();
+        return uint8ArrayToHex(this.valueAsUint8Array);
+    }
+    get valueAsBase64String() {
+        this.assertNotDisposed();
+        return btoa(String.fromCharCode(...this.valueAsUint8Array));
+    }
+    get hasValue() {
+        this.assertNotDisposed();
+        return !this._isNull && this._length > 0;
+    }
+    get checksum() {
+        this.assertNotDisposed();
+        const deobfuscatedChecksum = new TextDecoder().decode(this.deobfuscateData(this._obfuscatedChecksum));
+        return deobfuscatedChecksum;
+    }
+    get length() {
+        this.assertNotDisposed();
+        return this._length;
+    }
+    async generateChecksum(data) {
+        const dataBytes = typeof data === 'string' ? new TextEncoder().encode(data) : data;
+        const hashArray = await crypto.subtle.digest('SHA-256', new Uint8Array(dataBytes));
+        return uint8ArrayToHex(new Uint8Array(hashArray));
+    }
+    createSimpleChecksum(data) {
+        let hash = 0;
+        for (let i = 0; i < data.length; i++) {
+            hash = ((hash << 5) - hash + data[i]) & 0xffffffff;
+        }
+        return hash.toString(16);
+    }
+    createSimpleObfuscatedChecksum(data) {
+        const dataBytes = typeof data === 'string' ? new TextEncoder().encode(data) : data;
+        const checksum = this.createSimpleChecksum(dataBytes);
+        return this.obfuscateData(new TextEncoder().encode(checksum));
+    }
+    async createObfuscatedChecksum(data) {
+        const checksum = await this.generateChecksum(data);
+        const result = this.obfuscateData(new TextEncoder().encode(checksum));
+        return result;
+    }
+    async validateChecksum(data, checksum) {
+        const generatedChecksum = await this.generateChecksum(data);
+        return generatedChecksum === checksum;
+    }
+    timingSafeEqual(a, b) {
+        if (a.length !== b.length) {
+            return false;
+        }
+        let result = 0;
+        for (let i = 0; i < a.length; i++) {
+            result |= a[i] ^ b[i];
+        }
+        return result === 0;
+    }
+    async validateObfuscatedChecksum(data) {
+        const deobfuscatedChecksum = new TextDecoder().decode(this.deobfuscateData(this._obfuscatedChecksum));
+        return this.validateChecksum(data, deobfuscatedChecksum);
+    }
+    obfuscateData(data) {
+        return XorService.xor(data, this._key);
+    }
+    deobfuscateData(data) {
+        return XorService.xor(data, this._key);
+    }
+}
+//# sourceMappingURL=secure-string.js.map

package/src/secure-string.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secure-string.js","sourceRoot":"","sources":["../../../../packages/digitaldefiance-ecies-lib/src/secure-string.ts"],"names":[],"mappings":"AAAA,mDAAmD;AACnD,OAAO,EAAE,sBAAsB,EAAE,MAAM,0CAA0C,CAAC;AAClF,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AACxE,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAE1C;;GAEG;AACH,MAAM,mBAAmB,GAAG,IAAI,gBAAgB,EAAE,CAAC;AAEnD;;GAEG;AACH,MAAM,OAAO,YAAY;IACf,SAAS,GAAY,KAAK,CAAC;IAClB,OAAO,CAAU;IACjB,GAAG,CAAa;IAChB,WAAW,CAAc;IACzB,OAAO,CAAS;IAChB,gBAAgB,CAAa;IAC7B,IAAI,CAAa;IACjB,mBAAmB,CAAa;IACzC,WAAW,CAAU;IAC7B,YACE,IAAiC,EACjC,aAA0B,mBAAmB;QAE7C,IAAI,CAAC,WAAW,GAAG,UAAU,CAAC;QAC9B,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;QACvC,+EAA+E;QAC/E,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACxC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;YACpB,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC;YACjB,IAAI,CAAC,gBAAgB,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;YAC1C,IAAI,CAAC,IAAI,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;YAC9B,IAAI,CAAC,mBAAmB,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;YAC7C,OAAO;QACT,CAAC;QACD,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;QACrB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC;QACrB,MAAM,gBAAgB,GACpB,OAAO,IAAI,KAAK,QAAQ;YACtB,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC;YAChC,CAAC,CAAE,IAAmB,CAAC;QAC3B,kDAAkD;QAClD,IAAI,CAAC,OAAO,GAAG,gBAAgB,CAAC,MAAM,CAAC;QACvC,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;QAC7D,IAAI,CAAC,mBAAmB;YACtB,IAAI,CAAC,8BAA8B,CAAC,gBAAgB,CAAC,CAAC;IAC1D,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,MAAM,CAAC,IAAiC;QAC7C,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;QAC7C,OAAO,IAAI,YAAY,CAAC,IAAI,EAAE,SAAS,CAAC,UAAU,CAAC,CAAC;IACtD,CAAC;IAEO,iBAAiB;QACvB,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,MAAM,CAAC,GAAG,IAAI,aAAa,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,CAAC,CAAC,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC;YAClC,CAAC;YAAC,MAAM,CAAC;gBACP,0CAA0C;YAC5C,CAAC;YACD,MAAM,CAAC,CAAC;QACV,CAAC;IACH,CAAC;IACM,OAAO;QACZ,MAAM,GAAG,GAAG,IAAI,aAAa,EAAE,CAAC;QAChC,IAAI,OAAO,KAAK,CAAC,iBAAiB,KAAK,UAAU,EAAE,CAAC;YAClD,KAAK,CAAC,iBAAiB,CAAC,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QAC7C,CAAC;QACD,IAAI,CAAC,WAAW,GAAG,GAAG,CAAC,KAAK,IAAI,mBAAmB,CAAC;QACpD,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC9B,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;IACxB,CAAC;IACD,IAAW,eAAe;QACxB,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IACD,IAAW,EAAE;QACX,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC9C,CAAC;IACD,IAAW,YAAY;QACrB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC,GAAG,CAAC;IAClB,CAAC;IACD,IAAW,cAAc;QACvB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IACD,IAAW,iBAAiB;QAC1B,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;QAC3B,CAAC;QACD,IAAI,CAAC;YACH,MAAM,kBAAkB,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YACvE,IAAI,kBAAkB,CAAC,MAAM,KAAK,IAAI,CAAC,OAAO,EAAE,CAAC;gBAC/C,MAAM,IAAI,kBAAkB,CAC1B,sBAAsB,CAAC,4BAA4B,CACpD,CAAC;YACJ,CAAC;YAED,oBAAoB;YACpB,MAAM,gBAAgB,GAAG,IAAI,CAAC,oBAAoB,CAAC,kBAAkB,CAAC,CAAC;YACvE,MAAM,cAAc,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAC7C,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAC/C,CAAC;YAEF,MAAM,aAAa,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;YACjE,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;YAC7D,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,aAAa,EAAE,WAAW,CAAC,EAAE,CAAC;gBACtD,MAAM,IAAI,kBAAkB,CAC1B,sBAAsB,CAAC,8BAA8B,CACtD,CAAC;YACJ,CAAC;YAED,OAAO,kBAAkB,CAAC;QAC5B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,oDAAoD;YACpD,IAAI,KAAK,YAAY,kBAAkB,EAAE,CAAC;gBACxC,MAAM,KAAK,CAAC;YACd,CAAC;YACD,gDAAgD;YAChD,MAAM,IAAI,kBAAkB,CAC1B,sBAAsB,CAAC,8BAA8B,CACtD,CAAC;QACJ,CAAC;IACH,CAAC;IACD,IAAW,KAAK;QACd,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAC1D,CAAC;IACD,IAAW,YAAY;QACrB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,IAAI,kBAAkB,CAAC,sBAAsB,CAAC,WAAW,CAAC,CAAC;QACnE,CAAC;QACD,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAC1D,CAAC;IACD,IAAW,gBAAgB;QACzB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,OAAO,eAAe,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IACjD,CAAC;IACD,IAAW,mBAAmB;QAC5B,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAC9D,CAAC;IACD,IAAW,QAAQ;QACjB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,OAAO,CAAC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC;IAC3C,CAAC;IACD,IAAW,QAAQ;QACjB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,MAAM,oBAAoB,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CACnD,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAC/C,CAAC;QACF,OAAO,oBAAoB,CAAC;IAC9B,CAAC;IACD,IAAW,MAAM;QACf,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IACO,KAAK,CAAC,gBAAgB,CAAC,IAAyB;QACtD,MAAM,SAAS,GACb,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACnE,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAC1C,SAAS,EACT,IAAI,UAAU,CAAC,SAAS,CAAC,CAC1B,CAAC;QACF,OAAO,eAAe,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC;IACpD,CAAC;IACO,oBAAoB,CAAC,IAAgB;QAC3C,IAAI,IAAI,GAAG,CAAC,CAAC;QACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,IAAI,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC;QACrD,CAAC;QACD,OAAO,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAC3B,CAAC;IAEO,8BAA8B,CACpC,IAAyB;QAEzB,MAAM,SAAS,GACb,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACnE,MAAM,QAAQ,GAAG,IAAI,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC,aAAa,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;IAChE,CAAC;IAEO,KAAK,CAAC,wBAAwB,CACpC,IAAyB;QAEzB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;QACnD,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QACtE,OAAO,MAAM,CAAC;IAChB,CAAC;IACO,KAAK,CAAC,gBAAgB,CAC5B,IAAyB,EACzB,QAAgB;QAEhB,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAC5D,OAAO,iBAAiB,KAAK,QAAQ,CAAC;IACxC,CAAC;IAEO,eAAe,CAAC,CAAa,EAAE,CAAa;QAClD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;YAC1B,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,MAAM,GAAG,CAAC,CAAC;QACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAClC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACxB,CAAC;QACD,OAAO,MAAM,KAAK,CAAC,CAAC;IACtB,CAAC;IACO,KAAK,CAAC,0BAA0B,CACtC,IAAyB;QAEzB,MAAM,oBAAoB,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CACnD,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAC/C,CAAC;QACF,OAAO,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;IAC3D,CAAC;IACO,aAAa,CAAC,IAAgB;QACpC,OAAO,UAAU,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IACzC,CAAC;IACO,eAAe,CAAC,IAAgB;QACtC,OAAO,UAAU,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IACzC,CAAC;CACF"}

package/src/services/aes-gcm.d.ts

@@ -0,0 +1,57 @@
+import { IECIESConstants } from '../interfaces/ecies-consts';
+export declare abstract class AESGCMService {
+    static readonly ALGORITHM_NAME = "AES-GCM";
+    /**
+     * Encrypt data using AES-GCM
+     * @param data Data to encrypt
+     * @param key Key to use for encryption (must be 16, 24 or 32 bytes for AES)
+     * @returns Encrypted data
+     */
+    static encrypt(data: Uint8Array, key: Uint8Array, authTag?: boolean, eciesParams?: IECIESConstants, aad?: Uint8Array): Promise<{
+        encrypted: Uint8Array;
+        iv: Uint8Array;
+        tag?: Uint8Array;
+    }>;
+    /**
+     * Combine encrypted data and auth tag into a single Uint8Array
+     * @param encryptedData The encrypted data
+     * @param authTag The authentication tag
+     * @returns The combined Uint8Array
+     */
+    static combineEncryptedDataAndTag(encryptedData: Uint8Array, authTag: Uint8Array): Uint8Array;
+    /**
+     * Combine IV and encrypted data (with optional auth tag) into a single Uint8Array
+     * @param iv The initialization vector
+     * @param encryptedDataWithTag The encrypted data with auth tag already appended (if applicable)
+     * @returns The combined Uint8Array
+     */
+    static combineIvAndEncryptedData(iv: Uint8Array, encryptedDataWithTag: Uint8Array): Uint8Array;
+    /**
+     * Combine IV, encrypted data and auth tag into a single Uint8Array
+     * @param iv The initialization vector
+     * @param encryptedData The encrypted data
+     * @param authTag The authentication tag
+     * @returns The combined Uint8Array
+     */
+    static combineIvTagAndEncryptedData(iv: Uint8Array, encryptedData: Uint8Array, authTag: Uint8Array): Uint8Array;
+    /**
+     * Split combined encrypted data back into its components
+     * @param combinedData The combined data containing IV, encrypted data, and optionally auth tag
+     * @param hasAuthTag Whether the combined data includes an authentication tag
+     * @returns Object containing the split components
+     */
+    static splitEncryptedData(combinedData: Uint8Array, hasAuthTag?: boolean, eciesParams?: IECIESConstants): {
+        iv: Uint8Array;
+        encryptedDataWithTag: Uint8Array;
+    };
+    /**
+     * Decrypt data using AES-GCM
+     * @param iv The initialization vector
+     * @param encryptedData Data to decrypt (with auth tag appended if authTag is true)
+     * @param key Key to use for decryption (must be 16, 24 or 32 bytes for AES)
+     * @param authTag Whether the encrypted data includes an authentication tag
+     * @returns Decrypted data
+     */
+    static decrypt(iv: Uint8Array, encryptedData: Uint8Array, key: Uint8Array, authTag?: boolean, eciesParams?: IECIESConstants, aad?: Uint8Array): Promise<Uint8Array>;
+}
+//# sourceMappingURL=aes-gcm.d.ts.map

package/src/services/aes-gcm.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"aes-gcm.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-ecies-lib/src/services/aes-gcm.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAK7D,8BAAsB,aAAa;IACjC,gBAAuB,cAAc,aAAa;IAClD;;;;;OAKG;WACiB,OAAO,CACzB,IAAI,EAAE,UAAU,EAChB,GAAG,EAAE,UAAU,EACf,OAAO,GAAE,OAAe,EACxB,WAAW,GAAE,eAAiC,EAC9C,GAAG,CAAC,EAAE,UAAU,GACf,OAAO,CAAC;QAAE,SAAS,EAAE,UAAU,CAAC;QAAC,EAAE,EAAE,UAAU,CAAC;QAAC,GAAG,CAAC,EAAE,UAAU,CAAA;KAAE,CAAC;IAiDvE;;;;;OAKG;WACW,0BAA0B,CACtC,aAAa,EAAE,UAAU,EACzB,OAAO,EAAE,UAAU,GAClB,UAAU;IAOb;;;;;OAKG;WACW,yBAAyB,CACrC,EAAE,EAAE,UAAU,EACd,oBAAoB,EAAE,UAAU,GAC/B,UAAU;IAOb;;;;;;OAMG;WACW,4BAA4B,CACxC,EAAE,EAAE,UAAU,EACd,aAAa,EAAE,UAAU,EACzB,OAAO,EAAE,UAAU,GAClB,UAAU;IAQb;;;;;OAKG;WACW,kBAAkB,CAC9B,YAAY,EAAE,UAAU,EACxB,UAAU,GAAE,OAAc,EAC1B,WAAW,GAAE,eAAiC,GAC7C;QAAE,EAAE,EAAE,UAAU,CAAC;QAAC,oBAAoB,EAAE,UAAU,CAAA;KAAE;IAkBvD;;;;;;;OAOG;WACiB,OAAO,CACzB,EAAE,EAAE,UAAU,EACd,aAAa,EAAE,UAAU,EACzB,GAAG,EAAE,UAAU,EACf,OAAO,GAAE,OAAe,EACxB,WAAW,GAAE,eAAiC,EAC9C,GAAG,CAAC,EAAE,UAAU,GACf,OAAO,CAAC,UAAU,CAAC;CAyDvB"}