@enbox/agent 0.0.1

package/dist/esm/prototyping/crypto/primitives/aes-gcm.js

@@ -0,0 +1,352 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __rest = (this && this.__rest) || function (s, e) {
+    var t = {};
+    for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
+        t[p] = s[p];
+    if (s != null && typeof Object.getOwnPropertySymbols === "function")
+        for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
+            if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
+                t[p[i]] = s[p[i]];
+        }
+    return t;
+};
+import { Convert } from '@enbox/common';
+import { getWebcryptoSubtle } from '@noble/ciphers/webcrypto';
+import { computeJwkThumbprint, isOctPrivateJwk } from '@enbox/crypto';
+/**
+ * Const defining the AES-GCM initialization vector (IV) length in bits.
+ *
+ * @remarks
+ * NIST Special Publication 800-38D, Section 5.2.1.1 states that the IV length:
+ * > For IVs, it is recommended that implementations restrict support to the length of 96 bits, to
+ * > promote interoperability, efficiency, and simplicity of design.
+ *
+ * This implementation does not support IV lengths that are different from the value defined by
+ * this constant.
+ *
+ * @see {@link https://doi.org/10.6028/NIST.SP.800-38D | NIST SP 800-38D}
+ */
+const AES_GCM_IV_LENGTH = 96;
+/**
+ * Constant defining the AES key length values in bits.
+ *
+ * @remarks
+ * NIST publication FIPS 197 states:
+ * > The AES algorithm is capable of using cryptographic keys of 128, 192, and 256 bits to encrypt
+ * > and decrypt data in blocks of 128 bits.
+ *
+ * This implementation does not support key lengths that are different from the three values
+ * defined by this constant.
+ *
+ * @see {@link https://doi.org/10.6028/NIST.FIPS.197-upd1 | NIST FIPS 197}
+ */
+const AES_KEY_LENGTHS = [128, 192, 256];
+/**
+ * Constant defining the AES-GCM tag length values in bits.
+ *
+ * @remarks
+ * NIST Special Publication 800-38D, Section 5.2.1.2 states that the tag length:
+ * > may be any one of the following five values: 128, 120, 112, 104, or 96
+ *
+ * Although the NIST specification allows for tag lengths of 32 or 64 bits in certain applications,
+ * the use of shorter tag lengths can be problematic for GCM due to targeted forgery attacks. As a
+ * precaution, this implementation does not support tag lengths that are different from the five
+ * values defined by this constant. See Appendix C of the NIST SP 800-38D specification for
+ * additional guidance and details.
+ *
+ * @see {@link https://doi.org/10.6028/NIST.SP.800-38D | NIST SP 800-38D}
+ */
+export const AES_GCM_TAG_LENGTHS = [96, 104, 112, 120, 128];
+/**
+ * The `AesGcm` class provides a comprehensive set of utilities for cryptographic operations
+ * using the Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM). This class includes
+ * methods for key generation, encryption, decryption, and conversions between raw byte arrays
+ * and JSON Web Key (JWK) formats. It is designed to support AES-GCM, a symmetric key algorithm
+ * that is widely used for its efficiency, security, and provision of authenticated encryption.
+ *
+ * AES-GCM is particularly favored for scenarios that require both confidentiality and integrity
+ * of data. It integrates the counter mode of encryption with the Galois mode of authentication,
+ * offering high performance and parallel processing capabilities.
+ *
+ * Key Features:
+ * - Key Generation: Generate AES symmetric keys in JWK format.
+ * - Key Conversion: Transform keys between raw byte arrays and JWK formats.
+ * - Encryption: Encrypt data using AES-GCM with the provided symmetric key.
+ * - Decryption: Decrypt data encrypted with AES-GCM using the corresponding symmetric key.
+ *
+ * The methods in this class are asynchronous, returning Promises to accommodate various
+ * JavaScript environments.
+ *
+ * @example
+ * ```ts
+ * // Key Generation
+ * const length = 256; // Length of the key in bits (e.g., 128, 192, 256)
+ * const privateKey = await AesGcm.generateKey({ length });
+ *
+ * // Encryption
+ * const data = new TextEncoder().encode('Messsage');
+ * const iv = new Uint8Array(12); // 12-byte initialization vector
+ * const encryptedData = await AesGcm.encrypt({
+ *   data,
+ *   iv,
+ *   key: privateKey
+ * });
+ *
+ * // Decryption
+ * const decryptedData = await AesGcm.decrypt({
+ *   data: encryptedData,
+ *   iv,
+ *   key: privateKey
+ * });
+ *
+ * // Key Conversion
+ * const privateKeyBytes = await AesGcm.privateKeyToBytes({ privateKey });
+ * ```
+ */
+export class AesGcm {
+    /**
+   * Converts a raw private key in bytes to its corresponding JSON Web Key (JWK) format.
+   *
+   * @remarks
+   * This method accepts a symmetric key represented as a byte array (Uint8Array) and
+   * converts it into a JWK object for use with AES-GCM (Advanced Encryption Standard -
+   * Galois/Counter Mode). The conversion process involves encoding the key into
+   * base64url format and setting the appropriate JWK parameters.
+   *
+   * The resulting JWK object includes the following properties:
+   * - `kty`: Key Type, set to 'oct' for Octet Sequence (representing a symmetric key).
+   * - `k`: The symmetric key, base64url-encoded.
+   * - `kid`: Key ID, generated based on the JWK thumbprint.
+   *
+   * @example
+   * ```ts
+   * const privateKeyBytes = new Uint8Array([...]); // Replace with actual symmetric key bytes
+   * const privateKey = await AesGcm.bytesToPrivateKey({ privateKeyBytes });
+   * ```
+   *
+   * @param params - The parameters for the symmetric key conversion.
+   * @param params.privateKeyBytes - The raw symmetric key as a Uint8Array.
+   *
+   * @returns A Promise that resolves to the symmetric key in JWK format.
+   */
+    static bytesToPrivateKey({ privateKeyBytes }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Construct the private key in JWK format.
+            const privateKey = {
+                k: Convert.uint8Array(privateKeyBytes).toBase64Url(),
+                kty: 'oct'
+            };
+            // Compute the JWK thumbprint and set as the key ID.
+            privateKey.kid = yield computeJwkThumbprint({ jwk: privateKey });
+            // Add algorithm identifier based on key length.
+            const lengthInBits = privateKeyBytes.length * 8;
+            privateKey.alg = { 128: 'A128GCM', 192: 'A192GCM', 256: 'A256GCM' }[lengthInBits];
+            return privateKey;
+        });
+    }
+    /**
+     * Decrypts the provided data using AES-GCM.
+     *
+     * @remarks
+     * This method performs AES-GCM decryption on the given encrypted data using the specified key.
+     * It requires an initialization vector (IV), the encrypted data along with the decryption key,
+     * and optionally, additional authenticated data (AAD). The method returns the decrypted data as a
+     * Uint8Array. The optional `tagLength` parameter specifies the size in bits of the authentication
+     * tag used when encrypting the data. If not specified, the default tag length of 128 bits is
+     * used.
+     *
+     * @example
+     * ```ts
+     * const encryptedData = new Uint8Array([...]); // Encrypted data
+     * const iv = new Uint8Array([...]); // Initialization vector used during encryption
+     * const additionalData = new Uint8Array([...]); // Optional additional authenticated data
+     * const key = { ... }; // A Jwk object representing the AES key
+     * const decryptedData = await AesGcm.decrypt({
+     *   data: encryptedData,
+     *   iv,
+     *   additionalData,
+     *   key,
+     *   tagLength: 128 // Optional tag length in bits
+     * });
+     * ```
+     *
+     * @param params - The parameters for the decryption operation.
+     * @param params.key - The key to use for decryption, represented in JWK format.
+     * @param params.data - The encrypted data to decrypt, represented as a Uint8Array.
+     * @param params.iv - The initialization vector, represented as a Uint8Array.
+     * @param params.additionalData - Optional additional authenticated data. Optional.
+     * @param params.tagLength - The length of the authentication tag in bits. Optional.
+     *
+     * @returns A Promise that resolves to the decrypted data as a Uint8Array.
+     */
+    static decrypt({ key, data, iv, additionalData, tagLength }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Validate the initialization vector length.
+            if (iv.byteLength !== AES_GCM_IV_LENGTH / 8) {
+                throw new TypeError(`The initialization vector must be ${AES_GCM_IV_LENGTH} bits in length`);
+            }
+            // Validate the tag length.
+            if (tagLength && !AES_GCM_TAG_LENGTHS.includes(tagLength)) {
+                throw new RangeError(`The tag length is invalid: Must be ${AES_GCM_TAG_LENGTHS.join(', ')} bits`);
+            }
+            // Get the Web Crypto API interface.
+            const webCrypto = getWebcryptoSubtle();
+            // Import the JWK into the Web Crypto API to use for the decrypt operation.
+            const webCryptoKey = yield webCrypto.importKey('jwk', key, { name: 'AES-GCM' }, true, ['decrypt']);
+            // Browser implementations of the Web Crypto API throw an error if additionalData is undefined.
+            const algorithm = (additionalData === undefined)
+                ? { name: 'AES-GCM', iv, tagLength }
+                : { name: 'AES-GCM', additionalData, iv, tagLength };
+            // Decrypt the data.
+            const plaintextBuffer = yield webCrypto.decrypt(algorithm, webCryptoKey, data);
+            // Convert from ArrayBuffer to Uint8Array.
+            const plaintext = new Uint8Array(plaintextBuffer);
+            return plaintext;
+        });
+    }
+    /**
+     * Encrypts the provided data using AES-GCM.
+     *
+     * @remarks
+     * This method performs AES-GCM encryption on the given data using the specified key.
+     * It requires an initialization vector (IV), the encrypted data along with the decryption key,
+     * and optionally, additional authenticated data (AAD). The method returns the encrypted data as a
+     * Uint8Array. The optional `tagLength` parameter specifies the size in bits of the authentication
+     * tag generated in the encryption operation and used for authentication in the corresponding
+     * decryption. If not specified, the default tag length of 128 bits is used.
+     *
+     * @example
+     * ```ts
+     * const data = new TextEncoder().encode('Messsage');
+     * const iv = new Uint8Array([...]); // Initialization vector
+     * const additionalData = new Uint8Array([...]); // Optional additional authenticated data
+     * const key = { ... }; // A Jwk object representing an AES key
+     * const encryptedData = await AesGcm.encrypt({
+     *   data,
+     *   iv,
+     *   additionalData,
+     *   key,
+     *   tagLength: 128 // Optional tag length in bits
+     * });
+     * ```
+     *
+     * @param params - The parameters for the encryption operation.
+     * @param params.key - The key to use for encryption, represented in JWK format.
+     * @param params.data - The data to encrypt, represented as a Uint8Array.
+     * @param params.iv - The initialization vector, represented as a Uint8Array.
+     * @param params.additionalData - Optional additional authenticated data. Optional.
+     * @param params.tagLength - The length of the authentication tag in bits. Optional.
+     *
+     * @returns A Promise that resolves to the encrypted data as a Uint8Array.
+     */
+    static encrypt({ data, iv, key, additionalData, tagLength }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Validate the initialization vector length.
+            if (iv.byteLength !== AES_GCM_IV_LENGTH / 8) {
+                throw new TypeError(`The initialization vector must be ${AES_GCM_IV_LENGTH} bits in length`);
+            }
+            // Validate the tag length.
+            if (tagLength && !AES_GCM_TAG_LENGTHS.includes(tagLength)) {
+                throw new RangeError(`The tag length is invalid: Must be ${AES_GCM_TAG_LENGTHS.join(', ')} bits`);
+            }
+            // Get the Web Crypto API interface.
+            const webCrypto = getWebcryptoSubtle();
+            // Import the JWK into the Web Crypto API to use for the encrypt operation.
+            const webCryptoKey = yield webCrypto.importKey('jwk', key, { name: 'AES-GCM' }, true, ['encrypt']);
+            // Browser implementations of the Web Crypto API throw an error if additionalData is undefined.
+            const algorithm = (additionalData === undefined)
+                ? { name: 'AES-GCM', iv, tagLength }
+                : { name: 'AES-GCM', additionalData, iv, tagLength };
+            // Encrypt the data.
+            const ciphertextBuffer = yield webCrypto.encrypt(algorithm, webCryptoKey, data);
+            // Convert from ArrayBuffer to Uint8Array.
+            const ciphertext = new Uint8Array(ciphertextBuffer);
+            return ciphertext;
+        });
+    }
+    /**
+     * Generates a symmetric key for AES in Galois/Counter Mode (GCM) in JSON Web Key (JWK) format.
+     *
+     * @remarks
+     * This method creates a new symmetric key of a specified length suitable for use with
+     * AES-GCM encryption. It leverages cryptographically secure random number generation
+     * to ensure the uniqueness and security of the key. The generated key adheres to the JWK
+     * format, facilitating compatibility with common cryptographic standards and ease of use
+     * in various cryptographic applications.
+     *
+     * The generated key includes these components:
+     * - `kty`: Key Type, set to 'oct' for Octet Sequence, indicating a symmetric key.
+     * - `k`: The symmetric key component, base64url-encoded.
+     * - `kid`: Key ID, generated based on the JWK thumbprint, providing a unique identifier.
+     *
+     * @example
+     * ```ts
+     * const length = 256; // Length of the key in bits (e.g., 128, 192, 256)
+     * const privateKey = await AesGcm.generateKey({ length });
+     * ```
+     *
+     * @param params - The parameters for the key generation.
+     * @param params.length - The length of the key in bits. Common lengths are 128, 192, and 256 bits.
+     *
+     * @returns A Promise that resolves to the generated symmetric key in JWK format.
+     */
+    static generateKey({ length }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Validate the key length.
+            if (!AES_KEY_LENGTHS.includes(length)) {
+                throw new RangeError(`The key length is invalid: Must be ${AES_KEY_LENGTHS.join(', ')} bits`);
+            }
+            // Get the Web Crypto API interface.
+            const webCrypto = getWebcryptoSubtle();
+            // Generate a random private key.
+            // See https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues#usage_notes for
+            // an explanation for why Web Crypto generateKey() is used instead of getRandomValues().
+            const webCryptoKey = yield webCrypto.generateKey({ name: 'AES-GCM', length }, true, ['encrypt']);
+            // Export the private key in JWK format.
+            const _a = yield webCrypto.exportKey('jwk', webCryptoKey), { ext, key_ops } = _a, privateKey = __rest(_a, ["ext", "key_ops"]);
+            // Compute the JWK thumbprint and set as the key ID.
+            privateKey.kid = yield computeJwkThumbprint({ jwk: privateKey });
+            return privateKey;
+        });
+    }
+    /**
+     * Converts a private key from JSON Web Key (JWK) format to a raw byte array (Uint8Array).
+     *
+     * @remarks
+     * This method takes a symmetric key in JWK format and extracts its raw byte representation.
+     * It focuses on the 'k' parameter of the JWK, which represents the symmetric key component
+     * in base64url encoding. The method decodes this value into a byte array, providing
+     * the symmetric key in its raw binary form.
+     *
+     * @example
+     * ```ts
+     * const privateKey = { ... }; // A symmetric key in JWK format
+     * const privateKeyBytes = await AesGcm.privateKeyToBytes({ privateKey });
+     * ```
+     *
+     * @param params - The parameters for the symmetric key conversion.
+     * @param params.privateKey - The symmetric key in JWK format.
+     *
+     * @returns A Promise that resolves to the symmetric key as a Uint8Array.
+     */
+    static privateKeyToBytes({ privateKey }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Verify the provided JWK represents a valid oct private key.
+            if (!isOctPrivateJwk(privateKey)) {
+                throw new Error(`AesGcm: The provided key is not a valid oct private key.`);
+            }
+            // Decode the provided private key to bytes.
+            const privateKeyBytes = Convert.base64Url(privateKey.k).toUint8Array();
+            return privateKeyBytes;
+        });
+    }
+}
+//# sourceMappingURL=aes-gcm.js.map

package/dist/esm/prototyping/crypto/primitives/aes-gcm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aes-gcm.js","sourceRoot":"","sources":["../../../../../src/prototyping/crypto/primitives/aes-gcm.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAI9D,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAEtE;;;;;;;;;;;;GAYG;AACH,MAAM,iBAAiB,GAAG,EAAE,CAAC;AAE7B;;;;;;;;;;;;GAYG;AACH,MAAM,eAAe,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAU,CAAC;AAEjD;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAU,CAAC;AAErE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6CG;AACH,MAAM,OAAO,MAAM;IACjB;;;;;;;;;;;;;;;;;;;;;;;;KAwBC;IACM,MAAM,CAAO,iBAAiB,CAAC,EAAE,eAAe,EAEtD;;YACC,2CAA2C;YAC3C,MAAM,UAAU,GAAQ;gBACtB,CAAC,EAAK,OAAO,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,WAAW,EAAE;gBACvD,GAAG,EAAG,KAAK;aACZ,CAAC;YAEF,oDAAoD;YACpD,UAAU,CAAC,GAAG,GAAG,MAAM,oBAAoB,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC,CAAC;YAEjE,gDAAgD;YAChD,MAAM,YAAY,GAAG,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC;YAChD,UAAU,CAAC,GAAG,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,CAAC;YAElF,OAAO,UAAU,CAAC;QACpB,CAAC;KAAA;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAkCG;IACI,MAAM,CAAO,OAAO,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,cAAc,EAAE,SAAS,EAMrE;;YACC,6CAA6C;YAC7C,IAAI,EAAE,CAAC,UAAU,KAAK,iBAAiB,GAAG,CAAC,EAAE;gBAC3C,MAAM,IAAI,SAAS,CAAC,qCAAqC,iBAAiB,iBAAiB,CAAC,CAAC;aAC9F;YAED,2BAA2B;YAC3B,IAAI,SAAS,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,SAAgB,CAAC,EAAE;gBAChE,MAAM,IAAI,UAAU,CAAC,sCAAsC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;aACnG;YAED,oCAAoC;YACpC,MAAM,SAAS,GAAG,kBAAkB,EAAE,CAAC;YAEvC,2EAA2E;YAC3E,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;YAEnG,+FAA+F;YAC/F,MAAM,SAAS,GAAG,CAAC,cAAc,KAAK,SAAS,CAAC;gBAC9C,CAAC,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS,EAAE;gBACpC,CAAC,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,cAAc,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC;YAEvD,oBAAoB;YACpB,MAAM,eAAe,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,YAAY,EAAE,IAAI,CAAC,CAAC;YAE/E,0CAA0C;YAC1C,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,eAAe,CAAC,CAAC;YAElD,OAAO,SAAS,CAAC;QACnB,CAAC;KAAA;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAkCG;IACI,MAAM,CAAO,OAAO,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,cAAc,EAAE,SAAS,EAMrE;;YACC,6CAA6C;YAC7C,IAAI,EAAE,CAAC,UAAU,KAAK,iBAAiB,GAAG,CAAC,EAAE;gBAC3C,MAAM,IAAI,SAAS,CAAC,qCAAqC,iBAAiB,iBAAiB,CAAC,CAAC;aAC9F;YAED,2BAA2B;YAC3B,IAAI,SAAS,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,SAAgB,CAAC,EAAE;gBAChE,MAAM,IAAI,UAAU,CAAC,sCAAsC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;aACnG;YAED,oCAAoC;YACpC,MAAM,SAAS,GAAG,kBAAkB,EAAE,CAAC;YAEvC,2EAA2E;YAC3E,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;YAEnG,+FAA+F;YAC/F,MAAM,SAAS,GAAG,CAAC,cAAc,KAAK,SAAS,CAAC;gBAC9C,CAAC,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS,EAAE;gBACpC,CAAC,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,cAAc,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC;YAEvD,oBAAoB;YACpB,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,YAAY,EAAE,IAAI,CAAC,CAAC;YAEhF,0CAA0C;YAC1C,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,gBAAgB,CAAC,CAAC;YAEpD,OAAO,UAAU,CAAC;QACpB,CAAC;KAAA;IAED;;;;;;;;;;;;;;;;;;;;;;;;;OAyBG;IACI,MAAM,CAAO,WAAW,CAAC,EAAE,MAAM,EAEvC;;YACC,2BAA2B;YAC3B,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,MAAa,CAAC,EAAE;gBAC5C,MAAM,IAAI,UAAU,CAAC,sCAAsC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;aAC/F;YAED,oCAAoC;YACpC,MAAM,SAAS,GAAG,kBAAkB,EAAE,CAAC;YAEvC,iCAAiC;YACjC,8FAA8F;YAC9F,wFAAwF;YACxF,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,WAAW,CAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;YAElG,wCAAwC;YACxC,MAAM,KAAkC,MAAM,SAAS,CAAC,SAAS,CAAC,KAAK,EAAE,YAAY,CAAC,EAAhF,EAAE,GAAG,EAAE,OAAO,OAAkE,EAA7D,UAAU,cAA7B,kBAA+B,CAAiD,CAAC;YAEvF,oDAAoD;YACpD,UAAU,CAAC,GAAG,GAAG,MAAM,oBAAoB,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC,CAAC;YAEjE,OAAO,UAAU,CAAC;QACpB,CAAC;KAAA;IAED;;;;;;;;;;;;;;;;;;;OAmBG;IACI,MAAM,CAAO,iBAAiB,CAAC,EAAE,UAAU,EAEjD;;YACC,8DAA8D;YAC9D,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,EAAE;gBAChC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;aAC7E;YAED,4CAA4C;YAC5C,MAAM,eAAe,GAAG,OAAO,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC;YAEvE,OAAO,eAAe,CAAC;QACzB,CAAC;KAAA;CACF"}

package/dist/esm/prototyping/crypto/primitives/aes-kw.js

@@ -0,0 +1,247 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __rest = (this && this.__rest) || function (s, e) {
+    var t = {};
+    for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
+        t[p] = s[p];
+    if (s != null && typeof Object.getOwnPropertySymbols === "function")
+        for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
+            if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
+                t[p[i]] = s[p[i]];
+        }
+    return t;
+};
+// ! TODO : Make sure I remove `@noble/ciphers` from the Agent package.json once this is moved to the `@enbox/crypto` package.
+import { getWebcryptoSubtle } from '@noble/ciphers/webcrypto';
+import { Convert } from '@enbox/common';
+import { computeJwkThumbprint, isOctPrivateJwk } from '@enbox/crypto';
+import { CryptoError, CryptoErrorCode } from '../crypto-error.js';
+/**
+ * Constant defining the AES key length values in bits.
+ *
+ * @remarks
+ * NIST publication FIPS 197 states:
+ * > The AES algorithm is capable of using cryptographic keys of 128, 192, and 256 bits to encrypt
+ * > and decrypt data in blocks of 128 bits.
+ *
+ * This implementation does not support key lengths that are different from the three values
+ * defined by this constant.
+ *
+ * @see {@link https://doi.org/10.6028/NIST.FIPS.197-upd1 | NIST FIPS 197}
+ */
+const AES_KEY_LENGTHS = [128, 192, 256];
+export class AesKw {
+    /**
+     * Converts a raw private key in bytes to its corresponding JSON Web Key (JWK) format.
+     *
+     * @remarks
+     * This method takes a symmetric key represented as a byte array (Uint8Array) and
+     * converts it into a JWK object for use with AES (Advanced Encryption Standard)
+     * for key wrapping. The conversion process involves encoding the key into
+     * base64url format and setting the appropriate JWK parameters.
+     *
+     * The resulting JWK object includes the following properties:
+     * - `kty`: Key Type, set to 'oct' for Octet Sequence (representing a symmetric key).
+     * - `k`: The symmetric key, base64url-encoded.
+     * - `kid`: Key ID, generated based on the JWK thumbprint.
+     *
+     * @example
+     * ```ts
+     * const privateKeyBytes = new Uint8Array([...]); // Replace with actual symmetric key bytes
+     * const privateKey = await AesKw.bytesToPrivateKey({ privateKeyBytes });
+     * ```
+     *
+     * @param params - The parameters for the symmetric key conversion.
+     * @param params.privateKeyBytes - The raw symmetric key as a Uint8Array.
+     *
+     * @returns A Promise that resolves to the symmetric key in JWK format.
+     */
+    static bytesToPrivateKey({ privateKeyBytes }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Construct the private key in JWK format.
+            const privateKey = {
+                k: Convert.uint8Array(privateKeyBytes).toBase64Url(),
+                kty: 'oct'
+            };
+            // Compute the JWK thumbprint and set as the key ID.
+            privateKey.kid = yield computeJwkThumbprint({ jwk: privateKey });
+            // Add algorithm identifier based on key length.
+            const lengthInBits = privateKeyBytes.length * 8;
+            privateKey.alg = { 128: 'A128KW', 192: 'A192KW', 256: 'A256KW' }[lengthInBits];
+            return privateKey;
+        });
+    }
+    /**
+     * Generates a symmetric key for AES for key wrapping in JSON Web Key (JWK) format.
+     *
+     * @remarks
+     * This method creates a new symmetric key of a specified length suitable for use with
+     * AES key wrapping. It uses cryptographically secure random number generation to
+     * ensure the uniqueness and security of the key. The generated key adheres to the JWK
+     * format, making it compatible with common cryptographic standards and easy to use in
+     * various cryptographic processes.
+     *
+     * The generated key includes the following components:
+     * - `kty`: Key Type, set to 'oct' for Octet Sequence.
+     * - `k`: The symmetric key component, base64url-encoded.
+     * - `kid`: Key ID, generated based on the JWK thumbprint.
+     * - `alg`: Algorithm, set to 'A128KW', 'A192KW', or 'A256KW' for AES Key Wrap with the
+     *   specified key length.
+     *
+     * @example
+     * ```ts
+     * const length = 256; // Length of the key in bits (e.g., 128, 192, 256)
+     * const privateKey = await AesKw.generateKey({ length });
+     * ```
+     *
+     * @param params - The parameters for the key generation.
+     * @param params.length - The length of the key in bits. Common lengths are 128, 192, and 256 bits.
+     *
+     * @returns A Promise that resolves to the generated symmetric key in JWK format.
+     */
+    static generateKey({ length }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Validate the key length.
+            if (!AES_KEY_LENGTHS.includes(length)) {
+                throw new RangeError(`The key length is invalid: Must be ${AES_KEY_LENGTHS.join(', ')} bits`);
+            }
+            // Get the Web Crypto API interface.
+            const webCrypto = getWebcryptoSubtle();
+            // Generate a random private key.
+            // See https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues#usage_notes for
+            // an explanation for why Web Crypto generateKey() is used instead of getRandomValues().
+            const webCryptoKey = yield webCrypto.generateKey({ name: 'AES-KW', length }, true, ['wrapKey', 'unwrapKey']);
+            // Export the private key in JWK format.
+            const _a = yield webCrypto.exportKey('jwk', webCryptoKey), { ext, key_ops } = _a, privateKey = __rest(_a, ["ext", "key_ops"]);
+            // Compute the JWK thumbprint and set as the key ID.
+            privateKey.kid = yield computeJwkThumbprint({ jwk: privateKey });
+            return privateKey;
+        });
+    }
+    /**
+     * Converts a private key from JSON Web Key (JWK) format to a raw byte array (Uint8Array).
+     *
+     * @remarks
+     * This method takes a symmetric key in JWK format and extracts its raw byte representation.
+     * It decodes the 'k' parameter of the JWK value, which represents the symmetric key in base64url
+     * encoding, into a byte array.
+     *
+     * @example
+     * ```ts
+     * const privateKey = { ... }; // A symmetric key in JWK format
+     * const privateKeyBytes = await AesKw.privateKeyToBytes({ privateKey });
+     * ```
+     *
+     * @param params - The parameters for the symmetric key conversion.
+     * @param params.privateKey - The symmetric key in JWK format.
+     *
+     * @returns A Promise that resolves to the symmetric key as a Uint8Array.
+     */
+    static privateKeyToBytes({ privateKey }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Verify the provided JWK represents a valid oct private key.
+            if (!isOctPrivateJwk(privateKey)) {
+                throw new Error(`AesKw: The provided key is not a valid oct private key.`);
+            }
+            // Decode the provided private key to bytes.
+            const privateKeyBytes = Convert.base64Url(privateKey.k).toUint8Array();
+            return privateKeyBytes;
+        });
+    }
+    static unwrapKey({ wrappedKeyBytes, wrappedKeyAlgorithm, decryptionKey }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!('alg' in decryptionKey && decryptionKey.alg)) {
+                throw new CryptoError(CryptoErrorCode.InvalidJwk, `The decryption key is missing the 'alg' property.`);
+            }
+            if (!['A128KW', 'A192KW', 'A256KW'].includes(decryptionKey.alg)) {
+                throw new CryptoError(CryptoErrorCode.AlgorithmNotSupported, `The 'decryptionKey' algorithm is not supported: ${decryptionKey.alg}`);
+            }
+            // Get the Web Crypto API interface.
+            const webCrypto = getWebcryptoSubtle();
+            // Import the decryption key for use with the Web Crypto API.
+            const decryptionCryptoKey = yield webCrypto.importKey('jwk', // key format
+            decryptionKey, // key data
+            { name: 'AES-KW' }, // algorithm identifier
+            true, // key is extractable
+            ['unwrapKey'] // key usages
+            );
+            // Map the private key's JOSE algorithm name to the Web Crypto API algorithm identifier.
+            const webCryptoAlgorithm = {
+                A128KW: 'AES-KW', A192KW: 'AES-KW', A256KW: 'AES-KW',
+                A128GCM: 'AES-GCM', A192GCM: 'AES-GCM', A256GCM: 'AES-GCM',
+            }[wrappedKeyAlgorithm];
+            if (!webCryptoAlgorithm) {
+                throw new CryptoError(CryptoErrorCode.AlgorithmNotSupported, `The 'wrappedKeyAlgorithm' is not supported: ${wrappedKeyAlgorithm}`);
+            }
+            // Unwrap the key using the Web Crypto API.
+            const unwrappedCryptoKey = yield webCrypto.unwrapKey('raw', // output format
+            wrappedKeyBytes.buffer, // key to unwrap
+            decryptionCryptoKey, // unwrapping key
+            'AES-KW', // algorithm identifier
+            { name: webCryptoAlgorithm }, // unwrapped key algorithm identifier
+            true, // key is extractable
+            ['unwrapKey'] // key usages
+            );
+            // Export the unwrapped key in JWK format.
+            const _a = yield webCrypto.exportKey('jwk', unwrappedCryptoKey), { ext, key_ops } = _a, unwrappedJsonWebKey = __rest(_a, ["ext", "key_ops"]);
+            const unwrappedKey = unwrappedJsonWebKey;
+            // Compute the JWK thumbprint and set as the key ID.
+            unwrappedKey.kid = yield computeJwkThumbprint({ jwk: unwrappedKey });
+            return unwrappedKey;
+        });
+    }
+    static wrapKey({ unwrappedKey, encryptionKey }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!('alg' in encryptionKey && encryptionKey.alg)) {
+                throw new CryptoError(CryptoErrorCode.InvalidJwk, `The encryption key is missing the 'alg' property.`);
+            }
+            if (!['A128KW', 'A192KW', 'A256KW'].includes(encryptionKey.alg)) {
+                throw new CryptoError(CryptoErrorCode.AlgorithmNotSupported, `The 'encryptionKey' algorithm is not supported: ${encryptionKey.alg}`);
+            }
+            if (!('alg' in unwrappedKey && unwrappedKey.alg)) {
+                throw new CryptoError(CryptoErrorCode.InvalidJwk, `The private key to wrap is missing the 'alg' property.`);
+            }
+            // Get the Web Crypto API interface.
+            const webCrypto = getWebcryptoSubtle();
+            // Import the encryption key for use with the Web Crypto API.
+            const encryptionCryptoKey = yield webCrypto.importKey('jwk', // key format
+            encryptionKey, // key data
+            { name: 'AES-KW' }, // algorithm identifier
+            true, // key is extractable
+            ['wrapKey'] // key usages
+            );
+            // Map the private key's JOSE algorithm name to the Web Crypto API algorithm identifier.
+            const webCryptoAlgorithm = {
+                A128KW: 'AES-KW', A192KW: 'AES-KW', A256KW: 'AES-KW',
+                A128GCM: 'AES-GCM', A192GCM: 'AES-GCM', A256GCM: 'AES-GCM',
+            }[unwrappedKey.alg];
+            if (!webCryptoAlgorithm) {
+                throw new CryptoError(CryptoErrorCode.AlgorithmNotSupported, `The 'unwrappedKey' algorithm is not supported: ${unwrappedKey.alg}`);
+            }
+            // Import the private key to wrap for use with the Web Crypto API.
+            const unwrappedCryptoKey = yield webCrypto.importKey('jwk', // key format
+            unwrappedKey, // key data
+            { name: webCryptoAlgorithm }, // algorithm identifier
+            true, // key is extractable
+            ['unwrapKey'] // key usages
+            );
+            // Wrap the key using the Web Crypto API.
+            const wrappedKeyBuffer = yield webCrypto.wrapKey('raw', // output format
+            unwrappedCryptoKey, // key to wrap
+            encryptionCryptoKey, // wrapping key
+            'AES-KW' // algorithm identifier
+            );
+            // Convert from ArrayBuffer to Uint8Array.
+            const wrappedKeyBytes = new Uint8Array(wrappedKeyBuffer);
+            return wrappedKeyBytes;
+        });
+    }
+}
+//# sourceMappingURL=aes-kw.js.map

package/dist/esm/prototyping/crypto/primitives/aes-kw.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aes-kw.js","sourceRoot":"","sources":["../../../../../src/prototyping/crypto/primitives/aes-kw.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA,8HAA8H;AAC9H,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAI9D,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAGtE,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAElE;;;;;;;;;;;;GAYG;AACH,MAAM,eAAe,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAU,CAAC;AAEjD,MAAM,OAAO,KAAK;IAChB;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACI,MAAM,CAAO,iBAAiB,CAAC,EAAE,eAAe,EAEtD;;YACC,2CAA2C;YAC3C,MAAM,UAAU,GAAQ;gBACtB,CAAC,EAAK,OAAO,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,WAAW,EAAE;gBACvD,GAAG,EAAG,KAAK;aACZ,CAAC;YAEF,oDAAoD;YACpD,UAAU,CAAC,GAAG,GAAG,MAAM,oBAAoB,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC,CAAC;YAEjE,gDAAgD;YAChD,MAAM,YAAY,GAAG,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC;YAChD,UAAU,CAAC,GAAG,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,YAAY,CAAC,CAAC;YAE/E,OAAO,UAAU,CAAC;QACpB,CAAC;KAAA;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACI,MAAM,CAAO,WAAW,CAAC,EAAE,MAAM,EAEvC;;YACC,2BAA2B;YAC3B,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,MAAa,CAAC,EAAE;gBAC5C,MAAM,IAAI,UAAU,CAAC,sCAAsC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;aAC/F;YAED,oCAAoC;YACpC,MAAM,SAAS,GAAG,kBAAkB,EAAkB,CAAC;YAEvD,iCAAiC;YACjC,8FAA8F;YAC9F,wFAAwF;YACxF,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,WAAW,CAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC,CAAC;YAE9G,wCAAwC;YACxC,MAAM,KAAkC,MAAM,SAAS,CAAC,SAAS,CAAC,KAAK,EAAE,YAAY,CAAQ,EAAvF,EAAE,GAAG,EAAE,OAAO,OAAyE,EAApE,UAAU,cAA7B,kBAA+B,CAAwD,CAAC;YAE9F,oDAAoD;YACpD,UAAU,CAAC,GAAG,GAAG,MAAM,oBAAoB,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC,CAAC;YAEjE,OAAO,UAAU,CAAC;QACpB,CAAC;KAAA;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACI,MAAM,CAAO,iBAAiB,CAAC,EAAE,UAAU,EAEjD;;YACC,8DAA8D;YAC9D,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,EAAE;gBAChC,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;aAC5E;YAED,4CAA4C;YAC5C,MAAM,eAAe,GAAG,OAAO,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC;YAEvE,OAAO,eAAe,CAAC;QACzB,CAAC;KAAA;IAEM,MAAM,CAAO,SAAS,CAAC,EAAE,eAAe,EAAE,mBAAmB,EAAE,aAAa,EAClE;;YAEf,IAAI,CAAC,CAAC,KAAK,IAAI,aAAa,IAAI,aAAa,CAAC,GAAG,CAAC,EAAE;gBAClD,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,UAAU,EAAE,mDAAmD,CAAC,CAAC;aACxG;YAED,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE;gBAC/D,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,qBAAqB,EAAE,mDAAmD,aAAa,CAAC,GAAG,EAAE,CAAC,CAAC;aACtI;YAED,oCAAoC;YACpC,MAAM,SAAS,GAAG,kBAAkB,EAAkB,CAAC;YAEvD,6DAA6D;YAC7D,MAAM,mBAAmB,GAAG,MAAM,SAAS,CAAC,SAAS,CACnD,KAAK,EAAwB,aAAa;YAC1C,aAA2B,EAAE,WAAW;YACxC,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAW,uBAAuB;YACpD,IAAI,EAAyB,qBAAqB;YAClD,CAAC,WAAW,CAAC,CAAgB,aAAa;aAC3C,CAAC;YAEF,wFAAwF;YACxF,MAAM,kBAAkB,GAAG;gBACzB,MAAM,EAAI,QAAQ,EAAE,MAAM,EAAI,QAAQ,EAAE,MAAM,EAAI,QAAQ;gBAC1D,OAAO,EAAG,SAAS,EAAE,OAAO,EAAG,SAAS,EAAE,OAAO,EAAG,SAAS;aAC9D,CAAC,mBAAmB,CAAC,CAAC;YAEvB,IAAI,CAAC,kBAAkB,EAAE;gBACvB,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,qBAAqB,EAAE,+CAA+C,mBAAmB,EAAE,CAAC,CAAC;aACpI;YAED,2CAA2C;YAC3C,MAAM,kBAAkB,GAAG,MAAM,SAAS,CAAC,SAAS,CAClD,KAAK,EAAyB,gBAAgB;YAC9C,eAAe,CAAC,MAAM,EAAQ,gBAAgB;YAC9C,mBAAmB,EAAW,iBAAiB;YAC/C,QAAQ,EAAsB,uBAAuB;YACrD,EAAE,IAAI,EAAE,kBAAkB,EAAE,EAAE,qCAAqC;YACnE,IAAI,EAA0B,qBAAqB;YACnD,CAAC,WAAW,CAAC,CAAiB,aAAa;aAC5C,CAAC;YAEF,0CAA0C;YAC1C,MAAM,KAA2C,MAAM,SAAS,CAAC,SAAS,CAAC,KAAK,EAAE,kBAAkB,CAAC,EAA/F,EAAE,GAAG,EAAE,OAAO,OAAiF,EAA5E,mBAAmB,cAAtC,kBAAwC,CAAuD,CAAC;YACtG,MAAM,YAAY,GAAG,mBAA0B,CAAC;YAEhD,oDAAoD;YACpD,YAAY,CAAC,GAAG,GAAG,MAAM,oBAAoB,CAAC,EAAE,GAAG,EAAE,YAAY,EAAE,CAAC,CAAC;YAErE,OAAO,YAAY,CAAC;QACtB,CAAC;KAAA;IAEM,MAAM,CAAO,OAAO,CAAC,EAAE,YAAY,EAAE,aAAa,EAC1C;;YAEb,IAAI,CAAC,CAAC,KAAK,IAAI,aAAa,IAAI,aAAa,CAAC,GAAG,CAAC,EAAE;gBAClD,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,UAAU,EAAE,mDAAmD,CAAC,CAAC;aACxG;YAED,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE;gBAC/D,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,qBAAqB,EAAE,mDAAmD,aAAa,CAAC,GAAG,EAAE,CAAC,CAAC;aACtI;YAED,IAAI,CAAC,CAAC,KAAK,IAAI,YAAY,IAAI,YAAY,CAAC,GAAG,CAAC,EAAE;gBAChD,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,UAAU,EAAE,wDAAwD,CAAC,CAAC;aAC7G;YAED,oCAAoC;YACpC,MAAM,SAAS,GAAG,kBAAkB,EAAkB,CAAC;YAEvD,6DAA6D;YAC7D,MAAM,mBAAmB,GAAG,MAAM,SAAS,CAAC,SAAS,CACnD,KAAK,EAAwB,aAAa;YAC1C,aAA2B,EAAE,WAAW;YACxC,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAW,uBAAuB;YACpD,IAAI,EAAyB,qBAAqB;YAClD,CAAC,SAAS,CAAC,CAAkB,aAAa;aAC3C,CAAC;YAEF,wFAAwF;YACxF,MAAM,kBAAkB,GAAG;gBACzB,MAAM,EAAI,QAAQ,EAAE,MAAM,EAAI,QAAQ,EAAE,MAAM,EAAI,QAAQ;gBAC1D,OAAO,EAAG,SAAS,EAAE,OAAO,EAAG,SAAS,EAAE,OAAO,EAAG,SAAS;aAC9D,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;YAEpB,IAAI,CAAC,kBAAkB,EAAE;gBACvB,MAAM,IAAI,WAAW,CAAC,eAAe,CAAC,qBAAqB,EAAE,kDAAkD,YAAY,CAAC,GAAG,EAAE,CAAC,CAAC;aACpI;YAED,kEAAkE;YAClE,MAAM,kBAAkB,GAAG,MAAM,SAAS,CAAC,SAAS,CAClD,KAAK,EAAyB,aAAa;YAC3C,YAA0B,EAAI,WAAW;YACzC,EAAE,IAAI,EAAE,kBAAkB,EAAE,EAAE,uBAAuB;YACrD,IAAI,EAA0B,qBAAqB;YACnD,CAAC,WAAW,CAAC,CAAiB,aAAa;aAC5C,CAAC;YAEF,yCAAyC;YACzC,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAC9C,KAAK,EAAsB,gBAAgB;YAC3C,kBAAkB,EAAS,cAAc;YACzC,mBAAmB,EAAQ,eAAe;YAC1C,QAAQ,CAAmB,uBAAuB;aACnD,CAAC;YAEF,0CAA0C;YAC1C,MAAM,eAAe,GAAG,IAAI,UAAU,CAAC,gBAAgB,CAAC,CAAC;YAEzD,OAAO,eAAe,CAAC;QACzB,CAAC;KAAA;CACF"}