@enbox/crypto 0.0.1

package/dist/cjs/types/crypto-api.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=crypto-api.js.map

package/dist/cjs/types/crypto-api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto-api.js","sourceRoot":"","sources":["../../../src/types/crypto-api.ts"],"names":[],"mappings":""}

package/dist/cjs/types/hasher.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=hasher.js.map

package/dist/cjs/types/hasher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hasher.js","sourceRoot":"","sources":["../../../src/types/hasher.ts"],"names":[],"mappings":""}

package/dist/cjs/types/identifier.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=identifier.js.map

package/dist/cjs/types/identifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identifier.js","sourceRoot":"","sources":["../../../src/types/identifier.ts"],"names":[],"mappings":""}

package/dist/cjs/types/key-compressor.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=key-compressor.js.map

package/dist/cjs/types/key-compressor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-compressor.js","sourceRoot":"","sources":["../../../src/types/key-compressor.ts"],"names":[],"mappings":""}

package/dist/cjs/types/key-converter.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=key-converter.js.map

package/dist/cjs/types/key-converter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-converter.js","sourceRoot":"","sources":["../../../src/types/key-converter.ts"],"names":[],"mappings":""}

package/dist/cjs/types/key-deriver.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=key-deriver.js.map

package/dist/cjs/types/key-deriver.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-deriver.js","sourceRoot":"","sources":["../../../src/types/key-deriver.ts"],"names":[],"mappings":""}

package/dist/cjs/types/key-generator.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=key-generator.js.map

package/dist/cjs/types/key-generator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-generator.js","sourceRoot":"","sources":["../../../src/types/key-generator.ts"],"names":[],"mappings":""}

package/dist/cjs/types/key-io.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=key-io.js.map

package/dist/cjs/types/key-io.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-io.js","sourceRoot":"","sources":["../../../src/types/key-io.ts"],"names":[],"mappings":""}

package/dist/cjs/types/key-wrapper.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=key-wrapper.js.map

package/dist/cjs/types/key-wrapper.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-wrapper.js","sourceRoot":"","sources":["../../../src/types/key-wrapper.ts"],"names":[],"mappings":""}

package/dist/cjs/types/params-direct.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=params-direct.js.map

package/dist/cjs/types/params-direct.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"params-direct.js","sourceRoot":"","sources":["../../../src/types/params-direct.ts"],"names":[],"mappings":""}

package/dist/cjs/types/params-enclosed.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=params-enclosed.js.map

package/dist/cjs/types/params-enclosed.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"params-enclosed.js","sourceRoot":"","sources":["../../../src/types/params-enclosed.ts"],"names":[],"mappings":""}

package/dist/cjs/types/params-kms.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=params-kms.js.map

package/dist/cjs/types/params-kms.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"params-kms.js","sourceRoot":"","sources":["../../../src/types/params-kms.ts"],"names":[],"mappings":""}

package/dist/cjs/types/signer.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=signer.js.map

package/dist/cjs/types/signer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"signer.js","sourceRoot":"","sources":["../../../src/types/signer.ts"],"names":[],"mappings":""}

package/dist/cjs/utils.js

@@ -0,0 +1,173 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CryptoUtils = void 0;
+var crypto_1 = require("@noble/hashes/crypto");
+var utils_1 = require("@noble/hashes/utils");
+/**
+ * A collection of cryptographic utility methods.
+ */
+var CryptoUtils = /** @class */ (function () {
+    function CryptoUtils() {
+    }
+    /**
+     * Determines the JOSE algorithm identifier of the digital signature algorithm based on the `alg` or
+     * `crv` property of a {@link Jwk | JWK}.
+     *
+     * If the `alg` property is present, its value takes precedence and is returned. Otherwise, the
+     * `crv` property is used to determine the algorithm.
+     *
+     * @memberof CryptoUtils
+     * @see {@link https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms | JOSE Algorithms}
+     * @see {@link https://datatracker.ietf.org/doc/draft-ietf-jose-fully-specified-algorithms/ | Fully-Specified Algorithms for JOSE and COSE}
+     *
+     * @example
+     * ```ts
+     * const publicKey: Jwk = {
+     *   "kty": "OKP",
+     *   "crv": "Ed25519",
+     *   "x": "FEJG7OakZi500EydXxuE8uMc8uaAzEJkmQeG8khXANw"
+     * }
+     * const algorithm = getJoseSignatureAlgorithmFromPublicKey(publicKey);
+     * console.log(algorithm); // Output: "EdDSA"
+     * ```
+     * @param publicKey - A JWK containing the `alg` and/or `crv` properties.
+     * @returns The name of the algorithm associated with the key.
+     * @throws Error if the algorithm cannot be determined from the provided input.
+     */
+    CryptoUtils.getJoseSignatureAlgorithmFromPublicKey = function (publicKey) {
+        var curveToJoseAlgorithm = {
+            'Ed25519': 'EdDSA',
+            'P-256': 'ES256',
+            'P-384': 'ES384',
+            'P-521': 'ES512',
+            'secp256k1': 'ES256K',
+        };
+        // If the key contains an `alg` property that matches a JOSE registered algorithm identifier,
+        // return its value.
+        if (publicKey.alg && Object.values(curveToJoseAlgorithm).includes(publicKey.alg)) {
+            return publicKey.alg;
+        }
+        // If the key contains a `crv` property, return the corresponding algorithm.
+        if (publicKey.crv && Object.keys(curveToJoseAlgorithm).includes(publicKey.crv)) {
+            return curveToJoseAlgorithm[publicKey.crv];
+        }
+        throw new Error("Unable to determine algorithm based on provided input: alg=".concat(publicKey.alg, ", crv=").concat(publicKey.crv, ". ") +
+            "Supported 'alg' values: ".concat(Object.values(curveToJoseAlgorithm).join(', '), ". ") +
+            "Supported 'crv' values: ".concat(Object.keys(curveToJoseAlgorithm).join(', '), "."));
+    };
+    /**
+     * Generates secure pseudorandom values of the specified length using
+     * `crypto.getRandomValues`, which defers to the operating system.
+     *
+     * @memberof CryptoUtils
+     * @remarks
+     * This function is a wrapper around `randomBytes` from the '@noble/hashes'
+     * package. It's designed to be cryptographically strong, suitable for
+     * generating initialization vectors, nonces, and other random values.
+     *
+     * @see {@link https://www.npmjs.com/package/@noble/hashes | @noble/hashes on NPM} for more
+     * information about the underlying implementation.
+     *
+     * @example
+     * ```ts
+     * const bytes = randomBytes(32); // Generates 32 random bytes
+     * ```
+     *
+     * @param bytesLength - The number of bytes to generate.
+     * @returns A Uint8Array containing the generated random bytes.
+     */
+    CryptoUtils.randomBytes = function (bytesLength) {
+        return (0, utils_1.randomBytes)(bytesLength);
+    };
+    /**
+     * Generates a UUID (Universally Unique Identifier) using a
+     * cryptographically strong random number generator following
+     * the version 4 format, as specified in RFC 4122.
+     *
+     * A version 4 UUID is a randomly generated UUID. The 13th character
+     * is set to '4' to denote version 4, and the 17th character is one
+     * of '8', '9', 'A', or 'B' to comply with the variant 1 format of
+     * UUIDs (the high bits are set to '10').
+     *
+     * The UUID is a 36 character string, including hyphens, and looks like this:
+     * xxxxxxxx-xxxx-4xxx-axxx-xxxxxxxxxxxx
+     *
+     * Note that while UUIDs are not guaranteed to be unique, they are
+     * practically unique" given the large number of possible UUIDs and
+     * the randomness of generation.
+     * @memberof CryptoUtils
+     * @example
+     * ```ts
+     * const uuid = randomUuid();
+     * console.log(uuid); // Outputs a version 4 UUID, e.g., '123e4567-e89b-12d3-a456-426655440000'
+     * ```
+     *
+     * @returns A string containing a randomly generated, 36 character long v4 UUID.
+     */
+    CryptoUtils.randomUuid = function () {
+        var uuid = crypto_1.crypto.randomUUID();
+        return uuid;
+    };
+    /**
+     * Generates a secure random PIN (Personal Identification Number) of a
+     * specified length.
+     *
+     * This function ensures that the generated PIN is cryptographically secure and
+     * uniformly distributed by using rejection sampling. It repeatedly generates
+     * random numbers until it gets one in the desired range [0, max]. This avoids
+     * bias introduced by simply taking the modulus or truncating the number.
+     *
+     * Note: The function can generate PINs of 3 to 10 digits in length.
+     * Any request for a PIN outside this range will result in an error.
+     *
+     * Example usage:
+     *
+     * ```ts
+     * const pin = randomPin({ length: 4 });
+     * console.log(pin); // Outputs a 4-digit PIN, e.g., "0231"
+     * ```
+     * @memberof CryptoUtils
+     * @param options - The options object containing the desired length of the generated PIN.
+     * @param options.length - The desired length of the generated PIN. The value should be
+     *                         an integer between 3 and 8 inclusive.
+     *
+     * @returns A string representing the generated PIN. The PIN will be zero-padded
+     *          to match the specified length, if necessary.
+     *
+     * @throws Will throw an error if the requested PIN length is less than 3 or greater than 8.
+     */
+    CryptoUtils.randomPin = function (_a) {
+        var length = _a.length;
+        if (3 > length || length > 10) {
+            throw new Error('randomPin() can securely generate a PIN between 3 to 10 digits.');
+        }
+        var max = Math.pow(10, length) - 1;
+        var pin;
+        if (length <= 6) {
+            var rejectionRange = Math.pow(10, length);
+            do {
+                // Adjust the byte generation based on length.
+                var randomBuffer = CryptoUtils.randomBytes(Math.ceil(length / 2)); // 2 digits per byte.
+                var view = new DataView(randomBuffer.buffer);
+                // Convert the buffer to integer and take modulus based on length.
+                pin = view.getUint16(0, false) % rejectionRange;
+            } while (pin > max);
+        }
+        else {
+            var rejectionRange = Math.pow(10, 10); // For max 10 digit number.
+            do {
+                // Generates 4 random bytes.
+                var randomBuffer = CryptoUtils.randomBytes(4);
+                // Create a DataView to read from the randomBuffer.
+                var view = new DataView(randomBuffer.buffer);
+                // Transform bytes to number (big endian).
+                pin = view.getUint32(0, false) % rejectionRange;
+            } while (pin > max); // Reject if the number is outside the desired range.
+        }
+        // Pad the PIN with leading zeros to the desired length.
+        return pin.toString().padStart(length, '0');
+    };
+    return CryptoUtils;
+}());
+exports.CryptoUtils = CryptoUtils;
+//# sourceMappingURL=utils.js.map

package/dist/cjs/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/utils.ts"],"names":[],"mappings":";;;AAEA,+CAA8C;AAC9C,6CAAsE;AAEtE;;GAEG;AACH;IAAA;IA4KA,CAAC;IA1KC;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACI,kDAAsC,GAA7C,UAA8C,SAAc;QAC1D,IAAM,oBAAoB,GAA2B;YACnD,SAAS,EAAK,OAAO;YACrB,OAAO,EAAO,OAAO;YACrB,OAAO,EAAO,OAAO;YACrB,OAAO,EAAO,OAAO;YACrB,WAAW,EAAG,QAAQ;SACvB,CAAC;QAEF,6FAA6F;QAC7F,oBAAoB;QACpB,IAAI,SAAS,CAAC,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;YACjF,OAAO,SAAS,CAAC,GAAG,CAAC;QACvB,CAAC;QAED,4EAA4E;QAC5E,IAAI,SAAS,CAAC,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/E,OAAO,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAC7C,CAAC;QAED,MAAM,IAAI,KAAK,CACb,qEAA8D,SAAS,CAAC,GAAG,mBAAS,SAAS,CAAC,GAAG,OAAI;YACrG,kCAA2B,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,OAAI;YAC7E,kCAA2B,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,MAAG,CAC3E,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;;;OAoBG;IACI,uBAAW,GAAlB,UAAmB,WAAmB;QACpC,OAAO,IAAA,mBAAgB,EAAC,WAAW,CAAC,CAAC;IACvC,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACI,sBAAU,GAAjB;QACE,IAAM,IAAI,GAAG,eAAM,CAAC,UAAU,EAAE,CAAC;QAEjC,OAAO,IAAI,CAAC;IACd,CAAC;IAGD;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACI,qBAAS,GAAhB,UAAiB,EAA8B;YAA5B,MAAM,YAAA;QACvB,IAAI,CAAC,GAAG,MAAM,IAAI,MAAM,GAAG,EAAE,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;QACrF,CAAC;QAED,IAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QAErC,IAAI,GAAG,CAAC;QAER,IAAI,MAAM,IAAI,CAAC,EAAE,CAAC;YAChB,IAAM,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;YAC5C,GAAG,CAAC;gBACF,8CAA8C;gBAC9C,IAAM,YAAY,GAAG,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAE,CAAC,CAAE,qBAAqB;gBAC5F,IAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;gBAC/C,kEAAkE;gBAClE,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,GAAG,cAAc,CAAC;YAClD,CAAC,QAAQ,GAAG,GAAG,GAAG,EAAE;QACtB,CAAC;aAAM,CAAC;YACN,IAAM,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,2BAA2B;YACpE,GAAG,CAAC;gBACJ,4BAA4B;gBAC1B,IAAM,YAAY,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;gBAChD,mDAAmD;gBACnD,IAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;gBAC/C,0CAA0C;gBAC1C,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,GAAG,cAAc,CAAC;YAClD,CAAC,QAAQ,GAAG,GAAG,GAAG,EAAE,CAAE,qDAAqD;QAC7E,CAAC;QAED,wDAAwD;QACxD,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC9C,CAAC;IACH,kBAAC;AAAD,CAAC,AA5KD,IA4KC;AA5KY,kCAAW"}

package/dist/esm/algorithms/aes-ctr.js

@@ -0,0 +1,124 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { AesCtr } from '../primitives/aes-ctr.js';
+import { CryptoAlgorithm } from './crypto-algorithm.js';
+/**
+ * The `AesCtrAlgorithm` class provides a concrete implementation for cryptographic operations using
+ * the AES algorithm in Counter (CTR) mode. This class implements both {@link Cipher | `Cipher`} and
+ * { @link KeyGenerator | `KeyGenerator`} interfaces, providing key generation, encryption, and
+ * decryption features.
+ *
+ * This class is typically accessed through implementations that extend the
+ * {@link CryptoApi | `CryptoApi`} interface.
+ */
+export class AesCtrAlgorithm extends CryptoAlgorithm {
+    /**
+     * Decrypts the provided data using AES-CTR.
+     *
+     * @remarks
+     * This method performs AES-CTR decryption on the given encrypted data using the specified key.
+     * Similar to the encryption process, it requires an initial counter block and the length
+     * of the counter block, along with the encrypted data and the decryption key. The method
+     * returns the decrypted data as a Uint8Array.
+     *
+     * @example
+     * ```ts
+     * const aesCtr = new AesCtrAlgorithm();
+     * const encryptedData = new Uint8Array([...]); // Encrypted data
+     * const counter = new Uint8Array(16); // 16-byte (128-bit) counter block used during encryption
+     * const key = { ... }; // A Jwk object representing the same AES key used for encryption
+     * const decryptedData = await aesCtr.decrypt({
+     *   data: encryptedData,
+     *   counter,
+     *   key,
+     *   length: 128 // Length of the counter in bits
+     * });
+     * ```
+     *
+     * @param params - The parameters for the decryption operation.
+     *
+     * @returns A Promise that resolves to the decrypted data as a Uint8Array.
+     */
+    decrypt(params) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const plaintext = AesCtr.decrypt(params);
+            return plaintext;
+        });
+    }
+    /**
+     * Encrypts the provided data using AES-CTR.
+     *
+     * @remarks
+     * This method performs AES-CTR encryption on the given data using the specified key.
+     * It requires the initial counter block and the length of the counter block, alongside
+     * the data and key. The method is designed to work asynchronously and returns the
+     * encrypted data as a Uint8Array.
+     *
+     * @example
+     * ```ts
+     * const aesCtr = new AesCtrAlgorithm();
+     * const data = new TextEncoder().encode('Messsage');
+     * const counter = new Uint8Array(16); // 16-byte (128-bit) counter block
+     * const key = { ... }; // A Jwk object representing an AES key
+     * const encryptedData = await aesCtr.encrypt({
+     *   data,
+     *   counter,
+     *   key,
+     *   length: 128 // Length of the counter in bits
+     * });
+     * ```
+     *
+     * @param params - The parameters for the encryption operation.
+     *
+     * @returns A Promise that resolves to the encrypted data as a Uint8Array.
+     */
+    encrypt(params) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const ciphertext = AesCtr.encrypt(params);
+            return ciphertext;
+        });
+    }
+    /**
+     * Generates a symmetric key for AES in Counter (CTR) mode in JSON Web Key (JWK) format.
+     *
+     * @remarks
+     * This method generates a symmetric AES key for use in CTR mode, based on the specified
+     * `algorithm` parameter which determines the key length. It uses cryptographically secure random
+     * number generation to ensure the uniqueness and security of the key. The key is returned in JWK
+     * format.
+     *
+     * The generated key includes the following components:
+     * - `kty`: Key Type, set to 'oct' for Octet Sequence.
+     * - `k`: The symmetric key component, base64url-encoded.
+     * - `kid`: Key ID, generated based on the JWK thumbprint.
+     *
+     * @example
+     * ```ts
+     * const aesCtr = new AesCtrAlgorithm();
+     * const privateKey = await aesCtr.generateKey({ algorithm: 'A256CTR' });
+     * ```
+     *
+     * @param params - The parameters for the key generation.
+     *
+     * @returns A Promise that resolves to the generated symmetric key in JWK format.
+     */
+    generateKey(_a) {
+        return __awaiter(this, arguments, void 0, function* ({ algorithm }) {
+            // Map algorithm name to key length.
+            const length = { A128CTR: 128, A192CTR: 192, A256CTR: 256 }[algorithm];
+            // Generate a random private key.
+            const privateKey = yield AesCtr.generateKey({ length });
+            // Set the `alg` property based on the specified algorithm.
+            privateKey.alg = algorithm;
+            return privateKey;
+        });
+    }
+}
+//# sourceMappingURL=aes-ctr.js.map

package/dist/esm/algorithms/aes-ctr.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aes-ctr.js","sourceRoot":"","sources":["../../../src/algorithms/aes-ctr.ts"],"names":[],"mappings":";;;;;;;;;AAKA,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AA4BxD;;;;;;;;GAQG;AACH,MAAM,OAAO,eAAgB,SAAQ,eAAe;IAIlD;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACU,OAAO,CAAC,MACS;;YAE5B,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YAEzC,OAAO,SAAS,CAAC;QACnB,CAAC;KAAA;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACU,OAAO,CAAC,MACS;;YAE5B,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YAE1C,OAAO,UAAU,CAAC;QACpB,CAAC;KAAA;IAED;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACU,WAAW;6DAAC,EAAE,SAAS,EACX;YAEvB,oCAAoC;YACpC,MAAM,MAAM,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,SAAS,CAAoB,CAAC;YAE1F,iCAAiC;YACjC,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YAExD,2DAA2D;YAC3D,UAAU,CAAC,GAAG,GAAG,SAAS,CAAC;YAE3B,OAAO,UAAU,CAAC;QACpB,CAAC;KAAA;CACF"}

package/dist/esm/algorithms/aes-gcm.js

@@ -0,0 +1,132 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { CryptoAlgorithm } from './crypto-algorithm.js';
+import { AesGcm } from '../primitives/aes-gcm.js';
+/**
+ * The `AesGcmAlgorithm` class provides a concrete implementation for cryptographic operations using
+ * the AES algorithm in Galois/Counter Mode (GCM). This class implements both
+ * {@link Cipher | `Cipher`} and { @link KeyGenerator | `KeyGenerator`} interfaces, providing
+ * key generation, encryption, and decryption features.
+ *
+ * This class is typically accessed through implementations that extend the
+ * {@link CryptoApi | `CryptoApi`} interface.
+ */
+export class AesGcmAlgorithm extends CryptoAlgorithm {
+    /**
+     * Decrypts the provided data using AES-GCM.
+     *
+     * @remarks
+     * This method performs AES-GCM decryption on the given encrypted data using the specified key.
+     * It requires an initialization vector (IV), the encrypted data along with the decryption key,
+     * and optionally, additional authenticated data (AAD). The method returns the decrypted data as a
+     * Uint8Array. The optional `tagLength` parameter specifies the size in bits of the authentication
+     * tag used when encrypting the data. If not specified, the default tag length of 128 bits is
+     * used.
+     *
+     * @example
+     * ```ts
+     * const aesGcm = new AesGcmAlgorithm();
+     * const encryptedData = new Uint8Array([...]); // Encrypted data
+     * const iv = new Uint8Array([...]); // Initialization vector used during encryption
+     * const additionalData = new Uint8Array([...]); // Optional additional authenticated data
+     * const key = { ... }; // A Jwk object representing the AES key
+     * const decryptedData = await aesGcm.decrypt({
+     *   data: encryptedData,
+     *   iv,
+     *   additionalData,
+     *   key,
+     *   tagLength: 128 // Optional tag length in bits
+     * });
+     * ```
+     *
+     * @param params - The parameters for the decryption operation.
+     *
+     * @returns A Promise that resolves to the decrypted data as a Uint8Array.
+     */
+    decrypt(params) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const plaintext = AesGcm.decrypt(params);
+            return plaintext;
+        });
+    }
+    /**
+     * Encrypts the provided data using AES-GCM.
+     *
+     * @remarks
+     * This method performs AES-GCM encryption on the given data using the specified key.
+     * It requires an initialization vector (IV), the encrypted data along with the decryption key,
+     * and optionally, additional authenticated data (AAD). The method returns the encrypted data as a
+     * Uint8Array. The optional `tagLength` parameter specifies the size in bits of the authentication
+     * tag generated in the encryption operation and used for authentication in the corresponding
+     * decryption. If not specified, the default tag length of 128 bits is used.
+     *
+     * @example
+     * ```ts
+     * const aesGcm = new AesGcmAlgorithm();
+     * const data = new TextEncoder().encode('Messsage');
+     * const iv = new Uint8Array([...]); // Initialization vector
+     * const additionalData = new Uint8Array([...]); // Optional additional authenticated data
+     * const key = { ... }; // A Jwk object representing an AES key
+     * const encryptedData = await aesGcm.encrypt({
+     *   data,
+     *   iv,
+     *   additionalData,
+     *   key,
+     *   tagLength: 128 // Optional tag length in bits
+     * });
+     * ```
+     *
+     * @param params - The parameters for the encryption operation.
+     *
+     * @returns A Promise that resolves to the encrypted data as a Uint8Array.
+     */
+    encrypt(params) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const ciphertext = AesGcm.encrypt(params);
+            return ciphertext;
+        });
+    }
+    /**
+     * Generates a symmetric key for AES in Galois/Counter Mode (GCM) in JSON Web Key (JWK) format.
+     *
+     * @remarks
+     * This method generates a symmetric AES key for use in GCM mode, based on the specified
+     * `algorithm` parameter which determines the key length. It uses cryptographically secure random
+     * number generation to ensure the uniqueness and security of the key. The key is returned in JWK
+     * format.
+     *
+     * The generated key includes the following components:
+     * - `kty`: Key Type, set to 'oct' for Octet Sequence.
+     * - `k`: The symmetric key component, base64url-encoded.
+     * - `kid`: Key ID, generated based on the JWK thumbprint.
+     *
+     * @example
+     * ```ts
+     * const aesGcm = new AesGcmAlgorithm();
+     * const privateKey = await aesGcm.generateKey({ algorithm: 'A256GCM' });
+     * ```
+     *
+     * @param params - The parameters for the key generation.
+     *
+     * @returns A Promise that resolves to the generated symmetric key in JWK format.
+     */
+    generateKey(_a) {
+        return __awaiter(this, arguments, void 0, function* ({ algorithm }) {
+            // Map algorithm name to key length.
+            const length = { A128GCM: 128, A192GCM: 192, A256GCM: 256 }[algorithm];
+            // Generate a random private key.
+            const privateKey = yield AesGcm.generateKey({ length });
+            // Set the `alg` property based on the specified algorithm.
+            privateKey.alg = algorithm;
+            return privateKey;
+        });
+    }
+}
+//# sourceMappingURL=aes-gcm.js.map

package/dist/esm/algorithms/aes-gcm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aes-gcm.js","sourceRoot":"","sources":["../../../src/algorithms/aes-gcm.ts"],"names":[],"mappings":";;;;;;;;;AAKA,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,MAAM,EAAuB,MAAM,0BAA0B,CAAC;AAmDvE;;;;;;;;GAQG;AACH,MAAM,OAAO,eAAgB,SAAQ,eAAe;IAIlD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACU,OAAO,CAAC,MACS;;YAE5B,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YAEzC,OAAO,SAAS,CAAC;QACnB,CAAC;KAAA;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACU,OAAO,CAAC,MACS;;YAE5B,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YAE1C,OAAO,UAAU,CAAC;QACpB,CAAC;KAAA;IAED;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACU,WAAW;6DAAC,EAAE,SAAS,EACX;YAEvB,oCAAoC;YACpC,MAAM,MAAM,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,SAAS,CAAoB,CAAC;YAE1F,iCAAiC;YACjC,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YAExD,2DAA2D;YAC3D,UAAU,CAAC,GAAG,GAAG,SAAS,CAAC;YAE3B,OAAO,UAAU,CAAC;QACpB,CAAC;KAAA;CACF"}

package/dist/esm/algorithms/crypto-algorithm.js

@@ -0,0 +1,6 @@
+/**
+ * Base class for all cryptographic algorithm implementations.
+ */
+export class CryptoAlgorithm {
+}
+//# sourceMappingURL=crypto-algorithm.js.map

package/dist/esm/algorithms/crypto-algorithm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto-algorithm.js","sourceRoot":"","sources":["../../../src/algorithms/crypto-algorithm.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,OAAgB,eAAe;CAAG"}