@enbox/crypto 0.0.2 → 0.0.3

package/src/primitives/xchacha20-poly1305.ts

@@ -1,6 +1,6 @@
 import { Convert } from '@enbox/common';
-import { xchacha20poly1305 } from '@noble/ciphers/chacha';
 import { getWebcryptoSubtle } from '@noble/ciphers/webcrypto';
+import { xchacha20poly1305 } from '@noble/ciphers/chacha';
 
 import type { Jwk } from '../jose/jwk.js';
 
@@ -147,7 +147,32 @@ export class XChaCha20Poly1305 {
     // Convert the private key from JWK format to bytes.
     const privateKeyBytes = await XChaCha20Poly1305.privateKeyToBytes({ privateKey: key });
 
-    const xc20p = xchacha20poly1305(privateKeyBytes, nonce, additionalData);
+    return XChaCha20Poly1305.decryptRaw({ data, keyBytes: privateKeyBytes, nonce, additionalData });
+  }
+
+  /**
+   * Decrypts data using XChaCha20-Poly1305 with a raw byte array key.
+   *
+   * @remarks
+   * This is a lower-level method that accepts the key as a raw `Uint8Array` instead of a JWK.
+   * It is useful in scenarios where the key material is already in byte form (e.g., derived
+   * from ECDH + HKDF) and constructing a JWK would add unnecessary overhead.
+   *
+   * @param params - The parameters for the decryption operation.
+   * @param params.data - The encrypted data including the authentication tag.
+   * @param params.keyBytes - The 256-bit (32-byte) decryption key as a Uint8Array.
+   * @param params.nonce - The 24-byte nonce used during encryption.
+   * @param params.additionalData - Optional additional authenticated data.
+   *
+   * @returns A Promise that resolves to the decrypted plaintext as a Uint8Array.
+   */
+  public static async decryptRaw({ data, keyBytes, nonce, additionalData }: {
+    additionalData?: Uint8Array;
+    data: Uint8Array;
+    keyBytes: Uint8Array;
+    nonce: Uint8Array;
+  }): Promise<Uint8Array> {
+    const xc20p = xchacha20poly1305(keyBytes, nonce, additionalData);
     const plaintext = xc20p.decrypt(data);
 
     return plaintext;
@@ -186,7 +211,7 @@ export class XChaCha20Poly1305 {
    * @returns A Promise that resolves to a byte array containing the encrypted data and the
    *          authentication tag.
    */
-  public static async encrypt({ data, key, nonce, additionalData}: {
+  public static async encrypt({ data, key, nonce, additionalData }: {
     additionalData?: Uint8Array;
     data: Uint8Array;
     key: Jwk;
@@ -195,7 +220,35 @@ export class XChaCha20Poly1305 {
     // Convert the private key from JWK format to bytes.
     const privateKeyBytes = await XChaCha20Poly1305.privateKeyToBytes({ privateKey: key });
 
-    const xc20p = xchacha20poly1305(privateKeyBytes, nonce, additionalData);
+    return XChaCha20Poly1305.encryptRaw({ data, keyBytes: privateKeyBytes, nonce, additionalData });
+  }
+
+  /**
+   * Encrypts data using XChaCha20-Poly1305 with a raw byte array key.
+   *
+   * @remarks
+   * This is a lower-level method that accepts the key as a raw `Uint8Array` instead of a JWK.
+   * It is useful in scenarios where the key material is already in byte form (e.g., derived
+   * from ECDH + HKDF) and constructing a JWK would add unnecessary overhead.
+   *
+   * The returned `Uint8Array` contains the ciphertext followed by the 16-byte Poly1305
+   * authentication tag.
+   *
+   * @param params - The parameters for the encryption operation.
+   * @param params.data - The plaintext data to encrypt.
+   * @param params.keyBytes - The 256-bit (32-byte) encryption key as a Uint8Array.
+   * @param params.nonce - A 24-byte nonce for the encryption process.
+   * @param params.additionalData - Optional additional authenticated data.
+   *
+   * @returns A Promise that resolves to the ciphertext + authentication tag as a Uint8Array.
+   */
+  public static async encryptRaw({ data, keyBytes, nonce, additionalData }: {
+    additionalData?: Uint8Array;
+    data: Uint8Array;
+    keyBytes: Uint8Array;
+    nonce: Uint8Array;
+  }): Promise<Uint8Array> {
+    const xc20p = xchacha20poly1305(keyBytes, nonce, additionalData);
     const ciphertext = xc20p.encrypt(data);
 
     return ciphertext;

package/src/primitives/xchacha20.ts

@@ -1,6 +1,6 @@
 import { Convert } from '@enbox/common';
-import { xchacha20 } from '@noble/ciphers/chacha';
 import { getWebcryptoSubtle } from '@noble/ciphers/webcrypto';
+import { xchacha20 } from '@noble/ciphers/chacha';
 
 import type { Jwk } from '../jose/jwk.js';
 

package/src/types/cipher.ts

@@ -1,4 +1,4 @@
-import type { EnclosedEncryptParams, EnclosedDecryptParams } from './params-enclosed.js';
+import type { EnclosedDecryptParams, EnclosedEncryptParams } from './params-enclosed.js';
 
 /**
  * The `Cipher` interface provides methods for encrypting and decrypting data.

package/src/types/crypto-api.ts

@@ -1,14 +1,14 @@
+import type { AsymmetricKeyGenerator } from './key-generator.js';
 import type { Hasher } from './hasher.js';
-import type { Signer } from './signer.js';
 import type { KeyIdentifier } from './identifier.js';
-import type { AsymmetricKeyGenerator } from './key-generator.js';
+import type { Signer } from './signer.js';
 import type {
-  KmsSignParams,
   KmsDigestParams,
-  KmsVerifyParams,
-  KmsGetKeyUriParams,
   KmsGenerateKeyParams,
+  KmsGetKeyUriParams,
   KmsGetPublicKeyParams,
+  KmsSignParams,
+  KmsVerifyParams,
 } from './params-kms.js';
 
 /**

package/src/types/params-direct.ts

@@ -1,11 +1,49 @@
-import type { Jwk } from '../jose/jwk.js';
 import type { AlgorithmIdentifier } from './identifier.js';
+import type { Jwk } from '../jose/jwk.js';
+
+/**
+ * Parameters for converting raw private key bytes to a JWK.
+ */
+export interface BytesToPrivateKeyParams {
+  /** The algorithm identifier. */
+  algorithm: AlgorithmIdentifier;
+
+  /** The raw private key bytes. */
+  privateKeyBytes: Uint8Array;
+}
+
+/**
+ * Parameters for converting raw public key bytes to a JWK.
+ */
+export interface BytesToPublicKeyParams {
+  /** The algorithm identifier. */
+  algorithm: AlgorithmIdentifier;
+
+  /** The raw public key bytes. */
+  publicKeyBytes: Uint8Array;
+}
 
 /**
  * Parameters for computing a public key.
  */
 export interface ComputePublicKeyParams extends GetPublicKeyParams { }
 
+/**
+ * Parameters for encryption and decryption operations.
+ *
+ * Intended for use with a Key Management System.
+ */
+export interface CipherParams {
+  /** A {@link Jwk} containing the key to be used for encryption or decryption. */
+  key: Jwk;
+
+  /** Data to be encrypted or decrypted. */
+  data: Uint8Array;
+
+  /** Additional algorithm-specific parameters for encryption or decryption. */
+  [key: string]: unknown;
+}
+
 /**
  * Parameters for decrypting data.
  */
@@ -42,6 +80,17 @@ export interface DeriveKeyParams {
   derivedKeyParams: unknown
 }
 
+/**
+ * Parameters for derivation of cryptographic byte arrays.
+ */
+export interface DeriveKeyBytesParams {
+  /** The base key to be used for derivation as a byte array. */
+  baseKeyBytes: Uint8Array;
+
+  /** The desired length of the derived key in bits. */
+  length: number;
+}
+
 /**
  * Parameters for computing a hash digest.
  */
@@ -91,6 +140,39 @@ export interface SignParams {
   data: Uint8Array;
 }
 
+/**
+ * Parameters for converting a private key JWK to raw bytes.
+ */
+export interface PrivateKeyToBytesParams {
+  /** The private key in JWK format. */
+  privateKey: Jwk;
+}
+
+/**
+ * Parameters for converting a public key JWK to raw bytes.
+ */
+export interface PublicKeyToBytesParams {
+  /** The public key in JWK format. */
+  publicKey: Jwk;
+}
+
+/**
+ * Parameters for unwrapping a key.
+ */
+export interface UnwrapKeyParams {
+  /** A {@link Jwk} containing the key used to decrypt the unwrapped key. */
+  decryptionKey: Jwk;
+
+  /** The wrapped private key as a byte array. */
+  wrappedKeyBytes: Uint8Array;
+
+  /** The algorithm identifier of the key encrypted in `wrappedKeyBytes`. */
+  wrappedKeyAlgorithm: string;
+
+  /** An object defining the algorithm-specific parameters for decrypting the `wrappedKeyBytes`. */
+  decryptParams?: unknown;
+}
+
 /**
  * Parameters for verifying a signature.
  */
@@ -103,4 +185,18 @@ export interface VerifyParams {
 
   /** The data associated with the signature. */
   data: Uint8Array;
+}
+
+/**
+ * Parameters for wrapping a key.
+ */
+export interface WrapKeyParams {
+  /** A {@link Jwk} containing the key used to encrypt the unwrapped key. */
+  encryptionKey: Jwk;
+
+  /** A {@link Jwk} containing the private key to be wrapped. */
+  unwrappedKey: Jwk;
+
+  /** An object defining the algorithm-specific parameters for encrypting the `unwrappedKey`. */
+  encryptParams?: unknown;
 }

package/src/utils.ts

@@ -158,7 +158,7 @@ export class CryptoUtils {
       const rejectionRange = Math.pow(10, length);
       do {
         // Adjust the byte generation based on length.
-        const randomBuffer = CryptoUtils.randomBytes(Math.ceil(length / 2) );  // 2 digits per byte.
+        const randomBuffer = CryptoUtils.randomBytes(Math.ceil(length / 2) ); // 2 digits per byte.
         const view = new DataView(randomBuffer.buffer);
         // Convert the buffer to integer and take modulus based on length.
         pin = view.getUint16(0, false) % rejectionRange;
@@ -172,7 +172,7 @@ export class CryptoUtils {
         const view = new DataView(randomBuffer.buffer);
         // Transform bytes to number (big endian).
         pin = view.getUint32(0, false) % rejectionRange;
-      } while (pin > max);  // Reject if the number is outside the desired range.
+      } while (pin > max); // Reject if the number is outside the desired range.
     }
 
     // Pad the PIN with leading zeros to the desired length.

package/dist/cjs/algorithms/aes-ctr.js

@@ -1,188 +0,0 @@
-"use strict";
-var __extends = (this && this.__extends) || (function () {
-    var extendStatics = function (d, b) {
-        extendStatics = Object.setPrototypeOf ||
-            ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
-            function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
-        return extendStatics(d, b);
-    };
-    return function (d, b) {
-        if (typeof b !== "function" && b !== null)
-            throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");
-        extendStatics(d, b);
-        function __() { this.constructor = d; }
-        d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
-    };
-})();
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __generator = (this && this.__generator) || function (thisArg, body) {
-    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
-    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
-    function verb(n) { return function (v) { return step([n, v]); }; }
-    function step(op) {
-        if (f) throw new TypeError("Generator is already executing.");
-        while (g && (g = 0, op[0] && (_ = 0)), _) try {
-            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
-            if (y = 0, t) op = [op[0] & 2, t.value];
-            switch (op[0]) {
-                case 0: case 1: t = op; break;
-                case 4: _.label++; return { value: op[1], done: false };
-                case 5: _.label++; y = op[1]; op = [0]; continue;
-                case 7: op = _.ops.pop(); _.trys.pop(); continue;
-                default:
-                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
-                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
-                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
-                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
-                    if (t[2]) _.ops.pop();
-                    _.trys.pop(); continue;
-            }
-            op = body.call(thisArg, _);
-        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
-        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
-    }
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AesCtrAlgorithm = void 0;
-var aes_ctr_js_1 = require("../primitives/aes-ctr.js");
-var crypto_algorithm_js_1 = require("./crypto-algorithm.js");
-/**
- * The `AesCtrAlgorithm` class provides a concrete implementation for cryptographic operations using
- * the AES algorithm in Counter (CTR) mode. This class implements both {@link Cipher | `Cipher`} and
- * { @link KeyGenerator | `KeyGenerator`} interfaces, providing key generation, encryption, and
- * decryption features.
- *
- * This class is typically accessed through implementations that extend the
- * {@link CryptoApi | `CryptoApi`} interface.
- */
-var AesCtrAlgorithm = /** @class */ (function (_super) {
-    __extends(AesCtrAlgorithm, _super);
-    function AesCtrAlgorithm() {
-        return _super !== null && _super.apply(this, arguments) || this;
-    }
-    /**
-     * Decrypts the provided data using AES-CTR.
-     *
-     * @remarks
-     * This method performs AES-CTR decryption on the given encrypted data using the specified key.
-     * Similar to the encryption process, it requires an initial counter block and the length
-     * of the counter block, along with the encrypted data and the decryption key. The method
-     * returns the decrypted data as a Uint8Array.
-     *
-     * @example
-     * ```ts
-     * const aesCtr = new AesCtrAlgorithm();
-     * const encryptedData = new Uint8Array([...]); // Encrypted data
-     * const counter = new Uint8Array(16); // 16-byte (128-bit) counter block used during encryption
-     * const key = { ... }; // A Jwk object representing the same AES key used for encryption
-     * const decryptedData = await aesCtr.decrypt({
-     *   data: encryptedData,
-     *   counter,
-     *   key,
-     *   length: 128 // Length of the counter in bits
-     * });
-     * ```
-     *
-     * @param params - The parameters for the decryption operation.
-     *
-     * @returns A Promise that resolves to the decrypted data as a Uint8Array.
-     */
-    AesCtrAlgorithm.prototype.decrypt = function (params) {
-        return __awaiter(this, void 0, void 0, function () {
-            var plaintext;
-            return __generator(this, function (_a) {
-                plaintext = aes_ctr_js_1.AesCtr.decrypt(params);
-                return [2 /*return*/, plaintext];
-            });
-        });
-    };
-    /**
-     * Encrypts the provided data using AES-CTR.
-     *
-     * @remarks
-     * This method performs AES-CTR encryption on the given data using the specified key.
-     * It requires the initial counter block and the length of the counter block, alongside
-     * the data and key. The method is designed to work asynchronously and returns the
-     * encrypted data as a Uint8Array.
-     *
-     * @example
-     * ```ts
-     * const aesCtr = new AesCtrAlgorithm();
-     * const data = new TextEncoder().encode('Messsage');
-     * const counter = new Uint8Array(16); // 16-byte (128-bit) counter block
-     * const key = { ... }; // A Jwk object representing an AES key
-     * const encryptedData = await aesCtr.encrypt({
-     *   data,
-     *   counter,
-     *   key,
-     *   length: 128 // Length of the counter in bits
-     * });
-     * ```
-     *
-     * @param params - The parameters for the encryption operation.
-     *
-     * @returns A Promise that resolves to the encrypted data as a Uint8Array.
-     */
-    AesCtrAlgorithm.prototype.encrypt = function (params) {
-        return __awaiter(this, void 0, void 0, function () {
-            var ciphertext;
-            return __generator(this, function (_a) {
-                ciphertext = aes_ctr_js_1.AesCtr.encrypt(params);
-                return [2 /*return*/, ciphertext];
-            });
-        });
-    };
-    /**
-     * Generates a symmetric key for AES in Counter (CTR) mode in JSON Web Key (JWK) format.
-     *
-     * @remarks
-     * This method generates a symmetric AES key for use in CTR mode, based on the specified
-     * `algorithm` parameter which determines the key length. It uses cryptographically secure random
-     * number generation to ensure the uniqueness and security of the key. The key is returned in JWK
-     * format.
-     *
-     * The generated key includes the following components:
-     * - `kty`: Key Type, set to 'oct' for Octet Sequence.
-     * - `k`: The symmetric key component, base64url-encoded.
-     * - `kid`: Key ID, generated based on the JWK thumbprint.
-     *
-     * @example
-     * ```ts
-     * const aesCtr = new AesCtrAlgorithm();
-     * const privateKey = await aesCtr.generateKey({ algorithm: 'A256CTR' });
-     * ```
-     *
-     * @param params - The parameters for the key generation.
-     *
-     * @returns A Promise that resolves to the generated symmetric key in JWK format.
-     */
-    AesCtrAlgorithm.prototype.generateKey = function (_a) {
-        return __awaiter(this, arguments, void 0, function (_b) {
-            var length, privateKey;
-            var algorithm = _b.algorithm;
-            return __generator(this, function (_c) {
-                switch (_c.label) {
-                    case 0:
-                        length = { A128CTR: 128, A192CTR: 192, A256CTR: 256 }[algorithm];
-                        return [4 /*yield*/, aes_ctr_js_1.AesCtr.generateKey({ length: length })];
-                    case 1:
-                        privateKey = _c.sent();
-                        // Set the `alg` property based on the specified algorithm.
-                        privateKey.alg = algorithm;
-                        return [2 /*return*/, privateKey];
-                }
-            });
-        });
-    };
-    return AesCtrAlgorithm;
-}(crypto_algorithm_js_1.CryptoAlgorithm));
-exports.AesCtrAlgorithm = AesCtrAlgorithm;
-//# sourceMappingURL=aes-ctr.js.map

package/dist/cjs/algorithms/aes-ctr.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"aes-ctr.js","sourceRoot":"","sources":["../../../src/algorithms/aes-ctr.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAKA,uDAAkD;AAClD,6DAAwD;AA4BxD;;;;;;;;GAQG;AACH;IAAqC,mCAAe;IAApD;;IAgHA,CAAC;IA5GC;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACU,iCAAO,GAApB,UAAqB,MACS;;;;gBAEtB,SAAS,GAAG,mBAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;gBAEzC,sBAAO,SAAS,EAAC;;;KAClB;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACU,iCAAO,GAApB,UAAqB,MACS;;;;gBAEtB,UAAU,GAAG,mBAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;gBAE1C,sBAAO,UAAU,EAAC;;;KACnB;IAED;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACU,qCAAW,GAAxB;4DAAyB,EACA;;gBADE,SAAS,eAAA;;;;wBAI5B,MAAM,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,SAAS,CAAoB,CAAC;wBAGvE,qBAAM,mBAAM,CAAC,WAAW,CAAC,EAAE,MAAM,QAAA,EAAE,CAAC,EAAA;;wBAAjD,UAAU,GAAG,SAAoC;wBAEvD,2DAA2D;wBAC3D,UAAU,CAAC,GAAG,GAAG,SAAS,CAAC;wBAE3B,sBAAO,UAAU,EAAC;;;;KACnB;IACH,sBAAC;AAAD,CAAC,AAhHD,CAAqC,qCAAe,GAgHnD;AAhHY,0CAAe"}

package/dist/cjs/algorithms/aes-gcm.js

@@ -1,196 +0,0 @@
-"use strict";
-var __extends = (this && this.__extends) || (function () {
-    var extendStatics = function (d, b) {
-        extendStatics = Object.setPrototypeOf ||
-            ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
-            function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
-        return extendStatics(d, b);
-    };
-    return function (d, b) {
-        if (typeof b !== "function" && b !== null)
-            throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");
-        extendStatics(d, b);
-        function __() { this.constructor = d; }
-        d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
-    };
-})();
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __generator = (this && this.__generator) || function (thisArg, body) {
-    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
-    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
-    function verb(n) { return function (v) { return step([n, v]); }; }
-    function step(op) {
-        if (f) throw new TypeError("Generator is already executing.");
-        while (g && (g = 0, op[0] && (_ = 0)), _) try {
-            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
-            if (y = 0, t) op = [op[0] & 2, t.value];
-            switch (op[0]) {
-                case 0: case 1: t = op; break;
-                case 4: _.label++; return { value: op[1], done: false };
-                case 5: _.label++; y = op[1]; op = [0]; continue;
-                case 7: op = _.ops.pop(); _.trys.pop(); continue;
-                default:
-                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
-                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
-                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
-                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
-                    if (t[2]) _.ops.pop();
-                    _.trys.pop(); continue;
-            }
-            op = body.call(thisArg, _);
-        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
-        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
-    }
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AesGcmAlgorithm = void 0;
-var crypto_algorithm_js_1 = require("./crypto-algorithm.js");
-var aes_gcm_js_1 = require("../primitives/aes-gcm.js");
-/**
- * The `AesGcmAlgorithm` class provides a concrete implementation for cryptographic operations using
- * the AES algorithm in Galois/Counter Mode (GCM). This class implements both
- * {@link Cipher | `Cipher`} and { @link KeyGenerator | `KeyGenerator`} interfaces, providing
- * key generation, encryption, and decryption features.
- *
- * This class is typically accessed through implementations that extend the
- * {@link CryptoApi | `CryptoApi`} interface.
- */
-var AesGcmAlgorithm = /** @class */ (function (_super) {
-    __extends(AesGcmAlgorithm, _super);
-    function AesGcmAlgorithm() {
-        return _super !== null && _super.apply(this, arguments) || this;
-    }
-    /**
-     * Decrypts the provided data using AES-GCM.
-     *
-     * @remarks
-     * This method performs AES-GCM decryption on the given encrypted data using the specified key.
-     * It requires an initialization vector (IV), the encrypted data along with the decryption key,
-     * and optionally, additional authenticated data (AAD). The method returns the decrypted data as a
-     * Uint8Array. The optional `tagLength` parameter specifies the size in bits of the authentication
-     * tag used when encrypting the data. If not specified, the default tag length of 128 bits is
-     * used.
-     *
-     * @example
-     * ```ts
-     * const aesGcm = new AesGcmAlgorithm();
-     * const encryptedData = new Uint8Array([...]); // Encrypted data
-     * const iv = new Uint8Array([...]); // Initialization vector used during encryption
-     * const additionalData = new Uint8Array([...]); // Optional additional authenticated data
-     * const key = { ... }; // A Jwk object representing the AES key
-     * const decryptedData = await aesGcm.decrypt({
-     *   data: encryptedData,
-     *   iv,
-     *   additionalData,
-     *   key,
-     *   tagLength: 128 // Optional tag length in bits
-     * });
-     * ```
-     *
-     * @param params - The parameters for the decryption operation.
-     *
-     * @returns A Promise that resolves to the decrypted data as a Uint8Array.
-     */
-    AesGcmAlgorithm.prototype.decrypt = function (params) {
-        return __awaiter(this, void 0, void 0, function () {
-            var plaintext;
-            return __generator(this, function (_a) {
-                plaintext = aes_gcm_js_1.AesGcm.decrypt(params);
-                return [2 /*return*/, plaintext];
-            });
-        });
-    };
-    /**
-     * Encrypts the provided data using AES-GCM.
-     *
-     * @remarks
-     * This method performs AES-GCM encryption on the given data using the specified key.
-     * It requires an initialization vector (IV), the encrypted data along with the decryption key,
-     * and optionally, additional authenticated data (AAD). The method returns the encrypted data as a
-     * Uint8Array. The optional `tagLength` parameter specifies the size in bits of the authentication
-     * tag generated in the encryption operation and used for authentication in the corresponding
-     * decryption. If not specified, the default tag length of 128 bits is used.
-     *
-     * @example
-     * ```ts
-     * const aesGcm = new AesGcmAlgorithm();
-     * const data = new TextEncoder().encode('Messsage');
-     * const iv = new Uint8Array([...]); // Initialization vector
-     * const additionalData = new Uint8Array([...]); // Optional additional authenticated data
-     * const key = { ... }; // A Jwk object representing an AES key
-     * const encryptedData = await aesGcm.encrypt({
-     *   data,
-     *   iv,
-     *   additionalData,
-     *   key,
-     *   tagLength: 128 // Optional tag length in bits
-     * });
-     * ```
-     *
-     * @param params - The parameters for the encryption operation.
-     *
-     * @returns A Promise that resolves to the encrypted data as a Uint8Array.
-     */
-    AesGcmAlgorithm.prototype.encrypt = function (params) {
-        return __awaiter(this, void 0, void 0, function () {
-            var ciphertext;
-            return __generator(this, function (_a) {
-                ciphertext = aes_gcm_js_1.AesGcm.encrypt(params);
-                return [2 /*return*/, ciphertext];
-            });
-        });
-    };
-    /**
-     * Generates a symmetric key for AES in Galois/Counter Mode (GCM) in JSON Web Key (JWK) format.
-     *
-     * @remarks
-     * This method generates a symmetric AES key for use in GCM mode, based on the specified
-     * `algorithm` parameter which determines the key length. It uses cryptographically secure random
-     * number generation to ensure the uniqueness and security of the key. The key is returned in JWK
-     * format.
-     *
-     * The generated key includes the following components:
-     * - `kty`: Key Type, set to 'oct' for Octet Sequence.
-     * - `k`: The symmetric key component, base64url-encoded.
-     * - `kid`: Key ID, generated based on the JWK thumbprint.
-     *
-     * @example
-     * ```ts
-     * const aesGcm = new AesGcmAlgorithm();
-     * const privateKey = await aesGcm.generateKey({ algorithm: 'A256GCM' });
-     * ```
-     *
-     * @param params - The parameters for the key generation.
-     *
-     * @returns A Promise that resolves to the generated symmetric key in JWK format.
-     */
-    AesGcmAlgorithm.prototype.generateKey = function (_a) {
-        return __awaiter(this, arguments, void 0, function (_b) {
-            var length, privateKey;
-            var algorithm = _b.algorithm;
-            return __generator(this, function (_c) {
-                switch (_c.label) {
-                    case 0:
-                        length = { A128GCM: 128, A192GCM: 192, A256GCM: 256 }[algorithm];
-                        return [4 /*yield*/, aes_gcm_js_1.AesGcm.generateKey({ length: length })];
-                    case 1:
-                        privateKey = _c.sent();
-                        // Set the `alg` property based on the specified algorithm.
-                        privateKey.alg = algorithm;
-                        return [2 /*return*/, privateKey];
-                }
-            });
-        });
-    };
-    return AesGcmAlgorithm;
-}(crypto_algorithm_js_1.CryptoAlgorithm));
-exports.AesGcmAlgorithm = AesGcmAlgorithm;
-//# sourceMappingURL=aes-gcm.js.map

package/dist/cjs/algorithms/aes-gcm.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"aes-gcm.js","sourceRoot":"","sources":["../../../src/algorithms/aes-gcm.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAKA,6DAAwD;AACxD,uDAAuE;AAmDvE;;;;;;;;GAQG;AACH;IAAqC,mCAAe;IAApD;;IAwHA,CAAC;IApHC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACU,iCAAO,GAApB,UAAqB,MACS;;;;gBAEtB,SAAS,GAAG,mBAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;gBAEzC,sBAAO,SAAS,EAAC;;;KAClB;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACU,iCAAO,GAApB,UAAqB,MACS;;;;gBAEtB,UAAU,GAAG,mBAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;gBAE1C,sBAAO,UAAU,EAAC;;;KACnB;IAED;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACU,qCAAW,GAAxB;4DAAyB,EACA;;gBADE,SAAS,eAAA;;;;wBAI5B,MAAM,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,SAAS,CAAoB,CAAC;wBAGvE,qBAAM,mBAAM,CAAC,WAAW,CAAC,EAAE,MAAM,QAAA,EAAE,CAAC,EAAA;;wBAAjD,UAAU,GAAG,SAAoC;wBAEvD,2DAA2D;wBAC3D,UAAU,CAAC,GAAG,GAAG,SAAS,CAAC;wBAE3B,sBAAO,UAAU,EAAC;;;;KACnB;IACH,sBAAC;AAAD,CAAC,AAxHD,CAAqC,qCAAe,GAwHnD;AAxHY,0CAAe"}

package/dist/cjs/algorithms/crypto-algorithm.js

@@ -1,13 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.CryptoAlgorithm = void 0;
-/**
- * Base class for all cryptographic algorithm implementations.
- */
-var CryptoAlgorithm = /** @class */ (function () {
-    function CryptoAlgorithm() {
-    }
-    return CryptoAlgorithm;
-}());
-exports.CryptoAlgorithm = CryptoAlgorithm;
-//# sourceMappingURL=crypto-algorithm.js.map