@enbox/crypto 0.0.2 → 0.0.3

package/dist/types/primitives/hkdf.d.ts

@@ -0,0 +1,90 @@
+import type { DeriveKeyBytesParams } from '../types/params-direct.js';
+/**
+ * The object that should be passed into `Hkdf.deriveKeyBytes()`, when using the HKDF algorithm.
+ */
+export type HkdfParams = {
+    /**
+     * A string representing the digest algorithm to use. This may be one of:
+     * - 'SHA-256'
+     * - 'SHA-384'
+     * - 'SHA-512'
+     */
+    hash: 'SHA-256' | 'SHA-384' | 'SHA-512';
+    /**
+     * The salt value to use in the derivation process.
+     *
+     * Ideally, the salt is a random or pseudo-random value with the same length as the output of the
+     * digest function. Unlike the input key material passed into deriveKey(), salt does not need to
+     * be kept secret.
+     *
+     * Note: The {@link https://datatracker.ietf.org/doc/html/rfc5869 | HKDF specification} states
+     *       that adding salt "adds significantly to the strength of HKDF".
+     */
+    salt: string | Uint8Array;
+    /**
+     * Optional application-specific information to use in the HKDF.
+     *
+     * If given, this value is used to bind the derived key to application-specific contextual
+     * information. This makes it possible to derive different keys for different contexts while using
+     * the same input key material.
+     *
+     * If not provided, the `info` value is set to an empty array.
+     *
+     * Note: It is important that the `info` value be independent and unrelated to the input key
+     * material.
+     */
+    info?: string | Uint8Array;
+};
+/**
+ * The `Hkdf` class provides an interface for HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
+ * as defined in RFC 5869.
+ *
+ * Note: The `baseKeyBytes` that will be the input key material for HKDF should be a high-entropy secret
+ * value, such as a cryptographic key. It should be kept confidential and not be derived from a
+ * low-entropy value, such as a password.
+ *
+ * @example
+ * ```ts
+ * const info = new Uint8Array([...]);
+ * const derivedKeyBytes = await Hkdf.deriveKeyBytes({
+ *   baseKeyBytes: new Uint8Array([...]), // Input keying material
+ *   hash: 'SHA-256', // The hash function to use ('SHA-256', 'SHA-384', 'SHA-512')
+ *   salt: new Uint8Array([...]), // The salt value
+ *   info: new Uint8Array([...]), // Optional application-specific information
+ *   length: 256 // The length of the derived key in bits
+ * });
+ * ```
+ */
+export declare class Hkdf {
+    /**
+     * Derives a key using the HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
+     *
+     * This method generates a derived key using a hash function from input keying material given as
+     * `baseKeyBytes`. The length of the derived key can be specified. Optionally, it can also use a salt
+     * and info for the derivation process.
+     *
+     * HKDF is useful in various cryptographic applications and protocols, especially when
+     * there's a need to derive multiple keys from a single source of key material.
+     *
+     * Note: The `baseKeyBytes` that will be the input key material for HKDF should be a high-entropy
+     * secret value, such as a cryptographic key. It should be kept confidential and not be derived
+     * from a low-entropy value, such as a password.
+     *
+     * @example
+     * ```ts
+     * const info = new Uint8Array([...]);
+     * const derivedKeyBytes = await Hkdf.deriveKeyBytes({
+     *   baseKeyBytes: new Uint8Array([...]), // Input keying material
+     *   hash: 'SHA-256', // The hash function to use ('SHA-256', 'SHA-384', 'SHA-512')
+     *   salt: new Uint8Array([...]), // The salt value
+     *   info: new Uint8Array([...]), // Optional application-specific information
+     *   length: 256 // The length of the derived key in bits
+     * });
+     * ```
+     *
+     * @param params - The parameters for key derivation.
+     * @returns A Promise that resolves to the derived key as a byte array.
+     */
+    static deriveKeyBytes({ baseKeyBytes, length, hash, salt, info }: DeriveKeyBytesParams & HkdfParams): Promise<Uint8Array>;
+}
+//# sourceMappingURL=hkdf.d.ts.map

package/dist/types/primitives/hkdf.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hkdf.d.ts","sourceRoot":"","sources":["../../../src/primitives/hkdf.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AAMtE;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG;IACvB;;;;;OAKG;IACH,IAAI,EAAE,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC;IAExC;;;;;;;;;OASG;IACH,IAAI,EAAE,MAAM,GAAG,UAAU,CAAC;IAE1B;;;;;;;;;;;OAWG;IACH,IAAI,CAAC,EAAE,MAAM,GAAG,UAAU,CAAC;CAC5B,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,qBAAa,IAAI;IACf;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA4BG;WACiB,cAAc,CAAC,EAAE,YAAY,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,IAAuB,EAAE,EAC9F,oBAAoB,GAAG,UAAU,GAChC,OAAO,CAAC,UAAU,CAAC;CAuBvB"}

package/dist/types/primitives/pbkdf2.d.ts

@@ -1,3 +1,30 @@
+import type { DeriveKeyBytesParams } from '../types/params-direct.js';
+/**
+ * The object that should be passed into `Pbkdf2.deriveKeyBytes()`, when using the PBKDF2 algorithm.
+ */
+export interface Pbkdf2Params {
+    /**
+     * A string representing the digest algorithm to use. This may be one of:
+     * - 'SHA-256'
+     * - 'SHA-384'
+     * - 'SHA-512'
+     */
+    hash: 'SHA-256' | 'SHA-384' | 'SHA-512';
+    /**
+     * The salt value to use in the derivation process, as a Uint8Array. This should be a random or
+     * pseudo-random value of at least 16 bytes. Unlike the `password`, `salt` does not need to be
+     * kept secret.
+     */
+    salt: Uint8Array;
+    /**
+     * A `Number` representing the number of iterations the hash function will be executed in
+     * `deriveKey()`. This impacts the computational cost of the `deriveKey()` operation, making it
+     * more resistant to dictionary attacks. The higher the number, the more secure, but also slower,
+     * the operation. Choose a value that balances security needs and performance for your
+     * application.
+     */
+    iterations: number;
+}
 /**
  * The object that should be passed into `Pbkdf2.deriveKey()`, when using the PBKDF2 algorithm.
  */
@@ -90,5 +117,36 @@ export declare class Pbkdf2 {
      * @returns A Promise that resolves to the derived key as a Uint8Array.
      */
     static deriveKey({ hash, password, salt, iterations, length }: Pbkdf2DeriveKeyParams): Promise<Uint8Array>;
+    /**
+     * Derives cryptographic key bytes from base key material using the PBKDF2 algorithm.
+     *
+     * @remarks
+     * This method is similar to {@link Pbkdf2.deriveKey | `deriveKey()`} but accepts
+     * raw key bytes (`baseKeyBytes`) instead of a password. It is intended for use cases
+     * where the input key material is already available as a byte array.
+     *
+     * Notes:
+     * - The `baseKeyBytes` that will be the input key material for PBKDF2 is expected to be a
+     *   low-entropy value, such as a password or passphrase. It should be kept confidential.
+     * - In 2023,
+     *   {@link https://web.archive.org/web/20230123232056/https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2
+     *   | OWASP recommended}
+     *   a minimum of 600,000 iterations for PBKDF2-HMAC-SHA256 and 210,000 for PBKDF2-HMAC-SHA512.
+     *
+     * @example
+     * ```ts
+     * const derivedKeyBytes = await Pbkdf2.deriveKeyBytes({
+     *   baseKeyBytes: new TextEncoder().encode('password'),
+     *   hash: 'SHA-256',
+     *   salt: new Uint8Array([...]),
+     *   iterations: 600_000,
+     *   length: 256
+     * });
+     * ```
+     *
+     * @param params - The parameters for key derivation.
+     * @returns A Promise that resolves to the derived key as a byte array.
+     */
+    static deriveKeyBytes({ baseKeyBytes, hash, salt, iterations, length }: DeriveKeyBytesParams & Pbkdf2Params): Promise<Uint8Array>;
 }
 //# sourceMappingURL=pbkdf2.d.ts.map

package/dist/types/primitives/pbkdf2.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"pbkdf2.d.ts","sourceRoot":"","sources":["../../../src/primitives/pbkdf2.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAAG;IAClC;;;;;OAKG;IACH,IAAI,EAAE,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC;IAExC;;OAEG;IACH,QAAQ,EAAE,UAAU,CAAC;IAErB;;;;OAIG;IACH,IAAI,EAAE,UAAU,CAAC;IAEjB;;;;;;OAMG;IACH,UAAU,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,qBAAa,MAAM;IACjB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA6BG;WACiB,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,EACxE,qBAAqB,GACpB,OAAO,CAAC,UAAU,CAAC;CAqBvB"}
+{"version":3,"file":"pbkdf2.d.ts","sourceRoot":"","sources":["../../../src/primitives/pbkdf2.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AAMtE;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B;;;;;OAKG;IACH,IAAI,EAAE,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC;IAExC;;;;OAIG;IACH,IAAI,EAAE,UAAU,CAAC;IAEjB;;;;;;OAMG;IACH,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAAG;IAClC;;;;;OAKG;IACH,IAAI,EAAE,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC;IAExC;;OAEG;IACH,QAAQ,EAAE,UAAU,CAAC;IAErB;;;;OAIG;IACH,IAAI,EAAE,UAAU,CAAC;IAEjB;;;;;;OAMG;IACH,UAAU,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,qBAAa,MAAM;IACjB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA6BG;WACiB,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,EACxE,qBAAqB,GACpB,OAAO,CAAC,UAAU,CAAC;IAsBtB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA6BG;WACiB,cAAc,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,EACjF,oBAAoB,GAAG,YAAY,GAClC,OAAO,CAAC,UAAU,CAAC;CAyBvB"}

package/dist/types/primitives/xchacha20-poly1305.d.ts

@@ -124,6 +124,28 @@ export declare class XChaCha20Poly1305 {
         key: Jwk;
         nonce: Uint8Array;
     }): Promise<Uint8Array>;
+    /**
+     * Decrypts data using XChaCha20-Poly1305 with a raw byte array key.
+     *
+     * @remarks
+     * This is a lower-level method that accepts the key as a raw `Uint8Array` instead of a JWK.
+     * It is useful in scenarios where the key material is already in byte form (e.g., derived
+     * from ECDH + HKDF) and constructing a JWK would add unnecessary overhead.
+     *
+     * @param params - The parameters for the decryption operation.
+     * @param params.data - The encrypted data including the authentication tag.
+     * @param params.keyBytes - The 256-bit (32-byte) decryption key as a Uint8Array.
+     * @param params.nonce - The 24-byte nonce used during encryption.
+     * @param params.additionalData - Optional additional authenticated data.
+     *
+     * @returns A Promise that resolves to the decrypted plaintext as a Uint8Array.
+     */
+    static decryptRaw({ data, keyBytes, nonce, additionalData }: {
+        additionalData?: Uint8Array;
+        data: Uint8Array;
+        keyBytes: Uint8Array;
+        nonce: Uint8Array;
+    }): Promise<Uint8Array>;
     /**
      * Encrypts the provided data using XChaCha20-Poly1305.
      *
@@ -163,6 +185,31 @@ export declare class XChaCha20Poly1305 {
         key: Jwk;
         nonce: Uint8Array;
     }): Promise<Uint8Array>;
+    /**
+     * Encrypts data using XChaCha20-Poly1305 with a raw byte array key.
+     *
+     * @remarks
+     * This is a lower-level method that accepts the key as a raw `Uint8Array` instead of a JWK.
+     * It is useful in scenarios where the key material is already in byte form (e.g., derived
+     * from ECDH + HKDF) and constructing a JWK would add unnecessary overhead.
+     *
+     * The returned `Uint8Array` contains the ciphertext followed by the 16-byte Poly1305
+     * authentication tag.
+     *
+     * @param params - The parameters for the encryption operation.
+     * @param params.data - The plaintext data to encrypt.
+     * @param params.keyBytes - The 256-bit (32-byte) encryption key as a Uint8Array.
+     * @param params.nonce - A 24-byte nonce for the encryption process.
+     * @param params.additionalData - Optional additional authenticated data.
+     *
+     * @returns A Promise that resolves to the ciphertext + authentication tag as a Uint8Array.
+     */
+    static encryptRaw({ data, keyBytes, nonce, additionalData }: {
+        additionalData?: Uint8Array;
+        data: Uint8Array;
+        keyBytes: Uint8Array;
+        nonce: Uint8Array;
+    }): Promise<Uint8Array>;
     /**
      * Generates a symmetric key for XChaCha20-Poly1305 in JSON Web Key (JWK) format.
      *

package/dist/types/primitives/xchacha20-poly1305.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"xchacha20-poly1305.d.ts","sourceRoot":"","sources":["../../../src/primitives/xchacha20-poly1305.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,gBAAgB,CAAC;AAI1C;;;;;;;;GAQG;AACH,eAAO,MAAM,mBAAmB,KAAK,CAAC;AAEtC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AACH,qBAAa,iBAAiB;IAC5B;;;;;;;;;;;;;;;;;;;;;;;OAuBG;WACiB,iBAAiB,CAAC,EAAE,eAAe,EAAE,EAAE;QACzD,eAAe,EAAE,UAAU,CAAC;KAC7B,GAAG,OAAO,CAAC,GAAG,CAAC;IAahB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA+BG;WACiB,OAAO,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;QAChE,cAAc,CAAC,EAAE,UAAU,CAAC;QAC5B,IAAI,EAAE,UAAU,CAAC;QACjB,GAAG,EAAE,GAAG,CAAC;QACT,KAAK,EAAE,UAAU,CAAC;KACnB,GAAG,OAAO,CAAC,UAAU,CAAC;IAUvB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAgCG;WACiB,OAAO,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,cAAc,EAAC,EAAE;QAC/D,cAAc,CAAC,EAAE,UAAU,CAAC;QAC5B,IAAI,EAAE,UAAU,CAAC;QACjB,GAAG,EAAE,GAAG,CAAC;QACT,KAAK,EAAE,UAAU,CAAC;KACnB,GAAG,OAAO,CAAC,UAAU,CAAC;IAUvB;;;;;;;;;;;;;;;;;;;;OAoBG;WACiB,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC;IAkB/C;;;;;;;;;;;;;;;;;OAiBG;WACiB,iBAAiB,CAAC,EAAE,UAAU,EAAE,EAAE;QACpD,UAAU,EAAE,GAAG,CAAC;KACjB,GAAG,OAAO,CAAC,UAAU,CAAC;CAWxB"}
+{"version":3,"file":"xchacha20-poly1305.d.ts","sourceRoot":"","sources":["../../../src/primitives/xchacha20-poly1305.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,gBAAgB,CAAC;AAI1C;;;;;;;;GAQG;AACH,eAAO,MAAM,mBAAmB,KAAK,CAAC;AAEtC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AACH,qBAAa,iBAAiB;IAC5B;;;;;;;;;;;;;;;;;;;;;;;OAuBG;WACiB,iBAAiB,CAAC,EAAE,eAAe,EAAE,EAAE;QACzD,eAAe,EAAE,UAAU,CAAC;KAC7B,GAAG,OAAO,CAAC,GAAG,CAAC;IAahB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA+BG;WACiB,OAAO,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;QAChE,cAAc,CAAC,EAAE,UAAU,CAAC;QAC5B,IAAI,EAAE,UAAU,CAAC;QACjB,GAAG,EAAE,GAAG,CAAC;QACT,KAAK,EAAE,UAAU,CAAC;KACnB,GAAG,OAAO,CAAC,UAAU,CAAC;IAOvB;;;;;;;;;;;;;;;OAeG;WACiB,UAAU,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;QACxE,cAAc,CAAC,EAAE,UAAU,CAAC;QAC5B,IAAI,EAAE,UAAU,CAAC;QACjB,QAAQ,EAAE,UAAU,CAAC;QACrB,KAAK,EAAE,UAAU,CAAC;KACnB,GAAG,OAAO,CAAC,UAAU,CAAC;IAOvB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAgCG;WACiB,OAAO,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;QAChE,cAAc,CAAC,EAAE,UAAU,CAAC;QAC5B,IAAI,EAAE,UAAU,CAAC;QACjB,GAAG,EAAE,GAAG,CAAC;QACT,KAAK,EAAE,UAAU,CAAC;KACnB,GAAG,OAAO,CAAC,UAAU,CAAC;IAOvB;;;;;;;;;;;;;;;;;;OAkBG;WACiB,UAAU,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;QACxE,cAAc,CAAC,EAAE,UAAU,CAAC;QAC5B,IAAI,EAAE,UAAU,CAAC;QACjB,QAAQ,EAAE,UAAU,CAAC;QACrB,KAAK,EAAE,UAAU,CAAC;KACnB,GAAG,OAAO,CAAC,UAAU,CAAC;IAOvB;;;;;;;;;;;;;;;;;;;;OAoBG;WACiB,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC;IAkB/C;;;;;;;;;;;;;;;;;OAiBG;WACiB,iBAAiB,CAAC,EAAE,UAAU,EAAE,EAAE;QACpD,UAAU,EAAE,GAAG,CAAC;KACjB,GAAG,OAAO,CAAC,UAAU,CAAC;CAWxB"}

package/dist/types/types/cipher.d.ts

@@ -1,4 +1,4 @@
-import type { EnclosedEncryptParams, EnclosedDecryptParams } from './params-enclosed.js';
+import type { EnclosedDecryptParams, EnclosedEncryptParams } from './params-enclosed.js';
 /**
  * The `Cipher` interface provides methods for encrypting and decrypting data.
  *

package/dist/types/types/crypto-api.d.ts

@@ -1,8 +1,8 @@
+import type { AsymmetricKeyGenerator } from './key-generator.js';
 import type { Hasher } from './hasher.js';
-import type { Signer } from './signer.js';
 import type { KeyIdentifier } from './identifier.js';
-import type { AsymmetricKeyGenerator } from './key-generator.js';
-import type { KmsSignParams, KmsDigestParams, KmsVerifyParams, KmsGetKeyUriParams, KmsGenerateKeyParams, KmsGetPublicKeyParams } from './params-kms.js';
+import type { Signer } from './signer.js';
+import type { KmsDigestParams, KmsGenerateKeyParams, KmsGetKeyUriParams, KmsGetPublicKeyParams, KmsSignParams, KmsVerifyParams } from './params-kms.js';
 /**
  * The `CryptoApi` interface integrates key generation, hashing, and signing functionalities,
  * designed for use with a Key Management System (KMS). It extends `AsymmetricKeyGenerator` for

package/dist/types/types/crypto-api.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"crypto-api.d.ts","sourceRoot":"","sources":["../../../src/types/crypto-api.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,KAAK,EACV,aAAa,EACb,eAAe,EACf,eAAe,EACf,kBAAkB,EAClB,oBAAoB,EACpB,qBAAqB,EACtB,MAAM,iBAAiB,CAAC;AAEzB;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,WAAW,SAAS,CACxB,gBAAgB,GAAG,oBAAoB,EACvC,iBAAiB,GAAG,aAAa,EACjC,iBAAiB,GAAG,qBAAqB,EACzC,WAAW,GAAG,eAAe,EAC7B,SAAS,GAAG,aAAa,EACzB,WAAW,GAAG,eAAe,CAC7B,SAAQ,sBAAsB,CAAC,gBAAgB,EAAE,iBAAiB,EAAE,iBAAiB,CAAC,EAC9E,MAAM,CAAC,WAAW,CAAC,EACnB,MAAM,CAAC,SAAS,EAAE,WAAW,CAAC;IACtC;;;;;OAKG;IACH,SAAS,CAAC,MAAM,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;CAC/D"}
+{"version":3,"file":"crypto-api.d.ts","sourceRoot":"","sources":["../../../src/types/crypto-api.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,KAAK,EACV,eAAe,EACf,oBAAoB,EACpB,kBAAkB,EAClB,qBAAqB,EACrB,aAAa,EACb,eAAe,EAChB,MAAM,iBAAiB,CAAC;AAEzB;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,WAAW,SAAS,CACxB,gBAAgB,GAAG,oBAAoB,EACvC,iBAAiB,GAAG,aAAa,EACjC,iBAAiB,GAAG,qBAAqB,EACzC,WAAW,GAAG,eAAe,EAC7B,SAAS,GAAG,aAAa,EACzB,WAAW,GAAG,eAAe,CAC7B,SAAQ,sBAAsB,CAAC,gBAAgB,EAAE,iBAAiB,EAAE,iBAAiB,CAAC,EAC9E,MAAM,CAAC,WAAW,CAAC,EACnB,MAAM,CAAC,SAAS,EAAE,WAAW,CAAC;IACtC;;;;;OAKG;IACH,SAAS,CAAC,MAAM,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;CAC/D"}

package/dist/types/types/params-direct.d.ts

@@ -1,10 +1,41 @@
-import type { Jwk } from '../jose/jwk.js';
 import type { AlgorithmIdentifier } from './identifier.js';
+import type { Jwk } from '../jose/jwk.js';
+/**
+ * Parameters for converting raw private key bytes to a JWK.
+ */
+export interface BytesToPrivateKeyParams {
+    /** The algorithm identifier. */
+    algorithm: AlgorithmIdentifier;
+    /** The raw private key bytes. */
+    privateKeyBytes: Uint8Array;
+}
+/**
+ * Parameters for converting raw public key bytes to a JWK.
+ */
+export interface BytesToPublicKeyParams {
+    /** The algorithm identifier. */
+    algorithm: AlgorithmIdentifier;
+    /** The raw public key bytes. */
+    publicKeyBytes: Uint8Array;
+}
 /**
  * Parameters for computing a public key.
  */
 export interface ComputePublicKeyParams extends GetPublicKeyParams {
 }
+/**
+ * Parameters for encryption and decryption operations.
+ *
+ * Intended for use with a Key Management System.
+ */
+export interface CipherParams {
+    /** A {@link Jwk} containing the key to be used for encryption or decryption. */
+    key: Jwk;
+    /** Data to be encrypted or decrypted. */
+    data: Uint8Array;
+    /** Additional algorithm-specific parameters for encryption or decryption. */
+    [key: string]: unknown;
+}
 /**
  * Parameters for decrypting data.
  */
@@ -35,6 +66,15 @@ export interface DeriveKeyParams {
     /** An object defining the algorithm-specific parameters for the derived key. */
     derivedKeyParams: unknown;
 }
+/**
+ * Parameters for derivation of cryptographic byte arrays.
+ */
+export interface DeriveKeyBytesParams {
+    /** The base key to be used for derivation as a byte array. */
+    baseKeyBytes: Uint8Array;
+    /** The desired length of the derived key in bits. */
+    length: number;
+}
 /**
  * Parameters for computing a hash digest.
  */
@@ -76,6 +116,33 @@ export interface SignParams {
     /** Data to be signed. */
     data: Uint8Array;
 }
+/**
+ * Parameters for converting a private key JWK to raw bytes.
+ */
+export interface PrivateKeyToBytesParams {
+    /** The private key in JWK format. */
+    privateKey: Jwk;
+}
+/**
+ * Parameters for converting a public key JWK to raw bytes.
+ */
+export interface PublicKeyToBytesParams {
+    /** The public key in JWK format. */
+    publicKey: Jwk;
+}
+/**
+ * Parameters for unwrapping a key.
+ */
+export interface UnwrapKeyParams {
+    /** A {@link Jwk} containing the key used to decrypt the unwrapped key. */
+    decryptionKey: Jwk;
+    /** The wrapped private key as a byte array. */
+    wrappedKeyBytes: Uint8Array;
+    /** The algorithm identifier of the key encrypted in `wrappedKeyBytes`. */
+    wrappedKeyAlgorithm: string;
+    /** An object defining the algorithm-specific parameters for decrypting the `wrappedKeyBytes`. */
+    decryptParams?: unknown;
+}
 /**
  * Parameters for verifying a signature.
  */
@@ -87,4 +154,15 @@ export interface VerifyParams {
     /** The data associated with the signature. */
     data: Uint8Array;
 }
+/**
+ * Parameters for wrapping a key.
+ */
+export interface WrapKeyParams {
+    /** A {@link Jwk} containing the key used to encrypt the unwrapped key. */
+    encryptionKey: Jwk;
+    /** A {@link Jwk} containing the private key to be wrapped. */
+    unwrappedKey: Jwk;
+    /** An object defining the algorithm-specific parameters for encrypting the `unwrappedKey`. */
+    encryptParams?: unknown;
+}
 //# sourceMappingURL=params-direct.d.ts.map

package/dist/types/types/params-direct.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"params-direct.d.ts","sourceRoot":"","sources":["../../../src/types/params-direct.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,gBAAgB,CAAC;AAC1C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAE3D;;GAEG;AACH,MAAM,WAAW,sBAAuB,SAAQ,kBAAkB;CAAI;AAEtE;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,kEAAkE;IAClE,GAAG,EAAE,GAAG,CAAC;IAET,4BAA4B;IAC5B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,uEAAuE;IACvE,GAAG,EAAE,GAAG,CAAC;IAET;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,uEAAuE;IACvE,GAAG,EAAE,GAAG,CAAC;IAET,gFAAgF;IAChF,gBAAgB,EAAE,OAAO,CAAA;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,gCAAgC;IAChC,SAAS,EAAE,mBAAmB,CAAC;IAE/B,2BAA2B;IAC3B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,kEAAkE;IAClE,GAAG,EAAE,GAAG,CAAC;IAET,4BAA4B;IAC5B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,gCAAgC;IAChC,SAAS,EAAE,mBAAmB,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,4EAA4E;IAC5E,GAAG,EAAE,GAAG,CAAC;CACV;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,yDAAyD;IACzD,GAAG,EAAE,GAAG,CAAC;IAET,yBAAyB;IACzB,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,8DAA8D;IAC9D,GAAG,EAAE,GAAG,CAAC;IAET,+BAA+B;IAC/B,SAAS,EAAE,UAAU,CAAC;IAEtB,8CAA8C;IAC9C,IAAI,EAAE,UAAU,CAAC;CAClB"}
+{"version":3,"file":"params-direct.d.ts","sourceRoot":"","sources":["../../../src/types/params-direct.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAC3D,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,gBAAgB,CAAC;AAE1C;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,gCAAgC;IAChC,SAAS,EAAE,mBAAmB,CAAC;IAE/B,iCAAiC;IACjC,eAAe,EAAE,UAAU,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,gCAAgC;IAChC,SAAS,EAAE,mBAAmB,CAAC;IAE/B,gCAAgC;IAChC,cAAc,EAAE,UAAU,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,sBAAuB,SAAQ,kBAAkB;CAAI;AAEtE;;;;GAIG;AACH,MAAM,WAAW,YAAY;IAC3B,gFAAgF;IAChF,GAAG,EAAE,GAAG,CAAC;IAET,yCAAyC;IACzC,IAAI,EAAE,UAAU,CAAC;IAEjB,6EAA6E;IAC7E,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,kEAAkE;IAClE,GAAG,EAAE,GAAG,CAAC;IAET,4BAA4B;IAC5B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,uEAAuE;IACvE,GAAG,EAAE,GAAG,CAAC;IAET;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,uEAAuE;IACvE,GAAG,EAAE,GAAG,CAAC;IAET,gFAAgF;IAChF,gBAAgB,EAAE,OAAO,CAAA;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,8DAA8D;IAC9D,YAAY,EAAE,UAAU,CAAC;IAEzB,qDAAqD;IACrD,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,gCAAgC;IAChC,SAAS,EAAE,mBAAmB,CAAC;IAE/B,2BAA2B;IAC3B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,kEAAkE;IAClE,GAAG,EAAE,GAAG,CAAC;IAET,4BAA4B;IAC5B,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,gCAAgC;IAChC,SAAS,EAAE,mBAAmB,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,4EAA4E;IAC5E,GAAG,EAAE,GAAG,CAAC;CACV;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,yDAAyD;IACzD,GAAG,EAAE,GAAG,CAAC;IAET,yBAAyB;IACzB,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,qCAAqC;IACrC,UAAU,EAAE,GAAG,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,oCAAoC;IACpC,SAAS,EAAE,GAAG,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,0EAA0E;IAC1E,aAAa,EAAE,GAAG,CAAC;IAEnB,+CAA+C;IAC/C,eAAe,EAAE,UAAU,CAAC;IAE5B,0EAA0E;IAC1E,mBAAmB,EAAE,MAAM,CAAC;IAE5B,iGAAiG;IACjG,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,8DAA8D;IAC9D,GAAG,EAAE,GAAG,CAAC;IAET,+BAA+B;IAC/B,SAAS,EAAE,UAAU,CAAC;IAEtB,8CAA8C;IAC9C,IAAI,EAAE,UAAU,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,0EAA0E;IAC1E,aAAa,EAAE,GAAG,CAAC;IAEnB,8DAA8D;IAC9D,YAAY,EAAE,GAAG,CAAC;IAElB,8FAA8F;IAC9F,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB"}

package/dist/utils.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
-  "sources": ["../../../node_modules/.pnpm/@noble+hashes@1.4.0/node_modules/@noble/hashes/src/crypto.ts", "../../../node_modules/.pnpm/@noble+hashes@1.4.0/node_modules/@noble/hashes/src/utils.ts", "../src/utils.ts"],
-  "sourcesContent": ["// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.\n// See utils.ts for details.\ndeclare const globalThis: Record<string, any> | undefined;\nexport const crypto =\n  typeof globalThis === 'object' && 'crypto' in globalThis ? globalThis.crypto : undefined;\n", "/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n\n// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.\n// node.js versions earlier than v19 don't declare it in global scope.\n// For node.js, package.json#exports field mapping rewrites import\n// from `crypto` to `cryptoNode`, which imports native module.\n// Makes the utils un-importable in browsers without a bundler.\n// Once node.js 18 is deprecated (2025-04-30), we can just drop the import.\nimport { crypto } from '@noble/hashes/crypto';\nimport { bytes as abytes } from './_assert.js';\n// export { isBytes } from './_assert.js';\n// We can't reuse isBytes from _assert, because somehow this causes huge perf issues\nexport function isBytes(a: unknown): a is Uint8Array {\n  return (\n    a instanceof Uint8Array ||\n    (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array')\n  );\n}\n\n// prettier-ignore\nexport type TypedArray = Int8Array | Uint8ClampedArray | Uint8Array |\n  Uint16Array | Int16Array | Uint32Array | Int32Array;\n\n// Cast array to different type\nexport const u8 = (arr: TypedArray) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);\nexport const u32 = (arr: TypedArray) =>\n  new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));\n\n// Cast array to view\nexport const createView = (arr: TypedArray) =>\n  new DataView(arr.buffer, arr.byteOffset, arr.byteLength);\n\n// The rotate right (circular right shift) operation for uint32\nexport const rotr = (word: number, shift: number) => (word << (32 - shift)) | (word >>> shift);\n// The rotate left (circular left shift) operation for uint32\nexport const rotl = (word: number, shift: number) =>\n  (word << shift) | ((word >>> (32 - shift)) >>> 0);\n\nexport const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;\n// The byte swap operation for uint32\nexport const byteSwap = (word: number) =>\n  ((word << 24) & 0xff000000) |\n  ((word << 8) & 0xff0000) |\n  ((word >>> 8) & 0xff00) |\n  ((word >>> 24) & 0xff);\n// Conditionally byte swap if on a big-endian platform\nexport const byteSwapIfBE = isLE ? (n: number) => n : (n: number) => byteSwap(n);\n\n// In place byte swap for Uint32Array\nexport function byteSwap32(arr: Uint32Array) {\n  for (let i = 0; i < arr.length; i++) {\n    arr[i] = byteSwap(arr[i]);\n  }\n}\n\n// Array where index 0xf0 (240) is mapped to string 'f0'\nconst hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) =>\n  i.toString(16).padStart(2, '0')\n);\n/**\n * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'\n */\nexport function bytesToHex(bytes: Uint8Array): string {\n  abytes(bytes);\n  // pre-caching improves the speed 6x\n  let hex = '';\n  for (let i = 0; i < bytes.length; i++) {\n    hex += hexes[bytes[i]];\n  }\n  return hex;\n}\n\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 } as const;\nfunction asciiToBase16(char: number): number | undefined {\n  if (char >= asciis._0 && char <= asciis._9) return char - asciis._0;\n  if (char >= asciis._A && char <= asciis._F) return char - (asciis._A - 10);\n  if (char >= asciis._a && char <= asciis._f) return char - (asciis._a - 10);\n  return;\n}\n\n/**\n * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n */\nexport function hexToBytes(hex: string): Uint8Array {\n  if (typeof hex !== 'string') throw new Error('hex string expected, got ' + typeof hex);\n  const hl = hex.length;\n  const al = hl / 2;\n  if (hl % 2) throw new Error('padded hex string expected, got unpadded hex of length ' + hl);\n  const array = new Uint8Array(al);\n  for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n    const n1 = asciiToBase16(hex.charCodeAt(hi));\n    const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n    if (n1 === undefined || n2 === undefined) {\n      const char = hex[hi] + hex[hi + 1];\n      throw new Error('hex string expected, got non-hex character \"' + char + '\" at index ' + hi);\n    }\n    array[ai] = n1 * 16 + n2;\n  }\n  return array;\n}\n\n// There is no setImmediate in browser and setTimeout is slow.\n// call of async fn will return Promise, which will be fullfiled only on\n// next scheduler queue processing step and this is exactly what we need.\nexport const nextTick = async () => {};\n\n// Returns control to thread each 'tick' ms to avoid blocking\nexport async function asyncLoop(iters: number, tick: number, cb: (i: number) => void) {\n  let ts = Date.now();\n  for (let i = 0; i < iters; i++) {\n    cb(i);\n    // Date.now() is not monotonic, so in case if clock goes backwards we return return control too\n    const diff = Date.now() - ts;\n    if (diff >= 0 && diff < tick) continue;\n    await nextTick();\n    ts += diff;\n  }\n}\n\n// Global symbols in both browsers and Node.js since v11\n// See https://github.com/microsoft/TypeScript/issues/31535\ndeclare const TextEncoder: any;\n\n/**\n * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])\n */\nexport function utf8ToBytes(str: string): Uint8Array {\n  if (typeof str !== 'string') throw new Error(`utf8ToBytes expected string, got ${typeof str}`);\n  return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809\n}\n\nexport type Input = Uint8Array | string;\n/**\n * Normalizes (non-hex) string or Uint8Array to Uint8Array.\n * Warning: when Uint8Array is passed, it would NOT get copied.\n * Keep in mind for future mutable operations.\n */\nexport function toBytes(data: Input): Uint8Array {\n  if (typeof data === 'string') data = utf8ToBytes(data);\n  abytes(data);\n  return data;\n}\n\n/**\n * Copies several Uint8Arrays into one.\n */\nexport function concatBytes(...arrays: Uint8Array[]): Uint8Array {\n  let sum = 0;\n  for (let i = 0; i < arrays.length; i++) {\n    const a = arrays[i];\n    abytes(a);\n    sum += a.length;\n  }\n  const res = new Uint8Array(sum);\n  for (let i = 0, pad = 0; i < arrays.length; i++) {\n    const a = arrays[i];\n    res.set(a, pad);\n    pad += a.length;\n  }\n  return res;\n}\n\n// For runtime check if class implements interface\nexport abstract class Hash<T extends Hash<T>> {\n  abstract blockLen: number; // Bytes per block\n  abstract outputLen: number; // Bytes in output\n  abstract update(buf: Input): this;\n  // Writes digest into buf\n  abstract digestInto(buf: Uint8Array): void;\n  abstract digest(): Uint8Array;\n  /**\n   * Resets internal state. Makes Hash instance unusable.\n   * Reset is impossible for keyed hashes if key is consumed into state. If digest is not consumed\n   * by user, they will need to manually call `destroy()` when zeroing is necessary.\n   */\n  abstract destroy(): void;\n  /**\n   * Clones hash instance. Unsafe: doesn't check whether `to` is valid. Can be used as `clone()`\n   * when no options are passed.\n   * Reasons to use `_cloneInto` instead of clone: 1) performance 2) reuse instance => all internal\n   * buffers are overwritten => causes buffer overwrite which is used for digest in some cases.\n   * There are no guarantees for clean-up because it's impossible in JS.\n   */\n  abstract _cloneInto(to?: T): T;\n  // Safe version that clones internal state\n  clone(): T {\n    return this._cloneInto();\n  }\n}\n\n/**\n * XOF: streaming API to read digest in chunks.\n * Same as 'squeeze' in keccak/k12 and 'seek' in blake3, but more generic name.\n * When hash used in XOF mode it is up to user to call '.destroy' afterwards, since we cannot\n * destroy state, next call can require more bytes.\n */\nexport type HashXOF<T extends Hash<T>> = Hash<T> & {\n  xof(bytes: number): Uint8Array; // Read 'bytes' bytes from digest stream\n  xofInto(buf: Uint8Array): Uint8Array; // read buf.length bytes from digest stream into buf\n};\n\nconst toStr = {}.toString;\ntype EmptyObj = {};\nexport function checkOpts<T1 extends EmptyObj, T2 extends EmptyObj>(\n  defaults: T1,\n  opts?: T2\n): T1 & T2 {\n  if (opts !== undefined && toStr.call(opts) !== '[object Object]')\n    throw new Error('Options should be object or undefined');\n  const merged = Object.assign(defaults, opts);\n  return merged as T1 & T2;\n}\n\nexport type CHash = ReturnType<typeof wrapConstructor>;\n\nexport function wrapConstructor<T extends Hash<T>>(hashCons: () => Hash<T>) {\n  const hashC = (msg: Input): Uint8Array => hashCons().update(toBytes(msg)).digest();\n  const tmp = hashCons();\n  hashC.outputLen = tmp.outputLen;\n  hashC.blockLen = tmp.blockLen;\n  hashC.create = () => hashCons();\n  return hashC;\n}\n\nexport function wrapConstructorWithOpts<H extends Hash<H>, T extends Object>(\n  hashCons: (opts?: T) => Hash<H>\n) {\n  const hashC = (msg: Input, opts?: T): Uint8Array => hashCons(opts).update(toBytes(msg)).digest();\n  const tmp = hashCons({} as T);\n  hashC.outputLen = tmp.outputLen;\n  hashC.blockLen = tmp.blockLen;\n  hashC.create = (opts: T) => hashCons(opts);\n  return hashC;\n}\n\nexport function wrapXOFConstructorWithOpts<H extends HashXOF<H>, T extends Object>(\n  hashCons: (opts?: T) => HashXOF<H>\n) {\n  const hashC = (msg: Input, opts?: T): Uint8Array => hashCons(opts).update(toBytes(msg)).digest();\n  const tmp = hashCons({} as T);\n  hashC.outputLen = tmp.outputLen;\n  hashC.blockLen = tmp.blockLen;\n  hashC.create = (opts: T) => hashCons(opts);\n  return hashC;\n}\n\n/**\n * Secure PRNG. Uses `crypto.getRandomValues`, which defers to OS.\n */\nexport function randomBytes(bytesLength = 32): Uint8Array {\n  if (crypto && typeof crypto.getRandomValues === 'function') {\n    return crypto.getRandomValues(new Uint8Array(bytesLength));\n  }\n  throw new Error('crypto.getRandomValues must be defined');\n}\n", "import type { Jwk } from './jose/jwk.js';\n\nimport { crypto } from '@noble/hashes/crypto';\nimport { randomBytes as nobleRandomBytes } from '@noble/hashes/utils';\n\n/**\n * A collection of cryptographic utility methods.\n */\nexport class CryptoUtils {\n\n  /**\n   * Determines the JOSE algorithm identifier of the digital signature algorithm based on the `alg` or\n   * `crv` property of a {@link Jwk | JWK}.\n   *\n   * If the `alg` property is present, its value takes precedence and is returned. Otherwise, the\n   * `crv` property is used to determine the algorithm.\n   *\n   * @memberof CryptoUtils\n   * @see {@link https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms | JOSE Algorithms}\n   * @see {@link https://datatracker.ietf.org/doc/draft-ietf-jose-fully-specified-algorithms/ | Fully-Specified Algorithms for JOSE and COSE}\n   *\n   * @example\n   * ```ts\n   * const publicKey: Jwk = {\n   *   \"kty\": \"OKP\",\n   *   \"crv\": \"Ed25519\",\n   *   \"x\": \"FEJG7OakZi500EydXxuE8uMc8uaAzEJkmQeG8khXANw\"\n   * }\n   * const algorithm = getJoseSignatureAlgorithmFromPublicKey(publicKey);\n   * console.log(algorithm); // Output: \"EdDSA\"\n   * ```\n   * @param publicKey - A JWK containing the `alg` and/or `crv` properties.\n   * @returns The name of the algorithm associated with the key.\n   * @throws Error if the algorithm cannot be determined from the provided input.\n   */\n  static getJoseSignatureAlgorithmFromPublicKey(publicKey: Jwk): string {\n    const curveToJoseAlgorithm: Record<string, string> = {\n      'Ed25519'   : 'EdDSA',\n      'P-256'     : 'ES256',\n      'P-384'     : 'ES384',\n      'P-521'     : 'ES512',\n      'secp256k1' : 'ES256K',\n    };\n\n    // If the key contains an `alg` property that matches a JOSE registered algorithm identifier,\n    // return its value.\n    if (publicKey.alg && Object.values(curveToJoseAlgorithm).includes(publicKey.alg)) {\n      return publicKey.alg;\n    }\n\n    // If the key contains a `crv` property, return the corresponding algorithm.\n    if (publicKey.crv && Object.keys(curveToJoseAlgorithm).includes(publicKey.crv)) {\n      return curveToJoseAlgorithm[publicKey.crv];\n    }\n\n    throw new Error(\n      `Unable to determine algorithm based on provided input: alg=${publicKey.alg}, crv=${publicKey.crv}. ` +\n      `Supported 'alg' values: ${Object.values(curveToJoseAlgorithm).join(', ')}. ` +\n      `Supported 'crv' values: ${Object.keys(curveToJoseAlgorithm).join(', ')}.`\n    );\n  }\n\n  /**\n   * Generates secure pseudorandom values of the specified length using\n   * `crypto.getRandomValues`, which defers to the operating system.\n   *\n   * @memberof CryptoUtils\n   * @remarks\n   * This function is a wrapper around `randomBytes` from the '@noble/hashes'\n   * package. It's designed to be cryptographically strong, suitable for\n   * generating initialization vectors, nonces, and other random values.\n   *\n   * @see {@link https://www.npmjs.com/package/@noble/hashes | @noble/hashes on NPM} for more\n   * information about the underlying implementation.\n   *\n   * @example\n   * ```ts\n   * const bytes = randomBytes(32); // Generates 32 random bytes\n   * ```\n   *\n   * @param bytesLength - The number of bytes to generate.\n   * @returns A Uint8Array containing the generated random bytes.\n   */\n  static randomBytes(bytesLength: number): Uint8Array {\n    return nobleRandomBytes(bytesLength);\n  }\n\n  /**\n   * Generates a UUID (Universally Unique Identifier) using a\n   * cryptographically strong random number generator following\n   * the version 4 format, as specified in RFC 4122.\n   *\n   * A version 4 UUID is a randomly generated UUID. The 13th character\n   * is set to '4' to denote version 4, and the 17th character is one\n   * of '8', '9', 'A', or 'B' to comply with the variant 1 format of\n   * UUIDs (the high bits are set to '10').\n   *\n   * The UUID is a 36 character string, including hyphens, and looks like this:\n   * xxxxxxxx-xxxx-4xxx-axxx-xxxxxxxxxxxx\n   *\n   * Note that while UUIDs are not guaranteed to be unique, they are\n   * practically unique\" given the large number of possible UUIDs and\n   * the randomness of generation.\n   * @memberof CryptoUtils\n   * @example\n   * ```ts\n   * const uuid = randomUuid();\n   * console.log(uuid); // Outputs a version 4 UUID, e.g., '123e4567-e89b-12d3-a456-426655440000'\n   * ```\n   *\n   * @returns A string containing a randomly generated, 36 character long v4 UUID.\n   */\n  static randomUuid(): string {\n    const uuid = crypto.randomUUID();\n\n    return uuid;\n  }\n\n\n  /**\n   * Generates a secure random PIN (Personal Identification Number) of a\n   * specified length.\n   *\n   * This function ensures that the generated PIN is cryptographically secure and\n   * uniformly distributed by using rejection sampling. It repeatedly generates\n   * random numbers until it gets one in the desired range [0, max]. This avoids\n   * bias introduced by simply taking the modulus or truncating the number.\n   *\n   * Note: The function can generate PINs of 3 to 10 digits in length.\n   * Any request for a PIN outside this range will result in an error.\n   *\n   * Example usage:\n   *\n   * ```ts\n   * const pin = randomPin({ length: 4 });\n   * console.log(pin); // Outputs a 4-digit PIN, e.g., \"0231\"\n   * ```\n   * @memberof CryptoUtils\n   * @param options - The options object containing the desired length of the generated PIN.\n   * @param options.length - The desired length of the generated PIN. The value should be\n   *                         an integer between 3 and 8 inclusive.\n   *\n   * @returns A string representing the generated PIN. The PIN will be zero-padded\n   *          to match the specified length, if necessary.\n   *\n   * @throws Will throw an error if the requested PIN length is less than 3 or greater than 8.\n   */\n  static randomPin({ length }: { length: number }): string {\n    if (3 > length || length > 10) {\n      throw new Error('randomPin() can securely generate a PIN between 3 to 10 digits.');\n    }\n\n    const max = Math.pow(10, length) - 1;\n\n    let pin;\n\n    if (length <= 6) {\n      const rejectionRange = Math.pow(10, length);\n      do {\n        // Adjust the byte generation based on length.\n        const randomBuffer = CryptoUtils.randomBytes(Math.ceil(length / 2) );  // 2 digits per byte.\n        const view = new DataView(randomBuffer.buffer);\n        // Convert the buffer to integer and take modulus based on length.\n        pin = view.getUint16(0, false) % rejectionRange;\n      } while (pin > max);\n    } else {\n      const rejectionRange = Math.pow(10, 10); // For max 10 digit number.\n      do {\n      // Generates 4 random bytes.\n        const randomBuffer = CryptoUtils.randomBytes(4);\n        // Create a DataView to read from the randomBuffer.\n        const view = new DataView(randomBuffer.buffer);\n        // Transform bytes to number (big endian).\n        pin = view.getUint32(0, false) % rejectionRange;\n      } while (pin > max);  // Reject if the number is outside the desired range.\n    }\n\n    // Pad the PIN with leading zeros to the desired length.\n    return pin.toString().padStart(length, '0');\n  }\n}\n"],
+  "sources": ["../../../node_modules/.bun/@noble+hashes@1.4.0/node_modules/@noble/hashes/src/crypto.ts", "../../../node_modules/.bun/@noble+hashes@1.4.0/node_modules/@noble/hashes/src/utils.ts", "../src/utils.ts"],
+  "sourcesContent": ["// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.\n// See utils.ts for details.\ndeclare const globalThis: Record<string, any> | undefined;\nexport const crypto =\n  typeof globalThis === 'object' && 'crypto' in globalThis ? globalThis.crypto : undefined;\n", "/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n\n// We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.\n// node.js versions earlier than v19 don't declare it in global scope.\n// For node.js, package.json#exports field mapping rewrites import\n// from `crypto` to `cryptoNode`, which imports native module.\n// Makes the utils un-importable in browsers without a bundler.\n// Once node.js 18 is deprecated (2025-04-30), we can just drop the import.\nimport { crypto } from '@noble/hashes/crypto';\nimport { bytes as abytes } from './_assert.js';\n// export { isBytes } from './_assert.js';\n// We can't reuse isBytes from _assert, because somehow this causes huge perf issues\nexport function isBytes(a: unknown): a is Uint8Array {\n  return (\n    a instanceof Uint8Array ||\n    (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array')\n  );\n}\n\n// prettier-ignore\nexport type TypedArray = Int8Array | Uint8ClampedArray | Uint8Array |\n  Uint16Array | Int16Array | Uint32Array | Int32Array;\n\n// Cast array to different type\nexport const u8 = (arr: TypedArray) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);\nexport const u32 = (arr: TypedArray) =>\n  new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));\n\n// Cast array to view\nexport const createView = (arr: TypedArray) =>\n  new DataView(arr.buffer, arr.byteOffset, arr.byteLength);\n\n// The rotate right (circular right shift) operation for uint32\nexport const rotr = (word: number, shift: number) => (word << (32 - shift)) | (word >>> shift);\n// The rotate left (circular left shift) operation for uint32\nexport const rotl = (word: number, shift: number) =>\n  (word << shift) | ((word >>> (32 - shift)) >>> 0);\n\nexport const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;\n// The byte swap operation for uint32\nexport const byteSwap = (word: number) =>\n  ((word << 24) & 0xff000000) |\n  ((word << 8) & 0xff0000) |\n  ((word >>> 8) & 0xff00) |\n  ((word >>> 24) & 0xff);\n// Conditionally byte swap if on a big-endian platform\nexport const byteSwapIfBE = isLE ? (n: number) => n : (n: number) => byteSwap(n);\n\n// In place byte swap for Uint32Array\nexport function byteSwap32(arr: Uint32Array) {\n  for (let i = 0; i < arr.length; i++) {\n    arr[i] = byteSwap(arr[i]);\n  }\n}\n\n// Array where index 0xf0 (240) is mapped to string 'f0'\nconst hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) =>\n  i.toString(16).padStart(2, '0')\n);\n/**\n * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'\n */\nexport function bytesToHex(bytes: Uint8Array): string {\n  abytes(bytes);\n  // pre-caching improves the speed 6x\n  let hex = '';\n  for (let i = 0; i < bytes.length; i++) {\n    hex += hexes[bytes[i]];\n  }\n  return hex;\n}\n\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 } as const;\nfunction asciiToBase16(char: number): number | undefined {\n  if (char >= asciis._0 && char <= asciis._9) return char - asciis._0;\n  if (char >= asciis._A && char <= asciis._F) return char - (asciis._A - 10);\n  if (char >= asciis._a && char <= asciis._f) return char - (asciis._a - 10);\n  return;\n}\n\n/**\n * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n */\nexport function hexToBytes(hex: string): Uint8Array {\n  if (typeof hex !== 'string') throw new Error('hex string expected, got ' + typeof hex);\n  const hl = hex.length;\n  const al = hl / 2;\n  if (hl % 2) throw new Error('padded hex string expected, got unpadded hex of length ' + hl);\n  const array = new Uint8Array(al);\n  for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n    const n1 = asciiToBase16(hex.charCodeAt(hi));\n    const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n    if (n1 === undefined || n2 === undefined) {\n      const char = hex[hi] + hex[hi + 1];\n      throw new Error('hex string expected, got non-hex character \"' + char + '\" at index ' + hi);\n    }\n    array[ai] = n1 * 16 + n2;\n  }\n  return array;\n}\n\n// There is no setImmediate in browser and setTimeout is slow.\n// call of async fn will return Promise, which will be fullfiled only on\n// next scheduler queue processing step and this is exactly what we need.\nexport const nextTick = async () => {};\n\n// Returns control to thread each 'tick' ms to avoid blocking\nexport async function asyncLoop(iters: number, tick: number, cb: (i: number) => void) {\n  let ts = Date.now();\n  for (let i = 0; i < iters; i++) {\n    cb(i);\n    // Date.now() is not monotonic, so in case if clock goes backwards we return return control too\n    const diff = Date.now() - ts;\n    if (diff >= 0 && diff < tick) continue;\n    await nextTick();\n    ts += diff;\n  }\n}\n\n// Global symbols in both browsers and Node.js since v11\n// See https://github.com/microsoft/TypeScript/issues/31535\ndeclare const TextEncoder: any;\n\n/**\n * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])\n */\nexport function utf8ToBytes(str: string): Uint8Array {\n  if (typeof str !== 'string') throw new Error(`utf8ToBytes expected string, got ${typeof str}`);\n  return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809\n}\n\nexport type Input = Uint8Array | string;\n/**\n * Normalizes (non-hex) string or Uint8Array to Uint8Array.\n * Warning: when Uint8Array is passed, it would NOT get copied.\n * Keep in mind for future mutable operations.\n */\nexport function toBytes(data: Input): Uint8Array {\n  if (typeof data === 'string') data = utf8ToBytes(data);\n  abytes(data);\n  return data;\n}\n\n/**\n * Copies several Uint8Arrays into one.\n */\nexport function concatBytes(...arrays: Uint8Array[]): Uint8Array {\n  let sum = 0;\n  for (let i = 0; i < arrays.length; i++) {\n    const a = arrays[i];\n    abytes(a);\n    sum += a.length;\n  }\n  const res = new Uint8Array(sum);\n  for (let i = 0, pad = 0; i < arrays.length; i++) {\n    const a = arrays[i];\n    res.set(a, pad);\n    pad += a.length;\n  }\n  return res;\n}\n\n// For runtime check if class implements interface\nexport abstract class Hash<T extends Hash<T>> {\n  abstract blockLen: number; // Bytes per block\n  abstract outputLen: number; // Bytes in output\n  abstract update(buf: Input): this;\n  // Writes digest into buf\n  abstract digestInto(buf: Uint8Array): void;\n  abstract digest(): Uint8Array;\n  /**\n   * Resets internal state. Makes Hash instance unusable.\n   * Reset is impossible for keyed hashes if key is consumed into state. If digest is not consumed\n   * by user, they will need to manually call `destroy()` when zeroing is necessary.\n   */\n  abstract destroy(): void;\n  /**\n   * Clones hash instance. Unsafe: doesn't check whether `to` is valid. Can be used as `clone()`\n   * when no options are passed.\n   * Reasons to use `_cloneInto` instead of clone: 1) performance 2) reuse instance => all internal\n   * buffers are overwritten => causes buffer overwrite which is used for digest in some cases.\n   * There are no guarantees for clean-up because it's impossible in JS.\n   */\n  abstract _cloneInto(to?: T): T;\n  // Safe version that clones internal state\n  clone(): T {\n    return this._cloneInto();\n  }\n}\n\n/**\n * XOF: streaming API to read digest in chunks.\n * Same as 'squeeze' in keccak/k12 and 'seek' in blake3, but more generic name.\n * When hash used in XOF mode it is up to user to call '.destroy' afterwards, since we cannot\n * destroy state, next call can require more bytes.\n */\nexport type HashXOF<T extends Hash<T>> = Hash<T> & {\n  xof(bytes: number): Uint8Array; // Read 'bytes' bytes from digest stream\n  xofInto(buf: Uint8Array): Uint8Array; // read buf.length bytes from digest stream into buf\n};\n\nconst toStr = {}.toString;\ntype EmptyObj = {};\nexport function checkOpts<T1 extends EmptyObj, T2 extends EmptyObj>(\n  defaults: T1,\n  opts?: T2\n): T1 & T2 {\n  if (opts !== undefined && toStr.call(opts) !== '[object Object]')\n    throw new Error('Options should be object or undefined');\n  const merged = Object.assign(defaults, opts);\n  return merged as T1 & T2;\n}\n\nexport type CHash = ReturnType<typeof wrapConstructor>;\n\nexport function wrapConstructor<T extends Hash<T>>(hashCons: () => Hash<T>) {\n  const hashC = (msg: Input): Uint8Array => hashCons().update(toBytes(msg)).digest();\n  const tmp = hashCons();\n  hashC.outputLen = tmp.outputLen;\n  hashC.blockLen = tmp.blockLen;\n  hashC.create = () => hashCons();\n  return hashC;\n}\n\nexport function wrapConstructorWithOpts<H extends Hash<H>, T extends Object>(\n  hashCons: (opts?: T) => Hash<H>\n) {\n  const hashC = (msg: Input, opts?: T): Uint8Array => hashCons(opts).update(toBytes(msg)).digest();\n  const tmp = hashCons({} as T);\n  hashC.outputLen = tmp.outputLen;\n  hashC.blockLen = tmp.blockLen;\n  hashC.create = (opts: T) => hashCons(opts);\n  return hashC;\n}\n\nexport function wrapXOFConstructorWithOpts<H extends HashXOF<H>, T extends Object>(\n  hashCons: (opts?: T) => HashXOF<H>\n) {\n  const hashC = (msg: Input, opts?: T): Uint8Array => hashCons(opts).update(toBytes(msg)).digest();\n  const tmp = hashCons({} as T);\n  hashC.outputLen = tmp.outputLen;\n  hashC.blockLen = tmp.blockLen;\n  hashC.create = (opts: T) => hashCons(opts);\n  return hashC;\n}\n\n/**\n * Secure PRNG. Uses `crypto.getRandomValues`, which defers to OS.\n */\nexport function randomBytes(bytesLength = 32): Uint8Array {\n  if (crypto && typeof crypto.getRandomValues === 'function') {\n    return crypto.getRandomValues(new Uint8Array(bytesLength));\n  }\n  throw new Error('crypto.getRandomValues must be defined');\n}\n", "import type { Jwk } from './jose/jwk.js';\n\nimport { crypto } from '@noble/hashes/crypto';\nimport { randomBytes as nobleRandomBytes } from '@noble/hashes/utils';\n\n/**\n * A collection of cryptographic utility methods.\n */\nexport class CryptoUtils {\n\n  /**\n   * Determines the JOSE algorithm identifier of the digital signature algorithm based on the `alg` or\n   * `crv` property of a {@link Jwk | JWK}.\n   *\n   * If the `alg` property is present, its value takes precedence and is returned. Otherwise, the\n   * `crv` property is used to determine the algorithm.\n   *\n   * @memberof CryptoUtils\n   * @see {@link https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms | JOSE Algorithms}\n   * @see {@link https://datatracker.ietf.org/doc/draft-ietf-jose-fully-specified-algorithms/ | Fully-Specified Algorithms for JOSE and COSE}\n   *\n   * @example\n   * ```ts\n   * const publicKey: Jwk = {\n   *   \"kty\": \"OKP\",\n   *   \"crv\": \"Ed25519\",\n   *   \"x\": \"FEJG7OakZi500EydXxuE8uMc8uaAzEJkmQeG8khXANw\"\n   * }\n   * const algorithm = getJoseSignatureAlgorithmFromPublicKey(publicKey);\n   * console.log(algorithm); // Output: \"EdDSA\"\n   * ```\n   * @param publicKey - A JWK containing the `alg` and/or `crv` properties.\n   * @returns The name of the algorithm associated with the key.\n   * @throws Error if the algorithm cannot be determined from the provided input.\n   */\n  static getJoseSignatureAlgorithmFromPublicKey(publicKey: Jwk): string {\n    const curveToJoseAlgorithm: Record<string, string> = {\n      'Ed25519'   : 'EdDSA',\n      'P-256'     : 'ES256',\n      'P-384'     : 'ES384',\n      'P-521'     : 'ES512',\n      'secp256k1' : 'ES256K',\n    };\n\n    // If the key contains an `alg` property that matches a JOSE registered algorithm identifier,\n    // return its value.\n    if (publicKey.alg && Object.values(curveToJoseAlgorithm).includes(publicKey.alg)) {\n      return publicKey.alg;\n    }\n\n    // If the key contains a `crv` property, return the corresponding algorithm.\n    if (publicKey.crv && Object.keys(curveToJoseAlgorithm).includes(publicKey.crv)) {\n      return curveToJoseAlgorithm[publicKey.crv];\n    }\n\n    throw new Error(\n      `Unable to determine algorithm based on provided input: alg=${publicKey.alg}, crv=${publicKey.crv}. ` +\n      `Supported 'alg' values: ${Object.values(curveToJoseAlgorithm).join(', ')}. ` +\n      `Supported 'crv' values: ${Object.keys(curveToJoseAlgorithm).join(', ')}.`\n    );\n  }\n\n  /**\n   * Generates secure pseudorandom values of the specified length using\n   * `crypto.getRandomValues`, which defers to the operating system.\n   *\n   * @memberof CryptoUtils\n   * @remarks\n   * This function is a wrapper around `randomBytes` from the '@noble/hashes'\n   * package. It's designed to be cryptographically strong, suitable for\n   * generating initialization vectors, nonces, and other random values.\n   *\n   * @see {@link https://www.npmjs.com/package/@noble/hashes | @noble/hashes on NPM} for more\n   * information about the underlying implementation.\n   *\n   * @example\n   * ```ts\n   * const bytes = randomBytes(32); // Generates 32 random bytes\n   * ```\n   *\n   * @param bytesLength - The number of bytes to generate.\n   * @returns A Uint8Array containing the generated random bytes.\n   */\n  static randomBytes(bytesLength: number): Uint8Array {\n    return nobleRandomBytes(bytesLength);\n  }\n\n  /**\n   * Generates a UUID (Universally Unique Identifier) using a\n   * cryptographically strong random number generator following\n   * the version 4 format, as specified in RFC 4122.\n   *\n   * A version 4 UUID is a randomly generated UUID. The 13th character\n   * is set to '4' to denote version 4, and the 17th character is one\n   * of '8', '9', 'A', or 'B' to comply with the variant 1 format of\n   * UUIDs (the high bits are set to '10').\n   *\n   * The UUID is a 36 character string, including hyphens, and looks like this:\n   * xxxxxxxx-xxxx-4xxx-axxx-xxxxxxxxxxxx\n   *\n   * Note that while UUIDs are not guaranteed to be unique, they are\n   * practically unique\" given the large number of possible UUIDs and\n   * the randomness of generation.\n   * @memberof CryptoUtils\n   * @example\n   * ```ts\n   * const uuid = randomUuid();\n   * console.log(uuid); // Outputs a version 4 UUID, e.g., '123e4567-e89b-12d3-a456-426655440000'\n   * ```\n   *\n   * @returns A string containing a randomly generated, 36 character long v4 UUID.\n   */\n  static randomUuid(): string {\n    const uuid = crypto.randomUUID();\n\n    return uuid;\n  }\n\n\n  /**\n   * Generates a secure random PIN (Personal Identification Number) of a\n   * specified length.\n   *\n   * This function ensures that the generated PIN is cryptographically secure and\n   * uniformly distributed by using rejection sampling. It repeatedly generates\n   * random numbers until it gets one in the desired range [0, max]. This avoids\n   * bias introduced by simply taking the modulus or truncating the number.\n   *\n   * Note: The function can generate PINs of 3 to 10 digits in length.\n   * Any request for a PIN outside this range will result in an error.\n   *\n   * Example usage:\n   *\n   * ```ts\n   * const pin = randomPin({ length: 4 });\n   * console.log(pin); // Outputs a 4-digit PIN, e.g., \"0231\"\n   * ```\n   * @memberof CryptoUtils\n   * @param options - The options object containing the desired length of the generated PIN.\n   * @param options.length - The desired length of the generated PIN. The value should be\n   *                         an integer between 3 and 8 inclusive.\n   *\n   * @returns A string representing the generated PIN. The PIN will be zero-padded\n   *          to match the specified length, if necessary.\n   *\n   * @throws Will throw an error if the requested PIN length is less than 3 or greater than 8.\n   */\n  static randomPin({ length }: { length: number }): string {\n    if (3 > length || length > 10) {\n      throw new Error('randomPin() can securely generate a PIN between 3 to 10 digits.');\n    }\n\n    const max = Math.pow(10, length) - 1;\n\n    let pin;\n\n    if (length <= 6) {\n      const rejectionRange = Math.pow(10, length);\n      do {\n        // Adjust the byte generation based on length.\n        const randomBuffer = CryptoUtils.randomBytes(Math.ceil(length / 2) ); // 2 digits per byte.\n        const view = new DataView(randomBuffer.buffer);\n        // Convert the buffer to integer and take modulus based on length.\n        pin = view.getUint16(0, false) % rejectionRange;\n      } while (pin > max);\n    } else {\n      const rejectionRange = Math.pow(10, 10); // For max 10 digit number.\n      do {\n      // Generates 4 random bytes.\n        const randomBuffer = CryptoUtils.randomBytes(4);\n        // Create a DataView to read from the randomBuffer.\n        const view = new DataView(randomBuffer.buffer);\n        // Transform bytes to number (big endian).\n        pin = view.getUint32(0, false) % rejectionRange;\n      } while (pin > max); // Reject if the number is outside the desired range.\n    }\n\n    // Pad the PIN with leading zeros to the desired length.\n    return pin.toString().padStart(length, '0');\n  }\n}\n"],
   "mappings": "AAGO,IAAMA,EACX,OAAO,YAAe,UAAY,WAAY,WAAa,WAAW,OAAS,OCkC1E,IAAMC,EAAO,IAAI,WAAW,IAAI,YAAY,CAAC,SAAU,CAAC,EAAE,MAAM,EAAE,CAAC,IAAM,GAoKhF,IAAMC,EAAQ,CAAA,EAAG,SAgDX,SAAUC,EAAYC,EAAc,GAAE,CAC1C,GAAIC,GAAU,OAAOA,EAAO,iBAAoB,WAC9C,OAAOA,EAAO,gBAAgB,IAAI,WAAWD,CAAW,CAAC,EAE3D,MAAM,IAAI,MAAM,wCAAwC,CAC1D,CCvPO,IAAME,EAAN,MAAMC,CAAY,CA2BvB,OAAO,uCAAuCC,EAAwB,CACpE,IAAMC,EAA+C,CACnD,QAAc,QACd,QAAc,QACd,QAAc,QACd,QAAc,QACd,UAAc,QAChB,EAIA,GAAID,EAAU,KAAO,OAAO,OAAOC,CAAoB,EAAE,SAASD,EAAU,GAAG,EAC7E,OAAOA,EAAU,IAInB,GAAIA,EAAU,KAAO,OAAO,KAAKC,CAAoB,EAAE,SAASD,EAAU,GAAG,EAC3E,OAAOC,EAAqBD,EAAU,GAAG,EAG3C,MAAM,IAAI,MACR,8DAA8DA,EAAU,GAAG,SAASA,EAAU,GAAG,6BACtE,OAAO,OAAOC,CAAoB,EAAE,KAAK,IAAI,CAAC,6BAC9C,OAAO,KAAKA,CAAoB,EAAE,KAAK,IAAI,CAAC,GACzE,CACF,CAuBA,OAAO,YAAYC,EAAiC,CAClD,OAAOC,EAAiBD,CAAW,CACrC,CA2BA,OAAO,YAAqB,CAG1B,OAFaE,EAAO,WAAW,CAGjC,CA+BA,OAAO,UAAU,CAAE,OAAAC,CAAO,EAA+B,CACvD,GAAI,EAAIA,GAAUA,EAAS,GACzB,MAAM,IAAI,MAAM,iEAAiE,EAGnF,IAAMC,EAAM,KAAK,IAAI,GAAID,CAAM,EAAI,EAE/BE,EAEJ,GAAIF,GAAU,EAAG,CACf,IAAMG,EAAiB,KAAK,IAAI,GAAIH,CAAM,EAC1C,EAAG,CAED,IAAMI,EAAeV,EAAY,YAAY,KAAK,KAAKM,EAAS,CAAC,CAAE,EAGnEE,EAFa,IAAI,SAASE,EAAa,MAAM,EAElC,UAAU,EAAG,EAAK,EAAID,CACnC,OAASD,EAAMD,EACjB,KAAO,CACL,IAAME,EAAiB,KAAK,IAAI,GAAI,EAAE,EACtC,EAAG,CAED,IAAMC,EAAeV,EAAY,YAAY,CAAC,EAI9CQ,EAFa,IAAI,SAASE,EAAa,MAAM,EAElC,UAAU,EAAG,EAAK,EAAID,CACnC,OAASD,EAAMD,EACjB,CAGA,OAAOC,EAAI,SAAS,EAAE,SAASF,EAAQ,GAAG,CAC5C,CACF",
   "names": ["crypto", "isLE", "toStr", "randomBytes", "bytesLength", "crypto", "CryptoUtils", "_CryptoUtils", "publicKey", "curveToJoseAlgorithm", "bytesLength", "randomBytes", "crypto", "length", "max", "pin", "rejectionRange", "randomBuffer"]
 }

package/package.json

@@ -1,11 +1,23 @@
 {
   "name": "@enbox/crypto",
-  "version": "0.0.2",
+  "version": "0.0.3",
   "description": "Web5 cryptographic library",
   "type": "module",
-  "main": "./dist/cjs/index.js",
+  "main": "./dist/esm/index.js",
   "module": "./dist/esm/index.js",
   "types": "./dist/types/index.d.ts",
+  "scripts": {
+    "clean": "rimraf dist",
+    "build:esm": "rimraf dist/esm dist/types && bun tsc -p tsconfig.json",
+    "build:browser": "rimraf dist/browser.mjs dist/browser.js && bun build/bundles.js",
+    "build:tests:browser": "rimraf tests/compiled && bun build/esbuild-tests.cjs",
+    "build": "bun run clean && bun run build:esm && bun run build:browser",
+    "lint": "eslint . --max-warnings 0",
+    "lint:fix": "eslint . --fix",
+    "test:node": "bun test tests/",
+    "test:node:coverage": "bun test --coverage --coverage-reporter=text --coverage-reporter=lcov --coverage-dir=coverage tests/",
+    "test:browser": "bun run build:tests:browser && bunx web-test-runner"
+  },
   "homepage": "https://github.com/enboxorg/enbox/tree/main/packages/crypto#readme",
   "bugs": "https://github.com/enboxorg/enbox/issues",
   "repository": {
@@ -15,6 +27,10 @@
   },
   "license": "Apache-2.0",
   "contributors": [
+    {
+      "name": "Liran Cohen",
+      "url": "https://github.com/LiranCohen"
+    },
     {
       "name": "Daniel Buchner",
       "url": "https://github.com/csuwildcat"
@@ -35,13 +51,9 @@
   "exports": {
     ".": {
       "types": "./dist/types/index.d.ts",
-      "import": "./dist/esm/index.js",
-      "require": "./dist/cjs/index.js"
+      "import": "./dist/esm/index.js"
     }
   },
-  "browser": {
-    "node:crypto": false
-  },
   "react-native": "./dist/esm/index.js",
   "keywords": [
     "cryptography",
@@ -53,51 +65,26 @@
     "access": "public"
   },
   "engines": {
-    "node": ">=18.0.0"
+    "bun": ">=1.0.0"
   },
   "dependencies": {
     "@noble/ciphers": "0.5.3",
     "@noble/curves": "1.3.0",
     "@noble/hashes": "1.4.0",
-    "@enbox/common": "0.0.2"
+    "@enbox/common": "0.0.3"
   },
   "devDependencies": {
     "@playwright/test": "1.45.3",
-    "@types/chai": "4.3.16",
-    "@types/chai-as-promised": "7.1.8",
-    "@types/eslint": "8.56.10",
-    "@types/mocha": "10.0.6",
     "@types/node": "20.14.8",
-    "@types/sinon": "17.0.3",
-    "@typescript-eslint/eslint-plugin": "7.14.1",
-    "@typescript-eslint/parser": "7.14.1",
+    "@typescript-eslint/eslint-plugin": "8.32.1",
+    "@typescript-eslint/parser": "8.32.1",
     "@web/test-runner": "0.18.2",
     "@web/test-runner-playwright": "0.11.0",
-    "c8": "10.1.2",
-    "chai": "5.1.1",
-    "chai-as-promised": "8.0.0",
     "esbuild": "0.23.0",
-    "eslint": "9.5.0",
-    "eslint-plugin-mocha": "10.4.3",
-    "mocha": "10.4.0",
-    "mocha-junit-reporter": "2.2.1",
+    "eslint": "9.7.0",
     "playwright": "1.45.3",
     "rimraf": "5.0.7",
-    "sinon": "18.0.0",
     "source-map-loader": "5.0.0",
-    "typescript": "5.4.5"
-  },
-  "scripts": {
-    "clean": "rimraf dist tests/compiled",
-    "build:esm": "rimraf dist/esm dist/types && pnpm tsc -p tsconfig.json",
-    "build:cjs": "rimraf dist/cjs && pnpm tsc -p tsconfig.cjs.json && echo '{\"type\": \"commonjs\"}' > ./dist/cjs/package.json",
-    "build:browser": "rimraf dist/browser.mjs dist/browser.js && node build/bundles.js",
-    "build:tests:node": "rimraf tests/compiled && pnpm tsc -p tests/tsconfig.json",
-    "build:tests:browser": "rimraf tests/compiled && node build/esbuild-tests.cjs",
-    "build": "pnpm clean && pnpm build:esm && pnpm build:cjs && pnpm build:browser",
-    "lint": "eslint . --max-warnings 0",
-    "lint:fix": "eslint . --fix",
-    "test:node": "pnpm build:tests:node && pnpm c8 mocha",
-    "test:browser": "pnpm build:tests:browser && web-test-runner"
+    "typescript": "5.5.4"
   }
-}
+}

package/src/algorithms/aes-ctr.ts

@@ -1,5 +1,5 @@
-import type { Jwk } from '../jose/jwk.js';
 import type { Cipher } from '../types/cipher.js';
+import type { Jwk } from '../jose/jwk.js';
 import type { KeyGenerator } from '../types/key-generator.js';
 import type { DecryptParams, EncryptParams, GenerateKeyParams } from '../types/params-direct.js';
 

package/src/algorithms/aes-gcm.ts

@@ -1,10 +1,11 @@
-import type { Jwk } from '../jose/jwk.js';
+import type { AES_GCM_TAG_LENGTHS } from '../primitives/aes-gcm.js';
 import type { Cipher } from '../types/cipher.js';
+import type { Jwk } from '../jose/jwk.js';
 import type { KeyGenerator } from '../types/key-generator.js';
 import type { DecryptParams, EncryptParams, GenerateKeyParams } from '../types/params-direct.js';
 
+import { AesGcm } from '../primitives/aes-gcm.js';
 import { CryptoAlgorithm } from './crypto-algorithm.js';
-import { AesGcm, AES_GCM_TAG_LENGTHS } from '../primitives/aes-gcm.js';
 
 /**
  * The `AesGcmGenerateKeyParams` interface defines the algorithm-specific parameters that should be