@f0rest8/metamorphic-crypto 0.9.0 → 0.10.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/metamorphic_crypto.d.ts +18 -2
- package/metamorphic_crypto.js +49 -0
- package/metamorphic_crypto_bg.wasm +0 -0
- package/package.json +1 -1
package/metamorphic_crypto.d.ts
CHANGED
|
@@ -173,6 +173,21 @@ export function generateSigningKeyPair(level: string): any;
|
|
|
173
173
|
*/
|
|
174
174
|
export function generateSigningKeyPairSuite(suite: string, level: string): any;
|
|
175
175
|
|
|
176
|
+
/**
|
|
177
|
+
* HKDF-SHA512 (RFC 5869) extract-then-expand over base64-encoded inputs.
|
|
178
|
+
*
|
|
179
|
+
* Derives `length` bytes of output keying material and returns it as base64.
|
|
180
|
+
* `salt_b64` and `ikm_b64` are base64; `info` is a UTF-8 context label (bound
|
|
181
|
+
* into Expand for domain separation). An empty `salt_b64` means "not provided"
|
|
182
|
+
* (HashLen zero bytes, RFC 5869 §2.2).
|
|
183
|
+
*
|
|
184
|
+
* Byte-for-byte identical to `metamorphic_crypto::hkdf::hkdf_sha512` (native /
|
|
185
|
+
* Elixir NIF) and to `@noble/hashes` / WebCrypto HKDF-SHA-512 for the same
|
|
186
|
+
* inputs — the guarantee that a wrapping key derived in the browser matches
|
|
187
|
+
* one derived anywhere else.
|
|
188
|
+
*/
|
|
189
|
+
export function hkdfSha512(salt_b64: string, ikm_b64: string, info: string, length: number): string;
|
|
190
|
+
|
|
176
191
|
/**
|
|
177
192
|
* HMAC-SHA256 of base64 `msg` under base64 `key`. Returns the 32-byte tag as
|
|
178
193
|
* base64. Any key length is accepted (RFC 2104).
|
|
@@ -315,6 +330,7 @@ export interface InitOutput {
|
|
|
315
330
|
readonly parseSaltFromKeyHash: (a: number, b: number, c: number) => void;
|
|
316
331
|
readonly sha3_512: (a: number, b: number, c: number) => void;
|
|
317
332
|
readonly sha3_512WithContext: (a: number, b: number, c: number, d: number, e: number) => void;
|
|
333
|
+
readonly hkdfSha512: (a: number, b: number, c: number, d: number, e: number, f: number, g: number, h: number) => void;
|
|
318
334
|
readonly sha3_256: (a: number, b: number, c: number) => void;
|
|
319
335
|
readonly sha256: (a: number, b: number, c: number) => void;
|
|
320
336
|
readonly sha512: (a: number, b: number, c: number) => void;
|
|
@@ -334,10 +350,10 @@ export interface InitOutput {
|
|
|
334
350
|
readonly ecvrfP256Prove: (a: number, b: number, c: number, d: number, e: number) => void;
|
|
335
351
|
readonly ecvrfP256Verify: (a: number, b: number, c: number, d: number, e: number, f: number, g: number) => void;
|
|
336
352
|
readonly ecvrfP256ProofToHash: (a: number, b: number, c: number) => void;
|
|
337
|
-
readonly
|
|
353
|
+
readonly encryptPrivateKeyForRecovery: (a: number, b: number, c: number, d: number, e: number) => void;
|
|
338
354
|
readonly decryptSecretboxToString: (a: number, b: number, c: number, d: number, e: number) => void;
|
|
339
355
|
readonly encryptSecretboxString: (a: number, b: number, c: number, d: number, e: number) => void;
|
|
340
|
-
readonly
|
|
356
|
+
readonly decryptPrivateKeyWithRecovery: (a: number, b: number, c: number, d: number, e: number) => void;
|
|
341
357
|
readonly __wbindgen_export: (a: number, b: number) => number;
|
|
342
358
|
readonly __wbindgen_export2: (a: number, b: number, c: number, d: number) => number;
|
|
343
359
|
readonly __wbindgen_export3: (a: number) => void;
|
package/metamorphic_crypto.js
CHANGED
|
@@ -891,6 +891,55 @@ export function generateSigningKeyPairSuite(suite, level) {
|
|
|
891
891
|
}
|
|
892
892
|
}
|
|
893
893
|
|
|
894
|
+
/**
|
|
895
|
+
* HKDF-SHA512 (RFC 5869) extract-then-expand over base64-encoded inputs.
|
|
896
|
+
*
|
|
897
|
+
* Derives `length` bytes of output keying material and returns it as base64.
|
|
898
|
+
* `salt_b64` and `ikm_b64` are base64; `info` is a UTF-8 context label (bound
|
|
899
|
+
* into Expand for domain separation). An empty `salt_b64` means "not provided"
|
|
900
|
+
* (HashLen zero bytes, RFC 5869 §2.2).
|
|
901
|
+
*
|
|
902
|
+
* Byte-for-byte identical to `metamorphic_crypto::hkdf::hkdf_sha512` (native /
|
|
903
|
+
* Elixir NIF) and to `@noble/hashes` / WebCrypto HKDF-SHA-512 for the same
|
|
904
|
+
* inputs — the guarantee that a wrapping key derived in the browser matches
|
|
905
|
+
* one derived anywhere else.
|
|
906
|
+
* @param {string} salt_b64
|
|
907
|
+
* @param {string} ikm_b64
|
|
908
|
+
* @param {string} info
|
|
909
|
+
* @param {number} length
|
|
910
|
+
* @returns {string}
|
|
911
|
+
*/
|
|
912
|
+
export function hkdfSha512(salt_b64, ikm_b64, info, length) {
|
|
913
|
+
let deferred5_0;
|
|
914
|
+
let deferred5_1;
|
|
915
|
+
try {
|
|
916
|
+
const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
|
|
917
|
+
const ptr0 = passStringToWasm0(salt_b64, wasm.__wbindgen_export, wasm.__wbindgen_export2);
|
|
918
|
+
const len0 = WASM_VECTOR_LEN;
|
|
919
|
+
const ptr1 = passStringToWasm0(ikm_b64, wasm.__wbindgen_export, wasm.__wbindgen_export2);
|
|
920
|
+
const len1 = WASM_VECTOR_LEN;
|
|
921
|
+
const ptr2 = passStringToWasm0(info, wasm.__wbindgen_export, wasm.__wbindgen_export2);
|
|
922
|
+
const len2 = WASM_VECTOR_LEN;
|
|
923
|
+
wasm.hkdfSha512(retptr, ptr0, len0, ptr1, len1, ptr2, len2, length);
|
|
924
|
+
var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
|
|
925
|
+
var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
|
|
926
|
+
var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
|
|
927
|
+
var r3 = getDataViewMemory0().getInt32(retptr + 4 * 3, true);
|
|
928
|
+
var ptr4 = r0;
|
|
929
|
+
var len4 = r1;
|
|
930
|
+
if (r3) {
|
|
931
|
+
ptr4 = 0; len4 = 0;
|
|
932
|
+
throw takeObject(r2);
|
|
933
|
+
}
|
|
934
|
+
deferred5_0 = ptr4;
|
|
935
|
+
deferred5_1 = len4;
|
|
936
|
+
return getStringFromWasm0(ptr4, len4);
|
|
937
|
+
} finally {
|
|
938
|
+
wasm.__wbindgen_add_to_stack_pointer(16);
|
|
939
|
+
wasm.__wbindgen_export4(deferred5_0, deferred5_1, 1);
|
|
940
|
+
}
|
|
941
|
+
}
|
|
942
|
+
|
|
894
943
|
/**
|
|
895
944
|
* HMAC-SHA256 of base64 `msg` under base64 `key`. Returns the 32-byte tag as
|
|
896
945
|
* base64. Any key length is accepted (RFC 2104).
|
|
Binary file
|
package/package.json
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
"name": "@f0rest8/metamorphic-crypto",
|
|
3
3
|
"type": "module",
|
|
4
4
|
"description": "Zero-knowledge end-to-end encryption with post-quantum hybrid KEM (ML-KEM + X25519) and an opt-in CNSA 2.0 suite axis (matched-strength hybrid + pure ML-KEM-1024 / ML-DSA-87 / AES-256-GCM)",
|
|
5
|
-
"version": "0.
|
|
5
|
+
"version": "0.10.1",
|
|
6
6
|
"license": "MIT OR Apache-2.0",
|
|
7
7
|
"repository": {
|
|
8
8
|
"type": "git",
|