@hippius/hcfs-client-wasm 0.1.2

package/hcfs_client_wasm.d.ts

@@ -0,0 +1,209 @@
+/* tslint:disable */
+/* eslint-disable */
+
+/**
+ * Opaque wrapper around a sensitive byte buffer.
+ *
+ * The buffer is stored in [`Zeroizing`] and scrubbed on drop (or when JS
+ * calls `free()`). Prefer passing `SecretBytes` to other WASM APIs rather
+ * than calling [`Self::expose`], since any `Uint8Array` copy on the JS
+ * side cannot be reliably zeroed.
+ *
+ * # Invariant
+ *
+ * The inner `Vec<u8>` is never mutated after construction. The handle
+ * constructs at exact capacity (no reallocation), which avoids the
+ * `Zeroize for Vec<u8>` pitfall where a realloc frees the old heap
+ * buffer without scrubbing it.
+ */
+export class SecretBytes {
+    free(): void;
+    [Symbol.dispose](): void;
+    /**
+     * Copy the bytes out as a `Uint8Array`.
+     *
+     * The caller is responsible for zeroing the returned buffer when it
+     * is no longer needed. The internal copy inside this handle remains
+     * zeroized-on-drop.
+     *
+     * Note that wasm-bindgen's generated trampoline takes ownership of
+     * the returned `Vec<u8>` and drops it after marshaling to JS — that
+     * final drop is outside our control and does not scrub. To minimize
+     * the unscrubbed window, callers should process the returned
+     * `Uint8Array` immediately and call `fill(0)` on it when done.
+     */
+    expose(): Uint8Array;
+    /**
+     * Wrap a byte buffer in a zeroize-on-drop handle.
+     *
+     * Useful from JS when a caller already has key material (e.g.,
+     * previously derived and cached across workers) and wants to hand it
+     * back into a WASM decrypt call without going through `expose`.
+     */
+    constructor(bytes: Uint8Array);
+    /**
+     * Length of the underlying secret in bytes.
+     */
+    readonly length: number;
+}
+
+/**
+ * Opaque wrapper around a sensitive UTF-8 string (mnemonics, etc.).
+ *
+ * Internally stored as `Zeroizing<Vec<u8>>` — UTF-8 validated on
+ * construction, exposed on access. Using a `Vec<u8>` (rather than
+ * `String`) makes it harder to accidentally introduce mutation that
+ * would realloc and leak the old buffer.
+ *
+ * # Invariant
+ *
+ * The inner Vec is never mutated after construction. Any future change
+ * that mutates a `SecretString`'s inner bytes MUST ensure no
+ * reallocation occurs (reserve exact capacity up-front).
+ */
+export class SecretString {
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    /**
+     * Copy the string out to JS.
+     *
+     * The returned JS string lives on the V8 heap and cannot be zeroed.
+     * Minimize retention: decode, act, discard. For the most
+     * security-conscious callers, prefer [`Self::expose_bytes`] and
+     * decode via `TextDecoder`, then `fill(0)` the underlying byte
+     * buffer before any copy is made.
+     *
+     * Inherent limitation: wasm-bindgen's generated trampoline takes
+     * ownership of the returned `String` and drops it after marshaling
+     * to the JS heap. That final drop is outside our control and does
+     * not scrub. The Rust-side window is a single function call frame.
+     */
+    expose(): string;
+    /**
+     * Copy the underlying UTF-8 bytes out as a `Uint8Array`.
+     *
+     * Prefer this over [`Self::expose`] when the caller wants the
+     * option to `fill(0)` the bytes in JS before they become an
+     * immutable JS string. Decode in JS with `new TextDecoder().decode(bytes)`.
+     */
+    expose_bytes(): Uint8Array;
+    /**
+     * Length of the underlying secret in bytes (UTF-8 byte length, not
+     * Unicode scalar count).
+     */
+    readonly length: number;
+}
+
+/**
+ * Derive a 32-byte key from a passphrase and salt using Argon2id.
+ *
+ * Exposed separately so the browser can perform the KDF step independently
+ * (e.g. to show a progress indicator while the KDF runs). Parameters are
+ * enforced against the OWASP 2023 minimum (see [`MIN_ARGON2_MEMORY_KIB`]).
+ */
+export function argon2id_derive(passphrase: string, salt: Uint8Array, memory_kib: number, time_cost: number, parallelism: number): SecretBytes;
+
+/**
+ * Decrypt a single HCFS file chunk using XChaCha20-Poly1305.
+ *
+ * The ciphertext includes the 16-byte Poly1305 auth tag appended at the end
+ * (same wire format as `hcfs-client` streaming encryption).
+ *
+ * - `key`: 32-byte encryption key (opaque handle)
+ * - `base_nonce`: 24-byte base nonce (from the file header)
+ * - `chunk_index`: 0-based chunk index (used to derive per-chunk nonce)
+ * - `ciphertext`: chunk ciphertext including the trailing 16-byte auth tag
+ *
+ * Returns the decrypted plaintext as a `Uint8Array`. On authentication
+ * failure the intermediate plaintext buffer is zeroized before the error
+ * returns.
+ */
+export function decrypt_file_chunk(key: SecretBytes, base_nonce: Uint8Array, chunk_index: number, ciphertext: Uint8Array): Uint8Array;
+
+/**
+ * Derive a 32-byte per-folder encryption key from a master mnemonic and label.
+ *
+ * Chain: master → seed → SHA256(seed[..32] || label) → folder mnemonic → folder seed[..32].
+ */
+export function derive_file_key(master_mnemonic: string, label: string): SecretBytes;
+
+/**
+ * Derive a folder-specific mnemonic from a master mnemonic and folder label.
+ *
+ * Algorithm: `SHA256(master_seed[..32] || label)` → 32-byte entropy → 24-word mnemonic.
+ */
+export function derive_folder_mnemonic(master: string, label: string): SecretString;
+
+/**
+ * Convert a BIP-39 mnemonic phrase to a 64-byte seed.
+ *
+ * Uses an empty passphrase for deterministic derivation (same as the
+ * native client). Returns a [`SecretBytes`] handle.
+ */
+export function mnemonic_to_seed(phrase: string): SecretBytes;
+
+/**
+ * Decrypt a sealed mnemonic blob using a passphrase.
+ *
+ * `blob_json` is the JSON string of the `SealedBlob` (same shape as returned
+ * by `GET /v1/mnemonic-blob`). `passphrase` is the user's passphrase.
+ * `expected_ss58` is the SS58 address the caller believes owns this blob —
+ * it is used as the AEAD associated data. If the blob was sealed under a
+ * different SS58, the AEAD tag check will fail, preventing blob-swap attacks.
+ *
+ * KDF parameters carried inside the blob are validated against the same
+ * OWASP floor as [`argon2id_derive`]; a server that advertises weak params
+ * is rejected rather than trusted.
+ *
+ * Returns the decrypted mnemonic phrase as a [`SecretString`] handle.
+ */
+export function open_mnemonic_blob(blob_json: string, passphrase: string, expected_ss58: string): SecretString;
+
+export type InitInput = RequestInfo | URL | Response | BufferSource | WebAssembly.Module;
+
+export interface InitOutput {
+    readonly memory: WebAssembly.Memory;
+    readonly __wbg_secretbytes_free: (a: number, b: number) => void;
+    readonly __wbg_secretstring_free: (a: number, b: number) => void;
+    readonly argon2id_derive: (a: number, b: number, c: number, d: number, e: number, f: number, g: number) => [number, number, number];
+    readonly decrypt_file_chunk: (a: number, b: number, c: number, d: number, e: number, f: number) => [number, number, number, number];
+    readonly derive_file_key: (a: number, b: number, c: number, d: number) => [number, number, number];
+    readonly derive_folder_mnemonic: (a: number, b: number, c: number, d: number) => [number, number, number];
+    readonly mnemonic_to_seed: (a: number, b: number) => [number, number, number];
+    readonly open_mnemonic_blob: (a: number, b: number, c: number, d: number, e: number, f: number) => [number, number, number];
+    readonly secretbytes_expose: (a: number) => [number, number];
+    readonly secretbytes_length: (a: number) => number;
+    readonly secretbytes_new: (a: number, b: number) => number;
+    readonly secretstring_expose: (a: number) => [number, number];
+    readonly secretstring_expose_bytes: (a: number) => [number, number];
+    readonly secretstring_length: (a: number) => number;
+    readonly __wbindgen_externrefs: WebAssembly.Table;
+    readonly __wbindgen_malloc: (a: number, b: number) => number;
+    readonly __wbindgen_realloc: (a: number, b: number, c: number, d: number) => number;
+    readonly __externref_table_dealloc: (a: number) => void;
+    readonly __wbindgen_free: (a: number, b: number, c: number) => void;
+    readonly __wbindgen_start: () => void;
+}
+
+export type SyncInitInput = BufferSource | WebAssembly.Module;
+
+/**
+ * Instantiates the given `module`, which can either be bytes or
+ * a precompiled `WebAssembly.Module`.
+ *
+ * @param {{ module: SyncInitInput }} module - Passing `SyncInitInput` directly is deprecated.
+ *
+ * @returns {InitOutput}
+ */
+export function initSync(module: { module: SyncInitInput } | SyncInitInput): InitOutput;
+
+/**
+ * If `module_or_path` is {RequestInfo} or {URL}, makes a request and
+ * for everything else, calls `WebAssembly.instantiate` directly.
+ *
+ * @param {{ module_or_path: InitInput | Promise<InitInput> }} module_or_path - Passing `InitInput` directly is deprecated.
+ *
+ * @returns {Promise<InitOutput>}
+ */
+export default function __wbg_init (module_or_path?: { module_or_path: InitInput | Promise<InitInput> } | InitInput | Promise<InitInput>): Promise<InitOutput>;

package/hcfs_client_wasm.js

@@ -0,0 +1,545 @@
+/* @ts-self-types="./hcfs_client_wasm.d.ts" */
+
+/**
+ * Opaque wrapper around a sensitive byte buffer.
+ *
+ * The buffer is stored in [`Zeroizing`] and scrubbed on drop (or when JS
+ * calls `free()`). Prefer passing `SecretBytes` to other WASM APIs rather
+ * than calling [`Self::expose`], since any `Uint8Array` copy on the JS
+ * side cannot be reliably zeroed.
+ *
+ * # Invariant
+ *
+ * The inner `Vec<u8>` is never mutated after construction. The handle
+ * constructs at exact capacity (no reallocation), which avoids the
+ * `Zeroize for Vec<u8>` pitfall where a realloc frees the old heap
+ * buffer without scrubbing it.
+ */
+export class SecretBytes {
+    static __wrap(ptr) {
+        ptr = ptr >>> 0;
+        const obj = Object.create(SecretBytes.prototype);
+        obj.__wbg_ptr = ptr;
+        SecretBytesFinalization.register(obj, obj.__wbg_ptr, obj);
+        return obj;
+    }
+    __destroy_into_raw() {
+        const ptr = this.__wbg_ptr;
+        this.__wbg_ptr = 0;
+        SecretBytesFinalization.unregister(this);
+        return ptr;
+    }
+    free() {
+        const ptr = this.__destroy_into_raw();
+        wasm.__wbg_secretbytes_free(ptr, 0);
+    }
+    /**
+     * Copy the bytes out as a `Uint8Array`.
+     *
+     * The caller is responsible for zeroing the returned buffer when it
+     * is no longer needed. The internal copy inside this handle remains
+     * zeroized-on-drop.
+     *
+     * Note that wasm-bindgen's generated trampoline takes ownership of
+     * the returned `Vec<u8>` and drops it after marshaling to JS — that
+     * final drop is outside our control and does not scrub. To minimize
+     * the unscrubbed window, callers should process the returned
+     * `Uint8Array` immediately and call `fill(0)` on it when done.
+     * @returns {Uint8Array}
+     */
+    expose() {
+        const ret = wasm.secretbytes_expose(this.__wbg_ptr);
+        var v1 = getArrayU8FromWasm0(ret[0], ret[1]).slice();
+        wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);
+        return v1;
+    }
+    /**
+     * Length of the underlying secret in bytes.
+     * @returns {number}
+     */
+    get length() {
+        const ret = wasm.secretbytes_length(this.__wbg_ptr);
+        return ret >>> 0;
+    }
+    /**
+     * Wrap a byte buffer in a zeroize-on-drop handle.
+     *
+     * Useful from JS when a caller already has key material (e.g.,
+     * previously derived and cached across workers) and wants to hand it
+     * back into a WASM decrypt call without going through `expose`.
+     * @param {Uint8Array} bytes
+     */
+    constructor(bytes) {
+        const ptr0 = passArray8ToWasm0(bytes, wasm.__wbindgen_malloc);
+        const len0 = WASM_VECTOR_LEN;
+        const ret = wasm.secretbytes_new(ptr0, len0);
+        this.__wbg_ptr = ret >>> 0;
+        SecretBytesFinalization.register(this, this.__wbg_ptr, this);
+        return this;
+    }
+}
+if (Symbol.dispose) SecretBytes.prototype[Symbol.dispose] = SecretBytes.prototype.free;
+
+/**
+ * Opaque wrapper around a sensitive UTF-8 string (mnemonics, etc.).
+ *
+ * Internally stored as `Zeroizing<Vec<u8>>` — UTF-8 validated on
+ * construction, exposed on access. Using a `Vec<u8>` (rather than
+ * `String`) makes it harder to accidentally introduce mutation that
+ * would realloc and leak the old buffer.
+ *
+ * # Invariant
+ *
+ * The inner Vec is never mutated after construction. Any future change
+ * that mutates a `SecretString`'s inner bytes MUST ensure no
+ * reallocation occurs (reserve exact capacity up-front).
+ */
+export class SecretString {
+    static __wrap(ptr) {
+        ptr = ptr >>> 0;
+        const obj = Object.create(SecretString.prototype);
+        obj.__wbg_ptr = ptr;
+        SecretStringFinalization.register(obj, obj.__wbg_ptr, obj);
+        return obj;
+    }
+    __destroy_into_raw() {
+        const ptr = this.__wbg_ptr;
+        this.__wbg_ptr = 0;
+        SecretStringFinalization.unregister(this);
+        return ptr;
+    }
+    free() {
+        const ptr = this.__destroy_into_raw();
+        wasm.__wbg_secretstring_free(ptr, 0);
+    }
+    /**
+     * Copy the string out to JS.
+     *
+     * The returned JS string lives on the V8 heap and cannot be zeroed.
+     * Minimize retention: decode, act, discard. For the most
+     * security-conscious callers, prefer [`Self::expose_bytes`] and
+     * decode via `TextDecoder`, then `fill(0)` the underlying byte
+     * buffer before any copy is made.
+     *
+     * Inherent limitation: wasm-bindgen's generated trampoline takes
+     * ownership of the returned `String` and drops it after marshaling
+     * to the JS heap. That final drop is outside our control and does
+     * not scrub. The Rust-side window is a single function call frame.
+     * @returns {string}
+     */
+    expose() {
+        let deferred1_0;
+        let deferred1_1;
+        try {
+            const ret = wasm.secretstring_expose(this.__wbg_ptr);
+            deferred1_0 = ret[0];
+            deferred1_1 = ret[1];
+            return getStringFromWasm0(ret[0], ret[1]);
+        } finally {
+            wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);
+        }
+    }
+    /**
+     * Copy the underlying UTF-8 bytes out as a `Uint8Array`.
+     *
+     * Prefer this over [`Self::expose`] when the caller wants the
+     * option to `fill(0)` the bytes in JS before they become an
+     * immutable JS string. Decode in JS with `new TextDecoder().decode(bytes)`.
+     * @returns {Uint8Array}
+     */
+    expose_bytes() {
+        const ret = wasm.secretstring_expose_bytes(this.__wbg_ptr);
+        var v1 = getArrayU8FromWasm0(ret[0], ret[1]).slice();
+        wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);
+        return v1;
+    }
+    /**
+     * Length of the underlying secret in bytes (UTF-8 byte length, not
+     * Unicode scalar count).
+     * @returns {number}
+     */
+    get length() {
+        const ret = wasm.secretbytes_length(this.__wbg_ptr);
+        return ret >>> 0;
+    }
+}
+if (Symbol.dispose) SecretString.prototype[Symbol.dispose] = SecretString.prototype.free;
+
+/**
+ * Derive a 32-byte key from a passphrase and salt using Argon2id.
+ *
+ * Exposed separately so the browser can perform the KDF step independently
+ * (e.g. to show a progress indicator while the KDF runs). Parameters are
+ * enforced against the OWASP 2023 minimum (see [`MIN_ARGON2_MEMORY_KIB`]).
+ * @param {string} passphrase
+ * @param {Uint8Array} salt
+ * @param {number} memory_kib
+ * @param {number} time_cost
+ * @param {number} parallelism
+ * @returns {SecretBytes}
+ */
+export function argon2id_derive(passphrase, salt, memory_kib, time_cost, parallelism) {
+    const ptr0 = passStringToWasm0(passphrase, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len0 = WASM_VECTOR_LEN;
+    const ptr1 = passArray8ToWasm0(salt, wasm.__wbindgen_malloc);
+    const len1 = WASM_VECTOR_LEN;
+    const ret = wasm.argon2id_derive(ptr0, len0, ptr1, len1, memory_kib, time_cost, parallelism);
+    if (ret[2]) {
+        throw takeFromExternrefTable0(ret[1]);
+    }
+    return SecretBytes.__wrap(ret[0]);
+}
+
+/**
+ * Decrypt a single HCFS file chunk using XChaCha20-Poly1305.
+ *
+ * The ciphertext includes the 16-byte Poly1305 auth tag appended at the end
+ * (same wire format as `hcfs-client` streaming encryption).
+ *
+ * - `key`: 32-byte encryption key (opaque handle)
+ * - `base_nonce`: 24-byte base nonce (from the file header)
+ * - `chunk_index`: 0-based chunk index (used to derive per-chunk nonce)
+ * - `ciphertext`: chunk ciphertext including the trailing 16-byte auth tag
+ *
+ * Returns the decrypted plaintext as a `Uint8Array`. On authentication
+ * failure the intermediate plaintext buffer is zeroized before the error
+ * returns.
+ * @param {SecretBytes} key
+ * @param {Uint8Array} base_nonce
+ * @param {number} chunk_index
+ * @param {Uint8Array} ciphertext
+ * @returns {Uint8Array}
+ */
+export function decrypt_file_chunk(key, base_nonce, chunk_index, ciphertext) {
+    _assertClass(key, SecretBytes);
+    const ptr0 = passArray8ToWasm0(base_nonce, wasm.__wbindgen_malloc);
+    const len0 = WASM_VECTOR_LEN;
+    const ptr1 = passArray8ToWasm0(ciphertext, wasm.__wbindgen_malloc);
+    const len1 = WASM_VECTOR_LEN;
+    const ret = wasm.decrypt_file_chunk(key.__wbg_ptr, ptr0, len0, chunk_index, ptr1, len1);
+    if (ret[3]) {
+        throw takeFromExternrefTable0(ret[2]);
+    }
+    var v3 = getArrayU8FromWasm0(ret[0], ret[1]).slice();
+    wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);
+    return v3;
+}
+
+/**
+ * Derive a 32-byte per-folder encryption key from a master mnemonic and label.
+ *
+ * Chain: master → seed → SHA256(seed[..32] || label) → folder mnemonic → folder seed[..32].
+ * @param {string} master_mnemonic
+ * @param {string} label
+ * @returns {SecretBytes}
+ */
+export function derive_file_key(master_mnemonic, label) {
+    const ptr0 = passStringToWasm0(master_mnemonic, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len0 = WASM_VECTOR_LEN;
+    const ptr1 = passStringToWasm0(label, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len1 = WASM_VECTOR_LEN;
+    const ret = wasm.derive_file_key(ptr0, len0, ptr1, len1);
+    if (ret[2]) {
+        throw takeFromExternrefTable0(ret[1]);
+    }
+    return SecretBytes.__wrap(ret[0]);
+}
+
+/**
+ * Derive a folder-specific mnemonic from a master mnemonic and folder label.
+ *
+ * Algorithm: `SHA256(master_seed[..32] || label)` → 32-byte entropy → 24-word mnemonic.
+ * @param {string} master
+ * @param {string} label
+ * @returns {SecretString}
+ */
+export function derive_folder_mnemonic(master, label) {
+    const ptr0 = passStringToWasm0(master, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len0 = WASM_VECTOR_LEN;
+    const ptr1 = passStringToWasm0(label, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len1 = WASM_VECTOR_LEN;
+    const ret = wasm.derive_folder_mnemonic(ptr0, len0, ptr1, len1);
+    if (ret[2]) {
+        throw takeFromExternrefTable0(ret[1]);
+    }
+    return SecretString.__wrap(ret[0]);
+}
+
+/**
+ * Convert a BIP-39 mnemonic phrase to a 64-byte seed.
+ *
+ * Uses an empty passphrase for deterministic derivation (same as the
+ * native client). Returns a [`SecretBytes`] handle.
+ * @param {string} phrase
+ * @returns {SecretBytes}
+ */
+export function mnemonic_to_seed(phrase) {
+    const ptr0 = passStringToWasm0(phrase, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len0 = WASM_VECTOR_LEN;
+    const ret = wasm.mnemonic_to_seed(ptr0, len0);
+    if (ret[2]) {
+        throw takeFromExternrefTable0(ret[1]);
+    }
+    return SecretBytes.__wrap(ret[0]);
+}
+
+/**
+ * Decrypt a sealed mnemonic blob using a passphrase.
+ *
+ * `blob_json` is the JSON string of the `SealedBlob` (same shape as returned
+ * by `GET /v1/mnemonic-blob`). `passphrase` is the user's passphrase.
+ * `expected_ss58` is the SS58 address the caller believes owns this blob —
+ * it is used as the AEAD associated data. If the blob was sealed under a
+ * different SS58, the AEAD tag check will fail, preventing blob-swap attacks.
+ *
+ * KDF parameters carried inside the blob are validated against the same
+ * OWASP floor as [`argon2id_derive`]; a server that advertises weak params
+ * is rejected rather than trusted.
+ *
+ * Returns the decrypted mnemonic phrase as a [`SecretString`] handle.
+ * @param {string} blob_json
+ * @param {string} passphrase
+ * @param {string} expected_ss58
+ * @returns {SecretString}
+ */
+export function open_mnemonic_blob(blob_json, passphrase, expected_ss58) {
+    const ptr0 = passStringToWasm0(blob_json, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len0 = WASM_VECTOR_LEN;
+    const ptr1 = passStringToWasm0(passphrase, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len1 = WASM_VECTOR_LEN;
+    const ptr2 = passStringToWasm0(expected_ss58, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len2 = WASM_VECTOR_LEN;
+    const ret = wasm.open_mnemonic_blob(ptr0, len0, ptr1, len1, ptr2, len2);
+    if (ret[2]) {
+        throw takeFromExternrefTable0(ret[1]);
+    }
+    return SecretString.__wrap(ret[0]);
+}
+
+function __wbg_get_imports() {
+    const import0 = {
+        __proto__: null,
+        __wbg_Error_8c4e43fe74559d73: function(arg0, arg1) {
+            const ret = Error(getStringFromWasm0(arg0, arg1));
+            return ret;
+        },
+        __wbg___wbindgen_throw_be289d5034ed271b: function(arg0, arg1) {
+            throw new Error(getStringFromWasm0(arg0, arg1));
+        },
+        __wbindgen_init_externref_table: function() {
+            const table = wasm.__wbindgen_externrefs;
+            const offset = table.grow(4);
+            table.set(0, undefined);
+            table.set(offset + 0, undefined);
+            table.set(offset + 1, null);
+            table.set(offset + 2, true);
+            table.set(offset + 3, false);
+        },
+    };
+    return {
+        __proto__: null,
+        "./hcfs_client_wasm_bg.js": import0,
+    };
+}
+
+const SecretBytesFinalization = (typeof FinalizationRegistry === 'undefined')
+    ? { register: () => {}, unregister: () => {} }
+    : new FinalizationRegistry(ptr => wasm.__wbg_secretbytes_free(ptr >>> 0, 1));
+const SecretStringFinalization = (typeof FinalizationRegistry === 'undefined')
+    ? { register: () => {}, unregister: () => {} }
+    : new FinalizationRegistry(ptr => wasm.__wbg_secretstring_free(ptr >>> 0, 1));
+
+function _assertClass(instance, klass) {
+    if (!(instance instanceof klass)) {
+        throw new Error(`expected instance of ${klass.name}`);
+    }
+}
+
+function getArrayU8FromWasm0(ptr, len) {
+    ptr = ptr >>> 0;
+    return getUint8ArrayMemory0().subarray(ptr / 1, ptr / 1 + len);
+}
+
+function getStringFromWasm0(ptr, len) {
+    ptr = ptr >>> 0;
+    return decodeText(ptr, len);
+}
+
+let cachedUint8ArrayMemory0 = null;
+function getUint8ArrayMemory0() {
+    if (cachedUint8ArrayMemory0 === null || cachedUint8ArrayMemory0.byteLength === 0) {
+        cachedUint8ArrayMemory0 = new Uint8Array(wasm.memory.buffer);
+    }
+    return cachedUint8ArrayMemory0;
+}
+
+function passArray8ToWasm0(arg, malloc) {
+    const ptr = malloc(arg.length * 1, 1) >>> 0;
+    getUint8ArrayMemory0().set(arg, ptr / 1);
+    WASM_VECTOR_LEN = arg.length;
+    return ptr;
+}
+
+function passStringToWasm0(arg, malloc, realloc) {
+    if (realloc === undefined) {
+        const buf = cachedTextEncoder.encode(arg);
+        const ptr = malloc(buf.length, 1) >>> 0;
+        getUint8ArrayMemory0().subarray(ptr, ptr + buf.length).set(buf);
+        WASM_VECTOR_LEN = buf.length;
+        return ptr;
+    }
+
+    let len = arg.length;
+    let ptr = malloc(len, 1) >>> 0;
+
+    const mem = getUint8ArrayMemory0();
+
+    let offset = 0;
+
+    for (; offset < len; offset++) {
+        const code = arg.charCodeAt(offset);
+        if (code > 0x7F) break;
+        mem[ptr + offset] = code;
+    }
+    if (offset !== len) {
+        if (offset !== 0) {
+            arg = arg.slice(offset);
+        }
+        ptr = realloc(ptr, len, len = offset + arg.length * 3, 1) >>> 0;
+        const view = getUint8ArrayMemory0().subarray(ptr + offset, ptr + len);
+        const ret = cachedTextEncoder.encodeInto(arg, view);
+
+        offset += ret.written;
+        ptr = realloc(ptr, len, offset, 1) >>> 0;
+    }
+
+    WASM_VECTOR_LEN = offset;
+    return ptr;
+}
+
+function takeFromExternrefTable0(idx) {
+    const value = wasm.__wbindgen_externrefs.get(idx);
+    wasm.__externref_table_dealloc(idx);
+    return value;
+}
+
+let cachedTextDecoder = new TextDecoder('utf-8', { ignoreBOM: true, fatal: true });
+cachedTextDecoder.decode();
+const MAX_SAFARI_DECODE_BYTES = 2146435072;
+let numBytesDecoded = 0;
+function decodeText(ptr, len) {
+    numBytesDecoded += len;
+    if (numBytesDecoded >= MAX_SAFARI_DECODE_BYTES) {
+        cachedTextDecoder = new TextDecoder('utf-8', { ignoreBOM: true, fatal: true });
+        cachedTextDecoder.decode();
+        numBytesDecoded = len;
+    }
+    return cachedTextDecoder.decode(getUint8ArrayMemory0().subarray(ptr, ptr + len));
+}
+
+const cachedTextEncoder = new TextEncoder();
+
+if (!('encodeInto' in cachedTextEncoder)) {
+    cachedTextEncoder.encodeInto = function (arg, view) {
+        const buf = cachedTextEncoder.encode(arg);
+        view.set(buf);
+        return {
+            read: arg.length,
+            written: buf.length
+        };
+    };
+}
+
+let WASM_VECTOR_LEN = 0;
+
+let wasmModule, wasm;
+function __wbg_finalize_init(instance, module) {
+    wasm = instance.exports;
+    wasmModule = module;
+    cachedUint8ArrayMemory0 = null;
+    wasm.__wbindgen_start();
+    return wasm;
+}
+
+async function __wbg_load(module, imports) {
+    if (typeof Response === 'function' && module instanceof Response) {
+        if (typeof WebAssembly.instantiateStreaming === 'function') {
+            try {
+                return await WebAssembly.instantiateStreaming(module, imports);
+            } catch (e) {
+                const validResponse = module.ok && expectedResponseType(module.type);
+
+                if (validResponse && module.headers.get('Content-Type') !== 'application/wasm') {
+                    console.warn("`WebAssembly.instantiateStreaming` failed because your server does not serve Wasm with `application/wasm` MIME type. Falling back to `WebAssembly.instantiate` which is slower. Original error:\n", e);
+
+                } else { throw e; }
+            }
+        }
+
+        const bytes = await module.arrayBuffer();
+        return await WebAssembly.instantiate(bytes, imports);
+    } else {
+        const instance = await WebAssembly.instantiate(module, imports);
+
+        if (instance instanceof WebAssembly.Instance) {
+            return { instance, module };
+        } else {
+            return instance;
+        }
+    }
+
+    function expectedResponseType(type) {
+        switch (type) {
+            case 'basic': case 'cors': case 'default': return true;
+        }
+        return false;
+    }
+}
+
+function initSync(module) {
+    if (wasm !== undefined) return wasm;
+
+
+    if (module !== undefined) {
+        if (Object.getPrototypeOf(module) === Object.prototype) {
+            ({module} = module)
+        } else {
+            console.warn('using deprecated parameters for `initSync()`; pass a single object instead')
+        }
+    }
+
+    const imports = __wbg_get_imports();
+    if (!(module instanceof WebAssembly.Module)) {
+        module = new WebAssembly.Module(module);
+    }
+    const instance = new WebAssembly.Instance(module, imports);
+    return __wbg_finalize_init(instance, module);
+}
+
+async function __wbg_init(module_or_path) {
+    if (wasm !== undefined) return wasm;
+
+
+    if (module_or_path !== undefined) {
+        if (Object.getPrototypeOf(module_or_path) === Object.prototype) {
+            ({module_or_path} = module_or_path)
+        } else {
+            console.warn('using deprecated parameters for the initialization function; pass a single object instead')
+        }
+    }
+
+    if (module_or_path === undefined) {
+        module_or_path = new URL('hcfs_client_wasm_bg.wasm', import.meta.url);
+    }
+    const imports = __wbg_get_imports();
+
+    if (typeof module_or_path === 'string' || (typeof Request === 'function' && module_or_path instanceof Request) || (typeof URL === 'function' && module_or_path instanceof URL)) {
+        module_or_path = fetch(module_or_path);
+    }
+
+    const { instance, module } = await __wbg_load(await module_or_path, imports);
+
+    return __wbg_finalize_init(instance, module);
+}
+
+export { initSync, __wbg_init as default };

package/package.json

@@ -0,0 +1,16 @@
+{
+  "name": "@hippius/hcfs-client-wasm",
+  "type": "module",
+  "description": "HCFS cryptographic primitives compiled to WebAssembly for browser use",
+  "version": "0.1.2",
+  "files": [
+    "hcfs_client_wasm_bg.wasm",
+    "hcfs_client_wasm.js",
+    "hcfs_client_wasm.d.ts"
+  ],
+  "main": "hcfs_client_wasm.js",
+  "types": "hcfs_client_wasm.d.ts",
+  "sideEffects": [
+    "./snippets/*"
+  ]
+}