@lindorm/aes 0.1.3 → 0.3.0

package/dist/utils/private/decode-aes-string.js

@@ -1,11 +1,12 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports._decodeAesString = void 0;
+const format_1 = require("../../constants/private/format");
 const errors_1 = require("../../errors");
-const regex = /(?<key>[a-z]+)=(?<value>.+)/g;
+const regex = /(?<key>[a-z0-9]+)=(?<value>.+)/g;
 const _decodeAesString = (data) => {
-    const [_, alg, array, content] = data.split("$");
-    const algorithm = alg;
+    const [_, enc, array, content] = data.split("$");
+    const encryption = enc;
     const items = array.split(",");
     const values = {};
     for (const item of items) {
@@ -17,21 +18,23 @@ const _decodeAesString = (data) => {
         }
         values[match.groups.key] = match.groups.value;
     }
-    const { cek, crv: curve, eka, f, ih, iv, kid, tag, v, x, y, kty: keyType } = values;
+    const { v, kid, alg, iv, tag, hks, p2c, p2s, pei, pek, pet, crv: curve, kty: keyType, x, y, } = values;
     const crv = curve;
-    const format = f;
     const kty = keyType;
     return {
-        encryption: algorithm,
-        authTag: tag ? Buffer.from(tag, format) : undefined,
-        content: Buffer.from(content, format),
-        encryptionKeyAlgorithm: eka,
-        format,
-        integrityHash: ih,
-        initialisationVector: Buffer.from(iv, format),
-        keyId: kid ? Buffer.from(kid, format) : undefined,
-        publicEncryptionJwk: crv && x && y && kty ? { crv, x, y, kty } : undefined,
-        publicEncryptionKey: cek ? Buffer.from(cek, format) : undefined,
+        authTag: Buffer.from(tag, format_1._B64U),
+        content: Buffer.from(content, format_1._B64U),
+        encryption: encryption,
+        algorithm: alg,
+        hkdfSalt: hks ? Buffer.from(hks, format_1._B64U) : undefined,
+        initialisationVector: Buffer.from(iv, format_1._B64U),
+        keyId: Buffer.from(kid, format_1._B64U),
+        pbkdfIterations: p2c ? parseInt(p2c, 10) : undefined,
+        pbkdfSalt: p2s ? Buffer.from(p2s, format_1._B64U) : undefined,
+        publicEncryptionJwk: crv && x && kty ? { crv, x, y, kty } : undefined,
+        publicEncryptionIv: pei ? Buffer.from(pei, format_1._B64U) : undefined,
+        publicEncryptionKey: pek ? Buffer.from(pek, format_1._B64U) : undefined,
+        publicEncryptionTag: pet ? Buffer.from(pet, format_1._B64U) : undefined,
         version: parseInt(v, 10),
     };
 };

package/dist/utils/private/decode-aes-string.js.map

@@ -1 +1 @@
-{"version":3,"file":"decode-aes-string.js","sourceRoot":"","sources":["../../../src/utils/private/decode-aes-string.ts"],"names":[],"mappings":";;;AACA,yCAAwC;AASxC,MAAM,KAAK,GAAG,8BAA8B,CAAC;AAEtC,MAAM,gBAAgB,GAAG,CAAC,IAAY,EAAqB,EAAE;IAClE,MAAM,CAAC,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAEjD,MAAM,SAAS,GAAG,GAAiB,CAAC;IACpC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,MAAM,MAAM,GAA2B,EAAE,CAAC;IAE1C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAE3C,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;YACjD,MAAM,IAAI,iBAAQ,CAAC,2BAA2B,EAAE;gBAC9C,KAAK,EAAE,EAAE,IAAI,EAAE;aAChB,CAAC,CAAC;QACL,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC;IAChD,CAAC;IAED,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,MAAM,CAAC;IACpF,MAAM,GAAG,GAAG,KAAqB,CAAC;IAClC,MAAM,MAAM,GAAG,CAAiB,CAAC;IACjC,MAAM,GAAG,GAAG,OAAe,CAAC;IAE5B,OAAO;QACL,UAAU,EAAE,SAAS;QACrB,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS;QACnD,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC;QACrC,sBAAsB,EAAE,GAA6B;QACrD,MAAM;QACN,aAAa,EAAE,EAAmB;QAClC,oBAAoB,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC;QAC7C,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS;QACjD,mBAAmB,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,SAAS;QAC1E,mBAAmB,EAAE,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS;QAC/D,OAAO,EAAE,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC;KACzB,CAAC;AACJ,CAAC,CAAC;AArCW,QAAA,gBAAgB,oBAqC3B"}
+{"version":3,"file":"decode-aes-string.js","sourceRoot":"","sources":["../../../src/utils/private/decode-aes-string.ts"],"names":[],"mappings":";;;AACA,2DAAuD;AACvD,yCAAwC;AAIxC,MAAM,KAAK,GAAG,iCAAiC,CAAC;AAEzC,MAAM,gBAAgB,GAAG,CAAC,IAAY,EAAqB,EAAE;IAClE,MAAM,CAAC,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAEjD,MAAM,UAAU,GAAG,GAAwB,CAAC;IAC5C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,MAAM,MAAM,GAA2B,EAAE,CAAC;IAE1C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAE3C,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;YACjD,MAAM,IAAI,iBAAQ,CAAC,2BAA2B,EAAE;gBAC9C,KAAK,EAAE,EAAE,IAAI,EAAE;aAChB,CAAC,CAAC;QACL,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC;IAChD,CAAC;IAED,MAAM,EACJ,CAAC,EACD,GAAG,EAGH,GAAG,EACH,EAAE,EACF,GAAG,EAGH,GAAG,EACH,GAAG,EACH,GAAG,EAGH,GAAG,EACH,GAAG,EACH,GAAG,EAGH,GAAG,EAAE,KAAK,EACV,GAAG,EAAE,OAAO,EACZ,CAAC,EACD,CAAC,GACF,GAAG,MAAoC,CAAC;IAEzC,MAAM,GAAG,GAAG,KAAqB,CAAC;IAClC,MAAM,GAAG,GAAG,OAAuB,CAAC;IAEpC,OAAO;QACL,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,cAAK,CAAC;QAChC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,cAAK,CAAC;QACpC,UAAU,EAAE,UAAU;QACtB,SAAS,EAAE,GAAuB;QAClC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,cAAK,CAAC,CAAC,CAAC,CAAC,SAAS;QACnD,oBAAoB,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,cAAK,CAAC;QAC5C,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,cAAK,CAAC;QAC9B,eAAe,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS;QACpD,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,cAAK,CAAC,CAAC,CAAC,CAAC,SAAS;QACpD,mBAAmB,EAAE,GAAG,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,SAAS;QACrE,kBAAkB,EAAE,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,cAAK,CAAC,CAAC,CAAC,CAAC,SAAS;QAC7D,mBAAmB,EAAE,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,cAAK,CAAC,CAAC,CAAC,CAAC,SAAS;QAC9D,mBAAmB,EAAE,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,cAAK,CAAC,CAAC,CAAC,CAAC,SAAS;QAC9D,OAAO,EAAE,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC;KACzB,CAAC;AACJ,CAAC,CAAC;AAhEW,QAAA,gBAAgB,oBAgE3B"}

package/dist/utils/private/diffie-hellman/diffie-hellman-key-wrap.d.ts

@@ -0,0 +1,4 @@
+import { CreateCekOptions, CreateCekResult, DecryptCekOptions, DecryptCekResult } from "../../../types/private";
+export declare const _getDiffieHellmanKeyWrapEncryptionKey: ({ encryption, kryptos, }: CreateCekOptions) => CreateCekResult;
+export declare const _getDiffieHellmanKeyWrapDecryptionKey: ({ hkdfSalt, kryptos, publicEncryptionJwk, publicEncryptionIv, publicEncryptionKey, publicEncryptionTag, }: DecryptCekOptions) => DecryptCekResult;
+//# sourceMappingURL=diffie-hellman-key-wrap.d.ts.map

package/dist/utils/private/diffie-hellman/diffie-hellman-key-wrap.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"diffie-hellman-key-wrap.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/diffie-hellman/diffie-hellman-key-wrap.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,wBAAwB,CAAC;AAOhC,eAAO,MAAM,qCAAqC,6BAG/C,gBAAgB,KAAG,eAyBrB,CAAC;AAEF,eAAO,MAAM,qCAAqC,8GAO/C,iBAAiB,KAAG,gBAoBtB,CAAC"}

package/dist/utils/private/diffie-hellman/diffie-hellman-key-wrap.js

@@ -0,0 +1,53 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._getDiffieHellmanKeyWrapDecryptionKey = exports._getDiffieHellmanKeyWrapEncryptionKey = void 0;
+const crypto_1 = require("crypto");
+const errors_1 = require("../../../errors");
+const calculate_content_encryption_key_size_1 = require("../calculate/calculate-content-encryption-key-size");
+const calculate_key_wrap_size_1 = require("../calculate/calculate-key-wrap-size");
+const hkdf_1 = require("../key-derivation/hkdf");
+const key_wrap_1 = require("../key-wrap/key-wrap");
+const shared_secret_1 = require("./shared-secret");
+const _getDiffieHellmanKeyWrapEncryptionKey = ({ encryption, kryptos, }) => {
+    const { publicEncryptionJwk, sharedSecret } = (0, shared_secret_1._generateSharedSecret)(kryptos);
+    const cekSize = (0, calculate_content_encryption_key_size_1._calculateContentEncryptionKeySize)(encryption);
+    const contentEncryptionKey = (0, crypto_1.randomBytes)(cekSize);
+    const { derivedKey, hkdfSalt } = (0, hkdf_1._hkdf)({
+        derivationKey: sharedSecret,
+        keyLength: (0, calculate_key_wrap_size_1._calculateKeyWrapSize)(kryptos.algorithm),
+    });
+    const { publicEncryptionKey, publicEncryptionIv, publicEncryptionTag } = (0, key_wrap_1._keyWrap)({
+        contentEncryptionKey,
+        kryptos,
+        keyEncryptionKey: derivedKey,
+    });
+    return {
+        contentEncryptionKey,
+        hkdfSalt,
+        publicEncryptionJwk,
+        publicEncryptionKey,
+        publicEncryptionIv,
+        publicEncryptionTag,
+    };
+};
+exports._getDiffieHellmanKeyWrapEncryptionKey = _getDiffieHellmanKeyWrapEncryptionKey;
+const _getDiffieHellmanKeyWrapDecryptionKey = ({ hkdfSalt, kryptos, publicEncryptionJwk, publicEncryptionIv, publicEncryptionKey, publicEncryptionTag, }) => {
+    if (!publicEncryptionKey) {
+        throw new errors_1.AesError("Missing publicEncryptionKey");
+    }
+    const sharedSecret = (0, shared_secret_1._calculateSharedSecret)({ kryptos, publicEncryptionJwk });
+    const { derivedKey } = (0, hkdf_1._hkdf)({
+        derivationKey: sharedSecret,
+        hkdfSalt,
+        keyLength: (0, calculate_key_wrap_size_1._calculateKeyWrapSize)(kryptos.algorithm),
+    });
+    return (0, key_wrap_1._keyUnwrap)({
+        keyEncryptionKey: derivedKey,
+        kryptos,
+        publicEncryptionIv,
+        publicEncryptionKey,
+        publicEncryptionTag,
+    });
+};
+exports._getDiffieHellmanKeyWrapDecryptionKey = _getDiffieHellmanKeyWrapDecryptionKey;
+//# sourceMappingURL=diffie-hellman-key-wrap.js.map

package/dist/utils/private/diffie-hellman/diffie-hellman-key-wrap.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"diffie-hellman-key-wrap.js","sourceRoot":"","sources":["../../../../src/utils/private/diffie-hellman/diffie-hellman-key-wrap.ts"],"names":[],"mappings":";;;AAAA,mCAAqC;AACrC,4CAA2C;AAO3C,8GAAwG;AACxG,kFAA6E;AAC7E,iDAA+C;AAC/C,mDAA4D;AAC5D,mDAAgF;AAEzE,MAAM,qCAAqC,GAAG,CAAC,EACpD,UAAU,EACV,OAAO,GACU,EAAmB,EAAE;IACtC,MAAM,EAAE,mBAAmB,EAAE,YAAY,EAAE,GAAG,IAAA,qCAAqB,EAAC,OAAO,CAAC,CAAC;IAE7E,MAAM,OAAO,GAAG,IAAA,0EAAkC,EAAC,UAAU,CAAC,CAAC;IAC/D,MAAM,oBAAoB,GAAG,IAAA,oBAAW,EAAC,OAAO,CAAC,CAAC;IAElD,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,IAAA,YAAK,EAAC;QACrC,aAAa,EAAE,YAAY;QAC3B,SAAS,EAAE,IAAA,+CAAqB,EAAC,OAAO,CAAC,SAAS,CAAC;KACpD,CAAC,CAAC;IAEH,MAAM,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,GAAG,IAAA,mBAAQ,EAAC;QAChF,oBAAoB;QACpB,OAAO;QACP,gBAAgB,EAAE,UAAU;KAC7B,CAAC,CAAC;IAEH,OAAO;QACL,oBAAoB;QACpB,QAAQ;QACR,mBAAmB;QACnB,mBAAmB;QACnB,kBAAkB;QAClB,mBAAmB;KACpB,CAAC;AACJ,CAAC,CAAC;AA5BW,QAAA,qCAAqC,yCA4BhD;AAEK,MAAM,qCAAqC,GAAG,CAAC,EACpD,QAAQ,EACR,OAAO,EACP,mBAAmB,EACnB,kBAAkB,EAClB,mBAAmB,EACnB,mBAAmB,GACD,EAAoB,EAAE;IACxC,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,MAAM,IAAI,iBAAQ,CAAC,6BAA6B,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,YAAY,GAAG,IAAA,sCAAsB,EAAC,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IAE9E,MAAM,EAAE,UAAU,EAAE,GAAG,IAAA,YAAK,EAAC;QAC3B,aAAa,EAAE,YAAY;QAC3B,QAAQ;QACR,SAAS,EAAE,IAAA,+CAAqB,EAAC,OAAO,CAAC,SAAS,CAAC;KACpD,CAAC,CAAC;IAEH,OAAO,IAAA,qBAAU,EAAC;QAChB,gBAAgB,EAAE,UAAU;QAC5B,OAAO;QACP,kBAAkB;QAClB,mBAAmB;QACnB,mBAAmB;KACpB,CAAC,CAAC;AACL,CAAC,CAAC;AA3BW,QAAA,qCAAqC,yCA2BhD"}

package/dist/utils/private/diffie-hellman/diffie-hellman.d.ts

@@ -0,0 +1,4 @@
+import { CreateCekOptions, CreateCekResult, DecryptCekOptions, DecryptCekResult } from "../../../types/private";
+export declare const _getDiffieHellmanEncryptionKey: ({ encryption, kryptos, }: CreateCekOptions) => CreateCekResult;
+export declare const _getDiffieHellmanDecryptionKey: ({ encryption, hkdfSalt, kryptos, publicEncryptionJwk, }: DecryptCekOptions) => DecryptCekResult;
+//# sourceMappingURL=diffie-hellman.d.ts.map

package/dist/utils/private/diffie-hellman/diffie-hellman.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"diffie-hellman.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/diffie-hellman/diffie-hellman.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,wBAAwB,CAAC;AAKhC,eAAO,MAAM,8BAA8B,6BAGxC,gBAAgB,KAAG,eAcrB,CAAC;AAEF,eAAO,MAAM,8BAA8B,4DAKxC,iBAAiB,KAAG,gBAkBtB,CAAC"}

package/dist/utils/private/diffie-hellman/diffie-hellman.js

@@ -0,0 +1,40 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._getDiffieHellmanDecryptionKey = exports._getDiffieHellmanEncryptionKey = void 0;
+const kryptos_1 = require("@lindorm/kryptos");
+const errors_1 = require("../../../errors");
+const calculate_content_encryption_key_size_1 = require("../calculate/calculate-content-encryption-key-size");
+const hkdf_1 = require("../key-derivation/hkdf");
+const shared_secret_1 = require("./shared-secret");
+const _getDiffieHellmanEncryptionKey = ({ encryption, kryptos, }) => {
+    const { publicEncryptionJwk, sharedSecret } = (0, shared_secret_1._generateSharedSecret)(kryptos);
+    const keyLength = (0, calculate_content_encryption_key_size_1._calculateContentEncryptionKeySize)(encryption);
+    const { derivedKey, hkdfSalt } = (0, hkdf_1._hkdf)({
+        derivationKey: sharedSecret,
+        keyLength,
+    });
+    return {
+        contentEncryptionKey: derivedKey,
+        hkdfSalt,
+        publicEncryptionJwk,
+    };
+};
+exports._getDiffieHellmanEncryptionKey = _getDiffieHellmanEncryptionKey;
+const _getDiffieHellmanDecryptionKey = ({ encryption, hkdfSalt, kryptos, publicEncryptionJwk, }) => {
+    if (!kryptos_1.Kryptos.isEc(kryptos) && !kryptos_1.Kryptos.isOkp(kryptos)) {
+        throw new errors_1.AesError("Invalid kryptos type");
+    }
+    if (!publicEncryptionJwk) {
+        throw new errors_1.AesError("Missing publicEncryptionJwk");
+    }
+    const sharedSecret = (0, shared_secret_1._calculateSharedSecret)({ kryptos, publicEncryptionJwk });
+    const keyLength = (0, calculate_content_encryption_key_size_1._calculateContentEncryptionKeySize)(encryption);
+    const { derivedKey } = (0, hkdf_1._hkdf)({
+        derivationKey: sharedSecret,
+        hkdfSalt,
+        keyLength,
+    });
+    return { contentEncryptionKey: derivedKey };
+};
+exports._getDiffieHellmanDecryptionKey = _getDiffieHellmanDecryptionKey;
+//# sourceMappingURL=diffie-hellman.js.map

package/dist/utils/private/diffie-hellman/diffie-hellman.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"diffie-hellman.js","sourceRoot":"","sources":["../../../../src/utils/private/diffie-hellman/diffie-hellman.ts"],"names":[],"mappings":";;;AAAA,8CAA2C;AAC3C,4CAA2C;AAO3C,8GAAwG;AACxG,iDAA+C;AAC/C,mDAAgF;AAEzE,MAAM,8BAA8B,GAAG,CAAC,EAC7C,UAAU,EACV,OAAO,GACU,EAAmB,EAAE;IACtC,MAAM,EAAE,mBAAmB,EAAE,YAAY,EAAE,GAAG,IAAA,qCAAqB,EAAC,OAAO,CAAC,CAAC;IAC7E,MAAM,SAAS,GAAG,IAAA,0EAAkC,EAAC,UAAU,CAAC,CAAC;IAEjE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,IAAA,YAAK,EAAC;QACrC,aAAa,EAAE,YAAY;QAC3B,SAAS;KACV,CAAC,CAAC;IAEH,OAAO;QACL,oBAAoB,EAAE,UAAU;QAChC,QAAQ;QACR,mBAAmB;KACpB,CAAC;AACJ,CAAC,CAAC;AAjBW,QAAA,8BAA8B,kCAiBzC;AAEK,MAAM,8BAA8B,GAAG,CAAC,EAC7C,UAAU,EACV,QAAQ,EACR,OAAO,EACP,mBAAmB,GACD,EAAoB,EAAE;IACxC,IAAI,CAAC,iBAAO,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,iBAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QACtD,MAAM,IAAI,iBAAQ,CAAC,sBAAsB,CAAC,CAAC;IAC7C,CAAC;IACD,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,MAAM,IAAI,iBAAQ,CAAC,6BAA6B,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,YAAY,GAAG,IAAA,sCAAsB,EAAC,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IAC9E,MAAM,SAAS,GAAG,IAAA,0EAAkC,EAAC,UAAU,CAAC,CAAC;IAEjE,MAAM,EAAE,UAAU,EAAE,GAAG,IAAA,YAAK,EAAC;QAC3B,aAAa,EAAE,YAAY;QAC3B,QAAQ;QACR,SAAS;KACV,CAAC,CAAC;IAEH,OAAO,EAAE,oBAAoB,EAAE,UAAU,EAAE,CAAC;AAC9C,CAAC,CAAC;AAvBW,QAAA,8BAA8B,kCAuBzC"}

package/dist/utils/private/diffie-hellman/shared-secret.d.ts

@@ -0,0 +1,13 @@
+/// <reference types="node" />
+import { IKryptos } from "@lindorm/kryptos";
+import { PublicEncryptionJwk } from "../../../types";
+import { DecryptCekOptions } from "../../../types/private";
+type GenerateResult = {
+    publicEncryptionJwk: PublicEncryptionJwk;
+    sharedSecret: Buffer;
+};
+type CalculateSharedSecretOptions = Pick<DecryptCekOptions, "kryptos" | "publicEncryptionJwk">;
+export declare const _generateSharedSecret: (kryptos: IKryptos) => GenerateResult;
+export declare const _calculateSharedSecret: ({ kryptos, publicEncryptionJwk, }: CalculateSharedSecretOptions) => Buffer;
+export {};
+//# sourceMappingURL=shared-secret.d.ts.map

package/dist/utils/private/diffie-hellman/shared-secret.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"shared-secret.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/diffie-hellman/shared-secret.ts"],"names":[],"mappings":";AAAA,OAAO,EAAE,QAAQ,EAAW,MAAM,kBAAkB,CAAC;AAGrD,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D,KAAK,cAAc,GAAG;IACpB,mBAAmB,EAAE,mBAAmB,CAAC;IACzC,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,KAAK,4BAA4B,GAAG,IAAI,CACtC,iBAAiB,EACjB,SAAS,GAAG,qBAAqB,CAClC,CAAC;AAeF,eAAO,MAAM,qBAAqB,YAAa,QAAQ,KAAG,cA4BzD,CAAC;AAEF,eAAO,MAAM,sBAAsB,sCAGhC,4BAA4B,KAAG,MAyBjC,CAAC"}

package/dist/utils/private/diffie-hellman/shared-secret.js

@@ -0,0 +1,68 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._calculateSharedSecret = exports._generateSharedSecret = void 0;
+const kryptos_1 = require("@lindorm/kryptos");
+const crypto_1 = require("crypto");
+const errors_1 = require("../../../errors");
+const _generateKryptos = (kryptos) => {
+    if (!kryptos_1.Kryptos.isEc(kryptos) && !kryptos_1.Kryptos.isOkp(kryptos)) {
+        throw new errors_1.AesError("Invalid kryptos type");
+    }
+    return kryptos_1.Kryptos.generate({
+        algorithm: kryptos.algorithm,
+        curve: kryptos.curve,
+        type: kryptos.type,
+        use: "enc",
+    });
+};
+const _generateSharedSecret = (kryptos) => {
+    const pek = _generateKryptos(kryptos);
+    const der = kryptos.export("der");
+    const sender = pek.export("der");
+    if (!sender.privateKey) {
+        throw new errors_1.AesError("Sender private key is missing");
+    }
+    const sharedSecret = (0, crypto_1.diffieHellman)({
+        privateKey: (0, crypto_1.createPrivateKey)({
+            key: sender.privateKey,
+            format: "der",
+            type: "pkcs8",
+        }),
+        publicKey: (0, crypto_1.createPublicKey)({
+            key: der.publicKey,
+            format: "der",
+            type: "spki",
+        }),
+    });
+    const { crv, kty, x, y } = pek.export("jwk");
+    return {
+        publicEncryptionJwk: { crv, kty, x, y },
+        sharedSecret,
+    };
+};
+exports._generateSharedSecret = _generateSharedSecret;
+const _calculateSharedSecret = ({ kryptos, publicEncryptionJwk, }) => {
+    if (!publicEncryptionJwk) {
+        throw new errors_1.AesError("Missing publicEncryptionJwk");
+    }
+    const pek = kryptos_1.Kryptos.from("jwk", { alg: "ECDH-ES", use: "enc", ...publicEncryptionJwk });
+    const der = kryptos.export("der");
+    const receiver = pek.export("der");
+    if (!der.privateKey) {
+        throw new errors_1.AesError("Kryptos private key is missing");
+    }
+    return (0, crypto_1.diffieHellman)({
+        privateKey: (0, crypto_1.createPrivateKey)({
+            key: der.privateKey,
+            format: "der",
+            type: "pkcs8",
+        }),
+        publicKey: (0, crypto_1.createPublicKey)({
+            key: receiver.publicKey,
+            format: "der",
+            type: "spki",
+        }),
+    });
+};
+exports._calculateSharedSecret = _calculateSharedSecret;
+//# sourceMappingURL=shared-secret.js.map

package/dist/utils/private/diffie-hellman/shared-secret.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"shared-secret.js","sourceRoot":"","sources":["../../../../src/utils/private/diffie-hellman/shared-secret.ts"],"names":[],"mappings":";;;AAAA,8CAAqD;AACrD,mCAA0E;AAC1E,4CAA2C;AAc3C,MAAM,gBAAgB,GAAG,CAAC,OAAiB,EAAY,EAAE;IACvD,IAAI,CAAC,iBAAO,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,iBAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QACtD,MAAM,IAAI,iBAAQ,CAAC,sBAAsB,CAAC,CAAC;IAC7C,CAAC;IAED,OAAO,iBAAO,CAAC,QAAQ,CAAC;QACtB,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,GAAG,EAAE,KAAK;KACJ,CAAC,CAAC;AACZ,CAAC,CAAC;AAEK,MAAM,qBAAqB,GAAG,CAAC,OAAiB,EAAkB,EAAE;IACzE,MAAM,GAAG,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAClC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAEjC,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QACvB,MAAM,IAAI,iBAAQ,CAAC,+BAA+B,CAAC,CAAC;IACtD,CAAC;IAED,MAAM,YAAY,GAAG,IAAA,sBAAa,EAAC;QACjC,UAAU,EAAE,IAAA,yBAAgB,EAAC;YAC3B,GAAG,EAAE,MAAM,CAAC,UAAU;YACtB,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,OAAO;SACd,CAAC;QACF,SAAS,EAAE,IAAA,wBAAe,EAAC;YACzB,GAAG,EAAE,GAAG,CAAC,SAAS;YAClB,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,MAAM;SACb,CAAC;KACH,CAAC,CAAC;IAEH,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAE7C,OAAO;QACL,mBAAmB,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE;QACvC,YAAY;KACb,CAAC;AACJ,CAAC,CAAC;AA5BW,QAAA,qBAAqB,yBA4BhC;AAEK,MAAM,sBAAsB,GAAG,CAAC,EACrC,OAAO,EACP,mBAAmB,GACU,EAAU,EAAE;IACzC,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,MAAM,IAAI,iBAAQ,CAAC,6BAA6B,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,GAAG,GAAG,iBAAO,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,mBAAmB,EAAE,CAAC,CAAC;IACxF,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAClC,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAEnC,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC;QACpB,MAAM,IAAI,iBAAQ,CAAC,gCAAgC,CAAC,CAAC;IACvD,CAAC;IAED,OAAO,IAAA,sBAAa,EAAC;QACnB,UAAU,EAAE,IAAA,yBAAgB,EAAC;YAC3B,GAAG,EAAE,GAAG,CAAC,UAAU;YACnB,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,OAAO;SACd,CAAC;QACF,SAAS,EAAE,IAAA,wBAAe,EAAC;YACzB,GAAG,EAAE,QAAQ,CAAC,SAAS;YACvB,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,MAAM;SACb,CAAC;KACH,CAAC,CAAC;AACL,CAAC,CAAC;AA5BW,QAAA,sBAAsB,0BA4BjC"}

package/dist/utils/private/encode-aes-string.d.ts

@@ -1,3 +1,3 @@
 import { AesEncryptionData } from "../../types";
-export declare const _encodeAesString: ({ encryption: algorithm, authTag, content, encryptionKeyAlgorithm, format, initialisationVector, integrityHash, keyId, publicEncryptionJwk, publicEncryptionKey, version, }: AesEncryptionData) => string;
+export declare const _encodeAesString: ({ algorithm, authTag, content, encryption, hkdfSalt, initialisationVector, keyId, pbkdfIterations, pbkdfSalt, publicEncryptionIv, publicEncryptionJwk, publicEncryptionKey, publicEncryptionTag, version, }: AesEncryptionData) => string;
 //# sourceMappingURL=encode-aes-string.d.ts.map

package/dist/utils/private/encode-aes-string.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"encode-aes-string.d.ts","sourceRoot":"","sources":["../../../src/utils/private/encode-aes-string.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAEhD,eAAO,MAAM,gBAAgB,gLAY1B,iBAAiB,KAAG,MAoBtB,CAAC"}
+{"version":3,"file":"encode-aes-string.d.ts","sourceRoot":"","sources":["../../../src/utils/private/encode-aes-string.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGhD,eAAO,MAAM,gBAAgB,gNAe1B,iBAAiB,KAAG,MAgCtB,CAAC"}

package/dist/utils/private/encode-aes-string.js

@@ -2,24 +2,29 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports._encodeAesString = void 0;
 const utils_1 = require("@lindorm/utils");
-const _encodeAesString = ({ encryption: algorithm, authTag, content, encryptionKeyAlgorithm, format, initialisationVector, integrityHash, keyId, publicEncryptionJwk, publicEncryptionKey, version, }) => {
+const format_1 = require("../../constants/private/format");
+const _encodeAesString = ({ algorithm, authTag, content, encryption, hkdfSalt, initialisationVector, keyId, pbkdfIterations, pbkdfSalt, publicEncryptionIv, publicEncryptionJwk, publicEncryptionKey, publicEncryptionTag, version, }) => {
     const values = (0, utils_1.removeEmpty)({
-        v: version,
-        f: format,
-        cek: publicEncryptionKey?.toString(format),
+        v: version.toString(),
+        kid: keyId.toString(format_1._B64U),
+        alg: algorithm,
+        iv: initialisationVector.toString(format_1._B64U),
+        tag: authTag.toString(format_1._B64U),
+        hks: hkdfSalt?.toString(format_1._B64U),
+        p2c: pbkdfIterations?.toString(),
+        p2s: pbkdfSalt?.toString(format_1._B64U),
+        pei: publicEncryptionIv?.toString(format_1._B64U),
+        pek: publicEncryptionKey?.toString(format_1._B64U),
+        pet: publicEncryptionTag?.toString(format_1._B64U),
         crv: publicEncryptionJwk?.crv,
-        eka: encryptionKeyAlgorithm,
-        ih: integrityHash,
-        iv: initialisationVector.toString(format),
-        kid: publicEncryptionKey && keyId ? keyId.toString(format) : undefined,
-        tag: authTag?.toString(format),
+        kty: publicEncryptionJwk?.kty,
         x: publicEncryptionJwk?.x,
         y: publicEncryptionJwk?.y,
     });
     const array = Object.entries(values).map(([key, value]) => `${key}=${value}`);
     const str = array.join(",");
-    const cnt = content.toString(format);
-    return `$${algorithm}$${str}$${cnt}$`;
+    const cnt = content.toString(format_1._B64U);
+    return `$${encryption}$${str}$${cnt}$`;
 };
 exports._encodeAesString = _encodeAesString;
 //# sourceMappingURL=encode-aes-string.js.map

package/dist/utils/private/encode-aes-string.js.map

@@ -1 +1 @@
-{"version":3,"file":"encode-aes-string.js","sourceRoot":"","sources":["../../../src/utils/private/encode-aes-string.ts"],"names":[],"mappings":";;;AAAA,0CAA6C;AAGtC,MAAM,gBAAgB,GAAG,CAAC,EAC/B,UAAU,EAAE,SAAS,EACrB,OAAO,EACP,OAAO,EACP,sBAAsB,EACtB,MAAM,EACN,oBAAoB,EACpB,aAAa,EACb,KAAK,EACL,mBAAmB,EACnB,mBAAmB,EACnB,OAAO,GACW,EAAU,EAAE;IAC9B,MAAM,MAAM,GAAG,IAAA,mBAAW,EAAC;QACzB,CAAC,EAAE,OAAO;QACV,CAAC,EAAE,MAAM;QACT,GAAG,EAAE,mBAAmB,EAAE,QAAQ,CAAC,MAAM,CAAC;QAC1C,GAAG,EAAE,mBAAmB,EAAE,GAAG;QAC7B,GAAG,EAAE,sBAAsB;QAC3B,EAAE,EAAE,aAAa;QACjB,EAAE,EAAE,oBAAoB,CAAC,QAAQ,CAAC,MAAM,CAAC;QACzC,GAAG,EAAE,mBAAmB,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS;QACtE,GAAG,EAAE,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC;QAC9B,CAAC,EAAE,mBAAmB,EAAE,CAAC;QACzB,CAAC,EAAE,mBAAmB,EAAE,CAAC;KAC1B,CAAC,CAAC;IACH,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC,CAAC;IAE9E,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC5B,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAErC,OAAO,IAAI,SAAS,IAAI,GAAG,IAAI,GAAG,GAAG,CAAC;AACxC,CAAC,CAAC;AAhCW,QAAA,gBAAgB,oBAgC3B"}
+{"version":3,"file":"encode-aes-string.js","sourceRoot":"","sources":["../../../src/utils/private/encode-aes-string.ts"],"names":[],"mappings":";;;AAAA,0CAA6C;AAC7C,2DAAuD;AAIhD,MAAM,gBAAgB,GAAG,CAAC,EAC/B,SAAS,EACT,OAAO,EACP,OAAO,EACP,UAAU,EACV,QAAQ,EACR,oBAAoB,EACpB,KAAK,EACL,eAAe,EACf,SAAS,EACT,kBAAkB,EAClB,mBAAmB,EACnB,mBAAmB,EACnB,mBAAmB,EACnB,OAAO,GACW,EAAU,EAAE;IAC9B,MAAM,MAAM,GAAoB,IAAA,mBAAW,EAAC;QAC1C,CAAC,EAAE,OAAO,CAAC,QAAQ,EAAE;QACrB,GAAG,EAAE,KAAK,CAAC,QAAQ,CAAC,cAAK,CAAC;QAG1B,GAAG,EAAE,SAAS;QACd,EAAE,EAAE,oBAAoB,CAAC,QAAQ,CAAC,cAAK,CAAC;QACxC,GAAG,EAAE,OAAO,CAAC,QAAQ,CAAC,cAAK,CAAC;QAG5B,GAAG,EAAE,QAAQ,EAAE,QAAQ,CAAC,cAAK,CAAC;QAC9B,GAAG,EAAE,eAAe,EAAE,QAAQ,EAAE;QAChC,GAAG,EAAE,SAAS,EAAE,QAAQ,CAAC,cAAK,CAAC;QAG/B,GAAG,EAAE,kBAAkB,EAAE,QAAQ,CAAC,cAAK,CAAC;QACxC,GAAG,EAAE,mBAAmB,EAAE,QAAQ,CAAC,cAAK,CAAC;QACzC,GAAG,EAAE,mBAAmB,EAAE,QAAQ,CAAC,cAAK,CAAC;QAGzC,GAAG,EAAE,mBAAmB,EAAE,GAAG;QAC7B,GAAG,EAAE,mBAAmB,EAAE,GAAG;QAC7B,CAAC,EAAE,mBAAmB,EAAE,CAAC;QACzB,CAAC,EAAE,mBAAmB,EAAE,CAAC;KAC1B,CAAC,CAAC;IACH,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC,CAAC;IAE9E,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC5B,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,cAAK,CAAC,CAAC;IAEpC,OAAO,IAAI,UAAU,IAAI,GAAG,IAAI,GAAG,GAAG,CAAC;AACzC,CAAC,CAAC;AA/CW,QAAA,gBAAgB,oBA+C3B"}

package/dist/utils/private/get-key/get-decryption-key.d.ts

@@ -0,0 +1,3 @@
+import { DecryptCekOptions, DecryptCekResult } from "../../../types/private";
+export declare const _getDecryptionKey: (options: DecryptCekOptions) => DecryptCekResult;
+//# sourceMappingURL=get-decryption-key.d.ts.map

package/dist/utils/private/get-key/get-decryption-key.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-decryption-key.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/get-key/get-decryption-key.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAM7E,eAAO,MAAM,iBAAiB,YAAa,iBAAiB,KAAG,gBAmB9D,CAAC"}

package/dist/utils/private/get-key/get-decryption-key.js

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._getDecryptionKey = void 0;
+const errors_1 = require("../../../errors");
+const get_ec_keys_1 = require("../key-types/get-ec-keys");
+const get_oct_keys_1 = require("../key-types/get-oct-keys");
+const get_okp_keys_1 = require("../key-types/get-okp-keys");
+const get_rsa_keys_1 = require("../key-types/get-rsa-keys");
+const _getDecryptionKey = (options) => {
+    switch (options.kryptos.type) {
+        case "EC":
+            return (0, get_ec_keys_1._getEcDecryptionKey)(options);
+        case "oct":
+            return (0, get_oct_keys_1._getOctDecryptionKey)(options);
+        case "OKP":
+            return (0, get_okp_keys_1._getOkpDecryptionKey)(options);
+        case "RSA":
+            return (0, get_rsa_keys_1._getRsaDecryptionKey)(options);
+        default:
+            throw new errors_1.AesError("Unexpected Kryptos", {
+                debug: { kryptos: options.kryptos.toJSON() },
+            });
+    }
+};
+exports._getDecryptionKey = _getDecryptionKey;
+//# sourceMappingURL=get-decryption-key.js.map

package/dist/utils/private/get-key/get-decryption-key.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-decryption-key.js","sourceRoot":"","sources":["../../../../src/utils/private/get-key/get-decryption-key.ts"],"names":[],"mappings":";;;AAAA,4CAA2C;AAE3C,0DAA+D;AAC/D,4DAAiE;AACjE,4DAAiE;AACjE,4DAAiE;AAE1D,MAAM,iBAAiB,GAAG,CAAC,OAA0B,EAAoB,EAAE;IAChF,QAAQ,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAC7B,KAAK,IAAI;YACP,OAAO,IAAA,iCAAmB,EAAC,OAAO,CAAC,CAAC;QAEtC,KAAK,KAAK;YACR,OAAO,IAAA,mCAAoB,EAAC,OAAO,CAAC,CAAC;QAEvC,KAAK,KAAK;YACR,OAAO,IAAA,mCAAoB,EAAC,OAAO,CAAC,CAAC;QAEvC,KAAK,KAAK;YACR,OAAO,IAAA,mCAAoB,EAAC,OAAO,CAAC,CAAC;QAEvC;YACE,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,EAAE;gBACvC,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE;aAC7C,CAAC,CAAC;IACP,CAAC;AACH,CAAC,CAAC;AAnBW,QAAA,iBAAiB,qBAmB5B"}

package/dist/utils/private/get-key/get-encryption-key.d.ts

@@ -0,0 +1,3 @@
+import { CreateCekOptions, CreateCekResult } from "../../../types/private";
+export declare const _getEncryptionKey: (options: CreateCekOptions) => CreateCekResult;
+//# sourceMappingURL=get-encryption-key.d.ts.map

package/dist/utils/private/get-key/get-encryption-key.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-encryption-key.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/get-key/get-encryption-key.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAM3E,eAAO,MAAM,iBAAiB,YAAa,gBAAgB,KAAG,eAmB7D,CAAC"}

package/dist/utils/private/get-key/get-encryption-key.js

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._getEncryptionKey = void 0;
+const errors_1 = require("../../../errors");
+const get_ec_keys_1 = require("../key-types/get-ec-keys");
+const get_oct_keys_1 = require("../key-types/get-oct-keys");
+const get_okp_keys_1 = require("../key-types/get-okp-keys");
+const get_rsa_keys_1 = require("../key-types/get-rsa-keys");
+const _getEncryptionKey = (options) => {
+    switch (options.kryptos.type) {
+        case "EC":
+            return (0, get_ec_keys_1._getEcEncryptionKey)(options);
+        case "oct":
+            return (0, get_oct_keys_1._getOctEncryptionKey)(options);
+        case "OKP":
+            return (0, get_okp_keys_1._getOkpEncryptionKey)(options);
+        case "RSA":
+            return (0, get_rsa_keys_1._getRsaEncryptionKey)(options);
+        default:
+            throw new errors_1.AesError("Unexpected Kryptos", {
+                debug: { kryptos: options.kryptos.toJSON() },
+            });
+    }
+};
+exports._getEncryptionKey = _getEncryptionKey;
+//# sourceMappingURL=get-encryption-key.js.map

package/dist/utils/private/get-key/get-encryption-key.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-encryption-key.js","sourceRoot":"","sources":["../../../../src/utils/private/get-key/get-encryption-key.ts"],"names":[],"mappings":";;;AAAA,4CAA2C;AAE3C,0DAA+D;AAC/D,4DAAiE;AACjE,4DAAiE;AACjE,4DAAiE;AAE1D,MAAM,iBAAiB,GAAG,CAAC,OAAyB,EAAmB,EAAE;IAC9E,QAAQ,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAC7B,KAAK,IAAI;YACP,OAAO,IAAA,iCAAmB,EAAC,OAAO,CAAC,CAAC;QAEtC,KAAK,KAAK;YACR,OAAO,IAAA,mCAAoB,EAAC,OAAO,CAAC,CAAC;QAEvC,KAAK,KAAK;YACR,OAAO,IAAA,mCAAoB,EAAC,OAAO,CAAC,CAAC;QAEvC,KAAK,KAAK;YACR,OAAO,IAAA,mCAAoB,EAAC,OAAO,CAAC,CAAC;QAEvC;YACE,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,EAAE;gBACvC,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE;aAC7C,CAAC,CAAC;IACP,CAAC;AACH,CAAC,CAAC;AAnBW,QAAA,iBAAiB,qBAmB5B"}

package/dist/utils/private/key-derivation/hkdf.d.ts

@@ -0,0 +1,14 @@
+/// <reference types="node" />
+import { AesKeyLength } from "@lindorm/types";
+type Options = {
+    derivationKey: Buffer;
+    hkdfSalt?: Buffer;
+    keyLength: AesKeyLength;
+};
+type Result = {
+    derivedKey: Buffer;
+    hkdfSalt: Buffer;
+};
+export declare const _hkdf: (options: Options) => Result;
+export {};
+//# sourceMappingURL=hkdf.d.ts.map

package/dist/utils/private/key-derivation/hkdf.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hkdf.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/key-derivation/hkdf.ts"],"names":[],"mappings":";AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAG9C,KAAK,OAAO,GAAG;IACb,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,YAAY,CAAC;CACzB,CAAC;AAEF,KAAK,MAAM,GAAG;IACZ,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,eAAO,MAAM,KAAK,YAAa,OAAO,KAAG,MASxC,CAAC"}

package/dist/utils/private/key-derivation/hkdf.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._hkdf = void 0;
+const crypto_1 = require("crypto");
+const _hkdf = (options) => {
+    const hkdfSalt = options.hkdfSalt ?? (0, crypto_1.randomBytes)(16);
+    const info = Buffer.from("lindorm.hkdf", "utf-8");
+    const derivedKey = Buffer.from((0, crypto_1.hkdfSync)("SHA256", options.derivationKey, hkdfSalt, info, options.keyLength));
+    return { derivedKey, hkdfSalt };
+};
+exports._hkdf = _hkdf;
+//# sourceMappingURL=hkdf.js.map

package/dist/utils/private/key-derivation/hkdf.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hkdf.js","sourceRoot":"","sources":["../../../../src/utils/private/key-derivation/hkdf.ts"],"names":[],"mappings":";;;AACA,mCAA+C;AAaxC,MAAM,KAAK,GAAG,CAAC,OAAgB,EAAU,EAAE;IAChD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC;IACrD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;IAElD,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAC5B,IAAA,iBAAQ,EAAC,QAAQ,EAAE,OAAO,CAAC,aAAa,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,SAAS,CAAC,CAC7E,CAAC;IAEF,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC;AAClC,CAAC,CAAC;AATW,QAAA,KAAK,SAShB"}

package/dist/utils/private/key-derivation/pbkdf.d.ts

@@ -0,0 +1,17 @@
+/// <reference types="node" />
+import { AesKeyLength, ShaAlgorithm } from "@lindorm/types";
+type Options = {
+    algorithm: ShaAlgorithm;
+    derivationKey: Buffer;
+    keyLength: AesKeyLength;
+    pbkdfIterations?: number;
+    pbkdfSalt?: Buffer;
+};
+type Result = {
+    derivedKey: Buffer;
+    pbkdfIterations: number;
+    pbkdfSalt: Buffer;
+};
+export declare const _pbkdf: (options: Options) => Result;
+export {};
+//# sourceMappingURL=pbkdf.d.ts.map

package/dist/utils/private/key-derivation/pbkdf.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pbkdf.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/key-derivation/pbkdf.ts"],"names":[],"mappings":";AAAA,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAG5D,KAAK,OAAO,GAAG;IACb,SAAS,EAAE,YAAY,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,YAAY,CAAC;IACxB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,MAAM,GAAG;IACZ,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAKF,eAAO,MAAM,MAAM,YAAa,OAAO,KAAG,MAazC,CAAC"}

package/dist/utils/private/key-derivation/pbkdf.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._pbkdf = void 0;
+const crypto_1 = require("crypto");
+const randomIterations = () => Math.floor(Math.random() * 20000) + 90000;
+const _pbkdf = (options) => {
+    const pbkdfSalt = options.pbkdfSalt ?? (0, crypto_1.randomBytes)(16);
+    const pbkdfIterations = options.pbkdfIterations ?? randomIterations();
+    const derivedKey = (0, crypto_1.pbkdf2Sync)(options.derivationKey, pbkdfSalt, pbkdfIterations, options.keyLength, options.algorithm);
+    return { derivedKey, pbkdfIterations, pbkdfSalt };
+};
+exports._pbkdf = _pbkdf;
+//# sourceMappingURL=pbkdf.js.map

package/dist/utils/private/key-derivation/pbkdf.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pbkdf.js","sourceRoot":"","sources":["../../../../src/utils/private/key-derivation/pbkdf.ts"],"names":[],"mappings":";;;AACA,mCAAiD;AAiBjD,MAAM,gBAAgB,GAAG,GAAW,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,GAAG,KAAK,CAAC;AAE1E,MAAM,MAAM,GAAG,CAAC,OAAgB,EAAU,EAAE;IACjD,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC;IACvD,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,gBAAgB,EAAE,CAAC;IAEtE,MAAM,UAAU,GAAG,IAAA,mBAAU,EAC3B,OAAO,CAAC,aAAa,EACrB,SAAS,EACT,eAAe,EACf,OAAO,CAAC,SAAS,EACjB,OAAO,CAAC,SAAS,CAClB,CAAC;IAEF,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,SAAS,EAAE,CAAC;AACpD,CAAC,CAAC;AAbW,QAAA,MAAM,UAajB"}

package/dist/utils/private/key-types/get-ec-keys.d.ts

@@ -0,0 +1,4 @@
+import { CreateCekOptions, CreateCekResult, DecryptCekOptions, DecryptCekResult } from "../../../types/private";
+export declare const _getEcEncryptionKey: (options: CreateCekOptions) => CreateCekResult;
+export declare const _getEcDecryptionKey: (options: DecryptCekOptions) => DecryptCekResult;
+//# sourceMappingURL=get-ec-keys.d.ts.map

package/dist/utils/private/key-types/get-ec-keys.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-ec-keys.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/key-types/get-ec-keys.ts"],"names":[],"mappings":"AACA,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,wBAAwB,CAAC;AAUhC,eAAO,MAAM,mBAAmB,YAAa,gBAAgB,KAAG,eAkB/D,CAAC;AAEF,eAAO,MAAM,mBAAmB,YAAa,iBAAiB,KAAG,gBAkBhE,CAAC"}

package/dist/utils/private/key-types/get-ec-keys.js

@@ -0,0 +1,43 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._getEcDecryptionKey = exports._getEcEncryptionKey = void 0;
+const errors_1 = require("../../../errors");
+const diffie_hellman_1 = require("../diffie-hellman/diffie-hellman");
+const diffie_hellman_key_wrap_1 = require("../diffie-hellman/diffie-hellman-key-wrap");
+const _getEcEncryptionKey = (options) => {
+    switch (options.kryptos.algorithm) {
+        case "ECDH-ES":
+            return (0, diffie_hellman_1._getDiffieHellmanEncryptionKey)(options);
+        case "ECDH-ES+A128KW":
+        case "ECDH-ES+A192KW":
+        case "ECDH-ES+A256KW":
+        case "ECDH-ES+A128GCMKW":
+        case "ECDH-ES+A192GCMKW":
+        case "ECDH-ES+A256GCMKW":
+            return (0, diffie_hellman_key_wrap_1._getDiffieHellmanKeyWrapEncryptionKey)(options);
+        default:
+            throw new errors_1.AesError("Unexpected Kryptos", {
+                debug: { kryptos: options.kryptos.toJSON() },
+            });
+    }
+};
+exports._getEcEncryptionKey = _getEcEncryptionKey;
+const _getEcDecryptionKey = (options) => {
+    switch (options.kryptos.algorithm) {
+        case "ECDH-ES":
+            return (0, diffie_hellman_1._getDiffieHellmanDecryptionKey)(options);
+        case "ECDH-ES+A128KW":
+        case "ECDH-ES+A192KW":
+        case "ECDH-ES+A256KW":
+        case "ECDH-ES+A128GCMKW":
+        case "ECDH-ES+A192GCMKW":
+        case "ECDH-ES+A256GCMKW":
+            return (0, diffie_hellman_key_wrap_1._getDiffieHellmanKeyWrapDecryptionKey)(options);
+        default:
+            throw new errors_1.AesError("Unexpected Kryptos", {
+                debug: { kryptos: options.kryptos.toJSON() },
+            });
+    }
+};
+exports._getEcDecryptionKey = _getEcDecryptionKey;
+//# sourceMappingURL=get-ec-keys.js.map

package/dist/utils/private/key-types/get-ec-keys.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-ec-keys.js","sourceRoot":"","sources":["../../../../src/utils/private/key-types/get-ec-keys.ts"],"names":[],"mappings":";;;AAAA,4CAA2C;AAO3C,qEAG0C;AAC1C,uFAGmD;AAE5C,MAAM,mBAAmB,GAAG,CAAC,OAAyB,EAAmB,EAAE;IAChF,QAAQ,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;QAClC,KAAK,SAAS;YACZ,OAAO,IAAA,+CAA8B,EAAC,OAAO,CAAC,CAAC;QAEjD,KAAK,gBAAgB,CAAC;QACtB,KAAK,gBAAgB,CAAC;QACtB,KAAK,gBAAgB,CAAC;QACtB,KAAK,mBAAmB,CAAC;QACzB,KAAK,mBAAmB,CAAC;QACzB,KAAK,mBAAmB;YACtB,OAAO,IAAA,+DAAqC,EAAC,OAAO,CAAC,CAAC;QAExD;YACE,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,EAAE;gBACvC,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE;aAC7C,CAAC,CAAC;IACP,CAAC;AACH,CAAC,CAAC;AAlBW,QAAA,mBAAmB,uBAkB9B;AAEK,MAAM,mBAAmB,GAAG,CAAC,OAA0B,EAAoB,EAAE;IAClF,QAAQ,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;QAClC,KAAK,SAAS;YACZ,OAAO,IAAA,+CAA8B,EAAC,OAAO,CAAC,CAAC;QAEjD,KAAK,gBAAgB,CAAC;QACtB,KAAK,gBAAgB,CAAC;QACtB,KAAK,gBAAgB,CAAC;QACtB,KAAK,mBAAmB,CAAC;QACzB,KAAK,mBAAmB,CAAC;QACzB,KAAK,mBAAmB;YACtB,OAAO,IAAA,+DAAqC,EAAC,OAAO,CAAC,CAAC;QAExD;YACE,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,EAAE;gBACvC,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE;aAC7C,CAAC,CAAC;IACP,CAAC;AACH,CAAC,CAAC;AAlBW,QAAA,mBAAmB,uBAkB9B"}

package/dist/utils/private/key-types/get-oct-keys.d.ts

@@ -0,0 +1,4 @@
+import { CreateCekOptions, CreateCekResult, DecryptCekOptions, DecryptCekResult } from "../../../types/private";
+export declare const _getOctEncryptionKey: (options: CreateCekOptions) => CreateCekResult;
+export declare const _getOctDecryptionKey: (options: DecryptCekOptions) => DecryptCekResult;
+//# sourceMappingURL=get-oct-keys.d.ts.map

package/dist/utils/private/key-types/get-oct-keys.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-oct-keys.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/key-types/get-oct-keys.ts"],"names":[],"mappings":"AACA,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,wBAAwB,CAAC;AAchC,eAAO,MAAM,oBAAoB,YAAa,gBAAgB,KAAG,eAuBhE,CAAC;AAEF,eAAO,MAAM,oBAAoB,YAAa,iBAAiB,KAAG,gBAuBjE,CAAC"}