@lindorm/aes 0.1.3 → 0.3.0

package/dist/utils/private/key-types/get-oct-keys.js

@@ -0,0 +1,52 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._getOctDecryptionKey = exports._getOctEncryptionKey = void 0;
+const errors_1 = require("../../../errors");
+const get_oct_dir_keys_1 = require("../oct/get-oct-dir-keys");
+const get_oct_key_key_wrap_1 = require("../oct/get-oct-key-key-wrap");
+const get_oct_pbkdf_key_wrap_keys_1 = require("../oct/get-oct-pbkdf-key-wrap-keys");
+const _getOctEncryptionKey = (options) => {
+    switch (options.kryptos.algorithm) {
+        case "dir":
+            return (0, get_oct_dir_keys_1._getOctDirEncryptionKey)(options);
+        case "A128KW":
+        case "A192KW":
+        case "A256KW":
+        case "A128GCMKW":
+        case "A192GCMKW":
+        case "A256GCMKW":
+            return (0, get_oct_key_key_wrap_1._getOctKeyWrapEncryptionKey)(options);
+        case "PBES2-HS256+A128KW":
+        case "PBES2-HS384+A192KW":
+        case "PBES2-HS512+A256KW":
+            return (0, get_oct_pbkdf_key_wrap_keys_1._getOctPbkdfKeyWrapEncryptionKey)(options);
+        default:
+            throw new errors_1.AesError("Unexpected Kryptos", {
+                debug: { kryptos: options.kryptos.toJSON() },
+            });
+    }
+};
+exports._getOctEncryptionKey = _getOctEncryptionKey;
+const _getOctDecryptionKey = (options) => {
+    switch (options.kryptos.algorithm) {
+        case "dir":
+            return (0, get_oct_dir_keys_1._getOctDirDecryptionKey)(options);
+        case "A128KW":
+        case "A192KW":
+        case "A256KW":
+        case "A128GCMKW":
+        case "A192GCMKW":
+        case "A256GCMKW":
+            return (0, get_oct_key_key_wrap_1._getOctKeyWrapDecryptionKey)(options);
+        case "PBES2-HS256+A128KW":
+        case "PBES2-HS384+A192KW":
+        case "PBES2-HS512+A256KW":
+            return (0, get_oct_pbkdf_key_wrap_keys_1._getOctPbkdfKeyWrapDecryptionKey)(options);
+        default:
+            throw new errors_1.AesError("Unexpected Kryptos", {
+                debug: { kryptos: options.kryptos.toJSON() },
+            });
+    }
+};
+exports._getOctDecryptionKey = _getOctDecryptionKey;
+//# sourceMappingURL=get-oct-keys.js.map

package/dist/utils/private/key-types/get-oct-keys.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-oct-keys.js","sourceRoot":"","sources":["../../../../src/utils/private/key-types/get-oct-keys.ts"],"names":[],"mappings":";;;AAAA,4CAA2C;AAO3C,8DAGiC;AACjC,sEAGqC;AACrC,oFAG4C;AAErC,MAAM,oBAAoB,GAAG,CAAC,OAAyB,EAAmB,EAAE;IACjF,QAAQ,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;QAClC,KAAK,KAAK;YACR,OAAO,IAAA,0CAAuB,EAAC,OAAO,CAAC,CAAC;QAE1C,KAAK,QAAQ,CAAC;QACd,KAAK,QAAQ,CAAC;QACd,KAAK,QAAQ,CAAC;QACd,KAAK,WAAW,CAAC;QACjB,KAAK,WAAW,CAAC;QACjB,KAAK,WAAW;YACd,OAAO,IAAA,kDAA2B,EAAC,OAAO,CAAC,CAAC;QAE9C,KAAK,oBAAoB,CAAC;QAC1B,KAAK,oBAAoB,CAAC;QAC1B,KAAK,oBAAoB;YACvB,OAAO,IAAA,8DAAgC,EAAC,OAAO,CAAC,CAAC;QAEnD;YACE,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,EAAE;gBACvC,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE;aAC7C,CAAC,CAAC;IACP,CAAC;AACH,CAAC,CAAC;AAvBW,QAAA,oBAAoB,wBAuB/B;AAEK,MAAM,oBAAoB,GAAG,CAAC,OAA0B,EAAoB,EAAE;IACnF,QAAQ,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;QAClC,KAAK,KAAK;YACR,OAAO,IAAA,0CAAuB,EAAC,OAAO,CAAC,CAAC;QAE1C,KAAK,QAAQ,CAAC;QACd,KAAK,QAAQ,CAAC;QACd,KAAK,QAAQ,CAAC;QACd,KAAK,WAAW,CAAC;QACjB,KAAK,WAAW,CAAC;QACjB,KAAK,WAAW;YACd,OAAO,IAAA,kDAA2B,EAAC,OAAO,CAAC,CAAC;QAE9C,KAAK,oBAAoB,CAAC;QAC1B,KAAK,oBAAoB,CAAC;QAC1B,KAAK,oBAAoB;YACvB,OAAO,IAAA,8DAAgC,EAAC,OAAO,CAAC,CAAC;QAEnD;YACE,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,EAAE;gBACvC,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE;aAC7C,CAAC,CAAC;IACP,CAAC;AACH,CAAC,CAAC;AAvBW,QAAA,oBAAoB,wBAuB/B"}

package/dist/utils/private/key-types/get-okp-keys.d.ts

@@ -0,0 +1,4 @@
+import { CreateCekOptions, CreateCekResult, DecryptCekOptions, DecryptCekResult } from "../../../types/private";
+export declare const _getOkpEncryptionKey: (options: CreateCekOptions) => CreateCekResult;
+export declare const _getOkpDecryptionKey: (options: DecryptCekOptions) => DecryptCekResult;
+//# sourceMappingURL=get-okp-keys.d.ts.map

package/dist/utils/private/key-types/get-okp-keys.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-okp-keys.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/key-types/get-okp-keys.ts"],"names":[],"mappings":"AACA,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,wBAAwB,CAAC;AAUhC,eAAO,MAAM,oBAAoB,YAAa,gBAAgB,KAAG,eAkBhE,CAAC;AAEF,eAAO,MAAM,oBAAoB,YAAa,iBAAiB,KAAG,gBAkBjE,CAAC"}

package/dist/utils/private/key-types/get-okp-keys.js

@@ -0,0 +1,43 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._getOkpDecryptionKey = exports._getOkpEncryptionKey = void 0;
+const errors_1 = require("../../../errors");
+const diffie_hellman_1 = require("../diffie-hellman/diffie-hellman");
+const diffie_hellman_key_wrap_1 = require("../diffie-hellman/diffie-hellman-key-wrap");
+const _getOkpEncryptionKey = (options) => {
+    switch (options.kryptos.algorithm) {
+        case "ECDH-ES":
+            return (0, diffie_hellman_1._getDiffieHellmanEncryptionKey)(options);
+        case "ECDH-ES+A128KW":
+        case "ECDH-ES+A192KW":
+        case "ECDH-ES+A256KW":
+        case "ECDH-ES+A128GCMKW":
+        case "ECDH-ES+A192GCMKW":
+        case "ECDH-ES+A256GCMKW":
+            return (0, diffie_hellman_key_wrap_1._getDiffieHellmanKeyWrapEncryptionKey)(options);
+        default:
+            throw new errors_1.AesError("Unexpected Kryptos", {
+                debug: { kryptos: options.kryptos.toJSON() },
+            });
+    }
+};
+exports._getOkpEncryptionKey = _getOkpEncryptionKey;
+const _getOkpDecryptionKey = (options) => {
+    switch (options.kryptos.algorithm) {
+        case "ECDH-ES":
+            return (0, diffie_hellman_1._getDiffieHellmanDecryptionKey)(options);
+        case "ECDH-ES+A128KW":
+        case "ECDH-ES+A192KW":
+        case "ECDH-ES+A256KW":
+        case "ECDH-ES+A128GCMKW":
+        case "ECDH-ES+A192GCMKW":
+        case "ECDH-ES+A256GCMKW":
+            return (0, diffie_hellman_key_wrap_1._getDiffieHellmanKeyWrapDecryptionKey)(options);
+        default:
+            throw new errors_1.AesError("Unexpected Kryptos", {
+                debug: { kryptos: options.kryptos.toJSON() },
+            });
+    }
+};
+exports._getOkpDecryptionKey = _getOkpDecryptionKey;
+//# sourceMappingURL=get-okp-keys.js.map

package/dist/utils/private/key-types/get-okp-keys.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-okp-keys.js","sourceRoot":"","sources":["../../../../src/utils/private/key-types/get-okp-keys.ts"],"names":[],"mappings":";;;AAAA,4CAA2C;AAO3C,qEAG0C;AAC1C,uFAGmD;AAE5C,MAAM,oBAAoB,GAAG,CAAC,OAAyB,EAAmB,EAAE;IACjF,QAAQ,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;QAClC,KAAK,SAAS;YACZ,OAAO,IAAA,+CAA8B,EAAC,OAAO,CAAC,CAAC;QAEjD,KAAK,gBAAgB,CAAC;QACtB,KAAK,gBAAgB,CAAC;QACtB,KAAK,gBAAgB,CAAC;QACtB,KAAK,mBAAmB,CAAC;QACzB,KAAK,mBAAmB,CAAC;QACzB,KAAK,mBAAmB;YACtB,OAAO,IAAA,+DAAqC,EAAC,OAAO,CAAC,CAAC;QAExD;YACE,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,EAAE;gBACvC,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE;aAC7C,CAAC,CAAC;IACP,CAAC;AACH,CAAC,CAAC;AAlBW,QAAA,oBAAoB,wBAkB/B;AAEK,MAAM,oBAAoB,GAAG,CAAC,OAA0B,EAAoB,EAAE;IACnF,QAAQ,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;QAClC,KAAK,SAAS;YACZ,OAAO,IAAA,+CAA8B,EAAC,OAAO,CAAC,CAAC;QAEjD,KAAK,gBAAgB,CAAC;QACtB,KAAK,gBAAgB,CAAC;QACtB,KAAK,gBAAgB,CAAC;QACtB,KAAK,mBAAmB,CAAC;QACzB,KAAK,mBAAmB,CAAC;QACzB,KAAK,mBAAmB;YACtB,OAAO,IAAA,+DAAqC,EAAC,OAAO,CAAC,CAAC;QAExD;YACE,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,EAAE;gBACvC,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE;aAC7C,CAAC,CAAC;IACP,CAAC;AACH,CAAC,CAAC;AAlBW,QAAA,oBAAoB,wBAkB/B"}

package/dist/utils/private/key-types/get-rsa-keys.d.ts

@@ -0,0 +1,4 @@
+import { CreateCekOptions, CreateCekResult, DecryptCekOptions, DecryptCekResult } from "../../../types/private";
+export declare const _getRsaEncryptionKey: ({ encryption, kryptos, }: CreateCekOptions) => CreateCekResult;
+export declare const _getRsaDecryptionKey: ({ kryptos, publicEncryptionKey, }: DecryptCekOptions) => DecryptCekResult;
+//# sourceMappingURL=get-rsa-keys.d.ts.map

package/dist/utils/private/key-types/get-rsa-keys.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-rsa-keys.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/key-types/get-rsa-keys.ts"],"names":[],"mappings":"AAIA,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,wBAAwB,CAAC;AAIhC,eAAO,MAAM,oBAAoB,6BAG9B,gBAAgB,KAAG,eA6BrB,CAAC;AAEF,eAAO,MAAM,oBAAoB,sCAG9B,iBAAiB,KAAG,gBAmCtB,CAAC"}

package/dist/utils/private/key-types/get-rsa-keys.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._getRsaDecryptionKey = exports._getRsaEncryptionKey = void 0;
+const kryptos_1 = require("@lindorm/kryptos");
+const constants_1 = require("constants");
+const crypto_1 = require("crypto");
+const errors_1 = require("../../../errors");
+const calculate_content_encryption_key_size_1 = require("../calculate/calculate-content-encryption-key-size");
+const calculate_rsa_oaep_hash_1 = require("../calculate/calculate-rsa-oaep-hash");
+const _getRsaEncryptionKey = ({ encryption, kryptos, }) => {
+    if (!kryptos_1.Kryptos.isRsa(kryptos)) {
+        throw new errors_1.AesError("Invalid Kryptos instance");
+    }
+    if (kryptos.algorithm !== "RSA-OAEP" &&
+        kryptos.algorithm !== "RSA-OAEP-256" &&
+        kryptos.algorithm !== "RSA-OAEP-384" &&
+        kryptos.algorithm !== "RSA-OAEP-512") {
+        throw new errors_1.AesError("Invalid encryption key algorithm");
+    }
+    const keyLength = (0, calculate_content_encryption_key_size_1._calculateContentEncryptionKeySize)(encryption);
+    const contentEncryptionKey = (0, crypto_1.randomBytes)(keyLength);
+    const { publicKey } = kryptos.export("pem");
+    const publicEncryptionKey = (0, crypto_1.publicEncrypt)({
+        key: publicKey,
+        padding: constants_1.RSA_PKCS1_OAEP_PADDING,
+        oaepHash: (0, calculate_rsa_oaep_hash_1._calculateRsaOaepHash)(kryptos.algorithm),
+    }, contentEncryptionKey);
+    return { contentEncryptionKey, publicEncryptionKey };
+};
+exports._getRsaEncryptionKey = _getRsaEncryptionKey;
+const _getRsaDecryptionKey = ({ kryptos, publicEncryptionKey, }) => {
+    if (!kryptos_1.Kryptos.isRsa(kryptos)) {
+        throw new errors_1.AesError("Invalid Kryptos instance");
+    }
+    if (!publicEncryptionKey) {
+        throw new errors_1.AesError("Missing publicEncryptionKey");
+    }
+    if (kryptos.algorithm !== "RSA-OAEP" &&
+        kryptos.algorithm !== "RSA-OAEP-256" &&
+        kryptos.algorithm !== "RSA-OAEP-384" &&
+        kryptos.algorithm !== "RSA-OAEP-512") {
+        throw new errors_1.AesError("Invalid encryption key algorithm", {
+            debug: { kryptos },
+        });
+    }
+    const { privateKey } = kryptos.export("pem");
+    if (!privateKey) {
+        throw new errors_1.AesError("Unable to decrypt AES without private key");
+    }
+    const contentEncryptionKey = (0, crypto_1.privateDecrypt)({
+        key: privateKey,
+        padding: constants_1.RSA_PKCS1_OAEP_PADDING,
+        oaepHash: (0, calculate_rsa_oaep_hash_1._calculateRsaOaepHash)(kryptos.algorithm),
+    }, publicEncryptionKey);
+    return { contentEncryptionKey };
+};
+exports._getRsaDecryptionKey = _getRsaDecryptionKey;
+//# sourceMappingURL=get-rsa-keys.js.map

package/dist/utils/private/key-types/get-rsa-keys.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-rsa-keys.js","sourceRoot":"","sources":["../../../../src/utils/private/key-types/get-rsa-keys.ts"],"names":[],"mappings":";;;AAAA,8CAA2C;AAC3C,yCAAmD;AACnD,mCAAoE;AACpE,4CAA2C;AAO3C,8GAAwG;AACxG,kFAA6E;AAEtE,MAAM,oBAAoB,GAAG,CAAC,EACnC,UAAU,EACV,OAAO,GACU,EAAmB,EAAE;IACtC,IAAI,CAAC,iBAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,iBAAQ,CAAC,0BAA0B,CAAC,CAAC;IACjD,CAAC;IAED,IACE,OAAO,CAAC,SAAS,KAAK,UAAU;QAChC,OAAO,CAAC,SAAS,KAAK,cAAc;QACpC,OAAO,CAAC,SAAS,KAAK,cAAc;QACpC,OAAO,CAAC,SAAS,KAAK,cAAc,EACpC,CAAC;QACD,MAAM,IAAI,iBAAQ,CAAC,kCAAkC,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,SAAS,GAAG,IAAA,0EAAkC,EAAC,UAAU,CAAC,CAAC;IACjE,MAAM,oBAAoB,GAAG,IAAA,oBAAW,EAAC,SAAS,CAAC,CAAC;IAEpD,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAE5C,MAAM,mBAAmB,GAAG,IAAA,sBAAa,EACvC;QACE,GAAG,EAAE,SAAS;QACd,OAAO,EAAE,kCAAsB;QAC/B,QAAQ,EAAE,IAAA,+CAAqB,EAAC,OAAO,CAAC,SAAS,CAAC;KACnD,EACD,oBAAoB,CACrB,CAAC;IAEF,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,CAAC;AACvD,CAAC,CAAC;AAhCW,QAAA,oBAAoB,wBAgC/B;AAEK,MAAM,oBAAoB,GAAG,CAAC,EACnC,OAAO,EACP,mBAAmB,GACD,EAAoB,EAAE;IACxC,IAAI,CAAC,iBAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,iBAAQ,CAAC,0BAA0B,CAAC,CAAC;IACjD,CAAC;IACD,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,MAAM,IAAI,iBAAQ,CAAC,6BAA6B,CAAC,CAAC;IACpD,CAAC;IAED,IACE,OAAO,CAAC,SAAS,KAAK,UAAU;QAChC,OAAO,CAAC,SAAS,KAAK,cAAc;QACpC,OAAO,CAAC,SAAS,KAAK,cAAc;QACpC,OAAO,CAAC,SAAS,KAAK,cAAc,EACpC,CAAC;QACD,MAAM,IAAI,iBAAQ,CAAC,kCAAkC,EAAE;YACrD,KAAK,EAAE,EAAE,OAAO,EAAE;SACnB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAE7C,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,iBAAQ,CAAC,2CAA2C,CAAC,CAAC;IAClE,CAAC;IAED,MAAM,oBAAoB,GAAG,IAAA,uBAAc,EACzC;QACE,GAAG,EAAE,UAAU;QACf,OAAO,EAAE,kCAAsB;QAC/B,QAAQ,EAAE,IAAA,+CAAqB,EAAC,OAAO,CAAC,SAAS,CAAC;KACnD,EACD,mBAAmB,CACpB,CAAC;IAEF,OAAO,EAAE,oBAAoB,EAAE,CAAC;AAClC,CAAC,CAAC;AAtCW,QAAA,oBAAoB,wBAsC/B"}

package/dist/utils/private/key-wrap/ecb-key-wrap.d.ts

@@ -0,0 +1,4 @@
+import { KeyUnwrapOptions, KeyUnwrapResult, KeyWrapOptions, KeyWrapResult } from "../../../types/private";
+export declare const _ecbKeyWrap: ({ contentEncryptionKey, keyEncryptionKey, kryptos, }: KeyWrapOptions) => KeyWrapResult;
+export declare const _ecbKeyUnwrap: ({ keyEncryptionKey, kryptos, publicEncryptionKey, }: KeyUnwrapOptions) => KeyUnwrapResult;
+//# sourceMappingURL=ecb-key-wrap.d.ts.map

package/dist/utils/private/key-wrap/ecb-key-wrap.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ecb-key-wrap.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/key-wrap/ecb-key-wrap.ts"],"names":[],"mappings":"AACA,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,aAAa,EACd,MAAM,wBAAwB,CAAC;AAMhC,eAAO,MAAM,WAAW,yDAIrB,cAAc,KAAG,aA8BnB,CAAC;AAEF,eAAO,MAAM,aAAa,wDAIvB,gBAAgB,KAAG,eAmCrB,CAAC"}

package/dist/utils/private/key-wrap/ecb-key-wrap.js

@@ -0,0 +1,66 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._ecbKeyUnwrap = exports._ecbKeyWrap = void 0;
+const crypto_1 = require("crypto");
+const calculate_key_wrap_encryption_1 = require("../calculate/calculate-key-wrap-encryption");
+const AIV = "A6A6A6A6A6A6A6A6";
+const BLOCK_SIZE = 8;
+const _ecbKeyWrap = ({ contentEncryptionKey, keyEncryptionKey, kryptos, }) => {
+    const algorithm = (0, calculate_key_wrap_encryption_1._calculateKeyWrapEncryption)(kryptos);
+    const n = contentEncryptionKey.length / BLOCK_SIZE;
+    let a = Buffer.from(AIV, "hex");
+    const r = [];
+    for (let i = 0; i < n; i++) {
+        r[i] = contentEncryptionKey.subarray(i * BLOCK_SIZE, (i + 1) * BLOCK_SIZE);
+    }
+    const cipher = (0, crypto_1.createCipheriv)(algorithm, keyEncryptionKey, null);
+    cipher.setAutoPadding(false);
+    for (let j = 0; j < 6; j++) {
+        for (let i = 0; i < n; i++) {
+            const b = Buffer.concat([a, r[i]]);
+            const encrypted = cipher.update(b);
+            a = encrypted.subarray(0, BLOCK_SIZE);
+            const t = n * j + i + 1;
+            const tBuffer = Buffer.alloc(BLOCK_SIZE);
+            tBuffer.writeUIntBE(t, 4, 4);
+            for (let k = 0; k < BLOCK_SIZE; k++) {
+                a[k] ^= tBuffer[k];
+            }
+            r[i] = encrypted.subarray(BLOCK_SIZE);
+        }
+    }
+    return { publicEncryptionKey: Buffer.concat([a, ...r]) };
+};
+exports._ecbKeyWrap = _ecbKeyWrap;
+const _ecbKeyUnwrap = ({ keyEncryptionKey, kryptos, publicEncryptionKey, }) => {
+    const encryption = (0, calculate_key_wrap_encryption_1._calculateKeyWrapEncryption)(kryptos);
+    const n = publicEncryptionKey.length / BLOCK_SIZE - 1;
+    let a = publicEncryptionKey.subarray(0, BLOCK_SIZE);
+    const r = [];
+    for (let i = 0; i < n; i++) {
+        r[i] = publicEncryptionKey.subarray((i + 1) * BLOCK_SIZE, (i + 2) * BLOCK_SIZE);
+    }
+    const decipher = (0, crypto_1.createDecipheriv)(encryption, keyEncryptionKey, null);
+    decipher.setAutoPadding(false);
+    for (let j = 5; j >= 0; j--) {
+        for (let i = n - 1; i >= 0; i--) {
+            const t = n * j + i + 1;
+            const tBuffer = Buffer.alloc(BLOCK_SIZE);
+            tBuffer.writeUIntBE(t, 4, 4);
+            const aXorT = Buffer.alloc(BLOCK_SIZE);
+            for (let k = 0; k < BLOCK_SIZE; k++) {
+                aXorT[k] = a[k] ^ tBuffer[k];
+            }
+            const b = Buffer.concat([aXorT, r[i]]);
+            const decrypted = decipher.update(b);
+            a = decrypted.subarray(0, BLOCK_SIZE);
+            r[i] = decrypted.subarray(BLOCK_SIZE);
+        }
+    }
+    if (!a.equals(Buffer.from(AIV, "hex"))) {
+        throw new Error("Integrity check failed");
+    }
+    return { contentEncryptionKey: Buffer.concat(r) };
+};
+exports._ecbKeyUnwrap = _ecbKeyUnwrap;
+//# sourceMappingURL=ecb-key-wrap.js.map

package/dist/utils/private/key-wrap/ecb-key-wrap.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ecb-key-wrap.js","sourceRoot":"","sources":["../../../../src/utils/private/key-wrap/ecb-key-wrap.ts"],"names":[],"mappings":";;;AAAA,mCAA0D;AAO1D,8FAAyF;AAEzF,MAAM,GAAG,GAAG,kBAA2B,CAAC;AACxC,MAAM,UAAU,GAAG,CAAU,CAAC;AAEvB,MAAM,WAAW,GAAG,CAAC,EAC1B,oBAAoB,EACpB,gBAAgB,EAChB,OAAO,GACQ,EAAiB,EAAE;IAClC,MAAM,SAAS,GAAG,IAAA,2DAA2B,EAAC,OAAO,CAAC,CAAC;IAEvD,MAAM,CAAC,GAAG,oBAAoB,CAAC,MAAM,GAAG,UAAU,CAAC;IACnD,IAAI,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAChC,MAAM,CAAC,GAAG,EAAE,CAAC;IAEb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3B,CAAC,CAAC,CAAC,CAAC,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC,GAAG,UAAU,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC;IAC7E,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,uBAAc,EAAC,SAAS,EAAE,gBAAgB,EAAE,IAAI,CAAC,CAAC;IACjE,MAAM,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IAE7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3B,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACnC,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACnC,CAAC,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;YACtC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACxB,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YACzC,OAAO,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;YAC7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,EAAE,CAAC,EAAE,EAAE,CAAC;gBACpC,CAAC,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC;YACrB,CAAC;YACD,CAAC,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAED,OAAO,EAAE,mBAAmB,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;AAC3D,CAAC,CAAC;AAlCW,QAAA,WAAW,eAkCtB;AAEK,MAAM,aAAa,GAAG,CAAC,EAC5B,gBAAgB,EAChB,OAAO,EACP,mBAAmB,GACF,EAAmB,EAAE;IACtC,MAAM,UAAU,GAAG,IAAA,2DAA2B,EAAC,OAAO,CAAC,CAAC;IAExD,MAAM,CAAC,GAAG,mBAAmB,CAAC,MAAM,GAAG,UAAU,GAAG,CAAC,CAAC;IACtD,IAAI,CAAC,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IACpD,MAAM,CAAC,GAAG,EAAE,CAAC;IAEb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3B,CAAC,CAAC,CAAC,CAAC,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,UAAU,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC;IAClF,CAAC;IAED,MAAM,QAAQ,GAAG,IAAA,yBAAgB,EAAC,UAAU,EAAE,gBAAgB,EAAE,IAAI,CAAC,CAAC;IACtE,QAAQ,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IAE/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAChC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACxB,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YACzC,OAAO,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;YAC7B,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,EAAE,CAAC,EAAE,EAAE,CAAC;gBACpC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YAC/B,CAAC;YACD,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACvC,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACrC,CAAC,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;YACtC,CAAC,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAED,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAC5C,CAAC;IAED,OAAO,EAAE,oBAAoB,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;AACpD,CAAC,CAAC;AAvCW,QAAA,aAAa,iBAuCxB"}

package/dist/utils/private/key-wrap/gcm-key-wrap.d.ts

@@ -0,0 +1,4 @@
+import { KeyUnwrapOptions, KeyUnwrapResult, KeyWrapOptions, KeyWrapResult } from "../../../types/private";
+export declare const _gcmKeyWrap: ({ contentEncryptionKey, keyEncryptionKey, kryptos, }: KeyWrapOptions) => KeyWrapResult;
+export declare const _gcmKeyUnwrap: ({ keyEncryptionKey, kryptos, publicEncryptionIv, publicEncryptionKey, publicEncryptionTag, }: KeyUnwrapOptions) => KeyUnwrapResult;
+//# sourceMappingURL=gcm-key-wrap.d.ts.map

package/dist/utils/private/key-wrap/gcm-key-wrap.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"gcm-key-wrap.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/key-wrap/gcm-key-wrap.ts"],"names":[],"mappings":"AAQA,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,aAAa,EACd,MAAM,wBAAwB,CAAC;AAGhC,eAAO,MAAM,WAAW,yDAIrB,cAAc,KAAG,aAkBnB,CAAC;AAEF,eAAO,MAAM,aAAa,iGAMvB,gBAAgB,KAAG,eAwBrB,CAAC"}

package/dist/utils/private/key-wrap/gcm-key-wrap.js

@@ -0,0 +1,36 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._gcmKeyUnwrap = exports._gcmKeyWrap = void 0;
+const crypto_1 = require("crypto");
+const errors_1 = require("../../../errors");
+const calculate_key_wrap_encryption_1 = require("../calculate/calculate-key-wrap-encryption");
+const _gcmKeyWrap = ({ contentEncryptionKey, keyEncryptionKey, kryptos, }) => {
+    const algorithm = (0, calculate_key_wrap_encryption_1._calculateKeyWrapEncryption)(kryptos);
+    const publicEncryptionIv = (0, crypto_1.randomBytes)(12);
+    const cipher = (0, crypto_1.createCipheriv)(algorithm, keyEncryptionKey, publicEncryptionIv);
+    const publicEncryptionKey = Buffer.concat([
+        cipher.update(contentEncryptionKey),
+        cipher.final(),
+    ]);
+    const publicEncryptionTag = cipher.getAuthTag();
+    return { publicEncryptionKey, publicEncryptionIv, publicEncryptionTag };
+};
+exports._gcmKeyWrap = _gcmKeyWrap;
+const _gcmKeyUnwrap = ({ keyEncryptionKey, kryptos, publicEncryptionIv, publicEncryptionKey, publicEncryptionTag, }) => {
+    if (!publicEncryptionIv) {
+        throw new errors_1.AesError("Invalid public encryption iv");
+    }
+    if (!publicEncryptionTag) {
+        throw new errors_1.AesError("Invalid public encryption tag");
+    }
+    const algorithm = (0, calculate_key_wrap_encryption_1._calculateKeyWrapEncryption)(kryptos);
+    const decipher = (0, crypto_1.createDecipheriv)(algorithm, keyEncryptionKey, publicEncryptionIv);
+    decipher.setAuthTag(publicEncryptionTag);
+    const contentEncryptionKey = Buffer.concat([
+        decipher.update(publicEncryptionKey),
+        decipher.final(),
+    ]);
+    return { contentEncryptionKey };
+};
+exports._gcmKeyUnwrap = _gcmKeyUnwrap;
+//# sourceMappingURL=gcm-key-wrap.js.map

package/dist/utils/private/key-wrap/gcm-key-wrap.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gcm-key-wrap.js","sourceRoot":"","sources":["../../../../src/utils/private/key-wrap/gcm-key-wrap.ts"],"names":[],"mappings":";;;AAAA,mCAMgB;AAChB,4CAA2C;AAO3C,8FAAyF;AAElF,MAAM,WAAW,GAAG,CAAC,EAC1B,oBAAoB,EACpB,gBAAgB,EAChB,OAAO,GACQ,EAAiB,EAAE;IAClC,MAAM,SAAS,GAAG,IAAA,2DAA2B,EAAC,OAAO,CAAC,CAAC;IAEvD,MAAM,kBAAkB,GAAG,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,IAAA,uBAAc,EAC3B,SAAS,EACT,gBAAgB,EAChB,kBAAkB,CACN,CAAC;IAEf,MAAM,mBAAmB,GAAG,MAAM,CAAC,MAAM,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC;QACnC,MAAM,CAAC,KAAK,EAAE;KACf,CAAC,CAAC;IAEH,MAAM,mBAAmB,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAEhD,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,CAAC;AAC1E,CAAC,CAAC;AAtBW,QAAA,WAAW,eAsBtB;AAEK,MAAM,aAAa,GAAG,CAAC,EAC5B,gBAAgB,EAChB,OAAO,EACP,kBAAkB,EAClB,mBAAmB,EACnB,mBAAmB,GACF,EAAmB,EAAE;IACtC,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,IAAI,iBAAQ,CAAC,8BAA8B,CAAC,CAAC;IACrD,CAAC;IACD,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,MAAM,IAAI,iBAAQ,CAAC,+BAA+B,CAAC,CAAC;IACtD,CAAC;IAED,MAAM,SAAS,GAAG,IAAA,2DAA2B,EAAC,OAAO,CAAC,CAAC;IAEvD,MAAM,QAAQ,GAAG,IAAA,yBAAgB,EAC/B,SAAS,EACT,gBAAgB,EAChB,kBAAkB,CACJ,CAAC;IAEjB,QAAQ,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC;IAEzC,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,CAAC;QACzC,QAAQ,CAAC,MAAM,CAAC,mBAAmB,CAAC;QACpC,QAAQ,CAAC,KAAK,EAAE;KACjB,CAAC,CAAC;IAEH,OAAO,EAAE,oBAAoB,EAAE,CAAC;AAClC,CAAC,CAAC;AA9BW,QAAA,aAAa,iBA8BxB"}

package/dist/utils/private/key-wrap/key-wrap.d.ts

@@ -0,0 +1,4 @@
+import { KeyUnwrapOptions, KeyUnwrapResult, KeyWrapOptions, KeyWrapResult } from "../../../types/private";
+export declare const _keyWrap: (options: KeyWrapOptions) => KeyWrapResult;
+export declare const _keyUnwrap: (options: KeyUnwrapOptions) => KeyUnwrapResult;
+//# sourceMappingURL=key-wrap.d.ts.map

package/dist/utils/private/key-wrap/key-wrap.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-wrap.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/key-wrap/key-wrap.ts"],"names":[],"mappings":"AACA,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,aAAa,EACd,MAAM,wBAAwB,CAAC;AAIhC,eAAO,MAAM,QAAQ,YAAa,cAAc,KAAG,aAqBlD,CAAC;AAEF,eAAO,MAAM,UAAU,YAAa,gBAAgB,KAAG,eAqBtD,CAAC"}

package/dist/utils/private/key-wrap/key-wrap.js

@@ -0,0 +1,49 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._keyUnwrap = exports._keyWrap = void 0;
+const errors_1 = require("../../../errors");
+const ecb_key_wrap_1 = require("./ecb-key-wrap");
+const gcm_key_wrap_1 = require("./gcm-key-wrap");
+const _keyWrap = (options) => {
+    switch (options.kryptos.algorithm) {
+        case "A128KW":
+        case "A192KW":
+        case "A256KW":
+        case "ECDH-ES+A128KW":
+        case "ECDH-ES+A192KW":
+        case "ECDH-ES+A256KW":
+            return (0, ecb_key_wrap_1._ecbKeyWrap)(options);
+        case "A128GCMKW":
+        case "A192GCMKW":
+        case "A256GCMKW":
+        case "ECDH-ES+A128GCMKW":
+        case "ECDH-ES+A192GCMKW":
+        case "ECDH-ES+A256GCMKW":
+            return (0, gcm_key_wrap_1._gcmKeyWrap)(options);
+        default:
+            throw new errors_1.AesError("Unsupported key wrap algorithm");
+    }
+};
+exports._keyWrap = _keyWrap;
+const _keyUnwrap = (options) => {
+    switch (options.kryptos.algorithm) {
+        case "A128KW":
+        case "A192KW":
+        case "A256KW":
+        case "ECDH-ES+A128KW":
+        case "ECDH-ES+A192KW":
+        case "ECDH-ES+A256KW":
+            return (0, ecb_key_wrap_1._ecbKeyUnwrap)(options);
+        case "A128GCMKW":
+        case "A192GCMKW":
+        case "A256GCMKW":
+        case "ECDH-ES+A128GCMKW":
+        case "ECDH-ES+A192GCMKW":
+        case "ECDH-ES+A256GCMKW":
+            return (0, gcm_key_wrap_1._gcmKeyUnwrap)(options);
+        default:
+            throw new errors_1.AesError("Unsupported key wrap algorithm");
+    }
+};
+exports._keyUnwrap = _keyUnwrap;
+//# sourceMappingURL=key-wrap.js.map

package/dist/utils/private/key-wrap/key-wrap.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-wrap.js","sourceRoot":"","sources":["../../../../src/utils/private/key-wrap/key-wrap.ts"],"names":[],"mappings":";;;AAAA,4CAA2C;AAO3C,iDAA4D;AAC5D,iDAA4D;AAErD,MAAM,QAAQ,GAAG,CAAC,OAAuB,EAAiB,EAAE;IACjE,QAAQ,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;QAClC,KAAK,QAAQ,CAAC;QACd,KAAK,QAAQ,CAAC;QACd,KAAK,QAAQ,CAAC;QACd,KAAK,gBAAgB,CAAC;QACtB,KAAK,gBAAgB,CAAC;QACtB,KAAK,gBAAgB;YACnB,OAAO,IAAA,0BAAW,EAAC,OAAO,CAAC,CAAC;QAE9B,KAAK,WAAW,CAAC;QACjB,KAAK,WAAW,CAAC;QACjB,KAAK,WAAW,CAAC;QACjB,KAAK,mBAAmB,CAAC;QACzB,KAAK,mBAAmB,CAAC;QACzB,KAAK,mBAAmB;YACtB,OAAO,IAAA,0BAAW,EAAC,OAAO,CAAC,CAAC;QAE9B;YACE,MAAM,IAAI,iBAAQ,CAAC,gCAAgC,CAAC,CAAC;IACzD,CAAC;AACH,CAAC,CAAC;AArBW,QAAA,QAAQ,YAqBnB;AAEK,MAAM,UAAU,GAAG,CAAC,OAAyB,EAAmB,EAAE;IACvE,QAAQ,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;QAClC,KAAK,QAAQ,CAAC;QACd,KAAK,QAAQ,CAAC;QACd,KAAK,QAAQ,CAAC;QACd,KAAK,gBAAgB,CAAC;QACtB,KAAK,gBAAgB,CAAC;QACtB,KAAK,gBAAgB;YACnB,OAAO,IAAA,4BAAa,EAAC,OAAO,CAAC,CAAC;QAEhC,KAAK,WAAW,CAAC;QACjB,KAAK,WAAW,CAAC;QACjB,KAAK,WAAW,CAAC;QACjB,KAAK,mBAAmB,CAAC;QACzB,KAAK,mBAAmB,CAAC;QACzB,KAAK,mBAAmB;YACtB,OAAO,IAAA,4BAAa,EAAC,OAAO,CAAC,CAAC;QAEhC;YACE,MAAM,IAAI,iBAAQ,CAAC,gCAAgC,CAAC,CAAC;IACzD,CAAC;AACH,CAAC,CAAC;AArBW,QAAA,UAAU,cAqBrB"}

package/dist/utils/private/oct/get-oct-dir-keys.d.ts

@@ -0,0 +1,4 @@
+import { CreateCekOptions, CreateCekResult, DecryptCekOptions, DecryptCekResult } from "../../../types/private";
+export declare const _getOctDirEncryptionKey: ({ encryption, kryptos, }: CreateCekOptions) => CreateCekResult;
+export declare const _getOctDirDecryptionKey: ({ encryption, kryptos, }: DecryptCekOptions) => DecryptCekResult;
+//# sourceMappingURL=get-oct-dir-keys.d.ts.map

package/dist/utils/private/oct/get-oct-dir-keys.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-oct-dir-keys.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/oct/get-oct-dir-keys.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,wBAAwB,CAAC;AAGhC,eAAO,MAAM,uBAAuB,6BAGjC,gBAAgB,KAAG,eAerB,CAAC;AAEF,eAAO,MAAM,uBAAuB,6BAGjC,iBAAiB,KAAG,gBAetB,CAAC"}

package/dist/utils/private/oct/get-oct-dir-keys.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._getOctDirDecryptionKey = exports._getOctDirEncryptionKey = void 0;
+const kryptos_1 = require("@lindorm/kryptos");
+const errors_1 = require("../../../errors");
+const calculate_content_encryption_key_size_1 = require("../calculate/calculate-content-encryption-key-size");
+const _getOctDirEncryptionKey = ({ encryption, kryptos, }) => {
+    if (!kryptos_1.Kryptos.isOct(kryptos)) {
+        throw new errors_1.AesError("Invalid Kryptos", { debug: { kryptos: kryptos.toJSON() } });
+    }
+    const der = kryptos.export("der");
+    const keyLength = (0, calculate_content_encryption_key_size_1._calculateContentEncryptionKeySize)(encryption);
+    if (der.privateKey.length !== keyLength) {
+        throw new errors_1.AesError("Invalid key length", {
+            debug: { keyLength, privateKeyLength: der.privateKey.length },
+        });
+    }
+    return { contentEncryptionKey: der.privateKey };
+};
+exports._getOctDirEncryptionKey = _getOctDirEncryptionKey;
+const _getOctDirDecryptionKey = ({ encryption, kryptos, }) => {
+    if (!kryptos_1.Kryptos.isOct(kryptos)) {
+        throw new errors_1.AesError("Invalid Kryptos", { debug: { kryptos: kryptos.toJSON() } });
+    }
+    const der = kryptos.export("der");
+    const keyLength = (0, calculate_content_encryption_key_size_1._calculateContentEncryptionKeySize)(encryption);
+    if (der.privateKey.length !== keyLength) {
+        throw new errors_1.AesError("Invalid key length", {
+            debug: { keyLength, privateKeyLength: der.privateKey.length },
+        });
+    }
+    return { contentEncryptionKey: der.privateKey };
+};
+exports._getOctDirDecryptionKey = _getOctDirDecryptionKey;
+//# sourceMappingURL=get-oct-dir-keys.js.map

package/dist/utils/private/oct/get-oct-dir-keys.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-oct-dir-keys.js","sourceRoot":"","sources":["../../../../src/utils/private/oct/get-oct-dir-keys.ts"],"names":[],"mappings":";;;AAAA,8CAA2C;AAC3C,4CAA2C;AAO3C,8GAAwG;AAEjG,MAAM,uBAAuB,GAAG,CAAC,EACtC,UAAU,EACV,OAAO,GACU,EAAmB,EAAE;IACtC,IAAI,CAAC,iBAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,iBAAQ,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAClC,MAAM,SAAS,GAAG,IAAA,0EAAkC,EAAC,UAAU,CAAC,CAAC;IAEjE,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,EAAE;YACvC,KAAK,EAAE,EAAE,SAAS,EAAE,gBAAgB,EAAE,GAAG,CAAC,UAAU,CAAC,MAAM,EAAE;SAC9D,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,oBAAoB,EAAE,GAAG,CAAC,UAAU,EAAE,CAAC;AAClD,CAAC,CAAC;AAlBW,QAAA,uBAAuB,2BAkBlC;AAEK,MAAM,uBAAuB,GAAG,CAAC,EACtC,UAAU,EACV,OAAO,GACW,EAAoB,EAAE;IACxC,IAAI,CAAC,iBAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,iBAAQ,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAClC,MAAM,SAAS,GAAG,IAAA,0EAAkC,EAAC,UAAU,CAAC,CAAC;IAEjE,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,EAAE;YACvC,KAAK,EAAE,EAAE,SAAS,EAAE,gBAAgB,EAAE,GAAG,CAAC,UAAU,CAAC,MAAM,EAAE;SAC9D,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,oBAAoB,EAAE,GAAG,CAAC,UAAU,EAAE,CAAC;AAClD,CAAC,CAAC;AAlBW,QAAA,uBAAuB,2BAkBlC"}

package/dist/utils/private/oct/get-oct-key-key-wrap.d.ts

@@ -0,0 +1,4 @@
+import { CreateCekOptions, CreateCekResult, DecryptCekOptions, DecryptCekResult } from "../../../types/private";
+export declare const _getOctKeyWrapEncryptionKey: ({ encryption, kryptos, }: CreateCekOptions) => CreateCekResult;
+export declare const _getOctKeyWrapDecryptionKey: ({ hkdfSalt, kryptos, publicEncryptionIv, publicEncryptionKey, publicEncryptionTag, }: DecryptCekOptions) => DecryptCekResult;
+//# sourceMappingURL=get-oct-key-key-wrap.d.ts.map

package/dist/utils/private/oct/get-oct-key-key-wrap.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-oct-key-key-wrap.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/oct/get-oct-key-key-wrap.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,wBAAwB,CAAC;AAMhC,eAAO,MAAM,2BAA2B,6BAGrC,gBAAgB,KAAG,eA4BrB,CAAC;AAEF,eAAO,MAAM,2BAA2B,yFAMrC,iBAAiB,KAAG,gBAuBtB,CAAC"}

package/dist/utils/private/oct/get-oct-key-key-wrap.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._getOctKeyWrapDecryptionKey = exports._getOctKeyWrapEncryptionKey = void 0;
+const kryptos_1 = require("@lindorm/kryptos");
+const crypto_1 = require("crypto");
+const errors_1 = require("../../../errors");
+const calculate_content_encryption_key_size_1 = require("../calculate/calculate-content-encryption-key-size");
+const calculate_key_wrap_size_1 = require("../calculate/calculate-key-wrap-size");
+const hkdf_1 = require("../key-derivation/hkdf");
+const key_wrap_1 = require("../key-wrap/key-wrap");
+const _getOctKeyWrapEncryptionKey = ({ encryption, kryptos, }) => {
+    if (!kryptos_1.Kryptos.isOct(kryptos)) {
+        throw new errors_1.AesError("Invalid Kryptos", { debug: { kryptos: kryptos.toJSON() } });
+    }
+    const der = kryptos.export("der");
+    const cekSize = (0, calculate_content_encryption_key_size_1._calculateContentEncryptionKeySize)(encryption);
+    const contentEncryptionKey = (0, crypto_1.randomBytes)(cekSize);
+    const { derivedKey, hkdfSalt } = (0, hkdf_1._hkdf)({
+        derivationKey: der.privateKey,
+        keyLength: (0, calculate_key_wrap_size_1._calculateKeyWrapSize)(kryptos.algorithm),
+    });
+    const { publicEncryptionKey, publicEncryptionIv, publicEncryptionTag } = (0, key_wrap_1._keyWrap)({
+        contentEncryptionKey,
+        kryptos,
+        keyEncryptionKey: derivedKey,
+    });
+    return {
+        contentEncryptionKey,
+        hkdfSalt,
+        publicEncryptionKey,
+        publicEncryptionIv,
+        publicEncryptionTag,
+    };
+};
+exports._getOctKeyWrapEncryptionKey = _getOctKeyWrapEncryptionKey;
+const _getOctKeyWrapDecryptionKey = ({ hkdfSalt, kryptos, publicEncryptionIv, publicEncryptionKey, publicEncryptionTag, }) => {
+    if (!kryptos_1.Kryptos.isOct(kryptos)) {
+        throw new errors_1.AesError("Invalid Kryptos", { debug: { kryptos: kryptos.toJSON() } });
+    }
+    if (!publicEncryptionKey) {
+        throw new errors_1.AesError("Missing publicEncryptionKey");
+    }
+    const der = kryptos.export("der");
+    const { derivedKey } = (0, hkdf_1._hkdf)({
+        derivationKey: der.privateKey,
+        hkdfSalt,
+        keyLength: (0, calculate_key_wrap_size_1._calculateKeyWrapSize)(kryptos.algorithm),
+    });
+    return (0, key_wrap_1._keyUnwrap)({
+        keyEncryptionKey: derivedKey,
+        kryptos,
+        publicEncryptionIv,
+        publicEncryptionKey,
+        publicEncryptionTag,
+    });
+};
+exports._getOctKeyWrapDecryptionKey = _getOctKeyWrapDecryptionKey;
+//# sourceMappingURL=get-oct-key-key-wrap.js.map

package/dist/utils/private/oct/get-oct-key-key-wrap.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-oct-key-key-wrap.js","sourceRoot":"","sources":["../../../../src/utils/private/oct/get-oct-key-key-wrap.ts"],"names":[],"mappings":";;;AAAA,8CAA2C;AAC3C,mCAAqC;AACrC,4CAA2C;AAO3C,8GAAwG;AACxG,kFAA6E;AAC7E,iDAA+C;AAC/C,mDAA4D;AAErD,MAAM,2BAA2B,GAAG,CAAC,EAC1C,UAAU,EACV,OAAO,GACU,EAAmB,EAAE;IACtC,IAAI,CAAC,iBAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,iBAAQ,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAElC,MAAM,OAAO,GAAG,IAAA,0EAAkC,EAAC,UAAU,CAAC,CAAC;IAC/D,MAAM,oBAAoB,GAAG,IAAA,oBAAW,EAAC,OAAO,CAAC,CAAC;IAElD,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,IAAA,YAAK,EAAC;QACrC,aAAa,EAAE,GAAG,CAAC,UAAU;QAC7B,SAAS,EAAE,IAAA,+CAAqB,EAAC,OAAO,CAAC,SAAS,CAAC;KACpD,CAAC,CAAC;IAEH,MAAM,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,GAAG,IAAA,mBAAQ,EAAC;QAChF,oBAAoB;QACpB,OAAO;QACP,gBAAgB,EAAE,UAAU;KAC7B,CAAC,CAAC;IAEH,OAAO;QACL,oBAAoB;QACpB,QAAQ;QACR,mBAAmB;QACnB,kBAAkB;QAClB,mBAAmB;KACpB,CAAC;AACJ,CAAC,CAAC;AA/BW,QAAA,2BAA2B,+BA+BtC;AAEK,MAAM,2BAA2B,GAAG,CAAC,EAC1C,QAAQ,EACR,OAAO,EACP,kBAAkB,EAClB,mBAAmB,EACnB,mBAAmB,GACD,EAAoB,EAAE;IACxC,IAAI,CAAC,iBAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,iBAAQ,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;IAClF,CAAC;IACD,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,MAAM,IAAI,iBAAQ,CAAC,6BAA6B,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAElC,MAAM,EAAE,UAAU,EAAE,GAAG,IAAA,YAAK,EAAC;QAC3B,aAAa,EAAE,GAAG,CAAC,UAAU;QAC7B,QAAQ;QACR,SAAS,EAAE,IAAA,+CAAqB,EAAC,OAAO,CAAC,SAAS,CAAC;KACpD,CAAC,CAAC;IAEH,OAAO,IAAA,qBAAU,EAAC;QAChB,gBAAgB,EAAE,UAAU;QAC5B,OAAO;QACP,kBAAkB;QAClB,mBAAmB;QACnB,mBAAmB;KACpB,CAAC,CAAC;AACL,CAAC,CAAC;AA7BW,QAAA,2BAA2B,+BA6BtC"}

package/dist/utils/private/oct/get-oct-pbkdf-key-wrap-keys.d.ts

@@ -0,0 +1,4 @@
+import { CreateCekOptions, CreateCekResult, DecryptCekOptions, DecryptCekResult } from "../../../types/private";
+export declare const _getOctPbkdfKeyWrapEncryptionKey: ({ encryption, kryptos, }: CreateCekOptions) => CreateCekResult;
+export declare const _getOctPbkdfKeyWrapDecryptionKey: ({ kryptos, pbkdfIterations, pbkdfSalt, publicEncryptionKey, }: DecryptCekOptions) => DecryptCekResult;
+//# sourceMappingURL=get-oct-pbkdf-key-wrap-keys.d.ts.map

package/dist/utils/private/oct/get-oct-pbkdf-key-wrap-keys.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-oct-pbkdf-key-wrap-keys.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/oct/get-oct-pbkdf-key-wrap-keys.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,wBAAwB,CAAC;AAOhC,eAAO,MAAM,gCAAgC,6BAG1C,gBAAgB,KAAG,eA4BrB,CAAC;AAEF,eAAO,MAAM,gCAAgC,kEAK1C,iBAAiB,KAAG,gBAuBtB,CAAC"}

package/dist/utils/private/oct/get-oct-pbkdf-key-wrap-keys.js

@@ -0,0 +1,59 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports._getOctPbkdfKeyWrapDecryptionKey = exports._getOctPbkdfKeyWrapEncryptionKey = void 0;
+const kryptos_1 = require("@lindorm/kryptos");
+const crypto_1 = require("crypto");
+const errors_1 = require("../../../errors");
+const calculate_content_encryption_key_size_1 = require("../calculate/calculate-content-encryption-key-size");
+const calculate_key_wrap_size_1 = require("../calculate/calculate-key-wrap-size");
+const calculate_pbkdf_hash_1 = require("../calculate/calculate-pbkdf-hash");
+const pbkdf_1 = require("../key-derivation/pbkdf");
+const ecb_key_wrap_1 = require("../key-wrap/ecb-key-wrap");
+const _getOctPbkdfKeyWrapEncryptionKey = ({ encryption, kryptos, }) => {
+    if (!kryptos_1.Kryptos.isOct(kryptos)) {
+        throw new errors_1.AesError("Invalid Kryptos", { debug: { kryptos: kryptos.toJSON() } });
+    }
+    const der = kryptos.export("der");
+    const cekSize = (0, calculate_content_encryption_key_size_1._calculateContentEncryptionKeySize)(encryption);
+    const contentEncryptionKey = (0, crypto_1.randomBytes)(cekSize);
+    const { derivedKey, pbkdfIterations, pbkdfSalt } = (0, pbkdf_1._pbkdf)({
+        derivationKey: der.privateKey,
+        keyLength: (0, calculate_key_wrap_size_1._calculateKeyWrapSize)(kryptos.algorithm),
+        algorithm: (0, calculate_pbkdf_hash_1._calculatePbkdfAlgorithm)(kryptos),
+    });
+    const { publicEncryptionKey } = (0, ecb_key_wrap_1._ecbKeyWrap)({
+        contentEncryptionKey,
+        kryptos,
+        keyEncryptionKey: derivedKey,
+    });
+    return {
+        contentEncryptionKey,
+        pbkdfIterations,
+        pbkdfSalt,
+        publicEncryptionKey,
+    };
+};
+exports._getOctPbkdfKeyWrapEncryptionKey = _getOctPbkdfKeyWrapEncryptionKey;
+const _getOctPbkdfKeyWrapDecryptionKey = ({ kryptos, pbkdfIterations, pbkdfSalt, publicEncryptionKey, }) => {
+    if (!kryptos_1.Kryptos.isOct(kryptos)) {
+        throw new errors_1.AesError("Invalid Kryptos", { debug: { kryptos: kryptos.toJSON() } });
+    }
+    if (!publicEncryptionKey) {
+        throw new errors_1.AesError("Missing publicEncryptionKey");
+    }
+    const der = kryptos.export("der");
+    const { derivedKey } = (0, pbkdf_1._pbkdf)({
+        derivationKey: der.privateKey,
+        keyLength: (0, calculate_key_wrap_size_1._calculateKeyWrapSize)(kryptos.algorithm),
+        algorithm: (0, calculate_pbkdf_hash_1._calculatePbkdfAlgorithm)(kryptos),
+        pbkdfIterations,
+        pbkdfSalt,
+    });
+    return (0, ecb_key_wrap_1._ecbKeyUnwrap)({
+        keyEncryptionKey: derivedKey,
+        kryptos,
+        publicEncryptionKey,
+    });
+};
+exports._getOctPbkdfKeyWrapDecryptionKey = _getOctPbkdfKeyWrapDecryptionKey;
+//# sourceMappingURL=get-oct-pbkdf-key-wrap-keys.js.map

package/dist/utils/private/oct/get-oct-pbkdf-key-wrap-keys.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-oct-pbkdf-key-wrap-keys.js","sourceRoot":"","sources":["../../../../src/utils/private/oct/get-oct-pbkdf-key-wrap-keys.ts"],"names":[],"mappings":";;;AAAA,8CAA2C;AAC3C,mCAAqC;AACrC,4CAA2C;AAO3C,8GAAwG;AACxG,kFAA6E;AAC7E,4EAA6E;AAC7E,mDAAiD;AACjD,2DAAsE;AAE/D,MAAM,gCAAgC,GAAG,CAAC,EAC/C,UAAU,EACV,OAAO,GACU,EAAmB,EAAE;IACtC,IAAI,CAAC,iBAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,iBAAQ,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAElC,MAAM,OAAO,GAAG,IAAA,0EAAkC,EAAC,UAAU,CAAC,CAAC;IAC/D,MAAM,oBAAoB,GAAG,IAAA,oBAAW,EAAC,OAAO,CAAC,CAAC;IAElD,MAAM,EAAE,UAAU,EAAE,eAAe,EAAE,SAAS,EAAE,GAAG,IAAA,cAAM,EAAC;QACxD,aAAa,EAAE,GAAG,CAAC,UAAU;QAC7B,SAAS,EAAE,IAAA,+CAAqB,EAAC,OAAO,CAAC,SAAS,CAAC;QACnD,SAAS,EAAE,IAAA,+CAAwB,EAAC,OAAO,CAAC;KAC7C,CAAC,CAAC;IAEH,MAAM,EAAE,mBAAmB,EAAE,GAAG,IAAA,0BAAW,EAAC;QAC1C,oBAAoB;QACpB,OAAO;QACP,gBAAgB,EAAE,UAAU;KAC7B,CAAC,CAAC;IAEH,OAAO;QACL,oBAAoB;QACpB,eAAe;QACf,SAAS;QACT,mBAAmB;KACpB,CAAC;AACJ,CAAC,CAAC;AA/BW,QAAA,gCAAgC,oCA+B3C;AAEK,MAAM,gCAAgC,GAAG,CAAC,EAC/C,OAAO,EACP,eAAe,EACf,SAAS,EACT,mBAAmB,GACD,EAAoB,EAAE;IACxC,IAAI,CAAC,iBAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,iBAAQ,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;IAClF,CAAC;IACD,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,MAAM,IAAI,iBAAQ,CAAC,6BAA6B,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAElC,MAAM,EAAE,UAAU,EAAE,GAAG,IAAA,cAAM,EAAC;QAC5B,aAAa,EAAE,GAAG,CAAC,UAAU;QAC7B,SAAS,EAAE,IAAA,+CAAqB,EAAC,OAAO,CAAC,SAAS,CAAC;QACnD,SAAS,EAAE,IAAA,+CAAwB,EAAC,OAAO,CAAC;QAC5C,eAAe;QACf,SAAS;KACV,CAAC,CAAC;IAEH,OAAO,IAAA,4BAAa,EAAC;QACnB,gBAAgB,EAAE,UAAU;QAC5B,OAAO;QACP,mBAAmB;KACpB,CAAC,CAAC;AACL,CAAC,CAAC;AA5BW,QAAA,gCAAgC,oCA4B3C"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lindorm/aes",
-  "version": "0.1.3",
+  "version": "0.3.0",
   "license": "AGPL-3.0-or-later",
   "author": "Jonn Nilsson",
   "repository": {
@@ -26,9 +26,12 @@
     "update": "ncu -u"
   },
   "dependencies": {
-    "@lindorm/errors": "^0.1.4",
-    "@lindorm/is": "^0.1.4",
-    "@lindorm/kryptos": "^0.2.1"
+    "@lindorm/errors": "^0.1.5",
+    "@lindorm/is": "^0.1.5",
+    "@lindorm/kryptos": "^0.3.1"
   },
-  "gitHead": "cb57e5e2cc3e7ee6a1db97875e05bebb910a1efe"
+  "devDependencies": {
+    "@lindorm/types": "^0.1.4"
+  },
+  "gitHead": "b2bcea52f09a87f312028c18b12dcb5632ffaf35"
 }