@lindorm/aes 0.5.4 → 0.6.0

package/dist/utils/private/encoded-aes.js

@@ -1,173 +1,110 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.parseEncodedAesString = exports.createEncodedAesString = void 0;
+const b64_1 = require("@lindorm/b64");
+const errors_1 = require("../../errors");
+const aes_header_1 = require("./aes-header");
+const getIvSize = (enc) => (enc.includes("GCM") ? 12 : 16);
+const getTagSize = (enc) => {
+    if (enc.includes("GCM"))
+        return 16;
+    if (enc === "A128CBC-HS256")
+        return 16;
+    if (enc === "A192CBC-HS384")
+        return 24;
+    if (enc === "A256CBC-HS512")
+        return 32;
+    return 16;
+};
 const createEncodedAesString = (data) => {
+    const header = (0, aes_header_1.buildAesHeader)({
+        algorithm: data.algorithm,
+        contentType: data.contentType,
+        encryption: data.encryption,
+        keyId: data.keyId,
+        pbkdfIterations: data.pbkdfIterations,
+        pbkdfSalt: data.pbkdfSalt,
+        publicEncryptionIv: data.publicEncryptionIv,
+        publicEncryptionJwk: data.publicEncryptionJwk,
+        publicEncryptionTag: data.publicEncryptionTag,
+    });
+    const headerJson = Buffer.from(JSON.stringify(header), "utf8");
     const buffers = [];
-    const version = Buffer.from(data.version.toString());
-    buffers.push(Buffer.from([version.length]), version);
-    const keyId = Buffer.from(data.keyId);
-    buffers.push(Buffer.from([keyId.length]), keyId);
-    const algorithm = Buffer.from(data.algorithm);
-    buffers.push(Buffer.from([algorithm.length]), algorithm);
-    const encryption = Buffer.from(data.encryption);
-    buffers.push(Buffer.from([encryption.length]), encryption);
-    const contentType = Buffer.from(data.contentType);
-    buffers.push(Buffer.from([contentType.length]), contentType);
-    buffers.push(Buffer.from([data.authTag.length]), data.authTag);
-    buffers.push(Buffer.from([data.initialisationVector.length]), data.initialisationVector);
-    const optionalFields = [];
-    if (data.hkdfSalt) {
-        optionalFields.push(Buffer.from([1]));
-        optionalFields.push(Buffer.from([data.hkdfSalt.length]), data.hkdfSalt);
-    }
-    else {
-        optionalFields.push(Buffer.from([0]));
-    }
-    if (data.pbkdfSalt) {
-        const pbkdfIterations = Buffer.alloc(4);
-        pbkdfIterations.writeUInt32BE(data.pbkdfIterations || 0);
-        optionalFields.push(Buffer.from([1]));
-        optionalFields.push(pbkdfIterations);
-    }
-    else {
-        optionalFields.push(Buffer.from([0]));
-    }
-    if (data.pbkdfSalt) {
-        optionalFields.push(Buffer.from([1]));
-        optionalFields.push(Buffer.from([data.pbkdfSalt.length]), data.pbkdfSalt);
-    }
-    else {
-        optionalFields.push(Buffer.from([0]));
-    }
-    if (data.publicEncryptionIv) {
-        optionalFields.push(Buffer.from([1]));
-        optionalFields.push(Buffer.from([data.publicEncryptionIv.length]), data.publicEncryptionIv);
-    }
-    else {
-        optionalFields.push(Buffer.from([0]));
-    }
-    const publicEncryptionJwkStr = data.publicEncryptionJwk
-        ? JSON.stringify(data.publicEncryptionJwk)
-        : "";
-    if (publicEncryptionJwkStr.length > 0) {
-        optionalFields.push(Buffer.from([1]));
-        optionalFields.push(Buffer.from([publicEncryptionJwkStr.length]), Buffer.from(publicEncryptionJwkStr));
-    }
-    else {
-        optionalFields.push(Buffer.from([0]));
-    }
+    const headerLength = Buffer.alloc(2);
+    headerLength.writeUInt16BE(headerJson.length);
+    buffers.push(headerLength, headerJson);
+    const cekLength = data.publicEncryptionKey?.length ?? 0;
+    const cekLengthBuf = Buffer.alloc(2);
+    cekLengthBuf.writeUInt16BE(cekLength);
+    buffers.push(cekLengthBuf);
     if (data.publicEncryptionKey) {
-        optionalFields.push(Buffer.from([1]));
-        const keyLength = Buffer.alloc(4);
-        keyLength.writeUInt32BE(data.publicEncryptionKey.length);
-        optionalFields.push(keyLength, data.publicEncryptionKey);
-    }
-    else {
-        optionalFields.push(Buffer.from([0]));
-    }
-    if (data.publicEncryptionTag) {
-        optionalFields.push(Buffer.from([1]));
-        optionalFields.push(Buffer.from([data.publicEncryptionTag.length]), data.publicEncryptionTag);
+        buffers.push(data.publicEncryptionKey);
     }
-    else {
-        optionalFields.push(Buffer.from([0]));
-    }
-    const optionalFieldsLength = Buffer.alloc(4);
-    optionalFieldsLength.writeUInt32BE(Buffer.concat(optionalFields).length);
-    buffers.push(optionalFieldsLength, ...optionalFields);
+    buffers.push(data.initialisationVector);
+    buffers.push(data.authTag);
     buffers.push(data.content);
-    return Buffer.concat(buffers).toString("base64url");
+    return b64_1.B64.encode(Buffer.concat(buffers), "b64u");
 };
 exports.createEncodedAesString = createEncodedAesString;
 const parseEncodedAesString = (encoded) => {
-    const buffer = Buffer.from(encoded, "base64url");
+    const buffer = b64_1.B64.toBuffer(encoded, "b64u");
     let offset = 0;
-    const readFieldWithLength = () => {
-        const length = buffer.readUInt8(offset);
-        offset += 1;
-        const field = buffer.subarray(offset, offset + length);
-        offset += length;
-        return field;
-    };
-    const readOptionalFieldWithLength = () => {
-        const exists = buffer.readUInt8(offset);
-        offset += 1;
-        if (exists === 0)
-            return undefined;
-        const length = buffer.readUInt8(offset);
-        offset += 1;
-        const field = buffer.subarray(offset, offset + length);
-        offset += length;
-        return field;
-    };
-    const readOptionalFieldWithLargeLength = () => {
-        const exists = buffer.readUInt8(offset);
-        offset += 1;
-        if (exists === 0)
-            return undefined;
-        const length = buffer.readUInt32BE(offset);
-        offset += 4;
-        const field = buffer.subarray(offset, offset + length);
-        offset += length;
-        return field;
-    };
-    const versionLength = buffer.readUInt8(offset);
-    offset += 1;
-    const version = parseInt(buffer.subarray(offset, offset + versionLength).toString(), 10);
-    offset += versionLength;
-    const keyId = readFieldWithLength().toString();
-    const algorithm = readFieldWithLength().toString();
-    const encryption = readFieldWithLength().toString();
-    const contentType = readFieldWithLength().toString();
-    const authTag = readFieldWithLength();
-    const initialisationVector = readFieldWithLength();
-    const optionalFieldsLength = buffer.readUInt32BE(offset);
-    offset += 4;
-    const optionalFieldsStart = offset;
-    const hkdfSalt = readOptionalFieldWithLength();
-    let pbkdfIterations;
-    const pbkdfIterationsExists = buffer.readUInt8(offset);
-    offset += 1;
-    if (pbkdfIterationsExists === 1) {
-        pbkdfIterations = buffer.readUInt32BE(offset);
-        offset += 4;
-    }
-    const pbkdfSalt = readOptionalFieldWithLength();
-    const publicEncryptionIv = readOptionalFieldWithLength();
-    let publicEncryptionJwk;
-    const publicEncryptionJwkBuffer = readOptionalFieldWithLength();
-    if (publicEncryptionJwkBuffer) {
-        const jwkString = publicEncryptionJwkBuffer.toString();
-        try {
-            publicEncryptionJwk = JSON.parse(jwkString);
-        }
-        catch {
-            throw new SyntaxError(`Invalid JSON in publicEncryptionJwk: ${jwkString}`);
+    if (offset + 2 > buffer.length) {
+        throw new errors_1.AesError("Unexpected end of encoded AES data: missing header length");
+    }
+    const headerJsonLength = buffer.readUInt16BE(offset);
+    offset += 2;
+    if (offset + headerJsonLength > buffer.length) {
+        throw new errors_1.AesError("Unexpected end of encoded AES data: header exceeds buffer");
+    }
+    const headerJsonBytes = buffer.subarray(offset, offset + headerJsonLength);
+    offset += headerJsonLength;
+    const headerB64 = b64_1.B64.encode(headerJsonBytes, "b64u");
+    const decodedHeader = (0, aes_header_1.decodeAesHeader)(headerB64);
+    const params = (0, aes_header_1.headerToDecryptionParams)(decodedHeader);
+    const aad = (0, aes_header_1.computeAad)(headerB64);
+    if (offset + 2 > buffer.length) {
+        throw new errors_1.AesError("Unexpected end of encoded AES data: missing CEK length");
+    }
+    const cekLength = buffer.readUInt16BE(offset);
+    offset += 2;
+    let publicEncryptionKey;
+    if (cekLength > 0) {
+        if (offset + cekLength > buffer.length) {
+            throw new errors_1.AesError("Unexpected end of encoded AES data: CEK exceeds buffer");
         }
+        publicEncryptionKey = buffer.subarray(offset, offset + cekLength);
+        offset += cekLength;
+    }
+    const ivSize = getIvSize(params.encryption);
+    if (offset + ivSize > buffer.length) {
+        throw new errors_1.AesError("Unexpected end of encoded AES data: IV exceeds buffer");
     }
-    const publicEncryptionKey = readOptionalFieldWithLargeLength();
-    const publicEncryptionTag = readOptionalFieldWithLength();
-    const optionalFieldsEnd = offset;
-    if (optionalFieldsEnd - optionalFieldsStart !== optionalFieldsLength) {
-        throw new Error("Optional fields length mismatch");
+    const initialisationVector = buffer.subarray(offset, offset + ivSize);
+    offset += ivSize;
+    const tagSize = getTagSize(params.encryption);
+    if (offset + tagSize > buffer.length) {
+        throw new errors_1.AesError("Unexpected end of encoded AES data: tag exceeds buffer");
     }
+    const authTag = buffer.subarray(offset, offset + tagSize);
+    offset += tagSize;
     const content = buffer.subarray(offset);
     return {
-        algorithm,
+        aad,
+        algorithm: params.algorithm,
         authTag,
         content,
-        contentType,
-        encryption,
-        hkdfSalt,
+        contentType: params.contentType,
+        encryption: params.encryption,
         initialisationVector,
-        keyId,
-        pbkdfIterations,
-        pbkdfSalt,
-        publicEncryptionIv,
-        publicEncryptionJwk,
+        keyId: params.keyId,
+        pbkdfIterations: params.pbkdfIterations,
+        pbkdfSalt: params.pbkdfSalt,
+        publicEncryptionIv: params.publicEncryptionIv,
+        publicEncryptionJwk: params.publicEncryptionJwk,
         publicEncryptionKey,
-        publicEncryptionTag,
-        version,
+        publicEncryptionTag: params.publicEncryptionTag,
+        version: params.version,
     };
 };
 exports.parseEncodedAesString = parseEncodedAesString;

package/dist/utils/private/encoded-aes.js.map

@@ -1 +1 @@
-{"version":3,"file":"encoded-aes.js","sourceRoot":"","sources":["../../../src/utils/private/encoded-aes.ts"],"names":[],"mappings":";;;AAGO,MAAM,sBAAsB,GAAG,CAAC,IAAyB,EAAU,EAAE;IAC1E,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IACrD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IAErD,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACtC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAEjD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC9C,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;IAEzD,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAChD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IAE3D,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAClD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;IAE7D,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;IAE/D,OAAO,CAAC,IAAI,CACV,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,EAC/C,IAAI,CAAC,oBAAoB,CAC1B,CAAC;IAEF,MAAM,cAAc,GAAa,EAAE,CAAC;IAEpC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACtC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC1E,CAAC;SAAM,CAAC;QACN,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACxC,CAAC;IAED,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QACnB,MAAM,eAAe,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACxC,eAAe,CAAC,aAAa,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,CAAC,CAAC;QACzD,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACtC,cAAc,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACvC,CAAC;SAAM,CAAC;QACN,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACxC,CAAC;IAED,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QACnB,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACtC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IAC5E,CAAC;SAAM,CAAC;QACN,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACxC,CAAC;IAED,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC5B,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACtC,cAAc,CAAC,IAAI,CACjB,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,EAC7C,IAAI,CAAC,kBAAkB,CACxB,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACxC,CAAC;IAED,MAAM,sBAAsB,GAAG,IAAI,CAAC,mBAAmB;QACrD,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,mBAAmB,CAAC;QAC1C,CAAC,CAAC,EAAE,CAAC;IACP,IAAI,sBAAsB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACtC,cAAc,CAAC,IAAI,CACjB,MAAM,CAAC,IAAI,CAAC,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC,EAC5C,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,CACpC,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACxC,CAAC;IAED,IAAI,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAC7B,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACtC,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAClC,SAAS,CAAC,aAAa,CAAC,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;QACzD,cAAc,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAC3D,CAAC;SAAM,CAAC;QACN,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACxC,CAAC;IAED,IAAI,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAC7B,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACtC,cAAc,CAAC,IAAI,CACjB,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC,EAC9C,IAAI,CAAC,mBAAmB,CACzB,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACxC,CAAC;IAED,MAAM,oBAAoB,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC7C,oBAAoB,CAAC,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC;IACzE,OAAO,CAAC,IAAI,CAAC,oBAAoB,EAAE,GAAG,cAAc,CAAC,CAAC;IAEtD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAE3B,OAAO,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACtD,CAAC,CAAC;AAnGW,QAAA,sBAAsB,0BAmGjC;AAEK,MAAM,qBAAqB,GAAG,CAAC,OAAe,EAAuB,EAAE;IAC5E,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IACjD,IAAI,MAAM,GAAG,CAAC,CAAC;IAEf,MAAM,mBAAmB,GAAG,GAAW,EAAE;QACvC,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,IAAI,CAAC,CAAC;QACZ,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,CAAC;QACvD,MAAM,IAAI,MAAM,CAAC;QACjB,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;IAEF,MAAM,2BAA2B,GAAG,GAAuB,EAAE;QAC3D,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,IAAI,CAAC,CAAC;QACZ,IAAI,MAAM,KAAK,CAAC;YAAE,OAAO,SAAS,CAAC;QACnC,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,IAAI,CAAC,CAAC;QACZ,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,CAAC;QACvD,MAAM,IAAI,MAAM,CAAC;QACjB,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;IAEF,MAAM,gCAAgC,GAAG,GAAuB,EAAE;QAChE,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,IAAI,CAAC,CAAC;QACZ,IAAI,MAAM,KAAK,CAAC;YAAE,OAAO,SAAS,CAAC;QACnC,MAAM,MAAM,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC3C,MAAM,IAAI,CAAC,CAAC;QACZ,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,CAAC;QACvD,MAAM,IAAI,MAAM,CAAC;QACjB,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;IAEF,MAAM,aAAa,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAC/C,MAAM,IAAI,CAAC,CAAC;IACZ,MAAM,OAAO,GAAG,QAAQ,CACtB,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,aAAa,CAAC,CAAC,QAAQ,EAAE,EAC1D,EAAE,CACH,CAAC;IACF,MAAM,IAAI,aAAa,CAAC;IAExB,MAAM,KAAK,GAAG,mBAAmB,EAAE,CAAC,QAAQ,EAAE,CAAC;IAC/C,MAAM,SAAS,GAAG,mBAAmB,EAAE,CAAC,QAAQ,EAAsB,CAAC;IACvE,MAAM,UAAU,GAAG,mBAAmB,EAAE,CAAC,QAAQ,EAAuB,CAAC;IACzE,MAAM,WAAW,GAAG,mBAAmB,EAAE,CAAC,QAAQ,EAAoB,CAAC;IACvE,MAAM,OAAO,GAAG,mBAAmB,EAAE,CAAC;IACtC,MAAM,oBAAoB,GAAG,mBAAmB,EAAE,CAAC;IAEnD,MAAM,oBAAoB,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IACzD,MAAM,IAAI,CAAC,CAAC;IAEZ,MAAM,mBAAmB,GAAG,MAAM,CAAC;IAEnC,MAAM,QAAQ,GAAG,2BAA2B,EAAE,CAAC;IAC/C,IAAI,eAAmC,CAAC;IACxC,MAAM,qBAAqB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACvD,MAAM,IAAI,CAAC,CAAC;IACZ,IAAI,qBAAqB,KAAK,CAAC,EAAE,CAAC;QAChC,eAAe,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC9C,MAAM,IAAI,CAAC,CAAC;IACd,CAAC;IACD,MAAM,SAAS,GAAG,2BAA2B,EAAE,CAAC;IAChD,MAAM,kBAAkB,GAAG,2BAA2B,EAAE,CAAC;IAEzD,IAAI,mBAAoD,CAAC;IACzD,MAAM,yBAAyB,GAAG,2BAA2B,EAAE,CAAC;IAChE,IAAI,yBAAyB,EAAE,CAAC;QAC9B,MAAM,SAAS,GAAG,yBAAyB,CAAC,QAAQ,EAAE,CAAC;QACvD,IAAI,CAAC;YACH,mBAAmB,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAC9C,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,WAAW,CAAC,wCAAwC,SAAS,EAAE,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;IAED,MAAM,mBAAmB,GAAG,gCAAgC,EAAE,CAAC;IAC/D,MAAM,mBAAmB,GAAG,2BAA2B,EAAE,CAAC;IAE1D,MAAM,iBAAiB,GAAG,MAAM,CAAC;IACjC,IAAI,iBAAiB,GAAG,mBAAmB,KAAK,oBAAoB,EAAE,CAAC;QACrE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAExC,OAAO;QACL,SAAS;QACT,OAAO;QACP,OAAO;QACP,WAAW;QACX,UAAU;QACV,QAAQ;QACR,oBAAoB;QACpB,KAAK;QACL,eAAe;QACf,SAAS;QACT,kBAAkB;QAClB,mBAAmB;QACnB,mBAAmB;QACnB,mBAAmB;QACnB,OAAO;KACR,CAAC;AACJ,CAAC,CAAC;AAvGW,QAAA,qBAAqB,yBAuGhC"}
+{"version":3,"file":"encoded-aes.js","sourceRoot":"","sources":["../../../src/utils/private/encoded-aes.ts"],"names":[],"mappings":";;;AAAA,sCAAmC;AACnC,yCAAwC;AAExC,6CAKsB;AAkBtB,MAAM,SAAS,GAAG,CAAC,GAAW,EAAU,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;AAU3E,MAAM,UAAU,GAAG,CAAC,GAAW,EAAU,EAAE;IACzC,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACnC,IAAI,GAAG,KAAK,eAAe;QAAE,OAAO,EAAE,CAAC;IACvC,IAAI,GAAG,KAAK,eAAe;QAAE,OAAO,EAAE,CAAC;IACvC,IAAI,GAAG,KAAK,eAAe;QAAE,OAAO,EAAE,CAAC;IAEvC,OAAO,EAAE,CAAC;AACZ,CAAC,CAAC;AAEK,MAAM,sBAAsB,GAAG,CAAC,IAAyB,EAAU,EAAE;IAC1E,MAAM,MAAM,GAAG,IAAA,2BAAc,EAAC;QAC5B,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,eAAe,EAAE,IAAI,CAAC,eAAe;QACrC,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;QAC3C,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;QAC7C,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;KAC9C,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,CAAC;IAC/D,MAAM,OAAO,GAAa,EAAE,CAAC;IAG7B,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACrC,YAAY,CAAC,aAAa,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAC9C,OAAO,CAAC,IAAI,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;IAGvC,MAAM,SAAS,GAAG,IAAI,CAAC,mBAAmB,EAAE,MAAM,IAAI,CAAC,CAAC;IACxD,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACrC,YAAY,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;IACtC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC3B,IAAI,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAC7B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IACzC,CAAC;IAGD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IAGxC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAG3B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAE3B,OAAO,SAAG,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC;AACpD,CAAC,CAAC;AAxCW,QAAA,sBAAsB,0BAwCjC;AAEK,MAAM,qBAAqB,GAAG,CAAC,OAAe,EAA6B,EAAE;IAClF,MAAM,MAAM,GAAG,SAAG,CAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC7C,IAAI,MAAM,GAAG,CAAC,CAAC;IAGf,IAAI,MAAM,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;QAC/B,MAAM,IAAI,iBAAQ,CAAC,2DAA2D,CAAC,CAAC;IAClF,CAAC;IACD,MAAM,gBAAgB,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IACrD,MAAM,IAAI,CAAC,CAAC;IAGZ,IAAI,MAAM,GAAG,gBAAgB,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9C,MAAM,IAAI,iBAAQ,CAAC,2DAA2D,CAAC,CAAC;IAClF,CAAC;IACD,MAAM,eAAe,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,gBAAgB,CAAC,CAAC;IAC3E,MAAM,IAAI,gBAAgB,CAAC;IAG3B,MAAM,SAAS,GAAG,SAAG,CAAC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IACtD,MAAM,aAAa,GAAG,IAAA,4BAAe,EAAC,SAAS,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,IAAA,qCAAwB,EAAC,aAAa,CAAC,CAAC;IAGvD,MAAM,GAAG,GAAG,IAAA,uBAAU,EAAC,SAAS,CAAC,CAAC;IAGlC,IAAI,MAAM,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;QAC/B,MAAM,IAAI,iBAAQ,CAAC,wDAAwD,CAAC,CAAC;IAC/E,CAAC;IACD,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IAC9C,MAAM,IAAI,CAAC,CAAC;IAGZ,IAAI,mBAAuC,CAAC;IAC5C,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;QAClB,IAAI,MAAM,GAAG,SAAS,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;YACvC,MAAM,IAAI,iBAAQ,CAAC,wDAAwD,CAAC,CAAC;QAC/E,CAAC;QACD,mBAAmB,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;QAClE,MAAM,IAAI,SAAS,CAAC;IACtB,CAAC;IAGD,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAC5C,IAAI,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;QACpC,MAAM,IAAI,iBAAQ,CAAC,uDAAuD,CAAC,CAAC;IAC9E,CAAC;IACD,MAAM,oBAAoB,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,CAAC;IACtE,MAAM,IAAI,MAAM,CAAC;IAGjB,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAC9C,IAAI,MAAM,GAAG,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;QACrC,MAAM,IAAI,iBAAQ,CAAC,wDAAwD,CAAC,CAAC;IAC/E,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC;IAC1D,MAAM,IAAI,OAAO,CAAC;IAGlB,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAExC,OAAO;QACL,GAAG;QACH,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,OAAO;QACP,OAAO;QACP,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,oBAAoB;QACpB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,eAAe,EAAE,MAAM,CAAC,eAAe;QACvC,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,kBAAkB,EAAE,MAAM,CAAC,kBAAkB;QAC7C,mBAAmB,EAAE,MAAM,CAAC,mBAAmB;QAC/C,mBAAmB;QACnB,mBAAmB,EAAE,MAAM,CAAC,mBAAmB;QAC/C,OAAO,EAAE,MAAM,CAAC,OAAO;KACxB,CAAC;AACJ,CAAC,CAAC;AA/EW,QAAA,qBAAqB,yBA+EhC"}

package/dist/utils/private/encrypt-content.d.ts

@@ -0,0 +1,3 @@
+import { EncryptContentOptions, EncryptContentResult } from "../../types/private";
+export declare const encryptAesContent: (options: EncryptContentOptions) => EncryptContentResult;
+//# sourceMappingURL=encrypt-content.d.ts.map

package/dist/utils/private/encrypt-content.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encrypt-content.d.ts","sourceRoot":"","sources":["../../../src/utils/private/encrypt-content.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AASlF,eAAO,MAAM,iBAAiB,GAC5B,SAAS,qBAAqB,KAC7B,oBAuCF,CAAC"}

package/dist/utils/private/encrypt-content.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.encryptAesContent = void 0;
+const crypto_1 = require("crypto");
+const calculate_1 = require("./calculate");
+const content_1 = require("./content");
+const data_1 = require("./data");
+const encryptAesContent = (options) => {
+    const { aad, contentEncryptionKey, data, encryption } = options;
+    const { encryptionKey, hashKey } = (0, data_1.splitContentEncryptionKey)(encryption, contentEncryptionKey);
+    const aesEncryption = (0, calculate_1.calculateAesEncryption)(encryption);
+    const initialisationVector = options.initialisationVector ?? (0, data_1.getInitialisationVector)(encryption);
+    const isGcm = encryption.includes("GCM");
+    const cipherOptions = isGcm
+        ? { authTagLength: 16 }
+        : undefined;
+    const cipher = (0, crypto_1.createCipheriv)(aesEncryption, encryptionKey, initialisationVector, cipherOptions);
+    if (isGcm && aad) {
+        cipher.setAAD(aad);
+    }
+    const contentType = (0, content_1.calculateContentType)(data);
+    const buffer = (0, content_1.contentToBuffer)(data, contentType);
+    const content = Buffer.concat([cipher.update(buffer), cipher.final()]);
+    const authTag = (0, data_1.createAuthTag)({
+        aad,
+        cipher,
+        content,
+        hashKey,
+        encryption,
+        initialisationVector,
+    });
+    return { authTag, content, contentType, initialisationVector };
+};
+exports.encryptAesContent = encryptAesContent;
+//# sourceMappingURL=encrypt-content.js.map

package/dist/utils/private/encrypt-content.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encrypt-content.js","sourceRoot":"","sources":["../../../src/utils/private/encrypt-content.ts"],"names":[],"mappings":";;;AAAA,mCAAqE;AAErE,2CAAqD;AACrD,uCAAkE;AAClE,iCAIgB;AAET,MAAM,iBAAiB,GAAG,CAC/B,OAA8B,EACR,EAAE;IACxB,MAAM,EAAE,GAAG,EAAE,oBAAoB,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;IAEhE,MAAM,EAAE,aAAa,EAAE,OAAO,EAAE,GAAG,IAAA,gCAAyB,EAC1D,UAAU,EACV,oBAAoB,CACrB,CAAC;IACF,MAAM,aAAa,GAAG,IAAA,kCAAsB,EAAC,UAAU,CAAC,CAAC;IACzD,MAAM,oBAAoB,GACxB,OAAO,CAAC,oBAAoB,IAAI,IAAA,8BAAuB,EAAC,UAAU,CAAC,CAAC;IACtE,MAAM,KAAK,GAAG,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACzC,MAAM,aAAa,GAAiC,KAAK;QACvD,CAAC,CAAC,EAAE,aAAa,EAAE,EAAE,EAAE;QACvB,CAAC,CAAC,SAAS,CAAC;IACd,MAAM,MAAM,GAAG,IAAA,uBAAc,EAC3B,aAAa,EACb,aAAa,EACb,oBAAoB,EACpB,aAAiC,CAClC,CAAC;IAEF,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;QAChB,MAAoB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACpC,CAAC;IAED,MAAM,WAAW,GAAG,IAAA,8BAAoB,EAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,IAAA,yBAAe,EAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IAClD,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAEvE,MAAM,OAAO,GAAG,IAAA,oBAAa,EAAC;QAC5B,GAAG;QACH,MAAM;QACN,OAAO;QACP,OAAO;QACP,UAAU;QACV,oBAAoB;KACrB,CAAC,CAAC;IAEH,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,oBAAoB,EAAE,CAAC;AACjE,CAAC,CAAC;AAzCW,QAAA,iBAAiB,qBAyC5B"}

package/dist/utils/private/encrypt-encoded.d.ts

@@ -0,0 +1,9 @@
+import { IKryptos, KryptosEncryption } from "@lindorm/kryptos";
+import { AesContent } from "../../types";
+export type EncryptEncodedOptions = {
+    data: AesContent;
+    encryption: KryptosEncryption;
+    kryptos: IKryptos;
+};
+export declare const encryptEncoded: (options: EncryptEncodedOptions) => string;
+//# sourceMappingURL=encrypt-encoded.d.ts.map

package/dist/utils/private/encrypt-encoded.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encrypt-encoded.d.ts","sourceRoot":"","sources":["../../../src/utils/private/encrypt-encoded.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAC/D,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAOzC,MAAM,MAAM,qBAAqB,GAAG;IAClC,IAAI,EAAE,UAAU,CAAC;IACjB,UAAU,EAAE,iBAAiB,CAAC;IAC9B,OAAO,EAAE,QAAQ,CAAC;CACnB,CAAC;AAEF,eAAO,MAAM,cAAc,GAAI,SAAS,qBAAqB,KAAG,MAgE/D,CAAC"}

package/dist/utils/private/encrypt-encoded.js

@@ -0,0 +1,53 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.encryptEncoded = void 0;
+const b64_1 = require("@lindorm/b64");
+const aes_header_1 = require("./aes-header");
+const content_1 = require("./content");
+const data_1 = require("./data");
+const encrypt_content_1 = require("./encrypt-content");
+const get_key_1 = require("./get-key");
+const encryptEncoded = (options) => {
+    const { data, encryption, kryptos } = options;
+    const keyResult = (0, get_key_1.getEncryptionKey)({ encryption, kryptos });
+    const initialisationVector = (0, data_1.getInitialisationVector)(encryption);
+    const contentType = (0, content_1.calculateContentType)(data);
+    const header = (0, aes_header_1.buildAesHeader)({
+        algorithm: kryptos.algorithm,
+        contentType,
+        encryption,
+        keyId: kryptos.id,
+        pbkdfIterations: keyResult.pbkdfIterations,
+        pbkdfSalt: keyResult.pbkdfSalt,
+        publicEncryptionIv: keyResult.publicEncryptionIv,
+        publicEncryptionJwk: keyResult.publicEncryptionJwk,
+        publicEncryptionTag: keyResult.publicEncryptionTag,
+    });
+    const headerJson = Buffer.from(JSON.stringify(header), "utf8");
+    const headerB64 = b64_1.B64.encode(headerJson, "b64u");
+    const aad = (0, aes_header_1.computeAad)(headerB64);
+    const { authTag, content } = (0, encrypt_content_1.encryptAesContent)({
+        aad,
+        contentEncryptionKey: keyResult.contentEncryptionKey,
+        data,
+        encryption,
+        initialisationVector,
+    });
+    const buffers = [];
+    const headerLength = Buffer.alloc(2);
+    headerLength.writeUInt16BE(headerJson.length);
+    buffers.push(headerLength, headerJson);
+    const cekLength = keyResult.publicEncryptionKey?.length ?? 0;
+    const cekLengthBuf = Buffer.alloc(2);
+    cekLengthBuf.writeUInt16BE(cekLength);
+    buffers.push(cekLengthBuf);
+    if (keyResult.publicEncryptionKey) {
+        buffers.push(keyResult.publicEncryptionKey);
+    }
+    buffers.push(initialisationVector);
+    buffers.push(authTag);
+    buffers.push(content);
+    return b64_1.B64.encode(Buffer.concat(buffers), "b64u");
+};
+exports.encryptEncoded = encryptEncoded;
+//# sourceMappingURL=encrypt-encoded.js.map

package/dist/utils/private/encrypt-encoded.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encrypt-encoded.js","sourceRoot":"","sources":["../../../src/utils/private/encrypt-encoded.ts"],"names":[],"mappings":";;;AAAA,sCAAmC;AAGnC,6CAA0D;AAC1D,uCAAiD;AACjD,iCAAiD;AACjD,uDAAsD;AACtD,uCAA6C;AAQtC,MAAM,cAAc,GAAG,CAAC,OAA8B,EAAU,EAAE;IACvE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IAG9C,MAAM,SAAS,GAAG,IAAA,0BAAgB,EAAC,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;IAG5D,MAAM,oBAAoB,GAAG,IAAA,8BAAuB,EAAC,UAAU,CAAC,CAAC;IAGjE,MAAM,WAAW,GAAG,IAAA,8BAAoB,EAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,IAAA,2BAAc,EAAC;QAC5B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,WAAW;QACX,UAAU;QACV,KAAK,EAAE,OAAO,CAAC,EAAE;QACjB,eAAe,EAAE,SAAS,CAAC,eAAe;QAC1C,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,kBAAkB,EAAE,SAAS,CAAC,kBAAkB;QAChD,mBAAmB,EAAE,SAAS,CAAC,mBAAmB;QAClD,mBAAmB,EAAE,SAAS,CAAC,mBAAmB;KACnD,CAAC,CAAC;IACH,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,CAAC;IAG/D,MAAM,SAAS,GAAG,SAAG,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACjD,MAAM,GAAG,GAAG,IAAA,uBAAU,EAAC,SAAS,CAAC,CAAC;IAGlC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,IAAA,mCAAiB,EAAC;QAC7C,GAAG;QACH,oBAAoB,EAAE,SAAS,CAAC,oBAAoB;QACpD,IAAI;QACJ,UAAU;QACV,oBAAoB;KACrB,CAAC,CAAC;IAGH,MAAM,OAAO,GAAa,EAAE,CAAC;IAG7B,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACrC,YAAY,CAAC,aAAa,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAC9C,OAAO,CAAC,IAAI,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;IAGvC,MAAM,SAAS,GAAG,SAAS,CAAC,mBAAmB,EAAE,MAAM,IAAI,CAAC,CAAC;IAC7D,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACrC,YAAY,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;IACtC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC3B,IAAI,SAAS,CAAC,mBAAmB,EAAE,CAAC;QAClC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC;IAC9C,CAAC;IAGD,OAAO,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IAGnC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAGtB,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAEtB,OAAO,SAAG,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC;AACpD,CAAC,CAAC;AAhEW,QAAA,cAAc,kBAgEzB"}

package/dist/utils/private/encrypt-serialised.d.ts

@@ -0,0 +1,9 @@
+import { IKryptos, KryptosEncryption } from "@lindorm/kryptos";
+import { AesContent, SerialisedAesEncryption } from "../../types";
+export type EncryptSerialisedOptions = {
+    data: AesContent;
+    encryption: KryptosEncryption;
+    kryptos: IKryptos;
+};
+export declare const encryptSerialised: (options: EncryptSerialisedOptions) => SerialisedAesEncryption;
+//# sourceMappingURL=encrypt-serialised.d.ts.map

package/dist/utils/private/encrypt-serialised.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encrypt-serialised.d.ts","sourceRoot":"","sources":["../../../src/utils/private/encrypt-serialised.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAE/D,OAAO,EAAE,UAAU,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAOlE,MAAM,MAAM,wBAAwB,GAAG;IACrC,IAAI,EAAE,UAAU,CAAC;IACjB,UAAU,EAAE,iBAAiB,CAAC;IAC9B,OAAO,EAAE,QAAQ,CAAC;CACnB,CAAC;AAEF,eAAO,MAAM,iBAAiB,GAC5B,SAAS,wBAAwB,KAChC,uBA+CF,CAAC"}

package/dist/utils/private/encrypt-serialised.js

@@ -0,0 +1,48 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.encryptSerialised = void 0;
+const b64_1 = require("@lindorm/b64");
+const private_1 = require("../../constants/private");
+const aes_header_1 = require("./aes-header");
+const content_1 = require("./content");
+const data_1 = require("./data");
+const encrypt_content_1 = require("./encrypt-content");
+const get_key_1 = require("./get-key");
+const encryptSerialised = (options) => {
+    const { data, encryption, kryptos } = options;
+    const keyResult = (0, get_key_1.getEncryptionKey)({ encryption, kryptos });
+    const initialisationVector = (0, data_1.getInitialisationVector)(encryption);
+    const contentType = (0, content_1.calculateContentType)(data);
+    const header = (0, aes_header_1.buildAesHeader)({
+        algorithm: kryptos.algorithm,
+        contentType,
+        encryption,
+        keyId: kryptos.id,
+        pbkdfIterations: keyResult.pbkdfIterations,
+        pbkdfSalt: keyResult.pbkdfSalt,
+        publicEncryptionIv: keyResult.publicEncryptionIv,
+        publicEncryptionJwk: keyResult.publicEncryptionJwk,
+        publicEncryptionTag: keyResult.publicEncryptionTag,
+    });
+    const headerB64 = (0, aes_header_1.encodeAesHeader)(header);
+    const aad = (0, aes_header_1.computeAad)(headerB64);
+    const { authTag, content } = (0, encrypt_content_1.encryptAesContent)({
+        aad,
+        contentEncryptionKey: keyResult.contentEncryptionKey,
+        data,
+        encryption,
+        initialisationVector,
+    });
+    return {
+        cek: keyResult.publicEncryptionKey
+            ? b64_1.B64.encode(keyResult.publicEncryptionKey, "b64u")
+            : undefined,
+        ciphertext: b64_1.B64.encode(content, "b64u"),
+        header: headerB64,
+        iv: b64_1.B64.encode(initialisationVector, "b64u"),
+        tag: b64_1.B64.encode(authTag, "b64u"),
+        v: private_1.AES_FORMAT_VERSION,
+    };
+};
+exports.encryptSerialised = encryptSerialised;
+//# sourceMappingURL=encrypt-serialised.js.map

package/dist/utils/private/encrypt-serialised.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encrypt-serialised.js","sourceRoot":"","sources":["../../../src/utils/private/encrypt-serialised.ts"],"names":[],"mappings":";;;AAAA,sCAAmC;AAEnC,qDAA6D;AAE7D,6CAA2E;AAC3E,uCAAiD;AACjD,iCAAiD;AACjD,uDAAsD;AACtD,uCAA6C;AAQtC,MAAM,iBAAiB,GAAG,CAC/B,OAAiC,EACR,EAAE;IAC3B,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IAG9C,MAAM,SAAS,GAAG,IAAA,0BAAgB,EAAC,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;IAG5D,MAAM,oBAAoB,GAAG,IAAA,8BAAuB,EAAC,UAAU,CAAC,CAAC;IAGjE,MAAM,WAAW,GAAG,IAAA,8BAAoB,EAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,IAAA,2BAAc,EAAC;QAC5B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,WAAW;QACX,UAAU;QACV,KAAK,EAAE,OAAO,CAAC,EAAE;QACjB,eAAe,EAAE,SAAS,CAAC,eAAe;QAC1C,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,kBAAkB,EAAE,SAAS,CAAC,kBAAkB;QAChD,mBAAmB,EAAE,SAAS,CAAC,mBAAmB;QAClD,mBAAmB,EAAE,SAAS,CAAC,mBAAmB;KACnD,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,IAAA,4BAAe,EAAC,MAAM,CAAC,CAAC;IAG1C,MAAM,GAAG,GAAG,IAAA,uBAAU,EAAC,SAAS,CAAC,CAAC;IAGlC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,IAAA,mCAAiB,EAAC;QAC7C,GAAG;QACH,oBAAoB,EAAE,SAAS,CAAC,oBAAoB;QACpD,IAAI;QACJ,UAAU;QACV,oBAAoB;KACrB,CAAC,CAAC;IAGH,OAAO;QACL,GAAG,EAAE,SAAS,CAAC,mBAAmB;YAChC,CAAC,CAAC,SAAG,CAAC,MAAM,CAAC,SAAS,CAAC,mBAAmB,EAAE,MAAM,CAAC;YACnD,CAAC,CAAC,SAAS;QACb,UAAU,EAAE,SAAG,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC;QACvC,MAAM,EAAE,SAAS;QACjB,EAAE,EAAE,SAAG,CAAC,MAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC;QAC5C,GAAG,EAAE,SAAG,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC;QAChC,CAAC,EAAE,4BAAkB;KACtB,CAAC;AACJ,CAAC,CAAC;AAjDW,QAAA,iBAAiB,qBAiD5B"}

package/dist/utils/private/encrypt-tokenised.d.ts

@@ -0,0 +1,9 @@
+import { IKryptos, KryptosEncryption } from "@lindorm/kryptos";
+import { AesContent } from "../../types";
+export type EncryptTokenisedOptions = {
+    data: AesContent;
+    encryption: KryptosEncryption;
+    kryptos: IKryptos;
+};
+export declare const encryptTokenised: (options: EncryptTokenisedOptions) => string;
+//# sourceMappingURL=encrypt-tokenised.d.ts.map

package/dist/utils/private/encrypt-tokenised.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encrypt-tokenised.d.ts","sourceRoot":"","sources":["../../../src/utils/private/encrypt-tokenised.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAC/D,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAOzC,MAAM,MAAM,uBAAuB,GAAG;IACpC,IAAI,EAAE,UAAU,CAAC;IACjB,UAAU,EAAE,iBAAiB,CAAC;IAC9B,OAAO,EAAE,QAAQ,CAAC;CACnB,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAI,SAAS,uBAAuB,KAAG,MA+CnE,CAAC"}

package/dist/utils/private/encrypt-tokenised.js

@@ -0,0 +1,45 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.encryptTokenised = void 0;
+const b64_1 = require("@lindorm/b64");
+const aes_header_1 = require("./aes-header");
+const content_1 = require("./content");
+const data_1 = require("./data");
+const encrypt_content_1 = require("./encrypt-content");
+const get_key_1 = require("./get-key");
+const encryptTokenised = (options) => {
+    const { data, encryption, kryptos } = options;
+    const keyResult = (0, get_key_1.getEncryptionKey)({ encryption, kryptos });
+    const initialisationVector = (0, data_1.getInitialisationVector)(encryption);
+    const contentType = (0, content_1.calculateContentType)(data);
+    const header = (0, aes_header_1.buildAesHeader)({
+        algorithm: kryptos.algorithm,
+        contentType,
+        encryption,
+        keyId: kryptos.id,
+        pbkdfIterations: keyResult.pbkdfIterations,
+        pbkdfSalt: keyResult.pbkdfSalt,
+        publicEncryptionIv: keyResult.publicEncryptionIv,
+        publicEncryptionJwk: keyResult.publicEncryptionJwk,
+        publicEncryptionTag: keyResult.publicEncryptionTag,
+    });
+    const headerB64 = (0, aes_header_1.encodeAesHeader)(header);
+    const aad = (0, aes_header_1.computeAad)(headerB64);
+    const { authTag, content } = (0, encrypt_content_1.encryptAesContent)({
+        aad,
+        contentEncryptionKey: keyResult.contentEncryptionKey,
+        data,
+        encryption,
+        initialisationVector,
+    });
+    const ivB64 = b64_1.B64.encode(initialisationVector, "b64u");
+    const tagB64 = b64_1.B64.encode(authTag, "b64u");
+    const ciphertextB64 = b64_1.B64.encode(content, "b64u");
+    if (keyResult.publicEncryptionKey) {
+        const cekB64 = b64_1.B64.encode(keyResult.publicEncryptionKey, "b64u");
+        return `aes:${headerB64}$${cekB64}$${ivB64}$${tagB64}$${ciphertextB64}`;
+    }
+    return `aes:${headerB64}$${ivB64}$${tagB64}$${ciphertextB64}`;
+};
+exports.encryptTokenised = encryptTokenised;
+//# sourceMappingURL=encrypt-tokenised.js.map

package/dist/utils/private/encrypt-tokenised.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encrypt-tokenised.js","sourceRoot":"","sources":["../../../src/utils/private/encrypt-tokenised.ts"],"names":[],"mappings":";;;AAAA,sCAAmC;AAGnC,6CAA2E;AAC3E,uCAAiD;AACjD,iCAAiD;AACjD,uDAAsD;AACtD,uCAA6C;AAQtC,MAAM,gBAAgB,GAAG,CAAC,OAAgC,EAAU,EAAE;IAC3E,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IAG9C,MAAM,SAAS,GAAG,IAAA,0BAAgB,EAAC,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;IAG5D,MAAM,oBAAoB,GAAG,IAAA,8BAAuB,EAAC,UAAU,CAAC,CAAC;IAGjE,MAAM,WAAW,GAAG,IAAA,8BAAoB,EAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,IAAA,2BAAc,EAAC;QAC5B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,WAAW;QACX,UAAU;QACV,KAAK,EAAE,OAAO,CAAC,EAAE;QACjB,eAAe,EAAE,SAAS,CAAC,eAAe;QAC1C,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,kBAAkB,EAAE,SAAS,CAAC,kBAAkB;QAChD,mBAAmB,EAAE,SAAS,CAAC,mBAAmB;QAClD,mBAAmB,EAAE,SAAS,CAAC,mBAAmB;KACnD,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,IAAA,4BAAe,EAAC,MAAM,CAAC,CAAC;IAG1C,MAAM,GAAG,GAAG,IAAA,uBAAU,EAAC,SAAS,CAAC,CAAC;IAGlC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,IAAA,mCAAiB,EAAC;QAC7C,GAAG;QACH,oBAAoB,EAAE,SAAS,CAAC,oBAAoB;QACpD,IAAI;QACJ,UAAU;QACV,oBAAoB;KACrB,CAAC,CAAC;IAGH,MAAM,KAAK,GAAG,SAAG,CAAC,MAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IACvD,MAAM,MAAM,GAAG,SAAG,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC3C,MAAM,aAAa,GAAG,SAAG,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAElD,IAAI,SAAS,CAAC,mBAAmB,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,SAAG,CAAC,MAAM,CAAC,SAAS,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC;QACjE,OAAO,OAAO,SAAS,IAAI,MAAM,IAAI,KAAK,IAAI,MAAM,IAAI,aAAa,EAAE,CAAC;IAC1E,CAAC;IAED,OAAO,OAAO,SAAS,IAAI,KAAK,IAAI,MAAM,IAAI,aAAa,EAAE,CAAC;AAChE,CAAC,CAAC;AA/CW,QAAA,gBAAgB,oBA+C3B"}

package/dist/utils/private/encryption.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"encryption.d.ts","sourceRoot":"","sources":["../../../src/utils/private/encryption.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAC9D,OAAO,EACL,2BAA2B,EAC3B,2BAA2B,EAC5B,MAAM,qBAAqB,CAAC;AAW7B,eAAO,MAAM,UAAU,GAAI,SAAS,2BAA2B,KAAG,mBAuDjE,CAAC;AAEF,eAAO,MAAM,UAAU,GAAI,CAAC,SAAS,UAAU,GAAG,MAAM,EACtD,SAAS,2BAA2B,KACnC,CAiDF,CAAC"}
+{"version":3,"file":"encryption.d.ts","sourceRoot":"","sources":["../../../src/utils/private/encryption.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAC9D,OAAO,EACL,2BAA2B,EAC3B,2BAA2B,EAC5B,MAAM,qBAAqB,CAAC;AAO7B,eAAO,MAAM,UAAU,GAAI,SAAS,2BAA2B,KAAG,mBA4BjE,CAAC;AAEF,eAAO,MAAM,UAAU,GAAI,CAAC,SAAS,UAAU,GAAG,MAAM,EACtD,SAAS,2BAA2B,KACnC,CAkEF,CAAC"}