@lindorm/aes 0.7.2 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (126) hide show
  1. package/dist/classes/AesKit.d.ts +3 -1
  2. package/dist/classes/AesKit.d.ts.map +1 -1
  3. package/dist/classes/AesKit.js +72 -5
  4. package/dist/classes/AesKit.js.map +1 -1
  5. package/dist/errors/AesError.d.ts +1 -0
  6. package/dist/errors/AesError.d.ts.map +1 -1
  7. package/dist/errors/AesError.js +1 -0
  8. package/dist/errors/AesError.js.map +1 -1
  9. package/dist/interfaces/AesKit.d.ts +17 -0
  10. package/dist/interfaces/AesKit.d.ts.map +1 -1
  11. package/dist/internal/utils/aes-descriptor.d.ts +17 -0
  12. package/dist/internal/utils/aes-descriptor.d.ts.map +1 -0
  13. package/dist/internal/utils/aes-descriptor.js +100 -0
  14. package/dist/internal/utils/aes-descriptor.js.map +1 -0
  15. package/dist/internal/utils/aes-header.d.ts.map +1 -1
  16. package/dist/internal/utils/aes-header.js +6 -0
  17. package/dist/internal/utils/aes-header.js.map +1 -1
  18. package/dist/internal/utils/calculate/calculate-aes-encryption.d.ts.map +1 -1
  19. package/dist/internal/utils/calculate/calculate-aes-encryption.js +2 -22
  20. package/dist/internal/utils/calculate/calculate-aes-encryption.js.map +1 -1
  21. package/dist/internal/utils/calculate/calculate-content-encryption-key-size.d.ts.map +1 -1
  22. package/dist/internal/utils/calculate/calculate-content-encryption-key-size.js +2 -22
  23. package/dist/internal/utils/calculate/calculate-content-encryption-key-size.js.map +1 -1
  24. package/dist/internal/utils/calculate/calculate-key-wrap-encryption.d.ts.map +1 -1
  25. package/dist/internal/utils/calculate/calculate-key-wrap-encryption.js +5 -1
  26. package/dist/internal/utils/calculate/calculate-key-wrap-encryption.js.map +1 -1
  27. package/dist/internal/utils/calculate/calculate-key-wrap-size.d.ts.map +1 -1
  28. package/dist/internal/utils/calculate/calculate-key-wrap-size.js +6 -1
  29. package/dist/internal/utils/calculate/calculate-key-wrap-size.js.map +1 -1
  30. package/dist/internal/utils/calculate/calculate-pbkdf-hash.d.ts.map +1 -1
  31. package/dist/internal/utils/calculate/calculate-pbkdf-hash.js +6 -1
  32. package/dist/internal/utils/calculate/calculate-pbkdf-hash.js.map +1 -1
  33. package/dist/internal/utils/calculate/calculate-rsa-oaep-hash.d.ts.map +1 -1
  34. package/dist/internal/utils/calculate/calculate-rsa-oaep-hash.js +4 -1
  35. package/dist/internal/utils/calculate/calculate-rsa-oaep-hash.js.map +1 -1
  36. package/dist/internal/utils/content-primitive.d.ts +24 -0
  37. package/dist/internal/utils/content-primitive.d.ts.map +1 -0
  38. package/dist/internal/utils/content-primitive.js +47 -0
  39. package/dist/internal/utils/content-primitive.js.map +1 -0
  40. package/dist/internal/utils/content.d.ts.map +1 -1
  41. package/dist/internal/utils/content.js +12 -3
  42. package/dist/internal/utils/content.js.map +1 -1
  43. package/dist/internal/utils/data/auth-tag-hmac.d.ts.map +1 -1
  44. package/dist/internal/utils/data/auth-tag-hmac.js +11 -2
  45. package/dist/internal/utils/data/auth-tag-hmac.js.map +1 -1
  46. package/dist/internal/utils/data/auth-tag.d.ts.map +1 -1
  47. package/dist/internal/utils/data/auth-tag.js +28 -17
  48. package/dist/internal/utils/data/auth-tag.js.map +1 -1
  49. package/dist/internal/utils/data/get-initialisation-vector.d.ts.map +1 -1
  50. package/dist/internal/utils/data/get-initialisation-vector.js +2 -17
  51. package/dist/internal/utils/data/get-initialisation-vector.js.map +1 -1
  52. package/dist/internal/utils/data/split-content-encryption-key.d.ts.map +1 -1
  53. package/dist/internal/utils/data/split-content-encryption-key.js +12 -22
  54. package/dist/internal/utils/data/split-content-encryption-key.js.map +1 -1
  55. package/dist/internal/utils/diffie-hellman/diffie-hellman-key-wrap.d.ts.map +1 -1
  56. package/dist/internal/utils/diffie-hellman/diffie-hellman-key-wrap.js +5 -1
  57. package/dist/internal/utils/diffie-hellman/diffie-hellman-key-wrap.js.map +1 -1
  58. package/dist/internal/utils/diffie-hellman/diffie-hellman.d.ts.map +1 -1
  59. package/dist/internal/utils/diffie-hellman/diffie-hellman.js +10 -2
  60. package/dist/internal/utils/diffie-hellman/diffie-hellman.js.map +1 -1
  61. package/dist/internal/utils/diffie-hellman/shared-secret.d.ts.map +1 -1
  62. package/dist/internal/utils/diffie-hellman/shared-secret.js +30 -6
  63. package/dist/internal/utils/diffie-hellman/shared-secret.js.map +1 -1
  64. package/dist/internal/utils/encoded-aes.d.ts.map +1 -1
  65. package/dist/internal/utils/encoded-aes.js +33 -18
  66. package/dist/internal/utils/encoded-aes.js.map +1 -1
  67. package/dist/internal/utils/encrypt-content.d.ts.map +1 -1
  68. package/dist/internal/utils/encrypt-content.js +14 -10
  69. package/dist/internal/utils/encrypt-content.js.map +1 -1
  70. package/dist/internal/utils/encryption.d.ts.map +1 -1
  71. package/dist/internal/utils/encryption.js +20 -12
  72. package/dist/internal/utils/encryption.js.map +1 -1
  73. package/dist/internal/utils/get-key/get-decryption-key.d.ts.map +1 -1
  74. package/dist/internal/utils/get-key/get-decryption-key.js +3 -0
  75. package/dist/internal/utils/get-key/get-decryption-key.js.map +1 -1
  76. package/dist/internal/utils/get-key/get-encryption-key.d.ts.map +1 -1
  77. package/dist/internal/utils/get-key/get-encryption-key.js +3 -0
  78. package/dist/internal/utils/get-key/get-encryption-key.js.map +1 -1
  79. package/dist/internal/utils/key-derivation/pbkdf.d.ts.map +1 -1
  80. package/dist/internal/utils/key-derivation/pbkdf.js +4 -1
  81. package/dist/internal/utils/key-derivation/pbkdf.js.map +1 -1
  82. package/dist/internal/utils/key-types/get-ec-keys.d.ts.map +1 -1
  83. package/dist/internal/utils/key-types/get-ec-keys.js +6 -0
  84. package/dist/internal/utils/key-types/get-ec-keys.js.map +1 -1
  85. package/dist/internal/utils/key-types/get-oct-keys.d.ts.map +1 -1
  86. package/dist/internal/utils/key-types/get-oct-keys.js +6 -0
  87. package/dist/internal/utils/key-types/get-oct-keys.js.map +1 -1
  88. package/dist/internal/utils/key-types/get-okp-keys.d.ts.map +1 -1
  89. package/dist/internal/utils/key-types/get-okp-keys.js +6 -0
  90. package/dist/internal/utils/key-types/get-okp-keys.js.map +1 -1
  91. package/dist/internal/utils/key-types/get-rsa-keys.d.ts.map +1 -1
  92. package/dist/internal/utils/key-types/get-rsa-keys.js +30 -6
  93. package/dist/internal/utils/key-types/get-rsa-keys.js.map +1 -1
  94. package/dist/internal/utils/key-wrap/ecb-key-wrap.d.ts.map +1 -1
  95. package/dist/internal/utils/key-wrap/ecb-key-wrap.js +10 -2
  96. package/dist/internal/utils/key-wrap/ecb-key-wrap.js.map +1 -1
  97. package/dist/internal/utils/key-wrap/gcm-key-wrap.d.ts.map +1 -1
  98. package/dist/internal/utils/key-wrap/gcm-key-wrap.js +20 -4
  99. package/dist/internal/utils/key-wrap/gcm-key-wrap.js.map +1 -1
  100. package/dist/internal/utils/key-wrap/key-wrap.d.ts.map +1 -1
  101. package/dist/internal/utils/key-wrap/key-wrap.js +10 -2
  102. package/dist/internal/utils/key-wrap/key-wrap.js.map +1 -1
  103. package/dist/internal/utils/oct/get-oct-dir-keys.d.ts.map +1 -1
  104. package/dist/internal/utils/oct/get-oct-dir-keys.js +20 -4
  105. package/dist/internal/utils/oct/get-oct-dir-keys.js.map +1 -1
  106. package/dist/internal/utils/oct/get-oct-key-key-wrap.d.ts.map +1 -1
  107. package/dist/internal/utils/oct/get-oct-key-key-wrap.js +17 -3
  108. package/dist/internal/utils/oct/get-oct-key-key-wrap.js.map +1 -1
  109. package/dist/internal/utils/oct/get-oct-pbkdf-key-wrap-keys.d.ts.map +1 -1
  110. package/dist/internal/utils/oct/get-oct-pbkdf-key-wrap-keys.js +17 -3
  111. package/dist/internal/utils/oct/get-oct-pbkdf-key-wrap-keys.js.map +1 -1
  112. package/dist/internal/utils/tokenised-aes.d.ts.map +1 -1
  113. package/dist/internal/utils/tokenised-aes.js +19 -4
  114. package/dist/internal/utils/tokenised-aes.js.map +1 -1
  115. package/dist/internal/utils/validate-version.d.ts.map +1 -1
  116. package/dist/internal/utils/validate-version.js +12 -3
  117. package/dist/internal/utils/validate-version.js.map +1 -1
  118. package/dist/mocks/create-mock-aes-kit.d.ts.map +1 -1
  119. package/dist/mocks/create-mock-aes-kit.js +6 -0
  120. package/dist/mocks/create-mock-aes-kit.js.map +1 -1
  121. package/dist/types/types.d.ts +1 -1
  122. package/dist/types/types.d.ts.map +1 -1
  123. package/dist/utils/parse-aes.d.ts.map +1 -1
  124. package/dist/utils/parse-aes.js +5 -1
  125. package/dist/utils/parse-aes.js.map +1 -1
  126. package/package.json +7 -7
package/dist/internal/utils/content-primitive.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"content-primitive.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/content-primitive.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAMpE,MAAM,MAAM,sBAAsB,GAAG;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;CACb,CAAC;AAEF,MAAM,MAAM,2BAA2B,GAAG;IACxC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,iBAAiB,CAAC;IAC9B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,OAAO,EAAE,QAAQ,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,2BAA2B,GAAG;IACxC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,iBAAiB,CAAC;IAC9B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,OAAO,EAAE,QAAQ,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;CACb,CAAC;AAeF,eAAO,MAAM,oBAAoB,GAC/B,SAAS,2BAA2B,KACnC,sBAmBF,CAAC;AAOF,eAAO,MAAM,oBAAoB,GAAI,SAAS,2BAA2B,KAAG,MAY3E,CAAC"}
package/dist/internal/utils/content-primitive.js ADDED
@@ -0,0 +1,47 @@
1
+ import { AesError } from "../../errors/index.js";
2
+ import { decryptAes } from "./encryption.js";
3
+ import { encryptAesContent } from "./encrypt-content.js";
4
+ import { getEncryptionKey } from "./get-key/get-encryption-key.js";
5
+ export const encryptContentDirect = (options) => {
6
+ const { aad, content, encryption, initialisationVector, kryptos } = options;
7
+ const keyResult = getEncryptionKey({ encryption, kryptos });
8
+ assertDirectKey(keyResult);
9
+ const result = encryptAesContent({
10
+ aad,
11
+ contentEncryptionKey: keyResult.contentEncryptionKey,
12
+ data: content,
13
+ encryption,
14
+ initialisationVector,
15
+ });
16
+ return {
17
+ ciphertext: result.content,
18
+ iv: result.initialisationVector,
19
+ tag: result.authTag,
20
+ };
21
+ };
22
+ export const decryptContentDirect = (options) => {
23
+ const { aad, ciphertext, encryption, initialisationVector, kryptos, tag } = options;
24
+ return decryptAes({
25
+ aad,
26
+ authTag: tag,
27
+ content: ciphertext,
28
+ contentType: "application/octet-stream",
29
+ encryption,
30
+ initialisationVector,
31
+ kryptos,
32
+ });
33
+ };
34
+ const assertDirectKey = (keyResult) => {
35
+ const wrapped = keyResult.publicEncryptionKey !== undefined ||
36
+ keyResult.publicEncryptionJwk !== undefined ||
37
+ keyResult.publicEncryptionIv !== undefined ||
38
+ keyResult.pbkdfSalt !== undefined;
39
+ if (wrapped) {
40
+ throw new AesError("Content primitive requires a direct key", {
41
+ code: "content_primitive_requires_direct_key",
42
+ title: "Content Primitive Requires Direct Key",
43
+ details: "encryptContent/decryptContent are the COSE_Encrypt0 (direct) seam and require the key to be used directly as the content-encryption key (a 'dir' oct key). Key-wrapping or key-agreement algorithms produce recipient material a header-less result cannot carry; use a wire format for those.",
44
+ });
45
+ }
46
+ };
47
+ //# sourceMappingURL=content-primitive.js.map
package/dist/internal/utils/content-primitive.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"content-primitive.js","sourceRoot":"","sources":["../../../src/internal/utils/content-primitive.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AACjD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AAsCnE,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAClC,OAAoC,EACZ,EAAE;IAC1B,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,UAAU,EAAE,oBAAoB,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IAE5E,MAAM,SAAS,GAAG,gBAAgB,CAAC,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;IAC5D,eAAe,CAAC,SAAS,CAAC,CAAC;IAE3B,MAAM,MAAM,GAAG,iBAAiB,CAAC;QAC/B,GAAG;QACH,oBAAoB,EAAE,SAAS,CAAC,oBAAoB;QACpD,IAAI,EAAE,OAAO;QACb,UAAU;QACV,oBAAoB;KACrB,CAAC,CAAC;IAEH,OAAO;QACL,UAAU,EAAE,MAAM,CAAC,OAAO;QAC1B,EAAE,EAAE,MAAM,CAAC,oBAAoB;QAC/B,GAAG,EAAE,MAAM,CAAC,OAAO;KACpB,CAAC;AACJ,CAAC,CAAC;AAOF,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,OAAoC,EAAU,EAAE;IACnF,MAAM,EAAE,GAAG,EAAE,UAAU,EAAE,UAAU,EAAE,oBAAoB,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;IAEpF,OAAO,UAAU,CAAS;QACxB,GAAG;QACH,OAAO,EAAE,GAAG;QACZ,OAAO,EAAE,UAAU;QACnB,WAAW,EAAE,0BAA0B;QACvC,UAAU;QACV,oBAAoB;QACpB,OAAO;KACR,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,MAAM,eAAe,GAAG,CAAC,SAKxB,EAAQ,EAAE;IACT,MAAM,OAAO,GACX,SAAS,CAAC,mBAAmB,KAAK,SAAS;QAC3C,SAAS,CAAC,mBAAmB,KAAK,SAAS;QAC3C,SAAS,CAAC,kBAAkB,KAAK,SAAS;QAC1C,SAAS,CAAC,SAAS,KAAK,SAAS,CAAC;IAEpC,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,IAAI,QAAQ,CAAC,yCAAyC,EAAE;YAC5D,IAAI,EAAE,uCAAuC;YAC7C,KAAK,EAAE,uCAAuC;YAC9C,OAAO,EACL,gSAAgS;SACnS,CAAC,CAAC;IACL,CAAC;AACH,CAAC,CAAC"}
package/dist/internal/utils/content.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"content.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/content.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAEzE,eAAO,MAAM,oBAAoB,GAAI,SAAS,GAAG,KAAG,cAgBnD,CAAC;AAEF,eAAO,MAAM,eAAe,GAAI,SAAS,GAAG,EAAE,aAAa,cAAc,KAAG,MAgB3E,CAAC;AAEF,eAAO,MAAM,YAAY,GAAI,CAAC,SAAS,UAAU,GAAG,MAAM,EACxD,SAAS,MAAM,EACf,cAAa,cAA6B,KACzC,CAgBF,CAAC"}
1
+ {"version":3,"file":"content.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/content.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAEzE,eAAO,MAAM,oBAAoB,GAAI,SAAS,GAAG,KAAG,cAoBnD,CAAC;AAEF,eAAO,MAAM,eAAe,GAAI,SAAS,GAAG,EAAE,aAAa,cAAc,KAAG,MAoB3E,CAAC;AAEF,eAAO,MAAM,YAAY,GAAI,CAAC,SAAS,UAAU,GAAG,MAAM,EACxD,SAAS,MAAM,EACf,cAAa,cAA6B,KACzC,CAoBF,CAAC"}
package/dist/internal/utils/content.js CHANGED
@@ -11,7 +11,10 @@ export const calculateContentType = (content) => {
11
11
  return "application/json";
12
12
  }
13
13
  throw new AesError("Invalid content type", {
14
- debug: { content, type: typeof content },
14
+ code: "invalid_content_type",
15
+ title: "Invalid Content Type",
16
+ details: "The content is not a supported type; expected a string, Buffer, array, boolean, number, or object.",
17
+ data: { type: typeof content },
15
18
  });
16
19
  };
17
20
  export const contentToBuffer = (content, contentType) => {
@@ -24,7 +27,10 @@ export const contentToBuffer = (content, contentType) => {
24
27
  return Buffer.from(content, "utf8");
25
28
  default:
26
29
  throw new AesError("Invalid content type", {
27
- debug: { content, type: typeof content },
30
+ code: "invalid_content_type",
31
+ title: "Invalid Content Type",
32
+ details: "The content type is not a supported value for serialisation; expected application/json, application/octet-stream, or text/plain.",
33
+ data: { contentType, type: typeof content },
28
34
  });
29
35
  }
30
36
  };
@@ -38,7 +44,10 @@ export const parseContent = (content, contentType = "text/plain") => {
38
44
  return content.toString("utf8");
39
45
  default:
40
46
  throw new AesError("Unexpected content type", {
41
- debug: { contentType },
47
+ code: "unexpected_content_type",
48
+ title: "Unexpected Content Type",
49
+ details: "The content type is not a supported value for parsing; expected application/json, application/octet-stream, or text/plain.",
50
+ data: { contentType },
42
51
  });
43
52
  }
44
53
  };
package/dist/internal/utils/content.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"content.js","sourceRoot":"","sources":["../../../src/internal/utils/content.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACzF,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAGpD,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,OAAY,EAAkB,EAAE;IACnE,IAAI,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACtB,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,IAAI,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACtB,OAAO,0BAA0B,CAAC;IACpC,CAAC;IAED,IAAI,OAAO,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACrF,OAAO,kBAAkB,CAAC;IAC5B,CAAC;IAED,MAAM,IAAI,QAAQ,CAAC,sBAAsB,EAAE;QACzC,KAAK,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,OAAO,EAAE;KACzC,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAY,EAAE,WAA2B,EAAU,EAAE;IACnF,QAAQ,WAAW,EAAE,CAAC;QACpB,KAAK,kBAAkB;YACrB,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC;QAEtD,KAAK,0BAA0B;YAC7B,OAAO,OAAO,CAAC;QAEjB,KAAK,YAAY;YACf,OAAO,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAEtC;YACE,MAAM,IAAI,QAAQ,CAAC,sBAAsB,EAAE;gBACzC,KAAK,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,OAAO,EAAE;aACzC,CAAC,CAAC;IACP,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,OAAe,EACf,cAA8B,YAAY,EACvC,EAAE;IACL,QAAQ,WAAW,EAAE,CAAC;QACpB,KAAK,kBAAkB;YACrB,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAM,CAAC;QAEnD,KAAK,0BAA0B;YAC7B,OAAO,OAAY,CAAC;QAEtB,KAAK,YAAY;YACf,OAAO,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAM,CAAC;QAEvC;YACE,MAAM,IAAI,QAAQ,CAAC,yBAAyB,EAAE;gBAC5C,KAAK,EAAE,EAAE,WAAW,EAAE;aACvB,CAAC,CAAC;IACP,CAAC;AACH,CAAC,CAAC"}
1
+ {"version":3,"file":"content.js","sourceRoot":"","sources":["../../../src/internal/utils/content.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACzF,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAGpD,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,OAAY,EAAkB,EAAE;IACnE,IAAI,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACtB,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,IAAI,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACtB,OAAO,0BAA0B,CAAC;IACpC,CAAC;IAED,IAAI,OAAO,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACrF,OAAO,kBAAkB,CAAC;IAC5B,CAAC;IAED,MAAM,IAAI,QAAQ,CAAC,sBAAsB,EAAE;QACzC,IAAI,EAAE,sBAAsB;QAC5B,KAAK,EAAE,sBAAsB;QAC7B,OAAO,EACL,oGAAoG;QACtG,IAAI,EAAE,EAAE,IAAI,EAAE,OAAO,OAAO,EAAE;KAC/B,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAY,EAAE,WAA2B,EAAU,EAAE;IACnF,QAAQ,WAAW,EAAE,CAAC;QACpB,KAAK,kBAAkB;YACrB,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC;QAEtD,KAAK,0BAA0B;YAC7B,OAAO,OAAO,CAAC;QAEjB,KAAK,YAAY;YACf,OAAO,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAEtC;YACE,MAAM,IAAI,QAAQ,CAAC,sBAAsB,EAAE;gBACzC,IAAI,EAAE,sBAAsB;gBAC5B,KAAK,EAAE,sBAAsB;gBAC7B,OAAO,EACL,kIAAkI;gBACpI,IAAI,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,OAAO,EAAE;aAC5C,CAAC,CAAC;IACP,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,OAAe,EACf,cAA8B,YAAY,EACvC,EAAE;IACL,QAAQ,WAAW,EAAE,CAAC;QACpB,KAAK,kBAAkB;YACrB,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAM,CAAC;QAEnD,KAAK,0BAA0B;YAC7B,OAAO,OAAY,CAAC;QAEtB,KAAK,YAAY;YACf,OAAO,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAM,CAAC;QAEvC;YACE,MAAM,IAAI,QAAQ,CAAC,yBAAyB,EAAE;gBAC5C,IAAI,EAAE,yBAAyB;gBAC/B,KAAK,EAAE,yBAAyB;gBAChC,OAAO,EACL,4HAA4H;gBAC9H,IAAI,EAAE,EAAE,WAAW,EAAE;aACtB,CAAC,CAAC;IACP,CAAC;AACH,CAAC,CAAC"}
package/dist/internal/utils/data/auth-tag-hmac.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth-tag-hmac.d.ts","sourceRoot":"","sources":["../../../../src/internal/utils/data/auth-tag-hmac.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAkBpF,eAAO,MAAM,iBAAiB,GAAI,8DAM/B,iBAAiB,KAAG,MAiBtB,CAAC;AAEF,eAAO,MAAM,iBAAiB,GAAI,uEAO/B,iBAAiB,KAAG,IAYtB,CAAC"}
1
+ {"version":3,"file":"auth-tag-hmac.d.ts","sourceRoot":"","sources":["../../../../src/internal/utils/data/auth-tag-hmac.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAwBpF,eAAO,MAAM,iBAAiB,GAAI,8DAM/B,iBAAiB,KAAG,MAiBtB,CAAC;AAEF,eAAO,MAAM,iBAAiB,GAAI,uEAO/B,iBAAiB,KAAG,IAiBtB,CAAC"}
package/dist/internal/utils/data/auth-tag-hmac.js CHANGED
@@ -9,7 +9,12 @@ const shaHash = (encryption) => {
9
9
  case "A256CBC-HS512":
10
10
  return "SHA512";
11
11
  default:
12
- throw new AesError("Unexpected algorithm");
12
+ throw new AesError("Unexpected algorithm", {
13
+ code: "unsupported_encryption",
14
+ title: "Unsupported Encryption",
15
+ details: "HMAC auth tag generation is only supported for AES-CBC-HMAC variants (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512).",
16
+ data: { encryption },
17
+ });
13
18
  }
14
19
  };
15
20
  export const createHmacAuthTag = ({ aad, content, hashKey, initialisationVector, encryption, }) => {
@@ -35,6 +40,10 @@ export const assertHmacAuthTag = ({ aad, authTag, content, encryption, hashKey,
35
40
  });
36
41
  if (generated.length === authTag.length && timingSafeEqual(generated, authTag))
37
42
  return;
38
- throw new AesError("Auth tag verification failed");
43
+ throw new AesError("Auth tag verification failed", {
44
+ code: "auth_tag_verification_failed",
45
+ title: "Auth Tag Verification Failed",
46
+ details: "The computed HMAC auth tag does not match the provided tag, indicating tampered or corrupted ciphertext.",
47
+ });
39
48
  };
40
49
  //# sourceMappingURL=auth-tag-hmac.js.map
package/dist/internal/utils/data/auth-tag-hmac.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth-tag-hmac.js","sourceRoot":"","sources":["../../../../src/internal/utils/data/auth-tag-hmac.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AACrD,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAGpD,MAAM,OAAO,GAAG,CAAC,UAA6B,EAAgB,EAAE;IAC9D,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,eAAe;YAClB,OAAO,QAAQ,CAAC;QAElB,KAAK,eAAe;YAClB,OAAO,QAAQ,CAAC;QAElB,KAAK,eAAe;YAClB,OAAO,QAAQ,CAAC;QAElB;YACE,MAAM,IAAI,QAAQ,CAAC,sBAAsB,CAAC,CAAC;IAC/C,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,EAChC,GAAG,EACH,OAAO,EACP,OAAO,EACP,oBAAoB,EACpB,UAAU,GACQ,EAAU,EAAE;IAC9B,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,OAAO,CAAC,CAAC;IAKtD,IAAI,GAAG,EAAE,CAAC;QACR,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACnB,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAClC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACrB,MAAM,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC3B,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACpD,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAEhB,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;IAC9B,OAAO,OAAO,CAAC,QAAQ,CAAC,CAAC,EAAE,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACjD,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,EAChC,GAAG,EACH,OAAO,EACP,OAAO,EACP,UAAU,EACV,OAAO,EACP,oBAAoB,GACF,EAAQ,EAAE;IAC5B,MAAM,SAAS,GAAG,iBAAiB,CAAC;QAClC,GAAG;QACH,OAAO;QACP,UAAU;QACV,OAAO;QACP,oBAAoB;KACrB,CAAC,CAAC;IAEH,IAAI,SAAS,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM,IAAI,eAAe,CAAC,SAAS,EAAE,OAAO,CAAC;QAAE,OAAO;IAEvF,MAAM,IAAI,QAAQ,CAAC,8BAA8B,CAAC,CAAC;AACrD,CAAC,CAAC"}
1
+ {"version":3,"file":"auth-tag-hmac.js","sourceRoot":"","sources":["../../../../src/internal/utils/data/auth-tag-hmac.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AACrD,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAGpD,MAAM,OAAO,GAAG,CAAC,UAA6B,EAAgB,EAAE;IAC9D,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,eAAe;YAClB,OAAO,QAAQ,CAAC;QAElB,KAAK,eAAe;YAClB,OAAO,QAAQ,CAAC;QAElB,KAAK,eAAe;YAClB,OAAO,QAAQ,CAAC;QAElB;YACE,MAAM,IAAI,QAAQ,CAAC,sBAAsB,EAAE;gBACzC,IAAI,EAAE,wBAAwB;gBAC9B,KAAK,EAAE,wBAAwB;gBAC/B,OAAO,EACL,qHAAqH;gBACvH,IAAI,EAAE,EAAE,UAAU,EAAE;aACrB,CAAC,CAAC;IACP,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,EAChC,GAAG,EACH,OAAO,EACP,OAAO,EACP,oBAAoB,EACpB,UAAU,GACQ,EAAU,EAAE;IAC9B,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,OAAO,CAAC,CAAC;IAKtD,IAAI,GAAG,EAAE,CAAC;QACR,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACnB,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAClC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACrB,MAAM,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC3B,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACpD,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAEhB,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;IAC9B,OAAO,OAAO,CAAC,QAAQ,CAAC,CAAC,EAAE,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACjD,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,EAChC,GAAG,EACH,OAAO,EACP,OAAO,EACP,UAAU,EACV,OAAO,EACP,oBAAoB,GACF,EAAQ,EAAE;IAC5B,MAAM,SAAS,GAAG,iBAAiB,CAAC;QAClC,GAAG;QACH,OAAO;QACP,UAAU;QACV,OAAO;QACP,oBAAoB;KACrB,CAAC,CAAC;IAEH,IAAI,SAAS,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM,IAAI,eAAe,CAAC,SAAS,EAAE,OAAO,CAAC;QAAE,OAAO;IAEvF,MAAM,IAAI,QAAQ,CAAC,8BAA8B,EAAE;QACjD,IAAI,EAAE,8BAA8B;QACpC,KAAK,EAAE,8BAA8B;QACrC,OAAO,EACL,0GAA0G;KAC7G,CAAC,CAAC;AACL,CAAC,CAAC"}
package/dist/internal/utils/data/auth-tag.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth-tag.d.ts","sourceRoot":"","sources":["../../../../src/internal/utils/data/auth-tag.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAGpF,eAAO,MAAM,aAAa,GAAI,sEAO3B,iBAAiB,KAAG,MAqBtB,CAAC;AAEF,eAAO,MAAM,aAAa,GAAI,iFAQ3B,iBAAiB,KAAG,IA4BtB,CAAC"}
1
+ {"version":3,"file":"auth-tag.d.ts","sourceRoot":"","sources":["../../../../src/internal/utils/data/auth-tag.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAIpF,eAAO,MAAM,aAAa,GAAI,sEAO3B,iBAAiB,KAAG,MA2BtB,CAAC;AAEF,eAAO,MAAM,aAAa,GAAI,iFAQ3B,iBAAiB,KAAG,IAyCtB,CAAC"}
package/dist/internal/utils/data/auth-tag.js CHANGED
@@ -1,10 +1,10 @@
1
1
  import { AesError } from "../../../errors/index.js";
2
+ import { getAesDescriptor } from "../aes-descriptor.js";
2
3
  import { assertHmacAuthTag, createHmacAuthTag } from "./auth-tag-hmac.js";
3
4
  export const createAuthTag = ({ aad, encryption, cipher, content, hashKey, initialisationVector, }) => {
4
- switch (encryption) {
5
- case "A128CBC-HS256":
6
- case "A192CBC-HS384":
7
- case "A256CBC-HS512":
5
+ const { mode } = getAesDescriptor(encryption);
6
+ switch (mode) {
7
+ case "cbc-hmac":
8
8
  return createHmacAuthTag({
9
9
  aad,
10
10
  content,
@@ -12,22 +12,29 @@ export const createAuthTag = ({ aad, encryption, cipher, content, hashKey, initi
12
12
  hashKey,
13
13
  initialisationVector,
14
14
  });
15
- case "A128GCM":
16
- case "A192GCM":
17
- case "A256GCM":
15
+ case "gcm":
16
+ case "ccm":
18
17
  return cipher.getAuthTag();
19
18
  default:
20
- throw new AesError("Unexpected algorithm");
19
+ throw new AesError("Unexpected algorithm", {
20
+ code: "unsupported_encryption",
21
+ title: "Unsupported Encryption",
22
+ details: "Auth tag creation is only supported for AES-CBC-HMAC, AES-GCM, and AES-CCM variants.",
23
+ data: { encryption },
24
+ });
21
25
  }
22
26
  };
23
27
  export const assertAuthTag = ({ aad, authTag, content, hashKey, decipher, encryption, initialisationVector, }) => {
24
28
  if (!authTag) {
25
- throw new AesError("Auth tag is missing");
29
+ throw new AesError("Auth tag is missing", {
30
+ code: "missing_auth_tag",
31
+ title: "Missing Auth Tag",
32
+ details: "Authenticated decryption requires an auth tag to verify ciphertext integrity, but none was provided.",
33
+ });
26
34
  }
27
- switch (encryption) {
28
- case "A128CBC-HS256":
29
- case "A192CBC-HS384":
30
- case "A256CBC-HS512":
35
+ const { mode } = getAesDescriptor(encryption);
36
+ switch (mode) {
37
+ case "cbc-hmac":
31
38
  assertHmacAuthTag({
32
39
  aad,
33
40
  authTag,
@@ -37,13 +44,17 @@ export const assertAuthTag = ({ aad, authTag, content, hashKey, decipher, encryp
37
44
  initialisationVector,
38
45
  });
39
46
  return;
40
- case "A128GCM":
41
- case "A192GCM":
42
- case "A256GCM":
47
+ case "gcm":
48
+ case "ccm":
43
49
  decipher.setAuthTag(authTag);
44
50
  return;
45
51
  default:
46
- throw new AesError("Unexpected algorithm");
52
+ throw new AesError("Unexpected algorithm", {
53
+ code: "unsupported_encryption",
54
+ title: "Unsupported Encryption",
55
+ details: "Auth tag verification is only supported for AES-CBC-HMAC, AES-GCM, and AES-CCM variants.",
56
+ data: { encryption },
57
+ });
47
58
  }
48
59
  };
49
60
  //# sourceMappingURL=auth-tag.js.map
package/dist/internal/utils/data/auth-tag.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth-tag.js","sourceRoot":"","sources":["../../../../src/internal/utils/data/auth-tag.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAEpD,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAE1E,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,EAC5B,GAAG,EACH,UAAU,EACV,MAAM,EACN,OAAO,EACP,OAAO,EACP,oBAAoB,GACF,EAAU,EAAE;IAC9B,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,eAAe,CAAC;QACrB,KAAK,eAAe,CAAC;QACrB,KAAK,eAAe;YAClB,OAAO,iBAAiB,CAAC;gBACvB,GAAG;gBACH,OAAO;gBACP,UAAU;gBACV,OAAO;gBACP,oBAAoB;aACrB,CAAC,CAAC;QAEL,KAAK,SAAS,CAAC;QACf,KAAK,SAAS,CAAC;QACf,KAAK,SAAS;YACZ,OAAQ,MAAoB,CAAC,UAAU,EAAE,CAAC;QAE5C;YACE,MAAM,IAAI,QAAQ,CAAC,sBAAsB,CAAC,CAAC;IAC/C,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,EAC5B,GAAG,EACH,OAAO,EACP,OAAO,EACP,OAAO,EACP,QAAQ,EACR,UAAU,EACV,oBAAoB,GACF,EAAQ,EAAE;IAC5B,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,QAAQ,CAAC,qBAAqB,CAAC,CAAC;IAC5C,CAAC;IAED,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,eAAe,CAAC;QACrB,KAAK,eAAe,CAAC;QACrB,KAAK,eAAe;YAClB,iBAAiB,CAAC;gBAChB,GAAG;gBACH,OAAO;gBACP,OAAO;gBACP,UAAU;gBACV,OAAO;gBACP,oBAAoB;aACrB,CAAC,CAAC;YACH,OAAO;QAET,KAAK,SAAS,CAAC;QACf,KAAK,SAAS,CAAC;QACf,KAAK,SAAS;YACX,QAAwB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAC9C,OAAO;QAET;YACE,MAAM,IAAI,QAAQ,CAAC,sBAAsB,CAAC,CAAC;IAC/C,CAAC;AACH,CAAC,CAAC"}
1
+ {"version":3,"file":"auth-tag.js","sourceRoot":"","sources":["../../../../src/internal/utils/data/auth-tag.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAEpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAE1E,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,EAC5B,GAAG,EACH,UAAU,EACV,MAAM,EACN,OAAO,EACP,OAAO,EACP,oBAAoB,GACF,EAAU,EAAE;IAC9B,MAAM,EAAE,IAAI,EAAE,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAE9C,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,UAAU;YACb,OAAO,iBAAiB,CAAC;gBACvB,GAAG;gBACH,OAAO;gBACP,UAAU;gBACV,OAAO;gBACP,oBAAoB;aACrB,CAAC,CAAC;QAGL,KAAK,KAAK,CAAC;QACX,KAAK,KAAK;YACR,OAAQ,MAAoB,CAAC,UAAU,EAAE,CAAC;QAE5C;YACE,MAAM,IAAI,QAAQ,CAAC,sBAAsB,EAAE;gBACzC,IAAI,EAAE,wBAAwB;gBAC9B,KAAK,EAAE,wBAAwB;gBAC/B,OAAO,EACL,sFAAsF;gBACxF,IAAI,EAAE,EAAE,UAAU,EAAE;aACrB,CAAC,CAAC;IACP,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,EAC5B,GAAG,EACH,OAAO,EACP,OAAO,EACP,OAAO,EACP,QAAQ,EACR,UAAU,EACV,oBAAoB,GACF,EAAQ,EAAE;IAC5B,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,QAAQ,CAAC,qBAAqB,EAAE;YACxC,IAAI,EAAE,kBAAkB;YACxB,KAAK,EAAE,kBAAkB;YACzB,OAAO,EACL,sGAAsG;SACzG,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAE9C,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,UAAU;YACb,iBAAiB,CAAC;gBAChB,GAAG;gBACH,OAAO;gBACP,OAAO;gBACP,UAAU;gBACV,OAAO;gBACP,oBAAoB;aACrB,CAAC,CAAC;YACH,OAAO;QAKT,KAAK,KAAK,CAAC;QACX,KAAK,KAAK;YACP,QAAwB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAC9C,OAAO;QAET;YACE,MAAM,IAAI,QAAQ,CAAC,sBAAsB,EAAE;gBACzC,IAAI,EAAE,wBAAwB;gBAC9B,KAAK,EAAE,wBAAwB;gBAC/B,OAAO,EACL,0FAA0F;gBAC5F,IAAI,EAAE,EAAE,UAAU,EAAE;aACrB,CAAC,CAAC;IACP,CAAC;AACH,CAAC,CAAC"}
package/dist/internal/utils/data/get-initialisation-vector.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"get-initialisation-vector.d.ts","sourceRoot":"","sources":["../../../../src/internal/utils/data/get-initialisation-vector.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAI1D,eAAO,MAAM,uBAAuB,GAAI,YAAY,iBAAiB,KAAG,MAiBvE,CAAC"}
1
+ {"version":3,"file":"get-initialisation-vector.d.ts","sourceRoot":"","sources":["../../../../src/internal/utils/data/get-initialisation-vector.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAS1D,eAAO,MAAM,uBAAuB,GAAI,YAAY,iBAAiB,KAAG,MACrB,CAAC"}
package/dist/internal/utils/data/get-initialisation-vector.js CHANGED
@@ -1,19 +1,4 @@
1
1
  import { randomBytes } from "crypto";
2
- import { AesError } from "../../../errors/index.js";
3
- export const getInitialisationVector = (encryption) => {
4
- switch (encryption) {
5
- case "A128CBC-HS256":
6
- case "A192CBC-HS384":
7
- case "A256CBC-HS512":
8
- return randomBytes(16);
9
- case "A128GCM":
10
- case "A192GCM":
11
- case "A256GCM":
12
- return randomBytes(12);
13
- default:
14
- throw new AesError("Unexpected algorithm", {
15
- debug: { encryption },
16
- });
17
- }
18
- };
2
+ import { getAesDescriptor } from "../aes-descriptor.js";
3
+ export const getInitialisationVector = (encryption) => randomBytes(getAesDescriptor(encryption).ivBytes);
19
4
  //# sourceMappingURL=get-initialisation-vector.js.map
package/dist/internal/utils/data/get-initialisation-vector.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"get-initialisation-vector.js","sourceRoot":"","sources":["../../../../src/internal/utils/data/get-initialisation-vector.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAEpD,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,UAA6B,EAAU,EAAE;IAC/E,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,eAAe,CAAC;QACrB,KAAK,eAAe,CAAC;QACrB,KAAK,eAAe;YAClB,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC;QAEzB,KAAK,SAAS,CAAC;QACf,KAAK,SAAS,CAAC;QACf,KAAK,SAAS;YACZ,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC;QAEzB;YACE,MAAM,IAAI,QAAQ,CAAC,sBAAsB,EAAE;gBACzC,KAAK,EAAE,EAAE,UAAU,EAAE;aACtB,CAAC,CAAC;IACP,CAAC;AACH,CAAC,CAAC"}
1
+ {"version":3,"file":"get-initialisation-vector.js","sourceRoot":"","sources":["../../../../src/internal/utils/data/get-initialisation-vector.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAOxD,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,UAA6B,EAAU,EAAE,CAC/E,WAAW,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC"}
package/dist/internal/utils/data/split-content-encryption-key.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"split-content-encryption-key.d.ts","sourceRoot":"","sources":["../../../../src/internal/utils/data/split-content-encryption-key.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAI1D,KAAK,MAAM,GAAG;IACZ,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAqBF,eAAO,MAAM,yBAAyB,GACpC,YAAY,iBAAiB,EAC7B,sBAAsB,MAAM,KAC3B,MAmBF,CAAC"}
1
+ {"version":3,"file":"split-content-encryption-key.d.ts","sourceRoot":"","sources":["../../../../src/internal/utils/data/split-content-encryption-key.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAI1D,KAAK,MAAM,GAAG;IACZ,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,eAAO,MAAM,yBAAyB,GACpC,YAAY,iBAAiB,EAC7B,sBAAsB,MAAM,KAC3B,MAwBF,CAAC"}
package/dist/internal/utils/data/split-content-encryption-key.js CHANGED
@@ -1,30 +1,20 @@
1
1
  import { AesError } from "../../../errors/index.js";
2
- const encryptionKeyLength = (encryption) => {
3
- switch (encryption) {
4
- case "A128CBC-HS256":
5
- case "A128GCM":
6
- return 16;
7
- case "A192CBC-HS384":
8
- case "A192GCM":
9
- return 24;
10
- case "A256CBC-HS512":
11
- case "A256GCM":
12
- return 32;
13
- default:
14
- throw new AesError("Unexpected algorithm");
15
- }
16
- };
2
+ import { getAesDescriptor } from "../aes-descriptor.js";
17
3
  export const splitContentEncryptionKey = (encryption, contentEncryptionKey) => {
18
- const keyLength = encryptionKeyLength(encryption);
19
- if (encryption.includes("CBC")) {
20
- const hashKey = contentEncryptionKey.subarray(0, keyLength);
21
- const encryptionKey = contentEncryptionKey.subarray(keyLength);
4
+ const { cipherKeyBytes, mode } = getAesDescriptor(encryption);
5
+ if (mode === "cbc-hmac") {
6
+ const hashKey = contentEncryptionKey.subarray(0, cipherKeyBytes);
7
+ const encryptionKey = contentEncryptionKey.subarray(cipherKeyBytes);
22
8
  return { encryptionKey, hashKey };
23
9
  }
24
- const encryptionKey = contentEncryptionKey.subarray(0, keyLength);
25
- const hashKey = contentEncryptionKey.subarray(keyLength);
10
+ const encryptionKey = contentEncryptionKey.subarray(0, cipherKeyBytes);
11
+ const hashKey = contentEncryptionKey.subarray(cipherKeyBytes);
26
12
  if (hashKey.length) {
27
- throw new AesError("Unexpected hash key");
13
+ throw new AesError("Unexpected hash key", {
14
+ code: "unexpected_hash_key",
15
+ title: "Unexpected Hash Key",
16
+ details: "AEAD encryption (GCM/CCM) uses the full content encryption key for encryption and must not leave any leftover hash key octets.",
17
+ });
28
18
  }
29
19
  return { encryptionKey, hashKey };
30
20
  };
package/dist/internal/utils/data/split-content-encryption-key.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"split-content-encryption-key.js","sourceRoot":"","sources":["../../../../src/internal/utils/data/split-content-encryption-key.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAOpD,MAAM,mBAAmB,GAAG,CAAC,UAA6B,EAAgB,EAAE;IAC1E,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,eAAe,CAAC;QACrB,KAAK,SAAS;YACZ,OAAO,EAAE,CAAC;QAEZ,KAAK,eAAe,CAAC;QACrB,KAAK,SAAS;YACZ,OAAO,EAAE,CAAC;QAEZ,KAAK,eAAe,CAAC;QACrB,KAAK,SAAS;YACZ,OAAO,EAAE,CAAC;QAEZ;YACE,MAAM,IAAI,QAAQ,CAAC,sBAAsB,CAAC,CAAC;IAC/C,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,yBAAyB,GAAG,CACvC,UAA6B,EAC7B,oBAA4B,EACpB,EAAE;IACV,MAAM,SAAS,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;IAElD,IAAI,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAE/B,MAAM,OAAO,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;QAC5D,MAAM,aAAa,GAAG,oBAAoB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QAC/D,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC;IACpC,CAAC;IAGD,MAAM,aAAa,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;IAClE,MAAM,OAAO,GAAG,oBAAoB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAEzD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,MAAM,IAAI,QAAQ,CAAC,qBAAqB,CAAC,CAAC;IAC5C,CAAC;IAED,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC;AACpC,CAAC,CAAC"}
1
+ {"version":3,"file":"split-content-encryption-key.js","sourceRoot":"","sources":["../../../../src/internal/utils/data/split-content-encryption-key.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAOxD,MAAM,CAAC,MAAM,yBAAyB,GAAG,CACvC,UAA6B,EAC7B,oBAA4B,EACpB,EAAE;IACV,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAE9D,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;QAExB,MAAM,OAAO,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QACjE,MAAM,aAAa,GAAG,oBAAoB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;QACpE,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC;IACpC,CAAC;IAGD,MAAM,aAAa,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;IACvE,MAAM,OAAO,GAAG,oBAAoB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;IAE9D,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,MAAM,IAAI,QAAQ,CAAC,qBAAqB,EAAE;YACxC,IAAI,EAAE,qBAAqB;YAC3B,KAAK,EAAE,qBAAqB;YAC5B,OAAO,EACL,gIAAgI;SACnI,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC;AACpC,CAAC,CAAC"}
package/dist/internal/utils/diffie-hellman/diffie-hellman-key-wrap.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"diffie-hellman-key-wrap.d.ts","sourceRoot":"","sources":["../../../../src/internal/utils/diffie-hellman/diffie-hellman-key-wrap.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,uCAAuC,CAAC;AAO/C,eAAO,MAAM,oCAAoC,GAAI,0BAGlD,gBAAgB,KAAG,eAyBrB,CAAC;AAEF,eAAO,MAAM,oCAAoC,GAAI,iGAMlD,iBAAiB,KAAG,gBAoBtB,CAAC"}
1
+ {"version":3,"file":"diffie-hellman-key-wrap.d.ts","sourceRoot":"","sources":["../../../../src/internal/utils/diffie-hellman/diffie-hellman-key-wrap.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,uCAAuC,CAAC;AAO/C,eAAO,MAAM,oCAAoC,GAAI,0BAGlD,gBAAgB,KAAG,eAyBrB,CAAC;AAEF,eAAO,MAAM,oCAAoC,GAAI,iGAMlD,iBAAiB,KAAG,gBAyBtB,CAAC"}
package/dist/internal/utils/diffie-hellman/diffie-hellman-key-wrap.js CHANGED
@@ -29,7 +29,11 @@ export const getDiffieHellmanKeyWrapEncryptionKey = ({ encryption, kryptos, }) =
29
29
  };
30
30
  export const getDiffieHellmanKeyWrapDecryptionKey = ({ kryptos, publicEncryptionJwk, publicEncryptionIv, publicEncryptionKey, publicEncryptionTag, }) => {
31
31
  if (!publicEncryptionKey) {
32
- throw new AesError("Missing publicEncryptionKey");
32
+ throw new AesError("Missing publicEncryptionKey", {
33
+ code: "missing_public_encryption_key",
34
+ title: "Missing Public Encryption Key",
35
+ details: "ECDH key-wrap decryption requires the wrapped content encryption key, but it was not provided.",
36
+ });
33
37
  }
34
38
  const sharedSecret = calculateSharedSecret({ kryptos, publicEncryptionJwk });
35
39
  const { derivedKey } = concatKdf({
package/dist/internal/utils/diffie-hellman/diffie-hellman-key-wrap.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"diffie-hellman-key-wrap.js","sourceRoot":"","sources":["../../../../src/internal/utils/diffie-hellman/diffie-hellman-key-wrap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAOpD,OAAO,EAAE,iCAAiC,EAAE,MAAM,uDAAuD,CAAC;AAC1G,OAAO,EAAE,oBAAoB,EAAE,MAAM,yCAAyC,CAAC;AAC/E,OAAO,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AAC5D,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAEjF,MAAM,CAAC,MAAM,oCAAoC,GAAG,CAAC,EACnD,UAAU,EACV,OAAO,GACU,EAAmB,EAAE;IACtC,MAAM,EAAE,mBAAmB,EAAE,YAAY,EAAE,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAE5E,MAAM,OAAO,GAAG,iCAAiC,CAAC,UAAU,CAAC,CAAC;IAC9D,MAAM,oBAAoB,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IAElD,MAAM,EAAE,UAAU,EAAE,GAAG,SAAS,CAAC;QAC/B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,SAAS,EAAE,oBAAoB,CAAC,OAAO,CAAC,SAAS,CAAC;QAClD,YAAY;KACb,CAAC,CAAC;IAEH,MAAM,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC;QAC/E,oBAAoB;QACpB,OAAO;QACP,gBAAgB,EAAE,UAAU;KAC7B,CAAC,CAAC;IAEH,OAAO;QACL,oBAAoB;QACpB,mBAAmB;QACnB,mBAAmB;QACnB,kBAAkB;QAClB,mBAAmB;KACpB,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,oCAAoC,GAAG,CAAC,EACnD,OAAO,EACP,mBAAmB,EACnB,kBAAkB,EAClB,mBAAmB,EACnB,mBAAmB,GACD,EAAoB,EAAE;IACxC,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,MAAM,IAAI,QAAQ,CAAC,6BAA6B,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,YAAY,GAAG,qBAAqB,CAAC,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IAE7E,MAAM,EAAE,UAAU,EAAE,GAAG,SAAS,CAAC;QAC/B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,SAAS,EAAE,oBAAoB,CAAC,OAAO,CAAC,SAAS,CAAC;QAClD,YAAY;KACb,CAAC,CAAC;IAEH,OAAO,SAAS,CAAC;QACf,gBAAgB,EAAE,UAAU;QAC5B,OAAO;QACP,kBAAkB;QAClB,mBAAmB;QACnB,mBAAmB;KACpB,CAAC,CAAC;AACL,CAAC,CAAC"}
1
+ {"version":3,"file":"diffie-hellman-key-wrap.js","sourceRoot":"","sources":["../../../../src/internal/utils/diffie-hellman/diffie-hellman-key-wrap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAOpD,OAAO,EAAE,iCAAiC,EAAE,MAAM,uDAAuD,CAAC;AAC1G,OAAO,EAAE,oBAAoB,EAAE,MAAM,yCAAyC,CAAC;AAC/E,OAAO,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AAC5D,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAEjF,MAAM,CAAC,MAAM,oCAAoC,GAAG,CAAC,EACnD,UAAU,EACV,OAAO,GACU,EAAmB,EAAE;IACtC,MAAM,EAAE,mBAAmB,EAAE,YAAY,EAAE,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAE5E,MAAM,OAAO,GAAG,iCAAiC,CAAC,UAAU,CAAC,CAAC;IAC9D,MAAM,oBAAoB,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IAElD,MAAM,EAAE,UAAU,EAAE,GAAG,SAAS,CAAC;QAC/B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,SAAS,EAAE,oBAAoB,CAAC,OAAO,CAAC,SAAS,CAAC;QAClD,YAAY;KACb,CAAC,CAAC;IAEH,MAAM,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC;QAC/E,oBAAoB;QACpB,OAAO;QACP,gBAAgB,EAAE,UAAU;KAC7B,CAAC,CAAC;IAEH,OAAO;QACL,oBAAoB;QACpB,mBAAmB;QACnB,mBAAmB;QACnB,kBAAkB;QAClB,mBAAmB;KACpB,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,oCAAoC,GAAG,CAAC,EACnD,OAAO,EACP,mBAAmB,EACnB,kBAAkB,EAClB,mBAAmB,EACnB,mBAAmB,GACD,EAAoB,EAAE;IACxC,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,MAAM,IAAI,QAAQ,CAAC,6BAA6B,EAAE;YAChD,IAAI,EAAE,+BAA+B;YACrC,KAAK,EAAE,+BAA+B;YACtC,OAAO,EACL,gGAAgG;SACnG,CAAC,CAAC;IACL,CAAC;IAED,MAAM,YAAY,GAAG,qBAAqB,CAAC,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IAE7E,MAAM,EAAE,UAAU,EAAE,GAAG,SAAS,CAAC;QAC/B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,SAAS,EAAE,oBAAoB,CAAC,OAAO,CAAC,SAAS,CAAC;QAClD,YAAY;KACb,CAAC,CAAC;IAEH,OAAO,SAAS,CAAC;QACf,gBAAgB,EAAE,UAAU;QAC5B,OAAO;QACP,kBAAkB;QAClB,mBAAmB;QACnB,mBAAmB;KACpB,CAAC,CAAC;AACL,CAAC,CAAC"}
package/dist/internal/utils/diffie-hellman/diffie-hellman.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"diffie-hellman.d.ts","sourceRoot":"","sources":["../../../../src/internal/utils/diffie-hellman/diffie-hellman.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,uCAAuC,CAAC;AAK/C,eAAO,MAAM,6BAA6B,GAAI,0BAG3C,gBAAgB,KAAG,eAcrB,CAAC;AAEF,eAAO,MAAM,6BAA6B,GAAI,+CAI3C,iBAAiB,KAAG,gBAkBtB,CAAC"}
1
+ {"version":3,"file":"diffie-hellman.d.ts","sourceRoot":"","sources":["../../../../src/internal/utils/diffie-hellman/diffie-hellman.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,uCAAuC,CAAC;AAK/C,eAAO,MAAM,6BAA6B,GAAI,0BAG3C,gBAAgB,KAAG,eAcrB,CAAC;AAEF,eAAO,MAAM,6BAA6B,GAAI,+CAI3C,iBAAiB,KAAG,gBA2BtB,CAAC"}
package/dist/internal/utils/diffie-hellman/diffie-hellman.js CHANGED
@@ -18,10 +18,18 @@ export const getDiffieHellmanEncryptionKey = ({ encryption, kryptos, }) => {
18
18
  };
19
19
  export const getDiffieHellmanDecryptionKey = ({ encryption, kryptos, publicEncryptionJwk, }) => {
20
20
  if (!KryptosKit.isEc(kryptos) && !KryptosKit.isOkp(kryptos)) {
21
- throw new AesError("Invalid kryptos type");
21
+ throw new AesError("Invalid kryptos type", {
22
+ code: "invalid_kryptos_type",
23
+ title: "Invalid Kryptos Type",
24
+ details: "ECDH-ES decryption requires an EC or OKP Kryptos key type.",
25
+ });
22
26
  }
23
27
  if (!publicEncryptionJwk) {
24
- throw new AesError("Missing publicEncryptionJwk");
28
+ throw new AesError("Missing publicEncryptionJwk", {
29
+ code: "missing_public_encryption_jwk",
30
+ title: "Missing Public Encryption JWK",
31
+ details: "ECDH-ES decryption requires the sender's ephemeral public JWK, but it was not provided.",
32
+ });
25
33
  }
26
34
  const sharedSecret = calculateSharedSecret({ kryptos, publicEncryptionJwk });
27
35
  const keyLength = calculateContentEncryptionKeySize(encryption);
package/dist/internal/utils/diffie-hellman/diffie-hellman.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"diffie-hellman.js","sourceRoot":"","sources":["../../../../src/internal/utils/diffie-hellman/diffie-hellman.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAOpD,OAAO,EAAE,iCAAiC,EAAE,MAAM,uDAAuD,CAAC;AAC1G,OAAO,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AAC5D,OAAO,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAEjF,MAAM,CAAC,MAAM,6BAA6B,GAAG,CAAC,EAC5C,UAAU,EACV,OAAO,GACU,EAAmB,EAAE;IACtC,MAAM,EAAE,mBAAmB,EAAE,YAAY,EAAE,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAC5E,MAAM,SAAS,GAAG,iCAAiC,CAAC,UAAU,CAAC,CAAC;IAEhE,MAAM,EAAE,UAAU,EAAE,GAAG,SAAS,CAAC;QAC/B,SAAS,EAAE,UAAU;QACrB,SAAS;QACT,YAAY;KACb,CAAC,CAAC;IAEH,OAAO;QACL,oBAAoB,EAAE,UAAU;QAChC,mBAAmB;KACpB,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,6BAA6B,GAAG,CAAC,EAC5C,UAAU,EACV,OAAO,EACP,mBAAmB,GACD,EAAoB,EAAE;IACxC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5D,MAAM,IAAI,QAAQ,CAAC,sBAAsB,CAAC,CAAC;IAC7C,CAAC;IACD,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,MAAM,IAAI,QAAQ,CAAC,6BAA6B,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,YAAY,GAAG,qBAAqB,CAAC,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IAC7E,MAAM,SAAS,GAAG,iCAAiC,CAAC,UAAU,CAAC,CAAC;IAEhE,MAAM,EAAE,UAAU,EAAE,GAAG,SAAS,CAAC;QAC/B,SAAS,EAAE,UAAU;QACrB,SAAS;QACT,YAAY;KACb,CAAC,CAAC;IAEH,OAAO,EAAE,oBAAoB,EAAE,UAAU,EAAE,CAAC;AAC9C,CAAC,CAAC"}
1
+ {"version":3,"file":"diffie-hellman.js","sourceRoot":"","sources":["../../../../src/internal/utils/diffie-hellman/diffie-hellman.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAOpD,OAAO,EAAE,iCAAiC,EAAE,MAAM,uDAAuD,CAAC;AAC1G,OAAO,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAC;AAC5D,OAAO,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAEjF,MAAM,CAAC,MAAM,6BAA6B,GAAG,CAAC,EAC5C,UAAU,EACV,OAAO,GACU,EAAmB,EAAE;IACtC,MAAM,EAAE,mBAAmB,EAAE,YAAY,EAAE,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAC5E,MAAM,SAAS,GAAG,iCAAiC,CAAC,UAAU,CAAC,CAAC;IAEhE,MAAM,EAAE,UAAU,EAAE,GAAG,SAAS,CAAC;QAC/B,SAAS,EAAE,UAAU;QACrB,SAAS;QACT,YAAY;KACb,CAAC,CAAC;IAEH,OAAO;QACL,oBAAoB,EAAE,UAAU;QAChC,mBAAmB;KACpB,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,6BAA6B,GAAG,CAAC,EAC5C,UAAU,EACV,OAAO,EACP,mBAAmB,GACD,EAAoB,EAAE;IACxC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5D,MAAM,IAAI,QAAQ,CAAC,sBAAsB,EAAE;YACzC,IAAI,EAAE,sBAAsB;YAC5B,KAAK,EAAE,sBAAsB;YAC7B,OAAO,EAAE,4DAA4D;SACtE,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,MAAM,IAAI,QAAQ,CAAC,6BAA6B,EAAE;YAChD,IAAI,EAAE,+BAA+B;YACrC,KAAK,EAAE,+BAA+B;YACtC,OAAO,EACL,yFAAyF;SAC5F,CAAC,CAAC;IACL,CAAC;IAED,MAAM,YAAY,GAAG,qBAAqB,CAAC,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC;IAC7E,MAAM,SAAS,GAAG,iCAAiC,CAAC,UAAU,CAAC,CAAC;IAEhE,MAAM,EAAE,UAAU,EAAE,GAAG,SAAS,CAAC;QAC/B,SAAS,EAAE,UAAU;QACrB,SAAS;QACT,YAAY;KACb,CAAC,CAAC;IAEH,OAAO,EAAE,oBAAoB,EAAE,UAAU,EAAE,CAAC;AAC9C,CAAC,CAAC"}
package/dist/internal/utils/diffie-hellman/shared-secret.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"shared-secret.d.ts","sourceRoot":"","sources":["../../../../src/internal/utils/diffie-hellman/shared-secret.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,KAAK,QAAQ,EAId,MAAM,kBAAkB,CAAC;AAG1B,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,uCAAuC,CAAC;AAE/E,KAAK,cAAc,GAAG;IACpB,mBAAmB,EAAE,mBAAmB,CAAC;IACzC,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,KAAK,4BAA4B,GAAG,IAAI,CACtC,iBAAiB,EACjB,SAAS,GAAG,qBAAqB,CAClC,CAAC;AAoBF,eAAO,MAAM,oBAAoB,GAAI,SAAS,QAAQ,KAAG,cA+BxD,CAAC;AAEF,eAAO,MAAM,qBAAqB,GAAI,mCAGnC,4BAA4B,KAAG,MAgCjC,CAAC"}
1
+ {"version":3,"file":"shared-secret.d.ts","sourceRoot":"","sources":["../../../../src/internal/utils/diffie-hellman/shared-secret.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,KAAK,QAAQ,EAId,MAAM,kBAAkB,CAAC;AAG1B,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,uCAAuC,CAAC;AAE/E,KAAK,cAAc,GAAG;IACpB,mBAAmB,EAAE,mBAAmB,CAAC;IACzC,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,KAAK,4BAA4B,GAAG,IAAI,CACtC,iBAAiB,EACjB,SAAS,GAAG,qBAAqB,CAClC,CAAC;AAyBF,eAAO,MAAM,oBAAoB,GAAI,SAAS,QAAQ,KAAG,cAyCxD,CAAC;AAEF,eAAO,MAAM,qBAAqB,GAAI,mCAGnC,4BAA4B,KAAG,MA+CjC,CAAC"}
package/dist/internal/utils/diffie-hellman/shared-secret.js CHANGED
@@ -14,17 +14,29 @@ const generateKryptos = (kryptos) => {
14
14
  curve: kryptos.curve,
15
15
  });
16
16
  }
17
- throw new AesError("Invalid kryptos type");
17
+ throw new AesError("Invalid kryptos type", {
18
+ code: "invalid_kryptos_type",
19
+ title: "Invalid Kryptos Type",
20
+ details: "Generating an ephemeral key for ECDH requires an EC or OKP Kryptos key type.",
21
+ });
18
22
  };
19
23
  export const generateSharedSecret = (kryptos) => {
20
24
  const pek = generateKryptos(kryptos);
21
25
  const der = kryptos.export("der");
22
26
  const sender = pek.export("der");
23
27
  if (!sender.privateKey) {
24
- throw new AesError("Sender private key is missing");
28
+ throw new AesError("Sender private key is missing", {
29
+ code: "missing_private_key",
30
+ title: "Missing Private Key",
31
+ details: "The generated ephemeral sender key has no private key to compute the ECDH shared secret.",
32
+ });
25
33
  }
26
34
  if (!der.publicKey) {
27
- throw new AesError("Kryptos public key is missing");
35
+ throw new AesError("Kryptos public key is missing", {
36
+ code: "missing_public_key",
37
+ title: "Missing Public Key",
38
+ details: "The recipient Kryptos key has no public key to compute the ECDH shared secret.",
39
+ });
28
40
  }
29
41
  const sharedSecret = diffieHellman({
30
42
  privateKey: createPrivateKey({
@@ -46,7 +58,11 @@ export const generateSharedSecret = (kryptos) => {
46
58
  };
47
59
  export const calculateSharedSecret = ({ kryptos, publicEncryptionJwk, }) => {
48
60
  if (!publicEncryptionJwk) {
49
- throw new AesError("Missing publicEncryptionJwk");
61
+ throw new AesError("Missing publicEncryptionJwk", {
62
+ code: "missing_public_encryption_jwk",
63
+ title: "Missing Public Encryption JWK",
64
+ details: "Calculating the ECDH shared secret requires the sender's ephemeral public JWK, but it was not provided.",
65
+ });
50
66
  }
51
67
  const pek = KryptosKit.from.jwk({
52
68
  alg: kryptos.algorithm,
@@ -56,10 +72,18 @@ export const calculateSharedSecret = ({ kryptos, publicEncryptionJwk, }) => {
56
72
  const der = kryptos.export("der");
57
73
  const receiver = pek.export("der");
58
74
  if (!der.privateKey) {
59
- throw new AesError("Kryptos private key is missing");
75
+ throw new AesError("Kryptos private key is missing", {
76
+ code: "missing_private_key",
77
+ title: "Missing Private Key",
78
+ details: "The recipient Kryptos key has no private key to compute the ECDH shared secret during decryption.",
79
+ });
60
80
  }
61
81
  if (!receiver.publicKey) {
62
- throw new AesError("Receiver public key is missing");
82
+ throw new AesError("Receiver public key is missing", {
83
+ code: "missing_public_key",
84
+ title: "Missing Public Key",
85
+ details: "The sender's ephemeral JWK produced no public key to compute the ECDH shared secret during decryption.",
86
+ });
63
87
  }
64
88
  return diffieHellman({
65
89
  privateKey: createPrivateKey({
package/dist/internal/utils/diffie-hellman/shared-secret.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"shared-secret.js","sourceRoot":"","sources":["../../../../src/internal/utils/diffie-hellman/shared-secret.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,UAAU,GAGX,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;AAC1E,OAAO,EAAE,QAAQ,EAAE,MAAM,6BAA6B,CAAC;AAcvD,MAAM,eAAe,GAAG,CAAC,OAAiB,EAAY,EAAE;IACtD,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,OAAO,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,SAAS,EAAE,OAAO,CAAC,SAA2B;YAC9C,KAAK,EAAE,OAAO,CAAC,KAAK;SACrB,CAAC,CAAC;IACL,CAAC;IAED,IAAI,UAAU,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QAC9B,OAAO,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC;YACjC,SAAS,EAAE,OAAO,CAAC,SAA4B;YAC/C,KAAK,EAAE,OAAO,CAAC,KAAoB;SACpC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,QAAQ,CAAC,sBAAsB,CAAC,CAAC;AAC7C,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,OAAiB,EAAkB,EAAE;IACxE,MAAM,GAAG,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IACrC,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAClC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAEjC,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QACvB,MAAM,IAAI,QAAQ,CAAC,+BAA+B,CAAC,CAAC;IACtD,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC;QACnB,MAAM,IAAI,QAAQ,CAAC,+BAA+B,CAAC,CAAC;IACtD,CAAC;IAED,MAAM,YAAY,GAAG,aAAa,CAAC;QACjC,UAAU,EAAE,gBAAgB,CAAC;YAC3B,GAAG,EAAE,MAAM,CAAC,UAAU;YACtB,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,OAAO;SACd,CAAC;QACF,SAAS,EAAE,eAAe,CAAC;YACzB,GAAG,EAAE,GAAG,CAAC,SAAS;YAClB,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,MAAM;SACb,CAAC;KACH,CAAC,CAAC;IAEH,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAE7C,OAAO;QACL,mBAAmB,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE;QACvC,YAAY;KACb,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,EACpC,OAAO,EACP,mBAAmB,GACU,EAAU,EAAE;IACzC,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,MAAM,IAAI,QAAQ,CAAC,6BAA6B,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC;QAC9B,GAAG,EAAE,OAAO,CAAC,SAAS;QACtB,GAAG,EAAE,KAAK;QACV,GAAG,mBAAmB;KACvB,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAClC,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAEnC,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC;QACpB,MAAM,IAAI,QAAQ,CAAC,gCAAgC,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;QACxB,MAAM,IAAI,QAAQ,CAAC,gCAAgC,CAAC,CAAC;IACvD,CAAC;IAED,OAAO,aAAa,CAAC;QACnB,UAAU,EAAE,gBAAgB,CAAC;YAC3B,GAAG,EAAE,GAAG,CAAC,UAAU;YACnB,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,OAAO;SACd,CAAC;QACF,SAAS,EAAE,eAAe,CAAC;YACzB,GAAG,EAAE,QAAQ,CAAC,SAAS;YACvB,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,MAAM;SACb,CAAC;KACH,CAAC,CAAC;AACL,CAAC,CAAC"}
1
+ {"version":3,"file":"shared-secret.js","sourceRoot":"","sources":["../../../../src/internal/utils/diffie-hellman/shared-secret.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,UAAU,GAGX,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;AAC1E,OAAO,EAAE,QAAQ,EAAE,MAAM,6BAA6B,CAAC;AAcvD,MAAM,eAAe,GAAG,CAAC,OAAiB,EAAY,EAAE;IACtD,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,OAAO,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,SAAS,EAAE,OAAO,CAAC,SAA2B;YAC9C,KAAK,EAAE,OAAO,CAAC,KAAK;SACrB,CAAC,CAAC;IACL,CAAC;IAED,IAAI,UAAU,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QAC9B,OAAO,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC;YACjC,SAAS,EAAE,OAAO,CAAC,SAA4B;YAC/C,KAAK,EAAE,OAAO,CAAC,KAAoB;SACpC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,QAAQ,CAAC,sBAAsB,EAAE;QACzC,IAAI,EAAE,sBAAsB;QAC5B,KAAK,EAAE,sBAAsB;QAC7B,OAAO,EACL,8EAA8E;KACjF,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,OAAiB,EAAkB,EAAE;IACxE,MAAM,GAAG,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IACrC,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAClC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAEjC,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QACvB,MAAM,IAAI,QAAQ,CAAC,+BAA+B,EAAE;YAClD,IAAI,EAAE,qBAAqB;YAC3B,KAAK,EAAE,qBAAqB;YAC5B,OAAO,EACL,0FAA0F;SAC7F,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC;QACnB,MAAM,IAAI,QAAQ,CAAC,+BAA+B,EAAE;YAClD,IAAI,EAAE,oBAAoB;YAC1B,KAAK,EAAE,oBAAoB;YAC3B,OAAO,EACL,gFAAgF;SACnF,CAAC,CAAC;IACL,CAAC;IAED,MAAM,YAAY,GAAG,aAAa,CAAC;QACjC,UAAU,EAAE,gBAAgB,CAAC;YAC3B,GAAG,EAAE,MAAM,CAAC,UAAU;YACtB,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,OAAO;SACd,CAAC;QACF,SAAS,EAAE,eAAe,CAAC;YACzB,GAAG,EAAE,GAAG,CAAC,SAAS;YAClB,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,MAAM;SACb,CAAC;KACH,CAAC,CAAC;IAEH,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAE7C,OAAO;QACL,mBAAmB,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE;QACvC,YAAY;KACb,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,EACpC,OAAO,EACP,mBAAmB,GACU,EAAU,EAAE;IACzC,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,MAAM,IAAI,QAAQ,CAAC,6BAA6B,EAAE;YAChD,IAAI,EAAE,+BAA+B;YACrC,KAAK,EAAE,+BAA+B;YACtC,OAAO,EACL,yGAAyG;SAC5G,CAAC,CAAC;IACL,CAAC;IAED,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC;QAC9B,GAAG,EAAE,OAAO,CAAC,SAAS;QACtB,GAAG,EAAE,KAAK;QACV,GAAG,mBAAmB;KACvB,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAClC,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAEnC,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC;QACpB,MAAM,IAAI,QAAQ,CAAC,gCAAgC,EAAE;YACnD,IAAI,EAAE,qBAAqB;YAC3B,KAAK,EAAE,qBAAqB;YAC5B,OAAO,EACL,mGAAmG;SACtG,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;QACxB,MAAM,IAAI,QAAQ,CAAC,gCAAgC,EAAE;YACnD,IAAI,EAAE,oBAAoB;YAC1B,KAAK,EAAE,oBAAoB;YAC3B,OAAO,EACL,wGAAwG;SAC3G,CAAC,CAAC;IACL,CAAC;IAED,OAAO,aAAa,CAAC;QACnB,UAAU,EAAE,gBAAgB,CAAC;YAC3B,GAAG,EAAE,GAAG,CAAC,UAAU;YACnB,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,OAAO;SACd,CAAC;QACF,SAAS,EAAE,eAAe,CAAC;YACzB,GAAG,EAAE,QAAQ,CAAC,SAAS;YACvB,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,MAAM;SACb,CAAC;KACH,CAAC,CAAC;AACL,CAAC,CAAC"}
package/dist/internal/utils/encoded-aes.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"encoded-aes.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/encoded-aes.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AA2C9E,eAAO,MAAM,sBAAsB,GAAI,MAAM,mBAAmB,KAAG,MAwClE,CAAC;AAEF,eAAO,MAAM,qBAAqB,GAAI,SAAS,MAAM,KAAG,yBA+EvD,CAAC"}
1
+ {"version":3,"file":"encoded-aes.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/encoded-aes.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AAgC9E,eAAO,MAAM,sBAAsB,GAAI,MAAM,mBAAmB,KAAG,MAwClE,CAAC;AAEF,eAAO,MAAM,qBAAqB,GAAI,SAAS,MAAM,KAAG,yBA6GvD,CAAC"}
package/dist/internal/utils/encoded-aes.js CHANGED
@@ -1,18 +1,9 @@
1
1
  import { B64 } from "@lindorm/b64";
2
2
  import { AesError } from "../../errors/AesError.js";
3
+ import { getAesDescriptor } from "./aes-descriptor.js";
3
4
  import { buildAesHeader, computeAad, decodeAesHeader, headerToDecryptionParams, } from "./aes-header.js";
4
- const getIvSize = (enc) => (enc.includes("GCM") ? 12 : 16);
5
- const getTagSize = (enc) => {
6
- if (enc.includes("GCM"))
7
- return 16;
8
- if (enc === "A128CBC-HS256")
9
- return 16;
10
- if (enc === "A192CBC-HS384")
11
- return 24;
12
- if (enc === "A256CBC-HS512")
13
- return 32;
14
- return 16;
15
- };
5
+ const getIvSize = (enc) => getAesDescriptor(enc).ivBytes;
6
+ const getTagSize = (enc) => getAesDescriptor(enc).tagBytes;
16
7
  export const createEncodedAesString = (data) => {
17
8
  const header = buildAesHeader({
18
9
  algorithm: data.algorithm,
@@ -46,12 +37,20 @@ export const parseEncodedAesString = (encoded) => {
46
37
  const buffer = B64.toBuffer(encoded, "b64u");
47
38
  let offset = 0;
48
39
  if (offset + 2 > buffer.length) {
49
- throw new AesError("Unexpected end of encoded AES data: missing header length");
40
+ throw new AesError("Unexpected end of encoded AES data: missing header length", {
41
+ code: "malformed_encoded_data",
42
+ title: "Malformed Encoded Data",
43
+ details: "The encoded AES buffer ended before the 2-byte header length prefix could be read.",
44
+ });
50
45
  }
51
46
  const headerJsonLength = buffer.readUInt16BE(offset);
52
47
  offset += 2;
53
48
  if (offset + headerJsonLength > buffer.length) {
54
- throw new AesError("Unexpected end of encoded AES data: header exceeds buffer");
49
+ throw new AesError("Unexpected end of encoded AES data: header exceeds buffer", {
50
+ code: "malformed_encoded_data",
51
+ title: "Malformed Encoded Data",
52
+ details: "The declared header length extends beyond the end of the encoded AES buffer.",
53
+ });
55
54
  }
56
55
  const headerJsonBytes = buffer.subarray(offset, offset + headerJsonLength);
57
56
  offset += headerJsonLength;
@@ -60,27 +59,43 @@ export const parseEncodedAesString = (encoded) => {
60
59
  const params = headerToDecryptionParams(decodedHeader);
61
60
  const aad = computeAad(headerB64);
62
61
  if (offset + 2 > buffer.length) {
63
- throw new AesError("Unexpected end of encoded AES data: missing CEK length");
62
+ throw new AesError("Unexpected end of encoded AES data: missing CEK length", {
63
+ code: "malformed_encoded_data",
64
+ title: "Malformed Encoded Data",
65
+ details: "The encoded AES buffer ended before the 2-byte content encryption key length prefix could be read.",
66
+ });
64
67
  }
65
68
  const cekLength = buffer.readUInt16BE(offset);
66
69
  offset += 2;
67
70
  let publicEncryptionKey;
68
71
  if (cekLength > 0) {
69
72
  if (offset + cekLength > buffer.length) {
70
- throw new AesError("Unexpected end of encoded AES data: CEK exceeds buffer");
73
+ throw new AesError("Unexpected end of encoded AES data: CEK exceeds buffer", {
74
+ code: "malformed_encoded_data",
75
+ title: "Malformed Encoded Data",
76
+ details: "The declared content encryption key length extends beyond the end of the encoded AES buffer.",
77
+ });
71
78
  }
72
79
  publicEncryptionKey = buffer.subarray(offset, offset + cekLength);
73
80
  offset += cekLength;
74
81
  }
75
82
  const ivSize = getIvSize(params.encryption);
76
83
  if (offset + ivSize > buffer.length) {
77
- throw new AesError("Unexpected end of encoded AES data: IV exceeds buffer");
84
+ throw new AesError("Unexpected end of encoded AES data: IV exceeds buffer", {
85
+ code: "malformed_encoded_data",
86
+ title: "Malformed Encoded Data",
87
+ details: "The encoded AES buffer is too short to contain the initialisation vector required by the encryption algorithm.",
88
+ });
78
89
  }
79
90
  const initialisationVector = buffer.subarray(offset, offset + ivSize);
80
91
  offset += ivSize;
81
92
  const tagSize = getTagSize(params.encryption);
82
93
  if (offset + tagSize > buffer.length) {
83
- throw new AesError("Unexpected end of encoded AES data: tag exceeds buffer");
94
+ throw new AesError("Unexpected end of encoded AES data: tag exceeds buffer", {
95
+ code: "malformed_encoded_data",
96
+ title: "Malformed Encoded Data",
97
+ details: "The encoded AES buffer is too short to contain the authentication tag required by the encryption algorithm.",
98
+ });
84
99
  }
85
100
  const authTag = buffer.subarray(offset, offset + tagSize);
86
101
  offset += tagSize;