@matter/thread-br-client 0.0.1 → 0.17.5-alpha.0-20260706-fd4c49e2e

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (575) hide show
  1. package/LICENSE +201 -0
  2. package/README.md +5 -5
  3. package/dist/cjs/coap/CoapClient.d.ts +2 -2
  4. package/dist/cjs/coap/CoapClient.d.ts.map +1 -1
  5. package/dist/cjs/coap/CoapClient.js +9 -16
  6. package/dist/cjs/coap/CoapClient.js.map +1 -1
  7. package/dist/cjs/coap/CoapMessage.d.ts +11 -6
  8. package/dist/cjs/coap/CoapMessage.d.ts.map +1 -1
  9. package/dist/cjs/coap/CoapMessage.js +8 -5
  10. package/dist/cjs/coap/CoapMessage.js.map +1 -1
  11. package/dist/cjs/commissioner/Commissioner.d.ts.map +1 -1
  12. package/dist/cjs/commissioner/Commissioner.js +5 -2
  13. package/dist/cjs/commissioner/Commissioner.js.map +1 -1
  14. package/dist/cjs/commissioner/LeadKa.d.ts +3 -3
  15. package/dist/cjs/commissioner/LeadKa.d.ts.map +1 -1
  16. package/dist/cjs/commissioner/LeadKa.js +1 -1
  17. package/dist/cjs/commissioner/LeadKa.js.map +1 -1
  18. package/dist/cjs/commissioner/LeadPet.d.ts +3 -2
  19. package/dist/cjs/commissioner/LeadPet.d.ts.map +1 -1
  20. package/dist/cjs/commissioner/LeadPet.js +4 -3
  21. package/dist/cjs/commissioner/LeadPet.js.map +1 -1
  22. package/dist/cjs/credentials/ThreadCredentialsRegistry.d.ts +5 -5
  23. package/dist/cjs/credentials/ThreadCredentialsRegistry.d.ts.map +1 -1
  24. package/dist/cjs/credentials/ThreadCredentialsRegistry.js +10 -9
  25. package/dist/cjs/credentials/ThreadCredentialsRegistry.js.map +1 -1
  26. package/dist/cjs/credentials/ThreadNetworkCredentials.d.ts +4 -3
  27. package/dist/cjs/credentials/ThreadNetworkCredentials.d.ts.map +1 -1
  28. package/dist/cjs/crypto/AesCmacPrf128.d.ts +4 -14
  29. package/dist/cjs/crypto/AesCmacPrf128.d.ts.map +1 -1
  30. package/dist/cjs/crypto/AesCmacPrf128.js +7 -71
  31. package/dist/cjs/crypto/AesCmacPrf128.js.map +2 -2
  32. package/dist/cjs/crypto/Pbkdf2AesCmac.d.ts +5 -4
  33. package/dist/cjs/crypto/Pbkdf2AesCmac.d.ts.map +1 -1
  34. package/dist/cjs/crypto/Pbkdf2AesCmac.js +5 -4
  35. package/dist/cjs/crypto/Pbkdf2AesCmac.js.map +1 -1
  36. package/dist/cjs/crypto/Pskc.d.ts +4 -3
  37. package/dist/cjs/crypto/Pskc.d.ts.map +1 -1
  38. package/dist/cjs/crypto/Pskc.js +6 -5
  39. package/dist/cjs/crypto/Pskc.js.map +1 -1
  40. package/dist/cjs/crypto/index.d.ts +1 -1
  41. package/dist/cjs/crypto/index.d.ts.map +1 -1
  42. package/dist/cjs/crypto/index.js +0 -1
  43. package/dist/cjs/crypto/index.js.map +1 -1
  44. package/dist/cjs/dataset/OperationalDataset.d.ts +10 -10
  45. package/dist/cjs/dataset/OperationalDataset.d.ts.map +1 -1
  46. package/dist/cjs/dataset/OperationalDataset.js +32 -31
  47. package/dist/cjs/dataset/OperationalDataset.js.map +1 -1
  48. package/dist/cjs/dataset/SecurityPolicy.d.ts +3 -2
  49. package/dist/cjs/dataset/SecurityPolicy.d.ts.map +1 -1
  50. package/dist/cjs/dataset/SecurityPolicy.js +5 -4
  51. package/dist/cjs/dataset/SecurityPolicy.js.map +1 -1
  52. package/dist/cjs/diagnostic/DiagnosticResponse.d.ts +5 -4
  53. package/dist/cjs/diagnostic/DiagnosticResponse.d.ts.map +1 -1
  54. package/dist/cjs/diagnostic/DiagnosticSource.d.ts +2 -2
  55. package/dist/cjs/diagnostic/DiagnosticSource.d.ts.map +1 -1
  56. package/dist/cjs/diagnostic/MeshCopDiagnosticSource.d.ts +7 -3
  57. package/dist/cjs/diagnostic/MeshCopDiagnosticSource.d.ts.map +1 -1
  58. package/dist/cjs/diagnostic/MeshCopDiagnosticSource.js +48 -43
  59. package/dist/cjs/diagnostic/MeshCopDiagnosticSource.js.map +1 -1
  60. package/dist/cjs/diagnostic/connectMeshcop.d.ts.map +1 -1
  61. package/dist/cjs/diagnostic/connectMeshcop.js +5 -12
  62. package/dist/cjs/diagnostic/connectMeshcop.js.map +1 -1
  63. package/dist/cjs/diagnostic/errors.d.ts +1 -1
  64. package/dist/cjs/diagnostic/errors.d.ts.map +1 -1
  65. package/dist/cjs/discovery/BorderRouterRegistry.d.ts.map +1 -1
  66. package/dist/cjs/discovery/BorderRouterRegistry.js +2 -4
  67. package/dist/cjs/discovery/BorderRouterRegistry.js.map +1 -1
  68. package/dist/cjs/dtls/channel/DtlsConnectOpts.d.ts +3 -3
  69. package/dist/cjs/dtls/channel/DtlsConnectOpts.d.ts.map +1 -1
  70. package/dist/cjs/dtls/channel/NobleDtlsChannel.d.ts.map +1 -1
  71. package/dist/cjs/dtls/channel/NobleDtlsChannel.js +89 -58
  72. package/dist/cjs/dtls/channel/NobleDtlsChannel.js.map +1 -1
  73. package/dist/cjs/dtls/ecjpake/EcJpakePms.d.ts +5 -4
  74. package/dist/cjs/dtls/ecjpake/EcJpakePms.d.ts.map +1 -1
  75. package/dist/cjs/dtls/ecjpake/EcJpakePms.js +4 -5
  76. package/dist/cjs/dtls/ecjpake/EcJpakePms.js.map +1 -1
  77. package/dist/cjs/dtls/ecjpake/EcJpakeRound.d.ts +16 -15
  78. package/dist/cjs/dtls/ecjpake/EcJpakeRound.d.ts.map +1 -1
  79. package/dist/cjs/dtls/ecjpake/EcJpakeRound.js +40 -29
  80. package/dist/cjs/dtls/ecjpake/EcJpakeRound.js.map +1 -1
  81. package/dist/cjs/dtls/ecjpake/SchnorrZkp.d.ts +10 -9
  82. package/dist/cjs/dtls/ecjpake/SchnorrZkp.d.ts.map +1 -1
  83. package/dist/cjs/dtls/ecjpake/SchnorrZkp.js +17 -13
  84. package/dist/cjs/dtls/ecjpake/SchnorrZkp.js.map +1 -1
  85. package/dist/cjs/dtls/handshake/ChangeCipherSpec.d.ts +2 -1
  86. package/dist/cjs/dtls/handshake/ChangeCipherSpec.d.ts.map +1 -1
  87. package/dist/cjs/dtls/handshake/ChangeCipherSpec.js +3 -1
  88. package/dist/cjs/dtls/handshake/ChangeCipherSpec.js.map +1 -1
  89. package/dist/cjs/dtls/handshake/ClientHelloMessage.d.ts +27 -4
  90. package/dist/cjs/dtls/handshake/ClientHelloMessage.d.ts.map +1 -1
  91. package/dist/cjs/dtls/handshake/ClientHelloMessage.js +3 -1
  92. package/dist/cjs/dtls/handshake/ClientHelloMessage.js.map +1 -1
  93. package/dist/cjs/dtls/handshake/ClientKeyExchangeMessage.d.ts +2 -1
  94. package/dist/cjs/dtls/handshake/ClientKeyExchangeMessage.d.ts.map +1 -1
  95. package/dist/cjs/dtls/handshake/ClientKeyExchangeMessage.js.map +1 -1
  96. package/dist/cjs/dtls/handshake/DtlsClient.d.ts +9 -6
  97. package/dist/cjs/dtls/handshake/DtlsClient.d.ts.map +1 -1
  98. package/dist/cjs/dtls/handshake/DtlsClient.js +99 -77
  99. package/dist/cjs/dtls/handshake/DtlsClient.js.map +1 -1
  100. package/dist/cjs/dtls/handshake/FinishedMessage.d.ts +10 -3
  101. package/dist/cjs/dtls/handshake/FinishedMessage.d.ts.map +1 -1
  102. package/dist/cjs/dtls/handshake/FinishedMessage.js +4 -2
  103. package/dist/cjs/dtls/handshake/FinishedMessage.js.map +1 -1
  104. package/dist/cjs/dtls/handshake/HandshakeMessage.d.ts +5 -4
  105. package/dist/cjs/dtls/handshake/HandshakeMessage.d.ts.map +1 -1
  106. package/dist/cjs/dtls/handshake/HandshakeMessage.js +13 -11
  107. package/dist/cjs/dtls/handshake/HandshakeMessage.js.map +1 -1
  108. package/dist/cjs/dtls/handshake/HelloVerifyRequestMessage.d.ts +19 -2
  109. package/dist/cjs/dtls/handshake/HelloVerifyRequestMessage.d.ts.map +1 -1
  110. package/dist/cjs/dtls/handshake/HelloVerifyRequestMessage.js +3 -1
  111. package/dist/cjs/dtls/handshake/HelloVerifyRequestMessage.js.map +1 -1
  112. package/dist/cjs/dtls/handshake/ServerHelloDoneMessage.d.ts +2 -1
  113. package/dist/cjs/dtls/handshake/ServerHelloDoneMessage.d.ts.map +1 -1
  114. package/dist/cjs/dtls/handshake/ServerHelloDoneMessage.js +3 -2
  115. package/dist/cjs/dtls/handshake/ServerHelloDoneMessage.js.map +1 -1
  116. package/dist/cjs/dtls/handshake/ServerHelloMessage.d.ts +4 -3
  117. package/dist/cjs/dtls/handshake/ServerHelloMessage.d.ts.map +1 -1
  118. package/dist/cjs/dtls/handshake/ServerHelloMessage.js +3 -1
  119. package/dist/cjs/dtls/handshake/ServerHelloMessage.js.map +1 -1
  120. package/dist/cjs/dtls/handshake/ServerKeyExchangeMessage.d.ts +2 -1
  121. package/dist/cjs/dtls/handshake/ServerKeyExchangeMessage.d.ts.map +1 -1
  122. package/dist/cjs/dtls/handshake/ServerKeyExchangeMessage.js.map +1 -1
  123. package/dist/cjs/dtls/prf/HandshakeTranscript.d.ts +7 -5
  124. package/dist/cjs/dtls/prf/HandshakeTranscript.d.ts.map +1 -1
  125. package/dist/cjs/dtls/prf/HandshakeTranscript.js +14 -9
  126. package/dist/cjs/dtls/prf/HandshakeTranscript.js.map +1 -1
  127. package/dist/cjs/dtls/prf/TlsPrf.d.ts +23 -22
  128. package/dist/cjs/dtls/prf/TlsPrf.d.ts.map +1 -1
  129. package/dist/cjs/dtls/prf/TlsPrf.js +33 -30
  130. package/dist/cjs/dtls/prf/TlsPrf.js.map +1 -1
  131. package/dist/cjs/dtls/record/AesCcm8.d.ts +13 -12
  132. package/dist/cjs/dtls/record/AesCcm8.d.ts.map +1 -1
  133. package/dist/cjs/dtls/record/AesCcm8.js +12 -34
  134. package/dist/cjs/dtls/record/AesCcm8.js.map +1 -1
  135. package/dist/cjs/dtls/record/DtlsCipherState.d.ts +11 -10
  136. package/dist/cjs/dtls/record/DtlsCipherState.d.ts.map +1 -1
  137. package/dist/cjs/dtls/record/DtlsCipherState.js +10 -6
  138. package/dist/cjs/dtls/record/DtlsCipherState.js.map +1 -1
  139. package/dist/cjs/dtls/record/DtlsRecord.d.ts +10 -10
  140. package/dist/cjs/dtls/record/DtlsRecord.d.ts.map +1 -1
  141. package/dist/cjs/dtls/record/DtlsRecord.js +10 -8
  142. package/dist/cjs/dtls/record/DtlsRecord.js.map +1 -1
  143. package/dist/cjs/otbr-rest/OtbrRestCapability.d.ts +3 -4
  144. package/dist/cjs/otbr-rest/OtbrRestCapability.d.ts.map +1 -1
  145. package/dist/cjs/otbr-rest/OtbrRestClient.d.ts +27 -8
  146. package/dist/cjs/otbr-rest/OtbrRestClient.d.ts.map +1 -1
  147. package/dist/cjs/otbr-rest/OtbrRestClient.js +50 -20
  148. package/dist/cjs/otbr-rest/OtbrRestClient.js.map +1 -1
  149. package/dist/cjs/otbr-rest/OtbrRestDiagnosticSource.d.ts +2 -1
  150. package/dist/cjs/otbr-rest/OtbrRestDiagnosticSource.d.ts.map +1 -1
  151. package/dist/cjs/otbr-rest/OtbrRestDiagnosticSource.js +3 -3
  152. package/dist/cjs/otbr-rest/OtbrRestDiagnosticSource.js.map +1 -1
  153. package/dist/cjs/otbr-rest/OtbrRestProbe.d.ts +6 -4
  154. package/dist/cjs/otbr-rest/OtbrRestProbe.d.ts.map +1 -1
  155. package/dist/cjs/otbr-rest/OtbrRestProbe.js +11 -43
  156. package/dist/cjs/otbr-rest/OtbrRestProbe.js.map +1 -1
  157. package/dist/cjs/otbr-rest/caseNormalizer.d.ts +7 -0
  158. package/dist/cjs/otbr-rest/caseNormalizer.d.ts.map +1 -1
  159. package/dist/cjs/otbr-rest/caseNormalizer.js +11 -0
  160. package/dist/cjs/otbr-rest/caseNormalizer.js.map +1 -1
  161. package/dist/cjs/otbr-rest/parseHexBytes.d.ts +22 -0
  162. package/dist/cjs/otbr-rest/parseHexBytes.d.ts.map +1 -0
  163. package/dist/cjs/otbr-rest/parseHexBytes.js +50 -0
  164. package/dist/cjs/otbr-rest/parseHexBytes.js.map +6 -0
  165. package/dist/cjs/otbr-rest/translation.d.ts +2 -1
  166. package/dist/cjs/otbr-rest/translation.d.ts.map +1 -1
  167. package/dist/cjs/otbr-rest/translation.js +20 -22
  168. package/dist/cjs/otbr-rest/translation.js.map +1 -1
  169. package/dist/cjs/selection/selectBr.d.ts +8 -4
  170. package/dist/cjs/selection/selectBr.d.ts.map +1 -1
  171. package/dist/cjs/selection/selectBr.js +6 -5
  172. package/dist/cjs/selection/selectBr.js.map +1 -1
  173. package/dist/cjs/selection/withExtPanIdLock.d.ts +2 -1
  174. package/dist/cjs/selection/withExtPanIdLock.d.ts.map +1 -1
  175. package/dist/cjs/selection/withExtPanIdLock.js.map +1 -1
  176. package/dist/cjs/tlv/BasicTlvCodec.d.ts +4 -4
  177. package/dist/cjs/tlv/BasicTlvCodec.d.ts.map +1 -1
  178. package/dist/cjs/tlv/BasicTlvCodec.js +13 -11
  179. package/dist/cjs/tlv/BasicTlvCodec.js.map +1 -1
  180. package/dist/cjs/tlv/NetworkDiagnosticTlv.d.ts +3 -2
  181. package/dist/cjs/tlv/NetworkDiagnosticTlv.d.ts.map +1 -1
  182. package/dist/cjs/tlv/NetworkDiagnosticTlv.js.map +1 -1
  183. package/dist/cjs/tlv/TypeListTlv.d.ts +3 -2
  184. package/dist/cjs/tlv/TypeListTlv.d.ts.map +1 -1
  185. package/dist/cjs/tlv/TypeListTlv.js +1 -1
  186. package/dist/cjs/tlv/TypeListTlv.js.map +1 -1
  187. package/dist/cjs/tlv/diag/ChildIpv6AddressList.d.ts +3 -2
  188. package/dist/cjs/tlv/diag/ChildIpv6AddressList.d.ts.map +1 -1
  189. package/dist/cjs/tlv/diag/ChildIpv6AddressList.js +5 -3
  190. package/dist/cjs/tlv/diag/ChildIpv6AddressList.js.map +1 -1
  191. package/dist/cjs/tlv/diag/ChildTable.d.ts +3 -2
  192. package/dist/cjs/tlv/diag/ChildTable.d.ts.map +1 -1
  193. package/dist/cjs/tlv/diag/ChildTable.js +7 -6
  194. package/dist/cjs/tlv/diag/ChildTable.js.map +1 -1
  195. package/dist/cjs/tlv/diag/Connectivity.d.ts +3 -2
  196. package/dist/cjs/tlv/diag/Connectivity.d.ts.map +1 -1
  197. package/dist/cjs/tlv/diag/Connectivity.js +14 -14
  198. package/dist/cjs/tlv/diag/Connectivity.js.map +1 -1
  199. package/dist/cjs/tlv/diag/Ipv6AddressList.d.ts +3 -2
  200. package/dist/cjs/tlv/diag/Ipv6AddressList.d.ts.map +1 -1
  201. package/dist/cjs/tlv/diag/Ipv6AddressList.js +6 -5
  202. package/dist/cjs/tlv/diag/Ipv6AddressList.js.map +1 -1
  203. package/dist/cjs/tlv/diag/LeaderData.d.ts +3 -2
  204. package/dist/cjs/tlv/diag/LeaderData.d.ts.map +1 -1
  205. package/dist/cjs/tlv/diag/LeaderData.js +8 -7
  206. package/dist/cjs/tlv/diag/LeaderData.js.map +1 -1
  207. package/dist/cjs/tlv/diag/MacCounters.d.ts +3 -2
  208. package/dist/cjs/tlv/diag/MacCounters.d.ts.map +1 -1
  209. package/dist/cjs/tlv/diag/MacCounters.js +12 -11
  210. package/dist/cjs/tlv/diag/MacCounters.js.map +1 -1
  211. package/dist/cjs/tlv/diag/MleCounters.d.ts +3 -2
  212. package/dist/cjs/tlv/diag/MleCounters.d.ts.map +1 -1
  213. package/dist/cjs/tlv/diag/MleCounters.js +18 -17
  214. package/dist/cjs/tlv/diag/MleCounters.js.map +1 -1
  215. package/dist/cjs/tlv/diag/Mode.d.ts +3 -2
  216. package/dist/cjs/tlv/diag/Mode.d.ts.map +1 -1
  217. package/dist/cjs/tlv/diag/Mode.js +5 -3
  218. package/dist/cjs/tlv/diag/Mode.js.map +1 -1
  219. package/dist/cjs/tlv/diag/NetworkData.d.ts +7 -6
  220. package/dist/cjs/tlv/diag/NetworkData.d.ts.map +1 -1
  221. package/dist/cjs/tlv/diag/NetworkData.js +23 -18
  222. package/dist/cjs/tlv/diag/NetworkData.js.map +1 -1
  223. package/dist/cjs/tlv/diag/Primitives.d.ts +15 -14
  224. package/dist/cjs/tlv/diag/Primitives.d.ts.map +1 -1
  225. package/dist/cjs/tlv/diag/Primitives.js +25 -19
  226. package/dist/cjs/tlv/diag/Primitives.js.map +1 -1
  227. package/dist/cjs/tlv/diag/Route64.d.ts +3 -2
  228. package/dist/cjs/tlv/diag/Route64.d.ts.map +1 -1
  229. package/dist/cjs/tlv/diag/Route64.js +8 -7
  230. package/dist/cjs/tlv/diag/Route64.js.map +1 -1
  231. package/dist/cjs/tlv/diag/RouterNeighbor.d.ts +3 -2
  232. package/dist/cjs/tlv/diag/RouterNeighbor.d.ts.map +1 -1
  233. package/dist/cjs/tlv/diag/RouterNeighbor.js +13 -11
  234. package/dist/cjs/tlv/diag/RouterNeighbor.js.map +1 -1
  235. package/dist/cjs/tlv/diag/Timeout.d.ts +3 -2
  236. package/dist/cjs/tlv/diag/Timeout.d.ts.map +1 -1
  237. package/dist/cjs/tlv/diag/Timeout.js +4 -3
  238. package/dist/cjs/tlv/diag/Timeout.js.map +1 -1
  239. package/dist/cjs/tlv/diag/VendorInfo.d.ts +13 -12
  240. package/dist/cjs/tlv/diag/VendorInfo.d.ts.map +1 -1
  241. package/dist/cjs/tlv/diag/VendorInfo.js +4 -3
  242. package/dist/cjs/tlv/diag/VendorInfo.js.map +1 -1
  243. package/dist/cjs/tlv/meshcop/Ip6AddressTlv.d.ts +3 -2
  244. package/dist/cjs/tlv/meshcop/Ip6AddressTlv.d.ts.map +1 -1
  245. package/dist/cjs/tlv/meshcop/Ip6AddressTlv.js +7 -4
  246. package/dist/cjs/tlv/meshcop/Ip6AddressTlv.js.map +1 -1
  247. package/dist/cjs/tlv/meshcop/UdpEncapsulationTlv.d.ts +4 -3
  248. package/dist/cjs/tlv/meshcop/UdpEncapsulationTlv.d.ts.map +1 -1
  249. package/dist/cjs/tlv/meshcop/UdpEncapsulationTlv.js +9 -7
  250. package/dist/cjs/tlv/meshcop/UdpEncapsulationTlv.js.map +1 -1
  251. package/dist/cjs/util/meshLocalAddr.d.ts +5 -4
  252. package/dist/cjs/util/meshLocalAddr.d.ts.map +1 -1
  253. package/dist/cjs/util/meshLocalAddr.js +6 -4
  254. package/dist/cjs/util/meshLocalAddr.js.map +1 -1
  255. package/dist/esm/coap/CoapClient.d.ts +2 -2
  256. package/dist/esm/coap/CoapClient.d.ts.map +1 -1
  257. package/dist/esm/coap/CoapClient.js +11 -17
  258. package/dist/esm/coap/CoapClient.js.map +1 -1
  259. package/dist/esm/coap/CoapMessage.d.ts +11 -6
  260. package/dist/esm/coap/CoapMessage.d.ts.map +1 -1
  261. package/dist/esm/coap/CoapMessage.js +8 -5
  262. package/dist/esm/coap/CoapMessage.js.map +1 -1
  263. package/dist/esm/commissioner/Commissioner.d.ts.map +1 -1
  264. package/dist/esm/commissioner/Commissioner.js +5 -2
  265. package/dist/esm/commissioner/Commissioner.js.map +1 -1
  266. package/dist/esm/commissioner/LeadKa.d.ts +3 -3
  267. package/dist/esm/commissioner/LeadKa.d.ts.map +1 -1
  268. package/dist/esm/commissioner/LeadKa.js +2 -2
  269. package/dist/esm/commissioner/LeadKa.js.map +1 -1
  270. package/dist/esm/commissioner/LeadPet.d.ts +3 -2
  271. package/dist/esm/commissioner/LeadPet.d.ts.map +1 -1
  272. package/dist/esm/commissioner/LeadPet.js +4 -3
  273. package/dist/esm/commissioner/LeadPet.js.map +1 -1
  274. package/dist/esm/credentials/ThreadCredentialsRegistry.d.ts +5 -5
  275. package/dist/esm/credentials/ThreadCredentialsRegistry.d.ts.map +1 -1
  276. package/dist/esm/credentials/ThreadCredentialsRegistry.js +10 -9
  277. package/dist/esm/credentials/ThreadCredentialsRegistry.js.map +1 -1
  278. package/dist/esm/credentials/ThreadNetworkCredentials.d.ts +4 -3
  279. package/dist/esm/credentials/ThreadNetworkCredentials.d.ts.map +1 -1
  280. package/dist/esm/crypto/AesCmacPrf128.d.ts +4 -14
  281. package/dist/esm/crypto/AesCmacPrf128.d.ts.map +1 -1
  282. package/dist/esm/crypto/AesCmacPrf128.js +8 -72
  283. package/dist/esm/crypto/AesCmacPrf128.js.map +2 -2
  284. package/dist/esm/crypto/Pbkdf2AesCmac.d.ts +5 -4
  285. package/dist/esm/crypto/Pbkdf2AesCmac.d.ts.map +1 -1
  286. package/dist/esm/crypto/Pbkdf2AesCmac.js +6 -5
  287. package/dist/esm/crypto/Pbkdf2AesCmac.js.map +1 -1
  288. package/dist/esm/crypto/Pskc.d.ts +4 -3
  289. package/dist/esm/crypto/Pskc.d.ts.map +1 -1
  290. package/dist/esm/crypto/Pskc.js +7 -6
  291. package/dist/esm/crypto/Pskc.js.map +1 -1
  292. package/dist/esm/crypto/index.d.ts +1 -1
  293. package/dist/esm/crypto/index.d.ts.map +1 -1
  294. package/dist/esm/crypto/index.js +1 -2
  295. package/dist/esm/crypto/index.js.map +1 -1
  296. package/dist/esm/dataset/OperationalDataset.d.ts +10 -10
  297. package/dist/esm/dataset/OperationalDataset.d.ts.map +1 -1
  298. package/dist/esm/dataset/OperationalDataset.js +32 -31
  299. package/dist/esm/dataset/OperationalDataset.js.map +1 -1
  300. package/dist/esm/dataset/SecurityPolicy.d.ts +3 -2
  301. package/dist/esm/dataset/SecurityPolicy.d.ts.map +1 -1
  302. package/dist/esm/dataset/SecurityPolicy.js +6 -5
  303. package/dist/esm/dataset/SecurityPolicy.js.map +1 -1
  304. package/dist/esm/diagnostic/DiagnosticResponse.d.ts +5 -4
  305. package/dist/esm/diagnostic/DiagnosticResponse.d.ts.map +1 -1
  306. package/dist/esm/diagnostic/DiagnosticSource.d.ts +2 -2
  307. package/dist/esm/diagnostic/DiagnosticSource.d.ts.map +1 -1
  308. package/dist/esm/diagnostic/MeshCopDiagnosticSource.d.ts +7 -3
  309. package/dist/esm/diagnostic/MeshCopDiagnosticSource.d.ts.map +1 -1
  310. package/dist/esm/diagnostic/MeshCopDiagnosticSource.js +49 -43
  311. package/dist/esm/diagnostic/MeshCopDiagnosticSource.js.map +1 -1
  312. package/dist/esm/diagnostic/connectMeshcop.d.ts.map +1 -1
  313. package/dist/esm/diagnostic/connectMeshcop.js +6 -13
  314. package/dist/esm/diagnostic/connectMeshcop.js.map +1 -1
  315. package/dist/esm/diagnostic/errors.d.ts +1 -1
  316. package/dist/esm/diagnostic/errors.d.ts.map +1 -1
  317. package/dist/esm/discovery/BorderRouterRegistry.d.ts.map +1 -1
  318. package/dist/esm/discovery/BorderRouterRegistry.js +2 -4
  319. package/dist/esm/discovery/BorderRouterRegistry.js.map +1 -1
  320. package/dist/esm/dtls/channel/DtlsConnectOpts.d.ts +3 -3
  321. package/dist/esm/dtls/channel/DtlsConnectOpts.d.ts.map +1 -1
  322. package/dist/esm/dtls/channel/NobleDtlsChannel.d.ts.map +1 -1
  323. package/dist/esm/dtls/channel/NobleDtlsChannel.js +90 -58
  324. package/dist/esm/dtls/channel/NobleDtlsChannel.js.map +1 -1
  325. package/dist/esm/dtls/ecjpake/EcJpakePms.d.ts +5 -4
  326. package/dist/esm/dtls/ecjpake/EcJpakePms.d.ts.map +1 -1
  327. package/dist/esm/dtls/ecjpake/EcJpakePms.js +5 -6
  328. package/dist/esm/dtls/ecjpake/EcJpakePms.js.map +1 -1
  329. package/dist/esm/dtls/ecjpake/EcJpakeRound.d.ts +16 -15
  330. package/dist/esm/dtls/ecjpake/EcJpakeRound.d.ts.map +1 -1
  331. package/dist/esm/dtls/ecjpake/EcJpakeRound.js +41 -30
  332. package/dist/esm/dtls/ecjpake/EcJpakeRound.js.map +1 -1
  333. package/dist/esm/dtls/ecjpake/SchnorrZkp.d.ts +10 -9
  334. package/dist/esm/dtls/ecjpake/SchnorrZkp.d.ts.map +1 -1
  335. package/dist/esm/dtls/ecjpake/SchnorrZkp.js +18 -14
  336. package/dist/esm/dtls/ecjpake/SchnorrZkp.js.map +1 -1
  337. package/dist/esm/dtls/handshake/ChangeCipherSpec.d.ts +2 -1
  338. package/dist/esm/dtls/handshake/ChangeCipherSpec.d.ts.map +1 -1
  339. package/dist/esm/dtls/handshake/ChangeCipherSpec.js +3 -1
  340. package/dist/esm/dtls/handshake/ChangeCipherSpec.js.map +1 -1
  341. package/dist/esm/dtls/handshake/ClientHelloMessage.d.ts +27 -4
  342. package/dist/esm/dtls/handshake/ClientHelloMessage.d.ts.map +1 -1
  343. package/dist/esm/dtls/handshake/ClientHelloMessage.js +4 -2
  344. package/dist/esm/dtls/handshake/ClientHelloMessage.js.map +1 -1
  345. package/dist/esm/dtls/handshake/ClientKeyExchangeMessage.d.ts +2 -1
  346. package/dist/esm/dtls/handshake/ClientKeyExchangeMessage.d.ts.map +1 -1
  347. package/dist/esm/dtls/handshake/ClientKeyExchangeMessage.js.map +1 -1
  348. package/dist/esm/dtls/handshake/DtlsClient.d.ts +9 -6
  349. package/dist/esm/dtls/handshake/DtlsClient.d.ts.map +1 -1
  350. package/dist/esm/dtls/handshake/DtlsClient.js +100 -78
  351. package/dist/esm/dtls/handshake/DtlsClient.js.map +1 -1
  352. package/dist/esm/dtls/handshake/FinishedMessage.d.ts +10 -3
  353. package/dist/esm/dtls/handshake/FinishedMessage.d.ts.map +1 -1
  354. package/dist/esm/dtls/handshake/FinishedMessage.js +5 -3
  355. package/dist/esm/dtls/handshake/FinishedMessage.js.map +1 -1
  356. package/dist/esm/dtls/handshake/HandshakeMessage.d.ts +5 -4
  357. package/dist/esm/dtls/handshake/HandshakeMessage.d.ts.map +1 -1
  358. package/dist/esm/dtls/handshake/HandshakeMessage.js +14 -12
  359. package/dist/esm/dtls/handshake/HandshakeMessage.js.map +1 -1
  360. package/dist/esm/dtls/handshake/HelloVerifyRequestMessage.d.ts +19 -2
  361. package/dist/esm/dtls/handshake/HelloVerifyRequestMessage.d.ts.map +1 -1
  362. package/dist/esm/dtls/handshake/HelloVerifyRequestMessage.js +3 -1
  363. package/dist/esm/dtls/handshake/HelloVerifyRequestMessage.js.map +1 -1
  364. package/dist/esm/dtls/handshake/ServerHelloDoneMessage.d.ts +2 -1
  365. package/dist/esm/dtls/handshake/ServerHelloDoneMessage.d.ts.map +1 -1
  366. package/dist/esm/dtls/handshake/ServerHelloDoneMessage.js +3 -2
  367. package/dist/esm/dtls/handshake/ServerHelloDoneMessage.js.map +1 -1
  368. package/dist/esm/dtls/handshake/ServerHelloMessage.d.ts +4 -3
  369. package/dist/esm/dtls/handshake/ServerHelloMessage.d.ts.map +1 -1
  370. package/dist/esm/dtls/handshake/ServerHelloMessage.js +3 -1
  371. package/dist/esm/dtls/handshake/ServerHelloMessage.js.map +1 -1
  372. package/dist/esm/dtls/handshake/ServerKeyExchangeMessage.d.ts +2 -1
  373. package/dist/esm/dtls/handshake/ServerKeyExchangeMessage.d.ts.map +1 -1
  374. package/dist/esm/dtls/handshake/ServerKeyExchangeMessage.js.map +1 -1
  375. package/dist/esm/dtls/prf/HandshakeTranscript.d.ts +7 -5
  376. package/dist/esm/dtls/prf/HandshakeTranscript.d.ts.map +1 -1
  377. package/dist/esm/dtls/prf/HandshakeTranscript.js +15 -10
  378. package/dist/esm/dtls/prf/HandshakeTranscript.js.map +1 -1
  379. package/dist/esm/dtls/prf/TlsPrf.d.ts +23 -22
  380. package/dist/esm/dtls/prf/TlsPrf.d.ts.map +1 -1
  381. package/dist/esm/dtls/prf/TlsPrf.js +34 -31
  382. package/dist/esm/dtls/prf/TlsPrf.js.map +1 -1
  383. package/dist/esm/dtls/record/AesCcm8.d.ts +13 -12
  384. package/dist/esm/dtls/record/AesCcm8.d.ts.map +1 -1
  385. package/dist/esm/dtls/record/AesCcm8.js +13 -35
  386. package/dist/esm/dtls/record/AesCcm8.js.map +1 -1
  387. package/dist/esm/dtls/record/DtlsCipherState.d.ts +11 -10
  388. package/dist/esm/dtls/record/DtlsCipherState.d.ts.map +1 -1
  389. package/dist/esm/dtls/record/DtlsCipherState.js +11 -7
  390. package/dist/esm/dtls/record/DtlsCipherState.js.map +1 -1
  391. package/dist/esm/dtls/record/DtlsRecord.d.ts +10 -10
  392. package/dist/esm/dtls/record/DtlsRecord.d.ts.map +1 -1
  393. package/dist/esm/dtls/record/DtlsRecord.js +11 -9
  394. package/dist/esm/dtls/record/DtlsRecord.js.map +1 -1
  395. package/dist/esm/otbr-rest/OtbrRestCapability.d.ts +3 -4
  396. package/dist/esm/otbr-rest/OtbrRestCapability.d.ts.map +1 -1
  397. package/dist/esm/otbr-rest/OtbrRestClient.d.ts +27 -8
  398. package/dist/esm/otbr-rest/OtbrRestClient.d.ts.map +1 -1
  399. package/dist/esm/otbr-rest/OtbrRestClient.js +51 -21
  400. package/dist/esm/otbr-rest/OtbrRestClient.js.map +1 -1
  401. package/dist/esm/otbr-rest/OtbrRestDiagnosticSource.d.ts +2 -1
  402. package/dist/esm/otbr-rest/OtbrRestDiagnosticSource.d.ts.map +1 -1
  403. package/dist/esm/otbr-rest/OtbrRestDiagnosticSource.js +4 -4
  404. package/dist/esm/otbr-rest/OtbrRestDiagnosticSource.js.map +1 -1
  405. package/dist/esm/otbr-rest/OtbrRestProbe.d.ts +6 -4
  406. package/dist/esm/otbr-rest/OtbrRestProbe.d.ts.map +1 -1
  407. package/dist/esm/otbr-rest/OtbrRestProbe.js +12 -44
  408. package/dist/esm/otbr-rest/OtbrRestProbe.js.map +1 -1
  409. package/dist/esm/otbr-rest/caseNormalizer.d.ts +7 -0
  410. package/dist/esm/otbr-rest/caseNormalizer.d.ts.map +1 -1
  411. package/dist/esm/otbr-rest/caseNormalizer.js +11 -0
  412. package/dist/esm/otbr-rest/caseNormalizer.js.map +1 -1
  413. package/dist/esm/otbr-rest/parseHexBytes.d.ts +22 -0
  414. package/dist/esm/otbr-rest/parseHexBytes.d.ts.map +1 -0
  415. package/dist/esm/otbr-rest/parseHexBytes.js +30 -0
  416. package/dist/esm/otbr-rest/parseHexBytes.js.map +6 -0
  417. package/dist/esm/otbr-rest/translation.d.ts +2 -1
  418. package/dist/esm/otbr-rest/translation.d.ts.map +1 -1
  419. package/dist/esm/otbr-rest/translation.js +16 -18
  420. package/dist/esm/otbr-rest/translation.js.map +1 -1
  421. package/dist/esm/selection/selectBr.d.ts +8 -4
  422. package/dist/esm/selection/selectBr.d.ts.map +1 -1
  423. package/dist/esm/selection/selectBr.js +6 -5
  424. package/dist/esm/selection/selectBr.js.map +1 -1
  425. package/dist/esm/selection/withExtPanIdLock.d.ts +2 -1
  426. package/dist/esm/selection/withExtPanIdLock.d.ts.map +1 -1
  427. package/dist/esm/selection/withExtPanIdLock.js.map +1 -1
  428. package/dist/esm/tlv/BasicTlvCodec.d.ts +4 -4
  429. package/dist/esm/tlv/BasicTlvCodec.d.ts.map +1 -1
  430. package/dist/esm/tlv/BasicTlvCodec.js +14 -12
  431. package/dist/esm/tlv/BasicTlvCodec.js.map +1 -1
  432. package/dist/esm/tlv/NetworkDiagnosticTlv.d.ts +3 -2
  433. package/dist/esm/tlv/NetworkDiagnosticTlv.d.ts.map +1 -1
  434. package/dist/esm/tlv/NetworkDiagnosticTlv.js.map +1 -1
  435. package/dist/esm/tlv/TypeListTlv.d.ts +3 -2
  436. package/dist/esm/tlv/TypeListTlv.d.ts.map +1 -1
  437. package/dist/esm/tlv/TypeListTlv.js +2 -2
  438. package/dist/esm/tlv/TypeListTlv.js.map +1 -1
  439. package/dist/esm/tlv/diag/ChildIpv6AddressList.d.ts +3 -2
  440. package/dist/esm/tlv/diag/ChildIpv6AddressList.d.ts.map +1 -1
  441. package/dist/esm/tlv/diag/ChildIpv6AddressList.js +5 -3
  442. package/dist/esm/tlv/diag/ChildIpv6AddressList.js.map +1 -1
  443. package/dist/esm/tlv/diag/ChildTable.d.ts +3 -2
  444. package/dist/esm/tlv/diag/ChildTable.d.ts.map +1 -1
  445. package/dist/esm/tlv/diag/ChildTable.js +8 -7
  446. package/dist/esm/tlv/diag/ChildTable.js.map +1 -1
  447. package/dist/esm/tlv/diag/Connectivity.d.ts +3 -2
  448. package/dist/esm/tlv/diag/Connectivity.d.ts.map +1 -1
  449. package/dist/esm/tlv/diag/Connectivity.js +14 -14
  450. package/dist/esm/tlv/diag/Connectivity.js.map +1 -1
  451. package/dist/esm/tlv/diag/Ipv6AddressList.d.ts +3 -2
  452. package/dist/esm/tlv/diag/Ipv6AddressList.d.ts.map +1 -1
  453. package/dist/esm/tlv/diag/Ipv6AddressList.js +7 -6
  454. package/dist/esm/tlv/diag/Ipv6AddressList.js.map +1 -1
  455. package/dist/esm/tlv/diag/LeaderData.d.ts +3 -2
  456. package/dist/esm/tlv/diag/LeaderData.d.ts.map +1 -1
  457. package/dist/esm/tlv/diag/LeaderData.js +9 -8
  458. package/dist/esm/tlv/diag/LeaderData.js.map +1 -1
  459. package/dist/esm/tlv/diag/MacCounters.d.ts +3 -2
  460. package/dist/esm/tlv/diag/MacCounters.d.ts.map +1 -1
  461. package/dist/esm/tlv/diag/MacCounters.js +13 -12
  462. package/dist/esm/tlv/diag/MacCounters.js.map +1 -1
  463. package/dist/esm/tlv/diag/MleCounters.d.ts +3 -2
  464. package/dist/esm/tlv/diag/MleCounters.d.ts.map +1 -1
  465. package/dist/esm/tlv/diag/MleCounters.js +19 -18
  466. package/dist/esm/tlv/diag/MleCounters.js.map +1 -1
  467. package/dist/esm/tlv/diag/Mode.d.ts +3 -2
  468. package/dist/esm/tlv/diag/Mode.d.ts.map +1 -1
  469. package/dist/esm/tlv/diag/Mode.js +5 -3
  470. package/dist/esm/tlv/diag/Mode.js.map +1 -1
  471. package/dist/esm/tlv/diag/NetworkData.d.ts +7 -6
  472. package/dist/esm/tlv/diag/NetworkData.d.ts.map +1 -1
  473. package/dist/esm/tlv/diag/NetworkData.js +23 -18
  474. package/dist/esm/tlv/diag/NetworkData.js.map +1 -1
  475. package/dist/esm/tlv/diag/Primitives.d.ts +15 -14
  476. package/dist/esm/tlv/diag/Primitives.d.ts.map +1 -1
  477. package/dist/esm/tlv/diag/Primitives.js +26 -20
  478. package/dist/esm/tlv/diag/Primitives.js.map +1 -1
  479. package/dist/esm/tlv/diag/Route64.d.ts +3 -2
  480. package/dist/esm/tlv/diag/Route64.d.ts.map +1 -1
  481. package/dist/esm/tlv/diag/Route64.js +9 -8
  482. package/dist/esm/tlv/diag/Route64.js.map +1 -1
  483. package/dist/esm/tlv/diag/RouterNeighbor.d.ts +3 -2
  484. package/dist/esm/tlv/diag/RouterNeighbor.d.ts.map +1 -1
  485. package/dist/esm/tlv/diag/RouterNeighbor.js +13 -11
  486. package/dist/esm/tlv/diag/RouterNeighbor.js.map +1 -1
  487. package/dist/esm/tlv/diag/Timeout.d.ts +3 -2
  488. package/dist/esm/tlv/diag/Timeout.d.ts.map +1 -1
  489. package/dist/esm/tlv/diag/Timeout.js +5 -4
  490. package/dist/esm/tlv/diag/Timeout.js.map +1 -1
  491. package/dist/esm/tlv/diag/VendorInfo.d.ts +13 -12
  492. package/dist/esm/tlv/diag/VendorInfo.d.ts.map +1 -1
  493. package/dist/esm/tlv/diag/VendorInfo.js +5 -4
  494. package/dist/esm/tlv/diag/VendorInfo.js.map +1 -1
  495. package/dist/esm/tlv/meshcop/Ip6AddressTlv.d.ts +3 -2
  496. package/dist/esm/tlv/meshcop/Ip6AddressTlv.d.ts.map +1 -1
  497. package/dist/esm/tlv/meshcop/Ip6AddressTlv.js +7 -4
  498. package/dist/esm/tlv/meshcop/Ip6AddressTlv.js.map +1 -1
  499. package/dist/esm/tlv/meshcop/UdpEncapsulationTlv.d.ts +4 -3
  500. package/dist/esm/tlv/meshcop/UdpEncapsulationTlv.d.ts.map +1 -1
  501. package/dist/esm/tlv/meshcop/UdpEncapsulationTlv.js +10 -8
  502. package/dist/esm/tlv/meshcop/UdpEncapsulationTlv.js.map +1 -1
  503. package/dist/esm/util/meshLocalAddr.d.ts +5 -4
  504. package/dist/esm/util/meshLocalAddr.d.ts.map +1 -1
  505. package/dist/esm/util/meshLocalAddr.js +7 -5
  506. package/dist/esm/util/meshLocalAddr.js.map +1 -1
  507. package/package.json +5 -5
  508. package/src/coap/CoapClient.ts +13 -20
  509. package/src/coap/CoapMessage.ts +17 -9
  510. package/src/commissioner/Commissioner.ts +5 -2
  511. package/src/commissioner/LeadKa.ts +4 -4
  512. package/src/commissioner/LeadPet.ts +6 -5
  513. package/src/credentials/ThreadCredentialsRegistry.ts +14 -13
  514. package/src/credentials/ThreadNetworkCredentials.ts +5 -3
  515. package/src/crypto/AesCmacPrf128.ts +10 -87
  516. package/src/crypto/Pbkdf2AesCmac.ts +14 -10
  517. package/src/crypto/Pskc.ts +7 -6
  518. package/src/crypto/index.ts +1 -1
  519. package/src/dataset/OperationalDataset.ts +48 -47
  520. package/src/dataset/SecurityPolicy.ts +8 -7
  521. package/src/diagnostic/DiagnosticResponse.ts +5 -4
  522. package/src/diagnostic/DiagnosticSource.ts +2 -2
  523. package/src/diagnostic/MeshCopDiagnosticSource.ts +80 -64
  524. package/src/diagnostic/connectMeshcop.ts +6 -14
  525. package/src/diagnostic/errors.ts +1 -1
  526. package/src/discovery/BorderRouterRegistry.ts +2 -4
  527. package/src/dtls/channel/DtlsConnectOpts.ts +3 -3
  528. package/src/dtls/channel/NobleDtlsChannel.ts +96 -60
  529. package/src/dtls/ecjpake/EcJpakePms.ts +5 -6
  530. package/src/dtls/ecjpake/EcJpakeRound.ts +57 -37
  531. package/src/dtls/ecjpake/SchnorrZkp.ts +43 -30
  532. package/src/dtls/handshake/ChangeCipherSpec.ts +3 -1
  533. package/src/dtls/handshake/ClientHelloMessage.ts +8 -6
  534. package/src/dtls/handshake/ClientKeyExchangeMessage.ts +2 -1
  535. package/src/dtls/handshake/DtlsClient.ts +119 -95
  536. package/src/dtls/handshake/FinishedMessage.ts +5 -3
  537. package/src/dtls/handshake/HandshakeMessage.ts +18 -16
  538. package/src/dtls/handshake/HelloVerifyRequestMessage.ts +3 -1
  539. package/src/dtls/handshake/ServerHelloDoneMessage.ts +5 -3
  540. package/src/dtls/handshake/ServerHelloMessage.ts +5 -3
  541. package/src/dtls/handshake/ServerKeyExchangeMessage.ts +2 -1
  542. package/src/dtls/prf/HandshakeTranscript.ts +18 -11
  543. package/src/dtls/prf/TlsPrf.ts +68 -54
  544. package/src/dtls/record/AesCcm8.ts +23 -49
  545. package/src/dtls/record/DtlsCipherState.ts +20 -16
  546. package/src/dtls/record/DtlsRecord.ts +17 -15
  547. package/src/otbr-rest/OtbrRestCapability.ts +4 -4
  548. package/src/otbr-rest/OtbrRestClient.ts +64 -29
  549. package/src/otbr-rest/OtbrRestDiagnosticSource.ts +5 -5
  550. package/src/otbr-rest/OtbrRestProbe.ts +12 -47
  551. package/src/otbr-rest/caseNormalizer.ts +17 -0
  552. package/src/otbr-rest/parseHexBytes.ts +47 -0
  553. package/src/otbr-rest/translation.ts +24 -22
  554. package/src/selection/selectBr.ts +26 -13
  555. package/src/selection/withExtPanIdLock.ts +1 -1
  556. package/src/tlv/BasicTlvCodec.ts +17 -15
  557. package/src/tlv/NetworkDiagnosticTlv.ts +3 -2
  558. package/src/tlv/TypeListTlv.ts +4 -4
  559. package/src/tlv/diag/ChildIpv6AddressList.ts +8 -5
  560. package/src/tlv/diag/ChildTable.ts +10 -9
  561. package/src/tlv/diag/Connectivity.ts +16 -16
  562. package/src/tlv/diag/Ipv6AddressList.ts +9 -8
  563. package/src/tlv/diag/LeaderData.ts +11 -10
  564. package/src/tlv/diag/MacCounters.ts +15 -14
  565. package/src/tlv/diag/MleCounters.ts +21 -20
  566. package/src/tlv/diag/Mode.ts +7 -5
  567. package/src/tlv/diag/NetworkData.ts +31 -26
  568. package/src/tlv/diag/Primitives.ts +42 -36
  569. package/src/tlv/diag/Route64.ts +11 -10
  570. package/src/tlv/diag/RouterNeighbor.ts +16 -13
  571. package/src/tlv/diag/Timeout.ts +7 -6
  572. package/src/tlv/diag/VendorInfo.ts +19 -18
  573. package/src/tlv/meshcop/Ip6AddressTlv.ts +9 -6
  574. package/src/tlv/meshcop/UdpEncapsulationTlv.ts +13 -11
  575. package/src/util/meshLocalAddr.ts +10 -8
@@ -4,6 +4,7 @@
4
4
  * SPDX-License-Identifier: Apache-2.0
5
5
  */
6
6
 
7
+ import type { Bytes } from "@matter/general";
7
8
  import { type EcJpakeKeyKP, EcJpakeRound } from "../ecjpake/EcJpakeRound.js";
8
9
 
9
10
  /**
@@ -22,7 +23,7 @@ import { type EcJpakeKeyKP, EcJpakeRound } from "../ecjpake/EcJpakeRound.js";
22
23
  */
23
24
 
24
25
  export const ServerKeyExchangeMessage = {
25
- parse(body: Uint8Array): EcJpakeKeyKP {
26
+ parse(body: Bytes): EcJpakeKeyKP {
26
27
  // EcJpakeRound.parseRound2 already validates the 3-byte ECParameters prefix
27
28
  // and the ECJPAKEKeyKP body when `expectEcParameters` is true; deferring keeps
28
29
  // both error paths (bad prefix, bad body) consistent with round-1 parsers.
@@ -4,8 +4,7 @@
4
4
  * SPDX-License-Identifier: Apache-2.0
5
5
  */
6
6
 
7
- import { InternalError } from "@matter/general";
8
- import { createHash, type Hash } from "node:crypto";
7
+ import { Bytes, Crypto, InternalError } from "@matter/general";
9
8
 
10
9
  const SHA256_LEN = 32;
11
10
 
@@ -26,24 +25,32 @@ const SHA256_LEN = 32;
26
25
  * Internal to `dtls/`; not re-exported from the package public API surface.
27
26
  */
28
27
  export class HandshakeTranscript {
29
- #hash: Hash = createHash("sha256");
28
+ readonly #crypto: Crypto;
29
+ readonly #chunks = new Array<Uint8Array>();
30
+
31
+ constructor(crypto: Crypto) {
32
+ this.#crypto = crypto;
33
+ }
30
34
 
31
35
  /**
32
36
  * Append a handshake message in DTLS 1.2 form
33
37
  * (`type(1) || length(3) || message_seq(2) || fragment_offset(3) || fragment_length(3) || body`).
34
38
  */
35
- appendHandshakeMessage(messageBytes: Uint8Array): void {
36
- this.#hash.update(messageBytes);
39
+ appendHandshakeMessage(messageBytes: Bytes): void {
40
+ const bytes = Bytes.of(messageBytes);
41
+ if (bytes.length > 0) {
42
+ // Copy: the deferred digest() must not observe caller mutations after append.
43
+ this.#chunks.push(new Uint8Array(bytes));
44
+ }
37
45
  }
38
46
 
39
47
  /**
40
- * Snapshot the running SHA-256 digest without disturbing the transcript so
41
- * the same accumulator can compute Finished for both peers and continue
42
- * absorbing later messages. Backed by `Hash.copy()` (Node.js >= 13.10).
48
+ * SHA-256 over the messages appended so far. Non-mutating: the buffer keeps
49
+ * growing, so the same transcript yields Finished for both peers and keeps
50
+ * absorbing later messages.
43
51
  */
44
- digest(): Uint8Array {
45
- const snapshot = this.#hash.copy();
46
- const out = new Uint8Array(snapshot.digest());
52
+ async digest(): Promise<Bytes> {
53
+ const out = Bytes.of(await this.#crypto.computeHash(this.#chunks));
47
54
  if (out.length !== SHA256_LEN) {
48
55
  throw new InternalError(`HandshakeTranscript digest length ${out.length} != ${SHA256_LEN}`);
49
56
  }
@@ -4,8 +4,7 @@
4
4
  * SPDX-License-Identifier: Apache-2.0
5
5
  */
6
6
 
7
- import { InternalError } from "@matter/general";
8
- import { createHmac } from "node:crypto";
7
+ import { Bytes, Crypto, InternalError } from "@matter/general";
9
8
 
10
9
  const SHA256_LEN = 32;
11
10
  const MASTER_SECRET_LEN = 48;
@@ -17,19 +16,14 @@ const VERIFY_DATA_LEN = 12;
17
16
 
18
17
  const ASCII_ENCODER = new TextEncoder();
19
18
 
20
- function hmacSha256(key: Uint8Array, data: Uint8Array): Uint8Array {
21
- const hmac = createHmac("sha256", key);
22
- hmac.update(data);
23
- return new Uint8Array(hmac.digest());
24
- }
25
-
26
- function expectLength(name: string, value: Uint8Array, expected: number): void {
27
- if (value.length !== expected) {
28
- throw new InternalError(`TlsPrf ${name} must be ${expected} bytes, got ${value.length}`);
19
+ function expectLength(name: string, value: Bytes, expected: number): void {
20
+ const length = value.byteLength;
21
+ if (length !== expected) {
22
+ throw new InternalError(`TlsPrf ${name} must be ${expected} bytes, got ${length}`);
29
23
  }
30
24
  }
31
25
 
32
- function pSha256(secret: Uint8Array, seed: Uint8Array, outputLength: number): Uint8Array {
26
+ async function pSha256(crypto: Crypto, secret: Bytes, seed: Bytes, outputLength: number): Promise<Uint8Array> {
33
27
  if (outputLength < 0) {
34
28
  throw new InternalError(`TlsPrf outputLength must be non-negative, got ${outputLength}`);
35
29
  }
@@ -37,19 +31,19 @@ function pSha256(secret: Uint8Array, seed: Uint8Array, outputLength: number): Ui
37
31
  if (outputLength === 0) {
38
32
  return out;
39
33
  }
40
- let a = hmacSha256(secret, seed);
41
- const block = new Uint8Array(SHA256_LEN + seed.length);
42
- block.set(seed, SHA256_LEN);
34
+ const seedBytes = Bytes.of(seed);
35
+ let a = Bytes.of(await crypto.signHmac(secret, seedBytes));
36
+ const block = new Uint8Array(SHA256_LEN + seedBytes.length);
37
+ block.set(seedBytes, SHA256_LEN);
43
38
  let written = 0;
44
39
  while (written < outputLength) {
45
40
  block.set(a, 0);
46
- const next = hmacSha256(secret, block);
47
- const remaining = outputLength - written;
48
- const copyLen = Math.min(SHA256_LEN, remaining);
41
+ const next = Bytes.of(await crypto.signHmac(secret, block));
42
+ const copyLen = Math.min(SHA256_LEN, outputLength - written);
49
43
  out.set(next.subarray(0, copyLen), written);
50
44
  written += copyLen;
51
45
  if (written < outputLength) {
52
- a = hmacSha256(secret, a);
46
+ a = Bytes.of(await crypto.signHmac(secret, a));
53
47
  }
54
48
  }
55
49
  return out;
@@ -74,18 +68,22 @@ export namespace TlsPrf {
74
68
  * concatenated with the seed (no length prefix). The label is ASCII per
75
69
  * RFC 5246; we encode it as UTF-8 which coincides for ASCII-only input.
76
70
  */
77
- export function compute(args: {
78
- secret: Uint8Array;
79
- label: string;
80
- seed: Uint8Array;
81
- outputLength: number;
82
- }): Uint8Array {
71
+ export async function compute(
72
+ crypto: Crypto,
73
+ args: {
74
+ secret: Bytes;
75
+ label: string;
76
+ seed: Bytes;
77
+ outputLength: number;
78
+ },
79
+ ): Promise<Bytes> {
83
80
  const { secret, label, seed, outputLength } = args;
84
81
  const labelBytes = ASCII_ENCODER.encode(label);
85
- const combined = new Uint8Array(labelBytes.length + seed.length);
82
+ const seedBytes = Bytes.of(seed);
83
+ const combined = new Uint8Array(labelBytes.length + seedBytes.length);
86
84
  combined.set(labelBytes, 0);
87
- combined.set(seed, labelBytes.length);
88
- return pSha256(secret, combined, outputLength);
85
+ combined.set(seedBytes, labelBytes.length);
86
+ return pSha256(crypto, secret, combined, outputLength);
89
87
  }
90
88
 
91
89
  /**
@@ -93,18 +91,26 @@ export namespace TlsPrf {
93
91
  * ClientHello.random || ServerHello.random)[0..47]`
94
92
  * (RFC 5246 §8.1).
95
93
  */
96
- export function masterSecret(args: {
97
- premasterSecret: Uint8Array;
98
- clientRandom: Uint8Array;
99
- serverRandom: Uint8Array;
100
- }): Uint8Array {
94
+ export async function masterSecret(
95
+ crypto: Crypto,
96
+ args: {
97
+ premasterSecret: Bytes;
98
+ clientRandom: Bytes;
99
+ serverRandom: Bytes;
100
+ },
101
+ ): Promise<Bytes> {
101
102
  const { premasterSecret, clientRandom, serverRandom } = args;
102
103
  expectLength("clientRandom", clientRandom, RANDOM_LEN);
103
104
  expectLength("serverRandom", serverRandom, RANDOM_LEN);
104
105
  const seed = new Uint8Array(RANDOM_LEN * 2);
105
- seed.set(clientRandom, 0);
106
- seed.set(serverRandom, RANDOM_LEN);
107
- return compute({ secret: premasterSecret, label: "master secret", seed, outputLength: MASTER_SECRET_LEN });
106
+ seed.set(Bytes.of(clientRandom), 0);
107
+ seed.set(Bytes.of(serverRandom), RANDOM_LEN);
108
+ return compute(crypto, {
109
+ secret: premasterSecret,
110
+ label: "master secret",
111
+ seed,
112
+ outputLength: MASTER_SECRET_LEN,
113
+ });
108
114
  }
109
115
 
110
116
  /**
@@ -112,10 +118,10 @@ export namespace TlsPrf {
112
118
  * (AEAD, no MAC keys; RFC 6655 §3, RFC 5246 §6.3).
113
119
  */
114
120
  export interface KeyBlock {
115
- clientWriteKey: Uint8Array;
116
- serverWriteKey: Uint8Array;
117
- clientWriteIv: Uint8Array;
118
- serverWriteIv: Uint8Array;
121
+ clientWriteKey: Bytes;
122
+ serverWriteKey: Bytes;
123
+ clientWriteIv: Bytes;
124
+ serverWriteIv: Bytes;
119
125
  }
120
126
 
121
127
  /**
@@ -129,19 +135,24 @@ export namespace TlsPrf {
129
135
  * `client_write_key (16) || server_write_key (16) ||
130
136
  * client_write_IV (4) || server_write_IV (4)`.
131
137
  */
132
- export function keyBlock(args: {
133
- masterSecret: Uint8Array;
134
- clientRandom: Uint8Array;
135
- serverRandom: Uint8Array;
136
- }): KeyBlock {
138
+ export async function keyBlock(
139
+ crypto: Crypto,
140
+ args: {
141
+ masterSecret: Bytes;
142
+ clientRandom: Bytes;
143
+ serverRandom: Bytes;
144
+ },
145
+ ): Promise<KeyBlock> {
137
146
  const { masterSecret: ms, clientRandom, serverRandom } = args;
138
147
  expectLength("masterSecret", ms, MASTER_SECRET_LEN);
139
148
  expectLength("clientRandom", clientRandom, RANDOM_LEN);
140
149
  expectLength("serverRandom", serverRandom, RANDOM_LEN);
141
150
  const seed = new Uint8Array(RANDOM_LEN * 2);
142
- seed.set(serverRandom, 0);
143
- seed.set(clientRandom, RANDOM_LEN);
144
- const block = compute({ secret: ms, label: "key expansion", seed, outputLength: KEY_BLOCK_LEN });
151
+ seed.set(Bytes.of(serverRandom), 0);
152
+ seed.set(Bytes.of(clientRandom), RANDOM_LEN);
153
+ const block = Bytes.of(
154
+ await compute(crypto, { secret: ms, label: "key expansion", seed, outputLength: KEY_BLOCK_LEN }),
155
+ );
145
156
  return {
146
157
  clientWriteKey: block.slice(0, KEY_LEN),
147
158
  serverWriteKey: block.slice(KEY_LEN, KEY_LEN * 2),
@@ -159,15 +170,18 @@ export namespace TlsPrf {
159
170
  * with `finished_label = "client finished"` for the client-sent Finished
160
171
  * and `"server finished"` for the server-sent one.
161
172
  */
162
- export function verifyData(args: {
163
- masterSecret: Uint8Array;
164
- role: "client" | "server";
165
- transcriptDigest: Uint8Array;
166
- }): Uint8Array {
173
+ export async function verifyData(
174
+ crypto: Crypto,
175
+ args: {
176
+ masterSecret: Bytes;
177
+ role: "client" | "server";
178
+ transcriptDigest: Bytes;
179
+ },
180
+ ): Promise<Bytes> {
167
181
  const { masterSecret: ms, role, transcriptDigest } = args;
168
182
  expectLength("masterSecret", ms, MASTER_SECRET_LEN);
169
183
  expectLength("transcriptDigest", transcriptDigest, SHA256_LEN);
170
184
  const label = role === "client" ? "client finished" : "server finished";
171
- return compute({ secret: ms, label, seed: transcriptDigest, outputLength: VERIFY_DATA_LEN });
185
+ return compute(crypto, { secret: ms, label, seed: transcriptDigest, outputLength: VERIFY_DATA_LEN });
172
186
  }
173
187
  }
@@ -4,8 +4,7 @@
4
4
  * SPDX-License-Identifier: Apache-2.0
5
5
  */
6
6
 
7
- import { InternalError } from "@matter/general";
8
- import { createCipheriv, createDecipheriv } from "node:crypto";
7
+ import { Bytes, Crypto, InternalError } from "@matter/general";
9
8
  import { DtlsError } from "../channel/DtlsChannel.js";
10
9
 
11
10
  const KEY_LEN = 16;
@@ -15,69 +14,44 @@ const TAG_LEN = 8;
15
14
  * AES-128-CCM with an 8-octet authentication tag, the AEAD primitive used by the
16
15
  * `TLS_ECJPAKE_WITH_AES_128_CCM_8` cipher suite (RFC 6655 §3, RFC 3610).
17
16
  *
18
- * Wraps Node's `aes-128-ccm` with a fixed 8-byte tag length and returns
19
- * `ciphertext || tag` to match the wire layout expected by the DTLS record layer.
17
+ * Delegates to the matter.js {@link Crypto} abstraction with a fixed 8-byte tag length
18
+ * and returns `ciphertext || tag` to match the wire layout expected by the DTLS record layer.
20
19
  *
21
20
  * The 12-byte nonce length implies CCM L=3 (15 - 12), giving a 2^24 byte payload
22
21
  * limit per record — well above the DTLS 16 KiB record cap.
23
22
  */
24
23
  export namespace AesCcm8 {
25
24
  export interface EncryptArgs {
26
- key: Uint8Array;
27
- nonce: Uint8Array;
28
- aad: Uint8Array;
29
- plaintext: Uint8Array;
25
+ key: Bytes;
26
+ nonce: Bytes;
27
+ aad: Bytes;
28
+ plaintext: Bytes;
30
29
  }
31
30
 
32
31
  export interface DecryptArgs {
33
- key: Uint8Array;
34
- nonce: Uint8Array;
35
- aad: Uint8Array;
36
- ciphertextWithTag: Uint8Array;
32
+ key: Bytes;
33
+ nonce: Bytes;
34
+ aad: Bytes;
35
+ ciphertextWithTag: Bytes;
37
36
  }
38
37
 
39
- export function encrypt({ key, nonce, aad, plaintext }: EncryptArgs): Uint8Array {
40
- if (key.length !== KEY_LEN) {
41
- throw new InternalError(`AES-128-CCM-8 key must be ${KEY_LEN} bytes, got ${key.length}`);
38
+ export async function encrypt(crypto: Crypto, { key, nonce, aad, plaintext }: EncryptArgs): Promise<Bytes> {
39
+ const keyBytes = Bytes.of(key);
40
+ if (keyBytes.length !== KEY_LEN) {
41
+ throw new InternalError(`AES-128-CCM-8 key must be ${KEY_LEN} bytes, got ${keyBytes.length}`);
42
42
  }
43
- const cipher = createCipheriv("aes-128-ccm", key, nonce, { authTagLength: TAG_LEN });
44
- cipher.setAAD(aad, { plaintextLength: plaintext.length });
45
- const body = cipher.update(plaintext);
46
- const tail = cipher.final();
47
- const tag = cipher.getAuthTag();
48
-
49
- const out = new Uint8Array(plaintext.length + TAG_LEN);
50
- out.set(body, 0);
51
- if (tail.length > 0) {
52
- out.set(tail, body.length);
53
- }
54
- out.set(tag, plaintext.length);
55
- return out;
43
+ return crypto.encrypt(keyBytes, plaintext, nonce, aad, TAG_LEN);
56
44
  }
57
45
 
58
- export function decrypt({ key, nonce, aad, ciphertextWithTag }: DecryptArgs): Uint8Array {
59
- if (key.length !== KEY_LEN) {
60
- throw new InternalError(`AES-128-CCM-8 key must be ${KEY_LEN} bytes, got ${key.length}`);
46
+ export async function decrypt(crypto: Crypto, { key, nonce, aad, ciphertextWithTag }: DecryptArgs): Promise<Bytes> {
47
+ const keyBytes = Bytes.of(key);
48
+ if (keyBytes.length !== KEY_LEN) {
49
+ throw new InternalError(`AES-128-CCM-8 key must be ${KEY_LEN} bytes, got ${keyBytes.length}`);
61
50
  }
62
- if (ciphertextWithTag.length < TAG_LEN) {
51
+ const ciphertextBytes = Bytes.of(ciphertextWithTag);
52
+ if (ciphertextBytes.length < TAG_LEN) {
63
53
  throw new DtlsError(`AES-128-CCM-8 input shorter than ${TAG_LEN}-byte tag`);
64
54
  }
65
- const ctLen = ciphertextWithTag.length - TAG_LEN;
66
- const ct = ciphertextWithTag.subarray(0, ctLen);
67
- const tag = ciphertextWithTag.subarray(ctLen);
68
-
69
- const decipher = createDecipheriv("aes-128-ccm", key, nonce, { authTagLength: TAG_LEN });
70
- decipher.setAAD(aad, { plaintextLength: ctLen });
71
- decipher.setAuthTag(tag);
72
- const body = decipher.update(ct);
73
- // CCM .final() throws on tag mismatch; bubble up unchanged.
74
- const tail = decipher.final();
75
-
76
- const out = new Uint8Array(ctLen);
77
- out.set(body, 0);
78
- if (tail.length > 0) {
79
- out.set(tail, body.length);
80
- }
81
- return out;
55
+ return crypto.decrypt(keyBytes, ciphertextBytes, nonce, aad, TAG_LEN);
82
56
  }
83
57
  }
@@ -4,7 +4,7 @@
4
4
  * SPDX-License-Identifier: Apache-2.0
5
5
  */
6
6
 
7
- import { InternalError } from "@matter/general";
7
+ import { Bytes, InternalError } from "@matter/general";
8
8
  import { AntiReplayWindow } from "./AntiReplayWindow.js";
9
9
  import { ContentType } from "./ContentType.js";
10
10
  import { DTLS_1_2_VERSION, type DtlsRecordCipherState } from "./DtlsRecord.js";
@@ -17,13 +17,13 @@ import { DTLS_1_2_VERSION, type DtlsRecordCipherState } from "./DtlsRecord.js";
17
17
  */
18
18
  export interface DtlsCipherStateInputs {
19
19
  /** 16-byte AES key the client uses to encrypt outbound records. */
20
- clientWriteKey: Uint8Array;
20
+ clientWriteKey: Bytes;
21
21
  /** 16-byte AES key the server uses to encrypt outbound records. */
22
- serverWriteKey: Uint8Array;
22
+ serverWriteKey: Bytes;
23
23
  /** 4-byte client implicit-IV salt (`client_write_IV`). */
24
- clientWriteSalt: Uint8Array;
24
+ clientWriteSalt: Bytes;
25
25
  /** 4-byte server implicit-IV salt (`server_write_IV`). */
26
- serverWriteSalt: Uint8Array;
26
+ serverWriteSalt: Bytes;
27
27
  }
28
28
 
29
29
  const KEY_LEN = 16;
@@ -33,11 +33,12 @@ const AAD_LEN = 13;
33
33
  const MAX_EPOCH = 0xffff;
34
34
  const MAX_SEQ = (1n << 48n) - 1n;
35
35
 
36
- function copyExpect(name: string, value: Uint8Array, expectedLen: number): Uint8Array {
37
- if (value.length !== expectedLen) {
38
- throw new InternalError(`DtlsCipherState ${name} must be ${expectedLen} bytes, got ${value.length}`);
36
+ function copyExpect(name: string, value: Bytes, expectedLen: number): Uint8Array {
37
+ const bytes = Bytes.of(value);
38
+ if (bytes.length !== expectedLen) {
39
+ throw new InternalError(`DtlsCipherState ${name} must be ${expectedLen} bytes, got ${bytes.length}`);
39
40
  }
40
- return new Uint8Array(value);
41
+ return new Uint8Array(bytes);
41
42
  }
42
43
 
43
44
  /**
@@ -144,21 +145,24 @@ export class DtlsCipherState implements DtlsRecordCipherState {
144
145
  return this.#readWindow.check(seqNum);
145
146
  }
146
147
 
147
- encryptParams(): { key: Uint8Array; salt: Uint8Array } {
148
+ encryptParams(): { key: Bytes; salt: Bytes } {
148
149
  return this.role === "client"
149
150
  ? { key: this.#clientWriteKey, salt: this.#clientWriteSalt }
150
151
  : { key: this.#serverWriteKey, salt: this.#serverWriteSalt };
151
152
  }
152
153
 
153
- decryptParams(): { key: Uint8Array; salt: Uint8Array } {
154
+ decryptParams(): { key: Bytes; salt: Bytes } {
154
155
  return this.role === "client"
155
156
  ? { key: this.#serverWriteKey, salt: this.#serverWriteSalt }
156
157
  : { key: this.#clientWriteKey, salt: this.#clientWriteSalt };
157
158
  }
158
159
 
159
- nonceFor(salt: Uint8Array, epoch: number, seqNum: bigint): Uint8Array {
160
- if (salt.length !== SALT_LEN) {
161
- throw new InternalError(`DtlsCipherState nonceFor: salt must be ${SALT_LEN} bytes, got ${salt.length}`);
160
+ nonceFor(salt: Bytes, epoch: number, seqNum: bigint): Bytes {
161
+ const saltBytes = Bytes.of(salt);
162
+ if (saltBytes.length !== SALT_LEN) {
163
+ throw new InternalError(
164
+ `DtlsCipherState nonceFor: salt must be ${SALT_LEN} bytes, got ${saltBytes.length}`,
165
+ );
162
166
  }
163
167
  if (epoch < 0 || epoch > MAX_EPOCH) {
164
168
  throw new InternalError(`DtlsCipherState nonceFor: epoch ${epoch} out of range`);
@@ -167,7 +171,7 @@ export class DtlsCipherState implements DtlsRecordCipherState {
167
171
  throw new InternalError(`DtlsCipherState nonceFor: seqNum ${seqNum} out of range`);
168
172
  }
169
173
  const out = new Uint8Array(NONCE_LEN);
170
- out.set(salt, 0);
174
+ out.set(saltBytes, 0);
171
175
  out[4] = (epoch >>> 8) & 0xff;
172
176
  out[5] = epoch & 0xff;
173
177
  for (let i = 0; i < 6; i++) {
@@ -176,7 +180,7 @@ export class DtlsCipherState implements DtlsRecordCipherState {
176
180
  return out;
177
181
  }
178
182
 
179
- aadFor(type: ContentType, epoch: number, seqNum: bigint, plaintextLen: number): Uint8Array {
183
+ aadFor(type: ContentType, epoch: number, seqNum: bigint, plaintextLen: number): Bytes {
180
184
  if (epoch < 0 || epoch > MAX_EPOCH) {
181
185
  throw new InternalError(`DtlsCipherState aadFor: epoch ${epoch} out of range`);
182
186
  }
@@ -4,7 +4,7 @@
4
4
  * SPDX-License-Identifier: Apache-2.0
5
5
  */
6
6
 
7
- import { InternalError, MatterError } from "@matter/general";
7
+ import { Bytes, Crypto, InternalError, MatterError } from "@matter/general";
8
8
  import { DtlsError } from "../channel/DtlsChannel.js";
9
9
  import { AesCcm8 } from "./AesCcm8.js";
10
10
  import { ContentType, isContentType } from "./ContentType.js";
@@ -35,13 +35,13 @@ export const DTLS_HEADER_LEN = 13;
35
35
  */
36
36
  export interface DtlsRecordCipherState {
37
37
  /** AES key + 4-byte salt to use for outbound (encrypt) records. */
38
- encryptParams(): { key: Uint8Array; salt: Uint8Array };
38
+ encryptParams(): { key: Bytes; salt: Bytes };
39
39
  /** AES key + 4-byte salt to use for inbound (decrypt) records. */
40
- decryptParams(): { key: Uint8Array; salt: Uint8Array };
40
+ decryptParams(): { key: Bytes; salt: Bytes };
41
41
  /** Build the 12-byte CCM nonce: salt(4) || epoch(2) || seq(6). */
42
- nonceFor(salt: Uint8Array, epoch: number, seqNum: bigint): Uint8Array;
42
+ nonceFor(salt: Bytes, epoch: number, seqNum: bigint): Bytes;
43
43
  /** Build the 13-byte DTLS AAD: epoch||seq(8) || type(1) || version(2) || plaintextLen(2). */
44
- aadFor(type: ContentType, epoch: number, seqNum: bigint, plaintextLen: number): Uint8Array;
44
+ aadFor(type: ContentType, epoch: number, seqNum: bigint, plaintextLen: number): Bytes;
45
45
  /** Optional read-side replay-window check; absent on test doubles or pre-handshake states. */
46
46
  acceptIncoming?(epoch: number, seqNum: bigint): boolean;
47
47
  }
@@ -72,7 +72,7 @@ export interface DtlsRecord {
72
72
  type: ContentType;
73
73
  epoch: number;
74
74
  sequenceNumber: bigint;
75
- fragment: Uint8Array;
75
+ fragment: Bytes;
76
76
  }
77
77
 
78
78
  const MAX_EPOCH = 0xffff;
@@ -119,7 +119,7 @@ function readUint48BE(buf: Uint8Array, offset: number): bigint {
119
119
  * decode invokes it after AEAD success and throws {@link DtlsReplayError} on rejection.
120
120
  */
121
121
  export namespace DtlsRecord {
122
- export function encode(record: DtlsRecord, state?: DtlsRecordCipherState): Uint8Array {
122
+ export async function encode(crypto: Crypto, record: DtlsRecord, state?: DtlsRecordCipherState): Promise<Bytes> {
123
123
  if (record.epoch < 0 || record.epoch > MAX_EPOCH) {
124
124
  throw new InternalError(`DTLS epoch out of range: ${record.epoch}`);
125
125
  }
@@ -129,20 +129,21 @@ export namespace DtlsRecord {
129
129
  if (!isContentType(record.type)) {
130
130
  throw new InternalError(`DTLS unknown ContentType: ${record.type}`);
131
131
  }
132
+ const fragmentIn = Bytes.of(record.fragment);
132
133
 
133
134
  let fragment: Uint8Array;
134
135
  if (record.epoch === 0) {
135
- if (record.fragment.length > DTLS_MAX_FRAGMENT_LEN) {
136
+ if (fragmentIn.length > DTLS_MAX_FRAGMENT_LEN) {
136
137
  throw new InternalError(
137
- `DTLS plaintext fragment too large: ${record.fragment.length} > ${DTLS_MAX_FRAGMENT_LEN}`,
138
+ `DTLS plaintext fragment too large: ${fragmentIn.length} > ${DTLS_MAX_FRAGMENT_LEN}`,
138
139
  );
139
140
  }
140
- fragment = record.fragment;
141
+ fragment = fragmentIn;
141
142
  } else {
142
143
  if (state === undefined) {
143
144
  throw new InternalError(`DTLS encode at epoch ${record.epoch} requires cipher state`);
144
145
  }
145
- const plaintextLen = record.fragment.length;
146
+ const plaintextLen = fragmentIn.length;
146
147
  if (plaintextLen + DTLS_AEAD_OVERHEAD > DTLS_MAX_FRAGMENT_LEN) {
147
148
  throw new InternalError(
148
149
  `DTLS encrypted fragment too large: ${plaintextLen + DTLS_AEAD_OVERHEAD} > ${DTLS_MAX_FRAGMENT_LEN}`,
@@ -151,7 +152,7 @@ export namespace DtlsRecord {
151
152
  const { key, salt } = state.encryptParams();
152
153
  const nonce = state.nonceFor(salt, record.epoch, record.sequenceNumber);
153
154
  const aad = state.aadFor(record.type, record.epoch, record.sequenceNumber, plaintextLen);
154
- const cipherWithTag = AesCcm8.encrypt({ key, nonce, aad, plaintext: record.fragment });
155
+ const cipherWithTag = Bytes.of(await AesCcm8.encrypt(crypto, { key, nonce, aad, plaintext: fragmentIn }));
155
156
 
156
157
  fragment = new Uint8Array(8 + cipherWithTag.length);
157
158
  // Explicit nonce on the wire mirrors the (epoch || seq) bytes of the AAD/nonce.
@@ -177,7 +178,8 @@ export namespace DtlsRecord {
177
178
  consumed: number;
178
179
  }
179
180
 
180
- export function decode(bytes: Uint8Array, state?: DtlsRecordCipherState): DecodeResult {
181
+ export async function decode(crypto: Crypto, input: Bytes, state?: DtlsRecordCipherState): Promise<DecodeResult> {
182
+ const bytes = Bytes.of(input);
181
183
  if (bytes.length < DTLS_HEADER_LEN) {
182
184
  throw new DtlsError(`DTLS record header truncated: have ${bytes.length}, need ${DTLS_HEADER_LEN}`);
183
185
  }
@@ -203,7 +205,7 @@ export namespace DtlsRecord {
203
205
  throw new DtlsError(`DTLS record truncated: header says ${length}, have ${bytes.length - DTLS_HEADER_LEN}`);
204
206
  }
205
207
 
206
- let fragment: Uint8Array;
208
+ let fragment: Bytes;
207
209
  if (epoch === 0) {
208
210
  fragment = bytes.slice(DTLS_HEADER_LEN, total);
209
211
  } else {
@@ -233,7 +235,7 @@ export namespace DtlsRecord {
233
235
  }
234
236
  const nonce = state.nonceFor(salt, epoch, sequenceNumber);
235
237
  const aad = state.aadFor(type, epoch, sequenceNumber, plaintextLen);
236
- fragment = AesCcm8.decrypt({ key, nonce, aad, ciphertextWithTag: cipherWithTag });
238
+ fragment = await AesCcm8.decrypt(crypto, { key, nonce, aad, ciphertextWithTag: cipherWithTag });
237
239
  // Anti-replay applies only to AEAD-protected records; epoch=0 plaintext has
238
240
  // no integrity check that a replay tracker could meaningfully gate.
239
241
  if (state.acceptIncoming !== undefined && !state.acceptIncoming(epoch, sequenceNumber)) {
@@ -4,19 +4,19 @@
4
4
  * SPDX-License-Identifier: Apache-2.0
5
5
  */
6
6
 
7
+ import type { Bytes } from "@matter/general";
8
+
7
9
  /**
8
10
  * Snapshot of an OTBR REST endpoint as observed by {@link OtbrRestProbe}.
9
11
  *
10
12
  * `keyFormat` reflects the case convention the BR's REST surface uses on the
11
13
  * wire (older OTBR builds = pascal, post-2024 builds = camel). The probe
12
- * detects this from the presence/absence of `/api/actions` — see
13
- * python-otbr-api `_async_detect_case`.
14
+ * detects this from the key casing of the `/node` response.
14
15
  */
15
16
  export interface OtbrRestCapability {
16
17
  baseUrl: string;
17
18
  keyFormat: "camel" | "pascal";
18
- apiVersion?: string;
19
19
  probedAt: number;
20
20
  networkName: string;
21
- extPanId: Uint8Array;
21
+ extPanId: Bytes;
22
22
  }