@nexwage/crypto 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. package/README.md +8 -0
  2. package/dist/crypto/group.d.ts +102 -0
  3. package/dist/crypto/group.d.ts.map +1 -0
  4. package/dist/crypto/group.js +228 -0
  5. package/dist/crypto/group.js.map +1 -0
  6. package/dist/crypto/key-exchange.d.ts +61 -0
  7. package/dist/crypto/key-exchange.d.ts.map +1 -0
  8. package/dist/crypto/key-exchange.js +89 -0
  9. package/dist/crypto/key-exchange.js.map +1 -0
  10. package/dist/crypto/signature.d.ts +55 -0
  11. package/dist/crypto/signature.d.ts.map +1 -0
  12. package/dist/crypto/signature.js +95 -0
  13. package/dist/crypto/signature.js.map +1 -0
  14. package/dist/index.d.ts +7 -0
  15. package/dist/index.d.ts.map +1 -1
  16. package/dist/index.js +3 -0
  17. package/dist/index.js.map +1 -1
  18. package/package.json +1 -1
package/README.md CHANGED
@@ -115,6 +115,7 @@ Semua fungsi diekspor dari `@nexwage/crypto`.
115
115
  | Key Exchange (X25519) | Secure session key (chat, realtime sync) | Negosiasi kunci simetris tanpa berbagi rahasia | `deriveClientSessionKeys` + `deriveServerSessionKeys` |
116
116
  | Sealed Box | Share ke penerima tanpa keypair pengirim | Enkripsi langsung ke public key penerima | `encryptSealedBox` untuk file sharing 1:1 |
117
117
  | Signature (Ed25519) | Audit log, proof of authorship | Verifikasi integritas dan sumber data | Tanda tangan metadata/commit dengan `signMessage` |
118
+ | Signature Anti‑Replay | API request sensitif (approve, payment, revoke) | Mencegah replay dengan nonce+timestamp | `signMessageWithNonce` + simpan nonce di server |
118
119
 
119
120
  #### Group (MLS-like)
120
121
 
@@ -139,6 +140,7 @@ Semua fungsi diekspor dari `@nexwage/crypto`.
139
140
  - `KeyExchangeKeyPair`
140
141
  - `SessionKeys`
141
142
  - `SigningKeyPair`
143
+ - `SignedMessageV1`
142
144
  - `GroupMember`
143
145
  - `GroupMemberWire`
144
146
  - `GroupState`
@@ -225,6 +227,12 @@ Signature (Ed25519):
225
227
  - `generateSigningKeyPair(): Promise<{ publicKey; privateKey }>`
226
228
  - `signMessage(message, privateKey): Promise<Uint8Array>`
227
229
  - `verifySignature(message, signature, publicKey): Promise<boolean>`
230
+ - `signMessageWithNonce(message, privateKey, opts?): Promise<SignedMessageV1>`
231
+ - `verifySignedMessage(payload, publicKey): Promise<boolean>`
232
+
233
+ Anti‑replay:
234
+ - `signMessageWithNonce` menambahkan `nonce` + `timestamp` ke payload yang ditandatangani.
235
+ - Simpan nonce yang sudah dipakai (mis. di cache/DB) untuk mencegah replay.
228
236
 
229
237
  ### Group (MLS-like, tahap awal)
230
238
 
package/dist/crypto/group.d.ts ADDED
@@ -0,0 +1,102 @@
1
+ export type GroupMember = {
2
+ id: string;
3
+ encPublicKey: Uint8Array;
4
+ signPublicKey?: Uint8Array;
5
+ };
6
+ export type GroupMemberWire = {
7
+ id: string;
8
+ encPublicKey: string;
9
+ signPublicKey?: string;
10
+ };
11
+ export type GroupState = {
12
+ groupId: string;
13
+ epoch: number;
14
+ members: GroupMember[];
15
+ secret: Uint8Array;
16
+ };
17
+ export type GroupWelcome = {
18
+ groupId: string;
19
+ epoch: number;
20
+ members: GroupMemberWire[];
21
+ encryptedSecrets: Record<string, string>;
22
+ };
23
+ export type GroupCommitAction = "add" | "remove" | "rotate";
24
+ export type GroupCommit = {
25
+ groupId: string;
26
+ epoch: number;
27
+ senderId: string;
28
+ action: GroupCommitAction;
29
+ members: GroupMemberWire[];
30
+ removedMemberIds?: string[];
31
+ encryptedSecrets: Record<string, string>;
32
+ signature: string;
33
+ };
34
+ type KeyPair = {
35
+ publicKey: Uint8Array;
36
+ privateKey: Uint8Array;
37
+ };
38
+ /**
39
+ * Buat group baru dengan secret awal.
40
+ *
41
+ * @param groupId - ID group.
42
+ * @param members - Daftar member awal.
43
+ * @returns State group dan welcome payload.
44
+ */
45
+ export declare function createGroupState(groupId: string, members: GroupMember[]): Promise<{
46
+ state: GroupState;
47
+ welcome: GroupWelcome;
48
+ }>;
49
+ /**
50
+ * Buka welcome payload untuk memperoleh state group.
51
+ *
52
+ * @param welcome - Welcome payload.
53
+ * @param recipientId - ID member penerima.
54
+ * @param recipientKeyPair - Keypair enkripsi penerima.
55
+ * @returns State group.
56
+ */
57
+ export declare function openGroupWelcome(welcome: GroupWelcome, recipientId: string, recipientKeyPair: KeyPair): Promise<GroupState>;
58
+ /**
59
+ * Derivasi group key dari secret + epoch.
60
+ *
61
+ * @param state - State group.
62
+ * @returns Group key 32-byte.
63
+ */
64
+ export declare function deriveGroupKey(state: GroupState): Promise<Uint8Array>;
65
+ /**
66
+ * Buat commit untuk add/remove/rotate member.
67
+ *
68
+ * @param state - State group saat ini.
69
+ * @param senderId - ID pengirim commit.
70
+ * @param senderSignPrivateKey - Private key Ed25519 pengirim.
71
+ * @param action - Jenis aksi commit.
72
+ * @param memberUpdates - Member yang ditambah/dihapus.
73
+ * @returns Commit + state baru.
74
+ */
75
+ export declare function createGroupCommit(state: GroupState, senderId: string, senderSignPrivateKey: Uint8Array, action: GroupCommitAction, memberUpdates?: {
76
+ add?: GroupMember[];
77
+ removeIds?: string[];
78
+ }): Promise<{
79
+ commit: GroupCommit;
80
+ state: GroupState;
81
+ }>;
82
+ /**
83
+ * Verifikasi signature commit.
84
+ *
85
+ * @param commit - Commit payload.
86
+ * @param senderSignPublicKey - Public key Ed25519 pengirim.
87
+ * @returns True jika valid.
88
+ */
89
+ export declare function verifyGroupCommitSignature(commit: GroupCommit, senderSignPublicKey: Uint8Array): Promise<boolean>;
90
+ /**
91
+ * Apply commit ke state lokal.
92
+ *
93
+ * @param state - State saat ini.
94
+ * @param commit - Commit terbaru.
95
+ * @param recipientId - ID member penerima.
96
+ * @param recipientKeyPair - Keypair enkripsi penerima.
97
+ * @param senderSignPublicKey - Public key Ed25519 pengirim.
98
+ * @returns State baru.
99
+ */
100
+ export declare function applyGroupCommit(state: GroupState, commit: GroupCommit, recipientId: string, recipientKeyPair: KeyPair, senderSignPublicKey: Uint8Array): Promise<GroupState>;
101
+ export {};
102
+ //# sourceMappingURL=group.d.ts.map
package/dist/crypto/group.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"group.d.ts","sourceRoot":"","sources":["../../src/crypto/group.ts"],"names":[],"mappings":"AAIA,MAAM,MAAM,WAAW,GAAG;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,UAAU,CAAC;IACzB,aAAa,CAAC,EAAE,UAAU,CAAC;CAC5B,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,WAAW,EAAE,CAAC;IACvB,MAAM,EAAE,UAAU,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,YAAY,GAAG;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,eAAe,EAAE,CAAC;IAC3B,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC1C,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG,KAAK,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAE5D,MAAM,MAAM,WAAW,GAAG;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,iBAAiB,CAAC;IAC1B,OAAO,EAAE,eAAe,EAAE,CAAC;IAC3B,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACzC,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,KAAK,OAAO,GAAG;IAAE,SAAS,EAAE,UAAU,CAAC;IAAC,UAAU,EAAE,UAAU,CAAA;CAAE,CAAC;AAqFjE;;;;;;GAMG;AACH,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,WAAW,EAAE,GACrB,OAAO,CAAC;IAAE,KAAK,EAAE,UAAU,CAAC;IAAC,OAAO,EAAE,YAAY,CAAA;CAAE,CAAC,CAwBvD;AAED;;;;;;;GAOG;AACH,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,YAAY,EACrB,WAAW,EAAE,MAAM,EACnB,gBAAgB,EAAE,OAAO,GACxB,OAAO,CAAC,UAAU,CAAC,CAYrB;AAED;;;;;GAKG;AACH,wBAAsB,cAAc,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAa3E;AAED;;;;;;;;;GASG;AACH,wBAAsB,iBAAiB,CACrC,KAAK,EAAE,UAAU,EACjB,QAAQ,EAAE,MAAM,EAChB,oBAAoB,EAAE,UAAU,EAChC,MAAM,EAAE,iBAAiB,EACzB,aAAa,CAAC,EAAE;IACd,GAAG,CAAC,EAAE,WAAW,EAAE,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB,GACA,OAAO,CAAC;IAAE,MAAM,EAAE,WAAW,CAAC;IAAC,KAAK,EAAE,UAAU,CAAA;CAAE,CAAC,CAyDrD;AAED;;;;;;GAMG;AACH,wBAAsB,0BAA0B,CAC9C,MAAM,EAAE,WAAW,EACnB,mBAAmB,EAAE,UAAU,GAC9B,OAAO,CAAC,OAAO,CAAC,CAclB;AAED;;;;;;;;;GASG;AACH,wBAAsB,gBAAgB,CACpC,KAAK,EAAE,UAAU,EACjB,MAAM,EAAE,WAAW,EACnB,WAAW,EAAE,MAAM,EACnB,gBAAgB,EAAE,OAAO,EACzB,mBAAmB,EAAE,UAAU,GAC9B,OAAO,CAAC,UAAU,CAAC,CAsBrB"}
package/dist/crypto/group.js ADDED
@@ -0,0 +1,228 @@
1
+ import sodium from "libsodium-wrappers-sumo";
2
+ import { assertByteLength } from "../utils/bytes.js";
3
+ import { decodeBase64, encodeBase64 } from "../utils/encoding.js";
4
+ function sortMembers(members) {
5
+ return [...members].sort((a, b) => a.id.localeCompare(b.id));
6
+ }
7
+ function toWireMember(member) {
8
+ const base = {
9
+ id: member.id,
10
+ encPublicKey: encodeBase64(member.encPublicKey),
11
+ };
12
+ return member.signPublicKey
13
+ ? { ...base, signPublicKey: encodeBase64(member.signPublicKey) }
14
+ : base;
15
+ }
16
+ function toStateMember(member) {
17
+ const base = {
18
+ id: member.id,
19
+ encPublicKey: decodeBase64(member.encPublicKey),
20
+ };
21
+ return member.signPublicKey
22
+ ? { ...base, signPublicKey: decodeBase64(member.signPublicKey) }
23
+ : base;
24
+ }
25
+ function canonicalizeCommitForSigning(commit) {
26
+ const members = sortMembers(commit.members);
27
+ const encryptedSecrets = Object.keys(commit.encryptedSecrets)
28
+ .sort()
29
+ .reduce((acc, key) => {
30
+ const value = commit.encryptedSecrets[key];
31
+ if (value) {
32
+ acc[key] = value;
33
+ }
34
+ return acc;
35
+ }, {});
36
+ return JSON.stringify({
37
+ groupId: commit.groupId,
38
+ epoch: commit.epoch,
39
+ senderId: commit.senderId,
40
+ action: commit.action,
41
+ members,
42
+ removedMemberIds: commit.removedMemberIds ?? [],
43
+ encryptedSecrets,
44
+ });
45
+ }
46
+ async function encryptSecretForMember(secret, member) {
47
+ await sodium.ready;
48
+ assertByteLength("encPublicKey", member.encPublicKey, sodium.crypto_box_PUBLICKEYBYTES);
49
+ const ciphertext = sodium.crypto_box_seal(secret, member.encPublicKey);
50
+ return encodeBase64(ciphertext);
51
+ }
52
+ async function decryptSecretForMember(ciphertextB64, keyPair) {
53
+ await sodium.ready;
54
+ assertByteLength("encPublicKey", keyPair.publicKey, sodium.crypto_box_PUBLICKEYBYTES);
55
+ assertByteLength("encPrivateKey", keyPair.privateKey, sodium.crypto_box_SECRETKEYBYTES);
56
+ const ciphertext = decodeBase64(ciphertextB64);
57
+ return sodium.crypto_box_seal_open(ciphertext, keyPair.publicKey, keyPair.privateKey);
58
+ }
59
+ /**
60
+ * Buat group baru dengan secret awal.
61
+ *
62
+ * @param groupId - ID group.
63
+ * @param members - Daftar member awal.
64
+ * @returns State group dan welcome payload.
65
+ */
66
+ export async function createGroupState(groupId, members) {
67
+ await sodium.ready;
68
+ const secret = sodium.randombytes_buf(32);
69
+ const sortedMembers = sortMembers(members);
70
+ const encryptedSecrets = {};
71
+ for (const member of sortedMembers) {
72
+ encryptedSecrets[member.id] = await encryptSecretForMember(secret, member);
73
+ }
74
+ return {
75
+ state: {
76
+ groupId,
77
+ epoch: 0,
78
+ members: sortedMembers,
79
+ secret,
80
+ },
81
+ welcome: {
82
+ groupId,
83
+ epoch: 0,
84
+ members: sortedMembers.map(toWireMember),
85
+ encryptedSecrets,
86
+ },
87
+ };
88
+ }
89
+ /**
90
+ * Buka welcome payload untuk memperoleh state group.
91
+ *
92
+ * @param welcome - Welcome payload.
93
+ * @param recipientId - ID member penerima.
94
+ * @param recipientKeyPair - Keypair enkripsi penerima.
95
+ * @returns State group.
96
+ */
97
+ export async function openGroupWelcome(welcome, recipientId, recipientKeyPair) {
98
+ const ciphertextB64 = welcome.encryptedSecrets[recipientId];
99
+ if (!ciphertextB64) {
100
+ throw new Error("Welcome tidak berisi secret untuk member ini");
101
+ }
102
+ const secret = await decryptSecretForMember(ciphertextB64, recipientKeyPair);
103
+ return {
104
+ groupId: welcome.groupId,
105
+ epoch: welcome.epoch,
106
+ members: welcome.members.map(toStateMember),
107
+ secret,
108
+ };
109
+ }
110
+ /**
111
+ * Derivasi group key dari secret + epoch.
112
+ *
113
+ * @param state - State group.
114
+ * @returns Group key 32-byte.
115
+ */
116
+ export async function deriveGroupKey(state) {
117
+ await sodium.ready;
118
+ const epochBytes = new Uint8Array(4);
119
+ const view = new DataView(epochBytes.buffer);
120
+ view.setUint32(0, state.epoch, false);
121
+ const context = new TextEncoder().encode("group-key");
122
+ const input = new Uint8Array(context.length + epochBytes.length + state.secret.length);
123
+ input.set(context, 0);
124
+ input.set(epochBytes, context.length);
125
+ input.set(state.secret, context.length + epochBytes.length);
126
+ return sodium.crypto_generichash(32, input);
127
+ }
128
+ /**
129
+ * Buat commit untuk add/remove/rotate member.
130
+ *
131
+ * @param state - State group saat ini.
132
+ * @param senderId - ID pengirim commit.
133
+ * @param senderSignPrivateKey - Private key Ed25519 pengirim.
134
+ * @param action - Jenis aksi commit.
135
+ * @param memberUpdates - Member yang ditambah/dihapus.
136
+ * @returns Commit + state baru.
137
+ */
138
+ export async function createGroupCommit(state, senderId, senderSignPrivateKey, action, memberUpdates) {
139
+ await sodium.ready;
140
+ assertByteLength("senderSignPrivateKey", senderSignPrivateKey, sodium.crypto_sign_SECRETKEYBYTES);
141
+ const removeIds = new Set(memberUpdates?.removeIds ?? []);
142
+ const members = action === "add"
143
+ ? sortMembers([...(state.members ?? []), ...(memberUpdates?.add ?? [])])
144
+ : action === "remove"
145
+ ? sortMembers(state.members.filter((m) => !removeIds.has(m.id)))
146
+ : sortMembers(state.members);
147
+ const secret = sodium.randombytes_buf(32);
148
+ const encryptedSecrets = {};
149
+ for (const member of members) {
150
+ encryptedSecrets[member.id] = await encryptSecretForMember(secret, member);
151
+ }
152
+ const basePayload = {
153
+ groupId: state.groupId,
154
+ epoch: state.epoch + 1,
155
+ senderId,
156
+ action,
157
+ members: members.map(toWireMember),
158
+ encryptedSecrets,
159
+ };
160
+ const payload = action === "remove"
161
+ ? {
162
+ ...basePayload,
163
+ removedMemberIds: Array.from(removeIds.values()),
164
+ }
165
+ : basePayload;
166
+ const toSign = canonicalizeCommitForSigning(payload);
167
+ const signature = sodium.crypto_sign_detached(new TextEncoder().encode(toSign), senderSignPrivateKey);
168
+ return {
169
+ commit: {
170
+ ...payload,
171
+ signature: encodeBase64(signature),
172
+ },
173
+ state: {
174
+ groupId: state.groupId,
175
+ epoch: state.epoch + 1,
176
+ members,
177
+ secret,
178
+ },
179
+ };
180
+ }
181
+ /**
182
+ * Verifikasi signature commit.
183
+ *
184
+ * @param commit - Commit payload.
185
+ * @param senderSignPublicKey - Public key Ed25519 pengirim.
186
+ * @returns True jika valid.
187
+ */
188
+ export async function verifyGroupCommitSignature(commit, senderSignPublicKey) {
189
+ await sodium.ready;
190
+ assertByteLength("senderSignPublicKey", senderSignPublicKey, sodium.crypto_sign_PUBLICKEYBYTES);
191
+ const { signature, ...payload } = commit;
192
+ const toVerify = canonicalizeCommitForSigning(payload);
193
+ return sodium.crypto_sign_verify_detached(decodeBase64(signature), new TextEncoder().encode(toVerify), senderSignPublicKey);
194
+ }
195
+ /**
196
+ * Apply commit ke state lokal.
197
+ *
198
+ * @param state - State saat ini.
199
+ * @param commit - Commit terbaru.
200
+ * @param recipientId - ID member penerima.
201
+ * @param recipientKeyPair - Keypair enkripsi penerima.
202
+ * @param senderSignPublicKey - Public key Ed25519 pengirim.
203
+ * @returns State baru.
204
+ */
205
+ export async function applyGroupCommit(state, commit, recipientId, recipientKeyPair, senderSignPublicKey) {
206
+ if (commit.groupId !== state.groupId) {
207
+ throw new Error("groupId commit tidak cocok");
208
+ }
209
+ if (commit.epoch !== state.epoch + 1) {
210
+ throw new Error("epoch commit tidak valid");
211
+ }
212
+ const ok = await verifyGroupCommitSignature(commit, senderSignPublicKey);
213
+ if (!ok) {
214
+ throw new Error("signature commit tidak valid");
215
+ }
216
+ const ciphertextB64 = commit.encryptedSecrets[recipientId];
217
+ if (!ciphertextB64) {
218
+ throw new Error("commit tidak berisi secret untuk member ini");
219
+ }
220
+ const secret = await decryptSecretForMember(ciphertextB64, recipientKeyPair);
221
+ return {
222
+ groupId: commit.groupId,
223
+ epoch: commit.epoch,
224
+ members: commit.members.map(toStateMember),
225
+ secret,
226
+ };
227
+ }
228
+ //# sourceMappingURL=group.js.map
package/dist/crypto/group.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"group.js","sourceRoot":"","sources":["../../src/crypto/group.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,yBAAyB,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AA2ClE,SAAS,WAAW,CAA2B,OAAY;IACzD,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED,SAAS,YAAY,CAAC,MAAmB;IACvC,MAAM,IAAI,GAAG;QACX,EAAE,EAAE,MAAM,CAAC,EAAE;QACb,YAAY,EAAE,YAAY,CAAC,MAAM,CAAC,YAAY,CAAC;KAChD,CAAC;IACF,OAAO,MAAM,CAAC,aAAa;QACzB,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,aAAa,EAAE,YAAY,CAAC,MAAM,CAAC,aAAa,CAAC,EAAE;QAChE,CAAC,CAAC,IAAI,CAAC;AACX,CAAC;AAED,SAAS,aAAa,CAAC,MAAuB;IAC5C,MAAM,IAAI,GAAG;QACX,EAAE,EAAE,MAAM,CAAC,EAAE;QACb,YAAY,EAAE,YAAY,CAAC,MAAM,CAAC,YAAY,CAAC;KAChD,CAAC;IACF,OAAO,MAAM,CAAC,aAAa;QACzB,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,aAAa,EAAE,YAAY,CAAC,MAAM,CAAC,aAAa,CAAC,EAAE;QAChE,CAAC,CAAC,IAAI,CAAC;AACX,CAAC;AAED,SAAS,4BAA4B,CAAC,MAAsC;IAC1E,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC5C,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC;SAC1D,IAAI,EAAE;SACN,MAAM,CAAyB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAC3C,MAAM,KAAK,GAAG,MAAM,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;QAC3C,IAAI,KAAK,EAAE,CAAC;YACV,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACnB,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,EAAE,CAAC,CAAC;IACT,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,OAAO;QACP,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,IAAI,EAAE;QAC/C,gBAAgB;KACjB,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,sBAAsB,CACnC,MAAkB,EAClB,MAAmB;IAEnB,MAAM,MAAM,CAAC,KAAK,CAAC;IACnB,gBAAgB,CACd,cAAc,EACd,MAAM,CAAC,YAAY,EACnB,MAAM,CAAC,yBAAyB,CACjC,CAAC;IACF,MAAM,UAAU,GAAG,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;IACvE,OAAO,YAAY,CAAC,UAAU,CAAC,CAAC;AAClC,CAAC;AAED,KAAK,UAAU,sBAAsB,CACnC,aAAqB,EACrB,OAAgB;IAEhB,MAAM,MAAM,CAAC,KAAK,CAAC;IACnB,gBAAgB,CACd,cAAc,EACd,OAAO,CAAC,SAAS,EACjB,MAAM,CAAC,yBAAyB,CACjC,CAAC;IACF,gBAAgB,CACd,eAAe,EACf,OAAO,CAAC,UAAU,EAClB,MAAM,CAAC,yBAAyB,CACjC,CAAC;IACF,MAAM,UAAU,GAAG,YAAY,CAAC,aAAa,CAAC,CAAC;IAC/C,OAAO,MAAM,CAAC,oBAAoB,CAChC,UAAU,EACV,OAAO,CAAC,SAAS,EACjB,OAAO,CAAC,UAAU,CACnB,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,OAAe,EACf,OAAsB;IAEtB,MAAM,MAAM,CAAC,KAAK,CAAC;IACnB,MAAM,MAAM,GAAG,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;IAC1C,MAAM,aAAa,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IAC3C,MAAM,gBAAgB,GAA2B,EAAE,CAAC;IAEpD,KAAK,MAAM,MAAM,IAAI,aAAa,EAAE,CAAC;QACnC,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,MAAM,sBAAsB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7E,CAAC;IAED,OAAO;QACL,KAAK,EAAE;YACL,OAAO;YACP,KAAK,EAAE,CAAC;YACR,OAAO,EAAE,aAAa;YACtB,MAAM;SACP;QACD,OAAO,EAAE;YACP,OAAO;YACP,KAAK,EAAE,CAAC;YACR,OAAO,EAAE,aAAa,CAAC,GAAG,CAAC,YAAY,CAAC;YACxC,gBAAgB;SACjB;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,OAAqB,EACrB,WAAmB,EACnB,gBAAyB;IAEzB,MAAM,aAAa,GAAG,OAAO,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;IAC5D,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,sBAAsB,CAAC,aAAa,EAAE,gBAAgB,CAAC,CAAC;IAC7E,OAAO;QACL,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;QAC3C,MAAM;KACP,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,KAAiB;IACpD,MAAM,MAAM,CAAC,KAAK,CAAC;IACnB,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IACrC,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IACtC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACtD,MAAM,KAAK,GAAG,IAAI,UAAU,CAC1B,OAAO,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,CACzD,CAAC;IACF,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;IACtB,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;IACtC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IAC5D,OAAO,MAAM,CAAC,kBAAkB,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;AAC9C,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,KAAiB,EACjB,QAAgB,EAChB,oBAAgC,EAChC,MAAyB,EACzB,aAGC;IAED,MAAM,MAAM,CAAC,KAAK,CAAC;IACnB,gBAAgB,CACd,sBAAsB,EACtB,oBAAoB,EACpB,MAAM,CAAC,0BAA0B,CAClC,CAAC;IAEF,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,aAAa,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;IAC1D,MAAM,OAAO,GACX,MAAM,KAAK,KAAK;QACd,CAAC,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,aAAa,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC;QACxE,CAAC,CAAC,MAAM,KAAK,QAAQ;YACrB,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAChE,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAEjC,MAAM,MAAM,GAAG,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;IAC1C,MAAM,gBAAgB,GAA2B,EAAE,CAAC;IAEpD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,MAAM,sBAAsB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7E,CAAC;IAED,MAAM,WAAW,GAAG;QAClB,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,KAAK,EAAE,KAAK,CAAC,KAAK,GAAG,CAAC;QACtB,QAAQ;QACR,MAAM;QACN,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;QAClC,gBAAgB;KACjB,CAAC;IACF,MAAM,OAAO,GACX,MAAM,KAAK,QAAQ;QACjB,CAAC,CAAC;YACE,GAAG,WAAW;YACd,gBAAgB,EAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;SACjD;QACH,CAAC,CAAC,WAAW,CAAC;IAElB,MAAM,MAAM,GAAG,4BAA4B,CAAC,OAAO,CAAC,CAAC;IACrD,MAAM,SAAS,GAAG,MAAM,CAAC,oBAAoB,CAC3C,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,EAChC,oBAAoB,CACrB,CAAC;IAEF,OAAO;QACL,MAAM,EAAE;YACN,GAAG,OAAO;YACV,SAAS,EAAE,YAAY,CAAC,SAAS,CAAC;SACnC;QACD,KAAK,EAAE;YACL,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,KAAK,EAAE,KAAK,CAAC,KAAK,GAAG,CAAC;YACtB,OAAO;YACP,MAAM;SACP;KACF,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAC9C,MAAmB,EACnB,mBAA+B;IAE/B,MAAM,MAAM,CAAC,KAAK,CAAC;IACnB,gBAAgB,CACd,qBAAqB,EACrB,mBAAmB,EACnB,MAAM,CAAC,0BAA0B,CAClC,CAAC;IACF,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,EAAE,GAAG,MAAM,CAAC;IACzC,MAAM,QAAQ,GAAG,4BAA4B,CAAC,OAAO,CAAC,CAAC;IACvD,OAAO,MAAM,CAAC,2BAA2B,CACvC,YAAY,CAAC,SAAS,CAAC,EACvB,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,EAClC,mBAAmB,CACpB,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,KAAiB,EACjB,MAAmB,EACnB,WAAmB,EACnB,gBAAyB,EACzB,mBAA+B;IAE/B,IAAI,MAAM,CAAC,OAAO,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChD,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,KAAK,KAAK,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC9C,CAAC;IACD,MAAM,EAAE,GAAG,MAAM,0BAA0B,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;IACzE,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAClD,CAAC;IACD,MAAM,aAAa,GAAG,MAAM,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;IAC3D,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,sBAAsB,CAAC,aAAa,EAAE,gBAAgB,CAAC,CAAC;IAC7E,OAAO;QACL,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;QAC1C,MAAM;KACP,CAAC;AACJ,CAAC"}
package/dist/crypto/key-exchange.d.ts ADDED
@@ -0,0 +1,61 @@
1
+ export type KeyExchangeKeyPair = {
2
+ publicKey: Uint8Array;
3
+ privateKey: Uint8Array;
4
+ };
5
+ export type SessionKeys = {
6
+ rx: Uint8Array;
7
+ tx: Uint8Array;
8
+ };
9
+ /**
10
+ * Generate key pair untuk key exchange (X25519).
11
+ *
12
+ * @returns Public/private key pair.
13
+ */
14
+ export declare function generateKeyExchangeKeyPair(): Promise<KeyExchangeKeyPair>;
15
+ /**
16
+ * Generate public key (X25519) dari private key untuk key exchange.
17
+ *
18
+ * @param privateKey - Private key X25519.
19
+ * @returns Public key X25519.
20
+ */
21
+ export declare function deriveKeyExchangePublicKeyFromPrivateKey(privateKey: Uint8Array): Promise<Uint8Array>;
22
+ /**
23
+ * Rekonstruksi keypair key exchange dari private key (public key akan diderivasi).
24
+ *
25
+ * @param privateKey - Private key X25519.
26
+ * @returns Public/private key pair.
27
+ */
28
+ export declare function keyExchangeKeyPairFromPrivateKey(privateKey: Uint8Array): Promise<KeyExchangeKeyPair>;
29
+ /**
30
+ * Derivasi session keys untuk sisi client.
31
+ *
32
+ * @param clientKeyPair - Key pair client.
33
+ * @param serverPublicKey - Public key server.
34
+ * @returns Session keys { rx, tx }.
35
+ */
36
+ export declare function deriveClientSessionKeys(clientKeyPair: KeyExchangeKeyPair, serverPublicKey: Uint8Array): Promise<SessionKeys>;
37
+ /**
38
+ * Derivasi session keys untuk sisi server.
39
+ *
40
+ * @param serverKeyPair - Key pair server.
41
+ * @param clientPublicKey - Public key client.
42
+ * @returns Session keys { rx, tx }.
43
+ */
44
+ export declare function deriveServerSessionKeys(serverKeyPair: KeyExchangeKeyPair, clientPublicKey: Uint8Array): Promise<SessionKeys>;
45
+ /**
46
+ * Enkripsi sealed box ke penerima menggunakan public key (tanpa keypair pengirim).
47
+ *
48
+ * @param message - Plaintext.
49
+ * @param recipientPublicKey - Public key penerima.
50
+ * @returns Ciphertext.
51
+ */
52
+ export declare function encryptSealedBox(message: Uint8Array, recipientPublicKey: Uint8Array): Promise<Uint8Array>;
53
+ /**
54
+ * Dekripsi sealed box menggunakan keypair penerima.
55
+ *
56
+ * @param ciphertext - Ciphertext.
57
+ * @param recipientKeyPair - Key pair penerima.
58
+ * @returns Plaintext.
59
+ */
60
+ export declare function decryptSealedBox(ciphertext: Uint8Array, recipientKeyPair: KeyExchangeKeyPair): Promise<Uint8Array>;
61
+ //# sourceMappingURL=key-exchange.d.ts.map
package/dist/crypto/key-exchange.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"key-exchange.d.ts","sourceRoot":"","sources":["../../src/crypto/key-exchange.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,kBAAkB,GAAG;IAC/B,SAAS,EAAE,UAAU,CAAC;IACtB,UAAU,EAAE,UAAU,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,EAAE,EAAE,UAAU,CAAC;IACf,EAAE,EAAE,UAAU,CAAC;CAChB,CAAC;AAEF;;;;GAIG;AACH,wBAAsB,0BAA0B,IAAI,OAAO,CAAC,kBAAkB,CAAC,CAI9E;AAED;;;;;GAKG;AACH,wBAAsB,wCAAwC,CAC5D,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,UAAU,CAAC,CAQrB;AAED;;;;;GAKG;AACH,wBAAsB,gCAAgC,CACpD,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,kBAAkB,CAAC,CAG7B;AAED;;;;;;GAMG;AACH,wBAAsB,uBAAuB,CAC3C,aAAa,EAAE,kBAAkB,EACjC,eAAe,EAAE,UAAU,GAC1B,OAAO,CAAC,WAAW,CAAC,CAuBtB;AAED;;;;;;GAMG;AACH,wBAAsB,uBAAuB,CAC3C,aAAa,EAAE,kBAAkB,EACjC,eAAe,EAAE,UAAU,GAC1B,OAAO,CAAC,WAAW,CAAC,CAuBtB;AAED;;;;;;GAMG;AACH,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,UAAU,EACnB,kBAAkB,EAAE,UAAU,GAC7B,OAAO,CAAC,UAAU,CAAC,CAQrB;AAED;;;;;;GAMG;AACH,wBAAsB,gBAAgB,CACpC,UAAU,EAAE,UAAU,EACtB,gBAAgB,EAAE,kBAAkB,GACnC,OAAO,CAAC,UAAU,CAAC,CAiBrB"}
package/dist/crypto/key-exchange.js ADDED
@@ -0,0 +1,89 @@
1
+ import sodium from "libsodium-wrappers-sumo";
2
+ import { assertByteLength } from "../utils/bytes.js";
3
+ /**
4
+ * Generate key pair untuk key exchange (X25519).
5
+ *
6
+ * @returns Public/private key pair.
7
+ */
8
+ export async function generateKeyExchangeKeyPair() {
9
+ await sodium.ready;
10
+ const { publicKey, privateKey } = sodium.crypto_kx_keypair();
11
+ return { publicKey, privateKey };
12
+ }
13
+ /**
14
+ * Generate public key (X25519) dari private key untuk key exchange.
15
+ *
16
+ * @param privateKey - Private key X25519.
17
+ * @returns Public key X25519.
18
+ */
19
+ export async function deriveKeyExchangePublicKeyFromPrivateKey(privateKey) {
20
+ await sodium.ready;
21
+ assertByteLength("privateKey", privateKey, sodium.crypto_kx_SECRETKEYBYTES);
22
+ return sodium.crypto_scalarmult_base(privateKey);
23
+ }
24
+ /**
25
+ * Rekonstruksi keypair key exchange dari private key (public key akan diderivasi).
26
+ *
27
+ * @param privateKey - Private key X25519.
28
+ * @returns Public/private key pair.
29
+ */
30
+ export async function keyExchangeKeyPairFromPrivateKey(privateKey) {
31
+ const publicKey = await deriveKeyExchangePublicKeyFromPrivateKey(privateKey);
32
+ return { publicKey, privateKey };
33
+ }
34
+ /**
35
+ * Derivasi session keys untuk sisi client.
36
+ *
37
+ * @param clientKeyPair - Key pair client.
38
+ * @param serverPublicKey - Public key server.
39
+ * @returns Session keys { rx, tx }.
40
+ */
41
+ export async function deriveClientSessionKeys(clientKeyPair, serverPublicKey) {
42
+ await sodium.ready;
43
+ assertByteLength("clientPublicKey", clientKeyPair.publicKey, sodium.crypto_kx_PUBLICKEYBYTES);
44
+ assertByteLength("clientPrivateKey", clientKeyPair.privateKey, sodium.crypto_kx_SECRETKEYBYTES);
45
+ assertByteLength("serverPublicKey", serverPublicKey, sodium.crypto_kx_PUBLICKEYBYTES);
46
+ const { sharedRx, sharedTx } = sodium.crypto_kx_client_session_keys(clientKeyPair.publicKey, clientKeyPair.privateKey, serverPublicKey);
47
+ return { rx: sharedRx, tx: sharedTx };
48
+ }
49
+ /**
50
+ * Derivasi session keys untuk sisi server.
51
+ *
52
+ * @param serverKeyPair - Key pair server.
53
+ * @param clientPublicKey - Public key client.
54
+ * @returns Session keys { rx, tx }.
55
+ */
56
+ export async function deriveServerSessionKeys(serverKeyPair, clientPublicKey) {
57
+ await sodium.ready;
58
+ assertByteLength("serverPublicKey", serverKeyPair.publicKey, sodium.crypto_kx_PUBLICKEYBYTES);
59
+ assertByteLength("serverPrivateKey", serverKeyPair.privateKey, sodium.crypto_kx_SECRETKEYBYTES);
60
+ assertByteLength("clientPublicKey", clientPublicKey, sodium.crypto_kx_PUBLICKEYBYTES);
61
+ const { sharedRx, sharedTx } = sodium.crypto_kx_server_session_keys(serverKeyPair.publicKey, serverKeyPair.privateKey, clientPublicKey);
62
+ return { rx: sharedRx, tx: sharedTx };
63
+ }
64
+ /**
65
+ * Enkripsi sealed box ke penerima menggunakan public key (tanpa keypair pengirim).
66
+ *
67
+ * @param message - Plaintext.
68
+ * @param recipientPublicKey - Public key penerima.
69
+ * @returns Ciphertext.
70
+ */
71
+ export async function encryptSealedBox(message, recipientPublicKey) {
72
+ await sodium.ready;
73
+ assertByteLength("recipientPublicKey", recipientPublicKey, sodium.crypto_box_PUBLICKEYBYTES);
74
+ return sodium.crypto_box_seal(message, recipientPublicKey);
75
+ }
76
+ /**
77
+ * Dekripsi sealed box menggunakan keypair penerima.
78
+ *
79
+ * @param ciphertext - Ciphertext.
80
+ * @param recipientKeyPair - Key pair penerima.
81
+ * @returns Plaintext.
82
+ */
83
+ export async function decryptSealedBox(ciphertext, recipientKeyPair) {
84
+ await sodium.ready;
85
+ assertByteLength("recipientPublicKey", recipientKeyPair.publicKey, sodium.crypto_box_PUBLICKEYBYTES);
86
+ assertByteLength("recipientPrivateKey", recipientKeyPair.privateKey, sodium.crypto_box_SECRETKEYBYTES);
87
+ return sodium.crypto_box_seal_open(ciphertext, recipientKeyPair.publicKey, recipientKeyPair.privateKey);
88
+ }
89
+ //# sourceMappingURL=key-exchange.js.map
package/dist/crypto/key-exchange.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"key-exchange.js","sourceRoot":"","sources":["../../src/crypto/key-exchange.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,yBAAyB,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAYrD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B;IAC9C,MAAM,MAAM,CAAC,KAAK,CAAC;IACnB,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,CAAC,iBAAiB,EAAE,CAAC;IAC7D,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;AACnC,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,wCAAwC,CAC5D,UAAsB;IAEtB,MAAM,MAAM,CAAC,KAAK,CAAC;IACnB,gBAAgB,CACd,YAAY,EACZ,UAAU,EACV,MAAM,CAAC,wBAAwB,CAChC,CAAC;IACF,OAAO,MAAM,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAC;AACnD,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,gCAAgC,CACpD,UAAsB;IAEtB,MAAM,SAAS,GAAG,MAAM,wCAAwC,CAAC,UAAU,CAAC,CAAC;IAC7E,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;AACnC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,aAAiC,EACjC,eAA2B;IAE3B,MAAM,MAAM,CAAC,KAAK,CAAC;IACnB,gBAAgB,CACd,iBAAiB,EACjB,aAAa,CAAC,SAAS,EACvB,MAAM,CAAC,wBAAwB,CAChC,CAAC;IACF,gBAAgB,CACd,kBAAkB,EAClB,aAAa,CAAC,UAAU,EACxB,MAAM,CAAC,wBAAwB,CAChC,CAAC;IACF,gBAAgB,CACd,iBAAiB,EACjB,eAAe,EACf,MAAM,CAAC,wBAAwB,CAChC,CAAC;IACF,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC,6BAA6B,CACjE,aAAa,CAAC,SAAS,EACvB,aAAa,CAAC,UAAU,EACxB,eAAe,CAChB,CAAC;IACF,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC;AACxC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,aAAiC,EACjC,eAA2B;IAE3B,MAAM,MAAM,CAAC,KAAK,CAAC;IACnB,gBAAgB,CACd,iBAAiB,EACjB,aAAa,CAAC,SAAS,EACvB,MAAM,CAAC,wBAAwB,CAChC,CAAC;IACF,gBAAgB,CACd,kBAAkB,EAClB,aAAa,CAAC,UAAU,EACxB,MAAM,CAAC,wBAAwB,CAChC,CAAC;IACF,gBAAgB,CACd,iBAAiB,EACjB,eAAe,EACf,MAAM,CAAC,wBAAwB,CAChC,CAAC;IACF,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC,6BAA6B,CACjE,aAAa,CAAC,SAAS,EACvB,aAAa,CAAC,UAAU,EACxB,eAAe,CAChB,CAAC;IACF,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC;AACxC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,OAAmB,EACnB,kBAA8B;IAE9B,MAAM,MAAM,CAAC,KAAK,CAAC;IACnB,gBAAgB,CACd,oBAAoB,EACpB,kBAAkB,EAClB,MAAM,CAAC,yBAAyB,CACjC,CAAC;IACF,OAAO,MAAM,CAAC,eAAe,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;AAC7D,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,UAAsB,EACtB,gBAAoC;IAEpC,MAAM,MAAM,CAAC,KAAK,CAAC;IACnB,gBAAgB,CACd,oBAAoB,EACpB,gBAAgB,CAAC,SAAS,EAC1B,MAAM,CAAC,yBAAyB,CACjC,CAAC;IACF,gBAAgB,CACd,qBAAqB,EACrB,gBAAgB,CAAC,UAAU,EAC3B,MAAM,CAAC,yBAAyB,CACjC,CAAC;IACF,OAAO,MAAM,CAAC,oBAAoB,CAChC,UAAU,EACV,gBAAgB,CAAC,SAAS,EAC1B,gBAAgB,CAAC,UAAU,CAC5B,CAAC;AACJ,CAAC"}
package/dist/crypto/signature.d.ts ADDED
@@ -0,0 +1,55 @@
1
+ export type SigningKeyPair = {
2
+ publicKey: Uint8Array;
3
+ privateKey: Uint8Array;
4
+ };
5
+ export type SignedMessageV1 = {
6
+ v: 1;
7
+ nonce: string;
8
+ ts: number;
9
+ message: string;
10
+ signature: string;
11
+ };
12
+ /**
13
+ * Generate key pair untuk tanda tangan (Ed25519).
14
+ *
15
+ * @returns Public/private key pair.
16
+ */
17
+ export declare function generateSigningKeyPair(): Promise<SigningKeyPair>;
18
+ /**
19
+ * Buat signature detached untuk message.
20
+ *
21
+ * @param message - Data input.
22
+ * @param privateKey - Private key Ed25519.
23
+ * @returns Signature.
24
+ */
25
+ export declare function signMessage(message: Uint8Array, privateKey: Uint8Array): Promise<Uint8Array>;
26
+ /**
27
+ * Verifikasi signature untuk message.
28
+ *
29
+ * @param message - Data input.
30
+ * @param signature - Signature detached.
31
+ * @param publicKey - Public key Ed25519.
32
+ * @returns True jika valid.
33
+ */
34
+ export declare function verifySignature(message: Uint8Array, signature: Uint8Array, publicKey: Uint8Array): Promise<boolean>;
35
+ /**
36
+ * Buat signature dengan nonce/timestamp untuk anti‑replay.
37
+ *
38
+ * @param message - Data input.
39
+ * @param privateKey - Private key Ed25519.
40
+ * @param opts - Opsi nonce/timestamp.
41
+ * @returns Payload signature terstruktur.
42
+ */
43
+ export declare function signMessageWithNonce(message: Uint8Array, privateKey: Uint8Array, opts?: {
44
+ nonce?: Uint8Array;
45
+ timestampMs?: number;
46
+ }): Promise<SignedMessageV1>;
47
+ /**
48
+ * Verifikasi payload signature anti‑replay.
49
+ *
50
+ * @param payload - Payload signature.
51
+ * @param publicKey - Public key Ed25519.
52
+ * @returns True jika valid.
53
+ */
54
+ export declare function verifySignedMessage(payload: SignedMessageV1, publicKey: Uint8Array): Promise<boolean>;
55
+ //# sourceMappingURL=signature.d.ts.map
package/dist/crypto/signature.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"signature.d.ts","sourceRoot":"","sources":["../../src/crypto/signature.ts"],"names":[],"mappings":"AAIA,MAAM,MAAM,cAAc,GAAG;IAC3B,SAAS,EAAE,UAAU,CAAC;IACtB,UAAU,EAAE,UAAU,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG;IAC5B,CAAC,EAAE,CAAC,CAAC;IACL,KAAK,EAAE,MAAM,CAAC;IACd,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAaF;;;;GAIG;AACH,wBAAsB,sBAAsB,IAAI,OAAO,CAAC,cAAc,CAAC,CAItE;AAED;;;;;;GAMG;AACH,wBAAsB,WAAW,CAC/B,OAAO,EAAE,UAAU,EACnB,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,UAAU,CAAC,CAQrB;AAED;;;;;;;GAOG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,UAAU,EACrB,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,OAAO,CAAC,CAQlB;AAED;;;;;;;GAOG;AACH,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,UAAU,EACnB,UAAU,EAAE,UAAU,EACtB,IAAI,CAAC,EAAE;IAAE,KAAK,CAAC,EAAE,UAAU,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAA;CAAE,GAClD,OAAO,CAAC,eAAe,CAAC,CA4B1B;AAED;;;;;;GAMG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,eAAe,EACxB,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,OAAO,CAAC,CAqBlB"}
package/dist/crypto/signature.js ADDED
@@ -0,0 +1,95 @@
1
+ import sodium from "libsodium-wrappers-sumo";
2
+ import { assertByteLength } from "../utils/bytes.js";
3
+ import { decodeBase64, encodeBase64 } from "../utils/encoding.js";
4
+ const SIGNED_NONCE_BYTES = 24;
5
+ function canonicalizeSignedPayload(payload) {
6
+ return JSON.stringify({
7
+ v: payload.v,
8
+ nonce: payload.nonce,
9
+ ts: payload.ts,
10
+ message: payload.message,
11
+ });
12
+ }
13
+ /**
14
+ * Generate key pair untuk tanda tangan (Ed25519).
15
+ *
16
+ * @returns Public/private key pair.
17
+ */
18
+ export async function generateSigningKeyPair() {
19
+ await sodium.ready;
20
+ const { publicKey, privateKey } = sodium.crypto_sign_keypair();
21
+ return { publicKey, privateKey };
22
+ }
23
+ /**
24
+ * Buat signature detached untuk message.
25
+ *
26
+ * @param message - Data input.
27
+ * @param privateKey - Private key Ed25519.
28
+ * @returns Signature.
29
+ */
30
+ export async function signMessage(message, privateKey) {
31
+ await sodium.ready;
32
+ assertByteLength("privateKey", privateKey, sodium.crypto_sign_SECRETKEYBYTES);
33
+ return sodium.crypto_sign_detached(message, privateKey);
34
+ }
35
+ /**
36
+ * Verifikasi signature untuk message.
37
+ *
38
+ * @param message - Data input.
39
+ * @param signature - Signature detached.
40
+ * @param publicKey - Public key Ed25519.
41
+ * @returns True jika valid.
42
+ */
43
+ export async function verifySignature(message, signature, publicKey) {
44
+ await sodium.ready;
45
+ assertByteLength("publicKey", publicKey, sodium.crypto_sign_PUBLICKEYBYTES);
46
+ return sodium.crypto_sign_verify_detached(signature, message, publicKey);
47
+ }
48
+ /**
49
+ * Buat signature dengan nonce/timestamp untuk anti‑replay.
50
+ *
51
+ * @param message - Data input.
52
+ * @param privateKey - Private key Ed25519.
53
+ * @param opts - Opsi nonce/timestamp.
54
+ * @returns Payload signature terstruktur.
55
+ */
56
+ export async function signMessageWithNonce(message, privateKey, opts) {
57
+ await sodium.ready;
58
+ assertByteLength("privateKey", privateKey, sodium.crypto_sign_SECRETKEYBYTES);
59
+ const nonce = opts?.nonce ?? sodium.randombytes_buf(SIGNED_NONCE_BYTES);
60
+ assertByteLength("nonce", nonce, SIGNED_NONCE_BYTES);
61
+ const payload = {
62
+ v: 1,
63
+ nonce: encodeBase64(nonce),
64
+ ts: opts?.timestampMs ?? Date.now(),
65
+ message: encodeBase64(message),
66
+ };
67
+ const toSign = canonicalizeSignedPayload(payload);
68
+ const signature = sodium.crypto_sign_detached(new TextEncoder().encode(toSign), privateKey);
69
+ return {
70
+ ...payload,
71
+ signature: encodeBase64(signature),
72
+ };
73
+ }
74
+ /**
75
+ * Verifikasi payload signature anti‑replay.
76
+ *
77
+ * @param payload - Payload signature.
78
+ * @param publicKey - Public key Ed25519.
79
+ * @returns True jika valid.
80
+ */
81
+ export async function verifySignedMessage(payload, publicKey) {
82
+ await sodium.ready;
83
+ assertByteLength("publicKey", publicKey, sodium.crypto_sign_PUBLICKEYBYTES);
84
+ const nonce = decodeBase64(payload.nonce);
85
+ assertByteLength("nonce", nonce, SIGNED_NONCE_BYTES);
86
+ const signature = decodeBase64(payload.signature);
87
+ const toVerify = canonicalizeSignedPayload({
88
+ v: payload.v,
89
+ nonce: payload.nonce,
90
+ ts: payload.ts,
91
+ message: payload.message,
92
+ });
93
+ return sodium.crypto_sign_verify_detached(signature, new TextEncoder().encode(toVerify), publicKey);
94
+ }
95
+ //# sourceMappingURL=signature.js.map
package/dist/crypto/signature.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"signature.js","sourceRoot":"","sources":["../../src/crypto/signature.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,yBAAyB,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAelE,MAAM,kBAAkB,GAAG,EAAE,CAAC;AAE9B,SAAS,yBAAyB,CAAC,OAA2C;IAC5E,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,CAAC,EAAE,OAAO,CAAC,CAAC;QACZ,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,OAAO,EAAE,OAAO,CAAC,OAAO;KACzB,CAAC,CAAC;AACL,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB;IAC1C,MAAM,MAAM,CAAC,KAAK,CAAC;IACnB,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,CAAC,mBAAmB,EAAE,CAAC;IAC/D,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;AACnC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,OAAmB,EACnB,UAAsB;IAEtB,MAAM,MAAM,CAAC,KAAK,CAAC;IACnB,gBAAgB,CACd,YAAY,EACZ,UAAU,EACV,MAAM,CAAC,0BAA0B,CAClC,CAAC;IACF,OAAO,MAAM,CAAC,oBAAoB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;AAC1D,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAAmB,EACnB,SAAqB,EACrB,SAAqB;IAErB,MAAM,MAAM,CAAC,KAAK,CAAC;IACnB,gBAAgB,CACd,WAAW,EACX,SAAS,EACT,MAAM,CAAC,0BAA0B,CAClC,CAAC;IACF,OAAO,MAAM,CAAC,2BAA2B,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;AAC3E,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,OAAmB,EACnB,UAAsB,EACtB,IAAmD;IAEnD,MAAM,MAAM,CAAC,KAAK,CAAC;IACnB,gBAAgB,CACd,YAAY,EACZ,UAAU,EACV,MAAM,CAAC,0BAA0B,CAClC,CAAC;IAEF,MAAM,KAAK,GAAG,IAAI,EAAE,KAAK,IAAI,MAAM,CAAC,eAAe,CAAC,kBAAkB,CAAC,CAAC;IACxE,gBAAgB,CAAC,OAAO,EAAE,KAAK,EAAE,kBAAkB,CAAC,CAAC;IAErD,MAAM,OAAO,GAAuC;QAClD,CAAC,EAAE,CAAC;QACJ,KAAK,EAAE,YAAY,CAAC,KAAK,CAAC;QAC1B,EAAE,EAAE,IAAI,EAAE,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE;QACnC,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC;KAC/B,CAAC;IAEF,MAAM,MAAM,GAAG,yBAAyB,CAAC,OAAO,CAAC,CAAC;IAClD,MAAM,SAAS,GAAG,MAAM,CAAC,oBAAoB,CAC3C,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,EAChC,UAAU,CACX,CAAC;IAEF,OAAO;QACL,GAAG,OAAO;QACV,SAAS,EAAE,YAAY,CAAC,SAAS,CAAC;KACnC,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,OAAwB,EACxB,SAAqB;IAErB,MAAM,MAAM,CAAC,KAAK,CAAC;IACnB,gBAAgB,CACd,WAAW,EACX,SAAS,EACT,MAAM,CAAC,0BAA0B,CAClC,CAAC;IACF,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC1C,gBAAgB,CAAC,OAAO,EAAE,KAAK,EAAE,kBAAkB,CAAC,CAAC;IACrD,MAAM,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAClD,MAAM,QAAQ,GAAG,yBAAyB,CAAC;QACzC,CAAC,EAAE,OAAO,CAAC,CAAC;QACZ,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,OAAO,EAAE,OAAO,CAAC,OAAO;KACzB,CAAC,CAAC;IACH,OAAO,MAAM,CAAC,2BAA2B,CACvC,SAAS,EACT,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,EAClC,SAAS,CACV,CAAC;AACJ,CAAC"}
package/dist/index.d.ts CHANGED
@@ -2,6 +2,13 @@ export type { AeadEnvelopeV1, PasswordKdfParamsV1, PasswordWrappedKeyV1 } from "
2
2
  export { generateFileKey, wrapFileKeyWithMasterKey, unwrapFileKeyWithMasterKey, encryptFileData, decryptFileData, } from "./crypto/file-encryption.js";
3
3
  export { generateMasterKey, generateMasterKeyWithPassword, wrapMasterKeyWithPassword, unwrapMasterKeyWithPassword, } from "./crypto/master-key.js";
4
4
  export { generateRecoveryKey, wrapMasterKeyWithRecoveryKey, unwrapMasterKeyWithRecoveryKey, wrapRecoveryKeyWithMasterKey, unwrapRecoveryKeyWithMasterKey, } from "./crypto/recovery-key.js";
5
+ export type { KeyExchangeKeyPair, SessionKeys } from "./crypto/key-exchange.js";
6
+ export { generateKeyExchangeKeyPair, deriveKeyExchangePublicKeyFromPrivateKey, keyExchangeKeyPairFromPrivateKey, deriveClientSessionKeys, deriveServerSessionKeys, encryptSealedBox, decryptSealedBox, } from "./crypto/key-exchange.js";
7
+ export type { SigningKeyPair } from "./crypto/signature.js";
8
+ export { generateSigningKeyPair, signMessage, signMessageWithNonce, verifySignature, verifySignedMessage, } from "./crypto/signature.js";
9
+ export type { SignedMessageV1 } from "./crypto/signature.js";
10
+ export type { GroupMember, GroupMemberWire, GroupState, GroupWelcome, GroupCommit, GroupCommitAction, } from "./crypto/group.js";
11
+ export { createGroupState, openGroupWelcome, deriveGroupKey, createGroupCommit, verifyGroupCommitSignature, applyGroupCommit, } from "./crypto/group.js";
5
12
  export type { PasswordKdfOptions } from "./crypto/password-kdf.js";
6
13
  export { deriveKeyFromPassword, wrapKeyWithPassword, unwrapKeyWithPassword, } from "./crypto/password-kdf.js";
7
14
  export { encodeBase64, decodeBase64 } from "./utils/encoding.js";
package/dist/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,cAAc,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAE5F,OAAO,EACL,eAAe,EACf,wBAAwB,EACxB,0BAA0B,EAC1B,eAAe,EACf,eAAe,GAChB,MAAM,6BAA6B,CAAC;AAErC,OAAO,EACL,iBAAiB,EACjB,6BAA6B,EAC7B,yBAAyB,EACzB,2BAA2B,GAC5B,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,mBAAmB,EACnB,4BAA4B,EAC5B,8BAA8B,EAC9B,4BAA4B,EAC5B,8BAA8B,GAC/B,MAAM,0BAA0B,CAAC;AAElC,YAAY,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AACnE,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAEjE,OAAO,EACL,MAAM,EACN,KAAK,IAAI,WAAW,EACpB,cAAc,EACd,YAAY,EACZ,qBAAqB,EACrB,4BAA4B,EAC5B,4BAA4B,EAC5B,gCAAgC,EAChC,gCAAgC,EAChC,kCAAkC,EAClC,QAAQ,EACR,UAAU,EACV,qBAAqB,EACrB,UAAU,EACV,QAAQ,EACR,MAAM,GACP,MAAM,aAAa,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,cAAc,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAE5F,OAAO,EACL,eAAe,EACf,wBAAwB,EACxB,0BAA0B,EAC1B,eAAe,EACf,eAAe,GAChB,MAAM,6BAA6B,CAAC;AAErC,OAAO,EACL,iBAAiB,EACjB,6BAA6B,EAC7B,yBAAyB,EACzB,2BAA2B,GAC5B,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,mBAAmB,EACnB,4BAA4B,EAC5B,8BAA8B,EAC9B,4BAA4B,EAC5B,8BAA8B,GAC/B,MAAM,0BAA0B,CAAC;AAElC,YAAY,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAChF,OAAO,EACL,0BAA0B,EAC1B,wCAAwC,EACxC,gCAAgC,EAChC,uBAAuB,EACvB,uBAAuB,EACvB,gBAAgB,EAChB,gBAAgB,GACjB,MAAM,0BAA0B,CAAC;AAElC,YAAY,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EACL,sBAAsB,EACtB,WAAW,EACX,oBAAoB,EACpB,eAAe,EACf,mBAAmB,GACpB,MAAM,uBAAuB,CAAC;AAE/B,YAAY,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAE7D,YAAY,EACV,WAAW,EACX,eAAe,EACf,UAAU,EACV,YAAY,EACZ,WAAW,EACX,iBAAiB,GAClB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,cAAc,EACd,iBAAiB,EACjB,0BAA0B,EAC1B,gBAAgB,GACjB,MAAM,mBAAmB,CAAC;AAE3B,YAAY,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AACnE,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAEjE,OAAO,EACL,MAAM,EACN,KAAK,IAAI,WAAW,EACpB,cAAc,EACd,YAAY,EACZ,qBAAqB,EACrB,4BAA4B,EAC5B,4BAA4B,EAC5B,gCAAgC,EAChC,gCAAgC,EAChC,kCAAkC,EAClC,QAAQ,EACR,UAAU,EACV,qBAAqB,EACrB,UAAU,EACV,QAAQ,EACR,MAAM,GACP,MAAM,aAAa,CAAC"}
package/dist/index.js CHANGED
@@ -1,6 +1,9 @@
1
1
  export { generateFileKey, wrapFileKeyWithMasterKey, unwrapFileKeyWithMasterKey, encryptFileData, decryptFileData, } from "./crypto/file-encryption.js";
2
2
  export { generateMasterKey, generateMasterKeyWithPassword, wrapMasterKeyWithPassword, unwrapMasterKeyWithPassword, } from "./crypto/master-key.js";
3
3
  export { generateRecoveryKey, wrapMasterKeyWithRecoveryKey, unwrapMasterKeyWithRecoveryKey, wrapRecoveryKeyWithMasterKey, unwrapRecoveryKeyWithMasterKey, } from "./crypto/recovery-key.js";
4
+ export { generateKeyExchangeKeyPair, deriveKeyExchangePublicKeyFromPrivateKey, keyExchangeKeyPairFromPrivateKey, deriveClientSessionKeys, deriveServerSessionKeys, encryptSealedBox, decryptSealedBox, } from "./crypto/key-exchange.js";
5
+ export { generateSigningKeyPair, signMessage, signMessageWithNonce, verifySignature, verifySignedMessage, } from "./crypto/signature.js";
6
+ export { createGroupState, openGroupWelcome, deriveGroupKey, createGroupCommit, verifyGroupCommitSignature, applyGroupCommit, } from "./crypto/group.js";
4
7
  export { deriveKeyFromPassword, wrapKeyWithPassword, unwrapKeyWithPassword, } from "./crypto/password-kdf.js";
5
8
  export { encodeBase64, decodeBase64 } from "./utils/encoding.js";
6
9
  export { sodium, ready as sodiumReady, randombytesBuf, cryptoPwhash, cryptoPwhashSaltBytes, cryptoPwhashOpslimitModerate, cryptoPwhashMemlimitModerate, aeadXChaCha20Poly1305IetfEncrypt, aeadXChaCha20Poly1305IetfDecrypt, aeadXChaCha20Poly1305IetfNpubBytes, toBase64, fromBase64, base64VariantOriginal, fromString, toString, memcmp, } from "./sodium.js";
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,eAAe,EACf,wBAAwB,EACxB,0BAA0B,EAC1B,eAAe,EACf,eAAe,GAChB,MAAM,6BAA6B,CAAC;AAErC,OAAO,EACL,iBAAiB,EACjB,6BAA6B,EAC7B,yBAAyB,EACzB,2BAA2B,GAC5B,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,mBAAmB,EACnB,4BAA4B,EAC5B,8BAA8B,EAC9B,4BAA4B,EAC5B,8BAA8B,GAC/B,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAEjE,OAAO,EACL,MAAM,EACN,KAAK,IAAI,WAAW,EACpB,cAAc,EACd,YAAY,EACZ,qBAAqB,EACrB,4BAA4B,EAC5B,4BAA4B,EAC5B,gCAAgC,EAChC,gCAAgC,EAChC,kCAAkC,EAClC,QAAQ,EACR,UAAU,EACV,qBAAqB,EACrB,UAAU,EACV,QAAQ,EACR,MAAM,GACP,MAAM,aAAa,CAAC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,eAAe,EACf,wBAAwB,EACxB,0BAA0B,EAC1B,eAAe,EACf,eAAe,GAChB,MAAM,6BAA6B,CAAC;AAErC,OAAO,EACL,iBAAiB,EACjB,6BAA6B,EAC7B,yBAAyB,EACzB,2BAA2B,GAC5B,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,mBAAmB,EACnB,4BAA4B,EAC5B,8BAA8B,EAC9B,4BAA4B,EAC5B,8BAA8B,GAC/B,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EACL,0BAA0B,EAC1B,wCAAwC,EACxC,gCAAgC,EAChC,uBAAuB,EACvB,uBAAuB,EACvB,gBAAgB,EAChB,gBAAgB,GACjB,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EACL,sBAAsB,EACtB,WAAW,EACX,oBAAoB,EACpB,eAAe,EACf,mBAAmB,GACpB,MAAM,uBAAuB,CAAC;AAY/B,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,cAAc,EACd,iBAAiB,EACjB,0BAA0B,EAC1B,gBAAgB,GACjB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAEjE,OAAO,EACL,MAAM,EACN,KAAK,IAAI,WAAW,EACpB,cAAc,EACd,YAAY,EACZ,qBAAqB,EACrB,4BAA4B,EAC5B,4BAA4B,EAC5B,gCAAgC,EAChC,gCAAgC,EAChC,kCAAkC,EAClC,QAAQ,EACR,UAAU,EACV,qBAAqB,EACrB,UAAU,EACV,QAAQ,EACR,MAAM,GACP,MAAM,aAAa,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@nexwage/crypto",
3
- "version": "0.1.1",
3
+ "version": "0.1.2",
4
4
  "description": "Minimal crypto building blocks using libsodium (XChaCha20-Poly1305 + Argon2).",
5
5
  "main": "./dist/index.js",
6
6
  "types": "./dist/index.d.ts",