npm - @nice-code/util - Versions diffs - 0.6.0 → 0.6.1 - Mend

@nice-code/util 0.6.0 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/build/index.js +60 -0
package/build/types/crypto/aes_gcm/decryptBytesWithAesGcmKey.d.ts +9 -0
package/build/types/crypto/aes_gcm/encryptBytesWithAesGcmKey.d.ts +10 -0
package/build/types/crypto/client_key_link/ClientCryptoKeyLink.d.ts +15 -1
package/build/types/crypto/crypto.schema.d.ts +9 -0
package/build/types/crypto/index.d.ts +3 -0
package/build/types/index.d.ts +1 -0
package/package.json +1 -1

package/build/index.js CHANGED Viewed

@@ -35,6 +35,14 @@ var createAesGcmKeyFromX25519Keys = async ({
     info
   }, ikm, { name: "AES-GCM", length: 256 }, false, ["encrypt", "decrypt"]);
 };
+// src/crypto/aes_gcm/decryptBytesWithAesGcmKey.ts
+var decryptBytesWithAesGcmKey = async ({
+  aesGcmKey,
+  dataToDecrypt
+}) => {
+  const decryptedData = await crypto.subtle.decrypt({ name: "AES-GCM", iv: new Uint8Array(dataToDecrypt.nonce) }, aesGcmKey, new Uint8Array(dataToDecrypt.ciphertext));
+  return new Uint8Array(decryptedData);
+};
 // src/crypto/aes_gcm/decryptTextDataWithAesGcmKey.ts
 import { base64 } from "@scure/base";
 var decryptTextDataWithAesGcmKey = async ({
@@ -47,6 +55,15 @@ var decryptTextDataWithAesGcmKey = async ({
   }, aesGcmKey, new Uint8Array(base64.decode(dataToDecrypt.ciphertext)));
   return new TextDecoder().decode(decryptedData);
 };
+// src/crypto/aes_gcm/encryptBytesWithAesGcmKey.ts
+var encryptBytesWithAesGcmKey = async ({
+  aesGcmKey,
+  dataToEncrypt
+}) => {
+  const nonce = crypto.getRandomValues(new Uint8Array(12));
+  const encryptedData = await crypto.subtle.encrypt({ name: "AES-GCM", iv: nonce }, aesGcmKey, new Uint8Array(dataToEncrypt));
+  return { nonce, ciphertext: new Uint8Array(encryptedData) };
+};
 // src/crypto/aes_gcm/encryptTextDataWithAesGcmKey.ts
 import { base64 as base642 } from "@scure/base";
 var encryptTextDataWithAesGcmKey = async ({
@@ -183,6 +200,16 @@ var vCreateSchema_TypeAndFormatPrefixedDataString = ({
 };
 // src/crypto/crypto.schema.ts
+var ECryptoKeyAlgo;
+((ECryptoKeyAlgo2) => {
+  ECryptoKeyAlgo2["ed25519"] = "ed25519";
+  ECryptoKeyAlgo2["x25519"] = "x25519";
+})(ECryptoKeyAlgo ||= {});
+var ECryptoKeyFormat;
+((ECryptoKeyFormat2) => {
+  ECryptoKeyFormat2["raw_base64"] = "raw_base64";
+  ECryptoKeyFormat2["jwk"] = "jwk";
+})(ECryptoKeyFormat ||= {});
 var vSerializedCryptoKeyDataEd25519_Raw = vCreateSchema_TypeAndFormatPrefixedDataString({
   format: "raw_base64" /* raw_base64 */,
   type: "ed25519" /* ed25519 */,
@@ -719,6 +746,26 @@ class ClientCryptoKeyLink {
       aesGcmKey: key
     });
   }
+  async encryptBytesForLinkedClient({
+    dataToEncrypt,
+    linkedClientId
+  }) {
+    const key = await this.getAesGcmKeyForLinkedClient(linkedClientId);
+    return await encryptBytesWithAesGcmKey({
+      dataToEncrypt,
+      aesGcmKey: key
+    });
+  }
+  async decryptBytesFromLinkedClient({
+    dataToDecrypt,
+    linkedClientId
+  }) {
+    const key = await this.getAesGcmKeyForLinkedClient(linkedClientId);
+    return await decryptBytesWithAesGcmKey({
+      dataToDecrypt,
+      aesGcmKey: key
+    });
+  }
   async signAndEncryptDataForLinkedClient({
     dataToEncrypt,
     linkedClientId
@@ -1011,6 +1058,15 @@ function createTypedMemoryStorage_json(options) {
 }
 export {
   verifyWithKeyEd25519,
+  vVerifyChallengeWithSignature_WithThrow_Input,
+  vVerifyChallengeWithSignature_Input,
+  vSerializedCryptoKeyDataX25519_Raw,
+  vSerializedCryptoKeyDataX25519_Jwk,
+  vSerializedCryptoKeyDataEd25519_Raw,
+  vSerializedCryptoKeyDataEd25519_Jwk,
+  vEncryptedAesGcmPayload,
+  vCryptoKeyPairDataX25519,
+  vCryptoKeyPairDataEd25519,
   signTextDataWithKeyEd25519,
   signCombinedTextDataWithKeyEd25519,
   serializeX25519Key_Raw,
@@ -1022,7 +1078,9 @@ export {
   generateX25519KeyPair,
   generateEd25519KeyPair,
   encryptTextDataWithAesGcmKey,
+  encryptBytesWithAesGcmKey,
   decryptTextDataWithAesGcmKey,
+  decryptBytesWithAesGcmKey,
   createWebSessionStorageMethods,
   createWebSessionStorageAdapter,
   createWebLocalStorageMethods,
@@ -1056,6 +1114,8 @@ export {
   buildVerifyKeyBoundInfoString,
   StorageAdapter,
   EStorageAdapterType,
+  ECryptoKeyFormat,
+  ECryptoKeyAlgo,
   DEFAULT_COMBINED_TEXT_DATA_SEPARATOR,
   ClientCryptoKeyLink
 };

package/build/types/crypto/aes_gcm/decryptBytesWithAesGcmKey.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import type { TEncryptedAesGcmBytes } from "../crypto.schema";
+/**
+ * Decrypts a raw-bytes AES-GCM payload (binary nonce + ciphertext) back to bytes. The counterpart of
+ * {@link decryptTextDataWithAesGcmKey}. AES-GCM verifies integrity, so a tampered ciphertext throws.
+ */
+export declare const decryptBytesWithAesGcmKey: ({ aesGcmKey, dataToDecrypt, }: {
+    aesGcmKey: CryptoKey;
+    dataToDecrypt: TEncryptedAesGcmBytes;
+}) => Promise<Uint8Array>;

package/build/types/crypto/aes_gcm/encryptBytesWithAesGcmKey.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import type { TEncryptedAesGcmBytes } from "../crypto.schema";
+/**
+ * Encrypts raw bytes with an AES-GCM key, returning the binary nonce + ciphertext. The bytes
+ * counterpart of {@link encryptTextDataWithAesGcmKey} — use it for binary channels (msgpack frames)
+ * to avoid base64 inflation. A fresh 12-byte nonce is generated per call (never reuse a nonce).
+ */
+export declare const encryptBytesWithAesGcmKey: ({ aesGcmKey, dataToEncrypt, }: {
+    aesGcmKey: CryptoKey;
+    dataToEncrypt: Uint8Array;
+}) => Promise<TEncryptedAesGcmBytes>;

package/build/types/crypto/client_key_link/ClientCryptoKeyLink.d.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import type { TTypeAndId } from "../../core/core_valibot_schemas";
 import type { StorageAdapter } from "../../storage_adapter/StorageAdapter";
-import type { TEncryptedAesGcmPayload, TSerializedCryptoKeyData_Ed25519_Raw, TSerializedCryptoKeyData_X25519_Raw } from "../crypto.schema";
+import type { TEncryptedAesGcmBytes, TEncryptedAesGcmPayload, TSerializedCryptoKeyData_Ed25519_Raw, TSerializedCryptoKeyData_X25519_Raw } from "../crypto.schema";
 interface IClientCryptoKeyLink_Constructor {
     storageAdapter?: StorageAdapter;
 }
@@ -141,6 +141,20 @@ export declare class ClientCryptoKeyLink {
     private getAesGcmKeyForLinkedClient;
     encryptDataForLinkedClient({ dataToEncrypt, linkedClientId, }: IEncryptDataForLinkedClient): Promise<TEncryptedAesGcmPayload>;
     decryptDataFromLinkedClient({ dataToDecrypt, linkedClientId, }: IDecryptDataFromLinkedClient): Promise<string>;
+    /**
+     * Bytes counterpart of {@link encryptDataForLinkedClient} — encrypts raw bytes with the shared
+     * AES-GCM key, returning a binary nonce + ciphertext. Use it for binary channels (e.g. msgpack
+     * WebSocket frames) to avoid base64 inflation.
+     */
+    encryptBytesForLinkedClient({ dataToEncrypt, linkedClientId, }: {
+        dataToEncrypt: Uint8Array;
+        linkedClientId: TTypeAndId;
+    }): Promise<TEncryptedAesGcmBytes>;
+    /** Bytes counterpart of {@link decryptDataFromLinkedClient}. */
+    decryptBytesFromLinkedClient({ dataToDecrypt, linkedClientId, }: {
+        dataToDecrypt: TEncryptedAesGcmBytes;
+        linkedClientId: TTypeAndId;
+    }): Promise<Uint8Array>;
     signAndEncryptDataForLinkedClient({ dataToEncrypt, linkedClientId, }: IEncryptDataForLinkedClient): Promise<{
         encryptedData: TEncryptedAesGcmPayload;
         signatureBase64: string;

package/build/types/crypto/crypto.schema.d.ts CHANGED Viewed

@@ -67,6 +67,15 @@ export declare const vEncryptedAesGcmPayload: v.ObjectSchema<{
 }, undefined>;
 export type TEncryptedAesGcmPayload = v.InferInput<typeof vEncryptedAesGcmPayload>;
 export type TEncryptedAesGcmPayload_Transformed = v.InferOutput<typeof vEncryptedAesGcmPayload>;
+/**
+ * Raw-bytes counterpart of {@link TEncryptedAesGcmPayload} — keeps `nonce`/`ciphertext` as binary
+ * instead of base64 strings. For binary channels (e.g. msgpack WebSocket frames) this avoids the
+ * ~33% base64 inflation the text payload incurs.
+ */
+export type TEncryptedAesGcmBytes = {
+    nonce: Uint8Array;
+    ciphertext: Uint8Array;
+};
 interface ISerializedKeyData<T, P> {
     transformed: T;
     prefixed: P;

package/build/types/crypto/index.d.ts CHANGED Viewed

@@ -1,9 +1,12 @@
 export * from "./aes_gcm/createAesGcmKeyFromX25519Keys";
+export * from "./aes_gcm/decryptBytesWithAesGcmKey";
 export * from "./aes_gcm/decryptTextDataWithAesGcmKey";
+export * from "./aes_gcm/encryptBytesWithAesGcmKey";
 export * from "./aes_gcm/encryptTextDataWithAesGcmKey";
 export * from "./client_key_link/buildVerifyKeyBoundInfoString";
 export * from "./client_key_link/ClientCryptoKeyLink";
 export * from "./crypto.converters";
+export * from "./crypto.schema";
 export * from "./ed25519/generateEd25519KeyPair";
 export * from "./ed25519/importEd25519Key";
 export * from "./ed25519/serializeEd25519Key_Jwk";

package/build/types/index.d.ts CHANGED Viewed

@@ -1,3 +1,4 @@
+export type { TTypeAndId } from "./core/core_valibot_schemas";
 export * from "./crypto";
 export * from "./storage_adapter/StorageAdapter";
 export * from "./storage_adapter/specific/browser/browser_storage";

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@nice-code/util",
-  "version": "0.6.0",
+  "version": "0.6.1",
   "private": false,
   "type": "module",
   "exports": {