@private.me/xbind 1.2.0

package/dist-standalone/_deps/crypto/tlv.js

@@ -0,0 +1,195 @@
+/**
+ * TLV (Type-Length-Value) serialization for Xail messages.
+ *
+ * Format: [Type: 1 byte][Length: 4 bytes uint32 BE][Value: Length bytes]
+ *
+ * Serialization order: MESSAGE_UUID, SENDER_ID, TIMESTAMP, CONTENT_TYPE,
+ * MESSAGE_BODY, ATTACHMENT(s).
+ *
+ * HMAC key/signature and per-share metadata are NOT in the TLV payload —
+ * they travel in the share envelope.
+ */
+import { ok, err, TLV_TYPE } from"../shared/index.js";
+import { uuidToBytes, bytesToUuid } from './uuid.js';
+const TEXT_ENCODER = new TextEncoder();
+const TEXT_DECODER = new TextDecoder();
+/**
+ * Serialize a XailMessage into a TLV byte stream.
+ *
+ * @param message - Message to serialize
+ * @returns TLV-encoded byte array
+ */
+export function serializeMessage(message) {
+    const parts = [];
+    // MESSAGE_UUID
+    parts.push(encodeTlv(TLV_TYPE.MESSAGE_UUID, uuidToBytes(message.uuid)));
+    // SENDER_ID
+    parts.push(encodeTlv(TLV_TYPE.SENDER_ID, TEXT_ENCODER.encode(message.sender.name)));
+    // SENDER_EMAIL (optional — preserves sender's email across reconstruction)
+    const senderEmail = message.sender.channels[0]?.email;
+    if (senderEmail) {
+        parts.push(encodeTlv(TLV_TYPE.SENDER_EMAIL, TEXT_ENCODER.encode(senderEmail)));
+    }
+    // TIMESTAMP (8 bytes, uint64 big-endian)
+    const tsBuf = new Uint8Array(8);
+    const tsView = new DataView(tsBuf.buffer);
+    // Split into high 32 and low 32 bits
+    tsView.setUint32(0, Math.floor(message.timestamp / 0x100000000));
+    tsView.setUint32(4, message.timestamp >>> 0);
+    parts.push(encodeTlv(TLV_TYPE.TIMESTAMP, tsBuf));
+    // CONTENT_TYPE
+    parts.push(encodeTlv(TLV_TYPE.CONTENT_TYPE, TEXT_ENCODER.encode(message.contentType)));
+    // MESSAGE_SUBJECT (optional)
+    if (message.subject) {
+        parts.push(encodeTlv(TLV_TYPE.MESSAGE_SUBJECT, TEXT_ENCODER.encode(message.subject)));
+    }
+    // MESSAGE_BODY
+    parts.push(encodeTlv(TLV_TYPE.MESSAGE_BODY, TEXT_ENCODER.encode(message.body)));
+    // ATTACHMENTs
+    for (const att of message.attachments) {
+        parts.push(encodeTlv(TLV_TYPE.ATTACHMENT, encodeAttachment(att)));
+    }
+    // Concatenate all parts
+    const totalLen = parts.reduce((sum, p) => sum + p.length, 0);
+    const result = new Uint8Array(totalLen);
+    let offset = 0;
+    for (const part of parts) {
+        result.set(part, offset);
+        offset += part.length;
+    }
+    return result;
+}
+/**
+ * Deserialize a TLV byte stream into a XailMessage.
+ *
+ * @param data - TLV-encoded byte array
+ * @returns Deserialized message, or SerializationError if invalid
+ */
+export function deserializeMessage(data) {
+    let uuid = '';
+    let senderName = '';
+    let senderEmail = '';
+    let subject = '';
+    let timestamp = 0;
+    let contentType = 'text/plain';
+    let body = '';
+    const attachments = [];
+    let offset = 0;
+    while (offset < data.length) {
+        if (offset + 5 > data.length) {
+            return err({ code: 'INVALID_TLV', message: 'Truncated TLV header' });
+        }
+        const type = data[offset];
+        const view = new DataView(data.buffer, data.byteOffset + offset + 1, 4);
+        const length = view.getUint32(0);
+        offset += 5;
+        if (offset + length > data.length) {
+            return err({ code: 'BUFFER_OVERFLOW', message: `TLV value exceeds data length at type 0x${type.toString(16)}` });
+        }
+        const value = data.slice(offset, offset + length);
+        offset += length;
+        switch (type) {
+            case TLV_TYPE.MESSAGE_UUID:
+                if (value.length !== 16) {
+                    return err({ code: 'INVALID_TLV', message: 'UUID must be 16 bytes' });
+                }
+                uuid = bytesToUuid(value);
+                break;
+            case TLV_TYPE.SENDER_ID:
+                senderName = TEXT_DECODER.decode(value);
+                break;
+            case TLV_TYPE.SENDER_EMAIL:
+                senderEmail = TEXT_DECODER.decode(value);
+                break;
+            case TLV_TYPE.TIMESTAMP: {
+                if (value.length !== 8) {
+                    return err({ code: 'INVALID_TLV', message: 'Timestamp must be 8 bytes' });
+                }
+                const tsView = new DataView(value.buffer, value.byteOffset, 8);
+                const hi = tsView.getUint32(0);
+                const lo = tsView.getUint32(4);
+                timestamp = hi * 0x100000000 + lo;
+                break;
+            }
+            case TLV_TYPE.CONTENT_TYPE: {
+                const ct = TEXT_DECODER.decode(value);
+                if (ct === 'text/plain' || ct === 'text/html') {
+                    contentType = ct;
+                }
+                break;
+            }
+            case TLV_TYPE.MESSAGE_SUBJECT:
+                subject = TEXT_DECODER.decode(value);
+                break;
+            case TLV_TYPE.MESSAGE_BODY:
+                body = TEXT_DECODER.decode(value);
+                break;
+            case TLV_TYPE.ATTACHMENT:
+                attachments.push(decodeAttachment(value));
+                break;
+            default:
+                // Unknown type — skip (forward compatibility)
+                break;
+        }
+    }
+    if (!uuid) {
+        return err({ code: 'MISSING_FIELD', message: 'Missing MESSAGE_UUID' });
+    }
+    return ok({
+        uuid,
+        sender: {
+            name: senderName,
+            channels: senderEmail
+                ? [{ provider: 'imap', email: senderEmail }]
+                : [],
+            securityTier: null,
+            isEnterprise: false,
+        },
+        recipients: [],
+        ...(subject ? { subject } : {}),
+        body,
+        contentType,
+        attachments,
+        timestamp,
+        messageType: 'secure',
+    });
+}
+/** Encode a single TLV entry. */
+function encodeTlv(type, value) {
+    const entry = new Uint8Array(5 + value.length);
+    entry[0] = type;
+    const view = new DataView(entry.buffer, 1, 4);
+    view.setUint32(0, value.length);
+    entry.set(value, 5);
+    return entry;
+}
+/**
+ * Encode an attachment: filename (null-terminated, up to 255 bytes) + content.
+ */
+function encodeAttachment(att) {
+    const nameBytes = TEXT_ENCODER.encode(att.filename);
+    const mimeBytes = TEXT_ENCODER.encode(att.mimeType);
+    // Format: [nameLen:1][name][mimeLen:1][mime][data]
+    const result = new Uint8Array(1 + nameBytes.length + 1 + mimeBytes.length + att.data.length);
+    let off = 0;
+    result[off++] = nameBytes.length;
+    result.set(nameBytes, off);
+    off += nameBytes.length;
+    result[off++] = mimeBytes.length;
+    result.set(mimeBytes, off);
+    off += mimeBytes.length;
+    result.set(att.data, off);
+    return result;
+}
+/** Decode an attachment from the encoded format. */
+function decodeAttachment(data) {
+    let off = 0;
+    const nameLen = data[off++];
+    const filename = TEXT_DECODER.decode(data.slice(off, off + nameLen));
+    off += nameLen;
+    const mimeLen = data[off++];
+    const mimeType = TEXT_DECODER.decode(data.slice(off, off + mimeLen));
+    off += mimeLen;
+    const content = data.slice(off);
+    return { filename, mimeType, data: content };
+}

package/dist-standalone/_deps/crypto/uuid.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Generate a RFC 4122 Version 4 UUID (128-bit random).
+ * Uses crypto.randomUUID() when available, otherwise constructs manually
+ * from crypto.getRandomValues() with proper version/variant bits.
+ *
+ * @returns UUID string in standard 8-4-4-4-12 hex format
+ */
+export declare function generateUUID(): string;
+/**
+ * Parse a UUID string into its raw 16 bytes.
+ *
+ * @param uuid - UUID string in 8-4-4-4-12 hex format
+ * @returns 16-byte Uint8Array
+ */
+export declare function uuidToBytes(uuid: string): Uint8Array;
+/**
+ * Convert raw 16 UUID bytes to the standard string format.
+ *
+ * @param bytes - 16-byte Uint8Array
+ * @returns UUID string in 8-4-4-4-12 hex format
+ */
+export declare function bytesToUuid(bytes: Uint8Array): string;

package/dist-standalone/_deps/crypto/uuid.js

@@ -0,0 +1,56 @@
+/**
+ * Generate a RFC 4122 Version 4 UUID (128-bit random).
+ * Uses crypto.randomUUID() when available, otherwise constructs manually
+ * from crypto.getRandomValues() with proper version/variant bits.
+ *
+ * @returns UUID string in standard 8-4-4-4-12 hex format
+ */
+export function generateUUID() {
+    if (typeof crypto !== 'undefined' && typeof crypto.randomUUID === 'function') {
+        return crypto.randomUUID();
+    }
+    const bytes = new Uint8Array(16);
+    crypto.getRandomValues(bytes);
+    // Set version 4 (bits 12-15 of time_hi_and_version)
+    bytes[6] = (bytes[6] & 0x0f) | 0x40;
+    // Set variant 10xx (bits 6-7 of clock_seq_hi_and_reserved)
+    bytes[8] = (bytes[8] & 0x3f) | 0x80;
+    const hex = Array.from(bytes, (b) => b.toString(16).padStart(2, '0')).join('');
+    return [
+        hex.slice(0, 8),
+        hex.slice(8, 12),
+        hex.slice(12, 16),
+        hex.slice(16, 20),
+        hex.slice(20, 32),
+    ].join('-');
+}
+/**
+ * Parse a UUID string into its raw 16 bytes.
+ *
+ * @param uuid - UUID string in 8-4-4-4-12 hex format
+ * @returns 16-byte Uint8Array
+ */
+export function uuidToBytes(uuid) {
+    const hex = uuid.replace(/-/g, '');
+    const bytes = new Uint8Array(16);
+    for (let i = 0; i < 16; i++) {
+        bytes[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
+    }
+    return bytes;
+}
+/**
+ * Convert raw 16 UUID bytes to the standard string format.
+ *
+ * @param bytes - 16-byte Uint8Array
+ * @returns UUID string in 8-4-4-4-12 hex format
+ */
+export function bytesToUuid(bytes) {
+    const hex = Array.from(bytes, (b) => b.toString(16).padStart(2, '0')).join('');
+    return [
+        hex.slice(0, 8),
+        hex.slice(8, 12),
+        hex.slice(12, 16),
+        hex.slice(16, 20),
+        hex.slice(20, 32),
+    ].join('-');
+}

package/dist-standalone/_deps/crypto/verify.d.ts

@@ -0,0 +1,15 @@
+/**
+ * @module verify
+ * Lightweight sub-path export for verification-only use cases.
+ *
+ * Import as `@private.me/crypto/verify` for tree-shaking:
+ * ```ts
+ * import { verifyHMAC, fromBase64, isSupported } from '@private.me/crypto/verify';
+ * ```
+ *
+ * This module re-exports only HMAC verification, base64 decoding,
+ * and the capability check — no splitting, no reconstruction, no padding.
+ */
+export { verifyHMAC } from './hmac.js';
+export { fromBase64, toBase64, fromBase64Url, toBase64Url } from './base64.js';
+export { isSupported } from './index.js';

package/dist-standalone/_deps/crypto/verify.js

@@ -0,0 +1,15 @@
+/**
+ * @module verify
+ * Lightweight sub-path export for verification-only use cases.
+ *
+ * Import as `@private.me/crypto/verify` for tree-shaking:
+ * ```ts
+ * import { verifyHMAC, fromBase64, isSupported } from '@private.me/crypto/verify';
+ * ```
+ *
+ * This module re-exports only HMAC verification, base64 decoding,
+ * and the capability check — no splitting, no reconstruction, no padding.
+ */
+export { verifyHMAC } from './hmac.js';
+export { fromBase64, toBase64, fromBase64Url, toBase64Url } from './base64.js';
+export { isSupported } from './index.js';

package/dist-standalone/_deps/crypto/xorida.d.ts

@@ -0,0 +1,44 @@
+/**
+ * XorIDA Threshold Secret Sharing over GF(2).
+ *
+ * Proprietary, patent-protected (k,n)-threshold secret sharing construction.
+ *
+ * All arithmetic is XOR (GF(2)). The generator matrix is constructed from a cyclic
+ * index formula using NextOddPrime(n). Any k-of-n shares reconstruct the original
+ * message via Gaussian elimination on the restricted generator matrix.
+ */
+/**
+ * Find the smallest odd prime >= n.
+ * Used to determine the cyclic group Z_p for generator matrix construction.
+ *
+ * @param n - Total number of shares
+ * @returns Smallest odd prime >= n
+ */
+export declare function nextOddPrime(n: number): number;
+/**
+ * Split a padded message into n shares using XorIDA threshold sharing.
+ *
+ * The message length must be a multiple of b = NextOddPrime(n) - 1.
+ * Each share is the same length as the input message.
+ *
+ * @param paddedMessage - PKCS#7-padded message (length must be multiple of b)
+ * @param n - Total number of shares to produce
+ * @param k - Threshold: minimum shares needed for reconstruction
+ * @returns Array of n shares, each the same length as paddedMessage
+ */
+export declare function splitXorIDA(paddedMessage: Uint8Array, n: number, k: number): Uint8Array[];
+/**
+ * Split with externally provided random source arrays (for testing with known vectors).
+ * @internal Exported for testing only.
+ */
+export declare function splitWithRandom(paddedMessage: Uint8Array, n: number, k: number, p: number, b: number, randomArrays?: Uint8Array[]): Uint8Array[];
+/**
+ * Reconstruct the padded message from k shares via GF(2) Gaussian elimination.
+ *
+ * @param shares - Array of k share byte arrays
+ * @param indices - Original indices (0-based) of the provided shares
+ * @param n - Total number of shares that were produced
+ * @param k - Threshold used during splitting
+ * @returns Reconstructed padded message
+ */
+export declare function reconstructXorIDA(shares: Uint8Array[], indices: number[], n: number, k: number): Uint8Array;

package/dist-standalone/_deps/crypto/xorida.js

@@ -0,0 +1,215 @@
+/**
+ * XorIDA Threshold Secret Sharing over GF(2).
+ *
+ * Proprietary, patent-protected (k,n)-threshold secret sharing construction.
+ *
+ * All arithmetic is XOR (GF(2)). The generator matrix is constructed from a cyclic
+ * index formula using NextOddPrime(n). Any k-of-n shares reconstruct the original
+ * message via Gaussian elimination on the restricted generator matrix.
+ */
+/**
+ * Find the smallest odd prime >= n.
+ * Used to determine the cyclic group Z_p for generator matrix construction.
+ *
+ * @param n - Total number of shares
+ * @returns Smallest odd prime >= n
+ */
+export function nextOddPrime(n) {
+    let i = n;
+    while (true) {
+        if (i >= 2 && isOddPrime(i))
+            return i;
+        i++;
+    }
+}
+/** Max bytes per crypto.getRandomValues call (Web Crypto API limit). */
+const MAX_RANDOM_CHUNK = 65536;
+/** Fill a Uint8Array with cryptographic random bytes, chunked to respect API limits. */
+function fillRandom(arr) {
+    for (let offset = 0; offset < arr.length; offset += MAX_RANDOM_CHUNK) {
+        const end = Math.min(offset + MAX_RANDOM_CHUNK, arr.length);
+        crypto.getRandomValues(arr.subarray(offset, end));
+    }
+}
+/** Check if a number is an odd prime. */
+function isOddPrime(n) {
+    if (n < 2)
+        return false;
+    if (n === 2)
+        return false; // even
+    if (n === 3)
+        return true;
+    if (n % 2 === 0)
+        return false;
+    for (let d = 3; d * d <= n; d += 2) {
+        if (n % d === 0)
+            return false;
+    }
+    return true;
+}
+/**
+ * Split a padded message into n shares using XorIDA threshold sharing.
+ *
+ * The message length must be a multiple of b = NextOddPrime(n) - 1.
+ * Each share is the same length as the input message.
+ *
+ * @param paddedMessage - PKCS#7-padded message (length must be multiple of b)
+ * @param n - Total number of shares to produce
+ * @param k - Threshold: minimum shares needed for reconstruction
+ * @returns Array of n shares, each the same length as paddedMessage
+ */
+export function splitXorIDA(paddedMessage, n, k) {
+    const p = nextOddPrime(n);
+    const b = p - 1;
+    if (paddedMessage.length === 0 || paddedMessage.length % b !== 0) {
+        throw new Error(`Message length ${paddedMessage.length} is not a multiple of block size ${b}`);
+    }
+    return splitWithRandom(paddedMessage, n, k, p, b);
+}
+/**
+ * Split with externally provided random source arrays (for testing with known vectors).
+ * @internal Exported for testing only.
+ */
+export function splitWithRandom(paddedMessage, n, k, p, b, randomArrays) {
+    const msgLen = paddedMessage.length;
+    const numBlocks = msgLen / b;
+    // Step 1: Create k source arrays — (k-1) random + message
+    const sourceArrays = [];
+    for (let i = 0; i < k - 1; i++) {
+        const provided = randomArrays?.[i];
+        if (provided) {
+            sourceArrays.push(provided);
+        }
+        else {
+            const rand = new Uint8Array(msgLen);
+            fillRandom(rand);
+            sourceArrays.push(rand);
+        }
+    }
+    sourceArrays.push(paddedMessage);
+    // Step 2: Construct each share using the generator matrix index formula
+    const shares = [];
+    for (let shareIdx = 0; shareIdx < n; shareIdx++) {
+        const share = new Uint8Array(msgLen);
+        for (let blockIdx = 0; blockIdx < numBlocks; blockIdx++) {
+            const blockOffset = blockIdx * b;
+            for (let destRow = 0; destRow < b; destRow++) {
+                for (let srcCol = 0; srcCol < k; srcCol++) {
+                    const srcRow = (destRow + shareIdx * srcCol) % p;
+                    if (srcRow < b) {
+                        share[blockOffset + destRow] ^=
+                            sourceArrays[srcCol][blockOffset + srcRow];
+                    }
+                }
+            }
+        }
+        shares.push(share);
+    }
+    return shares;
+}
+/**
+ * Reconstruct the padded message from k shares via GF(2) Gaussian elimination.
+ *
+ * @param shares - Array of k share byte arrays
+ * @param indices - Original indices (0-based) of the provided shares
+ * @param n - Total number of shares that were produced
+ * @param k - Threshold used during splitting
+ * @returns Reconstructed padded message
+ */
+export function reconstructXorIDA(shares, indices, n, k) {
+    if (shares.length !== k || indices.length !== k) {
+        throw new Error(`Expected ${k} shares, got ${shares.length}`);
+    }
+    const p = nextOddPrime(n);
+    const b = p - 1;
+    const shareLen = shares[0].length;
+    const numBlocks = shareLen / b;
+    // Step 1: Build restricted generator matrix G (k*b rows × k*b cols)
+    const numRows = k * b;
+    const numCols = k * b;
+    const recoveryMatrix = buildAndSolve(indices, k, p, b, numRows, numCols);
+    // Step 2: Apply recovery matrix to extract message bytes
+    const result = new Uint8Array(shareLen);
+    for (let blockIdx = 0; blockIdx < numBlocks; blockIdx++) {
+        const blockOffset = blockIdx * b;
+        for (let destByte = 0; destByte < b; destByte++) {
+            // Skip random rows, use message rows: row index = (k-1)*b + destByte
+            const recoveryRow = (k - 1) * b + destByte;
+            let val = 0;
+            for (let c = 0; c < numRows; c++) {
+                if (recoveryMatrix[recoveryRow][c]) {
+                    const localShareIdx = Math.floor(c / b);
+                    const byteInBlock = c % b;
+                    val ^= shares[localShareIdx][blockOffset + byteInBlock];
+                }
+            }
+            result[blockOffset + destByte] = val;
+        }
+    }
+    return result;
+}
+/**
+ * Build the restricted generator matrix and solve via Gaussian elimination.
+ * Returns the recovery matrix (right portion of [G|I] after elimination).
+ */
+function buildAndSolve(shareIndices, k, p, b, numRows, numCols) {
+    // Build augmented matrix [G | I] using Uint8Array rows
+    const totalCols = numCols + numRows;
+    const aug = [];
+    for (let i = 0; i < k; i++) {
+        const shareIdx = shareIndices[i];
+        for (let rowInShare = 0; rowInShare < b; rowInShare++) {
+            const row = new Uint8Array(totalCols);
+            const destRow = i * b + rowInShare;
+            // Fill generator matrix portion
+            for (let srcCol = 0; srcCol < k; srcCol++) {
+                const srcRow = (rowInShare + shareIdx * srcCol) % p;
+                if (srcRow < b) {
+                    row[srcCol * b + srcRow] = 1;
+                }
+            }
+            // Fill identity portion
+            row[numCols + destRow] = 1;
+            aug.push(row);
+        }
+    }
+    // Gaussian elimination over GF(2)
+    let pivotRow = 0;
+    for (let col = 0; col < numCols; col++) {
+        // Find pivot
+        let found = -1;
+        for (let r = pivotRow; r < numRows; r++) {
+            if (aug[r][col]) {
+                found = r;
+                break;
+            }
+        }
+        if (found === -1)
+            continue;
+        // Swap
+        if (found !== pivotRow) {
+            const tmp = aug[found];
+            aug[found] = aug[pivotRow];
+            aug[pivotRow] = tmp;
+        }
+        // Eliminate
+        for (let r = 0; r < numRows; r++) {
+            if (r !== pivotRow && aug[r][col]) {
+                xorRow(aug[r], aug[pivotRow]);
+            }
+        }
+        pivotRow++;
+    }
+    // Extract recovery matrix (right portion)
+    const recovery = [];
+    for (let r = 0; r < numRows; r++) {
+        recovery.push(aug[r].slice(numCols));
+    }
+    return recovery;
+}
+/** XOR row b into row a (in-place). */
+function xorRow(a, b) {
+    for (let i = 0; i < a.length; i++) {
+        a[i] ^= b[i];
+    }
+}

package/dist-standalone/_deps/mldsa-wasm/LICENSE

@@ -0,0 +1,24 @@
+Copyright (c) 2026 Dmitry Chestnykh (WASM wrapper, JavaScript)
+Copyright (c) The mldsa-native project authors
+Copyright (c) The mlkem-native project authors
+Copyright (c) 2020 Dougall Johnson
+Copyright (c) 2022 Arm Limited
+SPDX-License-Identifier: MIT
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.