@reallyme/crypto 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +140 -0
- package/dist/aead.d.ts +9 -0
- package/dist/aead.js +62 -0
- package/dist/aesKw.d.ts +10 -0
- package/dist/aesKw.js +45 -0
- package/dist/algorithms.d.ts +18 -0
- package/dist/algorithms.js +64 -0
- package/dist/argon2id.d.ts +8 -0
- package/dist/argon2id.js +40 -0
- package/dist/bip340Schnorr.d.ts +26 -0
- package/dist/bip340Schnorr.js +72 -0
- package/dist/codecs.d.ts +35 -0
- package/dist/codecs.js +216 -0
- package/dist/cryptoFacade.d.ts +51 -0
- package/dist/cryptoFacade.js +329 -0
- package/dist/digest.d.ts +14 -0
- package/dist/digest.js +33 -0
- package/dist/ed25519.d.ts +34 -0
- package/dist/ed25519.js +78 -0
- package/dist/encodeEcdsaDer.d.ts +2 -0
- package/dist/encodeEcdsaDer.js +141 -0
- package/dist/errors.d.ts +10 -0
- package/dist/errors.js +11 -0
- package/dist/hkdf.d.ts +7 -0
- package/dist/hkdf.js +27 -0
- package/dist/hmac.d.ts +9 -0
- package/dist/hmac.js +50 -0
- package/dist/hpke.d.ts +15 -0
- package/dist/hpke.js +59 -0
- package/dist/index.d.ts +41 -0
- package/dist/index.js +31 -0
- package/dist/jwk.d.ts +42 -0
- package/dist/jwk.js +289 -0
- package/dist/mlDsa.d.ts +18 -0
- package/dist/mlDsa.js +85 -0
- package/dist/mlKem.d.ts +25 -0
- package/dist/mlKem.js +95 -0
- package/dist/p256Ecdh.d.ts +22 -0
- package/dist/p256Ecdh.js +53 -0
- package/dist/p256Ecdsa.d.ts +25 -0
- package/dist/p256Ecdsa.js +85 -0
- package/dist/p384Ecdsa.d.ts +23 -0
- package/dist/p384Ecdsa.js +83 -0
- package/dist/p521Ecdsa.d.ts +23 -0
- package/dist/p521Ecdsa.js +83 -0
- package/dist/pbkdf2.d.ts +28 -0
- package/dist/pbkdf2.js +57 -0
- package/dist/proto/generated/reallyme/crypto/v1/crypto_pb.d.ts +618 -0
- package/dist/proto/generated/reallyme/crypto/v1/crypto_pb.js +523 -0
- package/dist/proto.d.ts +25 -0
- package/dist/proto.js +342 -0
- package/dist/providerCatalog.d.ts +9 -0
- package/dist/providerCatalog.js +15 -0
- package/dist/rsa.d.ts +13 -0
- package/dist/rsa.js +102 -0
- package/dist/secp256k1.d.ts +47 -0
- package/dist/secp256k1.js +106 -0
- package/dist/slhDsa.d.ts +15 -0
- package/dist/slhDsa.js +54 -0
- package/dist/validateBytes.d.ts +2 -0
- package/dist/validateBytes.js +20 -0
- package/dist/verifySignature.d.ts +1 -0
- package/dist/verifySignature.js +9 -0
- package/dist/wasm/LICENSE +201 -0
- package/dist/wasm/reallyme_crypto_wasm.js +1319 -0
- package/dist/wasm/reallyme_crypto_wasm_bg.wasm +0 -0
- package/dist/wasmModuleTypes.d.ts +72 -0
- package/dist/wasmModuleTypes.js +4 -0
- package/dist/wasmProvider.d.ts +94 -0
- package/dist/wasmProvider.js +173 -0
- package/dist/x25519.d.ts +28 -0
- package/dist/x25519.js +66 -0
- package/dist/xWing.d.ts +23 -0
- package/dist/xWing.js +86 -0
- package/package.json +48 -0
package/dist/ed25519.js
ADDED
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
// SPDX-FileCopyrightText: Copyright © 2026 ReallyMe LLC. All rights reserved
|
|
2
|
+
//
|
|
3
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
4
|
+
import { ed25519 } from "@noble/curves/ed25519.js";
|
|
5
|
+
import { ReallyMeCryptoError } from "./errors.js";
|
|
6
|
+
/**
|
|
7
|
+
* Ed25519 signatures backed by @noble/curves — the same pinned implementation
|
|
8
|
+
* the TypeScript conformance lane proves vectors against.
|
|
9
|
+
*
|
|
10
|
+
* The workspace contract uses the plain Ed25519 variant: callers pass the full
|
|
11
|
+
* message, the provider signs that message directly, and signatures are the
|
|
12
|
+
* 64-byte RFC 8032 encoding. Ed25519 is deterministic, so the same key and
|
|
13
|
+
* message must produce the same bytes in every platform lane.
|
|
14
|
+
*/
|
|
15
|
+
export const ED25519_SECRET_KEY_LENGTH = 32;
|
|
16
|
+
export const ED25519_PUBLIC_KEY_LENGTH = 32;
|
|
17
|
+
export const ED25519_SIGNATURE_LENGTH = 64;
|
|
18
|
+
export const ReallyMeEd25519 = {
|
|
19
|
+
/** Generates a random Ed25519 keypair: 32-byte public key, 32-byte seed. */
|
|
20
|
+
generateKeyPair() {
|
|
21
|
+
const secretKey = ed25519.utils.randomSecretKey();
|
|
22
|
+
return {
|
|
23
|
+
publicKey: ed25519.getPublicKey(secretKey),
|
|
24
|
+
secretKey,
|
|
25
|
+
};
|
|
26
|
+
},
|
|
27
|
+
/** Derives the Ed25519 keypair from a 32-byte seed. */
|
|
28
|
+
deriveKeyPair(secretKey) {
|
|
29
|
+
return {
|
|
30
|
+
publicKey: this.derivePublicKey(secretKey),
|
|
31
|
+
secretKey: secretKey.slice(),
|
|
32
|
+
};
|
|
33
|
+
},
|
|
34
|
+
/** Derives the 32-byte Ed25519 public key from a 32-byte seed. */
|
|
35
|
+
derivePublicKey(secretKey) {
|
|
36
|
+
if (secretKey.length !== ED25519_SECRET_KEY_LENGTH) {
|
|
37
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
38
|
+
}
|
|
39
|
+
try {
|
|
40
|
+
return ed25519.getPublicKey(secretKey);
|
|
41
|
+
}
|
|
42
|
+
catch {
|
|
43
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
44
|
+
}
|
|
45
|
+
},
|
|
46
|
+
/** Signs the full message using plain deterministic Ed25519. */
|
|
47
|
+
sign(message, secretKey) {
|
|
48
|
+
if (secretKey.length !== ED25519_SECRET_KEY_LENGTH) {
|
|
49
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
50
|
+
}
|
|
51
|
+
try {
|
|
52
|
+
return ed25519.sign(message, secretKey);
|
|
53
|
+
}
|
|
54
|
+
catch {
|
|
55
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
56
|
+
}
|
|
57
|
+
},
|
|
58
|
+
/**
|
|
59
|
+
* Verifies a 64-byte Ed25519 signature against a 32-byte public key.
|
|
60
|
+
*
|
|
61
|
+
* Throws on malformed input shape, undecodable keys, or invalid signatures.
|
|
62
|
+
*/
|
|
63
|
+
verify(signature, message, publicKey) {
|
|
64
|
+
if (signature.length !== ED25519_SIGNATURE_LENGTH ||
|
|
65
|
+
publicKey.length !== ED25519_PUBLIC_KEY_LENGTH) {
|
|
66
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
67
|
+
}
|
|
68
|
+
try {
|
|
69
|
+
ed25519.Point.fromBytes(publicKey, false);
|
|
70
|
+
}
|
|
71
|
+
catch {
|
|
72
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
73
|
+
}
|
|
74
|
+
if (!ed25519.verify(signature, message, publicKey, { zip215: false })) {
|
|
75
|
+
throw new ReallyMeCryptoError("invalid-signature");
|
|
76
|
+
}
|
|
77
|
+
},
|
|
78
|
+
};
|
|
@@ -0,0 +1,141 @@
|
|
|
1
|
+
// SPDX-FileCopyrightText: Copyright © 2026 ReallyMe LLC. All rights reserved
|
|
2
|
+
//
|
|
3
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
4
|
+
import { ReallyMeCryptoError } from "./errors.js";
|
|
5
|
+
const DER_SEQUENCE_TAG = 0x30;
|
|
6
|
+
const DER_INTEGER_TAG = 0x02;
|
|
7
|
+
const DER_SHORT_FORM_LIMIT = 0x7f;
|
|
8
|
+
const DER_LONG_FORM_ONE_BYTE = 0x81;
|
|
9
|
+
const byteAt = (bytes, index) => {
|
|
10
|
+
const value = bytes[index];
|
|
11
|
+
if (value === undefined) {
|
|
12
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
13
|
+
}
|
|
14
|
+
return value;
|
|
15
|
+
};
|
|
16
|
+
const isAllZero = (bytes) => {
|
|
17
|
+
for (const byte of bytes) {
|
|
18
|
+
if (byte !== 0) {
|
|
19
|
+
return false;
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
return true;
|
|
23
|
+
};
|
|
24
|
+
const derIntegerContent = (component) => {
|
|
25
|
+
let firstNonZero = 0;
|
|
26
|
+
while (firstNonZero < component.length - 1 &&
|
|
27
|
+
byteAt(component, firstNonZero) === 0) {
|
|
28
|
+
firstNonZero += 1;
|
|
29
|
+
}
|
|
30
|
+
const stripped = component.slice(firstNonZero);
|
|
31
|
+
if ((byteAt(stripped, 0) & 0x80) === 0) {
|
|
32
|
+
return stripped;
|
|
33
|
+
}
|
|
34
|
+
const prefixed = new Uint8Array(stripped.length + 1);
|
|
35
|
+
prefixed.set(stripped, 1);
|
|
36
|
+
return prefixed;
|
|
37
|
+
};
|
|
38
|
+
const sequenceHeaderLength = (payloadLength) => {
|
|
39
|
+
if (payloadLength <= DER_SHORT_FORM_LIMIT) {
|
|
40
|
+
return 2;
|
|
41
|
+
}
|
|
42
|
+
if (payloadLength <= 0xff) {
|
|
43
|
+
return 3;
|
|
44
|
+
}
|
|
45
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
46
|
+
};
|
|
47
|
+
const writeSequenceHeader = (der, payloadLength) => {
|
|
48
|
+
der[0] = DER_SEQUENCE_TAG;
|
|
49
|
+
if (payloadLength <= DER_SHORT_FORM_LIMIT) {
|
|
50
|
+
der[1] = payloadLength;
|
|
51
|
+
return 2;
|
|
52
|
+
}
|
|
53
|
+
der[1] = DER_LONG_FORM_ONE_BYTE;
|
|
54
|
+
der[2] = payloadLength;
|
|
55
|
+
return 3;
|
|
56
|
+
};
|
|
57
|
+
const readSequenceHeader = (signature) => {
|
|
58
|
+
if (byteAt(signature, 0) !== DER_SEQUENCE_TAG) {
|
|
59
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
60
|
+
}
|
|
61
|
+
const firstLengthByte = byteAt(signature, 1);
|
|
62
|
+
if ((firstLengthByte & 0x80) === 0) {
|
|
63
|
+
if (firstLengthByte !== signature.length - 2) {
|
|
64
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
65
|
+
}
|
|
66
|
+
return 2;
|
|
67
|
+
}
|
|
68
|
+
if (firstLengthByte !== DER_LONG_FORM_ONE_BYTE ||
|
|
69
|
+
signature.length < 3 ||
|
|
70
|
+
byteAt(signature, 2) <= DER_SHORT_FORM_LIMIT ||
|
|
71
|
+
byteAt(signature, 2) !== signature.length - 3) {
|
|
72
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
73
|
+
}
|
|
74
|
+
return 3;
|
|
75
|
+
};
|
|
76
|
+
const parseDerInteger = (der, offset, componentLength) => {
|
|
77
|
+
if (byteAt(der, offset) !== DER_INTEGER_TAG) {
|
|
78
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
79
|
+
}
|
|
80
|
+
const length = byteAt(der, offset + 1);
|
|
81
|
+
if (length === 0 || length > componentLength + 1) {
|
|
82
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
83
|
+
}
|
|
84
|
+
const start = offset + 2;
|
|
85
|
+
const end = start + length;
|
|
86
|
+
if (end > der.length) {
|
|
87
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
88
|
+
}
|
|
89
|
+
const content = der.slice(start, end);
|
|
90
|
+
const first = byteAt(content, 0);
|
|
91
|
+
if ((first & 0x80) !== 0) {
|
|
92
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
93
|
+
}
|
|
94
|
+
if (content.length > 1 && first === 0) {
|
|
95
|
+
const second = byteAt(content, 1);
|
|
96
|
+
if ((second & 0x80) === 0) {
|
|
97
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
const normalized = first === 0 ? content.slice(1) : content;
|
|
101
|
+
if (normalized.length > componentLength || isAllZero(normalized)) {
|
|
102
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
103
|
+
}
|
|
104
|
+
const value = new Uint8Array(componentLength);
|
|
105
|
+
value.set(normalized, componentLength - normalized.length);
|
|
106
|
+
return { value, nextOffset: end };
|
|
107
|
+
};
|
|
108
|
+
export const encodeEcdsaDerSignature = (compactSignature, componentLength) => {
|
|
109
|
+
if (compactSignature.length !== componentLength * 2) {
|
|
110
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
111
|
+
}
|
|
112
|
+
const r = derIntegerContent(compactSignature.slice(0, componentLength));
|
|
113
|
+
const s = derIntegerContent(compactSignature.slice(componentLength));
|
|
114
|
+
const payloadLength = 2 + r.length + 2 + s.length;
|
|
115
|
+
const headerLength = sequenceHeaderLength(payloadLength);
|
|
116
|
+
const der = new Uint8Array(headerLength + payloadLength);
|
|
117
|
+
const firstIntegerOffset = writeSequenceHeader(der, payloadLength);
|
|
118
|
+
der[firstIntegerOffset] = DER_INTEGER_TAG;
|
|
119
|
+
der[firstIntegerOffset + 1] = r.length;
|
|
120
|
+
der.set(r, firstIntegerOffset + 2);
|
|
121
|
+
const secondIntegerOffset = firstIntegerOffset + 2 + r.length;
|
|
122
|
+
der[secondIntegerOffset] = DER_INTEGER_TAG;
|
|
123
|
+
der[secondIntegerOffset + 1] = s.length;
|
|
124
|
+
der.set(s, secondIntegerOffset + 2);
|
|
125
|
+
return der;
|
|
126
|
+
};
|
|
127
|
+
export const decodeEcdsaDerSignature = (signature, componentLength, maxDerLength) => {
|
|
128
|
+
if (signature.length < 8 || signature.length > maxDerLength) {
|
|
129
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
130
|
+
}
|
|
131
|
+
const firstIntegerOffset = readSequenceHeader(signature);
|
|
132
|
+
const r = parseDerInteger(signature, firstIntegerOffset, componentLength);
|
|
133
|
+
const s = parseDerInteger(signature, r.nextOffset, componentLength);
|
|
134
|
+
if (s.nextOffset !== signature.length) {
|
|
135
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
136
|
+
}
|
|
137
|
+
const compact = new Uint8Array(componentLength * 2);
|
|
138
|
+
compact.set(r.value, 0);
|
|
139
|
+
compact.set(s.value, componentLength);
|
|
140
|
+
return compact;
|
|
141
|
+
};
|
package/dist/errors.d.ts
ADDED
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Typed SDK error codes. Errors intentionally carry no secret or
|
|
3
|
+
* user-provided bytes so callers can log them without leaking key material
|
|
4
|
+
* or PII.
|
|
5
|
+
*/
|
|
6
|
+
export type ReallyMeCryptoErrorCode = "invalid-input" | "invalid-signature" | "provider-failure" | "unsupported-algorithm";
|
|
7
|
+
export declare class ReallyMeCryptoError extends Error {
|
|
8
|
+
readonly code: ReallyMeCryptoErrorCode;
|
|
9
|
+
constructor(code: ReallyMeCryptoErrorCode);
|
|
10
|
+
}
|
package/dist/errors.js
ADDED
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
// SPDX-FileCopyrightText: Copyright © 2026 ReallyMe LLC. All rights reserved
|
|
2
|
+
//
|
|
3
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
4
|
+
export class ReallyMeCryptoError extends Error {
|
|
5
|
+
code;
|
|
6
|
+
constructor(code) {
|
|
7
|
+
super(code);
|
|
8
|
+
this.name = "ReallyMeCryptoError";
|
|
9
|
+
this.code = code;
|
|
10
|
+
}
|
|
11
|
+
}
|
package/dist/hkdf.d.ts
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
export declare const HKDF_MIN_INPUT_KEY_MATERIAL_LENGTH = 1;
|
|
2
|
+
export declare const HKDF_MAX_INPUT_LENGTH = 4096;
|
|
3
|
+
export declare const HKDF_MIN_OUTPUT_LENGTH = 1;
|
|
4
|
+
export declare const HKDF_MAX_OUTPUT_LENGTH = 4096;
|
|
5
|
+
export declare const ReallyMeHkdf: {
|
|
6
|
+
readonly deriveSha256: (inputKeyMaterial: Uint8Array, salt: Uint8Array, info: Uint8Array, outputLength: number) => Uint8Array;
|
|
7
|
+
};
|
package/dist/hkdf.js
ADDED
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
// SPDX-FileCopyrightText: Copyright © 2026 ReallyMe LLC. All rights reserved
|
|
2
|
+
//
|
|
3
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
4
|
+
import { hkdf } from "@noble/hashes/hkdf.js";
|
|
5
|
+
import { sha256 } from "@noble/hashes/sha2.js";
|
|
6
|
+
import { ReallyMeCryptoError } from "./errors.js";
|
|
7
|
+
export const HKDF_MIN_INPUT_KEY_MATERIAL_LENGTH = 1;
|
|
8
|
+
export const HKDF_MAX_INPUT_LENGTH = 4096;
|
|
9
|
+
export const HKDF_MIN_OUTPUT_LENGTH = 1;
|
|
10
|
+
export const HKDF_MAX_OUTPUT_LENGTH = 4096;
|
|
11
|
+
export const ReallyMeHkdf = {
|
|
12
|
+
deriveSha256(inputKeyMaterial, salt, info, outputLength) {
|
|
13
|
+
validate(inputKeyMaterial, salt, info, outputLength);
|
|
14
|
+
return hkdf(sha256, inputKeyMaterial, salt, info, outputLength);
|
|
15
|
+
},
|
|
16
|
+
};
|
|
17
|
+
function validate(inputKeyMaterial, salt, info, outputLength) {
|
|
18
|
+
if (inputKeyMaterial.length < HKDF_MIN_INPUT_KEY_MATERIAL_LENGTH ||
|
|
19
|
+
inputKeyMaterial.length > HKDF_MAX_INPUT_LENGTH ||
|
|
20
|
+
salt.length > HKDF_MAX_INPUT_LENGTH ||
|
|
21
|
+
info.length > HKDF_MAX_INPUT_LENGTH ||
|
|
22
|
+
!Number.isInteger(outputLength) ||
|
|
23
|
+
outputLength < HKDF_MIN_OUTPUT_LENGTH ||
|
|
24
|
+
outputLength > HKDF_MAX_OUTPUT_LENGTH) {
|
|
25
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
26
|
+
}
|
|
27
|
+
}
|
package/dist/hmac.d.ts
ADDED
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
export declare const HMAC_MAX_KEY_LENGTH = 4096;
|
|
2
|
+
export declare const HMAC_SHA256_TAG_LENGTH = 32;
|
|
3
|
+
export declare const HMAC_SHA512_TAG_LENGTH = 64;
|
|
4
|
+
export declare const ReallyMeHmac: {
|
|
5
|
+
readonly authenticateSha256: (key: Uint8Array, message: Uint8Array) => Uint8Array;
|
|
6
|
+
readonly authenticateSha512: (key: Uint8Array, message: Uint8Array) => Uint8Array;
|
|
7
|
+
readonly verifySha256: (tag: Uint8Array, key: Uint8Array, message: Uint8Array) => boolean;
|
|
8
|
+
readonly verifySha512: (tag: Uint8Array, key: Uint8Array, message: Uint8Array) => boolean;
|
|
9
|
+
};
|
package/dist/hmac.js
ADDED
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
// SPDX-FileCopyrightText: Copyright © 2026 ReallyMe LLC. All rights reserved
|
|
2
|
+
//
|
|
3
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
4
|
+
import { hmac } from "@noble/hashes/hmac.js";
|
|
5
|
+
import { sha256, sha512 } from "@noble/hashes/sha2.js";
|
|
6
|
+
import { ReallyMeCryptoError } from "./errors.js";
|
|
7
|
+
export const HMAC_MAX_KEY_LENGTH = 4096;
|
|
8
|
+
export const HMAC_SHA256_TAG_LENGTH = 32;
|
|
9
|
+
export const HMAC_SHA512_TAG_LENGTH = 64;
|
|
10
|
+
export const ReallyMeHmac = {
|
|
11
|
+
authenticateSha256(key, message) {
|
|
12
|
+
validateKey(key);
|
|
13
|
+
return hmac(sha256, key, message);
|
|
14
|
+
},
|
|
15
|
+
authenticateSha512(key, message) {
|
|
16
|
+
validateKey(key);
|
|
17
|
+
return hmac(sha512, key, message);
|
|
18
|
+
},
|
|
19
|
+
verifySha256(tag, key, message) {
|
|
20
|
+
if (tag.length !== HMAC_SHA256_TAG_LENGTH) {
|
|
21
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
22
|
+
}
|
|
23
|
+
return constantTimeEquals(tag, ReallyMeHmac.authenticateSha256(key, message));
|
|
24
|
+
},
|
|
25
|
+
verifySha512(tag, key, message) {
|
|
26
|
+
if (tag.length !== HMAC_SHA512_TAG_LENGTH) {
|
|
27
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
28
|
+
}
|
|
29
|
+
return constantTimeEquals(tag, ReallyMeHmac.authenticateSha512(key, message));
|
|
30
|
+
},
|
|
31
|
+
};
|
|
32
|
+
function validateKey(key) {
|
|
33
|
+
if (key.length === 0 || key.length > HMAC_MAX_KEY_LENGTH) {
|
|
34
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
function constantTimeEquals(left, right) {
|
|
38
|
+
if (left.length !== right.length) {
|
|
39
|
+
return false;
|
|
40
|
+
}
|
|
41
|
+
let difference = 0;
|
|
42
|
+
for (const [index, leftByte] of left.entries()) {
|
|
43
|
+
const rightByte = right[index];
|
|
44
|
+
if (rightByte === undefined) {
|
|
45
|
+
return false;
|
|
46
|
+
}
|
|
47
|
+
difference |= leftByte ^ rightByte;
|
|
48
|
+
}
|
|
49
|
+
return difference === 0;
|
|
50
|
+
}
|
package/dist/hpke.d.ts
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import type { ReallyMeHpkeSuite } from "./algorithms.js";
|
|
2
|
+
export declare const HPKE_P256_PRIVATE_KEY_LENGTH = 32;
|
|
3
|
+
export declare const HPKE_P256_PUBLIC_KEY_LENGTH = 65;
|
|
4
|
+
export declare const HPKE_X25519_PRIVATE_KEY_LENGTH = 32;
|
|
5
|
+
export declare const HPKE_X25519_PUBLIC_KEY_LENGTH = 32;
|
|
6
|
+
export declare const HPKE_AEAD_TAG_LENGTH = 16;
|
|
7
|
+
export type ReallyMeHpkeSealedMessage = Readonly<{
|
|
8
|
+
encapsulatedKey: Uint8Array;
|
|
9
|
+
ciphertext: Uint8Array;
|
|
10
|
+
}>;
|
|
11
|
+
export declare const ReallyMeHpke: {
|
|
12
|
+
readonly sealBase: (suite: ReallyMeHpkeSuite, recipientPublicKey: Uint8Array, info: Uint8Array, aad: Uint8Array, plaintext: Uint8Array) => ReallyMeHpkeSealedMessage;
|
|
13
|
+
readonly openBase: (suite: ReallyMeHpkeSuite, recipientSecretKey: Uint8Array, encapsulatedKey: Uint8Array, info: Uint8Array, aad: Uint8Array, ciphertext: Uint8Array) => Uint8Array;
|
|
14
|
+
};
|
|
15
|
+
export declare const sealHpkeBaseDeterministicallyForTest: (suite: ReallyMeHpkeSuite, recipientPublicKey: Uint8Array, encapsulationRandomness: Uint8Array, info: Uint8Array, aad: Uint8Array, plaintext: Uint8Array) => ReallyMeHpkeSealedMessage;
|
package/dist/hpke.js
ADDED
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
// SPDX-FileCopyrightText: Copyright © 2026 ReallyMe LLC. All rights reserved
|
|
2
|
+
//
|
|
3
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
4
|
+
import { ReallyMeCryptoError } from "./errors.js";
|
|
5
|
+
import { ensureBytes, readByteArrayProperty } from "./validateBytes.js";
|
|
6
|
+
import { requireReallyMeWasmProvider } from "./wasmProvider.js";
|
|
7
|
+
export const HPKE_P256_PRIVATE_KEY_LENGTH = 32;
|
|
8
|
+
export const HPKE_P256_PUBLIC_KEY_LENGTH = 65;
|
|
9
|
+
export const HPKE_X25519_PRIVATE_KEY_LENGTH = 32;
|
|
10
|
+
export const HPKE_X25519_PUBLIC_KEY_LENGTH = 32;
|
|
11
|
+
export const HPKE_AEAD_TAG_LENGTH = 16;
|
|
12
|
+
const hpkeSuite = (suite) => {
|
|
13
|
+
switch (suite) {
|
|
14
|
+
case "DHKEM-P256-HKDF-SHA256-HKDF-SHA256-AES-256-GCM":
|
|
15
|
+
return {
|
|
16
|
+
id: 1,
|
|
17
|
+
publicKeyLength: HPKE_P256_PUBLIC_KEY_LENGTH,
|
|
18
|
+
privateKeyLength: HPKE_P256_PRIVATE_KEY_LENGTH,
|
|
19
|
+
};
|
|
20
|
+
case "DHKEM-X25519-HKDF-SHA256-HKDF-SHA256-CHACHA20-POLY1305":
|
|
21
|
+
return {
|
|
22
|
+
id: 2,
|
|
23
|
+
publicKeyLength: HPKE_X25519_PUBLIC_KEY_LENGTH,
|
|
24
|
+
privateKeyLength: HPKE_X25519_PRIVATE_KEY_LENGTH,
|
|
25
|
+
};
|
|
26
|
+
}
|
|
27
|
+
};
|
|
28
|
+
const readSealedMessage = (value, suite, plaintextLength) => ({
|
|
29
|
+
encapsulatedKey: readByteArrayProperty(value, "encapsulatedKey", suite.publicKeyLength),
|
|
30
|
+
ciphertext: readByteArrayProperty(value, "ciphertext", plaintextLength + HPKE_AEAD_TAG_LENGTH),
|
|
31
|
+
});
|
|
32
|
+
const requirePlaintext = (value) => {
|
|
33
|
+
if (!(value instanceof Uint8Array)) {
|
|
34
|
+
throw new ReallyMeCryptoError("provider-failure");
|
|
35
|
+
}
|
|
36
|
+
return value;
|
|
37
|
+
};
|
|
38
|
+
export const ReallyMeHpke = {
|
|
39
|
+
sealBase(suite, recipientPublicKey, info, aad, plaintext) {
|
|
40
|
+
const config = hpkeSuite(suite);
|
|
41
|
+
ensureBytes(recipientPublicKey, config.publicKeyLength);
|
|
42
|
+
return readSealedMessage(requireReallyMeWasmProvider().hpkeSealBase(config.id, recipientPublicKey, info, aad, plaintext), config, plaintext.length);
|
|
43
|
+
},
|
|
44
|
+
openBase(suite, recipientSecretKey, encapsulatedKey, info, aad, ciphertext) {
|
|
45
|
+
const config = hpkeSuite(suite);
|
|
46
|
+
ensureBytes(recipientSecretKey, config.privateKeyLength);
|
|
47
|
+
ensureBytes(encapsulatedKey, config.publicKeyLength);
|
|
48
|
+
if (ciphertext.length < HPKE_AEAD_TAG_LENGTH) {
|
|
49
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
50
|
+
}
|
|
51
|
+
return requirePlaintext(requireReallyMeWasmProvider().hpkeOpenBase(config.id, recipientSecretKey, encapsulatedKey, info, aad, ciphertext));
|
|
52
|
+
},
|
|
53
|
+
};
|
|
54
|
+
export const sealHpkeBaseDeterministicallyForTest = (suite, recipientPublicKey, encapsulationRandomness, info, aad, plaintext) => {
|
|
55
|
+
const config = hpkeSuite(suite);
|
|
56
|
+
ensureBytes(recipientPublicKey, config.publicKeyLength);
|
|
57
|
+
ensureBytes(encapsulationRandomness, config.privateKeyLength);
|
|
58
|
+
return readSealedMessage(requireReallyMeWasmProvider().hpkeSealBaseDerand(config.id, recipientPublicKey, encapsulationRandomness, info, aad, plaintext), config, plaintext.length);
|
|
59
|
+
};
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
export { ReallyMeCryptoError } from "./errors.js";
|
|
2
|
+
export type { ReallyMeCryptoErrorCode } from "./errors.js";
|
|
3
|
+
export { REALLYME_AEAD_ALGORITHMS, REALLYME_HASH_ALGORITHMS, REALLYME_HPKE_SUITES, REALLYME_KDF_ALGORITHMS, REALLYME_KEM_ALGORITHMS, REALLYME_KEY_AGREEMENT_ALGORITHMS, REALLYME_KEY_WRAP_ALGORITHMS, REALLYME_MAC_ALGORITHMS, REALLYME_SIGNATURE_ALGORITHMS, } from "./algorithms.js";
|
|
4
|
+
export type { ReallyMeAeadAlgorithm, ReallyMeHashAlgorithm, ReallyMeHpkeSuite, ReallyMeKdfAlgorithm, ReallyMeKemAlgorithm, ReallyMeKeyAgreementAlgorithm, ReallyMeKeyWrapAlgorithm, ReallyMeMacAlgorithm, ReallyMeSignatureAlgorithm, } from "./algorithms.js";
|
|
5
|
+
export { AEAD_KEY_LENGTH, AEAD_NONCE_LENGTH, AEAD_TAG_LENGTH, ReallyMeAead, XCHACHA20_POLY1305_NONCE_LENGTH, } from "./aead.js";
|
|
6
|
+
export { AES_256_KW_KEK_LENGTH, AES_KW_BLOCK_LENGTH, AES_KW_INTEGRITY_CHECK_LENGTH, AES_KW_MAX_KEY_DATA_LENGTH, AES_KW_MIN_KEY_DATA_LENGTH, AES_KW_MIN_WRAPPED_KEY_LENGTH, ReallyMeAesKw, } from "./aesKw.js";
|
|
7
|
+
export { ARGON2ID_DERIVED_KEY_LENGTH, ARGON2ID_SALT_MAX_LENGTH, ARGON2ID_SALT_MIN_LENGTH, ARGON2ID_V1, ARGON2ID_V2, ReallyMeArgon2id, } from "./argon2id.js";
|
|
8
|
+
export { BIP340_SCHNORR_AUX_RAND_LENGTH, BIP340_SCHNORR_MESSAGE_LENGTH, BIP340_SCHNORR_PUBLIC_KEY_LENGTH, BIP340_SCHNORR_SECRET_KEY_LENGTH, BIP340_SCHNORR_SIGNATURE_LENGTH, ReallyMeBip340Schnorr, } from "./bip340Schnorr.js";
|
|
9
|
+
export { HPKE_AEAD_TAG_LENGTH, HPKE_P256_PRIVATE_KEY_LENGTH, HPKE_P256_PUBLIC_KEY_LENGTH, HPKE_X25519_PRIVATE_KEY_LENGTH, HPKE_X25519_PUBLIC_KEY_LENGTH, ReallyMeHpke, } from "./hpke.js";
|
|
10
|
+
export type { ReallyMeHpkeSealedMessage as ReallyMeHpkeProviderSealedMessage } from "./hpke.js";
|
|
11
|
+
export { ReallyMeCodecs } from "./codecs.js";
|
|
12
|
+
export type { ReallyMeDagCborCidVerification, ReallyMeKeyMaterialKind, ReallyMeMulticodecMetadata, ReallyMeMulticodecTag, ReallyMeParsedMultikey, } from "./codecs.js";
|
|
13
|
+
export { ReallyMeJwk } from "./jwk.js";
|
|
14
|
+
export type { ReallyMeAkpJwk, ReallyMeEcJwk, ReallyMeJwk as ReallyMeJsonWebKey, ReallyMeJwkAlgorithm, ReallyMeJwkKey, ReallyMeJwks, ReallyMeJwksKeySet, ReallyMeOkpJwk, } from "./jwk.js";
|
|
15
|
+
export { ML_KEM_1024_CIPHERTEXT_LENGTH, ML_KEM_1024_PUBLIC_KEY_LENGTH, ML_KEM_512_CIPHERTEXT_LENGTH, ML_KEM_512_PUBLIC_KEY_LENGTH, ML_KEM_768_CIPHERTEXT_LENGTH, ML_KEM_768_PUBLIC_KEY_LENGTH, ML_KEM_ENCAPSULATION_RANDOMNESS_LENGTH, ML_KEM_SECRET_KEY_LENGTH, ML_KEM_SHARED_SECRET_LENGTH, ReallyMeMlKem, } from "./mlKem.js";
|
|
16
|
+
export type { ReallyMeMlKemEncapsulation, ReallyMeMlKemKeyPair } from "./mlKem.js";
|
|
17
|
+
export { ML_DSA_44_PUBLIC_KEY_LENGTH, ML_DSA_44_SIGNATURE_LENGTH, ML_DSA_65_PUBLIC_KEY_LENGTH, ML_DSA_65_SIGNATURE_LENGTH, ML_DSA_87_PUBLIC_KEY_LENGTH, ML_DSA_87_SIGNATURE_LENGTH, ML_DSA_SECRET_KEY_LENGTH, ReallyMeMlDsa, } from "./mlDsa.js";
|
|
18
|
+
export type { ReallyMeMlDsaKeyPair } from "./mlDsa.js";
|
|
19
|
+
export { ReallyMeSlhDsa, SLH_DSA_SHA2_128S_KEYGEN_SEED_LENGTH, SLH_DSA_SHA2_128S_PUBLIC_KEY_LENGTH, SLH_DSA_SHA2_128S_SECRET_KEY_LENGTH, SLH_DSA_SHA2_128S_SIGNATURE_LENGTH, } from "./slhDsa.js";
|
|
20
|
+
export type { ReallyMeSlhDsaKeyPair } from "./slhDsa.js";
|
|
21
|
+
export { compiledProviders, REALLYME_CRYPTO_PROVIDERS } from "./providerCatalog.js";
|
|
22
|
+
export type { ReallyMeCryptoProvider } from "./providerCatalog.js";
|
|
23
|
+
export { ReallyMeCrypto } from "./cryptoFacade.js";
|
|
24
|
+
export type { ReallyMeHpkeSealedMessage, ReallyMeKeyAgreementKeyPair, ReallyMeKemEncapsulation, ReallyMeKemKeyPair, ReallyMeSignatureKeyPair, } from "./cryptoFacade.js";
|
|
25
|
+
export { ReallyMeDigest } from "./digest.js";
|
|
26
|
+
export { ED25519_PUBLIC_KEY_LENGTH, ED25519_SECRET_KEY_LENGTH, ED25519_SIGNATURE_LENGTH, ReallyMeEd25519, } from "./ed25519.js";
|
|
27
|
+
export { HKDF_MAX_INPUT_LENGTH, HKDF_MAX_OUTPUT_LENGTH, HKDF_MIN_INPUT_KEY_MATERIAL_LENGTH, HKDF_MIN_OUTPUT_LENGTH, ReallyMeHkdf, } from "./hkdf.js";
|
|
28
|
+
export { HMAC_MAX_KEY_LENGTH, HMAC_SHA256_TAG_LENGTH, HMAC_SHA512_TAG_LENGTH, ReallyMeHmac, } from "./hmac.js";
|
|
29
|
+
export { P256_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH, P256_ECDH_SECRET_KEY_LENGTH, P256_ECDH_SHARED_SECRET_LENGTH, ReallyMeP256Ecdh, } from "./p256Ecdh.js";
|
|
30
|
+
export { P256_ECDSA_COMPACT_SIGNATURE_LENGTH, P256_ECDSA_COMPRESSED_PUBLIC_KEY_LENGTH, P256_ECDSA_DER_SIGNATURE_MAX_LENGTH, P256_ECDSA_SECRET_KEY_LENGTH, ReallyMeP256Ecdsa, } from "./p256Ecdsa.js";
|
|
31
|
+
export { P384_ECDSA_COMPACT_SIGNATURE_LENGTH, P384_ECDSA_COMPRESSED_PUBLIC_KEY_LENGTH, P384_ECDSA_DER_SIGNATURE_MAX_LENGTH, P384_ECDSA_SECRET_KEY_LENGTH, ReallyMeP384Ecdsa, } from "./p384Ecdsa.js";
|
|
32
|
+
export { P521_ECDSA_COMPACT_SIGNATURE_LENGTH, P521_ECDSA_COMPRESSED_PUBLIC_KEY_LENGTH, P521_ECDSA_DER_SIGNATURE_MAX_LENGTH, P521_ECDSA_SECRET_KEY_LENGTH, ReallyMeP521Ecdsa, } from "./p521Ecdsa.js";
|
|
33
|
+
export { PBKDF2_MAX_INPUT_LENGTH, PBKDF2_MAX_OUTPUT_LENGTH, PBKDF2_MIN_INPUT_LENGTH, PBKDF2_MIN_ITERATIONS, PBKDF2_MIN_OUTPUT_LENGTH, PBKDF2_RECOMMENDED_MIN_ITERATIONS_SHA256, PBKDF2_RECOMMENDED_MIN_ITERATIONS_SHA512, ReallyMePbkdf2, } from "./pbkdf2.js";
|
|
34
|
+
export { ReallyMeSecp256k1, SECP256K1_COMPRESSED_PUBLIC_KEY_LENGTH, SECP256K1_SECRET_KEY_LENGTH, SECP256K1_SIGNATURE_LENGTH, } from "./secp256k1.js";
|
|
35
|
+
export { ReallyMeRsa, RSA_PUBLIC_KEY_DER_MAX_LENGTH, RSA_SIGNATURE_MAX_LENGTH, } from "./rsa.js";
|
|
36
|
+
export type { ReallyMeRsaPublicKeyDerEncoding } from "./rsa.js";
|
|
37
|
+
export { ReallyMeX25519, X25519_PUBLIC_KEY_LENGTH, X25519_SECRET_KEY_LENGTH, X25519_SHARED_SECRET_LENGTH, } from "./x25519.js";
|
|
38
|
+
export { installReallyMeWasmProvider } from "./wasmProvider.js";
|
|
39
|
+
export type { ReallyMeWasmProvider } from "./wasmProvider.js";
|
|
40
|
+
export { ReallyMeXWing, X_WING_1024_CIPHERTEXT_LENGTH, X_WING_1024_PUBLIC_KEY_LENGTH, X_WING_768_CIPHERTEXT_LENGTH, X_WING_768_PUBLIC_KEY_LENGTH, X_WING_ENCAPSULATION_SEED_LENGTH, X_WING_SECRET_KEY_LENGTH, X_WING_SHARED_SECRET_LENGTH, } from "./xWing.js";
|
|
41
|
+
export type { ReallyMeXWingEncapsulation, ReallyMeXWingKeyPair } from "./xWing.js";
|
package/dist/index.js
ADDED
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
// SPDX-FileCopyrightText: Copyright © 2026 ReallyMe LLC. All rights reserved
|
|
2
|
+
//
|
|
3
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
4
|
+
export { ReallyMeCryptoError } from "./errors.js";
|
|
5
|
+
export { REALLYME_AEAD_ALGORITHMS, REALLYME_HASH_ALGORITHMS, REALLYME_HPKE_SUITES, REALLYME_KDF_ALGORITHMS, REALLYME_KEM_ALGORITHMS, REALLYME_KEY_AGREEMENT_ALGORITHMS, REALLYME_KEY_WRAP_ALGORITHMS, REALLYME_MAC_ALGORITHMS, REALLYME_SIGNATURE_ALGORITHMS, } from "./algorithms.js";
|
|
6
|
+
export { AEAD_KEY_LENGTH, AEAD_NONCE_LENGTH, AEAD_TAG_LENGTH, ReallyMeAead, XCHACHA20_POLY1305_NONCE_LENGTH, } from "./aead.js";
|
|
7
|
+
export { AES_256_KW_KEK_LENGTH, AES_KW_BLOCK_LENGTH, AES_KW_INTEGRITY_CHECK_LENGTH, AES_KW_MAX_KEY_DATA_LENGTH, AES_KW_MIN_KEY_DATA_LENGTH, AES_KW_MIN_WRAPPED_KEY_LENGTH, ReallyMeAesKw, } from "./aesKw.js";
|
|
8
|
+
export { ARGON2ID_DERIVED_KEY_LENGTH, ARGON2ID_SALT_MAX_LENGTH, ARGON2ID_SALT_MIN_LENGTH, ARGON2ID_V1, ARGON2ID_V2, ReallyMeArgon2id, } from "./argon2id.js";
|
|
9
|
+
export { BIP340_SCHNORR_AUX_RAND_LENGTH, BIP340_SCHNORR_MESSAGE_LENGTH, BIP340_SCHNORR_PUBLIC_KEY_LENGTH, BIP340_SCHNORR_SECRET_KEY_LENGTH, BIP340_SCHNORR_SIGNATURE_LENGTH, ReallyMeBip340Schnorr, } from "./bip340Schnorr.js";
|
|
10
|
+
export { HPKE_AEAD_TAG_LENGTH, HPKE_P256_PRIVATE_KEY_LENGTH, HPKE_P256_PUBLIC_KEY_LENGTH, HPKE_X25519_PRIVATE_KEY_LENGTH, HPKE_X25519_PUBLIC_KEY_LENGTH, ReallyMeHpke, } from "./hpke.js";
|
|
11
|
+
export { ReallyMeCodecs } from "./codecs.js";
|
|
12
|
+
export { ReallyMeJwk } from "./jwk.js";
|
|
13
|
+
export { ML_KEM_1024_CIPHERTEXT_LENGTH, ML_KEM_1024_PUBLIC_KEY_LENGTH, ML_KEM_512_CIPHERTEXT_LENGTH, ML_KEM_512_PUBLIC_KEY_LENGTH, ML_KEM_768_CIPHERTEXT_LENGTH, ML_KEM_768_PUBLIC_KEY_LENGTH, ML_KEM_ENCAPSULATION_RANDOMNESS_LENGTH, ML_KEM_SECRET_KEY_LENGTH, ML_KEM_SHARED_SECRET_LENGTH, ReallyMeMlKem, } from "./mlKem.js";
|
|
14
|
+
export { ML_DSA_44_PUBLIC_KEY_LENGTH, ML_DSA_44_SIGNATURE_LENGTH, ML_DSA_65_PUBLIC_KEY_LENGTH, ML_DSA_65_SIGNATURE_LENGTH, ML_DSA_87_PUBLIC_KEY_LENGTH, ML_DSA_87_SIGNATURE_LENGTH, ML_DSA_SECRET_KEY_LENGTH, ReallyMeMlDsa, } from "./mlDsa.js";
|
|
15
|
+
export { ReallyMeSlhDsa, SLH_DSA_SHA2_128S_KEYGEN_SEED_LENGTH, SLH_DSA_SHA2_128S_PUBLIC_KEY_LENGTH, SLH_DSA_SHA2_128S_SECRET_KEY_LENGTH, SLH_DSA_SHA2_128S_SIGNATURE_LENGTH, } from "./slhDsa.js";
|
|
16
|
+
export { compiledProviders, REALLYME_CRYPTO_PROVIDERS } from "./providerCatalog.js";
|
|
17
|
+
export { ReallyMeCrypto } from "./cryptoFacade.js";
|
|
18
|
+
export { ReallyMeDigest } from "./digest.js";
|
|
19
|
+
export { ED25519_PUBLIC_KEY_LENGTH, ED25519_SECRET_KEY_LENGTH, ED25519_SIGNATURE_LENGTH, ReallyMeEd25519, } from "./ed25519.js";
|
|
20
|
+
export { HKDF_MAX_INPUT_LENGTH, HKDF_MAX_OUTPUT_LENGTH, HKDF_MIN_INPUT_KEY_MATERIAL_LENGTH, HKDF_MIN_OUTPUT_LENGTH, ReallyMeHkdf, } from "./hkdf.js";
|
|
21
|
+
export { HMAC_MAX_KEY_LENGTH, HMAC_SHA256_TAG_LENGTH, HMAC_SHA512_TAG_LENGTH, ReallyMeHmac, } from "./hmac.js";
|
|
22
|
+
export { P256_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH, P256_ECDH_SECRET_KEY_LENGTH, P256_ECDH_SHARED_SECRET_LENGTH, ReallyMeP256Ecdh, } from "./p256Ecdh.js";
|
|
23
|
+
export { P256_ECDSA_COMPACT_SIGNATURE_LENGTH, P256_ECDSA_COMPRESSED_PUBLIC_KEY_LENGTH, P256_ECDSA_DER_SIGNATURE_MAX_LENGTH, P256_ECDSA_SECRET_KEY_LENGTH, ReallyMeP256Ecdsa, } from "./p256Ecdsa.js";
|
|
24
|
+
export { P384_ECDSA_COMPACT_SIGNATURE_LENGTH, P384_ECDSA_COMPRESSED_PUBLIC_KEY_LENGTH, P384_ECDSA_DER_SIGNATURE_MAX_LENGTH, P384_ECDSA_SECRET_KEY_LENGTH, ReallyMeP384Ecdsa, } from "./p384Ecdsa.js";
|
|
25
|
+
export { P521_ECDSA_COMPACT_SIGNATURE_LENGTH, P521_ECDSA_COMPRESSED_PUBLIC_KEY_LENGTH, P521_ECDSA_DER_SIGNATURE_MAX_LENGTH, P521_ECDSA_SECRET_KEY_LENGTH, ReallyMeP521Ecdsa, } from "./p521Ecdsa.js";
|
|
26
|
+
export { PBKDF2_MAX_INPUT_LENGTH, PBKDF2_MAX_OUTPUT_LENGTH, PBKDF2_MIN_INPUT_LENGTH, PBKDF2_MIN_ITERATIONS, PBKDF2_MIN_OUTPUT_LENGTH, PBKDF2_RECOMMENDED_MIN_ITERATIONS_SHA256, PBKDF2_RECOMMENDED_MIN_ITERATIONS_SHA512, ReallyMePbkdf2, } from "./pbkdf2.js";
|
|
27
|
+
export { ReallyMeSecp256k1, SECP256K1_COMPRESSED_PUBLIC_KEY_LENGTH, SECP256K1_SECRET_KEY_LENGTH, SECP256K1_SIGNATURE_LENGTH, } from "./secp256k1.js";
|
|
28
|
+
export { ReallyMeRsa, RSA_PUBLIC_KEY_DER_MAX_LENGTH, RSA_SIGNATURE_MAX_LENGTH, } from "./rsa.js";
|
|
29
|
+
export { ReallyMeX25519, X25519_PUBLIC_KEY_LENGTH, X25519_SECRET_KEY_LENGTH, X25519_SHARED_SECRET_LENGTH, } from "./x25519.js";
|
|
30
|
+
export { installReallyMeWasmProvider } from "./wasmProvider.js";
|
|
31
|
+
export { ReallyMeXWing, X_WING_1024_CIPHERTEXT_LENGTH, X_WING_1024_PUBLIC_KEY_LENGTH, X_WING_768_CIPHERTEXT_LENGTH, X_WING_768_PUBLIC_KEY_LENGTH, X_WING_ENCAPSULATION_SEED_LENGTH, X_WING_SECRET_KEY_LENGTH, X_WING_SHARED_SECRET_LENGTH, } from "./xWing.js";
|
package/dist/jwk.d.ts
ADDED
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
export type ReallyMeJwkAlgorithm = "Ed25519" | "X25519" | "P-256" | "secp256k1" | "ML-DSA-44" | "ML-DSA-65" | "ML-DSA-87" | "ML-KEM-512" | "ML-KEM-768" | "ML-KEM-1024" | "SLH-DSA-SHA2-128s" | "X-Wing-768" | "X-Wing-1024";
|
|
2
|
+
export type ReallyMeOkpJwk = Readonly<{
|
|
3
|
+
alg: string;
|
|
4
|
+
crv: "Ed25519" | "X25519";
|
|
5
|
+
kty: "OKP";
|
|
6
|
+
use: "enc" | "sig";
|
|
7
|
+
x: string;
|
|
8
|
+
}>;
|
|
9
|
+
export type ReallyMeAkpJwk = Readonly<{
|
|
10
|
+
alg: string;
|
|
11
|
+
kty: "AKP";
|
|
12
|
+
pub: string;
|
|
13
|
+
use: "enc" | "sig";
|
|
14
|
+
}>;
|
|
15
|
+
export type ReallyMeEcJwk = Readonly<{
|
|
16
|
+
alg: string;
|
|
17
|
+
crv: "P-256" | "secp256k1";
|
|
18
|
+
kty: "EC";
|
|
19
|
+
use: "sig";
|
|
20
|
+
x: string;
|
|
21
|
+
y: string;
|
|
22
|
+
}>;
|
|
23
|
+
export type ReallyMeJwk = ReallyMeOkpJwk | ReallyMeAkpJwk | ReallyMeEcJwk;
|
|
24
|
+
export type ReallyMeJwkKey = Readonly<{
|
|
25
|
+
algorithm: ReallyMeJwkAlgorithm;
|
|
26
|
+
publicKey: Uint8Array;
|
|
27
|
+
jwk: ReallyMeJwk;
|
|
28
|
+
}>;
|
|
29
|
+
export type ReallyMeJwks = Readonly<{
|
|
30
|
+
keys: ReadonlyArray<ReallyMeJwk>;
|
|
31
|
+
}>;
|
|
32
|
+
export type ReallyMeJwksKeySet = Readonly<{
|
|
33
|
+
keys: ReadonlyArray<ReallyMeJwkKey>;
|
|
34
|
+
}>;
|
|
35
|
+
export declare const ReallyMeJwk: {
|
|
36
|
+
readonly toJwk: (algorithm: ReallyMeJwkAlgorithm, publicKey: Uint8Array) => ReallyMeJwk;
|
|
37
|
+
readonly fromJwk: (value: unknown) => ReallyMeJwkKey;
|
|
38
|
+
readonly toJwks: (keys: ReadonlyArray<ReallyMeJwk>) => ReallyMeJwks;
|
|
39
|
+
readonly fromJwks: (value: unknown) => ReallyMeJwksKeySet;
|
|
40
|
+
readonly publicKeyBytes: (jwk: ReallyMeJwk) => Uint8Array;
|
|
41
|
+
readonly toJcs: (jwk: ReallyMeJwk) => string;
|
|
42
|
+
};
|