@reallyme/crypto 0.1.1 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/cryptoFacade.js +7 -0
- package/dist/ed25519.d.ts +6 -1
- package/dist/ed25519.js +6 -1
- package/dist/mlDsa.js +2 -0
- package/dist/mlKem.js +2 -0
- package/dist/wasm/reallyme_crypto_wasm_bg.wasm +0 -0
- package/dist/wasmProvider.d.ts +2 -1
- package/dist/wasmProvider.js +5 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -6,7 +6,7 @@ SPDX-License-Identifier: Apache-2.0
|
|
|
6
6
|
|
|
7
7
|
# @reallyme/crypto
|
|
8
8
|
|
|
9
|
-
[](https://www.npmjs.com/package/@reallyme/crypto)
|
|
9
|
+
[](https://www.npmjs.com/package/@reallyme/crypto)
|
|
10
10
|
[](https://github.com/reallyme/crypto/blob/main/LICENSE)
|
|
11
11
|
|
|
12
12
|
ReallyMe Crypto provides a platform-agnostic cryptography API for TypeScript,
|
package/dist/cryptoFacade.js
CHANGED
|
@@ -165,6 +165,9 @@ export const ReallyMeCrypto = {
|
|
|
165
165
|
}
|
|
166
166
|
},
|
|
167
167
|
deriveKeyPair(algorithm, secretKey) {
|
|
168
|
+
// Import an existing secret and reconstruct its public key. Do not use
|
|
169
|
+
// this as key generation from passwords or other low-entropy input; use
|
|
170
|
+
// generateKeyPair for new keys, or a protocol-approved KDF before import.
|
|
168
171
|
if (algorithm === ED25519) {
|
|
169
172
|
return ReallyMeEd25519.deriveKeyPair(secretKey);
|
|
170
173
|
}
|
|
@@ -183,6 +186,10 @@ export const ReallyMeCrypto = {
|
|
|
183
186
|
case "ML-DSA-65":
|
|
184
187
|
case "ML-DSA-87":
|
|
185
188
|
return ReallyMeMlDsa.deriveKeyPair(algorithm, secretKey);
|
|
189
|
+
case "SLH-DSA-SHA2-128s":
|
|
190
|
+
// SLH-DSA deterministic derivation uses three FIPS seed components,
|
|
191
|
+
// so it deliberately does not fit this single-secret import shape.
|
|
192
|
+
throw new ReallyMeCryptoError("unsupported-algorithm");
|
|
186
193
|
default:
|
|
187
194
|
throw new ReallyMeCryptoError("unsupported-algorithm");
|
|
188
195
|
}
|
package/dist/ed25519.d.ts
CHANGED
|
@@ -16,7 +16,12 @@ export declare const ReallyMeEd25519: {
|
|
|
16
16
|
publicKey: Uint8Array;
|
|
17
17
|
secretKey: Uint8Array;
|
|
18
18
|
};
|
|
19
|
-
/**
|
|
19
|
+
/**
|
|
20
|
+
* Reconstructs an Ed25519 keypair from stored 32-byte secret material.
|
|
21
|
+
*
|
|
22
|
+
* This is an import path, not password-based key generation. Use
|
|
23
|
+
* `generateKeyPair` for fresh keys.
|
|
24
|
+
*/
|
|
20
25
|
readonly deriveKeyPair: (secretKey: Uint8Array) => {
|
|
21
26
|
publicKey: Uint8Array;
|
|
22
27
|
secretKey: Uint8Array;
|
package/dist/ed25519.js
CHANGED
|
@@ -24,7 +24,12 @@ export const ReallyMeEd25519 = {
|
|
|
24
24
|
secretKey,
|
|
25
25
|
};
|
|
26
26
|
},
|
|
27
|
-
/**
|
|
27
|
+
/**
|
|
28
|
+
* Reconstructs an Ed25519 keypair from stored 32-byte secret material.
|
|
29
|
+
*
|
|
30
|
+
* This is an import path, not password-based key generation. Use
|
|
31
|
+
* `generateKeyPair` for fresh keys.
|
|
32
|
+
*/
|
|
28
33
|
deriveKeyPair(secretKey) {
|
|
29
34
|
return {
|
|
30
35
|
publicKey: this.derivePublicKey(secretKey),
|
package/dist/mlDsa.js
CHANGED
|
@@ -67,6 +67,8 @@ export const ReallyMeMlDsa = {
|
|
|
67
67
|
return readKeyPair(suite.generateKeyPair(), suite);
|
|
68
68
|
},
|
|
69
69
|
deriveKeyPair(algorithm, secretKey) {
|
|
70
|
+
// Import an existing FIPS 204 seed and reconstruct its public key. Do not
|
|
71
|
+
// feed passwords or other low-entropy material here.
|
|
70
72
|
const suite = mlDsaSuite(algorithm);
|
|
71
73
|
ensureBytes(secretKey, ML_DSA_SECRET_KEY_LENGTH);
|
|
72
74
|
return readKeyPair(suite.deriveKeyPair(secretKey), suite);
|
package/dist/mlKem.js
CHANGED
|
@@ -71,6 +71,8 @@ export const ReallyMeMlKem = {
|
|
|
71
71
|
return readKeyPair(suite.generateKeyPair(), suite);
|
|
72
72
|
},
|
|
73
73
|
deriveKeyPair(algorithm, secretKey) {
|
|
74
|
+
// Import an existing FIPS 203 seed-form secret and reconstruct its public
|
|
75
|
+
// key. Do not feed passwords or other low-entropy material here.
|
|
74
76
|
const suite = mlKemSuite(algorithm);
|
|
75
77
|
ensureBytes(secretKey, ML_KEM_SECRET_KEY_LENGTH);
|
|
76
78
|
return readKeyPair(suite.deriveKeyPair(secretKey), suite);
|
|
Binary file
|
package/dist/wasmProvider.d.ts
CHANGED
|
@@ -16,6 +16,7 @@ type HpkeOpenFn = (suite: number, recipientSecretKey: Uint8Array, encapsulatedKe
|
|
|
16
16
|
type HpkeSealFn = (suite: number, recipientPublicKey: Uint8Array, info: Uint8Array, aad: Uint8Array, plaintext: Uint8Array) => unknown;
|
|
17
17
|
type HpkeSealDerandFn = (suite: number, recipientPublicKey: Uint8Array, encapsulationRandomness: Uint8Array, info: Uint8Array, aad: Uint8Array, plaintext: Uint8Array) => unknown;
|
|
18
18
|
type DeriveKeypairFn = (secretKey: Uint8Array) => unknown;
|
|
19
|
+
type SlhDsaDeriveKeypairFn = (skSeed: Uint8Array, skPrf: Uint8Array, pkSeed: Uint8Array) => unknown;
|
|
19
20
|
type EncapsulateFn = (publicKey: Uint8Array) => unknown;
|
|
20
21
|
type EncapsulateDerandFn = (publicKey: Uint8Array, seed: Uint8Array) => unknown;
|
|
21
22
|
type DecapsulateFn = (ciphertext: Uint8Array, secretKey: Uint8Array) => unknown;
|
|
@@ -73,7 +74,7 @@ export type ReallyMeWasmProvider = Readonly<{
|
|
|
73
74
|
mlKem1024EncapsulateDerand: EncapsulateDerandFn;
|
|
74
75
|
mlKem1024Decapsulate: DecapsulateFn;
|
|
75
76
|
slhDsaSha2128sGenerateKeypair: GenerateKeypairFn;
|
|
76
|
-
slhDsaSha2128sDeriveKeypair:
|
|
77
|
+
slhDsaSha2128sDeriveKeypair: SlhDsaDeriveKeypairFn;
|
|
77
78
|
slhDsaSha2128sSign: SignatureSignFn;
|
|
78
79
|
slhDsaSha2128sVerify: SignatureVerifyFn;
|
|
79
80
|
rsaVerifyPkcs1v15: RsaPkcs1v15VerifyFn;
|
package/dist/wasmProvider.js
CHANGED
|
@@ -64,6 +64,10 @@ const function3 = (module, name) => {
|
|
|
64
64
|
const callable = requireFunction(module, name);
|
|
65
65
|
return (first, second, third) => callable(first, second, third);
|
|
66
66
|
};
|
|
67
|
+
const deriveSlhDsaFunction3 = (module, name) => {
|
|
68
|
+
const callable = requireFunction(module, name);
|
|
69
|
+
return (skSeed, skPrf, pkSeed) => callable(skSeed, skPrf, pkSeed);
|
|
70
|
+
};
|
|
67
71
|
const function4 = (module, name) => {
|
|
68
72
|
const callable = requireFunction(module, name);
|
|
69
73
|
return (first, second, third, fourth) => callable(first, second, third, fourth);
|
|
@@ -148,7 +152,7 @@ export const installReallyMeWasmProvider = (module) => {
|
|
|
148
152
|
mlKem1024EncapsulateDerand: function2(providerModule, "mlKem1024EncapsulateDerand"),
|
|
149
153
|
mlKem1024Decapsulate: function2(providerModule, "mlKem1024Decapsulate"),
|
|
150
154
|
slhDsaSha2128sGenerateKeypair: function0(providerModule, "slhDsaSha2128sGenerateKeypair"),
|
|
151
|
-
slhDsaSha2128sDeriveKeypair:
|
|
155
|
+
slhDsaSha2128sDeriveKeypair: deriveSlhDsaFunction3(providerModule, "slhDsaSha2128sDeriveKeypair"),
|
|
152
156
|
slhDsaSha2128sSign: function2(providerModule, "slhDsaSha2128sSign"),
|
|
153
157
|
slhDsaSha2128sVerify: function3(providerModule, "slhDsaSha2128sVerify"),
|
|
154
158
|
rsaVerifyPkcs1v15: rsaPkcs1v15VerifyFunction(providerModule, "rsaVerifyPkcs1v15"),
|