@reallyme/crypto 0.1.3 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/aead.d.ts CHANGED
@@ -1,5 +1,8 @@
1
1
  import type { ReallyMeAeadAlgorithm } from "./algorithms.js";
2
2
  export declare const AEAD_KEY_LENGTH = 32;
3
+ export declare const AES_128_GCM_KEY_LENGTH = 16;
4
+ export declare const AES_192_GCM_KEY_LENGTH = 24;
5
+ export declare const AES_256_GCM_KEY_LENGTH = 32;
3
6
  export declare const AEAD_NONCE_LENGTH = 12;
4
7
  export declare const XCHACHA20_POLY1305_NONCE_LENGTH = 24;
5
8
  export declare const AEAD_TAG_LENGTH = 16;
package/dist/aead.js CHANGED
@@ -5,32 +5,53 @@ import { ReallyMeCryptoError } from "./errors.js";
5
5
  import { ensureBytes } from "./validateBytes.js";
6
6
  import { requireReallyMeWasmProvider } from "./wasmProvider.js";
7
7
  export const AEAD_KEY_LENGTH = 32;
8
+ export const AES_128_GCM_KEY_LENGTH = 16;
9
+ export const AES_192_GCM_KEY_LENGTH = 24;
10
+ export const AES_256_GCM_KEY_LENGTH = 32;
8
11
  export const AEAD_NONCE_LENGTH = 12;
9
12
  export const XCHACHA20_POLY1305_NONCE_LENGTH = 24;
10
13
  export const AEAD_TAG_LENGTH = 16;
11
14
  const aeadSuite = (algorithm) => {
12
15
  const provider = requireReallyMeWasmProvider();
13
16
  switch (algorithm) {
17
+ case "AES-128-GCM":
18
+ return {
19
+ keyLength: AES_128_GCM_KEY_LENGTH,
20
+ nonceLength: AEAD_NONCE_LENGTH,
21
+ seal: provider.aes128GcmSeal,
22
+ open: provider.aes128GcmOpen,
23
+ };
24
+ case "AES-192-GCM":
25
+ return {
26
+ keyLength: AES_192_GCM_KEY_LENGTH,
27
+ nonceLength: AEAD_NONCE_LENGTH,
28
+ seal: provider.aes192GcmSeal,
29
+ open: provider.aes192GcmOpen,
30
+ };
14
31
  case "AES-256-GCM":
15
32
  return {
33
+ keyLength: AES_256_GCM_KEY_LENGTH,
16
34
  nonceLength: AEAD_NONCE_LENGTH,
17
35
  seal: provider.aes256GcmSeal,
18
36
  open: provider.aes256GcmOpen,
19
37
  };
20
38
  case "AES-256-GCM-SIV":
21
39
  return {
40
+ keyLength: AES_256_GCM_KEY_LENGTH,
22
41
  nonceLength: AEAD_NONCE_LENGTH,
23
42
  seal: provider.aes256GcmSivSeal,
24
43
  open: provider.aes256GcmSivOpen,
25
44
  };
26
45
  case "ChaCha20-Poly1305":
27
46
  return {
47
+ keyLength: AES_256_GCM_KEY_LENGTH,
28
48
  nonceLength: AEAD_NONCE_LENGTH,
29
49
  seal: provider.chacha20Poly1305Seal,
30
50
  open: provider.chacha20Poly1305Open,
31
51
  };
32
52
  case "XChaCha20-Poly1305":
33
53
  return {
54
+ keyLength: AES_256_GCM_KEY_LENGTH,
34
55
  nonceLength: XCHACHA20_POLY1305_NONCE_LENGTH,
35
56
  seal: provider.xchacha20Poly1305Seal,
36
57
  open: provider.xchacha20Poly1305Open,
@@ -46,13 +67,13 @@ const requireBytesOutput = (value) => {
46
67
  export const ReallyMeAead = {
47
68
  seal(algorithm, key, nonce, aad, plaintext) {
48
69
  const suite = aeadSuite(algorithm);
49
- ensureBytes(key, AEAD_KEY_LENGTH);
70
+ ensureBytes(key, suite.keyLength);
50
71
  ensureBytes(nonce, suite.nonceLength);
51
72
  return requireBytesOutput(suite.seal(key, nonce, aad, plaintext));
52
73
  },
53
74
  open(algorithm, key, nonce, aad, ciphertextWithTag) {
54
75
  const suite = aeadSuite(algorithm);
55
- ensureBytes(key, AEAD_KEY_LENGTH);
76
+ ensureBytes(key, suite.keyLength);
56
77
  ensureBytes(nonce, suite.nonceLength);
57
78
  if (ciphertextWithTag.length < AEAD_TAG_LENGTH) {
58
79
  throw new ReallyMeCryptoError("invalid-input");
@@ -2,15 +2,15 @@ export declare const REALLYME_SIGNATURE_ALGORITHMS: readonly ["Ed25519", "ECDSA-
2
2
  export type ReallyMeSignatureAlgorithm = (typeof REALLYME_SIGNATURE_ALGORITHMS)[number];
3
3
  export declare const REALLYME_HASH_ALGORITHMS: readonly ["SHA2-256", "SHA2-384", "SHA2-512", "SHA3-224", "SHA3-256", "SHA3-384", "SHA3-512"];
4
4
  export type ReallyMeHashAlgorithm = (typeof REALLYME_HASH_ALGORITHMS)[number];
5
- export declare const REALLYME_AEAD_ALGORITHMS: readonly ["AES-256-GCM", "AES-256-GCM-SIV", "ChaCha20-Poly1305", "XChaCha20-Poly1305"];
5
+ export declare const REALLYME_AEAD_ALGORITHMS: readonly ["AES-128-GCM", "AES-192-GCM", "AES-256-GCM", "AES-256-GCM-SIV", "ChaCha20-Poly1305", "XChaCha20-Poly1305"];
6
6
  export type ReallyMeAeadAlgorithm = (typeof REALLYME_AEAD_ALGORITHMS)[number];
7
7
  export declare const REALLYME_KEM_ALGORITHMS: readonly ["ML-KEM-512", "ML-KEM-768", "ML-KEM-1024", "X-Wing-768", "X-Wing-1024"];
8
8
  export type ReallyMeKemAlgorithm = (typeof REALLYME_KEM_ALGORITHMS)[number];
9
- export declare const REALLYME_KEY_AGREEMENT_ALGORITHMS: readonly ["X25519", "P-256-ECDH"];
9
+ export declare const REALLYME_KEY_AGREEMENT_ALGORITHMS: readonly ["X25519", "P-256-ECDH", "P-384-ECDH", "P-521-ECDH"];
10
10
  export type ReallyMeKeyAgreementAlgorithm = (typeof REALLYME_KEY_AGREEMENT_ALGORITHMS)[number];
11
11
  export declare const REALLYME_MAC_ALGORITHMS: readonly ["HMAC-SHA-256", "HMAC-SHA-512"];
12
12
  export type ReallyMeMacAlgorithm = (typeof REALLYME_MAC_ALGORITHMS)[number];
13
- export declare const REALLYME_KDF_ALGORITHMS: readonly ["HKDF-SHA256", "Argon2id", "PBKDF2-HMAC-SHA-256", "PBKDF2-HMAC-SHA-512"];
13
+ export declare const REALLYME_KDF_ALGORITHMS: readonly ["HKDF-SHA256", "Argon2id", "PBKDF2-HMAC-SHA-256", "PBKDF2-HMAC-SHA-512", "JWA-CONCAT-KDF-SHA256"];
14
14
  export type ReallyMeKdfAlgorithm = (typeof REALLYME_KDF_ALGORITHMS)[number];
15
15
  export declare const REALLYME_KEY_WRAP_ALGORITHMS: readonly ["AES-256-KW"];
16
16
  export type ReallyMeKeyWrapAlgorithm = (typeof REALLYME_KEY_WRAP_ALGORITHMS)[number];
@@ -31,6 +31,8 @@ export const REALLYME_HASH_ALGORITHMS = [
31
31
  "SHA3-512",
32
32
  ];
33
33
  export const REALLYME_AEAD_ALGORITHMS = [
34
+ "AES-128-GCM",
35
+ "AES-192-GCM",
34
36
  "AES-256-GCM",
35
37
  "AES-256-GCM-SIV",
36
38
  "ChaCha20-Poly1305",
@@ -46,6 +48,8 @@ export const REALLYME_KEM_ALGORITHMS = [
46
48
  export const REALLYME_KEY_AGREEMENT_ALGORITHMS = [
47
49
  "X25519",
48
50
  "P-256-ECDH",
51
+ "P-384-ECDH",
52
+ "P-521-ECDH",
49
53
  ];
50
54
  export const REALLYME_MAC_ALGORITHMS = [
51
55
  "HMAC-SHA-256",
@@ -56,6 +60,7 @@ export const REALLYME_KDF_ALGORITHMS = [
56
60
  "Argon2id",
57
61
  "PBKDF2-HMAC-SHA-256",
58
62
  "PBKDF2-HMAC-SHA-512",
63
+ "JWA-CONCAT-KDF-SHA256",
59
64
  ];
60
65
  export const REALLYME_KEY_WRAP_ALGORITHMS = ["AES-256-KW"];
61
66
  export const REALLYME_HPKE_SUITES = [
@@ -33,6 +33,7 @@ export declare const ReallyMeCrypto: {
33
33
  readonly verifyMac: (algorithm: ReallyMeMacAlgorithm, tag: Uint8Array, key: Uint8Array, message: Uint8Array) => boolean;
34
34
  readonly deriveKey: (algorithm: ReallyMeKdfAlgorithm, password: Uint8Array, salt: Uint8Array, iterations: number, outputLength: number) => Uint8Array;
35
35
  readonly deriveHkdf: (algorithm: ReallyMeKdfAlgorithm, inputKeyMaterial: Uint8Array, salt: Uint8Array, info: Uint8Array, outputLength: number) => Uint8Array;
36
+ readonly deriveJwaConcatKdfSha256: (algorithm: ReallyMeKdfAlgorithm, sharedSecret: Uint8Array, algorithmId: Uint8Array, partyUInfo: Uint8Array, partyVInfo: Uint8Array, outputLength: number) => Uint8Array;
36
37
  readonly wrapKey: (algorithm: ReallyMeKeyWrapAlgorithm, wrappingKey: Uint8Array, keyToWrap: Uint8Array) => Uint8Array;
37
38
  readonly unwrapKey: (algorithm: ReallyMeKeyWrapAlgorithm, wrappingKey: Uint8Array, wrappedKey: Uint8Array) => Uint8Array;
38
39
  readonly generateKeyPair: (algorithm: ReallyMeSignatureAlgorithm) => ReallyMeSignatureKeyPair;
@@ -11,12 +11,15 @@ import { ReallyMeCryptoError } from "./errors.js";
11
11
  import { ReallyMeHkdf } from "./hkdf.js";
12
12
  import { ReallyMeHmac } from "./hmac.js";
13
13
  import { ReallyMeHpke } from "./hpke.js";
14
+ import { ReallyMeJwaConcatKdf } from "./jwaConcatKdf.js";
14
15
  import { ReallyMeMlDsa } from "./mlDsa.js";
15
16
  import { ReallyMeMlKem } from "./mlKem.js";
16
17
  import { ReallyMeP256Ecdsa } from "./p256Ecdsa.js";
17
18
  import { ReallyMeP256Ecdh } from "./p256Ecdh.js";
18
19
  import { ReallyMeP384Ecdsa } from "./p384Ecdsa.js";
20
+ import { ReallyMeP384Ecdh } from "./p384Ecdh.js";
19
21
  import { ReallyMeP521Ecdsa } from "./p521Ecdsa.js";
22
+ import { ReallyMeP521Ecdh } from "./p521Ecdh.js";
20
23
  import { ReallyMePbkdf2 } from "./pbkdf2.js";
21
24
  import { ReallyMeRsa } from "./rsa.js";
22
25
  import { ReallyMeSecp256k1 } from "./secp256k1.js";
@@ -57,6 +60,8 @@ export const ReallyMeCrypto = {
57
60
  },
58
61
  seal(algorithm, key, nonce, aad, plaintext) {
59
62
  switch (algorithm) {
63
+ case "AES-128-GCM":
64
+ case "AES-192-GCM":
60
65
  case "AES-256-GCM":
61
66
  case "AES-256-GCM-SIV":
62
67
  case "ChaCha20-Poly1305":
@@ -68,6 +73,8 @@ export const ReallyMeCrypto = {
68
73
  },
69
74
  open(algorithm, key, nonce, aad, ciphertextWithTag) {
70
75
  switch (algorithm) {
76
+ case "AES-128-GCM":
77
+ case "AES-192-GCM":
71
78
  case "AES-256-GCM":
72
79
  case "AES-256-GCM-SIV":
73
80
  case "ChaCha20-Poly1305":
@@ -117,6 +124,20 @@ export const ReallyMeCrypto = {
117
124
  return ReallyMeHkdf.deriveSha256(inputKeyMaterial, salt, info, outputLength);
118
125
  case "Argon2id":
119
126
  case "PBKDF2-HMAC-SHA-256":
127
+ case "PBKDF2-HMAC-SHA-512":
128
+ case "JWA-CONCAT-KDF-SHA256":
129
+ throw new ReallyMeCryptoError("unsupported-algorithm");
130
+ default:
131
+ throw new ReallyMeCryptoError("unsupported-algorithm");
132
+ }
133
+ },
134
+ deriveJwaConcatKdfSha256(algorithm, sharedSecret, algorithmId, partyUInfo, partyVInfo, outputLength) {
135
+ switch (algorithm) {
136
+ case "JWA-CONCAT-KDF-SHA256":
137
+ return ReallyMeJwaConcatKdf.deriveSha256(sharedSecret, algorithmId, partyUInfo, partyVInfo, outputLength);
138
+ case "Argon2id":
139
+ case "HKDF-SHA256":
140
+ case "PBKDF2-HMAC-SHA-256":
120
141
  case "PBKDF2-HMAC-SHA-512":
121
142
  throw new ReallyMeCryptoError("unsupported-algorithm");
122
143
  default:
@@ -165,6 +186,9 @@ export const ReallyMeCrypto = {
165
186
  }
166
187
  },
167
188
  deriveKeyPair(algorithm, secretKey) {
189
+ // Import an existing secret and reconstruct its public key. Do not use
190
+ // this as key generation from passwords or other low-entropy input; use
191
+ // generateKeyPair for new keys, or a protocol-approved KDF before import.
168
192
  if (algorithm === ED25519) {
169
193
  return ReallyMeEd25519.deriveKeyPair(secretKey);
170
194
  }
@@ -183,6 +207,10 @@ export const ReallyMeCrypto = {
183
207
  case "ML-DSA-65":
184
208
  case "ML-DSA-87":
185
209
  return ReallyMeMlDsa.deriveKeyPair(algorithm, secretKey);
210
+ case "SLH-DSA-SHA2-128s":
211
+ // SLH-DSA deterministic derivation uses three FIPS seed components,
212
+ // so it deliberately does not fit this single-secret import shape.
213
+ throw new ReallyMeCryptoError("unsupported-algorithm");
186
214
  default:
187
215
  throw new ReallyMeCryptoError("unsupported-algorithm");
188
216
  }
@@ -255,6 +283,10 @@ export const ReallyMeCrypto = {
255
283
  return ReallyMeX25519.deriveSharedSecret(publicKey, secretKey);
256
284
  case "P-256-ECDH":
257
285
  return ReallyMeP256Ecdh.deriveSharedSecret(publicKey, secretKey);
286
+ case "P-384-ECDH":
287
+ return ReallyMeP384Ecdh.deriveSharedSecret(publicKey, secretKey);
288
+ case "P-521-ECDH":
289
+ return ReallyMeP521Ecdh.deriveSharedSecret(publicKey, secretKey);
258
290
  default:
259
291
  throw new ReallyMeCryptoError("unsupported-algorithm");
260
292
  }
@@ -265,6 +297,10 @@ export const ReallyMeCrypto = {
265
297
  return ReallyMeX25519.deriveKeyPair(secretKey);
266
298
  case "P-256-ECDH":
267
299
  return ReallyMeP256Ecdh.deriveKeyPair(secretKey);
300
+ case "P-384-ECDH":
301
+ return ReallyMeP384Ecdh.deriveKeyPair(secretKey);
302
+ case "P-521-ECDH":
303
+ return ReallyMeP521Ecdh.deriveKeyPair(secretKey);
268
304
  default:
269
305
  throw new ReallyMeCryptoError("unsupported-algorithm");
270
306
  }
package/dist/ed25519.d.ts CHANGED
@@ -16,7 +16,12 @@ export declare const ReallyMeEd25519: {
16
16
  publicKey: Uint8Array;
17
17
  secretKey: Uint8Array;
18
18
  };
19
- /** Derives the Ed25519 keypair from a 32-byte seed. */
19
+ /**
20
+ * Reconstructs an Ed25519 keypair from stored 32-byte secret material.
21
+ *
22
+ * This is an import path, not password-based key generation. Use
23
+ * `generateKeyPair` for fresh keys.
24
+ */
20
25
  readonly deriveKeyPair: (secretKey: Uint8Array) => {
21
26
  publicKey: Uint8Array;
22
27
  secretKey: Uint8Array;
package/dist/ed25519.js CHANGED
@@ -24,7 +24,12 @@ export const ReallyMeEd25519 = {
24
24
  secretKey,
25
25
  };
26
26
  },
27
- /** Derives the Ed25519 keypair from a 32-byte seed. */
27
+ /**
28
+ * Reconstructs an Ed25519 keypair from stored 32-byte secret material.
29
+ *
30
+ * This is an import path, not password-based key generation. Use
31
+ * `generateKeyPair` for fresh keys.
32
+ */
28
33
  deriveKeyPair(secretKey) {
29
34
  return {
30
35
  publicKey: this.derivePublicKey(secretKey),
package/dist/index.d.ts CHANGED
@@ -2,7 +2,7 @@ export { ReallyMeCryptoError } from "./errors.js";
2
2
  export type { ReallyMeCryptoErrorCode } from "./errors.js";
3
3
  export { REALLYME_AEAD_ALGORITHMS, REALLYME_HASH_ALGORITHMS, REALLYME_HPKE_SUITES, REALLYME_KDF_ALGORITHMS, REALLYME_KEM_ALGORITHMS, REALLYME_KEY_AGREEMENT_ALGORITHMS, REALLYME_KEY_WRAP_ALGORITHMS, REALLYME_MAC_ALGORITHMS, REALLYME_SIGNATURE_ALGORITHMS, } from "./algorithms.js";
4
4
  export type { ReallyMeAeadAlgorithm, ReallyMeHashAlgorithm, ReallyMeHpkeSuite, ReallyMeKdfAlgorithm, ReallyMeKemAlgorithm, ReallyMeKeyAgreementAlgorithm, ReallyMeKeyWrapAlgorithm, ReallyMeMacAlgorithm, ReallyMeSignatureAlgorithm, } from "./algorithms.js";
5
- export { AEAD_KEY_LENGTH, AEAD_NONCE_LENGTH, AEAD_TAG_LENGTH, ReallyMeAead, XCHACHA20_POLY1305_NONCE_LENGTH, } from "./aead.js";
5
+ export { AEAD_KEY_LENGTH, AEAD_NONCE_LENGTH, AEAD_TAG_LENGTH, AES_128_GCM_KEY_LENGTH, AES_192_GCM_KEY_LENGTH, AES_256_GCM_KEY_LENGTH, ReallyMeAead, XCHACHA20_POLY1305_NONCE_LENGTH, } from "./aead.js";
6
6
  export { AES_256_KW_KEK_LENGTH, AES_KW_BLOCK_LENGTH, AES_KW_INTEGRITY_CHECK_LENGTH, AES_KW_MAX_KEY_DATA_LENGTH, AES_KW_MIN_KEY_DATA_LENGTH, AES_KW_MIN_WRAPPED_KEY_LENGTH, ReallyMeAesKw, } from "./aesKw.js";
7
7
  export { ARGON2ID_DERIVED_KEY_LENGTH, ARGON2ID_SALT_MAX_LENGTH, ARGON2ID_SALT_MIN_LENGTH, ARGON2ID_V1, ARGON2ID_V2, ReallyMeArgon2id, } from "./argon2id.js";
8
8
  export { BIP340_SCHNORR_AUX_RAND_LENGTH, BIP340_SCHNORR_MESSAGE_LENGTH, BIP340_SCHNORR_PUBLIC_KEY_LENGTH, BIP340_SCHNORR_SECRET_KEY_LENGTH, BIP340_SCHNORR_SIGNATURE_LENGTH, ReallyMeBip340Schnorr, } from "./bip340Schnorr.js";
@@ -25,10 +25,13 @@ export type { ReallyMeHpkeSealedMessage, ReallyMeKeyAgreementKeyPair, ReallyMeKe
25
25
  export { ReallyMeDigest } from "./digest.js";
26
26
  export { ED25519_PUBLIC_KEY_LENGTH, ED25519_SECRET_KEY_LENGTH, ED25519_SIGNATURE_LENGTH, ReallyMeEd25519, } from "./ed25519.js";
27
27
  export { HKDF_MAX_INPUT_LENGTH, HKDF_MAX_OUTPUT_LENGTH, HKDF_MIN_INPUT_KEY_MATERIAL_LENGTH, HKDF_MIN_OUTPUT_LENGTH, ReallyMeHkdf, } from "./hkdf.js";
28
+ export { JWA_CONCAT_KDF_MAX_INFO_LENGTH, JWA_CONCAT_KDF_MAX_OUTPUT_LENGTH, JWA_CONCAT_KDF_MAX_SHARED_SECRET_LENGTH, JWA_CONCAT_KDF_MIN_OUTPUT_LENGTH, JWA_CONCAT_KDF_SHA256_DIGEST_LENGTH, ReallyMeJwaConcatKdf, } from "./jwaConcatKdf.js";
28
29
  export { HMAC_MAX_KEY_LENGTH, HMAC_SHA256_TAG_LENGTH, HMAC_SHA512_TAG_LENGTH, ReallyMeHmac, } from "./hmac.js";
29
30
  export { P256_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH, P256_ECDH_SECRET_KEY_LENGTH, P256_ECDH_SHARED_SECRET_LENGTH, ReallyMeP256Ecdh, } from "./p256Ecdh.js";
30
31
  export { P256_ECDSA_COMPACT_SIGNATURE_LENGTH, P256_ECDSA_COMPRESSED_PUBLIC_KEY_LENGTH, P256_ECDSA_DER_SIGNATURE_MAX_LENGTH, P256_ECDSA_SECRET_KEY_LENGTH, ReallyMeP256Ecdsa, } from "./p256Ecdsa.js";
32
+ export { P384_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH, P384_ECDH_SECRET_KEY_LENGTH, P384_ECDH_SHARED_SECRET_LENGTH, ReallyMeP384Ecdh, } from "./p384Ecdh.js";
31
33
  export { P384_ECDSA_COMPACT_SIGNATURE_LENGTH, P384_ECDSA_COMPRESSED_PUBLIC_KEY_LENGTH, P384_ECDSA_DER_SIGNATURE_MAX_LENGTH, P384_ECDSA_SECRET_KEY_LENGTH, ReallyMeP384Ecdsa, } from "./p384Ecdsa.js";
34
+ export { P521_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH, P521_ECDH_SECRET_KEY_LENGTH, P521_ECDH_SHARED_SECRET_LENGTH, ReallyMeP521Ecdh, } from "./p521Ecdh.js";
32
35
  export { P521_ECDSA_COMPACT_SIGNATURE_LENGTH, P521_ECDSA_COMPRESSED_PUBLIC_KEY_LENGTH, P521_ECDSA_DER_SIGNATURE_MAX_LENGTH, P521_ECDSA_SECRET_KEY_LENGTH, ReallyMeP521Ecdsa, } from "./p521Ecdsa.js";
33
36
  export { PBKDF2_MAX_INPUT_LENGTH, PBKDF2_MAX_OUTPUT_LENGTH, PBKDF2_MIN_INPUT_LENGTH, PBKDF2_MIN_ITERATIONS, PBKDF2_MIN_OUTPUT_LENGTH, PBKDF2_RECOMMENDED_MIN_ITERATIONS_SHA256, PBKDF2_RECOMMENDED_MIN_ITERATIONS_SHA512, ReallyMePbkdf2, } from "./pbkdf2.js";
34
37
  export { ReallyMeSecp256k1, SECP256K1_COMPRESSED_PUBLIC_KEY_LENGTH, SECP256K1_SECRET_KEY_LENGTH, SECP256K1_SIGNATURE_LENGTH, } from "./secp256k1.js";
package/dist/index.js CHANGED
@@ -3,7 +3,7 @@
3
3
  // SPDX-License-Identifier: Apache-2.0
4
4
  export { ReallyMeCryptoError } from "./errors.js";
5
5
  export { REALLYME_AEAD_ALGORITHMS, REALLYME_HASH_ALGORITHMS, REALLYME_HPKE_SUITES, REALLYME_KDF_ALGORITHMS, REALLYME_KEM_ALGORITHMS, REALLYME_KEY_AGREEMENT_ALGORITHMS, REALLYME_KEY_WRAP_ALGORITHMS, REALLYME_MAC_ALGORITHMS, REALLYME_SIGNATURE_ALGORITHMS, } from "./algorithms.js";
6
- export { AEAD_KEY_LENGTH, AEAD_NONCE_LENGTH, AEAD_TAG_LENGTH, ReallyMeAead, XCHACHA20_POLY1305_NONCE_LENGTH, } from "./aead.js";
6
+ export { AEAD_KEY_LENGTH, AEAD_NONCE_LENGTH, AEAD_TAG_LENGTH, AES_128_GCM_KEY_LENGTH, AES_192_GCM_KEY_LENGTH, AES_256_GCM_KEY_LENGTH, ReallyMeAead, XCHACHA20_POLY1305_NONCE_LENGTH, } from "./aead.js";
7
7
  export { AES_256_KW_KEK_LENGTH, AES_KW_BLOCK_LENGTH, AES_KW_INTEGRITY_CHECK_LENGTH, AES_KW_MAX_KEY_DATA_LENGTH, AES_KW_MIN_KEY_DATA_LENGTH, AES_KW_MIN_WRAPPED_KEY_LENGTH, ReallyMeAesKw, } from "./aesKw.js";
8
8
  export { ARGON2ID_DERIVED_KEY_LENGTH, ARGON2ID_SALT_MAX_LENGTH, ARGON2ID_SALT_MIN_LENGTH, ARGON2ID_V1, ARGON2ID_V2, ReallyMeArgon2id, } from "./argon2id.js";
9
9
  export { BIP340_SCHNORR_AUX_RAND_LENGTH, BIP340_SCHNORR_MESSAGE_LENGTH, BIP340_SCHNORR_PUBLIC_KEY_LENGTH, BIP340_SCHNORR_SECRET_KEY_LENGTH, BIP340_SCHNORR_SIGNATURE_LENGTH, ReallyMeBip340Schnorr, } from "./bip340Schnorr.js";
@@ -18,10 +18,13 @@ export { ReallyMeCrypto } from "./cryptoFacade.js";
18
18
  export { ReallyMeDigest } from "./digest.js";
19
19
  export { ED25519_PUBLIC_KEY_LENGTH, ED25519_SECRET_KEY_LENGTH, ED25519_SIGNATURE_LENGTH, ReallyMeEd25519, } from "./ed25519.js";
20
20
  export { HKDF_MAX_INPUT_LENGTH, HKDF_MAX_OUTPUT_LENGTH, HKDF_MIN_INPUT_KEY_MATERIAL_LENGTH, HKDF_MIN_OUTPUT_LENGTH, ReallyMeHkdf, } from "./hkdf.js";
21
+ export { JWA_CONCAT_KDF_MAX_INFO_LENGTH, JWA_CONCAT_KDF_MAX_OUTPUT_LENGTH, JWA_CONCAT_KDF_MAX_SHARED_SECRET_LENGTH, JWA_CONCAT_KDF_MIN_OUTPUT_LENGTH, JWA_CONCAT_KDF_SHA256_DIGEST_LENGTH, ReallyMeJwaConcatKdf, } from "./jwaConcatKdf.js";
21
22
  export { HMAC_MAX_KEY_LENGTH, HMAC_SHA256_TAG_LENGTH, HMAC_SHA512_TAG_LENGTH, ReallyMeHmac, } from "./hmac.js";
22
23
  export { P256_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH, P256_ECDH_SECRET_KEY_LENGTH, P256_ECDH_SHARED_SECRET_LENGTH, ReallyMeP256Ecdh, } from "./p256Ecdh.js";
23
24
  export { P256_ECDSA_COMPACT_SIGNATURE_LENGTH, P256_ECDSA_COMPRESSED_PUBLIC_KEY_LENGTH, P256_ECDSA_DER_SIGNATURE_MAX_LENGTH, P256_ECDSA_SECRET_KEY_LENGTH, ReallyMeP256Ecdsa, } from "./p256Ecdsa.js";
25
+ export { P384_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH, P384_ECDH_SECRET_KEY_LENGTH, P384_ECDH_SHARED_SECRET_LENGTH, ReallyMeP384Ecdh, } from "./p384Ecdh.js";
24
26
  export { P384_ECDSA_COMPACT_SIGNATURE_LENGTH, P384_ECDSA_COMPRESSED_PUBLIC_KEY_LENGTH, P384_ECDSA_DER_SIGNATURE_MAX_LENGTH, P384_ECDSA_SECRET_KEY_LENGTH, ReallyMeP384Ecdsa, } from "./p384Ecdsa.js";
27
+ export { P521_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH, P521_ECDH_SECRET_KEY_LENGTH, P521_ECDH_SHARED_SECRET_LENGTH, ReallyMeP521Ecdh, } from "./p521Ecdh.js";
25
28
  export { P521_ECDSA_COMPACT_SIGNATURE_LENGTH, P521_ECDSA_COMPRESSED_PUBLIC_KEY_LENGTH, P521_ECDSA_DER_SIGNATURE_MAX_LENGTH, P521_ECDSA_SECRET_KEY_LENGTH, ReallyMeP521Ecdsa, } from "./p521Ecdsa.js";
26
29
  export { PBKDF2_MAX_INPUT_LENGTH, PBKDF2_MAX_OUTPUT_LENGTH, PBKDF2_MIN_INPUT_LENGTH, PBKDF2_MIN_ITERATIONS, PBKDF2_MIN_OUTPUT_LENGTH, PBKDF2_RECOMMENDED_MIN_ITERATIONS_SHA256, PBKDF2_RECOMMENDED_MIN_ITERATIONS_SHA512, ReallyMePbkdf2, } from "./pbkdf2.js";
27
30
  export { ReallyMeSecp256k1, SECP256K1_COMPRESSED_PUBLIC_KEY_LENGTH, SECP256K1_SECRET_KEY_LENGTH, SECP256K1_SIGNATURE_LENGTH, } from "./secp256k1.js";
@@ -0,0 +1,8 @@
1
+ export declare const JWA_CONCAT_KDF_SHA256_DIGEST_LENGTH = 32;
2
+ export declare const JWA_CONCAT_KDF_MAX_SHARED_SECRET_LENGTH = 4096;
3
+ export declare const JWA_CONCAT_KDF_MAX_INFO_LENGTH = 4096;
4
+ export declare const JWA_CONCAT_KDF_MIN_OUTPUT_LENGTH = 1;
5
+ export declare const JWA_CONCAT_KDF_MAX_OUTPUT_LENGTH = 4096;
6
+ export declare const ReallyMeJwaConcatKdf: {
7
+ deriveSha256(sharedSecret: Uint8Array, algorithmId: Uint8Array, partyUInfo: Uint8Array, partyVInfo: Uint8Array, outputLength: number): Uint8Array;
8
+ };
@@ -0,0 +1,72 @@
1
+ // SPDX-FileCopyrightText: Copyright © 2026 ReallyMe LLC. All rights reserved
2
+ //
3
+ // SPDX-License-Identifier: Apache-2.0
4
+ import { sha256 } from "@noble/hashes/sha2.js";
5
+ import { ReallyMeCryptoError } from "./errors.js";
6
+ export const JWA_CONCAT_KDF_SHA256_DIGEST_LENGTH = 32;
7
+ export const JWA_CONCAT_KDF_MAX_SHARED_SECRET_LENGTH = 4096;
8
+ export const JWA_CONCAT_KDF_MAX_INFO_LENGTH = 4096;
9
+ export const JWA_CONCAT_KDF_MIN_OUTPUT_LENGTH = 1;
10
+ export const JWA_CONCAT_KDF_MAX_OUTPUT_LENGTH = 4096;
11
+ export const ReallyMeJwaConcatKdf = {
12
+ deriveSha256(sharedSecret, algorithmId, partyUInfo, partyVInfo, outputLength) {
13
+ validate(sharedSecret, algorithmId, partyUInfo, partyVInfo, outputLength);
14
+ const outputBits = outputLength * 8;
15
+ const otherInfo = buildOtherInfo(algorithmId, partyUInfo, partyVInfo, outputBits);
16
+ const reps = Math.ceil(outputLength / JWA_CONCAT_KDF_SHA256_DIGEST_LENGTH);
17
+ const derived = new Uint8Array(reps * JWA_CONCAT_KDF_SHA256_DIGEST_LENGTH);
18
+ for (let counter = 1; counter <= reps; counter += 1) {
19
+ const counterBytes = uint32be(counter);
20
+ const digest = sha256(concatBytes(counterBytes, sharedSecret, otherInfo));
21
+ derived.set(digest, (counter - 1) * JWA_CONCAT_KDF_SHA256_DIGEST_LENGTH);
22
+ counterBytes.fill(0);
23
+ }
24
+ const output = derived.slice(0, outputLength);
25
+ derived.fill(0);
26
+ otherInfo.fill(0);
27
+ return output;
28
+ },
29
+ };
30
+ function validate(sharedSecret, algorithmId, partyUInfo, partyVInfo, outputLength) {
31
+ if (sharedSecret.length === 0 ||
32
+ sharedSecret.length > JWA_CONCAT_KDF_MAX_SHARED_SECRET_LENGTH ||
33
+ algorithmId.length === 0 ||
34
+ algorithmId.length > JWA_CONCAT_KDF_MAX_INFO_LENGTH ||
35
+ partyUInfo.length > JWA_CONCAT_KDF_MAX_INFO_LENGTH ||
36
+ partyVInfo.length > JWA_CONCAT_KDF_MAX_INFO_LENGTH ||
37
+ !Number.isInteger(outputLength) ||
38
+ outputLength < JWA_CONCAT_KDF_MIN_OUTPUT_LENGTH ||
39
+ outputLength > JWA_CONCAT_KDF_MAX_OUTPUT_LENGTH) {
40
+ throw new ReallyMeCryptoError("invalid-input");
41
+ }
42
+ }
43
+ function buildOtherInfo(algorithmId, partyUInfo, partyVInfo, outputBits) {
44
+ return concatBytes(lengthPrefixed(algorithmId), lengthPrefixed(partyUInfo), lengthPrefixed(partyVInfo), uint32be(outputBits));
45
+ }
46
+ function lengthPrefixed(bytes) {
47
+ return concatBytes(uint32be(bytes.length), bytes);
48
+ }
49
+ function uint32be(value) {
50
+ if (!Number.isInteger(value) || value < 0 || value > 0xffffffff) {
51
+ throw new ReallyMeCryptoError("invalid-input");
52
+ }
53
+ const output = new Uint8Array(4);
54
+ output[0] = Math.floor(value / 0x1000000);
55
+ output[1] = Math.floor(value / 0x10000) & 0xff;
56
+ output[2] = Math.floor(value / 0x100) & 0xff;
57
+ output[3] = value & 0xff;
58
+ return output;
59
+ }
60
+ function concatBytes(...parts) {
61
+ let length = 0;
62
+ for (const part of parts) {
63
+ length += part.length;
64
+ }
65
+ const output = new Uint8Array(length);
66
+ let offset = 0;
67
+ for (const part of parts) {
68
+ output.set(part, offset);
69
+ offset += part.length;
70
+ }
71
+ return output;
72
+ }
package/dist/mlDsa.js CHANGED
@@ -67,6 +67,8 @@ export const ReallyMeMlDsa = {
67
67
  return readKeyPair(suite.generateKeyPair(), suite);
68
68
  },
69
69
  deriveKeyPair(algorithm, secretKey) {
70
+ // Import an existing FIPS 204 seed and reconstruct its public key. Do not
71
+ // feed passwords or other low-entropy material here.
70
72
  const suite = mlDsaSuite(algorithm);
71
73
  ensureBytes(secretKey, ML_DSA_SECRET_KEY_LENGTH);
72
74
  return readKeyPair(suite.deriveKeyPair(secretKey), suite);
package/dist/mlKem.js CHANGED
@@ -71,6 +71,8 @@ export const ReallyMeMlKem = {
71
71
  return readKeyPair(suite.generateKeyPair(), suite);
72
72
  },
73
73
  deriveKeyPair(algorithm, secretKey) {
74
+ // Import an existing FIPS 203 seed-form secret and reconstruct its public
75
+ // key. Do not feed passwords or other low-entropy material here.
74
76
  const suite = mlKemSuite(algorithm);
75
77
  ensureBytes(secretKey, ML_KEM_SECRET_KEY_LENGTH);
76
78
  return readKeyPair(suite.deriveKeyPair(secretKey), suite);
@@ -0,0 +1,22 @@
1
+ /**
2
+ * P-384 ECDH backed by @noble/curves.
3
+ *
4
+ * Public keys at the SDK boundary are compressed SEC1. The primitive returns
5
+ * the raw 48-byte ECDH x-coordinate; protocols must apply a labelled KDF that
6
+ * binds algorithm and party context before using it as key material.
7
+ */
8
+ export declare const P384_ECDH_SECRET_KEY_LENGTH = 48;
9
+ export declare const P384_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH = 49;
10
+ export declare const P384_ECDH_SHARED_SECRET_LENGTH = 48;
11
+ export declare const ReallyMeP384Ecdh: {
12
+ readonly generateKeyPair: () => {
13
+ publicKey: Uint8Array;
14
+ secretKey: Uint8Array;
15
+ };
16
+ readonly deriveKeyPair: (secretKey: Uint8Array) => {
17
+ publicKey: Uint8Array;
18
+ secretKey: Uint8Array;
19
+ };
20
+ readonly derivePublicKey: (secretKey: Uint8Array) => Uint8Array;
21
+ readonly deriveSharedSecret: (publicKey: Uint8Array, secretKey: Uint8Array) => Uint8Array;
22
+ };
@@ -0,0 +1,53 @@
1
+ // SPDX-FileCopyrightText: Copyright © 2026 ReallyMe LLC. All rights reserved
2
+ //
3
+ // SPDX-License-Identifier: Apache-2.0
4
+ import { p384 } from "@noble/curves/nist.js";
5
+ import { ReallyMeCryptoError } from "./errors.js";
6
+ /**
7
+ * P-384 ECDH backed by @noble/curves.
8
+ *
9
+ * Public keys at the SDK boundary are compressed SEC1. The primitive returns
10
+ * the raw 48-byte ECDH x-coordinate; protocols must apply a labelled KDF that
11
+ * binds algorithm and party context before using it as key material.
12
+ */
13
+ export const P384_ECDH_SECRET_KEY_LENGTH = 48;
14
+ export const P384_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH = 49;
15
+ export const P384_ECDH_SHARED_SECRET_LENGTH = 48;
16
+ export const ReallyMeP384Ecdh = {
17
+ generateKeyPair() {
18
+ const secretKey = p384.utils.randomSecretKey();
19
+ return {
20
+ publicKey: p384.getPublicKey(secretKey, true),
21
+ secretKey,
22
+ };
23
+ },
24
+ deriveKeyPair(secretKey) {
25
+ return {
26
+ publicKey: this.derivePublicKey(secretKey),
27
+ secretKey: secretKey.slice(),
28
+ };
29
+ },
30
+ derivePublicKey(secretKey) {
31
+ if (secretKey.length !== P384_ECDH_SECRET_KEY_LENGTH) {
32
+ throw new ReallyMeCryptoError("invalid-input");
33
+ }
34
+ try {
35
+ return p384.getPublicKey(secretKey, true);
36
+ }
37
+ catch {
38
+ throw new ReallyMeCryptoError("invalid-input");
39
+ }
40
+ },
41
+ deriveSharedSecret(publicKey, secretKey) {
42
+ if (publicKey.length !== P384_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH ||
43
+ secretKey.length !== P384_ECDH_SECRET_KEY_LENGTH) {
44
+ throw new ReallyMeCryptoError("invalid-input");
45
+ }
46
+ try {
47
+ return p384.getSharedSecret(secretKey, publicKey, false).slice(1, 49);
48
+ }
49
+ catch {
50
+ throw new ReallyMeCryptoError("invalid-input");
51
+ }
52
+ },
53
+ };
@@ -0,0 +1,22 @@
1
+ /**
2
+ * P-521 ECDH backed by @noble/curves.
3
+ *
4
+ * Public keys at the SDK boundary are compressed SEC1. The primitive returns
5
+ * the raw 66-byte ECDH x-coordinate; protocols must apply a labelled KDF that
6
+ * binds algorithm and party context before using it as key material.
7
+ */
8
+ export declare const P521_ECDH_SECRET_KEY_LENGTH = 66;
9
+ export declare const P521_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH = 67;
10
+ export declare const P521_ECDH_SHARED_SECRET_LENGTH = 66;
11
+ export declare const ReallyMeP521Ecdh: {
12
+ readonly generateKeyPair: () => {
13
+ publicKey: Uint8Array;
14
+ secretKey: Uint8Array;
15
+ };
16
+ readonly deriveKeyPair: (secretKey: Uint8Array) => {
17
+ publicKey: Uint8Array;
18
+ secretKey: Uint8Array;
19
+ };
20
+ readonly derivePublicKey: (secretKey: Uint8Array) => Uint8Array;
21
+ readonly deriveSharedSecret: (publicKey: Uint8Array, secretKey: Uint8Array) => Uint8Array;
22
+ };
@@ -0,0 +1,53 @@
1
+ // SPDX-FileCopyrightText: Copyright © 2026 ReallyMe LLC. All rights reserved
2
+ //
3
+ // SPDX-License-Identifier: Apache-2.0
4
+ import { p521 } from "@noble/curves/nist.js";
5
+ import { ReallyMeCryptoError } from "./errors.js";
6
+ /**
7
+ * P-521 ECDH backed by @noble/curves.
8
+ *
9
+ * Public keys at the SDK boundary are compressed SEC1. The primitive returns
10
+ * the raw 66-byte ECDH x-coordinate; protocols must apply a labelled KDF that
11
+ * binds algorithm and party context before using it as key material.
12
+ */
13
+ export const P521_ECDH_SECRET_KEY_LENGTH = 66;
14
+ export const P521_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH = 67;
15
+ export const P521_ECDH_SHARED_SECRET_LENGTH = 66;
16
+ export const ReallyMeP521Ecdh = {
17
+ generateKeyPair() {
18
+ const secretKey = p521.utils.randomSecretKey();
19
+ return {
20
+ publicKey: p521.getPublicKey(secretKey, true),
21
+ secretKey,
22
+ };
23
+ },
24
+ deriveKeyPair(secretKey) {
25
+ return {
26
+ publicKey: this.derivePublicKey(secretKey),
27
+ secretKey: secretKey.slice(),
28
+ };
29
+ },
30
+ derivePublicKey(secretKey) {
31
+ if (secretKey.length !== P521_ECDH_SECRET_KEY_LENGTH) {
32
+ throw new ReallyMeCryptoError("invalid-input");
33
+ }
34
+ try {
35
+ return p521.getPublicKey(secretKey, true);
36
+ }
37
+ catch {
38
+ throw new ReallyMeCryptoError("invalid-input");
39
+ }
40
+ },
41
+ deriveSharedSecret(publicKey, secretKey) {
42
+ if (publicKey.length !== P521_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH ||
43
+ secretKey.length !== P521_ECDH_SECRET_KEY_LENGTH) {
44
+ throw new ReallyMeCryptoError("invalid-input");
45
+ }
46
+ try {
47
+ return p521.getSharedSecret(secretKey, publicKey, false).slice(1, 67);
48
+ }
49
+ catch {
50
+ throw new ReallyMeCryptoError("invalid-input");
51
+ }
52
+ },
53
+ };
@@ -286,7 +286,15 @@ export declare enum KeyAgreementAlgorithm {
286
286
  /**
287
287
  * @generated from enum value: KEY_AGREEMENT_ALGORITHM_P256_ECDH = 2;
288
288
  */
289
- P256_ECDH = 2
289
+ P256_ECDH = 2,
290
+ /**
291
+ * @generated from enum value: KEY_AGREEMENT_ALGORITHM_P384_ECDH = 3;
292
+ */
293
+ P384_ECDH = 3,
294
+ /**
295
+ * @generated from enum value: KEY_AGREEMENT_ALGORITHM_P521_ECDH = 4;
296
+ */
297
+ P521_ECDH = 4
290
298
  }
291
299
  /**
292
300
  * Describes the enum reallyme.crypto.v1.KeyAgreementAlgorithm.
@@ -376,7 +384,15 @@ export declare enum AeadAlgorithm {
376
384
  /**
377
385
  * @generated from enum value: AEAD_ALGORITHM_XCHACHA20_POLY1305 = 4;
378
386
  */
379
- XCHACHA20_POLY1305 = 4
387
+ XCHACHA20_POLY1305 = 4,
388
+ /**
389
+ * @generated from enum value: AEAD_ALGORITHM_AES_128_GCM = 5;
390
+ */
391
+ AES_128_GCM = 5,
392
+ /**
393
+ * @generated from enum value: AEAD_ALGORITHM_AES_192_GCM = 6;
394
+ */
395
+ AES_192_GCM = 6
380
396
  }
381
397
  /**
382
398
  * Describes the enum reallyme.crypto.v1.AeadAlgorithm.
@@ -474,7 +490,11 @@ export declare enum KdfAlgorithm {
474
490
  /**
475
491
  * @generated from enum value: KDF_ALGORITHM_PBKDF2_HMAC_SHA512 = 4;
476
492
  */
477
- PBKDF2_HMAC_SHA512 = 4
493
+ PBKDF2_HMAC_SHA512 = 4,
494
+ /**
495
+ * @generated from enum value: KDF_ALGORITHM_JWA_CONCAT_KDF_SHA256 = 5;
496
+ */
497
+ JWA_CONCAT_KDF_SHA256 = 5
478
498
  }
479
499
  /**
480
500
  * Describes the enum reallyme.crypto.v1.KdfAlgorithm.
@@ -5,7 +5,7 @@ import { enumDesc, fileDesc, messageDesc } from "@bufbuild/protobuf/codegenv2";
5
5
  /**
6
6
  * Describes the file reallyme/crypto/v1/crypto.proto.
7
7
  */
8
- export const file_reallyme_crypto_v1_crypto = /*@__PURE__*/ fileDesc("Ch9yZWFsbHltZS9jcnlwdG8vdjEvY3J5cHRvLnByb3RvEhJyZWFsbHltZS5jcnlwdG8udjEi0QQKGUNyeXB0b0FsZ29yaXRobUlkZW50aWZpZXISOwoJc2lnbmF0dXJlGAEgASgOMiYucmVhbGx5bWUuY3J5cHRvLnYxLlNpZ25hdHVyZUFsZ29yaXRobUgAEkIKDWtleV9hZ3JlZW1lbnQYAiABKA4yKS5yZWFsbHltZS5jcnlwdG8udjEuS2V5QWdyZWVtZW50QWxnb3JpdGhtSAASLwoDa2VtGAMgASgOMiAucmVhbGx5bWUuY3J5cHRvLnYxLktlbUFsZ29yaXRobUgAEi0KBGhwa2UYBCABKA4yHS5yZWFsbHltZS5jcnlwdG8udjEuSHBrZVN1aXRlSAASMQoEYWVhZBgFIAEoDjIhLnJlYWxseW1lLmNyeXB0by52MS5BZWFkQWxnb3JpdGhtSAASMQoEaGFzaBgGIAEoDjIhLnJlYWxseW1lLmNyeXB0by52MS5IYXNoQWxnb3JpdGhtSAASLwoDbWFjGAcgASgOMiAucmVhbGx5bWUuY3J5cHRvLnYxLk1hY0FsZ29yaXRobUgAEi8KA2tkZhgIIAEoDjIgLnJlYWxseW1lLmNyeXB0by52MS5LZGZBbGdvcml0aG1IABI4CghrZXlfd3JhcBgJIAEoDjIkLnJlYWxseW1lLmNyeXB0by52MS5LZXlXcmFwQWxnb3JpdGhtSAASRAoObXVsdGljb2RlY19rZXkYCiABKA4yKi5yZWFsbHltZS5jcnlwdG8udjEuTXVsdGljb2RlY0tleUFsZ29yaXRobUgAQgsKCWFsZ29yaXRobSJ5CgpKc29uV2ViS2V5EkAKCWFsZ29yaXRobRgBIAEoCzItLnJlYWxseW1lLmNyeXB0by52MS5DcnlwdG9BbGdvcml0aG1JZGVudGlmaWVyEhIKCnB1YmxpY19rZXkYAiABKAwSFQoNY2Fub25pY2FsX2pjcxgDIAEoDCI9Cg1Kc29uV2ViS2V5U2V0EiwKBGtleXMYASADKAsyHi5yZWFsbHltZS5jcnlwdG8udjEuSnNvbldlYktleSqBAwoVQ3J5cHRvQWxnb3JpdGhtRmFtaWx5EicKI0NSWVBUT19BTEdPUklUSE1fRkFNSUxZX1VOU1BFQ0lGSUVEEAASJQohQ1JZUFRPX0FMR09SSVRITV9GQU1JTFlfU0lHTkFUVVJFEAESKQolQ1JZUFRPX0FMR09SSVRITV9GQU1JTFlfS0VZX0FHUkVFTUVOVBACEh8KG0NSWVBUT19BTEdPUklUSE1fRkFNSUxZX0tFTRADEiAKHENSWVBUT19BTEdPUklUSE1fRkFNSUxZX0FFQUQQBBIgChxDUllQVE9fQUxHT1JJVEhNX0ZBTUlMWV9IQVNIEAUSHwobQ1JZUFRPX0FMR09SSVRITV9GQU1JTFlfTUFDEAYSHwobQ1JZUFRPX0FMR09SSVRITV9GQU1JTFlfS0RGEAcSJAogQ1JZUFRPX0FMR09SSVRITV9GQU1JTFlfS0VZX1dSQVAQCBIgChxDUllQVE9fQUxHT1JJVEhNX0ZBTUlMWV9IUEtFEAkq1gYKElNpZ25hdHVyZUFsZ29yaXRobRIjCh9TSUdOQVRVUkVfQUxHT1JJVEhNX1VOU1BFQ0lGSUVEEAASHwobU0lHTkFUVVJFX0FMR09SSVRITV9FRDI1NTE5EAESKQolU0lHTkFUVVJFX0FMR09SSVRITV9FQ0RTQV9QMjU2X1NIQTI1NhACEikKJVNJR05BVFVSRV9BTEdPUklUSE1fRUNEU0FfUDM4NF9TSEEzODQQAxIpCiVTSUdOQVRVUkVfQUxHT1JJVEhNX0VDRFNBX1A1MjFfU0hBNTEyEAQSLgoqU0lHTkFUVVJFX0FMR09SSVRITV9FQ0RTQV9TRUNQMjU2SzFfU0hBMjU2EAUSNwozU0lHTkFUVVJFX0FMR09SSVRITV9CSVAzNDBfU0NITk9SUl9TRUNQMjU2SzFfU0hBMjU2EAYSKQolU0lHTkFUVVJFX0FMR09SSVRITV9SU0FfUEtDUzFWMTVfU0hBMRAHEisKJ1NJR05BVFVSRV9BTEdPUklUSE1fUlNBX1BLQ1MxVjE1X1NIQTI1NhAIEisKJ1NJR05BVFVSRV9BTEdPUklUSE1fUlNBX1BLQ1MxVjE1X1NIQTM4NBAJEisKJ1NJR05BVFVSRV9BTEdPUklUSE1fUlNBX1BLQ1MxVjE1X1NIQTUxMhAKEi4KKlNJR05BVFVSRV9BTEdPUklUSE1fUlNBX1BTU19TSEExX01HRjFfU0hBMRALEjIKLlNJR05BVFVSRV9BTEdPUklUSE1fUlNBX1BTU19TSEEyNTZfTUdGMV9TSEEyNTYQDBIyCi5TSUdOQVRVUkVfQUxHT1JJVEhNX1JTQV9QU1NfU0hBMzg0X01HRjFfU0hBMzg0EA0SMgouU0lHTkFUVVJFX0FMR09SSVRITV9SU0FfUFNTX1NIQTUxMl9NR0YxX1NIQTUxMhAOEiEKHVNJR05BVFVSRV9BTEdPUklUSE1fTUxfRFNBXzQ0EA8SIQodU0lHTkFUVVJFX0FMR09SSVRITV9NTF9EU0FfNjUQEBIhCh1TSUdOQVRVUkVfQUxHT1JJVEhNX01MX0RTQV84NxAREikKJVNJR05BVFVSRV9BTEdPUklUSE1fU0xIX0RTQV9TSEEyXzEyOFMQEiqLAQoVS2V5QWdyZWVtZW50QWxnb3JpdGhtEicKI0tFWV9BR1JFRU1FTlRfQUxHT1JJVEhNX1VOU1BFQ0lGSUVEEAASIgoeS0VZX0FHUkVFTUVOVF9BTEdPUklUSE1fWDI1NTE5EAESJQohS0VZX0FHUkVFTUVOVF9BTEdPUklUSE1fUDI1Nl9FQ0RIEAIqxQEKDEtlbUFsZ29yaXRobRIdChlLRU1fQUxHT1JJVEhNX1VOU1BFQ0lGSUVEEAASHAoYS0VNX0FMR09SSVRITV9NTF9LRU1fNTEyEAESHAoYS0VNX0FMR09SSVRITV9NTF9LRU1fNzY4EAISHQoZS0VNX0FMR09SSVRITV9NTF9LRU1fMTAyNBADEhwKGEtFTV9BTEdPUklUSE1fWF9XSU5HXzc2OBAEEh0KGUtFTV9BTEdPUklUSE1fWF9XSU5HXzEwMjQQBSqtAQoJSHBrZVN1aXRlEhoKFkhQS0VfU1VJVEVfVU5TUEVDSUZJRUQQABI9CjlIUEtFX1NVSVRFX0RIS0VNX1AyNTZfSEtERl9TSEEyNTZfSEtERl9TSEEyNTZfQUVTXzI1Nl9HQ00QARJFCkFIUEtFX1NVSVRFX0RIS0VNX1gyNTUxOV9IS0RGX1NIQTI1Nl9IS0RGX1NIQTI1Nl9DSEFDSEEyMF9QT0xZMTMwNRACKsABCg1BZWFkQWxnb3JpdGhtEh4KGkFFQURfQUxHT1JJVEhNX1VOU1BFQ0lGSUVEEAASHgoaQUVBRF9BTEdPUklUSE1fQUVTXzI1Nl9HQ00QARIiCh5BRUFEX0FMR09SSVRITV9BRVNfMjU2X0dDTV9TSVYQAhIkCiBBRUFEX0FMR09SSVRITV9DSEFDSEEyMF9QT0xZMTMwNRADEiUKIUFFQURfQUxHT1JJVEhNX1hDSEFDSEEyMF9QT0xZMTMwNRAEKvoBCg1IYXNoQWxnb3JpdGhtEh4KGkhBU0hfQUxHT1JJVEhNX1VOU1BFQ0lGSUVEEAASGwoXSEFTSF9BTEdPUklUSE1fU0hBMl8yNTYQARIbChdIQVNIX0FMR09SSVRITV9TSEEyXzM4NBACEhsKF0hBU0hfQUxHT1JJVEhNX1NIQTJfNTEyEAMSGwoXSEFTSF9BTEdPUklUSE1fU0hBM18yMjQQBBIbChdIQVNIX0FMR09SSVRITV9TSEEzXzI1NhAFEhsKF0hBU0hfQUxHT1JJVEhNX1NIQTNfMzg0EAYSGwoXSEFTSF9BTEdPUklUSE1fU0hBM181MTIQByprCgxNYWNBbGdvcml0aG0SHQoZTUFDX0FMR09SSVRITV9VTlNQRUNJRklFRBAAEh0KGU1BQ19BTEdPUklUSE1fSE1BQ19TSEEyNTYQARIdChlNQUNfQUxHT1JJVEhNX0hNQUNfU0hBNTEyEAIqtAEKDEtkZkFsZ29yaXRobRIdChlLREZfQUxHT1JJVEhNX1VOU1BFQ0lGSUVEEAASHQoZS0RGX0FMR09SSVRITV9IS0RGX1NIQTI1NhABEhoKFktERl9BTEdPUklUSE1fQVJHT04ySUQQAhIkCiBLREZfQUxHT1JJVEhNX1BCS0RGMl9ITUFDX1NIQTI1NhADEiQKIEtERl9BTEdPUklUSE1fUEJLREYyX0hNQUNfU0hBNTEyEAQqWQoQS2V5V3JhcEFsZ29yaXRobRIiCh5LRVlfV1JBUF9BTEdPUklUSE1fVU5TUEVDSUZJRUQQABIhCh1LRVlfV1JBUF9BTEdPUklUSE1fQUVTXzI1Nl9LVxABKuUIChZNdWx0aWNvZGVjS2V5QWxnb3JpdGhtEigKJE1VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9VTlNQRUNJRklFRBAAEigKJE1VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9FRDI1NTE5X1BVQhABEicKI01VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9YMjU1MTlfUFVCEAISKgomTVVMVElDT0RFQ19LRVlfQUxHT1JJVEhNX1NFQ1AyNTZLMV9QVUIQAxIlCiFNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fUDI1Nl9QVUIQBBIlCiFNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fUDM4NF9QVUIQBRIlCiFNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fUDUyMV9QVUIQBhImCiJNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fRUQ0NDhfUFVCEAcSJAogTVVMVElDT0RFQ19LRVlfQUxHT1JJVEhNX1JTQV9QVUIQCBIrCidNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fTUxfS0VNXzUxMl9QVUIQCRIrCidNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fTUxfS0VNXzc2OF9QVUIQChIsCihNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fTUxfS0VNXzEwMjRfUFVCEAsSKgomTVVMVElDT0RFQ19LRVlfQUxHT1JJVEhNX01MX0RTQV80NF9QVUIQDBIqCiZNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fTUxfRFNBXzY1X1BVQhANEioKJk1VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9NTF9EU0FfODdfUFVCEA4SKQolTVVMVElDT0RFQ19LRVlfQUxHT1JJVEhNX0VEMjU1MTlfUFJJVhAPEigKJE1VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9YMjU1MTlfUFJJVhAQEisKJ01VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9TRUNQMjU2SzFfUFJJVhAREiYKIk1VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9QMjU2X1BSSVYQEhImCiJNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fUDM4NF9QUklWEBMSJgoiTVVMVElDT0RFQ19LRVlfQUxHT1JJVEhNX1A1MjFfUFJJVhAUEicKI01VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9FRDQ0OF9QUklWEBUSJQohTVVMVElDT0RFQ19LRVlfQUxHT1JJVEhNX1JTQV9QUklWEBYSLAooTVVMVElDT0RFQ19LRVlfQUxHT1JJVEhNX01MX0tFTV81MTJfUFJJVhAXEiwKKE1VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9NTF9LRU1fNzY4X1BSSVYQGBItCilNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fTUxfS0VNXzEwMjRfUFJJVhAZQicKE21lLnJlYWxseS5jcnlwdG8udjFQAboCDVJlYWxseU1lUHJvdG9iBnByb3RvMw");
8
+ export const file_reallyme_crypto_v1_crypto = /*@__PURE__*/ fileDesc("Ch9yZWFsbHltZS9jcnlwdG8vdjEvY3J5cHRvLnByb3RvEhJyZWFsbHltZS5jcnlwdG8udjEi0QQKGUNyeXB0b0FsZ29yaXRobUlkZW50aWZpZXISOwoJc2lnbmF0dXJlGAEgASgOMiYucmVhbGx5bWUuY3J5cHRvLnYxLlNpZ25hdHVyZUFsZ29yaXRobUgAEkIKDWtleV9hZ3JlZW1lbnQYAiABKA4yKS5yZWFsbHltZS5jcnlwdG8udjEuS2V5QWdyZWVtZW50QWxnb3JpdGhtSAASLwoDa2VtGAMgASgOMiAucmVhbGx5bWUuY3J5cHRvLnYxLktlbUFsZ29yaXRobUgAEi0KBGhwa2UYBCABKA4yHS5yZWFsbHltZS5jcnlwdG8udjEuSHBrZVN1aXRlSAASMQoEYWVhZBgFIAEoDjIhLnJlYWxseW1lLmNyeXB0by52MS5BZWFkQWxnb3JpdGhtSAASMQoEaGFzaBgGIAEoDjIhLnJlYWxseW1lLmNyeXB0by52MS5IYXNoQWxnb3JpdGhtSAASLwoDbWFjGAcgASgOMiAucmVhbGx5bWUuY3J5cHRvLnYxLk1hY0FsZ29yaXRobUgAEi8KA2tkZhgIIAEoDjIgLnJlYWxseW1lLmNyeXB0by52MS5LZGZBbGdvcml0aG1IABI4CghrZXlfd3JhcBgJIAEoDjIkLnJlYWxseW1lLmNyeXB0by52MS5LZXlXcmFwQWxnb3JpdGhtSAASRAoObXVsdGljb2RlY19rZXkYCiABKA4yKi5yZWFsbHltZS5jcnlwdG8udjEuTXVsdGljb2RlY0tleUFsZ29yaXRobUgAQgsKCWFsZ29yaXRobSJ5CgpKc29uV2ViS2V5EkAKCWFsZ29yaXRobRgBIAEoCzItLnJlYWxseW1lLmNyeXB0by52MS5DcnlwdG9BbGdvcml0aG1JZGVudGlmaWVyEhIKCnB1YmxpY19rZXkYAiABKAwSFQoNY2Fub25pY2FsX2pjcxgDIAEoDCI9Cg1Kc29uV2ViS2V5U2V0EiwKBGtleXMYASADKAsyHi5yZWFsbHltZS5jcnlwdG8udjEuSnNvbldlYktleSqBAwoVQ3J5cHRvQWxnb3JpdGhtRmFtaWx5EicKI0NSWVBUT19BTEdPUklUSE1fRkFNSUxZX1VOU1BFQ0lGSUVEEAASJQohQ1JZUFRPX0FMR09SSVRITV9GQU1JTFlfU0lHTkFUVVJFEAESKQolQ1JZUFRPX0FMR09SSVRITV9GQU1JTFlfS0VZX0FHUkVFTUVOVBACEh8KG0NSWVBUT19BTEdPUklUSE1fRkFNSUxZX0tFTRADEiAKHENSWVBUT19BTEdPUklUSE1fRkFNSUxZX0FFQUQQBBIgChxDUllQVE9fQUxHT1JJVEhNX0ZBTUlMWV9IQVNIEAUSHwobQ1JZUFRPX0FMR09SSVRITV9GQU1JTFlfTUFDEAYSHwobQ1JZUFRPX0FMR09SSVRITV9GQU1JTFlfS0RGEAcSJAogQ1JZUFRPX0FMR09SSVRITV9GQU1JTFlfS0VZX1dSQVAQCBIgChxDUllQVE9fQUxHT1JJVEhNX0ZBTUlMWV9IUEtFEAkq1gYKElNpZ25hdHVyZUFsZ29yaXRobRIjCh9TSUdOQVRVUkVfQUxHT1JJVEhNX1VOU1BFQ0lGSUVEEAASHwobU0lHTkFUVVJFX0FMR09SSVRITV9FRDI1NTE5EAESKQolU0lHTkFUVVJFX0FMR09SSVRITV9FQ0RTQV9QMjU2X1NIQTI1NhACEikKJVNJR05BVFVSRV9BTEdPUklUSE1fRUNEU0FfUDM4NF9TSEEzODQQAxIpCiVTSUdOQVRVUkVfQUxHT1JJVEhNX0VDRFNBX1A1MjFfU0hBNTEyEAQSLgoqU0lHTkFUVVJFX0FMR09SSVRITV9FQ0RTQV9TRUNQMjU2SzFfU0hBMjU2EAUSNwozU0lHTkFUVVJFX0FMR09SSVRITV9CSVAzNDBfU0NITk9SUl9TRUNQMjU2SzFfU0hBMjU2EAYSKQolU0lHTkFUVVJFX0FMR09SSVRITV9SU0FfUEtDUzFWMTVfU0hBMRAHEisKJ1NJR05BVFVSRV9BTEdPUklUSE1fUlNBX1BLQ1MxVjE1X1NIQTI1NhAIEisKJ1NJR05BVFVSRV9BTEdPUklUSE1fUlNBX1BLQ1MxVjE1X1NIQTM4NBAJEisKJ1NJR05BVFVSRV9BTEdPUklUSE1fUlNBX1BLQ1MxVjE1X1NIQTUxMhAKEi4KKlNJR05BVFVSRV9BTEdPUklUSE1fUlNBX1BTU19TSEExX01HRjFfU0hBMRALEjIKLlNJR05BVFVSRV9BTEdPUklUSE1fUlNBX1BTU19TSEEyNTZfTUdGMV9TSEEyNTYQDBIyCi5TSUdOQVRVUkVfQUxHT1JJVEhNX1JTQV9QU1NfU0hBMzg0X01HRjFfU0hBMzg0EA0SMgouU0lHTkFUVVJFX0FMR09SSVRITV9SU0FfUFNTX1NIQTUxMl9NR0YxX1NIQTUxMhAOEiEKHVNJR05BVFVSRV9BTEdPUklUSE1fTUxfRFNBXzQ0EA8SIQodU0lHTkFUVVJFX0FMR09SSVRITV9NTF9EU0FfNjUQEBIhCh1TSUdOQVRVUkVfQUxHT1JJVEhNX01MX0RTQV84NxAREikKJVNJR05BVFVSRV9BTEdPUklUSE1fU0xIX0RTQV9TSEEyXzEyOFMQEirZAQoVS2V5QWdyZWVtZW50QWxnb3JpdGhtEicKI0tFWV9BR1JFRU1FTlRfQUxHT1JJVEhNX1VOU1BFQ0lGSUVEEAASIgoeS0VZX0FHUkVFTUVOVF9BTEdPUklUSE1fWDI1NTE5EAESJQohS0VZX0FHUkVFTUVOVF9BTEdPUklUSE1fUDI1Nl9FQ0RIEAISJQohS0VZX0FHUkVFTUVOVF9BTEdPUklUSE1fUDM4NF9FQ0RIEAMSJQohS0VZX0FHUkVFTUVOVF9BTEdPUklUSE1fUDUyMV9FQ0RIEAQqxQEKDEtlbUFsZ29yaXRobRIdChlLRU1fQUxHT1JJVEhNX1VOU1BFQ0lGSUVEEAASHAoYS0VNX0FMR09SSVRITV9NTF9LRU1fNTEyEAESHAoYS0VNX0FMR09SSVRITV9NTF9LRU1fNzY4EAISHQoZS0VNX0FMR09SSVRITV9NTF9LRU1fMTAyNBADEhwKGEtFTV9BTEdPUklUSE1fWF9XSU5HXzc2OBAEEh0KGUtFTV9BTEdPUklUSE1fWF9XSU5HXzEwMjQQBSqtAQoJSHBrZVN1aXRlEhoKFkhQS0VfU1VJVEVfVU5TUEVDSUZJRUQQABI9CjlIUEtFX1NVSVRFX0RIS0VNX1AyNTZfSEtERl9TSEEyNTZfSEtERl9TSEEyNTZfQUVTXzI1Nl9HQ00QARJFCkFIUEtFX1NVSVRFX0RIS0VNX1gyNTUxOV9IS0RGX1NIQTI1Nl9IS0RGX1NIQTI1Nl9DSEFDSEEyMF9QT0xZMTMwNRACKoACCg1BZWFkQWxnb3JpdGhtEh4KGkFFQURfQUxHT1JJVEhNX1VOU1BFQ0lGSUVEEAASHgoaQUVBRF9BTEdPUklUSE1fQUVTXzI1Nl9HQ00QARIiCh5BRUFEX0FMR09SSVRITV9BRVNfMjU2X0dDTV9TSVYQAhIkCiBBRUFEX0FMR09SSVRITV9DSEFDSEEyMF9QT0xZMTMwNRADEiUKIUFFQURfQUxHT1JJVEhNX1hDSEFDSEEyMF9QT0xZMTMwNRAEEh4KGkFFQURfQUxHT1JJVEhNX0FFU18xMjhfR0NNEAUSHgoaQUVBRF9BTEdPUklUSE1fQUVTXzE5Ml9HQ00QBir6AQoNSGFzaEFsZ29yaXRobRIeChpIQVNIX0FMR09SSVRITV9VTlNQRUNJRklFRBAAEhsKF0hBU0hfQUxHT1JJVEhNX1NIQTJfMjU2EAESGwoXSEFTSF9BTEdPUklUSE1fU0hBMl8zODQQAhIbChdIQVNIX0FMR09SSVRITV9TSEEyXzUxMhADEhsKF0hBU0hfQUxHT1JJVEhNX1NIQTNfMjI0EAQSGwoXSEFTSF9BTEdPUklUSE1fU0hBM18yNTYQBRIbChdIQVNIX0FMR09SSVRITV9TSEEzXzM4NBAGEhsKF0hBU0hfQUxHT1JJVEhNX1NIQTNfNTEyEAcqawoMTWFjQWxnb3JpdGhtEh0KGU1BQ19BTEdPUklUSE1fVU5TUEVDSUZJRUQQABIdChlNQUNfQUxHT1JJVEhNX0hNQUNfU0hBMjU2EAESHQoZTUFDX0FMR09SSVRITV9ITUFDX1NIQTUxMhACKt0BCgxLZGZBbGdvcml0aG0SHQoZS0RGX0FMR09SSVRITV9VTlNQRUNJRklFRBAAEh0KGUtERl9BTEdPUklUSE1fSEtERl9TSEEyNTYQARIaChZLREZfQUxHT1JJVEhNX0FSR09OMklEEAISJAogS0RGX0FMR09SSVRITV9QQktERjJfSE1BQ19TSEEyNTYQAxIkCiBLREZfQUxHT1JJVEhNX1BCS0RGMl9ITUFDX1NIQTUxMhAEEicKI0tERl9BTEdPUklUSE1fSldBX0NPTkNBVF9LREZfU0hBMjU2EAUqWQoQS2V5V3JhcEFsZ29yaXRobRIiCh5LRVlfV1JBUF9BTEdPUklUSE1fVU5TUEVDSUZJRUQQABIhCh1LRVlfV1JBUF9BTEdPUklUSE1fQUVTXzI1Nl9LVxABKuUIChZNdWx0aWNvZGVjS2V5QWxnb3JpdGhtEigKJE1VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9VTlNQRUNJRklFRBAAEigKJE1VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9FRDI1NTE5X1BVQhABEicKI01VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9YMjU1MTlfUFVCEAISKgomTVVMVElDT0RFQ19LRVlfQUxHT1JJVEhNX1NFQ1AyNTZLMV9QVUIQAxIlCiFNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fUDI1Nl9QVUIQBBIlCiFNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fUDM4NF9QVUIQBRIlCiFNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fUDUyMV9QVUIQBhImCiJNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fRUQ0NDhfUFVCEAcSJAogTVVMVElDT0RFQ19LRVlfQUxHT1JJVEhNX1JTQV9QVUIQCBIrCidNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fTUxfS0VNXzUxMl9QVUIQCRIrCidNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fTUxfS0VNXzc2OF9QVUIQChIsCihNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fTUxfS0VNXzEwMjRfUFVCEAsSKgomTVVMVElDT0RFQ19LRVlfQUxHT1JJVEhNX01MX0RTQV80NF9QVUIQDBIqCiZNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fTUxfRFNBXzY1X1BVQhANEioKJk1VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9NTF9EU0FfODdfUFVCEA4SKQolTVVMVElDT0RFQ19LRVlfQUxHT1JJVEhNX0VEMjU1MTlfUFJJVhAPEigKJE1VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9YMjU1MTlfUFJJVhAQEisKJ01VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9TRUNQMjU2SzFfUFJJVhAREiYKIk1VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9QMjU2X1BSSVYQEhImCiJNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fUDM4NF9QUklWEBMSJgoiTVVMVElDT0RFQ19LRVlfQUxHT1JJVEhNX1A1MjFfUFJJVhAUEicKI01VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9FRDQ0OF9QUklWEBUSJQohTVVMVElDT0RFQ19LRVlfQUxHT1JJVEhNX1JTQV9QUklWEBYSLAooTVVMVElDT0RFQ19LRVlfQUxHT1JJVEhNX01MX0tFTV81MTJfUFJJVhAXEiwKKE1VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9NTF9LRU1fNzY4X1BSSVYQGBItCilNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fTUxfS0VNXzEwMjRfUFJJVhAZQicKE21lLnJlYWxseS5jcnlwdG8udjFQAboCDVJlYWxseU1lUHJvdG9iBnByb3RvMw");
9
9
  /**
10
10
  * Describes the message reallyme.crypto.v1.CryptoAlgorithmIdentifier.
11
11
  * Use `create(CryptoAlgorithmIdentifierSchema)` to create a new message.
@@ -184,6 +184,14 @@ export var KeyAgreementAlgorithm;
184
184
  * @generated from enum value: KEY_AGREEMENT_ALGORITHM_P256_ECDH = 2;
185
185
  */
186
186
  KeyAgreementAlgorithm[KeyAgreementAlgorithm["P256_ECDH"] = 2] = "P256_ECDH";
187
+ /**
188
+ * @generated from enum value: KEY_AGREEMENT_ALGORITHM_P384_ECDH = 3;
189
+ */
190
+ KeyAgreementAlgorithm[KeyAgreementAlgorithm["P384_ECDH"] = 3] = "P384_ECDH";
191
+ /**
192
+ * @generated from enum value: KEY_AGREEMENT_ALGORITHM_P521_ECDH = 4;
193
+ */
194
+ KeyAgreementAlgorithm[KeyAgreementAlgorithm["P521_ECDH"] = 4] = "P521_ECDH";
187
195
  })(KeyAgreementAlgorithm || (KeyAgreementAlgorithm = {}));
188
196
  /**
189
197
  * Describes the enum reallyme.crypto.v1.KeyAgreementAlgorithm.
@@ -277,6 +285,14 @@ export var AeadAlgorithm;
277
285
  * @generated from enum value: AEAD_ALGORITHM_XCHACHA20_POLY1305 = 4;
278
286
  */
279
287
  AeadAlgorithm[AeadAlgorithm["XCHACHA20_POLY1305"] = 4] = "XCHACHA20_POLY1305";
288
+ /**
289
+ * @generated from enum value: AEAD_ALGORITHM_AES_128_GCM = 5;
290
+ */
291
+ AeadAlgorithm[AeadAlgorithm["AES_128_GCM"] = 5] = "AES_128_GCM";
292
+ /**
293
+ * @generated from enum value: AEAD_ALGORITHM_AES_192_GCM = 6;
294
+ */
295
+ AeadAlgorithm[AeadAlgorithm["AES_192_GCM"] = 6] = "AES_192_GCM";
280
296
  })(AeadAlgorithm || (AeadAlgorithm = {}));
281
297
  /**
282
298
  * Describes the enum reallyme.crypto.v1.AeadAlgorithm.
@@ -378,6 +394,10 @@ export var KdfAlgorithm;
378
394
  * @generated from enum value: KDF_ALGORITHM_PBKDF2_HMAC_SHA512 = 4;
379
395
  */
380
396
  KdfAlgorithm[KdfAlgorithm["PBKDF2_HMAC_SHA512"] = 4] = "PBKDF2_HMAC_SHA512";
397
+ /**
398
+ * @generated from enum value: KDF_ALGORITHM_JWA_CONCAT_KDF_SHA256 = 5;
399
+ */
400
+ KdfAlgorithm[KdfAlgorithm["JWA_CONCAT_KDF_SHA256"] = 5] = "JWA_CONCAT_KDF_SHA256";
381
401
  })(KdfAlgorithm || (KdfAlgorithm = {}));
382
402
  /**
383
403
  * Describes the enum reallyme.crypto.v1.KdfAlgorithm.
package/dist/proto.js CHANGED
@@ -126,6 +126,10 @@ export const hashAlgorithmToProto = (value) => {
126
126
  };
127
127
  export const aeadAlgorithmFromProto = (value) => {
128
128
  switch (value) {
129
+ case AeadAlgorithm.AES_128_GCM:
130
+ return "AES-128-GCM";
131
+ case AeadAlgorithm.AES_192_GCM:
132
+ return "AES-192-GCM";
129
133
  case AeadAlgorithm.AES_256_GCM:
130
134
  return "AES-256-GCM";
131
135
  case AeadAlgorithm.AES_256_GCM_SIV:
@@ -140,6 +144,10 @@ export const aeadAlgorithmFromProto = (value) => {
140
144
  };
141
145
  export const aeadAlgorithmToProto = (value) => {
142
146
  switch (value) {
147
+ case "AES-128-GCM":
148
+ return AeadAlgorithm.AES_128_GCM;
149
+ case "AES-192-GCM":
150
+ return AeadAlgorithm.AES_192_GCM;
143
151
  case "AES-256-GCM":
144
152
  return AeadAlgorithm.AES_256_GCM;
145
153
  case "AES-256-GCM-SIV":
@@ -186,6 +194,10 @@ export const keyAgreementAlgorithmFromProto = (value) => {
186
194
  return "X25519";
187
195
  case KeyAgreementAlgorithm.P256_ECDH:
188
196
  return "P-256-ECDH";
197
+ case KeyAgreementAlgorithm.P384_ECDH:
198
+ return "P-384-ECDH";
199
+ case KeyAgreementAlgorithm.P521_ECDH:
200
+ return "P-521-ECDH";
189
201
  default:
190
202
  throw new ReallyMeCryptoError("unsupported-algorithm");
191
203
  }
@@ -196,6 +208,10 @@ export const keyAgreementAlgorithmToProto = (value) => {
196
208
  return KeyAgreementAlgorithm.X25519;
197
209
  case "P-256-ECDH":
198
210
  return KeyAgreementAlgorithm.P256_ECDH;
211
+ case "P-384-ECDH":
212
+ return KeyAgreementAlgorithm.P384_ECDH;
213
+ case "P-521-ECDH":
214
+ return KeyAgreementAlgorithm.P521_ECDH;
199
215
  }
200
216
  };
201
217
  export const macAlgorithmFromProto = (value) => {
@@ -226,6 +242,8 @@ export const kdfAlgorithmFromProto = (value) => {
226
242
  return "PBKDF2-HMAC-SHA-256";
227
243
  case KdfAlgorithm.PBKDF2_HMAC_SHA512:
228
244
  return "PBKDF2-HMAC-SHA-512";
245
+ case KdfAlgorithm.JWA_CONCAT_KDF_SHA256:
246
+ return "JWA-CONCAT-KDF-SHA256";
229
247
  default:
230
248
  throw new ReallyMeCryptoError("unsupported-algorithm");
231
249
  }
@@ -240,6 +258,8 @@ export const kdfAlgorithmToProto = (value) => {
240
258
  return KdfAlgorithm.PBKDF2_HMAC_SHA256;
241
259
  case "PBKDF2-HMAC-SHA-512":
242
260
  return KdfAlgorithm.PBKDF2_HMAC_SHA512;
261
+ case "JWA-CONCAT-KDF-SHA256":
262
+ return KdfAlgorithm.JWA_CONCAT_KDF_SHA256;
243
263
  }
244
264
  };
245
265
  export const keyWrapAlgorithmFromProto = (value) => {
@@ -1,5 +1,69 @@
1
1
  /* @ts-self-types="./reallyme_crypto_wasm.d.ts" */
2
2
 
3
+ /**
4
+ * Open and authenticate an AES-128-GCM `ciphertext || tag`.
5
+ * @param {Uint8Array} key
6
+ * @param {Uint8Array} nonce
7
+ * @param {Uint8Array} aad
8
+ * @param {Uint8Array} ciphertext
9
+ * @returns {Uint8Array}
10
+ */
11
+ export function aes128GcmOpen(key, nonce, aad, ciphertext) {
12
+ const ret = wasm.aes128GcmOpen(key, nonce, aad, ciphertext);
13
+ if (ret[2]) {
14
+ throw takeFromExternrefTable0(ret[1]);
15
+ }
16
+ return takeFromExternrefTable0(ret[0]);
17
+ }
18
+
19
+ /**
20
+ * Seal plaintext with AES-128-GCM and return `ciphertext || tag`.
21
+ * @param {Uint8Array} key
22
+ * @param {Uint8Array} nonce
23
+ * @param {Uint8Array} aad
24
+ * @param {Uint8Array} plaintext
25
+ * @returns {Uint8Array}
26
+ */
27
+ export function aes128GcmSeal(key, nonce, aad, plaintext) {
28
+ const ret = wasm.aes128GcmSeal(key, nonce, aad, plaintext);
29
+ if (ret[2]) {
30
+ throw takeFromExternrefTable0(ret[1]);
31
+ }
32
+ return takeFromExternrefTable0(ret[0]);
33
+ }
34
+
35
+ /**
36
+ * Open and authenticate an AES-192-GCM `ciphertext || tag`.
37
+ * @param {Uint8Array} key
38
+ * @param {Uint8Array} nonce
39
+ * @param {Uint8Array} aad
40
+ * @param {Uint8Array} ciphertext
41
+ * @returns {Uint8Array}
42
+ */
43
+ export function aes192GcmOpen(key, nonce, aad, ciphertext) {
44
+ const ret = wasm.aes192GcmOpen(key, nonce, aad, ciphertext);
45
+ if (ret[2]) {
46
+ throw takeFromExternrefTable0(ret[1]);
47
+ }
48
+ return takeFromExternrefTable0(ret[0]);
49
+ }
50
+
51
+ /**
52
+ * Seal plaintext with AES-192-GCM and return `ciphertext || tag`.
53
+ * @param {Uint8Array} key
54
+ * @param {Uint8Array} nonce
55
+ * @param {Uint8Array} aad
56
+ * @param {Uint8Array} plaintext
57
+ * @returns {Uint8Array}
58
+ */
59
+ export function aes192GcmSeal(key, nonce, aad, plaintext) {
60
+ const ret = wasm.aes192GcmSeal(key, nonce, aad, plaintext);
61
+ if (ret[2]) {
62
+ throw takeFromExternrefTable0(ret[1]);
63
+ }
64
+ return takeFromExternrefTable0(ret[0]);
65
+ }
66
+
3
67
  /**
4
68
  * Open and authenticate an AES-256-GCM `ciphertext || tag`.
5
69
  * @param {Uint8Array} key
@@ -4,6 +4,10 @@ export type ReallyMeWasmInitOutput = Readonly<{
4
4
  export declare function initSync(module: {
5
5
  module: Uint8Array;
6
6
  }): ReallyMeWasmInitOutput;
7
+ export declare function aes128GcmOpen(key: Uint8Array, nonce: Uint8Array, aad: Uint8Array, ciphertextWithTag: Uint8Array): Uint8Array;
8
+ export declare function aes128GcmSeal(key: Uint8Array, nonce: Uint8Array, aad: Uint8Array, plaintext: Uint8Array): Uint8Array;
9
+ export declare function aes192GcmOpen(key: Uint8Array, nonce: Uint8Array, aad: Uint8Array, ciphertextWithTag: Uint8Array): Uint8Array;
10
+ export declare function aes192GcmSeal(key: Uint8Array, nonce: Uint8Array, aad: Uint8Array, plaintext: Uint8Array): Uint8Array;
7
11
  export declare function aes256GcmOpen(key: Uint8Array, nonce: Uint8Array, aad: Uint8Array, ciphertextWithTag: Uint8Array): Uint8Array;
8
12
  export declare function aes256GcmSeal(key: Uint8Array, nonce: Uint8Array, aad: Uint8Array, plaintext: Uint8Array): Uint8Array;
9
13
  export declare function aes256GcmSivOpen(key: Uint8Array, nonce: Uint8Array, aad: Uint8Array, ciphertextWithTag: Uint8Array): Uint8Array;
@@ -16,10 +16,15 @@ type HpkeOpenFn = (suite: number, recipientSecretKey: Uint8Array, encapsulatedKe
16
16
  type HpkeSealFn = (suite: number, recipientPublicKey: Uint8Array, info: Uint8Array, aad: Uint8Array, plaintext: Uint8Array) => unknown;
17
17
  type HpkeSealDerandFn = (suite: number, recipientPublicKey: Uint8Array, encapsulationRandomness: Uint8Array, info: Uint8Array, aad: Uint8Array, plaintext: Uint8Array) => unknown;
18
18
  type DeriveKeypairFn = (secretKey: Uint8Array) => unknown;
19
+ type SlhDsaDeriveKeypairFn = (skSeed: Uint8Array, skPrf: Uint8Array, pkSeed: Uint8Array) => unknown;
19
20
  type EncapsulateFn = (publicKey: Uint8Array) => unknown;
20
21
  type EncapsulateDerandFn = (publicKey: Uint8Array, seed: Uint8Array) => unknown;
21
22
  type DecapsulateFn = (ciphertext: Uint8Array, secretKey: Uint8Array) => unknown;
22
23
  export type ReallyMeWasmProvider = Readonly<{
24
+ aes128GcmSeal: AeadFn;
25
+ aes128GcmOpen: AeadFn;
26
+ aes192GcmSeal: AeadFn;
27
+ aes192GcmOpen: AeadFn;
23
28
  aes256GcmSeal: AeadFn;
24
29
  aes256GcmOpen: AeadFn;
25
30
  aes256GcmSivSeal: AeadFn;
@@ -73,7 +78,7 @@ export type ReallyMeWasmProvider = Readonly<{
73
78
  mlKem1024EncapsulateDerand: EncapsulateDerandFn;
74
79
  mlKem1024Decapsulate: DecapsulateFn;
75
80
  slhDsaSha2128sGenerateKeypair: GenerateKeypairFn;
76
- slhDsaSha2128sDeriveKeypair: SignatureVerifyFn;
81
+ slhDsaSha2128sDeriveKeypair: SlhDsaDeriveKeypairFn;
77
82
  slhDsaSha2128sSign: SignatureSignFn;
78
83
  slhDsaSha2128sVerify: SignatureVerifyFn;
79
84
  rsaVerifyPkcs1v15: RsaPkcs1v15VerifyFn;
@@ -64,6 +64,10 @@ const function3 = (module, name) => {
64
64
  const callable = requireFunction(module, name);
65
65
  return (first, second, third) => callable(first, second, third);
66
66
  };
67
+ const deriveSlhDsaFunction3 = (module, name) => {
68
+ const callable = requireFunction(module, name);
69
+ return (skSeed, skPrf, pkSeed) => callable(skSeed, skPrf, pkSeed);
70
+ };
67
71
  const function4 = (module, name) => {
68
72
  const callable = requireFunction(module, name);
69
73
  return (first, second, third, fourth) => callable(first, second, third, fourth);
@@ -95,6 +99,10 @@ const rsaPssVerifyFunction = (module, name) => {
95
99
  export const installReallyMeWasmProvider = (module) => {
96
100
  const providerModule = requireObject(module);
97
101
  installedProvider = {
102
+ aes128GcmSeal: function4(providerModule, "aes128GcmSeal"),
103
+ aes128GcmOpen: function4(providerModule, "aes128GcmOpen"),
104
+ aes192GcmSeal: function4(providerModule, "aes192GcmSeal"),
105
+ aes192GcmOpen: function4(providerModule, "aes192GcmOpen"),
98
106
  aes256GcmSeal: function4(providerModule, "aes256GcmSeal"),
99
107
  aes256GcmOpen: function4(providerModule, "aes256GcmOpen"),
100
108
  aes256GcmSivSeal: function4(providerModule, "aes256GcmSivSeal"),
@@ -148,7 +156,7 @@ export const installReallyMeWasmProvider = (module) => {
148
156
  mlKem1024EncapsulateDerand: function2(providerModule, "mlKem1024EncapsulateDerand"),
149
157
  mlKem1024Decapsulate: function2(providerModule, "mlKem1024Decapsulate"),
150
158
  slhDsaSha2128sGenerateKeypair: function0(providerModule, "slhDsaSha2128sGenerateKeypair"),
151
- slhDsaSha2128sDeriveKeypair: function3(providerModule, "slhDsaSha2128sDeriveKeypair"),
159
+ slhDsaSha2128sDeriveKeypair: deriveSlhDsaFunction3(providerModule, "slhDsaSha2128sDeriveKeypair"),
152
160
  slhDsaSha2128sSign: function2(providerModule, "slhDsaSha2128sSign"),
153
161
  slhDsaSha2128sVerify: function3(providerModule, "slhDsaSha2128sVerify"),
154
162
  rsaVerifyPkcs1v15: rsaPkcs1v15VerifyFunction(providerModule, "rsaVerifyPkcs1v15"),
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@reallyme/crypto",
3
- "version": "0.1.3",
3
+ "version": "0.1.5",
4
4
  "description": "ReallyMe crypto SDK for TypeScript/JavaScript with an explicit, pinned provider set.",
5
5
  "license": "Apache-2.0",
6
6
  "type": "module",
@@ -28,7 +28,7 @@
28
28
  "README.md"
29
29
  ],
30
30
  "scripts": {
31
- "build": "npm run build:wasm && tsc",
31
+ "build": "node scripts/clean-dist.mjs && npm run build:wasm && tsc",
32
32
  "build:ts": "tsc",
33
33
  "build:wasm": "node scripts/build-wasm.mjs",
34
34
  "typecheck": "tsc --noEmit",
@@ -1 +0,0 @@
1
- export declare const verifySignatureResult: (valid: boolean) => void;
@@ -1,9 +0,0 @@
1
- // SPDX-FileCopyrightText: Copyright © 2026 ReallyMe LLC. All rights reserved
2
- //
3
- // SPDX-License-Identifier: Apache-2.0
4
- import { ReallyMeCryptoError } from "./errors.js";
5
- export const verifySignatureResult = (valid) => {
6
- if (!valid) {
7
- throw new ReallyMeCryptoError("invalid-signature");
8
- }
9
- };