@reallyme/crypto 0.1.4 → 0.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/aead.d.ts +3 -0
- package/dist/aead.js +23 -2
- package/dist/algorithms.d.ts +3 -3
- package/dist/algorithms.js +5 -0
- package/dist/cryptoFacade.d.ts +1 -0
- package/dist/cryptoFacade.js +29 -0
- package/dist/index.d.ts +4 -1
- package/dist/index.js +4 -1
- package/dist/jwaConcatKdf.d.ts +8 -0
- package/dist/jwaConcatKdf.js +72 -0
- package/dist/p384Ecdh.d.ts +22 -0
- package/dist/p384Ecdh.js +53 -0
- package/dist/p521Ecdh.d.ts +22 -0
- package/dist/p521Ecdh.js +53 -0
- package/dist/proto/generated/reallyme/crypto/v1/crypto_pb.d.ts +23 -3
- package/dist/proto/generated/reallyme/crypto/v1/crypto_pb.js +21 -1
- package/dist/proto.js +20 -0
- package/dist/wasm/reallyme_crypto_wasm.js +64 -0
- package/dist/wasm/reallyme_crypto_wasm_bg.wasm +0 -0
- package/dist/wasmModuleTypes.d.ts +4 -0
- package/dist/wasmProvider.d.ts +4 -0
- package/dist/wasmProvider.js +4 -0
- package/package.json +2 -2
- package/dist/verifySignature.d.ts +0 -1
- package/dist/verifySignature.js +0 -9
package/dist/aead.d.ts
CHANGED
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
import type { ReallyMeAeadAlgorithm } from "./algorithms.js";
|
|
2
2
|
export declare const AEAD_KEY_LENGTH = 32;
|
|
3
|
+
export declare const AES_128_GCM_KEY_LENGTH = 16;
|
|
4
|
+
export declare const AES_192_GCM_KEY_LENGTH = 24;
|
|
5
|
+
export declare const AES_256_GCM_KEY_LENGTH = 32;
|
|
3
6
|
export declare const AEAD_NONCE_LENGTH = 12;
|
|
4
7
|
export declare const XCHACHA20_POLY1305_NONCE_LENGTH = 24;
|
|
5
8
|
export declare const AEAD_TAG_LENGTH = 16;
|
package/dist/aead.js
CHANGED
|
@@ -5,32 +5,53 @@ import { ReallyMeCryptoError } from "./errors.js";
|
|
|
5
5
|
import { ensureBytes } from "./validateBytes.js";
|
|
6
6
|
import { requireReallyMeWasmProvider } from "./wasmProvider.js";
|
|
7
7
|
export const AEAD_KEY_LENGTH = 32;
|
|
8
|
+
export const AES_128_GCM_KEY_LENGTH = 16;
|
|
9
|
+
export const AES_192_GCM_KEY_LENGTH = 24;
|
|
10
|
+
export const AES_256_GCM_KEY_LENGTH = 32;
|
|
8
11
|
export const AEAD_NONCE_LENGTH = 12;
|
|
9
12
|
export const XCHACHA20_POLY1305_NONCE_LENGTH = 24;
|
|
10
13
|
export const AEAD_TAG_LENGTH = 16;
|
|
11
14
|
const aeadSuite = (algorithm) => {
|
|
12
15
|
const provider = requireReallyMeWasmProvider();
|
|
13
16
|
switch (algorithm) {
|
|
17
|
+
case "AES-128-GCM":
|
|
18
|
+
return {
|
|
19
|
+
keyLength: AES_128_GCM_KEY_LENGTH,
|
|
20
|
+
nonceLength: AEAD_NONCE_LENGTH,
|
|
21
|
+
seal: provider.aes128GcmSeal,
|
|
22
|
+
open: provider.aes128GcmOpen,
|
|
23
|
+
};
|
|
24
|
+
case "AES-192-GCM":
|
|
25
|
+
return {
|
|
26
|
+
keyLength: AES_192_GCM_KEY_LENGTH,
|
|
27
|
+
nonceLength: AEAD_NONCE_LENGTH,
|
|
28
|
+
seal: provider.aes192GcmSeal,
|
|
29
|
+
open: provider.aes192GcmOpen,
|
|
30
|
+
};
|
|
14
31
|
case "AES-256-GCM":
|
|
15
32
|
return {
|
|
33
|
+
keyLength: AES_256_GCM_KEY_LENGTH,
|
|
16
34
|
nonceLength: AEAD_NONCE_LENGTH,
|
|
17
35
|
seal: provider.aes256GcmSeal,
|
|
18
36
|
open: provider.aes256GcmOpen,
|
|
19
37
|
};
|
|
20
38
|
case "AES-256-GCM-SIV":
|
|
21
39
|
return {
|
|
40
|
+
keyLength: AES_256_GCM_KEY_LENGTH,
|
|
22
41
|
nonceLength: AEAD_NONCE_LENGTH,
|
|
23
42
|
seal: provider.aes256GcmSivSeal,
|
|
24
43
|
open: provider.aes256GcmSivOpen,
|
|
25
44
|
};
|
|
26
45
|
case "ChaCha20-Poly1305":
|
|
27
46
|
return {
|
|
47
|
+
keyLength: AES_256_GCM_KEY_LENGTH,
|
|
28
48
|
nonceLength: AEAD_NONCE_LENGTH,
|
|
29
49
|
seal: provider.chacha20Poly1305Seal,
|
|
30
50
|
open: provider.chacha20Poly1305Open,
|
|
31
51
|
};
|
|
32
52
|
case "XChaCha20-Poly1305":
|
|
33
53
|
return {
|
|
54
|
+
keyLength: AES_256_GCM_KEY_LENGTH,
|
|
34
55
|
nonceLength: XCHACHA20_POLY1305_NONCE_LENGTH,
|
|
35
56
|
seal: provider.xchacha20Poly1305Seal,
|
|
36
57
|
open: provider.xchacha20Poly1305Open,
|
|
@@ -46,13 +67,13 @@ const requireBytesOutput = (value) => {
|
|
|
46
67
|
export const ReallyMeAead = {
|
|
47
68
|
seal(algorithm, key, nonce, aad, plaintext) {
|
|
48
69
|
const suite = aeadSuite(algorithm);
|
|
49
|
-
ensureBytes(key,
|
|
70
|
+
ensureBytes(key, suite.keyLength);
|
|
50
71
|
ensureBytes(nonce, suite.nonceLength);
|
|
51
72
|
return requireBytesOutput(suite.seal(key, nonce, aad, plaintext));
|
|
52
73
|
},
|
|
53
74
|
open(algorithm, key, nonce, aad, ciphertextWithTag) {
|
|
54
75
|
const suite = aeadSuite(algorithm);
|
|
55
|
-
ensureBytes(key,
|
|
76
|
+
ensureBytes(key, suite.keyLength);
|
|
56
77
|
ensureBytes(nonce, suite.nonceLength);
|
|
57
78
|
if (ciphertextWithTag.length < AEAD_TAG_LENGTH) {
|
|
58
79
|
throw new ReallyMeCryptoError("invalid-input");
|
package/dist/algorithms.d.ts
CHANGED
|
@@ -2,15 +2,15 @@ export declare const REALLYME_SIGNATURE_ALGORITHMS: readonly ["Ed25519", "ECDSA-
|
|
|
2
2
|
export type ReallyMeSignatureAlgorithm = (typeof REALLYME_SIGNATURE_ALGORITHMS)[number];
|
|
3
3
|
export declare const REALLYME_HASH_ALGORITHMS: readonly ["SHA2-256", "SHA2-384", "SHA2-512", "SHA3-224", "SHA3-256", "SHA3-384", "SHA3-512"];
|
|
4
4
|
export type ReallyMeHashAlgorithm = (typeof REALLYME_HASH_ALGORITHMS)[number];
|
|
5
|
-
export declare const REALLYME_AEAD_ALGORITHMS: readonly ["AES-256-GCM", "AES-256-GCM-SIV", "ChaCha20-Poly1305", "XChaCha20-Poly1305"];
|
|
5
|
+
export declare const REALLYME_AEAD_ALGORITHMS: readonly ["AES-128-GCM", "AES-192-GCM", "AES-256-GCM", "AES-256-GCM-SIV", "ChaCha20-Poly1305", "XChaCha20-Poly1305"];
|
|
6
6
|
export type ReallyMeAeadAlgorithm = (typeof REALLYME_AEAD_ALGORITHMS)[number];
|
|
7
7
|
export declare const REALLYME_KEM_ALGORITHMS: readonly ["ML-KEM-512", "ML-KEM-768", "ML-KEM-1024", "X-Wing-768", "X-Wing-1024"];
|
|
8
8
|
export type ReallyMeKemAlgorithm = (typeof REALLYME_KEM_ALGORITHMS)[number];
|
|
9
|
-
export declare const REALLYME_KEY_AGREEMENT_ALGORITHMS: readonly ["X25519", "P-256-ECDH"];
|
|
9
|
+
export declare const REALLYME_KEY_AGREEMENT_ALGORITHMS: readonly ["X25519", "P-256-ECDH", "P-384-ECDH", "P-521-ECDH"];
|
|
10
10
|
export type ReallyMeKeyAgreementAlgorithm = (typeof REALLYME_KEY_AGREEMENT_ALGORITHMS)[number];
|
|
11
11
|
export declare const REALLYME_MAC_ALGORITHMS: readonly ["HMAC-SHA-256", "HMAC-SHA-512"];
|
|
12
12
|
export type ReallyMeMacAlgorithm = (typeof REALLYME_MAC_ALGORITHMS)[number];
|
|
13
|
-
export declare const REALLYME_KDF_ALGORITHMS: readonly ["HKDF-SHA256", "Argon2id", "PBKDF2-HMAC-SHA-256", "PBKDF2-HMAC-SHA-512"];
|
|
13
|
+
export declare const REALLYME_KDF_ALGORITHMS: readonly ["HKDF-SHA256", "Argon2id", "PBKDF2-HMAC-SHA-256", "PBKDF2-HMAC-SHA-512", "JWA-CONCAT-KDF-SHA256"];
|
|
14
14
|
export type ReallyMeKdfAlgorithm = (typeof REALLYME_KDF_ALGORITHMS)[number];
|
|
15
15
|
export declare const REALLYME_KEY_WRAP_ALGORITHMS: readonly ["AES-256-KW"];
|
|
16
16
|
export type ReallyMeKeyWrapAlgorithm = (typeof REALLYME_KEY_WRAP_ALGORITHMS)[number];
|
package/dist/algorithms.js
CHANGED
|
@@ -31,6 +31,8 @@ export const REALLYME_HASH_ALGORITHMS = [
|
|
|
31
31
|
"SHA3-512",
|
|
32
32
|
];
|
|
33
33
|
export const REALLYME_AEAD_ALGORITHMS = [
|
|
34
|
+
"AES-128-GCM",
|
|
35
|
+
"AES-192-GCM",
|
|
34
36
|
"AES-256-GCM",
|
|
35
37
|
"AES-256-GCM-SIV",
|
|
36
38
|
"ChaCha20-Poly1305",
|
|
@@ -46,6 +48,8 @@ export const REALLYME_KEM_ALGORITHMS = [
|
|
|
46
48
|
export const REALLYME_KEY_AGREEMENT_ALGORITHMS = [
|
|
47
49
|
"X25519",
|
|
48
50
|
"P-256-ECDH",
|
|
51
|
+
"P-384-ECDH",
|
|
52
|
+
"P-521-ECDH",
|
|
49
53
|
];
|
|
50
54
|
export const REALLYME_MAC_ALGORITHMS = [
|
|
51
55
|
"HMAC-SHA-256",
|
|
@@ -56,6 +60,7 @@ export const REALLYME_KDF_ALGORITHMS = [
|
|
|
56
60
|
"Argon2id",
|
|
57
61
|
"PBKDF2-HMAC-SHA-256",
|
|
58
62
|
"PBKDF2-HMAC-SHA-512",
|
|
63
|
+
"JWA-CONCAT-KDF-SHA256",
|
|
59
64
|
];
|
|
60
65
|
export const REALLYME_KEY_WRAP_ALGORITHMS = ["AES-256-KW"];
|
|
61
66
|
export const REALLYME_HPKE_SUITES = [
|
package/dist/cryptoFacade.d.ts
CHANGED
|
@@ -33,6 +33,7 @@ export declare const ReallyMeCrypto: {
|
|
|
33
33
|
readonly verifyMac: (algorithm: ReallyMeMacAlgorithm, tag: Uint8Array, key: Uint8Array, message: Uint8Array) => boolean;
|
|
34
34
|
readonly deriveKey: (algorithm: ReallyMeKdfAlgorithm, password: Uint8Array, salt: Uint8Array, iterations: number, outputLength: number) => Uint8Array;
|
|
35
35
|
readonly deriveHkdf: (algorithm: ReallyMeKdfAlgorithm, inputKeyMaterial: Uint8Array, salt: Uint8Array, info: Uint8Array, outputLength: number) => Uint8Array;
|
|
36
|
+
readonly deriveJwaConcatKdfSha256: (algorithm: ReallyMeKdfAlgorithm, sharedSecret: Uint8Array, algorithmId: Uint8Array, partyUInfo: Uint8Array, partyVInfo: Uint8Array, outputLength: number) => Uint8Array;
|
|
36
37
|
readonly wrapKey: (algorithm: ReallyMeKeyWrapAlgorithm, wrappingKey: Uint8Array, keyToWrap: Uint8Array) => Uint8Array;
|
|
37
38
|
readonly unwrapKey: (algorithm: ReallyMeKeyWrapAlgorithm, wrappingKey: Uint8Array, wrappedKey: Uint8Array) => Uint8Array;
|
|
38
39
|
readonly generateKeyPair: (algorithm: ReallyMeSignatureAlgorithm) => ReallyMeSignatureKeyPair;
|
package/dist/cryptoFacade.js
CHANGED
|
@@ -11,12 +11,15 @@ import { ReallyMeCryptoError } from "./errors.js";
|
|
|
11
11
|
import { ReallyMeHkdf } from "./hkdf.js";
|
|
12
12
|
import { ReallyMeHmac } from "./hmac.js";
|
|
13
13
|
import { ReallyMeHpke } from "./hpke.js";
|
|
14
|
+
import { ReallyMeJwaConcatKdf } from "./jwaConcatKdf.js";
|
|
14
15
|
import { ReallyMeMlDsa } from "./mlDsa.js";
|
|
15
16
|
import { ReallyMeMlKem } from "./mlKem.js";
|
|
16
17
|
import { ReallyMeP256Ecdsa } from "./p256Ecdsa.js";
|
|
17
18
|
import { ReallyMeP256Ecdh } from "./p256Ecdh.js";
|
|
18
19
|
import { ReallyMeP384Ecdsa } from "./p384Ecdsa.js";
|
|
20
|
+
import { ReallyMeP384Ecdh } from "./p384Ecdh.js";
|
|
19
21
|
import { ReallyMeP521Ecdsa } from "./p521Ecdsa.js";
|
|
22
|
+
import { ReallyMeP521Ecdh } from "./p521Ecdh.js";
|
|
20
23
|
import { ReallyMePbkdf2 } from "./pbkdf2.js";
|
|
21
24
|
import { ReallyMeRsa } from "./rsa.js";
|
|
22
25
|
import { ReallyMeSecp256k1 } from "./secp256k1.js";
|
|
@@ -57,6 +60,8 @@ export const ReallyMeCrypto = {
|
|
|
57
60
|
},
|
|
58
61
|
seal(algorithm, key, nonce, aad, plaintext) {
|
|
59
62
|
switch (algorithm) {
|
|
63
|
+
case "AES-128-GCM":
|
|
64
|
+
case "AES-192-GCM":
|
|
60
65
|
case "AES-256-GCM":
|
|
61
66
|
case "AES-256-GCM-SIV":
|
|
62
67
|
case "ChaCha20-Poly1305":
|
|
@@ -68,6 +73,8 @@ export const ReallyMeCrypto = {
|
|
|
68
73
|
},
|
|
69
74
|
open(algorithm, key, nonce, aad, ciphertextWithTag) {
|
|
70
75
|
switch (algorithm) {
|
|
76
|
+
case "AES-128-GCM":
|
|
77
|
+
case "AES-192-GCM":
|
|
71
78
|
case "AES-256-GCM":
|
|
72
79
|
case "AES-256-GCM-SIV":
|
|
73
80
|
case "ChaCha20-Poly1305":
|
|
@@ -117,6 +124,20 @@ export const ReallyMeCrypto = {
|
|
|
117
124
|
return ReallyMeHkdf.deriveSha256(inputKeyMaterial, salt, info, outputLength);
|
|
118
125
|
case "Argon2id":
|
|
119
126
|
case "PBKDF2-HMAC-SHA-256":
|
|
127
|
+
case "PBKDF2-HMAC-SHA-512":
|
|
128
|
+
case "JWA-CONCAT-KDF-SHA256":
|
|
129
|
+
throw new ReallyMeCryptoError("unsupported-algorithm");
|
|
130
|
+
default:
|
|
131
|
+
throw new ReallyMeCryptoError("unsupported-algorithm");
|
|
132
|
+
}
|
|
133
|
+
},
|
|
134
|
+
deriveJwaConcatKdfSha256(algorithm, sharedSecret, algorithmId, partyUInfo, partyVInfo, outputLength) {
|
|
135
|
+
switch (algorithm) {
|
|
136
|
+
case "JWA-CONCAT-KDF-SHA256":
|
|
137
|
+
return ReallyMeJwaConcatKdf.deriveSha256(sharedSecret, algorithmId, partyUInfo, partyVInfo, outputLength);
|
|
138
|
+
case "Argon2id":
|
|
139
|
+
case "HKDF-SHA256":
|
|
140
|
+
case "PBKDF2-HMAC-SHA-256":
|
|
120
141
|
case "PBKDF2-HMAC-SHA-512":
|
|
121
142
|
throw new ReallyMeCryptoError("unsupported-algorithm");
|
|
122
143
|
default:
|
|
@@ -262,6 +283,10 @@ export const ReallyMeCrypto = {
|
|
|
262
283
|
return ReallyMeX25519.deriveSharedSecret(publicKey, secretKey);
|
|
263
284
|
case "P-256-ECDH":
|
|
264
285
|
return ReallyMeP256Ecdh.deriveSharedSecret(publicKey, secretKey);
|
|
286
|
+
case "P-384-ECDH":
|
|
287
|
+
return ReallyMeP384Ecdh.deriveSharedSecret(publicKey, secretKey);
|
|
288
|
+
case "P-521-ECDH":
|
|
289
|
+
return ReallyMeP521Ecdh.deriveSharedSecret(publicKey, secretKey);
|
|
265
290
|
default:
|
|
266
291
|
throw new ReallyMeCryptoError("unsupported-algorithm");
|
|
267
292
|
}
|
|
@@ -272,6 +297,10 @@ export const ReallyMeCrypto = {
|
|
|
272
297
|
return ReallyMeX25519.deriveKeyPair(secretKey);
|
|
273
298
|
case "P-256-ECDH":
|
|
274
299
|
return ReallyMeP256Ecdh.deriveKeyPair(secretKey);
|
|
300
|
+
case "P-384-ECDH":
|
|
301
|
+
return ReallyMeP384Ecdh.deriveKeyPair(secretKey);
|
|
302
|
+
case "P-521-ECDH":
|
|
303
|
+
return ReallyMeP521Ecdh.deriveKeyPair(secretKey);
|
|
275
304
|
default:
|
|
276
305
|
throw new ReallyMeCryptoError("unsupported-algorithm");
|
|
277
306
|
}
|
package/dist/index.d.ts
CHANGED
|
@@ -2,7 +2,7 @@ export { ReallyMeCryptoError } from "./errors.js";
|
|
|
2
2
|
export type { ReallyMeCryptoErrorCode } from "./errors.js";
|
|
3
3
|
export { REALLYME_AEAD_ALGORITHMS, REALLYME_HASH_ALGORITHMS, REALLYME_HPKE_SUITES, REALLYME_KDF_ALGORITHMS, REALLYME_KEM_ALGORITHMS, REALLYME_KEY_AGREEMENT_ALGORITHMS, REALLYME_KEY_WRAP_ALGORITHMS, REALLYME_MAC_ALGORITHMS, REALLYME_SIGNATURE_ALGORITHMS, } from "./algorithms.js";
|
|
4
4
|
export type { ReallyMeAeadAlgorithm, ReallyMeHashAlgorithm, ReallyMeHpkeSuite, ReallyMeKdfAlgorithm, ReallyMeKemAlgorithm, ReallyMeKeyAgreementAlgorithm, ReallyMeKeyWrapAlgorithm, ReallyMeMacAlgorithm, ReallyMeSignatureAlgorithm, } from "./algorithms.js";
|
|
5
|
-
export { AEAD_KEY_LENGTH, AEAD_NONCE_LENGTH, AEAD_TAG_LENGTH, ReallyMeAead, XCHACHA20_POLY1305_NONCE_LENGTH, } from "./aead.js";
|
|
5
|
+
export { AEAD_KEY_LENGTH, AEAD_NONCE_LENGTH, AEAD_TAG_LENGTH, AES_128_GCM_KEY_LENGTH, AES_192_GCM_KEY_LENGTH, AES_256_GCM_KEY_LENGTH, ReallyMeAead, XCHACHA20_POLY1305_NONCE_LENGTH, } from "./aead.js";
|
|
6
6
|
export { AES_256_KW_KEK_LENGTH, AES_KW_BLOCK_LENGTH, AES_KW_INTEGRITY_CHECK_LENGTH, AES_KW_MAX_KEY_DATA_LENGTH, AES_KW_MIN_KEY_DATA_LENGTH, AES_KW_MIN_WRAPPED_KEY_LENGTH, ReallyMeAesKw, } from "./aesKw.js";
|
|
7
7
|
export { ARGON2ID_DERIVED_KEY_LENGTH, ARGON2ID_SALT_MAX_LENGTH, ARGON2ID_SALT_MIN_LENGTH, ARGON2ID_V1, ARGON2ID_V2, ReallyMeArgon2id, } from "./argon2id.js";
|
|
8
8
|
export { BIP340_SCHNORR_AUX_RAND_LENGTH, BIP340_SCHNORR_MESSAGE_LENGTH, BIP340_SCHNORR_PUBLIC_KEY_LENGTH, BIP340_SCHNORR_SECRET_KEY_LENGTH, BIP340_SCHNORR_SIGNATURE_LENGTH, ReallyMeBip340Schnorr, } from "./bip340Schnorr.js";
|
|
@@ -25,10 +25,13 @@ export type { ReallyMeHpkeSealedMessage, ReallyMeKeyAgreementKeyPair, ReallyMeKe
|
|
|
25
25
|
export { ReallyMeDigest } from "./digest.js";
|
|
26
26
|
export { ED25519_PUBLIC_KEY_LENGTH, ED25519_SECRET_KEY_LENGTH, ED25519_SIGNATURE_LENGTH, ReallyMeEd25519, } from "./ed25519.js";
|
|
27
27
|
export { HKDF_MAX_INPUT_LENGTH, HKDF_MAX_OUTPUT_LENGTH, HKDF_MIN_INPUT_KEY_MATERIAL_LENGTH, HKDF_MIN_OUTPUT_LENGTH, ReallyMeHkdf, } from "./hkdf.js";
|
|
28
|
+
export { JWA_CONCAT_KDF_MAX_INFO_LENGTH, JWA_CONCAT_KDF_MAX_OUTPUT_LENGTH, JWA_CONCAT_KDF_MAX_SHARED_SECRET_LENGTH, JWA_CONCAT_KDF_MIN_OUTPUT_LENGTH, JWA_CONCAT_KDF_SHA256_DIGEST_LENGTH, ReallyMeJwaConcatKdf, } from "./jwaConcatKdf.js";
|
|
28
29
|
export { HMAC_MAX_KEY_LENGTH, HMAC_SHA256_TAG_LENGTH, HMAC_SHA512_TAG_LENGTH, ReallyMeHmac, } from "./hmac.js";
|
|
29
30
|
export { P256_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH, P256_ECDH_SECRET_KEY_LENGTH, P256_ECDH_SHARED_SECRET_LENGTH, ReallyMeP256Ecdh, } from "./p256Ecdh.js";
|
|
30
31
|
export { P256_ECDSA_COMPACT_SIGNATURE_LENGTH, P256_ECDSA_COMPRESSED_PUBLIC_KEY_LENGTH, P256_ECDSA_DER_SIGNATURE_MAX_LENGTH, P256_ECDSA_SECRET_KEY_LENGTH, ReallyMeP256Ecdsa, } from "./p256Ecdsa.js";
|
|
32
|
+
export { P384_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH, P384_ECDH_SECRET_KEY_LENGTH, P384_ECDH_SHARED_SECRET_LENGTH, ReallyMeP384Ecdh, } from "./p384Ecdh.js";
|
|
31
33
|
export { P384_ECDSA_COMPACT_SIGNATURE_LENGTH, P384_ECDSA_COMPRESSED_PUBLIC_KEY_LENGTH, P384_ECDSA_DER_SIGNATURE_MAX_LENGTH, P384_ECDSA_SECRET_KEY_LENGTH, ReallyMeP384Ecdsa, } from "./p384Ecdsa.js";
|
|
34
|
+
export { P521_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH, P521_ECDH_SECRET_KEY_LENGTH, P521_ECDH_SHARED_SECRET_LENGTH, ReallyMeP521Ecdh, } from "./p521Ecdh.js";
|
|
32
35
|
export { P521_ECDSA_COMPACT_SIGNATURE_LENGTH, P521_ECDSA_COMPRESSED_PUBLIC_KEY_LENGTH, P521_ECDSA_DER_SIGNATURE_MAX_LENGTH, P521_ECDSA_SECRET_KEY_LENGTH, ReallyMeP521Ecdsa, } from "./p521Ecdsa.js";
|
|
33
36
|
export { PBKDF2_MAX_INPUT_LENGTH, PBKDF2_MAX_OUTPUT_LENGTH, PBKDF2_MIN_INPUT_LENGTH, PBKDF2_MIN_ITERATIONS, PBKDF2_MIN_OUTPUT_LENGTH, PBKDF2_RECOMMENDED_MIN_ITERATIONS_SHA256, PBKDF2_RECOMMENDED_MIN_ITERATIONS_SHA512, ReallyMePbkdf2, } from "./pbkdf2.js";
|
|
34
37
|
export { ReallyMeSecp256k1, SECP256K1_COMPRESSED_PUBLIC_KEY_LENGTH, SECP256K1_SECRET_KEY_LENGTH, SECP256K1_SIGNATURE_LENGTH, } from "./secp256k1.js";
|
package/dist/index.js
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
// SPDX-License-Identifier: Apache-2.0
|
|
4
4
|
export { ReallyMeCryptoError } from "./errors.js";
|
|
5
5
|
export { REALLYME_AEAD_ALGORITHMS, REALLYME_HASH_ALGORITHMS, REALLYME_HPKE_SUITES, REALLYME_KDF_ALGORITHMS, REALLYME_KEM_ALGORITHMS, REALLYME_KEY_AGREEMENT_ALGORITHMS, REALLYME_KEY_WRAP_ALGORITHMS, REALLYME_MAC_ALGORITHMS, REALLYME_SIGNATURE_ALGORITHMS, } from "./algorithms.js";
|
|
6
|
-
export { AEAD_KEY_LENGTH, AEAD_NONCE_LENGTH, AEAD_TAG_LENGTH, ReallyMeAead, XCHACHA20_POLY1305_NONCE_LENGTH, } from "./aead.js";
|
|
6
|
+
export { AEAD_KEY_LENGTH, AEAD_NONCE_LENGTH, AEAD_TAG_LENGTH, AES_128_GCM_KEY_LENGTH, AES_192_GCM_KEY_LENGTH, AES_256_GCM_KEY_LENGTH, ReallyMeAead, XCHACHA20_POLY1305_NONCE_LENGTH, } from "./aead.js";
|
|
7
7
|
export { AES_256_KW_KEK_LENGTH, AES_KW_BLOCK_LENGTH, AES_KW_INTEGRITY_CHECK_LENGTH, AES_KW_MAX_KEY_DATA_LENGTH, AES_KW_MIN_KEY_DATA_LENGTH, AES_KW_MIN_WRAPPED_KEY_LENGTH, ReallyMeAesKw, } from "./aesKw.js";
|
|
8
8
|
export { ARGON2ID_DERIVED_KEY_LENGTH, ARGON2ID_SALT_MAX_LENGTH, ARGON2ID_SALT_MIN_LENGTH, ARGON2ID_V1, ARGON2ID_V2, ReallyMeArgon2id, } from "./argon2id.js";
|
|
9
9
|
export { BIP340_SCHNORR_AUX_RAND_LENGTH, BIP340_SCHNORR_MESSAGE_LENGTH, BIP340_SCHNORR_PUBLIC_KEY_LENGTH, BIP340_SCHNORR_SECRET_KEY_LENGTH, BIP340_SCHNORR_SIGNATURE_LENGTH, ReallyMeBip340Schnorr, } from "./bip340Schnorr.js";
|
|
@@ -18,10 +18,13 @@ export { ReallyMeCrypto } from "./cryptoFacade.js";
|
|
|
18
18
|
export { ReallyMeDigest } from "./digest.js";
|
|
19
19
|
export { ED25519_PUBLIC_KEY_LENGTH, ED25519_SECRET_KEY_LENGTH, ED25519_SIGNATURE_LENGTH, ReallyMeEd25519, } from "./ed25519.js";
|
|
20
20
|
export { HKDF_MAX_INPUT_LENGTH, HKDF_MAX_OUTPUT_LENGTH, HKDF_MIN_INPUT_KEY_MATERIAL_LENGTH, HKDF_MIN_OUTPUT_LENGTH, ReallyMeHkdf, } from "./hkdf.js";
|
|
21
|
+
export { JWA_CONCAT_KDF_MAX_INFO_LENGTH, JWA_CONCAT_KDF_MAX_OUTPUT_LENGTH, JWA_CONCAT_KDF_MAX_SHARED_SECRET_LENGTH, JWA_CONCAT_KDF_MIN_OUTPUT_LENGTH, JWA_CONCAT_KDF_SHA256_DIGEST_LENGTH, ReallyMeJwaConcatKdf, } from "./jwaConcatKdf.js";
|
|
21
22
|
export { HMAC_MAX_KEY_LENGTH, HMAC_SHA256_TAG_LENGTH, HMAC_SHA512_TAG_LENGTH, ReallyMeHmac, } from "./hmac.js";
|
|
22
23
|
export { P256_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH, P256_ECDH_SECRET_KEY_LENGTH, P256_ECDH_SHARED_SECRET_LENGTH, ReallyMeP256Ecdh, } from "./p256Ecdh.js";
|
|
23
24
|
export { P256_ECDSA_COMPACT_SIGNATURE_LENGTH, P256_ECDSA_COMPRESSED_PUBLIC_KEY_LENGTH, P256_ECDSA_DER_SIGNATURE_MAX_LENGTH, P256_ECDSA_SECRET_KEY_LENGTH, ReallyMeP256Ecdsa, } from "./p256Ecdsa.js";
|
|
25
|
+
export { P384_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH, P384_ECDH_SECRET_KEY_LENGTH, P384_ECDH_SHARED_SECRET_LENGTH, ReallyMeP384Ecdh, } from "./p384Ecdh.js";
|
|
24
26
|
export { P384_ECDSA_COMPACT_SIGNATURE_LENGTH, P384_ECDSA_COMPRESSED_PUBLIC_KEY_LENGTH, P384_ECDSA_DER_SIGNATURE_MAX_LENGTH, P384_ECDSA_SECRET_KEY_LENGTH, ReallyMeP384Ecdsa, } from "./p384Ecdsa.js";
|
|
27
|
+
export { P521_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH, P521_ECDH_SECRET_KEY_LENGTH, P521_ECDH_SHARED_SECRET_LENGTH, ReallyMeP521Ecdh, } from "./p521Ecdh.js";
|
|
25
28
|
export { P521_ECDSA_COMPACT_SIGNATURE_LENGTH, P521_ECDSA_COMPRESSED_PUBLIC_KEY_LENGTH, P521_ECDSA_DER_SIGNATURE_MAX_LENGTH, P521_ECDSA_SECRET_KEY_LENGTH, ReallyMeP521Ecdsa, } from "./p521Ecdsa.js";
|
|
26
29
|
export { PBKDF2_MAX_INPUT_LENGTH, PBKDF2_MAX_OUTPUT_LENGTH, PBKDF2_MIN_INPUT_LENGTH, PBKDF2_MIN_ITERATIONS, PBKDF2_MIN_OUTPUT_LENGTH, PBKDF2_RECOMMENDED_MIN_ITERATIONS_SHA256, PBKDF2_RECOMMENDED_MIN_ITERATIONS_SHA512, ReallyMePbkdf2, } from "./pbkdf2.js";
|
|
27
30
|
export { ReallyMeSecp256k1, SECP256K1_COMPRESSED_PUBLIC_KEY_LENGTH, SECP256K1_SECRET_KEY_LENGTH, SECP256K1_SIGNATURE_LENGTH, } from "./secp256k1.js";
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
export declare const JWA_CONCAT_KDF_SHA256_DIGEST_LENGTH = 32;
|
|
2
|
+
export declare const JWA_CONCAT_KDF_MAX_SHARED_SECRET_LENGTH = 4096;
|
|
3
|
+
export declare const JWA_CONCAT_KDF_MAX_INFO_LENGTH = 4096;
|
|
4
|
+
export declare const JWA_CONCAT_KDF_MIN_OUTPUT_LENGTH = 1;
|
|
5
|
+
export declare const JWA_CONCAT_KDF_MAX_OUTPUT_LENGTH = 4096;
|
|
6
|
+
export declare const ReallyMeJwaConcatKdf: {
|
|
7
|
+
deriveSha256(sharedSecret: Uint8Array, algorithmId: Uint8Array, partyUInfo: Uint8Array, partyVInfo: Uint8Array, outputLength: number): Uint8Array;
|
|
8
|
+
};
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
// SPDX-FileCopyrightText: Copyright © 2026 ReallyMe LLC. All rights reserved
|
|
2
|
+
//
|
|
3
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
4
|
+
import { sha256 } from "@noble/hashes/sha2.js";
|
|
5
|
+
import { ReallyMeCryptoError } from "./errors.js";
|
|
6
|
+
export const JWA_CONCAT_KDF_SHA256_DIGEST_LENGTH = 32;
|
|
7
|
+
export const JWA_CONCAT_KDF_MAX_SHARED_SECRET_LENGTH = 4096;
|
|
8
|
+
export const JWA_CONCAT_KDF_MAX_INFO_LENGTH = 4096;
|
|
9
|
+
export const JWA_CONCAT_KDF_MIN_OUTPUT_LENGTH = 1;
|
|
10
|
+
export const JWA_CONCAT_KDF_MAX_OUTPUT_LENGTH = 4096;
|
|
11
|
+
export const ReallyMeJwaConcatKdf = {
|
|
12
|
+
deriveSha256(sharedSecret, algorithmId, partyUInfo, partyVInfo, outputLength) {
|
|
13
|
+
validate(sharedSecret, algorithmId, partyUInfo, partyVInfo, outputLength);
|
|
14
|
+
const outputBits = outputLength * 8;
|
|
15
|
+
const otherInfo = buildOtherInfo(algorithmId, partyUInfo, partyVInfo, outputBits);
|
|
16
|
+
const reps = Math.ceil(outputLength / JWA_CONCAT_KDF_SHA256_DIGEST_LENGTH);
|
|
17
|
+
const derived = new Uint8Array(reps * JWA_CONCAT_KDF_SHA256_DIGEST_LENGTH);
|
|
18
|
+
for (let counter = 1; counter <= reps; counter += 1) {
|
|
19
|
+
const counterBytes = uint32be(counter);
|
|
20
|
+
const digest = sha256(concatBytes(counterBytes, sharedSecret, otherInfo));
|
|
21
|
+
derived.set(digest, (counter - 1) * JWA_CONCAT_KDF_SHA256_DIGEST_LENGTH);
|
|
22
|
+
counterBytes.fill(0);
|
|
23
|
+
}
|
|
24
|
+
const output = derived.slice(0, outputLength);
|
|
25
|
+
derived.fill(0);
|
|
26
|
+
otherInfo.fill(0);
|
|
27
|
+
return output;
|
|
28
|
+
},
|
|
29
|
+
};
|
|
30
|
+
function validate(sharedSecret, algorithmId, partyUInfo, partyVInfo, outputLength) {
|
|
31
|
+
if (sharedSecret.length === 0 ||
|
|
32
|
+
sharedSecret.length > JWA_CONCAT_KDF_MAX_SHARED_SECRET_LENGTH ||
|
|
33
|
+
algorithmId.length === 0 ||
|
|
34
|
+
algorithmId.length > JWA_CONCAT_KDF_MAX_INFO_LENGTH ||
|
|
35
|
+
partyUInfo.length > JWA_CONCAT_KDF_MAX_INFO_LENGTH ||
|
|
36
|
+
partyVInfo.length > JWA_CONCAT_KDF_MAX_INFO_LENGTH ||
|
|
37
|
+
!Number.isInteger(outputLength) ||
|
|
38
|
+
outputLength < JWA_CONCAT_KDF_MIN_OUTPUT_LENGTH ||
|
|
39
|
+
outputLength > JWA_CONCAT_KDF_MAX_OUTPUT_LENGTH) {
|
|
40
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
function buildOtherInfo(algorithmId, partyUInfo, partyVInfo, outputBits) {
|
|
44
|
+
return concatBytes(lengthPrefixed(algorithmId), lengthPrefixed(partyUInfo), lengthPrefixed(partyVInfo), uint32be(outputBits));
|
|
45
|
+
}
|
|
46
|
+
function lengthPrefixed(bytes) {
|
|
47
|
+
return concatBytes(uint32be(bytes.length), bytes);
|
|
48
|
+
}
|
|
49
|
+
function uint32be(value) {
|
|
50
|
+
if (!Number.isInteger(value) || value < 0 || value > 0xffffffff) {
|
|
51
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
52
|
+
}
|
|
53
|
+
const output = new Uint8Array(4);
|
|
54
|
+
output[0] = Math.floor(value / 0x1000000);
|
|
55
|
+
output[1] = Math.floor(value / 0x10000) & 0xff;
|
|
56
|
+
output[2] = Math.floor(value / 0x100) & 0xff;
|
|
57
|
+
output[3] = value & 0xff;
|
|
58
|
+
return output;
|
|
59
|
+
}
|
|
60
|
+
function concatBytes(...parts) {
|
|
61
|
+
let length = 0;
|
|
62
|
+
for (const part of parts) {
|
|
63
|
+
length += part.length;
|
|
64
|
+
}
|
|
65
|
+
const output = new Uint8Array(length);
|
|
66
|
+
let offset = 0;
|
|
67
|
+
for (const part of parts) {
|
|
68
|
+
output.set(part, offset);
|
|
69
|
+
offset += part.length;
|
|
70
|
+
}
|
|
71
|
+
return output;
|
|
72
|
+
}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* P-384 ECDH backed by @noble/curves.
|
|
3
|
+
*
|
|
4
|
+
* Public keys at the SDK boundary are compressed SEC1. The primitive returns
|
|
5
|
+
* the raw 48-byte ECDH x-coordinate; protocols must apply a labelled KDF that
|
|
6
|
+
* binds algorithm and party context before using it as key material.
|
|
7
|
+
*/
|
|
8
|
+
export declare const P384_ECDH_SECRET_KEY_LENGTH = 48;
|
|
9
|
+
export declare const P384_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH = 49;
|
|
10
|
+
export declare const P384_ECDH_SHARED_SECRET_LENGTH = 48;
|
|
11
|
+
export declare const ReallyMeP384Ecdh: {
|
|
12
|
+
readonly generateKeyPair: () => {
|
|
13
|
+
publicKey: Uint8Array;
|
|
14
|
+
secretKey: Uint8Array;
|
|
15
|
+
};
|
|
16
|
+
readonly deriveKeyPair: (secretKey: Uint8Array) => {
|
|
17
|
+
publicKey: Uint8Array;
|
|
18
|
+
secretKey: Uint8Array;
|
|
19
|
+
};
|
|
20
|
+
readonly derivePublicKey: (secretKey: Uint8Array) => Uint8Array;
|
|
21
|
+
readonly deriveSharedSecret: (publicKey: Uint8Array, secretKey: Uint8Array) => Uint8Array;
|
|
22
|
+
};
|
package/dist/p384Ecdh.js
ADDED
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
// SPDX-FileCopyrightText: Copyright © 2026 ReallyMe LLC. All rights reserved
|
|
2
|
+
//
|
|
3
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
4
|
+
import { p384 } from "@noble/curves/nist.js";
|
|
5
|
+
import { ReallyMeCryptoError } from "./errors.js";
|
|
6
|
+
/**
|
|
7
|
+
* P-384 ECDH backed by @noble/curves.
|
|
8
|
+
*
|
|
9
|
+
* Public keys at the SDK boundary are compressed SEC1. The primitive returns
|
|
10
|
+
* the raw 48-byte ECDH x-coordinate; protocols must apply a labelled KDF that
|
|
11
|
+
* binds algorithm and party context before using it as key material.
|
|
12
|
+
*/
|
|
13
|
+
export const P384_ECDH_SECRET_KEY_LENGTH = 48;
|
|
14
|
+
export const P384_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH = 49;
|
|
15
|
+
export const P384_ECDH_SHARED_SECRET_LENGTH = 48;
|
|
16
|
+
export const ReallyMeP384Ecdh = {
|
|
17
|
+
generateKeyPair() {
|
|
18
|
+
const secretKey = p384.utils.randomSecretKey();
|
|
19
|
+
return {
|
|
20
|
+
publicKey: p384.getPublicKey(secretKey, true),
|
|
21
|
+
secretKey,
|
|
22
|
+
};
|
|
23
|
+
},
|
|
24
|
+
deriveKeyPair(secretKey) {
|
|
25
|
+
return {
|
|
26
|
+
publicKey: this.derivePublicKey(secretKey),
|
|
27
|
+
secretKey: secretKey.slice(),
|
|
28
|
+
};
|
|
29
|
+
},
|
|
30
|
+
derivePublicKey(secretKey) {
|
|
31
|
+
if (secretKey.length !== P384_ECDH_SECRET_KEY_LENGTH) {
|
|
32
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
33
|
+
}
|
|
34
|
+
try {
|
|
35
|
+
return p384.getPublicKey(secretKey, true);
|
|
36
|
+
}
|
|
37
|
+
catch {
|
|
38
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
39
|
+
}
|
|
40
|
+
},
|
|
41
|
+
deriveSharedSecret(publicKey, secretKey) {
|
|
42
|
+
if (publicKey.length !== P384_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH ||
|
|
43
|
+
secretKey.length !== P384_ECDH_SECRET_KEY_LENGTH) {
|
|
44
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
45
|
+
}
|
|
46
|
+
try {
|
|
47
|
+
return p384.getSharedSecret(secretKey, publicKey, false).slice(1, 49);
|
|
48
|
+
}
|
|
49
|
+
catch {
|
|
50
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
51
|
+
}
|
|
52
|
+
},
|
|
53
|
+
};
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* P-521 ECDH backed by @noble/curves.
|
|
3
|
+
*
|
|
4
|
+
* Public keys at the SDK boundary are compressed SEC1. The primitive returns
|
|
5
|
+
* the raw 66-byte ECDH x-coordinate; protocols must apply a labelled KDF that
|
|
6
|
+
* binds algorithm and party context before using it as key material.
|
|
7
|
+
*/
|
|
8
|
+
export declare const P521_ECDH_SECRET_KEY_LENGTH = 66;
|
|
9
|
+
export declare const P521_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH = 67;
|
|
10
|
+
export declare const P521_ECDH_SHARED_SECRET_LENGTH = 66;
|
|
11
|
+
export declare const ReallyMeP521Ecdh: {
|
|
12
|
+
readonly generateKeyPair: () => {
|
|
13
|
+
publicKey: Uint8Array;
|
|
14
|
+
secretKey: Uint8Array;
|
|
15
|
+
};
|
|
16
|
+
readonly deriveKeyPair: (secretKey: Uint8Array) => {
|
|
17
|
+
publicKey: Uint8Array;
|
|
18
|
+
secretKey: Uint8Array;
|
|
19
|
+
};
|
|
20
|
+
readonly derivePublicKey: (secretKey: Uint8Array) => Uint8Array;
|
|
21
|
+
readonly deriveSharedSecret: (publicKey: Uint8Array, secretKey: Uint8Array) => Uint8Array;
|
|
22
|
+
};
|
package/dist/p521Ecdh.js
ADDED
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
// SPDX-FileCopyrightText: Copyright © 2026 ReallyMe LLC. All rights reserved
|
|
2
|
+
//
|
|
3
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
4
|
+
import { p521 } from "@noble/curves/nist.js";
|
|
5
|
+
import { ReallyMeCryptoError } from "./errors.js";
|
|
6
|
+
/**
|
|
7
|
+
* P-521 ECDH backed by @noble/curves.
|
|
8
|
+
*
|
|
9
|
+
* Public keys at the SDK boundary are compressed SEC1. The primitive returns
|
|
10
|
+
* the raw 66-byte ECDH x-coordinate; protocols must apply a labelled KDF that
|
|
11
|
+
* binds algorithm and party context before using it as key material.
|
|
12
|
+
*/
|
|
13
|
+
export const P521_ECDH_SECRET_KEY_LENGTH = 66;
|
|
14
|
+
export const P521_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH = 67;
|
|
15
|
+
export const P521_ECDH_SHARED_SECRET_LENGTH = 66;
|
|
16
|
+
export const ReallyMeP521Ecdh = {
|
|
17
|
+
generateKeyPair() {
|
|
18
|
+
const secretKey = p521.utils.randomSecretKey();
|
|
19
|
+
return {
|
|
20
|
+
publicKey: p521.getPublicKey(secretKey, true),
|
|
21
|
+
secretKey,
|
|
22
|
+
};
|
|
23
|
+
},
|
|
24
|
+
deriveKeyPair(secretKey) {
|
|
25
|
+
return {
|
|
26
|
+
publicKey: this.derivePublicKey(secretKey),
|
|
27
|
+
secretKey: secretKey.slice(),
|
|
28
|
+
};
|
|
29
|
+
},
|
|
30
|
+
derivePublicKey(secretKey) {
|
|
31
|
+
if (secretKey.length !== P521_ECDH_SECRET_KEY_LENGTH) {
|
|
32
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
33
|
+
}
|
|
34
|
+
try {
|
|
35
|
+
return p521.getPublicKey(secretKey, true);
|
|
36
|
+
}
|
|
37
|
+
catch {
|
|
38
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
39
|
+
}
|
|
40
|
+
},
|
|
41
|
+
deriveSharedSecret(publicKey, secretKey) {
|
|
42
|
+
if (publicKey.length !== P521_ECDH_COMPRESSED_PUBLIC_KEY_LENGTH ||
|
|
43
|
+
secretKey.length !== P521_ECDH_SECRET_KEY_LENGTH) {
|
|
44
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
45
|
+
}
|
|
46
|
+
try {
|
|
47
|
+
return p521.getSharedSecret(secretKey, publicKey, false).slice(1, 67);
|
|
48
|
+
}
|
|
49
|
+
catch {
|
|
50
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
51
|
+
}
|
|
52
|
+
},
|
|
53
|
+
};
|
|
@@ -286,7 +286,15 @@ export declare enum KeyAgreementAlgorithm {
|
|
|
286
286
|
/**
|
|
287
287
|
* @generated from enum value: KEY_AGREEMENT_ALGORITHM_P256_ECDH = 2;
|
|
288
288
|
*/
|
|
289
|
-
P256_ECDH = 2
|
|
289
|
+
P256_ECDH = 2,
|
|
290
|
+
/**
|
|
291
|
+
* @generated from enum value: KEY_AGREEMENT_ALGORITHM_P384_ECDH = 3;
|
|
292
|
+
*/
|
|
293
|
+
P384_ECDH = 3,
|
|
294
|
+
/**
|
|
295
|
+
* @generated from enum value: KEY_AGREEMENT_ALGORITHM_P521_ECDH = 4;
|
|
296
|
+
*/
|
|
297
|
+
P521_ECDH = 4
|
|
290
298
|
}
|
|
291
299
|
/**
|
|
292
300
|
* Describes the enum reallyme.crypto.v1.KeyAgreementAlgorithm.
|
|
@@ -376,7 +384,15 @@ export declare enum AeadAlgorithm {
|
|
|
376
384
|
/**
|
|
377
385
|
* @generated from enum value: AEAD_ALGORITHM_XCHACHA20_POLY1305 = 4;
|
|
378
386
|
*/
|
|
379
|
-
XCHACHA20_POLY1305 = 4
|
|
387
|
+
XCHACHA20_POLY1305 = 4,
|
|
388
|
+
/**
|
|
389
|
+
* @generated from enum value: AEAD_ALGORITHM_AES_128_GCM = 5;
|
|
390
|
+
*/
|
|
391
|
+
AES_128_GCM = 5,
|
|
392
|
+
/**
|
|
393
|
+
* @generated from enum value: AEAD_ALGORITHM_AES_192_GCM = 6;
|
|
394
|
+
*/
|
|
395
|
+
AES_192_GCM = 6
|
|
380
396
|
}
|
|
381
397
|
/**
|
|
382
398
|
* Describes the enum reallyme.crypto.v1.AeadAlgorithm.
|
|
@@ -474,7 +490,11 @@ export declare enum KdfAlgorithm {
|
|
|
474
490
|
/**
|
|
475
491
|
* @generated from enum value: KDF_ALGORITHM_PBKDF2_HMAC_SHA512 = 4;
|
|
476
492
|
*/
|
|
477
|
-
PBKDF2_HMAC_SHA512 = 4
|
|
493
|
+
PBKDF2_HMAC_SHA512 = 4,
|
|
494
|
+
/**
|
|
495
|
+
* @generated from enum value: KDF_ALGORITHM_JWA_CONCAT_KDF_SHA256 = 5;
|
|
496
|
+
*/
|
|
497
|
+
JWA_CONCAT_KDF_SHA256 = 5
|
|
478
498
|
}
|
|
479
499
|
/**
|
|
480
500
|
* Describes the enum reallyme.crypto.v1.KdfAlgorithm.
|
|
@@ -5,7 +5,7 @@ import { enumDesc, fileDesc, messageDesc } from "@bufbuild/protobuf/codegenv2";
|
|
|
5
5
|
/**
|
|
6
6
|
* Describes the file reallyme/crypto/v1/crypto.proto.
|
|
7
7
|
*/
|
|
8
|
-
export const file_reallyme_crypto_v1_crypto = /*@__PURE__*/ fileDesc("
|
|
8
|
+
export const file_reallyme_crypto_v1_crypto = /*@__PURE__*/ fileDesc("Ch9yZWFsbHltZS9jcnlwdG8vdjEvY3J5cHRvLnByb3RvEhJyZWFsbHltZS5jcnlwdG8udjEi0QQKGUNyeXB0b0FsZ29yaXRobUlkZW50aWZpZXISOwoJc2lnbmF0dXJlGAEgASgOMiYucmVhbGx5bWUuY3J5cHRvLnYxLlNpZ25hdHVyZUFsZ29yaXRobUgAEkIKDWtleV9hZ3JlZW1lbnQYAiABKA4yKS5yZWFsbHltZS5jcnlwdG8udjEuS2V5QWdyZWVtZW50QWxnb3JpdGhtSAASLwoDa2VtGAMgASgOMiAucmVhbGx5bWUuY3J5cHRvLnYxLktlbUFsZ29yaXRobUgAEi0KBGhwa2UYBCABKA4yHS5yZWFsbHltZS5jcnlwdG8udjEuSHBrZVN1aXRlSAASMQoEYWVhZBgFIAEoDjIhLnJlYWxseW1lLmNyeXB0by52MS5BZWFkQWxnb3JpdGhtSAASMQoEaGFzaBgGIAEoDjIhLnJlYWxseW1lLmNyeXB0by52MS5IYXNoQWxnb3JpdGhtSAASLwoDbWFjGAcgASgOMiAucmVhbGx5bWUuY3J5cHRvLnYxLk1hY0FsZ29yaXRobUgAEi8KA2tkZhgIIAEoDjIgLnJlYWxseW1lLmNyeXB0by52MS5LZGZBbGdvcml0aG1IABI4CghrZXlfd3JhcBgJIAEoDjIkLnJlYWxseW1lLmNyeXB0by52MS5LZXlXcmFwQWxnb3JpdGhtSAASRAoObXVsdGljb2RlY19rZXkYCiABKA4yKi5yZWFsbHltZS5jcnlwdG8udjEuTXVsdGljb2RlY0tleUFsZ29yaXRobUgAQgsKCWFsZ29yaXRobSJ5CgpKc29uV2ViS2V5EkAKCWFsZ29yaXRobRgBIAEoCzItLnJlYWxseW1lLmNyeXB0by52MS5DcnlwdG9BbGdvcml0aG1JZGVudGlmaWVyEhIKCnB1YmxpY19rZXkYAiABKAwSFQoNY2Fub25pY2FsX2pjcxgDIAEoDCI9Cg1Kc29uV2ViS2V5U2V0EiwKBGtleXMYASADKAsyHi5yZWFsbHltZS5jcnlwdG8udjEuSnNvbldlYktleSqBAwoVQ3J5cHRvQWxnb3JpdGhtRmFtaWx5EicKI0NSWVBUT19BTEdPUklUSE1fRkFNSUxZX1VOU1BFQ0lGSUVEEAASJQohQ1JZUFRPX0FMR09SSVRITV9GQU1JTFlfU0lHTkFUVVJFEAESKQolQ1JZUFRPX0FMR09SSVRITV9GQU1JTFlfS0VZX0FHUkVFTUVOVBACEh8KG0NSWVBUT19BTEdPUklUSE1fRkFNSUxZX0tFTRADEiAKHENSWVBUT19BTEdPUklUSE1fRkFNSUxZX0FFQUQQBBIgChxDUllQVE9fQUxHT1JJVEhNX0ZBTUlMWV9IQVNIEAUSHwobQ1JZUFRPX0FMR09SSVRITV9GQU1JTFlfTUFDEAYSHwobQ1JZUFRPX0FMR09SSVRITV9GQU1JTFlfS0RGEAcSJAogQ1JZUFRPX0FMR09SSVRITV9GQU1JTFlfS0VZX1dSQVAQCBIgChxDUllQVE9fQUxHT1JJVEhNX0ZBTUlMWV9IUEtFEAkq1gYKElNpZ25hdHVyZUFsZ29yaXRobRIjCh9TSUdOQVRVUkVfQUxHT1JJVEhNX1VOU1BFQ0lGSUVEEAASHwobU0lHTkFUVVJFX0FMR09SSVRITV9FRDI1NTE5EAESKQolU0lHTkFUVVJFX0FMR09SSVRITV9FQ0RTQV9QMjU2X1NIQTI1NhACEikKJVNJR05BVFVSRV9BTEdPUklUSE1fRUNEU0FfUDM4NF9TSEEzODQQAxIpCiVTSUdOQVRVUkVfQUxHT1JJVEhNX0VDRFNBX1A1MjFfU0hBNTEyEAQSLgoqU0lHTkFUVVJFX0FMR09SSVRITV9FQ0RTQV9TRUNQMjU2SzFfU0hBMjU2EAUSNwozU0lHTkFUVVJFX0FMR09SSVRITV9CSVAzNDBfU0NITk9SUl9TRUNQMjU2SzFfU0hBMjU2EAYSKQolU0lHTkFUVVJFX0FMR09SSVRITV9SU0FfUEtDUzFWMTVfU0hBMRAHEisKJ1NJR05BVFVSRV9BTEdPUklUSE1fUlNBX1BLQ1MxVjE1X1NIQTI1NhAIEisKJ1NJR05BVFVSRV9BTEdPUklUSE1fUlNBX1BLQ1MxVjE1X1NIQTM4NBAJEisKJ1NJR05BVFVSRV9BTEdPUklUSE1fUlNBX1BLQ1MxVjE1X1NIQTUxMhAKEi4KKlNJR05BVFVSRV9BTEdPUklUSE1fUlNBX1BTU19TSEExX01HRjFfU0hBMRALEjIKLlNJR05BVFVSRV9BTEdPUklUSE1fUlNBX1BTU19TSEEyNTZfTUdGMV9TSEEyNTYQDBIyCi5TSUdOQVRVUkVfQUxHT1JJVEhNX1JTQV9QU1NfU0hBMzg0X01HRjFfU0hBMzg0EA0SMgouU0lHTkFUVVJFX0FMR09SSVRITV9SU0FfUFNTX1NIQTUxMl9NR0YxX1NIQTUxMhAOEiEKHVNJR05BVFVSRV9BTEdPUklUSE1fTUxfRFNBXzQ0EA8SIQodU0lHTkFUVVJFX0FMR09SSVRITV9NTF9EU0FfNjUQEBIhCh1TSUdOQVRVUkVfQUxHT1JJVEhNX01MX0RTQV84NxAREikKJVNJR05BVFVSRV9BTEdPUklUSE1fU0xIX0RTQV9TSEEyXzEyOFMQEirZAQoVS2V5QWdyZWVtZW50QWxnb3JpdGhtEicKI0tFWV9BR1JFRU1FTlRfQUxHT1JJVEhNX1VOU1BFQ0lGSUVEEAASIgoeS0VZX0FHUkVFTUVOVF9BTEdPUklUSE1fWDI1NTE5EAESJQohS0VZX0FHUkVFTUVOVF9BTEdPUklUSE1fUDI1Nl9FQ0RIEAISJQohS0VZX0FHUkVFTUVOVF9BTEdPUklUSE1fUDM4NF9FQ0RIEAMSJQohS0VZX0FHUkVFTUVOVF9BTEdPUklUSE1fUDUyMV9FQ0RIEAQqxQEKDEtlbUFsZ29yaXRobRIdChlLRU1fQUxHT1JJVEhNX1VOU1BFQ0lGSUVEEAASHAoYS0VNX0FMR09SSVRITV9NTF9LRU1fNTEyEAESHAoYS0VNX0FMR09SSVRITV9NTF9LRU1fNzY4EAISHQoZS0VNX0FMR09SSVRITV9NTF9LRU1fMTAyNBADEhwKGEtFTV9BTEdPUklUSE1fWF9XSU5HXzc2OBAEEh0KGUtFTV9BTEdPUklUSE1fWF9XSU5HXzEwMjQQBSqtAQoJSHBrZVN1aXRlEhoKFkhQS0VfU1VJVEVfVU5TUEVDSUZJRUQQABI9CjlIUEtFX1NVSVRFX0RIS0VNX1AyNTZfSEtERl9TSEEyNTZfSEtERl9TSEEyNTZfQUVTXzI1Nl9HQ00QARJFCkFIUEtFX1NVSVRFX0RIS0VNX1gyNTUxOV9IS0RGX1NIQTI1Nl9IS0RGX1NIQTI1Nl9DSEFDSEEyMF9QT0xZMTMwNRACKoACCg1BZWFkQWxnb3JpdGhtEh4KGkFFQURfQUxHT1JJVEhNX1VOU1BFQ0lGSUVEEAASHgoaQUVBRF9BTEdPUklUSE1fQUVTXzI1Nl9HQ00QARIiCh5BRUFEX0FMR09SSVRITV9BRVNfMjU2X0dDTV9TSVYQAhIkCiBBRUFEX0FMR09SSVRITV9DSEFDSEEyMF9QT0xZMTMwNRADEiUKIUFFQURfQUxHT1JJVEhNX1hDSEFDSEEyMF9QT0xZMTMwNRAEEh4KGkFFQURfQUxHT1JJVEhNX0FFU18xMjhfR0NNEAUSHgoaQUVBRF9BTEdPUklUSE1fQUVTXzE5Ml9HQ00QBir6AQoNSGFzaEFsZ29yaXRobRIeChpIQVNIX0FMR09SSVRITV9VTlNQRUNJRklFRBAAEhsKF0hBU0hfQUxHT1JJVEhNX1NIQTJfMjU2EAESGwoXSEFTSF9BTEdPUklUSE1fU0hBMl8zODQQAhIbChdIQVNIX0FMR09SSVRITV9TSEEyXzUxMhADEhsKF0hBU0hfQUxHT1JJVEhNX1NIQTNfMjI0EAQSGwoXSEFTSF9BTEdPUklUSE1fU0hBM18yNTYQBRIbChdIQVNIX0FMR09SSVRITV9TSEEzXzM4NBAGEhsKF0hBU0hfQUxHT1JJVEhNX1NIQTNfNTEyEAcqawoMTWFjQWxnb3JpdGhtEh0KGU1BQ19BTEdPUklUSE1fVU5TUEVDSUZJRUQQABIdChlNQUNfQUxHT1JJVEhNX0hNQUNfU0hBMjU2EAESHQoZTUFDX0FMR09SSVRITV9ITUFDX1NIQTUxMhACKt0BCgxLZGZBbGdvcml0aG0SHQoZS0RGX0FMR09SSVRITV9VTlNQRUNJRklFRBAAEh0KGUtERl9BTEdPUklUSE1fSEtERl9TSEEyNTYQARIaChZLREZfQUxHT1JJVEhNX0FSR09OMklEEAISJAogS0RGX0FMR09SSVRITV9QQktERjJfSE1BQ19TSEEyNTYQAxIkCiBLREZfQUxHT1JJVEhNX1BCS0RGMl9ITUFDX1NIQTUxMhAEEicKI0tERl9BTEdPUklUSE1fSldBX0NPTkNBVF9LREZfU0hBMjU2EAUqWQoQS2V5V3JhcEFsZ29yaXRobRIiCh5LRVlfV1JBUF9BTEdPUklUSE1fVU5TUEVDSUZJRUQQABIhCh1LRVlfV1JBUF9BTEdPUklUSE1fQUVTXzI1Nl9LVxABKuUIChZNdWx0aWNvZGVjS2V5QWxnb3JpdGhtEigKJE1VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9VTlNQRUNJRklFRBAAEigKJE1VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9FRDI1NTE5X1BVQhABEicKI01VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9YMjU1MTlfUFVCEAISKgomTVVMVElDT0RFQ19LRVlfQUxHT1JJVEhNX1NFQ1AyNTZLMV9QVUIQAxIlCiFNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fUDI1Nl9QVUIQBBIlCiFNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fUDM4NF9QVUIQBRIlCiFNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fUDUyMV9QVUIQBhImCiJNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fRUQ0NDhfUFVCEAcSJAogTVVMVElDT0RFQ19LRVlfQUxHT1JJVEhNX1JTQV9QVUIQCBIrCidNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fTUxfS0VNXzUxMl9QVUIQCRIrCidNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fTUxfS0VNXzc2OF9QVUIQChIsCihNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fTUxfS0VNXzEwMjRfUFVCEAsSKgomTVVMVElDT0RFQ19LRVlfQUxHT1JJVEhNX01MX0RTQV80NF9QVUIQDBIqCiZNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fTUxfRFNBXzY1X1BVQhANEioKJk1VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9NTF9EU0FfODdfUFVCEA4SKQolTVVMVElDT0RFQ19LRVlfQUxHT1JJVEhNX0VEMjU1MTlfUFJJVhAPEigKJE1VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9YMjU1MTlfUFJJVhAQEisKJ01VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9TRUNQMjU2SzFfUFJJVhAREiYKIk1VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9QMjU2X1BSSVYQEhImCiJNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fUDM4NF9QUklWEBMSJgoiTVVMVElDT0RFQ19LRVlfQUxHT1JJVEhNX1A1MjFfUFJJVhAUEicKI01VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9FRDQ0OF9QUklWEBUSJQohTVVMVElDT0RFQ19LRVlfQUxHT1JJVEhNX1JTQV9QUklWEBYSLAooTVVMVElDT0RFQ19LRVlfQUxHT1JJVEhNX01MX0tFTV81MTJfUFJJVhAXEiwKKE1VTFRJQ09ERUNfS0VZX0FMR09SSVRITV9NTF9LRU1fNzY4X1BSSVYQGBItCilNVUxUSUNPREVDX0tFWV9BTEdPUklUSE1fTUxfS0VNXzEwMjRfUFJJVhAZQicKE21lLnJlYWxseS5jcnlwdG8udjFQAboCDVJlYWxseU1lUHJvdG9iBnByb3RvMw");
|
|
9
9
|
/**
|
|
10
10
|
* Describes the message reallyme.crypto.v1.CryptoAlgorithmIdentifier.
|
|
11
11
|
* Use `create(CryptoAlgorithmIdentifierSchema)` to create a new message.
|
|
@@ -184,6 +184,14 @@ export var KeyAgreementAlgorithm;
|
|
|
184
184
|
* @generated from enum value: KEY_AGREEMENT_ALGORITHM_P256_ECDH = 2;
|
|
185
185
|
*/
|
|
186
186
|
KeyAgreementAlgorithm[KeyAgreementAlgorithm["P256_ECDH"] = 2] = "P256_ECDH";
|
|
187
|
+
/**
|
|
188
|
+
* @generated from enum value: KEY_AGREEMENT_ALGORITHM_P384_ECDH = 3;
|
|
189
|
+
*/
|
|
190
|
+
KeyAgreementAlgorithm[KeyAgreementAlgorithm["P384_ECDH"] = 3] = "P384_ECDH";
|
|
191
|
+
/**
|
|
192
|
+
* @generated from enum value: KEY_AGREEMENT_ALGORITHM_P521_ECDH = 4;
|
|
193
|
+
*/
|
|
194
|
+
KeyAgreementAlgorithm[KeyAgreementAlgorithm["P521_ECDH"] = 4] = "P521_ECDH";
|
|
187
195
|
})(KeyAgreementAlgorithm || (KeyAgreementAlgorithm = {}));
|
|
188
196
|
/**
|
|
189
197
|
* Describes the enum reallyme.crypto.v1.KeyAgreementAlgorithm.
|
|
@@ -277,6 +285,14 @@ export var AeadAlgorithm;
|
|
|
277
285
|
* @generated from enum value: AEAD_ALGORITHM_XCHACHA20_POLY1305 = 4;
|
|
278
286
|
*/
|
|
279
287
|
AeadAlgorithm[AeadAlgorithm["XCHACHA20_POLY1305"] = 4] = "XCHACHA20_POLY1305";
|
|
288
|
+
/**
|
|
289
|
+
* @generated from enum value: AEAD_ALGORITHM_AES_128_GCM = 5;
|
|
290
|
+
*/
|
|
291
|
+
AeadAlgorithm[AeadAlgorithm["AES_128_GCM"] = 5] = "AES_128_GCM";
|
|
292
|
+
/**
|
|
293
|
+
* @generated from enum value: AEAD_ALGORITHM_AES_192_GCM = 6;
|
|
294
|
+
*/
|
|
295
|
+
AeadAlgorithm[AeadAlgorithm["AES_192_GCM"] = 6] = "AES_192_GCM";
|
|
280
296
|
})(AeadAlgorithm || (AeadAlgorithm = {}));
|
|
281
297
|
/**
|
|
282
298
|
* Describes the enum reallyme.crypto.v1.AeadAlgorithm.
|
|
@@ -378,6 +394,10 @@ export var KdfAlgorithm;
|
|
|
378
394
|
* @generated from enum value: KDF_ALGORITHM_PBKDF2_HMAC_SHA512 = 4;
|
|
379
395
|
*/
|
|
380
396
|
KdfAlgorithm[KdfAlgorithm["PBKDF2_HMAC_SHA512"] = 4] = "PBKDF2_HMAC_SHA512";
|
|
397
|
+
/**
|
|
398
|
+
* @generated from enum value: KDF_ALGORITHM_JWA_CONCAT_KDF_SHA256 = 5;
|
|
399
|
+
*/
|
|
400
|
+
KdfAlgorithm[KdfAlgorithm["JWA_CONCAT_KDF_SHA256"] = 5] = "JWA_CONCAT_KDF_SHA256";
|
|
381
401
|
})(KdfAlgorithm || (KdfAlgorithm = {}));
|
|
382
402
|
/**
|
|
383
403
|
* Describes the enum reallyme.crypto.v1.KdfAlgorithm.
|
package/dist/proto.js
CHANGED
|
@@ -126,6 +126,10 @@ export const hashAlgorithmToProto = (value) => {
|
|
|
126
126
|
};
|
|
127
127
|
export const aeadAlgorithmFromProto = (value) => {
|
|
128
128
|
switch (value) {
|
|
129
|
+
case AeadAlgorithm.AES_128_GCM:
|
|
130
|
+
return "AES-128-GCM";
|
|
131
|
+
case AeadAlgorithm.AES_192_GCM:
|
|
132
|
+
return "AES-192-GCM";
|
|
129
133
|
case AeadAlgorithm.AES_256_GCM:
|
|
130
134
|
return "AES-256-GCM";
|
|
131
135
|
case AeadAlgorithm.AES_256_GCM_SIV:
|
|
@@ -140,6 +144,10 @@ export const aeadAlgorithmFromProto = (value) => {
|
|
|
140
144
|
};
|
|
141
145
|
export const aeadAlgorithmToProto = (value) => {
|
|
142
146
|
switch (value) {
|
|
147
|
+
case "AES-128-GCM":
|
|
148
|
+
return AeadAlgorithm.AES_128_GCM;
|
|
149
|
+
case "AES-192-GCM":
|
|
150
|
+
return AeadAlgorithm.AES_192_GCM;
|
|
143
151
|
case "AES-256-GCM":
|
|
144
152
|
return AeadAlgorithm.AES_256_GCM;
|
|
145
153
|
case "AES-256-GCM-SIV":
|
|
@@ -186,6 +194,10 @@ export const keyAgreementAlgorithmFromProto = (value) => {
|
|
|
186
194
|
return "X25519";
|
|
187
195
|
case KeyAgreementAlgorithm.P256_ECDH:
|
|
188
196
|
return "P-256-ECDH";
|
|
197
|
+
case KeyAgreementAlgorithm.P384_ECDH:
|
|
198
|
+
return "P-384-ECDH";
|
|
199
|
+
case KeyAgreementAlgorithm.P521_ECDH:
|
|
200
|
+
return "P-521-ECDH";
|
|
189
201
|
default:
|
|
190
202
|
throw new ReallyMeCryptoError("unsupported-algorithm");
|
|
191
203
|
}
|
|
@@ -196,6 +208,10 @@ export const keyAgreementAlgorithmToProto = (value) => {
|
|
|
196
208
|
return KeyAgreementAlgorithm.X25519;
|
|
197
209
|
case "P-256-ECDH":
|
|
198
210
|
return KeyAgreementAlgorithm.P256_ECDH;
|
|
211
|
+
case "P-384-ECDH":
|
|
212
|
+
return KeyAgreementAlgorithm.P384_ECDH;
|
|
213
|
+
case "P-521-ECDH":
|
|
214
|
+
return KeyAgreementAlgorithm.P521_ECDH;
|
|
199
215
|
}
|
|
200
216
|
};
|
|
201
217
|
export const macAlgorithmFromProto = (value) => {
|
|
@@ -226,6 +242,8 @@ export const kdfAlgorithmFromProto = (value) => {
|
|
|
226
242
|
return "PBKDF2-HMAC-SHA-256";
|
|
227
243
|
case KdfAlgorithm.PBKDF2_HMAC_SHA512:
|
|
228
244
|
return "PBKDF2-HMAC-SHA-512";
|
|
245
|
+
case KdfAlgorithm.JWA_CONCAT_KDF_SHA256:
|
|
246
|
+
return "JWA-CONCAT-KDF-SHA256";
|
|
229
247
|
default:
|
|
230
248
|
throw new ReallyMeCryptoError("unsupported-algorithm");
|
|
231
249
|
}
|
|
@@ -240,6 +258,8 @@ export const kdfAlgorithmToProto = (value) => {
|
|
|
240
258
|
return KdfAlgorithm.PBKDF2_HMAC_SHA256;
|
|
241
259
|
case "PBKDF2-HMAC-SHA-512":
|
|
242
260
|
return KdfAlgorithm.PBKDF2_HMAC_SHA512;
|
|
261
|
+
case "JWA-CONCAT-KDF-SHA256":
|
|
262
|
+
return KdfAlgorithm.JWA_CONCAT_KDF_SHA256;
|
|
243
263
|
}
|
|
244
264
|
};
|
|
245
265
|
export const keyWrapAlgorithmFromProto = (value) => {
|
|
@@ -1,5 +1,69 @@
|
|
|
1
1
|
/* @ts-self-types="./reallyme_crypto_wasm.d.ts" */
|
|
2
2
|
|
|
3
|
+
/**
|
|
4
|
+
* Open and authenticate an AES-128-GCM `ciphertext || tag`.
|
|
5
|
+
* @param {Uint8Array} key
|
|
6
|
+
* @param {Uint8Array} nonce
|
|
7
|
+
* @param {Uint8Array} aad
|
|
8
|
+
* @param {Uint8Array} ciphertext
|
|
9
|
+
* @returns {Uint8Array}
|
|
10
|
+
*/
|
|
11
|
+
export function aes128GcmOpen(key, nonce, aad, ciphertext) {
|
|
12
|
+
const ret = wasm.aes128GcmOpen(key, nonce, aad, ciphertext);
|
|
13
|
+
if (ret[2]) {
|
|
14
|
+
throw takeFromExternrefTable0(ret[1]);
|
|
15
|
+
}
|
|
16
|
+
return takeFromExternrefTable0(ret[0]);
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
/**
|
|
20
|
+
* Seal plaintext with AES-128-GCM and return `ciphertext || tag`.
|
|
21
|
+
* @param {Uint8Array} key
|
|
22
|
+
* @param {Uint8Array} nonce
|
|
23
|
+
* @param {Uint8Array} aad
|
|
24
|
+
* @param {Uint8Array} plaintext
|
|
25
|
+
* @returns {Uint8Array}
|
|
26
|
+
*/
|
|
27
|
+
export function aes128GcmSeal(key, nonce, aad, plaintext) {
|
|
28
|
+
const ret = wasm.aes128GcmSeal(key, nonce, aad, plaintext);
|
|
29
|
+
if (ret[2]) {
|
|
30
|
+
throw takeFromExternrefTable0(ret[1]);
|
|
31
|
+
}
|
|
32
|
+
return takeFromExternrefTable0(ret[0]);
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
/**
|
|
36
|
+
* Open and authenticate an AES-192-GCM `ciphertext || tag`.
|
|
37
|
+
* @param {Uint8Array} key
|
|
38
|
+
* @param {Uint8Array} nonce
|
|
39
|
+
* @param {Uint8Array} aad
|
|
40
|
+
* @param {Uint8Array} ciphertext
|
|
41
|
+
* @returns {Uint8Array}
|
|
42
|
+
*/
|
|
43
|
+
export function aes192GcmOpen(key, nonce, aad, ciphertext) {
|
|
44
|
+
const ret = wasm.aes192GcmOpen(key, nonce, aad, ciphertext);
|
|
45
|
+
if (ret[2]) {
|
|
46
|
+
throw takeFromExternrefTable0(ret[1]);
|
|
47
|
+
}
|
|
48
|
+
return takeFromExternrefTable0(ret[0]);
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
/**
|
|
52
|
+
* Seal plaintext with AES-192-GCM and return `ciphertext || tag`.
|
|
53
|
+
* @param {Uint8Array} key
|
|
54
|
+
* @param {Uint8Array} nonce
|
|
55
|
+
* @param {Uint8Array} aad
|
|
56
|
+
* @param {Uint8Array} plaintext
|
|
57
|
+
* @returns {Uint8Array}
|
|
58
|
+
*/
|
|
59
|
+
export function aes192GcmSeal(key, nonce, aad, plaintext) {
|
|
60
|
+
const ret = wasm.aes192GcmSeal(key, nonce, aad, plaintext);
|
|
61
|
+
if (ret[2]) {
|
|
62
|
+
throw takeFromExternrefTable0(ret[1]);
|
|
63
|
+
}
|
|
64
|
+
return takeFromExternrefTable0(ret[0]);
|
|
65
|
+
}
|
|
66
|
+
|
|
3
67
|
/**
|
|
4
68
|
* Open and authenticate an AES-256-GCM `ciphertext || tag`.
|
|
5
69
|
* @param {Uint8Array} key
|
|
Binary file
|
|
@@ -4,6 +4,10 @@ export type ReallyMeWasmInitOutput = Readonly<{
|
|
|
4
4
|
export declare function initSync(module: {
|
|
5
5
|
module: Uint8Array;
|
|
6
6
|
}): ReallyMeWasmInitOutput;
|
|
7
|
+
export declare function aes128GcmOpen(key: Uint8Array, nonce: Uint8Array, aad: Uint8Array, ciphertextWithTag: Uint8Array): Uint8Array;
|
|
8
|
+
export declare function aes128GcmSeal(key: Uint8Array, nonce: Uint8Array, aad: Uint8Array, plaintext: Uint8Array): Uint8Array;
|
|
9
|
+
export declare function aes192GcmOpen(key: Uint8Array, nonce: Uint8Array, aad: Uint8Array, ciphertextWithTag: Uint8Array): Uint8Array;
|
|
10
|
+
export declare function aes192GcmSeal(key: Uint8Array, nonce: Uint8Array, aad: Uint8Array, plaintext: Uint8Array): Uint8Array;
|
|
7
11
|
export declare function aes256GcmOpen(key: Uint8Array, nonce: Uint8Array, aad: Uint8Array, ciphertextWithTag: Uint8Array): Uint8Array;
|
|
8
12
|
export declare function aes256GcmSeal(key: Uint8Array, nonce: Uint8Array, aad: Uint8Array, plaintext: Uint8Array): Uint8Array;
|
|
9
13
|
export declare function aes256GcmSivOpen(key: Uint8Array, nonce: Uint8Array, aad: Uint8Array, ciphertextWithTag: Uint8Array): Uint8Array;
|
package/dist/wasmProvider.d.ts
CHANGED
|
@@ -21,6 +21,10 @@ type EncapsulateFn = (publicKey: Uint8Array) => unknown;
|
|
|
21
21
|
type EncapsulateDerandFn = (publicKey: Uint8Array, seed: Uint8Array) => unknown;
|
|
22
22
|
type DecapsulateFn = (ciphertext: Uint8Array, secretKey: Uint8Array) => unknown;
|
|
23
23
|
export type ReallyMeWasmProvider = Readonly<{
|
|
24
|
+
aes128GcmSeal: AeadFn;
|
|
25
|
+
aes128GcmOpen: AeadFn;
|
|
26
|
+
aes192GcmSeal: AeadFn;
|
|
27
|
+
aes192GcmOpen: AeadFn;
|
|
24
28
|
aes256GcmSeal: AeadFn;
|
|
25
29
|
aes256GcmOpen: AeadFn;
|
|
26
30
|
aes256GcmSivSeal: AeadFn;
|
package/dist/wasmProvider.js
CHANGED
|
@@ -99,6 +99,10 @@ const rsaPssVerifyFunction = (module, name) => {
|
|
|
99
99
|
export const installReallyMeWasmProvider = (module) => {
|
|
100
100
|
const providerModule = requireObject(module);
|
|
101
101
|
installedProvider = {
|
|
102
|
+
aes128GcmSeal: function4(providerModule, "aes128GcmSeal"),
|
|
103
|
+
aes128GcmOpen: function4(providerModule, "aes128GcmOpen"),
|
|
104
|
+
aes192GcmSeal: function4(providerModule, "aes192GcmSeal"),
|
|
105
|
+
aes192GcmOpen: function4(providerModule, "aes192GcmOpen"),
|
|
102
106
|
aes256GcmSeal: function4(providerModule, "aes256GcmSeal"),
|
|
103
107
|
aes256GcmOpen: function4(providerModule, "aes256GcmOpen"),
|
|
104
108
|
aes256GcmSivSeal: function4(providerModule, "aes256GcmSivSeal"),
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@reallyme/crypto",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.6",
|
|
4
4
|
"description": "ReallyMe crypto SDK for TypeScript/JavaScript with an explicit, pinned provider set.",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"type": "module",
|
|
@@ -28,7 +28,7 @@
|
|
|
28
28
|
"README.md"
|
|
29
29
|
],
|
|
30
30
|
"scripts": {
|
|
31
|
-
"build": "npm run build:wasm && tsc",
|
|
31
|
+
"build": "node scripts/clean-dist.mjs && npm run build:wasm && tsc",
|
|
32
32
|
"build:ts": "tsc",
|
|
33
33
|
"build:wasm": "node scripts/build-wasm.mjs",
|
|
34
34
|
"typecheck": "tsc --noEmit",
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
export declare const verifySignatureResult: (valid: boolean) => void;
|
package/dist/verifySignature.js
DELETED
|
@@ -1,9 +0,0 @@
|
|
|
1
|
-
// SPDX-FileCopyrightText: Copyright © 2026 ReallyMe LLC. All rights reserved
|
|
2
|
-
//
|
|
3
|
-
// SPDX-License-Identifier: Apache-2.0
|
|
4
|
-
import { ReallyMeCryptoError } from "./errors.js";
|
|
5
|
-
export const verifySignatureResult = (valid) => {
|
|
6
|
-
if (!valid) {
|
|
7
|
-
throw new ReallyMeCryptoError("invalid-signature");
|
|
8
|
-
}
|
|
9
|
-
};
|