@reallyme/crypto 0.1.7 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +201 -0
- package/README.md +43 -3
- package/dist/aead.d.ts +4 -0
- package/dist/aead.js +32 -15
- package/dist/aesKw.d.ts +3 -0
- package/dist/aesKw.js +10 -0
- package/dist/argon2id.d.ts +2 -0
- package/dist/argon2id.js +6 -0
- package/dist/cryptoFacade.d.ts +36 -0
- package/dist/cryptoFacade.js +71 -23
- package/dist/errors.d.ts +1 -1
- package/dist/hpke.d.ts +4 -0
- package/dist/hpke.js +20 -0
- package/dist/index.d.ts +5 -6
- package/dist/index.js +4 -4
- package/dist/jwaConcatKdf.js +8 -4
- package/dist/jwk.js +67 -72
- package/dist/memory.d.ts +8 -0
- package/dist/memory.js +13 -0
- package/dist/mlDsa.d.ts +5 -0
- package/dist/mlDsa.js +23 -0
- package/dist/mlKem.d.ts +6 -0
- package/dist/mlKem.js +29 -0
- package/dist/p256Ecdh.js +5 -1
- package/dist/p384Ecdh.js +5 -1
- package/dist/p521Ecdh.js +5 -1
- package/dist/proto/generated/reallyme/crypto/v1/crypto_pb.d.ts +1602 -70
- package/dist/proto/generated/reallyme/crypto/v1/crypto_pb.js +624 -16
- package/dist/proto.d.ts +113 -3
- package/dist/proto.js +706 -2
- package/dist/rsa.d.ts +2 -0
- package/dist/rsa.js +18 -15
- package/dist/slhDsa.d.ts +5 -0
- package/dist/slhDsa.js +21 -0
- package/dist/validateBytes.d.ts +1 -0
- package/dist/validateBytes.js +6 -0
- package/dist/wasm/reallyme_crypto_wasm.js +1 -246
- package/dist/wasm/reallyme_crypto_wasm_bg.wasm +0 -0
- package/dist/wasmModuleTypes.d.ts +2 -11
- package/dist/wasmProvider.d.ts +1 -16
- package/dist/wasmProvider.js +10 -25
- package/dist/xWing.d.ts +6 -0
- package/dist/xWing.js +34 -2
- package/package.json +7 -2
- package/dist/codecs.d.ts +0 -35
- package/dist/codecs.js +0 -216
package/dist/proto.js
CHANGED
|
@@ -1,9 +1,34 @@
|
|
|
1
1
|
// SPDX-FileCopyrightText: Copyright © 2026 ReallyMe LLC. All rights reserved
|
|
2
2
|
//
|
|
3
3
|
// SPDX-License-Identifier: Apache-2.0
|
|
4
|
+
import { create, fromBinary, toBinary } from "@bufbuild/protobuf";
|
|
4
5
|
import { ReallyMeCryptoError } from "./errors.js";
|
|
5
|
-
|
|
6
|
-
|
|
6
|
+
import { ReallyMeJwk } from "./jwk.js";
|
|
7
|
+
export { AeadAlgorithm, AeadAlgorithmSchema, CryptoAlgorithmFamily, CryptoAlgorithmFamilySchema, CryptoAlgorithmIdentifierSchema, CryptoAeadOpenRequestSchema, CryptoAeadOpenResultSchema, CryptoAeadSealRequestSchema, CryptoAeadSealResultSchema, CryptoBackendErrorSchema, CryptoBip340SchnorrSignRequestSchema, CryptoErrorSchema, CryptoErrorReason, CryptoErrorReasonSchema, CryptoHashRequestSchema, CryptoHashResultSchema, CryptoHkdfDeriveRequestSchema, CryptoHkdfDeriveResultSchema, CryptoHpkeOpenRequestSchema, CryptoHpkeOpenResultSchema, CryptoHpkeSealRequestSchema, CryptoHpkeSealedMessageSchema, CryptoJwaConcatKdfSha256DeriveRequestSchema, CryptoJwaConcatKdfSha256DeriveResultSchema, CryptoKdfDeriveKeyRequestSchema, CryptoKdfDeriveKeyResultSchema, CryptoKemEncapsulationSchema, CryptoKemDecapsulateRequestSchema, CryptoKemDecapsulateResultSchema, CryptoKemEncapsulateRequestSchema, CryptoKemGenerateKeyPairRequestSchema, CryptoKeyAgreementDeriveKeyPairRequestSchema, CryptoKeyAgreementDeriveSharedSecretRequestSchema, CryptoKeyAgreementDeriveSharedSecretResultSchema, CryptoKeyPairSchema, CryptoKeyUnwrapRequestSchema, CryptoKeyUnwrapResultSchema, CryptoKeyWrapRequestSchema, CryptoKeyWrapResultSchema, CryptoMacAuthenticateRequestSchema, CryptoMacAuthenticateResultSchema, CryptoMacVerifyRequestSchema, CryptoPrimitiveErrorSchema, CryptoProviderErrorSchema, CryptoProviderCapabilitySchema, CryptoProviderCapabilitySetSchema, CryptoProviderSupportStatus, CryptoProviderSupportStatusSchema, CryptoRsaVerifyRequestSchema, CryptoSignatureDeriveKeyPairRequestSchema, CryptoSignatureGenerateKeyPairRequestSchema, CryptoSignatureSignRequestSchema, CryptoSignatureSignResultSchema, CryptoSignatureVerifyRequestSchema, CryptoVerificationResultSchema, CryptoVerificationStatus, CryptoVerificationStatusSchema, HashAlgorithm, HashAlgorithmSchema, HpkeSuite, HpkeSuiteSchema, JsonWebKeySchema, JsonWebKeySetSchema, KdfAlgorithm, KdfAlgorithmSchema, KemAlgorithm, KemAlgorithmSchema, KeyAgreementAlgorithm, KeyAgreementAlgorithmSchema, KeyWrapAlgorithm, KeyWrapAlgorithmSchema, MacAlgorithm, MacAlgorithmSchema, MulticodecKeyAlgorithm, MulticodecKeyAlgorithmSchema, SignatureAlgorithm, SignatureAlgorithmSchema, file_reallyme_crypto_v1_crypto, } from "./proto/generated/reallyme/crypto/v1/crypto_pb.js";
|
|
8
|
+
import { AeadAlgorithm, HashAlgorithm, HpkeSuite, KdfAlgorithm, KemAlgorithm, KeyAgreementAlgorithm, KeyWrapAlgorithm, MacAlgorithm, MulticodecKeyAlgorithm, SignatureAlgorithm, CryptoAlgorithmIdentifierSchema, CryptoAlgorithmFamily, CryptoBackendErrorSchema, CryptoErrorReason, CryptoErrorSchema, CryptoHpkeSealedMessageSchema, CryptoKemEncapsulationSchema, CryptoKeyPairSchema, CryptoPrimitiveErrorSchema, CryptoProviderCapabilitySchema, CryptoProviderCapabilitySetSchema, CryptoProviderErrorSchema, CryptoProviderSupportStatus, CryptoVerificationResultSchema, CryptoVerificationStatus, JsonWebKeySchema, JsonWebKeySetSchema, } from "./proto/generated/reallyme/crypto/v1/crypto_pb.js";
|
|
9
|
+
export class ReallyMeCryptoProtoResult {
|
|
10
|
+
#bytes;
|
|
11
|
+
status;
|
|
12
|
+
constructor(status, bytes) {
|
|
13
|
+
this.status = status;
|
|
14
|
+
this.#bytes = bytes.slice();
|
|
15
|
+
}
|
|
16
|
+
get bytes() {
|
|
17
|
+
return this.#bytes.slice();
|
|
18
|
+
}
|
|
19
|
+
get isCryptoError() {
|
|
20
|
+
return this.status === "crypto-error";
|
|
21
|
+
}
|
|
22
|
+
bestEffortClear() {
|
|
23
|
+
this.#bytes.fill(0);
|
|
24
|
+
}
|
|
25
|
+
toString() {
|
|
26
|
+
return `ReallyMeCryptoProtoResult(status=${this.status}, bytes=<redacted>)`;
|
|
27
|
+
}
|
|
28
|
+
toJSON() {
|
|
29
|
+
return { status: this.status, bytes: "<redacted>" };
|
|
30
|
+
}
|
|
31
|
+
}
|
|
7
32
|
export const signatureAlgorithmFromProto = (value) => {
|
|
8
33
|
switch (value) {
|
|
9
34
|
case SignatureAlgorithm.ED25519:
|
|
@@ -294,6 +319,42 @@ export const hpkeSuiteToProto = (value) => {
|
|
|
294
319
|
return HpkeSuite.DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305;
|
|
295
320
|
}
|
|
296
321
|
};
|
|
322
|
+
const signatureAlgorithmIdentifierToProto = (value) => create(CryptoAlgorithmIdentifierSchema, {
|
|
323
|
+
algorithm: { case: "signature", value: signatureAlgorithmToProto(value) },
|
|
324
|
+
});
|
|
325
|
+
const keyAgreementAlgorithmIdentifierToProto = (value) => create(CryptoAlgorithmIdentifierSchema, {
|
|
326
|
+
algorithm: { case: "keyAgreement", value: keyAgreementAlgorithmToProto(value) },
|
|
327
|
+
});
|
|
328
|
+
const kemAlgorithmIdentifierToProto = (value) => create(CryptoAlgorithmIdentifierSchema, {
|
|
329
|
+
algorithm: { case: "kem", value: kemAlgorithmToProto(value) },
|
|
330
|
+
});
|
|
331
|
+
const hpkeSuiteIdentifierToProto = (value) => create(CryptoAlgorithmIdentifierSchema, {
|
|
332
|
+
algorithm: { case: "hpke", value: hpkeSuiteToProto(value) },
|
|
333
|
+
});
|
|
334
|
+
const signatureAlgorithmFromIdentifier = (value) => {
|
|
335
|
+
if (value?.algorithm.case !== "signature") {
|
|
336
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
337
|
+
}
|
|
338
|
+
return signatureAlgorithmFromProto(value.algorithm.value);
|
|
339
|
+
};
|
|
340
|
+
const keyAgreementAlgorithmFromIdentifier = (value) => {
|
|
341
|
+
if (value?.algorithm.case !== "keyAgreement") {
|
|
342
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
343
|
+
}
|
|
344
|
+
return keyAgreementAlgorithmFromProto(value.algorithm.value);
|
|
345
|
+
};
|
|
346
|
+
const kemAlgorithmFromIdentifier = (value) => {
|
|
347
|
+
if (value?.algorithm.case !== "kem") {
|
|
348
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
349
|
+
}
|
|
350
|
+
return kemAlgorithmFromProto(value.algorithm.value);
|
|
351
|
+
};
|
|
352
|
+
const hpkeSuiteFromIdentifier = (value) => {
|
|
353
|
+
if (value?.algorithm.case !== "hpke") {
|
|
354
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
355
|
+
}
|
|
356
|
+
return hpkeSuiteFromProto(value.algorithm.value);
|
|
357
|
+
};
|
|
297
358
|
export const multicodecKeyAlgorithmFromProto = (value) => {
|
|
298
359
|
switch (value) {
|
|
299
360
|
case MulticodecKeyAlgorithm.ED25519_PUB:
|
|
@@ -360,3 +421,646 @@ export const multicodecKeyAlgorithmToProto = (value) => {
|
|
|
360
421
|
return MulticodecKeyAlgorithm.ML_DSA_87_PUB;
|
|
361
422
|
}
|
|
362
423
|
};
|
|
424
|
+
const asciiToBytes = (value) => {
|
|
425
|
+
const bytes = new Uint8Array(value.length);
|
|
426
|
+
for (let index = 0; index < value.length; index += 1) {
|
|
427
|
+
const codeUnit = value.charCodeAt(index);
|
|
428
|
+
if (codeUnit > 0x7f) {
|
|
429
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
430
|
+
}
|
|
431
|
+
bytes[index] = codeUnit;
|
|
432
|
+
}
|
|
433
|
+
return bytes;
|
|
434
|
+
};
|
|
435
|
+
const asciiFromBytes = (value) => {
|
|
436
|
+
const codeUnits = [];
|
|
437
|
+
for (const byte of value) {
|
|
438
|
+
if (byte > 0x7f) {
|
|
439
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
440
|
+
}
|
|
441
|
+
codeUnits.push(byte);
|
|
442
|
+
}
|
|
443
|
+
return String.fromCharCode(...codeUnits);
|
|
444
|
+
};
|
|
445
|
+
const cryptoErrorReasonToFacadeError = (reason) => {
|
|
446
|
+
switch (reason) {
|
|
447
|
+
case CryptoErrorReason.PRIMITIVE_INVALID_SIGNATURE:
|
|
448
|
+
case CryptoErrorReason.PRIMITIVE_VERIFICATION_FAILED:
|
|
449
|
+
return new ReallyMeCryptoError("invalid-signature");
|
|
450
|
+
case CryptoErrorReason.PROVIDER_UNSUPPORTED_ALGORITHM:
|
|
451
|
+
case CryptoErrorReason.PROVIDER_UNSUPPORTED_BACKEND:
|
|
452
|
+
return new ReallyMeCryptoError("unsupported-algorithm");
|
|
453
|
+
case CryptoErrorReason.PROVIDER_UNAVAILABLE:
|
|
454
|
+
case CryptoErrorReason.PROVIDER_RANDOMNESS_UNAVAILABLE:
|
|
455
|
+
case CryptoErrorReason.BACKEND_INVALID_STATE:
|
|
456
|
+
case CryptoErrorReason.BACKEND_INTERNAL:
|
|
457
|
+
case CryptoErrorReason.BACKEND_MALFORMED_PROTOBUF:
|
|
458
|
+
case CryptoErrorReason.BACKEND_MALFORMED_JSON:
|
|
459
|
+
case CryptoErrorReason.BACKEND_RESOURCE_LIMIT_EXCEEDED:
|
|
460
|
+
return new ReallyMeCryptoError("provider-failure");
|
|
461
|
+
case CryptoErrorReason.PRIMITIVE_INVALID_PARAMETER:
|
|
462
|
+
case CryptoErrorReason.PRIMITIVE_INVALID_LENGTH:
|
|
463
|
+
case CryptoErrorReason.PRIMITIVE_INVALID_KEY:
|
|
464
|
+
case CryptoErrorReason.PRIMITIVE_INVALID_PUBLIC_KEY:
|
|
465
|
+
case CryptoErrorReason.PRIMITIVE_INVALID_PRIVATE_KEY:
|
|
466
|
+
case CryptoErrorReason.PRIMITIVE_INVALID_NONCE:
|
|
467
|
+
case CryptoErrorReason.PRIMITIVE_INVALID_SALT:
|
|
468
|
+
case CryptoErrorReason.PRIMITIVE_INVALID_PASSWORD:
|
|
469
|
+
case CryptoErrorReason.PRIMITIVE_INVALID_ENCODING:
|
|
470
|
+
case CryptoErrorReason.PRIMITIVE_INVALID_SHARED_SECRET:
|
|
471
|
+
case CryptoErrorReason.PRIMITIVE_MALFORMED_CIPHERTEXT:
|
|
472
|
+
case CryptoErrorReason.PRIMITIVE_INVALID_TAG:
|
|
473
|
+
return new ReallyMeCryptoError("invalid-input");
|
|
474
|
+
case CryptoErrorReason.PRIMITIVE_AUTHENTICATION_FAILED:
|
|
475
|
+
return new ReallyMeCryptoError("authentication-failed");
|
|
476
|
+
default:
|
|
477
|
+
return new ReallyMeCryptoError("invalid-input");
|
|
478
|
+
}
|
|
479
|
+
};
|
|
480
|
+
const invalidInputReasons = new Set([
|
|
481
|
+
CryptoErrorReason.PRIMITIVE_INVALID_PARAMETER,
|
|
482
|
+
CryptoErrorReason.PRIMITIVE_INVALID_LENGTH,
|
|
483
|
+
CryptoErrorReason.PRIMITIVE_INVALID_KEY,
|
|
484
|
+
CryptoErrorReason.PRIMITIVE_INVALID_PUBLIC_KEY,
|
|
485
|
+
CryptoErrorReason.PRIMITIVE_INVALID_PRIVATE_KEY,
|
|
486
|
+
CryptoErrorReason.PRIMITIVE_INVALID_NONCE,
|
|
487
|
+
CryptoErrorReason.PRIMITIVE_INVALID_SALT,
|
|
488
|
+
CryptoErrorReason.PRIMITIVE_INVALID_PASSWORD,
|
|
489
|
+
CryptoErrorReason.PRIMITIVE_INVALID_ENCODING,
|
|
490
|
+
CryptoErrorReason.PRIMITIVE_INVALID_SHARED_SECRET,
|
|
491
|
+
CryptoErrorReason.PRIMITIVE_MALFORMED_CIPHERTEXT,
|
|
492
|
+
CryptoErrorReason.PRIMITIVE_INVALID_TAG,
|
|
493
|
+
]);
|
|
494
|
+
export const cryptoWireErrorToProto = (error) => {
|
|
495
|
+
switch (error.branch) {
|
|
496
|
+
case "primitive":
|
|
497
|
+
return create(CryptoErrorSchema, {
|
|
498
|
+
error: {
|
|
499
|
+
case: "primitive",
|
|
500
|
+
value: create(CryptoPrimitiveErrorSchema, {
|
|
501
|
+
reason: error.reason,
|
|
502
|
+
}),
|
|
503
|
+
},
|
|
504
|
+
});
|
|
505
|
+
case "provider":
|
|
506
|
+
return create(CryptoErrorSchema, {
|
|
507
|
+
error: {
|
|
508
|
+
case: "provider",
|
|
509
|
+
value: create(CryptoProviderErrorSchema, {
|
|
510
|
+
reason: error.reason,
|
|
511
|
+
}),
|
|
512
|
+
},
|
|
513
|
+
});
|
|
514
|
+
case "backend":
|
|
515
|
+
return create(CryptoErrorSchema, {
|
|
516
|
+
error: {
|
|
517
|
+
case: "backend",
|
|
518
|
+
value: create(CryptoBackendErrorSchema, {
|
|
519
|
+
reason: error.reason,
|
|
520
|
+
}),
|
|
521
|
+
},
|
|
522
|
+
});
|
|
523
|
+
}
|
|
524
|
+
};
|
|
525
|
+
export const cryptoWireErrorFromProto = (value) => {
|
|
526
|
+
switch (value.error.case) {
|
|
527
|
+
case "primitive":
|
|
528
|
+
return strictCryptoWireError("primitive", value.error.value.reason);
|
|
529
|
+
case "provider":
|
|
530
|
+
return strictCryptoWireError("provider", value.error.value.reason);
|
|
531
|
+
case "backend":
|
|
532
|
+
return strictCryptoWireError("backend", value.error.value.reason);
|
|
533
|
+
default:
|
|
534
|
+
return malformedCryptoErrorEnvelope();
|
|
535
|
+
}
|
|
536
|
+
};
|
|
537
|
+
export const cryptoWireErrorToProtoBytes = (error) => toBinary(CryptoErrorSchema, cryptoWireErrorToProto(error));
|
|
538
|
+
export const cryptoWireErrorFromProtoBytes = (bytes) => {
|
|
539
|
+
try {
|
|
540
|
+
return cryptoWireErrorFromProto(fromBinary(CryptoErrorSchema, bytes));
|
|
541
|
+
}
|
|
542
|
+
catch {
|
|
543
|
+
return malformedCryptoErrorEnvelope();
|
|
544
|
+
}
|
|
545
|
+
};
|
|
546
|
+
const strictCryptoWireError = (branch, reason) => {
|
|
547
|
+
const result = cryptoWireErrorTryNew(branch, reason);
|
|
548
|
+
return result.ok ? result.value : malformedCryptoErrorEnvelope();
|
|
549
|
+
};
|
|
550
|
+
export const cryptoWireErrorTryNew = (branch, reason) => {
|
|
551
|
+
if (reason === CryptoErrorReason.UNSPECIFIED) {
|
|
552
|
+
return { ok: false, error: "unspecified-reason" };
|
|
553
|
+
}
|
|
554
|
+
if (knownCryptoErrorReasons.has(reason) && !cryptoErrorReasonMatchesBranch(branch, reason)) {
|
|
555
|
+
return { ok: false, error: "branch-reason-mismatch" };
|
|
556
|
+
}
|
|
557
|
+
if (!cryptoErrorReasonCodeMatchesBranch(branch, reason)) {
|
|
558
|
+
return { ok: false, error: "reason-code-out-of-range" };
|
|
559
|
+
}
|
|
560
|
+
return { ok: true, value: { branch, reason, reasonCode: reason } };
|
|
561
|
+
};
|
|
562
|
+
const malformedCryptoErrorEnvelope = () => ({
|
|
563
|
+
branch: "backend",
|
|
564
|
+
reason: CryptoErrorReason.BACKEND_MALFORMED_PROTOBUF,
|
|
565
|
+
reasonCode: CryptoErrorReason.BACKEND_MALFORMED_PROTOBUF,
|
|
566
|
+
});
|
|
567
|
+
const cryptoErrorReasonCodeMatchesBranch = (branch, reasonCode) => {
|
|
568
|
+
switch (branch) {
|
|
569
|
+
case "primitive":
|
|
570
|
+
return reasonCode >= 100 && reasonCode <= 199;
|
|
571
|
+
case "provider":
|
|
572
|
+
return reasonCode >= 200 && reasonCode <= 299;
|
|
573
|
+
case "backend":
|
|
574
|
+
return reasonCode >= 300 && reasonCode <= 399;
|
|
575
|
+
}
|
|
576
|
+
};
|
|
577
|
+
const cryptoErrorReasonMatchesBranch = (branch, reason) => {
|
|
578
|
+
switch (branch) {
|
|
579
|
+
case "primitive":
|
|
580
|
+
return primitiveCryptoErrorReasons.has(reason);
|
|
581
|
+
case "provider":
|
|
582
|
+
return providerCryptoErrorReasons.has(reason);
|
|
583
|
+
case "backend":
|
|
584
|
+
return backendCryptoErrorReasons.has(reason);
|
|
585
|
+
}
|
|
586
|
+
};
|
|
587
|
+
const primitiveCryptoErrorReasons = new Set([
|
|
588
|
+
CryptoErrorReason.PRIMITIVE_INVALID_PARAMETER,
|
|
589
|
+
CryptoErrorReason.PRIMITIVE_INVALID_LENGTH,
|
|
590
|
+
CryptoErrorReason.PRIMITIVE_INVALID_KEY,
|
|
591
|
+
CryptoErrorReason.PRIMITIVE_INVALID_PUBLIC_KEY,
|
|
592
|
+
CryptoErrorReason.PRIMITIVE_INVALID_PRIVATE_KEY,
|
|
593
|
+
CryptoErrorReason.PRIMITIVE_INVALID_NONCE,
|
|
594
|
+
CryptoErrorReason.PRIMITIVE_INVALID_SALT,
|
|
595
|
+
CryptoErrorReason.PRIMITIVE_INVALID_PASSWORD,
|
|
596
|
+
CryptoErrorReason.PRIMITIVE_INVALID_ENCODING,
|
|
597
|
+
CryptoErrorReason.PRIMITIVE_INVALID_SIGNATURE,
|
|
598
|
+
CryptoErrorReason.PRIMITIVE_VERIFICATION_FAILED,
|
|
599
|
+
CryptoErrorReason.PRIMITIVE_AUTHENTICATION_FAILED,
|
|
600
|
+
CryptoErrorReason.PRIMITIVE_MALFORMED_CIPHERTEXT,
|
|
601
|
+
CryptoErrorReason.PRIMITIVE_INVALID_TAG,
|
|
602
|
+
CryptoErrorReason.PRIMITIVE_INVALID_SHARED_SECRET,
|
|
603
|
+
]);
|
|
604
|
+
const providerCryptoErrorReasons = new Set([
|
|
605
|
+
CryptoErrorReason.PROVIDER_UNSUPPORTED_ALGORITHM,
|
|
606
|
+
CryptoErrorReason.PROVIDER_UNSUPPORTED_BACKEND,
|
|
607
|
+
CryptoErrorReason.PROVIDER_UNAVAILABLE,
|
|
608
|
+
CryptoErrorReason.PROVIDER_RANDOMNESS_UNAVAILABLE,
|
|
609
|
+
]);
|
|
610
|
+
const backendCryptoErrorReasons = new Set([
|
|
611
|
+
CryptoErrorReason.BACKEND_INVALID_STATE,
|
|
612
|
+
CryptoErrorReason.BACKEND_INTERNAL,
|
|
613
|
+
CryptoErrorReason.BACKEND_MALFORMED_PROTOBUF,
|
|
614
|
+
CryptoErrorReason.BACKEND_MALFORMED_JSON,
|
|
615
|
+
CryptoErrorReason.BACKEND_RESOURCE_LIMIT_EXCEEDED,
|
|
616
|
+
]);
|
|
617
|
+
const knownCryptoErrorReasons = new Set([
|
|
618
|
+
...primitiveCryptoErrorReasons,
|
|
619
|
+
...providerCryptoErrorReasons,
|
|
620
|
+
...backendCryptoErrorReasons,
|
|
621
|
+
]);
|
|
622
|
+
export const cryptoWireErrorToFacadeError = (error) => {
|
|
623
|
+
if (!knownCryptoErrorReasons.has(error.reason)) {
|
|
624
|
+
return new ReallyMeCryptoError("provider-failure");
|
|
625
|
+
}
|
|
626
|
+
const facadeError = cryptoErrorReasonToFacadeError(error.reason);
|
|
627
|
+
if (facadeError.code !== "invalid-input" || invalidInputReasons.has(error.reason)) {
|
|
628
|
+
return facadeError;
|
|
629
|
+
}
|
|
630
|
+
switch (error.branch) {
|
|
631
|
+
case "primitive":
|
|
632
|
+
return facadeError;
|
|
633
|
+
case "provider":
|
|
634
|
+
case "backend":
|
|
635
|
+
return new ReallyMeCryptoError("provider-failure");
|
|
636
|
+
}
|
|
637
|
+
};
|
|
638
|
+
export const cryptoProtoResult = (bytes) => new ReallyMeCryptoProtoResult("result", bytes);
|
|
639
|
+
export const cryptoProtoErrorResult = (error) => {
|
|
640
|
+
const bytes = error instanceof ReallyMeCryptoError
|
|
641
|
+
? cryptoErrorToProtoBytes(error)
|
|
642
|
+
: "branch" in error
|
|
643
|
+
? cryptoWireErrorToProtoBytes(error)
|
|
644
|
+
: toBinary(CryptoErrorSchema, error);
|
|
645
|
+
return new ReallyMeCryptoProtoResult("crypto-error", bytes);
|
|
646
|
+
};
|
|
647
|
+
export const cryptoErrorToProto = (error) => {
|
|
648
|
+
switch (error.code) {
|
|
649
|
+
case "invalid-input":
|
|
650
|
+
return create(CryptoErrorSchema, {
|
|
651
|
+
error: {
|
|
652
|
+
case: "primitive",
|
|
653
|
+
value: create(CryptoPrimitiveErrorSchema, {
|
|
654
|
+
reason: CryptoErrorReason.PRIMITIVE_INVALID_PARAMETER,
|
|
655
|
+
}),
|
|
656
|
+
},
|
|
657
|
+
});
|
|
658
|
+
case "invalid-signature":
|
|
659
|
+
return create(CryptoErrorSchema, {
|
|
660
|
+
error: {
|
|
661
|
+
case: "primitive",
|
|
662
|
+
value: create(CryptoPrimitiveErrorSchema, {
|
|
663
|
+
reason: CryptoErrorReason.PRIMITIVE_INVALID_SIGNATURE,
|
|
664
|
+
}),
|
|
665
|
+
},
|
|
666
|
+
});
|
|
667
|
+
case "authentication-failed":
|
|
668
|
+
return create(CryptoErrorSchema, {
|
|
669
|
+
error: {
|
|
670
|
+
case: "primitive",
|
|
671
|
+
value: create(CryptoPrimitiveErrorSchema, {
|
|
672
|
+
reason: CryptoErrorReason.PRIMITIVE_AUTHENTICATION_FAILED,
|
|
673
|
+
}),
|
|
674
|
+
},
|
|
675
|
+
});
|
|
676
|
+
case "provider-failure":
|
|
677
|
+
return create(CryptoErrorSchema, {
|
|
678
|
+
error: {
|
|
679
|
+
case: "backend",
|
|
680
|
+
value: create(CryptoBackendErrorSchema, {
|
|
681
|
+
reason: CryptoErrorReason.BACKEND_INTERNAL,
|
|
682
|
+
}),
|
|
683
|
+
},
|
|
684
|
+
});
|
|
685
|
+
case "unsupported-algorithm":
|
|
686
|
+
return create(CryptoErrorSchema, {
|
|
687
|
+
error: {
|
|
688
|
+
case: "provider",
|
|
689
|
+
value: create(CryptoProviderErrorSchema, {
|
|
690
|
+
reason: CryptoErrorReason.PROVIDER_UNSUPPORTED_ALGORITHM,
|
|
691
|
+
}),
|
|
692
|
+
},
|
|
693
|
+
});
|
|
694
|
+
}
|
|
695
|
+
};
|
|
696
|
+
export const cryptoErrorToProtoBytes = (error) => toBinary(CryptoErrorSchema, cryptoErrorToProto(error));
|
|
697
|
+
export const cryptoErrorFromProto = (value) => {
|
|
698
|
+
return cryptoWireErrorToFacadeError(cryptoWireErrorFromProto(value));
|
|
699
|
+
};
|
|
700
|
+
export const cryptoErrorFromProtoBytes = (bytes) => {
|
|
701
|
+
return cryptoWireErrorToFacadeError(cryptoWireErrorFromProtoBytes(bytes));
|
|
702
|
+
};
|
|
703
|
+
const signatureJwkAlgorithmToProto = (value) => {
|
|
704
|
+
switch (value) {
|
|
705
|
+
case "Ed25519":
|
|
706
|
+
return SignatureAlgorithm.ED25519;
|
|
707
|
+
case "P-256":
|
|
708
|
+
return SignatureAlgorithm.ECDSA_P256_SHA256;
|
|
709
|
+
case "secp256k1":
|
|
710
|
+
return SignatureAlgorithm.ECDSA_SECP256K1_SHA256;
|
|
711
|
+
case "ML-DSA-44":
|
|
712
|
+
return SignatureAlgorithm.ML_DSA_44;
|
|
713
|
+
case "ML-DSA-65":
|
|
714
|
+
return SignatureAlgorithm.ML_DSA_65;
|
|
715
|
+
case "ML-DSA-87":
|
|
716
|
+
return SignatureAlgorithm.ML_DSA_87;
|
|
717
|
+
case "SLH-DSA-SHA2-128s":
|
|
718
|
+
return SignatureAlgorithm.SLH_DSA_SHA2_128S;
|
|
719
|
+
default:
|
|
720
|
+
throw new ReallyMeCryptoError("unsupported-algorithm");
|
|
721
|
+
}
|
|
722
|
+
};
|
|
723
|
+
const jwkAlgorithmToProto = (value) => {
|
|
724
|
+
switch (value) {
|
|
725
|
+
case "X25519":
|
|
726
|
+
return create(CryptoAlgorithmIdentifierSchema, {
|
|
727
|
+
algorithm: {
|
|
728
|
+
case: "keyAgreement",
|
|
729
|
+
value: KeyAgreementAlgorithm.X25519,
|
|
730
|
+
},
|
|
731
|
+
});
|
|
732
|
+
case "ML-KEM-512":
|
|
733
|
+
return create(CryptoAlgorithmIdentifierSchema, {
|
|
734
|
+
algorithm: {
|
|
735
|
+
case: "kem",
|
|
736
|
+
value: KemAlgorithm.ML_KEM_512,
|
|
737
|
+
},
|
|
738
|
+
});
|
|
739
|
+
case "ML-KEM-768":
|
|
740
|
+
return create(CryptoAlgorithmIdentifierSchema, {
|
|
741
|
+
algorithm: {
|
|
742
|
+
case: "kem",
|
|
743
|
+
value: KemAlgorithm.ML_KEM_768,
|
|
744
|
+
},
|
|
745
|
+
});
|
|
746
|
+
case "ML-KEM-1024":
|
|
747
|
+
return create(CryptoAlgorithmIdentifierSchema, {
|
|
748
|
+
algorithm: {
|
|
749
|
+
case: "kem",
|
|
750
|
+
value: KemAlgorithm.ML_KEM_1024,
|
|
751
|
+
},
|
|
752
|
+
});
|
|
753
|
+
case "X-Wing-768":
|
|
754
|
+
return create(CryptoAlgorithmIdentifierSchema, {
|
|
755
|
+
algorithm: {
|
|
756
|
+
case: "kem",
|
|
757
|
+
value: KemAlgorithm.X_WING_768,
|
|
758
|
+
},
|
|
759
|
+
});
|
|
760
|
+
case "X-Wing-1024":
|
|
761
|
+
return create(CryptoAlgorithmIdentifierSchema, {
|
|
762
|
+
algorithm: {
|
|
763
|
+
case: "kem",
|
|
764
|
+
value: KemAlgorithm.X_WING_1024,
|
|
765
|
+
},
|
|
766
|
+
});
|
|
767
|
+
default:
|
|
768
|
+
return create(CryptoAlgorithmIdentifierSchema, {
|
|
769
|
+
algorithm: {
|
|
770
|
+
case: "signature",
|
|
771
|
+
value: signatureJwkAlgorithmToProto(value),
|
|
772
|
+
},
|
|
773
|
+
});
|
|
774
|
+
}
|
|
775
|
+
};
|
|
776
|
+
const signatureJwkAlgorithmFromProto = (value) => {
|
|
777
|
+
switch (value) {
|
|
778
|
+
case SignatureAlgorithm.ED25519:
|
|
779
|
+
return "Ed25519";
|
|
780
|
+
case SignatureAlgorithm.ECDSA_P256_SHA256:
|
|
781
|
+
return "P-256";
|
|
782
|
+
case SignatureAlgorithm.ECDSA_SECP256K1_SHA256:
|
|
783
|
+
return "secp256k1";
|
|
784
|
+
case SignatureAlgorithm.ML_DSA_44:
|
|
785
|
+
return "ML-DSA-44";
|
|
786
|
+
case SignatureAlgorithm.ML_DSA_65:
|
|
787
|
+
return "ML-DSA-65";
|
|
788
|
+
case SignatureAlgorithm.ML_DSA_87:
|
|
789
|
+
return "ML-DSA-87";
|
|
790
|
+
case SignatureAlgorithm.SLH_DSA_SHA2_128S:
|
|
791
|
+
return "SLH-DSA-SHA2-128s";
|
|
792
|
+
default:
|
|
793
|
+
throw new ReallyMeCryptoError("unsupported-algorithm");
|
|
794
|
+
}
|
|
795
|
+
};
|
|
796
|
+
const jwkAlgorithmFromProto = (value) => {
|
|
797
|
+
switch (value.algorithm.case) {
|
|
798
|
+
case "signature":
|
|
799
|
+
return signatureJwkAlgorithmFromProto(value.algorithm.value);
|
|
800
|
+
case "keyAgreement":
|
|
801
|
+
if (value.algorithm.value === KeyAgreementAlgorithm.X25519) {
|
|
802
|
+
return "X25519";
|
|
803
|
+
}
|
|
804
|
+
throw new ReallyMeCryptoError("unsupported-algorithm");
|
|
805
|
+
case "kem":
|
|
806
|
+
switch (value.algorithm.value) {
|
|
807
|
+
case KemAlgorithm.ML_KEM_512:
|
|
808
|
+
return "ML-KEM-512";
|
|
809
|
+
case KemAlgorithm.ML_KEM_768:
|
|
810
|
+
return "ML-KEM-768";
|
|
811
|
+
case KemAlgorithm.ML_KEM_1024:
|
|
812
|
+
return "ML-KEM-1024";
|
|
813
|
+
case KemAlgorithm.X_WING_768:
|
|
814
|
+
return "X-Wing-768";
|
|
815
|
+
case KemAlgorithm.X_WING_1024:
|
|
816
|
+
return "X-Wing-1024";
|
|
817
|
+
default:
|
|
818
|
+
throw new ReallyMeCryptoError("unsupported-algorithm");
|
|
819
|
+
}
|
|
820
|
+
default:
|
|
821
|
+
throw new ReallyMeCryptoError("unsupported-algorithm");
|
|
822
|
+
}
|
|
823
|
+
};
|
|
824
|
+
export const jsonWebKeyToProto = (key) => create(JsonWebKeySchema, {
|
|
825
|
+
algorithm: jwkAlgorithmToProto(key.algorithm),
|
|
826
|
+
publicKey: key.publicKey,
|
|
827
|
+
canonicalJcs: asciiToBytes(ReallyMeJwk.toJcs(key.jwk)),
|
|
828
|
+
});
|
|
829
|
+
export const jsonWebKeyToProtoBytes = (key) => toBinary(JsonWebKeySchema, jsonWebKeyToProto(key));
|
|
830
|
+
export const jsonWebKeyFromProto = (value) => {
|
|
831
|
+
const algorithm = value.algorithm === undefined
|
|
832
|
+
? undefined
|
|
833
|
+
: jwkAlgorithmFromProto(value.algorithm);
|
|
834
|
+
if (algorithm === undefined) {
|
|
835
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
836
|
+
}
|
|
837
|
+
const jwk = ReallyMeJwk.toJwk(algorithm, value.publicKey);
|
|
838
|
+
if (value.canonicalJcs.length > 0) {
|
|
839
|
+
const expected = ReallyMeJwk.toJcs(jwk);
|
|
840
|
+
if (asciiFromBytes(value.canonicalJcs) !== expected) {
|
|
841
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
842
|
+
}
|
|
843
|
+
}
|
|
844
|
+
return { algorithm, publicKey: value.publicKey, jwk };
|
|
845
|
+
};
|
|
846
|
+
export const jsonWebKeyFromProtoBytes = (bytes) => {
|
|
847
|
+
try {
|
|
848
|
+
return jsonWebKeyFromProto(fromBinary(JsonWebKeySchema, bytes));
|
|
849
|
+
}
|
|
850
|
+
catch (error) {
|
|
851
|
+
if (error instanceof ReallyMeCryptoError) {
|
|
852
|
+
throw error;
|
|
853
|
+
}
|
|
854
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
855
|
+
}
|
|
856
|
+
};
|
|
857
|
+
export const jsonWebKeySetToProto = (keySet) => create(JsonWebKeySetSchema, {
|
|
858
|
+
keys: keySet.keys.map((key) => jsonWebKeyToProto(key)),
|
|
859
|
+
});
|
|
860
|
+
export const jsonWebKeySetToProtoBytes = (keySet) => toBinary(JsonWebKeySetSchema, jsonWebKeySetToProto(keySet));
|
|
861
|
+
export const jsonWebKeySetFromProto = (value) => ({
|
|
862
|
+
keys: value.keys.map((key) => jsonWebKeyFromProto(key)),
|
|
863
|
+
});
|
|
864
|
+
export const jsonWebKeySetFromProtoBytes = (bytes) => {
|
|
865
|
+
try {
|
|
866
|
+
return jsonWebKeySetFromProto(fromBinary(JsonWebKeySetSchema, bytes));
|
|
867
|
+
}
|
|
868
|
+
catch (error) {
|
|
869
|
+
if (error instanceof ReallyMeCryptoError) {
|
|
870
|
+
throw error;
|
|
871
|
+
}
|
|
872
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
873
|
+
}
|
|
874
|
+
};
|
|
875
|
+
const keyPairToProto = (algorithm, keyPair) => create(CryptoKeyPairSchema, {
|
|
876
|
+
algorithm,
|
|
877
|
+
publicKey: keyPair.publicKey,
|
|
878
|
+
secretKey: keyPair.secretKey,
|
|
879
|
+
});
|
|
880
|
+
export const signatureKeyPairToProto = (algorithm, keyPair) => keyPairToProto(signatureAlgorithmIdentifierToProto(algorithm), keyPair);
|
|
881
|
+
export const signatureKeyPairToProtoBytes = (algorithm, keyPair) => toBinary(CryptoKeyPairSchema, signatureKeyPairToProto(algorithm, keyPair));
|
|
882
|
+
export const signatureKeyPairFromProto = (value) => ({
|
|
883
|
+
algorithm: signatureAlgorithmFromIdentifier(value.algorithm),
|
|
884
|
+
keyPair: {
|
|
885
|
+
publicKey: value.publicKey,
|
|
886
|
+
secretKey: value.secretKey,
|
|
887
|
+
},
|
|
888
|
+
});
|
|
889
|
+
export const signatureKeyPairFromProtoBytes = (bytes) => {
|
|
890
|
+
try {
|
|
891
|
+
return signatureKeyPairFromProto(fromBinary(CryptoKeyPairSchema, bytes));
|
|
892
|
+
}
|
|
893
|
+
catch (error) {
|
|
894
|
+
if (error instanceof ReallyMeCryptoError) {
|
|
895
|
+
throw error;
|
|
896
|
+
}
|
|
897
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
898
|
+
}
|
|
899
|
+
};
|
|
900
|
+
export const keyAgreementKeyPairToProto = (algorithm, keyPair) => keyPairToProto(keyAgreementAlgorithmIdentifierToProto(algorithm), keyPair);
|
|
901
|
+
export const keyAgreementKeyPairToProtoBytes = (algorithm, keyPair) => toBinary(CryptoKeyPairSchema, keyAgreementKeyPairToProto(algorithm, keyPair));
|
|
902
|
+
export const keyAgreementKeyPairFromProto = (value) => ({
|
|
903
|
+
algorithm: keyAgreementAlgorithmFromIdentifier(value.algorithm),
|
|
904
|
+
keyPair: {
|
|
905
|
+
publicKey: value.publicKey,
|
|
906
|
+
secretKey: value.secretKey,
|
|
907
|
+
},
|
|
908
|
+
});
|
|
909
|
+
export const keyAgreementKeyPairFromProtoBytes = (bytes) => {
|
|
910
|
+
try {
|
|
911
|
+
return keyAgreementKeyPairFromProto(fromBinary(CryptoKeyPairSchema, bytes));
|
|
912
|
+
}
|
|
913
|
+
catch (error) {
|
|
914
|
+
if (error instanceof ReallyMeCryptoError) {
|
|
915
|
+
throw error;
|
|
916
|
+
}
|
|
917
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
918
|
+
}
|
|
919
|
+
};
|
|
920
|
+
export const kemKeyPairToProto = (algorithm, keyPair) => keyPairToProto(kemAlgorithmIdentifierToProto(algorithm), keyPair);
|
|
921
|
+
export const kemKeyPairToProtoBytes = (algorithm, keyPair) => toBinary(CryptoKeyPairSchema, kemKeyPairToProto(algorithm, keyPair));
|
|
922
|
+
export const kemKeyPairFromProto = (value) => ({
|
|
923
|
+
algorithm: kemAlgorithmFromIdentifier(value.algorithm),
|
|
924
|
+
keyPair: {
|
|
925
|
+
publicKey: value.publicKey,
|
|
926
|
+
secretKey: value.secretKey,
|
|
927
|
+
},
|
|
928
|
+
});
|
|
929
|
+
export const kemKeyPairFromProtoBytes = (bytes) => {
|
|
930
|
+
try {
|
|
931
|
+
return kemKeyPairFromProto(fromBinary(CryptoKeyPairSchema, bytes));
|
|
932
|
+
}
|
|
933
|
+
catch (error) {
|
|
934
|
+
if (error instanceof ReallyMeCryptoError) {
|
|
935
|
+
throw error;
|
|
936
|
+
}
|
|
937
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
938
|
+
}
|
|
939
|
+
};
|
|
940
|
+
export const kemEncapsulationToProto = (algorithm, encapsulation) => create(CryptoKemEncapsulationSchema, {
|
|
941
|
+
algorithm: kemAlgorithmIdentifierToProto(algorithm),
|
|
942
|
+
ciphertext: encapsulation.ciphertext,
|
|
943
|
+
sharedSecret: encapsulation.sharedSecret,
|
|
944
|
+
});
|
|
945
|
+
export const kemEncapsulationToProtoBytes = (algorithm, encapsulation) => toBinary(CryptoKemEncapsulationSchema, kemEncapsulationToProto(algorithm, encapsulation));
|
|
946
|
+
export const kemEncapsulationFromProto = (value) => ({
|
|
947
|
+
algorithm: kemAlgorithmFromIdentifier(value.algorithm),
|
|
948
|
+
encapsulation: {
|
|
949
|
+
ciphertext: value.ciphertext,
|
|
950
|
+
sharedSecret: value.sharedSecret,
|
|
951
|
+
},
|
|
952
|
+
});
|
|
953
|
+
export const kemEncapsulationFromProtoBytes = (bytes) => {
|
|
954
|
+
try {
|
|
955
|
+
return kemEncapsulationFromProto(fromBinary(CryptoKemEncapsulationSchema, bytes));
|
|
956
|
+
}
|
|
957
|
+
catch (error) {
|
|
958
|
+
if (error instanceof ReallyMeCryptoError) {
|
|
959
|
+
throw error;
|
|
960
|
+
}
|
|
961
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
962
|
+
}
|
|
963
|
+
};
|
|
964
|
+
export const hpkeSealedMessageToProto = (suite, sealedMessage) => create(CryptoHpkeSealedMessageSchema, {
|
|
965
|
+
algorithm: hpkeSuiteIdentifierToProto(suite),
|
|
966
|
+
encapsulatedKey: sealedMessage.encapsulatedKey,
|
|
967
|
+
ciphertext: sealedMessage.ciphertext,
|
|
968
|
+
});
|
|
969
|
+
export const hpkeSealedMessageToProtoBytes = (suite, sealedMessage) => toBinary(CryptoHpkeSealedMessageSchema, hpkeSealedMessageToProto(suite, sealedMessage));
|
|
970
|
+
export const hpkeSealedMessageFromProto = (value) => ({
|
|
971
|
+
suite: hpkeSuiteFromIdentifier(value.algorithm),
|
|
972
|
+
sealedMessage: {
|
|
973
|
+
encapsulatedKey: value.encapsulatedKey,
|
|
974
|
+
ciphertext: value.ciphertext,
|
|
975
|
+
},
|
|
976
|
+
});
|
|
977
|
+
export const hpkeSealedMessageFromProtoBytes = (bytes) => {
|
|
978
|
+
try {
|
|
979
|
+
return hpkeSealedMessageFromProto(fromBinary(CryptoHpkeSealedMessageSchema, bytes));
|
|
980
|
+
}
|
|
981
|
+
catch (error) {
|
|
982
|
+
if (error instanceof ReallyMeCryptoError) {
|
|
983
|
+
throw error;
|
|
984
|
+
}
|
|
985
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
986
|
+
}
|
|
987
|
+
};
|
|
988
|
+
export const verificationResultToProto = (algorithm, valid) => create(CryptoVerificationResultSchema, {
|
|
989
|
+
algorithm,
|
|
990
|
+
status: valid ? CryptoVerificationStatus.VALID : CryptoVerificationStatus.INVALID,
|
|
991
|
+
});
|
|
992
|
+
export const verificationErrorToProto = (algorithm, error) => create(CryptoVerificationResultSchema, {
|
|
993
|
+
algorithm,
|
|
994
|
+
status: CryptoVerificationStatus.ERROR,
|
|
995
|
+
error: cryptoErrorToProto(error),
|
|
996
|
+
});
|
|
997
|
+
export const verificationResultToProtoBytes = (value) => toBinary(CryptoVerificationResultSchema, value);
|
|
998
|
+
export const verificationResultFromProtoBytes = (bytes) => {
|
|
999
|
+
try {
|
|
1000
|
+
return fromBinary(CryptoVerificationResultSchema, bytes);
|
|
1001
|
+
}
|
|
1002
|
+
catch {
|
|
1003
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
1004
|
+
}
|
|
1005
|
+
};
|
|
1006
|
+
const providerSupportStatusToProto = (value) => {
|
|
1007
|
+
switch (value) {
|
|
1008
|
+
case "partial":
|
|
1009
|
+
return CryptoProviderSupportStatus.PARTIAL;
|
|
1010
|
+
case "provider-aware":
|
|
1011
|
+
return CryptoProviderSupportStatus.PROVIDER_AWARE;
|
|
1012
|
+
case "supported":
|
|
1013
|
+
return CryptoProviderSupportStatus.SUPPORTED;
|
|
1014
|
+
case "unsupported":
|
|
1015
|
+
return CryptoProviderSupportStatus.UNSUPPORTED;
|
|
1016
|
+
}
|
|
1017
|
+
};
|
|
1018
|
+
const providerSupportStatusFromProto = (value) => {
|
|
1019
|
+
switch (value) {
|
|
1020
|
+
case CryptoProviderSupportStatus.PARTIAL:
|
|
1021
|
+
return "partial";
|
|
1022
|
+
case CryptoProviderSupportStatus.PROVIDER_AWARE:
|
|
1023
|
+
return "provider-aware";
|
|
1024
|
+
case CryptoProviderSupportStatus.SUPPORTED:
|
|
1025
|
+
return "supported";
|
|
1026
|
+
case CryptoProviderSupportStatus.UNSUPPORTED:
|
|
1027
|
+
return "unsupported";
|
|
1028
|
+
default:
|
|
1029
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
1030
|
+
}
|
|
1031
|
+
};
|
|
1032
|
+
export const providerCapabilityToProto = (value) => create(CryptoProviderCapabilitySchema, {
|
|
1033
|
+
algorithm: value.algorithm,
|
|
1034
|
+
family: value.family,
|
|
1035
|
+
providerNames: [...value.providerNames],
|
|
1036
|
+
status: providerSupportStatusToProto(value.status),
|
|
1037
|
+
usesRust: value.usesRust,
|
|
1038
|
+
});
|
|
1039
|
+
export const providerCapabilityFromProto = (value) => {
|
|
1040
|
+
if (value.algorithm === undefined || value.family === CryptoAlgorithmFamily.UNSPECIFIED) {
|
|
1041
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
1042
|
+
}
|
|
1043
|
+
return {
|
|
1044
|
+
algorithm: value.algorithm,
|
|
1045
|
+
family: value.family,
|
|
1046
|
+
providerNames: [...value.providerNames],
|
|
1047
|
+
status: providerSupportStatusFromProto(value.status),
|
|
1048
|
+
usesRust: value.usesRust,
|
|
1049
|
+
};
|
|
1050
|
+
};
|
|
1051
|
+
export const providerCapabilitySetToProto = (values) => create(CryptoProviderCapabilitySetSchema, {
|
|
1052
|
+
capabilities: values.map((value) => providerCapabilityToProto(value)),
|
|
1053
|
+
});
|
|
1054
|
+
export const providerCapabilitySetToProtoBytes = (values) => toBinary(CryptoProviderCapabilitySetSchema, providerCapabilitySetToProto(values));
|
|
1055
|
+
export const providerCapabilitySetFromProto = (value) => value.capabilities.map((capability) => providerCapabilityFromProto(capability));
|
|
1056
|
+
export const providerCapabilitySetFromProtoBytes = (bytes) => {
|
|
1057
|
+
try {
|
|
1058
|
+
return providerCapabilitySetFromProto(fromBinary(CryptoProviderCapabilitySetSchema, bytes));
|
|
1059
|
+
}
|
|
1060
|
+
catch (error) {
|
|
1061
|
+
if (error instanceof ReallyMeCryptoError) {
|
|
1062
|
+
throw error;
|
|
1063
|
+
}
|
|
1064
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
1065
|
+
}
|
|
1066
|
+
};
|