@reallyme/crypto 0.1.8 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +201 -0
- package/README.md +43 -3
- package/dist/aead.d.ts +4 -0
- package/dist/aead.js +32 -15
- package/dist/aesKw.d.ts +3 -0
- package/dist/aesKw.js +10 -0
- package/dist/argon2id.d.ts +2 -0
- package/dist/argon2id.js +6 -0
- package/dist/cryptoFacade.d.ts +36 -0
- package/dist/cryptoFacade.js +71 -23
- package/dist/errors.d.ts +1 -1
- package/dist/hpke.d.ts +4 -0
- package/dist/hpke.js +20 -0
- package/dist/index.d.ts +5 -6
- package/dist/index.js +4 -4
- package/dist/jwaConcatKdf.js +8 -4
- package/dist/jwk.js +67 -72
- package/dist/memory.d.ts +8 -0
- package/dist/memory.js +13 -0
- package/dist/mlDsa.d.ts +5 -0
- package/dist/mlDsa.js +23 -0
- package/dist/mlKem.d.ts +6 -0
- package/dist/mlKem.js +29 -0
- package/dist/p256Ecdh.js +5 -1
- package/dist/p384Ecdh.js +5 -1
- package/dist/p521Ecdh.js +5 -1
- package/dist/proto/generated/reallyme/crypto/v1/crypto_pb.d.ts +1392 -72
- package/dist/proto/generated/reallyme/crypto/v1/crypto_pb.js +490 -17
- package/dist/proto.d.ts +113 -5
- package/dist/proto.js +706 -3
- package/dist/rsa.d.ts +2 -0
- package/dist/rsa.js +18 -15
- package/dist/slhDsa.d.ts +5 -0
- package/dist/slhDsa.js +21 -0
- package/dist/validateBytes.d.ts +1 -0
- package/dist/validateBytes.js +6 -0
- package/dist/wasm/reallyme_crypto_wasm.js +1 -246
- package/dist/wasm/reallyme_crypto_wasm_bg.wasm +0 -0
- package/dist/wasmModuleTypes.d.ts +2 -11
- package/dist/wasmProvider.d.ts +1 -16
- package/dist/wasmProvider.js +10 -25
- package/dist/xWing.d.ts +6 -0
- package/dist/xWing.js +34 -2
- package/package.json +7 -2
- package/dist/codecs.d.ts +0 -35
- package/dist/codecs.js +0 -216
- package/dist/proto/generated/reallyme/codec/v1/codec_pb.d.ts +0 -253
- package/dist/proto/generated/reallyme/codec/v1/codec_pb.js +0 -160
package/dist/rsa.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import type { ReallyMeSignatureAlgorithm } from "./algorithms.js";
|
|
2
|
+
import type { ReallyMeWasmProvider } from "./wasmProvider.js";
|
|
2
3
|
export type ReallyMeRsaPublicKeyDerEncoding = "PKCS1" | "SPKI";
|
|
3
4
|
export declare const RSA_PUBLIC_KEY_DER_MAX_LENGTH = 4096;
|
|
4
5
|
export declare const RSA_SIGNATURE_MAX_LENGTH = 1024;
|
|
@@ -10,4 +11,5 @@ export declare const RSA_SIGNATURE_MAX_LENGTH = 1024;
|
|
|
10
11
|
*/
|
|
11
12
|
export declare const ReallyMeRsa: {
|
|
12
13
|
readonly verify: (algorithm: ReallyMeSignatureAlgorithm, signature: Uint8Array, message: Uint8Array, publicKeyDer: Uint8Array, publicKeyEncoding: ReallyMeRsaPublicKeyDerEncoding) => void;
|
|
14
|
+
readonly verifyWithProvider: (provider: ReallyMeWasmProvider, algorithm: ReallyMeSignatureAlgorithm, signature: Uint8Array, message: Uint8Array, publicKeyDer: Uint8Array, publicKeyEncoding: ReallyMeRsaPublicKeyDerEncoding) => void;
|
|
13
15
|
};
|
package/dist/rsa.js
CHANGED
|
@@ -75,6 +75,22 @@ const readVoid = (value) => {
|
|
|
75
75
|
throw new ReallyMeCryptoError("provider-failure");
|
|
76
76
|
}
|
|
77
77
|
};
|
|
78
|
+
const verifyWithProvider = (provider, algorithm, signature, message, publicKeyDer, publicKeyEncoding) => {
|
|
79
|
+
validateBytes(publicKeyDer, RSA_PUBLIC_KEY_DER_MAX_LENGTH);
|
|
80
|
+
validateBytes(signature, RSA_SIGNATURE_MAX_LENGTH);
|
|
81
|
+
const encoding = encodingId(publicKeyEncoding);
|
|
82
|
+
const pkcs1 = pkcs1v15Suite(algorithm);
|
|
83
|
+
if (pkcs1 !== undefined) {
|
|
84
|
+
readVoid(provider.rsaVerifyPkcs1v15(publicKeyDer, encoding, pkcs1.hashSuite, message, signature));
|
|
85
|
+
return;
|
|
86
|
+
}
|
|
87
|
+
const pss = pssSuite(algorithm);
|
|
88
|
+
if (pss !== undefined) {
|
|
89
|
+
readVoid(provider.rsaVerifyPss(publicKeyDer, encoding, pss.messageHashSuite, pss.mgf1HashSuite, pss.saltLength, message, signature));
|
|
90
|
+
return;
|
|
91
|
+
}
|
|
92
|
+
throw new ReallyMeCryptoError("unsupported-algorithm");
|
|
93
|
+
};
|
|
78
94
|
/**
|
|
79
95
|
* RSA signature verification through the ReallyMe Rust WASM provider.
|
|
80
96
|
*
|
|
@@ -83,20 +99,7 @@ const readVoid = (value) => {
|
|
|
83
99
|
*/
|
|
84
100
|
export const ReallyMeRsa = {
|
|
85
101
|
verify(algorithm, signature, message, publicKeyDer, publicKeyEncoding) {
|
|
86
|
-
|
|
87
|
-
validateBytes(signature, RSA_SIGNATURE_MAX_LENGTH);
|
|
88
|
-
const encoding = encodingId(publicKeyEncoding);
|
|
89
|
-
const pkcs1 = pkcs1v15Suite(algorithm);
|
|
90
|
-
const provider = requireReallyMeWasmProvider();
|
|
91
|
-
if (pkcs1 !== undefined) {
|
|
92
|
-
readVoid(provider.rsaVerifyPkcs1v15(publicKeyDer, encoding, pkcs1.hashSuite, message, signature));
|
|
93
|
-
return;
|
|
94
|
-
}
|
|
95
|
-
const pss = pssSuite(algorithm);
|
|
96
|
-
if (pss !== undefined) {
|
|
97
|
-
readVoid(provider.rsaVerifyPss(publicKeyDer, encoding, pss.messageHashSuite, pss.mgf1HashSuite, pss.saltLength, message, signature));
|
|
98
|
-
return;
|
|
99
|
-
}
|
|
100
|
-
throw new ReallyMeCryptoError("unsupported-algorithm");
|
|
102
|
+
verifyWithProvider(requireReallyMeWasmProvider(), algorithm, signature, message, publicKeyDer, publicKeyEncoding);
|
|
101
103
|
},
|
|
104
|
+
verifyWithProvider,
|
|
102
105
|
};
|
package/dist/slhDsa.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import type { ReallyMeSignatureAlgorithm } from "./algorithms.js";
|
|
2
|
+
import type { ReallyMeWasmProvider } from "./wasmProvider.js";
|
|
2
3
|
export declare const SLH_DSA_SHA2_128S_PUBLIC_KEY_LENGTH = 32;
|
|
3
4
|
export declare const SLH_DSA_SHA2_128S_SECRET_KEY_LENGTH = 64;
|
|
4
5
|
export declare const SLH_DSA_SHA2_128S_SIGNATURE_LENGTH = 7856;
|
|
@@ -9,7 +10,11 @@ export type ReallyMeSlhDsaKeyPair = Readonly<{
|
|
|
9
10
|
}>;
|
|
10
11
|
export declare const ReallyMeSlhDsa: {
|
|
11
12
|
readonly generateKeyPair: (algorithm: ReallyMeSignatureAlgorithm) => ReallyMeSlhDsaKeyPair;
|
|
13
|
+
readonly generateKeyPairWithProvider: (provider: ReallyMeWasmProvider, algorithm: ReallyMeSignatureAlgorithm) => ReallyMeSlhDsaKeyPair;
|
|
12
14
|
readonly sign: (algorithm: ReallyMeSignatureAlgorithm, message: Uint8Array, secretKey: Uint8Array) => Uint8Array;
|
|
15
|
+
readonly signWithProvider: (provider: ReallyMeWasmProvider, algorithm: ReallyMeSignatureAlgorithm, message: Uint8Array, secretKey: Uint8Array) => Uint8Array;
|
|
13
16
|
readonly verify: (algorithm: ReallyMeSignatureAlgorithm, signature: Uint8Array, message: Uint8Array, publicKey: Uint8Array) => void;
|
|
17
|
+
readonly verifyWithProvider: (provider: ReallyMeWasmProvider, algorithm: ReallyMeSignatureAlgorithm, signature: Uint8Array, message: Uint8Array, publicKey: Uint8Array) => void;
|
|
14
18
|
};
|
|
15
19
|
export declare const deriveSlhDsaSha2128sKeypairForTest: (skSeed: Uint8Array, skPrf: Uint8Array, pkSeed: Uint8Array) => ReallyMeSlhDsaKeyPair;
|
|
20
|
+
export declare const deriveSlhDsaSha2128sKeypairWithProviderForTest: (provider: ReallyMeWasmProvider, skSeed: Uint8Array, skPrf: Uint8Array, pkSeed: Uint8Array) => ReallyMeSlhDsaKeyPair;
|
package/dist/slhDsa.js
CHANGED
|
@@ -34,17 +34,32 @@ export const ReallyMeSlhDsa = {
|
|
|
34
34
|
assertSlhDsa(algorithm);
|
|
35
35
|
return readKeyPair(requireReallyMeWasmProvider().slhDsaSha2128sGenerateKeypair());
|
|
36
36
|
},
|
|
37
|
+
generateKeyPairWithProvider(provider, algorithm) {
|
|
38
|
+
assertSlhDsa(algorithm);
|
|
39
|
+
return readKeyPair(provider.slhDsaSha2128sGenerateKeypair());
|
|
40
|
+
},
|
|
37
41
|
sign(algorithm, message, secretKey) {
|
|
38
42
|
assertSlhDsa(algorithm);
|
|
39
43
|
ensureBytes(secretKey, SLH_DSA_SHA2_128S_SECRET_KEY_LENGTH);
|
|
40
44
|
return readSignature(requireReallyMeWasmProvider().slhDsaSha2128sSign(secretKey, message));
|
|
41
45
|
},
|
|
46
|
+
signWithProvider(provider, algorithm, message, secretKey) {
|
|
47
|
+
assertSlhDsa(algorithm);
|
|
48
|
+
ensureBytes(secretKey, SLH_DSA_SHA2_128S_SECRET_KEY_LENGTH);
|
|
49
|
+
return readSignature(provider.slhDsaSha2128sSign(secretKey, message));
|
|
50
|
+
},
|
|
42
51
|
verify(algorithm, signature, message, publicKey) {
|
|
43
52
|
assertSlhDsa(algorithm);
|
|
44
53
|
ensureBytes(publicKey, SLH_DSA_SHA2_128S_PUBLIC_KEY_LENGTH);
|
|
45
54
|
ensureBytes(signature, SLH_DSA_SHA2_128S_SIGNATURE_LENGTH);
|
|
46
55
|
readVoid(requireReallyMeWasmProvider().slhDsaSha2128sVerify(publicKey, message, signature));
|
|
47
56
|
},
|
|
57
|
+
verifyWithProvider(provider, algorithm, signature, message, publicKey) {
|
|
58
|
+
assertSlhDsa(algorithm);
|
|
59
|
+
ensureBytes(publicKey, SLH_DSA_SHA2_128S_PUBLIC_KEY_LENGTH);
|
|
60
|
+
ensureBytes(signature, SLH_DSA_SHA2_128S_SIGNATURE_LENGTH);
|
|
61
|
+
readVoid(provider.slhDsaSha2128sVerify(publicKey, message, signature));
|
|
62
|
+
},
|
|
48
63
|
};
|
|
49
64
|
export const deriveSlhDsaSha2128sKeypairForTest = (skSeed, skPrf, pkSeed) => {
|
|
50
65
|
ensureBytes(skSeed, SLH_DSA_SHA2_128S_KEYGEN_SEED_LENGTH);
|
|
@@ -52,3 +67,9 @@ export const deriveSlhDsaSha2128sKeypairForTest = (skSeed, skPrf, pkSeed) => {
|
|
|
52
67
|
ensureBytes(pkSeed, SLH_DSA_SHA2_128S_KEYGEN_SEED_LENGTH);
|
|
53
68
|
return readKeyPair(requireReallyMeWasmProvider().slhDsaSha2128sDeriveKeypair(skSeed, skPrf, pkSeed));
|
|
54
69
|
};
|
|
70
|
+
export const deriveSlhDsaSha2128sKeypairWithProviderForTest = (provider, skSeed, skPrf, pkSeed) => {
|
|
71
|
+
ensureBytes(skSeed, SLH_DSA_SHA2_128S_KEYGEN_SEED_LENGTH);
|
|
72
|
+
ensureBytes(skPrf, SLH_DSA_SHA2_128S_KEYGEN_SEED_LENGTH);
|
|
73
|
+
ensureBytes(pkSeed, SLH_DSA_SHA2_128S_KEYGEN_SEED_LENGTH);
|
|
74
|
+
return readKeyPair(provider.slhDsaSha2128sDeriveKeypair(skSeed, skPrf, pkSeed));
|
|
75
|
+
};
|
package/dist/validateBytes.d.ts
CHANGED
|
@@ -1,2 +1,3 @@
|
|
|
1
|
+
export declare const ensureByteArray: (value: Uint8Array) => void;
|
|
1
2
|
export declare const ensureBytes: (value: Uint8Array, expectedLength: number) => void;
|
|
2
3
|
export declare const readByteArrayProperty: (value: unknown, propertyName: string, expectedLength: number) => Uint8Array;
|
package/dist/validateBytes.js
CHANGED
|
@@ -2,7 +2,13 @@
|
|
|
2
2
|
//
|
|
3
3
|
// SPDX-License-Identifier: Apache-2.0
|
|
4
4
|
import { ReallyMeCryptoError } from "./errors.js";
|
|
5
|
+
export const ensureByteArray = (value) => {
|
|
6
|
+
if (!(value instanceof Uint8Array)) {
|
|
7
|
+
throw new ReallyMeCryptoError("invalid-input");
|
|
8
|
+
}
|
|
9
|
+
};
|
|
5
10
|
export const ensureBytes = (value, expectedLength) => {
|
|
11
|
+
ensureByteArray(value);
|
|
6
12
|
if (value.length !== expectedLength) {
|
|
7
13
|
throw new ReallyMeCryptoError("invalid-input");
|
|
8
14
|
}
|
|
@@ -171,39 +171,6 @@ export function argon2idDeriveKey(kdf_version, secret, salt) {
|
|
|
171
171
|
return takeFromExternrefTable0(ret[0]);
|
|
172
172
|
}
|
|
173
173
|
|
|
174
|
-
/**
|
|
175
|
-
* Decode strict, unpadded RFC 4648 URL-safe base64.
|
|
176
|
-
* @param {string} encoded
|
|
177
|
-
* @returns {Uint8Array}
|
|
178
|
-
*/
|
|
179
|
-
export function base64urlDecode(encoded) {
|
|
180
|
-
const ptr0 = passStringToWasm0(encoded, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
|
|
181
|
-
const len0 = WASM_VECTOR_LEN;
|
|
182
|
-
const ret = wasm.base64urlDecode(ptr0, len0);
|
|
183
|
-
if (ret[2]) {
|
|
184
|
-
throw takeFromExternrefTable0(ret[1]);
|
|
185
|
-
}
|
|
186
|
-
return takeFromExternrefTable0(ret[0]);
|
|
187
|
-
}
|
|
188
|
-
|
|
189
|
-
/**
|
|
190
|
-
* Encode bytes as RFC 4648 URL-safe base64 without padding.
|
|
191
|
-
* @param {Uint8Array} bytes
|
|
192
|
-
* @returns {string}
|
|
193
|
-
*/
|
|
194
|
-
export function base64urlEncode(bytes) {
|
|
195
|
-
let deferred1_0;
|
|
196
|
-
let deferred1_1;
|
|
197
|
-
try {
|
|
198
|
-
const ret = wasm.base64urlEncode(bytes);
|
|
199
|
-
deferred1_0 = ret[0];
|
|
200
|
-
deferred1_1 = ret[1];
|
|
201
|
-
return getStringFromWasm0(ret[0], ret[1]);
|
|
202
|
-
} finally {
|
|
203
|
-
wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);
|
|
204
|
-
}
|
|
205
|
-
}
|
|
206
|
-
|
|
207
174
|
/**
|
|
208
175
|
* Open and authenticate a ChaCha20-Poly1305 `ciphertext || tag`.
|
|
209
176
|
* @param {Uint8Array} key
|
|
@@ -236,40 +203,6 @@ export function chacha20Poly1305Seal(key, nonce, aad, plaintext) {
|
|
|
236
203
|
return takeFromExternrefTable0(ret[0]);
|
|
237
204
|
}
|
|
238
205
|
|
|
239
|
-
/**
|
|
240
|
-
* Compute a CIDv1 dag-cbor/sha2-256 string for already-canonical DAG-CBOR bytes.
|
|
241
|
-
* @param {Uint8Array} bytes
|
|
242
|
-
* @returns {string}
|
|
243
|
-
*/
|
|
244
|
-
export function dagCborComputeCid(bytes) {
|
|
245
|
-
let deferred1_0;
|
|
246
|
-
let deferred1_1;
|
|
247
|
-
try {
|
|
248
|
-
const ret = wasm.dagCborComputeCid(bytes);
|
|
249
|
-
deferred1_0 = ret[0];
|
|
250
|
-
deferred1_1 = ret[1];
|
|
251
|
-
return getStringFromWasm0(ret[0], ret[1]);
|
|
252
|
-
} finally {
|
|
253
|
-
wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);
|
|
254
|
-
}
|
|
255
|
-
}
|
|
256
|
-
|
|
257
|
-
/**
|
|
258
|
-
* Recompute and compare a CIDv1 dag-cbor/sha2-256 string.
|
|
259
|
-
* @param {string} cid
|
|
260
|
-
* @param {Uint8Array} bytes
|
|
261
|
-
* @returns {any}
|
|
262
|
-
*/
|
|
263
|
-
export function dagCborVerifyCid(cid, bytes) {
|
|
264
|
-
const ptr0 = passStringToWasm0(cid, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
|
|
265
|
-
const len0 = WASM_VECTOR_LEN;
|
|
266
|
-
const ret = wasm.dagCborVerifyCid(ptr0, len0, bytes);
|
|
267
|
-
if (ret[2]) {
|
|
268
|
-
throw takeFromExternrefTable0(ret[1]);
|
|
269
|
-
}
|
|
270
|
-
return takeFromExternrefTable0(ret[0]);
|
|
271
|
-
}
|
|
272
|
-
|
|
273
206
|
/**
|
|
274
207
|
* Open one RFC 9180 HPKE Base-mode message.
|
|
275
208
|
* @param {number} suite
|
|
@@ -677,127 +610,6 @@ export function mlKem768GenerateKeypair() {
|
|
|
677
610
|
return takeFromExternrefTable0(ret[0]);
|
|
678
611
|
}
|
|
679
612
|
|
|
680
|
-
/**
|
|
681
|
-
* Encode bytes with the multibase base58btc prefix.
|
|
682
|
-
* @param {Uint8Array} bytes
|
|
683
|
-
* @returns {string}
|
|
684
|
-
*/
|
|
685
|
-
export function multibaseBase58btcEncode(bytes) {
|
|
686
|
-
let deferred1_0;
|
|
687
|
-
let deferred1_1;
|
|
688
|
-
try {
|
|
689
|
-
const ret = wasm.multibaseBase58btcEncode(bytes);
|
|
690
|
-
deferred1_0 = ret[0];
|
|
691
|
-
deferred1_1 = ret[1];
|
|
692
|
-
return getStringFromWasm0(ret[0], ret[1]);
|
|
693
|
-
} finally {
|
|
694
|
-
wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);
|
|
695
|
-
}
|
|
696
|
-
}
|
|
697
|
-
|
|
698
|
-
/**
|
|
699
|
-
* Encode bytes with the multibase base64url prefix.
|
|
700
|
-
* @param {Uint8Array} bytes
|
|
701
|
-
* @returns {string}
|
|
702
|
-
*/
|
|
703
|
-
export function multibaseBase64urlEncode(bytes) {
|
|
704
|
-
let deferred1_0;
|
|
705
|
-
let deferred1_1;
|
|
706
|
-
try {
|
|
707
|
-
const ret = wasm.multibaseBase64urlEncode(bytes);
|
|
708
|
-
deferred1_0 = ret[0];
|
|
709
|
-
deferred1_1 = ret[1];
|
|
710
|
-
return getStringFromWasm0(ret[0], ret[1]);
|
|
711
|
-
} finally {
|
|
712
|
-
wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);
|
|
713
|
-
}
|
|
714
|
-
}
|
|
715
|
-
|
|
716
|
-
/**
|
|
717
|
-
* Decode a supported multibase string.
|
|
718
|
-
* @param {string} encoded
|
|
719
|
-
* @returns {Uint8Array}
|
|
720
|
-
*/
|
|
721
|
-
export function multibaseDecode(encoded) {
|
|
722
|
-
const ptr0 = passStringToWasm0(encoded, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
|
|
723
|
-
const len0 = WASM_VECTOR_LEN;
|
|
724
|
-
const ret = wasm.multibaseDecode(ptr0, len0);
|
|
725
|
-
if (ret[2]) {
|
|
726
|
-
throw takeFromExternrefTable0(ret[1]);
|
|
727
|
-
}
|
|
728
|
-
return takeFromExternrefTable0(ret[0]);
|
|
729
|
-
}
|
|
730
|
-
|
|
731
|
-
/**
|
|
732
|
-
* Resolve a byte slice that starts with a known multicodec prefix.
|
|
733
|
-
* @param {Uint8Array} bytes
|
|
734
|
-
* @returns {any}
|
|
735
|
-
*/
|
|
736
|
-
export function multicodecLookupPrefix(bytes) {
|
|
737
|
-
const ret = wasm.multicodecLookupPrefix(bytes);
|
|
738
|
-
if (ret[2]) {
|
|
739
|
-
throw takeFromExternrefTable0(ret[1]);
|
|
740
|
-
}
|
|
741
|
-
return takeFromExternrefTable0(ret[0]);
|
|
742
|
-
}
|
|
743
|
-
|
|
744
|
-
/**
|
|
745
|
-
* Return multicodec metadata for a canonical codec name.
|
|
746
|
-
* @param {string} codec_name
|
|
747
|
-
* @returns {any}
|
|
748
|
-
*/
|
|
749
|
-
export function multicodecPrefixForName(codec_name) {
|
|
750
|
-
const ptr0 = passStringToWasm0(codec_name, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
|
|
751
|
-
const len0 = WASM_VECTOR_LEN;
|
|
752
|
-
const ret = wasm.multicodecPrefixForName(ptr0, len0);
|
|
753
|
-
if (ret[2]) {
|
|
754
|
-
throw takeFromExternrefTable0(ret[1]);
|
|
755
|
-
}
|
|
756
|
-
return takeFromExternrefTable0(ret[0]);
|
|
757
|
-
}
|
|
758
|
-
|
|
759
|
-
/**
|
|
760
|
-
* Encode a public key as a multibase base58btc multikey.
|
|
761
|
-
* @param {string} codec_name
|
|
762
|
-
* @param {Uint8Array} public_key
|
|
763
|
-
* @returns {string}
|
|
764
|
-
*/
|
|
765
|
-
export function multikeyEncode(codec_name, public_key) {
|
|
766
|
-
let deferred3_0;
|
|
767
|
-
let deferred3_1;
|
|
768
|
-
try {
|
|
769
|
-
const ptr0 = passStringToWasm0(codec_name, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
|
|
770
|
-
const len0 = WASM_VECTOR_LEN;
|
|
771
|
-
const ret = wasm.multikeyEncode(ptr0, len0, public_key);
|
|
772
|
-
var ptr2 = ret[0];
|
|
773
|
-
var len2 = ret[1];
|
|
774
|
-
if (ret[3]) {
|
|
775
|
-
ptr2 = 0; len2 = 0;
|
|
776
|
-
throw takeFromExternrefTable0(ret[2]);
|
|
777
|
-
}
|
|
778
|
-
deferred3_0 = ptr2;
|
|
779
|
-
deferred3_1 = len2;
|
|
780
|
-
return getStringFromWasm0(ptr2, len2);
|
|
781
|
-
} finally {
|
|
782
|
-
wasm.__wbindgen_free(deferred3_0, deferred3_1, 1);
|
|
783
|
-
}
|
|
784
|
-
}
|
|
785
|
-
|
|
786
|
-
/**
|
|
787
|
-
* Parse and validate a multikey string.
|
|
788
|
-
* @param {string} multikey
|
|
789
|
-
* @returns {any}
|
|
790
|
-
*/
|
|
791
|
-
export function multikeyParse(multikey) {
|
|
792
|
-
const ptr0 = passStringToWasm0(multikey, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
|
|
793
|
-
const len0 = WASM_VECTOR_LEN;
|
|
794
|
-
const ret = wasm.multikeyParse(ptr0, len0);
|
|
795
|
-
if (ret[2]) {
|
|
796
|
-
throw takeFromExternrefTable0(ret[1]);
|
|
797
|
-
}
|
|
798
|
-
return takeFromExternrefTable0(ret[0]);
|
|
799
|
-
}
|
|
800
|
-
|
|
801
613
|
/**
|
|
802
614
|
* Verify an RSASSA-PKCS1-v1_5 signature against a DER RSA public key.
|
|
803
615
|
* @param {Uint8Array} public_key_der
|
|
@@ -1075,12 +887,7 @@ function __wbg_get_imports() {
|
|
|
1075
887
|
const ret = Reflect.set(arg0, arg1, arg2);
|
|
1076
888
|
return ret;
|
|
1077
889
|
}, arguments); },
|
|
1078
|
-
__wbindgen_cast_0000000000000001: function(arg0) {
|
|
1079
|
-
// Cast intrinsic for `F64 -> Externref`.
|
|
1080
|
-
const ret = arg0;
|
|
1081
|
-
return ret;
|
|
1082
|
-
},
|
|
1083
|
-
__wbindgen_cast_0000000000000002: function(arg0, arg1) {
|
|
890
|
+
__wbindgen_cast_0000000000000001: function(arg0, arg1) {
|
|
1084
891
|
// Cast intrinsic for `Ref(String) -> Externref`.
|
|
1085
892
|
const ret = getStringFromWasm0(arg0, arg1);
|
|
1086
893
|
return ret;
|
|
@@ -1133,43 +940,6 @@ function handleError(f, args) {
|
|
|
1133
940
|
}
|
|
1134
941
|
}
|
|
1135
942
|
|
|
1136
|
-
function passStringToWasm0(arg, malloc, realloc) {
|
|
1137
|
-
if (realloc === undefined) {
|
|
1138
|
-
const buf = cachedTextEncoder.encode(arg);
|
|
1139
|
-
const ptr = malloc(buf.length, 1) >>> 0;
|
|
1140
|
-
getUint8ArrayMemory0().subarray(ptr, ptr + buf.length).set(buf);
|
|
1141
|
-
WASM_VECTOR_LEN = buf.length;
|
|
1142
|
-
return ptr;
|
|
1143
|
-
}
|
|
1144
|
-
|
|
1145
|
-
let len = arg.length;
|
|
1146
|
-
let ptr = malloc(len, 1) >>> 0;
|
|
1147
|
-
|
|
1148
|
-
const mem = getUint8ArrayMemory0();
|
|
1149
|
-
|
|
1150
|
-
let offset = 0;
|
|
1151
|
-
|
|
1152
|
-
for (; offset < len; offset++) {
|
|
1153
|
-
const code = arg.charCodeAt(offset);
|
|
1154
|
-
if (code > 0x7F) break;
|
|
1155
|
-
mem[ptr + offset] = code;
|
|
1156
|
-
}
|
|
1157
|
-
if (offset !== len) {
|
|
1158
|
-
if (offset !== 0) {
|
|
1159
|
-
arg = arg.slice(offset);
|
|
1160
|
-
}
|
|
1161
|
-
ptr = realloc(ptr, len, len = offset + arg.length * 3, 1) >>> 0;
|
|
1162
|
-
const view = getUint8ArrayMemory0().subarray(ptr + offset, ptr + len);
|
|
1163
|
-
const ret = cachedTextEncoder.encodeInto(arg, view);
|
|
1164
|
-
|
|
1165
|
-
offset += ret.written;
|
|
1166
|
-
ptr = realloc(ptr, len, offset, 1) >>> 0;
|
|
1167
|
-
}
|
|
1168
|
-
|
|
1169
|
-
WASM_VECTOR_LEN = offset;
|
|
1170
|
-
return ptr;
|
|
1171
|
-
}
|
|
1172
|
-
|
|
1173
943
|
function takeFromExternrefTable0(idx) {
|
|
1174
944
|
const value = wasm.__wbindgen_externrefs.get(idx);
|
|
1175
945
|
wasm.__externref_table_dealloc(idx);
|
|
@@ -1190,21 +960,6 @@ function decodeText(ptr, len) {
|
|
|
1190
960
|
return cachedTextDecoder.decode(getUint8ArrayMemory0().subarray(ptr, ptr + len));
|
|
1191
961
|
}
|
|
1192
962
|
|
|
1193
|
-
const cachedTextEncoder = new TextEncoder();
|
|
1194
|
-
|
|
1195
|
-
if (!('encodeInto' in cachedTextEncoder)) {
|
|
1196
|
-
cachedTextEncoder.encodeInto = function (arg, view) {
|
|
1197
|
-
const buf = cachedTextEncoder.encode(arg);
|
|
1198
|
-
view.set(buf);
|
|
1199
|
-
return {
|
|
1200
|
-
read: arg.length,
|
|
1201
|
-
written: buf.length
|
|
1202
|
-
};
|
|
1203
|
-
};
|
|
1204
|
-
}
|
|
1205
|
-
|
|
1206
|
-
let WASM_VECTOR_LEN = 0;
|
|
1207
|
-
|
|
1208
963
|
let wasmModule, wasmInstance, wasm;
|
|
1209
964
|
function __wbg_finalize_init(instance, module) {
|
|
1210
965
|
wasmInstance = instance;
|
|
Binary file
|
|
@@ -15,17 +15,6 @@ export declare function aes256GcmSivSeal(key: Uint8Array, nonce: Uint8Array, aad
|
|
|
15
15
|
export declare function aes256KwUnwrapKey(wrappingKey: Uint8Array, wrappedKey: Uint8Array): Uint8Array;
|
|
16
16
|
export declare function aes256KwWrapKey(wrappingKey: Uint8Array, keyToWrap: Uint8Array): Uint8Array;
|
|
17
17
|
export declare function argon2idDeriveKey(kdfVersion: number, secret: Uint8Array, salt: Uint8Array): Uint8Array;
|
|
18
|
-
export declare function base64urlDecode(encoded: string): Uint8Array;
|
|
19
|
-
export declare function base64urlEncode(bytes: Uint8Array): string;
|
|
20
|
-
export declare function dagCborComputeCid(bytes: Uint8Array): string;
|
|
21
|
-
export declare function dagCborVerifyCid(cid: string, bytes: Uint8Array): unknown;
|
|
22
|
-
export declare function multibaseBase58btcEncode(bytes: Uint8Array): string;
|
|
23
|
-
export declare function multibaseBase64urlEncode(bytes: Uint8Array): string;
|
|
24
|
-
export declare function multibaseDecode(encoded: string): Uint8Array;
|
|
25
|
-
export declare function multicodecLookupPrefix(bytes: Uint8Array): unknown;
|
|
26
|
-
export declare function multicodecPrefixForName(codecName: string): unknown;
|
|
27
|
-
export declare function multikeyEncode(codecName: string, publicKey: Uint8Array): string;
|
|
28
|
-
export declare function multikeyParse(multikey: string): unknown;
|
|
29
18
|
export declare function hpkeOpenBase(suite: number, recipientSecretKey: Uint8Array, encapsulatedKey: Uint8Array, info: Uint8Array, aad: Uint8Array, ciphertext: Uint8Array): Uint8Array;
|
|
30
19
|
export declare function hpkeSealBase(suite: number, recipientPublicKey: Uint8Array, info: Uint8Array, aad: Uint8Array, plaintext: Uint8Array): unknown;
|
|
31
20
|
export declare function hpkeSealBaseDerand(suite: number, recipientPublicKey: Uint8Array, encapsulationRandomness: Uint8Array, info: Uint8Array, aad: Uint8Array, plaintext: Uint8Array): unknown;
|
|
@@ -56,6 +45,8 @@ export declare function mlDsa87GenerateKeypair(): unknown;
|
|
|
56
45
|
export declare function mlDsa87DeriveKeypair(secretKey: Uint8Array): unknown;
|
|
57
46
|
export declare function mlDsa87Sign(secretKey: Uint8Array, message: Uint8Array): Uint8Array;
|
|
58
47
|
export declare function mlDsa87Verify(publicKey: Uint8Array, message: Uint8Array, signature: Uint8Array): void;
|
|
48
|
+
export declare function rsaVerifyPkcs1v15(publicKeyDer: Uint8Array, publicKeyEncoding: number, hashSuite: number, message: Uint8Array, signature: Uint8Array): void;
|
|
49
|
+
export declare function rsaVerifyPss(publicKeyDer: Uint8Array, publicKeyEncoding: number, messageHashSuite: number, mgf1HashSuite: number, saltLength: number, message: Uint8Array, signature: Uint8Array): void;
|
|
59
50
|
export declare function slhDsaSha2128sGenerateKeypair(): unknown;
|
|
60
51
|
export declare function slhDsaSha2128sDeriveKeypair(skSeed: Uint8Array, skPrf: Uint8Array, pkSeed: Uint8Array): unknown;
|
|
61
52
|
export declare function slhDsaSha2128sSign(secretKey: Uint8Array, message: Uint8Array): Uint8Array;
|
package/dist/wasmProvider.d.ts
CHANGED
|
@@ -3,11 +3,6 @@ type GenerateKeypairFromSeedFn = (seed: Uint8Array) => unknown;
|
|
|
3
3
|
type Argon2idFn = (kdfVersion: number, secret: Uint8Array, salt: Uint8Array) => unknown;
|
|
4
4
|
type AeadFn = (key: Uint8Array, nonce: Uint8Array, aad: Uint8Array, text: Uint8Array) => unknown;
|
|
5
5
|
type KeyWrapFn = (wrappingKey: Uint8Array, keyMaterial: Uint8Array) => unknown;
|
|
6
|
-
type BytesToStringFn = (bytes: Uint8Array) => unknown;
|
|
7
|
-
type BytesToObjectFn = (bytes: Uint8Array) => unknown;
|
|
8
|
-
type StringToBytesFn = (text: string) => unknown;
|
|
9
|
-
type StringToObjectFn = (text: string) => unknown;
|
|
10
|
-
type StringBytesToStringFn = (text: string, bytes: Uint8Array) => unknown;
|
|
11
6
|
type SignatureSignFn = (secretKey: Uint8Array, message: Uint8Array) => unknown;
|
|
12
7
|
type SignatureVerifyFn = (publicKey: Uint8Array, message: Uint8Array, signature: Uint8Array) => unknown;
|
|
13
8
|
type RsaPkcs1v15VerifyFn = (publicKeyDer: Uint8Array, publicKeyEncoding: number, hashSuite: number, message: Uint8Array, signature: Uint8Array) => unknown;
|
|
@@ -36,17 +31,6 @@ export type ReallyMeWasmProvider = Readonly<{
|
|
|
36
31
|
aes256KwWrapKey: KeyWrapFn;
|
|
37
32
|
aes256KwUnwrapKey: KeyWrapFn;
|
|
38
33
|
argon2idDeriveKey: Argon2idFn;
|
|
39
|
-
base64urlEncode: BytesToStringFn;
|
|
40
|
-
base64urlDecode: StringToBytesFn;
|
|
41
|
-
multibaseBase64urlEncode: BytesToStringFn;
|
|
42
|
-
multibaseBase58btcEncode: BytesToStringFn;
|
|
43
|
-
multibaseDecode: StringToBytesFn;
|
|
44
|
-
multicodecPrefixForName: StringToObjectFn;
|
|
45
|
-
multicodecLookupPrefix: BytesToObjectFn;
|
|
46
|
-
multikeyEncode: StringBytesToStringFn;
|
|
47
|
-
multikeyParse: StringToObjectFn;
|
|
48
|
-
dagCborComputeCid: BytesToStringFn;
|
|
49
|
-
dagCborVerifyCid: StringBytesToStringFn;
|
|
50
34
|
hpkeSealBase: HpkeSealFn;
|
|
51
35
|
hpkeSealBaseDerand: HpkeSealDerandFn;
|
|
52
36
|
hpkeOpenBase: HpkeOpenFn;
|
|
@@ -94,6 +78,7 @@ export type ReallyMeWasmProvider = Readonly<{
|
|
|
94
78
|
xWing1024EncapsulateDerand: EncapsulateDerandFn;
|
|
95
79
|
xWing1024Decapsulate: DecapsulateFn;
|
|
96
80
|
}>;
|
|
81
|
+
export declare const createReallyMeWasmProvider: (module: unknown) => ReallyMeWasmProvider;
|
|
97
82
|
export declare const installReallyMeWasmProvider: (module: unknown) => void;
|
|
98
83
|
export declare const requireReallyMeWasmProvider: () => ReallyMeWasmProvider;
|
|
99
84
|
export {};
|
package/dist/wasmProvider.js
CHANGED
|
@@ -29,6 +29,8 @@ const wasmErrorCode = (error) => {
|
|
|
29
29
|
return "invalid-input";
|
|
30
30
|
case "invalid-signature":
|
|
31
31
|
return "invalid-signature";
|
|
32
|
+
case "authentication-failed":
|
|
33
|
+
return "authentication-failed";
|
|
32
34
|
case "unsupported-algorithm":
|
|
33
35
|
return "unsupported-algorithm";
|
|
34
36
|
case "provider-failure":
|
|
@@ -48,18 +50,6 @@ const function2 = (module, name) => {
|
|
|
48
50
|
const callable = requireFunction(module, name);
|
|
49
51
|
return (first, second) => callable(first, second);
|
|
50
52
|
};
|
|
51
|
-
const stringFunction1 = (module, name) => {
|
|
52
|
-
const callable = requireFunction(module, name);
|
|
53
|
-
return (text) => callable(text);
|
|
54
|
-
};
|
|
55
|
-
const bytesFunction1 = (module, name) => {
|
|
56
|
-
const callable = requireFunction(module, name);
|
|
57
|
-
return (bytes) => callable(bytes);
|
|
58
|
-
};
|
|
59
|
-
const stringBytesFunction2 = (module, name) => {
|
|
60
|
-
const callable = requireFunction(module, name);
|
|
61
|
-
return (text, bytes) => callable(text, bytes);
|
|
62
|
-
};
|
|
63
53
|
const function3 = (module, name) => {
|
|
64
54
|
const callable = requireFunction(module, name);
|
|
65
55
|
return (first, second, third) => callable(first, second, third);
|
|
@@ -96,9 +86,9 @@ const rsaPssVerifyFunction = (module, name) => {
|
|
|
96
86
|
const callable = requireFunction(module, name);
|
|
97
87
|
return (publicKeyDer, publicKeyEncoding, messageHashSuite, mgf1HashSuite, saltLength, message, signature) => callable(publicKeyDer, publicKeyEncoding, messageHashSuite, mgf1HashSuite, saltLength, message, signature);
|
|
98
88
|
};
|
|
99
|
-
export const
|
|
89
|
+
export const createReallyMeWasmProvider = (module) => {
|
|
100
90
|
const providerModule = requireObject(module);
|
|
101
|
-
|
|
91
|
+
return {
|
|
102
92
|
aes128GcmSeal: function4(providerModule, "aes128GcmSeal"),
|
|
103
93
|
aes128GcmOpen: function4(providerModule, "aes128GcmOpen"),
|
|
104
94
|
aes192GcmSeal: function4(providerModule, "aes192GcmSeal"),
|
|
@@ -114,17 +104,6 @@ export const installReallyMeWasmProvider = (module) => {
|
|
|
114
104
|
aes256KwWrapKey: function2(providerModule, "aes256KwWrapKey"),
|
|
115
105
|
aes256KwUnwrapKey: function2(providerModule, "aes256KwUnwrapKey"),
|
|
116
106
|
argon2idDeriveKey: argon2idFunction(providerModule, "argon2idDeriveKey"),
|
|
117
|
-
base64urlEncode: bytesFunction1(providerModule, "base64urlEncode"),
|
|
118
|
-
base64urlDecode: stringFunction1(providerModule, "base64urlDecode"),
|
|
119
|
-
multibaseBase64urlEncode: bytesFunction1(providerModule, "multibaseBase64urlEncode"),
|
|
120
|
-
multibaseBase58btcEncode: bytesFunction1(providerModule, "multibaseBase58btcEncode"),
|
|
121
|
-
multibaseDecode: stringFunction1(providerModule, "multibaseDecode"),
|
|
122
|
-
multicodecPrefixForName: stringFunction1(providerModule, "multicodecPrefixForName"),
|
|
123
|
-
multicodecLookupPrefix: bytesFunction1(providerModule, "multicodecLookupPrefix"),
|
|
124
|
-
multikeyEncode: stringBytesFunction2(providerModule, "multikeyEncode"),
|
|
125
|
-
multikeyParse: stringFunction1(providerModule, "multikeyParse"),
|
|
126
|
-
dagCborComputeCid: bytesFunction1(providerModule, "dagCborComputeCid"),
|
|
127
|
-
dagCborVerifyCid: stringBytesFunction2(providerModule, "dagCborVerifyCid"),
|
|
128
107
|
hpkeSealBase: hpkeSealFunction(providerModule, "hpkeSealBase"),
|
|
129
108
|
hpkeSealBaseDerand: hpkeSealDerandFunction(providerModule, "hpkeSealBaseDerand"),
|
|
130
109
|
hpkeOpenBase: hpkeOpenFunction(providerModule, "hpkeOpenBase"),
|
|
@@ -173,6 +152,12 @@ export const installReallyMeWasmProvider = (module) => {
|
|
|
173
152
|
xWing1024Decapsulate: function2(providerModule, "xWing1024Decapsulate"),
|
|
174
153
|
};
|
|
175
154
|
};
|
|
155
|
+
export const installReallyMeWasmProvider = (module) => {
|
|
156
|
+
if (installedProvider !== undefined) {
|
|
157
|
+
throw new ReallyMeCryptoError("provider-failure");
|
|
158
|
+
}
|
|
159
|
+
installedProvider = createReallyMeWasmProvider(module);
|
|
160
|
+
};
|
|
176
161
|
export const requireReallyMeWasmProvider = () => {
|
|
177
162
|
if (installedProvider === undefined) {
|
|
178
163
|
throw new ReallyMeCryptoError("provider-failure");
|
package/dist/xWing.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import type { ReallyMeKemAlgorithm } from "./algorithms.js";
|
|
2
|
+
import type { ReallyMeWasmProvider } from "./wasmProvider.js";
|
|
2
3
|
export declare const X_WING_SECRET_KEY_LENGTH = 32;
|
|
3
4
|
export declare const X_WING_ENCAPSULATION_SEED_LENGTH = 64;
|
|
4
5
|
export declare const X_WING_SHARED_SECRET_LENGTH = 32;
|
|
@@ -16,8 +17,13 @@ export type ReallyMeXWingEncapsulation = Readonly<{
|
|
|
16
17
|
}>;
|
|
17
18
|
export declare const ReallyMeXWing: {
|
|
18
19
|
readonly generateKeyPair: (algorithm: ReallyMeKemAlgorithm) => ReallyMeXWingKeyPair;
|
|
20
|
+
readonly generateKeyPairWithProvider: (provider: ReallyMeWasmProvider, algorithm: ReallyMeKemAlgorithm) => ReallyMeXWingKeyPair;
|
|
19
21
|
readonly deriveKeyPair: (algorithm: ReallyMeKemAlgorithm, secretKey: Uint8Array) => ReallyMeXWingKeyPair;
|
|
22
|
+
readonly deriveKeyPairWithProvider: (provider: ReallyMeWasmProvider, algorithm: ReallyMeKemAlgorithm, secretKey: Uint8Array) => ReallyMeXWingKeyPair;
|
|
20
23
|
readonly encapsulate: (algorithm: ReallyMeKemAlgorithm, publicKey: Uint8Array) => ReallyMeXWingEncapsulation;
|
|
24
|
+
readonly encapsulateWithProvider: (provider: ReallyMeWasmProvider, algorithm: ReallyMeKemAlgorithm, publicKey: Uint8Array) => ReallyMeXWingEncapsulation;
|
|
21
25
|
readonly decapsulate: (algorithm: ReallyMeKemAlgorithm, ciphertext: Uint8Array, secretKey: Uint8Array) => Uint8Array;
|
|
26
|
+
readonly decapsulateWithProvider: (provider: ReallyMeWasmProvider, algorithm: ReallyMeKemAlgorithm, ciphertext: Uint8Array, secretKey: Uint8Array) => Uint8Array;
|
|
22
27
|
};
|
|
23
28
|
export declare const encapsulateXWingDeterministicallyForTest: (algorithm: ReallyMeKemAlgorithm, publicKey: Uint8Array, seed: Uint8Array) => ReallyMeXWingEncapsulation;
|
|
29
|
+
export declare const encapsulateXWingDeterministicallyWithProviderForTest: (provider: ReallyMeWasmProvider, algorithm: ReallyMeKemAlgorithm, publicKey: Uint8Array, seed: Uint8Array) => ReallyMeXWingEncapsulation;
|
package/dist/xWing.js
CHANGED
|
@@ -12,13 +12,15 @@ export const X_WING_768_CIPHERTEXT_LENGTH = 1_120;
|
|
|
12
12
|
export const X_WING_1024_PUBLIC_KEY_LENGTH = 1_600;
|
|
13
13
|
export const X_WING_1024_CIPHERTEXT_LENGTH = 1_600;
|
|
14
14
|
const xWingSuite = (algorithm) => {
|
|
15
|
+
return xWingSuiteWithProvider(algorithm, requireReallyMeWasmProvider());
|
|
16
|
+
};
|
|
17
|
+
const xWingSuiteWithProvider = (algorithm, provider) => {
|
|
15
18
|
switch (algorithm) {
|
|
16
19
|
case "ML-KEM-512":
|
|
17
20
|
case "ML-KEM-768":
|
|
18
21
|
case "ML-KEM-1024":
|
|
19
22
|
throw new ReallyMeCryptoError("unsupported-algorithm");
|
|
20
23
|
case "X-Wing-768": {
|
|
21
|
-
const provider = requireReallyMeWasmProvider();
|
|
22
24
|
return {
|
|
23
25
|
publicKeyLength: X_WING_768_PUBLIC_KEY_LENGTH,
|
|
24
26
|
ciphertextLength: X_WING_768_CIPHERTEXT_LENGTH,
|
|
@@ -30,7 +32,6 @@ const xWingSuite = (algorithm) => {
|
|
|
30
32
|
};
|
|
31
33
|
}
|
|
32
34
|
case "X-Wing-1024": {
|
|
33
|
-
const provider = requireReallyMeWasmProvider();
|
|
34
35
|
return {
|
|
35
36
|
publicKeyLength: X_WING_1024_PUBLIC_KEY_LENGTH,
|
|
36
37
|
ciphertextLength: X_WING_1024_CIPHERTEXT_LENGTH,
|
|
@@ -56,16 +57,30 @@ export const ReallyMeXWing = {
|
|
|
56
57
|
const suite = xWingSuite(algorithm);
|
|
57
58
|
return readKeyPair(suite.generateKeypair(), suite);
|
|
58
59
|
},
|
|
60
|
+
generateKeyPairWithProvider(provider, algorithm) {
|
|
61
|
+
const suite = xWingSuiteWithProvider(algorithm, provider);
|
|
62
|
+
return readKeyPair(suite.generateKeypair(), suite);
|
|
63
|
+
},
|
|
59
64
|
deriveKeyPair(algorithm, secretKey) {
|
|
60
65
|
ensureBytes(secretKey, X_WING_SECRET_KEY_LENGTH);
|
|
61
66
|
const suite = xWingSuite(algorithm);
|
|
62
67
|
return readKeyPair(suite.deriveKeypair(secretKey), suite);
|
|
63
68
|
},
|
|
69
|
+
deriveKeyPairWithProvider(provider, algorithm, secretKey) {
|
|
70
|
+
ensureBytes(secretKey, X_WING_SECRET_KEY_LENGTH);
|
|
71
|
+
const suite = xWingSuiteWithProvider(algorithm, provider);
|
|
72
|
+
return readKeyPair(suite.deriveKeypair(secretKey), suite);
|
|
73
|
+
},
|
|
64
74
|
encapsulate(algorithm, publicKey) {
|
|
65
75
|
const suite = xWingSuite(algorithm);
|
|
66
76
|
ensureBytes(publicKey, suite.publicKeyLength);
|
|
67
77
|
return readEncapsulation(suite.encapsulate(publicKey), suite);
|
|
68
78
|
},
|
|
79
|
+
encapsulateWithProvider(provider, algorithm, publicKey) {
|
|
80
|
+
const suite = xWingSuiteWithProvider(algorithm, provider);
|
|
81
|
+
ensureBytes(publicKey, suite.publicKeyLength);
|
|
82
|
+
return readEncapsulation(suite.encapsulate(publicKey), suite);
|
|
83
|
+
},
|
|
69
84
|
decapsulate(algorithm, ciphertext, secretKey) {
|
|
70
85
|
const suite = xWingSuite(algorithm);
|
|
71
86
|
ensureBytes(ciphertext, suite.ciphertextLength);
|
|
@@ -77,6 +92,17 @@ export const ReallyMeXWing = {
|
|
|
77
92
|
ensureBytes(sharedSecret, X_WING_SHARED_SECRET_LENGTH);
|
|
78
93
|
return sharedSecret;
|
|
79
94
|
},
|
|
95
|
+
decapsulateWithProvider(provider, algorithm, ciphertext, secretKey) {
|
|
96
|
+
const suite = xWingSuiteWithProvider(algorithm, provider);
|
|
97
|
+
ensureBytes(ciphertext, suite.ciphertextLength);
|
|
98
|
+
ensureBytes(secretKey, X_WING_SECRET_KEY_LENGTH);
|
|
99
|
+
const sharedSecret = suite.decapsulate(ciphertext, secretKey);
|
|
100
|
+
if (!(sharedSecret instanceof Uint8Array)) {
|
|
101
|
+
throw new ReallyMeCryptoError("provider-failure");
|
|
102
|
+
}
|
|
103
|
+
ensureBytes(sharedSecret, X_WING_SHARED_SECRET_LENGTH);
|
|
104
|
+
return sharedSecret;
|
|
105
|
+
},
|
|
80
106
|
};
|
|
81
107
|
export const encapsulateXWingDeterministicallyForTest = (algorithm, publicKey, seed) => {
|
|
82
108
|
const suite = xWingSuite(algorithm);
|
|
@@ -84,3 +110,9 @@ export const encapsulateXWingDeterministicallyForTest = (algorithm, publicKey, s
|
|
|
84
110
|
ensureBytes(seed, X_WING_ENCAPSULATION_SEED_LENGTH);
|
|
85
111
|
return readEncapsulation(suite.encapsulateDerand(publicKey, seed), suite);
|
|
86
112
|
};
|
|
113
|
+
export const encapsulateXWingDeterministicallyWithProviderForTest = (provider, algorithm, publicKey, seed) => {
|
|
114
|
+
const suite = xWingSuiteWithProvider(algorithm, provider);
|
|
115
|
+
ensureBytes(publicKey, suite.publicKeyLength);
|
|
116
|
+
ensureBytes(seed, X_WING_ENCAPSULATION_SEED_LENGTH);
|
|
117
|
+
return readEncapsulation(suite.encapsulateDerand(publicKey, seed), suite);
|
|
118
|
+
};
|