@reallyme/crypto 0.1.8 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. package/LICENSE +201 -0
  2. package/README.md +43 -3
  3. package/dist/aead.d.ts +4 -0
  4. package/dist/aead.js +32 -15
  5. package/dist/aesKw.d.ts +3 -0
  6. package/dist/aesKw.js +10 -0
  7. package/dist/argon2id.d.ts +2 -0
  8. package/dist/argon2id.js +6 -0
  9. package/dist/cryptoFacade.d.ts +36 -0
  10. package/dist/cryptoFacade.js +71 -23
  11. package/dist/errors.d.ts +1 -1
  12. package/dist/hpke.d.ts +4 -0
  13. package/dist/hpke.js +20 -0
  14. package/dist/index.d.ts +5 -6
  15. package/dist/index.js +4 -4
  16. package/dist/jwaConcatKdf.js +8 -4
  17. package/dist/jwk.js +67 -72
  18. package/dist/memory.d.ts +8 -0
  19. package/dist/memory.js +13 -0
  20. package/dist/mlDsa.d.ts +5 -0
  21. package/dist/mlDsa.js +23 -0
  22. package/dist/mlKem.d.ts +6 -0
  23. package/dist/mlKem.js +29 -0
  24. package/dist/p256Ecdh.js +5 -1
  25. package/dist/p384Ecdh.js +5 -1
  26. package/dist/p521Ecdh.js +5 -1
  27. package/dist/proto/generated/reallyme/crypto/v1/crypto_pb.d.ts +1392 -72
  28. package/dist/proto/generated/reallyme/crypto/v1/crypto_pb.js +490 -17
  29. package/dist/proto.d.ts +113 -5
  30. package/dist/proto.js +706 -3
  31. package/dist/rsa.d.ts +2 -0
  32. package/dist/rsa.js +18 -15
  33. package/dist/slhDsa.d.ts +5 -0
  34. package/dist/slhDsa.js +21 -0
  35. package/dist/validateBytes.d.ts +1 -0
  36. package/dist/validateBytes.js +6 -0
  37. package/dist/wasm/reallyme_crypto_wasm.js +1 -246
  38. package/dist/wasm/reallyme_crypto_wasm_bg.wasm +0 -0
  39. package/dist/wasmModuleTypes.d.ts +2 -11
  40. package/dist/wasmProvider.d.ts +1 -16
  41. package/dist/wasmProvider.js +10 -25
  42. package/dist/xWing.d.ts +6 -0
  43. package/dist/xWing.js +34 -2
  44. package/package.json +7 -2
  45. package/dist/codecs.d.ts +0 -35
  46. package/dist/codecs.js +0 -216
  47. package/dist/proto/generated/reallyme/codec/v1/codec_pb.d.ts +0 -253
  48. package/dist/proto/generated/reallyme/codec/v1/codec_pb.js +0 -160
package/dist/rsa.d.ts CHANGED
@@ -1,4 +1,5 @@
1
1
  import type { ReallyMeSignatureAlgorithm } from "./algorithms.js";
2
+ import type { ReallyMeWasmProvider } from "./wasmProvider.js";
2
3
  export type ReallyMeRsaPublicKeyDerEncoding = "PKCS1" | "SPKI";
3
4
  export declare const RSA_PUBLIC_KEY_DER_MAX_LENGTH = 4096;
4
5
  export declare const RSA_SIGNATURE_MAX_LENGTH = 1024;
@@ -10,4 +11,5 @@ export declare const RSA_SIGNATURE_MAX_LENGTH = 1024;
10
11
  */
11
12
  export declare const ReallyMeRsa: {
12
13
  readonly verify: (algorithm: ReallyMeSignatureAlgorithm, signature: Uint8Array, message: Uint8Array, publicKeyDer: Uint8Array, publicKeyEncoding: ReallyMeRsaPublicKeyDerEncoding) => void;
14
+ readonly verifyWithProvider: (provider: ReallyMeWasmProvider, algorithm: ReallyMeSignatureAlgorithm, signature: Uint8Array, message: Uint8Array, publicKeyDer: Uint8Array, publicKeyEncoding: ReallyMeRsaPublicKeyDerEncoding) => void;
13
15
  };
package/dist/rsa.js CHANGED
@@ -75,6 +75,22 @@ const readVoid = (value) => {
75
75
  throw new ReallyMeCryptoError("provider-failure");
76
76
  }
77
77
  };
78
+ const verifyWithProvider = (provider, algorithm, signature, message, publicKeyDer, publicKeyEncoding) => {
79
+ validateBytes(publicKeyDer, RSA_PUBLIC_KEY_DER_MAX_LENGTH);
80
+ validateBytes(signature, RSA_SIGNATURE_MAX_LENGTH);
81
+ const encoding = encodingId(publicKeyEncoding);
82
+ const pkcs1 = pkcs1v15Suite(algorithm);
83
+ if (pkcs1 !== undefined) {
84
+ readVoid(provider.rsaVerifyPkcs1v15(publicKeyDer, encoding, pkcs1.hashSuite, message, signature));
85
+ return;
86
+ }
87
+ const pss = pssSuite(algorithm);
88
+ if (pss !== undefined) {
89
+ readVoid(provider.rsaVerifyPss(publicKeyDer, encoding, pss.messageHashSuite, pss.mgf1HashSuite, pss.saltLength, message, signature));
90
+ return;
91
+ }
92
+ throw new ReallyMeCryptoError("unsupported-algorithm");
93
+ };
78
94
  /**
79
95
  * RSA signature verification through the ReallyMe Rust WASM provider.
80
96
  *
@@ -83,20 +99,7 @@ const readVoid = (value) => {
83
99
  */
84
100
  export const ReallyMeRsa = {
85
101
  verify(algorithm, signature, message, publicKeyDer, publicKeyEncoding) {
86
- validateBytes(publicKeyDer, RSA_PUBLIC_KEY_DER_MAX_LENGTH);
87
- validateBytes(signature, RSA_SIGNATURE_MAX_LENGTH);
88
- const encoding = encodingId(publicKeyEncoding);
89
- const pkcs1 = pkcs1v15Suite(algorithm);
90
- const provider = requireReallyMeWasmProvider();
91
- if (pkcs1 !== undefined) {
92
- readVoid(provider.rsaVerifyPkcs1v15(publicKeyDer, encoding, pkcs1.hashSuite, message, signature));
93
- return;
94
- }
95
- const pss = pssSuite(algorithm);
96
- if (pss !== undefined) {
97
- readVoid(provider.rsaVerifyPss(publicKeyDer, encoding, pss.messageHashSuite, pss.mgf1HashSuite, pss.saltLength, message, signature));
98
- return;
99
- }
100
- throw new ReallyMeCryptoError("unsupported-algorithm");
102
+ verifyWithProvider(requireReallyMeWasmProvider(), algorithm, signature, message, publicKeyDer, publicKeyEncoding);
101
103
  },
104
+ verifyWithProvider,
102
105
  };
package/dist/slhDsa.d.ts CHANGED
@@ -1,4 +1,5 @@
1
1
  import type { ReallyMeSignatureAlgorithm } from "./algorithms.js";
2
+ import type { ReallyMeWasmProvider } from "./wasmProvider.js";
2
3
  export declare const SLH_DSA_SHA2_128S_PUBLIC_KEY_LENGTH = 32;
3
4
  export declare const SLH_DSA_SHA2_128S_SECRET_KEY_LENGTH = 64;
4
5
  export declare const SLH_DSA_SHA2_128S_SIGNATURE_LENGTH = 7856;
@@ -9,7 +10,11 @@ export type ReallyMeSlhDsaKeyPair = Readonly<{
9
10
  }>;
10
11
  export declare const ReallyMeSlhDsa: {
11
12
  readonly generateKeyPair: (algorithm: ReallyMeSignatureAlgorithm) => ReallyMeSlhDsaKeyPair;
13
+ readonly generateKeyPairWithProvider: (provider: ReallyMeWasmProvider, algorithm: ReallyMeSignatureAlgorithm) => ReallyMeSlhDsaKeyPair;
12
14
  readonly sign: (algorithm: ReallyMeSignatureAlgorithm, message: Uint8Array, secretKey: Uint8Array) => Uint8Array;
15
+ readonly signWithProvider: (provider: ReallyMeWasmProvider, algorithm: ReallyMeSignatureAlgorithm, message: Uint8Array, secretKey: Uint8Array) => Uint8Array;
13
16
  readonly verify: (algorithm: ReallyMeSignatureAlgorithm, signature: Uint8Array, message: Uint8Array, publicKey: Uint8Array) => void;
17
+ readonly verifyWithProvider: (provider: ReallyMeWasmProvider, algorithm: ReallyMeSignatureAlgorithm, signature: Uint8Array, message: Uint8Array, publicKey: Uint8Array) => void;
14
18
  };
15
19
  export declare const deriveSlhDsaSha2128sKeypairForTest: (skSeed: Uint8Array, skPrf: Uint8Array, pkSeed: Uint8Array) => ReallyMeSlhDsaKeyPair;
20
+ export declare const deriveSlhDsaSha2128sKeypairWithProviderForTest: (provider: ReallyMeWasmProvider, skSeed: Uint8Array, skPrf: Uint8Array, pkSeed: Uint8Array) => ReallyMeSlhDsaKeyPair;
package/dist/slhDsa.js CHANGED
@@ -34,17 +34,32 @@ export const ReallyMeSlhDsa = {
34
34
  assertSlhDsa(algorithm);
35
35
  return readKeyPair(requireReallyMeWasmProvider().slhDsaSha2128sGenerateKeypair());
36
36
  },
37
+ generateKeyPairWithProvider(provider, algorithm) {
38
+ assertSlhDsa(algorithm);
39
+ return readKeyPair(provider.slhDsaSha2128sGenerateKeypair());
40
+ },
37
41
  sign(algorithm, message, secretKey) {
38
42
  assertSlhDsa(algorithm);
39
43
  ensureBytes(secretKey, SLH_DSA_SHA2_128S_SECRET_KEY_LENGTH);
40
44
  return readSignature(requireReallyMeWasmProvider().slhDsaSha2128sSign(secretKey, message));
41
45
  },
46
+ signWithProvider(provider, algorithm, message, secretKey) {
47
+ assertSlhDsa(algorithm);
48
+ ensureBytes(secretKey, SLH_DSA_SHA2_128S_SECRET_KEY_LENGTH);
49
+ return readSignature(provider.slhDsaSha2128sSign(secretKey, message));
50
+ },
42
51
  verify(algorithm, signature, message, publicKey) {
43
52
  assertSlhDsa(algorithm);
44
53
  ensureBytes(publicKey, SLH_DSA_SHA2_128S_PUBLIC_KEY_LENGTH);
45
54
  ensureBytes(signature, SLH_DSA_SHA2_128S_SIGNATURE_LENGTH);
46
55
  readVoid(requireReallyMeWasmProvider().slhDsaSha2128sVerify(publicKey, message, signature));
47
56
  },
57
+ verifyWithProvider(provider, algorithm, signature, message, publicKey) {
58
+ assertSlhDsa(algorithm);
59
+ ensureBytes(publicKey, SLH_DSA_SHA2_128S_PUBLIC_KEY_LENGTH);
60
+ ensureBytes(signature, SLH_DSA_SHA2_128S_SIGNATURE_LENGTH);
61
+ readVoid(provider.slhDsaSha2128sVerify(publicKey, message, signature));
62
+ },
48
63
  };
49
64
  export const deriveSlhDsaSha2128sKeypairForTest = (skSeed, skPrf, pkSeed) => {
50
65
  ensureBytes(skSeed, SLH_DSA_SHA2_128S_KEYGEN_SEED_LENGTH);
@@ -52,3 +67,9 @@ export const deriveSlhDsaSha2128sKeypairForTest = (skSeed, skPrf, pkSeed) => {
52
67
  ensureBytes(pkSeed, SLH_DSA_SHA2_128S_KEYGEN_SEED_LENGTH);
53
68
  return readKeyPair(requireReallyMeWasmProvider().slhDsaSha2128sDeriveKeypair(skSeed, skPrf, pkSeed));
54
69
  };
70
+ export const deriveSlhDsaSha2128sKeypairWithProviderForTest = (provider, skSeed, skPrf, pkSeed) => {
71
+ ensureBytes(skSeed, SLH_DSA_SHA2_128S_KEYGEN_SEED_LENGTH);
72
+ ensureBytes(skPrf, SLH_DSA_SHA2_128S_KEYGEN_SEED_LENGTH);
73
+ ensureBytes(pkSeed, SLH_DSA_SHA2_128S_KEYGEN_SEED_LENGTH);
74
+ return readKeyPair(provider.slhDsaSha2128sDeriveKeypair(skSeed, skPrf, pkSeed));
75
+ };
@@ -1,2 +1,3 @@
1
+ export declare const ensureByteArray: (value: Uint8Array) => void;
1
2
  export declare const ensureBytes: (value: Uint8Array, expectedLength: number) => void;
2
3
  export declare const readByteArrayProperty: (value: unknown, propertyName: string, expectedLength: number) => Uint8Array;
@@ -2,7 +2,13 @@
2
2
  //
3
3
  // SPDX-License-Identifier: Apache-2.0
4
4
  import { ReallyMeCryptoError } from "./errors.js";
5
+ export const ensureByteArray = (value) => {
6
+ if (!(value instanceof Uint8Array)) {
7
+ throw new ReallyMeCryptoError("invalid-input");
8
+ }
9
+ };
5
10
  export const ensureBytes = (value, expectedLength) => {
11
+ ensureByteArray(value);
6
12
  if (value.length !== expectedLength) {
7
13
  throw new ReallyMeCryptoError("invalid-input");
8
14
  }
@@ -171,39 +171,6 @@ export function argon2idDeriveKey(kdf_version, secret, salt) {
171
171
  return takeFromExternrefTable0(ret[0]);
172
172
  }
173
173
 
174
- /**
175
- * Decode strict, unpadded RFC 4648 URL-safe base64.
176
- * @param {string} encoded
177
- * @returns {Uint8Array}
178
- */
179
- export function base64urlDecode(encoded) {
180
- const ptr0 = passStringToWasm0(encoded, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
181
- const len0 = WASM_VECTOR_LEN;
182
- const ret = wasm.base64urlDecode(ptr0, len0);
183
- if (ret[2]) {
184
- throw takeFromExternrefTable0(ret[1]);
185
- }
186
- return takeFromExternrefTable0(ret[0]);
187
- }
188
-
189
- /**
190
- * Encode bytes as RFC 4648 URL-safe base64 without padding.
191
- * @param {Uint8Array} bytes
192
- * @returns {string}
193
- */
194
- export function base64urlEncode(bytes) {
195
- let deferred1_0;
196
- let deferred1_1;
197
- try {
198
- const ret = wasm.base64urlEncode(bytes);
199
- deferred1_0 = ret[0];
200
- deferred1_1 = ret[1];
201
- return getStringFromWasm0(ret[0], ret[1]);
202
- } finally {
203
- wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);
204
- }
205
- }
206
-
207
174
  /**
208
175
  * Open and authenticate a ChaCha20-Poly1305 `ciphertext || tag`.
209
176
  * @param {Uint8Array} key
@@ -236,40 +203,6 @@ export function chacha20Poly1305Seal(key, nonce, aad, plaintext) {
236
203
  return takeFromExternrefTable0(ret[0]);
237
204
  }
238
205
 
239
- /**
240
- * Compute a CIDv1 dag-cbor/sha2-256 string for already-canonical DAG-CBOR bytes.
241
- * @param {Uint8Array} bytes
242
- * @returns {string}
243
- */
244
- export function dagCborComputeCid(bytes) {
245
- let deferred1_0;
246
- let deferred1_1;
247
- try {
248
- const ret = wasm.dagCborComputeCid(bytes);
249
- deferred1_0 = ret[0];
250
- deferred1_1 = ret[1];
251
- return getStringFromWasm0(ret[0], ret[1]);
252
- } finally {
253
- wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);
254
- }
255
- }
256
-
257
- /**
258
- * Recompute and compare a CIDv1 dag-cbor/sha2-256 string.
259
- * @param {string} cid
260
- * @param {Uint8Array} bytes
261
- * @returns {any}
262
- */
263
- export function dagCborVerifyCid(cid, bytes) {
264
- const ptr0 = passStringToWasm0(cid, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
265
- const len0 = WASM_VECTOR_LEN;
266
- const ret = wasm.dagCborVerifyCid(ptr0, len0, bytes);
267
- if (ret[2]) {
268
- throw takeFromExternrefTable0(ret[1]);
269
- }
270
- return takeFromExternrefTable0(ret[0]);
271
- }
272
-
273
206
  /**
274
207
  * Open one RFC 9180 HPKE Base-mode message.
275
208
  * @param {number} suite
@@ -677,127 +610,6 @@ export function mlKem768GenerateKeypair() {
677
610
  return takeFromExternrefTable0(ret[0]);
678
611
  }
679
612
 
680
- /**
681
- * Encode bytes with the multibase base58btc prefix.
682
- * @param {Uint8Array} bytes
683
- * @returns {string}
684
- */
685
- export function multibaseBase58btcEncode(bytes) {
686
- let deferred1_0;
687
- let deferred1_1;
688
- try {
689
- const ret = wasm.multibaseBase58btcEncode(bytes);
690
- deferred1_0 = ret[0];
691
- deferred1_1 = ret[1];
692
- return getStringFromWasm0(ret[0], ret[1]);
693
- } finally {
694
- wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);
695
- }
696
- }
697
-
698
- /**
699
- * Encode bytes with the multibase base64url prefix.
700
- * @param {Uint8Array} bytes
701
- * @returns {string}
702
- */
703
- export function multibaseBase64urlEncode(bytes) {
704
- let deferred1_0;
705
- let deferred1_1;
706
- try {
707
- const ret = wasm.multibaseBase64urlEncode(bytes);
708
- deferred1_0 = ret[0];
709
- deferred1_1 = ret[1];
710
- return getStringFromWasm0(ret[0], ret[1]);
711
- } finally {
712
- wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);
713
- }
714
- }
715
-
716
- /**
717
- * Decode a supported multibase string.
718
- * @param {string} encoded
719
- * @returns {Uint8Array}
720
- */
721
- export function multibaseDecode(encoded) {
722
- const ptr0 = passStringToWasm0(encoded, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
723
- const len0 = WASM_VECTOR_LEN;
724
- const ret = wasm.multibaseDecode(ptr0, len0);
725
- if (ret[2]) {
726
- throw takeFromExternrefTable0(ret[1]);
727
- }
728
- return takeFromExternrefTable0(ret[0]);
729
- }
730
-
731
- /**
732
- * Resolve a byte slice that starts with a known multicodec prefix.
733
- * @param {Uint8Array} bytes
734
- * @returns {any}
735
- */
736
- export function multicodecLookupPrefix(bytes) {
737
- const ret = wasm.multicodecLookupPrefix(bytes);
738
- if (ret[2]) {
739
- throw takeFromExternrefTable0(ret[1]);
740
- }
741
- return takeFromExternrefTable0(ret[0]);
742
- }
743
-
744
- /**
745
- * Return multicodec metadata for a canonical codec name.
746
- * @param {string} codec_name
747
- * @returns {any}
748
- */
749
- export function multicodecPrefixForName(codec_name) {
750
- const ptr0 = passStringToWasm0(codec_name, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
751
- const len0 = WASM_VECTOR_LEN;
752
- const ret = wasm.multicodecPrefixForName(ptr0, len0);
753
- if (ret[2]) {
754
- throw takeFromExternrefTable0(ret[1]);
755
- }
756
- return takeFromExternrefTable0(ret[0]);
757
- }
758
-
759
- /**
760
- * Encode a public key as a multibase base58btc multikey.
761
- * @param {string} codec_name
762
- * @param {Uint8Array} public_key
763
- * @returns {string}
764
- */
765
- export function multikeyEncode(codec_name, public_key) {
766
- let deferred3_0;
767
- let deferred3_1;
768
- try {
769
- const ptr0 = passStringToWasm0(codec_name, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
770
- const len0 = WASM_VECTOR_LEN;
771
- const ret = wasm.multikeyEncode(ptr0, len0, public_key);
772
- var ptr2 = ret[0];
773
- var len2 = ret[1];
774
- if (ret[3]) {
775
- ptr2 = 0; len2 = 0;
776
- throw takeFromExternrefTable0(ret[2]);
777
- }
778
- deferred3_0 = ptr2;
779
- deferred3_1 = len2;
780
- return getStringFromWasm0(ptr2, len2);
781
- } finally {
782
- wasm.__wbindgen_free(deferred3_0, deferred3_1, 1);
783
- }
784
- }
785
-
786
- /**
787
- * Parse and validate a multikey string.
788
- * @param {string} multikey
789
- * @returns {any}
790
- */
791
- export function multikeyParse(multikey) {
792
- const ptr0 = passStringToWasm0(multikey, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
793
- const len0 = WASM_VECTOR_LEN;
794
- const ret = wasm.multikeyParse(ptr0, len0);
795
- if (ret[2]) {
796
- throw takeFromExternrefTable0(ret[1]);
797
- }
798
- return takeFromExternrefTable0(ret[0]);
799
- }
800
-
801
613
  /**
802
614
  * Verify an RSASSA-PKCS1-v1_5 signature against a DER RSA public key.
803
615
  * @param {Uint8Array} public_key_der
@@ -1075,12 +887,7 @@ function __wbg_get_imports() {
1075
887
  const ret = Reflect.set(arg0, arg1, arg2);
1076
888
  return ret;
1077
889
  }, arguments); },
1078
- __wbindgen_cast_0000000000000001: function(arg0) {
1079
- // Cast intrinsic for `F64 -> Externref`.
1080
- const ret = arg0;
1081
- return ret;
1082
- },
1083
- __wbindgen_cast_0000000000000002: function(arg0, arg1) {
890
+ __wbindgen_cast_0000000000000001: function(arg0, arg1) {
1084
891
  // Cast intrinsic for `Ref(String) -> Externref`.
1085
892
  const ret = getStringFromWasm0(arg0, arg1);
1086
893
  return ret;
@@ -1133,43 +940,6 @@ function handleError(f, args) {
1133
940
  }
1134
941
  }
1135
942
 
1136
- function passStringToWasm0(arg, malloc, realloc) {
1137
- if (realloc === undefined) {
1138
- const buf = cachedTextEncoder.encode(arg);
1139
- const ptr = malloc(buf.length, 1) >>> 0;
1140
- getUint8ArrayMemory0().subarray(ptr, ptr + buf.length).set(buf);
1141
- WASM_VECTOR_LEN = buf.length;
1142
- return ptr;
1143
- }
1144
-
1145
- let len = arg.length;
1146
- let ptr = malloc(len, 1) >>> 0;
1147
-
1148
- const mem = getUint8ArrayMemory0();
1149
-
1150
- let offset = 0;
1151
-
1152
- for (; offset < len; offset++) {
1153
- const code = arg.charCodeAt(offset);
1154
- if (code > 0x7F) break;
1155
- mem[ptr + offset] = code;
1156
- }
1157
- if (offset !== len) {
1158
- if (offset !== 0) {
1159
- arg = arg.slice(offset);
1160
- }
1161
- ptr = realloc(ptr, len, len = offset + arg.length * 3, 1) >>> 0;
1162
- const view = getUint8ArrayMemory0().subarray(ptr + offset, ptr + len);
1163
- const ret = cachedTextEncoder.encodeInto(arg, view);
1164
-
1165
- offset += ret.written;
1166
- ptr = realloc(ptr, len, offset, 1) >>> 0;
1167
- }
1168
-
1169
- WASM_VECTOR_LEN = offset;
1170
- return ptr;
1171
- }
1172
-
1173
943
  function takeFromExternrefTable0(idx) {
1174
944
  const value = wasm.__wbindgen_externrefs.get(idx);
1175
945
  wasm.__externref_table_dealloc(idx);
@@ -1190,21 +960,6 @@ function decodeText(ptr, len) {
1190
960
  return cachedTextDecoder.decode(getUint8ArrayMemory0().subarray(ptr, ptr + len));
1191
961
  }
1192
962
 
1193
- const cachedTextEncoder = new TextEncoder();
1194
-
1195
- if (!('encodeInto' in cachedTextEncoder)) {
1196
- cachedTextEncoder.encodeInto = function (arg, view) {
1197
- const buf = cachedTextEncoder.encode(arg);
1198
- view.set(buf);
1199
- return {
1200
- read: arg.length,
1201
- written: buf.length
1202
- };
1203
- };
1204
- }
1205
-
1206
- let WASM_VECTOR_LEN = 0;
1207
-
1208
963
  let wasmModule, wasmInstance, wasm;
1209
964
  function __wbg_finalize_init(instance, module) {
1210
965
  wasmInstance = instance;
@@ -15,17 +15,6 @@ export declare function aes256GcmSivSeal(key: Uint8Array, nonce: Uint8Array, aad
15
15
  export declare function aes256KwUnwrapKey(wrappingKey: Uint8Array, wrappedKey: Uint8Array): Uint8Array;
16
16
  export declare function aes256KwWrapKey(wrappingKey: Uint8Array, keyToWrap: Uint8Array): Uint8Array;
17
17
  export declare function argon2idDeriveKey(kdfVersion: number, secret: Uint8Array, salt: Uint8Array): Uint8Array;
18
- export declare function base64urlDecode(encoded: string): Uint8Array;
19
- export declare function base64urlEncode(bytes: Uint8Array): string;
20
- export declare function dagCborComputeCid(bytes: Uint8Array): string;
21
- export declare function dagCborVerifyCid(cid: string, bytes: Uint8Array): unknown;
22
- export declare function multibaseBase58btcEncode(bytes: Uint8Array): string;
23
- export declare function multibaseBase64urlEncode(bytes: Uint8Array): string;
24
- export declare function multibaseDecode(encoded: string): Uint8Array;
25
- export declare function multicodecLookupPrefix(bytes: Uint8Array): unknown;
26
- export declare function multicodecPrefixForName(codecName: string): unknown;
27
- export declare function multikeyEncode(codecName: string, publicKey: Uint8Array): string;
28
- export declare function multikeyParse(multikey: string): unknown;
29
18
  export declare function hpkeOpenBase(suite: number, recipientSecretKey: Uint8Array, encapsulatedKey: Uint8Array, info: Uint8Array, aad: Uint8Array, ciphertext: Uint8Array): Uint8Array;
30
19
  export declare function hpkeSealBase(suite: number, recipientPublicKey: Uint8Array, info: Uint8Array, aad: Uint8Array, plaintext: Uint8Array): unknown;
31
20
  export declare function hpkeSealBaseDerand(suite: number, recipientPublicKey: Uint8Array, encapsulationRandomness: Uint8Array, info: Uint8Array, aad: Uint8Array, plaintext: Uint8Array): unknown;
@@ -56,6 +45,8 @@ export declare function mlDsa87GenerateKeypair(): unknown;
56
45
  export declare function mlDsa87DeriveKeypair(secretKey: Uint8Array): unknown;
57
46
  export declare function mlDsa87Sign(secretKey: Uint8Array, message: Uint8Array): Uint8Array;
58
47
  export declare function mlDsa87Verify(publicKey: Uint8Array, message: Uint8Array, signature: Uint8Array): void;
48
+ export declare function rsaVerifyPkcs1v15(publicKeyDer: Uint8Array, publicKeyEncoding: number, hashSuite: number, message: Uint8Array, signature: Uint8Array): void;
49
+ export declare function rsaVerifyPss(publicKeyDer: Uint8Array, publicKeyEncoding: number, messageHashSuite: number, mgf1HashSuite: number, saltLength: number, message: Uint8Array, signature: Uint8Array): void;
59
50
  export declare function slhDsaSha2128sGenerateKeypair(): unknown;
60
51
  export declare function slhDsaSha2128sDeriveKeypair(skSeed: Uint8Array, skPrf: Uint8Array, pkSeed: Uint8Array): unknown;
61
52
  export declare function slhDsaSha2128sSign(secretKey: Uint8Array, message: Uint8Array): Uint8Array;
@@ -3,11 +3,6 @@ type GenerateKeypairFromSeedFn = (seed: Uint8Array) => unknown;
3
3
  type Argon2idFn = (kdfVersion: number, secret: Uint8Array, salt: Uint8Array) => unknown;
4
4
  type AeadFn = (key: Uint8Array, nonce: Uint8Array, aad: Uint8Array, text: Uint8Array) => unknown;
5
5
  type KeyWrapFn = (wrappingKey: Uint8Array, keyMaterial: Uint8Array) => unknown;
6
- type BytesToStringFn = (bytes: Uint8Array) => unknown;
7
- type BytesToObjectFn = (bytes: Uint8Array) => unknown;
8
- type StringToBytesFn = (text: string) => unknown;
9
- type StringToObjectFn = (text: string) => unknown;
10
- type StringBytesToStringFn = (text: string, bytes: Uint8Array) => unknown;
11
6
  type SignatureSignFn = (secretKey: Uint8Array, message: Uint8Array) => unknown;
12
7
  type SignatureVerifyFn = (publicKey: Uint8Array, message: Uint8Array, signature: Uint8Array) => unknown;
13
8
  type RsaPkcs1v15VerifyFn = (publicKeyDer: Uint8Array, publicKeyEncoding: number, hashSuite: number, message: Uint8Array, signature: Uint8Array) => unknown;
@@ -36,17 +31,6 @@ export type ReallyMeWasmProvider = Readonly<{
36
31
  aes256KwWrapKey: KeyWrapFn;
37
32
  aes256KwUnwrapKey: KeyWrapFn;
38
33
  argon2idDeriveKey: Argon2idFn;
39
- base64urlEncode: BytesToStringFn;
40
- base64urlDecode: StringToBytesFn;
41
- multibaseBase64urlEncode: BytesToStringFn;
42
- multibaseBase58btcEncode: BytesToStringFn;
43
- multibaseDecode: StringToBytesFn;
44
- multicodecPrefixForName: StringToObjectFn;
45
- multicodecLookupPrefix: BytesToObjectFn;
46
- multikeyEncode: StringBytesToStringFn;
47
- multikeyParse: StringToObjectFn;
48
- dagCborComputeCid: BytesToStringFn;
49
- dagCborVerifyCid: StringBytesToStringFn;
50
34
  hpkeSealBase: HpkeSealFn;
51
35
  hpkeSealBaseDerand: HpkeSealDerandFn;
52
36
  hpkeOpenBase: HpkeOpenFn;
@@ -94,6 +78,7 @@ export type ReallyMeWasmProvider = Readonly<{
94
78
  xWing1024EncapsulateDerand: EncapsulateDerandFn;
95
79
  xWing1024Decapsulate: DecapsulateFn;
96
80
  }>;
81
+ export declare const createReallyMeWasmProvider: (module: unknown) => ReallyMeWasmProvider;
97
82
  export declare const installReallyMeWasmProvider: (module: unknown) => void;
98
83
  export declare const requireReallyMeWasmProvider: () => ReallyMeWasmProvider;
99
84
  export {};
@@ -29,6 +29,8 @@ const wasmErrorCode = (error) => {
29
29
  return "invalid-input";
30
30
  case "invalid-signature":
31
31
  return "invalid-signature";
32
+ case "authentication-failed":
33
+ return "authentication-failed";
32
34
  case "unsupported-algorithm":
33
35
  return "unsupported-algorithm";
34
36
  case "provider-failure":
@@ -48,18 +50,6 @@ const function2 = (module, name) => {
48
50
  const callable = requireFunction(module, name);
49
51
  return (first, second) => callable(first, second);
50
52
  };
51
- const stringFunction1 = (module, name) => {
52
- const callable = requireFunction(module, name);
53
- return (text) => callable(text);
54
- };
55
- const bytesFunction1 = (module, name) => {
56
- const callable = requireFunction(module, name);
57
- return (bytes) => callable(bytes);
58
- };
59
- const stringBytesFunction2 = (module, name) => {
60
- const callable = requireFunction(module, name);
61
- return (text, bytes) => callable(text, bytes);
62
- };
63
53
  const function3 = (module, name) => {
64
54
  const callable = requireFunction(module, name);
65
55
  return (first, second, third) => callable(first, second, third);
@@ -96,9 +86,9 @@ const rsaPssVerifyFunction = (module, name) => {
96
86
  const callable = requireFunction(module, name);
97
87
  return (publicKeyDer, publicKeyEncoding, messageHashSuite, mgf1HashSuite, saltLength, message, signature) => callable(publicKeyDer, publicKeyEncoding, messageHashSuite, mgf1HashSuite, saltLength, message, signature);
98
88
  };
99
- export const installReallyMeWasmProvider = (module) => {
89
+ export const createReallyMeWasmProvider = (module) => {
100
90
  const providerModule = requireObject(module);
101
- installedProvider = {
91
+ return {
102
92
  aes128GcmSeal: function4(providerModule, "aes128GcmSeal"),
103
93
  aes128GcmOpen: function4(providerModule, "aes128GcmOpen"),
104
94
  aes192GcmSeal: function4(providerModule, "aes192GcmSeal"),
@@ -114,17 +104,6 @@ export const installReallyMeWasmProvider = (module) => {
114
104
  aes256KwWrapKey: function2(providerModule, "aes256KwWrapKey"),
115
105
  aes256KwUnwrapKey: function2(providerModule, "aes256KwUnwrapKey"),
116
106
  argon2idDeriveKey: argon2idFunction(providerModule, "argon2idDeriveKey"),
117
- base64urlEncode: bytesFunction1(providerModule, "base64urlEncode"),
118
- base64urlDecode: stringFunction1(providerModule, "base64urlDecode"),
119
- multibaseBase64urlEncode: bytesFunction1(providerModule, "multibaseBase64urlEncode"),
120
- multibaseBase58btcEncode: bytesFunction1(providerModule, "multibaseBase58btcEncode"),
121
- multibaseDecode: stringFunction1(providerModule, "multibaseDecode"),
122
- multicodecPrefixForName: stringFunction1(providerModule, "multicodecPrefixForName"),
123
- multicodecLookupPrefix: bytesFunction1(providerModule, "multicodecLookupPrefix"),
124
- multikeyEncode: stringBytesFunction2(providerModule, "multikeyEncode"),
125
- multikeyParse: stringFunction1(providerModule, "multikeyParse"),
126
- dagCborComputeCid: bytesFunction1(providerModule, "dagCborComputeCid"),
127
- dagCborVerifyCid: stringBytesFunction2(providerModule, "dagCborVerifyCid"),
128
107
  hpkeSealBase: hpkeSealFunction(providerModule, "hpkeSealBase"),
129
108
  hpkeSealBaseDerand: hpkeSealDerandFunction(providerModule, "hpkeSealBaseDerand"),
130
109
  hpkeOpenBase: hpkeOpenFunction(providerModule, "hpkeOpenBase"),
@@ -173,6 +152,12 @@ export const installReallyMeWasmProvider = (module) => {
173
152
  xWing1024Decapsulate: function2(providerModule, "xWing1024Decapsulate"),
174
153
  };
175
154
  };
155
+ export const installReallyMeWasmProvider = (module) => {
156
+ if (installedProvider !== undefined) {
157
+ throw new ReallyMeCryptoError("provider-failure");
158
+ }
159
+ installedProvider = createReallyMeWasmProvider(module);
160
+ };
176
161
  export const requireReallyMeWasmProvider = () => {
177
162
  if (installedProvider === undefined) {
178
163
  throw new ReallyMeCryptoError("provider-failure");
package/dist/xWing.d.ts CHANGED
@@ -1,4 +1,5 @@
1
1
  import type { ReallyMeKemAlgorithm } from "./algorithms.js";
2
+ import type { ReallyMeWasmProvider } from "./wasmProvider.js";
2
3
  export declare const X_WING_SECRET_KEY_LENGTH = 32;
3
4
  export declare const X_WING_ENCAPSULATION_SEED_LENGTH = 64;
4
5
  export declare const X_WING_SHARED_SECRET_LENGTH = 32;
@@ -16,8 +17,13 @@ export type ReallyMeXWingEncapsulation = Readonly<{
16
17
  }>;
17
18
  export declare const ReallyMeXWing: {
18
19
  readonly generateKeyPair: (algorithm: ReallyMeKemAlgorithm) => ReallyMeXWingKeyPair;
20
+ readonly generateKeyPairWithProvider: (provider: ReallyMeWasmProvider, algorithm: ReallyMeKemAlgorithm) => ReallyMeXWingKeyPair;
19
21
  readonly deriveKeyPair: (algorithm: ReallyMeKemAlgorithm, secretKey: Uint8Array) => ReallyMeXWingKeyPair;
22
+ readonly deriveKeyPairWithProvider: (provider: ReallyMeWasmProvider, algorithm: ReallyMeKemAlgorithm, secretKey: Uint8Array) => ReallyMeXWingKeyPair;
20
23
  readonly encapsulate: (algorithm: ReallyMeKemAlgorithm, publicKey: Uint8Array) => ReallyMeXWingEncapsulation;
24
+ readonly encapsulateWithProvider: (provider: ReallyMeWasmProvider, algorithm: ReallyMeKemAlgorithm, publicKey: Uint8Array) => ReallyMeXWingEncapsulation;
21
25
  readonly decapsulate: (algorithm: ReallyMeKemAlgorithm, ciphertext: Uint8Array, secretKey: Uint8Array) => Uint8Array;
26
+ readonly decapsulateWithProvider: (provider: ReallyMeWasmProvider, algorithm: ReallyMeKemAlgorithm, ciphertext: Uint8Array, secretKey: Uint8Array) => Uint8Array;
22
27
  };
23
28
  export declare const encapsulateXWingDeterministicallyForTest: (algorithm: ReallyMeKemAlgorithm, publicKey: Uint8Array, seed: Uint8Array) => ReallyMeXWingEncapsulation;
29
+ export declare const encapsulateXWingDeterministicallyWithProviderForTest: (provider: ReallyMeWasmProvider, algorithm: ReallyMeKemAlgorithm, publicKey: Uint8Array, seed: Uint8Array) => ReallyMeXWingEncapsulation;
package/dist/xWing.js CHANGED
@@ -12,13 +12,15 @@ export const X_WING_768_CIPHERTEXT_LENGTH = 1_120;
12
12
  export const X_WING_1024_PUBLIC_KEY_LENGTH = 1_600;
13
13
  export const X_WING_1024_CIPHERTEXT_LENGTH = 1_600;
14
14
  const xWingSuite = (algorithm) => {
15
+ return xWingSuiteWithProvider(algorithm, requireReallyMeWasmProvider());
16
+ };
17
+ const xWingSuiteWithProvider = (algorithm, provider) => {
15
18
  switch (algorithm) {
16
19
  case "ML-KEM-512":
17
20
  case "ML-KEM-768":
18
21
  case "ML-KEM-1024":
19
22
  throw new ReallyMeCryptoError("unsupported-algorithm");
20
23
  case "X-Wing-768": {
21
- const provider = requireReallyMeWasmProvider();
22
24
  return {
23
25
  publicKeyLength: X_WING_768_PUBLIC_KEY_LENGTH,
24
26
  ciphertextLength: X_WING_768_CIPHERTEXT_LENGTH,
@@ -30,7 +32,6 @@ const xWingSuite = (algorithm) => {
30
32
  };
31
33
  }
32
34
  case "X-Wing-1024": {
33
- const provider = requireReallyMeWasmProvider();
34
35
  return {
35
36
  publicKeyLength: X_WING_1024_PUBLIC_KEY_LENGTH,
36
37
  ciphertextLength: X_WING_1024_CIPHERTEXT_LENGTH,
@@ -56,16 +57,30 @@ export const ReallyMeXWing = {
56
57
  const suite = xWingSuite(algorithm);
57
58
  return readKeyPair(suite.generateKeypair(), suite);
58
59
  },
60
+ generateKeyPairWithProvider(provider, algorithm) {
61
+ const suite = xWingSuiteWithProvider(algorithm, provider);
62
+ return readKeyPair(suite.generateKeypair(), suite);
63
+ },
59
64
  deriveKeyPair(algorithm, secretKey) {
60
65
  ensureBytes(secretKey, X_WING_SECRET_KEY_LENGTH);
61
66
  const suite = xWingSuite(algorithm);
62
67
  return readKeyPair(suite.deriveKeypair(secretKey), suite);
63
68
  },
69
+ deriveKeyPairWithProvider(provider, algorithm, secretKey) {
70
+ ensureBytes(secretKey, X_WING_SECRET_KEY_LENGTH);
71
+ const suite = xWingSuiteWithProvider(algorithm, provider);
72
+ return readKeyPair(suite.deriveKeypair(secretKey), suite);
73
+ },
64
74
  encapsulate(algorithm, publicKey) {
65
75
  const suite = xWingSuite(algorithm);
66
76
  ensureBytes(publicKey, suite.publicKeyLength);
67
77
  return readEncapsulation(suite.encapsulate(publicKey), suite);
68
78
  },
79
+ encapsulateWithProvider(provider, algorithm, publicKey) {
80
+ const suite = xWingSuiteWithProvider(algorithm, provider);
81
+ ensureBytes(publicKey, suite.publicKeyLength);
82
+ return readEncapsulation(suite.encapsulate(publicKey), suite);
83
+ },
69
84
  decapsulate(algorithm, ciphertext, secretKey) {
70
85
  const suite = xWingSuite(algorithm);
71
86
  ensureBytes(ciphertext, suite.ciphertextLength);
@@ -77,6 +92,17 @@ export const ReallyMeXWing = {
77
92
  ensureBytes(sharedSecret, X_WING_SHARED_SECRET_LENGTH);
78
93
  return sharedSecret;
79
94
  },
95
+ decapsulateWithProvider(provider, algorithm, ciphertext, secretKey) {
96
+ const suite = xWingSuiteWithProvider(algorithm, provider);
97
+ ensureBytes(ciphertext, suite.ciphertextLength);
98
+ ensureBytes(secretKey, X_WING_SECRET_KEY_LENGTH);
99
+ const sharedSecret = suite.decapsulate(ciphertext, secretKey);
100
+ if (!(sharedSecret instanceof Uint8Array)) {
101
+ throw new ReallyMeCryptoError("provider-failure");
102
+ }
103
+ ensureBytes(sharedSecret, X_WING_SHARED_SECRET_LENGTH);
104
+ return sharedSecret;
105
+ },
80
106
  };
81
107
  export const encapsulateXWingDeterministicallyForTest = (algorithm, publicKey, seed) => {
82
108
  const suite = xWingSuite(algorithm);
@@ -84,3 +110,9 @@ export const encapsulateXWingDeterministicallyForTest = (algorithm, publicKey, s
84
110
  ensureBytes(seed, X_WING_ENCAPSULATION_SEED_LENGTH);
85
111
  return readEncapsulation(suite.encapsulateDerand(publicKey, seed), suite);
86
112
  };
113
+ export const encapsulateXWingDeterministicallyWithProviderForTest = (provider, algorithm, publicKey, seed) => {
114
+ const suite = xWingSuiteWithProvider(algorithm, provider);
115
+ ensureBytes(publicKey, suite.publicKeyLength);
116
+ ensureBytes(seed, X_WING_ENCAPSULATION_SEED_LENGTH);
117
+ return readEncapsulation(suite.encapsulateDerand(publicKey, seed), suite);
118
+ };