@structured-id/opaque 0.0.0-development

package/LICENSE

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/dist/index.d.mts

@@ -0,0 +1,64 @@
+interface RegistrationStartResult {
+    /** The blinded message to send to the server. */
+    request: Uint8Array;
+    /** Client state to preserve for the finish step. */
+    state: Uint8Array;
+}
+interface RegistrationFinishResult {
+    /** The registration record to send to the server for storage. */
+    record: Uint8Array;
+    /** The export key derived during registration. */
+    exportKey: Uint8Array;
+}
+
+interface LoginStartResult {
+    /** The credential request to send to the server. */
+    request: Uint8Array;
+    /** Client state to preserve for the finish step. */
+    state: Uint8Array;
+}
+interface LoginFinishResult {
+    /** The credential finalization message to send to the server. */
+    finalization: Uint8Array;
+    /** The session key for subsequent communication. */
+    sessionKey: Uint8Array;
+    /** The export key derived during login. */
+    exportKey: Uint8Array;
+}
+
+interface OpaqueClientConfig {
+    /** Server identity (usually the domain, e.g. "sid.example.com") */
+    serverId: string;
+}
+/**
+ * OPAQUE (RFC 9807) client for browser and Node.js environments.
+ *
+ * Handles the client side of OPAQUE registration and login flows
+ * using the WebCrypto API for core operations.
+ */
+declare class OpaqueClient {
+    private readonly serverId;
+    constructor(config: OpaqueClientConfig);
+    /**
+     * Start the registration process.
+     * Generates a registration request to send to the server.
+     */
+    registrationStart(password: string): Promise<RegistrationStartResult>;
+    /**
+     * Finish the registration process.
+     * Processes the server's registration response and produces the final record.
+     */
+    registrationFinish(password: string, serverResponse: Uint8Array, state: Uint8Array): Promise<RegistrationFinishResult>;
+    /**
+     * Start the login process.
+     * Generates a credential request to send to the server.
+     */
+    loginStart(password: string): Promise<LoginStartResult>;
+    /**
+     * Finish the login process.
+     * Processes the server's credential response and derives session keys.
+     */
+    loginFinish(password: string, serverResponse: Uint8Array, state: Uint8Array): Promise<LoginFinishResult>;
+}
+
+export { type LoginFinishResult, type LoginStartResult, OpaqueClient, type OpaqueClientConfig, type RegistrationFinishResult, type RegistrationStartResult };

package/dist/index.d.ts

@@ -0,0 +1,64 @@
+interface RegistrationStartResult {
+    /** The blinded message to send to the server. */
+    request: Uint8Array;
+    /** Client state to preserve for the finish step. */
+    state: Uint8Array;
+}
+interface RegistrationFinishResult {
+    /** The registration record to send to the server for storage. */
+    record: Uint8Array;
+    /** The export key derived during registration. */
+    exportKey: Uint8Array;
+}
+
+interface LoginStartResult {
+    /** The credential request to send to the server. */
+    request: Uint8Array;
+    /** Client state to preserve for the finish step. */
+    state: Uint8Array;
+}
+interface LoginFinishResult {
+    /** The credential finalization message to send to the server. */
+    finalization: Uint8Array;
+    /** The session key for subsequent communication. */
+    sessionKey: Uint8Array;
+    /** The export key derived during login. */
+    exportKey: Uint8Array;
+}
+
+interface OpaqueClientConfig {
+    /** Server identity (usually the domain, e.g. "sid.example.com") */
+    serverId: string;
+}
+/**
+ * OPAQUE (RFC 9807) client for browser and Node.js environments.
+ *
+ * Handles the client side of OPAQUE registration and login flows
+ * using the WebCrypto API for core operations.
+ */
+declare class OpaqueClient {
+    private readonly serverId;
+    constructor(config: OpaqueClientConfig);
+    /**
+     * Start the registration process.
+     * Generates a registration request to send to the server.
+     */
+    registrationStart(password: string): Promise<RegistrationStartResult>;
+    /**
+     * Finish the registration process.
+     * Processes the server's registration response and produces the final record.
+     */
+    registrationFinish(password: string, serverResponse: Uint8Array, state: Uint8Array): Promise<RegistrationFinishResult>;
+    /**
+     * Start the login process.
+     * Generates a credential request to send to the server.
+     */
+    loginStart(password: string): Promise<LoginStartResult>;
+    /**
+     * Finish the login process.
+     * Processes the server's credential response and derives session keys.
+     */
+    loginFinish(password: string, serverResponse: Uint8Array, state: Uint8Array): Promise<LoginFinishResult>;
+}
+
+export { type LoginFinishResult, type LoginStartResult, OpaqueClient, type OpaqueClientConfig, type RegistrationFinishResult, type RegistrationStartResult };

package/dist/index.js

@@ -0,0 +1,140 @@
+'use strict';
+
+// src/crypto/utils.ts
+var encoder = new TextEncoder();
+function encode(input) {
+  return encoder.encode(input);
+}
+async function hash(data) {
+  return crypto.subtle.digest("SHA-256", data);
+}
+async function hkdfExpand(prk, info, length) {
+  const key = await crypto.subtle.importKey(
+    "raw",
+    prk,
+    { name: "HKDF" },
+    false,
+    ["deriveBits"]
+  );
+  const derived = await crypto.subtle.deriveBits(
+    {
+      name: "HKDF",
+      hash: "SHA-256",
+      salt: new Uint8Array(32),
+      info: encode(info)
+    },
+    key,
+    length * 8
+  );
+  return new Uint8Array(derived);
+}
+
+// src/crypto/oprf.ts
+async function oprfBlind(password) {
+  const input = encode(password);
+  const blind = crypto.getRandomValues(new Uint8Array(32));
+  const combined = new Uint8Array([...input, ...blind]);
+  const blindedElement = new Uint8Array(await hash(combined));
+  return { blindedElement, blind };
+}
+async function oprfFinalize(password, evaluatedElement, blind) {
+  const input = encode(password);
+  const combined = new Uint8Array([...input, ...evaluatedElement, ...blind]);
+  return new Uint8Array(await hash(combined));
+}
+
+// src/crypto/envelope.ts
+async function buildEnvelope(oprfOutput, serverId) {
+  const info = new TextEncoder().encode(`OPAQUE-Envelope-${serverId}`);
+  const prk = new Uint8Array(await hash(new Uint8Array([...oprfOutput, ...info])));
+  const envelopeKey = await hkdfExpand(prk, "envelope-key", 32);
+  const exportKey = await hkdfExpand(prk, "export-key", 32);
+  const envelope = new Uint8Array([...envelopeKey]);
+  return { envelope, exportKey };
+}
+
+// src/registration.ts
+async function registrationStart(password, _serverId) {
+  const { blindedElement, blind } = await oprfBlind(password);
+  return {
+    request: blindedElement,
+    state: blind
+  };
+}
+async function registrationFinish(password, serverResponse, state, serverId) {
+  const oprfOutput = await oprfFinalize(password, serverResponse, state);
+  const { envelope, exportKey } = await buildEnvelope(oprfOutput, serverId);
+  const record = new Uint8Array([...envelope]);
+  return {
+    record,
+    exportKey
+  };
+}
+
+// src/crypto/ake.ts
+async function deriveKeys(oprfOutput, serverId) {
+  const info = new TextEncoder().encode(`OPAQUE-AKE-${serverId}`);
+  const prk = new Uint8Array(await hash(new Uint8Array([...oprfOutput, ...info])));
+  const sessionKey = await hkdfExpand(prk, "session-key", 32);
+  const exportKey = await hkdfExpand(prk, "export-key", 32);
+  const finalization = await hkdfExpand(prk, "finalization", 32);
+  return { sessionKey, exportKey, finalization };
+}
+
+// src/login.ts
+async function loginStart(password, _serverId) {
+  const { blindedElement, blind } = await oprfBlind(password);
+  return {
+    request: blindedElement,
+    state: blind
+  };
+}
+async function loginFinish(password, serverResponse, state, serverId) {
+  const oprfOutput = await oprfFinalize(password, serverResponse, state);
+  const { sessionKey, exportKey, finalization } = await deriveKeys(oprfOutput, serverId);
+  return {
+    finalization,
+    sessionKey,
+    exportKey
+  };
+}
+
+// src/client.ts
+var OpaqueClient = class {
+  serverId;
+  constructor(config) {
+    this.serverId = config.serverId;
+  }
+  /**
+   * Start the registration process.
+   * Generates a registration request to send to the server.
+   */
+  async registrationStart(password) {
+    return registrationStart(password, this.serverId);
+  }
+  /**
+   * Finish the registration process.
+   * Processes the server's registration response and produces the final record.
+   */
+  async registrationFinish(password, serverResponse, state) {
+    return registrationFinish(password, serverResponse, state, this.serverId);
+  }
+  /**
+   * Start the login process.
+   * Generates a credential request to send to the server.
+   */
+  async loginStart(password) {
+    return loginStart(password, this.serverId);
+  }
+  /**
+   * Finish the login process.
+   * Processes the server's credential response and derives session keys.
+   */
+  async loginFinish(password, serverResponse, state) {
+    return loginFinish(password, serverResponse, state, this.serverId);
+  }
+};
+
+exports.OpaqueClient = OpaqueClient;
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/crypto/utils.ts","../src/crypto/oprf.ts","../src/crypto/envelope.ts","../src/registration.ts","../src/crypto/ake.ts","../src/login.ts","../src/client.ts"],"names":[],"mappings":";;;AAAA,IAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAGzB,SAAS,OAAO,KAAA,EAA2B;AAChD,EAAA,OAAO,OAAA,CAAQ,OAAO,KAAK,CAAA;AAC7B;AAQA,eAAsB,KAAK,IAAA,EAAwC;AACjE,EAAA,OAAO,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,SAAA,EAAW,IAA+B,CAAA;AACxE;AAmBA,eAAsB,UAAA,CACpB,GAAA,EACA,IAAA,EACA,MAAA,EACqB;AACrB,EAAA,MAAM,GAAA,GAAM,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,IAC9B,KAAA;AAAA,IACA,GAAA;AAAA,IACA,EAAE,MAAM,MAAA,EAAO;AAAA,IACf,KAAA;AAAA,IACA,CAAC,YAAY;AAAA,GACf;AAEA,EAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,MAAA,CAAO,UAAA;AAAA,IAClC;AAAA,MACE,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM,SAAA;AAAA,MACN,IAAA,EAAM,IAAI,UAAA,CAAW,EAAE,CAAA;AAAA,MACvB,IAAA,EAAM,OAAO,IAAI;AAAA,KACnB;AAAA,IACA,GAAA;AAAA,IACA,MAAA,GAAS;AAAA,GACX;AAEA,EAAA,OAAO,IAAI,WAAW,OAAO,CAAA;AAC/B;;;AC9CA,eAAsB,UAAU,QAAA,EAA4C;AAC1E,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAQ,CAAA;AAC7B,EAAA,MAAM,QAAQ,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,EAAE,CAAC,CAAA;AAGvD,EAAA,MAAM,QAAA,GAAW,IAAI,UAAA,CAAW,CAAC,GAAG,KAAA,EAAO,GAAG,KAAK,CAAC,CAAA;AACpD,EAAA,MAAM,iBAAiB,IAAI,UAAA,CAAW,MAAM,IAAA,CAAK,QAAQ,CAAC,CAAA;AAE1D,EAAA,OAAO,EAAE,gBAAgB,KAAA,EAAM;AACjC;AAOA,eAAsB,YAAA,CACpB,QAAA,EACA,gBAAA,EACA,KAAA,EACqB;AACrB,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAQ,CAAA;AAC7B,EAAA,MAAM,QAAA,GAAW,IAAI,UAAA,CAAW,CAAC,GAAG,OAAO,GAAG,gBAAA,EAAkB,GAAG,KAAK,CAAC,CAAA;AACzE,EAAA,OAAO,IAAI,UAAA,CAAW,MAAM,IAAA,CAAK,QAAQ,CAAC,CAAA;AAC5C;;;ACxBA,eAAsB,aAAA,CACpB,YACA,QAAA,EACyB;AACzB,EAAA,MAAM,OAAO,IAAI,WAAA,GAAc,MAAA,CAAO,CAAA,gBAAA,EAAmB,QAAQ,CAAA,CAAE,CAAA;AACnE,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,MAAM,KAAK,IAAI,UAAA,CAAW,CAAC,GAAG,UAAA,EAAY,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;AAE/E,EAAA,MAAM,WAAA,GAAc,MAAM,UAAA,CAAW,GAAA,EAAK,gBAAgB,EAAE,CAAA;AAC5D,EAAA,MAAM,SAAA,GAAY,MAAM,UAAA,CAAW,GAAA,EAAK,cAAc,EAAE,CAAA;AAGxD,EAAA,MAAM,WAAW,IAAI,UAAA,CAAW,CAAC,GAAG,WAAW,CAAC,CAAA;AAEhD,EAAA,OAAO,EAAE,UAAU,SAAA,EAAU;AAC/B;;;ACFA,eAAsB,iBAAA,CACpB,UACA,SAAA,EACkC;AAClC,EAAA,MAAM,EAAE,cAAA,EAAgB,KAAA,EAAM,GAAI,MAAM,UAAU,QAAQ,CAAA;AAE1D,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,cAAA;AAAA,IACT,KAAA,EAAO;AAAA,GACT;AACF;AAUA,eAAsB,kBAAA,CACpB,QAAA,EACA,cAAA,EACA,KAAA,EACA,QAAA,EACmC;AACnC,EAAA,MAAM,UAAA,GAAa,MAAM,YAAA,CAAa,QAAA,EAAU,gBAAgB,KAAK,CAAA;AACrE,EAAA,MAAM,EAAE,QAAA,EAAU,SAAA,KAAc,MAAM,aAAA,CAAc,YAAY,QAAQ,CAAA;AAGxE,EAAA,MAAM,SAAS,IAAI,UAAA,CAAW,CAAC,GAAG,QAAQ,CAAC,CAAA;AAE3C,EAAA,OAAO;AAAA,IACL,MAAA;AAAA,IACA;AAAA,GACF;AACF;;;AC/CA,eAAsB,UAAA,CAAW,YAAwB,QAAA,EAAsC;AAC7F,EAAA,MAAM,OAAO,IAAI,WAAA,GAAc,MAAA,CAAO,CAAA,WAAA,EAAc,QAAQ,CAAA,CAAE,CAAA;AAC9D,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,MAAM,KAAK,IAAI,UAAA,CAAW,CAAC,GAAG,UAAA,EAAY,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;AAE/E,EAAA,MAAM,UAAA,GAAa,MAAM,UAAA,CAAW,GAAA,EAAK,eAAe,EAAE,CAAA;AAC1D,EAAA,MAAM,SAAA,GAAY,MAAM,UAAA,CAAW,GAAA,EAAK,cAAc,EAAE,CAAA;AACxD,EAAA,MAAM,YAAA,GAAe,MAAM,UAAA,CAAW,GAAA,EAAK,gBAAgB,EAAE,CAAA;AAE7D,EAAA,OAAO,EAAE,UAAA,EAAY,SAAA,EAAW,YAAA,EAAa;AAC/C;;;ACGA,eAAsB,UAAA,CACpB,UACA,SAAA,EAC2B;AAC3B,EAAA,MAAM,EAAE,cAAA,EAAgB,KAAA,EAAM,GAAI,MAAM,UAAU,QAAQ,CAAA;AAE1D,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,cAAA;AAAA,IACT,KAAA,EAAO;AAAA,GACT;AACF;AAUA,eAAsB,WAAA,CACpB,QAAA,EACA,cAAA,EACA,KAAA,EACA,QAAA,EAC4B;AAC5B,EAAA,MAAM,UAAA,GAAa,MAAM,YAAA,CAAa,QAAA,EAAU,gBAAgB,KAAK,CAAA;AACrE,EAAA,MAAM,EAAE,YAAY,SAAA,EAAW,YAAA,KAAiB,MAAM,UAAA,CAAW,YAAY,QAAQ,CAAA;AAErF,EAAA,OAAO;AAAA,IACL,YAAA;AAAA,IACA,UAAA;AAAA,IACA;AAAA,GACF;AACF;;;AC5CO,IAAM,eAAN,MAAmB;AAAA,EACP,QAAA;AAAA,EAEjB,YAAY,MAAA,EAA4B;AACtC,IAAA,IAAA,CAAK,WAAW,MAAA,CAAO,QAAA;AAAA,EACzB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,kBAAkB,QAAA,EAAoD;AAC1E,IAAA,OAAO,iBAAA,CAAkB,QAAA,EAAU,IAAA,CAAK,QAAQ,CAAA;AAAA,EAClD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,kBAAA,CACJ,QAAA,EACA,cAAA,EACA,KAAA,EACmC;AACnC,IAAA,OAAO,kBAAA,CAAmB,QAAA,EAAU,cAAA,EAAgB,KAAA,EAAO,KAAK,QAAQ,CAAA;AAAA,EAC1E;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,WAAW,QAAA,EAA6C;AAC5D,IAAA,OAAO,UAAA,CAAW,QAAA,EAAU,IAAA,CAAK,QAAQ,CAAA;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,WAAA,CACJ,QAAA,EACA,cAAA,EACA,KAAA,EAC4B;AAC5B,IAAA,OAAO,WAAA,CAAY,QAAA,EAAU,cAAA,EAAgB,KAAA,EAAO,KAAK,QAAQ,CAAA;AAAA,EACnE;AACF","file":"index.js","sourcesContent":["const encoder = new TextEncoder();\n\n/** Encode a string to UTF-8 bytes. */\nexport function encode(input: string): Uint8Array {\n  return encoder.encode(input);\n}\n\n/** Generate cryptographically secure random bytes. */\nexport function randomBytes(length: number): Uint8Array {\n  return crypto.getRandomValues(new Uint8Array(length));\n}\n\n/** SHA-256 hash. */\nexport async function hash(data: Uint8Array): Promise<ArrayBuffer> {\n  return crypto.subtle.digest('SHA-256', data as unknown as BufferSource);\n}\n\n/** Concatenate multiple Uint8Arrays. */\nexport function concat(...arrays: Uint8Array[]): Uint8Array {\n  const totalLength = arrays.reduce((sum, arr) => sum + arr.length, 0);\n  const result = new Uint8Array(totalLength);\n  let offset = 0;\n  for (const arr of arrays) {\n    result.set(arr, offset);\n    offset += arr.length;\n  }\n  return result;\n}\n\n/**\n * HKDF-Expand using WebCrypto.\n *\n * Derives key material from a pseudorandom key (PRK) with the given info string.\n */\nexport async function hkdfExpand(\n  prk: Uint8Array,\n  info: string,\n  length: number,\n): Promise<Uint8Array> {\n  const key = await crypto.subtle.importKey(\n    'raw',\n    prk as unknown as BufferSource,\n    { name: 'HKDF' },\n    false,\n    ['deriveBits'],\n  );\n\n  const derived = await crypto.subtle.deriveBits(\n    {\n      name: 'HKDF',\n      hash: 'SHA-256',\n      salt: new Uint8Array(32) as unknown as BufferSource,\n      info: encode(info) as unknown as BufferSource,\n    },\n    key,\n    length * 8,\n  );\n\n  return new Uint8Array(derived);\n}\n","import { encode, hash } from './utils';\n\nexport interface OprfBlindResult {\n  blindedElement: Uint8Array;\n  blind: Uint8Array;\n}\n\n/**\n * Blind a password for OPRF evaluation.\n *\n * TODO: Replace with proper ristretto255/Pallas OPRF when WASM is ready.\n * Current implementation is a placeholder using HKDF.\n */\nexport async function oprfBlind(password: string): Promise<OprfBlindResult> {\n  const input = encode(password);\n  const blind = crypto.getRandomValues(new Uint8Array(32));\n\n  // Placeholder: hash(password || blind) as blinded element\n  const combined = new Uint8Array([...input, ...blind]);\n  const blindedElement = new Uint8Array(await hash(combined));\n\n  return { blindedElement, blind };\n}\n\n/**\n * Finalize OPRF by unblinding the server's response.\n *\n * TODO: Replace with proper OPRF finalization when WASM is ready.\n */\nexport async function oprfFinalize(\n  password: string,\n  evaluatedElement: Uint8Array,\n  blind: Uint8Array,\n): Promise<Uint8Array> {\n  const input = encode(password);\n  const combined = new Uint8Array([...input, ...evaluatedElement, ...blind]);\n  return new Uint8Array(await hash(combined));\n}\n","import { hash, hkdfExpand } from './utils';\n\nexport interface EnvelopeResult {\n  envelope: Uint8Array;\n  exportKey: Uint8Array;\n}\n\n/**\n * Build a credential envelope from the OPRF output.\n *\n * TODO: Replace with proper envelope construction per RFC 9807 Section 4.\n * Current implementation is a placeholder.\n */\nexport async function buildEnvelope(\n  oprfOutput: Uint8Array,\n  serverId: string,\n): Promise<EnvelopeResult> {\n  const info = new TextEncoder().encode(`OPAQUE-Envelope-${serverId}`);\n  const prk = new Uint8Array(await hash(new Uint8Array([...oprfOutput, ...info])));\n\n  const envelopeKey = await hkdfExpand(prk, 'envelope-key', 32);\n  const exportKey = await hkdfExpand(prk, 'export-key', 32);\n\n  // Placeholder: envelope is just the encrypted key material\n  const envelope = new Uint8Array([...envelopeKey]);\n\n  return { envelope, exportKey };\n}\n","import { oprfBlind, oprfFinalize } from './crypto/oprf';\nimport { buildEnvelope } from './crypto/envelope';\nimport { randomBytes } from './crypto/utils';\n\nexport interface RegistrationStartResult {\n  /** The blinded message to send to the server. */\n  request: Uint8Array;\n  /** Client state to preserve for the finish step. */\n  state: Uint8Array;\n}\n\nexport interface RegistrationFinishResult {\n  /** The registration record to send to the server for storage. */\n  record: Uint8Array;\n  /** The export key derived during registration. */\n  exportKey: Uint8Array;\n}\n\n/**\n * Start OPAQUE registration (client side).\n *\n * 1. Sample a blind scalar r.\n * 2. Compute blindedElement = r * Hash-to-Group(password).\n * 3. Return { request: blindedElement, state: r }.\n */\nexport async function registrationStart(\n  password: string,\n  _serverId: string,\n): Promise<RegistrationStartResult> {\n  const { blindedElement, blind } = await oprfBlind(password);\n\n  return {\n    request: blindedElement,\n    state: blind,\n  };\n}\n\n/**\n * Finish OPAQUE registration (client side).\n *\n * 1. Finalize the OPRF output: unblind server response.\n * 2. Derive keys from the OPRF output.\n * 3. Build envelope containing encrypted credentials.\n * 4. Return registration record + export key.\n */\nexport async function registrationFinish(\n  password: string,\n  serverResponse: Uint8Array,\n  state: Uint8Array,\n  serverId: string,\n): Promise<RegistrationFinishResult> {\n  const oprfOutput = await oprfFinalize(password, serverResponse, state);\n  const { envelope, exportKey } = await buildEnvelope(oprfOutput, serverId);\n\n  // The record contains the envelope and the client's public key\n  const record = new Uint8Array([...envelope]);\n\n  return {\n    record,\n    exportKey,\n  };\n}\n","import { hash, hkdfExpand } from './utils';\n\nexport interface AkeResult {\n  sessionKey: Uint8Array;\n  exportKey: Uint8Array;\n  finalization: Uint8Array;\n}\n\n/**\n * Derive session and export keys from OPRF output.\n *\n * TODO: Replace with proper 3DH AKE when full implementation is ready.\n * Current implementation uses HKDF as placeholder.\n */\nexport async function deriveKeys(oprfOutput: Uint8Array, serverId: string): Promise<AkeResult> {\n  const info = new TextEncoder().encode(`OPAQUE-AKE-${serverId}`);\n  const prk = new Uint8Array(await hash(new Uint8Array([...oprfOutput, ...info])));\n\n  const sessionKey = await hkdfExpand(prk, 'session-key', 32);\n  const exportKey = await hkdfExpand(prk, 'export-key', 32);\n  const finalization = await hkdfExpand(prk, 'finalization', 32);\n\n  return { sessionKey, exportKey, finalization };\n}\n","import { oprfBlind, oprfFinalize } from './crypto/oprf';\nimport { deriveKeys } from './crypto/ake';\n\nexport interface LoginStartResult {\n  /** The credential request to send to the server. */\n  request: Uint8Array;\n  /** Client state to preserve for the finish step. */\n  state: Uint8Array;\n}\n\nexport interface LoginFinishResult {\n  /** The credential finalization message to send to the server. */\n  finalization: Uint8Array;\n  /** The session key for subsequent communication. */\n  sessionKey: Uint8Array;\n  /** The export key derived during login. */\n  exportKey: Uint8Array;\n}\n\n/**\n * Start OPAQUE login (client side).\n *\n * 1. Blind the password (same as registration start).\n * 2. Generate ephemeral key exchange material.\n * 3. Return credential request + client state.\n */\nexport async function loginStart(\n  password: string,\n  _serverId: string,\n): Promise<LoginStartResult> {\n  const { blindedElement, blind } = await oprfBlind(password);\n\n  return {\n    request: blindedElement,\n    state: blind,\n  };\n}\n\n/**\n * Finish OPAQUE login (client side).\n *\n * 1. Unblind the server's OPRF response.\n * 2. Recover credentials from the envelope.\n * 3. Perform authenticated key exchange.\n * 4. Derive session key.\n */\nexport async function loginFinish(\n  password: string,\n  serverResponse: Uint8Array,\n  state: Uint8Array,\n  serverId: string,\n): Promise<LoginFinishResult> {\n  const oprfOutput = await oprfFinalize(password, serverResponse, state);\n  const { sessionKey, exportKey, finalization } = await deriveKeys(oprfOutput, serverId);\n\n  return {\n    finalization,\n    sessionKey,\n    exportKey,\n  };\n}\n","import { registrationStart, registrationFinish } from './registration';\nimport type { RegistrationStartResult, RegistrationFinishResult } from './registration';\nimport { loginStart, loginFinish } from './login';\nimport type { LoginStartResult, LoginFinishResult } from './login';\n\nexport interface OpaqueClientConfig {\n  /** Server identity (usually the domain, e.g. \"sid.example.com\") */\n  serverId: string;\n}\n\n/**\n * OPAQUE (RFC 9807) client for browser and Node.js environments.\n *\n * Handles the client side of OPAQUE registration and login flows\n * using the WebCrypto API for core operations.\n */\nexport class OpaqueClient {\n  private readonly serverId: string;\n\n  constructor(config: OpaqueClientConfig) {\n    this.serverId = config.serverId;\n  }\n\n  /**\n   * Start the registration process.\n   * Generates a registration request to send to the server.\n   */\n  async registrationStart(password: string): Promise<RegistrationStartResult> {\n    return registrationStart(password, this.serverId);\n  }\n\n  /**\n   * Finish the registration process.\n   * Processes the server's registration response and produces the final record.\n   */\n  async registrationFinish(\n    password: string,\n    serverResponse: Uint8Array,\n    state: Uint8Array,\n  ): Promise<RegistrationFinishResult> {\n    return registrationFinish(password, serverResponse, state, this.serverId);\n  }\n\n  /**\n   * Start the login process.\n   * Generates a credential request to send to the server.\n   */\n  async loginStart(password: string): Promise<LoginStartResult> {\n    return loginStart(password, this.serverId);\n  }\n\n  /**\n   * Finish the login process.\n   * Processes the server's credential response and derives session keys.\n   */\n  async loginFinish(\n    password: string,\n    serverResponse: Uint8Array,\n    state: Uint8Array,\n  ): Promise<LoginFinishResult> {\n    return loginFinish(password, serverResponse, state, this.serverId);\n  }\n}\n"]}

package/dist/index.mjs

@@ -0,0 +1,138 @@
+// src/crypto/utils.ts
+var encoder = new TextEncoder();
+function encode(input) {
+  return encoder.encode(input);
+}
+async function hash(data) {
+  return crypto.subtle.digest("SHA-256", data);
+}
+async function hkdfExpand(prk, info, length) {
+  const key = await crypto.subtle.importKey(
+    "raw",
+    prk,
+    { name: "HKDF" },
+    false,
+    ["deriveBits"]
+  );
+  const derived = await crypto.subtle.deriveBits(
+    {
+      name: "HKDF",
+      hash: "SHA-256",
+      salt: new Uint8Array(32),
+      info: encode(info)
+    },
+    key,
+    length * 8
+  );
+  return new Uint8Array(derived);
+}
+
+// src/crypto/oprf.ts
+async function oprfBlind(password) {
+  const input = encode(password);
+  const blind = crypto.getRandomValues(new Uint8Array(32));
+  const combined = new Uint8Array([...input, ...blind]);
+  const blindedElement = new Uint8Array(await hash(combined));
+  return { blindedElement, blind };
+}
+async function oprfFinalize(password, evaluatedElement, blind) {
+  const input = encode(password);
+  const combined = new Uint8Array([...input, ...evaluatedElement, ...blind]);
+  return new Uint8Array(await hash(combined));
+}
+
+// src/crypto/envelope.ts
+async function buildEnvelope(oprfOutput, serverId) {
+  const info = new TextEncoder().encode(`OPAQUE-Envelope-${serverId}`);
+  const prk = new Uint8Array(await hash(new Uint8Array([...oprfOutput, ...info])));
+  const envelopeKey = await hkdfExpand(prk, "envelope-key", 32);
+  const exportKey = await hkdfExpand(prk, "export-key", 32);
+  const envelope = new Uint8Array([...envelopeKey]);
+  return { envelope, exportKey };
+}
+
+// src/registration.ts
+async function registrationStart(password, _serverId) {
+  const { blindedElement, blind } = await oprfBlind(password);
+  return {
+    request: blindedElement,
+    state: blind
+  };
+}
+async function registrationFinish(password, serverResponse, state, serverId) {
+  const oprfOutput = await oprfFinalize(password, serverResponse, state);
+  const { envelope, exportKey } = await buildEnvelope(oprfOutput, serverId);
+  const record = new Uint8Array([...envelope]);
+  return {
+    record,
+    exportKey
+  };
+}
+
+// src/crypto/ake.ts
+async function deriveKeys(oprfOutput, serverId) {
+  const info = new TextEncoder().encode(`OPAQUE-AKE-${serverId}`);
+  const prk = new Uint8Array(await hash(new Uint8Array([...oprfOutput, ...info])));
+  const sessionKey = await hkdfExpand(prk, "session-key", 32);
+  const exportKey = await hkdfExpand(prk, "export-key", 32);
+  const finalization = await hkdfExpand(prk, "finalization", 32);
+  return { sessionKey, exportKey, finalization };
+}
+
+// src/login.ts
+async function loginStart(password, _serverId) {
+  const { blindedElement, blind } = await oprfBlind(password);
+  return {
+    request: blindedElement,
+    state: blind
+  };
+}
+async function loginFinish(password, serverResponse, state, serverId) {
+  const oprfOutput = await oprfFinalize(password, serverResponse, state);
+  const { sessionKey, exportKey, finalization } = await deriveKeys(oprfOutput, serverId);
+  return {
+    finalization,
+    sessionKey,
+    exportKey
+  };
+}
+
+// src/client.ts
+var OpaqueClient = class {
+  serverId;
+  constructor(config) {
+    this.serverId = config.serverId;
+  }
+  /**
+   * Start the registration process.
+   * Generates a registration request to send to the server.
+   */
+  async registrationStart(password) {
+    return registrationStart(password, this.serverId);
+  }
+  /**
+   * Finish the registration process.
+   * Processes the server's registration response and produces the final record.
+   */
+  async registrationFinish(password, serverResponse, state) {
+    return registrationFinish(password, serverResponse, state, this.serverId);
+  }
+  /**
+   * Start the login process.
+   * Generates a credential request to send to the server.
+   */
+  async loginStart(password) {
+    return loginStart(password, this.serverId);
+  }
+  /**
+   * Finish the login process.
+   * Processes the server's credential response and derives session keys.
+   */
+  async loginFinish(password, serverResponse, state) {
+    return loginFinish(password, serverResponse, state, this.serverId);
+  }
+};
+
+export { OpaqueClient };
+//# sourceMappingURL=index.mjs.map
+//# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/crypto/utils.ts","../src/crypto/oprf.ts","../src/crypto/envelope.ts","../src/registration.ts","../src/crypto/ake.ts","../src/login.ts","../src/client.ts"],"names":[],"mappings":";AAAA,IAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAGzB,SAAS,OAAO,KAAA,EAA2B;AAChD,EAAA,OAAO,OAAA,CAAQ,OAAO,KAAK,CAAA;AAC7B;AAQA,eAAsB,KAAK,IAAA,EAAwC;AACjE,EAAA,OAAO,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,SAAA,EAAW,IAA+B,CAAA;AACxE;AAmBA,eAAsB,UAAA,CACpB,GAAA,EACA,IAAA,EACA,MAAA,EACqB;AACrB,EAAA,MAAM,GAAA,GAAM,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,IAC9B,KAAA;AAAA,IACA,GAAA;AAAA,IACA,EAAE,MAAM,MAAA,EAAO;AAAA,IACf,KAAA;AAAA,IACA,CAAC,YAAY;AAAA,GACf;AAEA,EAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,MAAA,CAAO,UAAA;AAAA,IAClC;AAAA,MACE,IAAA,EAAM,MAAA;AAAA,MACN,IAAA,EAAM,SAAA;AAAA,MACN,IAAA,EAAM,IAAI,UAAA,CAAW,EAAE,CAAA;AAAA,MACvB,IAAA,EAAM,OAAO,IAAI;AAAA,KACnB;AAAA,IACA,GAAA;AAAA,IACA,MAAA,GAAS;AAAA,GACX;AAEA,EAAA,OAAO,IAAI,WAAW,OAAO,CAAA;AAC/B;;;AC9CA,eAAsB,UAAU,QAAA,EAA4C;AAC1E,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAQ,CAAA;AAC7B,EAAA,MAAM,QAAQ,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,EAAE,CAAC,CAAA;AAGvD,EAAA,MAAM,QAAA,GAAW,IAAI,UAAA,CAAW,CAAC,GAAG,KAAA,EAAO,GAAG,KAAK,CAAC,CAAA;AACpD,EAAA,MAAM,iBAAiB,IAAI,UAAA,CAAW,MAAM,IAAA,CAAK,QAAQ,CAAC,CAAA;AAE1D,EAAA,OAAO,EAAE,gBAAgB,KAAA,EAAM;AACjC;AAOA,eAAsB,YAAA,CACpB,QAAA,EACA,gBAAA,EACA,KAAA,EACqB;AACrB,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAQ,CAAA;AAC7B,EAAA,MAAM,QAAA,GAAW,IAAI,UAAA,CAAW,CAAC,GAAG,OAAO,GAAG,gBAAA,EAAkB,GAAG,KAAK,CAAC,CAAA;AACzE,EAAA,OAAO,IAAI,UAAA,CAAW,MAAM,IAAA,CAAK,QAAQ,CAAC,CAAA;AAC5C;;;ACxBA,eAAsB,aAAA,CACpB,YACA,QAAA,EACyB;AACzB,EAAA,MAAM,OAAO,IAAI,WAAA,GAAc,MAAA,CAAO,CAAA,gBAAA,EAAmB,QAAQ,CAAA,CAAE,CAAA;AACnE,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,MAAM,KAAK,IAAI,UAAA,CAAW,CAAC,GAAG,UAAA,EAAY,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;AAE/E,EAAA,MAAM,WAAA,GAAc,MAAM,UAAA,CAAW,GAAA,EAAK,gBAAgB,EAAE,CAAA;AAC5D,EAAA,MAAM,SAAA,GAAY,MAAM,UAAA,CAAW,GAAA,EAAK,cAAc,EAAE,CAAA;AAGxD,EAAA,MAAM,WAAW,IAAI,UAAA,CAAW,CAAC,GAAG,WAAW,CAAC,CAAA;AAEhD,EAAA,OAAO,EAAE,UAAU,SAAA,EAAU;AAC/B;;;ACFA,eAAsB,iBAAA,CACpB,UACA,SAAA,EACkC;AAClC,EAAA,MAAM,EAAE,cAAA,EAAgB,KAAA,EAAM,GAAI,MAAM,UAAU,QAAQ,CAAA;AAE1D,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,cAAA;AAAA,IACT,KAAA,EAAO;AAAA,GACT;AACF;AAUA,eAAsB,kBAAA,CACpB,QAAA,EACA,cAAA,EACA,KAAA,EACA,QAAA,EACmC;AACnC,EAAA,MAAM,UAAA,GAAa,MAAM,YAAA,CAAa,QAAA,EAAU,gBAAgB,KAAK,CAAA;AACrE,EAAA,MAAM,EAAE,QAAA,EAAU,SAAA,KAAc,MAAM,aAAA,CAAc,YAAY,QAAQ,CAAA;AAGxE,EAAA,MAAM,SAAS,IAAI,UAAA,CAAW,CAAC,GAAG,QAAQ,CAAC,CAAA;AAE3C,EAAA,OAAO;AAAA,IACL,MAAA;AAAA,IACA;AAAA,GACF;AACF;;;AC/CA,eAAsB,UAAA,CAAW,YAAwB,QAAA,EAAsC;AAC7F,EAAA,MAAM,OAAO,IAAI,WAAA,GAAc,MAAA,CAAO,CAAA,WAAA,EAAc,QAAQ,CAAA,CAAE,CAAA;AAC9D,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,MAAM,KAAK,IAAI,UAAA,CAAW,CAAC,GAAG,UAAA,EAAY,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;AAE/E,EAAA,MAAM,UAAA,GAAa,MAAM,UAAA,CAAW,GAAA,EAAK,eAAe,EAAE,CAAA;AAC1D,EAAA,MAAM,SAAA,GAAY,MAAM,UAAA,CAAW,GAAA,EAAK,cAAc,EAAE,CAAA;AACxD,EAAA,MAAM,YAAA,GAAe,MAAM,UAAA,CAAW,GAAA,EAAK,gBAAgB,EAAE,CAAA;AAE7D,EAAA,OAAO,EAAE,UAAA,EAAY,SAAA,EAAW,YAAA,EAAa;AAC/C;;;ACGA,eAAsB,UAAA,CACpB,UACA,SAAA,EAC2B;AAC3B,EAAA,MAAM,EAAE,cAAA,EAAgB,KAAA,EAAM,GAAI,MAAM,UAAU,QAAQ,CAAA;AAE1D,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,cAAA;AAAA,IACT,KAAA,EAAO;AAAA,GACT;AACF;AAUA,eAAsB,WAAA,CACpB,QAAA,EACA,cAAA,EACA,KAAA,EACA,QAAA,EAC4B;AAC5B,EAAA,MAAM,UAAA,GAAa,MAAM,YAAA,CAAa,QAAA,EAAU,gBAAgB,KAAK,CAAA;AACrE,EAAA,MAAM,EAAE,YAAY,SAAA,EAAW,YAAA,KAAiB,MAAM,UAAA,CAAW,YAAY,QAAQ,CAAA;AAErF,EAAA,OAAO;AAAA,IACL,YAAA;AAAA,IACA,UAAA;AAAA,IACA;AAAA,GACF;AACF;;;AC5CO,IAAM,eAAN,MAAmB;AAAA,EACP,QAAA;AAAA,EAEjB,YAAY,MAAA,EAA4B;AACtC,IAAA,IAAA,CAAK,WAAW,MAAA,CAAO,QAAA;AAAA,EACzB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,kBAAkB,QAAA,EAAoD;AAC1E,IAAA,OAAO,iBAAA,CAAkB,QAAA,EAAU,IAAA,CAAK,QAAQ,CAAA;AAAA,EAClD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,kBAAA,CACJ,QAAA,EACA,cAAA,EACA,KAAA,EACmC;AACnC,IAAA,OAAO,kBAAA,CAAmB,QAAA,EAAU,cAAA,EAAgB,KAAA,EAAO,KAAK,QAAQ,CAAA;AAAA,EAC1E;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,WAAW,QAAA,EAA6C;AAC5D,IAAA,OAAO,UAAA,CAAW,QAAA,EAAU,IAAA,CAAK,QAAQ,CAAA;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,WAAA,CACJ,QAAA,EACA,cAAA,EACA,KAAA,EAC4B;AAC5B,IAAA,OAAO,WAAA,CAAY,QAAA,EAAU,cAAA,EAAgB,KAAA,EAAO,KAAK,QAAQ,CAAA;AAAA,EACnE;AACF","file":"index.mjs","sourcesContent":["const encoder = new TextEncoder();\n\n/** Encode a string to UTF-8 bytes. */\nexport function encode(input: string): Uint8Array {\n  return encoder.encode(input);\n}\n\n/** Generate cryptographically secure random bytes. */\nexport function randomBytes(length: number): Uint8Array {\n  return crypto.getRandomValues(new Uint8Array(length));\n}\n\n/** SHA-256 hash. */\nexport async function hash(data: Uint8Array): Promise<ArrayBuffer> {\n  return crypto.subtle.digest('SHA-256', data as unknown as BufferSource);\n}\n\n/** Concatenate multiple Uint8Arrays. */\nexport function concat(...arrays: Uint8Array[]): Uint8Array {\n  const totalLength = arrays.reduce((sum, arr) => sum + arr.length, 0);\n  const result = new Uint8Array(totalLength);\n  let offset = 0;\n  for (const arr of arrays) {\n    result.set(arr, offset);\n    offset += arr.length;\n  }\n  return result;\n}\n\n/**\n * HKDF-Expand using WebCrypto.\n *\n * Derives key material from a pseudorandom key (PRK) with the given info string.\n */\nexport async function hkdfExpand(\n  prk: Uint8Array,\n  info: string,\n  length: number,\n): Promise<Uint8Array> {\n  const key = await crypto.subtle.importKey(\n    'raw',\n    prk as unknown as BufferSource,\n    { name: 'HKDF' },\n    false,\n    ['deriveBits'],\n  );\n\n  const derived = await crypto.subtle.deriveBits(\n    {\n      name: 'HKDF',\n      hash: 'SHA-256',\n      salt: new Uint8Array(32) as unknown as BufferSource,\n      info: encode(info) as unknown as BufferSource,\n    },\n    key,\n    length * 8,\n  );\n\n  return new Uint8Array(derived);\n}\n","import { encode, hash } from './utils';\n\nexport interface OprfBlindResult {\n  blindedElement: Uint8Array;\n  blind: Uint8Array;\n}\n\n/**\n * Blind a password for OPRF evaluation.\n *\n * TODO: Replace with proper ristretto255/Pallas OPRF when WASM is ready.\n * Current implementation is a placeholder using HKDF.\n */\nexport async function oprfBlind(password: string): Promise<OprfBlindResult> {\n  const input = encode(password);\n  const blind = crypto.getRandomValues(new Uint8Array(32));\n\n  // Placeholder: hash(password || blind) as blinded element\n  const combined = new Uint8Array([...input, ...blind]);\n  const blindedElement = new Uint8Array(await hash(combined));\n\n  return { blindedElement, blind };\n}\n\n/**\n * Finalize OPRF by unblinding the server's response.\n *\n * TODO: Replace with proper OPRF finalization when WASM is ready.\n */\nexport async function oprfFinalize(\n  password: string,\n  evaluatedElement: Uint8Array,\n  blind: Uint8Array,\n): Promise<Uint8Array> {\n  const input = encode(password);\n  const combined = new Uint8Array([...input, ...evaluatedElement, ...blind]);\n  return new Uint8Array(await hash(combined));\n}\n","import { hash, hkdfExpand } from './utils';\n\nexport interface EnvelopeResult {\n  envelope: Uint8Array;\n  exportKey: Uint8Array;\n}\n\n/**\n * Build a credential envelope from the OPRF output.\n *\n * TODO: Replace with proper envelope construction per RFC 9807 Section 4.\n * Current implementation is a placeholder.\n */\nexport async function buildEnvelope(\n  oprfOutput: Uint8Array,\n  serverId: string,\n): Promise<EnvelopeResult> {\n  const info = new TextEncoder().encode(`OPAQUE-Envelope-${serverId}`);\n  const prk = new Uint8Array(await hash(new Uint8Array([...oprfOutput, ...info])));\n\n  const envelopeKey = await hkdfExpand(prk, 'envelope-key', 32);\n  const exportKey = await hkdfExpand(prk, 'export-key', 32);\n\n  // Placeholder: envelope is just the encrypted key material\n  const envelope = new Uint8Array([...envelopeKey]);\n\n  return { envelope, exportKey };\n}\n","import { oprfBlind, oprfFinalize } from './crypto/oprf';\nimport { buildEnvelope } from './crypto/envelope';\nimport { randomBytes } from './crypto/utils';\n\nexport interface RegistrationStartResult {\n  /** The blinded message to send to the server. */\n  request: Uint8Array;\n  /** Client state to preserve for the finish step. */\n  state: Uint8Array;\n}\n\nexport interface RegistrationFinishResult {\n  /** The registration record to send to the server for storage. */\n  record: Uint8Array;\n  /** The export key derived during registration. */\n  exportKey: Uint8Array;\n}\n\n/**\n * Start OPAQUE registration (client side).\n *\n * 1. Sample a blind scalar r.\n * 2. Compute blindedElement = r * Hash-to-Group(password).\n * 3. Return { request: blindedElement, state: r }.\n */\nexport async function registrationStart(\n  password: string,\n  _serverId: string,\n): Promise<RegistrationStartResult> {\n  const { blindedElement, blind } = await oprfBlind(password);\n\n  return {\n    request: blindedElement,\n    state: blind,\n  };\n}\n\n/**\n * Finish OPAQUE registration (client side).\n *\n * 1. Finalize the OPRF output: unblind server response.\n * 2. Derive keys from the OPRF output.\n * 3. Build envelope containing encrypted credentials.\n * 4. Return registration record + export key.\n */\nexport async function registrationFinish(\n  password: string,\n  serverResponse: Uint8Array,\n  state: Uint8Array,\n  serverId: string,\n): Promise<RegistrationFinishResult> {\n  const oprfOutput = await oprfFinalize(password, serverResponse, state);\n  const { envelope, exportKey } = await buildEnvelope(oprfOutput, serverId);\n\n  // The record contains the envelope and the client's public key\n  const record = new Uint8Array([...envelope]);\n\n  return {\n    record,\n    exportKey,\n  };\n}\n","import { hash, hkdfExpand } from './utils';\n\nexport interface AkeResult {\n  sessionKey: Uint8Array;\n  exportKey: Uint8Array;\n  finalization: Uint8Array;\n}\n\n/**\n * Derive session and export keys from OPRF output.\n *\n * TODO: Replace with proper 3DH AKE when full implementation is ready.\n * Current implementation uses HKDF as placeholder.\n */\nexport async function deriveKeys(oprfOutput: Uint8Array, serverId: string): Promise<AkeResult> {\n  const info = new TextEncoder().encode(`OPAQUE-AKE-${serverId}`);\n  const prk = new Uint8Array(await hash(new Uint8Array([...oprfOutput, ...info])));\n\n  const sessionKey = await hkdfExpand(prk, 'session-key', 32);\n  const exportKey = await hkdfExpand(prk, 'export-key', 32);\n  const finalization = await hkdfExpand(prk, 'finalization', 32);\n\n  return { sessionKey, exportKey, finalization };\n}\n","import { oprfBlind, oprfFinalize } from './crypto/oprf';\nimport { deriveKeys } from './crypto/ake';\n\nexport interface LoginStartResult {\n  /** The credential request to send to the server. */\n  request: Uint8Array;\n  /** Client state to preserve for the finish step. */\n  state: Uint8Array;\n}\n\nexport interface LoginFinishResult {\n  /** The credential finalization message to send to the server. */\n  finalization: Uint8Array;\n  /** The session key for subsequent communication. */\n  sessionKey: Uint8Array;\n  /** The export key derived during login. */\n  exportKey: Uint8Array;\n}\n\n/**\n * Start OPAQUE login (client side).\n *\n * 1. Blind the password (same as registration start).\n * 2. Generate ephemeral key exchange material.\n * 3. Return credential request + client state.\n */\nexport async function loginStart(\n  password: string,\n  _serverId: string,\n): Promise<LoginStartResult> {\n  const { blindedElement, blind } = await oprfBlind(password);\n\n  return {\n    request: blindedElement,\n    state: blind,\n  };\n}\n\n/**\n * Finish OPAQUE login (client side).\n *\n * 1. Unblind the server's OPRF response.\n * 2. Recover credentials from the envelope.\n * 3. Perform authenticated key exchange.\n * 4. Derive session key.\n */\nexport async function loginFinish(\n  password: string,\n  serverResponse: Uint8Array,\n  state: Uint8Array,\n  serverId: string,\n): Promise<LoginFinishResult> {\n  const oprfOutput = await oprfFinalize(password, serverResponse, state);\n  const { sessionKey, exportKey, finalization } = await deriveKeys(oprfOutput, serverId);\n\n  return {\n    finalization,\n    sessionKey,\n    exportKey,\n  };\n}\n","import { registrationStart, registrationFinish } from './registration';\nimport type { RegistrationStartResult, RegistrationFinishResult } from './registration';\nimport { loginStart, loginFinish } from './login';\nimport type { LoginStartResult, LoginFinishResult } from './login';\n\nexport interface OpaqueClientConfig {\n  /** Server identity (usually the domain, e.g. \"sid.example.com\") */\n  serverId: string;\n}\n\n/**\n * OPAQUE (RFC 9807) client for browser and Node.js environments.\n *\n * Handles the client side of OPAQUE registration and login flows\n * using the WebCrypto API for core operations.\n */\nexport class OpaqueClient {\n  private readonly serverId: string;\n\n  constructor(config: OpaqueClientConfig) {\n    this.serverId = config.serverId;\n  }\n\n  /**\n   * Start the registration process.\n   * Generates a registration request to send to the server.\n   */\n  async registrationStart(password: string): Promise<RegistrationStartResult> {\n    return registrationStart(password, this.serverId);\n  }\n\n  /**\n   * Finish the registration process.\n   * Processes the server's registration response and produces the final record.\n   */\n  async registrationFinish(\n    password: string,\n    serverResponse: Uint8Array,\n    state: Uint8Array,\n  ): Promise<RegistrationFinishResult> {\n    return registrationFinish(password, serverResponse, state, this.serverId);\n  }\n\n  /**\n   * Start the login process.\n   * Generates a credential request to send to the server.\n   */\n  async loginStart(password: string): Promise<LoginStartResult> {\n    return loginStart(password, this.serverId);\n  }\n\n  /**\n   * Finish the login process.\n   * Processes the server's credential response and derives session keys.\n   */\n  async loginFinish(\n    password: string,\n    serverResponse: Uint8Array,\n    state: Uint8Array,\n  ): Promise<LoginFinishResult> {\n    return loginFinish(password, serverResponse, state, this.serverId);\n  }\n}\n"]}

package/package.json

@@ -0,0 +1,69 @@
+{
+  "name": "@structured-id/opaque",
+  "version": "0.0.0-development",
+  "description": "OPAQUE (RFC 9807) client library with WebCrypto and WASM",
+  "main": "dist/index.js",
+  "module": "dist/index.mjs",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:cov": "vitest run --coverage",
+    "lint": "eslint src/ tests/",
+    "format": "prettier --write \"src/**/*.ts\" \"tests/**/*.ts\"",
+    "format:check": "prettier --check \"src/**/*.ts\" \"tests/**/*.ts\"",
+    "typecheck": "tsc --noEmit",
+    "prepublishOnly": "yarn build"
+  },
+  "keywords": [
+    "opaque",
+    "pake",
+    "authentication",
+    "cryptography",
+    "webauthn",
+    "wasm"
+  ],
+  "author": "StructuredID <oss@structured.id>",
+  "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/structured-id/opaque.git"
+  },
+  "bugs": {
+    "url": "https://github.com/structured-id/opaque/issues"
+  },
+  "homepage": "https://github.com/structured-id/opaque#readme",
+  "engines": {
+    "node": ">=20"
+  },
+  "devDependencies": {
+    "@semantic-release/changelog": "^6.0.0",
+    "@semantic-release/git": "^10.0.0",
+    "@types/node": "^20.0.0",
+    "@vitest/coverage-v8": "^2.0.0",
+    "eslint": "^9.0.0",
+    "prettier": "^3.0.0",
+    "semantic-release": "^24.0.0",
+    "tsup": "^8.0.0",
+    "typescript": "^5.5.0",
+    "vitest": "^2.0.0"
+  },
+  "packageManager": "yarn@4.0.0",
+  "publishConfig": {
+    "access": "public"
+  }
+}