@substrate-system/crypto-stream 0.0.33

package/LICENSE

@@ -0,0 +1,99 @@
+# Big Time Public License
+
+Version 2.0.2
+
+<https://bigtimelicense.com/versions/2.0.2>
+
+## Purpose
+
+These terms let you use and share this software for noncommercial purposes and in small business for free, while also guaranteeing that paid licenses for big businesses will be available on fair, reasonable, and nondiscriminatory terms.
+
+## Acceptance
+
+In order to get any license under these terms, you must agree to them as both strict obligations and conditions to all your licenses.
+
+## Noncommercial Purposes
+
+You may use the software for any noncommercial purpose.
+
+## Personal Uses
+
+Personal use for research, experiment, and testing for the benefit of public knowledge, personal study, private entertainment, hobby projects, amateur pursuits, or religious observance, without any anticipated commercial application, count as use for noncommercial purposes.
+
+## Noncommercial Organizations
+
+Use by any charitable organization, educational institution, public research organization, public safety or health organization, environmental protection organization, or government institution counts as use for noncommercial purposes, regardless of the source of funding or obligations resulting from the funding.
+
+## Small Business
+
+You may use the software for the benefit of your company if it meets all these criteria:
+
+1.  had fewer than 20 total individuals working as employees and independent contractors at all times during the last tax year
+
+2.  earned less than $1,000,000 total revenue in the last tax year
+
+3.  received less than $1,000,000 total debt, equity, and other investment in the last five tax years, counting investment in predecessor companies that reorganized into, merged with, or spun out your company
+
+All dollar figures are United States dollars as of 2019.  Adjust for them inflation according to the United States Bureau of Labor Statistics' consumer price index for all urban consumers, United States city average, for all items, not seasonally adjusted, with 1982–1984=100 reference base.
+
+## Big Business
+
+You may use the software for the benefit of your company:
+
+1.  for 128 days after your company stops qualifying under [Small Business](#small-business)
+
+2.  indefinitely, if the licensor or their legal successor does not offer fair, reasonable, and nondiscriminatory terms for a commercial license for the software within 32 days of [written request](#how-to-request) and negotiate in good faith to conclude a deal
+
+## How to Request
+
+If this software includes an address for the licensor or an agent of the licensor in a standard place, such as in documentation, software package metadata, or an "about" page or screen, try to request a fair commercial license at that address.  If this package includes both online and offline addresses, try online before offline.  If you can't deliver a request that way, or this software doesn't include any addressees, spend one hour online researching an address, recording all your searches and inquiries as you go, and try any addresses that you find.  If you can't find any addresses, or if those addresses also fail, that counts as failure to offer a fair commercial license by the licensor under [Big Business](#big-business).
+
+## Fair, Reasonable, and Nondiscriminatory Terms
+
+Fair, reasonable, and nondiscriminatory terms may license the software perpetually or for a term, and may or may not cover new versions of the software.  If the licensor advertises license terms and a pricing structure for generally available commercial licenses, the licensor proposes license terms and a price as advertised, and a customer not affiliated with the licensor has bought a commercial license for the software on substantially equivalent terms in the past year, the proposal is fair, reasonable, and nondiscriminatory.
+
+## Copyright License
+
+The licensor grants you a copyright license to do everything with the software that would otherwise infringe the licensor's copyright in it for any purpose allowed by these terms.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you also gets a copy of these terms or the URL for them above, as well as copies of any plain-text lines beginning with `Required Notice:` that the licensor provided with the software.  For example:
+
+> Required Notice: Copyright Nick Thomas (https://nichoth.com)
+
+## Patent License
+
+The licensor grants you a patent license for the software that covers patent claims the licensor can license, or becomes able to license, that you would infringe by using the software.
+
+## Fair Use
+
+You may have "fair use" rights for the software under the law. These terms do not limit them.
+
+## No Other Rights
+
+These terms do not allow you to sublicense or transfer any of your licenses to anyone else, or prevent the licensor from granting licenses to anyone else.  These terms do not imply any other licenses.
+
+## Patent Defense
+
+If you make any written claim that the software infringes or contributes to infringement of any patent, your patent license for the software granted under these terms ends immediately. If your company makes such a claim, your patent license ends immediately for work on behalf of your company.
+
+## Violations
+
+The first time you are notified in writing that you have violated any of these terms, or done anything with the software not covered by your licenses, your licenses can nonetheless continue if you come into full compliance with these terms, and take practical steps to correct past violations, within 32 days of receiving notice.  Otherwise, all your licenses end immediately.
+
+## No Liability
+
+***As far as the law allows, the software comes as is, without any warranty or condition, and the licensor will not be liable to you for any damages arising out of these terms or the use or nature of the software, under any kind of legal claim.***
+
+## Definitions
+
+The **licensor** is the individual or entity offering these terms, and the **software** is the software the licensor makes available under these terms.
+
+**You** refers to the individual or entity agreeing to these terms.
+
+**Your company** is any legal entity, sole proprietorship, or other kind of organization that you work for, plus all organizations that have control over, are under the control of, or are under common control with that organization.  **Control** means ownership of substantially all the assets of an entity, or the power to direct its management and policies by vote, contract, or otherwise.  Control can be direct or indirect.
+
+**Your licenses** are all the licenses granted to you for the software under these terms.
+
+**Use** means anything you do with the software requiring one of your licenses.

package/README.md

@@ -0,0 +1,366 @@
+# crypto stream
+[![tests](https://img.shields.io/github/actions/workflow/status/mycelial-systems/crypto-stream/nodejs.yml?style=flat-square)](https://github.com/mycelial-systems/crypto-stream/actions/workflows/nodejs.yml)
+[![module](https://img.shields.io/badge/module-ESM%2FCJS-blue?style=flat-square)](README.md)
+[![types](https://img.shields.io/npm/types/@substrate-system/crypto-stream?style=flat-square)](README.md)
+[![semantic versioning](https://img.shields.io/badge/semver-2.0.0-blue?logo=semver&style=flat-square)](https://semver.org/)
+[![Common Changelog](https://nichoth.github.io/badge/common-changelog.svg)](./CHANGELOG.md)
+[![install size](https://flat.badgen.net/packagephobia/install/@substrate-system/crypto-stream?cache-control=no-cache)](https://packagephobia.com/result?p=@substrate-system/crypto-stream)
+[![license](https://img.shields.io/badge/license-Big_Time-blue?style=flat-square)](LICENSE)
+
+
+Streaming encryption for the browser, based on
+[Encrypted Content-Encoding for HTTP (RFC 8188)](https://tools.ietf.org/html/rfc8188)
+
+This uses the [Web Crypto API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API).
+
+
+<details><summary><h2>Contents</h2></summary>
+
+<!-- toc -->
+
+- [install](#install)
+- [fork](#fork)
+- [example](#example)
+  * [example with blobs](#example-with-blobs)
+- [API](#api)
+  * [`new Keychain([key, [salt]])`](#new-keychainkey-salt)
+  * [`keychain.key`](#keychainkey)
+  * [`keychain.keyB64`](#keychainkeyb64)
+  * [`keychain.salt`](#keychainsalt)
+  * [`keychain.saltB64`](#keychainsaltb64)
+  * [`keychain.authToken()`](#keychainauthtoken)
+  * [`keychain.authTokenB64()`](#keychainauthtokenb64)
+  * [`keychain.authHeader()`](#keychainauthheader)
+  * [`keychain.setAuthToken(authToken)`](#keychainsetauthtokenauthtoken)
+  * [`keychain.encryptStream(stream)`](#keychainencryptstreamstream)
+  * [`keychain.decryptStream(encryptedStream)`](#keychaindecryptstreamencryptedstream)
+  * [`keychain.decryptStreamRange(offset, length, totalEncryptedLength)`](#keychaindecryptstreamrangeoffset-length-totalencryptedlength)
+  * [`keychain.encryptMeta(meta)`](#keychainencryptmetameta)
+  * [`keychain.decryptMeta(ivEncryptedMeta)`](#keychaindecryptmetaivencryptedmeta)
+  * [`keychain.encryptBytes(bytes)`](#keychainencryptbytesbytes)
+  * [`keychain.decryptBytes(bytes)`](#keychaindecryptbytesbytes)
+  * [`plaintextSize(encryptedSize)`](#plaintextsizeencryptedsize)
+  * [`encryptedSize(plaintextSize)`](#encryptedsizeplaintextsize)
+- [credits](#credits)
+
+<!-- tocstop -->
+
+</details>
+
+## install
+```sh
+npm i -S @substrate-system/crypto-stream
+```
+
+## fork
+This is a fork of [SocketDev/wormhole-crypto](https://github.com/SocketDev/wormhole-crypto). Thanks [@SocketDev](https://github.com/SocketDev) team for working in open source.
+
+## example
+
+```js
+import { Keychain } from '@substrate-system/crypto-stream'
+
+// Create a new keychain. Since no arguments are specified, the key and salt
+// are generated.
+const keychain = new Keychain()
+
+// Get a WHATWG stream somehow, from fetch(), from a Blob(), etc.
+const stream = getStream()
+
+// Create an encrypted version of that stream
+const encryptedStream = await keychain.encryptStream(stream)
+
+// Normally you'd now use `encryptedStream`, e.g. in fetch(), etc.
+// However, for this example, we'll just decrypt the stream immediately
+const plaintextStream = await keychain.decryptStream(encryptedStream)
+
+// Now, you can use `plaintextStream` and it will be identical
+// to if you had used `stream`.
+```
+
+### example with blobs
+
+See [./example](./example/index.ts) for a version that uses blobs + a
+local `vite` server.
+
+```js
+import { Keychain } from '@substrate-system/crypto-stream'
+
+const encryptedData = await fetch(imgUrl)
+const decryptedStream = await keychain.decryptStream(encryptedData.body)
+const response = new Response(decryptedStream)
+const blobUrl = window.URL.createObjectURL(await response.blob())
+
+// ...
+
+function Component () {
+    return html`<img src="${blobUrl}" />`
+}
+```
+
+## API
+
+### `new Keychain([key, [salt]])`
+```ts
+constructor (key?:string|Uint8Array, salt?:string|Uint8Array)
+```
+
+Type: `Class`
+
+Returns: `Keychain`
+
+Create a new keychain object. The keychain can be used to create encryption
+streams, decryption streams, and to encrypt or decrypt a "metadata" buffer.
+
+#### `key`
+
+Type: `Uint8Array | string | null`
+
+Default: `null`
+
+The main key. This should be 16 bytes in length. If a `string` is given,
+then it should be a base64-encoded string. If the argument is `null`, then a
+key will be automatically generated.
+
+#### `salt`
+
+Type: `Uint8Array | string | null`
+
+Default: `null`
+
+The salt. This should be 16 bytes in length. If a `string` is given,
+then it should be a base64-encoded string. If this argument is `null`, then a
+salt will be automatically generated.
+
+### `keychain.key`
+
+```ts
+key:Uint8Array
+```
+
+The main key.
+
+### `keychain.keyB64`
+
+```ts
+keyB64:string
+```
+
+The main key as a base64url-encoded string.
+
+### `keychain.salt`
+
+```ts
+salt:Uint8Array
+```
+
+The salt.
+
+Implementation note: The salt is used to derive the (internal) metadata key and
+authentication token.
+
+### `keychain.saltB64`
+
+```ts
+saltB64:string
+```
+The salt as a base64-encoded string.
+
+### `keychain.authToken()`
+```ts
+authToken ():Promise<ArrayBuffer>
+```
+
+Returns the authentication token. By default, the authentication token is
+automatically derived from the main key using HKDF SHA-256.
+
+The authentication token can be used to communicate with the server and
+prove that the client has permission to fetch some data. Without a valid
+authentication token, the server can reject the request.
+
+Since the authentication token is derived from the main key, the client would
+present it to the server as a "reader token" to prove that it is in possession
+of the main key without revealing the main key to the server.
+
+For destructive operations, the client should instead
+present a "writer token", which is not derived from the main key but is provided
+by the server. 
+
+### `keychain.authTokenB64()`
+
+```ts
+authTokenB64 ():Promise<string>
+```
+
+Returns the authentication token as a base64-encoded string.
+
+### `keychain.authHeader()`
+
+```ts
+authHeader ():Promise<string>
+// => `Bearer sync-v1 ${authTokenB64}`
+```
+
+Returns a `Promise` that resolves to the HTTP header value to be provided to the server, as a base64 string. It contains the authentication token.
+
+### `keychain.setAuthToken(authToken)`
+
+```ts
+setAuthToken (authToken:string|Uint8Array|null):void
+```
+
+Update the keychain authentication token to the given `authToken`.
+
+#### `authToken`
+
+Type: `Uint8Array | string | null`
+
+Default: `null`
+
+The authentication token. This should be 16 bytes in length. If a `string` is
+given, then it should be a base64-encoded string. If this argument is `null`,
+then an authentication token will be automatically generated.
+
+### `keychain.encryptStream(stream)`
+
+```ts
+encryptStream (stream:ReadableStream):Promise<ReadableStream>
+```
+
+Type: `Function`
+
+Returns: `Promise<ReadableStream>`
+
+Returns a `Promise` that resolves to a `ReadableStream` encryption stream that
+consumes the data in `stream` and returns an encrypted version. Data is
+encrypted with [Encrypted Content-Encoding for HTTP (RFC 8188)](https://tools.ietf.org/html/rfc8188).
+
+#### `stream`
+
+Type: `ReadableStream`
+
+A WHATWG readable stream used as a data source for the encrypted stream.
+
+### `keychain.decryptStream(encryptedStream)`
+
+Type: `Function`
+
+Returns: `Promise<ReadableStream>`
+
+Returns a `Promise` that resolves to a `ReadableStream` decryption stream that
+consumes the data in `encryptedStream` and returns a plaintext version.
+
+### `keychain.decryptStreamRange(offset, length, totalEncryptedLength)`
+
+```ts
+function decryptStreamRange (
+    secretKey:CryptoKey,
+    offset:number,
+    length:number,
+    totalEncryptedLength:number,
+    rs:number = RECORD_SIZE
+):{
+    ranges:{ offset:number, length:number }[],
+    decrypt:(streams:ReadableStream[])=>ReadableStream
+}
+```
+
+Returns a `Promise` that resolves to a object containing `ranges`, which is
+an array of objects containing `offset` and `length` integers specifying the
+encrypted byte ranges that are needed to decrypt the client's specified range,
+and a `decrypt` function.
+
+Once the client has gathered a stream for each byte range in `ranges`,
+the client should call `decrypt(streams)`, where `streams` is an array of
+`ReadableStream` objects, one for each of the requested ranges. `decrypt`
+will then return a `ReadableStream` containing the plaintext data for the
+client's desired byte range.
+
+#### `encryptedStream`
+
+Type: `ReadableStream`
+
+A WHATWG readable stream used as a data source for the plaintext stream.
+
+### `keychain.encryptMeta(meta)`
+
+```ts
+encryptMeta (meta:Uint8Array):Promise<Uint8Array>
+```
+
+Returns a `Promise` that resolves to an encrypted version of `meta`. The
+metadata is encrypted with AES-GCM.
+
+Implementation note: The metadata key is automatically derived from the main
+key using HKDF SHA-256. The value is not user-controlled.
+
+Implementation note: The initialization vector (IV) is automatically generated
+and included in the encrypted output. No need to generate it or to manage it
+separately from the encrypted output.
+
+#### `meta`
+
+Type: `Uint8Array`
+
+The metadata buffer to encrypt.
+
+### `keychain.decryptMeta(ivEncryptedMeta)`
+```ts
+decryptMeta (ivEncryptedMeta:Uint8Array):Promise<Uint8Array>
+```
+
+Returns: `Promise<Uint8Array>`
+
+Returns a `Promise` that resolves to a decrypted version of `encryptedMeta`.
+
+#### `ivEncryptedMeta`
+
+Type: `Uint8Array`
+
+The encrypted metadata buffer to decrypt.
+
+### `keychain.encryptBytes(bytes)`
+
+```ts
+async function encryptBytes (
+    bytes:ArrayBuffer|Uint8Array,
+    opts?:{ iv?:Uint8Array },
+):Promise<Uint8Array>
+```
+
+Encrypt and return the given data in-memory, not using streams.
+
+### `keychain.decryptBytes(bytes)`
+
+```ts
+async function decryptBytes (
+    bytes:Uint8Array,
+):Promise<ArrayBuffer>
+```
+
+Decrypt the given data in-memory, without streaming.
+
+### `plaintextSize(encryptedSize)`
+
+```ts
+function plaintextSize (
+  encryptedSize:number,
+  rs:number = RECORD_SIZE
+):number
+```
+
+Given an encrypted size, return the corresponding plaintext size.
+
+### `encryptedSize(plaintextSize)`
+```ts
+function encryptedSize (
+  plaintextSize:number,
+  rs:number = RECORD_SIZE
+):number
+```
+
+Given a plaintext size, return the corresponding encrypted size.
+
+## credits
+
+Thank you [Feross](https://github.com/feross) and [SocketDev](https://github.com/SocketDev) team for writing and publishing this.

package/dist/concat-streams.cjs

@@ -0,0 +1,59 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var concat_streams_exports = {};
+__export(concat_streams_exports, {
+  concatStreams: () => concatStreams
+});
+module.exports = __toCommonJS(concat_streams_exports);
+function concatStreams(inputStreams) {
+  let currentReader = null;
+  const nextStream = /* @__PURE__ */ __name((controller) => {
+    const stream = inputStreams.shift();
+    if (stream !== void 0) {
+      currentReader = stream.getReader();
+    } else {
+      currentReader = null;
+      controller.close();
+    }
+  }, "nextStream");
+  return new ReadableStream({
+    start(controller) {
+      nextStream(controller);
+    },
+    async pull(controller) {
+      while (currentReader !== null) {
+        const { value, done } = await currentReader.read();
+        if (done) {
+          nextStream(controller);
+        } else {
+          controller.enqueue(value);
+          break;
+        }
+      }
+    },
+    async cancel(reason) {
+      await Promise.all([
+        currentReader && currentReader.cancel(reason),
+        ...inputStreams.map((stream) => stream.cancel(reason))
+      ]);
+    }
+  });
+}
+__name(concatStreams, "concatStreams");