@substrate-system/crypto-stream 0.0.33

package/dist/src/ece.js

@@ -0,0 +1,373 @@
+/**
+ * Encryption and decryption streams for "Encrypted Content-Encoding for HTTP"
+ * specification. See: https://tools.ietf.org/html/rfc8188
+ */
+import { concatStreams } from './concat-streams.js';
+import { transformStream } from './transform-stream.js';
+import { SliceTransformer } from './slice-transformer.js';
+import { webcrypto } from '@substrate-system/one-webcrypto';
+import { ExtractTransformer } from './extract-transformer.js';
+import { generateSalt, asBufferSource } from './util.js';
+const MODE_ENCRYPT = 'encrypt';
+const MODE_DECRYPT = 'decrypt';
+export const KEY_LENGTH = 16;
+export const TAG_LENGTH = 16;
+const NONCE_LENGTH = 12;
+const RECORD_SIZE = 64 * 1024;
+const HEADER_LENGTH = KEY_LENGTH + 4 + 1; // salt + record size + idlen
+const encoder = new TextEncoder();
+class ECETransformer {
+    mode;
+    secretKey;
+    rs;
+    salt;
+    seekOpts;
+    seq;
+    prevChunk;
+    nonceBase;
+    key;
+    constructor(mode, secretKey, rs, salt, seekOpts = {}) {
+        if (mode !== MODE_ENCRYPT && mode !== MODE_DECRYPT) {
+            throw new Error("mode must be either 'encrypt' or 'decrypt'");
+        }
+        checkSecretKey(secretKey);
+        if (salt != null && salt.byteLength !== KEY_LENGTH) {
+            throw new Error('Invalid salt length');
+        }
+        this.mode = mode;
+        this.secretKey = secretKey;
+        this.rs = rs;
+        this.salt = salt;
+        // seekOpts can contain (for decryption only):
+        // startSeq: first record sequence number
+        // endSeq: last record sequence number + 1 (exclusive)
+        // endsPrematurely: true if the last record should have non-final padding
+        this.seekOpts = seekOpts;
+        // sequence number. -1 is the header, 0 is the first data chunk
+        this.seq = -1;
+        this.prevChunk = null;
+        this.nonceBase = null;
+        this.key = null;
+    }
+    async generateKey() {
+        return webcrypto.subtle.deriveKey({
+            name: 'HKDF',
+            hash: 'SHA-256',
+            salt: this.salt,
+            info: encoder.encode('Content-Encoding: aes128gcm\0')
+        }, this.secretKey, {
+            name: 'AES-GCM',
+            length: KEY_LENGTH * 8
+        }, false, ['encrypt', 'decrypt']);
+    }
+    async generateNonceBase() {
+        const nonceBaseBuf = await webcrypto.subtle.deriveBits({
+            name: 'HKDF',
+            hash: 'SHA-256',
+            salt: this.salt,
+            info: encoder.encode('Content-Encoding: nonce\0')
+        }, this.secretKey, NONCE_LENGTH * 8);
+        return new Uint8Array(nonceBaseBuf);
+    }
+    generateNonce(seq) {
+        if (seq > 0xffffffff) {
+            throw new Error('record sequence number exceeds limit');
+        }
+        if (!this.nonceBase)
+            throw new Error('Not nonce base');
+        const nonce = this.nonceBase.slice();
+        const dv = new DataView(nonce.buffer, nonce.byteOffset, nonce.byteLength);
+        const m = dv.getUint32(nonce.byteLength - 4);
+        const xor = (m ^ seq) >>> 0; // forces unsigned int xor
+        dv.setUint32(nonce.byteLength - 4, xor);
+        return nonce;
+    }
+    pad(data, isLast) {
+        const len = data.byteLength;
+        if (len + TAG_LENGTH >= this.rs) {
+            throw new Error('data too large for record size');
+        }
+        let padding;
+        if (isLast) {
+            padding = Uint8Array.of(2);
+        }
+        else {
+            padding = new Uint8Array(this.rs - len - TAG_LENGTH);
+            padding[0] = 1;
+        }
+        const result = new Uint8Array(data.byteLength + padding.byteLength);
+        result.set(data, 0);
+        result.set(padding, data.byteLength);
+        return result;
+    }
+    unpad(data, isLast) {
+        for (let i = data.byteLength - 1; i >= 0; i -= 1) {
+            if (data[i] !== 0) {
+                if (isLast) {
+                    if (data[i] !== 2) {
+                        throw new Error('delimiter of final record is not 2');
+                    }
+                }
+                else {
+                    if (data[i] !== 1) {
+                        throw new Error('delimiter of not final record is not 1');
+                    }
+                }
+                return data.slice(0, i);
+            }
+        }
+        throw new Error('no delimiter found');
+    }
+    createHeader() {
+        if (!this.salt)
+            throw new Error('Not salt');
+        const header = new Uint8Array(HEADER_LENGTH);
+        header.set(this.salt);
+        const dv = new DataView(header.buffer, header.byteOffset, header.byteLength);
+        dv.setUint32(KEY_LENGTH, this.rs);
+        return header;
+    }
+    readHeader(buffer) {
+        if (buffer.byteLength !== HEADER_LENGTH) {
+            throw new Error('chunk is not expected header length');
+        }
+        const header = { salt: null, rs: null };
+        const dv = new DataView(buffer.buffer, buffer.byteOffset, buffer.byteLength);
+        header.salt = buffer.slice(0, KEY_LENGTH);
+        header.rs = dv.getUint32(KEY_LENGTH);
+        const idlen = dv.getUint8(KEY_LENGTH + 4);
+        if (idlen !== 0) {
+            throw new Error('Implementation does not support non-zero idlen');
+        }
+        return header;
+    }
+    async encryptRecord(record, seq, isLast) {
+        const nonce = this.generateNonce(seq);
+        const paddedRecord = this.pad(record, isLast);
+        if (!this.key)
+            throw new Error('not key'); // for TS
+        const encryptedRecordBuf = await webcrypto.subtle.encrypt({
+            name: 'AES-GCM',
+            iv: nonce,
+            tagLength: TAG_LENGTH * 8
+        }, this.key, paddedRecord);
+        return new Uint8Array(encryptedRecordBuf);
+    }
+    async decryptRecord(encryptedRecord, seq, isLast) {
+        if (!this.key)
+            throw new Error('not key'); // for TS
+        const nonce = this.generateNonce(seq);
+        const paddedRecordBuf = await webcrypto.subtle.decrypt({
+            name: 'AES-GCM',
+            iv: nonce,
+            tagLength: TAG_LENGTH * 8
+        }, this.key, asBufferSource(encryptedRecord));
+        const paddedRecord = new Uint8Array(paddedRecordBuf);
+        return this.unpad(paddedRecord, isLast);
+    }
+    async start(controller) {
+        if (this.mode === MODE_ENCRYPT) {
+            this.key = await this.generateKey();
+            this.nonceBase = await this.generateNonceBase();
+            controller.enqueue(this.createHeader());
+            this.seq += 1;
+        }
+    }
+    async transformPrevChunk(isLast, controller) {
+        if (!this.prevChunk)
+            throw new Error('not this.prevChunk');
+        if (this.mode === MODE_ENCRYPT) {
+            controller.enqueue(await this.encryptRecord(this.prevChunk, this.seq, isLast));
+        }
+        else {
+            if (this.seq === -1) {
+                if (!this.prevChunk)
+                    throw new Error('not this.prevChunk');
+                // the first chunk during decryption contains only the header
+                const header = this.readHeader(this.prevChunk);
+                this.salt = asBufferSource(header.salt);
+                if (this.rs !== null && this.rs !== header.rs) {
+                    throw new Error('Record size declared in constructor does not match record size in encrypted stream');
+                }
+                this.rs = header.rs;
+                this.key = await this.generateKey();
+                this.nonceBase = await this.generateNonceBase();
+                const startSeq = this.seekOpts.startSeq;
+                if (startSeq != null && startSeq > 0) {
+                    // update the sequence number if decryption doesn't start
+                    // at seq = 0
+                    this.seq += startSeq;
+                }
+            }
+            else {
+                let expectEndPadding = false;
+                if (isLast) {
+                    // verify encrypted stream length even when seeking
+                    const endSeq = this.seekOpts.endSeq;
+                    if (endSeq != null && endSeq !== this.seq + 1) {
+                        throw new Error('Incorrect encrypted stream length');
+                    }
+                    // if the stream ends prematurely, expect a non-end padding byte
+                    expectEndPadding = !this.seekOpts.endsPrematurely;
+                }
+                controller.enqueue(await this.decryptRecord(this.prevChunk, this.seq, expectEndPadding));
+            }
+        }
+        this.seq += 1;
+    }
+    async transform(chunk, controller) {
+        if (this.prevChunk) {
+            await this.transformPrevChunk(false, controller);
+        }
+        this.prevChunk = chunk;
+    }
+    async flush(controller) {
+        if (this.prevChunk) {
+            await this.transformPrevChunk(true, controller);
+        }
+    }
+}
+/**
+ * Given a plaintext size, return the corresponding encrypted size.
+ *
+ * plaintextSize: int containing plaintext size
+ * rs:            int containing record size, optional
+ */
+export function encryptedSize(plaintextSize, rs = RECORD_SIZE) {
+    if (!Number.isInteger(plaintextSize)) {
+        throw new TypeError('plaintextSize');
+    }
+    if (!Number.isInteger(rs)) {
+        throw new TypeError('rs');
+    }
+    const chunkMetaLength = TAG_LENGTH + 1; // Chunk metadata, tag and delimiter
+    return (HEADER_LENGTH +
+        plaintextSize +
+        chunkMetaLength * Math.ceil(plaintextSize / (rs - chunkMetaLength)));
+}
+/**
+ * Given an encrypted size, return the corresponding plaintext size.
+ *
+ * encryptedSize: int containing encrypted size
+ * rs:            int containing record size, optional
+ */
+export function plaintextSize(encryptedSize, rs = RECORD_SIZE) {
+    if (!Number.isInteger(encryptedSize)) {
+        throw new TypeError('encryptedSize');
+    }
+    if (!Number.isInteger(rs)) {
+        throw new TypeError('rs');
+    }
+    const chunkMetaLength = TAG_LENGTH + 1; // Chunk metadata, tag and delimiter
+    const encryptedRecordsSize = encryptedSize - HEADER_LENGTH;
+    return (encryptedRecordsSize -
+        chunkMetaLength *
+            Math.ceil(encryptedRecordsSize / rs));
+}
+/**
+ * Given a plaintext stream `input`, return an encrypted stream.
+ *
+ * input:     a ReadableStream containing data to be transformed
+ * secretKey: CryptoKey containing secret key of size KEY_LENGTH
+ * rs:        int containing record size, optional
+ * salt:      Uint8Array containing salt of KEY_LENGTH length, optional
+ */
+export function encryptStream(input, secretKey, rs = RECORD_SIZE, salt = generateSalt(KEY_LENGTH)) {
+    const stream = transformStream(input, new SliceTransformer(rs - TAG_LENGTH - 1)).readable;
+    return transformStream(stream, new ECETransformer(MODE_ENCRYPT, secretKey, rs, salt)).readable;
+}
+/**
+ * Given an encrypted stream `input`, return a plaintext stream.
+ *
+ * input:     a ReadableStream containing data to be transformed
+ * secretKey: CryptoKey containing secret key of size KEY_LENGTH
+ * rs:        int containing record size, optional
+ */
+export function decryptStream(input, secretKey, rs = RECORD_SIZE) {
+    const stream = transformStream(input, new SliceTransformer(HEADER_LENGTH, rs)).readable;
+    return transformStream(stream, new ECETransformer(MODE_DECRYPT, secretKey, rs, null)).readable;
+}
+/**
+ * Given a desired plaintext byte range specified by `offset` and `length`,
+ * and the total size of the encrypted stream in `totalEncryptedLength`,
+ * provides a mechanism to decrypt that range.
+ *
+ * To decrypt an arbitrary plaintext range, the client will need to supply
+ * multiple (currently always two) ranges of encrypted data.
+ * `decryptStreamRange` returns a promise that resolves to an object containing
+ * `ranges`, which is an array of { offset, length } entries specifying the
+ * needed encrypted byte ranges, and `encrypt`, a callback function.
+ *
+ * Once the client has gathered an array `streams` of encrypted ReadableStreams,
+ * one for each of these ranges, it should call `decrypt(streams)`. This will
+ * then return the final plaintext ReadableStream.
+ *
+ * secretKey:             CryptoKey containing secret key of size KEY_LENGTH
+ * offset:                int containing plaintext byte offset at which to start decryption
+ * length:                int containing the number of plaintext bytes to decrypt
+ * totalEncryptedLength:  The total number of bytes in the encrypted stream
+ * rs:                    int containing record size, optional
+ */
+export function decryptStreamRange(secretKey, offset, length, totalEncryptedLength, rs = RECORD_SIZE) {
+    if (!Number.isInteger(rs)) {
+        throw new TypeError('Missing record size (rs)');
+    }
+    // Chunk metadata, tag and delimiter
+    const chunkMetaLength = TAG_LENGTH + 1;
+    // First record needed to decrypt the range
+    const startRecord = Math.floor(offset / (rs - chunkMetaLength));
+    const offsetInStartRecord = offset % (rs - chunkMetaLength);
+    // Record after the last record needed to decrypt the range
+    const endRecord = Math.ceil((offset + length) / (rs - chunkMetaLength));
+    // Range needed for data (not header) stream
+    const dataOffset = HEADER_LENGTH + startRecord * rs;
+    let dataEnd = HEADER_LENGTH + endRecord * rs; // exclusive
+    // Determine if the stream ends at the end of the encrypted file.
+    // This is necessary to correctly validate the padding of the final record.
+    const endsPrematurely = dataEnd < totalEncryptedLength;
+    if (!endsPrematurely) {
+        dataEnd = totalEncryptedLength;
+    }
+    return {
+        ranges: [
+            {
+                offset: 0,
+                length: HEADER_LENGTH
+            }, {
+                offset: dataOffset,
+                length: dataEnd - dataOffset
+            }
+        ],
+        decrypt: (streams) => {
+            if (!(streams.every(stream => stream instanceof ReadableStream))) {
+                throw new TypeError('Stream is not a ReadableStream');
+            }
+            // Combine the header and data streams, and then slice how
+            // ECETransformer expects
+            const encryptedStream = transformStream(concatStreams(streams), new SliceTransformer(HEADER_LENGTH, rs)).readable;
+            // Plaintext stream of needed records
+            const plaintextStream = transformStream(encryptedStream, new ECETransformer(MODE_DECRYPT, secretKey, rs, null, {
+                startSeq: startRecord,
+                endSeq: endRecord,
+                endsPrematurely
+            })).readable;
+            // Extract the exact needed bytes from the plaintext stream
+            return transformStream(plaintextStream, new ExtractTransformer(offsetInStartRecord, length)).readable;
+        }
+    };
+}
+function checkSecretKey(secretKey) {
+    if (secretKey.type !== 'secret') {
+        throw new Error('Invalid key: type must be "secret"');
+    }
+    if (secretKey.algorithm.name !== 'HKDF') {
+        throw new Error('Invalid key: algorithm must be HKDF');
+    }
+    if (!secretKey.usages.includes('deriveKey')) {
+        throw new Error('Invalid key: usages must include deriveKey');
+    }
+    if (!secretKey.usages.includes('deriveBits')) {
+        throw new Error('Invalid key: usages must include deriveBits');
+    }
+}
+//# sourceMappingURL=ece.js.map

package/dist/src/ece.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ece.js","sourceRoot":"","sources":["../../src/ece.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAA;AACzD,OAAO,EAAE,SAAS,EAAE,MAAM,iCAAiC,CAAA;AAC3D,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAA;AAC7D,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAExD,MAAM,YAAY,GAAG,SAAS,CAAA;AAC9B,MAAM,YAAY,GAAG,SAAS,CAAA;AAC9B,MAAM,CAAC,MAAM,UAAU,GAAG,EAAE,CAAA;AAC5B,MAAM,CAAC,MAAM,UAAU,GAAG,EAAE,CAAA;AAC5B,MAAM,YAAY,GAAG,EAAE,CAAA;AACvB,MAAM,WAAW,GAAG,EAAE,GAAG,IAAI,CAAA;AAC7B,MAAM,aAAa,GAAG,UAAU,GAAG,CAAC,GAAG,CAAC,CAAA,CAAC,6BAA6B;AAEtE,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;AAEjC,MAAM,cAAc;IAChB,IAAI,CAAoB;IACxB,SAAS,CAAU;IACnB,EAAE,CAAO;IACT,IAAI,CAA6B;IACjC,QAAQ,CAA+C;IACvD,GAAG,CAAO;IACV,SAAS,CAAgB;IACzB,SAAS,CAAgB;IACzB,GAAG,CAAe;IAElB,YACI,IAAwB,EACxB,SAAmB,EACnB,EAAS,EACT,IAAiC,EACjC,QAAQ,GAAG,EAAE;QAEb,IAAI,IAAI,KAAK,YAAY,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAA;QACjE,CAAC;QAED,cAAc,CAAC,SAAS,CAAC,CAAA;QAEzB,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;QAC1C,CAAC;QAED,IAAI,CAAC,IAAI,GAAG,IAAI,CAAA;QAChB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;QAC1B,IAAI,CAAC,EAAE,GAAG,EAAE,CAAA;QACZ,IAAI,CAAC,IAAI,GAAG,IAAI,CAAA;QAEhB,8CAA8C;QAC9C,yCAAyC;QACzC,sDAAsD;QACtD,yEAAyE;QACzE,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAA;QAExB,+DAA+D;QAC/D,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAA;QACb,IAAI,CAAC,SAAS,GAAG,IAAI,CAAA;QACrB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAA;QACrB,IAAI,CAAC,GAAG,GAAG,IAAI,CAAA;IACnB,CAAC;IAED,KAAK,CAAC,WAAW;QACb,OAAO,SAAS,CAAC,MAAM,CAAC,SAAS,CAC7B;YACI,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,IAAI,CAAC,IAAK;YAChB,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC,+BAA+B,CAAC;SACxD,EACD,IAAI,CAAC,SAAS,EACd;YACI,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,UAAU,GAAG,CAAC;SACzB,EACD,KAAK,EACL,CAAC,SAAS,EAAE,SAAS,CAAC,CACzB,CAAA;IACL,CAAC;IAED,KAAK,CAAC,iBAAiB;QACnB,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,UAAU,CAClD;YACI,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,IAAI,CAAC,IAAK;YAChB,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC,2BAA2B,CAAC;SACpD,EACD,IAAI,CAAC,SAAS,EACd,YAAY,GAAG,CAAC,CACnB,CAAA;QACD,OAAO,IAAI,UAAU,CAAC,YAAY,CAAC,CAAA;IACvC,CAAC;IAED,aAAa,CAAE,GAAU;QACrB,IAAI,GAAG,GAAG,UAAU,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAA;QAC3D,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAA;QAEtD,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAA;QACpC,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,EAAE,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,UAAU,CAAC,CAAA;QACzE,MAAM,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAA;QAC5C,MAAM,GAAG,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,CAAA,CAAC,0BAA0B;QACtD,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,EAAE,GAAG,CAAC,CAAA;QACvC,OAAO,KAAK,CAAA;IAChB,CAAC;IAED,GAAG,CAAE,IAAe,EAAE,MAAc;QAChC,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAA;QAC3B,IAAI,GAAG,GAAG,UAAU,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAA;QACrD,CAAC;QAED,IAAI,OAAO,CAAA;QACX,IAAI,MAAM,EAAE,CAAC;YACT,OAAO,GAAG,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QAC9B,CAAC;aAAM,CAAC;YACJ,OAAO,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,GAAG,GAAG,GAAG,UAAU,CAAC,CAAA;YACpD,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;QAClB,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAA;QACnE,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAA;QACnB,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,CAAA;QACpC,OAAO,MAAM,CAAA;IACjB,CAAC;IAED,KAAK,CAAE,IAAe,EAAE,MAAc;QAClC,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/C,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChB,IAAI,MAAM,EAAE,CAAC;oBACT,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;wBAChB,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;oBACzD,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACJ,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;wBAChB,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAA;oBAC7D,CAAC;gBACL,CAAC;gBAED,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;YAC3B,CAAC;QACL,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAA;IACzC,CAAC;IAED,YAAY;QACR,IAAI,CAAC,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,UAAU,CAAC,CAAA;QAC3C,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,aAAa,CAAC,CAAA;QAC5C,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACrB,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;QAC5E,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,EAAE,CAAC,CAAA;QACjC,OAAO,MAAM,CAAA;IACjB,CAAC;IAED,UAAU,CAAE,MAAiB;QACzB,IAAI,MAAM,CAAC,UAAU,KAAK,aAAa,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAA;QAC1D,CAAC;QACD,MAAM,MAAM,GAAgB,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAA;QACpD,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;QAC5E,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAA;QACzC,MAAM,CAAC,EAAE,GAAG,EAAE,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;QACpC,MAAM,KAAK,GAAG,EAAE,CAAC,QAAQ,CAAC,UAAU,GAAG,CAAC,CAAC,CAAA;QACzC,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAA;QACrE,CAAC;QACD,OAAO,MAAM,CAAA;IACjB,CAAC;IAED,KAAK,CAAC,aAAa,CACf,MAAiB,EACjB,GAAU,EACV,MAAc;QAEd,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;QACrC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;QAE7C,IAAI,CAAC,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,SAAS,CAAC,CAAA,CAAE,SAAS;QAEpD,MAAM,kBAAkB,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,OAAO,CACrD;YACI,IAAI,EAAE,SAAS;YACf,EAAE,EAAE,KAAK;YACT,SAAS,EAAE,UAAU,GAAG,CAAC;SAC5B,EACD,IAAI,CAAC,GAAG,EACR,YAAY,CACf,CAAA;QAED,OAAO,IAAI,UAAU,CAAC,kBAAkB,CAAC,CAAA;IAC7C,CAAC;IAED,KAAK,CAAC,aAAa,CACf,eAA0B,EAC1B,GAAU,EACV,MAAc;QAEd,IAAI,CAAC,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,SAAS,CAAC,CAAA,CAAE,SAAS;QAEpD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;QACrC,MAAM,eAAe,GAAe,MAAM,SAAS,CAAC,MAAM,CAAC,OAAO,CAC9D;YACI,IAAI,EAAE,SAAS;YACf,EAAE,EAAE,KAAK;YACT,SAAS,EAAE,UAAU,GAAG,CAAC;SAC5B,EACD,IAAI,CAAC,GAAG,EACR,cAAc,CAAC,eAAe,CAAC,CAClC,CAAA;QACD,MAAM,YAAY,GAAG,IAAI,UAAU,CAAC,eAAe,CAAC,CAAA;QACpD,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,MAAM,CAAC,CAAA;IAC3C,CAAC;IAED,KAAK,CAAC,KAAK,CAAE,UAA2C;QACpD,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC7B,IAAI,CAAC,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAA;YACnC,IAAI,CAAC,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAA;YAC/C,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC,CAAA;YACvC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAA;QACjB,CAAC;IACL,CAAC;IAED,KAAK,CAAC,kBAAkB,CACpB,MAAc,EACd,UAA2C;QAE3C,IAAI,CAAC,IAAI,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAA;QAE1D,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC7B,UAAU,CAAC,OAAO,CACd,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAC7D,CAAA;QACL,CAAC;aAAM,CAAC;YACJ,IAAI,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;gBAClB,IAAI,CAAC,IAAI,CAAC,SAAS;oBAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAA;gBAE1D,6DAA6D;gBAC7D,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;gBAC9C,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;gBACvC,IAAI,IAAI,CAAC,EAAE,KAAK,IAAI,IAAI,IAAI,CAAC,EAAE,KAAK,MAAM,CAAC,EAAE,EAAE,CAAC;oBAC5C,MAAM,IAAI,KAAK,CACX,oFAAoF,CACvF,CAAA;gBACL,CAAC;gBACD,IAAI,CAAC,EAAE,GAAG,MAAM,CAAC,EAAE,CAAA;gBAEnB,IAAI,CAAC,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAA;gBACnC,IAAI,CAAC,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAA;gBAE/C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAA;gBACvC,IAAI,QAAQ,IAAI,IAAI,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;oBACnC,yDAAyD;oBACzD,aAAa;oBACb,IAAI,CAAC,GAAG,IAAI,QAAQ,CAAA;gBACxB,CAAC;YACL,CAAC;iBAAM,CAAC;gBACJ,IAAI,gBAAgB,GAAG,KAAK,CAAA;gBAC5B,IAAI,MAAM,EAAE,CAAC;oBACT,mDAAmD;oBACnD,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAA;oBACnC,IAAI,MAAM,IAAI,IAAI,IAAI,MAAM,KAAK,IAAI,CAAC,GAAG,GAAG,CAAC,EAAE,CAAC;wBAC5C,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAA;oBACxD,CAAC;oBAED,gEAAgE;oBAChE,gBAAgB,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAA;gBACrD,CAAC;gBAED,UAAU,CAAC,OAAO,CACd,MAAM,IAAI,CAAC,aAAa,CACpB,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,GAAG,EACR,gBAAgB,CACnB,CACJ,CAAA;YACL,CAAC;QACL,CAAC;QAED,IAAI,CAAC,GAAG,IAAI,CAAC,CAAA;IACjB,CAAC;IAED,KAAK,CAAC,SAAS,CACX,KAAgB,EAChB,UAA2C;QAE3C,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACjB,MAAM,IAAI,CAAC,kBAAkB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAA;QACpD,CAAC;QACD,IAAI,CAAC,SAAS,GAAG,KAAK,CAAA;IAC1B,CAAC;IAED,KAAK,CAAC,KAAK,CAAE,UAA2C;QACpD,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACjB,MAAM,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAA;QACnD,CAAC;IACL,CAAC;CACJ;AAED;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CACzB,aAAoB,EACpB,KAAY,WAAW;IAEvB,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,aAAa,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,SAAS,CAAC,eAAe,CAAC,CAAA;IACxC,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,SAAS,CAAC,IAAI,CAAC,CAAA;IAC7B,CAAC;IAED,MAAM,eAAe,GAAG,UAAU,GAAG,CAAC,CAAA,CAAG,oCAAoC;IAC7E,OAAO,CACH,aAAa;QACb,aAAa;QACb,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,GAAG,CAAC,EAAE,GAAG,eAAe,CAAC,CAAC,CACtE,CAAA;AACL,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CACzB,aAAoB,EACpB,KAAY,WAAW;IAEvB,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,aAAa,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,SAAS,CAAC,eAAe,CAAC,CAAA;IACxC,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,SAAS,CAAC,IAAI,CAAC,CAAA;IAC7B,CAAC;IAED,MAAM,eAAe,GAAG,UAAU,GAAG,CAAC,CAAA,CAAG,oCAAoC;IAC7E,MAAM,oBAAoB,GAAG,aAAa,GAAG,aAAa,CAAA;IAC1D,OAAO,CACH,oBAAoB;QACpB,eAAe;YACf,IAAI,CAAC,IAAI,CAAC,oBAAoB,GAAG,EAAE,CAAC,CACvC,CAAA;AACL,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,aAAa,CACzB,KAAoB,EACpB,SAAmB,EACnB,KAAY,WAAW,EACvB,OAA+B,YAAY,CAAC,UAAU,CAAC;IAEvD,MAAM,MAAM,GAAG,eAAe,CAC1B,KAAK,EACL,IAAI,gBAAgB,CAAC,EAAE,GAAG,UAAU,GAAG,CAAC,CAAC,CAC5C,CAAC,QAAQ,CAAA;IAEV,OAAO,eAAe,CAClB,MAAM,EACN,IAAI,cAAc,CAAC,YAAY,EAAE,SAAS,EAAE,EAAE,EAAE,IAAI,CAAC,CACxD,CAAC,QAAQ,CAAA;AACd,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CACzB,KAAoB,EACpB,SAAmB,EACnB,EAAE,GAAG,WAAW;IAEhB,MAAM,MAAM,GAAG,eAAe,CAC1B,KAAK,EACL,IAAI,gBAAgB,CAAC,aAAa,EAAE,EAAE,CAAC,CAC1C,CAAC,QAAQ,CAAA;IAEV,OAAO,eAAe,CAClB,MAAM,EACN,IAAI,cAAc,CAAC,YAAY,EAAE,SAAS,EAAE,EAAE,EAAE,IAAI,CAAC,CACxD,CAAC,QAAQ,CAAA;AACd,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,kBAAkB,CAC9B,SAAmB,EACnB,MAAa,EACb,MAAa,EACb,oBAA2B,EAC3B,KAAY,WAAW;IAKvB,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,SAAS,CAAC,0BAA0B,CAAC,CAAA;IACnD,CAAC;IAED,oCAAoC;IACpC,MAAM,eAAe,GAAG,UAAU,GAAG,CAAC,CAAA;IAEtC,2CAA2C;IAC3C,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,GAAG,eAAe,CAAC,CAAC,CAAA;IAC/D,MAAM,mBAAmB,GAAG,MAAM,GAAG,CAAC,EAAE,GAAG,eAAe,CAAC,CAAA;IAE3D,2DAA2D;IAC3D,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,EAAE,GAAG,eAAe,CAAC,CAAC,CAAA;IAEvE,4CAA4C;IAC5C,MAAM,UAAU,GAAG,aAAa,GAAG,WAAW,GAAG,EAAE,CAAA;IACnD,IAAI,OAAO,GAAG,aAAa,GAAG,SAAS,GAAG,EAAE,CAAA,CAAC,YAAY;IAEzD,iEAAiE;IACjE,2EAA2E;IAC3E,MAAM,eAAe,GAAG,OAAO,GAAG,oBAAoB,CAAA;IACtD,IAAI,CAAC,eAAe,EAAE,CAAC;QACnB,OAAO,GAAG,oBAAoB,CAAA;IAClC,CAAC;IAED,OAAO;QACH,MAAM,EAAE;YACJ;gBACI,MAAM,EAAE,CAAC;gBACT,MAAM,EAAE,aAAa;aACxB,EAAE;gBACC,MAAM,EAAE,UAAU;gBAClB,MAAM,EAAE,OAAO,GAAG,UAAU;aAC/B;SACJ;QAED,OAAO,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,YAAY,cAAc,CAAC,CAAC,EAAE,CAAC;gBAC/D,MAAM,IAAI,SAAS,CAAC,gCAAgC,CAAC,CAAA;YACzD,CAAC;YAED,0DAA0D;YAC1D,yBAAyB;YACzB,MAAM,eAAe,GAAG,eAAe,CACnC,aAAa,CAAC,OAAO,CAAC,EAAE,IAAI,gBAAgB,CAAC,aAAa,EAAE,EAAE,CAAC,CAClE,CAAC,QAAQ,CAAA;YAEV,qCAAqC;YACrC,MAAM,eAAe,GAAG,eAAe,CACnC,eAAe,EACf,IAAI,cAAc,CAAC,YAAY,EAAE,SAAS,EAAE,EAAE,EAAE,IAAI,EAAE;gBAClD,QAAQ,EAAE,WAAW;gBACrB,MAAM,EAAE,SAAS;gBACjB,eAAe;aAClB,CAAC,CACL,CAAC,QAAQ,CAAA;YAEV,2DAA2D;YAC3D,OAAO,eAAe,CAClB,eAAe,EACf,IAAI,kBAAkB,CAAC,mBAAmB,EAAE,MAAM,CAAC,CACtD,CAAC,QAAQ,CAAA;QACd,CAAC;KACJ,CAAA;AACL,CAAC;AAED,SAAS,cAAc,CAAE,SAAmB;IACxC,IAAI,SAAS,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;IACzD,CAAC;IACD,IAAI,SAAS,CAAC,SAAS,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAA;IAC1D,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAA;IACjE,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAA;IAClE,CAAC;AACL,CAAC"}

package/dist/src/extract-transformer.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Tranform stream that extracts `length` bytes starting at `offset` and turns
+ * that result into a new stream. If the input stream ends before `length` bytes,
+ * the output stream will error.
+ *
+ * offset: The number of bytes to skip before starting the output stream
+ * length: The number of bytes to include in the output stream. All further
+ *         input data will be discarded.
+ */
+export declare class ExtractTransformer {
+    extractStart: number;
+    extractEnd: number;
+    offset: number;
+    constructor(offset: number, length: number);
+    transform(chunk: Uint8Array, controller: TransformStreamDefaultController): void;
+    flush(controller: TransformStreamDefaultController): void;
+}
+//# sourceMappingURL=extract-transformer.d.ts.map

package/dist/src/extract-transformer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"extract-transformer.d.ts","sourceRoot":"","sources":["../../src/extract-transformer.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,qBAAa,kBAAkB;IAC3B,YAAY,EAAC,MAAM,CAAA;IACnB,UAAU,EAAC,MAAM,CAAA;IACjB,MAAM,EAAC,MAAM,CAAA;gBAEA,MAAM,EAAC,MAAM,EAAE,MAAM,EAAC,MAAM;IAQzC,SAAS,CAAE,KAAK,EAAC,UAAU,EAAE,UAAU,EAAC,gCAAgC;IAkBxE,KAAK,CAAE,UAAU,EAAC,gCAAgC;CAOrD"}

package/dist/src/extract-transformer.js

@@ -0,0 +1,40 @@
+/**
+ * Tranform stream that extracts `length` bytes starting at `offset` and turns
+ * that result into a new stream. If the input stream ends before `length` bytes,
+ * the output stream will error.
+ *
+ * offset: The number of bytes to skip before starting the output stream
+ * length: The number of bytes to include in the output stream. All further
+ *         input data will be discarded.
+ */
+export class ExtractTransformer {
+    extractStart;
+    extractEnd;
+    offset;
+    constructor(offset, length) {
+        // desired range to extract
+        this.extractStart = offset;
+        this.extractEnd = offset + length; // exclusive end
+        this.offset = 0; // current offset into input stream
+    }
+    transform(chunk, controller) {
+        // The start and end of `chunk` relative to the entire input stream
+        const chunkStart = this.offset;
+        const chunkEnd = this.offset + chunk.byteLength; // exclusive end
+        this.offset = chunkEnd;
+        // What part of `chunk` belongs in the output stream?
+        const sliceStart = Math.max(this.extractStart - chunkStart, 0);
+        const sliceEnd = Math.min(this.extractEnd - chunkStart, chunk.byteLength);
+        // This chunk is entirely outside the range to extract
+        if (sliceStart >= chunk.byteLength || sliceEnd <= 0) {
+            return;
+        }
+        controller.enqueue(chunk.subarray(sliceStart, sliceEnd));
+    }
+    flush(controller) {
+        if (this.offset < this.extractEnd) {
+            controller.error(new Error('Stream passed through ExtractTransformer ended early'));
+        }
+    }
+}
+//# sourceMappingURL=extract-transformer.js.map

package/dist/src/extract-transformer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"extract-transformer.js","sourceRoot":"","sources":["../../src/extract-transformer.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,OAAO,kBAAkB;IAC3B,YAAY,CAAO;IACnB,UAAU,CAAO;IACjB,MAAM,CAAO;IAEb,YAAa,MAAa,EAAE,MAAa;QACrC,2BAA2B;QAC3B,IAAI,CAAC,YAAY,GAAG,MAAM,CAAA;QAC1B,IAAI,CAAC,UAAU,GAAG,MAAM,GAAG,MAAM,CAAA,CAAE,gBAAgB;QAEnD,IAAI,CAAC,MAAM,GAAG,CAAC,CAAA,CAAE,mCAAmC;IACxD,CAAC;IAED,SAAS,CAAE,KAAgB,EAAE,UAA2C;QACpE,mEAAmE;QACnE,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAA;QAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,UAAU,CAAA,CAAE,gBAAgB;QACjE,IAAI,CAAC,MAAM,GAAG,QAAQ,CAAA;QAEtB,qDAAqD;QACrD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,GAAG,UAAU,EAAE,CAAC,CAAC,CAAA;QAC9D,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,UAAU,EAAE,KAAK,CAAC,UAAU,CAAC,CAAA;QAEzE,sDAAsD;QACtD,IAAI,UAAU,IAAI,KAAK,CAAC,UAAU,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;YAClD,OAAM;QACV,CAAC;QAED,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAA;IAC5D,CAAC;IAED,KAAK,CAAE,UAA2C;QAC9C,IAAI,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;YAChC,UAAU,CAAC,KAAK,CACZ,IAAI,KAAK,CAAC,sDAAsD,CAAC,CACpE,CAAA;QACL,CAAC;IACL,CAAC;CACJ"}

package/dist/src/index.d.ts

@@ -0,0 +1,3 @@
+export { Keychain, plaintextSize, encryptedSize } from './keychain.js';
+export { transformStream } from './transform-stream.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,eAAe,CAAA;AACtE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA"}

package/dist/src/index.js

@@ -0,0 +1,3 @@
+export { Keychain, plaintextSize, encryptedSize } from './keychain.js';
+export { transformStream } from './transform-stream.js';
+//# sourceMappingURL=index.js.map

package/dist/src/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,eAAe,CAAA;AACtE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA"}

package/dist/src/keychain.d.ts

@@ -0,0 +1,103 @@
+export { encryptedSize, plaintextSize } from './ece.js';
+export declare class Keychain {
+    key: Uint8Array<ArrayBuffer>;
+    salt: Uint8Array<ArrayBuffer>;
+    mainKeyPromise: Promise<CryptoKey>;
+    metaKeyPromise: Promise<CryptoKey>;
+    authTokenPromise: Promise<Uint8Array>;
+    constructor(key?: string | Uint8Array, salt?: string | Uint8Array);
+    /**
+     * Get an authentication header as a static method.
+     */
+    static AuthHeader(secretKey: string, salt: string | Uint8Array): Promise<string>;
+    static Header(writeToken: string): string;
+    /**
+     * Get the main key as a `base64url` encoded string
+     */
+    get keyB64(): string;
+    /**
+     * Get the salt as base64 string
+     */
+    get saltB64(): string;
+    /**
+     * get a promise for the auth token.
+     * @returns {Promise<Uint8Array>}
+     */
+    authToken(): Promise<Uint8Array>;
+    /**
+     * Get the auth token as a base64 string
+     */
+    authTokenB64(): Promise<string>;
+    /**
+     * Get a header string: `Bearer sync-v1 ${authTokenB64}`.
+     * Pass in a token, or else this will use the `authToken` derived from
+     * the main key.
+     */
+    authHeader(tokenString?: string): Promise<string>;
+    /**
+     * Set the auth token
+     * @param authToken The new token
+     */
+    setAuthToken(authToken?: string | Uint8Array): void;
+    /**
+     * Take a stream, return an encrypted stream.
+     * @param stream Input stream
+     * @returns {Promise<ReadableStream>}
+     */
+    encryptStream(stream: ReadableStream<Uint8Array>): Promise<ReadableStream<Uint8Array>>;
+    /**
+     * Encrypt and return some data; don't stream.
+     *
+     * NOTE: This generates a new key each time it is called, via
+     * `this.generateKey`.
+     *
+     * @param bytes
+     * @param {{ iv?:Uint8Array, size?:number }} [opts] Optional params,
+     * `iv` and `size`. If `size` is omitted, default is 16 bytes. `iv` is
+     * a random 12 bits, will be generated if not passed in.
+     * @returns {Promise<Uint8Array>}
+     */
+    encryptBytes(bytes: ArrayBuffer | Uint8Array, opts?: {
+        iv?: Uint8Array;
+        size?: number;
+    }): Promise<Uint8Array>;
+    /**
+     * Decrypt in memory, not streaming.
+     */
+    decryptBytes(bytes: Uint8Array): Promise<ArrayBuffer>;
+    /**
+     * Derive a new AES-GCM key from the main key.
+     *
+     * @param {number} [keyLength] Optional size for the key, in bytes, eg,
+     * `16` or `32`.
+     * @returns {Promise<CryptoKey>}
+     */
+    generateKey(keyLength?: number): Promise<CryptoKey>;
+    /**
+     * Take an encrypted stream, return a decrypted stream.
+     * @param encryptedStream The input (encrypted) stream
+     * @returns The decrypted stream
+     */
+    decryptStream(encryptedStream: ReadableStream<Uint8Array>): Promise<ReadableStream<Uint8Array>>;
+    /**
+     * Returns an object containing `ranges`, an array of objects
+     * containing `offset` and `length` integers specifying the encrypted byte
+     * ranges that are needed to decrypt the client's specified range, and a
+     * `decrypt` function.
+     *
+     * @param {number} offset Integer
+     * @param {number} length Integer
+     * @param {number} totalEncryptedLength Integer
+     * @returns {Promise<{ ranges, decrypt }>}
+     */
+    decryptStreamRange(offset: number, length: number, totalEncryptedLength: number): Promise<{
+        ranges: {
+            offset: number;
+            length: number;
+        }[];
+        decrypt: (streams: ReadableStream[]) => ReadableStream;
+    }>;
+    encryptMeta(meta: Uint8Array): Promise<Uint8Array>;
+    decryptMeta(ivEncryptedMeta: Uint8Array): Promise<Uint8Array>;
+}
+//# sourceMappingURL=keychain.d.ts.map

package/dist/src/keychain.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"keychain.d.ts","sourceRoot":"","sources":["../../src/keychain.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAKvD,qBAAa,QAAQ;IACjB,GAAG,EAAC,UAAU,CAAC,WAAW,CAAC,CAAA;IAC3B,IAAI,EAAC,UAAU,CAAC,WAAW,CAAC,CAAA;IAC5B,cAAc,EAAC,OAAO,CAAC,SAAS,CAAC,CAAA;IACjC,cAAc,EAAC,OAAO,CAAC,SAAS,CAAC,CAAA;IACjC,gBAAgB,EAAC,OAAO,CAAC,UAAU,CAAC,CAAA;gBAEvB,GAAG,CAAC,EAAC,MAAM,GAAC,UAAU,EAAE,IAAI,CAAC,EAAC,MAAM,GAAC,UAAU;IA+C5D;;OAEG;WACU,UAAU,CAAE,SAAS,EAAC,MAAM,EAAE,IAAI,EAAC,MAAM,GAAC,UAAU;IAwBjE,MAAM,CAAC,MAAM,CAAE,UAAU,EAAC,MAAM;IAIhC;;OAEG;IACH,IAAI,MAAM,IAAI,MAAM,CAEnB;IAED;;OAEG;IACH,IAAI,OAAO,IAAI,MAAM,CAEpB;IAED;;;OAGG;IACG,SAAS,IAAI,OAAO,CAAC,UAAU,CAAC;IAItC;;OAEG;IACG,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC;IAKrC;;;;OAIG;IACG,UAAU,CAAE,WAAW,CAAC,EAAC,MAAM,GAAE,OAAO,CAAC,MAAM,CAAC;IAQtD;;;OAGG;IACH,YAAY,CAAE,SAAS,CAAC,EAAC,MAAM,GAAC,UAAU,GAAE,IAAI;IAIhD;;;;OAIG;IACG,aAAa,CACf,MAAM,EAAC,cAAc,CAAC,UAAU,CAAC,GACnC,OAAO,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IAQrC;;;;;;;;;;;OAWG;IACG,YAAY,CACd,KAAK,EAAC,WAAW,GAAC,UAAU,EAC5B,IAAI,CAAC,EAAC;QAAE,EAAE,CAAC,EAAC,UAAU,CAAC;QAAC,IAAI,CAAC,EAAC,MAAM,CAAA;KAAE,GACxC,OAAO,CAAC,UAAU,CAAC;IAcrB;;OAEG;IACG,YAAY,CACd,KAAK,EAAC,UAAU,GAClB,OAAO,CAAC,WAAW,CAAC;IAatB;;;;;;OAMG;IACG,WAAW,CAAE,SAAS,CAAC,EAAC,MAAM,GAAE,OAAO,CAAC,SAAS,CAAC;IAoBxD;;;;OAIG;IACG,aAAa,CACf,eAAe,EAAC,cAAc,CAAC,UAAU,CAAC,GAC5C,OAAO,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IAQrC;;;;;;;;;;OAUG;IACG,kBAAkB,CACpB,MAAM,EAAC,MAAM,EACb,MAAM,EAAC,MAAM,EACb,oBAAoB,EAAC,MAAM,GAC7B,OAAO,CAAC;QACN,MAAM,EAAC;YAAE,MAAM,EAAC,MAAM,CAAC;YAAC,MAAM,EAAC,MAAM,CAAA;SAAE,EAAE,CAAC;QAC1C,OAAO,EAAC,CAAC,OAAO,EAAC,cAAc,EAAE,KAAG,cAAc,CAAA;KACrD,CAAC;IAeI,WAAW,CAAE,IAAI,EAAC,UAAU,GAAE,OAAO,CAAC,UAAU,CAAC;IA2BjD,WAAW,CAAE,eAAe,EAAC,UAAU,GAAE,OAAO,CAAC,UAAU,CAAC;CAqBrE"}