@sudp-protocol/authorizer 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -2
- package/dist/binding.d.ts +14 -0
- package/dist/binding.d.ts.map +1 -1
- package/dist/binding.js +16 -0
- package/dist/binding.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
- package/src/binding.ts +21 -0
- package/src/index.ts +1 -1
package/README.md
CHANGED
|
@@ -16,9 +16,10 @@ shapes, and the wrap-key derivation.
|
|
|
16
16
|
|
|
17
17
|
```
|
|
18
18
|
@sudp-protocol/authorizer ← carrier-agnostic protocol primitives
|
|
19
|
-
canonicalize, sha256,
|
|
19
|
+
canonicalize, sha256,
|
|
20
|
+
computeBinding, computeBatchBinding,
|
|
20
21
|
deriveWrappingKey, wrapBindingAd, sealAd,
|
|
21
|
-
aeadSeal, aeadOpen, base64url helpers,
|
|
22
|
+
aeadSeal, aeadOpen, aeadEncrypt, base64url helpers,
|
|
22
23
|
DS_BIND / DS_WRAP / DS_SEAL constants
|
|
23
24
|
|
|
24
25
|
@sudp-protocol/authorizer/webauthn ← WebAuthn-specific adapter
|
package/dist/binding.d.ts
CHANGED
|
@@ -19,4 +19,18 @@ export declare const DS_BIND: Uint8Array<ArrayBufferLike>;
|
|
|
19
19
|
* deployment.
|
|
20
20
|
*/
|
|
21
21
|
export declare function computeBinding(domain: Uint8Array, r: Uint8Array, op: unknown): Promise<Uint8Array>;
|
|
22
|
+
/**
|
|
23
|
+
* Batch counterpart of {@link computeBinding}:
|
|
24
|
+
*
|
|
25
|
+
* β = SHA-256(domain ‖ r ‖ SHA-256(canonical(ops)))
|
|
26
|
+
*
|
|
27
|
+
* where `ops` is a JSON array of operations. Byte-aligned with the Rust
|
|
28
|
+
* crate's `compute_beta_from_canonical(domain, r, &BatchOperations(ops).canonical_bytes())`.
|
|
29
|
+
*
|
|
30
|
+
* Semantically identical to `computeBinding(domain, r, ops)` because the
|
|
31
|
+
* canonical encoder treats arrays uniformly, but named separately so the
|
|
32
|
+
* "batch" intent is explicit at the call site (and so a single conformance
|
|
33
|
+
* vector pins the batch shape independently).
|
|
34
|
+
*/
|
|
35
|
+
export declare function computeBatchBinding(domain: Uint8Array, r: Uint8Array, ops: readonly unknown[]): Promise<Uint8Array>;
|
|
22
36
|
//# sourceMappingURL=binding.d.ts.map
|
package/dist/binding.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"binding.d.ts","sourceRoot":"","sources":["../src/binding.ts"],"names":[],"mappings":"AAIA;;;;;GAKG;AACH,eAAO,MAAM,OAAO,6BAAuB,CAAC;AAE5C;;;;;;;;;;;;GAYG;AACH,wBAAsB,cAAc,CAClC,MAAM,EAAE,UAAU,EAClB,CAAC,EAAE,UAAU,EACb,EAAE,EAAE,OAAO,GACV,OAAO,CAAC,UAAU,CAAC,CAGrB"}
|
|
1
|
+
{"version":3,"file":"binding.d.ts","sourceRoot":"","sources":["../src/binding.ts"],"names":[],"mappings":"AAIA;;;;;GAKG;AACH,eAAO,MAAM,OAAO,6BAAuB,CAAC;AAE5C;;;;;;;;;;;;GAYG;AACH,wBAAsB,cAAc,CAClC,MAAM,EAAE,UAAU,EAClB,CAAC,EAAE,UAAU,EACb,EAAE,EAAE,OAAO,GACV,OAAO,CAAC,UAAU,CAAC,CAGrB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,UAAU,EAClB,CAAC,EAAE,UAAU,EACb,GAAG,EAAE,SAAS,OAAO,EAAE,GACtB,OAAO,CAAC,UAAU,CAAC,CAErB"}
|
package/dist/binding.js
CHANGED
|
@@ -25,4 +25,20 @@ export async function computeBinding(domain, r, op) {
|
|
|
25
25
|
const opHash = await sha256(canonicalize(op));
|
|
26
26
|
return sha256(concatBytes(domain, r, opHash));
|
|
27
27
|
}
|
|
28
|
+
/**
|
|
29
|
+
* Batch counterpart of {@link computeBinding}:
|
|
30
|
+
*
|
|
31
|
+
* β = SHA-256(domain ‖ r ‖ SHA-256(canonical(ops)))
|
|
32
|
+
*
|
|
33
|
+
* where `ops` is a JSON array of operations. Byte-aligned with the Rust
|
|
34
|
+
* crate's `compute_beta_from_canonical(domain, r, &BatchOperations(ops).canonical_bytes())`.
|
|
35
|
+
*
|
|
36
|
+
* Semantically identical to `computeBinding(domain, r, ops)` because the
|
|
37
|
+
* canonical encoder treats arrays uniformly, but named separately so the
|
|
38
|
+
* "batch" intent is explicit at the call site (and so a single conformance
|
|
39
|
+
* vector pins the batch shape independently).
|
|
40
|
+
*/
|
|
41
|
+
export async function computeBatchBinding(domain, r, ops) {
|
|
42
|
+
return computeBinding(domain, r, ops);
|
|
43
|
+
}
|
|
28
44
|
//# sourceMappingURL=binding.js.map
|
package/dist/binding.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"binding.js","sourceRoot":"","sources":["../src/binding.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AAEnC;;;;;GAKG;AACH,MAAM,CAAC,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC;AAE5C;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,MAAkB,EAClB,CAAa,EACb,EAAW;IAEX,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC;IAC9C,OAAO,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;AAChD,CAAC"}
|
|
1
|
+
{"version":3,"file":"binding.js","sourceRoot":"","sources":["../src/binding.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AAEnC;;;;;GAKG;AACH,MAAM,CAAC,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC;AAE5C;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,MAAkB,EAClB,CAAa,EACb,EAAW;IAEX,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC;IAC9C,OAAO,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;AAChD,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,MAAkB,EAClB,CAAa,EACb,GAAuB;IAEvB,OAAO,cAAc,CAAC,MAAM,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;AACxC,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -13,7 +13,7 @@
|
|
|
13
13
|
export { utf8, concatBytes, u16beBytes, bytesToB64Url, b64UrlToBytes, } from "./bytes.js";
|
|
14
14
|
export { canonicalize } from "./canonical.js";
|
|
15
15
|
export { sha256 } from "./hash.js";
|
|
16
|
-
export { computeBinding, DS_BIND } from "./binding.js";
|
|
16
|
+
export { computeBatchBinding, computeBinding, DS_BIND } from "./binding.js";
|
|
17
17
|
export { deriveWrappingKey } from "./kdf.js";
|
|
18
18
|
export { wrapBindingAd, sealAd, DS_WRAP, DS_SEAL, WRAP_VERSION } from "./aad.js";
|
|
19
19
|
export { aeadEncrypt, aeadSeal, aeadOpen } from "./aead.js";
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EACL,IAAI,EACJ,WAAW,EACX,UAAU,EACV,aAAa,EACb,aAAa,GACd,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AACnC,OAAO,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EACL,IAAI,EACJ,WAAW,EACX,UAAU,EACV,aAAa,EACb,aAAa,GACd,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AACnC,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAC5E,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACjF,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -13,7 +13,7 @@
|
|
|
13
13
|
export { utf8, concatBytes, u16beBytes, bytesToB64Url, b64UrlToBytes, } from "./bytes.js";
|
|
14
14
|
export { canonicalize } from "./canonical.js";
|
|
15
15
|
export { sha256 } from "./hash.js";
|
|
16
|
-
export { computeBinding, DS_BIND } from "./binding.js";
|
|
16
|
+
export { computeBatchBinding, computeBinding, DS_BIND } from "./binding.js";
|
|
17
17
|
export { deriveWrappingKey } from "./kdf.js";
|
|
18
18
|
export { wrapBindingAd, sealAd, DS_WRAP, DS_SEAL, WRAP_VERSION } from "./aad.js";
|
|
19
19
|
export { aeadEncrypt, aeadSeal, aeadOpen } from "./aead.js";
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EACL,IAAI,EACJ,WAAW,EACX,UAAU,EACV,aAAa,EACb,aAAa,GACd,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AACnC,OAAO,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EACL,IAAI,EACJ,WAAW,EACX,UAAU,EACV,aAAa,EACb,aAAa,GACd,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AACnC,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAC5E,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACjF,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sudp-protocol/authorizer",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.1",
|
|
4
4
|
"description": "Authorizer-side primitives for SUDP (Secret-Use Delegation Protocol): canonical JSON, β computation, wrapping-key derivation, AEAD-as-wrap, plus a WebAuthn adapter under the ./webauthn subpath.",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"author": "Miracle <xhyumiracle@gmail.com>",
|
package/src/binding.ts
CHANGED
|
@@ -31,3 +31,24 @@ export async function computeBinding(
|
|
|
31
31
|
const opHash = await sha256(canonicalize(op));
|
|
32
32
|
return sha256(concatBytes(domain, r, opHash));
|
|
33
33
|
}
|
|
34
|
+
|
|
35
|
+
/**
|
|
36
|
+
* Batch counterpart of {@link computeBinding}:
|
|
37
|
+
*
|
|
38
|
+
* β = SHA-256(domain ‖ r ‖ SHA-256(canonical(ops)))
|
|
39
|
+
*
|
|
40
|
+
* where `ops` is a JSON array of operations. Byte-aligned with the Rust
|
|
41
|
+
* crate's `compute_beta_from_canonical(domain, r, &BatchOperations(ops).canonical_bytes())`.
|
|
42
|
+
*
|
|
43
|
+
* Semantically identical to `computeBinding(domain, r, ops)` because the
|
|
44
|
+
* canonical encoder treats arrays uniformly, but named separately so the
|
|
45
|
+
* "batch" intent is explicit at the call site (and so a single conformance
|
|
46
|
+
* vector pins the batch shape independently).
|
|
47
|
+
*/
|
|
48
|
+
export async function computeBatchBinding(
|
|
49
|
+
domain: Uint8Array,
|
|
50
|
+
r: Uint8Array,
|
|
51
|
+
ops: readonly unknown[],
|
|
52
|
+
): Promise<Uint8Array> {
|
|
53
|
+
return computeBinding(domain, r, ops);
|
|
54
|
+
}
|
package/src/index.ts
CHANGED
|
@@ -21,7 +21,7 @@ export {
|
|
|
21
21
|
|
|
22
22
|
export { canonicalize } from "./canonical.js";
|
|
23
23
|
export { sha256 } from "./hash.js";
|
|
24
|
-
export { computeBinding, DS_BIND } from "./binding.js";
|
|
24
|
+
export { computeBatchBinding, computeBinding, DS_BIND } from "./binding.js";
|
|
25
25
|
export { deriveWrappingKey } from "./kdf.js";
|
|
26
26
|
export { wrapBindingAd, sealAd, DS_WRAP, DS_SEAL, WRAP_VERSION } from "./aad.js";
|
|
27
27
|
export { aeadEncrypt, aeadSeal, aeadOpen } from "./aead.js";
|