@sudp-protocol/authorizer 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -16,9 +16,10 @@ shapes, and the wrap-key derivation.
16
16
 
17
17
  ```
18
18
  @sudp-protocol/authorizer ← carrier-agnostic protocol primitives
19
- canonicalize, sha256, computeBinding,
19
+ canonicalize, sha256,
20
+ computeBinding, computeBatchBinding,
20
21
  deriveWrappingKey, wrapBindingAd, sealAd,
21
- aeadSeal, aeadOpen, base64url helpers,
22
+ aeadSeal, aeadOpen, aeadEncrypt, base64url helpers,
22
23
  DS_BIND / DS_WRAP / DS_SEAL constants
23
24
 
24
25
  @sudp-protocol/authorizer/webauthn ← WebAuthn-specific adapter
package/dist/binding.d.ts CHANGED
@@ -19,4 +19,18 @@ export declare const DS_BIND: Uint8Array<ArrayBufferLike>;
19
19
  * deployment.
20
20
  */
21
21
  export declare function computeBinding(domain: Uint8Array, r: Uint8Array, op: unknown): Promise<Uint8Array>;
22
+ /**
23
+ * Batch counterpart of {@link computeBinding}:
24
+ *
25
+ * β = SHA-256(domain ‖ r ‖ SHA-256(canonical(ops)))
26
+ *
27
+ * where `ops` is a JSON array of operations. Byte-aligned with the Rust
28
+ * crate's `compute_beta_from_canonical(domain, r, &BatchOperations(ops).canonical_bytes())`.
29
+ *
30
+ * Semantically identical to `computeBinding(domain, r, ops)` because the
31
+ * canonical encoder treats arrays uniformly, but named separately so the
32
+ * "batch" intent is explicit at the call site (and so a single conformance
33
+ * vector pins the batch shape independently).
34
+ */
35
+ export declare function computeBatchBinding(domain: Uint8Array, r: Uint8Array, ops: readonly unknown[]): Promise<Uint8Array>;
22
36
  //# sourceMappingURL=binding.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"binding.d.ts","sourceRoot":"","sources":["../src/binding.ts"],"names":[],"mappings":"AAIA;;;;;GAKG;AACH,eAAO,MAAM,OAAO,6BAAuB,CAAC;AAE5C;;;;;;;;;;;;GAYG;AACH,wBAAsB,cAAc,CAClC,MAAM,EAAE,UAAU,EAClB,CAAC,EAAE,UAAU,EACb,EAAE,EAAE,OAAO,GACV,OAAO,CAAC,UAAU,CAAC,CAGrB"}
1
+ {"version":3,"file":"binding.d.ts","sourceRoot":"","sources":["../src/binding.ts"],"names":[],"mappings":"AAIA;;;;;GAKG;AACH,eAAO,MAAM,OAAO,6BAAuB,CAAC;AAE5C;;;;;;;;;;;;GAYG;AACH,wBAAsB,cAAc,CAClC,MAAM,EAAE,UAAU,EAClB,CAAC,EAAE,UAAU,EACb,EAAE,EAAE,OAAO,GACV,OAAO,CAAC,UAAU,CAAC,CAGrB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,UAAU,EAClB,CAAC,EAAE,UAAU,EACb,GAAG,EAAE,SAAS,OAAO,EAAE,GACtB,OAAO,CAAC,UAAU,CAAC,CAErB"}
package/dist/binding.js CHANGED
@@ -25,4 +25,20 @@ export async function computeBinding(domain, r, op) {
25
25
  const opHash = await sha256(canonicalize(op));
26
26
  return sha256(concatBytes(domain, r, opHash));
27
27
  }
28
+ /**
29
+ * Batch counterpart of {@link computeBinding}:
30
+ *
31
+ * β = SHA-256(domain ‖ r ‖ SHA-256(canonical(ops)))
32
+ *
33
+ * where `ops` is a JSON array of operations. Byte-aligned with the Rust
34
+ * crate's `compute_beta_from_canonical(domain, r, &BatchOperations(ops).canonical_bytes())`.
35
+ *
36
+ * Semantically identical to `computeBinding(domain, r, ops)` because the
37
+ * canonical encoder treats arrays uniformly, but named separately so the
38
+ * "batch" intent is explicit at the call site (and so a single conformance
39
+ * vector pins the batch shape independently).
40
+ */
41
+ export async function computeBatchBinding(domain, r, ops) {
42
+ return computeBinding(domain, r, ops);
43
+ }
28
44
  //# sourceMappingURL=binding.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"binding.js","sourceRoot":"","sources":["../src/binding.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AAEnC;;;;;GAKG;AACH,MAAM,CAAC,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC;AAE5C;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,MAAkB,EAClB,CAAa,EACb,EAAW;IAEX,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC;IAC9C,OAAO,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;AAChD,CAAC"}
1
+ {"version":3,"file":"binding.js","sourceRoot":"","sources":["../src/binding.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AAEnC;;;;;GAKG;AACH,MAAM,CAAC,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC;AAE5C;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,MAAkB,EAClB,CAAa,EACb,EAAW;IAEX,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC;IAC9C,OAAO,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;AAChD,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,MAAkB,EAClB,CAAa,EACb,GAAuB;IAEvB,OAAO,cAAc,CAAC,MAAM,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;AACxC,CAAC"}
package/dist/index.d.ts CHANGED
@@ -13,7 +13,7 @@
13
13
  export { utf8, concatBytes, u16beBytes, bytesToB64Url, b64UrlToBytes, } from "./bytes.js";
14
14
  export { canonicalize } from "./canonical.js";
15
15
  export { sha256 } from "./hash.js";
16
- export { computeBinding, DS_BIND } from "./binding.js";
16
+ export { computeBatchBinding, computeBinding, DS_BIND } from "./binding.js";
17
17
  export { deriveWrappingKey } from "./kdf.js";
18
18
  export { wrapBindingAd, sealAd, DS_WRAP, DS_SEAL, WRAP_VERSION } from "./aad.js";
19
19
  export { aeadEncrypt, aeadSeal, aeadOpen } from "./aead.js";
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EACL,IAAI,EACJ,WAAW,EACX,UAAU,EACV,aAAa,EACb,aAAa,GACd,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AACnC,OAAO,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvD,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACjF,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EACL,IAAI,EACJ,WAAW,EACX,UAAU,EACV,aAAa,EACb,aAAa,GACd,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AACnC,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAC5E,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACjF,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC"}
package/dist/index.js CHANGED
@@ -13,7 +13,7 @@
13
13
  export { utf8, concatBytes, u16beBytes, bytesToB64Url, b64UrlToBytes, } from "./bytes.js";
14
14
  export { canonicalize } from "./canonical.js";
15
15
  export { sha256 } from "./hash.js";
16
- export { computeBinding, DS_BIND } from "./binding.js";
16
+ export { computeBatchBinding, computeBinding, DS_BIND } from "./binding.js";
17
17
  export { deriveWrappingKey } from "./kdf.js";
18
18
  export { wrapBindingAd, sealAd, DS_WRAP, DS_SEAL, WRAP_VERSION } from "./aad.js";
19
19
  export { aeadEncrypt, aeadSeal, aeadOpen } from "./aead.js";
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EACL,IAAI,EACJ,WAAW,EACX,UAAU,EACV,aAAa,EACb,aAAa,GACd,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AACnC,OAAO,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvD,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACjF,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EACL,IAAI,EACJ,WAAW,EACX,UAAU,EACV,aAAa,EACb,aAAa,GACd,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AACnC,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAC5E,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AACjF,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sudp-protocol/authorizer",
3
- "version": "0.1.0",
3
+ "version": "0.1.1",
4
4
  "description": "Authorizer-side primitives for SUDP (Secret-Use Delegation Protocol): canonical JSON, β computation, wrapping-key derivation, AEAD-as-wrap, plus a WebAuthn adapter under the ./webauthn subpath.",
5
5
  "license": "Apache-2.0",
6
6
  "author": "Miracle <xhyumiracle@gmail.com>",
package/src/binding.ts CHANGED
@@ -31,3 +31,24 @@ export async function computeBinding(
31
31
  const opHash = await sha256(canonicalize(op));
32
32
  return sha256(concatBytes(domain, r, opHash));
33
33
  }
34
+
35
+ /**
36
+ * Batch counterpart of {@link computeBinding}:
37
+ *
38
+ * β = SHA-256(domain ‖ r ‖ SHA-256(canonical(ops)))
39
+ *
40
+ * where `ops` is a JSON array of operations. Byte-aligned with the Rust
41
+ * crate's `compute_beta_from_canonical(domain, r, &BatchOperations(ops).canonical_bytes())`.
42
+ *
43
+ * Semantically identical to `computeBinding(domain, r, ops)` because the
44
+ * canonical encoder treats arrays uniformly, but named separately so the
45
+ * "batch" intent is explicit at the call site (and so a single conformance
46
+ * vector pins the batch shape independently).
47
+ */
48
+ export async function computeBatchBinding(
49
+ domain: Uint8Array,
50
+ r: Uint8Array,
51
+ ops: readonly unknown[],
52
+ ): Promise<Uint8Array> {
53
+ return computeBinding(domain, r, ops);
54
+ }
package/src/index.ts CHANGED
@@ -21,7 +21,7 @@ export {
21
21
 
22
22
  export { canonicalize } from "./canonical.js";
23
23
  export { sha256 } from "./hash.js";
24
- export { computeBinding, DS_BIND } from "./binding.js";
24
+ export { computeBatchBinding, computeBinding, DS_BIND } from "./binding.js";
25
25
  export { deriveWrappingKey } from "./kdf.js";
26
26
  export { wrapBindingAd, sealAd, DS_WRAP, DS_SEAL, WRAP_VERSION } from "./aad.js";
27
27
  export { aeadEncrypt, aeadSeal, aeadOpen } from "./aead.js";