@talismn/crypto 0.2.3 → 0.3.0

package/dist/declarations/src/encryption/encryptKemAead.d.ts

@@ -0,0 +1 @@
+export declare const encryptKemAead: (publicKey: Uint8Array, plaintext: Uint8Array) => Promise<Uint8Array<ArrayBufferLike>>;

package/dist/declarations/src/encryption/index.d.ts

@@ -0,0 +1 @@
+export * from "./encryptKemAead";

package/dist/declarations/src/index.d.ts

@@ -5,3 +5,4 @@ export * from "./address";
 export * from "./utils";
 export * from "./platform";
 export * from "./hashing";
+export * from "./encryption";

package/dist/talismn-crypto.cjs.dev.js

@@ -16,6 +16,9 @@ var bip32 = require('@scure/bip32');
 var hmac = require('@noble/hashes/hmac');
 var sha512 = require('@noble/hashes/sha512');
 var microSr25519 = require('micro-sr25519');
+var chacha_js = require('@noble/ciphers/chacha.js');
+var utils_js = require('@noble/ciphers/utils.js');
+var mlkem = require('mlkem');
 
 function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
 
@@ -700,6 +703,20 @@ const getAccountPlatformFromAddress = address => {
   return getAccountPlatformFromEncoding(encoding);
 };
 
+const encryptKemAead = async (publicKey, plaintext) => {
+  const kem = new mlkem.MlKem768();
+  const [kemCt, sharedSecret] = await kem.encap(publicKey);
+  if (sharedSecret.length !== 32) {
+    throw new Error(`Expected 32-byte shared secret, got ${sharedSecret.length}`);
+  }
+  const nonce = crypto.getRandomValues(new Uint8Array(24));
+  const aead = chacha_js.xchacha20poly1305(sharedSecret, nonce);
+  const aeadCt = aead.encrypt(plaintext);
+  const kemLen = new Uint8Array(2);
+  new DataView(kemLen.buffer).setUint16(0, kemCt.length, true);
+  return utils_js.concatBytes(kemLen, kemCt, nonce, aeadCt);
+};
+
 Object.defineProperty(exports, "base58", {
   enumerable: true,
   get: function () { return base.base58; }
@@ -736,6 +753,7 @@ exports.encodeAddressEthereum = encodeAddressEthereum;
 exports.encodeAddressSolana = encodeAddressSolana;
 exports.encodeAddressSs58 = encodeAddressSs58;
 exports.encodeAnyAddress = encodeAnyAddress;
+exports.encryptKemAead = encryptKemAead;
 exports.entropyToMnemonic = entropyToMnemonic;
 exports.entropyToSeed = entropyToSeed;
 exports.fromBase58Check = fromBase58Check;

package/dist/talismn-crypto.cjs.prod.js

@@ -16,6 +16,9 @@ var bip32 = require('@scure/bip32');
 var hmac = require('@noble/hashes/hmac');
 var sha512 = require('@noble/hashes/sha512');
 var microSr25519 = require('micro-sr25519');
+var chacha_js = require('@noble/ciphers/chacha.js');
+var utils_js = require('@noble/ciphers/utils.js');
+var mlkem = require('mlkem');
 
 function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
 
@@ -700,6 +703,20 @@ const getAccountPlatformFromAddress = address => {
   return getAccountPlatformFromEncoding(encoding);
 };
 
+const encryptKemAead = async (publicKey, plaintext) => {
+  const kem = new mlkem.MlKem768();
+  const [kemCt, sharedSecret] = await kem.encap(publicKey);
+  if (sharedSecret.length !== 32) {
+    throw new Error(`Expected 32-byte shared secret, got ${sharedSecret.length}`);
+  }
+  const nonce = crypto.getRandomValues(new Uint8Array(24));
+  const aead = chacha_js.xchacha20poly1305(sharedSecret, nonce);
+  const aeadCt = aead.encrypt(plaintext);
+  const kemLen = new Uint8Array(2);
+  new DataView(kemLen.buffer).setUint16(0, kemCt.length, true);
+  return utils_js.concatBytes(kemLen, kemCt, nonce, aeadCt);
+};
+
 Object.defineProperty(exports, "base58", {
   enumerable: true,
   get: function () { return base.base58; }
@@ -736,6 +753,7 @@ exports.encodeAddressEthereum = encodeAddressEthereum;
 exports.encodeAddressSolana = encodeAddressSolana;
 exports.encodeAddressSs58 = encodeAddressSs58;
 exports.encodeAnyAddress = encodeAnyAddress;
+exports.encryptKemAead = encryptKemAead;
 exports.entropyToMnemonic = entropyToMnemonic;
 exports.entropyToSeed = entropyToSeed;
 exports.fromBase58Check = fromBase58Check;

package/dist/talismn-crypto.esm.js

@@ -16,6 +16,9 @@ import { HDKey } from '@scure/bip32';
 import { hmac } from '@noble/hashes/hmac';
 import { sha512 } from '@noble/hashes/sha512';
 import { getPublicKey, HDKD, secretFromSeed } from 'micro-sr25519';
+import { xchacha20poly1305 } from '@noble/ciphers/chacha.js';
+import { concatBytes } from '@noble/ciphers/utils.js';
+import { MlKem768 } from 'mlkem';
 
 const pbkdf2 = async (hash, entropy, salt, iterations, outputLenBytes) => {
   // NOTE: react-native-quick-crypto (our `global.crypto` polyfill on Talisman Mobile) doesn't support `crypto.subtle.deriveKey`.
@@ -696,4 +699,18 @@ const getAccountPlatformFromAddress = address => {
   return getAccountPlatformFromEncoding(encoding);
 };
 
-export { DEV_MNEMONIC_ETHEREUM, DEV_MNEMONIC_POLKADOT, addressEncodingFromCurve, addressFromMnemonic, addressFromPublicKey, blake2b256, blake2b512, blake3, checksumEthereumAddress, decodeSs58Address, deriveKeypair, detectAddressEncoding, encodeAddressEthereum, encodeAddressSolana, encodeAddressSs58, encodeAnyAddress, entropyToMnemonic, entropyToSeed, fromBase58Check, fromBech32, fromBech32m, generateMnemonic, getAccountPlatformFromAddress, getAccountPlatformFromCurve, getAccountPlatformFromEncoding, getDevSeed, getPublicKeyFromSecret, getSafeHash, isAddressEqual, isAddressValid, isBase58CheckAddress, isBech32Address, isBech32mAddress, isBitcoinAddress, isEthereumAddress, isSolanaAddress, isSs58Address, isValidDerivationPath, isValidMnemonic, mnemonicToEntropy, normalizeAddress, parseSecretKey, pbkdf2, removeHexPrefix };
+const encryptKemAead = async (publicKey, plaintext) => {
+  const kem = new MlKem768();
+  const [kemCt, sharedSecret] = await kem.encap(publicKey);
+  if (sharedSecret.length !== 32) {
+    throw new Error(`Expected 32-byte shared secret, got ${sharedSecret.length}`);
+  }
+  const nonce = crypto.getRandomValues(new Uint8Array(24));
+  const aead = xchacha20poly1305(sharedSecret, nonce);
+  const aeadCt = aead.encrypt(plaintext);
+  const kemLen = new Uint8Array(2);
+  new DataView(kemLen.buffer).setUint16(0, kemCt.length, true);
+  return concatBytes(kemLen, kemCt, nonce, aeadCt);
+};
+
+export { DEV_MNEMONIC_ETHEREUM, DEV_MNEMONIC_POLKADOT, addressEncodingFromCurve, addressFromMnemonic, addressFromPublicKey, blake2b256, blake2b512, blake3, checksumEthereumAddress, decodeSs58Address, deriveKeypair, detectAddressEncoding, encodeAddressEthereum, encodeAddressSolana, encodeAddressSs58, encodeAnyAddress, encryptKemAead, entropyToMnemonic, entropyToSeed, fromBase58Check, fromBech32, fromBech32m, generateMnemonic, getAccountPlatformFromAddress, getAccountPlatformFromCurve, getAccountPlatformFromEncoding, getDevSeed, getPublicKeyFromSecret, getSafeHash, isAddressEqual, isAddressValid, isBase58CheckAddress, isBech32Address, isBech32mAddress, isBitcoinAddress, isEthereumAddress, isSolanaAddress, isSs58Address, isValidDerivationPath, isValidMnemonic, mnemonicToEntropy, normalizeAddress, parseSecretKey, pbkdf2, removeHexPrefix };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@talismn/crypto",
-  "version": "0.2.3",
+  "version": "0.3.0",
   "author": "Talisman",
   "homepage": "https://talisman.xyz",
   "license": "GPL-3.0-or-later",
@@ -21,6 +21,7 @@
     "node": ">=20"
   },
   "dependencies": {
+    "@noble/ciphers": "2.0.1",
     "@noble/curves": "1.9.2",
     "@noble/hashes": "1.8.0",
     "@scure/base": "1.2.6",
@@ -29,10 +30,12 @@
     "bech32": "2.0.0",
     "bs58check": "4.0.0",
     "micro-sr25519": "0.1.3",
+    "mlkem": "2.5.0",
     "scale-ts": "1.6.1"
   },
   "devDependencies": {
     "@types/jest": "^29.5.14",
+    "@swc/jest": "^0.2.36",
     "eslint": "^8.57.1",
     "jest": "^29.7.0",
     "ts-jest": "^29.2.5",