@tnid/encryption 0.0.4

package/esm/encryption.js

@@ -0,0 +1,194 @@
+/**
+ * TNID encryption using FF1 Format-Preserving Encryption.
+ *
+ * Provides functions to convert V0 (time-ordered) TNIDs to V1 (random-looking)
+ * TNIDs and vice versa, hiding timestamp information while remaining reversible.
+ */
+import { DynamicTnid } from "@tnid/core";
+import { parseUuidStringToValue, valueToTnidString, extractVariantFromValue, } from "@tnid/core/uuid";
+import { FF1 } from "./ff1.js";
+import { COMPLETE_SECRET_DATA_MASK, expandSecretDataBits, extractSecretDataBits, fromHexDigits, setVariant, toHexDigits, } from "./bits.js";
+/**
+ * Error when creating an EncryptionKey.
+ */
+export class EncryptionKeyError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "EncryptionKeyError";
+    }
+}
+/**
+ * Error when encrypting or decrypting a TNID.
+ */
+export class EncryptionError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "EncryptionError";
+    }
+}
+/**
+ * A 128-bit (16 byte) encryption key for TNID encryption.
+ */
+export class EncryptionKey {
+    constructor(bytes) {
+        Object.defineProperty(this, "bytes", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        this.bytes = bytes;
+    }
+    /**
+     * Creates a new encryption key from raw bytes.
+     */
+    static fromBytes(bytes) {
+        if (bytes.length !== 16) {
+            throw new EncryptionKeyError(`Encryption key must be 16 bytes, got ${bytes.length}`);
+        }
+        return new EncryptionKey(new Uint8Array(bytes));
+    }
+    /**
+     * Creates an encryption key from a 32-character hex string.
+     */
+    static fromHex(hex) {
+        if (hex.length !== 32) {
+            throw new EncryptionKeyError(`Encryption key hex string must be 32 characters, got ${hex.length}`);
+        }
+        const bytes = new Uint8Array(16);
+        for (let i = 0; i < 16; i++) {
+            const hexByte = hex.slice(i * 2, i * 2 + 2);
+            const value = parseInt(hexByte, 16);
+            if (isNaN(value)) {
+                throw new EncryptionKeyError(`Invalid hex character at position ${i * 2}`);
+            }
+            bytes[i] = value;
+        }
+        return new EncryptionKey(bytes);
+    }
+    /**
+     * Returns the key as a byte array.
+     */
+    asBytes() {
+        return new Uint8Array(this.bytes);
+    }
+}
+/**
+ * Convert TNID string to 128-bit value.
+ */
+function tnidToValue(tnid) {
+    // Use @tnid/core to convert to UUID, then parse UUID to value
+    const parsed = DynamicTnid.parse(tnid);
+    const uuid = DynamicTnid.toUuidString(parsed);
+    return parseUuidStringToValue(uuid);
+}
+/**
+ * Convert 128-bit value back to TNID string.
+ */
+function valueToTnid(value) {
+    return valueToTnidString(value);
+}
+/**
+ * Encrypts the 100-bit Payload using FF1.
+ */
+async function encryptPayload(payload, key) {
+    // Mask to 100 bits
+    const mask = (1n << 100n) - 1n;
+    const data = payload & mask;
+    // Convert to hex digits
+    const hexDigits = toHexDigits(data);
+    // Create FF1 cipher with radix 16
+    const ff1 = new FF1(key.asBytes(), 16);
+    // Encrypt with empty tweak
+    const encrypted = await ff1.encrypt(new Uint8Array(0), hexDigits);
+    // Convert back to bigint
+    return fromHexDigits(encrypted);
+}
+/**
+ * Decrypts the 100-bit Payload using FF1.
+ */
+async function decryptPayload(payload, key) {
+    // Mask to 100 bits
+    const mask = (1n << 100n) - 1n;
+    const data = payload & mask;
+    // Convert to hex digits
+    const hexDigits = toHexDigits(data);
+    // Create FF1 cipher with radix 16
+    const ff1 = new FF1(key.asBytes(), 16);
+    // Decrypt with empty tweak
+    const decrypted = await ff1.decrypt(new Uint8Array(0), hexDigits);
+    // Convert back to bigint
+    return fromHexDigits(decrypted);
+}
+/**
+ * Encrypts a V0 TNID to V1, hiding timestamp information.
+ *
+ * @param tnid The V0 TNID string to encrypt
+ * @param key The encryption key
+ * @returns The encrypted V1 TNID string
+ * @throws EncryptionError if the TNID is not V0 or is invalid
+ */
+export async function encryptV0ToV1(tnid, key) {
+    let value;
+    try {
+        value = tnidToValue(tnid);
+    }
+    catch (e) {
+        throw new EncryptionError(`Invalid TNID: ${e.message}`);
+    }
+    const variant = extractVariantFromValue(value);
+    if (variant === "v1") {
+        // Already V1, return unchanged
+        return tnid;
+    }
+    if (variant !== "v0") {
+        throw new EncryptionError(`TNID variant ${variant} is not supported for encryption`);
+    }
+    // Extract the 100 Payload bits
+    const secretData = extractSecretDataBits(value);
+    // Encrypt the Payload
+    const encryptedData = await encryptPayload(secretData, key);
+    // Expand back to proper bit positions
+    const expanded = expandSecretDataBits(encryptedData);
+    // Preserve Name bits and UUID-specific bits, replace Payload bits
+    let result = (value & ~COMPLETE_SECRET_DATA_MASK) | expanded;
+    // Change variant from V0 to V1
+    result = setVariant(result, "v1");
+    return valueToTnid(result);
+}
+/**
+ * Decrypts a V1 TNID back to V0, recovering timestamp information.
+ *
+ * @param tnid The V1 TNID string to decrypt
+ * @param key The encryption key (must match the one used for encryption)
+ * @returns The decrypted V0 TNID string
+ * @throws EncryptionError if the TNID is not V1 or is invalid
+ */
+export async function decryptV1ToV0(tnid, key) {
+    let value;
+    try {
+        value = tnidToValue(tnid);
+    }
+    catch (e) {
+        throw new EncryptionError(`Invalid TNID: ${e.message}`);
+    }
+    const variant = extractVariantFromValue(value);
+    if (variant === "v0") {
+        // Already V0, return unchanged
+        return tnid;
+    }
+    if (variant !== "v1") {
+        throw new EncryptionError(`TNID variant ${variant} is not supported for decryption`);
+    }
+    // Extract the 100 Payload bits
+    const encryptedData = extractSecretDataBits(value);
+    // Decrypt the Payload
+    const decryptedData = await decryptPayload(encryptedData, key);
+    // Expand back to proper bit positions
+    const expanded = expandSecretDataBits(decryptedData);
+    // Preserve Name bits and UUID-specific bits, replace Payload bits
+    let result = (value & ~COMPLETE_SECRET_DATA_MASK) | expanded;
+    // Change variant from V1 to V0
+    result = setVariant(result, "v0");
+    return valueToTnid(result);
+}

package/esm/ff1.d.ts

@@ -0,0 +1,45 @@
+/**
+ * FF1 Format-Preserving Encryption (NIST SP 800-38G).
+ *
+ * This implementation uses AES-128 as the underlying cipher.
+ * FF1 is a Feistel cipher that encrypts strings of numerals
+ * while preserving their format (length and radix).
+ */
+/**
+ * FF1 Format-Preserving Encryption cipher.
+ *
+ * Encrypts/decrypts a string of numerals (digits in base `radix`)
+ * while preserving the format.
+ */
+export declare class FF1 {
+    private aes;
+    private radix;
+    /**
+     * Create an FF1 cipher with the given key and radix.
+     *
+     * @param key 16-byte AES key
+     * @param radix Base of the numeral system (2-65536)
+     */
+    constructor(key: Uint8Array, radix: number);
+    /**
+     * FF1 encryption.
+     *
+     * @param tweak Additional data (can be empty)
+     * @param plaintext Array of numerals (each in range [0, radix))
+     * @returns Encrypted numeral array of same length
+     */
+    encrypt(tweak: Uint8Array, plaintext: number[]): Promise<number[]>;
+    /**
+     * FF1 decryption.
+     *
+     * @param tweak Additional data (must match encryption)
+     * @param ciphertext Array of numerals
+     * @returns Decrypted numeral array
+     */
+    decrypt(tweak: Uint8Array, ciphertext: number[]): Promise<number[]>;
+    /**
+     * Core FF1 Feistel cipher (10 rounds).
+     */
+    private cipher;
+}
+//# sourceMappingURL=ff1.d.ts.map

package/esm/ff1.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ff1.d.ts","sourceRoot":"","sources":["../src/ff1.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AA+EH;;;;;GAKG;AACH,qBAAa,GAAG;IACd,OAAO,CAAC,GAAG,CAAS;IACpB,OAAO,CAAC,KAAK,CAAS;IAEtB;;;;;OAKG;gBACS,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM;IAQ1C;;;;;;OAMG;IACH,OAAO,CAAC,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAIlE;;;;;;OAMG;IACH,OAAO,CAAC,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAInE;;OAEG;YACW,MAAM;CAsIrB"}

package/esm/ff1.js

@@ -0,0 +1,240 @@
+/**
+ * FF1 Format-Preserving Encryption (NIST SP 800-38G).
+ *
+ * This implementation uses AES-128 as the underlying cipher.
+ * FF1 is a Feistel cipher that encrypts strings of numerals
+ * while preserving their format (length and radix).
+ */
+import { Aes128 } from "./aes.js";
+/**
+ * Ceiling division: ceil(a / b)
+ */
+function ceilDiv(a, b) {
+    return Math.ceil(a / b);
+}
+/**
+ * Convert a number array (base radix) to a bigint.
+ * Most significant digit first.
+ */
+function numArrayToBigInt(arr, radix) {
+    let result = 0n;
+    const radixBig = BigInt(radix);
+    for (const digit of arr) {
+        result = result * radixBig + BigInt(digit);
+    }
+    return result;
+}
+/**
+ * Convert a bigint to a number array (base radix) with specified length.
+ * Most significant digit first. Pads with zeros if needed.
+ */
+function bigIntToNumArray(value, radix, length) {
+    const result = new Array(length).fill(0);
+    const radixBig = BigInt(radix);
+    let v = value;
+    for (let i = length - 1; i >= 0 && v > 0n; i--) {
+        result[i] = Number(v % radixBig);
+        v = v / radixBig;
+    }
+    return result;
+}
+/**
+ * Convert bigint to big-endian byte array with specified length.
+ */
+function bigIntToBytes(value, length) {
+    const bytes = new Uint8Array(length);
+    let v = value;
+    for (let i = length - 1; i >= 0 && v > 0n; i--) {
+        bytes[i] = Number(v & 0xffn);
+        v >>= 8n;
+    }
+    return bytes;
+}
+/**
+ * Convert byte array to bigint (big-endian).
+ */
+function bytesToBigInt(bytes) {
+    let result = 0n;
+    for (const byte of bytes) {
+        result = (result << 8n) | BigInt(byte);
+    }
+    return result;
+}
+/**
+ * Concatenate multiple Uint8Arrays.
+ */
+function concat(...arrays) {
+    const totalLength = arrays.reduce((sum, arr) => sum + arr.length, 0);
+    const result = new Uint8Array(totalLength);
+    let offset = 0;
+    for (const arr of arrays) {
+        result.set(arr, offset);
+        offset += arr.length;
+    }
+    return result;
+}
+/**
+ * FF1 Format-Preserving Encryption cipher.
+ *
+ * Encrypts/decrypts a string of numerals (digits in base `radix`)
+ * while preserving the format.
+ */
+export class FF1 {
+    /**
+     * Create an FF1 cipher with the given key and radix.
+     *
+     * @param key 16-byte AES key
+     * @param radix Base of the numeral system (2-65536)
+     */
+    constructor(key, radix) {
+        Object.defineProperty(this, "aes", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        Object.defineProperty(this, "radix", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        if (radix < 2 || radix > 65536) {
+            throw new Error(`Radix must be in range [2, 65536], got ${radix}`);
+        }
+        this.aes = new Aes128(key);
+        this.radix = radix;
+    }
+    /**
+     * FF1 encryption.
+     *
+     * @param tweak Additional data (can be empty)
+     * @param plaintext Array of numerals (each in range [0, radix))
+     * @returns Encrypted numeral array of same length
+     */
+    encrypt(tweak, plaintext) {
+        return this.cipher(tweak, plaintext, true);
+    }
+    /**
+     * FF1 decryption.
+     *
+     * @param tweak Additional data (must match encryption)
+     * @param ciphertext Array of numerals
+     * @returns Decrypted numeral array
+     */
+    decrypt(tweak, ciphertext) {
+        return this.cipher(tweak, ciphertext, false);
+    }
+    /**
+     * Core FF1 Feistel cipher (10 rounds).
+     */
+    async cipher(tweak, input, encrypting) {
+        const n = input.length;
+        const t = tweak.length;
+        const radix = this.radix;
+        // Split into two halves
+        const u = Math.floor(n / 2);
+        const v = n - u;
+        // A gets first u elements, B gets last v elements
+        let A = input.slice(0, u);
+        let B = input.slice(u);
+        // Precompute constants per spec
+        // b = ceil(ceil(v * log2(radix)) / 8) - number of bytes to represent NUM_radix(B)
+        const b = Math.ceil(Math.ceil(v * Math.log2(radix)) / 8);
+        // d = 4 * ceil(b/4) + 4 - length of S (multiple of 4, at least 4 more than b)
+        const d = 4 * ceilDiv(b, 4) + 4;
+        // P = [1, 2, 1, radix (3 bytes), 10, u mod 256, n (4 bytes), t (4 bytes)]
+        const P = new Uint8Array(16);
+        P[0] = 1;
+        P[1] = 2;
+        P[2] = 1;
+        // radix as 3 bytes (big-endian, upper 8 bits then lower 16 bits)
+        P[3] = (radix >> 16) & 0xff;
+        P[4] = (radix >> 8) & 0xff;
+        P[5] = radix & 0xff;
+        P[6] = 10; // Number of rounds
+        P[7] = u & 0xff;
+        // n as 4 bytes big-endian
+        P[8] = (n >> 24) & 0xff;
+        P[9] = (n >> 16) & 0xff;
+        P[10] = (n >> 8) & 0xff;
+        P[11] = n & 0xff;
+        // t as 4 bytes big-endian
+        P[12] = (t >> 24) & 0xff;
+        P[13] = (t >> 16) & 0xff;
+        P[14] = (t >> 8) & 0xff;
+        P[15] = t & 0xff;
+        // 10 Feistel rounds
+        const rounds = encrypting ? [0, 1, 2, 3, 4, 5, 6, 7, 8, 9] : [9, 8, 7, 6, 5, 4, 3, 2, 1, 0];
+        for (const i of rounds) {
+            // Determine m based on round parity
+            const m = (i % 2 === 0) ? u : v;
+            // Build Q: tweak || zeros || round || numB
+            // Q length must be multiple of 16
+            const numB = numArrayToBigInt(encrypting ? B : A, radix);
+            const numBBytes = bigIntToBytes(numB, b);
+            // Q = tweak || 0^(-t-b-1 mod 16) || i || [NUM_radix(B)]
+            const padLen = (16 - ((t + b + 1) % 16)) % 16;
+            const Q = concat(tweak, new Uint8Array(padLen), new Uint8Array([i]), numBBytes);
+            // R = PRF(P || Q)
+            // PRF uses AES-CBC-MAC over (P || Q) with blocks of 16 bytes
+            const pq = concat(P, Q);
+            const numBlocks = pq.length / 16;
+            const blocks = [];
+            for (let j = 0; j < numBlocks; j++) {
+                blocks.push(pq.slice(j * 16, (j + 1) * 16));
+            }
+            const R = await this.aes.cbcMac(blocks);
+            // S = first d bytes of R || CIPH(R ⊕ [1]) || CIPH(R ⊕ [2]) || ...
+            const S = new Uint8Array(d);
+            const rCopyLen = Math.min(16, d);
+            S.set(R.slice(0, rCopyLen), 0);
+            let sOffset = rCopyLen;
+            let counter = 1;
+            while (sOffset < d) {
+                // R XOR counter (counter as 16-byte big-endian)
+                const counterBlock = new Uint8Array(16);
+                counterBlock[15] = counter & 0xff;
+                counterBlock[14] = (counter >> 8) & 0xff;
+                counterBlock[13] = (counter >> 16) & 0xff;
+                counterBlock[12] = (counter >> 24) & 0xff;
+                const xored = new Uint8Array(16);
+                for (let k = 0; k < 16; k++) {
+                    xored[k] = R[k] ^ counterBlock[k];
+                }
+                const block = await this.aes.encryptBlock(xored);
+                const copyLen = Math.min(16, d - sOffset);
+                S.set(block.slice(0, copyLen), sOffset);
+                sOffset += copyLen;
+                counter++;
+            }
+            // y = NUM(S) - interpret S as big-endian number
+            const y = bytesToBigInt(S);
+            // c = (NUM_radix(A/B) + y) mod radix^m (encrypt)
+            // c = (NUM_radix(A/B) - y) mod radix^m (decrypt)
+            const radixPowM = BigInt(radix) ** BigInt(m);
+            const numSrc = numArrayToBigInt(encrypting ? A : B, radix);
+            let c;
+            if (encrypting) {
+                c = (numSrc + y) % radixPowM;
+            }
+            else {
+                // For modular subtraction, add radixPowM to handle negative
+                c = ((numSrc - y) % radixPowM + radixPowM) % radixPowM;
+            }
+            // C = STR_m_radix(c)
+            const C = bigIntToNumArray(c, radix, m);
+            // Swap: A = B, B = C (encrypt) or B = A, A = C (decrypt)
+            if (encrypting) {
+                A = B;
+                B = C;
+            }
+            else {
+                B = A;
+                A = C;
+            }
+        }
+        // Return A || B
+        return [...A, ...B];
+    }
+}

package/esm/index.d.ts

@@ -0,0 +1,27 @@
+/**
+ * @tnid/encryption - Format-preserving encryption for TNIDs
+ *
+ * Provides FF1 (NIST SP 800-38G) encryption to convert time-ordered V0 TNIDs
+ * to random-looking V1 TNIDs, hiding timestamp information while remaining
+ * reversible with the secret key.
+ *
+ * @example
+ * ```typescript
+ * import { EncryptionKey, encryptV0ToV1, decryptV1ToV0 } from "@tnid/encryption";
+ *
+ * // Create a key from hex string
+ * const key = EncryptionKey.fromHex("0102030405060708090a0b0c0d0e0f10");
+ *
+ * // Encrypt a V0 TNID to V1
+ * const encrypted = await encryptV0ToV1("user.Br2flcNDfF6LYICnT", key);
+ * // Returns a V1 TNID that looks random
+ *
+ * // Decrypt back to V0
+ * const decrypted = await decryptV1ToV0(encrypted, key);
+ * // decrypted === "user.Br2flcNDfF6LYICnT"
+ * ```
+ *
+ * @module
+ */
+export { EncryptionKey, EncryptionKeyError, EncryptionError, encryptV0ToV1, decryptV1ToV0, } from "./encryption.js";
+//# sourceMappingURL=index.d.ts.map

package/esm/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,EACL,aAAa,EACb,kBAAkB,EAClB,eAAe,EACf,aAAa,EACb,aAAa,GACd,MAAM,iBAAiB,CAAC"}

package/esm/index.js

@@ -0,0 +1,26 @@
+/**
+ * @tnid/encryption - Format-preserving encryption for TNIDs
+ *
+ * Provides FF1 (NIST SP 800-38G) encryption to convert time-ordered V0 TNIDs
+ * to random-looking V1 TNIDs, hiding timestamp information while remaining
+ * reversible with the secret key.
+ *
+ * @example
+ * ```typescript
+ * import { EncryptionKey, encryptV0ToV1, decryptV1ToV0 } from "@tnid/encryption";
+ *
+ * // Create a key from hex string
+ * const key = EncryptionKey.fromHex("0102030405060708090a0b0c0d0e0f10");
+ *
+ * // Encrypt a V0 TNID to V1
+ * const encrypted = await encryptV0ToV1("user.Br2flcNDfF6LYICnT", key);
+ * // Returns a V1 TNID that looks random
+ *
+ * // Decrypt back to V0
+ * const decrypted = await decryptV1ToV0(encrypted, key);
+ * // decrypted === "user.Br2flcNDfF6LYICnT"
+ * ```
+ *
+ * @module
+ */
+export { EncryptionKey, EncryptionKeyError, EncryptionError, encryptV0ToV1, decryptV1ToV0, } from "./encryption.js";

package/esm/package.json

@@ -0,0 +1,3 @@
+{
+  "type": "module"
+}

package/package.json

@@ -0,0 +1,40 @@
+{
+  "name": "@tnid/encryption",
+  "version": "0.0.4",
+  "description": "Format-preserving encryption for TNIDs - convert time-ordered IDs to random-looking IDs",
+  "keywords": [
+    "uuid",
+    "id",
+    "identifier",
+    "tnid",
+    "typed",
+    "type-safe"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/tnid/tnid-typescript.git"
+  },
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/tnid/tnid-typescript/issues"
+  },
+  "main": "./script/index.js",
+  "module": "./esm/index.js",
+  "exports": {
+    ".": {
+      "import": "./esm/index.js",
+      "require": "./script/index.js"
+    }
+  },
+  "scripts": {},
+  "publishConfig": {
+    "access": "public"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "dependencies": {
+    "@tnid/core": "^0.0.4"
+  },
+  "_generatedBy": "dnt@dev"
+}

package/script/_dnt.shims.d.ts

@@ -0,0 +1,2 @@
+export declare const dntGlobalThis: Omit<typeof globalThis, never>;
+//# sourceMappingURL=_dnt.shims.d.ts.map

package/script/_dnt.shims.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"_dnt.shims.d.ts","sourceRoot":"","sources":["../src/_dnt.shims.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,aAAa,gCAA2C,CAAC"}

package/script/_dnt.shims.js

@@ -0,0 +1,60 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.dntGlobalThis = void 0;
+const dntGlobals = {};
+exports.dntGlobalThis = createMergeProxy(globalThis, dntGlobals);
+function createMergeProxy(baseObj, extObj) {
+    return new Proxy(baseObj, {
+        get(_target, prop, _receiver) {
+            if (prop in extObj) {
+                return extObj[prop];
+            }
+            else {
+                return baseObj[prop];
+            }
+        },
+        set(_target, prop, value) {
+            if (prop in extObj) {
+                delete extObj[prop];
+            }
+            baseObj[prop] = value;
+            return true;
+        },
+        deleteProperty(_target, prop) {
+            let success = false;
+            if (prop in extObj) {
+                delete extObj[prop];
+                success = true;
+            }
+            if (prop in baseObj) {
+                delete baseObj[prop];
+                success = true;
+            }
+            return success;
+        },
+        ownKeys(_target) {
+            const baseKeys = Reflect.ownKeys(baseObj);
+            const extKeys = Reflect.ownKeys(extObj);
+            const extKeysSet = new Set(extKeys);
+            return [...baseKeys.filter((k) => !extKeysSet.has(k)), ...extKeys];
+        },
+        defineProperty(_target, prop, desc) {
+            if (prop in extObj) {
+                delete extObj[prop];
+            }
+            Reflect.defineProperty(baseObj, prop, desc);
+            return true;
+        },
+        getOwnPropertyDescriptor(_target, prop) {
+            if (prop in extObj) {
+                return Reflect.getOwnPropertyDescriptor(extObj, prop);
+            }
+            else {
+                return Reflect.getOwnPropertyDescriptor(baseObj, prop);
+            }
+        },
+        has(_target, prop) {
+            return prop in extObj || prop in baseObj;
+        },
+    });
+}

package/script/aes.d.ts

@@ -0,0 +1,25 @@
+/**
+ * AES-128 block cipher wrapper using Web Crypto API.
+ *
+ * FF1 requires raw AES block cipher (AES-ECB), which Web Crypto doesn't expose.
+ * We simulate AES-ECB using AES-CBC with a zero IV for single-block operations.
+ */
+/**
+ * AES-128 block cipher for FF1.
+ * Caches the imported CryptoKey for efficiency.
+ */
+export declare class Aes128 {
+    private keyPromise;
+    constructor(keyBytes: Uint8Array);
+    /**
+     * Encrypts a single 16-byte block using AES-128.
+     * Uses AES-CBC with zero IV, which is equivalent to AES-ECB for single blocks.
+     */
+    encryptBlock(block: Uint8Array): Promise<Uint8Array>;
+    /**
+     * AES-CBC-MAC: Chain multiple blocks using CBC mode.
+     * Returns the final encrypted block (the MAC).
+     */
+    cbcMac(blocks: Uint8Array[]): Promise<Uint8Array>;
+}
+//# sourceMappingURL=aes.d.ts.map

package/script/aes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"aes.d.ts","sourceRoot":"","sources":["../src/aes.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAeH;;;GAGG;AACH,qBAAa,MAAM;IACjB,OAAO,CAAC,UAAU,CAAqB;gBAE3B,QAAQ,EAAE,UAAU;IAchC;;;OAGG;IACG,YAAY,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IAmB1D;;;OAGG;IACG,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC,UAAU,CAAC;CAgBxD"}