@tnid/encryption 0.0.4

package/script/aes.js

@@ -0,0 +1,99 @@
+"use strict";
+/**
+ * AES-128 block cipher wrapper using Web Crypto API.
+ *
+ * FF1 requires raw AES block cipher (AES-ECB), which Web Crypto doesn't expose.
+ * We simulate AES-ECB using AES-CBC with a zero IV for single-block operations.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Aes128 = void 0;
+// Web Crypto API accessor (same pattern as @tnid/core)
+// deno-lint-ignore no-explicit-any
+const dntShim = __importStar(require("./_dnt.shims.js"));
+const crypto = dntShim.dntGlobalThis.crypto;
+/**
+ * AES-128 block cipher for FF1.
+ * Caches the imported CryptoKey for efficiency.
+ */
+class Aes128 {
+    constructor(keyBytes) {
+        Object.defineProperty(this, "keyPromise", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        if (keyBytes.length !== 16) {
+            throw new Error(`AES-128 key must be 16 bytes, got ${keyBytes.length}`);
+        }
+        // Import key once and cache the promise
+        this.keyPromise = crypto.subtle.importKey("raw", keyBytes, { name: "AES-CBC" }, false, ["encrypt"]);
+    }
+    /**
+     * Encrypts a single 16-byte block using AES-128.
+     * Uses AES-CBC with zero IV, which is equivalent to AES-ECB for single blocks.
+     */
+    async encryptBlock(block) {
+        if (block.length !== 16) {
+            throw new Error(`AES block must be 16 bytes, got ${block.length}`);
+        }
+        const key = await this.keyPromise;
+        const iv = new Uint8Array(16); // Zero IV
+        // AES-CBC with zero IV for single block = AES-ECB
+        const result = await crypto.subtle.encrypt({ name: "AES-CBC", iv }, key, block);
+        // Result includes padding; we only need the first 16 bytes
+        return new Uint8Array(result, 0, 16);
+    }
+    /**
+     * AES-CBC-MAC: Chain multiple blocks using CBC mode.
+     * Returns the final encrypted block (the MAC).
+     */
+    async cbcMac(blocks) {
+        let state = new Uint8Array(16); // Start with zero block
+        for (const block of blocks) {
+            // XOR state with block
+            const xored = new Uint8Array(16);
+            for (let i = 0; i < 16; i++) {
+                xored[i] = state[i] ^ block[i];
+            }
+            // Encrypt and copy to new array to satisfy TypeScript
+            const encrypted = await this.encryptBlock(xored);
+            state = new Uint8Array(encrypted);
+        }
+        return state;
+    }
+}
+exports.Aes128 = Aes128;

package/script/bits.d.ts

@@ -0,0 +1,45 @@
+/**
+ * Bit manipulation for TNID encryption.
+ *
+ * These functions extract and expand the 100 Payload bits that are
+ * encrypted/decrypted, matching the Rust implementation exactly.
+ */
+export declare const RIGHT_SECRET_DATA_SECTION_MASK = 1152921504606846975n;
+export declare const MIDDLE_SECRET_DATA_SECTION_MASK = 75539416981840613867520n;
+export declare const LEFT_SECRET_DATA_SECTION_MASK = 324518552449500907168526845870080n;
+export declare const COMPLETE_SECRET_DATA_MASK: bigint;
+export declare const SECRET_DATA_BIT_NUM = 100;
+export declare const HEX_DIGIT_COUNT = 25;
+/**
+ * Extracts Payload bits (excludes Name bits, UUID-specific bits, and TNID Variant bits).
+ *
+ * Compacts the Payload bits from the three sections into a single 100-bit value.
+ * The returned bigint will have its lowest 100 bits populated with data,
+ * and the highest bits set to zero.
+ */
+export declare function extractSecretDataBits(id: bigint): bigint;
+/**
+ * Expands compacted Payload bits back into their positions.
+ *
+ * This is the inverse of extractSecretDataBits.
+ * `bits` should have its lowest 100 bits populated with Payload data.
+ */
+export declare function expandSecretDataBits(bits: bigint): bigint;
+/**
+ * Convert 100-bit value to 25 hex digits (each 0-15).
+ * Most significant digit first.
+ */
+export declare function toHexDigits(data: bigint): number[];
+/**
+ * Convert 25 hex digits back to 100-bit value.
+ */
+export declare function fromHexDigits(digits: number[]): bigint;
+/**
+ * Get the TNID variant from a 128-bit ID value.
+ */
+export declare function getVariant(id: bigint): "v0" | "v1" | "v2" | "v3";
+/**
+ * Change the variant bits in a 128-bit ID.
+ */
+export declare function setVariant(id: bigint, variant: "v0" | "v1"): bigint;
+//# sourceMappingURL=bits.d.ts.map

package/script/bits.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bits.d.ts","sourceRoot":"","sources":["../src/bits.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,eAAO,MAAM,8BAA8B,uBAA0C,CAAC;AAGtF,eAAO,MAAM,+BAA+B,2BAA0C,CAAC;AAGvF,eAAO,MAAM,6BAA6B,qCAA0C,CAAC;AAGrF,eAAO,MAAM,yBAAyB,QAGP,CAAC;AAGhC,eAAO,MAAM,mBAAmB,MAAM,CAAC;AAGvC,eAAO,MAAM,eAAe,KAAK,CAAC;AAElC;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAaxD;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAezD;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,CAOlD;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAMtD;AAOD;;GAEG;AACH,wBAAgB,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,CAchE;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,GAAG,IAAI,GAAG,MAAM,CAInE"}

package/script/bits.js

@@ -0,0 +1,118 @@
+"use strict";
+/**
+ * Bit manipulation for TNID encryption.
+ *
+ * These functions extract and expand the 100 Payload bits that are
+ * encrypted/decrypted, matching the Rust implementation exactly.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HEX_DIGIT_COUNT = exports.SECRET_DATA_BIT_NUM = exports.COMPLETE_SECRET_DATA_MASK = exports.LEFT_SECRET_DATA_SECTION_MASK = exports.MIDDLE_SECRET_DATA_SECTION_MASK = exports.RIGHT_SECRET_DATA_SECTION_MASK = void 0;
+exports.extractSecretDataBits = extractSecretDataBits;
+exports.expandSecretDataBits = expandSecretDataBits;
+exports.toHexDigits = toHexDigits;
+exports.fromHexDigits = fromHexDigits;
+exports.getVariant = getVariant;
+exports.setVariant = setVariant;
+// Mask for the right-most Payload bits section (bits 0-51, 52 bits)
+exports.RIGHT_SECRET_DATA_SECTION_MASK = 0x00000000000000000fffffffffffffffn;
+// Mask for the middle Payload bits section (bits 64-75, 12 bits)
+exports.MIDDLE_SECRET_DATA_SECTION_MASK = 0x0000000000000fff0000000000000000n;
+// Mask for the left-most Payload bits section (bits 80-107, 28 bits)
+exports.LEFT_SECRET_DATA_SECTION_MASK = 0x00000fffffff00000000000000000000n;
+// Complete mask for all Payload bits (100 bits)
+exports.COMPLETE_SECRET_DATA_MASK = exports.RIGHT_SECRET_DATA_SECTION_MASK |
+    exports.MIDDLE_SECRET_DATA_SECTION_MASK |
+    exports.LEFT_SECRET_DATA_SECTION_MASK;
+// Number of Payload bits
+exports.SECRET_DATA_BIT_NUM = 100;
+// Number of hex digits for FF1 (100 bits / 4 bits per hex digit)
+exports.HEX_DIGIT_COUNT = 25;
+/**
+ * Extracts Payload bits (excludes Name bits, UUID-specific bits, and TNID Variant bits).
+ *
+ * Compacts the Payload bits from the three sections into a single 100-bit value.
+ * The returned bigint will have its lowest 100 bits populated with data,
+ * and the highest bits set to zero.
+ */
+function extractSecretDataBits(id) {
+    // Right section stays in place
+    let extracted = id & exports.RIGHT_SECRET_DATA_SECTION_MASK;
+    // Middle section: shift right by 4 to compact
+    const BETWEEN_MIDDLE_RIGHT = 4n;
+    extracted = extracted | ((id & exports.MIDDLE_SECRET_DATA_SECTION_MASK) >> BETWEEN_MIDDLE_RIGHT);
+    // Left section: shift right by 8 to compact
+    const BETWEEN_LEFT_MIDDLE = BETWEEN_MIDDLE_RIGHT + 4n;
+    extracted = extracted | ((id & exports.LEFT_SECRET_DATA_SECTION_MASK) >> BETWEEN_LEFT_MIDDLE);
+    return extracted;
+}
+/**
+ * Expands compacted Payload bits back into their positions.
+ *
+ * This is the inverse of extractSecretDataBits.
+ * `bits` should have its lowest 100 bits populated with Payload data.
+ */
+function expandSecretDataBits(bits) {
+    // Right section stays in place
+    let expanded = bits & exports.RIGHT_SECRET_DATA_SECTION_MASK;
+    // Middle section shifts left
+    const BETWEEN_MIDDLE_RIGHT = 4n;
+    const middleMask = exports.MIDDLE_SECRET_DATA_SECTION_MASK >> BETWEEN_MIDDLE_RIGHT;
+    expanded = expanded | ((bits & middleMask) << BETWEEN_MIDDLE_RIGHT);
+    // Left section shifts left
+    const BETWEEN_LEFT_MIDDLE = BETWEEN_MIDDLE_RIGHT + 4n;
+    const leftMask = exports.LEFT_SECRET_DATA_SECTION_MASK >> BETWEEN_LEFT_MIDDLE;
+    expanded = expanded | ((bits & leftMask) << BETWEEN_LEFT_MIDDLE);
+    return expanded;
+}
+/**
+ * Convert 100-bit value to 25 hex digits (each 0-15).
+ * Most significant digit first.
+ */
+function toHexDigits(data) {
+    const hexDigits = new Array(exports.HEX_DIGIT_COUNT);
+    for (let i = 0; i < exports.HEX_DIGIT_COUNT; i++) {
+        const shift = BigInt((exports.HEX_DIGIT_COUNT - 1 - i) * 4);
+        hexDigits[i] = Number((data >> shift) & 0xfn);
+    }
+    return hexDigits;
+}
+/**
+ * Convert 25 hex digits back to 100-bit value.
+ */
+function fromHexDigits(digits) {
+    let result = 0n;
+    for (const digit of digits) {
+        result = (result << 4n) | BigInt(digit);
+    }
+    return result;
+}
+// Variant bit positions (bits 60-61 in the 128-bit TNID)
+const VARIANT_MASK = 3n << 60n;
+const V0_VARIANT = 0n << 60n;
+const V1_VARIANT = 1n << 60n;
+/**
+ * Get the TNID variant from a 128-bit ID value.
+ */
+function getVariant(id) {
+    const variantBits = (id >> 60n) & 3n;
+    switch (variantBits) {
+        case 0n:
+            return "v0";
+        case 1n:
+            return "v1";
+        case 2n:
+            return "v2";
+        case 3n:
+            return "v3";
+        default:
+            throw new Error("Unreachable");
+    }
+}
+/**
+ * Change the variant bits in a 128-bit ID.
+ */
+function setVariant(id, variant) {
+    const cleared = id & ~VARIANT_MASK;
+    const variantBits = variant === "v0" ? V0_VARIANT : V1_VARIANT;
+    return cleared | variantBits;
+}

package/script/encryption.d.ts

@@ -0,0 +1,56 @@
+/**
+ * TNID encryption using FF1 Format-Preserving Encryption.
+ *
+ * Provides functions to convert V0 (time-ordered) TNIDs to V1 (random-looking)
+ * TNIDs and vice versa, hiding timestamp information while remaining reversible.
+ */
+/**
+ * Error when creating an EncryptionKey.
+ */
+export declare class EncryptionKeyError extends Error {
+    constructor(message: string);
+}
+/**
+ * Error when encrypting or decrypting a TNID.
+ */
+export declare class EncryptionError extends Error {
+    constructor(message: string);
+}
+/**
+ * A 128-bit (16 byte) encryption key for TNID encryption.
+ */
+export declare class EncryptionKey {
+    private readonly bytes;
+    private constructor();
+    /**
+     * Creates a new encryption key from raw bytes.
+     */
+    static fromBytes(bytes: Uint8Array): EncryptionKey;
+    /**
+     * Creates an encryption key from a 32-character hex string.
+     */
+    static fromHex(hex: string): EncryptionKey;
+    /**
+     * Returns the key as a byte array.
+     */
+    asBytes(): Uint8Array;
+}
+/**
+ * Encrypts a V0 TNID to V1, hiding timestamp information.
+ *
+ * @param tnid The V0 TNID string to encrypt
+ * @param key The encryption key
+ * @returns The encrypted V1 TNID string
+ * @throws EncryptionError if the TNID is not V0 or is invalid
+ */
+export declare function encryptV0ToV1(tnid: string, key: EncryptionKey): Promise<string>;
+/**
+ * Decrypts a V1 TNID back to V0, recovering timestamp information.
+ *
+ * @param tnid The V1 TNID string to decrypt
+ * @param key The encryption key (must match the one used for encryption)
+ * @returns The decrypted V0 TNID string
+ * @throws EncryptionError if the TNID is not V1 or is invalid
+ */
+export declare function decryptV1ToV0(tnid: string, key: EncryptionKey): Promise<string>;
+//# sourceMappingURL=encryption.d.ts.map

package/script/encryption.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.d.ts","sourceRoot":"","sources":["../src/encryption.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAmBH;;GAEG;AACH,qBAAa,kBAAmB,SAAQ,KAAK;gBAC/B,OAAO,EAAE,MAAM;CAI5B;AAED;;GAEG;AACH,qBAAa,eAAgB,SAAQ,KAAK;gBAC5B,OAAO,EAAE,MAAM;CAI5B;AAED;;GAEG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAa;IAEnC,OAAO;IAIP;;OAEG;IACH,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,UAAU,GAAG,aAAa;IASlD;;OAEG;IACH,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,aAAa;IAsB1C;;OAEG;IACH,OAAO,IAAI,UAAU;CAGtB;AA6DD;;;;;;;GAOG;AACH,wBAAsB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CAmCrF;AAED;;;;;;;GAOG;AACH,wBAAsB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CAmCrF"}

package/script/encryption.js

@@ -0,0 +1,202 @@
+"use strict";
+/**
+ * TNID encryption using FF1 Format-Preserving Encryption.
+ *
+ * Provides functions to convert V0 (time-ordered) TNIDs to V1 (random-looking)
+ * TNIDs and vice versa, hiding timestamp information while remaining reversible.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EncryptionKey = exports.EncryptionError = exports.EncryptionKeyError = void 0;
+exports.encryptV0ToV1 = encryptV0ToV1;
+exports.decryptV1ToV0 = decryptV1ToV0;
+const core_1 = require("@tnid/core");
+const uuid_1 = require("@tnid/core/uuid");
+const ff1_js_1 = require("./ff1.js");
+const bits_js_1 = require("./bits.js");
+/**
+ * Error when creating an EncryptionKey.
+ */
+class EncryptionKeyError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "EncryptionKeyError";
+    }
+}
+exports.EncryptionKeyError = EncryptionKeyError;
+/**
+ * Error when encrypting or decrypting a TNID.
+ */
+class EncryptionError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "EncryptionError";
+    }
+}
+exports.EncryptionError = EncryptionError;
+/**
+ * A 128-bit (16 byte) encryption key for TNID encryption.
+ */
+class EncryptionKey {
+    constructor(bytes) {
+        Object.defineProperty(this, "bytes", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        this.bytes = bytes;
+    }
+    /**
+     * Creates a new encryption key from raw bytes.
+     */
+    static fromBytes(bytes) {
+        if (bytes.length !== 16) {
+            throw new EncryptionKeyError(`Encryption key must be 16 bytes, got ${bytes.length}`);
+        }
+        return new EncryptionKey(new Uint8Array(bytes));
+    }
+    /**
+     * Creates an encryption key from a 32-character hex string.
+     */
+    static fromHex(hex) {
+        if (hex.length !== 32) {
+            throw new EncryptionKeyError(`Encryption key hex string must be 32 characters, got ${hex.length}`);
+        }
+        const bytes = new Uint8Array(16);
+        for (let i = 0; i < 16; i++) {
+            const hexByte = hex.slice(i * 2, i * 2 + 2);
+            const value = parseInt(hexByte, 16);
+            if (isNaN(value)) {
+                throw new EncryptionKeyError(`Invalid hex character at position ${i * 2}`);
+            }
+            bytes[i] = value;
+        }
+        return new EncryptionKey(bytes);
+    }
+    /**
+     * Returns the key as a byte array.
+     */
+    asBytes() {
+        return new Uint8Array(this.bytes);
+    }
+}
+exports.EncryptionKey = EncryptionKey;
+/**
+ * Convert TNID string to 128-bit value.
+ */
+function tnidToValue(tnid) {
+    // Use @tnid/core to convert to UUID, then parse UUID to value
+    const parsed = core_1.DynamicTnid.parse(tnid);
+    const uuid = core_1.DynamicTnid.toUuidString(parsed);
+    return (0, uuid_1.parseUuidStringToValue)(uuid);
+}
+/**
+ * Convert 128-bit value back to TNID string.
+ */
+function valueToTnid(value) {
+    return (0, uuid_1.valueToTnidString)(value);
+}
+/**
+ * Encrypts the 100-bit Payload using FF1.
+ */
+async function encryptPayload(payload, key) {
+    // Mask to 100 bits
+    const mask = (1n << 100n) - 1n;
+    const data = payload & mask;
+    // Convert to hex digits
+    const hexDigits = (0, bits_js_1.toHexDigits)(data);
+    // Create FF1 cipher with radix 16
+    const ff1 = new ff1_js_1.FF1(key.asBytes(), 16);
+    // Encrypt with empty tweak
+    const encrypted = await ff1.encrypt(new Uint8Array(0), hexDigits);
+    // Convert back to bigint
+    return (0, bits_js_1.fromHexDigits)(encrypted);
+}
+/**
+ * Decrypts the 100-bit Payload using FF1.
+ */
+async function decryptPayload(payload, key) {
+    // Mask to 100 bits
+    const mask = (1n << 100n) - 1n;
+    const data = payload & mask;
+    // Convert to hex digits
+    const hexDigits = (0, bits_js_1.toHexDigits)(data);
+    // Create FF1 cipher with radix 16
+    const ff1 = new ff1_js_1.FF1(key.asBytes(), 16);
+    // Decrypt with empty tweak
+    const decrypted = await ff1.decrypt(new Uint8Array(0), hexDigits);
+    // Convert back to bigint
+    return (0, bits_js_1.fromHexDigits)(decrypted);
+}
+/**
+ * Encrypts a V0 TNID to V1, hiding timestamp information.
+ *
+ * @param tnid The V0 TNID string to encrypt
+ * @param key The encryption key
+ * @returns The encrypted V1 TNID string
+ * @throws EncryptionError if the TNID is not V0 or is invalid
+ */
+async function encryptV0ToV1(tnid, key) {
+    let value;
+    try {
+        value = tnidToValue(tnid);
+    }
+    catch (e) {
+        throw new EncryptionError(`Invalid TNID: ${e.message}`);
+    }
+    const variant = (0, uuid_1.extractVariantFromValue)(value);
+    if (variant === "v1") {
+        // Already V1, return unchanged
+        return tnid;
+    }
+    if (variant !== "v0") {
+        throw new EncryptionError(`TNID variant ${variant} is not supported for encryption`);
+    }
+    // Extract the 100 Payload bits
+    const secretData = (0, bits_js_1.extractSecretDataBits)(value);
+    // Encrypt the Payload
+    const encryptedData = await encryptPayload(secretData, key);
+    // Expand back to proper bit positions
+    const expanded = (0, bits_js_1.expandSecretDataBits)(encryptedData);
+    // Preserve Name bits and UUID-specific bits, replace Payload bits
+    let result = (value & ~bits_js_1.COMPLETE_SECRET_DATA_MASK) | expanded;
+    // Change variant from V0 to V1
+    result = (0, bits_js_1.setVariant)(result, "v1");
+    return valueToTnid(result);
+}
+/**
+ * Decrypts a V1 TNID back to V0, recovering timestamp information.
+ *
+ * @param tnid The V1 TNID string to decrypt
+ * @param key The encryption key (must match the one used for encryption)
+ * @returns The decrypted V0 TNID string
+ * @throws EncryptionError if the TNID is not V1 or is invalid
+ */
+async function decryptV1ToV0(tnid, key) {
+    let value;
+    try {
+        value = tnidToValue(tnid);
+    }
+    catch (e) {
+        throw new EncryptionError(`Invalid TNID: ${e.message}`);
+    }
+    const variant = (0, uuid_1.extractVariantFromValue)(value);
+    if (variant === "v0") {
+        // Already V0, return unchanged
+        return tnid;
+    }
+    if (variant !== "v1") {
+        throw new EncryptionError(`TNID variant ${variant} is not supported for decryption`);
+    }
+    // Extract the 100 Payload bits
+    const encryptedData = (0, bits_js_1.extractSecretDataBits)(value);
+    // Decrypt the Payload
+    const decryptedData = await decryptPayload(encryptedData, key);
+    // Expand back to proper bit positions
+    const expanded = (0, bits_js_1.expandSecretDataBits)(decryptedData);
+    // Preserve Name bits and UUID-specific bits, replace Payload bits
+    let result = (value & ~bits_js_1.COMPLETE_SECRET_DATA_MASK) | expanded;
+    // Change variant from V1 to V0
+    result = (0, bits_js_1.setVariant)(result, "v0");
+    return valueToTnid(result);
+}

package/script/ff1.d.ts

@@ -0,0 +1,45 @@
+/**
+ * FF1 Format-Preserving Encryption (NIST SP 800-38G).
+ *
+ * This implementation uses AES-128 as the underlying cipher.
+ * FF1 is a Feistel cipher that encrypts strings of numerals
+ * while preserving their format (length and radix).
+ */
+/**
+ * FF1 Format-Preserving Encryption cipher.
+ *
+ * Encrypts/decrypts a string of numerals (digits in base `radix`)
+ * while preserving the format.
+ */
+export declare class FF1 {
+    private aes;
+    private radix;
+    /**
+     * Create an FF1 cipher with the given key and radix.
+     *
+     * @param key 16-byte AES key
+     * @param radix Base of the numeral system (2-65536)
+     */
+    constructor(key: Uint8Array, radix: number);
+    /**
+     * FF1 encryption.
+     *
+     * @param tweak Additional data (can be empty)
+     * @param plaintext Array of numerals (each in range [0, radix))
+     * @returns Encrypted numeral array of same length
+     */
+    encrypt(tweak: Uint8Array, plaintext: number[]): Promise<number[]>;
+    /**
+     * FF1 decryption.
+     *
+     * @param tweak Additional data (must match encryption)
+     * @param ciphertext Array of numerals
+     * @returns Decrypted numeral array
+     */
+    decrypt(tweak: Uint8Array, ciphertext: number[]): Promise<number[]>;
+    /**
+     * Core FF1 Feistel cipher (10 rounds).
+     */
+    private cipher;
+}
+//# sourceMappingURL=ff1.d.ts.map

package/script/ff1.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ff1.d.ts","sourceRoot":"","sources":["../src/ff1.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AA+EH;;;;;GAKG;AACH,qBAAa,GAAG;IACd,OAAO,CAAC,GAAG,CAAS;IACpB,OAAO,CAAC,KAAK,CAAS;IAEtB;;;;;OAKG;gBACS,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM;IAQ1C;;;;;;OAMG;IACH,OAAO,CAAC,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAIlE;;;;;;OAMG;IACH,OAAO,CAAC,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAInE;;OAEG;YACW,MAAM;CAsIrB"}