npm - @towns-labs/sdk-crypto - Versions diffs - 2.0.1 - Mend

@towns-labs/sdk-crypto 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,5 @@
+# @towns-labs/sdk-crypto
+This package provides a set of cryptographic functions used in the Towns Protocol SDK.
+It's required to be a package so we can properly bundle the code for the web and node.

package/dist/chunk-CUT6urMc.cjs ADDED Viewed

@@ -0,0 +1,30 @@
+//#region rolldown:runtime
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+	if (from && typeof from === "object" || typeof from === "function") for (var keys = __getOwnPropNames(from), i = 0, n = keys.length, key; i < n; i++) {
+		key = keys[i];
+		if (!__hasOwnProp.call(to, key) && key !== except) __defProp(to, key, {
+			get: ((k) => from[k]).bind(null, key),
+			enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+		});
+	}
+	return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", {
+	value: mod,
+	enumerable: true
+}) : target, mod));
+//#endregion
+Object.defineProperty(exports, '__toESM', {
+  enumerable: true,
+  get: function () {
+    return __toESM;
+  }
+});

package/dist/node/index.cjs ADDED Viewed

@@ -0,0 +1,112 @@
+const require_chunk = require('../chunk-CUT6urMc.cjs');
+const __towns_labs_utils = require_chunk.__toESM(require("@towns-labs/utils"));
+const __towns_labs_proto = require_chunk.__toESM(require("@towns-labs/proto"));
+const __towns_labs_encryption = require_chunk.__toESM(require("@towns-labs/encryption"));
+const node_crypto = require_chunk.__toESM(require("node:crypto"));
+//#region src/node/index.ts
+function uint8ArrayToBase64(uint8Array) {
+	return Buffer.from(uint8Array).toString("base64");
+}
+function base64ToUint8Array(base64) {
+	const buffer = Buffer.from(base64, "base64");
+	return new Uint8Array(buffer);
+}
+function bufferToUint8Array(buffer) {
+	return new Uint8Array(buffer.buffer, buffer.byteOffset, buffer.byteLength);
+}
+function uint8ArrayToBuffer(uint8Array) {
+	return Buffer.from(uint8Array.buffer, uint8Array.byteOffset, uint8Array.byteLength);
+}
+async function getExtendedKeyMaterial(seedBuffer, length) {
+	const hash = node_crypto.default.createHash("sha256");
+	hash.update(uint8ArrayToBuffer(seedBuffer));
+	let keyMaterial = bufferToUint8Array(hash.digest());
+	while (keyMaterial.length < length) {
+		const newHash = node_crypto.default.createHash("sha256");
+		newHash.update(uint8ArrayToBuffer(keyMaterial));
+		keyMaterial = new Uint8Array([...keyMaterial, ...bufferToUint8Array(newHash.digest())]);
+	}
+	return keyMaterial.slice(0, length);
+}
+async function deriveKeyAndIV(keyPhrase) {
+	let keyBuffer;
+	if (typeof keyPhrase === "string") {
+		const encoder = new TextEncoder();
+		keyBuffer = encoder.encode(keyPhrase);
+	} else keyBuffer = keyPhrase;
+	const keyMaterial = await getExtendedKeyMaterial(keyBuffer, 44);
+	const key = keyMaterial.slice(0, 32);
+	const iv = keyMaterial.slice(32, 44);
+	return {
+		key,
+		iv
+	};
+}
+async function encryptAESGCM(data, key, iv) {
+	if (!data || data.length === 0) throw new Error("Cannot encrypt undefined or empty data");
+	if (!key) key = node_crypto.default.randomBytes(32);
+	else if (key.length !== 32) throw new Error("Invalid key length. AES-256-GCM requires a 32-byte key.");
+	if (!iv) iv = node_crypto.default.randomBytes(12);
+	else if (iv.length !== 12) throw new Error("Invalid IV length. AES-256-GCM requires a 12-byte IV.");
+	const cipher = node_crypto.default.createCipheriv("aes-256-gcm", uint8ArrayToBuffer(key), uint8ArrayToBuffer(iv));
+	const encrypted = Buffer.concat([cipher.update(uint8ArrayToBuffer(data)), cipher.final()]);
+	const authTag = cipher.getAuthTag();
+	const ciphertext = Buffer.concat([encrypted, authTag]);
+	return {
+		ciphertext: bufferToUint8Array(ciphertext),
+		iv,
+		secretKey: key
+	};
+}
+async function decryptAESGCM(data, key, iv) {
+	if (key.length !== 32) throw new Error("Invalid key length. AES-256-GCM requires a 32-byte key.");
+	if (iv.length !== 12) throw new Error("Invalid IV length. AES-256-GCM requires a 12-byte IV.");
+	let dataBuffer;
+	if (typeof data === "string") dataBuffer = Buffer.from(data, "base64");
+	else dataBuffer = data;
+	const encryptedBuffer = Buffer.from(dataBuffer.buffer, dataBuffer.byteOffset, dataBuffer.byteLength);
+	const authTag = new Uint8Array(encryptedBuffer.buffer.slice(encryptedBuffer.byteOffset + encryptedBuffer.length - 16, encryptedBuffer.byteOffset + encryptedBuffer.length));
+	const encryptedContent = new Uint8Array(encryptedBuffer.buffer.slice(encryptedBuffer.byteOffset, encryptedBuffer.byteOffset + encryptedBuffer.length - 16));
+	const decipher = node_crypto.default.createDecipheriv("aes-256-gcm", key, iv);
+	decipher.setAuthTag(authTag);
+	const decrypted = Buffer.concat([decipher.update(encryptedContent), decipher.final()]);
+	return new Uint8Array(decrypted.buffer, decrypted.byteOffset, decrypted.byteLength);
+}
+async function decryptDerivedAESGCM(keyPhrase, encryptedData) {
+	if (encryptedData.algorithm !== __towns_labs_encryption.AES_GCM_DERIVED_ALGORITHM) (0, __towns_labs_utils.throwWithCode)(`${encryptedData.algorithm}" algorithm not implemented`, __towns_labs_proto.Err.UNIMPLEMENTED);
+	const { key, iv } = await deriveKeyAndIV(keyPhrase);
+	const ciphertext = base64ToUint8Array(encryptedData.ciphertext);
+	return decryptAESGCM(ciphertext, key, iv);
+}
+async function encryptChunkedAESGCM(data, chunkSize) {
+	if (!data || data.length === 0) throw new Error("Cannot encrypt undefined or empty data");
+	const secretKey = node_crypto.default.getRandomValues(new Uint8Array(32));
+	const maxPlaintextSize = chunkSize - 16;
+	const chunks = [];
+	let offset = 0;
+	while (offset < data.length) {
+		const dataChunk = data.slice(offset, offset + maxPlaintextSize);
+		const { ciphertext, iv } = await encryptAESGCM(dataChunk, secretKey);
+		if (ciphertext.byteLength > chunkSize) throw new Error(`Encrypted chunk exceeds chunkSize. Adjust chunkSize.`);
+		chunks.push({
+			ciphertext,
+			iv
+		});
+		offset += maxPlaintextSize;
+	}
+	return {
+		chunks,
+		secretKey
+	};
+}
+//#endregion
+exports.base64ToUint8Array = base64ToUint8Array;
+exports.decryptAESGCM = decryptAESGCM;
+exports.decryptDerivedAESGCM = decryptDerivedAESGCM;
+exports.deriveKeyAndIV = deriveKeyAndIV;
+exports.encryptAESGCM = encryptAESGCM;
+exports.encryptChunkedAESGCM = encryptChunkedAESGCM;
+exports.uint8ArrayToBase64 = uint8ArrayToBase64;
+//# sourceMappingURL=index.cjs.map

package/dist/node/index.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.cjs","names":["uint8Array: Uint8Array","base64: string","buffer: Buffer","seedBuffer: Uint8Array","length: number","keyPhrase: string | Uint8Array","keyBuffer: Uint8Array","data: Uint8Array","key?: Uint8Array","iv?: Uint8Array","data: Uint8Array | string","key: Uint8Array","iv: Uint8Array","dataBuffer: Uint8Array","keyPhrase: string","encryptedData: EncryptedData","AES_GCM_DERIVED_ALGORITHM","Err","chunkSize: number","chunks: Array<{ ciphertext: Uint8Array; iv: Uint8Array }>"],"sources":["../../src/node/index.ts"],"sourcesContent":["import { throwWithCode } from '@towns-labs/utils'\nimport { EncryptedData, Err } from '@towns-labs/proto'\nimport { AES_GCM_DERIVED_ALGORITHM } from '@towns-labs/encryption'\nimport crypto from 'node:crypto'\n\nexport function uint8ArrayToBase64(uint8Array: Uint8Array): string {\n return Buffer.from(uint8Array).toString('base64')\n}\n\nexport function base64ToUint8Array(base64: string): Uint8Array {\n const buffer = Buffer.from(base64, 'base64')\n return new Uint8Array(buffer)\n}\n\nfunction bufferToUint8Array(buffer: Buffer): Uint8Array {\n return new Uint8Array(buffer.buffer, buffer.byteOffset, buffer.byteLength)\n}\n\nfunction uint8ArrayToBuffer(uint8Array: Uint8Array): Buffer {\n return Buffer.from(uint8Array.buffer, uint8Array.byteOffset, uint8Array.byteLength)\n}\n\nasync function getExtendedKeyMaterial(seedBuffer: Uint8Array, length: number): Promise<Uint8Array> {\n const hash = crypto.createHash('sha256')\n hash.update(uint8ArrayToBuffer(seedBuffer))\n let keyMaterial = bufferToUint8Array(hash.digest())\n\n while (keyMaterial.length < length) {\n const newHash = crypto.createHash('sha256')\n newHash.update(uint8ArrayToBuffer(keyMaterial))\n keyMaterial = new Uint8Array([...keyMaterial, ...bufferToUint8Array(newHash.digest())])\n }\n\n return keyMaterial.slice(0, length)\n}\n\nexport async function deriveKeyAndIV(\n keyPhrase: string | Uint8Array,\n): Promise<{ key: Uint8Array; iv: Uint8Array }> {\n let keyBuffer: Uint8Array\n\n if (typeof keyPhrase === 'string') {\n const encoder = new TextEncoder()\n keyBuffer = encoder.encode(keyPhrase)\n } else {\n keyBuffer = keyPhrase\n }\n\n const keyMaterial = await getExtendedKeyMaterial(keyBuffer, 32 + 12) // 32 bytes for key, 12 bytes for IV\n\n const key = keyMaterial.slice(0, 32) // AES-256 key\n const iv = keyMaterial.slice(32, 32 + 12) // AES-GCM IV\n\n return { key, iv }\n}\n\nexport async function encryptAESGCM(\n data: Uint8Array,\n key?: Uint8Array,\n iv?: Uint8Array,\n): Promise<{ ciphertext: Uint8Array; iv: Uint8Array; secretKey: Uint8Array }> {\n if (!data || data.length === 0) {\n throw new Error('Cannot encrypt undefined or empty data')\n }\n\n if (!key) {\n key = crypto.randomBytes(32)\n } else if (key.length !== 32) {\n throw new Error('Invalid key length. AES-256-GCM requires a 32-byte key.')\n }\n\n if (!iv) {\n iv = crypto.randomBytes(12)\n } else if (iv.length !== 12) {\n throw new Error('Invalid IV length. AES-256-GCM requires a 12-byte IV.')\n }\n\n const cipher = crypto.createCipheriv(\n 'aes-256-gcm',\n uint8ArrayToBuffer(key),\n uint8ArrayToBuffer(iv),\n )\n const encrypted = Buffer.concat([cipher.update(uint8ArrayToBuffer(data)), cipher.final()])\n const authTag = cipher.getAuthTag()\n const ciphertext = Buffer.concat([encrypted, authTag])\n\n return { ciphertext: bufferToUint8Array(ciphertext), iv, secretKey: key }\n}\n\nexport async function decryptAESGCM(\n data: Uint8Array | string,\n key: Uint8Array,\n iv: Uint8Array,\n): Promise<Uint8Array> {\n if (key.length !== 32) {\n throw new Error('Invalid key length. AES-256-GCM requires a 32-byte key.')\n }\n\n if (iv.length !== 12) {\n throw new Error('Invalid IV length. AES-256-GCM requires a 12-byte IV.')\n }\n\n // Convert data to Uint8Array if it is a string\n let dataBuffer: Uint8Array\n if (typeof data === 'string') {\n dataBuffer = Buffer.from(data, 'base64')\n } else {\n dataBuffer = data\n }\n\n const encryptedBuffer = Buffer.from(\n dataBuffer.buffer,\n dataBuffer.byteOffset,\n dataBuffer.byteLength,\n )\n const authTag = new Uint8Array(\n encryptedBuffer.buffer.slice(\n encryptedBuffer.byteOffset + encryptedBuffer.length - 16,\n encryptedBuffer.byteOffset + encryptedBuffer.length,\n ),\n )\n const encryptedContent = new Uint8Array(\n encryptedBuffer.buffer.slice(\n encryptedBuffer.byteOffset,\n encryptedBuffer.byteOffset + encryptedBuffer.length - 16,\n ),\n )\n\n const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv)\n decipher.setAuthTag(authTag)\n\n const decrypted = Buffer.concat([decipher.update(encryptedContent), decipher.final()])\n return new Uint8Array(decrypted.buffer, decrypted.byteOffset, decrypted.byteLength)\n}\n\nexport async function decryptDerivedAESGCM(\n keyPhrase: string,\n encryptedData: EncryptedData,\n): Promise<Uint8Array> {\n if (encryptedData.algorithm !== AES_GCM_DERIVED_ALGORITHM) {\n throwWithCode(`${encryptedData.algorithm}\" algorithm not implemented`, Err.UNIMPLEMENTED)\n }\n const { key, iv } = await deriveKeyAndIV(keyPhrase)\n const ciphertext = base64ToUint8Array(encryptedData.ciphertext)\n return decryptAESGCM(ciphertext, key, iv)\n}\n\nexport async function encryptChunkedAESGCM(\n data: Uint8Array,\n chunkSize: number,\n): Promise<{\n chunks: Array<{ ciphertext: Uint8Array; iv: Uint8Array }>\n secretKey: Uint8Array\n}> {\n if (!data || data.length === 0) {\n throw new Error('Cannot encrypt undefined or empty data')\n }\n const secretKey = crypto.getRandomValues(new Uint8Array(32))\n // Adjust chunk size to account for AES-GCM overhead (16-byte auth tag)\n const maxPlaintextSize = chunkSize - 16\n const chunks: Array<{ ciphertext: Uint8Array; iv: Uint8Array }> = []\n\n let offset = 0\n while (offset < data.length) {\n const dataChunk = data.slice(offset, offset + maxPlaintextSize)\n const { ciphertext, iv } = await encryptAESGCM(dataChunk, secretKey)\n\n if (ciphertext.byteLength > chunkSize) {\n throw new Error(`Encrypted chunk exceeds chunkSize. Adjust chunkSize.`)\n }\n\n chunks.push({ ciphertext, iv })\n offset += maxPlaintextSize\n }\n\n return { chunks, secretKey }\n}\n"],"mappings":";;;;;;;AAKA,SAAgB,mBAAmBA,YAAgC;AAC/D,QAAO,OAAO,KAAK,WAAW,CAAC,SAAS,SAAS;AACpD;AAED,SAAgB,mBAAmBC,QAA4B;CAC3D,MAAM,SAAS,OAAO,KAAK,QAAQ,SAAS;AAC5C,QAAO,IAAI,WAAW;AACzB;AAED,SAAS,mBAAmBC,QAA4B;AACpD,QAAO,IAAI,WAAW,OAAO,QAAQ,OAAO,YAAY,OAAO;AAClE;AAED,SAAS,mBAAmBF,YAAgC;AACxD,QAAO,OAAO,KAAK,WAAW,QAAQ,WAAW,YAAY,WAAW,WAAW;AACtF;AAED,eAAe,uBAAuBG,YAAwBC,QAAqC;CAC/F,MAAM,OAAO,oBAAO,WAAW,SAAS;AACxC,MAAK,OAAO,mBAAmB,WAAW,CAAC;CAC3C,IAAI,cAAc,mBAAmB,KAAK,QAAQ,CAAC;AAEnD,QAAO,YAAY,SAAS,QAAQ;EAChC,MAAM,UAAU,oBAAO,WAAW,SAAS;AAC3C,UAAQ,OAAO,mBAAmB,YAAY,CAAC;AAC/C,gBAAc,IAAI,WAAW,CAAC,GAAG,aAAa,GAAG,mBAAmB,QAAQ,QAAQ,CAAC,AAAC;CACzF;AAED,QAAO,YAAY,MAAM,GAAG,OAAO;AACtC;AAED,eAAsB,eAClBC,WAC4C;CAC5C,IAAIC;AAEJ,YAAW,cAAc,UAAU;EAC/B,MAAM,UAAU,IAAI;AACpB,cAAY,QAAQ,OAAO,UAAU;CACxC,MACG,aAAY;CAGhB,MAAM,cAAc,MAAM,uBAAuB,WAAW,GAAQ;CAEpE,MAAM,MAAM,YAAY,MAAM,GAAG,GAAG;CACpC,MAAM,KAAK,YAAY,MAAM,IAAI,GAAQ;AAEzC,QAAO;EAAE;EAAK;CAAI;AACrB;AAED,eAAsB,cAClBC,MACAC,KACAC,IAC0E;AAC1E,MAAK,QAAQ,KAAK,WAAW,EACzB,OAAM,IAAI,MAAM;AAGpB,MAAK,IACD,OAAM,oBAAO,YAAY,GAAG;UACrB,IAAI,WAAW,GACtB,OAAM,IAAI,MAAM;AAGpB,MAAK,GACD,MAAK,oBAAO,YAAY,GAAG;UACpB,GAAG,WAAW,GACrB,OAAM,IAAI,MAAM;CAGpB,MAAM,SAAS,oBAAO,eAClB,eACA,mBAAmB,IAAI,EACvB,mBAAmB,GAAG,CACzB;CACD,MAAM,YAAY,OAAO,OAAO,CAAC,OAAO,OAAO,mBAAmB,KAAK,CAAC,EAAE,OAAO,OAAO,AAAC,EAAC;CAC1F,MAAM,UAAU,OAAO,YAAY;CACnC,MAAM,aAAa,OAAO,OAAO,CAAC,WAAW,OAAQ,EAAC;AAEtD,QAAO;EAAE,YAAY,mBAAmB,WAAW;EAAE;EAAI,WAAW;CAAK;AAC5E;AAED,eAAsB,cAClBC,MACAC,KACAC,IACmB;AACnB,KAAI,IAAI,WAAW,GACf,OAAM,IAAI,MAAM;AAGpB,KAAI,GAAG,WAAW,GACd,OAAM,IAAI,MAAM;CAIpB,IAAIC;AACJ,YAAW,SAAS,SAChB,cAAa,OAAO,KAAK,MAAM,SAAS;KAExC,cAAa;CAGjB,MAAM,kBAAkB,OAAO,KAC3B,WAAW,QACX,WAAW,YACX,WAAW,WACd;CACD,MAAM,UAAU,IAAI,WAChB,gBAAgB,OAAO,MACnB,gBAAgB,aAAa,gBAAgB,SAAS,IACtD,gBAAgB,aAAa,gBAAgB,OAChD;CAEL,MAAM,mBAAmB,IAAI,WACzB,gBAAgB,OAAO,MACnB,gBAAgB,YAChB,gBAAgB,aAAa,gBAAgB,SAAS,GACzD;CAGL,MAAM,WAAW,oBAAO,iBAAiB,eAAe,KAAK,GAAG;AAChE,UAAS,WAAW,QAAQ;CAE5B,MAAM,YAAY,OAAO,OAAO,CAAC,SAAS,OAAO,iBAAiB,EAAE,SAAS,OAAO,AAAC,EAAC;AACtF,QAAO,IAAI,WAAW,UAAU,QAAQ,UAAU,YAAY,UAAU;AAC3E;AAED,eAAsB,qBAClBC,WACAC,eACmB;AACnB,KAAI,cAAc,cAAcC,kDAC5B,wCAAe,EAAE,cAAc,UAAU,8BAA8BC,uBAAI,cAAc;CAE7F,MAAM,EAAE,KAAK,IAAI,GAAG,MAAM,eAAe,UAAU;CACnD,MAAM,aAAa,mBAAmB,cAAc,WAAW;AAC/D,QAAO,cAAc,YAAY,KAAK,GAAG;AAC5C;AAED,eAAsB,qBAClBV,MACAW,WAID;AACC,MAAK,QAAQ,KAAK,WAAW,EACzB,OAAM,IAAI,MAAM;CAEpB,MAAM,YAAY,oBAAO,gBAAgB,IAAI,WAAW,IAAI;CAE5D,MAAM,mBAAmB,YAAY;CACrC,MAAMC,SAA4D,CAAE;CAEpE,IAAI,SAAS;AACb,QAAO,SAAS,KAAK,QAAQ;EACzB,MAAM,YAAY,KAAK,MAAM,QAAQ,SAAS,iBAAiB;EAC/D,MAAM,EAAE,YAAY,IAAI,GAAG,MAAM,cAAc,WAAW,UAAU;AAEpE,MAAI,WAAW,aAAa,UACxB,OAAM,IAAI,OAAO;AAGrB,SAAO,KAAK;GAAE;GAAY;EAAI,EAAC;AAC/B,YAAU;CACb;AAED,QAAO;EAAE;EAAQ;CAAW;AAC/B"}

package/dist/node/index.d.cts ADDED Viewed

@@ -0,0 +1,28 @@
+import { EncryptedData } from "@towns-labs/proto";
+//#region src/node/index.d.ts
+declare function uint8ArrayToBase64(uint8Array: Uint8Array): string;
+declare function base64ToUint8Array(base64: string): Uint8Array;
+declare function deriveKeyAndIV(keyPhrase: string | Uint8Array): Promise<{
+  key: Uint8Array;
+  iv: Uint8Array;
+}>;
+declare function encryptAESGCM(data: Uint8Array, key?: Uint8Array, iv?: Uint8Array): Promise<{
+  ciphertext: Uint8Array;
+  iv: Uint8Array;
+  secretKey: Uint8Array;
+}>;
+declare function decryptAESGCM(data: Uint8Array | string, key: Uint8Array, iv: Uint8Array): Promise<Uint8Array>;
+declare function decryptDerivedAESGCM(keyPhrase: string, encryptedData: EncryptedData): Promise<Uint8Array>;
+declare function encryptChunkedAESGCM(data: Uint8Array, chunkSize: number): Promise<{
+  chunks: Array<{
+    ciphertext: Uint8Array;
+    iv: Uint8Array;
+  }>;
+  secretKey: Uint8Array;
+}>;
+//# sourceMappingURL=index.d.ts.map
+//#endregion
+export { base64ToUint8Array, decryptAESGCM, decryptDerivedAESGCM, deriveKeyAndIV, encryptAESGCM, encryptChunkedAESGCM, uint8ArrayToBase64 };
+//# sourceMappingURL=index.d.cts.map

package/dist/node/index.d.cts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.cts","names":[],"sources":["../../src/node/index.ts"],"sourcesContent":[],"mappings":";;;iBAKgB,kBAAA,aAA+B;iBAI/B,kBAAA,kBAAoC;AAJpC,iBA+BM,cAAA,CA/ByB,SAAU,EAAA,MAAA,GAgCjC,UAhCiC,CAAA,EAiCtD,OAjCsD,CAAA;EAIzC,GAAA,EA6BE,UA7BF;EA2BM,EAAA,EAEY,UAFZ;CAAc,CAAA;AACZ,iBAmBF,aAAA,CAnBE,IAAA,EAoBd,UApBc,EAAA,GAAA,CAAA,EAqBd,UArBc,EAAA,EAAA,CAAA,EAsBf,UAtBe,CAAA,EAuBrB,OAvBqB,CAAA;EAAU,UAChB,EAsBO,UAtBP;EAAU,EAAA,EAsBa,UAtBP;EAAU,SAAzC,EAsB6D,UAtB7D;AAAO,CAAA,CAAA;AAkBY,iBAiCA,aAAA,CAjCa,IAAA,EAkCzB,UAlCyB,GAAA,MAAA,EAAA,GAAA,EAmC1B,UAnC0B,EAAA,EAAA,EAoC3B,UApC2B,CAAA,EAqChC,OArCgC,CAqCxB,UArCwB,CAAA;AAAA,iBA+Eb,oBAAA,CA/Ea,SAAA,EAAA,MAAA,EAAA,aAAA,EAiFhB,aAjFgB,CAAA,EAkFhC,OAlFgC,CAkFxB,UAlFwB,CAAA;AACzB,iBA0FY,oBAAA,CA1FZ,IAAA,EA2FA,UA3FA,EAAA,SAAA,EAAA,MAAA,CAAA,EA6FP,OA7FO,CAAA;EAAU,MACV,EA6FE,KA7FF,CAAA;IACD,UAAA,EA4FuB,UA5FvB;IACgB,EAAA,EA2FuB,UA3FvB;EAAU,CAAA,CAAA;EAAgB,SAAa,EA4FjD,UA5FiD;CAAU,CAAA;AAAhE"}

package/dist/node/index.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+import { EncryptedData } from "@towns-labs/proto";
+//#region src/node/index.d.ts
+declare function uint8ArrayToBase64(uint8Array: Uint8Array): string;
+declare function base64ToUint8Array(base64: string): Uint8Array;
+declare function deriveKeyAndIV(keyPhrase: string | Uint8Array): Promise<{
+  key: Uint8Array;
+  iv: Uint8Array;
+}>;
+declare function encryptAESGCM(data: Uint8Array, key?: Uint8Array, iv?: Uint8Array): Promise<{
+  ciphertext: Uint8Array;
+  iv: Uint8Array;
+  secretKey: Uint8Array;
+}>;
+declare function decryptAESGCM(data: Uint8Array | string, key: Uint8Array, iv: Uint8Array): Promise<Uint8Array>;
+declare function decryptDerivedAESGCM(keyPhrase: string, encryptedData: EncryptedData): Promise<Uint8Array>;
+declare function encryptChunkedAESGCM(data: Uint8Array, chunkSize: number): Promise<{
+  chunks: Array<{
+    ciphertext: Uint8Array;
+    iv: Uint8Array;
+  }>;
+  secretKey: Uint8Array;
+}>;
+//# sourceMappingURL=index.d.ts.map
+//#endregion
+export { base64ToUint8Array, decryptAESGCM, decryptDerivedAESGCM, deriveKeyAndIV, encryptAESGCM, encryptChunkedAESGCM, uint8ArrayToBase64 };
+//# sourceMappingURL=index.d.ts.map

package/dist/node/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","names":[],"sources":["../../src/node/index.ts"],"sourcesContent":[],"mappings":";;;iBAKgB,kBAAA,aAA+B;iBAI/B,kBAAA,kBAAoC;AAJpC,iBA+BM,cAAA,CA/ByB,SAAU,EAAA,MAAA,GAgCjC,UAhCiC,CAAA,EAiCtD,OAjCsD,CAAA;EAIzC,GAAA,EA6BE,UA7BF;EA2BM,EAAA,EAEY,UAFZ;CAAc,CAAA;AACZ,iBAmBF,aAAA,CAnBE,IAAA,EAoBd,UApBc,EAAA,GAAA,CAAA,EAqBd,UArBc,EAAA,EAAA,CAAA,EAsBf,UAtBe,CAAA,EAuBrB,OAvBqB,CAAA;EAAU,UAChB,EAsBO,UAtBP;EAAU,EAAA,EAsBa,UAtBP;EAAU,SAAzC,EAsB6D,UAtB7D;AAAO,CAAA,CAAA;AAkBY,iBAiCA,aAAA,CAjCa,IAAA,EAkCzB,UAlCyB,GAAA,MAAA,EAAA,GAAA,EAmC1B,UAnC0B,EAAA,EAAA,EAoC3B,UApC2B,CAAA,EAqChC,OArCgC,CAqCxB,UArCwB,CAAA;AAAA,iBA+Eb,oBAAA,CA/Ea,SAAA,EAAA,MAAA,EAAA,aAAA,EAiFhB,aAjFgB,CAAA,EAkFhC,OAlFgC,CAkFxB,UAlFwB,CAAA;AACzB,iBA0FY,oBAAA,CA1FZ,IAAA,EA2FA,UA3FA,EAAA,SAAA,EAAA,MAAA,CAAA,EA6FP,OA7FO,CAAA;EAAU,MACV,EA6FE,KA7FF,CAAA;IACD,UAAA,EA4FuB,UA5FvB;IACgB,EAAA,EA2FuB,UA3FvB;EAAU,CAAA,CAAA;EAAgB,SAAa,EA4FjD,UA5FiD;CAAU,CAAA;AAAhE"}

package/dist/node/index.js ADDED Viewed

@@ -0,0 +1,105 @@
+import { throwWithCode } from "@towns-labs/utils";
+import { Err } from "@towns-labs/proto";
+import { AES_GCM_DERIVED_ALGORITHM } from "@towns-labs/encryption";
+import crypto from "node:crypto";
+//#region src/node/index.ts
+function uint8ArrayToBase64(uint8Array) {
+	return Buffer.from(uint8Array).toString("base64");
+}
+function base64ToUint8Array(base64) {
+	const buffer = Buffer.from(base64, "base64");
+	return new Uint8Array(buffer);
+}
+function bufferToUint8Array(buffer) {
+	return new Uint8Array(buffer.buffer, buffer.byteOffset, buffer.byteLength);
+}
+function uint8ArrayToBuffer(uint8Array) {
+	return Buffer.from(uint8Array.buffer, uint8Array.byteOffset, uint8Array.byteLength);
+}
+async function getExtendedKeyMaterial(seedBuffer, length) {
+	const hash = crypto.createHash("sha256");
+	hash.update(uint8ArrayToBuffer(seedBuffer));
+	let keyMaterial = bufferToUint8Array(hash.digest());
+	while (keyMaterial.length < length) {
+		const newHash = crypto.createHash("sha256");
+		newHash.update(uint8ArrayToBuffer(keyMaterial));
+		keyMaterial = new Uint8Array([...keyMaterial, ...bufferToUint8Array(newHash.digest())]);
+	}
+	return keyMaterial.slice(0, length);
+}
+async function deriveKeyAndIV(keyPhrase) {
+	let keyBuffer;
+	if (typeof keyPhrase === "string") {
+		const encoder = new TextEncoder();
+		keyBuffer = encoder.encode(keyPhrase);
+	} else keyBuffer = keyPhrase;
+	const keyMaterial = await getExtendedKeyMaterial(keyBuffer, 44);
+	const key = keyMaterial.slice(0, 32);
+	const iv = keyMaterial.slice(32, 44);
+	return {
+		key,
+		iv
+	};
+}
+async function encryptAESGCM(data, key, iv) {
+	if (!data || data.length === 0) throw new Error("Cannot encrypt undefined or empty data");
+	if (!key) key = crypto.randomBytes(32);
+	else if (key.length !== 32) throw new Error("Invalid key length. AES-256-GCM requires a 32-byte key.");
+	if (!iv) iv = crypto.randomBytes(12);
+	else if (iv.length !== 12) throw new Error("Invalid IV length. AES-256-GCM requires a 12-byte IV.");
+	const cipher = crypto.createCipheriv("aes-256-gcm", uint8ArrayToBuffer(key), uint8ArrayToBuffer(iv));
+	const encrypted = Buffer.concat([cipher.update(uint8ArrayToBuffer(data)), cipher.final()]);
+	const authTag = cipher.getAuthTag();
+	const ciphertext = Buffer.concat([encrypted, authTag]);
+	return {
+		ciphertext: bufferToUint8Array(ciphertext),
+		iv,
+		secretKey: key
+	};
+}
+async function decryptAESGCM(data, key, iv) {
+	if (key.length !== 32) throw new Error("Invalid key length. AES-256-GCM requires a 32-byte key.");
+	if (iv.length !== 12) throw new Error("Invalid IV length. AES-256-GCM requires a 12-byte IV.");
+	let dataBuffer;
+	if (typeof data === "string") dataBuffer = Buffer.from(data, "base64");
+	else dataBuffer = data;
+	const encryptedBuffer = Buffer.from(dataBuffer.buffer, dataBuffer.byteOffset, dataBuffer.byteLength);
+	const authTag = new Uint8Array(encryptedBuffer.buffer.slice(encryptedBuffer.byteOffset + encryptedBuffer.length - 16, encryptedBuffer.byteOffset + encryptedBuffer.length));
+	const encryptedContent = new Uint8Array(encryptedBuffer.buffer.slice(encryptedBuffer.byteOffset, encryptedBuffer.byteOffset + encryptedBuffer.length - 16));
+	const decipher = crypto.createDecipheriv("aes-256-gcm", key, iv);
+	decipher.setAuthTag(authTag);
+	const decrypted = Buffer.concat([decipher.update(encryptedContent), decipher.final()]);
+	return new Uint8Array(decrypted.buffer, decrypted.byteOffset, decrypted.byteLength);
+}
+async function decryptDerivedAESGCM(keyPhrase, encryptedData) {
+	if (encryptedData.algorithm !== AES_GCM_DERIVED_ALGORITHM) throwWithCode(`${encryptedData.algorithm}" algorithm not implemented`, Err.UNIMPLEMENTED);
+	const { key, iv } = await deriveKeyAndIV(keyPhrase);
+	const ciphertext = base64ToUint8Array(encryptedData.ciphertext);
+	return decryptAESGCM(ciphertext, key, iv);
+}
+async function encryptChunkedAESGCM(data, chunkSize) {
+	if (!data || data.length === 0) throw new Error("Cannot encrypt undefined or empty data");
+	const secretKey = crypto.getRandomValues(new Uint8Array(32));
+	const maxPlaintextSize = chunkSize - 16;
+	const chunks = [];
+	let offset = 0;
+	while (offset < data.length) {
+		const dataChunk = data.slice(offset, offset + maxPlaintextSize);
+		const { ciphertext, iv } = await encryptAESGCM(dataChunk, secretKey);
+		if (ciphertext.byteLength > chunkSize) throw new Error(`Encrypted chunk exceeds chunkSize. Adjust chunkSize.`);
+		chunks.push({
+			ciphertext,
+			iv
+		});
+		offset += maxPlaintextSize;
+	}
+	return {
+		chunks,
+		secretKey
+	};
+}
+//#endregion
+export { base64ToUint8Array, decryptAESGCM, decryptDerivedAESGCM, deriveKeyAndIV, encryptAESGCM, encryptChunkedAESGCM, uint8ArrayToBase64 };
+//# sourceMappingURL=index.js.map

package/dist/node/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","names":["uint8Array: Uint8Array","base64: string","buffer: Buffer","seedBuffer: Uint8Array","length: number","keyPhrase: string | Uint8Array","keyBuffer: Uint8Array","data: Uint8Array","key?: Uint8Array","iv?: Uint8Array","data: Uint8Array | string","key: Uint8Array","iv: Uint8Array","dataBuffer: Uint8Array","keyPhrase: string","encryptedData: EncryptedData","chunkSize: number","chunks: Array<{ ciphertext: Uint8Array; iv: Uint8Array }>"],"sources":["../../src/node/index.ts"],"sourcesContent":["import { throwWithCode } from '@towns-labs/utils'\nimport { EncryptedData, Err } from '@towns-labs/proto'\nimport { AES_GCM_DERIVED_ALGORITHM } from '@towns-labs/encryption'\nimport crypto from 'node:crypto'\n\nexport function uint8ArrayToBase64(uint8Array: Uint8Array): string {\n return Buffer.from(uint8Array).toString('base64')\n}\n\nexport function base64ToUint8Array(base64: string): Uint8Array {\n const buffer = Buffer.from(base64, 'base64')\n return new Uint8Array(buffer)\n}\n\nfunction bufferToUint8Array(buffer: Buffer): Uint8Array {\n return new Uint8Array(buffer.buffer, buffer.byteOffset, buffer.byteLength)\n}\n\nfunction uint8ArrayToBuffer(uint8Array: Uint8Array): Buffer {\n return Buffer.from(uint8Array.buffer, uint8Array.byteOffset, uint8Array.byteLength)\n}\n\nasync function getExtendedKeyMaterial(seedBuffer: Uint8Array, length: number): Promise<Uint8Array> {\n const hash = crypto.createHash('sha256')\n hash.update(uint8ArrayToBuffer(seedBuffer))\n let keyMaterial = bufferToUint8Array(hash.digest())\n\n while (keyMaterial.length < length) {\n const newHash = crypto.createHash('sha256')\n newHash.update(uint8ArrayToBuffer(keyMaterial))\n keyMaterial = new Uint8Array([...keyMaterial, ...bufferToUint8Array(newHash.digest())])\n }\n\n return keyMaterial.slice(0, length)\n}\n\nexport async function deriveKeyAndIV(\n keyPhrase: string | Uint8Array,\n): Promise<{ key: Uint8Array; iv: Uint8Array }> {\n let keyBuffer: Uint8Array\n\n if (typeof keyPhrase === 'string') {\n const encoder = new TextEncoder()\n keyBuffer = encoder.encode(keyPhrase)\n } else {\n keyBuffer = keyPhrase\n }\n\n const keyMaterial = await getExtendedKeyMaterial(keyBuffer, 32 + 12) // 32 bytes for key, 12 bytes for IV\n\n const key = keyMaterial.slice(0, 32) // AES-256 key\n const iv = keyMaterial.slice(32, 32 + 12) // AES-GCM IV\n\n return { key, iv }\n}\n\nexport async function encryptAESGCM(\n data: Uint8Array,\n key?: Uint8Array,\n iv?: Uint8Array,\n): Promise<{ ciphertext: Uint8Array; iv: Uint8Array; secretKey: Uint8Array }> {\n if (!data || data.length === 0) {\n throw new Error('Cannot encrypt undefined or empty data')\n }\n\n if (!key) {\n key = crypto.randomBytes(32)\n } else if (key.length !== 32) {\n throw new Error('Invalid key length. AES-256-GCM requires a 32-byte key.')\n }\n\n if (!iv) {\n iv = crypto.randomBytes(12)\n } else if (iv.length !== 12) {\n throw new Error('Invalid IV length. AES-256-GCM requires a 12-byte IV.')\n }\n\n const cipher = crypto.createCipheriv(\n 'aes-256-gcm',\n uint8ArrayToBuffer(key),\n uint8ArrayToBuffer(iv),\n )\n const encrypted = Buffer.concat([cipher.update(uint8ArrayToBuffer(data)), cipher.final()])\n const authTag = cipher.getAuthTag()\n const ciphertext = Buffer.concat([encrypted, authTag])\n\n return { ciphertext: bufferToUint8Array(ciphertext), iv, secretKey: key }\n}\n\nexport async function decryptAESGCM(\n data: Uint8Array | string,\n key: Uint8Array,\n iv: Uint8Array,\n): Promise<Uint8Array> {\n if (key.length !== 32) {\n throw new Error('Invalid key length. AES-256-GCM requires a 32-byte key.')\n }\n\n if (iv.length !== 12) {\n throw new Error('Invalid IV length. AES-256-GCM requires a 12-byte IV.')\n }\n\n // Convert data to Uint8Array if it is a string\n let dataBuffer: Uint8Array\n if (typeof data === 'string') {\n dataBuffer = Buffer.from(data, 'base64')\n } else {\n dataBuffer = data\n }\n\n const encryptedBuffer = Buffer.from(\n dataBuffer.buffer,\n dataBuffer.byteOffset,\n dataBuffer.byteLength,\n )\n const authTag = new Uint8Array(\n encryptedBuffer.buffer.slice(\n encryptedBuffer.byteOffset + encryptedBuffer.length - 16,\n encryptedBuffer.byteOffset + encryptedBuffer.length,\n ),\n )\n const encryptedContent = new Uint8Array(\n encryptedBuffer.buffer.slice(\n encryptedBuffer.byteOffset,\n encryptedBuffer.byteOffset + encryptedBuffer.length - 16,\n ),\n )\n\n const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv)\n decipher.setAuthTag(authTag)\n\n const decrypted = Buffer.concat([decipher.update(encryptedContent), decipher.final()])\n return new Uint8Array(decrypted.buffer, decrypted.byteOffset, decrypted.byteLength)\n}\n\nexport async function decryptDerivedAESGCM(\n keyPhrase: string,\n encryptedData: EncryptedData,\n): Promise<Uint8Array> {\n if (encryptedData.algorithm !== AES_GCM_DERIVED_ALGORITHM) {\n throwWithCode(`${encryptedData.algorithm}\" algorithm not implemented`, Err.UNIMPLEMENTED)\n }\n const { key, iv } = await deriveKeyAndIV(keyPhrase)\n const ciphertext = base64ToUint8Array(encryptedData.ciphertext)\n return decryptAESGCM(ciphertext, key, iv)\n}\n\nexport async function encryptChunkedAESGCM(\n data: Uint8Array,\n chunkSize: number,\n): Promise<{\n chunks: Array<{ ciphertext: Uint8Array; iv: Uint8Array }>\n secretKey: Uint8Array\n}> {\n if (!data || data.length === 0) {\n throw new Error('Cannot encrypt undefined or empty data')\n }\n const secretKey = crypto.getRandomValues(new Uint8Array(32))\n // Adjust chunk size to account for AES-GCM overhead (16-byte auth tag)\n const maxPlaintextSize = chunkSize - 16\n const chunks: Array<{ ciphertext: Uint8Array; iv: Uint8Array }> = []\n\n let offset = 0\n while (offset < data.length) {\n const dataChunk = data.slice(offset, offset + maxPlaintextSize)\n const { ciphertext, iv } = await encryptAESGCM(dataChunk, secretKey)\n\n if (ciphertext.byteLength > chunkSize) {\n throw new Error(`Encrypted chunk exceeds chunkSize. Adjust chunkSize.`)\n }\n\n chunks.push({ ciphertext, iv })\n offset += maxPlaintextSize\n }\n\n return { chunks, secretKey }\n}\n"],"mappings":";;;;;;AAKA,SAAgB,mBAAmBA,YAAgC;AAC/D,QAAO,OAAO,KAAK,WAAW,CAAC,SAAS,SAAS;AACpD;AAED,SAAgB,mBAAmBC,QAA4B;CAC3D,MAAM,SAAS,OAAO,KAAK,QAAQ,SAAS;AAC5C,QAAO,IAAI,WAAW;AACzB;AAED,SAAS,mBAAmBC,QAA4B;AACpD,QAAO,IAAI,WAAW,OAAO,QAAQ,OAAO,YAAY,OAAO;AAClE;AAED,SAAS,mBAAmBF,YAAgC;AACxD,QAAO,OAAO,KAAK,WAAW,QAAQ,WAAW,YAAY,WAAW,WAAW;AACtF;AAED,eAAe,uBAAuBG,YAAwBC,QAAqC;CAC/F,MAAM,OAAO,OAAO,WAAW,SAAS;AACxC,MAAK,OAAO,mBAAmB,WAAW,CAAC;CAC3C,IAAI,cAAc,mBAAmB,KAAK,QAAQ,CAAC;AAEnD,QAAO,YAAY,SAAS,QAAQ;EAChC,MAAM,UAAU,OAAO,WAAW,SAAS;AAC3C,UAAQ,OAAO,mBAAmB,YAAY,CAAC;AAC/C,gBAAc,IAAI,WAAW,CAAC,GAAG,aAAa,GAAG,mBAAmB,QAAQ,QAAQ,CAAC,AAAC;CACzF;AAED,QAAO,YAAY,MAAM,GAAG,OAAO;AACtC;AAED,eAAsB,eAClBC,WAC4C;CAC5C,IAAIC;AAEJ,YAAW,cAAc,UAAU;EAC/B,MAAM,UAAU,IAAI;AACpB,cAAY,QAAQ,OAAO,UAAU;CACxC,MACG,aAAY;CAGhB,MAAM,cAAc,MAAM,uBAAuB,WAAW,GAAQ;CAEpE,MAAM,MAAM,YAAY,MAAM,GAAG,GAAG;CACpC,MAAM,KAAK,YAAY,MAAM,IAAI,GAAQ;AAEzC,QAAO;EAAE;EAAK;CAAI;AACrB;AAED,eAAsB,cAClBC,MACAC,KACAC,IAC0E;AAC1E,MAAK,QAAQ,KAAK,WAAW,EACzB,OAAM,IAAI,MAAM;AAGpB,MAAK,IACD,OAAM,OAAO,YAAY,GAAG;UACrB,IAAI,WAAW,GACtB,OAAM,IAAI,MAAM;AAGpB,MAAK,GACD,MAAK,OAAO,YAAY,GAAG;UACpB,GAAG,WAAW,GACrB,OAAM,IAAI,MAAM;CAGpB,MAAM,SAAS,OAAO,eAClB,eACA,mBAAmB,IAAI,EACvB,mBAAmB,GAAG,CACzB;CACD,MAAM,YAAY,OAAO,OAAO,CAAC,OAAO,OAAO,mBAAmB,KAAK,CAAC,EAAE,OAAO,OAAO,AAAC,EAAC;CAC1F,MAAM,UAAU,OAAO,YAAY;CACnC,MAAM,aAAa,OAAO,OAAO,CAAC,WAAW,OAAQ,EAAC;AAEtD,QAAO;EAAE,YAAY,mBAAmB,WAAW;EAAE;EAAI,WAAW;CAAK;AAC5E;AAED,eAAsB,cAClBC,MACAC,KACAC,IACmB;AACnB,KAAI,IAAI,WAAW,GACf,OAAM,IAAI,MAAM;AAGpB,KAAI,GAAG,WAAW,GACd,OAAM,IAAI,MAAM;CAIpB,IAAIC;AACJ,YAAW,SAAS,SAChB,cAAa,OAAO,KAAK,MAAM,SAAS;KAExC,cAAa;CAGjB,MAAM,kBAAkB,OAAO,KAC3B,WAAW,QACX,WAAW,YACX,WAAW,WACd;CACD,MAAM,UAAU,IAAI,WAChB,gBAAgB,OAAO,MACnB,gBAAgB,aAAa,gBAAgB,SAAS,IACtD,gBAAgB,aAAa,gBAAgB,OAChD;CAEL,MAAM,mBAAmB,IAAI,WACzB,gBAAgB,OAAO,MACnB,gBAAgB,YAChB,gBAAgB,aAAa,gBAAgB,SAAS,GACzD;CAGL,MAAM,WAAW,OAAO,iBAAiB,eAAe,KAAK,GAAG;AAChE,UAAS,WAAW,QAAQ;CAE5B,MAAM,YAAY,OAAO,OAAO,CAAC,SAAS,OAAO,iBAAiB,EAAE,SAAS,OAAO,AAAC,EAAC;AACtF,QAAO,IAAI,WAAW,UAAU,QAAQ,UAAU,YAAY,UAAU;AAC3E;AAED,eAAsB,qBAClBC,WACAC,eACmB;AACnB,KAAI,cAAc,cAAc,0BAC5B,gBAAe,EAAE,cAAc,UAAU,8BAA8B,IAAI,cAAc;CAE7F,MAAM,EAAE,KAAK,IAAI,GAAG,MAAM,eAAe,UAAU;CACnD,MAAM,aAAa,mBAAmB,cAAc,WAAW;AAC/D,QAAO,cAAc,YAAY,KAAK,GAAG;AAC5C;AAED,eAAsB,qBAClBR,MACAS,WAID;AACC,MAAK,QAAQ,KAAK,WAAW,EACzB,OAAM,IAAI,MAAM;CAEpB,MAAM,YAAY,OAAO,gBAAgB,IAAI,WAAW,IAAI;CAE5D,MAAM,mBAAmB,YAAY;CACrC,MAAMC,SAA4D,CAAE;CAEpE,IAAI,SAAS;AACb,QAAO,SAAS,KAAK,QAAQ;EACzB,MAAM,YAAY,KAAK,MAAM,QAAQ,SAAS,iBAAiB;EAC/D,MAAM,EAAE,YAAY,IAAI,GAAG,MAAM,cAAc,WAAW,UAAU;AAEpE,MAAI,WAAW,aAAa,UACxB,OAAM,IAAI,OAAO;AAGrB,SAAO,KAAK;GAAE;GAAY;EAAI,EAAC;AAC/B,YAAU;CACb;AAED,QAAO;EAAE;EAAQ;CAAW;AAC/B"}

package/dist/web/index.cjs ADDED Viewed

@@ -0,0 +1,111 @@
+const require_chunk = require('../chunk-CUT6urMc.cjs');
+const __towns_labs_utils = require_chunk.__toESM(require("@towns-labs/utils"));
+const __towns_labs_proto = require_chunk.__toESM(require("@towns-labs/proto"));
+const __towns_labs_encryption = require_chunk.__toESM(require("@towns-labs/encryption"));
+//#region src/web/index.ts
+function uint8ArrayToBase64(uint8Array) {
+	const binary = Array.from(uint8Array, (byte) => String.fromCharCode(byte)).join("");
+	return btoa(binary);
+}
+function base64ToUint8Array(base64) {
+	const binary = atob(base64);
+	return new Uint8Array(Array.from(binary, (char) => char.charCodeAt(0)));
+}
+async function getExtendedKeyMaterial(seedBuffer, length) {
+	let keyMaterial = new Uint8Array(await crypto.subtle.digest("SHA-256", seedBuffer));
+	while (keyMaterial.length < length) {
+		const newHash = new Uint8Array(await crypto.subtle.digest("SHA-256", keyMaterial));
+		const combined = new Uint8Array(keyMaterial.length + newHash.length);
+		combined.set(keyMaterial);
+		combined.set(newHash, keyMaterial.length);
+		keyMaterial = combined;
+	}
+	return keyMaterial.slice(0, length);
+}
+async function deriveKeyAndIV(keyPhrase) {
+	let keyBuffer;
+	if (typeof keyPhrase === "string") {
+		const encoder = new TextEncoder();
+		keyBuffer = encoder.encode(keyPhrase);
+	} else keyBuffer = keyPhrase;
+	const keyMaterial = await getExtendedKeyMaterial(keyBuffer, 44);
+	const key = keyMaterial.slice(0, 32);
+	const iv = keyMaterial.slice(32, 44);
+	return {
+		key,
+		iv
+	};
+}
+async function encryptAESGCM(data, key, iv) {
+	if (!data || data.length === 0) throw new Error("Cannot encrypt undefined or empty data");
+	if (!key) {
+		key = new Uint8Array(32);
+		crypto.getRandomValues(key);
+	} else if (key.length !== 32) throw new Error("Invalid key length. AES-256-GCM requires a 32-byte key.");
+	if (!iv) {
+		iv = new Uint8Array(12);
+		crypto.getRandomValues(iv);
+	} else if (iv.length !== 12) throw new Error("Invalid IV length. AES-256-GCM requires a 12-byte IV.");
+	const cryptoKey = await crypto.subtle.importKey("raw", key, { name: "AES-GCM" }, false, ["encrypt"]);
+	const encryptedBuffer = await crypto.subtle.encrypt({
+		name: "AES-GCM",
+		iv
+	}, cryptoKey, data);
+	const ciphertext = new Uint8Array(encryptedBuffer);
+	return {
+		ciphertext,
+		iv,
+		secretKey: key
+	};
+}
+async function decryptAESGCM(data, key, iv) {
+	if (key.length !== 32) throw new Error("Invalid key length. AES-256-GCM requires a 32-byte key.");
+	if (iv.length !== 12) throw new Error("Invalid IV length. AES-256-GCM requires a 12-byte IV.");
+	let dataBuffer;
+	if (typeof data === "string") dataBuffer = base64ToUint8Array(data);
+	else dataBuffer = data;
+	const cryptoKey = await crypto.subtle.importKey("raw", key, { name: "AES-GCM" }, false, ["decrypt"]);
+	const decryptedBuffer = await crypto.subtle.decrypt({
+		name: "AES-GCM",
+		iv
+	}, cryptoKey, dataBuffer);
+	return new Uint8Array(decryptedBuffer);
+}
+async function decryptDerivedAESGCM(keyPhrase, encryptedData) {
+	if (encryptedData.algorithm !== __towns_labs_encryption.AES_GCM_DERIVED_ALGORITHM) (0, __towns_labs_utils.throwWithCode)(`${encryptedData.algorithm}" algorithm not implemented`, __towns_labs_proto.Err.UNIMPLEMENTED);
+	const { key, iv } = await deriveKeyAndIV(keyPhrase);
+	const ciphertext = base64ToUint8Array(encryptedData.ciphertext);
+	return decryptAESGCM(ciphertext, key, iv);
+}
+async function encryptChunkedAESGCM(data, chunkSize) {
+	if (!data || data.length === 0) throw new Error("Cannot encrypt undefined or empty data");
+	const secretKey = crypto.getRandomValues(new Uint8Array(32));
+	const maxPlaintextSize = chunkSize - 16;
+	const chunks = [];
+	let offset = 0;
+	while (offset < data.length) {
+		const dataChunk = data.slice(offset, offset + maxPlaintextSize);
+		const { ciphertext, iv } = await encryptAESGCM(dataChunk, secretKey);
+		if (ciphertext.byteLength > chunkSize) throw new Error(`Encrypted chunk exceeds chunkSize. Adjust chunkSize.`);
+		chunks.push({
+			ciphertext,
+			iv
+		});
+		offset += maxPlaintextSize;
+	}
+	return {
+		chunks,
+		secretKey
+	};
+}
+//#endregion
+exports.base64ToUint8Array = base64ToUint8Array;
+exports.decryptAESGCM = decryptAESGCM;
+exports.decryptDerivedAESGCM = decryptDerivedAESGCM;
+exports.deriveKeyAndIV = deriveKeyAndIV;
+exports.encryptAESGCM = encryptAESGCM;
+exports.encryptChunkedAESGCM = encryptChunkedAESGCM;
+exports.uint8ArrayToBase64 = uint8ArrayToBase64;
+//# sourceMappingURL=index.cjs.map

package/dist/web/index.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.cjs","names":["uint8Array: Uint8Array","base64: string","seedBuffer: Uint8Array","length: number","keyPhrase: string | Uint8Array","keyBuffer: Uint8Array","data: Uint8Array","key?: Uint8Array","iv?: Uint8Array","data: Uint8Array | string","key: Uint8Array","iv: Uint8Array","dataBuffer: Uint8Array","keyPhrase: string","encryptedData: EncryptedData","AES_GCM_DERIVED_ALGORITHM","Err","chunkSize: number","chunks: Array<{ ciphertext: Uint8Array; iv: Uint8Array }>"],"sources":["../../src/web/index.ts"],"sourcesContent":["import { throwWithCode } from '@towns-labs/utils'\nimport { EncryptedData, Err } from '@towns-labs/proto'\nimport { AES_GCM_DERIVED_ALGORITHM } from '@towns-labs/encryption'\n\nexport function uint8ArrayToBase64(uint8Array: Uint8Array): string {\n const binary = Array.from(uint8Array, (byte) => String.fromCharCode(byte)).join('')\n return btoa(binary)\n}\n\nexport function base64ToUint8Array(base64: string): Uint8Array {\n const binary = atob(base64)\n return new Uint8Array(Array.from(binary, (char) => char.charCodeAt(0)))\n}\n\nasync function getExtendedKeyMaterial(seedBuffer: Uint8Array, length: number): Promise<Uint8Array> {\n let keyMaterial = new Uint8Array(await crypto.subtle.digest('SHA-256', seedBuffer))\n\n while (keyMaterial.length < length) {\n const newHash = new Uint8Array(await crypto.subtle.digest('SHA-256', keyMaterial))\n const combined = new Uint8Array(keyMaterial.length + newHash.length)\n combined.set(keyMaterial)\n combined.set(newHash, keyMaterial.length)\n keyMaterial = combined\n }\n\n return keyMaterial.slice(0, length)\n}\n\nexport async function deriveKeyAndIV(\n keyPhrase: string | Uint8Array,\n): Promise<{ key: Uint8Array; iv: Uint8Array }> {\n let keyBuffer: Uint8Array\n\n if (typeof keyPhrase === 'string') {\n const encoder = new TextEncoder()\n keyBuffer = encoder.encode(keyPhrase)\n } else {\n keyBuffer = keyPhrase\n }\n\n const keyMaterial = await getExtendedKeyMaterial(keyBuffer, 32 + 12) // 32 bytes for key, 12 bytes for IV\n\n const key = keyMaterial.slice(0, 32) // AES-256 key\n const iv = keyMaterial.slice(32, 32 + 12) // AES-GCM IV\n\n return { key, iv }\n}\n\nexport async function encryptAESGCM(\n data: Uint8Array,\n key?: Uint8Array,\n iv?: Uint8Array,\n): Promise<{ ciphertext: Uint8Array; iv: Uint8Array; secretKey: Uint8Array }> {\n if (!data || data.length === 0) {\n throw new Error('Cannot encrypt undefined or empty data')\n }\n\n if (!key) {\n key = new Uint8Array(32)\n crypto.getRandomValues(key)\n } else if (key.length !== 32) {\n throw new Error('Invalid key length. AES-256-GCM requires a 32-byte key.')\n }\n\n if (!iv) {\n iv = new Uint8Array(12)\n crypto.getRandomValues(iv)\n } else if (iv.length !== 12) {\n throw new Error('Invalid IV length. AES-256-GCM requires a 12-byte IV.')\n }\n\n const cryptoKey = await crypto.subtle.importKey('raw', key, { name: 'AES-GCM' }, false, [\n 'encrypt',\n ])\n\n const encryptedBuffer = await crypto.subtle.encrypt(\n {\n name: 'AES-GCM',\n iv: iv,\n },\n cryptoKey,\n data,\n )\n\n const ciphertext = new Uint8Array(encryptedBuffer)\n\n return { ciphertext, iv, secretKey: key }\n}\n\nexport async function decryptAESGCM(\n data: Uint8Array | string,\n key: Uint8Array,\n iv: Uint8Array,\n): Promise<Uint8Array> {\n if (key.length !== 32) {\n throw new Error('Invalid key length. AES-256-GCM requires a 32-byte key.')\n }\n\n if (iv.length !== 12) {\n throw new Error('Invalid IV length. AES-256-GCM requires a 12-byte IV.')\n }\n\n let dataBuffer: Uint8Array\n if (typeof data === 'string') {\n dataBuffer = base64ToUint8Array(data)\n } else {\n dataBuffer = data\n }\n\n const cryptoKey = await crypto.subtle.importKey('raw', key, { name: 'AES-GCM' }, false, [\n 'decrypt',\n ])\n\n const decryptedBuffer = await crypto.subtle.decrypt(\n {\n name: 'AES-GCM',\n iv: iv,\n },\n cryptoKey,\n dataBuffer,\n )\n\n return new Uint8Array(decryptedBuffer)\n}\n\nexport async function decryptDerivedAESGCM(\n keyPhrase: string,\n encryptedData: EncryptedData,\n): Promise<Uint8Array> {\n if (encryptedData.algorithm !== AES_GCM_DERIVED_ALGORITHM) {\n throwWithCode(`${encryptedData.algorithm}\" algorithm not implemented`, Err.UNIMPLEMENTED)\n }\n const { key, iv } = await deriveKeyAndIV(keyPhrase)\n const ciphertext = base64ToUint8Array(encryptedData.ciphertext)\n return decryptAESGCM(ciphertext, key, iv)\n}\n\nexport async function encryptChunkedAESGCM(\n data: Uint8Array,\n chunkSize: number,\n): Promise<{\n chunks: Array<{ ciphertext: Uint8Array; iv: Uint8Array }>\n secretKey: Uint8Array\n}> {\n if (!data || data.length === 0) {\n throw new Error('Cannot encrypt undefined or empty data')\n }\n const secretKey = crypto.getRandomValues(new Uint8Array(32))\n // Adjust chunk size to account for AES-GCM overhead (16-byte auth tag)\n const maxPlaintextSize = chunkSize - 16\n const chunks: Array<{ ciphertext: Uint8Array; iv: Uint8Array }> = []\n\n let offset = 0\n while (offset < data.length) {\n const dataChunk = data.slice(offset, offset + maxPlaintextSize)\n const { ciphertext, iv } = await encryptAESGCM(dataChunk, secretKey)\n\n if (ciphertext.byteLength > chunkSize) {\n throw new Error(`Encrypted chunk exceeds chunkSize. Adjust chunkSize.`)\n }\n\n chunks.push({ ciphertext, iv })\n offset += maxPlaintextSize\n }\n\n return { chunks, secretKey }\n}\n"],"mappings":";;;;;;AAIA,SAAgB,mBAAmBA,YAAgC;CAC/D,MAAM,SAAS,MAAM,KAAK,YAAY,CAAC,SAAS,OAAO,aAAa,KAAK,CAAC,CAAC,KAAK,GAAG;AACnF,QAAO,KAAK,OAAO;AACtB;AAED,SAAgB,mBAAmBC,QAA4B;CAC3D,MAAM,SAAS,KAAK,OAAO;AAC3B,QAAO,IAAI,WAAW,MAAM,KAAK,QAAQ,CAAC,SAAS,KAAK,WAAW,EAAE,CAAC;AACzE;AAED,eAAe,uBAAuBC,YAAwBC,QAAqC;CAC/F,IAAI,cAAc,IAAI,WAAW,MAAM,OAAO,OAAO,OAAO,WAAW,WAAW;AAElF,QAAO,YAAY,SAAS,QAAQ;EAChC,MAAM,UAAU,IAAI,WAAW,MAAM,OAAO,OAAO,OAAO,WAAW,YAAY;EACjF,MAAM,WAAW,IAAI,WAAW,YAAY,SAAS,QAAQ;AAC7D,WAAS,IAAI,YAAY;AACzB,WAAS,IAAI,SAAS,YAAY,OAAO;AACzC,gBAAc;CACjB;AAED,QAAO,YAAY,MAAM,GAAG,OAAO;AACtC;AAED,eAAsB,eAClBC,WAC4C;CAC5C,IAAIC;AAEJ,YAAW,cAAc,UAAU;EAC/B,MAAM,UAAU,IAAI;AACpB,cAAY,QAAQ,OAAO,UAAU;CACxC,MACG,aAAY;CAGhB,MAAM,cAAc,MAAM,uBAAuB,WAAW,GAAQ;CAEpE,MAAM,MAAM,YAAY,MAAM,GAAG,GAAG;CACpC,MAAM,KAAK,YAAY,MAAM,IAAI,GAAQ;AAEzC,QAAO;EAAE;EAAK;CAAI;AACrB;AAED,eAAsB,cAClBC,MACAC,KACAC,IAC0E;AAC1E,MAAK,QAAQ,KAAK,WAAW,EACzB,OAAM,IAAI,MAAM;AAGpB,MAAK,KAAK;AACN,QAAM,IAAI,WAAW;AACrB,SAAO,gBAAgB,IAAI;CAC9B,WAAU,IAAI,WAAW,GACtB,OAAM,IAAI,MAAM;AAGpB,MAAK,IAAI;AACL,OAAK,IAAI,WAAW;AACpB,SAAO,gBAAgB,GAAG;CAC7B,WAAU,GAAG,WAAW,GACrB,OAAM,IAAI,MAAM;CAGpB,MAAM,YAAY,MAAM,OAAO,OAAO,UAAU,OAAO,KAAK,EAAE,MAAM,UAAW,GAAE,OAAO,CACpF,SACH,EAAC;CAEF,MAAM,kBAAkB,MAAM,OAAO,OAAO,QACxC;EACI,MAAM;EACF;CACP,GACD,WACA,KACH;CAED,MAAM,aAAa,IAAI,WAAW;AAElC,QAAO;EAAE;EAAY;EAAI,WAAW;CAAK;AAC5C;AAED,eAAsB,cAClBC,MACAC,KACAC,IACmB;AACnB,KAAI,IAAI,WAAW,GACf,OAAM,IAAI,MAAM;AAGpB,KAAI,GAAG,WAAW,GACd,OAAM,IAAI,MAAM;CAGpB,IAAIC;AACJ,YAAW,SAAS,SAChB,cAAa,mBAAmB,KAAK;KAErC,cAAa;CAGjB,MAAM,YAAY,MAAM,OAAO,OAAO,UAAU,OAAO,KAAK,EAAE,MAAM,UAAW,GAAE,OAAO,CACpF,SACH,EAAC;CAEF,MAAM,kBAAkB,MAAM,OAAO,OAAO,QACxC;EACI,MAAM;EACF;CACP,GACD,WACA,WACH;AAED,QAAO,IAAI,WAAW;AACzB;AAED,eAAsB,qBAClBC,WACAC,eACmB;AACnB,KAAI,cAAc,cAAcC,kDAC5B,wCAAe,EAAE,cAAc,UAAU,8BAA8BC,uBAAI,cAAc;CAE7F,MAAM,EAAE,KAAK,IAAI,GAAG,MAAM,eAAe,UAAU;CACnD,MAAM,aAAa,mBAAmB,cAAc,WAAW;AAC/D,QAAO,cAAc,YAAY,KAAK,GAAG;AAC5C;AAED,eAAsB,qBAClBV,MACAW,WAID;AACC,MAAK,QAAQ,KAAK,WAAW,EACzB,OAAM,IAAI,MAAM;CAEpB,MAAM,YAAY,OAAO,gBAAgB,IAAI,WAAW,IAAI;CAE5D,MAAM,mBAAmB,YAAY;CACrC,MAAMC,SAA4D,CAAE;CAEpE,IAAI,SAAS;AACb,QAAO,SAAS,KAAK,QAAQ;EACzB,MAAM,YAAY,KAAK,MAAM,QAAQ,SAAS,iBAAiB;EAC/D,MAAM,EAAE,YAAY,IAAI,GAAG,MAAM,cAAc,WAAW,UAAU;AAEpE,MAAI,WAAW,aAAa,UACxB,OAAM,IAAI,OAAO;AAGrB,SAAO,KAAK;GAAE;GAAY;EAAI,EAAC;AAC/B,YAAU;CACb;AAED,QAAO;EAAE;EAAQ;CAAW;AAC/B"}

package/dist/web/index.d.cts ADDED Viewed

@@ -0,0 +1,28 @@
+import { EncryptedData } from "@towns-labs/proto";
+//#region src/web/index.d.ts
+declare function uint8ArrayToBase64(uint8Array: Uint8Array): string;
+declare function base64ToUint8Array(base64: string): Uint8Array;
+declare function deriveKeyAndIV(keyPhrase: string | Uint8Array): Promise<{
+  key: Uint8Array;
+  iv: Uint8Array;
+}>;
+declare function encryptAESGCM(data: Uint8Array, key?: Uint8Array, iv?: Uint8Array): Promise<{
+  ciphertext: Uint8Array;
+  iv: Uint8Array;
+  secretKey: Uint8Array;
+}>;
+declare function decryptAESGCM(data: Uint8Array | string, key: Uint8Array, iv: Uint8Array): Promise<Uint8Array>;
+declare function decryptDerivedAESGCM(keyPhrase: string, encryptedData: EncryptedData): Promise<Uint8Array>;
+declare function encryptChunkedAESGCM(data: Uint8Array, chunkSize: number): Promise<{
+  chunks: Array<{
+    ciphertext: Uint8Array;
+    iv: Uint8Array;
+  }>;
+  secretKey: Uint8Array;
+}>;
+//# sourceMappingURL=index.d.ts.map
+//#endregion
+export { base64ToUint8Array, decryptAESGCM, decryptDerivedAESGCM, deriveKeyAndIV, encryptAESGCM, encryptChunkedAESGCM, uint8ArrayToBase64 };
+//# sourceMappingURL=index.d.cts.map

package/dist/web/index.d.cts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.cts","names":[],"sources":["../../src/web/index.ts"],"sourcesContent":[],"mappings":";;;iBAIgB,kBAAA,aAA+B;iBAK/B,kBAAA,kBAAoC;AALpC,iBAwBM,cAAA,CAxByB,SAAU,EAAA,MAAA,GAyBjC,UAzBiC,CAAA,EA0BtD,OA1BsD,CAAA;EAKzC,GAAA,EAqBE,UArBF;EAmBM,EAAA,EAEY,UAFZ;CAAc,CAAA;AACZ,iBAmBF,aAAA,CAnBE,IAAA,EAoBd,UApBc,EAAA,GAAA,CAAA,EAqBd,UArBc,EAAA,EAAA,CAAA,EAsBf,UAtBe,CAAA,EAuBrB,OAvBqB,CAAA;EAAU,UAChB,EAsBO,UAtBP;EAAU,EAAA,EAsBa,UAtBP;EAAU,SAAzC,EAsB6D,UAtB7D;AAAO,CAAA,CAAA;AAkBY,iBAyCA,aAAA,CAzCa,IAAA,EA0CzB,UA1CyB,GAAA,MAAA,EAAA,GAAA,EA2C1B,UA3C0B,EAAA,EAAA,EA4C3B,UA5C2B,CAAA,EA6ChC,OA7CgC,CA6CxB,UA7CwB,CAAA;AAAA,iBA6Eb,oBAAA,CA7Ea,SAAA,EAAA,MAAA,EAAA,aAAA,EA+EhB,aA/EgB,CAAA,EAgFhC,OAhFgC,CAgFxB,UAhFwB,CAAA;AACzB,iBAwFY,oBAAA,CAxFZ,IAAA,EAyFA,UAzFA,EAAA,SAAA,EAAA,MAAA,CAAA,EA2FP,OA3FO,CAAA;EAAU,MACV,EA2FE,KA3FF,CAAA;IACD,UAAA,EA0FuB,UA1FvB;IACgB,EAAA,EAyFuB,UAzFvB;EAAU,CAAA,CAAA;EAAgB,SAAa,EA0FjD,UA1FiD;CAAU,CAAA;AAAhE"}

package/dist/web/index.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+import { EncryptedData } from "@towns-labs/proto";
+//#region src/web/index.d.ts
+declare function uint8ArrayToBase64(uint8Array: Uint8Array): string;
+declare function base64ToUint8Array(base64: string): Uint8Array;
+declare function deriveKeyAndIV(keyPhrase: string | Uint8Array): Promise<{
+  key: Uint8Array;
+  iv: Uint8Array;
+}>;
+declare function encryptAESGCM(data: Uint8Array, key?: Uint8Array, iv?: Uint8Array): Promise<{
+  ciphertext: Uint8Array;
+  iv: Uint8Array;
+  secretKey: Uint8Array;
+}>;
+declare function decryptAESGCM(data: Uint8Array | string, key: Uint8Array, iv: Uint8Array): Promise<Uint8Array>;
+declare function decryptDerivedAESGCM(keyPhrase: string, encryptedData: EncryptedData): Promise<Uint8Array>;
+declare function encryptChunkedAESGCM(data: Uint8Array, chunkSize: number): Promise<{
+  chunks: Array<{
+    ciphertext: Uint8Array;
+    iv: Uint8Array;
+  }>;
+  secretKey: Uint8Array;
+}>;
+//# sourceMappingURL=index.d.ts.map
+//#endregion
+export { base64ToUint8Array, decryptAESGCM, decryptDerivedAESGCM, deriveKeyAndIV, encryptAESGCM, encryptChunkedAESGCM, uint8ArrayToBase64 };
+//# sourceMappingURL=index.d.ts.map

package/dist/web/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","names":[],"sources":["../../src/web/index.ts"],"sourcesContent":[],"mappings":";;;iBAIgB,kBAAA,aAA+B;iBAK/B,kBAAA,kBAAoC;AALpC,iBAwBM,cAAA,CAxByB,SAAU,EAAA,MAAA,GAyBjC,UAzBiC,CAAA,EA0BtD,OA1BsD,CAAA;EAKzC,GAAA,EAqBE,UArBF;EAmBM,EAAA,EAEY,UAFZ;CAAc,CAAA;AACZ,iBAmBF,aAAA,CAnBE,IAAA,EAoBd,UApBc,EAAA,GAAA,CAAA,EAqBd,UArBc,EAAA,EAAA,CAAA,EAsBf,UAtBe,CAAA,EAuBrB,OAvBqB,CAAA;EAAU,UAChB,EAsBO,UAtBP;EAAU,EAAA,EAsBa,UAtBP;EAAU,SAAzC,EAsB6D,UAtB7D;AAAO,CAAA,CAAA;AAkBY,iBAyCA,aAAA,CAzCa,IAAA,EA0CzB,UA1CyB,GAAA,MAAA,EAAA,GAAA,EA2C1B,UA3C0B,EAAA,EAAA,EA4C3B,UA5C2B,CAAA,EA6ChC,OA7CgC,CA6CxB,UA7CwB,CAAA;AAAA,iBA6Eb,oBAAA,CA7Ea,SAAA,EAAA,MAAA,EAAA,aAAA,EA+EhB,aA/EgB,CAAA,EAgFhC,OAhFgC,CAgFxB,UAhFwB,CAAA;AACzB,iBAwFY,oBAAA,CAxFZ,IAAA,EAyFA,UAzFA,EAAA,SAAA,EAAA,MAAA,CAAA,EA2FP,OA3FO,CAAA;EAAU,MACV,EA2FE,KA3FF,CAAA;IACD,UAAA,EA0FuB,UA1FvB;IACgB,EAAA,EAyFuB,UAzFvB;EAAU,CAAA,CAAA;EAAgB,SAAa,EA0FjD,UA1FiD;CAAU,CAAA;AAAhE"}

package/dist/web/index.js ADDED Viewed

@@ -0,0 +1,104 @@
+import { throwWithCode } from "@towns-labs/utils";
+import { Err } from "@towns-labs/proto";
+import { AES_GCM_DERIVED_ALGORITHM } from "@towns-labs/encryption";
+//#region src/web/index.ts
+function uint8ArrayToBase64(uint8Array) {
+	const binary = Array.from(uint8Array, (byte) => String.fromCharCode(byte)).join("");
+	return btoa(binary);
+}
+function base64ToUint8Array(base64) {
+	const binary = atob(base64);
+	return new Uint8Array(Array.from(binary, (char) => char.charCodeAt(0)));
+}
+async function getExtendedKeyMaterial(seedBuffer, length) {
+	let keyMaterial = new Uint8Array(await crypto.subtle.digest("SHA-256", seedBuffer));
+	while (keyMaterial.length < length) {
+		const newHash = new Uint8Array(await crypto.subtle.digest("SHA-256", keyMaterial));
+		const combined = new Uint8Array(keyMaterial.length + newHash.length);
+		combined.set(keyMaterial);
+		combined.set(newHash, keyMaterial.length);
+		keyMaterial = combined;
+	}
+	return keyMaterial.slice(0, length);
+}
+async function deriveKeyAndIV(keyPhrase) {
+	let keyBuffer;
+	if (typeof keyPhrase === "string") {
+		const encoder = new TextEncoder();
+		keyBuffer = encoder.encode(keyPhrase);
+	} else keyBuffer = keyPhrase;
+	const keyMaterial = await getExtendedKeyMaterial(keyBuffer, 44);
+	const key = keyMaterial.slice(0, 32);
+	const iv = keyMaterial.slice(32, 44);
+	return {
+		key,
+		iv
+	};
+}
+async function encryptAESGCM(data, key, iv) {
+	if (!data || data.length === 0) throw new Error("Cannot encrypt undefined or empty data");
+	if (!key) {
+		key = new Uint8Array(32);
+		crypto.getRandomValues(key);
+	} else if (key.length !== 32) throw new Error("Invalid key length. AES-256-GCM requires a 32-byte key.");
+	if (!iv) {
+		iv = new Uint8Array(12);
+		crypto.getRandomValues(iv);
+	} else if (iv.length !== 12) throw new Error("Invalid IV length. AES-256-GCM requires a 12-byte IV.");
+	const cryptoKey = await crypto.subtle.importKey("raw", key, { name: "AES-GCM" }, false, ["encrypt"]);
+	const encryptedBuffer = await crypto.subtle.encrypt({
+		name: "AES-GCM",
+		iv
+	}, cryptoKey, data);
+	const ciphertext = new Uint8Array(encryptedBuffer);
+	return {
+		ciphertext,
+		iv,
+		secretKey: key
+	};
+}
+async function decryptAESGCM(data, key, iv) {
+	if (key.length !== 32) throw new Error("Invalid key length. AES-256-GCM requires a 32-byte key.");
+	if (iv.length !== 12) throw new Error("Invalid IV length. AES-256-GCM requires a 12-byte IV.");
+	let dataBuffer;
+	if (typeof data === "string") dataBuffer = base64ToUint8Array(data);
+	else dataBuffer = data;
+	const cryptoKey = await crypto.subtle.importKey("raw", key, { name: "AES-GCM" }, false, ["decrypt"]);
+	const decryptedBuffer = await crypto.subtle.decrypt({
+		name: "AES-GCM",
+		iv
+	}, cryptoKey, dataBuffer);
+	return new Uint8Array(decryptedBuffer);
+}
+async function decryptDerivedAESGCM(keyPhrase, encryptedData) {
+	if (encryptedData.algorithm !== AES_GCM_DERIVED_ALGORITHM) throwWithCode(`${encryptedData.algorithm}" algorithm not implemented`, Err.UNIMPLEMENTED);
+	const { key, iv } = await deriveKeyAndIV(keyPhrase);
+	const ciphertext = base64ToUint8Array(encryptedData.ciphertext);
+	return decryptAESGCM(ciphertext, key, iv);
+}
+async function encryptChunkedAESGCM(data, chunkSize) {
+	if (!data || data.length === 0) throw new Error("Cannot encrypt undefined or empty data");
+	const secretKey = crypto.getRandomValues(new Uint8Array(32));
+	const maxPlaintextSize = chunkSize - 16;
+	const chunks = [];
+	let offset = 0;
+	while (offset < data.length) {
+		const dataChunk = data.slice(offset, offset + maxPlaintextSize);
+		const { ciphertext, iv } = await encryptAESGCM(dataChunk, secretKey);
+		if (ciphertext.byteLength > chunkSize) throw new Error(`Encrypted chunk exceeds chunkSize. Adjust chunkSize.`);
+		chunks.push({
+			ciphertext,
+			iv
+		});
+		offset += maxPlaintextSize;
+	}
+	return {
+		chunks,
+		secretKey
+	};
+}
+//#endregion
+export { base64ToUint8Array, decryptAESGCM, decryptDerivedAESGCM, deriveKeyAndIV, encryptAESGCM, encryptChunkedAESGCM, uint8ArrayToBase64 };
+//# sourceMappingURL=index.js.map

package/dist/web/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","names":["uint8Array: Uint8Array","base64: string","seedBuffer: Uint8Array","length: number","keyPhrase: string | Uint8Array","keyBuffer: Uint8Array","data: Uint8Array","key?: Uint8Array","iv?: Uint8Array","data: Uint8Array | string","key: Uint8Array","iv: Uint8Array","dataBuffer: Uint8Array","keyPhrase: string","encryptedData: EncryptedData","chunkSize: number","chunks: Array<{ ciphertext: Uint8Array; iv: Uint8Array }>"],"sources":["../../src/web/index.ts"],"sourcesContent":["import { throwWithCode } from '@towns-labs/utils'\nimport { EncryptedData, Err } from '@towns-labs/proto'\nimport { AES_GCM_DERIVED_ALGORITHM } from '@towns-labs/encryption'\n\nexport function uint8ArrayToBase64(uint8Array: Uint8Array): string {\n const binary = Array.from(uint8Array, (byte) => String.fromCharCode(byte)).join('')\n return btoa(binary)\n}\n\nexport function base64ToUint8Array(base64: string): Uint8Array {\n const binary = atob(base64)\n return new Uint8Array(Array.from(binary, (char) => char.charCodeAt(0)))\n}\n\nasync function getExtendedKeyMaterial(seedBuffer: Uint8Array, length: number): Promise<Uint8Array> {\n let keyMaterial = new Uint8Array(await crypto.subtle.digest('SHA-256', seedBuffer))\n\n while (keyMaterial.length < length) {\n const newHash = new Uint8Array(await crypto.subtle.digest('SHA-256', keyMaterial))\n const combined = new Uint8Array(keyMaterial.length + newHash.length)\n combined.set(keyMaterial)\n combined.set(newHash, keyMaterial.length)\n keyMaterial = combined\n }\n\n return keyMaterial.slice(0, length)\n}\n\nexport async function deriveKeyAndIV(\n keyPhrase: string | Uint8Array,\n): Promise<{ key: Uint8Array; iv: Uint8Array }> {\n let keyBuffer: Uint8Array\n\n if (typeof keyPhrase === 'string') {\n const encoder = new TextEncoder()\n keyBuffer = encoder.encode(keyPhrase)\n } else {\n keyBuffer = keyPhrase\n }\n\n const keyMaterial = await getExtendedKeyMaterial(keyBuffer, 32 + 12) // 32 bytes for key, 12 bytes for IV\n\n const key = keyMaterial.slice(0, 32) // AES-256 key\n const iv = keyMaterial.slice(32, 32 + 12) // AES-GCM IV\n\n return { key, iv }\n}\n\nexport async function encryptAESGCM(\n data: Uint8Array,\n key?: Uint8Array,\n iv?: Uint8Array,\n): Promise<{ ciphertext: Uint8Array; iv: Uint8Array; secretKey: Uint8Array }> {\n if (!data || data.length === 0) {\n throw new Error('Cannot encrypt undefined or empty data')\n }\n\n if (!key) {\n key = new Uint8Array(32)\n crypto.getRandomValues(key)\n } else if (key.length !== 32) {\n throw new Error('Invalid key length. AES-256-GCM requires a 32-byte key.')\n }\n\n if (!iv) {\n iv = new Uint8Array(12)\n crypto.getRandomValues(iv)\n } else if (iv.length !== 12) {\n throw new Error('Invalid IV length. AES-256-GCM requires a 12-byte IV.')\n }\n\n const cryptoKey = await crypto.subtle.importKey('raw', key, { name: 'AES-GCM' }, false, [\n 'encrypt',\n ])\n\n const encryptedBuffer = await crypto.subtle.encrypt(\n {\n name: 'AES-GCM',\n iv: iv,\n },\n cryptoKey,\n data,\n )\n\n const ciphertext = new Uint8Array(encryptedBuffer)\n\n return { ciphertext, iv, secretKey: key }\n}\n\nexport async function decryptAESGCM(\n data: Uint8Array | string,\n key: Uint8Array,\n iv: Uint8Array,\n): Promise<Uint8Array> {\n if (key.length !== 32) {\n throw new Error('Invalid key length. AES-256-GCM requires a 32-byte key.')\n }\n\n if (iv.length !== 12) {\n throw new Error('Invalid IV length. AES-256-GCM requires a 12-byte IV.')\n }\n\n let dataBuffer: Uint8Array\n if (typeof data === 'string') {\n dataBuffer = base64ToUint8Array(data)\n } else {\n dataBuffer = data\n }\n\n const cryptoKey = await crypto.subtle.importKey('raw', key, { name: 'AES-GCM' }, false, [\n 'decrypt',\n ])\n\n const decryptedBuffer = await crypto.subtle.decrypt(\n {\n name: 'AES-GCM',\n iv: iv,\n },\n cryptoKey,\n dataBuffer,\n )\n\n return new Uint8Array(decryptedBuffer)\n}\n\nexport async function decryptDerivedAESGCM(\n keyPhrase: string,\n encryptedData: EncryptedData,\n): Promise<Uint8Array> {\n if (encryptedData.algorithm !== AES_GCM_DERIVED_ALGORITHM) {\n throwWithCode(`${encryptedData.algorithm}\" algorithm not implemented`, Err.UNIMPLEMENTED)\n }\n const { key, iv } = await deriveKeyAndIV(keyPhrase)\n const ciphertext = base64ToUint8Array(encryptedData.ciphertext)\n return decryptAESGCM(ciphertext, key, iv)\n}\n\nexport async function encryptChunkedAESGCM(\n data: Uint8Array,\n chunkSize: number,\n): Promise<{\n chunks: Array<{ ciphertext: Uint8Array; iv: Uint8Array }>\n secretKey: Uint8Array\n}> {\n if (!data || data.length === 0) {\n throw new Error('Cannot encrypt undefined or empty data')\n }\n const secretKey = crypto.getRandomValues(new Uint8Array(32))\n // Adjust chunk size to account for AES-GCM overhead (16-byte auth tag)\n const maxPlaintextSize = chunkSize - 16\n const chunks: Array<{ ciphertext: Uint8Array; iv: Uint8Array }> = []\n\n let offset = 0\n while (offset < data.length) {\n const dataChunk = data.slice(offset, offset + maxPlaintextSize)\n const { ciphertext, iv } = await encryptAESGCM(dataChunk, secretKey)\n\n if (ciphertext.byteLength > chunkSize) {\n throw new Error(`Encrypted chunk exceeds chunkSize. Adjust chunkSize.`)\n }\n\n chunks.push({ ciphertext, iv })\n offset += maxPlaintextSize\n }\n\n return { chunks, secretKey }\n}\n"],"mappings":";;;;;AAIA,SAAgB,mBAAmBA,YAAgC;CAC/D,MAAM,SAAS,MAAM,KAAK,YAAY,CAAC,SAAS,OAAO,aAAa,KAAK,CAAC,CAAC,KAAK,GAAG;AACnF,QAAO,KAAK,OAAO;AACtB;AAED,SAAgB,mBAAmBC,QAA4B;CAC3D,MAAM,SAAS,KAAK,OAAO;AAC3B,QAAO,IAAI,WAAW,MAAM,KAAK,QAAQ,CAAC,SAAS,KAAK,WAAW,EAAE,CAAC;AACzE;AAED,eAAe,uBAAuBC,YAAwBC,QAAqC;CAC/F,IAAI,cAAc,IAAI,WAAW,MAAM,OAAO,OAAO,OAAO,WAAW,WAAW;AAElF,QAAO,YAAY,SAAS,QAAQ;EAChC,MAAM,UAAU,IAAI,WAAW,MAAM,OAAO,OAAO,OAAO,WAAW,YAAY;EACjF,MAAM,WAAW,IAAI,WAAW,YAAY,SAAS,QAAQ;AAC7D,WAAS,IAAI,YAAY;AACzB,WAAS,IAAI,SAAS,YAAY,OAAO;AACzC,gBAAc;CACjB;AAED,QAAO,YAAY,MAAM,GAAG,OAAO;AACtC;AAED,eAAsB,eAClBC,WAC4C;CAC5C,IAAIC;AAEJ,YAAW,cAAc,UAAU;EAC/B,MAAM,UAAU,IAAI;AACpB,cAAY,QAAQ,OAAO,UAAU;CACxC,MACG,aAAY;CAGhB,MAAM,cAAc,MAAM,uBAAuB,WAAW,GAAQ;CAEpE,MAAM,MAAM,YAAY,MAAM,GAAG,GAAG;CACpC,MAAM,KAAK,YAAY,MAAM,IAAI,GAAQ;AAEzC,QAAO;EAAE;EAAK;CAAI;AACrB;AAED,eAAsB,cAClBC,MACAC,KACAC,IAC0E;AAC1E,MAAK,QAAQ,KAAK,WAAW,EACzB,OAAM,IAAI,MAAM;AAGpB,MAAK,KAAK;AACN,QAAM,IAAI,WAAW;AACrB,SAAO,gBAAgB,IAAI;CAC9B,WAAU,IAAI,WAAW,GACtB,OAAM,IAAI,MAAM;AAGpB,MAAK,IAAI;AACL,OAAK,IAAI,WAAW;AACpB,SAAO,gBAAgB,GAAG;CAC7B,WAAU,GAAG,WAAW,GACrB,OAAM,IAAI,MAAM;CAGpB,MAAM,YAAY,MAAM,OAAO,OAAO,UAAU,OAAO,KAAK,EAAE,MAAM,UAAW,GAAE,OAAO,CACpF,SACH,EAAC;CAEF,MAAM,kBAAkB,MAAM,OAAO,OAAO,QACxC;EACI,MAAM;EACF;CACP,GACD,WACA,KACH;CAED,MAAM,aAAa,IAAI,WAAW;AAElC,QAAO;EAAE;EAAY;EAAI,WAAW;CAAK;AAC5C;AAED,eAAsB,cAClBC,MACAC,KACAC,IACmB;AACnB,KAAI,IAAI,WAAW,GACf,OAAM,IAAI,MAAM;AAGpB,KAAI,GAAG,WAAW,GACd,OAAM,IAAI,MAAM;CAGpB,IAAIC;AACJ,YAAW,SAAS,SAChB,cAAa,mBAAmB,KAAK;KAErC,cAAa;CAGjB,MAAM,YAAY,MAAM,OAAO,OAAO,UAAU,OAAO,KAAK,EAAE,MAAM,UAAW,GAAE,OAAO,CACpF,SACH,EAAC;CAEF,MAAM,kBAAkB,MAAM,OAAO,OAAO,QACxC;EACI,MAAM;EACF;CACP,GACD,WACA,WACH;AAED,QAAO,IAAI,WAAW;AACzB;AAED,eAAsB,qBAClBC,WACAC,eACmB;AACnB,KAAI,cAAc,cAAc,0BAC5B,gBAAe,EAAE,cAAc,UAAU,8BAA8B,IAAI,cAAc;CAE7F,MAAM,EAAE,KAAK,IAAI,GAAG,MAAM,eAAe,UAAU;CACnD,MAAM,aAAa,mBAAmB,cAAc,WAAW;AAC/D,QAAO,cAAc,YAAY,KAAK,GAAG;AAC5C;AAED,eAAsB,qBAClBR,MACAS,WAID;AACC,MAAK,QAAQ,KAAK,WAAW,EACzB,OAAM,IAAI,MAAM;CAEpB,MAAM,YAAY,OAAO,gBAAgB,IAAI,WAAW,IAAI;CAE5D,MAAM,mBAAmB,YAAY;CACrC,MAAMC,SAA4D,CAAE;CAEpE,IAAI,SAAS;AACb,QAAO,SAAS,KAAK,QAAQ;EACzB,MAAM,YAAY,KAAK,MAAM,QAAQ,SAAS,iBAAiB;EAC/D,MAAM,EAAE,YAAY,IAAI,GAAG,MAAM,cAAc,WAAW,UAAU;AAEpE,MAAI,WAAW,aAAa,UACxB,OAAM,IAAI,OAAO;AAGrB,SAAO,KAAK;GAAE;GAAY;EAAI,EAAC;AAC/B,YAAU;CACb;AAED,QAAO;EAAE;EAAQ;CAAW;AAC/B"}

package/package.json ADDED Viewed

@@ -0,0 +1,52 @@
+{
+    "name": "@towns-labs/sdk-crypto",
+    "version": "2.0.1",
+    "type": "module",
+    "main": "./dist/web/index.cjs",
+    "types": "./dist/web/index.d.ts",
+    "scripts": {
+        "build": "tsdown",
+        "cb": "bun run clean && bun run build",
+        "clean": "rm -rf dist",
+        "lint": "eslint --format unix ./src  --max-warnings=0",
+        "lint:fix": "bun run lint --fix",
+        "test": "vitest",
+        "test:unit": "vitest run",
+        "watch": "tsdown --watch"
+    },
+    "dependencies": {
+        "@towns-labs/encryption": "^1.0.1",
+        "@towns-labs/proto": "^1.0.1",
+        "@towns-labs/utils": "^1.0.1"
+    },
+    "devDependencies": {
+        "@bufbuild/protobuf": "^2.9.0",
+        "@types/node": "^20.14.8",
+        "@typescript-eslint/eslint-plugin": "^8.29.0",
+        "@typescript-eslint/parser": "^8.29.0",
+        "eslint": "^8.57.1",
+        "eslint-import-resolver-typescript": "^4.3.2",
+        "eslint-plugin-import-x": "^4.10.2",
+        "eslint-plugin-tsdoc": "^0.3.0",
+        "happy-dom": "^19.0.2",
+        "tsdown": "^0.12.3",
+        "typescript": "~5.8.3",
+        "vitest": "^3.2.3"
+    },
+    "exports": {
+        ".": {
+            "types": "./dist/web/index.d.ts",
+            "node": "./dist/node/index.js",
+            "default": "./dist/web/index.js"
+        },
+        "./package.json": "./package.json"
+    },
+    "files": [
+        "/dist"
+    ],
+    "module": "./dist/web/index.js",
+    "publishConfig": {
+        "access": "public"
+    },
+    "sideEffects": false
+}