@tstdl/base 0.93.178 → 0.93.180

package/cryptography/cryptography.d.ts

@@ -0,0 +1,336 @@
+import type { TypedExtract, TypedOmit } from '../types/index.js';
+declare global {
+    interface SubtleCrypto {
+        encapsulateKey(algorithm: string | Algorithm, publicKey: CryptoKey, sharedKeyAlgorithm: string | Algorithm | HmacImportParams | AesKeyAlgorithm | KmacImportParams, extractable: boolean, usages: KeyUsage[]): Promise<{
+            ciphertext: ArrayBuffer;
+            sharedKey: CryptoKey;
+        }>;
+        decapsulateKey(algorithm: string | Algorithm, privateKey: CryptoKey, ciphertext: BufferSource, sharedKeyAlgorithm: string | Algorithm | HmacImportParams | AesKeyAlgorithm | KmacImportParams, extractable: boolean, usages: KeyUsage[]): Promise<CryptoKey>;
+        encapsulateBits(algorithm: string | Algorithm, publicKey: CryptoKey): Promise<{
+            ciphertext: ArrayBuffer;
+            sharedKey: ArrayBuffer;
+        }>;
+        decapsulateBits(algorithm: string | Algorithm, privateKey: CryptoKey, ciphertext: BufferSource): Promise<ArrayBuffer>;
+        getPublicKey(key: CryptoKey, keyUsages: KeyUsage[]): Promise<CryptoKey>;
+    }
+}
+export type AesMode = 'CBC' | 'CTR' | 'GCM' | 'KW' | 'OCB';
+export type EcdsaCurve = 'P-256' | 'P-384' | 'P-521';
+export type HashAlgorithm = 'SHA-1' | 'SHA-256' | 'SHA-384' | 'SHA-512' | 'SHA3-256' | 'SHA3-384' | 'SHA3-512' | 'cSHAKE128' | 'cSHAKE256';
+export type SymmetricAlgorithm = `AES-${AesMode}` | 'ChaCha20-Poly1305' | 'KMAC128' | 'KMAC256';
+export type AsymmetricAlgorithm = 'RSASSA-PKCS1-v1_5' | 'RSA-PSS' | 'RSA-OAEP' | 'ECDSA' | 'ECDH' | 'Ed25519' | 'Ed448' | 'X25519' | 'X448' | 'ML-DSA-44' | 'ML-DSA-65' | 'ML-DSA-87';
+export type KEMAlgorithm = 'ML-KEM-512' | 'ML-KEM-768' | 'ML-KEM-1024';
+export type DerivationAlgorithmName = 'PBKDF2' | 'HKDF' | 'Argon2d' | 'Argon2i' | 'Argon2id' | 'ECDH' | 'X25519' | 'X448';
+export type HashAlgorithmIdentifier = HashAlgorithm | {
+    name: HashAlgorithm;
+};
+export interface AeadParams extends SpecificAlgorithm<Algorithm, 'AES-GCM' | 'AES-OCB' | 'ChaCha20-Poly1305'> {
+    additionalData?: BufferSource;
+    iv: BufferSource;
+    tagLength?: number;
+}
+export interface Pbkdf2Params extends SpecificAlgorithm<TypedOmit<globalThis.Pbkdf2Params, 'hash'>, 'PBKDF2'> {
+    hash: HashAlgorithmIdentifier;
+}
+export interface HkdfParams extends SpecificAlgorithm<globalThis.HkdfParams, 'HKDF'> {
+}
+export interface Argon2Params extends SpecificAlgorithm<Algorithm, 'Argon2d' | 'Argon2i' | 'Argon2id'> {
+    memory: number;
+    parallelism: number;
+    passes: number;
+    nonce: BufferSource;
+    secretValue?: BufferSource;
+    associatedData?: BufferSource;
+    version?: number;
+}
+export interface CShakeParams extends SpecificAlgorithm<Algorithm, 'cSHAKE128' | 'cSHAKE256'> {
+    outputLength: number;
+    functionName?: BufferSource;
+    customization?: BufferSource;
+}
+export interface KmacParams extends SpecificAlgorithm<Algorithm, 'KMAC128' | 'KMAC256'> {
+    outputLength: number;
+    customization?: BufferSource;
+}
+export interface KmacImportParams extends SpecificAlgorithm<Algorithm, 'KMAC128' | 'KMAC256'> {
+    length?: number;
+}
+export interface ContextParams extends SpecificAlgorithm<Algorithm, 'Ed448' | 'ML-DSA-44' | 'ML-DSA-65' | 'ML-DSA-87'> {
+    context?: BufferSource;
+}
+export interface AesCbcParams extends SpecificAlgorithm<globalThis.AesCbcParams, 'AES-CBC'> {
+}
+export interface AesCtrParams extends SpecificAlgorithm<globalThis.AesCtrParams, 'AES-CTR'> {
+}
+export interface RsaPssParams extends SpecificAlgorithm<globalThis.RsaPssParams, 'RSA-PSS'> {
+}
+export interface EcdsaParams extends SpecificAlgorithm<globalThis.EcdsaParams, 'ECDSA'> {
+}
+export interface EcdhKeyDeriveParams extends SpecificAlgorithm<globalThis.EcdhKeyDeriveParams, 'ECDH' | 'X25519' | 'X448'> {
+}
+export interface HmacParams extends SpecificAlgorithm<globalThis.HmacImportParams, 'HMAC'> {
+}
+type SpecificAlgorithm<T extends Algorithm, Name extends string> = TypedOmit<T, 'name'> & {
+    name: Name;
+};
+export type DigestAlgorithm = HashAlgorithm | CShakeParams;
+export type CryptionAlgorithm = 'AES-CBC' | 'AES-CTR' | 'AES-GCM' | 'AES-KW' | 'AES-OCB' | 'ChaCha20-Poly1305' | AesCbcParams | AesCtrParams | AeadParams | SpecificAlgorithm<Algorithm, 'AES-KW'>;
+export type SignAlgorithm = 'HMAC' | 'RSASSA-PKCS1-v1_5' | 'ECDSA' | 'Ed25519' | 'Ed448' | 'ML-DSA-44' | 'ML-DSA-65' | 'ML-DSA-87' | KmacParams | ContextParams | RsaPssParams | EcdsaParams | HmacParams | SpecificAlgorithm<Algorithm, 'RSASSA-PKCS1-v1_5' | 'Ed25519'>;
+export type DeriveAlgorithm = DerivationAlgorithmName | Argon2Params | Pbkdf2Params | EcdhKeyDeriveParams | HkdfParams;
+export type ImportAlgorithm = RsaHashedImportParams | EcKeyImportParams | HmacImportParams | KmacImportParams | EcdhKeyDeriveParams | (TypedOmit<AesKeyAlgorithm, 'name' | 'length'> & {
+    name: SymmetricAlgorithm;
+    length?: number;
+}) | TypedOmit<Argon2Params, 'memory' | 'parallelism' | 'passes' | 'nonce'> | TypedOmit<Pbkdf2Params, 'hash' | 'iterations' | 'salt'> | TypedOmit<HkdfParams, 'hash' | 'info' | 'salt'>;
+export type KeyFormat = globalThis.KeyFormat | 'raw-public' | 'raw-secret' | 'raw-seed';
+export type KeyData = JsonWebKey | BufferSource;
+export type ScryptOptions = {
+    cost?: number;
+    blockSize?: number;
+    parallelization?: number;
+    maximumMemory?: number;
+};
+export interface CryptionResult {
+    toBuffer(): Promise<ArrayBuffer>;
+    toUint8Array(): Promise<Uint8Array<ArrayBuffer>>;
+    toHex(): Promise<string>;
+    toBase64(): Promise<string>;
+    toBase64Url(): Promise<string>;
+    toZBase32(): Promise<string>;
+}
+export interface DecryptionResult extends CryptionResult {
+    toUtf8(): Promise<string>;
+}
+export type DigestResult = CryptionResult;
+export type SignResult = CryptionResult;
+/**
+ * Encrypt data
+ * @param algorithm algorithm as supported by Web Crypto API
+ * @param key key
+ * @param data data to encrypt. Encodes string to utf8
+ */
+export declare function encrypt(algorithm: CryptionAlgorithm, key: CryptoKey, data: BufferSource | string): CryptionResult;
+/**
+ * Decrypt data
+ * @param algorithm algorithm as supported by Web Crypto API
+ * @param key key
+ * @param bytes data to decrypt
+ */
+export declare function decrypt(algorithm: CryptionAlgorithm, key: CryptoKey, bytes: BufferSource): DecryptionResult;
+/**
+ * Hashes data
+ * @param algorithm algorithm as supported by Web Crypto API
+ * @param data data to encrypt. Encodes string to utf8
+ */
+export declare function digest(algorithm: DigestAlgorithm, data: BufferSource | string): DigestResult;
+/**
+ * Signs data
+ * @param algorithm algorithm as supported by Web Crypto API
+ * @param key key
+ * @param data data to sign
+ */
+export declare function sign(algorithm: SignAlgorithm, key: CryptoKey, data: BufferSource | string): SignResult;
+/**
+ * Verifies data
+ * @param algorithm algorithm as supported by Web Crypto API
+ * @param key key
+ * @param signature signature
+ * @param data data to verify using provided signature
+ */
+export declare function verify(algorithm: SignAlgorithm, key: CryptoKey, signature: BufferSource | string, data: BufferSource | string): Promise<boolean>;
+/**
+ * Import a key
+ * @param format format of the key
+ * @param keyData key data
+ * @param algorithm algorithm
+ * @param extractable whether the key can be used for exportKey
+ * @param keyUsages usages for the key
+ */
+export declare function importKey(format: 'jwk', keyData: JsonWebKey, algorithm: ImportAlgorithm, extractable: boolean, keyUsages: readonly KeyUsage[]): Promise<CryptoKey>;
+export declare function importKey(format: Exclude<KeyFormat, 'jwk'>, keyData: BufferSource, algorithm: ImportAlgorithm, extractable: boolean, keyUsages: readonly KeyUsage[]): Promise<CryptoKey>;
+/**
+ * Exports a key
+ * @param format format to export to
+ * @param key key to export
+ */
+export declare function exportKey(format: 'jwk', key: CryptoKey): Promise<JsonWebKey>;
+export declare function exportKey(format: Exclude<KeyFormat, 'jwk'>, key: CryptoKey): Promise<ArrayBuffer>;
+/**
+ * Wraps a key
+ * @param format format to export the key in
+ * @param key key to wrap
+ * @param wrappingKey key to use for wrapping
+ * @param wrapAlgorithm algorithm to use for wrapping
+ */
+export declare function wrapKey(format: KeyFormat, key: CryptoKey, wrappingKey: CryptoKey, wrapAlgorithm: CryptionAlgorithm): Promise<ArrayBuffer>;
+/**
+ * Unwraps a key
+ * @param format format of the wrapped key
+ * @param wrappedKey wrapped key
+ * @param unwrappingKey key to use for unwrapping
+ * @param unwrapAlgorithm algorithm to use for unwrapping
+ * @param unwrappedKeyAlgorithm algorithm of the unwrapped key
+ * @param extractable whether the unwrapped key can be used for exportKey
+ * @param usages usages for the unwrapped key
+ */
+export declare function unwrapKey(format: KeyFormat, wrappedKey: BufferSource, unwrappingKey: CryptoKey, unwrapAlgorithm: CryptionAlgorithm, unwrappedKeyAlgorithm: ImportAlgorithm, extractable: boolean, usages: KeyUsage[]): Promise<CryptoKey>;
+/**
+ * Imports a HMAC CryptoKey
+ * @param algorithm hash algorithm
+ * @param key JWK or binary key
+ * @param extractable whether the key can be used for exportKey
+ */
+export declare function importHmacKey(format: KeyFormat, algorithm: HashAlgorithmIdentifier, keyData: KeyData, extractable?: boolean): Promise<CryptoKey>;
+/**
+ * Imports a KMAC CryptoKey
+ * @param algorithm KMAC algorithm
+ * @param key JWK or binary key
+ * @param extractable whether the key can be used for exportKey
+ */
+export declare function importKmacKey(format: KeyFormat, algorithm: 'KMAC128' | 'KMAC256', keyData: KeyData, extractable?: boolean): Promise<CryptoKey>;
+/**
+ * Imports a CryptoKey for symmetric encryption
+ * @param algorithm symmetric algorithm or algorithm object with length
+ * @param key JWK or binary key
+ * @param extractable whether the key can be used for exportKey
+ * @param format optional format
+ */
+export declare function importSymmetricKey(format: KeyFormat, algorithm: {
+    name: SymmetricAlgorithm;
+    length?: number;
+}, keyData: KeyData, extractable?: boolean): Promise<CryptoKey>;
+/**
+ * Imports an ECDSA CryptoKey
+ * @param curve ECDSA curve
+ * @param key JWK or DER encoded key
+ * @param extractable whether the key can be used for exportKey
+ */
+export declare function importEcdsaKey(format: KeyFormat, curve: EcdsaCurve, keyData: KeyData, extractable?: boolean): Promise<CryptoKey>;
+/**
+ * Import a HKDF CryptoKey
+ * @param keyData binary key
+ * @param extractable whether the key can be used for exportKey
+ */
+export declare function importHkdfKey(format: KeyFormat, keyData: KeyData, extractable?: boolean): Promise<CryptoKey>;
+/**
+ * Import a pbkdf2 CryptoKey
+ * @param keyData binary key
+ * @param extractable whether the key can be used for exportKey
+ */
+export declare function importPbkdf2Key(format: KeyFormat, keyData: KeyData, extractable?: boolean): Promise<CryptoKey>;
+/**
+ * Generates a HMAC CryptoKey
+ * @param algorithm hash algorithm
+ * @param extractable whether the key can be used for exportKey
+ */
+export declare function generateHmacKey(algorithm: HashAlgorithmIdentifier, extractable?: boolean): Promise<CryptoKey>;
+/**
+ * Generates a KMAC CryptoKey
+ * @param algorithm KMAC algorithm
+ * @param extractable whether the key can be used for exportKey
+ */
+export declare function generateKmacKey(algorithm: 'KMAC128' | 'KMAC256', extractable?: boolean): Promise<CryptoKey>;
+/**
+ * Generates a CryptoKey for symmetric encryption
+ * @param algorithm symmetric algorithm or algorithm object with length
+ * @param extractable whether the key can be used for exportKey
+ */
+export declare function generateSymmetricKey(algorithm: SymmetricAlgorithm | {
+    name: SymmetricAlgorithm;
+    length?: number;
+}, extractable?: boolean): Promise<CryptoKey>;
+/**
+ * Generates a new ECDSA CryptoKeyPair
+ * @param curve ECDSA cruve to use
+ * @param extractable whether the key can be used for exportKey
+ * @param usages whether to generate a key for signing, verifiying or both. Defaults to both
+ */
+export declare function generateEcdsaKey(curve: EcdsaCurve, extractable?: boolean, usages?: TypedExtract<KeyUsage, 'sign' | 'verify'>[]): Promise<CryptoKeyPair>;
+/**
+ * Generates a pbkdf2 CryptoKey
+ * @param extractable whether the key can be used for exportKey
+ */
+export declare function generatePbkdf2Key(extractable?: boolean): Promise<CryptoKey>;
+/**
+ * Derive byte array from key
+ * @param algorithm algorithm to derive with
+ * @param baseKey key to derive from
+ * @param length length in bytes
+ */
+export declare function deriveBytes(algorithm: DeriveAlgorithm, baseKey: CryptoKey, length: number): Promise<Uint8Array<ArrayBuffer>>;
+/**
+ * Derive CryptoKey from key
+ * @param algorithm algorithm to derive with
+ * @param baseKey key to derive from
+ * @param derivedKeyAlgorithm algorithm of the derived key
+ * @param extractable whether the derived key can be used for exportKey
+ * @param keyUsages usages for the derived key
+ */
+export declare function deriveKey(algorithm: DeriveAlgorithm, baseKey: CryptoKey, derivedKeyAlgorithm: ImportAlgorithm, extractable: boolean, keyUsages: KeyUsage[]): Promise<CryptoKey>;
+/**
+ * Encapsulates a key using KEM
+ * @param algorithm KEM algorithm
+ * @param publicKey public key
+ * @param sharedKeyAlgorithm algorithm for the shared key
+ * @param extractable whether the shared key can be used for exportKey
+ * @param usages usages for the shared key
+ */
+export declare function encapsulateKey(algorithm: KEMAlgorithm | {
+    name: KEMAlgorithm;
+}, publicKey: CryptoKey, sharedKeyAlgorithm: HmacImportParams | AesKeyAlgorithm | KmacImportParams, extractable: boolean, usages: KeyUsage[]): Promise<{
+    ciphertext: ArrayBuffer;
+    sharedKey: CryptoKey;
+}>;
+/**
+ * Decapsulates a key using KEM
+ * @param algorithm KEM algorithm
+ * @param privateKey private key
+ * @param ciphertext ciphertext
+ * @param sharedKeyAlgorithm algorithm for the shared key
+ * @param extractable whether the shared key can be used for exportKey
+ * @param usages usages for the shared key
+ */
+export declare function decapsulateKey(algorithm: KEMAlgorithm | {
+    name: KEMAlgorithm;
+}, privateKey: CryptoKey, ciphertext: ArrayBuffer, sharedKeyAlgorithm: HmacImportParams | AesKeyAlgorithm | KmacImportParams, extractable: boolean, usages: KeyUsage[]): Promise<CryptoKey>;
+/**
+ * Encapsulates bits using KEM
+ * @param algorithm KEM algorithm
+ * @param publicKey public key
+ */
+export declare function encapsulateBits(algorithm: KEMAlgorithm | {
+    name: KEMAlgorithm;
+}, publicKey: CryptoKey): Promise<{
+    ciphertext: ArrayBuffer;
+    sharedKey: ArrayBuffer;
+}>;
+/**
+ * Decapsulates bits using KEM
+ * @param algorithm KEM algorithm
+ * @param privateKey private key
+ * @param ciphertext ciphertext
+ */
+export declare function decapsulateBits(algorithm: KEMAlgorithm | {
+    name: KEMAlgorithm;
+}, privateKey: CryptoKey, ciphertext: ArrayBuffer): Promise<ArrayBuffer>;
+/**
+ * Gets the public key from a private key or a key pair
+ * @param key private key or key pair
+ * @param keyUsages usages for the new public key
+ */
+export declare function getPublicKey(key: CryptoKey, keyUsages: KeyUsage[]): Promise<CryptoKey>;
+/**
+ * Check if the runtime supports a specific operation and algorithm
+ * @param operation operation to check
+ * @param algorithm algorithm to check
+ * @param lengthOrAdditionalAlgorithm optional length or additional algorithm
+ */
+export declare function supports(operation: string, algorithm: string | (Algorithm & Record<string, unknown>), lengthOrAdditionalAlgorithm?: number | string | Algorithm | null): Promise<boolean>;
+/**
+ * Generates an asymmetric CryptoKeyPair
+ * @param algorithm asymmetric algorithm
+ * @param extractable whether the key can be used for exportKey
+ * @param usages usages for the key
+ */
+export declare function generateAsymmetricKey(algorithm: AsymmetricAlgorithm | RsaHashedKeyGenParams | EcKeyGenParams, extractable?: boolean, usages?: KeyUsage[]): Promise<CryptoKeyPair>;
+export declare function isBufferSource(keyData: KeyData | string): keyData is BufferSource;
+export {};

package/cryptography/cryptography.js

@@ -0,0 +1,328 @@
+import { encodeBase64, encodeBase64Url } from '../utils/base64.js';
+import { decodeText, encodeHex, encodeUtf8 } from '../utils/encoding.js';
+import { getRandomBytes } from '../utils/random.js';
+import { isNotString, isNumber, isString } from '../utils/type-guards.js';
+import { zBase32Encode } from '../utils/z-base32.js';
+/**
+ * Encrypt data
+ * @param algorithm algorithm as supported by Web Crypto API
+ * @param key key
+ * @param data data to encrypt. Encodes string to utf8
+ */
+export function encrypt(algorithm, key, data) {
+    const bytes = isString(data) ? encodeUtf8(data) : data;
+    const encryptedBuffer = globalThis.crypto.subtle.encrypt(algorithm, key, bytes);
+    return {
+        toBuffer: async () => await encryptedBuffer,
+        toUint8Array: async () => new Uint8Array(await encryptedBuffer),
+        toHex: async () => encodeHex(await encryptedBuffer),
+        toBase64: async () => encodeBase64(await encryptedBuffer),
+        toBase64Url: async () => encodeBase64Url(await encryptedBuffer),
+        toZBase32: async () => zBase32Encode(await encryptedBuffer),
+    };
+}
+/**
+ * Decrypt data
+ * @param algorithm algorithm as supported by Web Crypto API
+ * @param key key
+ * @param bytes data to decrypt
+ */
+export function decrypt(algorithm, key, bytes) {
+    const decryptedBuffer = globalThis.crypto.subtle.decrypt(algorithm, key, bytes);
+    return {
+        toBuffer: async () => await decryptedBuffer,
+        toUint8Array: async () => new Uint8Array(await decryptedBuffer),
+        toHex: async () => encodeHex(await decryptedBuffer),
+        toBase64: async () => encodeBase64(await decryptedBuffer),
+        toBase64Url: async () => encodeBase64Url(await decryptedBuffer),
+        toZBase32: async () => zBase32Encode(await decryptedBuffer),
+        toUtf8: async () => decodeText(await decryptedBuffer),
+    };
+}
+/**
+ * Hashes data
+ * @param algorithm algorithm as supported by Web Crypto API
+ * @param data data to encrypt. Encodes string to utf8
+ */
+export function digest(algorithm, data) {
+    const bytes = isString(data) ? encodeUtf8(data) : data;
+    const arrayBufferPromise = globalThis.crypto.subtle.digest(algorithm, bytes);
+    const result = {
+        toBuffer: async () => await arrayBufferPromise,
+        toUint8Array: async () => new Uint8Array(await arrayBufferPromise),
+        toHex: async () => encodeHex(await arrayBufferPromise),
+        toBase64: async () => encodeBase64(await arrayBufferPromise),
+        toBase64Url: async () => encodeBase64Url(await arrayBufferPromise),
+        toZBase32: async () => zBase32Encode(await arrayBufferPromise),
+    };
+    return result;
+}
+/**
+ * Signs data
+ * @param algorithm algorithm as supported by Web Crypto API
+ * @param key key
+ * @param data data to sign
+ */
+export function sign(algorithm, key, data) {
+    const bytes = isString(data) ? encodeUtf8(data) : data;
+    // TODO: TEMPORARY WORKAROUND for Node.js versions prior to PR #61875
+    let finalAlgorithm = algorithm;
+    if (isNotString(algorithm) && algorithm.name.startsWith('KMAC') && ('outputLength' in algorithm)) {
+        finalAlgorithm = {
+            ...algorithm,
+            // Older Node.js versions require 'length' in bits instead of 'outputLength' in bytes
+            length: algorithm.outputLength * 8,
+        };
+    }
+    const arrayBufferPromise = globalThis.crypto.subtle.sign(finalAlgorithm, key, bytes);
+    const result = {
+        toBuffer: async () => await arrayBufferPromise,
+        toUint8Array: async () => new Uint8Array(await arrayBufferPromise),
+        toHex: async () => encodeHex(await arrayBufferPromise),
+        toBase64: async () => encodeBase64(await arrayBufferPromise),
+        toBase64Url: async () => encodeBase64Url(await arrayBufferPromise),
+        toZBase32: async () => zBase32Encode(await arrayBufferPromise),
+    };
+    return result;
+}
+/**
+ * Verifies data
+ * @param algorithm algorithm as supported by Web Crypto API
+ * @param key key
+ * @param signature signature
+ * @param data data to verify using provided signature
+ */
+export async function verify(algorithm, key, signature, data) {
+    const signatureBytes = isString(signature) ? encodeUtf8(signature) : signature;
+    const dataBytes = isString(data) ? encodeUtf8(data) : data;
+    // TODO: TEMPORARY WORKAROUND for Node.js versions prior to PR #61875
+    let finalAlgorithm = algorithm;
+    if (isNotString(algorithm) && algorithm.name.startsWith('KMAC') && ('outputLength' in algorithm)) {
+        finalAlgorithm = {
+            ...algorithm,
+            // Older Node.js versions require 'length' in bits instead of 'outputLength' in bytes
+            length: algorithm.outputLength * 8,
+        };
+    }
+    return await globalThis.crypto.subtle.verify(finalAlgorithm, key, signatureBytes, dataBytes);
+}
+export async function importKey(format, keyData, algorithm, extractable, keyUsages) {
+    return await globalThis.crypto.subtle.importKey(format, keyData, algorithm, extractable, keyUsages);
+}
+export async function exportKey(format, key) {
+    return await globalThis.crypto.subtle.exportKey(format, key);
+}
+/**
+ * Wraps a key
+ * @param format format to export the key in
+ * @param key key to wrap
+ * @param wrappingKey key to use for wrapping
+ * @param wrapAlgorithm algorithm to use for wrapping
+ */
+export async function wrapKey(format, key, wrappingKey, wrapAlgorithm) {
+    return await globalThis.crypto.subtle.wrapKey(format, key, wrappingKey, wrapAlgorithm);
+}
+/**
+ * Unwraps a key
+ * @param format format of the wrapped key
+ * @param wrappedKey wrapped key
+ * @param unwrappingKey key to use for unwrapping
+ * @param unwrapAlgorithm algorithm to use for unwrapping
+ * @param unwrappedKeyAlgorithm algorithm of the unwrapped key
+ * @param extractable whether the unwrapped key can be used for exportKey
+ * @param usages usages for the unwrapped key
+ */
+export async function unwrapKey(format, wrappedKey, unwrappingKey, unwrapAlgorithm, unwrappedKeyAlgorithm, extractable, usages) {
+    return await globalThis.crypto.subtle.unwrapKey(format, wrappedKey, unwrappingKey, unwrapAlgorithm, unwrappedKeyAlgorithm, extractable, usages);
+}
+/**
+ * Imports a HMAC CryptoKey
+ * @param algorithm hash algorithm
+ * @param key JWK or binary key
+ * @param extractable whether the key can be used for exportKey
+ */
+export async function importHmacKey(format, algorithm, keyData, extractable = false) {
+    return await importKey(format, keyData, { name: 'HMAC', hash: algorithm }, extractable, ['sign', 'verify']);
+}
+/**
+ * Imports a KMAC CryptoKey
+ * @param algorithm KMAC algorithm
+ * @param key JWK or binary key
+ * @param extractable whether the key can be used for exportKey
+ */
+export async function importKmacKey(format, algorithm, keyData, extractable = false) {
+    return await importKey(format, keyData, { name: algorithm }, extractable, ['sign', 'verify']);
+}
+/**
+ * Imports a CryptoKey for symmetric encryption
+ * @param algorithm symmetric algorithm or algorithm object with length
+ * @param key JWK or binary key
+ * @param extractable whether the key can be used for exportKey
+ * @param format optional format
+ */
+export async function importSymmetricKey(format, algorithm, keyData, extractable = false) {
+    const importAlgorithm = isString(algorithm) ? { name: algorithm } : algorithm;
+    const usages = importAlgorithm.name.startsWith('KMAC') ? ['sign', 'verify'] : ['encrypt', 'decrypt'];
+    return await importKey(format, keyData, importAlgorithm, extractable, usages);
+}
+/**
+ * Imports an ECDSA CryptoKey
+ * @param curve ECDSA curve
+ * @param key JWK or DER encoded key
+ * @param extractable whether the key can be used for exportKey
+ */
+export async function importEcdsaKey(format, curve, keyData, extractable = false) {
+    return await importKey(format, keyData, { name: 'ECDSA', namedCurve: curve }, extractable, ['verify']);
+}
+/**
+ * Import a HKDF CryptoKey
+ * @param keyData binary key
+ * @param extractable whether the key can be used for exportKey
+ */
+export async function importHkdfKey(format, keyData, extractable = false) {
+    return await importKey(format, keyData, { name: 'HKDF' }, extractable, ['deriveKey', 'deriveBits']);
+}
+/**
+ * Import a pbkdf2 CryptoKey
+ * @param keyData binary key
+ * @param extractable whether the key can be used for exportKey
+ */
+export async function importPbkdf2Key(format, keyData, extractable = false) {
+    return await importKey(format, keyData, { name: 'PBKDF2' }, extractable, ['deriveKey', 'deriveBits']);
+}
+/**
+ * Generates a HMAC CryptoKey
+ * @param algorithm hash algorithm
+ * @param extractable whether the key can be used for exportKey
+ */
+export async function generateHmacKey(algorithm, extractable = false) {
+    return await globalThis.crypto.subtle.generateKey({ name: 'HMAC', hash: algorithm }, extractable, ['sign', 'verify']);
+}
+/**
+ * Generates a KMAC CryptoKey
+ * @param algorithm KMAC algorithm
+ * @param extractable whether the key can be used for exportKey
+ */
+export async function generateKmacKey(algorithm, extractable = false) {
+    return await globalThis.crypto.subtle.generateKey({ name: algorithm }, extractable, ['sign', 'verify']);
+}
+/**
+ * Generates a CryptoKey for symmetric encryption
+ * @param algorithm symmetric algorithm or algorithm object with length
+ * @param extractable whether the key can be used for exportKey
+ */
+export async function generateSymmetricKey(algorithm, extractable = false) {
+    const params = isString(algorithm) ? { name: algorithm } : algorithm;
+    const usages = params.name.startsWith('KMAC') ? ['sign', 'verify'] : ['encrypt', 'decrypt'];
+    return await globalThis.crypto.subtle.generateKey(params, extractable, usages);
+}
+/**
+ * Generates a new ECDSA CryptoKeyPair
+ * @param curve ECDSA cruve to use
+ * @param extractable whether the key can be used for exportKey
+ * @param usages whether to generate a key for signing, verifiying or both. Defaults to both
+ */
+export async function generateEcdsaKey(curve, extractable = false, usages = ['sign', 'verify']) {
+    return await globalThis.crypto.subtle.generateKey({ name: 'ECDSA', namedCurve: curve }, extractable, usages);
+}
+/**
+ * Generates a pbkdf2 CryptoKey
+ * @param extractable whether the key can be used for exportKey
+ */
+export async function generatePbkdf2Key(extractable = false) {
+    const key = getRandomBytes(16);
+    return await importPbkdf2Key('raw', key, extractable);
+}
+/**
+ * Derive byte array from key
+ * @param algorithm algorithm to derive with
+ * @param baseKey key to derive from
+ * @param length length in bytes
+ */
+export async function deriveBytes(algorithm, baseKey, length) {
+    const bytes = await globalThis.crypto.subtle.deriveBits(algorithm, baseKey, length * 8);
+    return new Uint8Array(bytes);
+}
+/**
+ * Derive CryptoKey from key
+ * @param algorithm algorithm to derive with
+ * @param baseKey key to derive from
+ * @param derivedKeyAlgorithm algorithm of the derived key
+ * @param extractable whether the derived key can be used for exportKey
+ * @param keyUsages usages for the derived key
+ */
+export async function deriveKey(algorithm, baseKey, derivedKeyAlgorithm, extractable, keyUsages) {
+    return await globalThis.crypto.subtle.deriveKey(algorithm, baseKey, derivedKeyAlgorithm, extractable, keyUsages);
+}
+/**
+ * Encapsulates a key using KEM
+ * @param algorithm KEM algorithm
+ * @param publicKey public key
+ * @param sharedKeyAlgorithm algorithm for the shared key
+ * @param extractable whether the shared key can be used for exportKey
+ * @param usages usages for the shared key
+ */
+export async function encapsulateKey(algorithm, publicKey, sharedKeyAlgorithm, extractable, usages) {
+    return await globalThis.crypto.subtle.encapsulateKey(algorithm, publicKey, sharedKeyAlgorithm, extractable, usages);
+}
+/**
+ * Decapsulates a key using KEM
+ * @param algorithm KEM algorithm
+ * @param privateKey private key
+ * @param ciphertext ciphertext
+ * @param sharedKeyAlgorithm algorithm for the shared key
+ * @param extractable whether the shared key can be used for exportKey
+ * @param usages usages for the shared key
+ */
+export async function decapsulateKey(algorithm, privateKey, ciphertext, sharedKeyAlgorithm, extractable, usages) {
+    return await globalThis.crypto.subtle.decapsulateKey(algorithm, privateKey, ciphertext, sharedKeyAlgorithm, extractable, usages);
+}
+/**
+ * Encapsulates bits using KEM
+ * @param algorithm KEM algorithm
+ * @param publicKey public key
+ */
+export async function encapsulateBits(algorithm, publicKey) {
+    return await globalThis.crypto.subtle.encapsulateBits(algorithm, publicKey);
+}
+/**
+ * Decapsulates bits using KEM
+ * @param algorithm KEM algorithm
+ * @param privateKey private key
+ * @param ciphertext ciphertext
+ */
+export async function decapsulateBits(algorithm, privateKey, ciphertext) {
+    return await globalThis.crypto.subtle.decapsulateBits(algorithm, privateKey, ciphertext);
+}
+/**
+ * Gets the public key from a private key or a key pair
+ * @param key private key or key pair
+ * @param keyUsages usages for the new public key
+ */
+export async function getPublicKey(key, keyUsages) {
+    return await globalThis.crypto.subtle.getPublicKey(key, keyUsages);
+}
+/**
+ * Check if the runtime supports a specific operation and algorithm
+ * @param operation operation to check
+ * @param algorithm algorithm to check
+ * @param lengthOrAdditionalAlgorithm optional length or additional algorithm
+ */
+export async function supports(operation, algorithm, lengthOrAdditionalAlgorithm) {
+    if (('SubtleCrypto' in globalThis) && ('supports' in globalThis.SubtleCrypto)) {
+        return await globalThis.SubtleCrypto.supports(operation, algorithm, lengthOrAdditionalAlgorithm);
+    }
+    return false;
+}
+/**
+ * Generates an asymmetric CryptoKeyPair
+ * @param algorithm asymmetric algorithm
+ * @param extractable whether the key can be used for exportKey
+ * @param usages usages for the key
+ */
+export async function generateAsymmetricKey(algorithm, extractable = false, usages = []) {
+    return await globalThis.crypto.subtle.generateKey(algorithm, extractable, usages);
+}
+export function isBufferSource(keyData) {
+    return isNumber(keyData.byteLength);
+}

package/cryptography/index.d.ts

@@ -0,0 +1,4 @@
+export * from './cryptography.js';
+export * from './jwt.js';
+export * from './module.js';
+export * from './totp.js';

package/cryptography/index.js

@@ -0,0 +1,4 @@
+export * from './cryptography.js';
+export * from './jwt.js';
+export * from './module.js';
+export * from './totp.js';