@ukeyfe/react-native-nfc-litecard 1.0.6 → 1.0.7

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ukeyfe/react-native-nfc-litecard",
-  "version": "1.0.6",
+  "version": "1.0.7",
   "description": "NFC read/write for MIFARE Ultralight AES (LiteCard mnemonic storage)",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -15,6 +15,7 @@
   },
   "devDependencies": {
     "@types/crypto-js": "^4",
+    "tsup": "^8.5.1",
     "typescript": "^5.0.0"
   },
   "peerDependencies": {
@@ -22,7 +23,8 @@
     "react-native-nfc-manager": ">=3.0.0"
   },
   "scripts": {
-    "build": "tsc",
+    "build": "tsup",
+    "build:dev": "tsup --env.NODE_ENV development",
     "prepublishOnly": "npm run build"
   },
   "files": [

package/dist/constants.d.ts

@@ -1,87 +0,0 @@
-/**
- * Shared constants for MIFARE Ultralight AES (MF0AES(H)20) NFC operations.
- */
-/** READ command - reads 4 pages (16 bytes) starting from the specified page */
-export declare const CMD_READ = 48;
-/** WRITE command - writes a single page (4 bytes) */
-export declare const CMD_WRITE = 162;
-/** FAST_READ command - reads a range of pages in one shot */
-export declare const CMD_FAST_READ = 58;
-/** AES authentication part 1 */
-export declare const CMD_AUTH_PART1 = 26;
-/** AES authentication part 2 */
-export declare const CMD_AUTH_PART2 = 175;
-/** GET_VERSION command - retrieve product version info */
-export declare const CMD_GET_VERSION = 96;
-/** READ_SIG command - read ECC originality signature */
-export declare const CMD_READ_SIG = 60;
-/** Data protection key slot (Key0) */
-export declare const KEY_NO_DATA_PROT = 0;
-/** Bytes per page */
-export declare const PAGE_SIZE = 4;
-/** User memory start page (page 8) */
-export declare const USER_PAGE_START = 8;
-/** User memory end page (page 39) */
-export declare const USER_PAGE_END = 39;
-/** Card info start page – first usable page in user memory */
-export declare const USER_CARD_INFO_PAGE_START = 4;
-/** Card info end page (4 pages, 16 bytes) */
-export declare const USER_CARD_INFO_PAGE_END = 7;
-/** Configuration page 0 – contains AUTH0 */
-export declare const PAGE_CFG0 = 41;
-/** Configuration page 1 – contains PROT bit */
-export declare const PAGE_CFG1 = 42;
-/** AES Key0 start page */
-export declare const PAGE_AES_KEY0_START = 48;
-/** Total user memory: (0x27 - 0x08 + 1) * 4 = 128 bytes */
-export declare const USER_MEMORY_SIZE: number;
-/** Card info area size: (0x07 - 0x04 + 1) * 4 = 16 bytes */
-export declare const USER_CARD_INFO_SIZE: number;
-/** 12-word mnemonic (128-bit entropy, 16 bytes) */
-export declare const MNEMONIC_TYPE_12 = 1;
-/** 15-word mnemonic (160-bit entropy, 20 bytes) */
-export declare const MNEMONIC_TYPE_15 = 2;
-/** 18-word mnemonic (192-bit entropy, 24 bytes) */
-export declare const MNEMONIC_TYPE_18 = 3;
-/** 21-word mnemonic (224-bit entropy, 28 bytes) */
-export declare const MNEMONIC_TYPE_21 = 4;
-/** 24-word mnemonic (256-bit entropy, 32 bytes) */
-export declare const MNEMONIC_TYPE_24 = 5;
-/** Mnemonic data end page (stops before nickname area) */
-export declare const MNEMONIC_PAGE_END: number;
-/** Mnemonic data size: (0x24 - 0x08 + 1) * 4 = 116 bytes */
-export declare const MNEMONIC_MEMORY_SIZE: number;
-/** Nickname start page */
-export declare const USER_NICKNAME_PAGE_START: number;
-/** Nickname end page */
-export declare const USER_NICKNAME_PAGE_END = 39;
-/** Max nickname length in bytes (3 pages × 4 bytes) */
-export declare const USER_NICKNAME_MAX_LENGTH = 12;
-/** Retry counter page (one page before mnemonic data) */
-export declare const RETRY_COUNTER_PAGE: number;
-/** Byte offset of the counter within the page (last byte) */
-export declare const RETRY_COUNTER_OFFSET: number;
-/** Default retry limit, restored after a successful authentication */
-export declare const DEFAULT_PIN_RETRY_COUNT = 10;
-/** SEC_MSG_ACT bit mask in CFG0 byte 0 (bit 1) */
-export declare const SEC_MSG_ACT_MASK = 2;
-export declare const DELAY: {
-    /** Delay after requestNfcTech on Android */
-    readonly ANDROID_POST_TECH: 300;
-    /** Delay after releaseNfcTech (normal) */
-    readonly IOS_POST_RELEASE: 100;
-    readonly ANDROID_POST_RELEASE: 800;
-    /** Delay after releaseNfcTech (forced, e.g. after timeout) */
-    readonly IOS_POST_RELEASE_FORCED: 300;
-    readonly ANDROID_POST_RELEASE_FORCED: 1000;
-    /** Delay between page writes on iOS */
-    readonly IOS_PAGE_WRITE: 20;
-    /** Delay between AES key page writes on iOS */
-    readonly IOS_KEY_WRITE: 10;
-    /** Delay between nickname page writes on iOS */
-    readonly IOS_NICKNAME_WRITE: 100;
-    /** Delay between config operations on iOS */
-    readonly IOS_CONFIG: 80;
-    /** Keep-alive frequency (every N pages) during writes */
-    readonly KEEPALIVE_FREQ: 4;
-};

package/dist/constants.js

@@ -1,117 +0,0 @@
-"use strict";
-/**
- * Shared constants for MIFARE Ultralight AES (MF0AES(H)20) NFC operations.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.DELAY = exports.SEC_MSG_ACT_MASK = exports.DEFAULT_PIN_RETRY_COUNT = exports.RETRY_COUNTER_OFFSET = exports.RETRY_COUNTER_PAGE = exports.USER_NICKNAME_MAX_LENGTH = exports.USER_NICKNAME_PAGE_END = exports.USER_NICKNAME_PAGE_START = exports.MNEMONIC_MEMORY_SIZE = exports.MNEMONIC_PAGE_END = exports.MNEMONIC_TYPE_24 = exports.MNEMONIC_TYPE_21 = exports.MNEMONIC_TYPE_18 = exports.MNEMONIC_TYPE_15 = exports.MNEMONIC_TYPE_12 = exports.USER_CARD_INFO_SIZE = exports.USER_MEMORY_SIZE = exports.PAGE_AES_KEY0_START = exports.PAGE_CFG1 = exports.PAGE_CFG0 = exports.USER_CARD_INFO_PAGE_END = exports.USER_CARD_INFO_PAGE_START = exports.USER_PAGE_END = exports.USER_PAGE_START = exports.PAGE_SIZE = exports.KEY_NO_DATA_PROT = exports.CMD_READ_SIG = exports.CMD_GET_VERSION = exports.CMD_AUTH_PART2 = exports.CMD_AUTH_PART1 = exports.CMD_FAST_READ = exports.CMD_WRITE = exports.CMD_READ = void 0;
-// ---------------------------------------------------------------------------
-// NFC command codes
-// ---------------------------------------------------------------------------
-/** READ command - reads 4 pages (16 bytes) starting from the specified page */
-exports.CMD_READ = 0x30;
-/** WRITE command - writes a single page (4 bytes) */
-exports.CMD_WRITE = 0xa2;
-/** FAST_READ command - reads a range of pages in one shot */
-exports.CMD_FAST_READ = 0x3a;
-/** AES authentication part 1 */
-exports.CMD_AUTH_PART1 = 0x1a;
-/** AES authentication part 2 */
-exports.CMD_AUTH_PART2 = 0xaf;
-/** GET_VERSION command - retrieve product version info */
-exports.CMD_GET_VERSION = 0x60;
-/** READ_SIG command - read ECC originality signature */
-exports.CMD_READ_SIG = 0x3c;
-/** Data protection key slot (Key0) */
-exports.KEY_NO_DATA_PROT = 0x00;
-// ---------------------------------------------------------------------------
-// Page addresses
-// ---------------------------------------------------------------------------
-/** Bytes per page */
-exports.PAGE_SIZE = 4;
-/** User memory start page (page 8) */
-exports.USER_PAGE_START = 0x08;
-/** User memory end page (page 39) */
-exports.USER_PAGE_END = 0x27;
-/** Card info start page – first usable page in user memory */
-exports.USER_CARD_INFO_PAGE_START = 0x04;
-/** Card info end page (4 pages, 16 bytes) */
-exports.USER_CARD_INFO_PAGE_END = 0x07;
-/** Configuration page 0 – contains AUTH0 */
-exports.PAGE_CFG0 = 0x29;
-/** Configuration page 1 – contains PROT bit */
-exports.PAGE_CFG1 = 0x2a;
-/** AES Key0 start page */
-exports.PAGE_AES_KEY0_START = 0x30;
-// ---------------------------------------------------------------------------
-// Computed sizes
-// ---------------------------------------------------------------------------
-/** Total user memory: (0x27 - 0x08 + 1) * 4 = 128 bytes */
-exports.USER_MEMORY_SIZE = (exports.USER_PAGE_END - exports.USER_PAGE_START + 1) * exports.PAGE_SIZE;
-/** Card info area size: (0x07 - 0x04 + 1) * 4 = 16 bytes */
-exports.USER_CARD_INFO_SIZE = (exports.USER_CARD_INFO_PAGE_END - exports.USER_CARD_INFO_PAGE_START + 1) * exports.PAGE_SIZE;
-// ---------------------------------------------------------------------------
-// Mnemonic type identifiers
-// ---------------------------------------------------------------------------
-/** 12-word mnemonic (128-bit entropy, 16 bytes) */
-exports.MNEMONIC_TYPE_12 = 0x01;
-/** 15-word mnemonic (160-bit entropy, 20 bytes) */
-exports.MNEMONIC_TYPE_15 = 0x02;
-/** 18-word mnemonic (192-bit entropy, 24 bytes) */
-exports.MNEMONIC_TYPE_18 = 0x03;
-/** 21-word mnemonic (224-bit entropy, 28 bytes) */
-exports.MNEMONIC_TYPE_21 = 0x04;
-/** 24-word mnemonic (256-bit entropy, 32 bytes) */
-exports.MNEMONIC_TYPE_24 = 0x05;
-// ---------------------------------------------------------------------------
-// Mnemonic data area (excludes nickname pages)
-// ---------------------------------------------------------------------------
-/** Mnemonic data end page (stops before nickname area) */
-exports.MNEMONIC_PAGE_END = exports.USER_PAGE_END - 3; // 0x24
-/** Mnemonic data size: (0x24 - 0x08 + 1) * 4 = 116 bytes */
-exports.MNEMONIC_MEMORY_SIZE = (exports.MNEMONIC_PAGE_END - exports.USER_PAGE_START + 1) * exports.PAGE_SIZE;
-// ---------------------------------------------------------------------------
-// User nickname area (last 3 pages of user memory)
-// ---------------------------------------------------------------------------
-/** Nickname start page */
-exports.USER_NICKNAME_PAGE_START = exports.USER_PAGE_END - 2; // 0x25
-/** Nickname end page */
-exports.USER_NICKNAME_PAGE_END = exports.USER_PAGE_END; // 0x27
-/** Max nickname length in bytes (3 pages × 4 bytes) */
-exports.USER_NICKNAME_MAX_LENGTH = 12;
-// ---------------------------------------------------------------------------
-// PIN retry counter
-// ---------------------------------------------------------------------------
-/** Retry counter page (one page before mnemonic data) */
-exports.RETRY_COUNTER_PAGE = exports.USER_PAGE_START - 1; // 0x07
-/** Byte offset of the counter within the page (last byte) */
-exports.RETRY_COUNTER_OFFSET = exports.PAGE_SIZE - 1;
-/** Default retry limit, restored after a successful authentication */
-exports.DEFAULT_PIN_RETRY_COUNT = 10;
-// ---------------------------------------------------------------------------
-// Secure messaging (CMAC)
-// ---------------------------------------------------------------------------
-/** SEC_MSG_ACT bit mask in CFG0 byte 0 (bit 1) */
-exports.SEC_MSG_ACT_MASK = 0x02;
-// ---------------------------------------------------------------------------
-// Platform-specific delays (ms)
-// ---------------------------------------------------------------------------
-exports.DELAY = {
-    /** Delay after requestNfcTech on Android */
-    ANDROID_POST_TECH: 300,
-    /** Delay after releaseNfcTech (normal) */
-    IOS_POST_RELEASE: 100,
-    ANDROID_POST_RELEASE: 800,
-    /** Delay after releaseNfcTech (forced, e.g. after timeout) */
-    IOS_POST_RELEASE_FORCED: 300,
-    ANDROID_POST_RELEASE_FORCED: 1000,
-    /** Delay between page writes on iOS */
-    IOS_PAGE_WRITE: 20,
-    /** Delay between AES key page writes on iOS */
-    IOS_KEY_WRITE: 10,
-    /** Delay between nickname page writes on iOS */
-    IOS_NICKNAME_WRITE: 100,
-    /** Delay between config operations on iOS */
-    IOS_CONFIG: 80,
-    /** Keep-alive frequency (every N pages) during writes */
-    KEEPALIVE_FREQ: 4,
-};

package/dist/crypto.d.ts

@@ -1,55 +0,0 @@
-/**
- * Cryptographic helpers for MIFARE Ultralight AES authentication.
- *
- * - AES-128 CBC encrypt / decrypt (via crypto-js)
- * - Password → AES key derivation (SHA-256, first 16 bytes)
- * - Cryptographically-secure 16-byte random generation
- * - Byte-array comparison & rotation
- */
-/**
- * Derive a 16-byte AES-128 key from a password string.
- * SHA-256 the password, then take the first 16 bytes.
- */
-export declare function passwordToAesKey(password: string): Uint8Array;
-/** AES-128 CBC decrypt (no padding). Both key, data, iv must be 16 bytes. */
-export declare function aesDecrypt(key: Uint8Array, data: Uint8Array, iv: Uint8Array): Uint8Array;
-/** AES-128 CBC encrypt (no padding). Both key, data, iv must be 16 bytes. */
-export declare function aesEncrypt(key: Uint8Array, data: Uint8Array, iv: Uint8Array): Uint8Array;
-/**
- * Left-rotate a byte array by 8 bits (1 byte).
- * e.g. [1,2,3,4] → [2,3,4,1]
- * Used in AES 3-pass auth to compute RndB' and verify RndA'.
- */
-export declare function rotateLeft8(data: Uint8Array): Uint8Array;
-/** Compare two Uint8Arrays for equality. */
-export declare function arraysEqual(a: Uint8Array, b: Uint8Array): boolean;
-/** AES-128 ECB encrypt a single 16-byte block. */
-export declare function aesEcbEncrypt(key: Uint8Array, data: Uint8Array): Uint8Array;
-/**
- * Generate CMAC subkeys K1 and K2 (NIST 800-38B §6.1).
- */
-export declare function generateCmacSubkeys(key: Uint8Array): {
-    k1: Uint8Array;
-    k2: Uint8Array;
-};
-/**
- * Compute AES-CMAC (NIST 800-38B §6.2).
- * Returns full 16-byte MAC.
- */
-export declare function aesCmac(key: Uint8Array, message: Uint8Array): Uint8Array;
-/**
- * Derive SesAuthMACKey from authentication key and random numbers.
- * (MF0AES(H)20 §8.8.1)
- *
- * SV2 = 5Ah||A5h||00h||01h||00h||80h||RndA[15..14]||(RndA[13..8] XOR RndB[15..10])||RndB[9..0]||RndA[7..0]
- * SesAuthMACKey = AES-CMAC(Kx, SV2)
- */
-export declare function deriveSessionKey(authKey: Uint8Array, rndA: Uint8Array, rndB: Uint8Array): Uint8Array;
-/**
- * Generate a 16-byte cryptographically-secure random value.
- *
- * Uses `crypto.getRandomValues` when available (Hermes ≥ 0.72, or
- * the `react-native-get-random-values` polyfill).  Falls back to
- * `Math.random()` with a console warning if the API is missing.
- */
-export declare function generateRandom16(): Uint8Array;

package/dist/crypto.js

@@ -1,271 +0,0 @@
-"use strict";
-/**
- * Cryptographic helpers for MIFARE Ultralight AES authentication.
- *
- * - AES-128 CBC encrypt / decrypt (via crypto-js)
- * - Password → AES key derivation (SHA-256, first 16 bytes)
- * - Cryptographically-secure 16-byte random generation
- * - Byte-array comparison & rotation
- */
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.passwordToAesKey = passwordToAesKey;
-exports.aesDecrypt = aesDecrypt;
-exports.aesEncrypt = aesEncrypt;
-exports.rotateLeft8 = rotateLeft8;
-exports.arraysEqual = arraysEqual;
-exports.aesEcbEncrypt = aesEcbEncrypt;
-exports.generateCmacSubkeys = generateCmacSubkeys;
-exports.aesCmac = aesCmac;
-exports.deriveSessionKey = deriveSessionKey;
-exports.generateRandom16 = generateRandom16;
-const crypto_js_1 = __importDefault(require("crypto-js"));
-// ---------------------------------------------------------------------------
-// Key derivation
-// ---------------------------------------------------------------------------
-/**
- * Derive a 16-byte AES-128 key from a password string.
- * SHA-256 the password, then take the first 16 bytes.
- */
-function passwordToAesKey(password) {
-    const safePassword = password || '';
-    const hash = crypto_js_1.default.SHA256(String(safePassword)).toString();
-    const key = new Uint8Array(16);
-    for (let i = 0; i < 16; i++) {
-        key[i] = parseInt(hash.substring(i * 2, i * 2 + 2), 16);
-    }
-    return key;
-}
-// ---------------------------------------------------------------------------
-// AES-128 CBC
-// ---------------------------------------------------------------------------
-/** AES-128 CBC decrypt (no padding). Both key, data, iv must be 16 bytes. */
-function aesDecrypt(key, data, iv) {
-    const keyWords = crypto_js_1.default.lib.WordArray.create(key);
-    const ivWords = crypto_js_1.default.lib.WordArray.create(iv);
-    const dataWords = crypto_js_1.default.lib.WordArray.create(data);
-    const decrypted = crypto_js_1.default.AES.decrypt({ ciphertext: dataWords }, keyWords, { iv: ivWords, mode: crypto_js_1.default.mode.CBC, padding: crypto_js_1.default.pad.NoPadding });
-    const hex = decrypted.toString();
-    const result = new Uint8Array(16);
-    for (let i = 0; i < 16; i++) {
-        result[i] = parseInt(hex.substring(i * 2, i * 2 + 2), 16);
-    }
-    return result;
-}
-/** AES-128 CBC encrypt (no padding). Both key, data, iv must be 16 bytes. */
-function aesEncrypt(key, data, iv) {
-    const keyWords = crypto_js_1.default.lib.WordArray.create(key);
-    const ivWords = crypto_js_1.default.lib.WordArray.create(iv);
-    const dataWords = crypto_js_1.default.lib.WordArray.create(data);
-    const encrypted = crypto_js_1.default.AES.encrypt(dataWords, keyWords, {
-        iv: ivWords,
-        mode: crypto_js_1.default.mode.CBC,
-        padding: crypto_js_1.default.pad.NoPadding,
-    });
-    const hex = encrypted.ciphertext.toString();
-    const result = new Uint8Array(hex.length / 2);
-    for (let i = 0; i < result.length; i++) {
-        result[i] = parseInt(hex.substring(i * 2, i * 2 + 2), 16);
-    }
-    return result;
-}
-// ---------------------------------------------------------------------------
-// Byte-array helpers
-// ---------------------------------------------------------------------------
-/**
- * Left-rotate a byte array by 8 bits (1 byte).
- * e.g. [1,2,3,4] → [2,3,4,1]
- * Used in AES 3-pass auth to compute RndB' and verify RndA'.
- */
-function rotateLeft8(data) {
-    const result = new Uint8Array(data.length);
-    for (let i = 0; i < data.length - 1; i++) {
-        result[i] = data[i + 1];
-    }
-    result[data.length - 1] = data[0];
-    return result;
-}
-/** Compare two Uint8Arrays for equality. */
-function arraysEqual(a, b) {
-    if (a.length !== b.length)
-        return false;
-    for (let i = 0; i < a.length; i++) {
-        if (a[i] !== b[i])
-            return false;
-    }
-    return true;
-}
-// ---------------------------------------------------------------------------
-// AES-128 ECB (single block, for CMAC subkey generation)
-// ---------------------------------------------------------------------------
-/** AES-128 ECB encrypt a single 16-byte block. */
-function aesEcbEncrypt(key, data) {
-    const keyWords = crypto_js_1.default.lib.WordArray.create(key);
-    const dataWords = crypto_js_1.default.lib.WordArray.create(data);
-    const encrypted = crypto_js_1.default.AES.encrypt(dataWords, keyWords, {
-        mode: crypto_js_1.default.mode.ECB,
-        padding: crypto_js_1.default.pad.NoPadding,
-    });
-    const hex = encrypted.ciphertext.toString();
-    const result = new Uint8Array(16);
-    for (let i = 0; i < 16; i++) {
-        result[i] = parseInt(hex.substring(i * 2, i * 2 + 2), 16);
-    }
-    return result;
-}
-// ---------------------------------------------------------------------------
-// AES-CMAC (NIST SP 800-38B)
-// ---------------------------------------------------------------------------
-const CONST_RB = 0x87; // constant for 128-bit block cipher
-/** Left-shift a 16-byte array by 1 bit. */
-function shiftLeft1(data) {
-    const result = new Uint8Array(16);
-    let carry = 0;
-    for (let i = 15; i >= 0; i--) {
-        const shifted = (data[i] << 1) | carry;
-        result[i] = shifted & 0xff;
-        carry = (data[i] & 0x80) ? 1 : 0;
-    }
-    return result;
-}
-/** XOR two 16-byte arrays. */
-function xor16(a, b) {
-    const result = new Uint8Array(16);
-    for (let i = 0; i < 16; i++) {
-        result[i] = a[i] ^ b[i];
-    }
-    return result;
-}
-/**
- * Generate CMAC subkeys K1 and K2 (NIST 800-38B §6.1).
- */
-function generateCmacSubkeys(key) {
-    const zero = new Uint8Array(16);
-    const L = aesEcbEncrypt(key, zero);
-    let k1 = shiftLeft1(L);
-    if (L[0] & 0x80) {
-        k1[15] ^= CONST_RB;
-    }
-    let k2 = shiftLeft1(k1);
-    if (k1[0] & 0x80) {
-        k2[15] ^= CONST_RB;
-    }
-    return { k1, k2 };
-}
-/**
- * Compute AES-CMAC (NIST 800-38B §6.2).
- * Returns full 16-byte MAC.
- */
-function aesCmac(key, message) {
-    const { k1, k2 } = generateCmacSubkeys(key);
-    const n = message.length === 0 ? 1 : Math.ceil(message.length / 16);
-    const lastBlockComplete = message.length > 0 && message.length % 16 === 0;
-    // Prepare last block
-    const lastBlock = new Uint8Array(16);
-    if (lastBlockComplete) {
-        // Complete: XOR with K1
-        const offset = (n - 1) * 16;
-        for (let i = 0; i < 16; i++) {
-            lastBlock[i] = message[offset + i] ^ k1[i];
-        }
-    }
-    else {
-        // Incomplete: pad with 10* then XOR with K2
-        const offset = (n - 1) * 16;
-        const remaining = message.length - offset;
-        for (let i = 0; i < 16; i++) {
-            if (i < remaining) {
-                lastBlock[i] = message[offset + i];
-            }
-            else if (i === remaining) {
-                lastBlock[i] = 0x80;
-            }
-            else {
-                lastBlock[i] = 0x00;
-            }
-        }
-        for (let i = 0; i < 16; i++) {
-            lastBlock[i] ^= k2[i];
-        }
-    }
-    // CBC-MAC
-    const iv0 = new Uint8Array(16);
-    let x = iv0;
-    for (let i = 0; i < n - 1; i++) {
-        const block = new Uint8Array(message.slice(i * 16, (i + 1) * 16));
-        const y = xor16(x, block);
-        x = aesEcbEncrypt(key, y);
-    }
-    const y = xor16(x, lastBlock);
-    return aesEcbEncrypt(key, y);
-}
-/**
- * Derive SesAuthMACKey from authentication key and random numbers.
- * (MF0AES(H)20 §8.8.1)
- *
- * SV2 = 5Ah||A5h||00h||01h||00h||80h||RndA[15..14]||(RndA[13..8] XOR RndB[15..10])||RndB[9..0]||RndA[7..0]
- * SesAuthMACKey = AES-CMAC(Kx, SV2)
- */
-function deriveSessionKey(authKey, rndA, rndB) {
-    const sv2 = new Uint8Array(32);
-    // Header: 5Ah A5h 00h 01h 00h 80h
-    sv2[0] = 0x5a;
-    sv2[1] = 0xa5;
-    sv2[2] = 0x00;
-    sv2[3] = 0x01;
-    sv2[4] = 0x00;
-    sv2[5] = 0x80;
-    // RndA[15..14] (2 bytes)
-    sv2[6] = rndA[15];
-    sv2[7] = rndA[14];
-    // RndA[13..8] XOR RndB[15..10] (6 bytes)
-    sv2[8] = rndA[13] ^ rndB[15];
-    sv2[9] = rndA[12] ^ rndB[14];
-    sv2[10] = rndA[11] ^ rndB[13];
-    sv2[11] = rndA[10] ^ rndB[12];
-    sv2[12] = rndA[9] ^ rndB[11];
-    sv2[13] = rndA[8] ^ rndB[10];
-    // RndB[9..0] (10 bytes)
-    sv2[14] = rndB[9];
-    sv2[15] = rndB[8];
-    sv2[16] = rndB[7];
-    sv2[17] = rndB[6];
-    sv2[18] = rndB[5];
-    sv2[19] = rndB[4];
-    sv2[20] = rndB[3];
-    sv2[21] = rndB[2];
-    sv2[22] = rndB[1];
-    sv2[23] = rndB[0];
-    // RndA[7..0] (8 bytes)
-    sv2[24] = rndA[7];
-    sv2[25] = rndA[6];
-    sv2[26] = rndA[5];
-    sv2[27] = rndA[4];
-    sv2[28] = rndA[3];
-    sv2[29] = rndA[2];
-    sv2[30] = rndA[1];
-    sv2[31] = rndA[0];
-    return aesCmac(authKey, sv2);
-}
-// ---------------------------------------------------------------------------
-// Secure random
-// ---------------------------------------------------------------------------
-/**
- * Generate a 16-byte cryptographically-secure random value.
- *
- * Uses `crypto.getRandomValues` when available (Hermes ≥ 0.72, or
- * the `react-native-get-random-values` polyfill).  Falls back to
- * `Math.random()` with a console warning if the API is missing.
- */
-function generateRandom16() {
-    if (typeof globalThis.crypto === 'undefined' ||
-        typeof globalThis.crypto.getRandomValues !== 'function') {
-        throw new Error('[nfc-litecard] crypto.getRandomValues is not available. ' +
-            'Please add the react-native-get-random-values polyfill or use Hermes >= 0.72.');
-    }
-    const arr = new Uint8Array(16);
-    globalThis.crypto.getRandomValues(arr);
-    return arr;
-}

package/dist/nfc-core.d.ts

@@ -1,74 +0,0 @@
-/**
- * Core NFC communication layer – shared by reader and writer.
- *
- * Provides:
- *   - A single global operation lock (prevents reader/writer concurrency)
- *   - Page-cleanup cancellation flags
- *   - Low-level transceive with platform-aware retries
- *   - NFC technology request / release
- *   - AES 3-pass mutual authentication (MF0AES(H)20 §8.6.1)
- *   - PIN retry-counter helpers (session-level read/write)
- */
-import { passwordToAesKey } from './crypto';
-export { passwordToAesKey };
-/**
- * Acquire the NFC operation lock.
- * If another operation is in progress, polls every 100 ms for up to 10 s.
- */
-export declare function acquireNfcLock(): Promise<void>;
-export declare function releaseNfcLock(): void;
-export declare function isNfcOperationLocked(): boolean;
-export declare function releaseNfcOperationLock(): void;
-export declare function markNfcOperationCancelledByCleanup(): void;
-export declare function consumeNfcOperationCancelledByCleanup(): boolean;
-export declare function getNfcOperationCancelledByCleanupTimestamp(): number;
-export declare function clearNfcOperationCancelledByCleanup(): void;
-/** Clear CMAC session state. Called on NFC release. */
-export declare function clearCmacSession(): void;
-/**
- * Send a command to the NFC tag and return the response.
- *
- * When CMAC session is active:
- * - Appends 8-byte CMAC to outgoing commands
- * - Verifies and strips 8-byte CMAC from responses
- * - Increments CmdCtr after each command-response pair
- *
- * Retries: Android up to 2 retries (3 total), iOS up to 1 retry (2 total).
- */
-export declare function transceive(command: number[], _timeoutMs?: number, retryCount?: number): Promise<number[]>;
-/**
- * Request an NFC technology session (MifareIOS on iOS, NfcA on Android).
- *
- * All prior cleanup must be done by the caller BEFORE invoking this.
- */
-export declare function requestNfcTech(): Promise<void>;
-/**
- * Release the NFC technology session.
- * @param forceLongDelay Use a longer post-release delay (e.g. after timeout / tag-lost).
- */
-export declare function releaseNfcTech(forceLongDelay?: boolean): Promise<void>;
-/**
- * Perform AES 3-pass mutual authentication (MF0AES(H)20 §8.6.1).
- *
- * 1. PCD → PICC : AUTH_PART1 (0x1A) + KeyNo
- * 2. PICC → PCD : 0xAF + ek(RndB)
- * 3. PCD decrypts RndB, generates RndA, computes RndB' = rotateLeft8(RndB)
- * 4. PCD → PICC : AUTH_PART2 (0xAF) + ek(RndA ‖ RndB')
- * 5. PICC → PCD : 0x00 + ek(RndA')
- * 6. PCD verifies RndA' === rotateLeft8(RndA)
- *
- * @throws AUTH_INVALID_RESPONSE / AUTH_WRONG_PASSWORD / AUTH_VERIFY_FAILED
- */
-export declare function authenticate(key: Uint8Array): Promise<void>;
-/** FAST_READ pages 0x08–0x27 (user memory). */
-export declare function readUserMemory(): Promise<Uint8Array>;
-/**
- * Decrement the on-card retry counter by 1 (clamped to 0).
- * Must be called within an active NFC session (between requestNfcTech and releaseNfcTech).
- */
-export declare function decrementRetryCountInSession(): Promise<number | undefined>;
-/**
- * Write a specific retry count to the on-card counter.
- * Must be called within an active NFC session.
- */
-export declare function writeRetryCountInSession(count: number): Promise<void>;