@unwanted/matrix-sdk-mini 34.12.0-3 → 34.12.0-4

package/lib/@types/AESEncryptedSecretStoragePayload.d.ts

@@ -1,14 +0,0 @@
-/**
- * An AES-encrypted secret storage payload.
- * See https://spec.matrix.org/v1.11/client-server-api/#msecret_storagev1aes-hmac-sha2-1
- */
-export interface AESEncryptedSecretStoragePayload {
-    [key: string]: any;
-    /** the initialization vector in base64 */
-    iv: string;
-    /** the ciphertext in base64 */
-    ciphertext: string;
-    /** the HMAC in base64 */
-    mac: string;
-}
-//# sourceMappingURL=AESEncryptedSecretStoragePayload.d.ts.map

package/lib/@types/AESEncryptedSecretStoragePayload.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"AESEncryptedSecretStoragePayload.d.ts","sourceRoot":"","sources":["../../src/@types/AESEncryptedSecretStoragePayload.ts"],"names":[],"mappings":"AAgBA;;;GAGG;AACH,MAAM,WAAW,gCAAgC;IAC7C,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;IACnB,0CAA0C;IAC1C,EAAE,EAAE,MAAM,CAAC;IACX,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,yBAAyB;IACzB,GAAG,EAAE,MAAM,CAAC;CACf"}

package/lib/@types/AESEncryptedSecretStoragePayload.js

@@ -1 +0,0 @@
-export {};

package/lib/@types/AESEncryptedSecretStoragePayload.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"AESEncryptedSecretStoragePayload.js","names":[],"sources":["../../src/@types/AESEncryptedSecretStoragePayload.ts"],"sourcesContent":["/*\n * Copyright 2024 The Matrix.org Foundation C.I.C.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * An AES-encrypted secret storage payload.\n * See https://spec.matrix.org/v1.11/client-server-api/#msecret_storagev1aes-hmac-sha2-1\n */\nexport interface AESEncryptedSecretStoragePayload {\n    [key: string]: any; // extensible\n    /** the initialization vector in base64 */\n    iv: string;\n    /** the ciphertext in base64 */\n    ciphertext: string;\n    /** the HMAC in base64 */\n    mac: string;\n}\n"],"mappings":"","ignoreList":[]}

package/lib/utils/decryptAESSecretStorageItem.d.ts

@@ -1,12 +0,0 @@
-import { AESEncryptedSecretStoragePayload } from "../@types/AESEncryptedSecretStoragePayload.ts";
-/**
- * Decrypt an AES-encrypted Secret Storage item.
- *
- * @param data - the encrypted data, returned by {@link utils/encryptAESSecretStorageItem.default | encryptAESSecretStorageItem}.
- * @param key - the encryption key to use as an input to the HKDF function which is used to derive the AES key. Must
- *    be the same as provided to {@link utils/encryptAESSecretStorageItem.default | encryptAESSecretStorageItem}.
- * @param name - the name of the secret. Also used as an input to the HKDF operation which is used to derive the AES
- *    key, so again must be the same as provided to {@link utils/encryptAESSecretStorageItem.default | encryptAESSecretStorageItem}.
- */
-export default function decryptAESSecretStorageItem(data: AESEncryptedSecretStoragePayload, key: Uint8Array, name: string): Promise<string>;
-//# sourceMappingURL=decryptAESSecretStorageItem.d.ts.map

package/lib/utils/decryptAESSecretStorageItem.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"decryptAESSecretStorageItem.d.ts","sourceRoot":"","sources":["../../src/utils/decryptAESSecretStorageItem.ts"],"names":[],"mappings":"AAkBA,OAAO,EAAE,gCAAgC,EAAE,MAAM,+CAA+C,CAAC;AAEjG;;;;;;;;GAQG;AACH,wBAA8B,2BAA2B,CACrD,IAAI,EAAE,gCAAgC,EACtC,GAAG,EAAE,UAAU,EACf,IAAI,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAoBjB"}

package/lib/utils/decryptAESSecretStorageItem.js

@@ -1,50 +0,0 @@
-import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
-/*
- * Copyright 2024 The Matrix.org Foundation C.I.C.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import { decodeBase64 } from "../base64.js";
-import { deriveKeys } from "./internal/deriveKeys.js";
-/**
- * Decrypt an AES-encrypted Secret Storage item.
- *
- * @param data - the encrypted data, returned by {@link utils/encryptAESSecretStorageItem.default | encryptAESSecretStorageItem}.
- * @param key - the encryption key to use as an input to the HKDF function which is used to derive the AES key. Must
- *    be the same as provided to {@link utils/encryptAESSecretStorageItem.default | encryptAESSecretStorageItem}.
- * @param name - the name of the secret. Also used as an input to the HKDF operation which is used to derive the AES
- *    key, so again must be the same as provided to {@link utils/encryptAESSecretStorageItem.default | encryptAESSecretStorageItem}.
- */
-export default function decryptAESSecretStorageItem(_x, _x2, _x3) {
-  return _decryptAESSecretStorageItem.apply(this, arguments);
-}
-function _decryptAESSecretStorageItem() {
-  _decryptAESSecretStorageItem = _asyncToGenerator(function* (data, key, name) {
-    var [aesKey, hmacKey] = yield deriveKeys(key, name);
-    var ciphertext = decodeBase64(data.ciphertext);
-    if (!(yield globalThis.crypto.subtle.verify({
-      name: "HMAC"
-    }, hmacKey, decodeBase64(data.mac), ciphertext))) {
-      throw new Error("Error decrypting secret ".concat(name, ": bad MAC"));
-    }
-    var plaintext = yield globalThis.crypto.subtle.decrypt({
-      name: "AES-CTR",
-      counter: decodeBase64(data.iv),
-      length: 64
-    }, aesKey, ciphertext);
-    return new TextDecoder().decode(new Uint8Array(plaintext));
-  });
-  return _decryptAESSecretStorageItem.apply(this, arguments);
-}
-//# sourceMappingURL=decryptAESSecretStorageItem.js.map

package/lib/utils/decryptAESSecretStorageItem.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"decryptAESSecretStorageItem.js","names":["decodeBase64","deriveKeys","decryptAESSecretStorageItem","_x","_x2","_x3","_decryptAESSecretStorageItem","apply","arguments","_asyncToGenerator","data","key","name","aesKey","hmacKey","ciphertext","globalThis","crypto","subtle","verify","mac","Error","concat","plaintext","decrypt","counter","iv","length","TextDecoder","decode","Uint8Array"],"sources":["../../src/utils/decryptAESSecretStorageItem.ts"],"sourcesContent":["/*\n * Copyright 2024 The Matrix.org Foundation C.I.C.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { decodeBase64 } from \"../base64.ts\";\nimport { deriveKeys } from \"./internal/deriveKeys.ts\";\nimport { AESEncryptedSecretStoragePayload } from \"../@types/AESEncryptedSecretStoragePayload.ts\";\n\n/**\n * Decrypt an AES-encrypted Secret Storage item.\n *\n * @param data - the encrypted data, returned by {@link utils/encryptAESSecretStorageItem.default | encryptAESSecretStorageItem}.\n * @param key - the encryption key to use as an input to the HKDF function which is used to derive the AES key. Must\n *    be the same as provided to {@link utils/encryptAESSecretStorageItem.default | encryptAESSecretStorageItem}.\n * @param name - the name of the secret. Also used as an input to the HKDF operation which is used to derive the AES\n *    key, so again must be the same as provided to {@link utils/encryptAESSecretStorageItem.default | encryptAESSecretStorageItem}.\n */\nexport default async function decryptAESSecretStorageItem(\n    data: AESEncryptedSecretStoragePayload,\n    key: Uint8Array,\n    name: string,\n): Promise<string> {\n    const [aesKey, hmacKey] = await deriveKeys(key, name);\n\n    const ciphertext = decodeBase64(data.ciphertext);\n\n    if (!(await globalThis.crypto.subtle.verify({ name: \"HMAC\" }, hmacKey, decodeBase64(data.mac), ciphertext))) {\n        throw new Error(`Error decrypting secret ${name}: bad MAC`);\n    }\n\n    const plaintext = await globalThis.crypto.subtle.decrypt(\n        {\n            name: \"AES-CTR\",\n            counter: decodeBase64(data.iv),\n            length: 64,\n        },\n        aesKey,\n        ciphertext,\n    );\n\n    return new TextDecoder().decode(new Uint8Array(plaintext));\n}\n"],"mappings":";AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAASA,YAAY,QAAQ,cAAc;AAC3C,SAASC,UAAU,QAAQ,0BAA0B;AAGrD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAA8BC,2BAA2BA,CAAAC,EAAA,EAAAC,GAAA,EAAAC,GAAA;EAAA,OAAAC,4BAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAwBxD,SAAAF,6BAAA;EAAAA,4BAAA,GAAAG,iBAAA,CAxBc,WACXC,IAAsC,EACtCC,GAAe,EACfC,IAAY,EACG;IACf,IAAM,CAACC,MAAM,EAAEC,OAAO,CAAC,SAASb,UAAU,CAACU,GAAG,EAAEC,IAAI,CAAC;IAErD,IAAMG,UAAU,GAAGf,YAAY,CAACU,IAAI,CAACK,UAAU,CAAC;IAEhD,IAAI,QAAQC,UAAU,CAACC,MAAM,CAACC,MAAM,CAACC,MAAM,CAAC;MAAEP,IAAI,EAAE;IAAO,CAAC,EAAEE,OAAO,EAAEd,YAAY,CAACU,IAAI,CAACU,GAAG,CAAC,EAAEL,UAAU,CAAC,CAAC,EAAE;MACzG,MAAM,IAAIM,KAAK,4BAAAC,MAAA,CAA4BV,IAAI,cAAW,CAAC;IAC/D;IAEA,IAAMW,SAAS,SAASP,UAAU,CAACC,MAAM,CAACC,MAAM,CAACM,OAAO,CACpD;MACIZ,IAAI,EAAE,SAAS;MACfa,OAAO,EAAEzB,YAAY,CAACU,IAAI,CAACgB,EAAE,CAAC;MAC9BC,MAAM,EAAE;IACZ,CAAC,EACDd,MAAM,EACNE,UACJ,CAAC;IAED,OAAO,IAAIa,WAAW,CAAC,CAAC,CAACC,MAAM,CAAC,IAAIC,UAAU,CAACP,SAAS,CAAC,CAAC;EAC9D,CAAC;EAAA,OAAAjB,4BAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA","ignoreList":[]}

package/lib/utils/encryptAESSecretStorageItem.d.ts

@@ -1,16 +0,0 @@
-import { AESEncryptedSecretStoragePayload } from "../@types/AESEncryptedSecretStoragePayload.ts";
-/**
- * Encrypt a string as a secret storage item, using AES-CTR.
- *
- * @param data - the plaintext to encrypt
- * @param key - the encryption key to use as an input to the HKDF function which is used to derive the AES key for
- *    encryption. Obviously, the same key must be provided when decrypting.
- * @param name - the name of the secret. Used as an input to the HKDF operation which is used to derive the AES key,
- *    so again the same value must be provided when decrypting.
- * @param ivStr - the base64-encoded initialization vector to use. If not supplied, a random one will be generated.
- *
- * @returns The encrypted result, including the ciphertext itself, the initialization vector (as supplied in `ivStr`,
- *   or generated), and an HMAC on the ciphertext — all base64-encoded.
- */
-export default function encryptAESSecretStorageItem(data: string, key: Uint8Array, name: string, ivStr?: string): Promise<AESEncryptedSecretStoragePayload>;
-//# sourceMappingURL=encryptAESSecretStorageItem.d.ts.map

package/lib/utils/encryptAESSecretStorageItem.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"encryptAESSecretStorageItem.d.ts","sourceRoot":"","sources":["../../src/utils/encryptAESSecretStorageItem.ts"],"names":[],"mappings":"AAkBA,OAAO,EAAE,gCAAgC,EAAE,MAAM,+CAA+C,CAAC;AAEjG;;;;;;;;;;;;GAYG;AACH,wBAA8B,2BAA2B,CACrD,IAAI,EAAE,MAAM,EACZ,GAAG,EAAE,UAAU,EACf,IAAI,EAAE,MAAM,EACZ,KAAK,CAAC,EAAE,MAAM,GACf,OAAO,CAAC,gCAAgC,CAAC,CAkC3C"}

package/lib/utils/encryptAESSecretStorageItem.js

@@ -1,68 +0,0 @@
-import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
-/*
- * Copyright 2024 The Matrix.org Foundation C.I.C.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import { decodeBase64, encodeBase64 } from "../base64.js";
-import { deriveKeys } from "./internal/deriveKeys.js";
-/**
- * Encrypt a string as a secret storage item, using AES-CTR.
- *
- * @param data - the plaintext to encrypt
- * @param key - the encryption key to use as an input to the HKDF function which is used to derive the AES key for
- *    encryption. Obviously, the same key must be provided when decrypting.
- * @param name - the name of the secret. Used as an input to the HKDF operation which is used to derive the AES key,
- *    so again the same value must be provided when decrypting.
- * @param ivStr - the base64-encoded initialization vector to use. If not supplied, a random one will be generated.
- *
- * @returns The encrypted result, including the ciphertext itself, the initialization vector (as supplied in `ivStr`,
- *   or generated), and an HMAC on the ciphertext — all base64-encoded.
- */
-export default function encryptAESSecretStorageItem(_x, _x2, _x3, _x4) {
-  return _encryptAESSecretStorageItem.apply(this, arguments);
-}
-function _encryptAESSecretStorageItem() {
-  _encryptAESSecretStorageItem = _asyncToGenerator(function* (data, key, name, ivStr) {
-    var iv;
-    if (ivStr) {
-      iv = decodeBase64(ivStr);
-    } else {
-      iv = new Uint8Array(16);
-      globalThis.crypto.getRandomValues(iv);
-
-      // clear bit 63 of the IV to stop us hitting the 64-bit counter boundary
-      // (which would mean we wouldn't be able to decrypt on Android). The loss
-      // of a single bit of iv is a price we have to pay.
-      iv[8] &= 0x7f;
-    }
-    var [aesKey, hmacKey] = yield deriveKeys(key, name);
-    var encodedData = new TextEncoder().encode(data);
-    var ciphertext = yield globalThis.crypto.subtle.encrypt({
-      name: "AES-CTR",
-      counter: iv,
-      length: 64
-    }, aesKey, encodedData);
-    var hmac = yield globalThis.crypto.subtle.sign({
-      name: "HMAC"
-    }, hmacKey, ciphertext);
-    return {
-      iv: encodeBase64(iv),
-      ciphertext: encodeBase64(ciphertext),
-      mac: encodeBase64(hmac)
-    };
-  });
-  return _encryptAESSecretStorageItem.apply(this, arguments);
-}
-//# sourceMappingURL=encryptAESSecretStorageItem.js.map

package/lib/utils/encryptAESSecretStorageItem.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"encryptAESSecretStorageItem.js","names":["decodeBase64","encodeBase64","deriveKeys","encryptAESSecretStorageItem","_x","_x2","_x3","_x4","_encryptAESSecretStorageItem","apply","arguments","_asyncToGenerator","data","key","name","ivStr","iv","Uint8Array","globalThis","crypto","getRandomValues","aesKey","hmacKey","encodedData","TextEncoder","encode","ciphertext","subtle","encrypt","counter","length","hmac","sign","mac"],"sources":["../../src/utils/encryptAESSecretStorageItem.ts"],"sourcesContent":["/*\n * Copyright 2024 The Matrix.org Foundation C.I.C.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { decodeBase64, encodeBase64 } from \"../base64.ts\";\nimport { deriveKeys } from \"./internal/deriveKeys.ts\";\nimport { AESEncryptedSecretStoragePayload } from \"../@types/AESEncryptedSecretStoragePayload.ts\";\n\n/**\n * Encrypt a string as a secret storage item, using AES-CTR.\n *\n * @param data - the plaintext to encrypt\n * @param key - the encryption key to use as an input to the HKDF function which is used to derive the AES key for\n *    encryption. Obviously, the same key must be provided when decrypting.\n * @param name - the name of the secret. Used as an input to the HKDF operation which is used to derive the AES key,\n *    so again the same value must be provided when decrypting.\n * @param ivStr - the base64-encoded initialization vector to use. If not supplied, a random one will be generated.\n *\n * @returns The encrypted result, including the ciphertext itself, the initialization vector (as supplied in `ivStr`,\n *   or generated), and an HMAC on the ciphertext — all base64-encoded.\n */\nexport default async function encryptAESSecretStorageItem(\n    data: string,\n    key: Uint8Array,\n    name: string,\n    ivStr?: string,\n): Promise<AESEncryptedSecretStoragePayload> {\n    let iv: Uint8Array;\n    if (ivStr) {\n        iv = decodeBase64(ivStr);\n    } else {\n        iv = new Uint8Array(16);\n        globalThis.crypto.getRandomValues(iv);\n\n        // clear bit 63 of the IV to stop us hitting the 64-bit counter boundary\n        // (which would mean we wouldn't be able to decrypt on Android). The loss\n        // of a single bit of iv is a price we have to pay.\n        iv[8] &= 0x7f;\n    }\n\n    const [aesKey, hmacKey] = await deriveKeys(key, name);\n    const encodedData = new TextEncoder().encode(data);\n\n    const ciphertext = await globalThis.crypto.subtle.encrypt(\n        {\n            name: \"AES-CTR\",\n            counter: iv,\n            length: 64,\n        },\n        aesKey,\n        encodedData,\n    );\n\n    const hmac = await globalThis.crypto.subtle.sign({ name: \"HMAC\" }, hmacKey, ciphertext);\n\n    return {\n        iv: encodeBase64(iv),\n        ciphertext: encodeBase64(ciphertext),\n        mac: encodeBase64(hmac),\n    };\n}\n"],"mappings":";AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAASA,YAAY,EAAEC,YAAY,QAAQ,cAAc;AACzD,SAASC,UAAU,QAAQ,0BAA0B;AAGrD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAA8BC,2BAA2BA,CAAAC,EAAA,EAAAC,GAAA,EAAAC,GAAA,EAAAC,GAAA;EAAA,OAAAC,4BAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAuCxD,SAAAF,6BAAA;EAAAA,4BAAA,GAAAG,iBAAA,CAvCc,WACXC,IAAY,EACZC,GAAe,EACfC,IAAY,EACZC,KAAc,EAC2B;IACzC,IAAIC,EAAc;IAClB,IAAID,KAAK,EAAE;MACPC,EAAE,GAAGhB,YAAY,CAACe,KAAK,CAAC;IAC5B,CAAC,MAAM;MACHC,EAAE,GAAG,IAAIC,UAAU,CAAC,EAAE,CAAC;MACvBC,UAAU,CAACC,MAAM,CAACC,eAAe,CAACJ,EAAE,CAAC;;MAErC;MACA;MACA;MACAA,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI;IACjB;IAEA,IAAM,CAACK,MAAM,EAAEC,OAAO,CAAC,SAASpB,UAAU,CAACW,GAAG,EAAEC,IAAI,CAAC;IACrD,IAAMS,WAAW,GAAG,IAAIC,WAAW,CAAC,CAAC,CAACC,MAAM,CAACb,IAAI,CAAC;IAElD,IAAMc,UAAU,SAASR,UAAU,CAACC,MAAM,CAACQ,MAAM,CAACC,OAAO,CACrD;MACId,IAAI,EAAE,SAAS;MACfe,OAAO,EAAEb,EAAE;MACXc,MAAM,EAAE;IACZ,CAAC,EACDT,MAAM,EACNE,WACJ,CAAC;IAED,IAAMQ,IAAI,SAASb,UAAU,CAACC,MAAM,CAACQ,MAAM,CAACK,IAAI,CAAC;MAAElB,IAAI,EAAE;IAAO,CAAC,EAAEQ,OAAO,EAAEI,UAAU,CAAC;IAEvF,OAAO;MACHV,EAAE,EAAEf,YAAY,CAACe,EAAE,CAAC;MACpBU,UAAU,EAAEzB,YAAY,CAACyB,UAAU,CAAC;MACpCO,GAAG,EAAEhC,YAAY,CAAC8B,IAAI;IAC1B,CAAC;EACL,CAAC;EAAA,OAAAvB,4BAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA","ignoreList":[]}

package/lib/utils/internal/deriveKeys.d.ts

@@ -1,10 +0,0 @@
-/**
- * Derive AES and HMAC keys from a master key.
- *
- * This is used for deriving secret storage keys: see https://spec.matrix.org/v1.11/client-server-api/#msecret_storagev1aes-hmac-sha2 (step 1).
- *
- * @param key
- * @param name
- */
-export declare function deriveKeys(key: Uint8Array, name: string): Promise<[CryptoKey, CryptoKey]>;
-//# sourceMappingURL=deriveKeys.d.ts.map

package/lib/utils/internal/deriveKeys.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"deriveKeys.d.ts","sourceRoot":"","sources":["../../../src/utils/internal/deriveKeys.ts"],"names":[],"mappings":"AAmBA;;;;;;;GAOG;AACH,wBAAsB,UAAU,CAAC,GAAG,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAmC/F"}

package/lib/utils/internal/deriveKeys.js

@@ -1,60 +0,0 @@
-import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
-/*
- * Copyright 2024 The Matrix.org Foundation C.I.C.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-// salt for HKDF, with 8 bytes of zeros
-var zeroSalt = new Uint8Array(8);
-
-/**
- * Derive AES and HMAC keys from a master key.
- *
- * This is used for deriving secret storage keys: see https://spec.matrix.org/v1.11/client-server-api/#msecret_storagev1aes-hmac-sha2 (step 1).
- *
- * @param key
- * @param name
- */
-export function deriveKeys(_x, _x2) {
-  return _deriveKeys.apply(this, arguments);
-}
-function _deriveKeys() {
-  _deriveKeys = _asyncToGenerator(function* (key, name) {
-    var hkdfkey = yield globalThis.crypto.subtle.importKey("raw", key, {
-      name: "HKDF"
-    }, false, ["deriveBits"]);
-    var keybits = yield globalThis.crypto.subtle.deriveBits({
-      name: "HKDF",
-      salt: zeroSalt,
-      // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-      // @ts-ignore: https://github.com/microsoft/TypeScript-DOM-lib-generator/pull/879
-      info: new TextEncoder().encode(name),
-      hash: "SHA-256"
-    }, hkdfkey, 512);
-    var aesKey = keybits.slice(0, 32);
-    var hmacKey = keybits.slice(32);
-    var aesProm = globalThis.crypto.subtle.importKey("raw", aesKey, {
-      name: "AES-CTR"
-    }, false, ["encrypt", "decrypt"]);
-    var hmacProm = globalThis.crypto.subtle.importKey("raw", hmacKey, {
-      name: "HMAC",
-      hash: {
-        name: "SHA-256"
-      }
-    }, false, ["sign", "verify"]);
-    return Promise.all([aesProm, hmacProm]);
-  });
-  return _deriveKeys.apply(this, arguments);
-}
-//# sourceMappingURL=deriveKeys.js.map

package/lib/utils/internal/deriveKeys.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"deriveKeys.js","names":["zeroSalt","Uint8Array","deriveKeys","_x","_x2","_deriveKeys","apply","arguments","_asyncToGenerator","key","name","hkdfkey","globalThis","crypto","subtle","importKey","keybits","deriveBits","salt","info","TextEncoder","encode","hash","aesKey","slice","hmacKey","aesProm","hmacProm","Promise","all"],"sources":["../../../src/utils/internal/deriveKeys.ts"],"sourcesContent":["/*\n * Copyright 2024 The Matrix.org Foundation C.I.C.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n// salt for HKDF, with 8 bytes of zeros\nconst zeroSalt = new Uint8Array(8);\n\n/**\n * Derive AES and HMAC keys from a master key.\n *\n * This is used for deriving secret storage keys: see https://spec.matrix.org/v1.11/client-server-api/#msecret_storagev1aes-hmac-sha2 (step 1).\n *\n * @param key\n * @param name\n */\nexport async function deriveKeys(key: Uint8Array, name: string): Promise<[CryptoKey, CryptoKey]> {\n    const hkdfkey = await globalThis.crypto.subtle.importKey(\"raw\", key, { name: \"HKDF\" }, false, [\"deriveBits\"]);\n    const keybits = await globalThis.crypto.subtle.deriveBits(\n        {\n            name: \"HKDF\",\n            salt: zeroSalt,\n            // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n            // @ts-ignore: https://github.com/microsoft/TypeScript-DOM-lib-generator/pull/879\n            info: new TextEncoder().encode(name),\n            hash: \"SHA-256\",\n        },\n        hkdfkey,\n        512,\n    );\n\n    const aesKey = keybits.slice(0, 32);\n    const hmacKey = keybits.slice(32);\n\n    const aesProm = globalThis.crypto.subtle.importKey(\"raw\", aesKey, { name: \"AES-CTR\" }, false, [\n        \"encrypt\",\n        \"decrypt\",\n    ]);\n\n    const hmacProm = globalThis.crypto.subtle.importKey(\n        \"raw\",\n        hmacKey,\n        {\n            name: \"HMAC\",\n            hash: { name: \"SHA-256\" },\n        },\n        false,\n        [\"sign\", \"verify\"],\n    );\n\n    return Promise.all([aesProm, hmacProm]);\n}\n"],"mappings":";AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,IAAMA,QAAQ,GAAG,IAAIC,UAAU,CAAC,CAAC,CAAC;;AAElC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gBAAsBC,UAAUA,CAAAC,EAAA,EAAAC,GAAA;EAAA,OAAAC,WAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAmC/B,SAAAF,YAAA;EAAAA,WAAA,GAAAG,iBAAA,CAnCM,WAA0BC,GAAe,EAAEC,IAAY,EAAmC;IAC7F,IAAMC,OAAO,SAASC,UAAU,CAACC,MAAM,CAACC,MAAM,CAACC,SAAS,CAAC,KAAK,EAAEN,GAAG,EAAE;MAAEC,IAAI,EAAE;IAAO,CAAC,EAAE,KAAK,EAAE,CAAC,YAAY,CAAC,CAAC;IAC7G,IAAMM,OAAO,SAASJ,UAAU,CAACC,MAAM,CAACC,MAAM,CAACG,UAAU,CACrD;MACIP,IAAI,EAAE,MAAM;MACZQ,IAAI,EAAElB,QAAQ;MACd;MACA;MACAmB,IAAI,EAAE,IAAIC,WAAW,CAAC,CAAC,CAACC,MAAM,CAACX,IAAI,CAAC;MACpCY,IAAI,EAAE;IACV,CAAC,EACDX,OAAO,EACP,GACJ,CAAC;IAED,IAAMY,MAAM,GAAGP,OAAO,CAACQ,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;IACnC,IAAMC,OAAO,GAAGT,OAAO,CAACQ,KAAK,CAAC,EAAE,CAAC;IAEjC,IAAME,OAAO,GAAGd,UAAU,CAACC,MAAM,CAACC,MAAM,CAACC,SAAS,CAAC,KAAK,EAAEQ,MAAM,EAAE;MAAEb,IAAI,EAAE;IAAU,CAAC,EAAE,KAAK,EAAE,CAC1F,SAAS,EACT,SAAS,CACZ,CAAC;IAEF,IAAMiB,QAAQ,GAAGf,UAAU,CAACC,MAAM,CAACC,MAAM,CAACC,SAAS,CAC/C,KAAK,EACLU,OAAO,EACP;MACIf,IAAI,EAAE,MAAM;MACZY,IAAI,EAAE;QAAEZ,IAAI,EAAE;MAAU;IAC5B,CAAC,EACD,KAAK,EACL,CAAC,MAAM,EAAE,QAAQ,CACrB,CAAC;IAED,OAAOkB,OAAO,CAACC,GAAG,CAAC,CAACH,OAAO,EAAEC,QAAQ,CAAC,CAAC;EAC3C,CAAC;EAAA,OAAAtB,WAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA","ignoreList":[]}

package/src/@types/AESEncryptedSecretStoragePayload.ts

@@ -1,29 +0,0 @@
-/*
- * Copyright 2024 The Matrix.org Foundation C.I.C.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/**
- * An AES-encrypted secret storage payload.
- * See https://spec.matrix.org/v1.11/client-server-api/#msecret_storagev1aes-hmac-sha2-1
- */
-export interface AESEncryptedSecretStoragePayload {
-    [key: string]: any; // extensible
-    /** the initialization vector in base64 */
-    iv: string;
-    /** the ciphertext in base64 */
-    ciphertext: string;
-    /** the HMAC in base64 */
-    mac: string;
-}

package/src/utils/decryptAESSecretStorageItem.ts

@@ -1,54 +0,0 @@
-/*
- * Copyright 2024 The Matrix.org Foundation C.I.C.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import { decodeBase64 } from "../base64.ts";
-import { deriveKeys } from "./internal/deriveKeys.ts";
-import { AESEncryptedSecretStoragePayload } from "../@types/AESEncryptedSecretStoragePayload.ts";
-
-/**
- * Decrypt an AES-encrypted Secret Storage item.
- *
- * @param data - the encrypted data, returned by {@link utils/encryptAESSecretStorageItem.default | encryptAESSecretStorageItem}.
- * @param key - the encryption key to use as an input to the HKDF function which is used to derive the AES key. Must
- *    be the same as provided to {@link utils/encryptAESSecretStorageItem.default | encryptAESSecretStorageItem}.
- * @param name - the name of the secret. Also used as an input to the HKDF operation which is used to derive the AES
- *    key, so again must be the same as provided to {@link utils/encryptAESSecretStorageItem.default | encryptAESSecretStorageItem}.
- */
-export default async function decryptAESSecretStorageItem(
-    data: AESEncryptedSecretStoragePayload,
-    key: Uint8Array,
-    name: string,
-): Promise<string> {
-    const [aesKey, hmacKey] = await deriveKeys(key, name);
-
-    const ciphertext = decodeBase64(data.ciphertext);
-
-    if (!(await globalThis.crypto.subtle.verify({ name: "HMAC" }, hmacKey, decodeBase64(data.mac), ciphertext))) {
-        throw new Error(`Error decrypting secret ${name}: bad MAC`);
-    }
-
-    const plaintext = await globalThis.crypto.subtle.decrypt(
-        {
-            name: "AES-CTR",
-            counter: decodeBase64(data.iv),
-            length: 64,
-        },
-        aesKey,
-        ciphertext,
-    );
-
-    return new TextDecoder().decode(new Uint8Array(plaintext));
-}

package/src/utils/encryptAESSecretStorageItem.ts

@@ -1,73 +0,0 @@
-/*
- * Copyright 2024 The Matrix.org Foundation C.I.C.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import { decodeBase64, encodeBase64 } from "../base64.ts";
-import { deriveKeys } from "./internal/deriveKeys.ts";
-import { AESEncryptedSecretStoragePayload } from "../@types/AESEncryptedSecretStoragePayload.ts";
-
-/**
- * Encrypt a string as a secret storage item, using AES-CTR.
- *
- * @param data - the plaintext to encrypt
- * @param key - the encryption key to use as an input to the HKDF function which is used to derive the AES key for
- *    encryption. Obviously, the same key must be provided when decrypting.
- * @param name - the name of the secret. Used as an input to the HKDF operation which is used to derive the AES key,
- *    so again the same value must be provided when decrypting.
- * @param ivStr - the base64-encoded initialization vector to use. If not supplied, a random one will be generated.
- *
- * @returns The encrypted result, including the ciphertext itself, the initialization vector (as supplied in `ivStr`,
- *   or generated), and an HMAC on the ciphertext — all base64-encoded.
- */
-export default async function encryptAESSecretStorageItem(
-    data: string,
-    key: Uint8Array,
-    name: string,
-    ivStr?: string,
-): Promise<AESEncryptedSecretStoragePayload> {
-    let iv: Uint8Array;
-    if (ivStr) {
-        iv = decodeBase64(ivStr);
-    } else {
-        iv = new Uint8Array(16);
-        globalThis.crypto.getRandomValues(iv);
-
-        // clear bit 63 of the IV to stop us hitting the 64-bit counter boundary
-        // (which would mean we wouldn't be able to decrypt on Android). The loss
-        // of a single bit of iv is a price we have to pay.
-        iv[8] &= 0x7f;
-    }
-
-    const [aesKey, hmacKey] = await deriveKeys(key, name);
-    const encodedData = new TextEncoder().encode(data);
-
-    const ciphertext = await globalThis.crypto.subtle.encrypt(
-        {
-            name: "AES-CTR",
-            counter: iv,
-            length: 64,
-        },
-        aesKey,
-        encodedData,
-    );
-
-    const hmac = await globalThis.crypto.subtle.sign({ name: "HMAC" }, hmacKey, ciphertext);
-
-    return {
-        iv: encodeBase64(iv),
-        ciphertext: encodeBase64(ciphertext),
-        mac: encodeBase64(hmac),
-    };
-}

package/src/utils/internal/deriveKeys.ts

@@ -1,63 +0,0 @@
-/*
- * Copyright 2024 The Matrix.org Foundation C.I.C.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-// salt for HKDF, with 8 bytes of zeros
-const zeroSalt = new Uint8Array(8);
-
-/**
- * Derive AES and HMAC keys from a master key.
- *
- * This is used for deriving secret storage keys: see https://spec.matrix.org/v1.11/client-server-api/#msecret_storagev1aes-hmac-sha2 (step 1).
- *
- * @param key
- * @param name
- */
-export async function deriveKeys(key: Uint8Array, name: string): Promise<[CryptoKey, CryptoKey]> {
-    const hkdfkey = await globalThis.crypto.subtle.importKey("raw", key, { name: "HKDF" }, false, ["deriveBits"]);
-    const keybits = await globalThis.crypto.subtle.deriveBits(
-        {
-            name: "HKDF",
-            salt: zeroSalt,
-            // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-            // @ts-ignore: https://github.com/microsoft/TypeScript-DOM-lib-generator/pull/879
-            info: new TextEncoder().encode(name),
-            hash: "SHA-256",
-        },
-        hkdfkey,
-        512,
-    );
-
-    const aesKey = keybits.slice(0, 32);
-    const hmacKey = keybits.slice(32);
-
-    const aesProm = globalThis.crypto.subtle.importKey("raw", aesKey, { name: "AES-CTR" }, false, [
-        "encrypt",
-        "decrypt",
-    ]);
-
-    const hmacProm = globalThis.crypto.subtle.importKey(
-        "raw",
-        hmacKey,
-        {
-            name: "HMAC",
-            hash: { name: "SHA-256" },
-        },
-        false,
-        ["sign", "verify"],
-    );
-
-    return Promise.all([aesProm, hmacProm]);
-}