@vex-chat/crypto 2.0.0 → 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CLA.md +38 -0
- package/LICENSE-COMMERCIAL +10 -0
- package/LICENSING.md +15 -0
- package/README.md +48 -19
- package/dist/index.d.ts +64 -24
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +375 -42
- package/dist/index.js.map +1 -1
- package/package.json +14 -5
- package/src/__tests__/XKeyConvert.ts +6 -0
- package/src/__tests__/XUtils/bytesEqual.ts +6 -0
- package/src/__tests__/XUtils/emptyHeader.ts +6 -0
- package/src/__tests__/XUtils/numberToUint8Arr.ts +6 -0
- package/src/__tests__/XUtils/packMessage.ts +6 -0
- package/src/__tests__/XUtils/stringEncoding.ts +6 -0
- package/src/__tests__/XUtils/uint8ArrToNumber.ts +6 -0
- package/src/__tests__/XUtils/unpackMessage.ts +6 -0
- package/src/__tests__/cryptoProfile.ts +64 -0
- package/src/__tests__/xAsyncProfile.ts +69 -0
- package/src/__tests__/xConcat.ts +6 -0
- package/src/__tests__/xDH.ts +6 -0
- package/src/__tests__/xEncode.ts +6 -0
- package/src/__tests__/xHMAC.ts +6 -0
- package/src/__tests__/xMnemonic.ts +6 -0
- package/src/index.ts +606 -48
package/CLA.md
ADDED
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
# Contributor License Agreement (Individual)
|
|
2
|
+
|
|
3
|
+
Thank you for your interest in contributing to this project (“**Project**”).
|
|
4
|
+
|
|
5
|
+
This Contributor License Agreement (“**Agreement**”) documents the rights granted by contributors to the Project’s copyright holders and maintainers (collectively, the “**Maintainers**”).
|
|
6
|
+
|
|
7
|
+
## Definitions
|
|
8
|
+
|
|
9
|
+
**“Contribution”** means any original work of authorship, including any modifications or additions to the Project, that you submit or have submitted to the Project in any form (for example, pull requests, issues with attached patches, or mailing-list posts).
|
|
10
|
+
|
|
11
|
+
**“Submit”** means any form of electronic or written communication sent to the Maintainers or Project repositories.
|
|
12
|
+
|
|
13
|
+
## Grant of rights
|
|
14
|
+
|
|
15
|
+
You hereby grant the Maintainers:
|
|
16
|
+
|
|
17
|
+
1. **Copyright license** — A perpetual, worldwide, non-exclusive, royalty-free, irrevocable license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute your Contributions under the **AGPL-3.0-or-later** license that applies to the Project.
|
|
18
|
+
|
|
19
|
+
2. **Relicensing for dual licensing** — The same rights as in (1), but under **other license terms** chosen by the Maintainers, solely as needed to offer **commercial or proprietary licenses** to third parties, without owing you royalties for such sublicensing.
|
|
20
|
+
|
|
21
|
+
3. **Patent license** — If your Contribution includes a patent claim that you have the right to license, you grant the Maintainers and users of the Project a perpetual, worldwide, non-exclusive, royalty-free license under those claims to make, use, sell, offer for sale, import, and otherwise dispose of the Contribution and works including it.
|
|
22
|
+
|
|
23
|
+
## Representations
|
|
24
|
+
|
|
25
|
+
You represent that:
|
|
26
|
+
|
|
27
|
+
- Each Contribution is your original creation, or you have sufficient rights to submit it under this Agreement.
|
|
28
|
+
- To your knowledge, your Contribution does not violate anyone else’s rights.
|
|
29
|
+
|
|
30
|
+
## Miscellaneous
|
|
31
|
+
|
|
32
|
+
This Agreement does not obligate the Maintainers to use or merge your Contributions.
|
|
33
|
+
|
|
34
|
+
If any part of this Agreement is held invalid, the remainder stays in effect.
|
|
35
|
+
|
|
36
|
+
---
|
|
37
|
+
|
|
38
|
+
_This document is a practical starting point for open-source contribution. It is **not** legal advice. Have qualified counsel review and adapt it for your jurisdiction and entity before relying on it for government, procurement, or high-stakes decisions._
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
# Commercial licensing
|
|
2
|
+
|
|
3
|
+
This software is also available under **commercial license terms** from:
|
|
4
|
+
|
|
5
|
+
**Vex Heavy Industries LLC**
|
|
6
|
+
|
|
7
|
+
- **Email:** [licensing@vex.wtf](mailto:licensing@vex.wtf)
|
|
8
|
+
- **Web:** [vex.wtf](https://vex.wtf)
|
|
9
|
+
|
|
10
|
+
The default **public** license for open source use is the **GNU Affero General Public License v3.0** — see the [`LICENSE`](./LICENSE) file in this repository.
|
package/LICENSING.md
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
# Licensing
|
|
2
|
+
|
|
3
|
+
## Open source (default)
|
|
4
|
+
|
|
5
|
+
The default **public** license is the **GNU Affero General Public License v3.0** — see the full text in [`LICENSE`](./LICENSE). The SPDX identifier in `package.json` may use **AGPL-3.0-or-later**; either way, the grant is at least AGPL v3.
|
|
6
|
+
|
|
7
|
+
## Commercial licensing
|
|
8
|
+
|
|
9
|
+
Commercial licenses are offered by **Vex Heavy Industries LLC**. See [`LICENSE-COMMERCIAL`](./LICENSE-COMMERCIAL) for contact details ([vex.wtf](https://vex.wtf), **licensing@vex.wtf**).
|
|
10
|
+
|
|
11
|
+
If you need terms **other than the AGPL** (for example, a proprietary product or a deployment where AGPL obligations are not acceptable), inquire there.
|
|
12
|
+
|
|
13
|
+
---
|
|
14
|
+
|
|
15
|
+
_This file summarizes how we intend licensing to work. It is not legal advice. For binding terms, rely on the written agreement or license grant you receive from the copyright holders._
|
package/README.md
CHANGED
|
@@ -7,23 +7,26 @@
|
|
|
7
7
|
[](./dist/index.d.ts)
|
|
8
8
|
[](https://github.com/plantain-00/type-coverage)
|
|
9
9
|
[](./package.json)
|
|
10
|
-
[](https://bundlejs.com/?q=@vex-chat/crypto&treeshake=[*])
|
|
11
10
|
[](https://securityscorecards.dev/viewer/?uri=github.com/vex-protocol/crypto-js)
|
|
12
11
|
[](https://socket.dev/npm/package/@vex-chat/crypto)
|
|
13
12
|
|
|
14
|
-
Crypto primitives for the [Vex](https://vex.wtf)
|
|
13
|
+
Crypto primitives for the [Vex](https://vex.wtf) protocol. Sign, encrypt, hash, derive keys, and encode bytes — everything the client and server need to speak the protocol.
|
|
15
14
|
|
|
16
15
|
## What's in the box
|
|
17
16
|
|
|
18
|
-
- **Key generation** — `xBoxKeyPair()` / `xSignKeyPair()` / `xSignKeyPairFromSecret()` / `xBoxKeyPairFromSecret()` for X25519 (
|
|
19
|
-
- **Signing** — `xSign()` / `
|
|
20
|
-
- **Authenticated encryption** — `xSecretbox()` / `xSecretboxOpen()` (
|
|
21
|
-
- **Hashing & KDF** — `xHash()` (SHA-512), `xKDF()` (HKDF-
|
|
22
|
-
- **
|
|
23
|
-
- **
|
|
24
|
-
- **
|
|
17
|
+
- **Key generation** — `xBoxKeyPair()` / `xSignKeyPair()` / `xSignKeyPairFromSecret()` / `xBoxKeyPairFromSecret()` for X25519 (box) and Ed25519 (sign) keypairs (`tweetnacl`).
|
|
18
|
+
- **Signing** — `xSign()` / `xSignOpen()` over arbitrary bytes (Ed25519, `tweetnacl`).
|
|
19
|
+
- **Authenticated encryption** — `xSecretbox()` / `xSecretboxOpen()` (XSalsa20-Poly1305 secretbox) and `xDH()` (X25519 scalar mult) via `tweetnacl`.
|
|
20
|
+
- **Hashing & KDF** — `xHash()` (SHA-512 hex via `@noble/hashes`), `xKDF()` (**HKDF-SHA-512** via `@noble/hashes`), `xHMAC()` (HMAC-SHA-256 via `@noble/hashes`), and `XUtils.encryptKeyData` / `decryptKeyData` (**PBKDF2-SHA-512** + `tweetnacl` secretbox).
|
|
21
|
+
- **Curve key encoding** — `xEncode()` prefixes a 32-byte X25519 public key for the wire format (not msgpack).
|
|
22
|
+
- **Msgpack framing** — `XUtils.packMessage()` / `unpackMessage()` wrap a 32-byte header + msgpack body (`msgpackr`); `unpackMessage` validates base fields with Zod.
|
|
23
|
+
- **Text & byte encoding** — `XUtils` hex/base64/UTF-8 helpers (`@stablelib/base64`, `@stablelib/utf8`).
|
|
24
|
+
- **Mnemonics** — `xMnemonic()` (BIP39 via `bip39`).
|
|
25
|
+
- **Utilities** — `xConcat()`, `xMakeNonce()`, `xRandomBytes()`, `XUtils.bytesEqual` (constant-time when lengths match), and `XKeyConvert` (Ed25519 ↔ X25519 via `ed2curve`).
|
|
26
|
+
- **Runtime profile** — `setCryptoProfile()` / `getCryptoProfile()` to select `tweetnacl` (default) or `fips` mode.
|
|
27
|
+
- **Async portable crypto** — `xSignAsync()`, `xSignOpenAsync()`, `xSignKeyPairAsync()`, `xBoxKeyPairAsync()`, `xDHAsync()`, `xSecretboxAsync()`, `xSecretboxOpenAsync()` for cross-runtime WebCrypto-backed flows.
|
|
25
28
|
|
|
26
|
-
|
|
29
|
+
**HKDF, PBKDF2, HMAC, and SHA-512 / SHA-256** all run through **`@noble/hashes`**. **`tweetnacl`** supplies CSPRNG, box, sign, and secretbox.
|
|
27
30
|
|
|
28
31
|
## Install
|
|
29
32
|
|
|
@@ -41,25 +44,34 @@ npm install @vex-chat/types @vex-chat/crypto
|
|
|
41
44
|
|
|
42
45
|
```ts
|
|
43
46
|
import {
|
|
47
|
+
getCryptoProfile,
|
|
48
|
+
setCryptoProfile,
|
|
49
|
+
xSignAsync,
|
|
50
|
+
xSignOpenAsync,
|
|
51
|
+
xSignKeyPairAsync,
|
|
44
52
|
xBoxKeyPair,
|
|
45
53
|
xSignKeyPair,
|
|
46
54
|
xSign,
|
|
55
|
+
xSignOpen,
|
|
47
56
|
xSecretbox,
|
|
48
57
|
xSecretboxOpen,
|
|
49
58
|
xDH,
|
|
50
59
|
xMakeNonce,
|
|
51
|
-
xEncode,
|
|
52
|
-
xDecode,
|
|
53
60
|
XUtils,
|
|
54
61
|
} from "@vex-chat/crypto";
|
|
55
62
|
|
|
63
|
+
// Optional: select backend profile once at process startup.
|
|
64
|
+
setCryptoProfile("tweetnacl");
|
|
65
|
+
console.log(getCryptoProfile()); // "tweetnacl"
|
|
66
|
+
|
|
56
67
|
// Generate identity keys
|
|
57
68
|
const signKeys = xSignKeyPair();
|
|
58
69
|
const boxKeys = xBoxKeyPair();
|
|
59
70
|
|
|
60
|
-
// Sign a message
|
|
71
|
+
// Sign a message (returns 64-byte signature prefix + message)
|
|
61
72
|
const message = XUtils.encodeUTF8("hello vex");
|
|
62
|
-
const
|
|
73
|
+
const signed = xSign(message, signKeys.secretKey);
|
|
74
|
+
const opened = xSignOpen(signed, signKeys.publicKey);
|
|
63
75
|
|
|
64
76
|
// Derive a shared secret and encrypt
|
|
65
77
|
const shared = xDH(boxKeys.secretKey, otherPartyPublicKey);
|
|
@@ -69,13 +81,30 @@ const ciphertext = xSecretbox(message, nonce, shared);
|
|
|
69
81
|
// Decrypt
|
|
70
82
|
const plaintext = xSecretboxOpen(ciphertext, nonce, shared);
|
|
71
83
|
|
|
72
|
-
//
|
|
73
|
-
const
|
|
74
|
-
|
|
84
|
+
// Msgpack wire body (32-byte header + msgpack); see XUtils.packMessage / unpackMessage
|
|
85
|
+
const wire = XUtils.packMessage({
|
|
86
|
+
type: "success",
|
|
87
|
+
transmissionID: "abc",
|
|
88
|
+
data: null,
|
|
89
|
+
});
|
|
90
|
+
const [, body] = XUtils.unpackMessage(wire);
|
|
91
|
+
|
|
92
|
+
// Cross-runtime async path (required for full FIPS profile usage)
|
|
93
|
+
setCryptoProfile("fips");
|
|
94
|
+
const fipsKeys = await xSignKeyPairAsync();
|
|
95
|
+
const fipsSigned = await xSignAsync(message, fipsKeys.secretKey);
|
|
96
|
+
const fipsOpened = await xSignOpenAsync(fipsSigned, fipsKeys.publicKey);
|
|
75
97
|
```
|
|
76
98
|
|
|
77
|
-
|
|
99
|
+
## Crypto profiles
|
|
100
|
+
|
|
101
|
+
- `tweetnacl` (default): current behavior for signing, key exchange, secretbox, and random bytes.
|
|
102
|
+
- `fips`:
|
|
103
|
+
- sync NaCl-shaped APIs (`xSign`, `xDH`, `xSecretbox`, etc.) still throw (to avoid silent semantic drift),
|
|
104
|
+
- async APIs (`...Async`) use WebCrypto-backed P-256 ECDSA, P-256 ECDH, and AES-GCM, plus WebCrypto random bytes.
|
|
105
|
+
|
|
106
|
+
Outside contributors should follow [CONTRIBUTING.md](./CONTRIBUTING.md) (including the [CLA](./CLA.md)). Release workflow: [AGENTS.md](./AGENTS.md).
|
|
78
107
|
|
|
79
108
|
## License
|
|
80
109
|
|
|
81
|
-
[AGPL-3.0-
|
|
110
|
+
Default public license: **[AGPL-3.0](./LICENSE)** (see `package.json` for SPDX). Commercial licenses from **Vex Heavy Industries LLC**: [**LICENSE-COMMERCIAL**](./LICENSE-COMMERCIAL), [**LICENSING.md**](./LICENSING.md).
|
package/dist/index.d.ts
CHANGED
|
@@ -1,7 +1,24 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Copyright (c) 2020-2026 Vex Heavy Industries LLC
|
|
3
|
+
* Licensed under AGPL-3.0. See LICENSE for details.
|
|
4
|
+
* Commercial licenses available at vex.wtf
|
|
5
|
+
*/
|
|
1
6
|
import type { BaseMsg } from "@vex-chat/types";
|
|
2
7
|
import { decode as decodeBase64, encode as encodeBase64 } from "@stablelib/base64";
|
|
3
8
|
import { encode as decodeUTF8, decode as encodeUTF8 } from "@stablelib/utf8";
|
|
4
9
|
import ed2curve from "ed2curve";
|
|
10
|
+
/** Runtime crypto profile selector. */
|
|
11
|
+
export type CryptoProfile = "fips" | "tweetnacl";
|
|
12
|
+
/** Returns the currently configured crypto profile. */
|
|
13
|
+
export declare function getCryptoProfile(): CryptoProfile;
|
|
14
|
+
/**
|
|
15
|
+
* Sets the runtime crypto profile.
|
|
16
|
+
*
|
|
17
|
+
* `tweetnacl` preserves existing behavior.
|
|
18
|
+
* `fips` currently enables only backend-agnostic helpers; NaCl-coupled
|
|
19
|
+
* primitives throw until a FIPS backend implementation is wired in.
|
|
20
|
+
*/
|
|
21
|
+
export declare function setCryptoProfile(profile: CryptoProfile): void;
|
|
5
22
|
/**
|
|
6
23
|
* Provides an interface that can map an ed25519 keypair to its equivalent
|
|
7
24
|
* X25519 keypair.
|
|
@@ -18,6 +35,7 @@ export declare class XUtils {
|
|
|
18
35
|
static encodeUTF8: typeof encodeUTF8;
|
|
19
36
|
/**
|
|
20
37
|
* Checks if two buffer-like objects are equal.
|
|
38
|
+
* When lengths match, comparison is constant-time in the inputs (no early exit on first differing byte).
|
|
21
39
|
*
|
|
22
40
|
* @param buf1
|
|
23
41
|
* @param buf2
|
|
@@ -40,6 +58,11 @@ export declare class XUtils {
|
|
|
40
58
|
* @returns The hex-encoded secret key.
|
|
41
59
|
*/
|
|
42
60
|
static decryptKeyData: (keyData: Uint8Array, password: string) => string;
|
|
61
|
+
/**
|
|
62
|
+
* Async variant of decryptKeyData for cross-runtime/FIPS backends.
|
|
63
|
+
* Supports both profile formats emitted by encryptKeyDataAsync.
|
|
64
|
+
*/
|
|
65
|
+
static decryptKeyDataAsync: (keyData: Uint8Array, password: string) => Promise<string>;
|
|
43
66
|
/**
|
|
44
67
|
* Returns the empty header (32 0's)
|
|
45
68
|
*
|
|
@@ -53,22 +76,23 @@ export declare class XUtils {
|
|
|
53
76
|
*/
|
|
54
77
|
static encodeHex(bytes: Uint8Array): string;
|
|
55
78
|
/**
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
* @param keyToSave The hex-encoded secret key to encrypt.
|
|
68
|
-
* @param iterationOverride Optional PBKDF2 iteration count (random if omitted).
|
|
69
|
-
* @returns The encrypted key data as a Uint8Array.
|
|
70
|
-
*/
|
|
79
|
+
* Encrypts a secret key into a portable binary format.
|
|
80
|
+
* The result can be written to disk, sent over the network, etc.
|
|
81
|
+
* No I/O — the caller handles persistence.
|
|
82
|
+
*
|
|
83
|
+
* Format: [iterations(6)|salt(24)|nonce(24)|ciphertext(N)]
|
|
84
|
+
*
|
|
85
|
+
* @param password The password to derive the encryption key from.
|
|
86
|
+
* @param keyToSave The hex-encoded secret key to encrypt.
|
|
87
|
+
* @param iterationOverride Optional PBKDF2 iteration count (random if omitted).
|
|
88
|
+
* @returns The encrypted key data as a Uint8Array.
|
|
89
|
+
*/
|
|
71
90
|
static encryptKeyData: (password: string, keyToSave: string, iterationOverride?: number) => Uint8Array;
|
|
91
|
+
/**
|
|
92
|
+
* Async variant of encryptKeyData for cross-runtime/FIPS backends.
|
|
93
|
+
* Format remains [iterations(6)|salt(24)|nonce(24)|ciphertext(N)].
|
|
94
|
+
*/
|
|
95
|
+
static encryptKeyDataAsync: (password: string, keyToSave: string, iterationOverride?: number) => Promise<Uint8Array>;
|
|
72
96
|
/**
|
|
73
97
|
* Returns a six bit Uint8Array representation of an integer.
|
|
74
98
|
* The integer must be positive, and it must be able to be stored
|
|
@@ -81,7 +105,8 @@ export declare class XUtils {
|
|
|
81
105
|
/**
|
|
82
106
|
* Packs a javascript object and a 32 byte header into a vex message.
|
|
83
107
|
*
|
|
84
|
-
* @param
|
|
108
|
+
* @param msg Message body (msgpack-serialized).
|
|
109
|
+
* @param header Optional 32-byte header; defaults to an empty header.
|
|
85
110
|
* @returns the packed message.
|
|
86
111
|
*/
|
|
87
112
|
static packMessage(msg: unknown, header?: Uint8Array): Uint8Array<ArrayBufferLike>;
|
|
@@ -94,9 +119,9 @@ export declare class XUtils {
|
|
|
94
119
|
static uint8ArrToNumber(arr: Uint8Array): number;
|
|
95
120
|
/**
|
|
96
121
|
* Takes a vex message and unpacks it into its header and a javascript object
|
|
97
|
-
*
|
|
122
|
+
* representation of its body.
|
|
98
123
|
*
|
|
99
|
-
* @param
|
|
124
|
+
* @param msg Full wire message (32-byte header + msgpack body).
|
|
100
125
|
* @returns [32 byte header, message body]
|
|
101
126
|
*/
|
|
102
127
|
static unpackMessage(msg: Buffer | Uint8Array): [Uint8Array, BaseMsg];
|
|
@@ -107,7 +132,7 @@ export declare class XUtils {
|
|
|
107
132
|
* @param msg the message to create the HMAC of
|
|
108
133
|
* @param SK the secret key to create the HMAC with
|
|
109
134
|
*/
|
|
110
|
-
export declare function xHMAC(msg: unknown, SK: Uint8Array): Uint8Array<ArrayBufferLike>;
|
|
135
|
+
export declare function xHMAC(msg: unknown, SK: Uint8Array): Uint8Array<ArrayBufferLike> & Uint8Array<ArrayBuffer>;
|
|
111
136
|
/**
|
|
112
137
|
* Gets a word list representation of a byte sequence.
|
|
113
138
|
*
|
|
@@ -130,10 +155,8 @@ export interface KeyPair {
|
|
|
130
155
|
* @param IKM the initial key material.
|
|
131
156
|
* @returns The generated key.
|
|
132
157
|
*/
|
|
133
|
-
/**
|
|
134
|
-
|
|
135
|
-
*/
|
|
136
|
-
interface XConstants {
|
|
158
|
+
/** Shape of the {@link xConstants} runtime object. */
|
|
159
|
+
export interface XConstants {
|
|
137
160
|
CURVE: "X25519";
|
|
138
161
|
HASH: "SHA-512";
|
|
139
162
|
HEADER_SIZE: 32;
|
|
@@ -143,8 +166,12 @@ interface XConstants {
|
|
|
143
166
|
}
|
|
144
167
|
/** Generate a fresh X25519 box key pair. */
|
|
145
168
|
export declare function xBoxKeyPair(): KeyPair;
|
|
169
|
+
/** Async box keypair generation for the active profile. */
|
|
170
|
+
export declare function xBoxKeyPairAsync(): Promise<KeyPair>;
|
|
146
171
|
/** Restore an X25519 box key pair from a 32-byte secret key. */
|
|
147
172
|
export declare function xBoxKeyPairFromSecret(secretKey: Uint8Array): KeyPair;
|
|
173
|
+
/** Async box key restore from private key material. */
|
|
174
|
+
export declare function xBoxKeyPairFromSecretAsync(secretKey: Uint8Array): Promise<KeyPair>;
|
|
148
175
|
/**
|
|
149
176
|
* Concatanates multiple Uint8Arrays.
|
|
150
177
|
*
|
|
@@ -160,6 +187,8 @@ export declare function xConcat(...arrays: Uint8Array[]): Uint8Array;
|
|
|
160
187
|
* @returns The derived shared secret, SK.
|
|
161
188
|
*/
|
|
162
189
|
export declare function xDH(myPrivateKey: Uint8Array, theirPublicKey: Uint8Array): Uint8Array;
|
|
190
|
+
/** Async DH for cross-runtime/FIPS backends. */
|
|
191
|
+
export declare function xDHAsync(myPrivateKey: Uint8Array, theirPublicKey: Uint8Array): Promise<Uint8Array>;
|
|
163
192
|
/**
|
|
164
193
|
* Encode an X25519 or X448 public key PK into a byte sequence.
|
|
165
194
|
* The encoding consists of 0 or 1 to represent the type of curve, followed by l
|
|
@@ -183,15 +212,26 @@ export declare function xMakeNonce(): Uint8Array;
|
|
|
183
212
|
export declare function xRandomBytes(length: number): Uint8Array;
|
|
184
213
|
/** Encrypt with a shared secret key. */
|
|
185
214
|
export declare function xSecretbox(plaintext: Uint8Array, nonce: Uint8Array, key: Uint8Array): Uint8Array;
|
|
215
|
+
/** Async authenticated encryption for cross-runtime/FIPS backends. */
|
|
216
|
+
export declare function xSecretboxAsync(plaintext: Uint8Array, nonce: Uint8Array, key: Uint8Array): Promise<Uint8Array>;
|
|
186
217
|
/** Decrypt with a shared secret key. Returns null if authentication fails. */
|
|
187
218
|
export declare function xSecretboxOpen(ciphertext: Uint8Array, nonce: Uint8Array, key: Uint8Array): null | Uint8Array;
|
|
219
|
+
/** Async authenticated decryption for cross-runtime/FIPS backends. */
|
|
220
|
+
export declare function xSecretboxOpenAsync(ciphertext: Uint8Array, nonce: Uint8Array, key: Uint8Array): Promise<null | Uint8Array>;
|
|
188
221
|
/** Sign a message with an Ed25519 secret key. Returns signed message (64-byte signature prefix + message). */
|
|
189
222
|
export declare function xSign(message: Uint8Array, secretKey: Uint8Array): Uint8Array;
|
|
223
|
+
/** Async signing for cross-runtime/FIPS backends. */
|
|
224
|
+
export declare function xSignAsync(message: Uint8Array, secretKey: Uint8Array): Promise<Uint8Array>;
|
|
190
225
|
/** Generate a fresh Ed25519 signing key pair. */
|
|
191
226
|
export declare function xSignKeyPair(): KeyPair;
|
|
227
|
+
/** Async keypair generation for the active profile. */
|
|
228
|
+
export declare function xSignKeyPairAsync(): Promise<KeyPair>;
|
|
192
229
|
/** Restore an Ed25519 signing key pair from a 64-byte secret key. */
|
|
193
230
|
export declare function xSignKeyPairFromSecret(secretKey: Uint8Array): KeyPair;
|
|
231
|
+
/** Async restore of signing keypair for the active profile. */
|
|
232
|
+
export declare function xSignKeyPairFromSecretAsync(secretKey: Uint8Array): Promise<KeyPair>;
|
|
194
233
|
/** Verify and open a signed message. Returns the original message, or null if verification fails. */
|
|
195
234
|
export declare function xSignOpen(signedMessage: Uint8Array, publicKey: Uint8Array): null | Uint8Array;
|
|
196
|
-
|
|
235
|
+
/** Async verify/open for cross-runtime/FIPS backends. */
|
|
236
|
+
export declare function xSignOpenAsync(signedMessage: Uint8Array, publicKey: Uint8Array): Promise<null | Uint8Array>;
|
|
197
237
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAM/C,OAAO,EACH,MAAM,IAAI,YAAY,EACtB,MAAM,IAAI,YAAY,EACzB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAE7E,OAAO,QAAQ,MAAM,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAM/C,OAAO,EACH,MAAM,IAAI,YAAY,EACtB,MAAM,IAAI,YAAY,EACzB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAE7E,OAAO,QAAQ,MAAM,UAAU,CAAC;AAKhC,uCAAuC;AACvC,MAAM,MAAM,aAAa,GAAG,MAAM,GAAG,WAAW,CAAC;AA8JjD,uDAAuD;AACvD,wBAAgB,gBAAgB,IAAI,aAAa,CAEhD;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,aAAa,GAAG,IAAI,CAG7D;AA0ED;;;GAGG;AACH,eAAO,MAAM,WAAW,iBAAW,CAAC;AAEpC;;;GAGG;AAEH,qBAAa,MAAM;IACf,OAAc,YAAY,sBAAgB;IAE1C,OAAc,UAAU,oBAAc;IAEtC,OAAc,YAAY,sBAAgB;IAE1C,OAAc,UAAU,oBAAc;IAEtC;;;;;;;;OAQG;WACW,UAAU,CACpB,IAAI,EAAE,WAAW,GAAG,UAAU,EAC9B,IAAI,EAAE,WAAW,GAAG,UAAU;IAmBlC;;;;OAIG;WACW,SAAS,CAAC,SAAS,EAAE,MAAM,GAAG,UAAU;IAStD;;;;;;;OAOG;IACH,OAAc,cAAc,GACxB,SAAS,UAAU,EACnB,UAAU,MAAM,KACjB,MAAM,CAmBP;IAEF;;;OAGG;IACH,OAAc,mBAAmB,GAC7B,SAAS,UAAU,EACnB,UAAU,MAAM,KACjB,OAAO,CAAC,MAAM,CAAC,CAsBhB;IAEF;;;;OAIG;WACW,WAAW;IAIzB;;;;OAIG;WACW,SAAS,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM;IAOlD;;;;;;;;;;;OAWG;IACH,OAAc,cAAc,GACxB,UAAU,MAAM,EAChB,WAAW,MAAM,EACjB,oBAAoB,MAAM,KAC3B,UAAU,CAqCX;IAEF;;;OAGG;IACH,OAAc,mBAAmB,GAC7B,UAAU,MAAM,EAChB,WAAW,MAAM,EACjB,oBAAoB,MAAM,KAC3B,OAAO,CAAC,UAAU,CAAC,CAwCpB;IAEF;;;;;;;OAOG;WACW,gBAAgB,CAAC,CAAC,EAAE,MAAM,GAAG,UAAU;IAerD;;;;;;OAMG;WACW,WAAW,CAAC,GAAG,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,UAAU;IAM3D;;;;;OAKG;WACW,gBAAgB,CAAC,GAAG,EAAE,UAAU;IAQ9C;;;;;;OAMG;WACW,aAAa,CACvB,GAAG,EAAE,MAAM,GAAG,UAAU,GACzB,CAAC,UAAU,EAAE,OAAO,CAAC;CAe3B;AAED;;;;;GAKG;AACH,wBAAgB,KAAK,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE,EAAE,UAAU,yDAGjD;AAED;;;;;GAKG;AACH,wBAAgB,SAAS,CAAC,OAAO,EAAE,UAAU,EAAE,QAAQ,CAAC,EAAE,MAAM,EAAE,UAEjE;AAED;;GAEG;AACH,eAAO,MAAM,UAAU,EAAE,UAOxB,CAAC;AAEF,gGAAgG;AAChG,MAAM,WAAW,OAAO;IACpB,SAAS,EAAE,UAAU,CAAC;IACtB,SAAS,EAAE,UAAU,CAAC;CACzB;AAED;;;;;GAKG;AAWH,sDAAsD;AACtD,MAAM,WAAW,UAAU;IACvB,KAAK,EAAE,QAAQ,CAAC;IAChB,IAAI,EAAE,SAAS,CAAC;IAChB,WAAW,EAAE,EAAE,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,EAAE,GAAG,EAAE,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;CAC1B;AAED,4CAA4C;AAC5C,wBAAgB,WAAW,IAAI,OAAO,CAErC;AAED,2DAA2D;AAC3D,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,OAAO,CAAC,CAkBzD;AAED,gEAAgE;AAChE,wBAAgB,qBAAqB,CAAC,SAAS,EAAE,UAAU,GAAG,OAAO,CAEpE;AAED,uDAAuD;AACvD,wBAAgB,0BAA0B,CACtC,SAAS,EAAE,UAAU,GACtB,OAAO,CAAC,OAAO,CAAC,CAUlB;AAID;;;;GAIG;AACH,wBAAgB,OAAO,CAAC,GAAG,MAAM,EAAE,UAAU,EAAE,GAAG,UAAU,CAkB3D;AAID;;;;;;;GAOG;AACH,wBAAgB,GAAG,CACf,YAAY,EAAE,UAAU,EACxB,cAAc,EAAE,UAAU,GAC3B,UAAU,CAEZ;AAED,gDAAgD;AAChD,wBAAsB,QAAQ,CAC1B,YAAY,EAAE,UAAU,EACxB,cAAc,EAAE,UAAU,GAC3B,OAAO,CAAC,UAAU,CAAC,CAarB;AAED;;;;;GAKG;AACH,wBAAgB,OAAO,CACnB,SAAS,EAAE,MAAM,GAAG,QAAQ,EAC5B,SAAS,EAAE,UAAU,GACtB,UAAU,CAiCZ;AAED;;;;;GAKG;AACH,wBAAgB,KAAK,CAAC,IAAI,EAAE,UAAU,UAErC;AAID,wBAAgB,IAAI,CAAC,GAAG,EAAE,UAAU,GAAG,UAAU,CAQhD;AAED;;GAEG;AACH,wBAAgB,UAAU,IAAI,UAAU,CAEvC;AAID,6CAA6C;AAC7C,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,CAEvD;AAED,wCAAwC;AACxC,wBAAgB,UAAU,CACtB,SAAS,EAAE,UAAU,EACrB,KAAK,EAAE,UAAU,EACjB,GAAG,EAAE,UAAU,GAChB,UAAU,CAEZ;AAID,sEAAsE;AACtE,wBAAsB,eAAe,CACjC,SAAS,EAAE,UAAU,EACrB,KAAK,EAAE,UAAU,EACjB,GAAG,EAAE,UAAU,GAChB,OAAO,CAAC,UAAU,CAAC,CAarB;AAED,8EAA8E;AAC9E,wBAAgB,cAAc,CAC1B,UAAU,EAAE,UAAU,EACtB,KAAK,EAAE,UAAU,EACjB,GAAG,EAAE,UAAU,GAChB,IAAI,GAAG,UAAU,CAEnB;AAED,sEAAsE;AACtE,wBAAsB,mBAAmB,CACrC,UAAU,EAAE,UAAU,EACtB,KAAK,EAAE,UAAU,EACjB,GAAG,EAAE,UAAU,GAChB,OAAO,CAAC,IAAI,GAAG,UAAU,CAAC,CAiB5B;AAED,8GAA8G;AAC9G,wBAAgB,KAAK,CAAC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,GAAG,UAAU,CAE5E;AAED,qDAAqD;AACrD,wBAAsB,UAAU,CAC5B,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,UAAU,GACtB,OAAO,CAAC,UAAU,CAAC,CAcrB;AAED,iDAAiD;AACjD,wBAAgB,YAAY,IAAI,OAAO,CAEtC;AAED,uDAAuD;AACvD,wBAAsB,iBAAiB,IAAI,OAAO,CAAC,OAAO,CAAC,CAkB1D;AAED,qEAAqE;AACrE,wBAAgB,sBAAsB,CAAC,SAAS,EAAE,UAAU,GAAG,OAAO,CAErE;AAED,+DAA+D;AAC/D,wBAAgB,2BAA2B,CACvC,SAAS,EAAE,UAAU,GACtB,OAAO,CAAC,OAAO,CAAC,CAUlB;AAED,qGAAqG;AACrG,wBAAgB,SAAS,CACrB,aAAa,EAAE,UAAU,EACzB,SAAS,EAAE,UAAU,GACtB,IAAI,GAAG,UAAU,CAEnB;AAED,yDAAyD;AACzD,wBAAsB,cAAc,CAChC,aAAa,EAAE,UAAU,EACzB,SAAS,EAAE,UAAU,GACtB,OAAO,CAAC,IAAI,GAAG,UAAU,CAAC,CAc5B"}
|