ehbp 0.0.6 → 0.1.0

package/LICENSE

@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2025 Tinfoil, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

package/README.md

@@ -0,0 +1,158 @@
+# EHBP JavaScript Client
+
+JavaScript/TypeScript client for [Encrypted HTTP Body Protocol (EHBP)](https://github.com/tinfoilsh/encrypted-http-body-protocol).
+
+EHBP encrypts HTTP request and response bodies end-to-end using HPKE ([RFC 9180](https://datatracker.ietf.org/doc/rfc9180/)) while leaving headers in cleartext for routing.
+
+## Installation
+
+```sh
+npm install ehbp
+```
+
+## Requirements
+
+- Node.js 20+
+- Works in both Node.js and modern browsers
+
+
+## Quick Start
+
+```javascript
+import { createTransport } from 'ehbp';
+
+// Create transport (fetches server public key automatically)
+const transport = await createTransport('https://example.com');
+
+// Make encrypted requests - works like fetch()
+const response = await transport.post('/api/data', JSON.stringify({ message: 'hello' }), {
+  headers: { 'Content-Type': 'application/json' }
+});
+
+const data = await response.json();
+```
+
+## API
+
+### `createTransport(serverURL: string): Promise<Transport>`
+
+Creates a transport that automatically encrypts requests and decrypts responses.
+
+```javascript
+const transport = await createTransport('https://example.com');
+```
+
+### `transport.request(input, init?): Promise<Response>`
+
+General-purpose method supporting all fetch options.
+
+```javascript
+const response = await transport.request('/api/data', {
+  method: 'POST',
+  headers: { 'Content-Type': 'application/json' },
+  body: JSON.stringify({ key: 'value' })
+});
+```
+
+### Convenience Methods
+
+```javascript
+await transport.get('/users');
+await transport.post('/users', body, options);
+await transport.put('/users/123', body, options);
+await transport.delete('/users/123');
+```
+
+## Browser Usage
+
+```html
+<script type="module">
+  import { createTransport } from './dist/browser.js';
+
+  const transport = await createTransport('https://example.com');
+  const response = await transport.post('/api', 'Hello!');
+  console.log(await response.text());
+</script>
+```
+
+## Requirements
+
+- Node.js 20+ or modern browsers with Web Crypto API
+
+## Development
+
+```sh
+npm install
+npm run build
+npm test
+npm run build:browser  # Browser bundle
+```
+
+### Running Examples (Node.js)
+
+The Node.js example requires a build and an EHBP server running at `http://localhost:8080`:
+
+```sh
+# Build first
+npm run build
+
+# Start the Go server (from parent directory)
+go run pkg/server/main.go
+
+# Run the example (in another terminal)
+npm run example
+```
+
+### Running Examples (Browser)
+
+Browser examples are located in `examples/` and require the browser bundle:
+
+```sh
+# Build the browser bundle
+npm run build:browser
+
+# Start the local dev server
+npm run serve
+
+# Start the Go EHBP server (from parent directory, in another terminal)
+go run pkg/server/main.go
+```
+
+Then open in your browser:
+
+| Example | URL | Description |
+|---------|-----|-------------|
+| `test.html` | http://localhost:3000/examples/test.html | POST and streaming tests (server: `localhost:8080`) |
+| `chat.html` | http://localhost:3000/examples/chat.html | Chat interface demo (server: `localhost:8443`) |
+
+**Note:** `chat.html` connects to port 8443 and expects an OpenAI-compatible chat completions API.
+
+### Running Integration Tests
+
+Integration tests verify streaming functionality against a live server:
+
+```sh
+# Start the Go server (from parent directory)
+go run pkg/server/main.go
+
+# Run integration tests (in another terminal)
+npm run build
+npm run test:integration
+```
+
+### Commands
+
+| Command | Description |
+|---------|-------------|
+| `npm test` | Run unit tests (no server required) |
+| `npm run test:integration` | Run streaming integration tests (requires server) |
+| `npm run example` | Run Node.js API demo (requires server) |
+| `npm run serve` | Start local server for browser examples |
+
+## Protocol
+
+See [SPEC.md](../SPEC.md) for the complete protocol specification.
+
+## Security
+
+Report vulnerabilities to [security@tinfoil.sh](mailto:security@tinfoil.sh) or open a GitHub issue.

package/dist/cjs/client.d.ts

@@ -1,30 +1,30 @@
 import { Identity } from './identity.js';
+import type { Key } from 'hpke';
 /**
  * HTTP transport for EHBP
  */
 export declare class Transport {
-    private clientIdentity;
+    private serverIdentity;
     private serverHost;
-    private serverPublicKey;
-    constructor(clientIdentity: Identity, serverHost: string, serverPublicKey: CryptoKey);
+    constructor(serverIdentity: Identity, serverHost: string);
     /**
-     * Create a new transport by fetching server public key
+     * Create a new transport by fetching server public key.
      */
-    static create(serverURL: string, clientIdentity: Identity): Promise<Transport>;
+    static create(serverURL: string): Promise<Transport>;
+    /**
+     * Get the server identity
+     */
+    getServerIdentity(): Identity;
     /**
      * Get the server public key
      */
-    getServerPublicKey(): CryptoKey;
+    getServerPublicKey(): Key;
     /**
      * Get the server public key as hex string
      */
     getServerPublicKeyHex(): Promise<string>;
     /**
-     * Get the client public key
-     */
-    getClientPublicKey(): CryptoKey;
-    /**
-     * Make an encrypted HTTP request
+     * Make an encrypted HTTP request.
      */
     request(input: RequestInfo | URL, init?: RequestInit): Promise<Response>;
     /**
@@ -45,7 +45,7 @@ export declare class Transport {
     delete(url: string | URL, init?: RequestInit): Promise<Response>;
 }
 /**
- * Create a new transport instance
+ * Create a new transport instance.
  */
-export declare function createTransport(serverURL: string, clientIdentity: Identity): Promise<Transport>;
+export declare function createTransport(serverURL: string): Promise<Transport>;
 //# sourceMappingURL=client.d.ts.map

package/dist/cjs/client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAGzC;;GAEG;AACH,qBAAa,SAAS;IACpB,OAAO,CAAC,cAAc,CAAW;IACjC,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,eAAe,CAAY;gBAEvB,cAAc,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,eAAe,EAAE,SAAS;IAMpF;;OAEG;WACU,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,QAAQ,GAAG,OAAO,CAAC,SAAS,CAAC;IAwBpF;;OAEG;IACH,kBAAkB,IAAI,SAAS;IAI/B;;OAEG;IACG,qBAAqB,IAAI,OAAO,CAAC,MAAM,CAAC;IAQ9C;;OAEG;IACH,kBAAkB,IAAI,SAAS;IAI/B;;OAEG;IACG,OAAO,CAAC,KAAK,EAAE,WAAW,GAAG,GAAG,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;IAgF9E;;OAEG;IACG,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;IAInE;;OAEG;IACG,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,EAAE,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;IAIrF;;OAEG;IACG,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,EAAE,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;IAIpF;;OAEG;IACG,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;CAGvE;AAED;;GAEG;AACH,wBAAsB,eAAe,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,QAAQ,GAAG,OAAO,CAAC,SAAS,CAAC,CAErG"}
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAEzC,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,MAAM,CAAC;AAEhC;;GAEG;AACH,qBAAa,SAAS;IACpB,OAAO,CAAC,cAAc,CAAW;IACjC,OAAO,CAAC,UAAU,CAAS;gBAEf,cAAc,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM;IAKxD;;OAEG;WACU,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC;IAuB1D;;OAEG;IACH,iBAAiB,IAAI,QAAQ;IAI7B;;OAEG;IACH,kBAAkB,IAAI,GAAG;IAIzB;;OAEG;IACG,qBAAqB,IAAI,OAAO,CAAC,MAAM,CAAC;IAI9C;;OAEG;IACG,OAAO,CAAC,KAAK,EAAE,WAAW,GAAG,GAAG,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;IA6E9E;;OAEG;IACG,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;IAInE;;OAEG;IACG,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,EAAE,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;IAIrF;;OAEG;IACG,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,EAAE,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;IAIpF;;OAEG;IACG,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;CAGvE;AAED;;GAEG;AACH,wBAAsB,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAE3E"}

package/dist/cjs/client.js

@@ -8,18 +8,16 @@ const protocol_js_1 = require("./protocol.js");
  * HTTP transport for EHBP
  */
 class Transport {
-    clientIdentity;
+    serverIdentity;
     serverHost;
-    serverPublicKey;
-    constructor(clientIdentity, serverHost, serverPublicKey) {
-        this.clientIdentity = clientIdentity;
+    constructor(serverIdentity, serverHost) {
+        this.serverIdentity = serverIdentity;
         this.serverHost = serverHost;
-        this.serverPublicKey = serverPublicKey;
     }
     /**
-     * Create a new transport by fetching server public key
+     * Create a new transport by fetching server public key.
      */
-    static async create(serverURL, clientIdentity) {
+    static async create(serverURL) {
         const url = new URL(serverURL);
         const serverHost = url.host;
         // Fetch server public key
@@ -34,38 +32,33 @@ class Transport {
         }
         const keysData = new Uint8Array(await response.arrayBuffer());
         const serverIdentity = await identity_js_1.Identity.unmarshalPublicConfig(keysData);
-        const serverPublicKey = serverIdentity.getPublicKey();
-        return new Transport(clientIdentity, serverHost, serverPublicKey);
+        return new Transport(serverIdentity, serverHost);
+    }
+    /**
+     * Get the server identity
+     */
+    getServerIdentity() {
+        return this.serverIdentity;
     }
     /**
      * Get the server public key
      */
     getServerPublicKey() {
-        return this.serverPublicKey;
+        return this.serverIdentity.getPublicKey();
     }
     /**
      * Get the server public key as hex string
      */
     async getServerPublicKeyHex() {
-        const exported = await crypto.subtle.exportKey('raw', this.serverPublicKey);
-        const keyBytes = new Uint8Array(exported);
-        return Array.from(keyBytes)
-            .map(b => b.toString(16).padStart(2, '0'))
-            .join('');
-    }
-    /**
-     * Get the client public key
-     */
-    getClientPublicKey() {
-        return this.clientIdentity.getPublicKey();
+        return this.serverIdentity.getPublicKeyHex();
     }
     /**
-     * Make an encrypted HTTP request
+     * Make an encrypted HTTP request.
      */
     async request(input, init) {
-        // Skip EHBP for data: URLs (e.g., used for FormData detection)
+        // Skip EHBP for non-network URLs (data:, blob:)
         const inputUrl = input instanceof Request ? input.url : String(input);
-        if (inputUrl.startsWith('data:')) {
+        if (inputUrl.startsWith('data:') || inputUrl.startsWith('blob:')) {
             return fetch(input, init);
         }
         // Extract body from init or original request before creating Request object
@@ -99,36 +92,32 @@ class Transport {
             method,
             headers,
             body: requestBody,
-            duplex: 'half'
+            duplex: 'half',
         });
-        // Encrypt request body if present (check the original requestBody, not request.body)
-        if (requestBody !== null && requestBody !== undefined) {
-            request = await this.clientIdentity.encryptRequest(request, this.serverPublicKey);
-        }
-        else {
-            // No body, just set client public key header
-            const headers = new Headers(request.headers);
-            headers.set(protocol_js_1.PROTOCOL.CLIENT_PUBLIC_KEY_HEADER, await this.clientIdentity.getPublicKeyHex());
-            request = new Request(request.url, {
-                method: request.method,
-                headers,
-                body: null
-            });
-        }
+        // Encrypt request (returns context for response decryption)
+        // For bodyless requests, context will be null and request passes through unmodified
+        const { request: encryptedRequest, context } = await this.serverIdentity.encryptRequestWithContext(request);
         // Make the request
-        const response = await fetch(request);
+        const response = await fetch(encryptedRequest);
         if (!response.ok) {
             console.warn(`Server returned non-OK status: ${response.status}`);
         }
-        // Check for encapsulated key header
-        const encapKeyHeader = response.headers.get(protocol_js_1.PROTOCOL.ENCAPSULATED_KEY_HEADER);
-        if (!encapKeyHeader) {
-            throw new Error(`Missing ${protocol_js_1.PROTOCOL.ENCAPSULATED_KEY_HEADER} encapsulated key header`);
+        // Bodyless requests: context is null, response is plaintext
+        if (context === null) {
+            return response;
+        }
+        // Check for fallback header - if set, server returned unencrypted response
+        const fallbackHeader = response.headers.get(protocol_js_1.PROTOCOL.FALLBACK_HEADER);
+        if (fallbackHeader === '1') {
+            return response;
+        }
+        // Check for response nonce header (required for response decryption)
+        const responseNonceHeader = response.headers.get(protocol_js_1.PROTOCOL.RESPONSE_NONCE_HEADER);
+        if (!responseNonceHeader) {
+            throw new Error(`Missing ${protocol_js_1.PROTOCOL.RESPONSE_NONCE_HEADER} header`);
         }
-        // Decode encapsulated key
-        const serverEncapKey = new Uint8Array(encapKeyHeader.match(/.{2}/g).map(byte => parseInt(byte, 16)));
         // Decrypt response
-        return await this.clientIdentity.decryptResponse(response, serverEncapKey);
+        return await this.serverIdentity.decryptResponseWithContext(response, context);
     }
     /**
      * Convenience method for GET requests
@@ -157,9 +146,9 @@ class Transport {
 }
 exports.Transport = Transport;
 /**
- * Create a new transport instance
+ * Create a new transport instance.
  */
-async function createTransport(serverURL, clientIdentity) {
-    return Transport.create(serverURL, clientIdentity);
+async function createTransport(serverURL) {
+    return Transport.create(serverURL);
 }
 //# sourceMappingURL=client.js.map

package/dist/cjs/client.js.map

@@ -1 +1 @@
-{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/client.ts"],"names":[],"mappings":";;;AAwLA,0CAEC;AA1LD,+CAAyC;AACzC,+CAAyC;AAEzC;;GAEG;AACH,MAAa,SAAS;IACZ,cAAc,CAAW;IACzB,UAAU,CAAS;IACnB,eAAe,CAAY;IAEnC,YAAY,cAAwB,EAAE,UAAkB,EAAE,eAA0B;QAClF,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;IACzC,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,SAAiB,EAAE,cAAwB;QAC7D,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;QAC/B,MAAM,UAAU,GAAG,GAAG,CAAC,IAAI,CAAC;QAE5B,0BAA0B;QAC1B,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,sBAAQ,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QACvD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;QAEjD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,oCAAoC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QACzE,CAAC;QAED,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACzD,IAAI,WAAW,KAAK,sBAAQ,CAAC,eAAe,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,yBAAyB,WAAW,EAAE,CAAC,CAAC;QAC1D,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;QAC9D,MAAM,cAAc,GAAG,MAAM,sBAAQ,CAAC,qBAAqB,CAAC,QAAQ,CAAC,CAAC;QACtE,MAAM,eAAe,GAAG,cAAc,CAAC,YAAY,EAAE,CAAC;QAEtD,OAAO,IAAI,SAAS,CAAC,cAAc,EAAE,UAAU,EAAE,eAAe,CAAC,CAAC;IACpE,CAAC;IAED;;OAEG;IACH,kBAAkB;QAChB,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,qBAAqB;QACzB,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;QAC5E,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC;QAC1C,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC;aACxB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;aACzC,IAAI,CAAC,EAAE,CAAC,CAAC;IACd,CAAC;IAED;;OAEG;IACH,kBAAkB;QAChB,OAAO,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,CAAC;IAC5C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,KAAwB,EAAE,IAAkB;QACxD,+DAA+D;QAC/D,MAAM,QAAQ,GAAG,KAAK,YAAY,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACtE,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,OAAO,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAC5B,CAAC;QAED,4EAA4E;QAC5E,IAAI,WAAW,GAAoB,IAAI,CAAC;QAExC,IAAI,KAAK,YAAY,OAAO,EAAE,CAAC;YAC7B,0CAA0C;YAC1C,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;gBACf,WAAW,GAAG,MAAM,KAAK,CAAC,WAAW,EAAE,CAAC;YAC1C,CAAC;QACH,CAAC;aAAM,CAAC;YACN,6CAA6C;YAC7C,WAAW,GAAG,IAAI,EAAE,IAAI,IAAI,IAAI,CAAC;QACnC,CAAC;QAED,mCAAmC;QACnC,IAAI,GAAQ,CAAC;QACb,IAAI,MAAc,CAAC;QACnB,IAAI,OAAoB,CAAC;QAEzB,IAAI,KAAK,YAAY,OAAO,EAAE,CAAC;YAC7B,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACzB,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;YACtB,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAC1B,CAAC;aAAM,CAAC;YACN,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;YACrB,MAAM,GAAG,IAAI,EAAE,MAAM,IAAI,KAAK,CAAC;YAC/B,OAAO,GAAG,IAAI,EAAE,OAAO,IAAI,EAAE,CAAC;QAChC,CAAC;QAED,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC;QAE3B,IAAI,OAAO,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE;YACxC,MAAM;YACN,OAAO;YACP,IAAI,EAAE,WAAW;YACjB,MAAM,EAAE,MAAM;SACA,CAAC,CAAC;QAElB,qFAAqF;QACrF,IAAI,WAAW,KAAK,IAAI,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YACtD,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;QACpF,CAAC;aAAM,CAAC;YACN,6CAA6C;YAC7C,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,sBAAQ,CAAC,wBAAwB,EAAE,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,EAAE,CAAC,CAAC;YAC5F,OAAO,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE;gBACjC,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,OAAO;gBACP,IAAI,EAAE,IAAI;aACX,CAAC,CAAC;QACL,CAAC;QAED,mBAAmB;QACnB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAC;QAEtC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,CAAC,IAAI,CAAC,kCAAkC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QACpE,CAAC;QAED,oCAAoC;QACpC,MAAM,cAAc,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAQ,CAAC,uBAAuB,CAAC,CAAC;QAC9E,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,WAAW,sBAAQ,CAAC,uBAAuB,0BAA0B,CAAC,CAAC;QACzF,CAAC;QAED,0BAA0B;QAC1B,MAAM,cAAc,GAAG,IAAI,UAAU,CACnC,cAAc,CAAC,KAAK,CAAC,OAAO,CAAE,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAC/D,CAAC;QAEF,mBAAmB;QACnB,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAC7E,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,GAAG,CAAC,GAAiB,EAAE,IAAkB;QAC7C,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IACvD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,GAAiB,EAAE,IAAe,EAAE,IAAkB;QAC/D,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,GAAG,CAAC,GAAiB,EAAE,IAAe,EAAE,IAAkB;QAC9D,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,GAAiB,EAAE,IAAkB;QAChD,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC1D,CAAC;CACF;AA7KD,8BA6KC;AAED;;GAEG;AACI,KAAK,UAAU,eAAe,CAAC,SAAiB,EAAE,cAAwB;IAC/E,OAAO,SAAS,CAAC,MAAM,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;AACrD,CAAC"}
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/client.ts"],"names":[],"mappings":";;;AA+KA,0CAEC;AAjLD,+CAAyC;AACzC,+CAAyC;AAGzC;;GAEG;AACH,MAAa,SAAS;IACZ,cAAc,CAAW;IACzB,UAAU,CAAS;IAE3B,YAAY,cAAwB,EAAE,UAAkB;QACtD,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,SAAiB;QACnC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;QAC/B,MAAM,UAAU,GAAG,GAAG,CAAC,IAAI,CAAC;QAE5B,0BAA0B;QAC1B,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,sBAAQ,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QACvD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;QAEjD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,oCAAoC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QACzE,CAAC;QAED,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACzD,IAAI,WAAW,KAAK,sBAAQ,CAAC,eAAe,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,yBAAyB,WAAW,EAAE,CAAC,CAAC;QAC1D,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;QAC9D,MAAM,cAAc,GAAG,MAAM,sBAAQ,CAAC,qBAAqB,CAAC,QAAQ,CAAC,CAAC;QAEtE,OAAO,IAAI,SAAS,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC;IACnD,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,kBAAkB;QAChB,OAAO,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,CAAC;IAC5C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,qBAAqB;QACzB,OAAO,IAAI,CAAC,cAAc,CAAC,eAAe,EAAE,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,KAAwB,EAAE,IAAkB;QACxD,gDAAgD;QAChD,MAAM,QAAQ,GAAG,KAAK,YAAY,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACtE,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACjE,OAAO,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAC5B,CAAC;QAED,4EAA4E;QAC5E,IAAI,WAAW,GAAoB,IAAI,CAAC;QAExC,IAAI,KAAK,YAAY,OAAO,EAAE,CAAC;YAC7B,0CAA0C;YAC1C,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;gBACf,WAAW,GAAG,MAAM,KAAK,CAAC,WAAW,EAAE,CAAC;YAC1C,CAAC;QACH,CAAC;aAAM,CAAC;YACN,6CAA6C;YAC7C,WAAW,GAAG,IAAI,EAAE,IAAI,IAAI,IAAI,CAAC;QACnC,CAAC;QAED,mCAAmC;QACnC,IAAI,GAAQ,CAAC;QACb,IAAI,MAAc,CAAC;QACnB,IAAI,OAAoB,CAAC;QAEzB,IAAI,KAAK,YAAY,OAAO,EAAE,CAAC;YAC7B,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACzB,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;YACtB,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAC1B,CAAC;aAAM,CAAC;YACN,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;YACrB,MAAM,GAAG,IAAI,EAAE,MAAM,IAAI,KAAK,CAAC;YAC/B,OAAO,GAAG,IAAI,EAAE,OAAO,IAAI,EAAE,CAAC;QAChC,CAAC;QAED,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC;QAE3B,IAAI,OAAO,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE;YACxC,MAAM;YACN,OAAO;YACP,IAAI,EAAE,WAAW;YACjB,MAAM,EAAE,MAAM;SACA,CAAC,CAAC;QAElB,4DAA4D;QAC5D,oFAAoF;QACpF,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,OAAO,EAAE,GAC1C,MAAM,IAAI,CAAC,cAAc,CAAC,yBAAyB,CAAC,OAAO,CAAC,CAAC;QAE/D,mBAAmB;QACnB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAE/C,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,CAAC,IAAI,CAAC,kCAAkC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QACpE,CAAC;QAED,4DAA4D;QAC5D,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACrB,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,2EAA2E;QAC3E,MAAM,cAAc,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAQ,CAAC,eAAe,CAAC,CAAC;QACtE,IAAI,cAAc,KAAK,GAAG,EAAE,CAAC;YAC3B,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,qEAAqE;QACrE,MAAM,mBAAmB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAQ,CAAC,qBAAqB,CAAC,CAAC;QACjF,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,WAAW,sBAAQ,CAAC,qBAAqB,SAAS,CAAC,CAAC;QACtE,CAAC;QAED,mBAAmB;QACnB,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,0BAA0B,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACjF,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,GAAG,CAAC,GAAiB,EAAE,IAAkB;QAC7C,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IACvD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,GAAiB,EAAE,IAAe,EAAE,IAAkB;QAC/D,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,GAAG,CAAC,GAAiB,EAAE,IAAe,EAAE,IAAkB;QAC9D,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,GAAiB,EAAE,IAAkB;QAChD,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC1D,CAAC;CACF;AAnKD,8BAmKC;AAED;;GAEG;AACI,KAAK,UAAU,eAAe,CAAC,SAAiB;IACrD,OAAO,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;AACrC,CAAC"}

package/dist/cjs/derive.d.ts

@@ -0,0 +1,63 @@
+/**
+ * Response key derivation for EHBP
+ *
+ * This module implements the key derivation matching the Go implementation.
+ *
+ * The derivation follows OHTTP (RFC 9458):
+ *   salt = concat(enc, response_nonce)
+ *   prk = Extract(salt, secret)
+ *   aead_key = Expand(prk, "key", Nk)
+ *   aead_nonce = Expand(prk, "nonce", Nn)
+ */
+export declare const HPKE_REQUEST_INFO = "ehbp request";
+export declare const EXPORT_LABEL = "ehbp response";
+export declare const EXPORT_LENGTH = 32;
+export declare const RESPONSE_NONCE_LENGTH = 32;
+export declare const AES256_KEY_LENGTH = 32;
+export declare const AES_GCM_NONCE_LENGTH = 12;
+export declare const REQUEST_ENC_LENGTH = 32;
+/**
+ * Response key material for encryption/decryption
+ */
+export interface ResponseKeyMaterial {
+    /** Raw key bytes for AEAD operations */
+    keyBytes: Uint8Array;
+    /** 12 bytes, XORed with sequence number for each chunk */
+    nonceBase: Uint8Array;
+}
+/**
+ * Derives response encryption keys from the HPKE exported secret.
+ *
+ *   salt = concat(enc, response_nonce)
+ *   prk = Extract(salt, secret)
+ *   key = Expand(prk, "key", 32)
+ *   nonceBase = Expand(prk, "nonce", 12)
+ *
+ * @param exportedSecret - 32 bytes exported from HPKE context
+ * @param requestEnc - 32 bytes encapsulated key from request
+ * @param responseNonce - 32 bytes random nonce from response
+ * @returns Key material for response encryption/decryption
+ */
+export declare function deriveResponseKeys(exportedSecret: Uint8Array, requestEnc: Uint8Array, responseNonce: Uint8Array): Promise<ResponseKeyMaterial>;
+/**
+ * Computes the nonce for a specific sequence number.
+ * nonce = nonceBase XOR sequence_number (big-endian in last 8 bytes)
+ */
+export declare function computeNonce(nonceBase: Uint8Array, seq: number): Uint8Array;
+/**
+ * Encrypts a chunk using the response key material
+ */
+export declare function encryptChunk(km: ResponseKeyMaterial, seq: number, plaintext: Uint8Array): Promise<Uint8Array>;
+/**
+ * Decrypts a chunk using the response key material
+ */
+export declare function decryptChunk(km: ResponseKeyMaterial, seq: number, ciphertext: Uint8Array): Promise<Uint8Array>;
+/**
+ * Utility: Convert hex string to Uint8Array
+ */
+export declare function hexToBytes(hex: string): Uint8Array;
+/**
+ * Utility: Convert Uint8Array to hex string
+ */
+export declare function bytesToHex(bytes: Uint8Array): string;
+//# sourceMappingURL=derive.d.ts.map

package/dist/cjs/derive.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"derive.d.ts","sourceRoot":"","sources":["../../src/derive.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAOH,eAAO,MAAM,iBAAiB,iBAAiB,CAAC;AAChD,eAAO,MAAM,YAAY,kBAAkB,CAAC;AAC5C,eAAO,MAAM,aAAa,KAAK,CAAC;AAChC,eAAO,MAAM,qBAAqB,KAAK,CAAC;AACxC,eAAO,MAAM,iBAAiB,KAAK,CAAC;AACpC,eAAO,MAAM,oBAAoB,KAAK,CAAC;AACvC,eAAO,MAAM,kBAAkB,KAAK,CAAC;AAMrC;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,wCAAwC;IACxC,QAAQ,EAAE,UAAU,CAAC;IACrB,0DAA0D;IAC1D,SAAS,EAAE,UAAU,CAAC;CACvB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,kBAAkB,CACtC,cAAc,EAAE,UAAU,EAC1B,UAAU,EAAE,UAAU,EACtB,aAAa,EAAE,UAAU,GACxB,OAAO,CAAC,mBAAmB,CAAC,CA2B9B;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,SAAS,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,GAAG,UAAU,CAyB3E;AAED;;GAEG;AACH,wBAAsB,YAAY,CAChC,EAAE,EAAE,mBAAmB,EACvB,GAAG,EAAE,MAAM,EACX,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,UAAU,CAAC,CAMrB;AAED;;GAEG;AACH,wBAAsB,YAAY,CAChC,EAAE,EAAE,mBAAmB,EACvB,GAAG,EAAE,MAAM,EACX,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,UAAU,CAAC,CAMrB;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAYlD;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAIpD"}

package/dist/cjs/derive.js

@@ -0,0 +1,136 @@
+"use strict";
+/**
+ * Response key derivation for EHBP
+ *
+ * This module implements the key derivation matching the Go implementation.
+ *
+ * The derivation follows OHTTP (RFC 9458):
+ *   salt = concat(enc, response_nonce)
+ *   prk = Extract(salt, secret)
+ *   aead_key = Expand(prk, "key", Nk)
+ *   aead_nonce = Expand(prk, "nonce", Nn)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.REQUEST_ENC_LENGTH = exports.AES_GCM_NONCE_LENGTH = exports.AES256_KEY_LENGTH = exports.RESPONSE_NONCE_LENGTH = exports.EXPORT_LENGTH = exports.EXPORT_LABEL = exports.HPKE_REQUEST_INFO = void 0;
+exports.deriveResponseKeys = deriveResponseKeys;
+exports.computeNonce = computeNonce;
+exports.encryptChunk = encryptChunk;
+exports.decryptChunk = decryptChunk;
+exports.hexToBytes = hexToBytes;
+exports.bytesToHex = bytesToHex;
+const hpke_1 = require("hpke");
+const kdf = (0, hpke_1.KDF_HKDF_SHA256)();
+const aead = (0, hpke_1.AEAD_AES_256_GCM)();
+exports.HPKE_REQUEST_INFO = 'ehbp request';
+exports.EXPORT_LABEL = 'ehbp response';
+exports.EXPORT_LENGTH = 32;
+exports.RESPONSE_NONCE_LENGTH = 32; // max(Nn, Nk) = max(12, 32) = 32
+exports.AES256_KEY_LENGTH = 32;
+exports.AES_GCM_NONCE_LENGTH = 12;
+exports.REQUEST_ENC_LENGTH = 32; // X25519 enc size
+// Labels for HKDF-Expand
+const RESPONSE_KEY_LABEL = new TextEncoder().encode('key');
+const RESPONSE_NONCE_LABEL = new TextEncoder().encode('nonce');
+/**
+ * Derives response encryption keys from the HPKE exported secret.
+ *
+ *   salt = concat(enc, response_nonce)
+ *   prk = Extract(salt, secret)
+ *   key = Expand(prk, "key", 32)
+ *   nonceBase = Expand(prk, "nonce", 12)
+ *
+ * @param exportedSecret - 32 bytes exported from HPKE context
+ * @param requestEnc - 32 bytes encapsulated key from request
+ * @param responseNonce - 32 bytes random nonce from response
+ * @returns Key material for response encryption/decryption
+ */
+async function deriveResponseKeys(exportedSecret, requestEnc, responseNonce) {
+    // Validate inputs
+    if (exportedSecret.length !== exports.EXPORT_LENGTH) {
+        throw new Error(`exported secret must be ${exports.EXPORT_LENGTH} bytes, got ${exportedSecret.length}`);
+    }
+    if (requestEnc.length !== exports.REQUEST_ENC_LENGTH) {
+        throw new Error(`request enc must be ${exports.REQUEST_ENC_LENGTH} bytes, got ${requestEnc.length}`);
+    }
+    if (responseNonce.length !== exports.RESPONSE_NONCE_LENGTH) {
+        throw new Error(`response nonce must be ${exports.RESPONSE_NONCE_LENGTH} bytes, got ${responseNonce.length}`);
+    }
+    // salt = concat(enc, response_nonce)
+    const salt = new Uint8Array(requestEnc.length + responseNonce.length);
+    salt.set(requestEnc, 0);
+    salt.set(responseNonce, requestEnc.length);
+    // prk = Extract(salt, secret)
+    const prk = await kdf.Extract(salt, exportedSecret);
+    // key = Expand(prk, "key", 32)
+    const keyBytes = await kdf.Expand(prk, RESPONSE_KEY_LABEL, exports.AES256_KEY_LENGTH);
+    // nonceBase = Expand(prk, "nonce", 12)
+    const nonceBase = await kdf.Expand(prk, RESPONSE_NONCE_LABEL, exports.AES_GCM_NONCE_LENGTH);
+    return { keyBytes, nonceBase };
+}
+/**
+ * Computes the nonce for a specific sequence number.
+ * nonce = nonceBase XOR sequence_number (big-endian in last 8 bytes)
+ */
+function computeNonce(nonceBase, seq) {
+    if (nonceBase.length !== exports.AES_GCM_NONCE_LENGTH) {
+        throw new Error(`nonce base must be ${exports.AES_GCM_NONCE_LENGTH} bytes`);
+    }
+    // Validate seq to prevent nonce reuse from integer overflow.
+    // JavaScript's >>> operator only works correctly for 32-bit unsigned integers.
+    // Values >= 2^32 wrap around (e.g., 2^32 >>> 0 === 0), causing nonce reuse.
+    // In practice, 2^32 chunks per response is impossible (~4PB minimum), but we validate defensively.
+    if (!Number.isInteger(seq) || seq < 0 || seq >= 0x100000000) {
+        throw new Error(`sequence number must be an integer in range [0, 2^32): got ${seq}`);
+    }
+    const nonce = new Uint8Array(exports.AES_GCM_NONCE_LENGTH);
+    nonce.set(nonceBase);
+    // XOR with sequence number in the last 8 bytes (big-endian)
+    for (let i = 0; i < 8; i++) {
+        const shift = i * 8;
+        if (shift < 32) {
+            nonce[exports.AES_GCM_NONCE_LENGTH - 1 - i] ^= (seq >>> shift) & 0xff;
+        }
+    }
+    return nonce;
+}
+/**
+ * Encrypts a chunk using the response key material
+ */
+async function encryptChunk(km, seq, plaintext) {
+    const nonce = computeNonce(km.nonceBase, seq);
+    const ciphertext = await aead.Seal(km.keyBytes, nonce, new Uint8Array(0), plaintext);
+    return ciphertext;
+}
+/**
+ * Decrypts a chunk using the response key material
+ */
+async function decryptChunk(km, seq, ciphertext) {
+    const nonce = computeNonce(km.nonceBase, seq);
+    const plaintext = await aead.Open(km.keyBytes, nonce, new Uint8Array(0), ciphertext);
+    return plaintext;
+}
+/**
+ * Utility: Convert hex string to Uint8Array
+ */
+function hexToBytes(hex) {
+    if (hex.length % 2 !== 0) {
+        throw new Error('Hex string must have even length');
+    }
+    if (!/^[0-9a-fA-F]*$/.test(hex)) {
+        throw new Error('Invalid hex character');
+    }
+    const bytes = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < bytes.length; i++) {
+        bytes[i] = parseInt(hex.substring(i * 2, i * 2 + 2), 16);
+    }
+    return bytes;
+}
+/**
+ * Utility: Convert Uint8Array to hex string
+ */
+function bytesToHex(bytes) {
+    return Array.from(bytes)
+        .map(b => b.toString(16).padStart(2, '0'))
+        .join('');
+}
+//# sourceMappingURL=derive.js.map

package/dist/cjs/derive.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"derive.js","sourceRoot":"","sources":["../../src/derive.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;;AA0CH,gDA+BC;AAMD,oCAyBC;AAKD,oCAUC;AAKD,oCAUC;AAKD,gCAYC;AAKD,gCAIC;AA9JD,+BAA8E;AAE9E,MAAM,GAAG,GAAQ,IAAA,sBAAe,GAAE,CAAC;AACnC,MAAM,IAAI,GAAS,IAAA,uBAAgB,GAAE,CAAC;AAEzB,QAAA,iBAAiB,GAAG,cAAc,CAAC;AACnC,QAAA,YAAY,GAAG,eAAe,CAAC;AAC/B,QAAA,aAAa,GAAG,EAAE,CAAC;AACnB,QAAA,qBAAqB,GAAG,EAAE,CAAC,CAAC,iCAAiC;AAC7D,QAAA,iBAAiB,GAAG,EAAE,CAAC;AACvB,QAAA,oBAAoB,GAAG,EAAE,CAAC;AAC1B,QAAA,kBAAkB,GAAG,EAAE,CAAC,CAAC,kBAAkB;AAExD,yBAAyB;AACzB,MAAM,kBAAkB,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC3D,MAAM,oBAAoB,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AAY/D;;;;;;;;;;;;GAYG;AACI,KAAK,UAAU,kBAAkB,CACtC,cAA0B,EAC1B,UAAsB,EACtB,aAAyB;IAEzB,kBAAkB;IAClB,IAAI,cAAc,CAAC,MAAM,KAAK,qBAAa,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,2BAA2B,qBAAa,eAAe,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC;IAClG,CAAC;IACD,IAAI,UAAU,CAAC,MAAM,KAAK,0BAAkB,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CAAC,uBAAuB,0BAAkB,eAAe,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;IAC/F,CAAC;IACD,IAAI,aAAa,CAAC,MAAM,KAAK,6BAAqB,EAAE,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,0BAA0B,6BAAqB,eAAe,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC;IACxG,CAAC;IAED,qCAAqC;IACrC,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IACtE,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;IACxB,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;IAE3C,8BAA8B;IAC9B,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IAEpD,+BAA+B;IAC/B,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,kBAAkB,EAAE,yBAAiB,CAAC,CAAC;IAE9E,uCAAuC;IACvC,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,oBAAoB,EAAE,4BAAoB,CAAC,CAAC;IAEpF,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;AACjC,CAAC;AAED;;;GAGG;AACH,SAAgB,YAAY,CAAC,SAAqB,EAAE,GAAW;IAC7D,IAAI,SAAS,CAAC,MAAM,KAAK,4BAAoB,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,sBAAsB,4BAAoB,QAAQ,CAAC,CAAC;IACtE,CAAC;IAED,6DAA6D;IAC7D,+EAA+E;IAC/E,4EAA4E;IAC5E,mGAAmG;IACnG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC;QAC5D,MAAM,IAAI,KAAK,CAAC,8DAA8D,GAAG,EAAE,CAAC,CAAC;IACvF,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,4BAAoB,CAAC,CAAC;IACnD,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAErB,4DAA4D;IAC5D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,CAAC,GAAG,CAAC,CAAC;QACpB,IAAI,KAAK,GAAG,EAAE,EAAE,CAAC;YACf,KAAK,CAAC,4BAAoB,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,KAAK,KAAK,CAAC,GAAG,IAAI,CAAC;QAChE,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,YAAY,CAChC,EAAuB,EACvB,GAAW,EACX,SAAqB;IAErB,MAAM,KAAK,GAAG,YAAY,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IAE9C,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;IAErF,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,YAAY,CAChC,EAAuB,EACvB,GAAW,EACX,UAAsB;IAEtB,MAAM,KAAK,GAAG,YAAY,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IAE9C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IAErF,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAgB,UAAU,CAAC,GAAW;IACpC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IACD,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC3C,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,KAAK,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAgB,UAAU,CAAC,KAAiB;IAC1C,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;SACrB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SACzC,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC"}