npm - ehbp - Versions diffs - 0.0.6 → 0.1.0 - Mend

ehbp 0.0.6 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (63) hide show

package/LICENSE +22 -0
package/README.md +158 -0
package/dist/cjs/client.d.ts +13 -13
package/dist/cjs/client.d.ts.map +1 -1
package/dist/cjs/client.js +39 -50
package/dist/cjs/client.js.map +1 -1
package/dist/cjs/derive.d.ts +63 -0
package/dist/cjs/derive.d.ts.map +1 -0
package/dist/cjs/derive.js +136 -0
package/dist/cjs/derive.js.map +1 -0
package/dist/cjs/identity.d.ts +37 -10
package/dist/cjs/identity.d.ts.map +1 -1
package/dist/cjs/identity.js +169 -150
package/dist/cjs/identity.js.map +1 -1
package/dist/cjs/index.d.ts +4 -1
package/dist/cjs/index.d.ts.map +1 -1
package/dist/cjs/index.js +15 -1
package/dist/cjs/index.js.map +1 -1
package/dist/cjs/protocol.d.ts +1 -1
package/dist/cjs/protocol.js +2 -2
package/dist/cjs/protocol.js.map +1 -1
package/dist/esm/client.d.ts +13 -13
package/dist/esm/client.d.ts.map +1 -1
package/dist/esm/client.js +39 -50
package/dist/esm/client.js.map +1 -1
package/dist/esm/derive.d.ts +63 -0
package/dist/esm/derive.d.ts.map +1 -0
package/dist/esm/derive.js +127 -0
package/dist/esm/derive.js.map +1 -0
package/dist/esm/identity.d.ts +37 -10
package/dist/esm/identity.d.ts.map +1 -1
package/dist/esm/identity.js +169 -150
package/dist/esm/identity.js.map +1 -1
package/dist/esm/index.d.ts +4 -1
package/dist/esm/index.d.ts.map +1 -1
package/dist/esm/index.js +2 -0
package/dist/esm/index.js.map +1 -1
package/dist/esm/protocol.d.ts +1 -1
package/dist/esm/protocol.js +2 -2
package/dist/esm/protocol.js.map +1 -1
package/dist/esm/test/client.test.js +15 -16
package/dist/esm/test/client.test.js.map +1 -1
package/dist/esm/test/derive.test.d.ts +2 -0
package/dist/esm/test/derive.test.d.ts.map +1 -0
package/dist/esm/test/derive.test.js +164 -0
package/dist/esm/test/derive.test.js.map +1 -0
package/dist/esm/test/security.test.d.ts +10 -0
package/dist/esm/test/security.test.d.ts.map +1 -0
package/dist/esm/test/security.test.js +153 -0
package/dist/esm/test/security.test.js.map +1 -0
package/dist/esm/test/streaming.integration.d.ts +9 -0
package/dist/esm/test/streaming.integration.d.ts.map +1 -0
package/dist/esm/test/streaming.integration.js +190 -0
package/dist/esm/test/streaming.integration.js.map +1 -0
package/package.json +6 -7
package/dist/esm/example.d.ts +0 -6
package/dist/esm/example.d.ts.map +0 -1
package/dist/esm/example.js +0 -115
package/dist/esm/example.js.map +0 -1
package/dist/esm/streaming-test.d.ts +0 -3
package/dist/esm/streaming-test.d.ts.map +0 -1
package/dist/esm/streaming-test.js +0 -102
package/dist/esm/streaming-test.js.map +0 -1

package/dist/cjs/identity.d.ts CHANGED Viewed

@@ -1,4 +1,12 @@
-import { CipherSuite } from '@hpke/core';
+import { CipherSuite, type SenderContext, type Key } from 'hpke';
+/**
+ * Request context for response decryption.
+ * Holds the HPKE sender context needed to derive response keys.
+ */
+export interface RequestContext {
+    senderContext: SenderContext;
+    requestEnc: Uint8Array;
+}
 /**
  * Identity class for managing HPKE key pairs and encryption/decryption
  */
@@ -6,7 +14,7 @@ export declare class Identity {
     private suite;
     private publicKey;
     private privateKey;
-    constructor(suite: CipherSuite, publicKey: CryptoKey, privateKey: CryptoKey);
+    constructor(suite: CipherSuite, publicKey: Key, privateKey: Key);
     /**
      * Generate a new identity with X25519 key pair
      */
@@ -20,17 +28,17 @@ export declare class Identity {
      */
     toJSON(): Promise<string>;
     /**
-     * Get public key as CryptoKey
+     * Get public key
      */
-    getPublicKey(): CryptoKey;
+    getPublicKey(): Key;
     /**
      * Get public key as hex string
      */
     getPublicKeyHex(): Promise<string>;
     /**
-     * Get private key as CryptoKey
+     * Get private key
      */
-    getPrivateKey(): CryptoKey;
+    getPrivateKey(): Key;
     /**
      * Marshal public key configuration for server key distribution
      * Implements RFC 9458 format
@@ -41,12 +49,31 @@ export declare class Identity {
      */
     static unmarshalPublicConfig(data: Uint8Array): Promise<Identity>;
     /**
-     * Encrypt request body and set appropriate headers
+     * Encrypt request body and return context for response decryption.
+     *
+     * This method is called on the SERVER's identity (public key only).
+     * It:
+     * 1. Creates an HPKE sender context to this identity's public key
+     * 2. Encrypts the request body
+     * 3. Returns a RequestContext that must be used to decrypt the response
+     */
+    encryptRequestWithContext(request: Request): Promise<{
+        request: Request;
+        context: RequestContext | null;
+    }>;
+    /**
+     * Decrypt response using keys derived from request context.
+     *
+     * This method:
+     * 1. Reads the response nonce from Ehbp-Response-Nonce header
+     * 2. Exports a secret from the HPKE sender context
+     * 3. Derives response keys using HKDF
+     * 4. Decrypts the response body
      */
-    encryptRequest(request: Request, serverPublicKey: CryptoKey): Promise<Request>;
+    decryptResponseWithContext(response: Response, context: RequestContext): Promise<Response>;
     /**
-     * Decrypt response body
+     * Creates a ReadableStream that decrypts response chunks.
      */
-    decryptResponse(response: Response, serverEncapKey: Uint8Array): Promise<Response>;
+    private createDecryptStream;
 }
 //# sourceMappingURL=identity.d.ts.map

package/dist/cjs/identity.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../../src/identity.ts"],"names":[],"mappings":"AAAA,OAAO,~~EAAE~~,WAAW,~~EAAgD~~,MAAM,~~YAAY~~,CAAC;~~AAGvF~~;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,KAAK,CAAc;IAC3B,OAAO,CAAC,SAAS,~~CAAY~~;~~IAC7B~~,OAAO,CAAC,UAAU,~~CAAY~~;~~gBAElB~~,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,~~SAAS~~,EAAE,UAAU,EAAE,~~SAAS~~;~~IAM3E~~;;OAEG;WACU,QAAQ,IAAI,OAAO,CAAC,QAAQ,CAAC;~~IAsB1C~~;;OAEG;WACU,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;~~IAwBtD~~;;OAEG;IACG,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;~~IAY~~/B;;OAEG;IACH,YAAY,IAAI,~~SAAS~~;~~IAIzB~~;;OAEG;IACG,eAAe,IAAI,OAAO,CAAC,MAAM,CAAC;~~IAOxC~~;;OAEG;IACH,aAAa,IAAI,~~SAAS~~;~~IAI1B~~;;;OAGG;IACG,aAAa,IAAI,OAAO,CAAC,UAAU,CAAC;IA0C1C;;OAEG;WACU,qBAAqB,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,QAAQ,CAAC;~~IAwCvE;;OAEG~~;IACG,~~cAAc~~,~~CAAC~~,OAAO,EAAE,OAAO,~~EAAE~~,~~eAAe~~,~~EAAE~~,~~SAAS~~,~~GAAG~~,OAAO,CAAC,OAAO,CAAC;~~IAgDpF;;OAEG~~;IACG,~~eAAe~~,~~CAAC~~,QAAQ,EAAE,QAAQ,~~EAAE~~,~~cAAc~~,EAAE,~~UAAU~~,~~GAAG~~,OAAO,CAAC,QAAQ,CAAC;~~CAwFzF~~"}
1	+ {"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../../src/identity.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,WAAW,EAIX,KAAK,aAAa,EAClB,KAAK,GAAG,EACT,MAAM,MAAM,CAAC;AAcd;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,aAAa,EAAE,aAAa,CAAC;IAC7B,UAAU,EAAE,UAAU,CAAC;CACxB;AAaD;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,KAAK,CAAc;IAC3B,OAAO,CAAC,SAAS,CAAM;IACvB,OAAO,CAAC,UAAU,CAAM;gBAEZ,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG;IAM/D;;OAEG;WACU,QAAQ,IAAI,OAAO,CAAC,QAAQ,CAAC;IAO1C;;OAEG;WACU,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IAWtD;;OAEG;IACG,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAU/B;;OAEG;IACH,YAAY,IAAI,GAAG;IAInB;;OAEG;IACG,eAAe,IAAI,OAAO,CAAC,MAAM,CAAC;IAKxC;;OAEG;IACH,aAAa,IAAI,GAAG;IAIpB;;;OAGG;IACG,aAAa,IAAI,OAAO,CAAC,UAAU,CAAC;IA0C1C;;OAEG;WACU,qBAAqB,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,QAAQ,CAAC;IAqDvE;;;;;;;;OAQG;IACG,yBAAyB,CAC7B,OAAO,EAAE,OAAO,GACf,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,OAAO,EAAE,cAAc,GAAG,IAAI,CAAA;KAAE,CAAC;IAwDhE;;;;;;;;OAQG;IACG,0BAA0B,CAC9B,QAAQ,EAAE,QAAQ,EAClB,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,QAAQ,CAAC;IAmCpB;;OAEG;IACH,OAAO,CAAC,mBAAmB;CAyD5B"}

package/dist/cjs/identity.js CHANGED Viewed

@@ -1,8 +1,15 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.Identity = void 0;
-const core_1 = require("@hpke/core");
+const hpke_1 = require("hpke");
 const protocol_js_1 = require("./protocol.js");
+const derive_js_1 = require("./derive.js");
+/**
+ * Creates a new CipherSuite for X25519/HKDF-SHA256/AES-256-GCM
+ */
+function createSuite() {
+    return new hpke_1.CipherSuite(hpke_1.KEM_DHKEM_X25519_HKDF_SHA256, hpke_1.KDF_HKDF_SHA256, hpke_1.AEAD_AES_256_GCM);
+}
 /**
  * Identity class for managing HPKE key pairs and encryption/decryption
  */
@@ -19,48 +26,34 @@ class Identity {
      * Generate a new identity with X25519 key pair
      */
     static async generate() {
-        const suite = new core_1.CipherSuite({
-            kem: new core_1.DhkemX25519HkdfSha256(),
-            kdf: new core_1.HkdfSha256(),
-            aead: new core_1.Aes256Gcm()
-        });
-        const { publicKey, privateKey } = await suite.kem.generateKeyPair();
-        // Make sure the public key is extractable for serialization
-        const extractablePublicKey = await crypto.subtle.importKey('raw', await crypto.subtle.exportKey('raw', publicKey), { name: 'X25519' }, true, // extractable
-        []);
-        return new Identity(suite, extractablePublicKey, privateKey);
+        const suite = createSuite();
+        const { publicKey, privateKey } = await suite.GenerateKeyPair(true); // extractable
+        return new Identity(suite, publicKey, privateKey);
     }
     /**
      * Create identity from JSON string
      */
     static async fromJSON(json) {
         const data = JSON.parse(json);
-        const suite = new core_1.CipherSuite({
-            kem: new core_1.DhkemX25519HkdfSha256(),
-            kdf: new core_1.HkdfSha256(),
-            aead: new core_1.Aes256Gcm()
-        });
-        // Import public key
-        const publicKey = await crypto.subtle.importKey('raw', new Uint8Array(data.publicKey), { name: 'X25519' }, true, // extractable
-        []);
-        // Deserialize private key using HPKE library
-        const privateKey = await suite.kem.deserializePrivateKey(new Uint8Array(data.privateKey).buffer);
+        const suite = createSuite();
+        // Deserialize keys using the suite
+        const publicKey = await suite.DeserializePublicKey(new Uint8Array(data.publicKey));
+        const privateKey = await suite.DeserializePrivateKey(new Uint8Array(data.privateKey), true);
         return new Identity(suite, publicKey, privateKey);
     }
     /**
      * Convert identity to JSON string
      */
     async toJSON() {
-        const publicKeyBytes = new Uint8Array(await crypto.subtle.exportKey('raw', this.publicKey));
-        // For X25519, we need to use the HPKE library's serialization for private keys
-        const privateKeyBytes = await this.suite.kem.serializePrivateKey(this.privateKey);
+        const publicKeyBytes = await this.suite.SerializePublicKey(this.publicKey);
+        const privateKeyBytes = await this.suite.SerializePrivateKey(this.privateKey);
         return JSON.stringify({
             publicKey: Array.from(publicKeyBytes),
-            privateKey: Array.from(new Uint8Array(privateKeyBytes))
+            privateKey: Array.from(privateKeyBytes),
         });
     }
     /**
-     * Get public key as CryptoKey
+     * Get public key
      */
     getPublicKey() {
         return this.publicKey;
@@ -69,13 +62,11 @@ class Identity {
      * Get public key as hex string
      */
     async getPublicKeyHex() {
-        const exported = await crypto.subtle.exportKey('raw', this.publicKey);
-        return Array.from(new Uint8Array(exported))
-            .map(b => b.toString(16).padStart(2, '0'))
-            .join('');
+        const exported = await this.suite.SerializePublicKey(this.publicKey);
+        return (0, derive_js_1.bytesToHex)(exported);
     }
     /**
-     * Get private key as CryptoKey
+     * Get private key
      */
     getPrivateKey() {
         return this.privateKey;
@@ -89,7 +80,7 @@ class Identity {
         const kdfId = protocol_js_1.HPKE_CONFIG.KDF;
         const aeadId = protocol_js_1.HPKE_CONFIG.AEAD;
         // Export public key as raw bytes
-        const publicKeyBytes = new Uint8Array(await crypto.subtle.exportKey('raw', this.publicKey));
+        const publicKeyBytes = await this.suite.SerializePublicKey(this.publicKey);
         // Key ID (1 byte) + KEM ID (2 bytes) + Public Key + Cipher Suites
         const keyId = 0;
         const publicKeySize = publicKeyBytes.length;
@@ -99,20 +90,20 @@ class Identity {
         // Key ID
         buffer[offset++] = keyId;
         // KEM ID
-        buffer[offset++] = (kemId >> 8) & 0xFF;
-        buffer[offset++] = kemId & 0xFF;
+        buffer[offset++] = (kemId >> 8) & 0xff;
+        buffer[offset++] = kemId & 0xff;
         // Public Key
         buffer.set(publicKeyBytes, offset);
         offset += publicKeySize;
         // Cipher Suites Length (2 bytes)
-        buffer[offset++] = (cipherSuitesSize >> 8) & 0xFF;
-        buffer[offset++] = cipherSuitesSize & 0xFF;
+        buffer[offset++] = (cipherSuitesSize >> 8) & 0xff;
+        buffer[offset++] = cipherSuitesSize & 0xff;
         // KDF ID
-        buffer[offset++] = (kdfId >> 8) & 0xFF;
-        buffer[offset++] = kdfId & 0xFF;
+        buffer[offset++] = (kdfId >> 8) & 0xff;
+        buffer[offset++] = kdfId & 0xff;
         // AEAD ID
-        buffer[offset++] = (aeadId >> 8) & 0xFF;
-        buffer[offset++] = aeadId & 0xFF;
+        buffer[offset++] = (aeadId >> 8) & 0xff;
+        buffer[offset++] = aeadId & 0xff;
         return buffer;
     }
     /**
@@ -130,144 +121,172 @@ class Identity {
         offset += publicKeySize;
         // Read Cipher Suites Length
         const cipherSuitesLength = (data[offset++] << 8) | data[offset++];
-        // Read KDF ID
-        const kdfId = (data[offset++] << 8) | data[offset++];
-        // Read AEAD ID
-        const aeadId = (data[offset++] << 8) | data[offset++];
-        // Create suite (assuming X25519 for now)
-        const suite = new core_1.CipherSuite({
-            kem: new core_1.DhkemX25519HkdfSha256(),
-            kdf: new core_1.HkdfSha256(),
-            aead: new core_1.Aes256Gcm()
-        });
-        // Import public key using HPKE library
-        const publicKey = await suite.kem.deserializePublicKey(publicKeyBytes.buffer);
+        // Parse all cipher suites (each suite is 4 bytes: 2 for KDF, 2 for AEAD)
+        const suites = [];
+        const cipherSuitesEnd = offset + cipherSuitesLength;
+        while (offset < cipherSuitesEnd) {
+            const kdfId = (data[offset++] << 8) | data[offset++];
+            const aeadId = (data[offset++] << 8) | data[offset++];
+            suites.push({ kdfId, aeadId });
+        }
+        if (suites.length === 0) {
+            throw new Error('No cipher suites found in config');
+        }
+        // Use the first cipher suite
+        const firstSuite = suites[0];
+        // Validate that we support this cipher suite
+        if (firstSuite.kdfId !== protocol_js_1.HPKE_CONFIG.KDF || firstSuite.aeadId !== protocol_js_1.HPKE_CONFIG.AEAD) {
+            throw new Error(`Unsupported cipher suite: KDF=0x${firstSuite.kdfId.toString(16)}, AEAD=0x${firstSuite.aeadId.toString(16)}`);
+        }
+        // Create cipher suite
+        const suite = createSuite();
+        // Import public key
+        const publicKey = await suite.DeserializePublicKey(publicKeyBytes);
         // For server config, we only have the public key, no private key
         // We'll create a dummy private key that won't be used
-        const dummyPrivateKey = await suite.kem.deserializePrivateKey(new Uint8Array(32).buffer);
+        const dummyPrivateKey = await suite.DeserializePrivateKey(new Uint8Array(32), false);
         return new Identity(suite, publicKey, dummyPrivateKey);
     }
     /**
-     * Encrypt request body and set appropriate headers
+     * Encrypt request body and return context for response decryption.
+     *
+     * This method is called on the SERVER's identity (public key only).
+     * It:
+     * 1. Creates an HPKE sender context to this identity's public key
+     * 2. Encrypts the request body
+     * 3. Returns a RequestContext that must be used to decrypt the response
      */
-    async encryptRequest(request, serverPublicKey) {
+    async encryptRequestWithContext(request) {
         const body = await request.arrayBuffer();
+        // Bodyless requests pass through unmodified - no HPKE context needed.
+        // See SPEC.md Section 5.1: "When the request has no payload body, an encrypted
+        // response is not possible (since there is no HPKE context to derive response
+        // keys from). Such requests pass through unmodified."
         if (body.byteLength === 0) {
-            // No body to encrypt, just set client public key header
-            const headers = new Headers(request.headers);
-            headers.set(protocol_js_1.PROTOCOL.CLIENT_PUBLIC_KEY_HEADER, await this.getPublicKeyHex());
-            return new Request(request.url, {
-                method: request.method,
-                headers,
-                body: null
-            });
+            return {
+                request: new Request(request.url, {
+                    method: request.method,
+                    headers: request.headers,
+                    body: null,
+                }),
+                context: null,
+            };
         }
-        // Create sender for encryption
-        const sender = await this.suite.createSenderContext({
-            recipientPublicKey: serverPublicKey
+        // Create sender context for encryption with info parameter for domain separation
+        const infoBytes = new TextEncoder().encode(derive_js_1.HPKE_REQUEST_INFO);
+        const { encapsulatedSecret, ctx } = await this.suite.SetupSender(this.publicKey, {
+            info: infoBytes,
         });
+        // Store context for response decryption
+        const context = {
+            senderContext: ctx,
+            requestEnc: encapsulatedSecret,
+        };
+        // Set headers - only encapsulated key for requests with body
+        const headers = new Headers(request.headers);
+        headers.set(protocol_js_1.PROTOCOL.ENCAPSULATED_KEY_HEADER, (0, derive_js_1.bytesToHex)(context.requestEnc));
         // Encrypt the body
-        const encrypted = await sender.seal(body);
-        // Get encapsulated key
-        const encapKey = sender.enc;
+        const encrypted = await ctx.Seal(new Uint8Array(body));
         // Create chunked format: 4-byte length header + encrypted data
         const chunkLength = new Uint8Array(4);
-        const view = new DataView(chunkLength.buffer);
-        view.setUint32(0, encrypted.byteLength, false); // Big-endian
+        new DataView(chunkLength.buffer).setUint32(0, encrypted.byteLength, false);
         const chunkedData = new Uint8Array(4 + encrypted.byteLength);
         chunkedData.set(chunkLength, 0);
-        chunkedData.set(new Uint8Array(encrypted), 4);
-        // Create new request with encrypted body and headers
-        const headers = new Headers(request.headers);
-        headers.set(protocol_js_1.PROTOCOL.CLIENT_PUBLIC_KEY_HEADER, await this.getPublicKeyHex());
-        headers.set(protocol_js_1.PROTOCOL.ENCAPSULATED_KEY_HEADER, Array.from(new Uint8Array(encapKey))
-            .map(b => b.toString(16).padStart(2, '0'))
-            .join(''));
-        return new Request(request.url, {
-            method: request.method,
-            headers,
-            body: chunkedData,
-            duplex: 'half'
-        });
+        chunkedData.set(encrypted, 4);
+        return {
+            request: new Request(request.url, {
+                method: request.method,
+                headers,
+                body: chunkedData,
+                duplex: 'half',
+            }),
+            context,
+        };
     }
     /**
-     * Decrypt response body
+     * Decrypt response using keys derived from request context.
+     *
+     * This method:
+     * 1. Reads the response nonce from Ehbp-Response-Nonce header
+     * 2. Exports a secret from the HPKE sender context
+     * 3. Derives response keys using HKDF
+     * 4. Decrypts the response body
      */
-    async decryptResponse(response, serverEncapKey) {
+    async decryptResponseWithContext(response, context) {
         if (!response.body) {
             return response;
         }
-        // Create receiver for decryption
-        const receiver = await this.suite.createRecipientContext({
-            recipientKey: this.privateKey,
-            enc: serverEncapKey.buffer
+        // Get response nonce from header
+        const responseNonceHex = response.headers.get(protocol_js_1.PROTOCOL.RESPONSE_NONCE_HEADER);
+        if (!responseNonceHex) {
+            throw new Error(`Missing ${protocol_js_1.PROTOCOL.RESPONSE_NONCE_HEADER} header`);
+        }
+        const responseNonce = (0, derive_js_1.hexToBytes)(responseNonceHex);
+        if (responseNonce.length !== derive_js_1.RESPONSE_NONCE_LENGTH) {
+            throw new Error(`Invalid response nonce length: expected ${derive_js_1.RESPONSE_NONCE_LENGTH}, got ${responseNonce.length}`);
+        }
+        // Export secret from request context
+        const exportLabelBytes = new TextEncoder().encode(derive_js_1.EXPORT_LABEL);
+        const exportedSecret = await context.senderContext.Export(exportLabelBytes, derive_js_1.EXPORT_LENGTH);
+        // Derive response keys
+        const km = await (0, derive_js_1.deriveResponseKeys)(exportedSecret, context.requestEnc, responseNonce);
+        // Create decrypting stream
+        const decryptedStream = this.createDecryptStream(response.body, km);
+        return new Response(decryptedStream, {
+            status: response.status,
+            statusText: response.statusText,
+            headers: response.headers,
         });
-        // Create a readable stream that decrypts chunks as they arrive
-        const decryptedStream = new ReadableStream({
-            start(controller) {
-                const reader = response.body.getReader();
-                let buffer = new Uint8Array(0);
-                let offset = 0;
-                async function pump() {
-                    try {
-                        while (true) {
-                            const { done, value } = await reader.read();
-                            if (done)
-                                break;
-                            // Append new data to buffer
-                            const newBuffer = new Uint8Array(buffer.length + value.length);
-                            newBuffer.set(buffer);
-                            newBuffer.set(value, buffer.length);
-                            buffer = newBuffer;
-                            // Process complete chunks
-                            while (offset + 4 <= buffer.length) {
-                                // Read chunk length (4 bytes big-endian)
-                                const chunkLength = (buffer[offset] << 24) |
-                                    (buffer[offset + 1] << 16) |
-                                    (buffer[offset + 2] << 8) |
-                                    buffer[offset + 3];
-                                offset += 4;
-                                if (chunkLength === 0) {
-                                    continue; // Empty chunk
-                                }
-                                // Check if we have the complete chunk
-                                if (offset + chunkLength > buffer.length) {
-                                    // Not enough data yet, rewind offset and wait for more
-                                    offset -= 4;
-                                    break;
-                                }
-                                // Extract and decrypt the chunk
-                                const encryptedChunk = buffer.slice(offset, offset + chunkLength);
-                                offset += chunkLength;
-                                try {
-                                    const decryptedChunk = await receiver.open(encryptedChunk.buffer);
-                                    controller.enqueue(new Uint8Array(decryptedChunk));
-                                }
-                                catch (error) {
-                                    controller.error(new Error(`Failed to decrypt chunk: ${error}`));
-                                    return;
-                                }
+    }
+    /**
+     * Creates a ReadableStream that decrypts response chunks.
+     */
+    createDecryptStream(body, km) {
+        let buffer = new Uint8Array(0);
+        let seq = 0;
+        const reader = body.getReader();
+        return new ReadableStream({
+            async pull(controller) {
+                while (true) {
+                    // Try to read a complete chunk from buffer
+                    if (buffer.length >= 4) {
+                        const chunkLength = (buffer[0] << 24) | (buffer[1] << 16) | (buffer[2] << 8) | buffer[3];
+                        if (chunkLength === 0) {
+                            // Skip empty chunk
+                            buffer = buffer.slice(4);
+                            continue;
+                        }
+                        if (buffer.length >= 4 + chunkLength) {
+                            const ciphertext = buffer.slice(4, 4 + chunkLength);
+                            buffer = buffer.slice(4 + chunkLength);
+                            try {
+                                const plaintext = await (0, derive_js_1.decryptChunk)(km, seq++, ciphertext);
+                                controller.enqueue(plaintext);
+                                return;
                             }
-                            // Remove processed data from buffer
-                            if (offset > 0) {
-                                buffer = buffer.slice(offset);
-                                offset = 0;
+                            catch (error) {
+                                controller.error(new Error(`Decryption failed at chunk ${seq - 1}: ${error}`));
+                                return;
                             }
                         }
-                        controller.close();
                     }
-                    catch (error) {
-                        controller.error(error);
+                    // Need more data
+                    const { done, value } = await reader.read();
+                    if (done) {
+                        controller.close();
+                        return;
                     }
+                    // Append to buffer
+                    const newBuffer = new Uint8Array(buffer.length + value.length);
+                    newBuffer.set(buffer);
+                    newBuffer.set(value, buffer.length);
+                    buffer = newBuffer;
                 }
-                pump();
-            }
-        });
-        // Create new response with decrypted stream
-        return new Response(decryptedStream, {
-            status: response.status,
-            statusText: response.statusText,
-            headers: response.headers
+            },
+            cancel(reason) {
+                // Release the underlying reader when the stream is cancelled
+                return reader.cancel(reason);
+            },
         });
     }
 }

package/dist/cjs/identity.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/identity.ts"],"names":[],"mappings":";;;AAAA~~,qCAAuF~~;~~AACvF~~,+CAAsD;~~AAEtD~~;;GAEG;AACH,MAAa,QAAQ;IACX,KAAK,CAAc;IACnB,SAAS,~~CAAY~~;~~IACrB~~,UAAU,~~CAAY~~;~~IAE9B~~,YAAY,KAAkB,EAAE,~~SAAoB~~,EAAE,~~UAAqB~~;~~QACzE~~,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,QAAQ;QACnB,MAAM,KAAK,GAAG,~~IAAI~~,~~kBAAW,CAAC;YAC5B,GAAG,~~EAAE,~~IAAI,4BAAqB,EAAE;YAChC,GAAG,EAAE,IAAI,iBAAU,EAAE;YACrB,IAAI,EAAE,IAAI,gBAAS,EAAE;SACtB,~~CAAC~~,CAAC~~;~~QAEH~~,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,KAAK,CAAC,~~GAAG,CAAC,~~eAAe,~~EAAE,~~CAAC~~;QAEpE~~,~~4DAA4D;QAC5D~~,~~MAAM,oBAAoB,GAAG,MAAM,MAAM,~~CAAC,~~MAAM,~~CAAC,~~SAAS,CACxD,KAAK,EACL,MAAM,MAAM,~~CAAC,~~MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,SAAS,CAAC,EAC/C,EAAE,IAAI,EAAE,QAAQ,EAAE,EAClB,IAAI,EAAE,~~cAAc;~~QACpB~~,~~EAAE,CACH,CAAC;QAEF,~~OAAO,IAAI,QAAQ,CAAC,KAAK,EAAE,~~oBAAoB~~,EAAE,UAAU,CAAC,CAAC;~~IAC/D~~,CAAC;~~IAGD~~;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAY;QAChC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC9B,MAAM,KAAK,GAAG,~~IAAI~~,~~kBAAW,CAAC;YAC5B,GAAG,~~EAAE,~~IAAI,4BAAqB,EAAE;YAChC,GAAG,EAAE,IAAI,iBAAU,EAAE;YACrB,IAAI,EAAE,IAAI,gBAAS,EAAE;SACtB,~~CAAC~~,CAAC~~;~~QAEH~~,~~oBAAoB~~;~~QACpB~~,MAAM,SAAS,GAAG,MAAM,~~MAAM~~,CAAC,~~MAAM~~,CAAC,~~SAAS,CAC7C,KAAK,EACL,~~IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,~~EAC9B~~,~~EAAE,IAAI,EAAE,QAAQ,EAAE,EAClB,IAAI,EAAE,cAAc;QACpB,EAAE,CACH,~~CAAC;~~QAEF~~,~~6CAA6C;QAC7C,~~MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,~~GAAG,CAAC,~~qBAAqB,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,~~CAAC~~,~~MAAM~~,CAAC,CAAC;~~QAEjG~~,OAAO,IAAI,QAAQ,CAAC,KAAK,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IACpD,CAAC;~~IAGD~~;;OAEG;IACH,KAAK,CAAC,MAAM;QACV,MAAM,cAAc,GAAG,~~IAAI,UAAU,CAAC,~~MAAM,~~MAAM~~,CAAC,~~MAAM~~,CAAC,~~SAAS~~,CAAC,~~KAAK,EAAE,~~IAAI,CAAC,SAAS,CAAC,CAAC~~,CAAC~~;~~QAE5F,+EAA+E;QAC/E~~,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,~~GAAG,CAAC,~~mBAAmB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;~~QAElF~~,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC;YACrC,UAAU,EAAE,KAAK,CAAC,IAAI,CAAC,~~IAAI,UAAU,CAAC,~~eAAe,CAAC~~,CAAC~~;~~SACxD~~,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,YAAY;QACV,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe;QACnB,MAAM,QAAQ,GAAG,MAAM,~~MAAM~~,CAAC,~~MAAM~~,CAAC,~~SAAS~~,CAAC,~~KAAK,EAAE,~~IAAI,CAAC,SAAS,CAAC,CAAC;~~QACtE~~,OAAO,~~KAAK~~,~~CAAC~~,~~IAAI~~,~~CAAC,IAAI,UAAU,CAAC,~~QAAQ,CAAC,CAAC;~~aACxC~~,~~GAAG,~~CAAC~~,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC~~;~~aACzC,IAAI,CAAC,EAAE,CAAC,CAAC;IACd,CAAC;~~IAED;;OAEG;IACH,aAAa;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,aAAa;QACjB,MAAM,KAAK,GAAG,yBAAW,CAAC,GAAG,CAAC;QAC9B,MAAM,KAAK,GAAG,yBAAW,CAAC,GAAG,CAAC;QAC9B,MAAM,MAAM,GAAG,yBAAW,CAAC,IAAI,CAAC;QAEhC,iCAAiC;QACjC,MAAM,cAAc,GAAG,~~IAAI,UAAU,CAAC,~~MAAM,~~MAAM~~,CAAC,~~MAAM~~,CAAC,~~SAAS~~,CAAC,~~KAAK,EAAE,~~IAAI,CAAC,SAAS,CAAC,CAAC~~,CAAC~~;~~QAE5F~~,kEAAkE;QAClE,MAAM,KAAK,GAAG,CAAC,CAAC;QAChB,MAAM,aAAa,GAAG,cAAc,CAAC,MAAM,CAAC;QAC5C,MAAM,gBAAgB,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,mBAAmB;QAEnD,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,aAAa,GAAG,CAAC,GAAG,gBAAgB,CAAC,CAAC;QAC5E,IAAI,MAAM,GAAG,CAAC,CAAC;QAEf,SAAS;QACT,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,KAAK,CAAC;QAEzB,SAAS;QACT,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;QACvC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,KAAK,GAAG,IAAI,CAAC;QAEhC,aAAa;QACb,MAAM,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QACnC,MAAM,IAAI,aAAa,CAAC;QAExB,iCAAiC;QACjC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,gBAAgB,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;QAClD,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,gBAAgB,GAAG,IAAI,CAAC;QAE3C,SAAS;QACT,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;QACvC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,KAAK,GAAG,IAAI,CAAC;QAEhC,UAAU;QACV,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,MAAM,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;QACxC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,MAAM,GAAG,IAAI,CAAC;QAEjC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,qBAAqB,CAAC,IAAgB;QACjD,IAAI,MAAM,GAAG,CAAC,CAAC;QAEf,cAAc;QACd,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QAE7B,cAAc;QACd,MAAM,KAAK,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QAErD,wCAAwC;QACxC,MAAM,aAAa,GAAG,EAAE,CAAC;QACzB,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,aAAa,CAAC,CAAC;QAClE,MAAM,IAAI,aAAa,CAAC;QAExB,4BAA4B;QAC5B,MAAM,kBAAkB,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QAElE,~~cAAc~~;~~QACd~~,MAAM,KAAK,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;~~QAErD~~,~~eAAe;QACf,~~MAAM,MAAM,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;~~QAEtD~~,~~yCAAyC~~;~~QACzC~~,MAAM,KAAK,~~GAAG~~,IAAI,~~kBAAW~~,CAAC;~~YAC5B~~,GAAG,~~EAAE~~,~~IAAI~~,~~4BAAqB~~,~~EAAE~~;~~YAChC~~,GAAG,~~EAAE~~,IAAI,~~iBAAU~~,~~EAAE~~;~~YACrB~~,IAAI,EAAE,~~IAAI~~,~~gBAAS~~,EAAE;~~SACtB~~,CAAC,CAAC;~~QAEH~~,~~uCAAuC~~;~~QACvC~~,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,~~GAAG,CAAC,~~oBAAoB,CAAC,cAAc,CAAC,~~MAAM,~~CAAC~~,CAAC~~;~~QAE9E~~,iEAAiE;QACjE,sDAAsD;QACtD,MAAM,eAAe,GAAG,MAAM,KAAK,CAAC,~~GAAG,CAAC,~~qBAAqB,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,~~CAAC~~,~~MAAM~~,CAAC,CAAC;~~QAEzF~~,OAAO,IAAI,QAAQ,CAAC,KAAK,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;IACzD,CAAC;IAED~~;;OAEG~~;IACH,KAAK,CAAC,~~cAAc~~,~~CAAC~~,OAAgB~~,EAAE,eAA0B~~;~~QAC/D~~,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,WAAW,EAAE,CAAC;~~QACzC~~,IAAI,IAAI,CAAC,UAAU,KAAK,CAAC,EAAE,CAAC;YAC1B,~~wDAAwD~~;~~YACxD~~,~~MAAM,~~OAAO,~~GAAG~~,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,~~CAAC~~;~~YAC7C~~,OAAO,~~CAAC~~,~~GAAG~~,CAAC,~~sBAAQ~~,CAAC,~~wBAAwB~~,EAAE,MAAM,IAAI,CAAC,~~eAAe~~,~~EAAE~~,CAAC,CAAC;~~YAC7E~~,~~OAAO~~,IAAI,~~OAAO~~,CAAC,~~OAAO~~,CAAC,~~GAAG~~,EAAE;~~gBAC9B~~,~~MAAM~~,EAAE,~~OAAO~~,CAAC,~~MAAM~~;~~gBACtB~~,OAAO;~~gBACP~~,~~IAAI~~,EAAE,~~IAAI~~;~~aACX~~,~~CAAC~~,~~CAAC~~;~~QACL~~,CAAC;~~QAED,+BAA+B~~;~~QAC/B~~,MAAM,~~MAAM~~,GAAG,~~MAAM,~~IAAI,CAAC,~~KAAK~~,CAAC,~~mBAAmB~~,CAAC;~~YAClD~~,~~kBAAkB~~,EAAE,~~eAAe;SACpC~~,CAAC,CAAC;~~QAEH~~,mBAAmB;QACnB,MAAM,SAAS,GAAG,MAAM,~~MAAM~~,CAAC,IAAI,CAAC,IAAI,~~CAAC~~,CAAC~~;QAE1C~~,~~uBAAuB;QACvB~~,~~MAAM~~,~~QAAQ,GAAG,MAAM,~~CAAC,~~GAAG,~~CAAC;~~QAE5B~~,+DAA+D;QAC/D,MAAM,WAAW,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;QACtC,~~MAAM,~~IAAI,~~GAAG,IAAI,~~QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC~~;QAC9C~~,~~IAAI,CAAC,~~SAAS,CAAC,CAAC,EAAE,SAAS,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC~~,CAAC,aAAa~~;~~QAE7D~~,MAAM,WAAW,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;QAC7D,WAAW,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QAChC,WAAW,CAAC,GAAG,CAAC,~~IAAI,UAAU,CAAC,~~SAAS,~~CAAC,~~EAAE,CAAC,CAAC,CAAC;~~QAE9C~~,~~qDAAqD~~;~~QACrD~~,~~MAAM,~~OAAO,~~GAAG~~,IAAI,OAAO,CAAC,OAAO,CAAC,~~OAAO~~,~~CAAC,CAAC~~;~~QAC7C~~,~~OAAO~~,~~CAAC~~,~~GAAG~~,CAAC,~~sBAAQ~~,~~CAAC~~,~~wBAAwB~~,EAAE,MAAM,~~IAAI,CAAC,eAAe,~~EAAE,~~CAAC~~,CAAC;~~QAC7E~~,OAAO,CAAC,~~GAAG,~~CAAC,~~sBAAQ~~,CAAC,~~uBAAuB~~,~~EAAE~~,~~KAAK~~,~~CAAC~~,~~IAAI~~,~~CAAC,~~IAAI,~~UAAU,~~CAAC,QAAQ,CAAC,CAAC;~~aAC/E~~,~~GAAG~~,~~CAAC~~,CAAC,CAAC,~~EAAE~~,~~CAAC~~,~~CAAC~~,~~CAAC~~,QAAQ,CAAC,~~EAAE~~,CAAC,CAAC,~~QAAQ~~,CAAC,~~CAAC~~,~~EAAE,GAAG,~~CAAC,CAAC;~~aACzC~~,IAAI,CAAC,EAAE,CAAC~~,CAAC,CAAC~~;~~QAEb~~,~~OAAO~~,IAAI,~~OAAO~~,CAAC,~~OAAO~~,CAAC,~~GAAG~~,~~EAAE;YAC9B~~,~~MAAM~~,~~EAAE,OAAO,~~CAAC~~,MAAM~~;~~YACtB~~,~~OAAO~~;~~YACP~~,~~IAAI~~,~~EAAE~~,~~WAAW;YACjB~~,~~MAAM~~,~~EAAE~~,~~MAAM;SACA~~,~~CAAC~~,CAAC~~;IACpB~~,CAAC;~~IAED;;OAEG;IACH~~,~~KAAK~~,CAAC,~~eAAe~~,~~CAAC~~,~~QAAkB~~,EAAE,~~cAA0B~~;~~QAClE~~,IAAI,~~CAAC~~,~~QAAQ~~,~~CAAC~~,~~IAAI~~,~~EAAE~~,CAAC~~;YACnB~~,~~OAAO~~,~~QAAQ~~,CAAC;~~QAClB~~,CAAC;QAED,~~iCAAiC~~;~~QACjC~~,MAAM,~~QAAQ~~,GAAG,~~MAAM,~~IAAI,~~CAAC~~,~~KAAK~~,CAAC,~~sBAAsB~~,CAAC~~;YACvD~~,~~YAAY~~,~~EAAE~~,~~IAAI,~~CAAC~~,UAAU~~;~~YAC7B~~,GAAG,~~EAAE~~,~~cAAc~~,CAAC,~~MAAqB;SAC1C~~,CAAC,~~CAAC;QAEH,+DAA+D;QAC/D,~~MAAM,~~eAAe~~,~~GAAG~~,~~IAAI~~,~~cAAc~~,CAAC~~;YACzC~~,~~KAAK,~~CAAC,~~UAAU~~;~~gBACd~~,MAAM,~~MAAM~~,GAAG,~~QAAQ~~,~~CAAC~~,~~IAAK~~,CAAC,~~SAAS~~,EAAE,CAAC;~~gBAC1C~~,~~IAAI~~,MAAM,GAAG,IAAI,~~UAAU,~~CAAC,~~CAAC~~,CAAC,CAAC~~;gBAC/B~~,IAAI,~~MAAM~~,~~GAAG~~,CAAC,CAAC;~~gBAEf~~,~~KAAK~~,~~UAAU,~~IAAI~~;oBACjB~~,~~IAAI~~,CAAC~~;wBACH~~,~~OAAO~~,~~IAAI,~~EAAE~~,CAAC~~;~~4BACZ~~,MAAM,EAAE,~~IAAI~~,~~EAAE~~,~~KAAK~~,EAAE,~~GAAG~~,~~MAAM~~,~~MAAM~~,~~CAAC~~,~~IAAI,~~EAAE,CAAC;~~4BAC5C~~,~~IAAI~~,~~IAAI~~;~~gCAAE~~,~~MAAM~~;~~4BAEhB,4BAA4B~~;~~4BAC5B~~,~~MAAM~~,~~SAAS~~,~~GAAG~~,~~IAAI~~,~~UAAU~~,~~CAAC~~,MAAM,~~CAAC~~,~~MAAM~~,~~GAAG~~,~~KAAK~~,CAAC,~~MAAM,~~CAAC,CAAC;~~4BAC~~/D,~~SAAS~~,~~CAAC~~,GAAG,CAAC,~~MAAM,~~CAAC~~,CAAC~~;~~4BACtB~~,~~SAAS~~,~~CAAC~~,GAAG,CAAC,~~KAAK~~,EAAE,~~MAAM,~~CAAC,~~MAAM~~,~~CAAC~~,CAAC;~~4BACpC~~,~~MAAM~~,~~GAAG~~,~~SAAS~~,CAAC~~;4BAEnB~~,~~0BAA0B~~;~~4BAC1B~~,OAAO,~~MAAM~~,~~GAAG~~,CAAC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;~~gCACnC~~,~~yCAAyC;gCACzC,~~MAAM,WAAW,~~GAAG~~,CAAC,MAAM,CAAC,~~MAAM~~,CAAC,IAAI,EAAE,CAAC~~;oCACxB~~,CAAC,MAAM,CAAC,~~MAAM,GAAG,~~CAAC,CAAC,IAAI,EAAE,CAAC~~;oCAC1B~~,CAAC,MAAM,CAAC,~~MAAM,GAAG,~~CAAC,CAAC,IAAI,CAAC,CAAC~~;oCACzB~~,~~MAAM~~,~~CAAC,~~MAAM,~~GAAG,~~CAAC,CAAC,CAAC~~;gCACrC~~,~~MAAM,IAAI,~~CAAC~~,CAAC~~;~~gCAEZ~~,IAAI,WAAW,KAAK,CAAC,EAAE,CAAC;~~oCACtB~~,~~SAAS,CAAC,cAAc~~;~~gCAC1B~~,~~CAAC;gCAED,sCAAsC;gCACtC,IAAI,~~MAAM,GAAG,~~WAAW~~,~~GAAG~~,~~MAAM~~,CAAC,~~MAAM~~,~~EAAE~~,CAAC;~~oCACzC~~,~~uDAAuD~~;~~oCACvD~~,~~MAAM~~,IAAI,~~CAAC~~,CAAC~~;oCACZ~~,MAAM~~;gCACR~~,CAAC~~;gCAED~~,~~gCAAgC~~;~~gCAChC~~,MAAM,~~cAAc~~,GAAG,MAAM,CAAC,KAAK,CAAC,~~MAAM~~,EAAE,~~MAAM~~,GAAG,WAAW,CAAC,CAAC;~~gCAClE~~,MAAM,~~IAAI~~,WAAW,CAAC;~~gCAEtB~~,IAAI,CAAC;~~oCACH~~,MAAM,~~cAAc~~,GAAG,MAAM,~~QAAQ~~,~~CAAC~~,~~IAAI~~,~~CAAC~~,~~cAAc~~,~~CAAC~~,~~MAAM~~,CAAC,CAAC;~~oCAClE~~,UAAU,CAAC,OAAO,CAAC,~~IAAI~~,~~UAAU,~~CAAC,~~cAAc,~~CAAC,~~CAAC,CAAC~~;~~gCACrD~~,CAAC;~~gCAAC~~,OAAO,KAAK,EAAE,CAAC;~~oCACf~~,UAAU,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,~~4BAA4B~~,KAAK,EAAE,CAAC,CAAC,CAAC;~~oCACjE~~,OAAO;~~gCACT~~,CAAC;~~4BACH~~,CAAC;~~4BAED~~,~~oCAAoC~~;~~4BACpC~~,~~IAAI~~,MAAM,~~GAAG~~,~~CAAC~~,EAAE,~~CAAC;gCACf~~,~~MAAM~~,GAAG,MAAM,~~CAAC~~,~~KAAK,~~CAAC,~~MAAM~~,~~CAAC~~,CAAC;~~gCAC9B~~,~~MAAM~~,~~GAAG~~,~~CAAC~~,CAAC;~~4BACb~~,~~CAAC;wBACH,CAAC;wBAED,~~UAAU,CAAC,KAAK,EAAE,CAAC;~~oBACrB~~,CAAC;~~oBAAC~~,~~OAAO~~,~~KAAK~~,~~EAAE~~,~~CAAC;wBACf~~,UAAU,CAAC,~~KAAK~~,CAAC,KAAK,CAAC,CAAC~~;oBAC1B~~,CAAC;~~gBACH~~,CAAC~~;gBAED~~,~~IAAI~~,~~EAAE~~,CAAC~~;YACT~~,CAAC;~~SACF~~,CAAC,CAAC~~;QAEH~~,~~4CAA4C;QAC5C~~,~~OAAO~~,~~IAAI~~,~~QAAQ~~,CAAC,~~eAAe,EAAE~~;~~YACnC~~,MAAM,~~EAAE~~,~~QAAQ~~,CAAC,~~MAAM~~;~~YACvB~~,~~UAAU~~,~~EAAE~~,~~QAAQ,~~CAAC,~~UAAU~~;~~YAC/B~~,OAAO,~~EAAE~~,~~QAAQ~~,CAAC,~~OAAO~~;~~SAC1B~~,CAAC,CAAC;IACL,CAAC;~~CAEF~~;~~AA7UD~~,~~4BA6UC~~"}
1	+ {"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/identity.ts"],"names":[],"mappings":";;;AAAA,+BAOc;AACd,+CAAsD;AACtD,2CAUqB;AAWrB;;GAEG;AACH,SAAS,WAAW;IAClB,OAAO,IAAI,kBAAW,CACpB,mCAA4B,EAC5B,sBAAe,EACf,uBAAgB,CACjB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAa,QAAQ;IACX,KAAK,CAAc;IACnB,SAAS,CAAM;IACf,UAAU,CAAM;IAExB,YAAY,KAAkB,EAAE,SAAc,EAAE,UAAe;QAC7D,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,QAAQ;QACnB,MAAM,KAAK,GAAG,WAAW,EAAE,CAAC;QAC5B,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,KAAK,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,cAAc;QAEnF,OAAO,IAAI,QAAQ,CAAC,KAAK,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IACpD,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAY;QAChC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC9B,MAAM,KAAK,GAAG,WAAW,EAAE,CAAC;QAE5B,mCAAmC;QACnC,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,oBAAoB,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;QACnF,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,qBAAqB,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,CAAC;QAE5F,OAAO,IAAI,QAAQ,CAAC,KAAK,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IACpD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM;QACV,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC3E,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAE9E,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC;YACrC,UAAU,EAAE,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC;SACxC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,YAAY;QACV,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe;QACnB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACrE,OAAO,IAAA,sBAAU,EAAC,QAAQ,CAAC,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,aAAa;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,aAAa;QACjB,MAAM,KAAK,GAAG,yBAAW,CAAC,GAAG,CAAC;QAC9B,MAAM,KAAK,GAAG,yBAAW,CAAC,GAAG,CAAC;QAC9B,MAAM,MAAM,GAAG,yBAAW,CAAC,IAAI,CAAC;QAEhC,iCAAiC;QACjC,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAE3E,kEAAkE;QAClE,MAAM,KAAK,GAAG,CAAC,CAAC;QAChB,MAAM,aAAa,GAAG,cAAc,CAAC,MAAM,CAAC;QAC5C,MAAM,gBAAgB,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,mBAAmB;QAEnD,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,aAAa,GAAG,CAAC,GAAG,gBAAgB,CAAC,CAAC;QAC5E,IAAI,MAAM,GAAG,CAAC,CAAC;QAEf,SAAS;QACT,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,KAAK,CAAC;QAEzB,SAAS;QACT,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;QACvC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,KAAK,GAAG,IAAI,CAAC;QAEhC,aAAa;QACb,MAAM,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QACnC,MAAM,IAAI,aAAa,CAAC;QAExB,iCAAiC;QACjC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,gBAAgB,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;QAClD,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,gBAAgB,GAAG,IAAI,CAAC;QAE3C,SAAS;QACT,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;QACvC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,KAAK,GAAG,IAAI,CAAC;QAEhC,UAAU;QACV,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,MAAM,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;QACxC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,MAAM,GAAG,IAAI,CAAC;QAEjC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,qBAAqB,CAAC,IAAgB;QACjD,IAAI,MAAM,GAAG,CAAC,CAAC;QAEf,cAAc;QACd,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QAE7B,cAAc;QACd,MAAM,KAAK,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QAErD,wCAAwC;QACxC,MAAM,aAAa,GAAG,EAAE,CAAC;QACzB,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,aAAa,CAAC,CAAC;QAClE,MAAM,IAAI,aAAa,CAAC;QAExB,4BAA4B;QAC5B,MAAM,kBAAkB,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QAElE,yEAAyE;QACzE,MAAM,MAAM,GAAG,EAAE,CAAC;QAClB,MAAM,eAAe,GAAG,MAAM,GAAG,kBAAkB,CAAC;QACpD,OAAO,MAAM,GAAG,eAAe,EAAE,CAAC;YAChC,MAAM,KAAK,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;YACrD,MAAM,MAAM,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;YACtD,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QACjC,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACtD,CAAC;QAED,6BAA6B;QAC7B,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QAE7B,6CAA6C;QAC7C,IAAI,UAAU,CAAC,KAAK,KAAK,yBAAW,CAAC,GAAG,IAAI,UAAU,CAAC,MAAM,KAAK,yBAAW,CAAC,IAAI,EAAE,CAAC;YACnF,MAAM,IAAI,KAAK,CACb,mCAAmC,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,YAAY,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAC7G,CAAC;QACJ,CAAC;QAED,sBAAsB;QACtB,MAAM,KAAK,GAAG,WAAW,EAAE,CAAC;QAE5B,oBAAoB;QACpB,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,oBAAoB,CAAC,cAAc,CAAC,CAAC;QAEnE,iEAAiE;QACjE,sDAAsD;QACtD,MAAM,eAAe,GAAG,MAAM,KAAK,CAAC,qBAAqB,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC;QAErF,OAAO,IAAI,QAAQ,CAAC,KAAK,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;IACzD,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,yBAAyB,CAC7B,OAAgB;QAEhB,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,WAAW,EAAE,CAAC;QAEzC,sEAAsE;QACtE,+EAA+E;QAC/E,8EAA8E;QAC9E,sDAAsD;QACtD,IAAI,IAAI,CAAC,UAAU,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO;gBACL,OAAO,EAAE,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE;oBAChC,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,IAAI,EAAE,IAAI;iBACX,CAAC;gBACF,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,iFAAiF;QACjF,MAAM,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,6BAAiB,CAAC,CAAC;QAC9D,MAAM,EAAE,kBAAkB,EAAE,GAAG,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,EAAE;YAC/E,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;QAEH,wCAAwC;QACxC,MAAM,OAAO,GAAmB;YAC9B,aAAa,EAAE,GAAG;YAClB,UAAU,EAAE,kBAAkB;SAC/B,CAAC;QAEF,6DAA6D;QAC7D,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,sBAAQ,CAAC,uBAAuB,EAAE,IAAA,sBAAU,EAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC;QAE9E,mBAAmB;QACnB,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;QAEvD,+DAA+D;QAC/D,MAAM,WAAW,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;QACtC,IAAI,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,SAAS,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QAE3E,MAAM,WAAW,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;QAC7D,WAAW,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QAChC,WAAW,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;QAE9B,OAAO;YACL,OAAO,EAAE,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE;gBAChC,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,OAAO;gBACP,IAAI,EAAE,WAAW;gBACjB,MAAM,EAAE,MAAM;aACA,CAAC;YACjB,OAAO;SACR,CAAC;IACJ,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,0BAA0B,CAC9B,QAAkB,EAClB,OAAuB;QAEvB,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnB,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,iCAAiC;QACjC,MAAM,gBAAgB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAQ,CAAC,qBAAqB,CAAC,CAAC;QAC9E,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,WAAW,sBAAQ,CAAC,qBAAqB,SAAS,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,aAAa,GAAG,IAAA,sBAAU,EAAC,gBAAgB,CAAC,CAAC;QACnD,IAAI,aAAa,CAAC,MAAM,KAAK,iCAAqB,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CACb,2CAA2C,iCAAqB,SAAS,aAAa,CAAC,MAAM,EAAE,CAChG,CAAC;QACJ,CAAC;QAED,qCAAqC;QACrC,MAAM,gBAAgB,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,wBAAY,CAAC,CAAC;QAChE,MAAM,cAAc,GAAG,MAAM,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,gBAAgB,EAAE,yBAAa,CAAC,CAAC;QAE3F,uBAAuB;QACvB,MAAM,EAAE,GAAG,MAAM,IAAA,8BAAkB,EAAC,cAAc,EAAE,OAAO,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;QAEvF,2BAA2B;QAC3B,MAAM,eAAe,GAAG,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAEpE,OAAO,IAAI,QAAQ,CAAC,eAAe,EAAE;YACnC,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,OAAO,EAAE,QAAQ,CAAC,OAAO;SAC1B,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,mBAAmB,CACzB,IAAgC,EAChC,EAAuB;QAEvB,IAAI,MAAM,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;QAC/B,IAAI,GAAG,GAAG,CAAC,CAAC;QACZ,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAEhC,OAAO,IAAI,cAAc,CAAC;YACxB,KAAK,CAAC,IAAI,CAAC,UAAU;gBACnB,OAAO,IAAI,EAAE,CAAC;oBACZ,2CAA2C;oBAC3C,IAAI,MAAM,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;wBACvB,MAAM,WAAW,GACf,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;wBAEvE,IAAI,WAAW,KAAK,CAAC,EAAE,CAAC;4BACtB,mBAAmB;4BACnB,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;4BACzB,SAAS;wBACX,CAAC;wBAED,IAAI,MAAM,CAAC,MAAM,IAAI,CAAC,GAAG,WAAW,EAAE,CAAC;4BACrC,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC;4BACpD,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,WAAW,CAAC,CAAC;4BAEvC,IAAI,CAAC;gCACH,MAAM,SAAS,GAAG,MAAM,IAAA,wBAAY,EAAC,EAAE,EAAE,GAAG,EAAE,EAAE,UAAU,CAAC,CAAC;gCAC5D,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;gCAC9B,OAAO;4BACT,CAAC;4BAAC,OAAO,KAAK,EAAE,CAAC;gCACf,UAAU,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,8BAA8B,GAAG,GAAG,CAAC,KAAK,KAAK,EAAE,CAAC,CAAC,CAAC;gCAC/E,OAAO;4BACT,CAAC;wBACH,CAAC;oBACH,CAAC;oBAED,iBAAiB;oBACjB,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;oBAC5C,IAAI,IAAI,EAAE,CAAC;wBACT,UAAU,CAAC,KAAK,EAAE,CAAC;wBACnB,OAAO;oBACT,CAAC;oBAED,mBAAmB;oBACnB,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;oBAC/D,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBACtB,SAAS,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;oBACpC,MAAM,GAAG,SAAS,CAAC;gBACrB,CAAC;YACH,CAAC;YACD,MAAM,CAAC,MAAM;gBACX,6DAA6D;gBAC7D,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAC/B,CAAC;SACF,CAAC,CAAC;IACL,CAAC;CACF;AA1VD,4BA0VC"}

package/dist/cjs/index.d.ts CHANGED Viewed

@@ -6,7 +6,10 @@
  * bodies while preserving HTTP headers for routing.
  */
 export { Identity } from './identity.js';
+export type { RequestContext } from './identity.js';
 export { Transport, createTransport } from './client.js';
 export { PROTOCOL, HPKE_CONFIG } from './protocol.js';
-export type { CipherSuite } from '@hpke/core';
+export { deriveResponseKeys, computeNonce, encryptChunk, decryptChunk, hexToBytes, bytesToHex, HPKE_REQUEST_INFO, EXPORT_LABEL, EXPORT_LENGTH, RESPONSE_NONCE_LENGTH, AES256_KEY_LENGTH, AES_GCM_NONCE_LENGTH, } from './derive.js';
+export type { ResponseKeyMaterial } from './derive.js';
+export type { CipherSuite, SenderContext, RecipientContext, Key } from 'hpke';
 //# sourceMappingURL=index.d.ts.map

package/dist/cjs/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACzD,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAGtD,YAAY,EAAE,~~WAAW~~,EAAE,MAAM,YAAY,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,YAAY,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACzD,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAGtD,OAAO,EACL,kBAAkB,EAClB,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,UAAU,EACV,UAAU,EACV,iBAAiB,EACjB,YAAY,EACZ,aAAa,EACb,qBAAqB,EACrB,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,aAAa,CAAC;AACrB,YAAY,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAEvD,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,gBAAgB,EAAE,GAAG,EAAE,MAAM,MAAM,CAAC"}

package/dist/cjs/index.js CHANGED Viewed

@@ -7,7 +7,7 @@
  * bodies while preserving HTTP headers for routing.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.HPKE_CONFIG = exports.PROTOCOL = exports.createTransport = exports.Transport = exports.Identity = void 0;
+exports.AES_GCM_NONCE_LENGTH = exports.AES256_KEY_LENGTH = exports.RESPONSE_NONCE_LENGTH = exports.EXPORT_LENGTH = exports.EXPORT_LABEL = exports.HPKE_REQUEST_INFO = exports.bytesToHex = exports.hexToBytes = exports.decryptChunk = exports.encryptChunk = exports.computeNonce = exports.deriveResponseKeys = exports.HPKE_CONFIG = exports.PROTOCOL = exports.createTransport = exports.Transport = exports.Identity = void 0;
 var identity_js_1 = require("./identity.js");
 Object.defineProperty(exports, "Identity", { enumerable: true, get: function () { return identity_js_1.Identity; } });
 var client_js_1 = require("./client.js");
@@ -16,4 +16,18 @@ Object.defineProperty(exports, "createTransport", { enumerable: true, get: funct
 var protocol_js_1 = require("./protocol.js");
 Object.defineProperty(exports, "PROTOCOL", { enumerable: true, get: function () { return protocol_js_1.PROTOCOL; } });
 Object.defineProperty(exports, "HPKE_CONFIG", { enumerable: true, get: function () { return protocol_js_1.HPKE_CONFIG; } });
+// Export key derivation utilities for advanced usage
+var derive_js_1 = require("./derive.js");
+Object.defineProperty(exports, "deriveResponseKeys", { enumerable: true, get: function () { return derive_js_1.deriveResponseKeys; } });
+Object.defineProperty(exports, "computeNonce", { enumerable: true, get: function () { return derive_js_1.computeNonce; } });
+Object.defineProperty(exports, "encryptChunk", { enumerable: true, get: function () { return derive_js_1.encryptChunk; } });
+Object.defineProperty(exports, "decryptChunk", { enumerable: true, get: function () { return derive_js_1.decryptChunk; } });
+Object.defineProperty(exports, "hexToBytes", { enumerable: true, get: function () { return derive_js_1.hexToBytes; } });
+Object.defineProperty(exports, "bytesToHex", { enumerable: true, get: function () { return derive_js_1.bytesToHex; } });
+Object.defineProperty(exports, "HPKE_REQUEST_INFO", { enumerable: true, get: function () { return derive_js_1.HPKE_REQUEST_INFO; } });
+Object.defineProperty(exports, "EXPORT_LABEL", { enumerable: true, get: function () { return derive_js_1.EXPORT_LABEL; } });
+Object.defineProperty(exports, "EXPORT_LENGTH", { enumerable: true, get: function () { return derive_js_1.EXPORT_LENGTH; } });
+Object.defineProperty(exports, "RESPONSE_NONCE_LENGTH", { enumerable: true, get: function () { return derive_js_1.RESPONSE_NONCE_LENGTH; } });
+Object.defineProperty(exports, "AES256_KEY_LENGTH", { enumerable: true, get: function () { return derive_js_1.AES256_KEY_LENGTH; } });
+Object.defineProperty(exports, "AES_GCM_NONCE_LENGTH", { enumerable: true, get: function () { return derive_js_1.AES_GCM_NONCE_LENGTH; } });
 //# sourceMappingURL=index.js.map

package/dist/cjs/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;AAEH,6CAAyC;AAAhC,uGAAA,QAAQ,OAAA;~~AACjB~~,yCAAyD;AAAhD,sGAAA,SAAS,OAAA;AAAE,4GAAA,eAAe,OAAA;AACnC,6CAAsD;AAA7C,uGAAA,QAAQ,OAAA;AAAE,0GAAA,WAAW,OAAA"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;AAEH,6CAAyC;AAAhC,uGAAA,QAAQ,OAAA;AAEjB,yCAAyD;AAAhD,sGAAA,SAAS,OAAA;AAAE,4GAAA,eAAe,OAAA;AACnC,6CAAsD;AAA7C,uGAAA,QAAQ,OAAA;AAAE,0GAAA,WAAW,OAAA;AAE9B,qDAAqD;AACrD,yCAaqB;AAZnB,+GAAA,kBAAkB,OAAA;AAClB,yGAAA,YAAY,OAAA;AACZ,yGAAA,YAAY,OAAA;AACZ,yGAAA,YAAY,OAAA;AACZ,uGAAA,UAAU,OAAA;AACV,uGAAA,UAAU,OAAA;AACV,8GAAA,iBAAiB,OAAA;AACjB,yGAAA,YAAY,OAAA;AACZ,0GAAA,aAAa,OAAA;AACb,kHAAA,qBAAqB,OAAA;AACrB,8GAAA,iBAAiB,OAAA;AACjB,iHAAA,oBAAoB,OAAA"}

package/dist/cjs/protocol.d.ts CHANGED Viewed

@@ -3,7 +3,7 @@
  */
 export declare const PROTOCOL: {
     readonly ENCAPSULATED_KEY_HEADER: "Ehbp-Encapsulated-Key";
-    readonly CLIENT_PUBLIC_KEY_HEADER: "Ehbp-Client-Public-Key";
+    readonly RESPONSE_NONCE_HEADER: "Ehbp-Response-Nonce";
     readonly KEYS_MEDIA_TYPE: "application/ohttp-keys";
     readonly KEYS_PATH: "/.well-known/hpke-keys";
     readonly FALLBACK_HEADER: "Ehbp-Fallback";