salty-crypto 0.0.5 → 0.1.1

package/src/{poly1305.ts → hash/poly1305.ts}

@@ -9,10 +9,13 @@
 // * https://github.com/floodyberry/poly1305-donna
 // */
 
-export class Poly1305 {
+import type { Hash, HashAlgorithm } from '../hash';
+
+export const Poly1305 = (class Poly1305 implements HashAlgorithm {
+    static readonly NAME = "Poly1305";
     static readonly KEYBYTES = 32;
-    static readonly TAGBYTES = 16;
-    static readonly BLOCKBYTES = 16;
+    static readonly OUTBYTES = 16;
+    static readonly BLOCKLEN = 16;
 
     buffer = new Uint8Array(16);
     r = new Uint16Array(10);
@@ -21,15 +24,16 @@ export class Poly1305 {
     leftover = 0;
     fin = 0;
 
-    static digest(key: Uint8Array, input: Uint8Array): Uint8Array {
-        const p = new Poly1305(key);
-        p.update(input, 0, input.byteLength);
-        const output = new Uint8Array(Poly1305.TAGBYTES);
-        p.finish(output, 0);
-        return output;
+    static digest(input: Uint8Array, key?: Uint8Array, outlen?: number): Uint8Array {
+        const p = new Poly1305(key, outlen);
+        p.update(input);
+        return p.final();
     }
 
-    constructor(public key: Uint8Array) {
+    constructor(key?: Uint8Array, outlen?: number) {
+        if (!key) throw new Error("Poly1305: key required");
+        if ((outlen ?? Poly1305.OUTBYTES) !== Poly1305.OUTBYTES) throw new Error("Poly1305: outlen != OUTBYTES");
+
         const t0 = key[ 0] & 0xff | (key[ 1] & 0xff) << 8; this.r[0] = ( t0                     ) & 0x1fff;
         const t1 = key[ 2] & 0xff | (key[ 3] & 0xff) << 8; this.r[1] = ((t0 >>> 13) | (t1 <<  3)) & 0x1fff;
         const t2 = key[ 4] & 0xff | (key[ 5] & 0xff) << 8; this.r[2] = ((t1 >>> 10) | (t2 <<  6)) & 0x1f03;
@@ -263,7 +267,9 @@ export class Poly1305 {
         this.h[9] = h9;
     }
 
-    finish(mac: Uint8Array, macpos: number) {
+    final(mac?: Uint8Array): Uint8Array {
+        if (!mac) mac = new Uint8Array(Poly1305.OUTBYTES);
+
         if (this.leftover) {
             let i = this.leftover;
             this.buffer[i++] = 1;
@@ -319,25 +325,26 @@ export class Poly1305 {
             this.h[i] = f & 0xffff;
         }
 
-        mac[macpos + 0] = (this.h[0] >>> 0) & 0xff;
-        mac[macpos + 1] = (this.h[0] >>> 8) & 0xff;
-        mac[macpos + 2] = (this.h[1] >>> 0) & 0xff;
-        mac[macpos + 3] = (this.h[1] >>> 8) & 0xff;
-        mac[macpos + 4] = (this.h[2] >>> 0) & 0xff;
-        mac[macpos + 5] = (this.h[2] >>> 8) & 0xff;
-        mac[macpos + 6] = (this.h[3] >>> 0) & 0xff;
-        mac[macpos + 7] = (this.h[3] >>> 8) & 0xff;
-        mac[macpos + 8] = (this.h[4] >>> 0) & 0xff;
-        mac[macpos + 9] = (this.h[4] >>> 8) & 0xff;
-        mac[macpos + 10] = (this.h[5] >>> 0) & 0xff;
-        mac[macpos + 11] = (this.h[5] >>> 8) & 0xff;
-        mac[macpos + 12] = (this.h[6] >>> 0) & 0xff;
-        mac[macpos + 13] = (this.h[6] >>> 8) & 0xff;
-        mac[macpos + 14] = (this.h[7] >>> 0) & 0xff;
-        mac[macpos + 15] = (this.h[7] >>> 8) & 0xff;
+        mac[0] = (this.h[0] >>> 0) & 0xff;
+        mac[1] = (this.h[0] >>> 8) & 0xff;
+        mac[2] = (this.h[1] >>> 0) & 0xff;
+        mac[3] = (this.h[1] >>> 8) & 0xff;
+        mac[4] = (this.h[2] >>> 0) & 0xff;
+        mac[5] = (this.h[2] >>> 8) & 0xff;
+        mac[6] = (this.h[3] >>> 0) & 0xff;
+        mac[7] = (this.h[3] >>> 8) & 0xff;
+        mac[8] = (this.h[4] >>> 0) & 0xff;
+        mac[9] = (this.h[4] >>> 8) & 0xff;
+        mac[10] = (this.h[5] >>> 0) & 0xff;
+        mac[11] = (this.h[5] >>> 8) & 0xff;
+        mac[12] = (this.h[6] >>> 0) & 0xff;
+        mac[13] = (this.h[6] >>> 8) & 0xff;
+        mac[14] = (this.h[7] >>> 0) & 0xff;
+        mac[15] = (this.h[7] >>> 8) & 0xff;
+        return mac;
     };
 
-    update(m: Uint8Array, mpos: number, bytes: number) {
+    update(m: Uint8Array, mpos = 0, bytes = m.byteLength) {
         if (this.leftover) {
             let want = (16 - this.leftover);
             if (want > bytes)
@@ -366,4 +373,4 @@ export class Poly1305 {
             this.leftover += bytes;
         }
     }
-}
+}) satisfies Hash;

package/src/hash.ts

@@ -0,0 +1,21 @@
+/// SPDX-License-Identifier: MIT
+/// SPDX-FileCopyrightText: Copyright © 2023 Tony Garnock-Jones <tonyg@leastfixedpoint.com>
+
+export interface Hash {
+    readonly NAME: string;
+    readonly KEYBYTES: number;
+    readonly OUTBYTES: number;
+    readonly BLOCKLEN: number;
+
+    digest(input: Uint8Array, key?: Uint8Array, outlen?: number): Uint8Array;
+
+    new(key?: Uint8Array, outlen?: number): HashAlgorithm;
+}
+
+export interface HashAlgorithm {
+    update(input: Uint8Array, offset?: number, length?: number): void;
+    final(output?: Uint8Array): Uint8Array;
+}
+
+export { BLAKE2s } from './hash/blake2s';
+export { Poly1305 } from './hash/poly1305';

package/src/hkdf.ts

@@ -0,0 +1,25 @@
+/// SPDX-License-Identifier: MIT
+/// SPDX-FileCopyrightText: Copyright © 2023 Tony Garnock-Jones <tonyg@leastfixedpoint.com>
+
+import { HMAC } from './hmac';
+import * as Bytes from './bytes';
+
+export type HKDF = {
+    (chainingKey: Uint8Array, input: Uint8Array, numOutputs: 2): [Uint8Array, Uint8Array];
+    (chainingKey: Uint8Array, input: Uint8Array, numOutputs: 3): [Uint8Array, Uint8Array, Uint8Array];
+};
+
+export function makeHKDF(hmac: HMAC): HKDF {
+    function hkdf(chainingKey: Uint8Array, input: Uint8Array, numOutputs: 2): [Uint8Array, Uint8Array];
+    function hkdf(chainingKey: Uint8Array, input: Uint8Array, numOutputs: 3): [Uint8Array, Uint8Array, Uint8Array];
+    function hkdf(chainingKey: Uint8Array, input: Uint8Array, numOutputs: 2 | 3): Uint8Array[] {
+        const tempKey = hmac(chainingKey, input);
+        const o1 = hmac(tempKey, Uint8Array.from([1]));
+        const o2 = hmac(tempKey, Bytes.append(o1, Uint8Array.from([2])));
+        switch (numOutputs) {
+            case 2: return [o1, o2];
+            case 3: return [o1, o2, hmac(tempKey, Bytes.append(o2, Uint8Array.from([3])))];
+        }
+    };
+    return hkdf;
+}

package/src/hmac.ts

@@ -0,0 +1,24 @@
+/// SPDX-License-Identifier: MIT
+/// SPDX-FileCopyrightText: Copyright © 2023 Tony Garnock-Jones <tonyg@leastfixedpoint.com>
+
+import { Hash } from './hash';
+import * as Bytes from './bytes';
+
+export type HMAC = {
+    (key: Uint8Array, data: Uint8Array): Uint8Array;
+    readonly NAME: string;
+};
+
+export function makeHMAC(hash: Hash): HMAC {
+    const HMAC_IPAD = new Uint8Array(hash.BLOCKLEN); HMAC_IPAD.fill(0x36);
+    const HMAC_OPAD = new Uint8Array(hash.BLOCKLEN); HMAC_OPAD.fill(0x5c);
+    const hmac = (key0: Uint8Array, data: Uint8Array) => {
+        const key1 = key0.byteLength > hash.BLOCKLEN ? hash.digest(key0) : key0;
+        const key = Bytes.append(key1, new Uint8Array(hash.BLOCKLEN - key1.byteLength));
+        return hash.digest(Bytes.append(Bytes.xor(key, HMAC_OPAD),
+                                        hash.digest(Bytes.append(Bytes.xor(key, HMAC_IPAD),
+                                                                 data))));
+    };
+    hmac.NAME = 'HMAC-' + hash.NAME;
+    return hmac;
+}

package/src/index.ts

@@ -1,12 +1,49 @@
 /// SPDX-License-Identifier: MIT
 /// SPDX-FileCopyrightText: Copyright © 2023 Tony Garnock-Jones <tonyg@leastfixedpoint.com>
 
-export * as AEAD from './aead';
-export * as BLAKE2 from './blake2';
-export * as ChaCha20 from './chacha20';
-export * as Noise from './noise';
-export * as Patterns from './patterns';
-export * as Poly1305 from './poly1305';
-export * as NoiseProfiles from './profiles';
-export * as Random from './random';
-export * as X25519 from './x25519';
+export * from './aead';
+export * as Bytes from './bytes';
+export * from './cipher';
+export * from './dh';
+export * from './hash';
+export * from './hkdf';
+export * from './hmac';
+export * from './noise';
+export * from './nonce';
+export * from './random';
+
+import * as chacha20poly1305 from './aead/chacha20poly1305';
+import * as chacha20 from './cipher/chacha20';
+import * as x25519 from './dh/x25519';
+import * as blake2s from './hash/blake2s';
+import * as poly1305 from './hash/poly1305';
+import * as algorithms from './noise/algorithms';
+import * as cipherstate from './noise/cipherstate';
+import * as handshake from './noise/handshake';
+import * as patterns from './noise/patterns';
+import * as profiles from './noise/profiles';
+import * as rekey from './noise/rekey';
+
+export const INTERNALS = {
+    aead: {
+        chacha20poly1305,
+    },
+    cipher: {
+        chacha20,
+    },
+    dh: {
+        x25519,
+    },
+    hash: {
+        blake2s,
+        poly1305,
+    },
+    noise: {
+        algorithms,
+        cipherstate,
+        handshake,
+        patterns,
+        profiles,
+        rekey,
+    },
+};

package/src/noise/algorithms.ts

@@ -0,0 +1,26 @@
+/// SPDX-License-Identifier: MIT
+/// SPDX-FileCopyrightText: Copyright © 2023 Tony Garnock-Jones <tonyg@leastfixedpoint.com>
+
+import { AEAD } from '../aead';
+import { Hash } from '../hash';
+import { DH } from '../dh';
+import { HMAC } from '../hmac';
+import { HKDF } from '../hkdf';
+
+import { Rekey } from './rekey';
+
+export interface Algorithms {
+    dh: DH,
+    aead: AEAD,
+    hash: Hash,
+    hmac?: HMAC,
+    hkdf?: HKDF,
+    rekey?: Rekey,
+}
+
+export function matchPattern(a: Algorithms, protocol_name: string): string | null {
+    const r = new RegExp(`^Noise_([A-Za-z0-9+]+)_${a.dh.NAME}_${a.aead.NAME}_${a.hash.NAME}$`);
+    const m = r.exec(protocol_name);
+    if (m === null) return null;
+    return m[1];
+}

package/src/noise/cipherstate.ts

@@ -0,0 +1,38 @@
+/// SPDX-License-Identifier: MIT
+/// SPDX-FileCopyrightText: Copyright © 2023 Tony Garnock-Jones <tonyg@leastfixedpoint.com>
+
+import { Nonce } from '../nonce';
+import { makeRekey } from './rekey';
+import { Algorithms } from './algorithms';
+
+export class CipherState {
+    view: DataView | null = null;
+    nonce = new Nonce();
+
+    constructor (public algorithms: Algorithms,
+                 key?: Uint8Array)
+    {
+        if (key !== void 0) this.view = new DataView(key.buffer);
+    }
+
+    encrypt(plaintext: Uint8Array, associated_data?: Uint8Array): Uint8Array {
+        if (this.view === null) return plaintext;
+        const ciphertext =
+            this.algorithms.aead.encrypt(plaintext, this.view, this.nonce, associated_data);
+        this.nonce.increment();
+        return ciphertext;
+    }
+
+    decrypt(ciphertext: Uint8Array, associated_data?: Uint8Array): Uint8Array {
+        if (this.view === null) return ciphertext;
+        const plaintext =
+            this.algorithms.aead.decrypt(ciphertext, this.view, this.nonce, associated_data);
+        this.nonce.increment();
+        return plaintext;
+    }
+
+    rekey() {
+        if (this.view === null) return;
+        this.view = (this.algorithms.rekey ?? makeRekey(this.algorithms.aead))(this.view);
+    }
+}

package/src/noise/handshake.ts

@@ -0,0 +1,240 @@
+/// SPDX-License-Identifier: MIT
+/// SPDX-FileCopyrightText: Copyright © 2023 Tony Garnock-Jones <tonyg@leastfixedpoint.com>
+
+import { DHKeyPair } from '../dh';
+import * as Bytes from '../bytes';
+
+import { Algorithms } from './algorithms';
+import { CipherState } from './cipherstate';
+import { HandshakePattern, KeyMixToken, Token } from './patterns';
+import { HKDF, makeHKDF } from '../hkdf';
+import { makeHMAC } from '../hmac';
+
+export type Role = 'initiator' | 'responder';
+
+export type HandshakeOptions = {
+    prologue?: Uint8Array,
+    staticKeypair?: DHKeyPair,
+    remoteStaticPublicKey?: Uint8Array,
+    pregeneratedEphemeralKeypair?: DHKeyPair,
+    remotePregeneratedEphemeralPublicKey?: Uint8Array,
+    preSharedKeys?: Uint8Array[],
+};
+
+export type TransportState = { send: CipherState, recv: CipherState };
+
+export class Handshake {
+    staticKeypair: DHKeyPair;
+    remoteStaticPublicKey: Uint8Array | null;
+    ephemeralKeypair: DHKeyPair;
+    remoteEphemeralPublicKey: Uint8Array | null;
+    preSharedKeys?: Uint8Array[];
+    stepIndex = 0;
+    cipherState: CipherState;
+    chainingKey: Uint8Array;
+    handshakeHash: Uint8Array;
+    hkdf: HKDF;
+
+    constructor (public algorithms: Algorithms,
+                 public pattern: HandshakePattern,
+                 public role: Role,
+                 options: HandshakeOptions = {})
+    {
+        this.staticKeypair = options.staticKeypair ?? this.algorithms.dh.generateKeypair();
+        this.remoteStaticPublicKey = options.remoteStaticPublicKey ?? null;
+        this.ephemeralKeypair = options.pregeneratedEphemeralKeypair ?? this.algorithms.dh.generateKeypair();
+        this.remoteEphemeralPublicKey = options.remotePregeneratedEphemeralPublicKey ?? null;
+        this.preSharedKeys = options.preSharedKeys;
+        if (this.preSharedKeys) {
+            this.preSharedKeys = this.preSharedKeys.slice();
+            if (this.preSharedKeys.length === 0) this.preSharedKeys = void 0;
+        }
+
+        const protocolName = new TextEncoder().encode(
+            'Noise_' + this.pattern.name +
+                '_' + this.algorithms.dh.NAME +
+                '_' + this.algorithms.aead.NAME +
+                '_' + this.algorithms.hash.NAME);
+
+        this.cipherState = new CipherState(this.algorithms);
+        {
+            const ckLen = this.algorithms.hash.OUTBYTES;
+            const ckSeed = (protocolName.byteLength > ckLen)
+                ? this.algorithms.hash.digest(protocolName)
+                : protocolName;
+            this.chainingKey = Bytes.append(ckSeed, new Uint8Array(ckLen - ckSeed.byteLength));
+        }
+        this.handshakeHash = this.chainingKey;
+
+        this.mixHash(options.prologue ?? Bytes.EMPTY);
+        this.pattern.initiatorPreMessage.forEach(t => this.mixHash(t === 'e'
+            ? (this.isInitiator ? this.ephemeralKeypair.public : this.remoteEphemeralPublicKey!)
+            : (this.isInitiator ? this.staticKeypair.public : this.remoteStaticPublicKey!)));
+        this.pattern.responderPreMessage.forEach(t => this.mixHash(t === 'e'
+            ? (!this.isInitiator ? this.ephemeralKeypair.public : this.remoteEphemeralPublicKey!)
+            : (!this.isInitiator ? this.staticKeypair.public : this.remoteStaticPublicKey!)));
+
+        this.hkdf = this.algorithms.hkdf ?? makeHKDF(
+            this.algorithms.hmac ?? makeHMAC(this.algorithms.hash));
+    }
+
+    get isInitiator(): boolean {
+        return this.role === 'initiator';
+    }
+
+    mixHash(data: Uint8Array) {
+        this.handshakeHash = this.algorithms.hash.digest(Bytes.append(this.handshakeHash, data));
+    }
+
+    mixKey(input: Uint8Array) {
+        const [newCk, k] = this.hkdf(this.chainingKey, input, 2);
+        this.chainingKey = newCk;
+        this.cipherState = new CipherState(this.algorithms, k);
+    }
+
+    mixKeyAndHashNextPSK() {
+        const psk = this.preSharedKeys!.shift()!;
+        const [newCk, tempH, k] = this.hkdf(this.chainingKey, psk, 3);
+        this.chainingKey = newCk;
+        this.mixHash(tempH);
+        this.cipherState = new CipherState(this.algorithms, k);
+    }
+
+    encryptAndHash(p: Uint8Array) {
+        const c = this.cipherState.encrypt(p, this.handshakeHash);
+        this.mixHash(c);
+        return c;
+    }
+
+    decryptAndHash(c: Uint8Array) {
+        const p = this.cipherState.decrypt(c, this.handshakeHash);
+        this.mixHash(c);
+        return p;
+    }
+
+    _split(): TransportState | null {
+        if (this.stepIndex < this.pattern.messages.length) {
+            return null;
+        } else {
+            let [kI, kR] = this.hkdf(this.chainingKey, Bytes.EMPTY, 2)
+                .map(k => new CipherState(this.algorithms, k));
+            return this.isInitiator ? { send: kI, recv: kR } : { send: kR, recv: kI };
+        }
+    }
+
+    _nextStep(): Token[] {
+        if (this.stepIndex >= this.pattern.messages.length) {
+            throw new Error("Handshake already complete, cannot continue");
+        }
+        return this.pattern.messages[this.stepIndex++];
+    }
+
+    _processKeyMixToken(t: KeyMixToken) {
+        switch (t) {
+            case 'ee':
+                this.mixKey(this.algorithms.dh.dh(this.ephemeralKeypair, this.remoteEphemeralPublicKey!));
+                break;
+
+            case 'es':
+                this.mixKey(this.isInitiator
+                    ? this.algorithms.dh.dh(this.ephemeralKeypair, this.remoteStaticPublicKey!)
+                    : this.algorithms.dh.dh(this.staticKeypair, this.remoteEphemeralPublicKey!));
+                break;
+
+            case 'se':
+                this.mixKey(!this.isInitiator
+                    ? this.algorithms.dh.dh(this.ephemeralKeypair, this.remoteStaticPublicKey!)
+                    : this.algorithms.dh.dh(this.staticKeypair, this.remoteEphemeralPublicKey!));
+                break;
+
+            case 'ss':
+                this.mixKey(this.algorithms.dh.dh(this.staticKeypair, this.remoteStaticPublicKey!));
+                break;
+
+            case 'psk':
+                this.mixKeyAndHashNextPSK();
+                break;
+        }
+    }
+
+    writeMessage(payload: Uint8Array): { packet: Uint8Array, finished: TransportState | null } {
+        const pieces = [];
+        this._nextStep().forEach(t => {
+            switch (t) {
+                case 'e':
+                    pieces.push(this.ephemeralKeypair.public);
+                    this.mixHash(this.ephemeralKeypair.public);
+                    if (this.preSharedKeys) this.mixKey(this.ephemeralKeypair.public);
+                    break;
+
+                case 's':
+                    pieces.push(this.encryptAndHash(this.staticKeypair.public));
+                    break;
+
+                default:
+                    this._processKeyMixToken(t);
+                    break;
+            }
+        });
+        pieces.push(this.encryptAndHash(payload));
+
+        let packet: Uint8Array;
+        if (pieces.length === 1) {
+            packet = pieces[0];
+        } else {
+            packet = new Uint8Array(pieces.reduce((ac, p) => ac + p.byteLength, 0));
+            let offset = 0;
+            pieces.forEach(p => { packet.set(p, offset); offset += p.byteLength; });
+        }
+
+        return { packet, finished: this._split() };
+    }
+
+    readMessage(packet: Uint8Array): { message: Uint8Array, finished: TransportState | null } {
+        const take = (n: number): Uint8Array => {
+            const bs = packet.slice(0, n);
+            packet = packet.subarray(n);
+            return bs;
+        };
+        this._nextStep().forEach(t => {
+            switch (t) {
+                case 'e':
+                    this.remoteEphemeralPublicKey = take(this.algorithms.dh.DHLEN);
+                    this.mixHash(this.remoteEphemeralPublicKey);
+                    if (this.preSharedKeys) this.mixKey(this.remoteEphemeralPublicKey);
+                    break;
+
+                case 's':
+                    this.remoteStaticPublicKey = this.decryptAndHash(take(
+                        this.algorithms.dh.DHLEN + (this.cipherState.view ? 16 : 0)));
+                    break;
+
+                default:
+                    this._processKeyMixToken(t);
+                    break;
+            }
+        });
+
+        const message = this.decryptAndHash(packet);
+        return { message, finished: this._split() };
+    }
+
+    async completeHandshake(writePacket: (packet: Uint8Array) => Promise<void>,
+                            readPacket: () => Promise<Uint8Array>,
+                            handleMessage = async (_m: Uint8Array): Promise<void> => {},
+                            produceMessage = async (): Promise<Uint8Array> => new Uint8Array(0))
+    : Promise<TransportState>
+    {
+        const W = async (): Promise<TransportState> => {
+            const { packet, finished } = this.writeMessage(await produceMessage());
+            await writePacket(packet);
+            return finished || R();
+        };
+        const R = async (): Promise<TransportState> => {
+            const { message, finished } = this.readMessage(await readPacket());
+            await handleMessage(message);
+            return finished || W();
+        };
+        return (this.isInitiator ? W() : R());
+    }
+}

package/src/{patterns.ts → noise/patterns.ts}

@@ -1,7 +1,18 @@
 /// SPDX-License-Identifier: MIT
 /// SPDX-FileCopyrightText: Copyright © 2023 Tony Garnock-Jones <tonyg@leastfixedpoint.com>
 
-import type { HandshakePattern, PreMessage, Token } from './noise';
+export type KeyTransferToken = 'e' | 's';
+export type KeyMixToken = 'ee' | 'es' | 'se' | 'ss' | 'psk';
+export type Token = KeyTransferToken | KeyMixToken;
+export type PreMessage = ['e'] | ['s'] | ['e', 's'] | [];
+
+export interface HandshakePattern {
+    name: string; // e.g. "NNpsk2"
+    baseName: string; // e.g. "NN"
+    messages: Token[][];
+    initiatorPreMessage: PreMessage;
+    responderPreMessage: PreMessage;
+}
 
 export const PATTERNS: { [key: string]: HandshakePattern } = {};
 

package/src/noise/profiles.ts

@@ -0,0 +1,13 @@
+/// SPDX-License-Identifier: MIT
+/// SPDX-FileCopyrightText: Copyright © 2023 Tony Garnock-Jones <tonyg@leastfixedpoint.com>
+
+import { Algorithms } from './algorithms';
+import { BLAKE2s } from '../hash';
+import { ChaCha20Poly1305_RFC8439 } from '../aead';
+import { X25519 } from '../dh';
+
+export const Noise_25519_ChaChaPoly_BLAKE2s: Algorithms = {
+    dh: X25519,
+    aead: ChaCha20Poly1305_RFC8439,
+    hash: BLAKE2s,
+};

package/src/noise/rekey.ts

@@ -0,0 +1,13 @@
+/// SPDX-License-Identifier: MIT
+/// SPDX-FileCopyrightText: Copyright © 2023 Tony Garnock-Jones <tonyg@leastfixedpoint.com>
+
+import { AEAD } from '../aead';
+import { Nonce } from '../nonce';
+
+export type Rekey = (k: DataView) => DataView;
+
+export function makeRekey(aead: AEAD): Rekey {
+    return (k: DataView): DataView => {
+        return new DataView(aead.encrypt(new Uint8Array(32), k, Nonce.MAX).buffer);
+    };
+}