npm - secrets-sharing - Versions diffs - 1.0.0 - Mend

secrets-sharing 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/secrets-sharing.d.ts +78 -0
package/dist/secrets-sharing.d.ts.map +1 -0
package/dist/secrets-sharing.js +361 -0
package/package.json +19 -0
package/secrets-sharing.ts +467 -0
package/test.js +66 -0

package/dist/secrets-sharing.d.ts ADDED Viewed

@@ -0,0 +1,78 @@
+export interface SecretsConfig {
+    bits: number;
+    radix: number;
+    maxShares: number;
+}
+export interface ShareComponents {
+    bits: number;
+    id: number;
+    data: string;
+}
+interface ParsedShare {
+    bits: number;
+    id: number;
+    value: string;
+}
+export declare function init(bits?: number): void;
+export declare function setRNG(rng: (() => number) | null): void;
+declare function hex2bin(hex: string): string;
+declare function splitBinToParts(bin: string, padLength?: number): number[];
+declare function parseShareString(shareString: string): ParsedShare;
+export declare function horner(x: number, coeffs: number[]): number;
+export declare function lagrange(at: number, x: number[], y: (number | undefined)[]): number;
+declare function bufferToSecretBin(secretBuffer: Buffer): string;
+/**
+ * Split a secret Buffer into `numShares` shares using Shamir's threshold secret sharing.
+ *
+ * @param secretBuffer - The secret to split, expressed as a Buffer.
+ * @param numShares - Total number of shares to produce (2 to config.max).
+ * @param threshold - Minimum shares required to reconstruct (2 to numShares).
+ * @param padLength - Zero-pad the binary secret to a multiple of this many bits before
+ *   splitting. Defaults to 128 (same as the original secrets.js) to prevent leaking
+ *   information about the size of small secrets. Must be 0–1024.
+ * @returns An array of `numShares` Buffer shares.
+ */
+export declare function share(secretBuffer: Buffer, numShares: number, threshold: number, padLength?: number): Buffer[];
+/**
+ * Reconstruct a secret Buffer from an array of share Buffers.
+ *
+ * @param shares - Array of share Buffers (must satisfy the threshold count).
+ * @param at - If non-zero, evaluates the polynomial at this x value instead of 0
+ *   (used internally by `newShare`).
+ * @returns The reconstructed secret as a Buffer, or the share data Buffer when `at` != 0.
+ */
+export declare function combine(shares: Buffer[], at?: number): Buffer;
+/**
+ * Generate a new share with the given numeric `id` from the existing `shares`.
+ * Mirrors `secrets.newShare(id, shares)` from the original secrets.js.
+ *
+ * @param id - Share id, an integer in [1, config.max].
+ * @param shares - Threshold number of existing share Buffers.
+ * @returns A new share Buffer for the requested id.
+ */
+export declare function newShare(id: number, shares: Buffer[]): Buffer;
+/**
+ * Return the current library configuration.
+ * Mirrors `secrets.getConfig()` from the original secrets.js.
+ */
+export declare function getConfig(): SecretsConfig;
+/**
+ * Extract the components of a share Buffer.
+ * Mirrors `secrets.extractShareComponents(share)` from the original secrets.js.
+ *
+ * @param shareBuffer - A share Buffer as produced by `share()` or `newShare()`.
+ * @returns An object with `bits`, `id`, and `data` (hex string of share payload).
+ */
+export declare function extractShareComponents(shareBuffer: Buffer): ShareComponents;
+export declare function shareBufferToString(shareBuffer: Buffer): string;
+export declare function shareStringToBuffer(shareString: string): Buffer;
+export declare function utf16beFromString(str: string): Buffer;
+export declare function utf16beToString(buf: Buffer): string;
+export declare const _internal: {
+    splitBinToParts: typeof splitBinToParts;
+    hex2bin: typeof hex2bin;
+    bufferToSecretBin: typeof bufferToSecretBin;
+    parseShareString: typeof parseShareString;
+};
+export {};
+//# sourceMappingURL=secrets-sharing.d.ts.map

package/dist/secrets-sharing.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"secrets-sharing.d.ts","sourceRoot":"","sources":["../secrets-sharing.ts"],"names":[],"mappings":"AA0BA,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;CACd;AAED,UAAU,WAAW;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;CACf;AA0CD,wBAAgB,IAAI,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CA2BxC;AAED,wBAAgB,MAAM,CAAC,GAAG,EAAE,CAAC,MAAM,MAAM,CAAC,GAAG,IAAI,GAAG,IAAI,CAEvD;AAsBD,iBAAS,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAMpC;AAWD,iBAAS,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAUlE;AAUD,iBAAS,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,WAAW,CAa1D;AASD,wBAAgB,MAAM,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAU1D;AAED,wBAAgB,QAAQ,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC,MAAM,GAAG,SAAS,CAAC,EAAE,GAAG,MAAM,CA8BnF;AAED,iBAAS,iBAAiB,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,CAOvD;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,KAAK,CACnB,YAAY,EAAE,MAAM,EACpB,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,EACjB,SAAS,SAAM,GACd,MAAM,EAAE,CAsCV;AAED;;;;;;;GAOG;AACH,wBAAgB,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,EAAE,SAAI,GAAG,MAAM,CAuDxD;AAED;;;;;;;GAOG;AACH,wBAAgB,QAAQ,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAa7D;AAED;;;GAGG;AACH,wBAAgB,SAAS,IAAI,aAAa,CAMzC;AAED;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CAAC,WAAW,EAAE,MAAM,GAAG,eAAe,CAM3E;AAED,wBAAgB,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,CAK/D;AAED,wBAAgB,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,CAK/D;AAED,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAOrD;AAED,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CASnD;AAED,eAAO,MAAM,SAAS;;;;;CAUrB,CAAC"}

package/dist/secrets-sharing.js ADDED Viewed

@@ -0,0 +1,361 @@
+'use strict';
+const defaults = {
+    bits: 8,
+    radix: 16,
+    minBits: 3,
+    maxBits: 20,
+    primitivePolynomials: [
+        null,
+        null,
+        1,
+        3,
+        3,
+        5,
+        3,
+        3,
+        29,
+        17,
+        9,
+        5,
+        83,
+        27,
+        43,
+        3,
+        45,
+        9,
+        39,
+        39,
+        9,
+    ],
+};
+const config = {
+    bits: defaults.bits,
+    radix: defaults.radix,
+    size: 256,
+    max: 255,
+    logs: [],
+    exps: [],
+    rng: null,
+};
+export function init(bits) {
+    const useBits = bits ?? defaults.bits;
+    if (useBits < defaults.minBits || useBits > defaults.maxBits) {
+        throw new Error('Bits out of range.');
+    }
+    config.bits = useBits;
+    config.size = 1 << useBits;
+    config.max = config.size - 1;
+    const primitive = defaults.primitivePolynomials[useBits];
+    const logs = new Array(config.size);
+    const exps = new Array(config.size);
+    let x = 1;
+    for (let i = 0; i < config.size; i += 1) {
+        exps[i] = x;
+        logs[x] = i;
+        x <<= 1;
+        if (x >= config.size) {
+            x ^= primitive;
+            x &= config.max;
+        }
+    }
+    config.logs = logs;
+    config.exps = exps;
+}
+export function setRNG(rng) {
+    config.rng = rng;
+}
+function random() {
+    if (typeof config.rng === 'function') {
+        const value = config.rng();
+        if (!Number.isInteger(value) || value < 0 || value > config.max) {
+            throw new Error('Invalid RNG output.');
+        }
+        return value;
+    }
+    return Math.floor(Math.random() * (config.max + 1));
+}
+function padLeftBinary(str, multiple) {
+    const missing = str.length % multiple;
+    if (missing === 0) {
+        return str;
+    }
+    return `${'0'.repeat(multiple - missing)}${str}`;
+}
+function hex2bin(hex) {
+    if (hex.length === 0) {
+        return '';
+    }
+    const asBigInt = BigInt(`0x${hex}`);
+    return padLeftBinary(asBigInt.toString(2), 4);
+}
+function bin2hex(bin) {
+    const padded = padLeftBinary(bin, 4);
+    let out = '';
+    for (let i = 0; i < padded.length; i += 4) {
+        out += parseInt(padded.slice(i, i + 4), 2).toString(16);
+    }
+    return out;
+}
+function splitBinToParts(bin, padLength) {
+    const padded = padLength ? padLeftBinary(bin, padLength) : bin;
+    const parts = [];
+    for (let i = padded.length; i > config.bits; i -= config.bits) {
+        parts.push(parseInt(padded.slice(i - config.bits, i), 2));
+    }
+    parts.push(parseInt(padded.slice(0, Math.max(1, padded.length % config.bits || config.bits)), 2));
+    return parts;
+}
+function partsToHex(parts) {
+    let out = '';
+    for (const part of [...parts].reverse()) {
+        out += part.toString(config.radix).padStart(2, '0');
+    }
+    return out;
+}
+function parseShareString(shareString) {
+    // charAt(0) always returns a string unlike bracket indexing under noUncheckedIndexedAccess.
+    const bits = parseInt(shareString.charAt(0), 36);
+    const max = (1 << bits) - 1;
+    const idLength = max.toString(config.radix).length;
+    const id = parseInt(shareString.slice(1, 1 + idLength), config.radix);
+    const value = shareString.slice(1 + idLength);
+    if (!Number.isInteger(id) || id < 1 || id > max) {
+        throw new Error('Invalid share id.');
+    }
+    return { bits, id, value };
+}
+function constructPublicShareString(id, dataParts) {
+    const maxIdChars = config.max.toString(config.radix).length;
+    const idHex = id.toString(config.radix).padStart(maxIdChars, '0');
+    // toUpperCase matches the original secrets.js share format for bits >= 10.
+    return `${config.bits.toString(36).toUpperCase()}${idHex}${partsToHex(dataParts)}`;
+}
+export function horner(x, coeffs) {
+    let fx = 0;
+    for (let i = coeffs.length - 1; i >= 0; i -= 1) {
+        if (fx !== 0) {
+            // logs and exps are fully populated by init(); non-null assertions are safe here.
+            fx = config.exps[(config.logs[x] + config.logs[fx]) % config.max];
+        }
+        fx ^= coeffs[i];
+    }
+    return fx;
+}
+export function lagrange(at, x, y) {
+    let sum = 0;
+    for (let i = 0; i < x.length; i += 1) {
+        const yi = y[i];
+        if (!yi) {
+            continue;
+        }
+        let product = config.logs[yi];
+        for (let j = 0; j < x.length; j += 1) {
+            if (i === j) {
+                continue;
+            }
+            if (at === x[j]) {
+                product = -1;
+                break;
+            }
+            product =
+                (product + config.logs[at ^ x[j]] - config.logs[x[i] ^ x[j]] + config.max) %
+                    config.max;
+        }
+        if (product !== -1) {
+            sum ^= config.exps[product];
+        }
+    }
+    return sum;
+}
+function bufferToSecretBin(secretBuffer) {
+    const hex = secretBuffer.toString('hex');
+    if (hex.length === 0) {
+        return '10';
+    }
+    const asBigInt = BigInt(`0x${hex}`);
+    return `1${padLeftBinary(asBigInt.toString(2), 16)}`;
+}
+/**
+ * Split a secret Buffer into `numShares` shares using Shamir's threshold secret sharing.
+ *
+ * @param secretBuffer - The secret to split, expressed as a Buffer.
+ * @param numShares - Total number of shares to produce (2 to config.max).
+ * @param threshold - Minimum shares required to reconstruct (2 to numShares).
+ * @param padLength - Zero-pad the binary secret to a multiple of this many bits before
+ *   splitting. Defaults to 128 (same as the original secrets.js) to prevent leaking
+ *   information about the size of small secrets. Must be 0–1024.
+ * @returns An array of `numShares` Buffer shares.
+ */
+export function share(secretBuffer, numShares, threshold, padLength = 128) {
+    if (!Buffer.isBuffer(secretBuffer)) {
+        throw new TypeError('secretBuffer must be a Buffer');
+    }
+    if (!Number.isInteger(numShares) || !Number.isInteger(threshold)) {
+        throw new TypeError('numShares and threshold must be integers');
+    }
+    if (numShares < 2 || numShares > config.max) {
+        throw new Error('numShares out of range.');
+    }
+    if (threshold < 2 || threshold > numShares) {
+        throw new Error('threshold out of range.');
+    }
+    if (!Number.isInteger(padLength) || padLength < 0 || padLength > 1024) {
+        throw new Error('Zero-pad length must be an integer between 0 and 1024 inclusive.');
+    }
+    const parts = splitBinToParts(bufferToSecretBin(secretBuffer), padLength);
+    const coeffs = [];
+    for (let i = 0; i < parts.length; i += 1) {
+        const row = [parts[i]];
+        for (let j = 1; j < threshold; j += 1) {
+            row[j] = random();
+        }
+        coeffs.push(row);
+    }
+    const out = [];
+    for (let xVal = 1; xVal <= numShares; xVal += 1) {
+        const dataParts = [];
+        for (let j = 0; j < parts.length; j += 1) {
+            dataParts.push(horner(xVal, coeffs[j]));
+        }
+        out.push(Buffer.from(constructPublicShareString(xVal, dataParts), 'ascii'));
+    }
+    return out;
+}
+/**
+ * Reconstruct a secret Buffer from an array of share Buffers.
+ *
+ * @param shares - Array of share Buffers (must satisfy the threshold count).
+ * @param at - If non-zero, evaluates the polynomial at this x value instead of 0
+ *   (used internally by `newShare`).
+ * @returns The reconstructed secret as a Buffer, or the share data Buffer when `at` != 0.
+ */
+export function combine(shares, at = 0) {
+    if (!Array.isArray(shares) || shares.length === 0) {
+        throw new Error('shares must be a non-empty array of Buffers');
+    }
+    const xArr = [];
+    const yMatrix = [];
+    let setBits;
+    for (const shareBuffer of shares) {
+        if (!Buffer.isBuffer(shareBuffer)) {
+            throw new TypeError('All shares must be Buffers');
+        }
+        const parsed = parseShareString(shareBuffer.toString('ascii'));
+        if (setBits === undefined) {
+            setBits = parsed.bits;
+            if (setBits !== config.bits) {
+                init(setBits);
+            }
+        }
+        else if (parsed.bits !== setBits) {
+            throw new Error('Mismatched share bit settings');
+        }
+        if (xArr.includes(parsed.id)) {
+            continue;
+        }
+        const idx = xArr.push(parsed.id) - 1;
+        const parts = splitBinToParts(hex2bin(parsed.value));
+        for (let j = 0; j < parts.length; j += 1) {
+            if (!yMatrix[j]) {
+                yMatrix[j] = [];
+            }
+            yMatrix[j][idx] = parts[j];
+        }
+    }
+    let resultBin = '';
+    for (const yRow of yMatrix) {
+        resultBin = lagrange(at, xArr, yRow).toString(2).padStart(config.bits, '0') + resultBin;
+    }
+    if (at === 0) {
+        const marker = resultBin.indexOf('1');
+        if (marker === -1) {
+            throw new Error('Invalid reconstructed secret marker');
+        }
+        resultBin = resultBin.slice(marker + 1);
+    }
+    const outHex = bin2hex(resultBin);
+    return Buffer.from(outHex, 'hex');
+}
+/**
+ * Generate a new share with the given numeric `id` from the existing `shares`.
+ * Mirrors `secrets.newShare(id, shares)` from the original secrets.js.
+ *
+ * @param id - Share id, an integer in [1, config.max].
+ * @param shares - Threshold number of existing share Buffers.
+ * @returns A new share Buffer for the requested id.
+ */
+export function newShare(id, shares) {
+    if (!Number.isInteger(id) || id < 1 || id > config.max) {
+        throw new Error(`Share id must be an integer between 1 and ${config.max}, inclusive.`);
+    }
+    if (!Array.isArray(shares) || shares.length === 0) {
+        throw new Error("Invalid 'shares' argument to newShare().");
+    }
+    // combine(shares, id) evaluates the polynomial at `id` and returns the raw bytes
+    // of the share payload. Reconstruct the full share string from that.
+    const shareData = combine(shares, id);
+    const dataParts = splitBinToParts(hex2bin(shareData.toString('hex')));
+    return Buffer.from(constructPublicShareString(id, dataParts), 'ascii');
+}
+/**
+ * Return the current library configuration.
+ * Mirrors `secrets.getConfig()` from the original secrets.js.
+ */
+export function getConfig() {
+    return {
+        bits: config.bits,
+        radix: config.radix,
+        maxShares: config.max,
+    };
+}
+/**
+ * Extract the components of a share Buffer.
+ * Mirrors `secrets.extractShareComponents(share)` from the original secrets.js.
+ *
+ * @param shareBuffer - A share Buffer as produced by `share()` or `newShare()`.
+ * @returns An object with `bits`, `id`, and `data` (hex string of share payload).
+ */
+export function extractShareComponents(shareBuffer) {
+    if (!Buffer.isBuffer(shareBuffer)) {
+        throw new TypeError('shareBuffer must be a Buffer');
+    }
+    const parsed = parseShareString(shareBuffer.toString('ascii'));
+    return { bits: parsed.bits, id: parsed.id, data: parsed.value };
+}
+export function shareBufferToString(shareBuffer) {
+    if (!Buffer.isBuffer(shareBuffer)) {
+        throw new TypeError('shareBuffer must be a Buffer');
+    }
+    return shareBuffer.toString('ascii');
+}
+export function shareStringToBuffer(shareString) {
+    if (typeof shareString !== 'string') {
+        throw new TypeError('shareString must be a string');
+    }
+    return Buffer.from(shareString, 'ascii');
+}
+export function utf16beFromString(str) {
+    const out = Buffer.allocUnsafe(str.length * 2);
+    for (let i = 0; i < str.length; i += 1) {
+        // Match secrets.js str2hex ordering (prepends each code unit).
+        out.writeUInt16BE(str.charCodeAt(i), (str.length - 1 - i) * 2);
+    }
+    return out;
+}
+export function utf16beToString(buf) {
+    if (buf.length % 2 !== 0) {
+        throw new Error('Invalid UTF-16BE buffer length');
+    }
+    let out = '';
+    for (let i = 0; i < buf.length; i += 2) {
+        out = String.fromCharCode(buf.readUInt16BE(i)) + out;
+    }
+    return out;
+}
+export const _internal = {
+    splitBinToParts,
+    hex2bin,
+    bufferToSecretBin,
+    parseShareString,
+};
+init(defaults.bits);

package/package.json ADDED Viewed

@@ -0,0 +1,19 @@
+{
+  "name": "secrets-sharing",
+  "version": "1.0.0",
+  "description": "A Typescript implementation of Shamir's Secret Sharing Scheme using buffers.",
+  "main": "index.js",
+  "scripts": {
+    "test": "node test.js",
+    "build": "tsc",
+    "publish": "npm run build && npm publish"
+  },
+  "keywords": ["shamir", "secret sharing", "typescript", "buffers"],
+  "author": "",
+  "license": "ISC",
+  "type": "module",
+  "devDependencies": {
+    "@types/node": "^25.3.2",
+    "typescript": "^5.9.3"
+  }
+}

package/secrets-sharing.ts ADDED Viewed

@@ -0,0 +1,467 @@
+'use strict';
+interface Defaults {
+  bits: number;
+  radix: number;
+  minBits: number;
+  maxBits: number;
+  primitivePolynomials: (number | null)[];
+}
+interface Config {
+  bits: number;
+  radix: number;
+  size: number;
+  max: number;
+  logs: number[];
+  exps: number[];
+  /**
+   * RNG contract differs from grempe/secrets.js: the original's RNG takes a `bits`
+   * argument and returns a binary string. This buffer implementation's RNG takes no
+   * arguments and returns a number in [0, config.max], which is simpler and avoids
+   * binary-string parsing in hot paths.
+   */
+  rng: (() => number) | null;
+}
+export interface SecretsConfig {
+  bits: number;
+  radix: number;
+  maxShares: number;
+}
+export interface ShareComponents {
+  bits: number;
+  id: number;
+  data: string;
+}
+interface ParsedShare {
+  bits: number;
+  id: number;
+  value: string;
+}
+const defaults: Defaults = {
+  bits: 8,
+  radix: 16,
+  minBits: 3,
+  maxBits: 20,
+  primitivePolynomials: [
+    null,
+    null,
+    1,
+    3,
+    3,
+    5,
+    3,
+    3,
+    29,
+    17,
+    9,
+    5,
+    83,
+    27,
+    43,
+    3,
+    45,
+    9,
+    39,
+    39,
+    9,
+  ],
+};
+const config: Config = {
+  bits: defaults.bits,
+  radix: defaults.radix,
+  size: 256,
+  max: 255,
+  logs: [],
+  exps: [],
+  rng: null,
+};
+export function init(bits?: number): void {
+  const useBits = bits ?? defaults.bits;
+  if (useBits < defaults.minBits || useBits > defaults.maxBits) {
+    throw new Error('Bits out of range.');
+  }
+  config.bits = useBits;
+  config.size = 1 << useBits;
+  config.max = config.size - 1;
+  const primitive = defaults.primitivePolynomials[useBits] as number;
+  const logs = new Array<number>(config.size);
+  const exps = new Array<number>(config.size);
+  let x = 1;
+  for (let i = 0; i < config.size; i += 1) {
+    exps[i] = x;
+    logs[x] = i;
+    x <<= 1;
+    if (x >= config.size) {
+      x ^= primitive;
+      x &= config.max;
+    }
+  }
+  config.logs = logs;
+  config.exps = exps;
+}
+export function setRNG(rng: (() => number) | null): void {
+  config.rng = rng;
+}
+function random(): number {
+  if (typeof config.rng === 'function') {
+    const value = config.rng();
+    if (!Number.isInteger(value) || value < 0 || value > config.max) {
+      throw new Error('Invalid RNG output.');
+    }
+    return value;
+  }
+  return Math.floor(Math.random() * (config.max + 1));
+}
+function padLeftBinary(str: string, multiple: number): string {
+  const missing = str.length % multiple;
+  if (missing === 0) {
+    return str;
+  }
+  return `${'0'.repeat(multiple - missing)}${str}`;
+}
+function hex2bin(hex: string): string {
+  if (hex.length === 0) {
+    return '';
+  }
+  const asBigInt = BigInt(`0x${hex}`);
+  return padLeftBinary(asBigInt.toString(2), 4);
+}
+function bin2hex(bin: string): string {
+  const padded = padLeftBinary(bin, 4);
+  let out = '';
+  for (let i = 0; i < padded.length; i += 4) {
+    out += parseInt(padded.slice(i, i + 4), 2).toString(16);
+  }
+  return out;
+}
+function splitBinToParts(bin: string, padLength?: number): number[] {
+  const padded = padLength ? padLeftBinary(bin, padLength) : bin;
+  const parts: number[] = [];
+  for (let i = padded.length; i > config.bits; i -= config.bits) {
+    parts.push(parseInt(padded.slice(i - config.bits, i), 2));
+  }
+  parts.push(parseInt(padded.slice(0, Math.max(1, padded.length % config.bits || config.bits)), 2));
+  return parts;
+}
+function partsToHex(parts: number[]): string {
+  let out = '';
+  for (const part of [...parts].reverse()) {
+    out += part.toString(config.radix).padStart(2, '0');
+  }
+  return out;
+}
+function parseShareString(shareString: string): ParsedShare {
+  // charAt(0) always returns a string unlike bracket indexing under noUncheckedIndexedAccess.
+  const bits = parseInt(shareString.charAt(0), 36);
+  const max = (1 << bits) - 1;
+  const idLength = max.toString(config.radix).length;
+  const id = parseInt(shareString.slice(1, 1 + idLength), config.radix);
+  const value = shareString.slice(1 + idLength);
+  if (!Number.isInteger(id) || id < 1 || id > max) {
+    throw new Error('Invalid share id.');
+  }
+  return { bits, id, value };
+}
+function constructPublicShareString(id: number, dataParts: number[]): string {
+  const maxIdChars = config.max.toString(config.radix).length;
+  const idHex = id.toString(config.radix).padStart(maxIdChars, '0');
+  // toUpperCase matches the original secrets.js share format for bits >= 10.
+  return `${config.bits.toString(36).toUpperCase()}${idHex}${partsToHex(dataParts)}`;
+}
+export function horner(x: number, coeffs: number[]): number {
+  let fx = 0;
+  for (let i = coeffs.length - 1; i >= 0; i -= 1) {
+    if (fx !== 0) {
+      // logs and exps are fully populated by init(); non-null assertions are safe here.
+      fx = config.exps[(config.logs[x]! + config.logs[fx]!) % config.max]!;
+    }
+    fx ^= coeffs[i]!;
+  }
+  return fx;
+}
+export function lagrange(at: number, x: number[], y: (number | undefined)[]): number {
+  let sum = 0;
+  for (let i = 0; i < x.length; i += 1) {
+    const yi = y[i];
+    if (!yi) {
+      continue;
+    }
+    let product: number = config.logs[yi]!;
+    for (let j = 0; j < x.length; j += 1) {
+      if (i === j) {
+        continue;
+      }
+      if (at === x[j]!) {
+        product = -1;
+        break;
+      }
+      product =
+        (product + config.logs[at ^ x[j]!]! - config.logs[x[i]! ^ x[j]!]! + config.max) %
+        config.max;
+    }
+    if (product !== -1) {
+      sum ^= config.exps[product]!;
+    }
+  }
+  return sum;
+}
+function bufferToSecretBin(secretBuffer: Buffer): string {
+  const hex = secretBuffer.toString('hex');
+  if (hex.length === 0) {
+    return '10';
+  }
+  const asBigInt = BigInt(`0x${hex}`);
+  return `1${padLeftBinary(asBigInt.toString(2), 16)}`;
+}
+/**
+ * Split a secret Buffer into `numShares` shares using Shamir's threshold secret sharing.
+ *
+ * @param secretBuffer - The secret to split, expressed as a Buffer.
+ * @param numShares - Total number of shares to produce (2 to config.max).
+ * @param threshold - Minimum shares required to reconstruct (2 to numShares).
+ * @param padLength - Zero-pad the binary secret to a multiple of this many bits before
+ *   splitting. Defaults to 128 (same as the original secrets.js) to prevent leaking
+ *   information about the size of small secrets. Must be 0–1024.
+ * @returns An array of `numShares` Buffer shares.
+ */
+export function share(
+  secretBuffer: Buffer,
+  numShares: number,
+  threshold: number,
+  padLength = 128,
+): Buffer[] {
+  if (!Buffer.isBuffer(secretBuffer)) {
+    throw new TypeError('secretBuffer must be a Buffer');
+  }
+  if (!Number.isInteger(numShares) || !Number.isInteger(threshold)) {
+    throw new TypeError('numShares and threshold must be integers');
+  }
+  if (numShares < 2 || numShares > config.max) {
+    throw new Error('numShares out of range.');
+  }
+  if (threshold < 2 || threshold > numShares) {
+    throw new Error('threshold out of range.');
+  }
+  if (!Number.isInteger(padLength) || padLength < 0 || padLength > 1024) {
+    throw new Error('Zero-pad length must be an integer between 0 and 1024 inclusive.');
+  }
+  const parts = splitBinToParts(bufferToSecretBin(secretBuffer), padLength);
+  const coeffs: number[][] = [];
+  for (let i = 0; i < parts.length; i += 1) {
+    const row: number[] = [parts[i]!];
+    for (let j = 1; j < threshold; j += 1) {
+      row[j] = random();
+    }
+    coeffs.push(row);
+  }
+  const out: Buffer[] = [];
+  for (let xVal = 1; xVal <= numShares; xVal += 1) {
+    const dataParts: number[] = [];
+    for (let j = 0; j < parts.length; j += 1) {
+      dataParts.push(horner(xVal, coeffs[j]!));
+    }
+    out.push(Buffer.from(constructPublicShareString(xVal, dataParts), 'ascii'));
+  }
+  return out;
+}
+/**
+ * Reconstruct a secret Buffer from an array of share Buffers.
+ *
+ * @param shares - Array of share Buffers (must satisfy the threshold count).
+ * @param at - If non-zero, evaluates the polynomial at this x value instead of 0
+ *   (used internally by `newShare`).
+ * @returns The reconstructed secret as a Buffer, or the share data Buffer when `at` != 0.
+ */
+export function combine(shares: Buffer[], at = 0): Buffer {
+  if (!Array.isArray(shares) || shares.length === 0) {
+    throw new Error('shares must be a non-empty array of Buffers');
+  }
+  const xArr: number[] = [];
+  const yMatrix: (number | undefined)[][] = [];
+  let setBits: number | undefined;
+  for (const shareBuffer of shares) {
+    if (!Buffer.isBuffer(shareBuffer)) {
+      throw new TypeError('All shares must be Buffers');
+    }
+    const parsed = parseShareString(shareBuffer.toString('ascii'));
+    if (setBits === undefined) {
+      setBits = parsed.bits;
+      if (setBits !== config.bits) {
+        init(setBits);
+      }
+    } else if (parsed.bits !== setBits) {
+      throw new Error('Mismatched share bit settings');
+    }
+    if (xArr.includes(parsed.id)) {
+      continue;
+    }
+    const idx = xArr.push(parsed.id) - 1;
+    const parts = splitBinToParts(hex2bin(parsed.value));
+    for (let j = 0; j < parts.length; j += 1) {
+      if (!yMatrix[j]) {
+        yMatrix[j] = [];
+      }
+      yMatrix[j]![idx] = parts[j]!;
+    }
+  }
+  let resultBin = '';
+  for (const yRow of yMatrix) {
+    resultBin = lagrange(at, xArr, yRow!).toString(2).padStart(config.bits, '0') + resultBin;
+  }
+  if (at === 0) {
+    const marker = resultBin.indexOf('1');
+    if (marker === -1) {
+      throw new Error('Invalid reconstructed secret marker');
+    }
+    resultBin = resultBin.slice(marker + 1);
+  }
+  const outHex = bin2hex(resultBin);
+  return Buffer.from(outHex, 'hex');
+}
+/**
+ * Generate a new share with the given numeric `id` from the existing `shares`.
+ * Mirrors `secrets.newShare(id, shares)` from the original secrets.js.
+ *
+ * @param id - Share id, an integer in [1, config.max].
+ * @param shares - Threshold number of existing share Buffers.
+ * @returns A new share Buffer for the requested id.
+ */
+export function newShare(id: number, shares: Buffer[]): Buffer {
+  if (!Number.isInteger(id) || id < 1 || id > config.max) {
+    throw new Error(`Share id must be an integer between 1 and ${config.max}, inclusive.`);
+  }
+  if (!Array.isArray(shares) || shares.length === 0) {
+    throw new Error("Invalid 'shares' argument to newShare().");
+  }
+  // combine(shares, id) evaluates the polynomial at `id` and returns the raw bytes
+  // of the share payload. Reconstruct the full share string from that.
+  const shareData = combine(shares, id);
+  const dataParts = splitBinToParts(hex2bin(shareData.toString('hex')));
+  return Buffer.from(constructPublicShareString(id, dataParts), 'ascii');
+}
+/**
+ * Return the current library configuration.
+ * Mirrors `secrets.getConfig()` from the original secrets.js.
+ */
+export function getConfig(): SecretsConfig {
+  return {
+    bits: config.bits,
+    radix: config.radix,
+    maxShares: config.max,
+  };
+}
+/**
+ * Extract the components of a share Buffer.
+ * Mirrors `secrets.extractShareComponents(share)` from the original secrets.js.
+ *
+ * @param shareBuffer - A share Buffer as produced by `share()` or `newShare()`.
+ * @returns An object with `bits`, `id`, and `data` (hex string of share payload).
+ */
+export function extractShareComponents(shareBuffer: Buffer): ShareComponents {
+  if (!Buffer.isBuffer(shareBuffer)) {
+    throw new TypeError('shareBuffer must be a Buffer');
+  }
+  const parsed = parseShareString(shareBuffer.toString('ascii'));
+  return { bits: parsed.bits, id: parsed.id, data: parsed.value };
+}
+export function shareBufferToString(shareBuffer: Buffer): string {
+  if (!Buffer.isBuffer(shareBuffer)) {
+    throw new TypeError('shareBuffer must be a Buffer');
+  }
+  return shareBuffer.toString('ascii');
+}
+export function shareStringToBuffer(shareString: string): Buffer {
+  if (typeof shareString !== 'string') {
+    throw new TypeError('shareString must be a string');
+  }
+  return Buffer.from(shareString, 'ascii');
+}
+export function utf16beFromString(str: string): Buffer {
+  const out = Buffer.allocUnsafe(str.length * 2);
+  for (let i = 0; i < str.length; i += 1) {
+    // Match secrets.js str2hex ordering (prepends each code unit).
+    out.writeUInt16BE(str.charCodeAt(i), (str.length - 1 - i) * 2);
+  }
+  return out;
+}
+export function utf16beToString(buf: Buffer): string {
+  if (buf.length % 2 !== 0) {
+    throw new Error('Invalid UTF-16BE buffer length');
+  }
+  let out = '';
+  for (let i = 0; i < buf.length; i += 2) {
+    out = String.fromCharCode(buf.readUInt16BE(i)) + out;
+  }
+  return out;
+}
+export const _internal = {
+  splitBinToParts,
+  hex2bin,
+  bufferToSecretBin,
+  parseShareString,
+} satisfies {
+  splitBinToParts: (bin: string, padLength?: number) => number[];
+  hex2bin: (hex: string) => string;
+  bufferToSecretBin: (secretBuffer: Buffer) => string;
+  parseShareString: (shareString: string) => ParsedShare;
+};
+init(defaults.bits);

package/test.js ADDED Viewed

@@ -0,0 +1,66 @@
+'use strict';
+const assert = require('assert');
+const {
+  setRNG,
+  share,
+  combine,
+  shareBufferToString,
+  shareStringToBuffer,
+  utf16beFromString,
+  utf16beToString,
+  _internal,
+} = require('./secrets-buffer');
+const validMnemonic =
+  'upset zoo adult butter oxygen grow liberty suit also tape river crack rich limb art guitar crime aware crowd blouse script boss mask west';
+const validSharesSplit = [
+  '8010d66f07a557608f04370d937a7c3d9b106407f6f78a32b1ed69e99a79a2f2b3f9e934cf6bc8251f4890d0b9947392f3f249cda3d60b158514e7f5b9beb4aeebd68d98b33b403063ef8b12b1fb4f8f135ad2bb2477562aaacaaf977840368c86872aa4ed3255b45626c9c37845bff8d27f96ef657287e94b4a5ea7fb9cea78b7cdee4e469834623e9dffa3ded951c0b1f2f6dc5b3bc0c2df3608cf5b50622262a9d49e87899247919068ec56e33e9862636e538c1c78ad30609549a11b7d251defe68d46ce311e2c0418b9238ff3d9ee307e083de6ba998df20dbbee1295063c646efd36f8d7effec2de057a960dda873ccca9ab4a635d371ca533cb631a8382ec632876fbbff437ace9abca2ca73a240608586ffa377c34f129bc8511e21fa06',
+  '8021accfdf4aaec10fd86e0af6e5398afe30c15fe71f0c2565cb19c2fc629fd56c9215b9864658ca2440fbc164f8eee5eee489ea9ecc0dab0379c9eb684cb01c1f8d01e0bd275a00c1cedd356a7755cfffc47f379eeea6b49d3494cee8c06738db0e4e69c0c4a0d8a52d8806e75b67507edef40f115506335dc57a9fef381c50b5ba1b5d5741b3b4674a35d7aa73780169b5e6197ed65785a46c0a0f7d40cd24cf127f2cd662fe7f2a80cba974a66af11e36c47703c9395bb6c121929b7730da202e1b0b544db99d902829e3910e3f121470e4b1b0ed6e92d18401f61bf5239c6208c55bb77079ce3775a72aee6c02c4d6e8538291551fcbb4d893a78ed62d270fa910413426b57866b818565fa89865931c0a6116d5b8e9b0224848d373cd2e993',
+  '80317aa0d8eff9a180dc5907659f45a76260a26817b88167d626769b612b3b37d9bbfe8d4e1d97df3df86d31df6c9a371a16c6b73a3a008e815d2c1ed7a20382f30b8a8808dc1c10a0215067dcfc1cb0ebbeabbcb899f6ce30de3d4997f057a45f89629d2b26f3fcf42b47f59d1edf88aab165a072b7868a10ff263813e4f1080467f71317f981065f47ccb476aa2f41de77165522cd95477dea04f02000a826ab8ba9b256cb6a68bc70a5d5256556697a05ad2489c546b684a1b22b3d5c4b3f3bd1ff8615c38e13bb7c366ab081cb5bfd009d998b5bd22b5ae60a8df7e7b1ea589cac8687f8ac21cf577f7f928a088e565499db381f7bb6859431d442f530f48b657169459d0c4c5644f7bd93943d5fb1ea04c97e8f8d95839367a4515228313e0',
+];
+// Original secrets.js string->hex path is UTF-16 code-unit based.
+const mnemonicBuffer = utf16beFromString(validMnemonic);
+const expectedShareBuffers = validSharesSplit.map(shareStringToBuffer);
+function deriveThreshold2Coefficients(secretBuf, firstShareString, padLength) {
+  const secretParts = _internal.splitBinToParts(_internal.bufferToSecretBin(secretBuf), padLength);
+  const firstPayload = _internal.parseShareString(firstShareString).value;
+  const firstShareParts = _internal.splitBinToParts(_internal.hex2bin(firstPayload));
+  assert.strictEqual(secretParts.length, firstShareParts.length, 'internal share lengths mismatch');
+  const coeffs = new Array(secretParts.length);
+  for (let i = 0; i < secretParts.length; i += 1) {
+    // For threshold=2 and x=1: y1 = secretPart XOR coeff.
+    coeffs[i] = secretParts[i] ^ firstShareParts[i];
+  }
+  return coeffs;
+}
+const coeffs = deriveThreshold2Coefficients(mnemonicBuffer, validSharesSplit[0], 128);
+let rngIndex = 0;
+setRNG(() => {
+  const value = coeffs[rngIndex];
+  rngIndex += 1;
+  return value;
+});
+const splitBuffers = share(mnemonicBuffer, 3, 2, 128);
+const splitStrings = splitBuffers.map(shareBufferToString);
+assert.deepStrictEqual(splitStrings, validSharesSplit, 'split shares mismatch expected fixtures');
+const recombinedFromFixtures = combine([
+  expectedShareBuffers[0],
+  expectedShareBuffers[2],
+]);
+const recombinedMnemonic = utf16beToString(recombinedFromFixtures);
+assert.strictEqual(recombinedMnemonic, validMnemonic, 'recombined mnemonic mismatch');
+// Verify app-layer transport conversion path: Buffer -> string -> Buffer.
+const transportRoundtrip = splitBuffers.map((shareBuf) => shareStringToBuffer(shareBufferToString(shareBuf)));
+const recombinedFromRoundtrip = combine([transportRoundtrip[1], transportRoundtrip[2]]);
+assert.strictEqual(utf16beToString(recombinedFromRoundtrip), validMnemonic, 'roundtrip recombination mismatch');
+console.log('ok');