ts-mls 1.0.1

package/dist/src/crypto/ciphersuite.d.ts

@@ -0,0 +1,51 @@
+import { Signature, SignatureAlgorithm } from "./signature";
+import { Hash, HashAlgorithm } from "./hash";
+import { Kdf } from "./kdf";
+import { Hpke, HpkeAlgorithm } from "./hpke";
+import { Encoder } from "../codec/tlsEncoder";
+import { Decoder } from "../codec/tlsDecoder";
+import { Rng } from "./rng";
+export type CiphersuiteImpl = {
+    hash: Hash;
+    hpke: Hpke;
+    signature: Signature;
+    kdf: Kdf;
+    rng: Rng;
+    name: CiphersuiteName;
+};
+export declare const ciphersuites: {
+    readonly MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519: 1;
+    readonly MLS_128_DHKEMP256_AES128GCM_SHA256_P256: 2;
+    readonly MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519: 3;
+    readonly MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448: 4;
+    readonly MLS_256_DHKEMP521_AES256GCM_SHA512_P521: 5;
+    readonly MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448: 6;
+    readonly MLS_256_DHKEMP384_AES256GCM_SHA384_P384: 7;
+    readonly MLS_128_MLKEM512_AES128GCM_SHA256_Ed25519: 77;
+    readonly MLS_128_MLKEM512_CHACHA20POLY1305_SHA256_Ed25519: 78;
+    readonly MLS_256_MLKEM768_AES256GCM_SHA384_Ed25519: 79;
+    readonly MLS_256_MLKEM768_CHACHA20POLY1305_SHA384_Ed25519: 80;
+    readonly MLS_256_MLKEM1024_AES256GCM_SHA512_Ed25519: 81;
+    readonly MLS_256_MLKEM1024_CHACHA20POLY1305_SHA512_Ed25519: 82;
+    readonly MLS_256_XWING_AES256GCM_SHA512_Ed25519: 83;
+    readonly MLS_256_XWING_CHACHA20POLY1305_SHA512_Ed25519: 84;
+    readonly MLS_256_MLKEM1024_AES256GCM_SHA512_MLDSA87: 85;
+    readonly MLS_256_MLKEM1024_CHACHA20POLY1305_SHA512_MLDSA87: 86;
+    readonly MLS_256_XWING_AES256GCM_SHA512_MLDSA87: 87;
+    readonly MLS_256_XWING_CHACHA20POLY1305_SHA512_MLDSA87: 88;
+};
+export type CiphersuiteName = keyof typeof ciphersuites;
+export type CiphersuiteId = (typeof ciphersuites)[CiphersuiteName];
+export declare const encodeCiphersuite: Encoder<CiphersuiteName>;
+export declare const decodeCiphersuite: Decoder<CiphersuiteName>;
+export declare function getCiphersuiteNameFromId(id: CiphersuiteId): CiphersuiteName;
+export declare function getCiphersuiteFromId(id: CiphersuiteId): Ciphersuite;
+export declare function getCiphersuiteFromName(name: CiphersuiteName): Ciphersuite;
+export declare function getCiphersuiteImpl(cs: Ciphersuite): Promise<CiphersuiteImpl>;
+type Ciphersuite = {
+    hash: HashAlgorithm;
+    hpke: HpkeAlgorithm;
+    signature: SignatureAlgorithm;
+    name: CiphersuiteName;
+};
+export {};

package/dist/src/crypto/ciphersuite.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ciphersuite.d.ts","sourceRoot":"","sources":["../../../src/crypto/ciphersuite.ts"],"names":[],"mappings":"AAAA,OAAO,EAA0B,SAAS,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAA;AACnF,OAAO,EAAE,IAAI,EAAE,aAAa,EAAgB,MAAM,QAAQ,CAAA;AAC1D,OAAO,EAAE,GAAG,EAAwB,MAAM,OAAO,CAAA;AACjD,OAAO,EAAE,IAAI,EAAE,aAAa,EAAY,MAAM,QAAQ,CAAA;AACtD,OAAO,EAAoB,OAAO,EAAE,MAAM,qBAAqB,CAAA;AAE/D,OAAO,EAAE,OAAO,EAAoB,MAAM,qBAAqB,CAAA;AAE/D,OAAO,EAAE,GAAG,EAAgB,MAAM,OAAO,CAAA;AAEzC,MAAM,MAAM,eAAe,GAAG;IAC5B,IAAI,EAAE,IAAI,CAAA;IACV,IAAI,EAAE,IAAI,CAAA;IACV,SAAS,EAAE,SAAS,CAAA;IACpB,GAAG,EAAE,GAAG,CAAA;IACR,GAAG,EAAE,GAAG,CAAA;IACR,IAAI,EAAE,eAAe,CAAA;CACtB,CAAA;AAED,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;CAoBf,CAAA;AAEV,MAAM,MAAM,eAAe,GAAG,MAAM,OAAO,YAAY,CAAA;AACvD,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,YAAY,CAAC,CAAC,eAAe,CAAC,CAAA;AAElE,eAAO,MAAM,iBAAiB,EAAE,OAAO,CAAC,eAAe,CAGtD,CAAA;AAED,eAAO,MAAM,iBAAiB,EAAE,OAAO,CAAC,eAAe,CAGtD,CAAA;AAED,wBAAgB,wBAAwB,CAAC,EAAE,EAAE,aAAa,GAAG,eAAe,CAE3E;AAED,wBAAgB,oBAAoB,CAAC,EAAE,EAAE,aAAa,GAAG,WAAW,CAEnE;AAED,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,eAAe,GAAG,WAAW,CAEzE;AAED,wBAAsB,kBAAkB,CAAC,EAAE,EAAE,WAAW,GAAG,OAAO,CAAC,eAAe,CAAC,CAUlF;AAoMD,KAAK,WAAW,GAAG;IACjB,IAAI,EAAE,aAAa,CAAA;IACnB,IAAI,EAAE,aAAa,CAAA;IACnB,SAAS,EAAE,kBAAkB,CAAA;IAC7B,IAAI,EAAE,eAAe,CAAA;CACtB,CAAA"}

package/dist/src/crypto/ciphersuite.js

@@ -0,0 +1,252 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decodeCiphersuite = exports.encodeCiphersuite = exports.ciphersuites = void 0;
+exports.getCiphersuiteNameFromId = getCiphersuiteNameFromId;
+exports.getCiphersuiteFromId = getCiphersuiteFromId;
+exports.getCiphersuiteFromName = getCiphersuiteFromName;
+exports.getCiphersuiteImpl = getCiphersuiteImpl;
+const signature_1 = require("./signature");
+const hash_1 = require("./hash");
+const kdf_1 = require("./kdf");
+const hpke_1 = require("./hpke");
+const tlsEncoder_1 = require("../codec/tlsEncoder");
+const number_1 = require("../codec/number");
+const tlsDecoder_1 = require("../codec/tlsDecoder");
+const enumHelpers_1 = require("../util/enumHelpers");
+const rng_1 = require("./rng");
+exports.ciphersuites = {
+    MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519: 1,
+    MLS_128_DHKEMP256_AES128GCM_SHA256_P256: 2,
+    MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519: 3,
+    MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448: 4,
+    MLS_256_DHKEMP521_AES256GCM_SHA512_P521: 5,
+    MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448: 6,
+    MLS_256_DHKEMP384_AES256GCM_SHA384_P384: 7,
+    MLS_128_MLKEM512_AES128GCM_SHA256_Ed25519: 77,
+    MLS_128_MLKEM512_CHACHA20POLY1305_SHA256_Ed25519: 78,
+    MLS_256_MLKEM768_AES256GCM_SHA384_Ed25519: 79,
+    MLS_256_MLKEM768_CHACHA20POLY1305_SHA384_Ed25519: 80,
+    MLS_256_MLKEM1024_AES256GCM_SHA512_Ed25519: 81,
+    MLS_256_MLKEM1024_CHACHA20POLY1305_SHA512_Ed25519: 82,
+    MLS_256_XWING_AES256GCM_SHA512_Ed25519: 83,
+    MLS_256_XWING_CHACHA20POLY1305_SHA512_Ed25519: 84,
+    MLS_256_MLKEM1024_AES256GCM_SHA512_MLDSA87: 85,
+    MLS_256_MLKEM1024_CHACHA20POLY1305_SHA512_MLDSA87: 86,
+    MLS_256_XWING_AES256GCM_SHA512_MLDSA87: 87,
+    MLS_256_XWING_CHACHA20POLY1305_SHA512_MLDSA87: 88,
+};
+exports.encodeCiphersuite = (0, tlsEncoder_1.contramapEncoder)(number_1.encodeUint16, (0, enumHelpers_1.openEnumNumberEncoder)(exports.ciphersuites));
+exports.decodeCiphersuite = (0, tlsDecoder_1.mapDecoderOption)(number_1.decodeUint16, (0, enumHelpers_1.openEnumNumberToKey)(exports.ciphersuites));
+function getCiphersuiteNameFromId(id) {
+    return (0, enumHelpers_1.reverseMap)(exports.ciphersuites)[id];
+}
+function getCiphersuiteFromId(id) {
+    return ciphersuiteValues[id];
+}
+function getCiphersuiteFromName(name) {
+    return ciphersuiteValues[exports.ciphersuites[name]];
+}
+async function getCiphersuiteImpl(cs) {
+    const sc = crypto.subtle;
+    return {
+        kdf: (0, kdf_1.makeKdfImpl)((0, kdf_1.makeKdf)(cs.hpke.kdf)),
+        hash: (0, hash_1.makeHashImpl)(sc, cs.hash),
+        signature: await (0, signature_1.makeNobleSignatureImpl)(cs.signature),
+        hpke: await (0, hpke_1.makeHpke)(cs.hpke),
+        rng: rng_1.webCryptoRng,
+        name: cs.name,
+    };
+}
+const ciphersuiteValues = {
+    1: {
+        hash: "SHA-256",
+        hpke: {
+            kem: "DHKEM-X25519-HKDF-SHA256",
+            aead: "AES128GCM",
+            kdf: "HKDF-SHA256",
+        },
+        signature: "Ed25519",
+        name: "MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519",
+    },
+    2: {
+        hash: "SHA-256",
+        hpke: {
+            kem: "DHKEM-P256-HKDF-SHA256",
+            aead: "AES128GCM",
+            kdf: "HKDF-SHA256",
+        },
+        signature: "P256",
+        name: "MLS_128_DHKEMP256_AES128GCM_SHA256_P256",
+    },
+    3: {
+        hash: "SHA-256",
+        hpke: {
+            kem: "DHKEM-X25519-HKDF-SHA256",
+            aead: "CHACHA20POLY1305",
+            kdf: "HKDF-SHA256",
+        },
+        signature: "Ed25519",
+        name: "MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519",
+    },
+    4: {
+        hash: "SHA-512",
+        hpke: {
+            kem: "DHKEM-X448-HKDF-SHA512",
+            aead: "AES256GCM",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "Ed448",
+        name: "MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448",
+    },
+    5: {
+        hash: "SHA-512",
+        hpke: {
+            kem: "DHKEM-P521-HKDF-SHA512",
+            aead: "AES256GCM",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "P521",
+        name: "MLS_256_DHKEMP521_AES256GCM_SHA512_P521",
+    },
+    6: {
+        hash: "SHA-512",
+        hpke: {
+            kem: "DHKEM-X448-HKDF-SHA512",
+            aead: "CHACHA20POLY1305",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "Ed448",
+        name: "MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448",
+    },
+    7: {
+        hash: "SHA-384",
+        hpke: {
+            kem: "DHKEM-P384-HKDF-SHA384",
+            aead: "AES256GCM",
+            kdf: "HKDF-SHA384",
+        },
+        signature: "P384",
+        name: "MLS_256_DHKEMP384_AES256GCM_SHA384_P384",
+    },
+    77: {
+        hash: "SHA-256",
+        hpke: {
+            kem: "ML-KEM-512",
+            aead: "AES256GCM",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "Ed25519",
+        name: "MLS_128_MLKEM512_AES128GCM_SHA256_Ed25519",
+    },
+    78: {
+        hash: "SHA-256",
+        hpke: {
+            kem: "ML-KEM-512",
+            aead: "CHACHA20POLY1305",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "Ed25519",
+        name: "MLS_128_MLKEM512_CHACHA20POLY1305_SHA256_Ed25519",
+    },
+    79: {
+        hash: "SHA-384",
+        hpke: {
+            kem: "ML-KEM-768",
+            aead: "AES256GCM",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "Ed25519",
+        name: "MLS_256_MLKEM768_AES256GCM_SHA384_Ed25519",
+    },
+    80: {
+        hash: "SHA-384",
+        hpke: {
+            kem: "ML-KEM-768",
+            aead: "CHACHA20POLY1305",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "Ed25519",
+        name: "MLS_256_MLKEM768_CHACHA20POLY1305_SHA384_Ed25519",
+    },
+    81: {
+        hash: "SHA-512",
+        hpke: {
+            kem: "ML-KEM-1024",
+            aead: "AES256GCM",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "Ed25519",
+        name: "MLS_256_MLKEM1024_AES256GCM_SHA512_Ed25519",
+    },
+    82: {
+        hash: "SHA-512",
+        hpke: {
+            kem: "ML-KEM-1024",
+            aead: "CHACHA20POLY1305",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "Ed25519",
+        name: "MLS_256_MLKEM1024_CHACHA20POLY1305_SHA512_Ed25519",
+    },
+    83: {
+        hash: "SHA-512",
+        hpke: {
+            kem: "X-Wing",
+            aead: "AES256GCM",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "Ed25519",
+        name: "MLS_256_XWING_AES256GCM_SHA512_Ed25519",
+    },
+    84: {
+        hash: "SHA-512",
+        hpke: {
+            kem: "X-Wing",
+            aead: "CHACHA20POLY1305",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "Ed25519",
+        name: "MLS_256_XWING_CHACHA20POLY1305_SHA512_Ed25519",
+    },
+    85: {
+        hash: "SHA-512",
+        hpke: {
+            kem: "ML-KEM-1024",
+            aead: "AES256GCM",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "ML-DSA-87",
+        name: "MLS_256_MLKEM1024_AES256GCM_SHA512_MLDSA87",
+    },
+    86: {
+        hash: "SHA-512",
+        hpke: {
+            kem: "ML-KEM-1024",
+            aead: "CHACHA20POLY1305",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "ML-DSA-87",
+        name: "MLS_256_MLKEM1024_CHACHA20POLY1305_SHA512_MLDSA87",
+    },
+    87: {
+        hash: "SHA-512",
+        hpke: {
+            kem: "X-Wing",
+            aead: "AES256GCM",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "ML-DSA-87",
+        name: "MLS_256_XWING_AES256GCM_SHA512_MLDSA87",
+    },
+    88: {
+        hash: "SHA-512",
+        hpke: {
+            kem: "X-Wing",
+            aead: "CHACHA20POLY1305",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "ML-DSA-87",
+        name: "MLS_256_XWING_CHACHA20POLY1305_SHA512_MLDSA87",
+    },
+};
+//# sourceMappingURL=ciphersuite.js.map

package/dist/src/crypto/ciphersuite.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ciphersuite.js","sourceRoot":"","sources":["../../../src/crypto/ciphersuite.ts"],"names":[],"mappings":";;;AAsDA,4DAEC;AAED,oDAEC;AAED,wDAEC;AAED,gDAUC;AA5ED,2CAAmF;AACnF,iCAA0D;AAC1D,+BAAiD;AACjD,iCAAsD;AACtD,oDAA+D;AAC/D,4CAA4D;AAC5D,oDAA+D;AAC/D,qDAA4F;AAC5F,+BAAyC;AAW5B,QAAA,YAAY,GAAG;IAC1B,4CAA4C,EAAE,CAAC;IAC/C,uCAAuC,EAAE,CAAC;IAC1C,mDAAmD,EAAE,CAAC;IACtD,wCAAwC,EAAE,CAAC;IAC3C,uCAAuC,EAAE,CAAC;IAC1C,+CAA+C,EAAE,CAAC;IAClD,uCAAuC,EAAE,CAAC;IAC1C,yCAAyC,EAAE,EAAE;IAC7C,gDAAgD,EAAE,EAAE;IACpD,yCAAyC,EAAE,EAAE;IAC7C,gDAAgD,EAAE,EAAE;IACpD,0CAA0C,EAAE,EAAE;IAC9C,iDAAiD,EAAE,EAAE;IACrD,sCAAsC,EAAE,EAAE;IAC1C,6CAA6C,EAAE,EAAE;IACjD,0CAA0C,EAAE,EAAE;IAC9C,iDAAiD,EAAE,EAAE;IACrD,sCAAsC,EAAE,EAAE;IAC1C,6CAA6C,EAAE,EAAE;CACzC,CAAA;AAKG,QAAA,iBAAiB,GAA6B,IAAA,6BAAgB,EACzE,qBAAY,EACZ,IAAA,mCAAqB,EAAC,oBAAY,CAAC,CACpC,CAAA;AAEY,QAAA,iBAAiB,GAA6B,IAAA,6BAAgB,EACzE,qBAAY,EACZ,IAAA,iCAAmB,EAAC,oBAAY,CAAC,CAClC,CAAA;AAED,SAAgB,wBAAwB,CAAC,EAAiB;IACxD,OAAO,IAAA,wBAAU,EAAC,oBAAY,CAAC,CAAC,EAAE,CAAoB,CAAA;AACxD,CAAC;AAED,SAAgB,oBAAoB,CAAC,EAAiB;IACpD,OAAO,iBAAiB,CAAC,EAAE,CAAC,CAAA;AAC9B,CAAC;AAED,SAAgB,sBAAsB,CAAC,IAAqB;IAC1D,OAAO,iBAAiB,CAAC,oBAAY,CAAC,IAAI,CAAC,CAAC,CAAA;AAC9C,CAAC;AAEM,KAAK,UAAU,kBAAkB,CAAC,EAAe;IACtD,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CAAA;IACxB,OAAO;QACL,GAAG,EAAE,IAAA,iBAAW,EAAC,IAAA,aAAO,EAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACtC,IAAI,EAAE,IAAA,mBAAY,EAAC,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC;QAC/B,SAAS,EAAE,MAAM,IAAA,kCAAsB,EAAC,EAAE,CAAC,SAAS,CAAC;QACrD,IAAI,EAAE,MAAM,IAAA,eAAQ,EAAC,EAAE,CAAC,IAAI,CAAC;QAC7B,GAAG,EAAE,kBAAY;QACjB,IAAI,EAAE,EAAE,CAAC,IAAI;KACd,CAAA;AACH,CAAC;AAED,MAAM,iBAAiB,GAAuC;IAC5D,CAAC,EAAE;QACD,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,0BAA0B;YAC/B,IAAI,EAAE,WAAW;YACjB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,8CAA8C;KACrD;IACD,CAAC,EAAE;QACD,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,wBAAwB;YAC7B,IAAI,EAAE,WAAW;YACjB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,MAAM;QACjB,IAAI,EAAE,yCAAyC;KAChD;IACD,CAAC,EAAE;QACD,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,0BAA0B;YAC/B,IAAI,EAAE,kBAAkB;YACxB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,qDAAqD;KAC5D;IACD,CAAC,EAAE;QACD,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,wBAAwB;YAC7B,IAAI,EAAE,WAAW;YACjB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,OAAO;QAClB,IAAI,EAAE,0CAA0C;KACjD;IACD,CAAC,EAAE;QACD,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,wBAAwB;YAC7B,IAAI,EAAE,WAAW;YACjB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,MAAM;QACjB,IAAI,EAAE,yCAAyC;KAChD;IACD,CAAC,EAAE;QACD,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,wBAAwB;YAC7B,IAAI,EAAE,kBAAkB;YACxB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,OAAO;QAClB,IAAI,EAAE,iDAAiD;KACxD;IACD,CAAC,EAAE;QACD,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,wBAAwB;YAC7B,IAAI,EAAE,WAAW;YACjB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,MAAM;QACjB,IAAI,EAAE,yCAAyC;KAChD;IAED,EAAE,EAAE;QACF,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,YAAY;YACjB,IAAI,EAAE,WAAW;YACjB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,2CAA2C;KAClD;IACD,EAAE,EAAE;QACF,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,YAAY;YACjB,IAAI,EAAE,kBAAkB;YACxB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,kDAAkD;KACzD;IACD,EAAE,EAAE;QACF,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,YAAY;YACjB,IAAI,EAAE,WAAW;YACjB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,2CAA2C;KAClD;IACD,EAAE,EAAE;QACF,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,YAAY;YACjB,IAAI,EAAE,kBAAkB;YACxB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,kDAAkD;KACzD;IACD,EAAE,EAAE;QACF,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,aAAa;YAClB,IAAI,EAAE,WAAW;YACjB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,4CAA4C;KACnD;IACD,EAAE,EAAE;QACF,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,aAAa;YAClB,IAAI,EAAE,kBAAkB;YACxB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,mDAAmD;KAC1D;IACD,EAAE,EAAE;QACF,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,QAAQ;YACb,IAAI,EAAE,WAAW;YACjB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,wCAAwC;KAC/C;IACD,EAAE,EAAE;QACF,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,QAAQ;YACb,IAAI,EAAE,kBAAkB;YACxB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,+CAA+C;KACtD;IACD,EAAE,EAAE;QACF,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,aAAa;YAClB,IAAI,EAAE,WAAW;YACjB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,WAAW;QACtB,IAAI,EAAE,4CAA4C;KACnD;IACD,EAAE,EAAE;QACF,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,aAAa;YAClB,IAAI,EAAE,kBAAkB;YACxB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,WAAW;QACtB,IAAI,EAAE,mDAAmD;KAC1D;IACD,EAAE,EAAE;QACF,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,QAAQ;YACb,IAAI,EAAE,WAAW;YACjB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,WAAW;QACtB,IAAI,EAAE,wCAAwC;KAC/C;IACD,EAAE,EAAE;QACF,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,QAAQ;YACb,IAAI,EAAE,kBAAkB;YACxB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,WAAW;QACtB,IAAI,EAAE,+CAA+C;KACtD;CACO,CAAA"}

package/dist/src/crypto/hash.d.ts

@@ -0,0 +1,8 @@
+export type HashAlgorithm = "SHA-512" | "SHA-384" | "SHA-256";
+export declare function makeHashImpl(sc: SubtleCrypto, h: HashAlgorithm): Hash;
+export interface Hash {
+    digest(data: Uint8Array): Promise<Uint8Array>;
+    mac(key: Uint8Array, data: Uint8Array): Promise<Uint8Array>;
+    verifyMac(key: Uint8Array, mac: Uint8Array, data: Uint8Array): Promise<boolean>;
+}
+export declare function refhash(label: string, value: Uint8Array, h: Hash): Promise<Uint8Array<ArrayBufferLike>>;

package/dist/src/crypto/hash.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hash.d.ts","sourceRoot":"","sources":["../../../src/crypto/hash.ts"],"names":[],"mappings":"AAIA,MAAM,MAAM,aAAa,GAAG,SAAS,GAAG,SAAS,GAAG,SAAS,CAAA;AAE7D,wBAAgB,YAAY,CAAC,EAAE,EAAE,YAAY,EAAE,CAAC,EAAE,aAAa,GAAG,IAAI,CAcrE;AAeD,MAAM,WAAW,IAAI;IACnB,MAAM,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAA;IAC7C,GAAG,CAAC,GAAG,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAA;IAC3D,SAAS,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;CAChF;AAED,wBAAgB,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,EAAE,IAAI,wCAEhE"}

package/dist/src/crypto/hash.js

@@ -0,0 +1,36 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.makeHashImpl = makeHashImpl;
+exports.refhash = refhash;
+const utils_1 = require("@noble/ciphers/utils");
+const variableLength_1 = require("../codec/variableLength");
+const byteArray_1 = require("../util/byteArray");
+function makeHashImpl(sc, h) {
+    return {
+        async digest(data) {
+            const result = await sc.digest(h, (0, byteArray_1.bytesToBuffer)(data));
+            return new Uint8Array(result);
+        },
+        async mac(key, data) {
+            const result = await sc.sign("HMAC", await importMacKey(key, h), (0, byteArray_1.bytesToBuffer)(data));
+            return new Uint8Array(result);
+        },
+        async verifyMac(key, mac, data) {
+            return sc.verify("HMAC", await importMacKey(key, h), (0, byteArray_1.bytesToBuffer)(mac), (0, byteArray_1.bytesToBuffer)(data));
+        },
+    };
+}
+function importMacKey(rawKey, h) {
+    return crypto.subtle.importKey("raw", (0, byteArray_1.bytesToBuffer)(rawKey), {
+        name: "HMAC",
+        hash: { name: h },
+    }, false, ["sign", "verify"]);
+}
+function refhash(label, value, h) {
+    return h.digest(encodeRefHash(label, value));
+}
+function encodeRefHash(label, value) {
+    const labelBytes = (0, utils_1.utf8ToBytes)(label);
+    return new Uint8Array([...(0, variableLength_1.encodeVarLenData)(labelBytes), ...(0, variableLength_1.encodeVarLenData)(value)]);
+}
+//# sourceMappingURL=hash.js.map

package/dist/src/crypto/hash.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hash.js","sourceRoot":"","sources":["../../../src/crypto/hash.ts"],"names":[],"mappings":";;AAMA,oCAcC;AAqBD,0BAEC;AA3CD,gDAAkD;AAClD,4DAA0D;AAC1D,iDAAiD;AAIjD,SAAgB,YAAY,CAAC,EAAgB,EAAE,CAAgB;IAC7D,OAAO;QACL,KAAK,CAAC,MAAM,CAAC,IAAI;YACf,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,EAAE,IAAA,yBAAa,EAAC,IAAI,CAAC,CAAC,CAAA;YACtD,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,CAAA;QAC/B,CAAC;QACD,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI;YACjB,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,YAAY,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,IAAA,yBAAa,EAAC,IAAI,CAAC,CAAC,CAAA;YACrF,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,CAAA;QAC/B,CAAC;QACD,KAAK,CAAC,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI;YAC5B,OAAO,EAAE,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,YAAY,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,IAAA,yBAAa,EAAC,GAAG,CAAC,EAAE,IAAA,yBAAa,EAAC,IAAI,CAAC,CAAC,CAAA;QAC/F,CAAC;KACF,CAAA;AACH,CAAC;AAED,SAAS,YAAY,CAAC,MAAkB,EAAE,CAAgB;IACxD,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAC5B,KAAK,EACL,IAAA,yBAAa,EAAC,MAAM,CAAC,EACrB;QACE,IAAI,EAAE,MAAM;QACZ,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;KAClB,EACD,KAAK,EACL,CAAC,MAAM,EAAE,QAAQ,CAAC,CACnB,CAAA;AACH,CAAC;AAQD,SAAgB,OAAO,CAAC,KAAa,EAAE,KAAiB,EAAE,CAAO;IAC/D,OAAO,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAA;AAC9C,CAAC;AAED,SAAS,aAAa,CAAC,KAAa,EAAE,KAAiB;IACrD,MAAM,UAAU,GAAG,IAAA,mBAAW,EAAC,KAAK,CAAC,CAAA;IACrC,OAAO,IAAI,UAAU,CAAC,CAAC,GAAG,IAAA,iCAAgB,EAAC,UAAU,CAAC,EAAE,GAAG,IAAA,iCAAgB,EAAC,KAAK,CAAC,CAAC,CAAC,CAAA;AACtF,CAAC"}

package/dist/src/crypto/hpke.d.ts

@@ -0,0 +1,51 @@
+import { AeadAlgorithm } from "./aead";
+import { KdfAlgorithm } from "./kdf";
+import { KemAlgorithm } from "./kem";
+export type PublicKey = CryptoKey & {
+    type: "public";
+};
+export type SecretKey = CryptoKey & {
+    type: "secret";
+};
+export type PrivateKey = CryptoKey & {
+    type: "private";
+};
+export type HpkeAlgorithm = {
+    kem: KemAlgorithm;
+    kdf: KdfAlgorithm;
+    aead: AeadAlgorithm;
+};
+export declare function encryptWithLabel(publicKey: PublicKey, label: string, context: Uint8Array, plaintext: Uint8Array, hpke: Hpke): Promise<{
+    ct: Uint8Array;
+    enc: Uint8Array;
+}>;
+export declare function decryptWithLabel(privateKey: PrivateKey, label: string, context: Uint8Array, kemOutput: Uint8Array, ciphertext: Uint8Array, hpke: Hpke): Promise<Uint8Array>;
+export declare function makeHpke(hpkealg: HpkeAlgorithm): Promise<Hpke>;
+export interface Hpke {
+    open(privateKey: PrivateKey, kemOutput: Uint8Array, ciphertext: Uint8Array, info: Uint8Array, aad?: Uint8Array): Promise<Uint8Array>;
+    seal(publicKey: PublicKey, plaintext: Uint8Array, info: Uint8Array, aad?: Uint8Array): Promise<{
+        ct: Uint8Array;
+        enc: Uint8Array;
+    }>;
+    importPrivateKey(k: Uint8Array): Promise<PrivateKey>;
+    importPublicKey(k: Uint8Array): Promise<PublicKey>;
+    exportPublicKey(k: PublicKey): Promise<Uint8Array>;
+    exportPrivateKey(k: PrivateKey): Promise<Uint8Array>;
+    encryptAead(key: Uint8Array, nonce: Uint8Array, aad: Uint8Array | undefined, plaintext: Uint8Array): Promise<Uint8Array>;
+    decryptAead(key: Uint8Array, nonce: Uint8Array, aad: Uint8Array | undefined, ciphertext: Uint8Array): Promise<Uint8Array>;
+    exportSecret(publicKey: PublicKey, exporterContext: Uint8Array, length: number, info: Uint8Array): Promise<{
+        enc: Uint8Array;
+        secret: Uint8Array;
+    }>;
+    importSecret(privateKey: PrivateKey, exporterContext: Uint8Array, kemOutput: Uint8Array, length: number, info: Uint8Array): Promise<Uint8Array>;
+    deriveKeyPair(ikm: Uint8Array): Promise<{
+        privateKey: PrivateKey;
+        publicKey: PublicKey;
+    }>;
+    generateKeyPair(): Promise<{
+        privateKey: PrivateKey;
+        publicKey: PublicKey;
+    }>;
+    keyLength: number;
+    nonceLength: number;
+}

package/dist/src/crypto/hpke.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hpke.d.ts","sourceRoot":"","sources":["../../../src/crypto/hpke.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAY,MAAM,QAAQ,CAAA;AAChD,OAAO,EAAE,YAAY,EAAW,MAAM,OAAO,CAAA;AAC7C,OAAO,EAAE,YAAY,EAAa,MAAM,OAAO,CAAA;AAK/C,MAAM,MAAM,SAAS,GAAG,SAAS,GAAG;IAAE,IAAI,EAAE,QAAQ,CAAA;CAAE,CAAA;AACtD,MAAM,MAAM,SAAS,GAAG,SAAS,GAAG;IAAE,IAAI,EAAE,QAAQ,CAAA;CAAE,CAAA;AACtD,MAAM,MAAM,UAAU,GAAG,SAAS,GAAG;IAAE,IAAI,EAAE,SAAS,CAAA;CAAE,CAAA;AAExD,MAAM,MAAM,aAAa,GAAG;IAC1B,GAAG,EAAE,YAAY,CAAA;IACjB,GAAG,EAAE,YAAY,CAAA;IACjB,IAAI,EAAE,aAAa,CAAA;CACpB,CAAA;AAED,wBAAgB,gBAAgB,CAC9B,SAAS,EAAE,SAAS,EACpB,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,UAAU,EACrB,IAAI,EAAE,IAAI,GACT,OAAO,CAAC;IAAE,EAAE,EAAE,UAAU,CAAC;IAAC,GAAG,EAAE,UAAU,CAAA;CAAE,CAAC,CAO9C;AAED,wBAAgB,gBAAgB,CAC9B,UAAU,EAAE,UAAU,EACtB,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,UAAU,EACrB,UAAU,EAAE,UAAU,EACtB,IAAI,EAAE,IAAI,GACT,OAAO,CAAC,UAAU,CAAC,CAOrB;AAED,wBAAsB,QAAQ,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CA8FpE;AAED,MAAM,WAAW,IAAI;IACnB,IAAI,CACF,UAAU,EAAE,UAAU,EACtB,SAAS,EAAE,UAAU,EACrB,UAAU,EAAE,UAAU,EACtB,IAAI,EAAE,UAAU,EAChB,GAAG,CAAC,EAAE,UAAU,GACf,OAAO,CAAC,UAAU,CAAC,CAAA;IACtB,IAAI,CACF,SAAS,EAAE,SAAS,EACpB,SAAS,EAAE,UAAU,EACrB,IAAI,EAAE,UAAU,EAChB,GAAG,CAAC,EAAE,UAAU,GACf,OAAO,CAAC;QAAE,EAAE,EAAE,UAAU,CAAC;QAAC,GAAG,EAAE,UAAU,CAAA;KAAE,CAAC,CAAA;IAC/C,gBAAgB,CAAC,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAA;IACpD,eAAe,CAAC,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,CAAA;IAClD,eAAe,CAAC,CAAC,EAAE,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAA;IAClD,gBAAgB,CAAC,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAA;IACpD,WAAW,CACT,GAAG,EAAE,UAAU,EACf,KAAK,EAAE,UAAU,EACjB,GAAG,EAAE,UAAU,GAAG,SAAS,EAC3B,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,UAAU,CAAC,CAAA;IACtB,WAAW,CACT,GAAG,EAAE,UAAU,EACf,KAAK,EAAE,UAAU,EACjB,GAAG,EAAE,UAAU,GAAG,SAAS,EAC3B,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,UAAU,CAAC,CAAA;IACtB,YAAY,CACV,SAAS,EAAE,SAAS,EACpB,eAAe,EAAE,UAAU,EAC3B,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,UAAU,GACf,OAAO,CAAC;QAAE,GAAG,EAAE,UAAU,CAAC;QAAC,MAAM,EAAE,UAAU,CAAA;KAAE,CAAC,CAAA;IACnD,YAAY,CACV,UAAU,EAAE,UAAU,EACtB,eAAe,EAAE,UAAU,EAC3B,SAAS,EAAE,UAAU,EACrB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,UAAU,GACf,OAAO,CAAC,UAAU,CAAC,CAAA;IACtB,aAAa,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC;QAAE,UAAU,EAAE,UAAU,CAAC;QAAC,SAAS,EAAE,SAAS,CAAA;KAAE,CAAC,CAAA;IACzF,eAAe,IAAI,OAAO,CAAC;QAAE,UAAU,EAAE,UAAU,CAAC;QAAC,SAAS,EAAE,SAAS,CAAA;KAAE,CAAC,CAAA;IAC5E,SAAS,EAAE,MAAM,CAAA;IACjB,WAAW,EAAE,MAAM,CAAA;CACpB"}

package/dist/src/crypto/hpke.js

@@ -0,0 +1,114 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.encryptWithLabel = encryptWithLabel;
+exports.decryptWithLabel = decryptWithLabel;
+exports.makeHpke = makeHpke;
+const core_1 = require("@hpke/core");
+const aead_1 = require("./aead");
+const kdf_1 = require("./kdf");
+const kem_1 = require("./kem");
+const variableLength_1 = require("../codec/variableLength");
+const byteArray_1 = require("../util/byteArray");
+const mlsError_1 = require("../mlsError");
+function encryptWithLabel(publicKey, label, context, plaintext, hpke) {
+    return hpke.seal(publicKey, plaintext, new Uint8Array([...(0, variableLength_1.encodeVarLenData)(new TextEncoder().encode(`MLS 1.0 ${label}`)), ...(0, variableLength_1.encodeVarLenData)(context)]), new Uint8Array());
+}
+function decryptWithLabel(privateKey, label, context, kemOutput, ciphertext, hpke) {
+    return hpke.open(privateKey, kemOutput, ciphertext, new Uint8Array([...(0, variableLength_1.encodeVarLenData)(new TextEncoder().encode(`MLS 1.0 ${label}`)), ...(0, variableLength_1.encodeVarLenData)(context)]));
+}
+async function makeHpke(hpkealg) {
+    const aead = await (0, aead_1.makeAead)(hpkealg.aead);
+    const cs = new core_1.CipherSuite({
+        kem: await (0, kem_1.makeDhKem)(hpkealg.kem),
+        kdf: (0, kdf_1.makeKdf)(hpkealg.kdf),
+        aead: aead.hpkeInterface(),
+    });
+    return {
+        async open(privateKey, kemOutput, ciphertext, info, aad) {
+            try {
+                const result = await cs.open({ recipientKey: privateKey, enc: (0, byteArray_1.bytesToBuffer)(kemOutput), info: (0, byteArray_1.bytesToBuffer)(info) }, (0, byteArray_1.bytesToBuffer)(ciphertext), aad ? (0, byteArray_1.bytesToBuffer)(aad) : new ArrayBuffer());
+                return new Uint8Array(result);
+            }
+            catch (e) {
+                throw new mlsError_1.CryptoError(`${e}`);
+            }
+        },
+        async seal(publicKey, plaintext, info, aad) {
+            const result = await cs.seal({ recipientPublicKey: publicKey, info: (0, byteArray_1.bytesToBuffer)(info) }, (0, byteArray_1.bytesToBuffer)(plaintext), aad ? (0, byteArray_1.bytesToBuffer)(aad) : new ArrayBuffer());
+            return {
+                ct: new Uint8Array(result.ct),
+                enc: new Uint8Array(result.enc),
+            };
+        },
+        async exportSecret(publicKey, exporterContext, length, info) {
+            const context = await cs.createSenderContext({ recipientPublicKey: publicKey, info: (0, byteArray_1.bytesToBuffer)(info) });
+            return {
+                enc: new Uint8Array(context.enc),
+                secret: new Uint8Array(await context.export((0, byteArray_1.bytesToBuffer)(exporterContext), length)),
+            };
+        },
+        async importSecret(privateKey, exporterContext, kemOutput, length, info) {
+            try {
+                const context = await cs.createRecipientContext({
+                    recipientKey: privateKey,
+                    info: (0, byteArray_1.bytesToBuffer)(info),
+                    enc: (0, byteArray_1.bytesToBuffer)(kemOutput),
+                });
+                return new Uint8Array(await context.export((0, byteArray_1.bytesToBuffer)(exporterContext), length));
+            }
+            catch (e) {
+                throw new mlsError_1.CryptoError(`${e}`);
+            }
+        },
+        async importPrivateKey(k) {
+            try {
+                // See https://github.com/mlswg/mls-implementations/issues/176#issuecomment-1817043142
+                const key = hpkealg.kem === "DHKEM-P521-HKDF-SHA512" ? prepadPrivateKeyP521(k) : k;
+                return (await cs.kem.deserializePrivateKey((0, byteArray_1.bytesToBuffer)(key)));
+            }
+            catch (e) {
+                throw new mlsError_1.CryptoError(`${e}`);
+            }
+        },
+        async importPublicKey(k) {
+            try {
+                return (await cs.kem.deserializePublicKey((0, byteArray_1.bytesToBuffer)(k)));
+            }
+            catch (e) {
+                throw new mlsError_1.CryptoError(`${e}`);
+            }
+        },
+        async exportPublicKey(k) {
+            return new Uint8Array(await cs.kem.serializePublicKey(k));
+        },
+        async exportPrivateKey(k) {
+            return new Uint8Array(await cs.kem.serializePrivateKey(k));
+        },
+        async encryptAead(key, nonce, aad, plaintext) {
+            return aead.encrypt(key, nonce, aad ? aad : new Uint8Array(), plaintext);
+        },
+        async decryptAead(key, nonce, aad, ciphertext) {
+            try {
+                return await aead.decrypt(key, nonce, aad ? aad : new Uint8Array(), ciphertext);
+            }
+            catch (e) {
+                throw new mlsError_1.CryptoError(`${e}`);
+            }
+        },
+        async deriveKeyPair(ikm) {
+            const kp = await cs.kem.deriveKeyPair((0, byteArray_1.bytesToBuffer)(ikm));
+            return { privateKey: kp.privateKey, publicKey: kp.publicKey };
+        },
+        async generateKeyPair() {
+            const kp = await cs.kem.generateKeyPair();
+            return { privateKey: kp.privateKey, publicKey: kp.publicKey };
+        },
+        keyLength: cs.aead.keySize,
+        nonceLength: cs.aead.nonceSize,
+    };
+}
+function prepadPrivateKeyP521(k) {
+    const lengthDifference = 66 - k.byteLength;
+    return new Uint8Array([...new Uint8Array(lengthDifference), ...k]);
+}
+//# sourceMappingURL=hpke.js.map

package/dist/src/crypto/hpke.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hpke.js","sourceRoot":"","sources":["../../../src/crypto/hpke.ts"],"names":[],"mappings":";;AAkBA,4CAaC;AAED,4CAcC;AAED,4BA8FC;AA/ID,qCAAwC;AACxC,iCAAgD;AAChD,+BAA6C;AAC7C,+BAA+C;AAC/C,4DAA0D;AAC1D,iDAAiD;AACjD,0CAAyC;AAYzC,SAAgB,gBAAgB,CAC9B,SAAoB,EACpB,KAAa,EACb,OAAmB,EACnB,SAAqB,EACrB,IAAU;IAEV,OAAO,IAAI,CAAC,IAAI,CACd,SAAS,EACT,SAAS,EACT,IAAI,UAAU,CAAC,CAAC,GAAG,IAAA,iCAAgB,EAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,WAAW,KAAK,EAAE,CAAC,CAAC,EAAE,GAAG,IAAA,iCAAgB,EAAC,OAAO,CAAC,CAAC,CAAC,EACjH,IAAI,UAAU,EAAE,CACjB,CAAA;AACH,CAAC;AAED,SAAgB,gBAAgB,CAC9B,UAAsB,EACtB,KAAa,EACb,OAAmB,EACnB,SAAqB,EACrB,UAAsB,EACtB,IAAU;IAEV,OAAO,IAAI,CAAC,IAAI,CACd,UAAU,EACV,SAAS,EACT,UAAU,EACV,IAAI,UAAU,CAAC,CAAC,GAAG,IAAA,iCAAgB,EAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,WAAW,KAAK,EAAE,CAAC,CAAC,EAAE,GAAG,IAAA,iCAAgB,EAAC,OAAO,CAAC,CAAC,CAAC,CAClH,CAAA;AACH,CAAC;AAEM,KAAK,UAAU,QAAQ,CAAC,OAAsB;IACnD,MAAM,IAAI,GAAG,MAAM,IAAA,eAAQ,EAAC,OAAO,CAAC,IAAI,CAAC,CAAA;IACzC,MAAM,EAAE,GAAG,IAAI,kBAAW,CAAC;QACzB,GAAG,EAAE,MAAM,IAAA,eAAS,EAAC,OAAO,CAAC,GAAG,CAAC;QACjC,GAAG,EAAE,IAAA,aAAO,EAAC,OAAO,CAAC,GAAG,CAAC;QACzB,IAAI,EAAE,IAAI,CAAC,aAAa,EAAE;KAC3B,CAAC,CAAA;IAEF,OAAO;QACL,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,IAAI,EAAE,GAAG;YACrD,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,IAAI,CAC1B,EAAE,YAAY,EAAE,UAAU,EAAE,GAAG,EAAE,IAAA,yBAAa,EAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAA,yBAAa,EAAC,IAAI,CAAC,EAAE,EACtF,IAAA,yBAAa,EAAC,UAAU,CAAC,EACzB,GAAG,CAAC,CAAC,CAAC,IAAA,yBAAa,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAC7C,CAAA;gBACD,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,CAAA;YAC/B,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,IAAI,sBAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;YAC/B,CAAC;QACH,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG;YACxC,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,IAAI,CAC1B,EAAE,kBAAkB,EAAE,SAAS,EAAE,IAAI,EAAE,IAAA,yBAAa,EAAC,IAAI,CAAC,EAAE,EAC5D,IAAA,yBAAa,EAAC,SAAS,CAAC,EACxB,GAAG,CAAC,CAAC,CAAC,IAAA,yBAAa,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAC7C,CAAA;YACD,OAAO;gBACL,EAAE,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC7B,GAAG,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC;aAChC,CAAA;QACH,CAAC;QACD,KAAK,CAAC,YAAY,CAAC,SAAS,EAAE,eAAe,EAAE,MAAM,EAAE,IAAI;YACzD,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,mBAAmB,CAAC,EAAE,kBAAkB,EAAE,SAAS,EAAE,IAAI,EAAE,IAAA,yBAAa,EAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAC1G,OAAO;gBACL,GAAG,EAAE,IAAI,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC;gBAChC,MAAM,EAAE,IAAI,UAAU,CAAC,MAAM,OAAO,CAAC,MAAM,CAAC,IAAA,yBAAa,EAAC,eAAe,CAAC,EAAE,MAAM,CAAC,CAAC;aACrF,CAAA;QACH,CAAC;QACD,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI;YACrE,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,sBAAsB,CAAC;oBAC9C,YAAY,EAAE,UAAU;oBACxB,IAAI,EAAE,IAAA,yBAAa,EAAC,IAAI,CAAC;oBACzB,GAAG,EAAE,IAAA,yBAAa,EAAC,SAAS,CAAC;iBAC9B,CAAC,CAAA;gBACF,OAAO,IAAI,UAAU,CAAC,MAAM,OAAO,CAAC,MAAM,CAAC,IAAA,yBAAa,EAAC,eAAe,CAAC,EAAE,MAAM,CAAC,CAAC,CAAA;YACrF,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,IAAI,sBAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;YAC/B,CAAC;QACH,CAAC;QACD,KAAK,CAAC,gBAAgB,CAAC,CAAC;YACtB,IAAI,CAAC;gBACH,sFAAsF;gBACtF,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,KAAK,wBAAwB,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;gBAClF,OAAO,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAA,yBAAa,EAAC,GAAG,CAAC,CAAC,CAAe,CAAA;YAC/E,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,IAAI,sBAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;YAC/B,CAAC;QACH,CAAC;QACD,KAAK,CAAC,eAAe,CAAC,CAAC;YACrB,IAAI,CAAC;gBACH,OAAO,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,oBAAoB,CAAC,IAAA,yBAAa,EAAC,CAAC,CAAC,CAAC,CAAc,CAAA;YAC3E,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,IAAI,sBAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;YAC/B,CAAC;QACH,CAAC;QACD,KAAK,CAAC,eAAe,CAAC,CAAC;YACrB,OAAO,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAA;QAC3D,CAAC;QACD,KAAK,CAAC,gBAAgB,CAAC,CAAC;YACtB,OAAO,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAA;QAC5D,CAAC;QACD,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS;YAC1C,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,UAAU,EAAE,EAAE,SAAS,CAAC,CAAA;QAC1E,CAAC;QACD,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,UAAU;YAC3C,IAAI,CAAC;gBACH,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,UAAU,EAAE,EAAE,UAAU,CAAC,CAAA;YACjF,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,IAAI,sBAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;YAC/B,CAAC;QACH,CAAC;QACD,KAAK,CAAC,aAAa,CAAC,GAAG;YACrB,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,GAAG,CAAC,aAAa,CAAC,IAAA,yBAAa,EAAC,GAAG,CAAC,CAAC,CAAA;YACzD,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC,UAAwB,EAAE,SAAS,EAAE,EAAE,CAAC,SAAsB,EAAE,CAAA;QAC1F,CAAC;QACD,KAAK,CAAC,eAAe;YACnB,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,GAAG,CAAC,eAAe,EAAE,CAAA;YACzC,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC,UAAwB,EAAE,SAAS,EAAE,EAAE,CAAC,SAAsB,EAAE,CAAA;QAC1F,CAAC;QACD,SAAS,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO;QAC1B,WAAW,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS;KAC/B,CAAA;AACH,CAAC;AAmDD,SAAS,oBAAoB,CAAC,CAAa;IACzC,MAAM,gBAAgB,GAAG,EAAE,GAAG,CAAC,CAAC,UAAU,CAAA;IAC1C,OAAO,IAAI,UAAU,CAAC,CAAC,GAAG,IAAI,UAAU,CAAC,gBAAgB,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAA;AACpE,CAAC"}

package/dist/src/crypto/kdf.d.ts

@@ -0,0 +1,12 @@
+import { KdfInterface } from "@hpke/core";
+export interface Kdf {
+    extract(salt: Uint8Array, ikm: Uint8Array): Promise<Uint8Array>;
+    expand(prk: Uint8Array, info: Uint8Array, len: number): Promise<Uint8Array>;
+    size: number;
+}
+export type KdfAlgorithm = "HKDF-SHA256" | "HKDF-SHA384" | "HKDF-SHA512";
+export declare function makeKdfImpl(k: KdfInterface): Kdf;
+export declare function makeKdf(kdfAlg: KdfAlgorithm): KdfInterface;
+export declare function expandWithLabel(secret: Uint8Array, label: string, context: Uint8Array, length: number, kdf: Kdf): Promise<Uint8Array>;
+export declare function deriveSecret(secret: Uint8Array, label: string, kdf: Kdf): Promise<Uint8Array>;
+export declare function deriveTreeSecret(secret: Uint8Array, label: string, generation: number, length: number, kdf: Kdf): Promise<Uint8Array>;

package/dist/src/crypto/kdf.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"kdf.d.ts","sourceRoot":"","sources":["../../../src/crypto/kdf.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AAOzC,MAAM,WAAW,GAAG;IAClB,OAAO,CAAC,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAA;IAC/D,MAAM,CAAC,GAAG,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAAA;IAC3E,IAAI,EAAE,MAAM,CAAA;CACb;AAED,MAAM,MAAM,YAAY,GAAG,aAAa,GAAG,aAAa,GAAG,aAAa,CAAA;AAExE,wBAAgB,WAAW,CAAC,CAAC,EAAE,YAAY,GAAG,GAAG,CAYhD;AAED,wBAAgB,OAAO,CAAC,MAAM,EAAE,YAAY,GAAG,YAAY,CAS1D;AAED,wBAAgB,eAAe,CAC7B,MAAM,EAAE,UAAU,EAClB,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,UAAU,EACnB,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,GAAG,GACP,OAAO,CAAC,UAAU,CAAC,CAUrB;AAED,wBAAsB,YAAY,CAAC,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC,CAEnG;AAED,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,UAAU,EAClB,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,GAAG,GACP,OAAO,CAAC,UAAU,CAAC,CAErB"}

package/dist/src/crypto/kdf.js

@@ -0,0 +1,49 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.makeKdfImpl = makeKdfImpl;
+exports.makeKdf = makeKdf;
+exports.expandWithLabel = expandWithLabel;
+exports.deriveSecret = deriveSecret;
+exports.deriveTreeSecret = deriveTreeSecret;
+const utils_1 = require("@noble/ciphers/utils");
+const core_1 = require("@hpke/core");
+const variableLength_1 = require("../codec/variableLength");
+const number_1 = require("../codec/number");
+const byteArray_1 = require("../util/byteArray");
+function makeKdfImpl(k) {
+    return {
+        async extract(salt, ikm) {
+            const result = await k.extract((0, byteArray_1.bytesToBuffer)(salt), (0, byteArray_1.bytesToBuffer)(ikm));
+            return new Uint8Array(result);
+        },
+        async expand(prk, info, len) {
+            const result = await k.expand((0, byteArray_1.bytesToBuffer)(prk), (0, byteArray_1.bytesToBuffer)(info), len);
+            return new Uint8Array(result);
+        },
+        size: k.hashSize,
+    };
+}
+function makeKdf(kdfAlg) {
+    switch (kdfAlg) {
+        case "HKDF-SHA256":
+            return new core_1.HkdfSha256();
+        case "HKDF-SHA384":
+            return new core_1.HkdfSha384();
+        case "HKDF-SHA512":
+            return new core_1.HkdfSha512();
+    }
+}
+function expandWithLabel(secret, label, context, length, kdf) {
+    return kdf.expand(secret, new Uint8Array([
+        ...(0, number_1.encodeUint16)(length),
+        ...(0, variableLength_1.encodeVarLenData)((0, utils_1.utf8ToBytes)(`MLS 1.0 ${label}`)),
+        ...(0, variableLength_1.encodeVarLenData)(context),
+    ]), length);
+}
+async function deriveSecret(secret, label, kdf) {
+    return expandWithLabel(secret, label, new Uint8Array(), kdf.size, kdf);
+}
+async function deriveTreeSecret(secret, label, generation, length, kdf) {
+    return expandWithLabel(secret, label, (0, number_1.encodeUint32)(generation), length, kdf);
+}
+//# sourceMappingURL=kdf.js.map

package/dist/src/crypto/kdf.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"kdf.js","sourceRoot":"","sources":["../../../src/crypto/kdf.ts"],"names":[],"mappings":";;AAeA,kCAYC;AAED,0BASC;AAED,0CAgBC;AAED,oCAEC;AAED,4CAQC;AArED,gDAAkD;AAClD,qCAA+D;AAC/D,4DAA0D;AAC1D,4CAA4D;AAC5D,iDAAiD;AAUjD,SAAgB,WAAW,CAAC,CAAe;IACzC,OAAO;QACL,KAAK,CAAC,OAAO,CAAC,IAAgB,EAAE,GAAe;YAC7C,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC,IAAA,yBAAa,EAAC,IAAI,CAAC,EAAE,IAAA,yBAAa,EAAC,GAAG,CAAC,CAAC,CAAA;YACvE,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,CAAA;QAC/B,CAAC;QACD,KAAK,CAAC,MAAM,CAAC,GAAe,EAAE,IAAgB,EAAE,GAAW;YACzD,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,MAAM,CAAC,IAAA,yBAAa,EAAC,GAAG,CAAC,EAAE,IAAA,yBAAa,EAAC,IAAI,CAAC,EAAE,GAAG,CAAC,CAAA;YAC3E,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,CAAA;QAC/B,CAAC;QACD,IAAI,EAAE,CAAC,CAAC,QAAQ;KACjB,CAAA;AACH,CAAC;AAED,SAAgB,OAAO,CAAC,MAAoB;IAC1C,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,aAAa;YAChB,OAAO,IAAI,iBAAU,EAAE,CAAA;QACzB,KAAK,aAAa;YAChB,OAAO,IAAI,iBAAU,EAAE,CAAA;QACzB,KAAK,aAAa;YAChB,OAAO,IAAI,iBAAU,EAAE,CAAA;IAC3B,CAAC;AACH,CAAC;AAED,SAAgB,eAAe,CAC7B,MAAkB,EAClB,KAAa,EACb,OAAmB,EACnB,MAAc,EACd,GAAQ;IAER,OAAO,GAAG,CAAC,MAAM,CACf,MAAM,EACN,IAAI,UAAU,CAAC;QACb,GAAG,IAAA,qBAAY,EAAC,MAAM,CAAC;QACvB,GAAG,IAAA,iCAAgB,EAAC,IAAA,mBAAW,EAAC,WAAW,KAAK,EAAE,CAAC,CAAC;QACpD,GAAG,IAAA,iCAAgB,EAAC,OAAO,CAAC;KAC7B,CAAC,EACF,MAAM,CACP,CAAA;AACH,CAAC;AAEM,KAAK,UAAU,YAAY,CAAC,MAAkB,EAAE,KAAa,EAAE,GAAQ;IAC5E,OAAO,eAAe,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,UAAU,EAAE,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;AACxE,CAAC;AAEM,KAAK,UAAU,gBAAgB,CACpC,MAAkB,EAClB,KAAa,EACb,UAAkB,EAClB,MAAc,EACd,GAAQ;IAER,OAAO,eAAe,CAAC,MAAM,EAAE,KAAK,EAAE,IAAA,qBAAY,EAAC,UAAU,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,CAAA;AAC9E,CAAC"}

package/dist/src/crypto/kem.d.ts

@@ -0,0 +1,3 @@
+import { KemInterface } from "@hpke/core";
+export type KemAlgorithm = "DHKEM-P256-HKDF-SHA256" | "DHKEM-X25519-HKDF-SHA256" | "DHKEM-X448-HKDF-SHA512" | "DHKEM-P521-HKDF-SHA512" | "DHKEM-P384-HKDF-SHA384" | "ML-KEM-512" | "ML-KEM-768" | "ML-KEM-1024" | "X-Wing";
+export declare function makeDhKem(kemAlg: KemAlgorithm): Promise<KemInterface>;

package/dist/src/crypto/kem.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"kem.d.ts","sourceRoot":"","sources":["../../../src/crypto/kem.ts"],"names":[],"mappings":"AAAA,OAAO,EAML,YAAY,EACb,MAAM,YAAY,CAAA;AAGnB,MAAM,MAAM,YAAY,GACpB,wBAAwB,GACxB,0BAA0B,GAC1B,wBAAwB,GACxB,wBAAwB,GACxB,wBAAwB,GACxB,YAAY,GACZ,YAAY,GACZ,aAAa,GACb,QAAQ,CAAA;AAEZ,wBAAsB,SAAS,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,CAkD3E"}