ts-mls 1.0.2

package/dist/src/createCommit.js

@@ -0,0 +1,250 @@
+import { addHistoricalReceiverData, throwIfDefined, validateRatchetTree } from "./clientState";
+import { applyProposals, nextEpochContext, exportSecret, checkCanSendHandshakeMessages, } from "./clientState";
+import { decryptWithLabel } from "./crypto/hpke";
+import { deriveSecret } from "./crypto/kdf";
+import { createContentCommitSignature, createConfirmationTag, } from "./framedContent";
+import { encodeGroupContext } from "./groupContext";
+import { ratchetTreeFromExtension, signGroupInfo, verifyGroupInfoSignature } from "./groupInfo";
+import { makeKeyPackageRef } from "./keyPackage";
+import { initializeEpoch } from "./keySchedule";
+import { protect } from "./messageProtection";
+import { protectPublicMessage } from "./messageProtectionPublic";
+import { pathToPathSecrets } from "./pathSecrets";
+import { mergePrivateKeyPaths, updateLeafKey, toPrivateKeyPath } from "./privateKeyPath";
+import { addLeafNode, encodeRatchetTree, getCredentialFromLeafIndex, getSignaturePublicKeyFromLeafIndex, removeLeafNode, } from "./ratchetTree";
+import { createSecretTree } from "./secretTree";
+import { treeHashRoot } from "./treeHash";
+import { leafWidth, nodeToLeafIndex } from "./treemath";
+import { createUpdatePath, firstCommonAncestor, firstMatchAncestor } from "./updatePath";
+import { base64ToBytes } from "./util/byteArray";
+import { encryptGroupInfo, encryptGroupSecrets } from "./welcome";
+import { CryptoVerificationError, InternalError, UsageError, ValidationError } from "./mlsError";
+import { defaultClientConfig } from "./clientConfig";
+import { extensionsSupportedByCapabilities } from "./extension";
+export async function createCommit(state, pskSearch, publicMessage, extraProposals, cs, ratchetTreeExtension = false, authenticatedData = new Uint8Array()) {
+    checkCanSendHandshakeMessages(state);
+    const wireformat = publicMessage ? "mls_public_message" : "mls_private_message";
+    const allProposals = bundleAllProposals(state, extraProposals);
+    const res = await applyProposals(state, allProposals, state.privatePath.leafIndex, pskSearch, true, cs);
+    if (res.additionalResult.kind === "externalCommit")
+        throw new UsageError("Cannot create externalCommit as a member");
+    const suspendedPendingReinit = res.additionalResult.kind === "reinit" ? res.additionalResult.reinit : undefined;
+    const [tree, updatePath, pathSecrets, newPrivateKey] = res.needsUpdatePath
+        ? await createUpdatePath(res.tree, state.privatePath.leafIndex, state.groupContext, state.signaturePrivateKey, cs)
+        : [res.tree, undefined, [], undefined];
+    const updatedExtensions = res.additionalResult.kind === "memberCommit" && res.additionalResult.extensions.length > 0
+        ? res.additionalResult.extensions
+        : state.groupContext.extensions;
+    const groupContextWithExtensions = { ...state.groupContext, extensions: updatedExtensions };
+    const privateKeys = mergePrivateKeyPaths(newPrivateKey !== undefined
+        ? updateLeafKey(state.privatePath, await cs.hpke.exportPrivateKey(newPrivateKey))
+        : state.privatePath, await toPrivateKeyPath(pathToPathSecrets(pathSecrets), state.privatePath.leafIndex, cs));
+    const lastPathSecret = pathSecrets.at(-1);
+    const commitSecret = lastPathSecret === undefined
+        ? new Uint8Array(cs.kdf.size)
+        : await deriveSecret(lastPathSecret.secret, "path", cs.kdf);
+    const { signature, framedContent } = await createContentCommitSignature(state.groupContext, wireformat, { proposals: allProposals, path: updatePath }, { senderType: "member", leafIndex: state.privatePath.leafIndex }, authenticatedData, state.signaturePrivateKey, cs.signature);
+    const treeHash = await treeHashRoot(tree, cs.hash);
+    const updatedGroupContext = await nextEpochContext(groupContextWithExtensions, wireformat, framedContent, signature, treeHash, state.confirmationTag, cs.hash);
+    const epochSecrets = await initializeEpoch(state.keySchedule.initSecret, commitSecret, updatedGroupContext, res.pskSecret, cs.kdf);
+    const confirmationTag = await createConfirmationTag(epochSecrets.keySchedule.confirmationKey, updatedGroupContext.confirmedTranscriptHash, cs.hash);
+    const authData = {
+        contentType: framedContent.contentType,
+        signature,
+        confirmationTag,
+    };
+    const [commit] = await protectCommit(publicMessage, state, authenticatedData, framedContent, authData, cs);
+    const welcome = await createWelcome(ratchetTreeExtension, updatedGroupContext, confirmationTag, state, tree, cs, epochSecrets, res, pathSecrets);
+    const groupActiveState = res.selfRemoved
+        ? { kind: "removedFromGroup" }
+        : suspendedPendingReinit !== undefined
+            ? { kind: "suspendedPendingReinit", reinit: suspendedPendingReinit }
+            : { kind: "active" };
+    const newState = {
+        groupContext: updatedGroupContext,
+        ratchetTree: tree,
+        secretTree: await createSecretTree(leafWidth(tree.length), epochSecrets.keySchedule.encryptionSecret, cs.kdf),
+        keySchedule: epochSecrets.keySchedule,
+        privatePath: privateKeys,
+        unappliedProposals: {},
+        historicalReceiverData: addHistoricalReceiverData(state),
+        confirmationTag,
+        signaturePrivateKey: state.signaturePrivateKey,
+        groupActiveState,
+        clientConfig: state.clientConfig,
+    };
+    return { newState, welcome, commit };
+}
+function bundleAllProposals(state, extraProposals) {
+    const refs = Object.keys(state.unappliedProposals).map((p) => ({
+        proposalOrRefType: "reference",
+        reference: base64ToBytes(p),
+    }));
+    const proposals = extraProposals.map((p) => ({ proposalOrRefType: "proposal", proposal: p }));
+    return [...refs, ...proposals];
+}
+async function createWelcome(ratchetTreeExtension, groupContext, confirmationTag, state, tree, cs, epochSecrets, res, pathSecrets) {
+    const groupInfo = ratchetTreeExtension
+        ? await createGroupInfoWithRatchetTree(groupContext, confirmationTag, state, tree, cs)
+        : await createGroupInfo(groupContext, confirmationTag, state, cs);
+    const encryptedGroupInfo = await encryptGroupInfo(groupInfo, epochSecrets.welcomeSecret, cs);
+    const encryptedGroupSecrets = res.additionalResult.kind === "memberCommit"
+        ? await Promise.all(res.additionalResult.addedLeafNodes.map(([leafNodeIndex, keyPackage]) => {
+            return createEncryptedGroupSecrets(tree, leafNodeIndex, state, pathSecrets, cs, keyPackage, encryptedGroupInfo, epochSecrets, res);
+        }))
+        : [];
+    return encryptedGroupSecrets.length > 0
+        ? {
+            cipherSuite: groupContext.cipherSuite,
+            secrets: encryptedGroupSecrets,
+            encryptedGroupInfo,
+        }
+        : undefined;
+}
+async function createEncryptedGroupSecrets(tree, leafNodeIndex, state, pathSecrets, cs, keyPackage, encryptedGroupInfo, epochSecrets, res) {
+    const nodeIndex = firstCommonAncestor(tree, leafNodeIndex, state.privatePath.leafIndex);
+    const pathSecret = pathSecrets.find((ps) => ps.nodeIndex === nodeIndex);
+    const pk = await cs.hpke.importPublicKey(keyPackage.initKey);
+    const egs = await encryptGroupSecrets(pk, encryptedGroupInfo, { joinerSecret: epochSecrets.joinerSecret, pathSecret: pathSecret?.secret, psks: res.pskIds }, cs.hpke);
+    const ref = await makeKeyPackageRef(keyPackage, cs.hash);
+    return { newMember: ref, encryptedGroupSecrets: { kemOutput: egs.enc, ciphertext: egs.ct } };
+}
+export async function createGroupInfo(groupContext, confirmationTag, state, cs) {
+    const groupInfoTbs = {
+        groupContext: groupContext,
+        extensions: groupContext.extensions,
+        confirmationTag,
+        signer: state.privatePath.leafIndex,
+    };
+    return signGroupInfo(groupInfoTbs, state.signaturePrivateKey, cs.signature);
+}
+export async function createGroupInfoWithRatchetTree(groupContext, confirmationTag, state, tree, cs) {
+    const gi = await createGroupInfo(groupContext, confirmationTag, state, cs);
+    const encodedTree = encodeRatchetTree(tree);
+    return { ...gi, extensions: [...gi.extensions, { extensionType: "ratchet_tree", extensionData: encodedTree }] };
+}
+export async function createGroupInfoWithExternalPub(state, cs) {
+    const gi = await createGroupInfo(state.groupContext, state.confirmationTag, state, cs);
+    const externalKeyPair = await cs.hpke.deriveKeyPair(state.keySchedule.externalSecret);
+    const externalPub = await cs.hpke.exportPublicKey(externalKeyPair.publicKey);
+    return { ...gi, extensions: [...gi.extensions, { extensionType: "external_pub", extensionData: externalPub }] };
+}
+export async function createGroupInfoWithExternalPubAndRatchetTree(state, cs) {
+    const gi = await createGroupInfo(state.groupContext, state.confirmationTag, state, cs);
+    const encodedTree = encodeRatchetTree(state.ratchetTree);
+    const externalKeyPair = await cs.hpke.deriveKeyPair(state.keySchedule.externalSecret);
+    const externalPub = await cs.hpke.exportPublicKey(externalKeyPair.publicKey);
+    return {
+        ...gi,
+        extensions: [
+            ...gi.extensions,
+            { extensionType: "external_pub", extensionData: externalPub },
+            { extensionType: "ratchet_tree", extensionData: encodedTree },
+        ],
+    };
+}
+async function protectCommit(publicMessage, state, authenticatedData, content, authData, cs) {
+    const wireformat = publicMessage ? "mls_public_message" : "mls_private_message";
+    const authenticatedContent = {
+        wireformat,
+        content,
+        auth: authData,
+    };
+    if (publicMessage) {
+        const msg = await protectPublicMessage(state.keySchedule.membershipKey, state.groupContext, authenticatedContent, cs);
+        return [{ version: "mls10", wireformat: "mls_public_message", publicMessage: msg }, state.secretTree];
+    }
+    else {
+        const res = await protect(state.keySchedule.senderDataSecret, authenticatedData, state.groupContext, state.secretTree, { ...content, auth: authData }, state.privatePath.leafIndex, state.clientConfig.paddingConfig, cs);
+        return [{ version: "mls10", wireformat: "mls_private_message", privateMessage: res.privateMessage }, res.tree];
+    }
+}
+export async function applyUpdatePathSecret(tree, privatePath, senderLeafIndex, gc, path, excludeNodes, cs) {
+    const { nodeIndex: ancestorNodeIndex, resolution, updateNode, } = firstMatchAncestor(tree, privatePath.leafIndex, senderLeafIndex, path);
+    for (const [i, nodeIndex] of filterNewLeaves(resolution, excludeNodes).entries()) {
+        if (privatePath.privateKeys[nodeIndex] !== undefined) {
+            const key = await cs.hpke.importPrivateKey(privatePath.privateKeys[nodeIndex]);
+            const ct = updateNode?.encryptedPathSecret[i];
+            const pathSecret = await decryptWithLabel(key, "UpdatePathNode", encodeGroupContext(gc), ct.kemOutput, ct.ciphertext, cs.hpke);
+            return { nodeIndex: ancestorNodeIndex, pathSecret };
+        }
+    }
+    throw new InternalError("No overlap between provided private keys and update path");
+}
+export async function joinGroupExternal(groupInfo, keyPackage, privateKeys, resync, cs, tree, clientConfig = defaultClientConfig, authenticatedData = new Uint8Array()) {
+    const externalPub = groupInfo.extensions.find((ex) => ex.extensionType === "external_pub");
+    if (externalPub === undefined)
+        throw new UsageError("Could not find external_pub extension");
+    const allExtensionsSupported = extensionsSupportedByCapabilities(groupInfo.groupContext.extensions, keyPackage.leafNode.capabilities);
+    if (!allExtensionsSupported)
+        throw new UsageError("client does not support every extension in the GroupContext");
+    const { enc, secret: initSecret } = await exportSecret(externalPub.extensionData, cs);
+    const ratchetTree = ratchetTreeFromExtension(groupInfo) ?? tree;
+    if (ratchetTree === undefined)
+        throw new UsageError("No RatchetTree passed and no ratchet_tree extension");
+    throwIfDefined(await validateRatchetTree(ratchetTree, groupInfo.groupContext, clientConfig.lifetimeConfig, clientConfig.authService, groupInfo.groupContext.treeHash, cs));
+    const signaturePublicKey = getSignaturePublicKeyFromLeafIndex(ratchetTree, groupInfo.signer);
+    const signerCredential = getCredentialFromLeafIndex(ratchetTree, groupInfo.signer);
+    const credentialVerified = await clientConfig.authService.validateCredential(signerCredential, signaturePublicKey);
+    if (!credentialVerified)
+        throw new ValidationError("Could not validate credential");
+    const groupInfoSignatureVerified = verifyGroupInfoSignature(groupInfo, signaturePublicKey, cs.signature);
+    if (!groupInfoSignatureVerified)
+        throw new CryptoVerificationError("Could not verify groupInfo Signature");
+    const formerLeafIndex = resync
+        ? nodeToLeafIndex(ratchetTree.findIndex((n) => {
+            if (n !== undefined && n.nodeType === "leaf") {
+                return clientConfig.keyPackageEqualityConfig.compareKeyPackageToLeafNode(keyPackage, n.leaf);
+            }
+            return false;
+        }))
+        : undefined;
+    const updatedTree = formerLeafIndex !== undefined ? removeLeafNode(ratchetTree, formerLeafIndex) : ratchetTree;
+    const [treeWithNewLeafNode, newLeafNodeIndex] = addLeafNode(updatedTree, keyPackage.leafNode);
+    const [newTree, updatePath, pathSecrets, newPrivateKey] = await createUpdatePath(treeWithNewLeafNode, nodeToLeafIndex(newLeafNodeIndex), groupInfo.groupContext, privateKeys.signaturePrivateKey, cs);
+    const privateKeyPath = updateLeafKey(await toPrivateKeyPath(pathToPathSecrets(pathSecrets), nodeToLeafIndex(newLeafNodeIndex), cs), await cs.hpke.exportPrivateKey(newPrivateKey));
+    const lastPathSecret = pathSecrets.at(-1);
+    const commitSecret = lastPathSecret === undefined
+        ? new Uint8Array(cs.kdf.size)
+        : await deriveSecret(lastPathSecret.secret, "path", cs.kdf);
+    const externalInitProposal = {
+        proposalType: "external_init",
+        externalInit: { kemOutput: enc },
+    };
+    const proposals = formerLeafIndex !== undefined
+        ? [{ proposalType: "remove", remove: { removed: formerLeafIndex } }, externalInitProposal]
+        : [externalInitProposal];
+    const pskSecret = new Uint8Array(cs.kdf.size);
+    const { signature, framedContent } = await createContentCommitSignature(groupInfo.groupContext, "mls_public_message", { proposals: proposals.map((p) => ({ proposalOrRefType: "proposal", proposal: p })), path: updatePath }, {
+        senderType: "new_member_commit",
+    }, authenticatedData, privateKeys.signaturePrivateKey, cs.signature);
+    const treeHash = await treeHashRoot(newTree, cs.hash);
+    const groupContext = await nextEpochContext(groupInfo.groupContext, "mls_public_message", framedContent, signature, treeHash, groupInfo.confirmationTag, cs.hash);
+    const epochSecrets = await initializeEpoch(initSecret, commitSecret, groupContext, pskSecret, cs.kdf);
+    const confirmationTag = await createConfirmationTag(epochSecrets.keySchedule.confirmationKey, groupContext.confirmedTranscriptHash, cs.hash);
+    const state = {
+        ratchetTree: newTree,
+        groupContext: groupContext,
+        secretTree: await createSecretTree(leafWidth(newTree.length), epochSecrets.keySchedule.encryptionSecret, cs.kdf),
+        privatePath: privateKeyPath,
+        confirmationTag,
+        historicalReceiverData: new Map(),
+        signaturePrivateKey: privateKeys.signaturePrivateKey,
+        keySchedule: epochSecrets.keySchedule,
+        unappliedProposals: {},
+        groupActiveState: { kind: "active" },
+        clientConfig,
+    };
+    const authenticatedContent = {
+        content: framedContent,
+        auth: { signature, confirmationTag, contentType: "commit" },
+        wireformat: "mls_public_message",
+    };
+    const msg = await protectPublicMessage(epochSecrets.keySchedule.membershipKey, groupContext, authenticatedContent, cs);
+    return { publicMessage: msg, newState: state };
+}
+export function filterNewLeaves(resolution, excludeNodes) {
+    const set = new Set(excludeNodes);
+    return resolution.filter((i) => !set.has(i));
+}
+//# sourceMappingURL=createCommit.js.map

package/dist/src/createCommit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"createCommit.js","sourceRoot":"","sources":["../../src/createCommit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,yBAAyB,EAAE,cAAc,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAA;AAE9F,OAAO,EAEL,cAAc,EACd,gBAAgB,EAEhB,YAAY,EACZ,6BAA6B,GAE9B,MAAM,eAAe,CAAA;AAEtB,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAA;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAC3C,OAAO,EACL,4BAA4B,EAC5B,qBAAqB,GAGtB,MAAM,iBAAiB,CAAA;AACxB,OAAO,EAAgB,kBAAkB,EAAE,MAAM,gBAAgB,CAAA;AACjE,OAAO,EAA2B,wBAAwB,EAAE,aAAa,EAAE,wBAAwB,EAAE,MAAM,aAAa,CAAA;AACxH,OAAO,EAAc,iBAAiB,EAAqB,MAAM,cAAc,CAAA;AAC/E,OAAO,EAAE,eAAe,EAAgB,MAAM,eAAe,CAAA;AAE7D,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAA;AAC7C,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAA;AAChE,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAA;AACjD,OAAO,EAAE,oBAAoB,EAAE,aAAa,EAAE,gBAAgB,EAAkB,MAAM,kBAAkB,CAAA;AAIxG,OAAO,EAEL,WAAW,EACX,iBAAiB,EACjB,0BAA0B,EAC1B,kCAAkC,EAClC,cAAc,GACf,MAAM,eAAe,CAAA;AACtB,OAAO,EAAE,gBAAgB,EAAc,MAAM,cAAc,CAAA;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AACzC,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,YAAY,CAAA;AACvD,OAAO,EAAE,gBAAgB,EAAc,mBAAmB,EAAc,kBAAkB,EAAE,MAAM,cAAc,CAAA;AAChH,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAA;AAChD,OAAO,EAAW,gBAAgB,EAAyB,mBAAmB,EAAE,MAAM,WAAW,CAAA;AACjG,OAAO,EAAE,uBAAuB,EAAE,aAAa,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,YAAY,CAAA;AAChG,OAAO,EAAgB,mBAAmB,EAAE,MAAM,gBAAgB,CAAA;AAClE,OAAO,EAAE,iCAAiC,EAAE,MAAM,aAAa,CAAA;AAI/D,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,KAAkB,EAClB,SAAmB,EACnB,aAAsB,EACtB,cAA0B,EAC1B,EAAmB,EACnB,uBAAgC,KAAK,EACrC,oBAAgC,IAAI,UAAU,EAAE;IAEhD,6BAA6B,CAAC,KAAK,CAAC,CAAA;IAEpC,MAAM,UAAU,GAAG,aAAa,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,qBAAqB,CAAA;IAE/E,MAAM,YAAY,GAAG,kBAAkB,CAAC,KAAK,EAAE,cAAc,CAAC,CAAA;IAE9D,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,KAAK,EAAE,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC,SAAS,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,CAAC,CAAA;IAEvG,IAAI,GAAG,CAAC,gBAAgB,CAAC,IAAI,KAAK,gBAAgB;QAAE,MAAM,IAAI,UAAU,CAAC,0CAA0C,CAAC,CAAA;IAEpH,MAAM,sBAAsB,GAAG,GAAG,CAAC,gBAAgB,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAA;IAE/G,MAAM,CAAC,IAAI,EAAE,UAAU,EAAE,WAAW,EAAE,aAAa,CAAC,GAAG,GAAG,CAAC,eAAe;QACxE,CAAC,CAAC,MAAM,gBAAgB,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,WAAW,CAAC,SAAS,EAAE,KAAK,CAAC,YAAY,EAAE,KAAK,CAAC,mBAAmB,EAAE,EAAE,CAAC;QAClH,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,EAAkB,EAAE,SAAS,CAAC,CAAA;IAExD,MAAM,iBAAiB,GACrB,GAAG,CAAC,gBAAgB,CAAC,IAAI,KAAK,cAAc,IAAI,GAAG,CAAC,gBAAgB,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC;QACxF,CAAC,CAAC,GAAG,CAAC,gBAAgB,CAAC,UAAU;QACjC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,CAAA;IAEnC,MAAM,0BAA0B,GAAG,EAAE,GAAG,KAAK,CAAC,YAAY,EAAE,UAAU,EAAE,iBAAiB,EAAE,CAAA;IAE3F,MAAM,WAAW,GAAG,oBAAoB,CACtC,aAAa,KAAK,SAAS;QACzB,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,WAAW,EAAE,MAAM,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;QACjF,CAAC,CAAC,KAAK,CAAC,WAAW,EACrB,MAAM,gBAAgB,CAAC,iBAAiB,CAAC,WAAW,CAAC,EAAE,KAAK,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,CAAC,CACxF,CAAA;IAED,MAAM,cAAc,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;IAEzC,MAAM,YAAY,GAChB,cAAc,KAAK,SAAS;QAC1B,CAAC,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC;QAC7B,CAAC,CAAC,MAAM,YAAY,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,CAAC,GAAG,CAAC,CAAA;IAE/D,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,MAAM,4BAA4B,CACrE,KAAK,CAAC,YAAY,EAClB,UAAU,EACV,EAAE,SAAS,EAAE,YAAY,EAAE,IAAI,EAAE,UAAU,EAAE,EAC7C,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC,WAAW,CAAC,SAAS,EAAE,EAChE,iBAAiB,EACjB,KAAK,CAAC,mBAAmB,EACzB,EAAE,CAAC,SAAS,CACb,CAAA;IAED,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,CAAA;IAElD,MAAM,mBAAmB,GAAG,MAAM,gBAAgB,CAChD,0BAA0B,EAC1B,UAAU,EACV,aAAa,EACb,SAAS,EACT,QAAQ,EACR,KAAK,CAAC,eAAe,EACrB,EAAE,CAAC,IAAI,CACR,CAAA;IAED,MAAM,YAAY,GAAG,MAAM,eAAe,CACxC,KAAK,CAAC,WAAW,CAAC,UAAU,EAC5B,YAAY,EACZ,mBAAmB,EACnB,GAAG,CAAC,SAAS,EACb,EAAE,CAAC,GAAG,CACP,CAAA;IAED,MAAM,eAAe,GAAG,MAAM,qBAAqB,CACjD,YAAY,CAAC,WAAW,CAAC,eAAe,EACxC,mBAAmB,CAAC,uBAAuB,EAC3C,EAAE,CAAC,IAAI,CACR,CAAA;IAED,MAAM,QAAQ,GAAgC;QAC5C,WAAW,EAAE,aAAa,CAAC,WAAW;QACtC,SAAS;QACT,eAAe;KAChB,CAAA;IAED,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,aAAa,CAAC,aAAa,EAAE,KAAK,EAAE,iBAAiB,EAAE,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAA;IAE1G,MAAM,OAAO,GAAwB,MAAM,aAAa,CACtD,oBAAoB,EACpB,mBAAmB,EACnB,eAAe,EACf,KAAK,EACL,IAAI,EACJ,EAAE,EACF,YAAY,EACZ,GAAG,EACH,WAAW,CACZ,CAAA;IAED,MAAM,gBAAgB,GAAqB,GAAG,CAAC,WAAW;QACxD,CAAC,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE;QAC9B,CAAC,CAAC,sBAAsB,KAAK,SAAS;YACpC,CAAC,CAAC,EAAE,IAAI,EAAE,wBAAwB,EAAE,MAAM,EAAE,sBAAsB,EAAE;YACpE,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAA;IAExB,MAAM,QAAQ,GAAgB;QAC5B,YAAY,EAAE,mBAAmB;QACjC,WAAW,EAAE,IAAI;QACjB,UAAU,EAAE,MAAM,gBAAgB,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,YAAY,CAAC,WAAW,CAAC,gBAAgB,EAAE,EAAE,CAAC,GAAG,CAAC;QAC7G,WAAW,EAAE,YAAY,CAAC,WAAW;QACrC,WAAW,EAAE,WAAW;QACxB,kBAAkB,EAAE,EAAE;QACtB,sBAAsB,EAAE,yBAAyB,CAAC,KAAK,CAAC;QACxD,eAAe;QACf,mBAAmB,EAAE,KAAK,CAAC,mBAAmB;QAC9C,gBAAgB;QAChB,YAAY,EAAE,KAAK,CAAC,YAAY;KACjC,CAAA;IAED,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,CAAA;AACtC,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAkB,EAAE,cAA0B;IACxE,MAAM,IAAI,GAAoB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9E,iBAAiB,EAAE,WAAW;QAC9B,SAAS,EAAE,aAAa,CAAC,CAAC,CAAC;KAC5B,CAAC,CAAC,CAAA;IAEH,MAAM,SAAS,GAAoB,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,iBAAiB,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC,CAAA;IAE9G,OAAO,CAAC,GAAG,IAAI,EAAE,GAAG,SAAS,CAAC,CAAA;AAChC,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,oBAA6B,EAC7B,YAA0B,EAC1B,eAA2B,EAC3B,KAAkB,EAClB,IAAiB,EACjB,EAAmB,EACnB,YAA0B,EAC1B,GAAyB,EACzB,WAAyB;IAEzB,MAAM,SAAS,GAAG,oBAAoB;QACpC,CAAC,CAAC,MAAM,8BAA8B,CAAC,YAAY,EAAE,eAAe,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC;QACtF,CAAC,CAAC,MAAM,eAAe,CAAC,YAAY,EAAE,eAAe,EAAE,KAAK,EAAE,EAAE,CAAC,CAAA;IAEnE,MAAM,kBAAkB,GAAG,MAAM,gBAAgB,CAAC,SAAS,EAAE,YAAY,CAAC,aAAa,EAAE,EAAE,CAAC,CAAA;IAE5F,MAAM,qBAAqB,GACzB,GAAG,CAAC,gBAAgB,CAAC,IAAI,KAAK,cAAc;QAC1C,CAAC,CAAC,MAAM,OAAO,CAAC,GAAG,CACf,GAAG,CAAC,gBAAgB,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,aAAa,EAAE,UAAU,CAAC,EAAE,EAAE;YACtE,OAAO,2BAA2B,CAChC,IAAI,EACJ,aAAa,EACb,KAAK,EACL,WAAW,EACX,EAAE,EACF,UAAU,EACV,kBAAkB,EAClB,YAAY,EACZ,GAAG,CACJ,CAAA;QACH,CAAC,CAAC,CACH;QACH,CAAC,CAAC,EAAE,CAAA;IAER,OAAO,qBAAqB,CAAC,MAAM,GAAG,CAAC;QACrC,CAAC,CAAC;YACE,WAAW,EAAE,YAAY,CAAC,WAAW;YACrC,OAAO,EAAE,qBAAqB;YAC9B,kBAAkB;SACnB;QACH,CAAC,CAAC,SAAS,CAAA;AACf,CAAC;AAED,KAAK,UAAU,2BAA2B,CACxC,IAAiB,EACjB,aAAqB,EACrB,KAAkB,EAClB,WAAyB,EACzB,EAAmB,EACnB,UAAsB,EACtB,kBAA8B,EAC9B,YAA0B,EAC1B,GAAyB;IAEzB,MAAM,SAAS,GAAG,mBAAmB,CAAC,IAAI,EAAE,aAAa,EAAE,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,CAAA;IACvF,MAAM,UAAU,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,SAAS,KAAK,SAAS,CAAC,CAAA;IACvE,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;IAC5D,MAAM,GAAG,GAAG,MAAM,mBAAmB,CACnC,EAAE,EACF,kBAAkB,EAClB,EAAE,YAAY,EAAE,YAAY,CAAC,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,MAAM,EAAE,EAC7F,EAAE,CAAC,IAAI,CACR,CAAA;IAED,MAAM,GAAG,GAAG,MAAM,iBAAiB,CAAC,UAAU,EAAE,EAAE,CAAC,IAAI,CAAC,CAAA;IAExD,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,qBAAqB,EAAE,EAAE,SAAS,EAAE,GAAG,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,CAAC,EAAE,EAAE,EAAE,CAAA;AAC9F,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,YAA0B,EAC1B,eAA2B,EAC3B,KAAkB,EAClB,EAAmB;IAEnB,MAAM,YAAY,GAAiB;QACjC,YAAY,EAAE,YAAY;QAC1B,UAAU,EAAE,YAAY,CAAC,UAAU;QACnC,eAAe;QACf,MAAM,EAAE,KAAK,CAAC,WAAW,CAAC,SAAS;KACpC,CAAA;IAED,OAAO,aAAa,CAAC,YAAY,EAAE,KAAK,CAAC,mBAAmB,EAAE,EAAE,CAAC,SAAS,CAAC,CAAA;AAC7E,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAClD,YAA0B,EAC1B,eAA2B,EAC3B,KAAkB,EAClB,IAAiB,EACjB,EAAmB;IAEnB,MAAM,EAAE,GAAG,MAAM,eAAe,CAAC,YAAY,EAAE,eAAe,EAAE,KAAK,EAAE,EAAE,CAAC,CAAA;IAE1E,MAAM,WAAW,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAA;IAE3C,OAAO,EAAE,GAAG,EAAE,EAAE,UAAU,EAAE,CAAC,GAAG,EAAE,CAAC,UAAU,EAAE,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,EAAE,CAAA;AACjH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAAC,KAAkB,EAAE,EAAmB;IAC1F,MAAM,EAAE,GAAG,MAAM,eAAe,CAAC,KAAK,CAAC,YAAY,EAAE,KAAK,CAAC,eAAe,EAAE,KAAK,EAAE,EAAE,CAAC,CAAA;IAEtF,MAAM,eAAe,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,WAAW,CAAC,cAAc,CAAC,CAAA;IACrF,MAAM,WAAW,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,eAAe,CAAC,SAAS,CAAC,CAAA;IAE5E,OAAO,EAAE,GAAG,EAAE,EAAE,UAAU,EAAE,CAAC,GAAG,EAAE,CAAC,UAAU,EAAE,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,EAAE,CAAA;AACjH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,4CAA4C,CAChE,KAAkB,EAClB,EAAmB;IAEnB,MAAM,EAAE,GAAG,MAAM,eAAe,CAAC,KAAK,CAAC,YAAY,EAAE,KAAK,CAAC,eAAe,EAAE,KAAK,EAAE,EAAE,CAAC,CAAA;IAEtF,MAAM,WAAW,GAAG,iBAAiB,CAAC,KAAK,CAAC,WAAW,CAAC,CAAA;IAExD,MAAM,eAAe,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,WAAW,CAAC,cAAc,CAAC,CAAA;IACrF,MAAM,WAAW,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,eAAe,CAAC,SAAS,CAAC,CAAA;IAE5E,OAAO;QACL,GAAG,EAAE;QACL,UAAU,EAAE;YACV,GAAG,EAAE,CAAC,UAAU;YAChB,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,WAAW,EAAE;YAC7D,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,WAAW,EAAE;SAC9D;KACF,CAAA;AACH,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,aAAsB,EACtB,KAAkB,EAClB,iBAA6B,EAC7B,OAA4B,EAC5B,QAAqC,EACrC,EAAmB;IAEnB,MAAM,UAAU,GAAG,aAAa,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,qBAAqB,CAAA;IAE/E,MAAM,oBAAoB,GAA+B;QACvD,UAAU;QACV,OAAO;QACP,IAAI,EAAE,QAAQ;KACf,CAAA;IAED,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,GAAG,GAAG,MAAM,oBAAoB,CACpC,KAAK,CAAC,WAAW,CAAC,aAAa,EAC/B,KAAK,CAAC,YAAY,EAClB,oBAAoB,EACpB,EAAE,CACH,CAAA;QAED,OAAO,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,oBAAoB,EAAE,aAAa,EAAE,GAAG,EAAE,EAAE,KAAK,CAAC,UAAU,CAAC,CAAA;IACvG,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,GAAG,MAAM,OAAO,CACvB,KAAK,CAAC,WAAW,CAAC,gBAAgB,EAClC,iBAAiB,EACjB,KAAK,CAAC,YAAY,EAClB,KAAK,CAAC,UAAU,EAChB,EAAE,GAAG,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,EAC9B,KAAK,CAAC,WAAW,CAAC,SAAS,EAC3B,KAAK,CAAC,YAAY,CAAC,aAAa,EAChC,EAAE,CACH,CAAA;QAED,OAAO,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,qBAAqB,EAAE,cAAc,EAAE,GAAG,CAAC,cAAc,EAAE,EAAE,GAAG,CAAC,IAAI,CAAC,CAAA;IAChH,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,IAAiB,EACjB,WAA2B,EAC3B,eAAuB,EACvB,EAAgB,EAChB,IAAgB,EAChB,YAAsB,EACtB,EAAmB;IAEnB,MAAM,EACJ,SAAS,EAAE,iBAAiB,EAC5B,UAAU,EACV,UAAU,GACX,GAAG,kBAAkB,CAAC,IAAI,EAAE,WAAW,CAAC,SAAS,EAAE,eAAe,EAAE,IAAI,CAAC,CAAA;IAE1E,KAAK,MAAM,CAAC,CAAC,EAAE,SAAS,CAAC,IAAI,eAAe,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;QACjF,IAAI,WAAW,CAAC,WAAW,CAAC,SAAS,CAAC,KAAK,SAAS,EAAE,CAAC;YACrD,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAC,WAAW,CAAC,SAAS,CAAE,CAAC,CAAA;YAC/E,MAAM,EAAE,GAAG,UAAU,EAAE,mBAAmB,CAAC,CAAC,CAAE,CAAA;YAE9C,MAAM,UAAU,GAAG,MAAM,gBAAgB,CACvC,GAAG,EACH,gBAAgB,EAChB,kBAAkB,CAAC,EAAE,CAAC,EACtB,EAAE,CAAC,SAAS,EACZ,EAAE,CAAC,UAAU,EACb,EAAE,CAAC,IAAI,CACR,CAAA;YACD,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,UAAU,EAAE,CAAA;QACrD,CAAC;IACH,CAAC;IAED,MAAM,IAAI,aAAa,CAAC,0DAA0D,CAAC,CAAA;AACrF,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,SAAoB,EACpB,UAAsB,EACtB,WAA8B,EAC9B,MAAe,EACf,EAAmB,EACnB,IAAkB,EAClB,eAA6B,mBAAmB,EAChD,oBAAgC,IAAI,UAAU,EAAE;IAEhD,MAAM,WAAW,GAAG,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,aAAa,KAAK,cAAc,CAAC,CAAA;IAE1F,IAAI,WAAW,KAAK,SAAS;QAAE,MAAM,IAAI,UAAU,CAAC,uCAAuC,CAAC,CAAA;IAE5F,MAAM,sBAAsB,GAAG,iCAAiC,CAC9D,SAAS,CAAC,YAAY,CAAC,UAAU,EACjC,UAAU,CAAC,QAAQ,CAAC,YAAY,CACjC,CAAA;IACD,IAAI,CAAC,sBAAsB;QAAE,MAAM,IAAI,UAAU,CAAC,6DAA6D,CAAC,CAAA;IAEhH,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,YAAY,CAAC,WAAW,CAAC,aAAa,EAAE,EAAE,CAAC,CAAA;IAErF,MAAM,WAAW,GAAG,wBAAwB,CAAC,SAAS,CAAC,IAAI,IAAI,CAAA;IAE/D,IAAI,WAAW,KAAK,SAAS;QAAE,MAAM,IAAI,UAAU,CAAC,qDAAqD,CAAC,CAAA;IAE1G,cAAc,CACZ,MAAM,mBAAmB,CACvB,WAAW,EACX,SAAS,CAAC,YAAY,EACtB,YAAY,CAAC,cAAc,EAC3B,YAAY,CAAC,WAAW,EACxB,SAAS,CAAC,YAAY,CAAC,QAAQ,EAC/B,EAAE,CACH,CACF,CAAA;IAED,MAAM,kBAAkB,GAAG,kCAAkC,CAAC,WAAW,EAAE,SAAS,CAAC,MAAM,CAAC,CAAA;IAE5F,MAAM,gBAAgB,GAAG,0BAA0B,CAAC,WAAW,EAAE,SAAS,CAAC,MAAM,CAAC,CAAA;IAElF,MAAM,kBAAkB,GAAG,MAAM,YAAY,CAAC,WAAW,CAAC,kBAAkB,CAAC,gBAAgB,EAAE,kBAAkB,CAAC,CAAA;IAElH,IAAI,CAAC,kBAAkB;QAAE,MAAM,IAAI,eAAe,CAAC,+BAA+B,CAAC,CAAA;IAEnF,MAAM,0BAA0B,GAAG,wBAAwB,CAAC,SAAS,EAAE,kBAAkB,EAAE,EAAE,CAAC,SAAS,CAAC,CAAA;IAExG,IAAI,CAAC,0BAA0B;QAAE,MAAM,IAAI,uBAAuB,CAAC,sCAAsC,CAAC,CAAA;IAE1G,MAAM,eAAe,GAAG,MAAM;QAC5B,CAAC,CAAC,eAAe,CACb,WAAW,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE;YAC1B,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;gBAC7C,OAAO,YAAY,CAAC,wBAAwB,CAAC,2BAA2B,CAAC,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,CAAA;YAC9F,CAAC;YACD,OAAO,KAAK,CAAA;QACd,CAAC,CAAC,CACH;QACH,CAAC,CAAC,SAAS,CAAA;IAEb,MAAM,WAAW,GAAG,eAAe,KAAK,SAAS,CAAC,CAAC,CAAC,cAAc,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,WAAW,CAAA;IAE9G,MAAM,CAAC,mBAAmB,EAAE,gBAAgB,CAAC,GAAG,WAAW,CAAC,WAAW,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAA;IAE7F,MAAM,CAAC,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,aAAa,CAAC,GAAG,MAAM,gBAAgB,CAC9E,mBAAmB,EACnB,eAAe,CAAC,gBAAgB,CAAC,EACjC,SAAS,CAAC,YAAY,EACtB,WAAW,CAAC,mBAAmB,EAC/B,EAAE,CACH,CAAA;IAED,MAAM,cAAc,GAAG,aAAa,CAClC,MAAM,gBAAgB,CAAC,iBAAiB,CAAC,WAAW,CAAC,EAAE,eAAe,CAAC,gBAAgB,CAAC,EAAE,EAAE,CAAC,EAC7F,MAAM,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAC9C,CAAA;IAED,MAAM,cAAc,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;IAEzC,MAAM,YAAY,GAChB,cAAc,KAAK,SAAS;QAC1B,CAAC,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC;QAC7B,CAAC,CAAC,MAAM,YAAY,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,CAAC,GAAG,CAAC,CAAA;IAE/D,MAAM,oBAAoB,GAAyB;QACjD,YAAY,EAAE,eAAe;QAC7B,YAAY,EAAE,EAAE,SAAS,EAAE,GAAG,EAAE;KACjC,CAAA;IACD,MAAM,SAAS,GACb,eAAe,KAAK,SAAS;QAC3B,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,eAAe,EAAE,EAAE,EAAE,oBAAoB,CAAC;QAC1F,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAA;IAE5B,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;IAE7C,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,MAAM,4BAA4B,CACrE,SAAS,CAAC,YAAY,EACtB,oBAAoB,EACpB,EAAE,SAAS,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,iBAAiB,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,EACvG;QACE,UAAU,EAAE,mBAAmB;KAChC,EACD,iBAAiB,EACjB,WAAW,CAAC,mBAAmB,EAC/B,EAAE,CAAC,SAAS,CACb,CAAA;IAED,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,CAAA;IAErD,MAAM,YAAY,GAAG,MAAM,gBAAgB,CACzC,SAAS,CAAC,YAAY,EACtB,oBAAoB,EACpB,aAAa,EACb,SAAS,EACT,QAAQ,EACR,SAAS,CAAC,eAAe,EACzB,EAAE,CAAC,IAAI,CACR,CAAA;IAED,MAAM,YAAY,GAAG,MAAM,eAAe,CAAC,UAAU,EAAE,YAAY,EAAE,YAAY,EAAE,SAAS,EAAE,EAAE,CAAC,GAAG,CAAC,CAAA;IAErG,MAAM,eAAe,GAAG,MAAM,qBAAqB,CACjD,YAAY,CAAC,WAAW,CAAC,eAAe,EACxC,YAAY,CAAC,uBAAuB,EACpC,EAAE,CAAC,IAAI,CACR,CAAA;IAED,MAAM,KAAK,GAAgB;QACzB,WAAW,EAAE,OAAO;QACpB,YAAY,EAAE,YAAY;QAC1B,UAAU,EAAE,MAAM,gBAAgB,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,YAAY,CAAC,WAAW,CAAC,gBAAgB,EAAE,EAAE,CAAC,GAAG,CAAC;QAChH,WAAW,EAAE,cAAc;QAC3B,eAAe;QACf,sBAAsB,EAAE,IAAI,GAAG,EAAE;QACjC,mBAAmB,EAAE,WAAW,CAAC,mBAAmB;QACpD,WAAW,EAAE,YAAY,CAAC,WAAW;QACrC,kBAAkB,EAAE,EAAE;QACtB,gBAAgB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;QACpC,YAAY;KACb,CAAA;IAED,MAAM,oBAAoB,GAA+B;QACvD,OAAO,EAAE,aAAa;QACtB,IAAI,EAAE,EAAE,SAAS,EAAE,eAAe,EAAE,WAAW,EAAE,QAAQ,EAAE;QAC3D,UAAU,EAAE,oBAAoB;KACjC,CAAA;IAED,MAAM,GAAG,GAAG,MAAM,oBAAoB,CAAC,YAAY,CAAC,WAAW,CAAC,aAAa,EAAE,YAAY,EAAE,oBAAoB,EAAE,EAAE,CAAC,CAAA;IAEtH,OAAO,EAAE,aAAa,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAA;AAChD,CAAC;AACD,MAAM,UAAU,eAAe,CAAC,UAAoB,EAAE,YAAsB;IAC1E,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAA;IACjC,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;AAC9C,CAAC"}

package/dist/src/createMessage.d.ts

@@ -0,0 +1,24 @@
+import { ClientState } from "./clientState";
+import { CiphersuiteImpl } from "./crypto/ciphersuite";
+import { MLSMessage } from "./message";
+import { Proposal } from "./proposal";
+export declare function createProposal(state: ClientState, publicMessage: boolean, proposal: Proposal, cs: CiphersuiteImpl, authenticatedData?: Uint8Array): Promise<{
+    newState: ClientState;
+    message: MLSMessage;
+}>;
+export declare function createApplicationMessage(state: ClientState, message: Uint8Array, cs: CiphersuiteImpl, authenticatedData?: Uint8Array): Promise<{
+    newState: {
+        secretTree: import("./secretTree").SecretTree;
+        groupContext: import("./groupContext").GroupContext;
+        keySchedule: import("./keySchedule").KeySchedule;
+        ratchetTree: import("./ratchetTree").RatchetTree;
+        privatePath: import("./privateKeyPath").PrivateKeyPath;
+        signaturePrivateKey: Uint8Array;
+        unappliedProposals: import("./unappliedProposals").UnappliedProposals;
+        confirmationTag: Uint8Array;
+        historicalReceiverData: Map<bigint, import("./clientState").EpochReceiverData>;
+        groupActiveState: import("./clientState").GroupActiveState;
+        clientConfig: import("./clientConfig").ClientConfig;
+    };
+    privateMessage: import("./privateMessage").PrivateMessage;
+}>;

package/dist/src/createMessage.js

@@ -0,0 +1,32 @@
+import { checkCanSendApplicationMessages, processProposal } from "./clientState";
+import { protectProposal, protectApplicationData } from "./messageProtection";
+import { protectProposalPublic } from "./messageProtectionPublic";
+import { addUnappliedProposal } from "./unappliedProposals";
+export async function createProposal(state, publicMessage, proposal, cs, authenticatedData = new Uint8Array()) {
+    if (publicMessage) {
+        const result = await protectProposalPublic(state.signaturePrivateKey, state.keySchedule.membershipKey, state.groupContext, authenticatedData, proposal, state.privatePath.leafIndex, cs);
+        const newState = await processProposal(state, { content: result.publicMessage.content, auth: result.publicMessage.auth, wireformat: "mls_public_message" }, proposal, cs.hash);
+        return {
+            newState,
+            message: { wireformat: "mls_public_message", version: "mls10", publicMessage: result.publicMessage },
+        };
+    }
+    else {
+        const result = await protectProposal(state.signaturePrivateKey, state.keySchedule.senderDataSecret, proposal, authenticatedData, state.groupContext, state.secretTree, state.privatePath.leafIndex, state.clientConfig.paddingConfig, cs);
+        const newState = {
+            ...state,
+            secretTree: result.newSecretTree,
+            unappliedProposals: addUnappliedProposal(result.proposalRef, state.unappliedProposals, proposal, state.privatePath.leafIndex),
+        };
+        return {
+            newState,
+            message: { wireformat: "mls_private_message", version: "mls10", privateMessage: result.privateMessage },
+        };
+    }
+}
+export async function createApplicationMessage(state, message, cs, authenticatedData = new Uint8Array()) {
+    checkCanSendApplicationMessages(state);
+    const result = await protectApplicationData(state.signaturePrivateKey, state.keySchedule.senderDataSecret, message, authenticatedData, state.groupContext, state.secretTree, state.privatePath.leafIndex, state.clientConfig.paddingConfig, cs);
+    return { newState: { ...state, secretTree: result.newSecretTree }, privateMessage: result.privateMessage };
+}
+//# sourceMappingURL=createMessage.js.map

package/dist/src/createMessage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"createMessage.js","sourceRoot":"","sources":["../../src/createMessage.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,+BAA+B,EAAe,eAAe,EAAE,MAAM,eAAe,CAAA;AAG7F,OAAO,EAAE,eAAe,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAA;AAC7E,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AAEjE,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAA;AAE3D,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,KAAkB,EAClB,aAAsB,EACtB,QAAkB,EAClB,EAAmB,EACnB,oBAAgC,IAAI,UAAU,EAAE;IAEhD,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,MAAM,GAAG,MAAM,qBAAqB,CACxC,KAAK,CAAC,mBAAmB,EACzB,KAAK,CAAC,WAAW,CAAC,aAAa,EAC/B,KAAK,CAAC,YAAY,EAClB,iBAAiB,EACjB,QAAQ,EACR,KAAK,CAAC,WAAW,CAAC,SAAS,EAC3B,EAAE,CACH,CAAA;QACD,MAAM,QAAQ,GAAG,MAAM,eAAe,CACpC,KAAK,EACL,EAAE,OAAO,EAAE,MAAM,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,aAAa,CAAC,IAAI,EAAE,UAAU,EAAE,oBAAoB,EAAE,EAC5G,QAAQ,EACR,EAAE,CAAC,IAAI,CACR,CAAA;QACD,OAAO;YACL,QAAQ;YACR,OAAO,EAAE,EAAE,UAAU,EAAE,oBAAoB,EAAE,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,CAAC,aAAa,EAAE;SACrG,CAAA;IACH,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,GAAG,MAAM,eAAe,CAClC,KAAK,CAAC,mBAAmB,EACzB,KAAK,CAAC,WAAW,CAAC,gBAAgB,EAClC,QAAQ,EACR,iBAAiB,EACjB,KAAK,CAAC,YAAY,EAClB,KAAK,CAAC,UAAU,EAChB,KAAK,CAAC,WAAW,CAAC,SAAS,EAC3B,KAAK,CAAC,YAAY,CAAC,aAAa,EAChC,EAAE,CACH,CAAA;QAED,MAAM,QAAQ,GAAG;YACf,GAAG,KAAK;YACR,UAAU,EAAE,MAAM,CAAC,aAAa;YAChC,kBAAkB,EAAE,oBAAoB,CACtC,MAAM,CAAC,WAAW,EAClB,KAAK,CAAC,kBAAkB,EACxB,QAAQ,EACR,KAAK,CAAC,WAAW,CAAC,SAAS,CAC5B;SACF,CAAA;QAED,OAAO;YACL,QAAQ;YACR,OAAO,EAAE,EAAE,UAAU,EAAE,qBAAqB,EAAE,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,CAAC,cAAc,EAAE;SACxG,CAAA;IACH,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,KAAkB,EAClB,OAAmB,EACnB,EAAmB,EACnB,oBAAgC,IAAI,UAAU,EAAE;IAEhD,+BAA+B,CAAC,KAAK,CAAC,CAAA;IAEtC,MAAM,MAAM,GAAG,MAAM,sBAAsB,CACzC,KAAK,CAAC,mBAAmB,EACzB,KAAK,CAAC,WAAW,CAAC,gBAAgB,EAClC,OAAO,EACP,iBAAiB,EACjB,KAAK,CAAC,YAAY,EAClB,KAAK,CAAC,UAAU,EAChB,KAAK,CAAC,WAAW,CAAC,SAAS,EAC3B,KAAK,CAAC,YAAY,CAAC,aAAa,EAChC,EAAE,CACH,CAAA;IAED,OAAO,EAAE,QAAQ,EAAE,EAAE,GAAG,KAAK,EAAE,UAAU,EAAE,MAAM,CAAC,aAAa,EAAE,EAAE,cAAc,EAAE,MAAM,CAAC,cAAc,EAAE,CAAA;AAC5G,CAAC"}

package/dist/src/credential.d.ts

@@ -0,0 +1,21 @@
+import { Decoder } from "./codec/tlsDecoder";
+import { Encoder } from "./codec/tlsEncoder";
+import { CredentialTypeName } from "./credentialType";
+export type Credential = CredentialBasic | CredentialX509;
+export type CredentialBasic = {
+    credentialType: "basic";
+    identity: Uint8Array;
+};
+export type CredentialX509 = {
+    credentialType: "x509";
+    certificates: Uint8Array[];
+};
+export type CredentialCustom = {
+    credentialType: CredentialTypeName;
+    data: Uint8Array;
+};
+export declare const encodeCredentialBasic: Encoder<CredentialBasic>;
+export declare const encodeCredentialX509: Encoder<CredentialX509>;
+export declare const encodeCredentialCustom: Encoder<CredentialCustom>;
+export declare const encodeCredential: Encoder<Credential>;
+export declare const decodeCredential: Decoder<Credential>;

package/dist/src/credential.js

@@ -0,0 +1,31 @@
+import { flatMapDecoder, mapDecoder } from "./codec/tlsDecoder";
+import { contramapEncoders } from "./codec/tlsEncoder";
+import { decodeVarLenData, decodeVarLenType, encodeVarLenData, encodeVarLenType } from "./codec/variableLength";
+import { decodeCredentialType, encodeCredentialType } from "./credentialType";
+export const encodeCredentialBasic = contramapEncoders([encodeCredentialType, encodeVarLenData], (c) => [c.credentialType, c.identity]);
+export const encodeCredentialX509 = contramapEncoders([encodeCredentialType, encodeVarLenType(encodeVarLenData)], (c) => [c.credentialType, c.certificates]);
+export const encodeCredentialCustom = contramapEncoders([encodeCredentialType, encodeVarLenData], (c) => [c.credentialType, c.data]);
+export const encodeCredential = (c) => {
+    switch (c.credentialType) {
+        case "basic":
+            return encodeCredentialBasic(c);
+        case "x509":
+            return encodeCredentialX509(c);
+        default:
+            return encodeCredentialCustom(c);
+    }
+};
+const decodeCredentialBasic = mapDecoder(decodeVarLenData, (identity) => ({
+    credentialType: "basic",
+    identity,
+}));
+const decodeCredentialX509 = mapDecoder(decodeVarLenType(decodeVarLenData), (certificates) => ({ credentialType: "x509", certificates }));
+export const decodeCredential = flatMapDecoder(decodeCredentialType, (credentialType) => {
+    switch (credentialType) {
+        case "basic":
+            return decodeCredentialBasic;
+        case "x509":
+            return decodeCredentialX509;
+    }
+});
+//# sourceMappingURL=credential.js.map

package/dist/src/credential.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credential.js","sourceRoot":"","sources":["../../src/credential.ts"],"names":[],"mappings":"AAAA,OAAO,EAAW,cAAc,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAA;AACxE,OAAO,EAAE,iBAAiB,EAAW,MAAM,oBAAoB,CAAA;AAC/D,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAA;AAC/G,OAAO,EAAsB,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAA;AASjG,MAAM,CAAC,MAAM,qBAAqB,GAA6B,iBAAiB,CAC9E,CAAC,oBAAoB,EAAE,gBAAgB,CAAC,EACxC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC,QAAQ,CAAU,CAC/C,CAAA;AAED,MAAM,CAAC,MAAM,oBAAoB,GAA4B,iBAAiB,CAC5E,CAAC,oBAAoB,EAAE,gBAAgB,CAAC,gBAAgB,CAAC,CAAC,EAC1D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC,YAAY,CAAU,CACnD,CAAA;AAED,MAAM,CAAC,MAAM,sBAAsB,GAA8B,iBAAiB,CAChF,CAAC,oBAAoB,EAAE,gBAAgB,CAAC,EACxC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC,IAAI,CAAU,CAC3C,CAAA;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAwB,CAAC,CAAC,EAAE,EAAE;IACzD,QAAQ,CAAC,CAAC,cAAc,EAAE,CAAC;QACzB,KAAK,OAAO;YACV,OAAO,qBAAqB,CAAC,CAAC,CAAC,CAAA;QACjC,KAAK,MAAM;YACT,OAAO,oBAAoB,CAAC,CAAC,CAAC,CAAA;QAChC;YACE,OAAO,sBAAsB,CAAC,CAAqB,CAAC,CAAA;IACxD,CAAC;AACH,CAAC,CAAA;AAED,MAAM,qBAAqB,GAA6B,UAAU,CAAC,gBAAgB,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IAClG,cAAc,EAAE,OAAO;IACvB,QAAQ;CACT,CAAC,CAAC,CAAA;AAEH,MAAM,oBAAoB,GAA4B,UAAU,CAC9D,gBAAgB,CAAC,gBAAgB,CAAC,EAClC,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,EAAE,cAAc,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAC7D,CAAA;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAwB,cAAc,CACjE,oBAAoB,EACpB,CAAC,cAAc,EAAuB,EAAE;IACtC,QAAQ,cAAc,EAAE,CAAC;QACvB,KAAK,OAAO;YACV,OAAO,qBAAqB,CAAA;QAC9B,KAAK,MAAM;YACT,OAAO,oBAAoB,CAAA;IAC/B,CAAC;AACH,CAAC,CACF,CAAA"}

package/dist/src/credentialType.d.ts

@@ -0,0 +1,11 @@
+import { Decoder } from "./codec/tlsDecoder";
+import { Encoder } from "./codec/tlsEncoder";
+declare const credentialTypes: {
+    readonly basic: 1;
+    readonly x509: 2;
+};
+export type CredentialTypeName = keyof typeof credentialTypes;
+export type CredentialTypeValue = (typeof credentialTypes)[CredentialTypeName];
+export declare const encodeCredentialType: Encoder<CredentialTypeName>;
+export declare const decodeCredentialType: Decoder<CredentialTypeName>;
+export {};

package/dist/src/credentialType.js

@@ -0,0 +1,11 @@
+import { decodeUint16, encodeUint16 } from "./codec/number";
+import { mapDecoderOption } from "./codec/tlsDecoder";
+import { contramapEncoder } from "./codec/tlsEncoder";
+import { openEnumNumberEncoder, openEnumNumberToKey } from "./util/enumHelpers";
+const credentialTypes = {
+    basic: 1,
+    x509: 2,
+};
+export const encodeCredentialType = contramapEncoder(encodeUint16, openEnumNumberEncoder(credentialTypes));
+export const decodeCredentialType = mapDecoderOption(decodeUint16, openEnumNumberToKey(credentialTypes));
+//# sourceMappingURL=credentialType.js.map

package/dist/src/credentialType.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credentialType.js","sourceRoot":"","sources":["../../src/credentialType.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAC3D,OAAO,EAAW,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AAC9D,OAAO,EAAE,gBAAgB,EAAW,MAAM,oBAAoB,CAAA;AAC9D,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAA;AAE/E,MAAM,eAAe,GAAG;IACtB,KAAK,EAAE,CAAC;IACR,IAAI,EAAE,CAAC;CACC,CAAA;AAKV,MAAM,CAAC,MAAM,oBAAoB,GAAgC,gBAAgB,CAC/E,YAAY,EACZ,qBAAqB,CAAC,eAAe,CAAC,CACvC,CAAA;AAED,MAAM,CAAC,MAAM,oBAAoB,GAAgC,gBAAgB,CAC/E,YAAY,EACZ,mBAAmB,CAAC,eAAe,CAAC,CACrC,CAAA"}

package/dist/src/crypto/aead.d.ts

@@ -0,0 +1,8 @@
+import { AeadInterface } from "@hpke/core";
+export type AeadAlgorithm = "AES128GCM" | "CHACHA20POLY1305" | "AES256GCM";
+export interface Aead {
+    hpkeInterface(): AeadInterface;
+    encrypt(key: Uint8Array, nonce: Uint8Array, aad: Uint8Array, plaintext: Uint8Array): Promise<Uint8Array>;
+    decrypt(key: Uint8Array, nonce: Uint8Array, aad: Uint8Array, ciphertext: Uint8Array): Promise<Uint8Array>;
+}
+export declare function makeAead(aeadAlg: AeadAlgorithm): Promise<Aead>;

package/dist/src/crypto/aead.js

@@ -0,0 +1,69 @@
+import { Aes128Gcm, Aes256Gcm } from "@hpke/core";
+import { bytesToBuffer } from "../util/byteArray";
+import { DependencyError } from "../mlsError";
+export async function makeAead(aeadAlg) {
+    switch (aeadAlg) {
+        case "AES128GCM":
+            return {
+                hpkeInterface() {
+                    return new Aes128Gcm();
+                },
+                encrypt(key, nonce, aad, plaintext) {
+                    return encryptAesGcm(key, nonce, aad, plaintext);
+                },
+                decrypt(key, nonce, aad, ciphertext) {
+                    return decryptAesGcm(key, nonce, aad, ciphertext);
+                },
+            };
+        case "AES256GCM":
+            return {
+                hpkeInterface() {
+                    return new Aes256Gcm();
+                },
+                encrypt(key, nonce, aad, plaintext) {
+                    return encryptAesGcm(key, nonce, aad, plaintext);
+                },
+                decrypt(key, nonce, aad, ciphertext) {
+                    return decryptAesGcm(key, nonce, aad, ciphertext);
+                },
+            };
+        case "CHACHA20POLY1305":
+            try {
+                const { Chacha20Poly1305 } = await import("@hpke/chacha20poly1305");
+                const { chacha20poly1305 } = await import("@noble/ciphers/chacha");
+                return {
+                    hpkeInterface() {
+                        return new Chacha20Poly1305();
+                    },
+                    async encrypt(key, nonce, aad, plaintext) {
+                        return chacha20poly1305(key, nonce, aad).encrypt(plaintext);
+                    },
+                    async decrypt(key, nonce, aad, ciphertext) {
+                        return chacha20poly1305(key, nonce, aad).decrypt(ciphertext);
+                    },
+                };
+            }
+            catch (err) {
+                throw new DependencyError("Optional dependency '@hpke/chacha20poly1305' is not installed. Please install it to use this feature.");
+            }
+    }
+}
+async function encryptAesGcm(key, nonce, aad, plaintext) {
+    const cryptoKey = await crypto.subtle.importKey("raw", bytesToBuffer(key), { name: "AES-GCM" }, false, ["encrypt"]);
+    const result = await crypto.subtle.encrypt({
+        name: "AES-GCM",
+        iv: bytesToBuffer(nonce),
+        additionalData: aad.length > 0 ? bytesToBuffer(aad) : undefined,
+    }, cryptoKey, bytesToBuffer(plaintext));
+    return new Uint8Array(result);
+}
+async function decryptAesGcm(key, nonce, aad, ciphertext) {
+    const cryptoKey = await crypto.subtle.importKey("raw", bytesToBuffer(key), { name: "AES-GCM" }, false, ["decrypt"]);
+    const result = await crypto.subtle.decrypt({
+        name: "AES-GCM",
+        iv: bytesToBuffer(nonce),
+        additionalData: aad.length > 0 ? bytesToBuffer(aad) : undefined,
+    }, cryptoKey, bytesToBuffer(ciphertext));
+    return new Uint8Array(result);
+}
+//# sourceMappingURL=aead.js.map

package/dist/src/crypto/aead.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aead.js","sourceRoot":"","sources":["../../../src/crypto/aead.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,YAAY,CAAA;AAEjD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AAU7C,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,OAAsB;IACnD,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,WAAW;YACd,OAAO;gBACL,aAAa;oBACX,OAAO,IAAI,SAAS,EAAE,CAAA;gBACxB,CAAC;gBACD,OAAO,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS;oBAChC,OAAO,aAAa,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS,CAAC,CAAA;gBAClD,CAAC;gBACD,OAAO,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,UAAU;oBACjC,OAAO,aAAa,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,UAAU,CAAC,CAAA;gBACnD,CAAC;aACF,CAAA;QACH,KAAK,WAAW;YACd,OAAO;gBACL,aAAa;oBACX,OAAO,IAAI,SAAS,EAAE,CAAA;gBACxB,CAAC;gBACD,OAAO,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS;oBAChC,OAAO,aAAa,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS,CAAC,CAAA;gBAClD,CAAC;gBACD,OAAO,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,UAAU;oBACjC,OAAO,aAAa,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,UAAU,CAAC,CAAA;gBACnD,CAAC;aACF,CAAA;QACH,KAAK,kBAAkB;YACrB,IAAI,CAAC;gBACH,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAA;gBACnE,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,CAAA;gBAClE,OAAO;oBACL,aAAa;wBACX,OAAO,IAAI,gBAAgB,EAAE,CAAA;oBAC/B,CAAC;oBACD,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS;wBACtC,OAAO,gBAAgB,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;oBAC7D,CAAC;oBACD,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,UAAU;wBACvC,OAAO,gBAAgB,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;oBAC9D,CAAC;iBACF,CAAA;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,IAAI,eAAe,CACvB,uGAAuG,CACxG,CAAA;YACH,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,GAAe,EACf,KAAiB,EACjB,GAAe,EACf,SAAqB;IAErB,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,KAAK,EAAE,CAAC,SAAS,CAAC,CAAC,CAAA;IACnH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CACxC;QACE,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,aAAa,CAAC,KAAK,CAAC;QACxB,cAAc,EAAE,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;KAChE,EACD,SAAS,EACT,aAAa,CAAC,SAAS,CAAC,CACzB,CAAA;IACD,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,CAAA;AAC/B,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,GAAe,EACf,KAAiB,EACjB,GAAe,EACf,UAAsB;IAEtB,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,KAAK,EAAE,CAAC,SAAS,CAAC,CAAC,CAAA;IACnH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CACxC;QACE,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,aAAa,CAAC,KAAK,CAAC;QACxB,cAAc,EAAE,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;KAChE,EACD,SAAS,EACT,aAAa,CAAC,UAAU,CAAC,CAC1B,CAAA;IACD,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,CAAA;AAC/B,CAAC"}

package/dist/src/crypto/ciphersuite.d.ts

@@ -0,0 +1,51 @@
+import { Signature, SignatureAlgorithm } from "./signature";
+import { Hash, HashAlgorithm } from "./hash";
+import { Kdf } from "./kdf";
+import { Hpke, HpkeAlgorithm } from "./hpke";
+import { Encoder } from "../codec/tlsEncoder";
+import { Decoder } from "../codec/tlsDecoder";
+import { Rng } from "./rng";
+export type CiphersuiteImpl = {
+    hash: Hash;
+    hpke: Hpke;
+    signature: Signature;
+    kdf: Kdf;
+    rng: Rng;
+    name: CiphersuiteName;
+};
+export declare const ciphersuites: {
+    readonly MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519: 1;
+    readonly MLS_128_DHKEMP256_AES128GCM_SHA256_P256: 2;
+    readonly MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519: 3;
+    readonly MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448: 4;
+    readonly MLS_256_DHKEMP521_AES256GCM_SHA512_P521: 5;
+    readonly MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448: 6;
+    readonly MLS_256_DHKEMP384_AES256GCM_SHA384_P384: 7;
+    readonly MLS_128_MLKEM512_AES128GCM_SHA256_Ed25519: 77;
+    readonly MLS_128_MLKEM512_CHACHA20POLY1305_SHA256_Ed25519: 78;
+    readonly MLS_256_MLKEM768_AES256GCM_SHA384_Ed25519: 79;
+    readonly MLS_256_MLKEM768_CHACHA20POLY1305_SHA384_Ed25519: 80;
+    readonly MLS_256_MLKEM1024_AES256GCM_SHA512_Ed25519: 81;
+    readonly MLS_256_MLKEM1024_CHACHA20POLY1305_SHA512_Ed25519: 82;
+    readonly MLS_256_XWING_AES256GCM_SHA512_Ed25519: 83;
+    readonly MLS_256_XWING_CHACHA20POLY1305_SHA512_Ed25519: 84;
+    readonly MLS_256_MLKEM1024_AES256GCM_SHA512_MLDSA87: 85;
+    readonly MLS_256_MLKEM1024_CHACHA20POLY1305_SHA512_MLDSA87: 86;
+    readonly MLS_256_XWING_AES256GCM_SHA512_MLDSA87: 87;
+    readonly MLS_256_XWING_CHACHA20POLY1305_SHA512_MLDSA87: 88;
+};
+export type CiphersuiteName = keyof typeof ciphersuites;
+export type CiphersuiteId = (typeof ciphersuites)[CiphersuiteName];
+export declare const encodeCiphersuite: Encoder<CiphersuiteName>;
+export declare const decodeCiphersuite: Decoder<CiphersuiteName>;
+export declare function getCiphersuiteNameFromId(id: CiphersuiteId): CiphersuiteName;
+export declare function getCiphersuiteFromId(id: CiphersuiteId): Ciphersuite;
+export declare function getCiphersuiteFromName(name: CiphersuiteName): Ciphersuite;
+export declare function getCiphersuiteImpl(cs: Ciphersuite): Promise<CiphersuiteImpl>;
+type Ciphersuite = {
+    hash: HashAlgorithm;
+    hpke: HpkeAlgorithm;
+    signature: SignatureAlgorithm;
+    name: CiphersuiteName;
+};
+export {};