ts-mls 1.0.2

package/dist/src/crypto/ciphersuite.js

@@ -0,0 +1,245 @@
+import { makeNobleSignatureImpl } from "./signature";
+import { makeHashImpl } from "./hash";
+import { makeKdf, makeKdfImpl } from "./kdf";
+import { makeHpke } from "./hpke";
+import { contramapEncoder } from "../codec/tlsEncoder";
+import { decodeUint16, encodeUint16 } from "../codec/number";
+import { mapDecoderOption } from "../codec/tlsDecoder";
+import { openEnumNumberEncoder, openEnumNumberToKey, reverseMap } from "../util/enumHelpers";
+import { webCryptoRng } from "./rng";
+export const ciphersuites = {
+    MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519: 1,
+    MLS_128_DHKEMP256_AES128GCM_SHA256_P256: 2,
+    MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519: 3,
+    MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448: 4,
+    MLS_256_DHKEMP521_AES256GCM_SHA512_P521: 5,
+    MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448: 6,
+    MLS_256_DHKEMP384_AES256GCM_SHA384_P384: 7,
+    MLS_128_MLKEM512_AES128GCM_SHA256_Ed25519: 77,
+    MLS_128_MLKEM512_CHACHA20POLY1305_SHA256_Ed25519: 78,
+    MLS_256_MLKEM768_AES256GCM_SHA384_Ed25519: 79,
+    MLS_256_MLKEM768_CHACHA20POLY1305_SHA384_Ed25519: 80,
+    MLS_256_MLKEM1024_AES256GCM_SHA512_Ed25519: 81,
+    MLS_256_MLKEM1024_CHACHA20POLY1305_SHA512_Ed25519: 82,
+    MLS_256_XWING_AES256GCM_SHA512_Ed25519: 83,
+    MLS_256_XWING_CHACHA20POLY1305_SHA512_Ed25519: 84,
+    MLS_256_MLKEM1024_AES256GCM_SHA512_MLDSA87: 85,
+    MLS_256_MLKEM1024_CHACHA20POLY1305_SHA512_MLDSA87: 86,
+    MLS_256_XWING_AES256GCM_SHA512_MLDSA87: 87,
+    MLS_256_XWING_CHACHA20POLY1305_SHA512_MLDSA87: 88,
+};
+export const encodeCiphersuite = contramapEncoder(encodeUint16, openEnumNumberEncoder(ciphersuites));
+export const decodeCiphersuite = mapDecoderOption(decodeUint16, openEnumNumberToKey(ciphersuites));
+export function getCiphersuiteNameFromId(id) {
+    return reverseMap(ciphersuites)[id];
+}
+export function getCiphersuiteFromId(id) {
+    return ciphersuiteValues[id];
+}
+export function getCiphersuiteFromName(name) {
+    return ciphersuiteValues[ciphersuites[name]];
+}
+export async function getCiphersuiteImpl(cs) {
+    const sc = crypto.subtle;
+    return {
+        kdf: makeKdfImpl(makeKdf(cs.hpke.kdf)),
+        hash: makeHashImpl(sc, cs.hash),
+        signature: await makeNobleSignatureImpl(cs.signature),
+        hpke: await makeHpke(cs.hpke),
+        rng: webCryptoRng,
+        name: cs.name,
+    };
+}
+const ciphersuiteValues = {
+    1: {
+        hash: "SHA-256",
+        hpke: {
+            kem: "DHKEM-X25519-HKDF-SHA256",
+            aead: "AES128GCM",
+            kdf: "HKDF-SHA256",
+        },
+        signature: "Ed25519",
+        name: "MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519",
+    },
+    2: {
+        hash: "SHA-256",
+        hpke: {
+            kem: "DHKEM-P256-HKDF-SHA256",
+            aead: "AES128GCM",
+            kdf: "HKDF-SHA256",
+        },
+        signature: "P256",
+        name: "MLS_128_DHKEMP256_AES128GCM_SHA256_P256",
+    },
+    3: {
+        hash: "SHA-256",
+        hpke: {
+            kem: "DHKEM-X25519-HKDF-SHA256",
+            aead: "CHACHA20POLY1305",
+            kdf: "HKDF-SHA256",
+        },
+        signature: "Ed25519",
+        name: "MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519",
+    },
+    4: {
+        hash: "SHA-512",
+        hpke: {
+            kem: "DHKEM-X448-HKDF-SHA512",
+            aead: "AES256GCM",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "Ed448",
+        name: "MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448",
+    },
+    5: {
+        hash: "SHA-512",
+        hpke: {
+            kem: "DHKEM-P521-HKDF-SHA512",
+            aead: "AES256GCM",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "P521",
+        name: "MLS_256_DHKEMP521_AES256GCM_SHA512_P521",
+    },
+    6: {
+        hash: "SHA-512",
+        hpke: {
+            kem: "DHKEM-X448-HKDF-SHA512",
+            aead: "CHACHA20POLY1305",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "Ed448",
+        name: "MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448",
+    },
+    7: {
+        hash: "SHA-384",
+        hpke: {
+            kem: "DHKEM-P384-HKDF-SHA384",
+            aead: "AES256GCM",
+            kdf: "HKDF-SHA384",
+        },
+        signature: "P384",
+        name: "MLS_256_DHKEMP384_AES256GCM_SHA384_P384",
+    },
+    77: {
+        hash: "SHA-256",
+        hpke: {
+            kem: "ML-KEM-512",
+            aead: "AES256GCM",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "Ed25519",
+        name: "MLS_128_MLKEM512_AES128GCM_SHA256_Ed25519",
+    },
+    78: {
+        hash: "SHA-256",
+        hpke: {
+            kem: "ML-KEM-512",
+            aead: "CHACHA20POLY1305",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "Ed25519",
+        name: "MLS_128_MLKEM512_CHACHA20POLY1305_SHA256_Ed25519",
+    },
+    79: {
+        hash: "SHA-384",
+        hpke: {
+            kem: "ML-KEM-768",
+            aead: "AES256GCM",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "Ed25519",
+        name: "MLS_256_MLKEM768_AES256GCM_SHA384_Ed25519",
+    },
+    80: {
+        hash: "SHA-384",
+        hpke: {
+            kem: "ML-KEM-768",
+            aead: "CHACHA20POLY1305",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "Ed25519",
+        name: "MLS_256_MLKEM768_CHACHA20POLY1305_SHA384_Ed25519",
+    },
+    81: {
+        hash: "SHA-512",
+        hpke: {
+            kem: "ML-KEM-1024",
+            aead: "AES256GCM",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "Ed25519",
+        name: "MLS_256_MLKEM1024_AES256GCM_SHA512_Ed25519",
+    },
+    82: {
+        hash: "SHA-512",
+        hpke: {
+            kem: "ML-KEM-1024",
+            aead: "CHACHA20POLY1305",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "Ed25519",
+        name: "MLS_256_MLKEM1024_CHACHA20POLY1305_SHA512_Ed25519",
+    },
+    83: {
+        hash: "SHA-512",
+        hpke: {
+            kem: "X-Wing",
+            aead: "AES256GCM",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "Ed25519",
+        name: "MLS_256_XWING_AES256GCM_SHA512_Ed25519",
+    },
+    84: {
+        hash: "SHA-512",
+        hpke: {
+            kem: "X-Wing",
+            aead: "CHACHA20POLY1305",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "Ed25519",
+        name: "MLS_256_XWING_CHACHA20POLY1305_SHA512_Ed25519",
+    },
+    85: {
+        hash: "SHA-512",
+        hpke: {
+            kem: "ML-KEM-1024",
+            aead: "AES256GCM",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "ML-DSA-87",
+        name: "MLS_256_MLKEM1024_AES256GCM_SHA512_MLDSA87",
+    },
+    86: {
+        hash: "SHA-512",
+        hpke: {
+            kem: "ML-KEM-1024",
+            aead: "CHACHA20POLY1305",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "ML-DSA-87",
+        name: "MLS_256_MLKEM1024_CHACHA20POLY1305_SHA512_MLDSA87",
+    },
+    87: {
+        hash: "SHA-512",
+        hpke: {
+            kem: "X-Wing",
+            aead: "AES256GCM",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "ML-DSA-87",
+        name: "MLS_256_XWING_AES256GCM_SHA512_MLDSA87",
+    },
+    88: {
+        hash: "SHA-512",
+        hpke: {
+            kem: "X-Wing",
+            aead: "CHACHA20POLY1305",
+            kdf: "HKDF-SHA512",
+        },
+        signature: "ML-DSA-87",
+        name: "MLS_256_XWING_CHACHA20POLY1305_SHA512_MLDSA87",
+    },
+};
+//# sourceMappingURL=ciphersuite.js.map

package/dist/src/crypto/ciphersuite.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ciphersuite.js","sourceRoot":"","sources":["../../../src/crypto/ciphersuite.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAiC,MAAM,aAAa,CAAA;AACnF,OAAO,EAAuB,YAAY,EAAE,MAAM,QAAQ,CAAA;AAC1D,OAAO,EAAO,OAAO,EAAE,WAAW,EAAE,MAAM,OAAO,CAAA;AACjD,OAAO,EAAuB,QAAQ,EAAE,MAAM,QAAQ,CAAA;AACtD,OAAO,EAAE,gBAAgB,EAAW,MAAM,qBAAqB,CAAA;AAC/D,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAC5D,OAAO,EAAW,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AAC/D,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAA;AAC5F,OAAO,EAAO,YAAY,EAAE,MAAM,OAAO,CAAA;AAWzC,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B,4CAA4C,EAAE,CAAC;IAC/C,uCAAuC,EAAE,CAAC;IAC1C,mDAAmD,EAAE,CAAC;IACtD,wCAAwC,EAAE,CAAC;IAC3C,uCAAuC,EAAE,CAAC;IAC1C,+CAA+C,EAAE,CAAC;IAClD,uCAAuC,EAAE,CAAC;IAC1C,yCAAyC,EAAE,EAAE;IAC7C,gDAAgD,EAAE,EAAE;IACpD,yCAAyC,EAAE,EAAE;IAC7C,gDAAgD,EAAE,EAAE;IACpD,0CAA0C,EAAE,EAAE;IAC9C,iDAAiD,EAAE,EAAE;IACrD,sCAAsC,EAAE,EAAE;IAC1C,6CAA6C,EAAE,EAAE;IACjD,0CAA0C,EAAE,EAAE;IAC9C,iDAAiD,EAAE,EAAE;IACrD,sCAAsC,EAAE,EAAE;IAC1C,6CAA6C,EAAE,EAAE;CACzC,CAAA;AAKV,MAAM,CAAC,MAAM,iBAAiB,GAA6B,gBAAgB,CACzE,YAAY,EACZ,qBAAqB,CAAC,YAAY,CAAC,CACpC,CAAA;AAED,MAAM,CAAC,MAAM,iBAAiB,GAA6B,gBAAgB,CACzE,YAAY,EACZ,mBAAmB,CAAC,YAAY,CAAC,CAClC,CAAA;AAED,MAAM,UAAU,wBAAwB,CAAC,EAAiB;IACxD,OAAO,UAAU,CAAC,YAAY,CAAC,CAAC,EAAE,CAAoB,CAAA;AACxD,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,EAAiB;IACpD,OAAO,iBAAiB,CAAC,EAAE,CAAC,CAAA;AAC9B,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,IAAqB;IAC1D,OAAO,iBAAiB,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAA;AAC9C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,EAAe;IACtD,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CAAA;IACxB,OAAO;QACL,GAAG,EAAE,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACtC,IAAI,EAAE,YAAY,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC;QAC/B,SAAS,EAAE,MAAM,sBAAsB,CAAC,EAAE,CAAC,SAAS,CAAC;QACrD,IAAI,EAAE,MAAM,QAAQ,CAAC,EAAE,CAAC,IAAI,CAAC;QAC7B,GAAG,EAAE,YAAY;QACjB,IAAI,EAAE,EAAE,CAAC,IAAI;KACd,CAAA;AACH,CAAC;AAED,MAAM,iBAAiB,GAAuC;IAC5D,CAAC,EAAE;QACD,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,0BAA0B;YAC/B,IAAI,EAAE,WAAW;YACjB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,8CAA8C;KACrD;IACD,CAAC,EAAE;QACD,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,wBAAwB;YAC7B,IAAI,EAAE,WAAW;YACjB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,MAAM;QACjB,IAAI,EAAE,yCAAyC;KAChD;IACD,CAAC,EAAE;QACD,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,0BAA0B;YAC/B,IAAI,EAAE,kBAAkB;YACxB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,qDAAqD;KAC5D;IACD,CAAC,EAAE;QACD,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,wBAAwB;YAC7B,IAAI,EAAE,WAAW;YACjB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,OAAO;QAClB,IAAI,EAAE,0CAA0C;KACjD;IACD,CAAC,EAAE;QACD,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,wBAAwB;YAC7B,IAAI,EAAE,WAAW;YACjB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,MAAM;QACjB,IAAI,EAAE,yCAAyC;KAChD;IACD,CAAC,EAAE;QACD,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,wBAAwB;YAC7B,IAAI,EAAE,kBAAkB;YACxB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,OAAO;QAClB,IAAI,EAAE,iDAAiD;KACxD;IACD,CAAC,EAAE;QACD,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,wBAAwB;YAC7B,IAAI,EAAE,WAAW;YACjB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,MAAM;QACjB,IAAI,EAAE,yCAAyC;KAChD;IAED,EAAE,EAAE;QACF,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,YAAY;YACjB,IAAI,EAAE,WAAW;YACjB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,2CAA2C;KAClD;IACD,EAAE,EAAE;QACF,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,YAAY;YACjB,IAAI,EAAE,kBAAkB;YACxB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,kDAAkD;KACzD;IACD,EAAE,EAAE;QACF,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,YAAY;YACjB,IAAI,EAAE,WAAW;YACjB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,2CAA2C;KAClD;IACD,EAAE,EAAE;QACF,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,YAAY;YACjB,IAAI,EAAE,kBAAkB;YACxB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,kDAAkD;KACzD;IACD,EAAE,EAAE;QACF,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,aAAa;YAClB,IAAI,EAAE,WAAW;YACjB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,4CAA4C;KACnD;IACD,EAAE,EAAE;QACF,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,aAAa;YAClB,IAAI,EAAE,kBAAkB;YACxB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,mDAAmD;KAC1D;IACD,EAAE,EAAE;QACF,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,QAAQ;YACb,IAAI,EAAE,WAAW;YACjB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,wCAAwC;KAC/C;IACD,EAAE,EAAE;QACF,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,QAAQ;YACb,IAAI,EAAE,kBAAkB;YACxB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,+CAA+C;KACtD;IACD,EAAE,EAAE;QACF,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,aAAa;YAClB,IAAI,EAAE,WAAW;YACjB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,WAAW;QACtB,IAAI,EAAE,4CAA4C;KACnD;IACD,EAAE,EAAE;QACF,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,aAAa;YAClB,IAAI,EAAE,kBAAkB;YACxB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,WAAW;QACtB,IAAI,EAAE,mDAAmD;KAC1D;IACD,EAAE,EAAE;QACF,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,QAAQ;YACb,IAAI,EAAE,WAAW;YACjB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,WAAW;QACtB,IAAI,EAAE,wCAAwC;KAC/C;IACD,EAAE,EAAE;QACF,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,GAAG,EAAE,QAAQ;YACb,IAAI,EAAE,kBAAkB;YACxB,GAAG,EAAE,aAAa;SACnB;QACD,SAAS,EAAE,WAAW;QACtB,IAAI,EAAE,+CAA+C;KACtD;CACO,CAAA"}

package/dist/src/crypto/hash.d.ts

@@ -0,0 +1,8 @@
+export type HashAlgorithm = "SHA-512" | "SHA-384" | "SHA-256";
+export declare function makeHashImpl(sc: SubtleCrypto, h: HashAlgorithm): Hash;
+export interface Hash {
+    digest(data: Uint8Array): Promise<Uint8Array>;
+    mac(key: Uint8Array, data: Uint8Array): Promise<Uint8Array>;
+    verifyMac(key: Uint8Array, mac: Uint8Array, data: Uint8Array): Promise<boolean>;
+}
+export declare function refhash(label: string, value: Uint8Array, h: Hash): Promise<Uint8Array<ArrayBufferLike>>;

package/dist/src/crypto/hash.js

@@ -0,0 +1,32 @@
+import { utf8ToBytes } from "@noble/ciphers/utils";
+import { encodeVarLenData } from "../codec/variableLength";
+import { bytesToBuffer } from "../util/byteArray";
+export function makeHashImpl(sc, h) {
+    return {
+        async digest(data) {
+            const result = await sc.digest(h, bytesToBuffer(data));
+            return new Uint8Array(result);
+        },
+        async mac(key, data) {
+            const result = await sc.sign("HMAC", await importMacKey(key, h), bytesToBuffer(data));
+            return new Uint8Array(result);
+        },
+        async verifyMac(key, mac, data) {
+            return sc.verify("HMAC", await importMacKey(key, h), bytesToBuffer(mac), bytesToBuffer(data));
+        },
+    };
+}
+function importMacKey(rawKey, h) {
+    return crypto.subtle.importKey("raw", bytesToBuffer(rawKey), {
+        name: "HMAC",
+        hash: { name: h },
+    }, false, ["sign", "verify"]);
+}
+export function refhash(label, value, h) {
+    return h.digest(encodeRefHash(label, value));
+}
+function encodeRefHash(label, value) {
+    const labelBytes = utf8ToBytes(label);
+    return new Uint8Array([...encodeVarLenData(labelBytes), ...encodeVarLenData(value)]);
+}
+//# sourceMappingURL=hash.js.map

package/dist/src/crypto/hash.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hash.js","sourceRoot":"","sources":["../../../src/crypto/hash.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAA;AAClD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AAIjD,MAAM,UAAU,YAAY,CAAC,EAAgB,EAAE,CAAgB;IAC7D,OAAO;QACL,KAAK,CAAC,MAAM,CAAC,IAAI;YACf,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,EAAE,aAAa,CAAC,IAAI,CAAC,CAAC,CAAA;YACtD,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,CAAA;QAC/B,CAAC;QACD,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI;YACjB,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,YAAY,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,aAAa,CAAC,IAAI,CAAC,CAAC,CAAA;YACrF,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,CAAA;QAC/B,CAAC;QACD,KAAK,CAAC,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI;YAC5B,OAAO,EAAE,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,YAAY,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE,aAAa,CAAC,IAAI,CAAC,CAAC,CAAA;QAC/F,CAAC;KACF,CAAA;AACH,CAAC;AAED,SAAS,YAAY,CAAC,MAAkB,EAAE,CAAgB;IACxD,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAC5B,KAAK,EACL,aAAa,CAAC,MAAM,CAAC,EACrB;QACE,IAAI,EAAE,MAAM;QACZ,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;KAClB,EACD,KAAK,EACL,CAAC,MAAM,EAAE,QAAQ,CAAC,CACnB,CAAA;AACH,CAAC;AAQD,MAAM,UAAU,OAAO,CAAC,KAAa,EAAE,KAAiB,EAAE,CAAO;IAC/D,OAAO,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAA;AAC9C,CAAC;AAED,SAAS,aAAa,CAAC,KAAa,EAAE,KAAiB;IACrD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,CAAA;IACrC,OAAO,IAAI,UAAU,CAAC,CAAC,GAAG,gBAAgB,CAAC,UAAU,CAAC,EAAE,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;AACtF,CAAC"}

package/dist/src/crypto/hpke.d.ts

@@ -0,0 +1,51 @@
+import { AeadAlgorithm } from "./aead";
+import { KdfAlgorithm } from "./kdf";
+import { KemAlgorithm } from "./kem";
+export type PublicKey = CryptoKey & {
+    type: "public";
+};
+export type SecretKey = CryptoKey & {
+    type: "secret";
+};
+export type PrivateKey = CryptoKey & {
+    type: "private";
+};
+export type HpkeAlgorithm = {
+    kem: KemAlgorithm;
+    kdf: KdfAlgorithm;
+    aead: AeadAlgorithm;
+};
+export declare function encryptWithLabel(publicKey: PublicKey, label: string, context: Uint8Array, plaintext: Uint8Array, hpke: Hpke): Promise<{
+    ct: Uint8Array;
+    enc: Uint8Array;
+}>;
+export declare function decryptWithLabel(privateKey: PrivateKey, label: string, context: Uint8Array, kemOutput: Uint8Array, ciphertext: Uint8Array, hpke: Hpke): Promise<Uint8Array>;
+export declare function makeHpke(hpkealg: HpkeAlgorithm): Promise<Hpke>;
+export interface Hpke {
+    open(privateKey: PrivateKey, kemOutput: Uint8Array, ciphertext: Uint8Array, info: Uint8Array, aad?: Uint8Array): Promise<Uint8Array>;
+    seal(publicKey: PublicKey, plaintext: Uint8Array, info: Uint8Array, aad?: Uint8Array): Promise<{
+        ct: Uint8Array;
+        enc: Uint8Array;
+    }>;
+    importPrivateKey(k: Uint8Array): Promise<PrivateKey>;
+    importPublicKey(k: Uint8Array): Promise<PublicKey>;
+    exportPublicKey(k: PublicKey): Promise<Uint8Array>;
+    exportPrivateKey(k: PrivateKey): Promise<Uint8Array>;
+    encryptAead(key: Uint8Array, nonce: Uint8Array, aad: Uint8Array | undefined, plaintext: Uint8Array): Promise<Uint8Array>;
+    decryptAead(key: Uint8Array, nonce: Uint8Array, aad: Uint8Array | undefined, ciphertext: Uint8Array): Promise<Uint8Array>;
+    exportSecret(publicKey: PublicKey, exporterContext: Uint8Array, length: number, info: Uint8Array): Promise<{
+        enc: Uint8Array;
+        secret: Uint8Array;
+    }>;
+    importSecret(privateKey: PrivateKey, exporterContext: Uint8Array, kemOutput: Uint8Array, length: number, info: Uint8Array): Promise<Uint8Array>;
+    deriveKeyPair(ikm: Uint8Array): Promise<{
+        privateKey: PrivateKey;
+        publicKey: PublicKey;
+    }>;
+    generateKeyPair(): Promise<{
+        privateKey: PrivateKey;
+        publicKey: PublicKey;
+    }>;
+    keyLength: number;
+    nonceLength: number;
+}

package/dist/src/crypto/hpke.js

@@ -0,0 +1,109 @@
+import { CipherSuite } from "@hpke/core";
+import { makeAead } from "./aead";
+import { makeKdf } from "./kdf";
+import { makeDhKem } from "./kem";
+import { encodeVarLenData } from "../codec/variableLength";
+import { bytesToBuffer } from "../util/byteArray";
+import { CryptoError } from "../mlsError";
+export function encryptWithLabel(publicKey, label, context, plaintext, hpke) {
+    return hpke.seal(publicKey, plaintext, new Uint8Array([...encodeVarLenData(new TextEncoder().encode(`MLS 1.0 ${label}`)), ...encodeVarLenData(context)]), new Uint8Array());
+}
+export function decryptWithLabel(privateKey, label, context, kemOutput, ciphertext, hpke) {
+    return hpke.open(privateKey, kemOutput, ciphertext, new Uint8Array([...encodeVarLenData(new TextEncoder().encode(`MLS 1.0 ${label}`)), ...encodeVarLenData(context)]));
+}
+export async function makeHpke(hpkealg) {
+    const aead = await makeAead(hpkealg.aead);
+    const cs = new CipherSuite({
+        kem: await makeDhKem(hpkealg.kem),
+        kdf: makeKdf(hpkealg.kdf),
+        aead: aead.hpkeInterface(),
+    });
+    return {
+        async open(privateKey, kemOutput, ciphertext, info, aad) {
+            try {
+                const result = await cs.open({ recipientKey: privateKey, enc: bytesToBuffer(kemOutput), info: bytesToBuffer(info) }, bytesToBuffer(ciphertext), aad ? bytesToBuffer(aad) : new ArrayBuffer());
+                return new Uint8Array(result);
+            }
+            catch (e) {
+                throw new CryptoError(`${e}`);
+            }
+        },
+        async seal(publicKey, plaintext, info, aad) {
+            const result = await cs.seal({ recipientPublicKey: publicKey, info: bytesToBuffer(info) }, bytesToBuffer(plaintext), aad ? bytesToBuffer(aad) : new ArrayBuffer());
+            return {
+                ct: new Uint8Array(result.ct),
+                enc: new Uint8Array(result.enc),
+            };
+        },
+        async exportSecret(publicKey, exporterContext, length, info) {
+            const context = await cs.createSenderContext({ recipientPublicKey: publicKey, info: bytesToBuffer(info) });
+            return {
+                enc: new Uint8Array(context.enc),
+                secret: new Uint8Array(await context.export(bytesToBuffer(exporterContext), length)),
+            };
+        },
+        async importSecret(privateKey, exporterContext, kemOutput, length, info) {
+            try {
+                const context = await cs.createRecipientContext({
+                    recipientKey: privateKey,
+                    info: bytesToBuffer(info),
+                    enc: bytesToBuffer(kemOutput),
+                });
+                return new Uint8Array(await context.export(bytesToBuffer(exporterContext), length));
+            }
+            catch (e) {
+                throw new CryptoError(`${e}`);
+            }
+        },
+        async importPrivateKey(k) {
+            try {
+                // See https://github.com/mlswg/mls-implementations/issues/176#issuecomment-1817043142
+                const key = hpkealg.kem === "DHKEM-P521-HKDF-SHA512" ? prepadPrivateKeyP521(k) : k;
+                return (await cs.kem.deserializePrivateKey(bytesToBuffer(key)));
+            }
+            catch (e) {
+                throw new CryptoError(`${e}`);
+            }
+        },
+        async importPublicKey(k) {
+            try {
+                return (await cs.kem.deserializePublicKey(bytesToBuffer(k)));
+            }
+            catch (e) {
+                throw new CryptoError(`${e}`);
+            }
+        },
+        async exportPublicKey(k) {
+            return new Uint8Array(await cs.kem.serializePublicKey(k));
+        },
+        async exportPrivateKey(k) {
+            return new Uint8Array(await cs.kem.serializePrivateKey(k));
+        },
+        async encryptAead(key, nonce, aad, plaintext) {
+            return aead.encrypt(key, nonce, aad ? aad : new Uint8Array(), plaintext);
+        },
+        async decryptAead(key, nonce, aad, ciphertext) {
+            try {
+                return await aead.decrypt(key, nonce, aad ? aad : new Uint8Array(), ciphertext);
+            }
+            catch (e) {
+                throw new CryptoError(`${e}`);
+            }
+        },
+        async deriveKeyPair(ikm) {
+            const kp = await cs.kem.deriveKeyPair(bytesToBuffer(ikm));
+            return { privateKey: kp.privateKey, publicKey: kp.publicKey };
+        },
+        async generateKeyPair() {
+            const kp = await cs.kem.generateKeyPair();
+            return { privateKey: kp.privateKey, publicKey: kp.publicKey };
+        },
+        keyLength: cs.aead.keySize,
+        nonceLength: cs.aead.nonceSize,
+    };
+}
+function prepadPrivateKeyP521(k) {
+    const lengthDifference = 66 - k.byteLength;
+    return new Uint8Array([...new Uint8Array(lengthDifference), ...k]);
+}
+//# sourceMappingURL=hpke.js.map

package/dist/src/crypto/hpke.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hpke.js","sourceRoot":"","sources":["../../../src/crypto/hpke.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AACxC,OAAO,EAAiB,QAAQ,EAAE,MAAM,QAAQ,CAAA;AAChD,OAAO,EAAgB,OAAO,EAAE,MAAM,OAAO,CAAA;AAC7C,OAAO,EAAgB,SAAS,EAAE,MAAM,OAAO,CAAA;AAC/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAYzC,MAAM,UAAU,gBAAgB,CAC9B,SAAoB,EACpB,KAAa,EACb,OAAmB,EACnB,SAAqB,EACrB,IAAU;IAEV,OAAO,IAAI,CAAC,IAAI,CACd,SAAS,EACT,SAAS,EACT,IAAI,UAAU,CAAC,CAAC,GAAG,gBAAgB,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,WAAW,KAAK,EAAE,CAAC,CAAC,EAAE,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC,EACjH,IAAI,UAAU,EAAE,CACjB,CAAA;AACH,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,UAAsB,EACtB,KAAa,EACb,OAAmB,EACnB,SAAqB,EACrB,UAAsB,EACtB,IAAU;IAEV,OAAO,IAAI,CAAC,IAAI,CACd,UAAU,EACV,SAAS,EACT,UAAU,EACV,IAAI,UAAU,CAAC,CAAC,GAAG,gBAAgB,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,WAAW,KAAK,EAAE,CAAC,CAAC,EAAE,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC,CAClH,CAAA;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,OAAsB;IACnD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;IACzC,MAAM,EAAE,GAAG,IAAI,WAAW,CAAC;QACzB,GAAG,EAAE,MAAM,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC;QACjC,GAAG,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC;QACzB,IAAI,EAAE,IAAI,CAAC,aAAa,EAAE;KAC3B,CAAC,CAAA;IAEF,OAAO;QACL,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,IAAI,EAAE,GAAG;YACrD,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,IAAI,CAC1B,EAAE,YAAY,EAAE,UAAU,EAAE,GAAG,EAAE,aAAa,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,aAAa,CAAC,IAAI,CAAC,EAAE,EACtF,aAAa,CAAC,UAAU,CAAC,EACzB,GAAG,CAAC,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAC7C,CAAA;gBACD,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,CAAA;YAC/B,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;YAC/B,CAAC;QACH,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG;YACxC,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,IAAI,CAC1B,EAAE,kBAAkB,EAAE,SAAS,EAAE,IAAI,EAAE,aAAa,CAAC,IAAI,CAAC,EAAE,EAC5D,aAAa,CAAC,SAAS,CAAC,EACxB,GAAG,CAAC,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAC7C,CAAA;YACD,OAAO;gBACL,EAAE,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC7B,GAAG,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC;aAChC,CAAA;QACH,CAAC;QACD,KAAK,CAAC,YAAY,CAAC,SAAS,EAAE,eAAe,EAAE,MAAM,EAAE,IAAI;YACzD,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,mBAAmB,CAAC,EAAE,kBAAkB,EAAE,SAAS,EAAE,IAAI,EAAE,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAC1G,OAAO;gBACL,GAAG,EAAE,IAAI,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC;gBAChC,MAAM,EAAE,IAAI,UAAU,CAAC,MAAM,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC,CAAC;aACrF,CAAA;QACH,CAAC;QACD,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI;YACrE,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,sBAAsB,CAAC;oBAC9C,YAAY,EAAE,UAAU;oBACxB,IAAI,EAAE,aAAa,CAAC,IAAI,CAAC;oBACzB,GAAG,EAAE,aAAa,CAAC,SAAS,CAAC;iBAC9B,CAAC,CAAA;gBACF,OAAO,IAAI,UAAU,CAAC,MAAM,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC,CAAC,CAAA;YACrF,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;YAC/B,CAAC;QACH,CAAC;QACD,KAAK,CAAC,gBAAgB,CAAC,CAAC;YACtB,IAAI,CAAC;gBACH,sFAAsF;gBACtF,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,KAAK,wBAAwB,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;gBAClF,OAAO,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,qBAAqB,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAe,CAAA;YAC/E,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;YAC/B,CAAC;QACH,CAAC;QACD,KAAK,CAAC,eAAe,CAAC,CAAC;YACrB,IAAI,CAAC;gBACH,OAAO,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,oBAAoB,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAc,CAAA;YAC3E,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;YAC/B,CAAC;QACH,CAAC;QACD,KAAK,CAAC,eAAe,CAAC,CAAC;YACrB,OAAO,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAA;QAC3D,CAAC;QACD,KAAK,CAAC,gBAAgB,CAAC,CAAC;YACtB,OAAO,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAA;QAC5D,CAAC;QACD,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS;YAC1C,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,UAAU,EAAE,EAAE,SAAS,CAAC,CAAA;QAC1E,CAAC;QACD,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,UAAU;YAC3C,IAAI,CAAC;gBACH,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,UAAU,EAAE,EAAE,UAAU,CAAC,CAAA;YACjF,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;YAC/B,CAAC;QACH,CAAC;QACD,KAAK,CAAC,aAAa,CAAC,GAAG;YACrB,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,GAAG,CAAC,aAAa,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAA;YACzD,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC,UAAwB,EAAE,SAAS,EAAE,EAAE,CAAC,SAAsB,EAAE,CAAA;QAC1F,CAAC;QACD,KAAK,CAAC,eAAe;YACnB,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,GAAG,CAAC,eAAe,EAAE,CAAA;YACzC,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC,UAAwB,EAAE,SAAS,EAAE,EAAE,CAAC,SAAsB,EAAE,CAAA;QAC1F,CAAC;QACD,SAAS,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO;QAC1B,WAAW,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS;KAC/B,CAAA;AACH,CAAC;AAmDD,SAAS,oBAAoB,CAAC,CAAa;IACzC,MAAM,gBAAgB,GAAG,EAAE,GAAG,CAAC,CAAC,UAAU,CAAA;IAC1C,OAAO,IAAI,UAAU,CAAC,CAAC,GAAG,IAAI,UAAU,CAAC,gBAAgB,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAA;AACpE,CAAC"}

package/dist/src/crypto/kdf.d.ts

@@ -0,0 +1,12 @@
+import { KdfInterface } from "@hpke/core";
+export interface Kdf {
+    extract(salt: Uint8Array, ikm: Uint8Array): Promise<Uint8Array>;
+    expand(prk: Uint8Array, info: Uint8Array, len: number): Promise<Uint8Array>;
+    size: number;
+}
+export type KdfAlgorithm = "HKDF-SHA256" | "HKDF-SHA384" | "HKDF-SHA512";
+export declare function makeKdfImpl(k: KdfInterface): Kdf;
+export declare function makeKdf(kdfAlg: KdfAlgorithm): KdfInterface;
+export declare function expandWithLabel(secret: Uint8Array, label: string, context: Uint8Array, length: number, kdf: Kdf): Promise<Uint8Array>;
+export declare function deriveSecret(secret: Uint8Array, label: string, kdf: Kdf): Promise<Uint8Array>;
+export declare function deriveTreeSecret(secret: Uint8Array, label: string, generation: number, length: number, kdf: Kdf): Promise<Uint8Array>;

package/dist/src/crypto/kdf.js

@@ -0,0 +1,42 @@
+import { utf8ToBytes } from "@noble/ciphers/utils";
+import { HkdfSha256, HkdfSha384, HkdfSha512 } from "@hpke/core";
+import { encodeVarLenData } from "../codec/variableLength";
+import { encodeUint16, encodeUint32 } from "../codec/number";
+import { bytesToBuffer } from "../util/byteArray";
+export function makeKdfImpl(k) {
+    return {
+        async extract(salt, ikm) {
+            const result = await k.extract(bytesToBuffer(salt), bytesToBuffer(ikm));
+            return new Uint8Array(result);
+        },
+        async expand(prk, info, len) {
+            const result = await k.expand(bytesToBuffer(prk), bytesToBuffer(info), len);
+            return new Uint8Array(result);
+        },
+        size: k.hashSize,
+    };
+}
+export function makeKdf(kdfAlg) {
+    switch (kdfAlg) {
+        case "HKDF-SHA256":
+            return new HkdfSha256();
+        case "HKDF-SHA384":
+            return new HkdfSha384();
+        case "HKDF-SHA512":
+            return new HkdfSha512();
+    }
+}
+export function expandWithLabel(secret, label, context, length, kdf) {
+    return kdf.expand(secret, new Uint8Array([
+        ...encodeUint16(length),
+        ...encodeVarLenData(utf8ToBytes(`MLS 1.0 ${label}`)),
+        ...encodeVarLenData(context),
+    ]), length);
+}
+export async function deriveSecret(secret, label, kdf) {
+    return expandWithLabel(secret, label, new Uint8Array(), kdf.size, kdf);
+}
+export async function deriveTreeSecret(secret, label, generation, length, kdf) {
+    return expandWithLabel(secret, label, encodeUint32(generation), length, kdf);
+}
+//# sourceMappingURL=kdf.js.map

package/dist/src/crypto/kdf.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"kdf.js","sourceRoot":"","sources":["../../../src/crypto/kdf.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAA;AAClD,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA;AAC/D,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC1D,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAC5D,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AAUjD,MAAM,UAAU,WAAW,CAAC,CAAe;IACzC,OAAO;QACL,KAAK,CAAC,OAAO,CAAC,IAAgB,EAAE,GAAe;YAC7C,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC,CAAA;YACvE,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,CAAA;QAC/B,CAAC;QACD,KAAK,CAAC,MAAM,CAAC,GAAe,EAAE,IAAgB,EAAE,GAAW;YACzD,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,aAAa,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,CAAA;YAC3E,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,CAAA;QAC/B,CAAC;QACD,IAAI,EAAE,CAAC,CAAC,QAAQ;KACjB,CAAA;AACH,CAAC;AAED,MAAM,UAAU,OAAO,CAAC,MAAoB;IAC1C,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,aAAa;YAChB,OAAO,IAAI,UAAU,EAAE,CAAA;QACzB,KAAK,aAAa;YAChB,OAAO,IAAI,UAAU,EAAE,CAAA;QACzB,KAAK,aAAa;YAChB,OAAO,IAAI,UAAU,EAAE,CAAA;IAC3B,CAAC;AACH,CAAC;AAED,MAAM,UAAU,eAAe,CAC7B,MAAkB,EAClB,KAAa,EACb,OAAmB,EACnB,MAAc,EACd,GAAQ;IAER,OAAO,GAAG,CAAC,MAAM,CACf,MAAM,EACN,IAAI,UAAU,CAAC;QACb,GAAG,YAAY,CAAC,MAAM,CAAC;QACvB,GAAG,gBAAgB,CAAC,WAAW,CAAC,WAAW,KAAK,EAAE,CAAC,CAAC;QACpD,GAAG,gBAAgB,CAAC,OAAO,CAAC;KAC7B,CAAC,EACF,MAAM,CACP,CAAA;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,MAAkB,EAAE,KAAa,EAAE,GAAQ;IAC5E,OAAO,eAAe,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,UAAU,EAAE,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;AACxE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,MAAkB,EAClB,KAAa,EACb,UAAkB,EAClB,MAAc,EACd,GAAQ;IAER,OAAO,eAAe,CAAC,MAAM,EAAE,KAAK,EAAE,YAAY,CAAC,UAAU,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,CAAA;AAC9E,CAAC"}

package/dist/src/crypto/kem.d.ts

@@ -0,0 +1,3 @@
+import { KemInterface } from "@hpke/core";
+export type KemAlgorithm = "DHKEM-P256-HKDF-SHA256" | "DHKEM-X25519-HKDF-SHA256" | "DHKEM-X448-HKDF-SHA512" | "DHKEM-P521-HKDF-SHA512" | "DHKEM-P384-HKDF-SHA384" | "ML-KEM-512" | "ML-KEM-768" | "ML-KEM-1024" | "X-Wing";
+export declare function makeDhKem(kemAlg: KemAlgorithm): Promise<KemInterface>;

package/dist/src/crypto/kem.js

@@ -0,0 +1,49 @@
+import { DhkemP256HkdfSha256, DhkemP384HkdfSha384, DhkemP521HkdfSha512, DhkemX25519HkdfSha256, DhkemX448HkdfSha512, } from "@hpke/core";
+import { DependencyError } from "../mlsError";
+export async function makeDhKem(kemAlg) {
+    switch (kemAlg) {
+        case "DHKEM-P256-HKDF-SHA256":
+            return new DhkemP256HkdfSha256();
+        case "DHKEM-X25519-HKDF-SHA256":
+            return new DhkemX25519HkdfSha256();
+        case "DHKEM-X448-HKDF-SHA512":
+            return new DhkemX448HkdfSha512();
+        case "DHKEM-P521-HKDF-SHA512":
+            return new DhkemP521HkdfSha512();
+        case "DHKEM-P384-HKDF-SHA384":
+            return new DhkemP384HkdfSha384();
+        case "ML-KEM-512":
+            try {
+                const { MlKem512 } = await import("@hpke/ml-kem");
+                return new MlKem512();
+            }
+            catch (err) {
+                throw new DependencyError("Optional dependency '@hpke/ml-kem' is not installed. Please install it to use this feature.");
+            }
+        case "ML-KEM-768":
+            try {
+                const { MlKem768 } = await import("@hpke/ml-kem");
+                return new MlKem768();
+            }
+            catch (err) {
+                throw new DependencyError("Optional dependency '@hpke/ml-kem' is not installed. Please install it to use this feature.");
+            }
+        case "ML-KEM-1024":
+            try {
+                const { MlKem1024 } = await import("@hpke/ml-kem");
+                return new MlKem1024();
+            }
+            catch (err) {
+                throw new DependencyError("Optional dependency '@hpke/ml-kem' is not installed. Please install it to use this feature.");
+            }
+        case "X-Wing":
+            try {
+                const { XWing } = await import("@hpke/hybridkem-x-wing");
+                return new XWing();
+            }
+            catch (err) {
+                throw new DependencyError("Optional dependency '@hpke/hybridkem-x-wing' is not installed. Please install it to use this feature.");
+            }
+    }
+}
+//# sourceMappingURL=kem.js.map

package/dist/src/crypto/kem.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"kem.js","sourceRoot":"","sources":["../../../src/crypto/kem.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,GAEpB,MAAM,YAAY,CAAA;AACnB,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AAa7C,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,MAAoB;IAClD,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,wBAAwB;YAC3B,OAAO,IAAI,mBAAmB,EAAE,CAAA;QAClC,KAAK,0BAA0B;YAC7B,OAAO,IAAI,qBAAqB,EAAE,CAAA;QACpC,KAAK,wBAAwB;YAC3B,OAAO,IAAI,mBAAmB,EAAE,CAAA;QAClC,KAAK,wBAAwB;YAC3B,OAAO,IAAI,mBAAmB,EAAE,CAAA;QAClC,KAAK,wBAAwB;YAC3B,OAAO,IAAI,mBAAmB,EAAE,CAAA;QAClC,KAAK,YAAY;YACf,IAAI,CAAC;gBACH,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,CAAA;gBACjD,OAAO,IAAI,QAAQ,EAAE,CAAA;YACvB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,IAAI,eAAe,CACvB,6FAA6F,CAC9F,CAAA;YACH,CAAC;QAEH,KAAK,YAAY;YACf,IAAI,CAAC;gBACH,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,CAAA;gBACjD,OAAO,IAAI,QAAQ,EAAE,CAAA;YACvB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,IAAI,eAAe,CACvB,6FAA6F,CAC9F,CAAA;YACH,CAAC;QACH,KAAK,aAAa;YAChB,IAAI,CAAC;gBACH,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,CAAA;gBAClD,OAAO,IAAI,SAAS,EAAE,CAAA;YACxB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,IAAI,eAAe,CACvB,6FAA6F,CAC9F,CAAA;YACH,CAAC;QACH,KAAK,QAAQ;YACX,IAAI,CAAC;gBACH,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAA;gBACxD,OAAO,IAAI,KAAK,EAAE,CAAA;YACpB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,IAAI,eAAe,CACvB,uGAAuG,CACxG,CAAA;YACH,CAAC;IACL,CAAC;AACH,CAAC"}

package/dist/src/crypto/rng.d.ts

@@ -0,0 +1,4 @@
+export interface Rng {
+    randomBytes(n: number): Uint8Array;
+}
+export declare const webCryptoRng: Rng;

package/dist/src/crypto/rng.js

@@ -0,0 +1,6 @@
+export const webCryptoRng = {
+    randomBytes(n) {
+        return crypto.getRandomValues(new Uint8Array(n));
+    },
+};
+//# sourceMappingURL=rng.js.map

package/dist/src/crypto/rng.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rng.js","sourceRoot":"","sources":["../../../src/crypto/rng.ts"],"names":[],"mappings":"AAIA,MAAM,CAAC,MAAM,YAAY,GAAQ;IAC/B,WAAW,CAAC,CAAC;QACX,OAAO,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CAAA;IAClD,CAAC;CACF,CAAA"}

package/dist/src/crypto/signature.d.ts

@@ -0,0 +1,12 @@
+export interface Signature {
+    sign(signKey: Uint8Array, message: Uint8Array): Promise<Uint8Array>;
+    verify(publicKey: Uint8Array, message: Uint8Array, signature: Uint8Array): Promise<boolean>;
+    keygen(): Promise<{
+        publicKey: Uint8Array;
+        signKey: Uint8Array;
+    }>;
+}
+export type SignatureAlgorithm = "Ed25519" | "Ed448" | "P256" | "P384" | "P521" | "ML-DSA-87";
+export declare function signWithLabel(signKey: Uint8Array, label: string, content: Uint8Array, s: Signature): Promise<Uint8Array>;
+export declare function verifyWithLabel(publicKey: Uint8Array, label: string, content: Uint8Array, signature: Uint8Array, s: Signature): Promise<boolean>;
+export declare function makeNobleSignatureImpl(alg: SignatureAlgorithm): Promise<Signature>;