UNPKG

@avalabs/avacloud-waas-react

Version:

React SDK for AvaCloud Wallet as a Service

github.com/ava-labs/avacloud-auth-react

ava-labs/avacloud-auth-react

1,805 lines (1,781 loc) • 77.2 kB

JavaScript

import { __esm } from "./chunk-CASSC3OP.mjs"; // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/errors.js var HpkeError, InvalidParamError, ValidationError, SerializeError, DeserializeError, EncapError, DecapError, ExportError, SealError, OpenError, MessageLimitReachedError, DeriveKeyPairError, NotSupportedError; var init_errors = __esm({ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/errors.js"() { "use strict"; HpkeError = class extends Error { constructor(e) { let message; if (e instanceof Error) { message = e.message; } else if (typeof e === "string") { message = e; } else { message = ""; } super(message); this.name = this.constructor.name; } }; InvalidParamError = class extends HpkeError { }; ValidationError = class extends HpkeError { }; SerializeError = class extends HpkeError { }; DeserializeError = class extends HpkeError { }; EncapError = class extends HpkeError { }; DecapError = class extends HpkeError { }; ExportError = class extends HpkeError { }; SealError = class extends HpkeError { }; OpenError = class extends HpkeError { }; MessageLimitReachedError = class extends HpkeError { }; DeriveKeyPairError = class extends HpkeError { }; NotSupportedError = class extends HpkeError { }; } }); // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/_dnt.shims.js function createMergeProxy(baseObj, extObj) { return new Proxy(baseObj, { get(_target, prop, _receiver) { if (prop in extObj) { return extObj[prop]; } else { return baseObj[prop]; } }, set(_target, prop, value) { if (prop in extObj) { delete extObj[prop]; } baseObj[prop] = value; return true; }, deleteProperty(_target, prop) { let success = false; if (prop in extObj) { delete extObj[prop]; success = true; } if (prop in baseObj) { delete baseObj[prop]; success = true; } return success; }, ownKeys(_target) { const baseKeys = Reflect.ownKeys(baseObj); const extKeys = Reflect.ownKeys(extObj); const extKeysSet = new Set(extKeys); return [...baseKeys.filter((k) => !extKeysSet.has(k)), ...extKeys]; }, defineProperty(_target, prop, desc) { if (prop in extObj) { delete extObj[prop]; } Reflect.defineProperty(baseObj, prop, desc); return true; }, getOwnPropertyDescriptor(_target, prop) { if (prop in extObj) { return Reflect.getOwnPropertyDescriptor(extObj, prop); } else { return Reflect.getOwnPropertyDescriptor(baseObj, prop); } }, has(_target, prop) { return prop in extObj || prop in baseObj; } }); } var dntGlobals, dntGlobalThis; var init_dnt_shims = __esm({ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/_dnt.shims.js"() { "use strict"; dntGlobals = {}; dntGlobalThis = createMergeProxy(globalThis, dntGlobals); } }); // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/algorithm.js async function loadSubtleCrypto() { if (dntGlobalThis !== void 0 && globalThis.crypto !== void 0) { return globalThis.crypto.subtle; } try { const { webcrypto } = await import("crypto"); return webcrypto.subtle; } catch (e) { throw new NotSupportedError(e); } } var NativeAlgorithm; var init_algorithm = __esm({ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/algorithm.js"() { "use strict"; init_dnt_shims(); init_errors(); NativeAlgorithm = class { constructor() { Object.defineProperty(this, "_api", { enumerable: true, configurable: true, writable: true, value: void 0 }); } async _setup() { if (this._api !== void 0) { return; } this._api = await loadSubtleCrypto(); } }; } }); // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/identifiers.js var Mode, KemId, KdfId, AeadId; var init_identifiers = __esm({ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/identifiers.js"() { "use strict"; Mode = { Base: 0, Psk: 1, Auth: 2, AuthPsk: 3 }; KemId = { NotAssigned: 0, DhkemP256HkdfSha256: 16, DhkemP384HkdfSha384: 17, DhkemP521HkdfSha512: 18, DhkemSecp256k1HkdfSha256: 19, DhkemX25519HkdfSha256: 32, DhkemX448HkdfSha512: 33, HybridkemX25519Kyber768: 48, MlKem512: 64, MlKem768: 65, MlKem1024: 66, XWing: 25722 }; KdfId = { HkdfSha256: 1, HkdfSha384: 2, HkdfSha512: 3 }; AeadId = { Aes128Gcm: 1, Aes256Gcm: 2, Chacha20Poly1305: 3, ExportOnly: 65535 }; } }); // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/consts.js var INPUT_LENGTH_LIMIT, MINIMUM_PSK_LENGTH, EMPTY; var init_consts = __esm({ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/consts.js"() { "use strict"; INPUT_LENGTH_LIMIT = 8192; MINIMUM_PSK_LENGTH = 32; EMPTY = new Uint8Array(0); } }); // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/interfaces/kemInterface.js var SUITE_ID_HEADER_KEM; var init_kemInterface = __esm({ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/interfaces/kemInterface.js"() { "use strict"; SUITE_ID_HEADER_KEM = new Uint8Array([ 75, 69, 77, 0, 0 ]); } }); // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/utils/misc.js function i2Osp(n, w) { if (w <= 0) { throw new Error("i2Osp: too small size"); } if (n >= 256 ** w) { throw new Error("i2Osp: too large integer"); } const ret = new Uint8Array(w); for (let i = 0; i < w && n; i++) { ret[w - (i + 1)] = n % 256; n = n >> 8; } return ret; } function concat(a, b) { const ret = new Uint8Array(a.length + b.length); ret.set(a, 0); ret.set(b, a.length); return ret; } function base64UrlToBytes(v) { const base64 = v.replace(/-/g, "+").replace(/_/g, "/"); const byteString = atob(base64); const ret = new Uint8Array(byteString.length); for (let i = 0; i < byteString.length; i++) { ret[i] = byteString.charCodeAt(i); } return ret; } function xor(a, b) { if (a.byteLength !== b.byteLength) { throw new Error("xor: different length inputs"); } const buf = new Uint8Array(a.byteLength); for (let i = 0; i < a.byteLength; i++) { buf[i] = a[i] ^ b[i]; } return buf; } var isCryptoKeyPair; var init_misc = __esm({ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/utils/misc.js"() { "use strict"; init_dnt_shims(); init_identifiers(); isCryptoKeyPair = (x) => typeof x === "object" && x !== null && typeof x.privateKey === "object" && typeof x.publicKey === "object"; } }); // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/kems/dhkem.js function concat3(a, b, c) { const ret = new Uint8Array(a.length + b.length + c.length); ret.set(a, 0); ret.set(b, a.length); ret.set(c, a.length + b.length); return ret; } var LABEL_EAE_PRK, LABEL_SHARED_SECRET, Dhkem; var init_dhkem = __esm({ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/kems/dhkem.js"() { "use strict"; init_consts(); init_errors(); init_kemInterface(); init_misc(); LABEL_EAE_PRK = new Uint8Array([101, 97, 101, 95, 112, 114, 107]); LABEL_SHARED_SECRET = new Uint8Array([ 115, 104, 97, 114, 101, 100, 95, 115, 101, 99, 114, 101, 116 ]); Dhkem = class { constructor(id, prim, kdf) { Object.defineProperty(this, "id", { enumerable: true, configurable: true, writable: true, value: void 0 }); Object.defineProperty(this, "secretSize", { enumerable: true, configurable: true, writable: true, value: 0 }); Object.defineProperty(this, "encSize", { enumerable: true, configurable: true, writable: true, value: 0 }); Object.defineProperty(this, "publicKeySize", { enumerable: true, configurable: true, writable: true, value: 0 }); Object.defineProperty(this, "privateKeySize", { enumerable: true, configurable: true, writable: true, value: 0 }); Object.defineProperty(this, "_prim", { enumerable: true, configurable: true, writable: true, value: void 0 }); Object.defineProperty(this, "_kdf", { enumerable: true, configurable: true, writable: true, value: void 0 }); this.id = id; this._prim = prim; this._kdf = kdf; const suiteId = new Uint8Array(SUITE_ID_HEADER_KEM); suiteId.set(i2Osp(this.id, 2), 3); this._kdf.init(suiteId); } async serializePublicKey(key) { return await this._prim.serializePublicKey(key); } async deserializePublicKey(key) { return await this._prim.deserializePublicKey(key); } async serializePrivateKey(key) { return await this._prim.serializePrivateKey(key); } async deserializePrivateKey(key) { return await this._prim.deserializePrivateKey(key); } async importKey(format, key, isPublic = true) { return await this._prim.importKey(format, key, isPublic); } async generateKeyPair() { return await this._prim.generateKeyPair(); } async deriveKeyPair(ikm) { if (ikm.byteLength > INPUT_LENGTH_LIMIT) { throw new InvalidParamError("Too long ikm"); } return await this._prim.deriveKeyPair(ikm); } async encap(params) { let ke; if (params.ekm === void 0) { ke = await this.generateKeyPair(); } else if (isCryptoKeyPair(params.ekm)) { ke = params.ekm; } else { ke = await this.deriveKeyPair(params.ekm); } const enc = await this._prim.serializePublicKey(ke.publicKey); const pkrm = await this._prim.serializePublicKey(params.recipientPublicKey); try { let dh; if (params.senderKey === void 0) { dh = new Uint8Array(await this._prim.dh(ke.privateKey, params.recipientPublicKey)); } else { const sks = isCryptoKeyPair(params.senderKey) ? params.senderKey.privateKey : params.senderKey; const dh1 = new Uint8Array(await this._prim.dh(ke.privateKey, params.recipientPublicKey)); const dh2 = new Uint8Array(await this._prim.dh(sks, params.recipientPublicKey)); dh = concat(dh1, dh2); } let kemContext; if (params.senderKey === void 0) { kemContext = concat(new Uint8Array(enc), new Uint8Array(pkrm)); } else { const pks = isCryptoKeyPair(params.senderKey) ? params.senderKey.publicKey : await this._prim.derivePublicKey(params.senderKey); const pksm = await this._prim.serializePublicKey(pks); kemContext = concat3(new Uint8Array(enc), new Uint8Array(pkrm), new Uint8Array(pksm)); } const sharedSecret = await this._generateSharedSecret(dh, kemContext); return { enc, sharedSecret }; } catch (e) { throw new EncapError(e); } } async decap(params) { const pke = await this._prim.deserializePublicKey(params.enc); const skr = isCryptoKeyPair(params.recipientKey) ? params.recipientKey.privateKey : params.recipientKey; const pkr = isCryptoKeyPair(params.recipientKey) ? params.recipientKey.publicKey : await this._prim.derivePublicKey(params.recipientKey); const pkrm = await this._prim.serializePublicKey(pkr); try { let dh; if (params.senderPublicKey === void 0) { dh = new Uint8Array(await this._prim.dh(skr, pke)); } else { const dh1 = new Uint8Array(await this._prim.dh(skr, pke)); const dh2 = new Uint8Array(await this._prim.dh(skr, params.senderPublicKey)); dh = concat(dh1, dh2); } let kemContext; if (params.senderPublicKey === void 0) { kemContext = concat(new Uint8Array(params.enc), new Uint8Array(pkrm)); } else { const pksm = await this._prim.serializePublicKey(params.senderPublicKey); kemContext = new Uint8Array(params.enc.byteLength + pkrm.byteLength + pksm.byteLength); kemContext.set(new Uint8Array(params.enc), 0); kemContext.set(new Uint8Array(pkrm), params.enc.byteLength); kemContext.set(new Uint8Array(pksm), params.enc.byteLength + pkrm.byteLength); } return await this._generateSharedSecret(dh, kemContext); } catch (e) { throw new DecapError(e); } } async _generateSharedSecret(dh, kemContext) { const labeledIkm = this._kdf.buildLabeledIkm(LABEL_EAE_PRK, dh); const labeledInfo = this._kdf.buildLabeledInfo(LABEL_SHARED_SECRET, kemContext, this.secretSize); return await this._kdf.extractAndExpand(EMPTY.buffer, labeledIkm.buffer, labeledInfo.buffer, this.secretSize); } }; } }); // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/interfaces/dhkemPrimitives.js var KEM_USAGES, LABEL_DKP_PRK, LABEL_SK; var init_dhkemPrimitives = __esm({ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/interfaces/dhkemPrimitives.js"() { "use strict"; KEM_USAGES = ["deriveBits"]; LABEL_DKP_PRK = new Uint8Array([ 100, 107, 112, 95, 112, 114, 107 ]); LABEL_SK = new Uint8Array([115, 107]); } }); // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/utils/bignum.js var Bignum; var init_bignum = __esm({ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/utils/bignum.js"() { "use strict"; Bignum = class { constructor(size) { Object.defineProperty(this, "_num", { enumerable: true, configurable: true, writable: true, value: void 0 }); this._num = new Uint8Array(size); } val() { return this._num; } reset() { this._num.fill(0); } set(src) { if (src.length !== this._num.length) { throw new Error("Bignum.set: invalid argument"); } this._num.set(src); } isZero() { for (let i = 0; i < this._num.length; i++) { if (this._num[i] !== 0) { return false; } } return true; } lessThan(v) { if (v.length !== this._num.length) { throw new Error("Bignum.lessThan: invalid argument"); } for (let i = 0; i < this._num.length; i++) { if (this._num[i] < v[i]) { return true; } if (this._num[i] > v[i]) { return false; } } return false; } }; } }); // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/kems/dhkemPrimitives/ec.js var LABEL_CANDIDATE, ORDER_P_256, ORDER_P_384, ORDER_P_521, PKCS8_ALG_ID_P_256, PKCS8_ALG_ID_P_384, PKCS8_ALG_ID_P_521, Ec; var init_ec = __esm({ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/kems/dhkemPrimitives/ec.js"() { "use strict"; init_algorithm(); init_consts(); init_errors(); init_identifiers(); init_dhkemPrimitives(); init_bignum(); init_misc(); LABEL_CANDIDATE = new Uint8Array([ 99, 97, 110, 100, 105, 100, 97, 116, 101 ]); ORDER_P_256 = new Uint8Array([ 255, 255, 255, 255, 0, 0, 0, 0, 255, 255, 255, 255, 255, 255, 255, 255, 188, 230, 250, 173, 167, 23, 158, 132, 243, 185, 202, 194, 252, 99, 37, 81 ]); ORDER_P_384 = new Uint8Array([ 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 199, 99, 77, 129, 244, 55, 45, 223, 88, 26, 13, 178, 72, 176, 167, 122, 236, 236, 25, 106, 204, 197, 41, 115 ]); ORDER_P_521 = new Uint8Array([ 1, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 250, 81, 134, 135, 131, 191, 47, 150, 107, 127, 204, 1, 72, 247, 9, 165, 208, 59, 181, 201, 184, 137, 156, 71, 174, 187, 111, 183, 30, 145, 56, 100, 9 ]); PKCS8_ALG_ID_P_256 = new Uint8Array([ 48, 65, 2, 1, 0, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 134, 72, 206, 61, 3, 1, 7, 4, 39, 48, 37, 2, 1, 1, 4, 32 ]); PKCS8_ALG_ID_P_384 = new Uint8Array([ 48, 78, 2, 1, 0, 48, 16, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 5, 43, 129, 4, 0, 34, 4, 55, 48, 53, 2, 1, 1, 4, 48 ]); PKCS8_ALG_ID_P_521 = new Uint8Array([ 48, 96, 2, 1, 0, 48, 16, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 5, 43, 129, 4, 0, 35, 4, 73, 48, 71, 2, 1, 1, 4, 66 ]); Ec = class extends NativeAlgorithm { constructor(kem, hkdf) { super(); Object.defineProperty(this, "_hkdf", { enumerable: true, configurable: true, writable: true, value: void 0 }); Object.defineProperty(this, "_alg", { enumerable: true, configurable: true, writable: true, value: void 0 }); Object.defineProperty(this, "_nPk", { enumerable: true, configurable: true, writable: true, value: void 0 }); Object.defineProperty(this, "_nSk", { enumerable: true, configurable: true, writable: true, value: void 0 }); Object.defineProperty(this, "_nDh", { enumerable: true, configurable: true, writable: true, value: void 0 }); Object.defineProperty(this, "_order", { enumerable: true, configurable: true, writable: true, value: void 0 }); Object.defineProperty(this, "_bitmask", { enumerable: true, configurable: true, writable: true, value: void 0 }); Object.defineProperty(this, "_pkcs8AlgId", { enumerable: true, configurable: true, writable: true, value: void 0 }); this._hkdf = hkdf; switch (kem) { case KemId.DhkemP256HkdfSha256: this._alg = { name: "ECDH", namedCurve: "P-256" }; this._nPk = 65; this._nSk = 32; this._nDh = 32; this._order = ORDER_P_256; this._bitmask = 255; this._pkcs8AlgId = PKCS8_ALG_ID_P_256; break; case KemId.DhkemP384HkdfSha384: this._alg = { name: "ECDH", namedCurve: "P-384" }; this._nPk = 97; this._nSk = 48; this._nDh = 48; this._order = ORDER_P_384; this._bitmask = 255; this._pkcs8AlgId = PKCS8_ALG_ID_P_384; break; default: this._alg = { name: "ECDH", namedCurve: "P-521" }; this._nPk = 133; this._nSk = 66; this._nDh = 66; this._order = ORDER_P_521; this._bitmask = 1; this._pkcs8AlgId = PKCS8_ALG_ID_P_521; break; } } async serializePublicKey(key) { await this._setup(); try { return await this._api.exportKey("raw", key); } catch (e) { throw new SerializeError(e); } } async deserializePublicKey(key) { await this._setup(); try { return await this._importRawKey(key, true); } catch (e) { throw new DeserializeError(e); } } async serializePrivateKey(key) { await this._setup(); try { const jwk = await this._api.exportKey("jwk", key); if (!("d" in jwk)) { throw new Error("Not private key"); } return base64UrlToBytes(jwk["d"]).buffer; } catch (e) { throw new SerializeError(e); } } async deserializePrivateKey(key) { await this._setup(); try { return await this._importRawKey(key, false); } catch (e) { throw new DeserializeError(e); } } async importKey(format, key, isPublic) { await this._setup(); try { if (format === "raw") { return await this._importRawKey(key, isPublic); } if (key instanceof ArrayBuffer) { throw new Error("Invalid jwk key format"); } return await this._importJWK(key, isPublic); } catch (e) { throw new DeserializeError(e); } } async generateKeyPair() { await this._setup(); try { return await this._api.generateKey(this._alg, true, KEM_USAGES); } catch (e) { throw new NotSupportedError(e); } } async deriveKeyPair(ikm) { await this._setup(); try { const dkpPrk = await this._hkdf.labeledExtract(EMPTY.buffer, LABEL_DKP_PRK, new Uint8Array(ikm)); const bn = new Bignum(this._nSk); for (let counter = 0; bn.isZero() || !bn.lessThan(this._order); counter++) { if (counter > 255) { throw new Error("Faild to derive a key pair"); } const bytes = new Uint8Array(await this._hkdf.labeledExpand(dkpPrk, LABEL_CANDIDATE, i2Osp(counter, 1), this._nSk)); bytes[0] = bytes[0] & this._bitmask; bn.set(bytes); } const sk = await this._deserializePkcs8Key(bn.val()); bn.reset(); return { privateKey: sk, publicKey: await this.derivePublicKey(sk) }; } catch (e) { throw new DeriveKeyPairError(e); } } async derivePublicKey(key) { await this._setup(); try { const jwk = await this._api.exportKey("jwk", key); delete jwk["d"]; delete jwk["key_ops"]; return await this._api.importKey("jwk", jwk, this._alg, true, []); } catch (e) { throw new DeserializeError(e); } } async dh(sk, pk) { try { await this._setup(); const bits = await this._api.deriveBits({ name: "ECDH", public: pk }, sk, this._nDh * 8); return bits; } catch (e) { throw new SerializeError(e); } } async _importRawKey(key, isPublic) { if (isPublic && key.byteLength !== this._nPk) { throw new Error("Invalid public key for the ciphersuite"); } if (!isPublic && key.byteLength !== this._nSk) { throw new Error("Invalid private key for the ciphersuite"); } if (isPublic) { return await this._api.importKey("raw", key, this._alg, true, []); } return await this._deserializePkcs8Key(new Uint8Array(key)); } async _importJWK(key, isPublic) { if (typeof key.crv === "undefined" || key.crv !== this._alg.namedCurve) { throw new Error(`Invalid crv: ${key.crv}`); } if (isPublic) { if (typeof key.d !== "undefined") { throw new Error("Invalid key: `d` should not be set"); } return await this._api.importKey("jwk", key, this._alg, true, []); } if (typeof key.d === "undefined") { throw new Error("Invalid key: `d` not found"); } return await this._api.importKey("jwk", key, this._alg, true, KEM_USAGES); } async _deserializePkcs8Key(k) { const pkcs8Key = new Uint8Array(this._pkcs8AlgId.length + k.length); pkcs8Key.set(this._pkcs8AlgId, 0); pkcs8Key.set(k, this._pkcs8AlgId.length); return await this._api.importKey("pkcs8", pkcs8Key, this._alg, true, KEM_USAGES); } }; } }); // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/xCryptoKey.js var init_xCryptoKey = __esm({ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/xCryptoKey.js"() { "use strict"; } }); // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/kems/hybridkem.js var init_hybridkem = __esm({ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/kems/hybridkem.js"() { "use strict"; init_consts(); init_errors(); init_identifiers(); init_dhkemPrimitives(); init_kemInterface(); init_misc(); init_xCryptoKey(); } }); // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/kdfs/hkdf.js var HPKE_VERSION, HkdfNative, HkdfSha256Native, HkdfSha384Native, HkdfSha512Native; var init_hkdf = __esm({ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/kdfs/hkdf.js"() { "use strict"; init_consts(); init_errors(); init_identifiers(); init_algorithm(); HPKE_VERSION = new Uint8Array([72, 80, 75, 69, 45, 118, 49]); HkdfNative = class extends NativeAlgorithm { constructor() { super(); Object.defineProperty(this, "id", { enumerable: true, configurable: true, writable: true, value: KdfId.HkdfSha256 }); Object.defineProperty(this, "hashSize", { enumerable: true, configurable: true, writable: true, value: 0 }); Object.defineProperty(this, "_suiteId", { enumerable: true, configurable: true, writable: true, value: EMPTY }); Object.defineProperty(this, "algHash", { enumerable: true, configurable: true, writable: true, value: { name: "HMAC", hash: "SHA-256", length: 256 } }); } init(suiteId) { this._suiteId = suiteId; } buildLabeledIkm(label, ikm) { this._checkInit(); const ret = new Uint8Array(7 + this._suiteId.byteLength + label.byteLength + ikm.byteLength); ret.set(HPKE_VERSION, 0); ret.set(this._suiteId, 7); ret.set(label, 7 + this._suiteId.byteLength); ret.set(ikm, 7 + this._suiteId.byteLength + label.byteLength); return ret; } buildLabeledInfo(label, info, len) { this._checkInit(); const ret = new Uint8Array(9 + this._suiteId.byteLength + label.byteLength + info.byteLength); ret.set(new Uint8Array([0, len]), 0); ret.set(HPKE_VERSION, 2); ret.set(this._suiteId, 9); ret.set(label, 9 + this._suiteId.byteLength); ret.set(info, 9 + this._suiteId.byteLength + label.byteLength); return ret; } async extract(salt, ikm) { await this._setup(); if (salt.byteLength === 0) { salt = new ArrayBuffer(this.hashSize); } if (salt.byteLength !== this.hashSize) { throw new InvalidParamError("The salt length must be the same as the hashSize"); } const key = await this._api.importKey("raw", salt, this.algHash, false, [ "sign" ]); return await this._api.sign("HMAC", key, ikm); } async expand(prk, info, len) { await this._setup(); const key = await this._api.importKey("raw", prk, this.algHash, false, [ "sign" ]); const okm = new ArrayBuffer(len); const p = new Uint8Array(okm); let prev = EMPTY; const mid = new Uint8Array(info); const tail = new Uint8Array(1); if (len > 255 * this.hashSize) { throw new Error("Entropy limit reached"); } const tmp = new Uint8Array(this.hashSize + mid.length + 1); for (let i = 1, cur = 0; cur < p.length; i++) { tail[0] = i; tmp.set(prev, 0); tmp.set(mid, prev.length); tmp.set(tail, prev.length + mid.length); prev = new Uint8Array(await this._api.sign("HMAC", key, tmp.slice(0, prev.length + mid.length + 1))); if (p.length - cur >= prev.length) { p.set(prev, cur); cur += prev.length; } else { p.set(prev.slice(0, p.length - cur), cur); cur += p.length - cur; } } return okm; } async extractAndExpand(salt, ikm, info, len) { await this._setup(); const baseKey = await this._api.importKey("raw", ikm, "HKDF", false, ["deriveBits"]); return await this._api.deriveBits({ name: "HKDF", hash: this.algHash.hash, salt, info }, baseKey, len * 8); } async labeledExtract(salt, label, ikm) { return await this.extract(salt, this.buildLabeledIkm(label, ikm).buffer); } async labeledExpand(prk, label, info, len) { return await this.expand(prk, this.buildLabeledInfo(label, info, len).buffer, len); } _checkInit() { if (this._suiteId === EMPTY) { throw new Error("Not initialized. Call init()"); } } }; HkdfSha256Native = class extends HkdfNative { constructor() { super(...arguments); Object.defineProperty(this, "id", { enumerable: true, configurable: true, writable: true, value: KdfId.HkdfSha256 }); Object.defineProperty(this, "hashSize", { enumerable: true, configurable: true, writable: true, value: 32 }); Object.defineProperty(this, "algHash", { enumerable: true, configurable: true, writable: true, value: { name: "HMAC", hash: "SHA-256", length: 256 } }); } }; HkdfSha384Native = class extends HkdfNative { constructor() { super(...arguments); Object.defineProperty(this, "id", { enumerable: true, configurable: true, writable: true, value: KdfId.HkdfSha384 }); Object.defineProperty(this, "hashSize", { enumerable: true, configurable: true, writable: true, value: 48 }); Object.defineProperty(this, "algHash", { enumerable: true, configurable: true, writable: true, value: { name: "HMAC", hash: "SHA-384", length: 384 } }); } }; HkdfSha512Native = class extends HkdfNative { constructor() { super(...arguments); Object.defineProperty(this, "id", { enumerable: true, configurable: true, writable: true, value: KdfId.HkdfSha512 }); Object.defineProperty(this, "hashSize", { enumerable: true, configurable: true, writable: true, value: 64 }); Object.defineProperty(this, "algHash", { enumerable: true, configurable: true, writable: true, value: { name: "HMAC", hash: "SHA-512", length: 512 } }); } }; } }); // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/interfaces/aeadEncryptionContext.js var AEAD_USAGES; var init_aeadEncryptionContext = __esm({ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/src/interfaces/aeadEncryptionContext.js"() { "use strict"; AEAD_USAGES = ["encrypt", "decrypt"]; } }); // ../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/mod.js var init_mod = __esm({ "../../node_modules/.pnpm/@hpke+common@1.7.3/node_modules/@hpke/common/esm/mod.js"() { "use strict"; init_errors(); init_algorithm(); init_identifiers(); init_dhkem(); init_ec(); init_hybridkem(); init_xCryptoKey(); init_hkdf(); init_aeadEncryptionContext(); init_dhkemPrimitives(); init_dhkemPrimitives(); init_kemInterface(); init_consts(); init_misc(); } }); // ../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/aeads/aesGcm.js var AesGcmContext, Aes128Gcm, Aes256Gcm; var init_aesGcm = __esm({ "../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/aeads/aesGcm.js"() { "use strict"; init_mod(); AesGcmContext = class extends NativeAlgorithm { constructor(key) { super(); Object.defineProperty(this, "_rawKey", { enumerable: true, configurable: true, writable: true, value: void 0 }); Object.defineProperty(this, "_key", { enumerable: true, configurable: true, writable: true, value: void 0 }); this._rawKey = key; } async seal(iv, data, aad) { await this._setupKey(); const alg = { name: "AES-GCM", iv, additionalData: aad }; const ct = await this._api.encrypt(alg, this._key, data); return ct; } async open(iv, data, aad) { await this._setupKey(); const alg = { name: "AES-GCM", iv, additionalData: aad }; const pt = await this._api.decrypt(alg, this._key, data); return pt; } async _setupKey() { if (this._key !== void 0) { return; } await this._setup(); const key = await this._importKey(this._rawKey); new Uint8Array(this._rawKey).fill(0); this._key = key; return; } async _importKey(key) { return await this._api.importKey("raw", key, { name: "AES-GCM" }, true, AEAD_USAGES); } }; Aes128Gcm = class { constructor() { Object.defineProperty(this, "id", { enumerable: true, configurable: true, writable: true, value: AeadId.Aes128Gcm }); Object.defineProperty(this, "keySize", { enumerable: true, configurable: true, writable: true, value: 16 }); Object.defineProperty(this, "nonceSize", { enumerable: true, configurable: true, writable: true, value: 12 }); Object.defineProperty(this, "tagSize", { enumerable: true, configurable: true, writable: true, value: 16 }); } createEncryptionContext(key) { return new AesGcmContext(key); } }; Aes256Gcm = class extends Aes128Gcm { constructor() { super(...arguments); Object.defineProperty(this, "id", { enumerable: true, configurable: true, writable: true, value: AeadId.Aes256Gcm }); Object.defineProperty(this, "keySize", { enumerable: true, configurable: true, writable: true, value: 32 }); Object.defineProperty(this, "nonceSize", { enumerable: true, configurable: true, writable: true, value: 12 }); Object.defineProperty(this, "tagSize", { enumerable: true, configurable: true, writable: true, value: 16 }); } }; } }); // ../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/aeads/exportOnly.js var ExportOnly; var init_exportOnly = __esm({ "../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/aeads/exportOnly.js"() { "use strict"; init_mod(); ExportOnly = class { constructor() { Object.defineProperty(this, "id", { enumerable: true, configurable: true, writable: true, value: AeadId.ExportOnly }); Object.defineProperty(this, "keySize", { enumerable: true, configurable: true, writable: true, value: 0 }); Object.defineProperty(this, "nonceSize", { enumerable: true, configurable: true, writable: true, value: 0 }); Object.defineProperty(this, "tagSize", { enumerable: true, configurable: true, writable: true, value: 0 }); } createEncryptionContext(_key) { throw new NotSupportedError("Export only"); } }; } }); // ../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/utils/emitNotSupported.js function emitNotSupported() { return new Promise((_resolve, reject) => { reject(new NotSupportedError("Not supported")); }); } var init_emitNotSupported = __esm({ "../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/utils/emitNotSupported.js"() { "use strict"; init_mod(); } }); // ../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/exporterContext.js var LABEL_SEC, ExporterContextImpl, RecipientExporterContextImpl, SenderExporterContextImpl; var init_exporterContext = __esm({ "../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/exporterContext.js"() { "use strict"; init_mod(); init_emitNotSupported(); LABEL_SEC = new Uint8Array([115, 101, 99]); ExporterContextImpl = class { constructor(api, kdf, exporterSecret) { Object.defineProperty(this, "_api", { enumerable: true, configurable: true, writable: true, value: void 0 }); Object.defineProperty(this, "exporterSecret", { enumerable: true, configurable: true, writable: true, value: void 0 }); Object.defineProperty(this, "_kdf", { enumerable: true, configurable: true, writable: true, value: void 0 }); this._api = api; this._kdf = kdf; this.exporterSecret = exporterSecret; } async seal(_data, _aad) { return await emitNotSupported(); } async open(_data, _aad) { return await emitNotSupported(); } async export(exporterContext, len) { if (exporterContext.byteLength > INPUT_LENGTH_LIMIT) { throw new InvalidParamError("Too long exporter context"); } try { return await this._kdf.labeledExpand(this.exporterSecret, LABEL_SEC, new Uint8Array(exporterContext), len); } catch (e) { throw new ExportError(e); } } }; RecipientExporterContextImpl = class extends ExporterContextImpl { }; SenderExporterContextImpl = class extends ExporterContextImpl { constructor(api, kdf, exporterSecret, enc) { super(api, kdf, exporterSecret); Object.defineProperty(this, "enc", { enumerable: true, configurable: true, writable: true, value: void 0 }); this.enc = enc; return; } }; } }); // ../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/encryptionContext.js var EncryptionContextImpl; var init_encryptionContext = __esm({ "../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/encryptionContext.js"() { "use strict"; init_mod(); init_exporterContext(); EncryptionContextImpl = class extends ExporterContextImpl { constructor(api, kdf, params) { super(api, kdf, params.exporterSecret); Object.defineProperty(this, "_aead", { enumerable: true, configurable: true, writable: true, value: void 0 }); Object.defineProperty(this, "_nK", { enumerable: true, configurable: true, writable: true, value: void 0 }); Object.defineProperty(this, "_nN", { enumerable: true, configurable: true, writable: true, value: void 0 }); Object.defineProperty(this, "_nT", { enumerable: true, configurable: true, writable: true, value: void 0 }); Object.defineProperty(this, "_ctx", { enumerable: true, configurable: true, writable: true, value: void 0 }); if (params.key === void 0 || params.baseNonce === void 0 || params.seq === void 0) { throw new Error("Required parameters are missing"); } this._aead = params.aead; this._nK = this._aead.keySize; this._nN = this._aead.nonceSize; this._nT = this._aead.tagSize; const key = this._aead.createEncryptionContext(params.key); this._ctx = { key, baseNonce: params.baseNonce, seq: params.seq }; } computeNonce(k) { const seqBytes = i2Osp(k.seq, k.baseNonce.byteLength); return xor(k.baseNonce, seqBytes).buffer; } incrementSeq(k) { if (k.seq > Number.MAX_SAFE_INTEGER) { throw new MessageLimitReachedError("Message limit reached"); } k.seq += 1; return; } }; } }); // ../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/recipientContext.js var RecipientContextImpl; var init_recipientContext = __esm({ "../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/recipientContext.js"() { "use strict"; init_mod(); init_encryptionContext(); RecipientContextImpl = class extends EncryptionContextImpl { async open(data, aad = EMPTY.buffer) { let pt; try { pt = await this._ctx.key.open(this.computeNonce(this._ctx), data, aad); } catch (e) { throw new OpenError(e); } this.incrementSeq(this._ctx); return pt; } }; } }); // ../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/senderContext.js var SenderContextImpl; var init_senderContext = __esm({ "../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/senderContext.js"() { "use strict"; init_mod(); init_encryptionContext(); SenderContextImpl = class extends EncryptionContextImpl { constructor(api, kdf, params, enc) { super(api, kdf, params); Object.defineProperty(this, "enc", { enumerable: true, configurable: true, writable: true, value: void 0 }); this.enc = enc; } async seal(data, aad = EMPTY.buffer) { let ct; try { ct = await this._ctx.key.seal(this.computeNonce(this._ctx), data, aad); } catch (e) { throw new SealError(e); } this.incrementSeq(this._ctx); return ct; } }; } }); // ../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/cipherSuiteNative.js var LABEL_BASE_NONCE, LABEL_EXP, LABEL_INFO_HASH, LABEL_KEY, LABEL_PSK_ID_HASH, LABEL_SECRET, SUITE_ID_HEADER_HPKE, CipherSuiteNative; var init_cipherSuiteNative = __esm({ "../../node_modules/.pnpm/@hpke+core@1.7.2/node_modules/@hpke/core/esm/src/cipherSuiteNative.js"() { "use strict"; init_mod(); init_exporterContext(); init_recipientContext(); init_senderContext(); LABEL_BASE_NONCE = new Uint8Array([ 98, 97, 115, 101, 95, 110, 111, 110, 99, 101 ]); LABEL_EXP = new Uint8Array([101, 120, 112]); LABEL_INFO_HASH = new Uint8Array([ 105, 110, 102, 111, 95, 104, 97, 115, 104 ]); LABEL_KEY = new Uint8Array([107, 101, 121]); LABEL_PSK_ID_HASH = new Uint8Array([ 112, 115, 107, 95, 105, 100, 95, 104, 97, 115, 104 ]); LABEL_SECRET = new Uint8Array([115, 101, 99, 114, 101, 116]); SUITE_ID_HEADER_HPKE = new Uint8Array([ 72, 80, 75, 69, 0, 0, 0, 0, 0, 0 ]); CipherSuiteNative = class extends NativeAlgorithm { /** * @param params A set of parameters for building a cipher suite. * * If the error occurred, throws {@link InvalidParamError}. * * @throws {@link InvalidParamError} */ constructor(params) { super(); Object.defineProperty(this, "_kem", { enumerable: true, configurable: true, writable: true, value: void 0 }); Object.defineProperty(this, "_kdf", { enumerable: true, configurable: true, writable: true, value: void 0 }); Object.defineProperty(this, "_aead", { enumerable: true, configurable: true, writable: true, value: void 0 }); Object.defineProperty(this, "_suiteId", { enumerable: true, configurable: true, writable: true, value: void 0 }); if (typeof params.kem === "number") { throw new InvalidParamError("KemId cannot be used"); } this._kem = params.kem; if (typeof params.kdf === "number") { throw new InvalidParamError("KdfId cannot be used"); } this._kdf = params.kdf; if (typeof params.aead === "number") { throw new InvalidParamError("AeadId cannot be used"); } this._aead = params.aead; this._suiteId = new Uint8Array(SUITE_ID_HEADER_HPKE); this._suiteId.set(i2Osp(this._kem.id, 2), 4); this._suiteId.set(i2Osp(this._kdf.id, 2), 6); this._suiteId.set(i2Osp(this._aead.id, 2), 8); this._kdf.init(this._suiteId); } /** * Gets the KEM context of the ciphersuite. */ get kem() { return this._kem; } /** * Gets the KDF context of the ciphersuite. */ get kdf() { return this._kdf; } /** * Gets the AEAD context of the ciphersuite. */ get aead() { return this._aead; } /** * Creates an encryption context for a sender. * * If the error occurred, throws {@link DecapError} | {@link ValidationError}. * * @param params A set of parameters for the sender encryption context. * @returns A sender encryption context. * @throws {@link EncapError}, {@link ValidationError} */ async createSenderContext(params) { this._validateInputLength(params); await this._setup(); const dh = await this._kem.encap(params); let mode; if (params.psk !== void 0) { mode = params.senderKey !== void 0 ? Mode.AuthPsk : Mode.Psk; } else { mode = params.senderKey !== void 0 ? Mode.Auth : Mode.Base; } return await this._keyScheduleS(mode, dh.sharedSecret, dh.enc, params); } /** * Creates an encryption context for a recipient. * * If the error o