UNPKG

@hpke/core

Version:

A Hybrid Public Key Encryption (HPKE) core module for various JavaScript runtimes

github.com/dajiaji/hpke-js/tree/main/core

dajiaji/hpke-js

145 lines 5.61 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
import type { AeadInterface, KdfInterface, KemInterface, RecipientContextParams, SenderContextParams } from "@hpke/common"; import { NativeAlgorithm } from "@hpke/common"; import type { CipherSuiteParams } from "./interfaces/cipherSuiteParams.js"; import type { RecipientContext, SenderContext } from "./interfaces/encryptionContext.js"; import type { CipherSuiteSealResponse } from "./interfaces/responses.js"; /** * The Hybrid Public Key Encryption (HPKE) ciphersuite, * which is implemented using only * {@link https://www.w3.org/TR/WebCryptoAPI/ | Web Cryptography API}. * * This is the super class of {@link CipherSuite} and the same as * {@link https://jsr.io/@hpke/core/doc/~/CipherSuite | @hpke/core#CipherSuite} as follows: * which supports only the ciphersuites that can be implemented on the native * {@link https://www.w3.org/TR/WebCryptoAPI/ | Web Cryptography API}. * Therefore, the following cryptographic algorithms are not supported for now: * - DHKEM(X25519, HKDF-SHA256) * - DHKEM(X448, HKDF-SHA512) * - ChaCha20Poly1305 * * In addtion, the HKDF functions contained in this class can only derive * keys of the same length as the `hashSize`. * * If you want to use the unsupported cryptographic algorithms * above or derive keys longer than the `hashSize`, * please use {@link CipherSuite}. * * This class provides following functions: * * - Creates encryption contexts both for senders and recipients. * - {@link createSenderContext} * - {@link createRecipientContext} * - Provides single-shot encryption API. * - {@link seal} * - {@link open} * * The calling of the constructor of this class is the starting * point for HPKE operations for both senders and recipients. * * @example Use only ciphersuites supported by Web Cryptography API. * * ```ts * import { * Aes128Gcm, * DhkemP256HkdfSha256, * HkdfSha256, * CipherSuite, * } from "@hpke/core"; * * const suite = new CipherSuite({ * kem: new DhkemP256HkdfSha256(), * kdf: new HkdfSha256(), * aead: new Aes128Gcm(), * }); * ``` * * @example Use a ciphersuite which is currently not supported by Web Cryptography API. * * ```ts * import { Aes128Gcm, HkdfSha256, CipherSuite } from "@hpke/core"; * // Use an extension module. * import { DhkemX25519HkdfSha256 } from "@hpke/dhkem-x25519"; * * const suite = new CipherSuite({ * kem: new DhkemX25519HkdfSha256(), * kdf: new HkdfSha256(), * aead: new Aes128Gcm(), * }); * ``` */ export declare class CipherSuiteNative extends NativeAlgorithm { protected _kem: KemInterface; private _kdf; private _aead; private _suiteId; /** * @param params A set of parameters for building a cipher suite. * * If the error occurred, throws {@link InvalidParamError}. * * @throws {@link InvalidParamError} */ constructor(params: CipherSuiteParams); /** * Gets the KEM context of the ciphersuite. */ get kem(): KemInterface; /** * Gets the KDF context of the ciphersuite. */ get kdf(): KdfInterface; /** * Gets the AEAD context of the ciphersuite. */ get aead(): AeadInterface; /** * Creates an encryption context for a sender. * * If the error occurred, throws {@link DecapError} | {@link ValidationError}. * * @param params A set of parameters for the sender encryption context. * @returns A sender encryption context. * @throws {@link EncapError}, {@link ValidationError} */ createSenderContext(params: SenderContextParams): Promise<SenderContext>; /** * Creates an encryption context for a recipient. * * If the error occurred, throws {@link DecapError} * | {@link DeserializeError} | {@link ValidationError}. * * @param params A set of parameters for the recipient encryption context. * @returns A recipient encryption context. * @throws {@link DecapError}, {@link DeserializeError}, {@link ValidationError} */ createRecipientContext(params: RecipientContextParams): Promise<RecipientContext>; /** * Encrypts a message to a recipient. * * If the error occurred, throws `EncapError` | `MessageLimitReachedError` | `SealError` | `ValidationError`. * * @param params A set of parameters for building a sender encryption context. * @param pt A plain text as bytes to be encrypted. * @param aad Additional authenticated data as bytes fed by an application. * @returns A cipher text and an encapsulated key as bytes. * @throws {@link EncapError}, {@link MessageLimitReachedError}, {@link SealError}, {@link ValidationError} */ seal(params: SenderContextParams, pt: ArrayBuffer, aad?: ArrayBuffer): Promise<CipherSuiteSealResponse>; /** * Decrypts a message from a sender. * * If the error occurred, throws `DecapError` | `DeserializeError` | `OpenError` | `ValidationError`. * * @param params A set of parameters for building a recipient encryption context. * @param ct An encrypted text as bytes to be decrypted. * @param aad Additional authenticated data as bytes fed by an application. * @returns A decrypted plain text as bytes. * @throws {@link DecapError}, {@link DeserializeError}, {@link OpenError}, {@link ValidationError} */ open(params: RecipientContextParams, ct: ArrayBuffer, aad?: ArrayBuffer): Promise<ArrayBuffer>; private _keySchedule; private _keyScheduleS; private _keyScheduleR; private _validateInputLength; } //# sourceMappingURL=cipherSuiteNative.d.ts.map