-
-
Notifications
You must be signed in to change notification settings - Fork 2
/
index.d.cts
243 lines (239 loc) · 8.51 KB
/
index.d.cts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
interface _Crypto {
readonly subtle: _SubtleCrypto;
getRandomValues: (array: Uint8Array) => Uint8Array;
}
interface _SubtleCrypto {
decrypt: (algorithm: AesCbcParams | AesCtrParams | AesGcmParams | AlgorithmIdentifier | RsaOaepParams, key: CryptoKey, data: Uint8Array) => Promise<ArrayBuffer>;
deriveBits: (algorithm: AlgorithmIdentifier | EcdhKeyDeriveParams | HkdfParams | Pbkdf2Params, baseKey: CryptoKey, length: number) => Promise<ArrayBuffer>;
encrypt: (algorithm: AesCbcParams | AesCtrParams | AesGcmParams | AlgorithmIdentifier | RsaOaepParams, key: CryptoKey, data: Uint8Array) => Promise<ArrayBuffer>;
importKey: (format: Exclude<KeyFormat, 'jwk'>, keyData: ArrayBuffer | Uint8Array, algorithm: AesKeyAlgorithm | AlgorithmIdentifier | EcKeyImportParams | HmacImportParams | RsaHashedImportParams, extractable: boolean, keyUsages: KeyUsage[]) => Promise<CryptoKey>;
sign: (algorithm: AlgorithmIdentifier | EcdsaParams | RsaPssParams, key: CryptoKey, data: Uint8Array) => Promise<ArrayBuffer>;
}
/**
* seal() method options.
*/
interface SealOptionsSub<Algorithm extends string = 'aes-128-ctr' | 'aes-256-cbc' | 'sha256'> {
/**
* The length of the salt (random buffer used to ensure that two identical objects will generate a different encrypted result). Defaults to 256.
*/
saltBits: number;
/**
* The algorithm used. Defaults to 'aes-256-cbc' for encryption and 'sha256' for integrity.
*/
algorithm: Algorithm;
/**
* The number of iterations used to derive a key from the password. Defaults to 1.
*/
iterations: number;
/**
* Minimum password size. Defaults to 32.
*/
minPasswordlength: number;
}
/**
* Options for customizing the key derivation algorithm used to generate encryption and integrity verification keys as well as the algorithms and salt sizes used.
*/
interface SealOptions {
/**
* Encryption step options.
*/
encryption: SealOptionsSub<'aes-128-ctr' | 'aes-256-cbc'>;
/**
* Integrity step options.
*/
integrity: SealOptionsSub<'sha256'>;
/**
* Sealed object lifetime in milliseconds where 0 means forever. Defaults to 0.
*/
ttl: number;
/**
* Number of seconds of permitted clock skew for incoming expirations. Defaults to 60 seconds.
*/
timestampSkewSec: number;
/**
* Local clock time offset, expressed in number of milliseconds (positive or negative). Defaults to 0.
*/
localtimeOffsetMsec: number;
}
/**
* Password secret string or buffer.
*/
type Password = Uint8Array | string;
/**
* generateKey() method options.
*/
type GenerateKeyOptions = Pick<SealOptionsSub, 'algorithm' | 'iterations' | 'minPasswordlength'> & {
saltBits?: number | undefined;
salt?: string | undefined;
iv?: Uint8Array | undefined;
hmac?: boolean | undefined;
};
/**
* Generated internal key object.
*/
interface Key {
key: CryptoKey;
salt: string;
iv: Uint8Array;
}
/**
* Generated HMAC internal results.
*/
interface HMacResult {
digest: string;
salt: string;
}
declare namespace password {
/**
* Secret object with optional id.
*/
interface Secret {
id?: string | undefined;
secret: Password;
}
/**
* Secret object with optional id and specified password for each encryption and integrity.
*/
interface Specific {
id?: string | undefined;
encryption: Password;
integrity: Password;
}
/**
* Key-value pairs hash of password id to value.
*/
type Hash = Record<string, Password | Secret | Specific>;
}
/**
* @internal
*/
type RawPassword = Password | password.Secret | password.Specific;
/**
* Convert a string to a Uint8Array.
* @param value The string to convert
* @returns The Uint8Array
*/
declare const stringToBuffer: (value: string) => Uint8Array;
/**
* Convert a Uint8Array to a string.
* @param value The Uint8Array to convert
* @returns The string
*/
declare const bufferToString: (value: Uint8Array) => string;
/**
* Decode a base64url string to a Uint8Array.
* @param _input The base64url string to decode (automatically padded as necessary)
* @returns The Uint8Array
*
* @see https://tools.ietf.org/html/rfc4648#section-5
*/
declare const base64urlDecode: (_input: string) => Uint8Array;
/**
* Encode a Uint8Array to a base64url string.
* @param _input The Uint8Array to encode
* @returns The base64url string (without padding)
*
* @see https://tools.ietf.org/html/rfc4648#section-5
*/
declare const base64urlEncode: (_input: Uint8Array | string) => string;
/**
* The default encryption and integrity settings.
*/
declare const defaults: SealOptions;
/**
* Clones the options object.
* @param options The options object to clone
* @returns A new options object
*/
declare const clone: (options: SealOptions) => SealOptions;
/**
* Configuration of each supported algorithm.
*/
declare const algorithms: {
readonly 'aes-128-ctr': {
readonly keyBits: 128;
readonly ivBits: 128;
readonly name: "AES-CTR";
};
readonly 'aes-256-cbc': {
readonly keyBits: 256;
readonly ivBits: 128;
readonly name: "AES-CBC";
};
readonly sha256: {
readonly keyBits: 256;
readonly name: "SHA-256";
};
};
/**
* MAC normalization format version.
*/
declare const macFormatVersion = "2";
/**
* MAC normalization prefix.
*/
declare const macPrefix = "Fe26.2";
/**
* Generate cryptographically strong pseudorandom bits.
* @param _crypto Custom WebCrypto implementation
* @param bits Number of bits to generate
* @returns Buffer
*/
declare const randomBits: (_crypto: _Crypto, bits: number) => Uint8Array;
/**
* Generates a key from the password.
* @param _crypto Custom WebCrypto implementation
* @param password A password string or buffer key
* @param options Object used to customize the key derivation algorithm
* @returns An object with keys: key, salt, iv
*/
declare const generateKey: (_crypto: _Crypto, password: Password, options: GenerateKeyOptions) => Promise<Key>;
/**
* Encrypts data.
* @param _crypto Custom WebCrypto implementation
* @param password A password string or buffer key
* @param options Object used to customize the key derivation algorithm
* @param data String to encrypt
* @returns An object with keys: encrypted, key
*/
declare const encrypt: (_crypto: _Crypto, password: Password, options: GenerateKeyOptions, data: string) => Promise<{
encrypted: Uint8Array;
key: Key;
}>;
/**
* Decrypts data.
* @param _crypto Custom WebCrypto implementation
* @param password A password string or buffer key
* @param options Object used to customize the key derivation algorithm
* @param data Buffer to decrypt
* @returns Decrypted string
*/
declare const decrypt: (_crypto: _Crypto, password: Password, options: GenerateKeyOptions, data: Uint8Array | string) => Promise<string>;
/**
* Calculates a HMAC digest.
* @param _crypto Custom WebCrypto implementation
* @param password A password string or buffer
* @param options Object used to customize the key derivation algorithm
* @param data String to calculate the HMAC over
* @returns An object with keys: digest, salt
*/
declare const hmacWithPassword: (_crypto: _Crypto, password: Password, options: GenerateKeyOptions, data: string) => Promise<HMacResult>;
/**
* Serializes, encrypts, and signs objects into an iron protocol string.
* @param _crypto Custom WebCrypto implementation
* @param object Data being sealed
* @param password A string, buffer or object
* @param options Object used to customize the key derivation algorithm
* @returns Iron sealed string
*/
declare const seal: (_crypto: _Crypto, object: unknown, password: RawPassword, options: SealOptions) => Promise<string>;
/**
* Verifies, decrypts, and reconstruct an iron protocol string into an object.
* @param _crypto Custom WebCrypto implementation
* @param sealed The iron protocol string generated with seal()
* @param password A string, buffer, or object
* @param options Object used to customize the key derivation algorithm
* @returns The verified decrypted object (can be null)
*/
declare const unseal: (_crypto: _Crypto, sealed: string, password: Password | password.Hash, options: SealOptions) => Promise<unknown>;
export { type GenerateKeyOptions, type HMacResult, type Key, type Password, type RawPassword, type SealOptions, type SealOptionsSub, algorithms, base64urlDecode, base64urlEncode, bufferToString, clone, decrypt, defaults, encrypt, generateKey, hmacWithPassword, macFormatVersion, macPrefix, password, randomBits, seal, stringToBuffer, unseal };