Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@shardus/crypto-utils
Advanced tools
@shardus/crypto-utils - npm Package Compare versions
Comparing version 4.0.4 to 4.1.0
| /// <reference types="node" /> | ||
| import { curvePublicKey, curveSecretKey, hexstring, publicKey, secretKey, sharedKey } from '@shardus/types'; | ||
| export declare const stringify: (input: any) => string; | ||
| export declare type hexstring = string; | ||
| export declare type publicKey = hexstring; | ||
| export declare type secretKey = hexstring; | ||
| export declare type curvePublicKey = hexstring; | ||
| export declare type curveSecretKey = hexstring; | ||
| export declare type sharedKey = hexstring; | ||
| export interface Keypair { | ||
@@ -74,3 +69,3 @@ publicKey: publicKey; | ||
| export declare function decrypt(payload: any, curveSk: curveSecretKey | Buffer, curvePk: curvePublicKey | Buffer): { | ||
| isValid: boolean; | ||
| isValid: any; | ||
| message: string; | ||
@@ -77,0 +72,0 @@ }; |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.bufferToHex = exports._getAuthKey = exports.generateSharedKey = exports._ensureBuffer = exports.init = exports.verifyObj = exports.verify = exports.signObj = exports.sign = exports.authenticateObj = exports.authenticate = exports.tagObj = exports.tag = exports.decrypt = exports.encrypt = exports.convertPkToCurve = exports.convertSkToCurve = exports.generateKeypair = exports.hashObj = exports.hash = exports.randomBytes = exports.stringify = void 0; | ||
| const sodium = require("sodium-native"); | ||
| const xor = require("buffer-xor"); | ||
| const fastStableStringify = require("fast-stable-stringify"); | ||
| const sodium = require('sodium-native'); | ||
| const xor = require('buffer-xor'); | ||
| const fastStableStringify = require('fast-stable-stringify'); | ||
| exports.stringify = fastStableStringify; | ||
@@ -111,3 +111,3 @@ /** | ||
| publicKey: publicKey.toString('hex'), | ||
| secretKey: secretKey.toString('hex') | ||
| secretKey: secretKey.toString('hex'), | ||
| }; | ||
@@ -248,3 +248,3 @@ } | ||
| const tag = obj.tag; | ||
| let tagless = obj; | ||
| const tagless = obj; | ||
| delete tagless.tag; | ||
@@ -441,5 +441,7 @@ const objStr = (0, exports.stringify)(obj); | ||
| function bufferToHex(buffer) { | ||
| return [...new Uint8Array(buffer)].map(byte => byte.toString(16).padStart(2, '0')).join(''); | ||
| return [...new Uint8Array(buffer)] | ||
| .map((byte) => byte.toString(16).padStart(2, '0')) | ||
| .join(''); | ||
| } | ||
| exports.bufferToHex = bufferToHex; | ||
| //# sourceMappingURL=index.js.map |
| { | ||
| "name": "@shardus/crypto-utils", | ||
| "version": "4.0.4", | ||
| "version": "4.1.0", | ||
| "description": "Provides simple crypto functions, as used by the ULC Project.", | ||
@@ -15,2 +15,3 @@ "main": "./build/src/index.js", | ||
| "check": "gts check", | ||
| "lint": "gts lint", | ||
| "clean": "gts clean", | ||
@@ -40,13 +41,17 @@ "compile": "tsc -p .", | ||
| "dependencies": { | ||
| "buffer-xor": "^2.0.2", | ||
| "fast-stable-stringify": "^1.0.0", | ||
| "sodium-native": "^3.1.1" | ||
| "buffer-xor": "2.0.2", | ||
| "fast-stable-stringify": "1.0.0", | ||
| "sodium-native": "3.3.0", | ||
| "@shardus/types": "1.2.0" | ||
| }, | ||
| "devDependencies": { | ||
| "@types/buffer-xor": "^2.0.0", | ||
| "@types/node": "^16.11.0", | ||
| "gts": "^3.1.0", | ||
| "np": "^7.6.0", | ||
| "typescript": "^4.4.4" | ||
| "@types/buffer-xor": "2.0.0", | ||
| "@types/node": "18.16.1", | ||
| "gts": "3.1.1", | ||
| "np": "8.0.4", | ||
| "typescript": "4.5.5" | ||
| }, | ||
| "engines": { | ||
| "node": "18.16.1" | ||
| } | ||
| } |
@@ -0,0 +0,0 @@ # shardus-crypto-utils |
435
src/index.ts
@@ -1,13 +0,15 @@ | ||
| import sodium = require('sodium-native') | ||
| import xor = require('buffer-xor') | ||
| import fastStableStringify = require('fast-stable-stringify') | ||
| import { | ||
| curvePublicKey, | ||
| curveSecretKey, | ||
| hexstring, | ||
| publicKey, | ||
| secretKey, | ||
| sharedKey, | ||
| } from '@shardus/types'; | ||
| export const stringify = fastStableStringify as (input: any) => string | ||
| const sodium = require('sodium-native'); | ||
| const xor = require('buffer-xor'); | ||
| const fastStableStringify = require('fast-stable-stringify'); | ||
| export type hexstring = string | ||
| export type publicKey = hexstring | ||
| export type secretKey = hexstring | ||
| export type curvePublicKey = hexstring | ||
| export type curveSecretKey = hexstring | ||
| export type sharedKey = hexstring | ||
| export const stringify = fastStableStringify as (input: any) => string; | ||
@@ -17,21 +19,21 @@ type Optional<T, K extends keyof T> = Pick<Partial<T>, K> & Omit<T, K>; | ||
| export interface Keypair { | ||
| publicKey: publicKey | ||
| secretKey: secretKey | ||
| publicKey: publicKey; | ||
| secretKey: secretKey; | ||
| } | ||
| export interface Signature { | ||
| owner: publicKey | ||
| sig: hexstring | ||
| owner: publicKey; | ||
| sig: hexstring; | ||
| } | ||
| export interface LooseObject { | ||
| [index: string]: any | ||
| [index: string]: any; | ||
| } | ||
| export interface TaggedObject extends LooseObject { | ||
| tag: hexstring | ||
| tag: hexstring; | ||
| } | ||
| export interface SignedObject extends LooseObject { | ||
| sign: Signature | ||
| sign: Signature; | ||
| } | ||
@@ -42,3 +44,3 @@ | ||
| */ | ||
| let HASH_KEY: Buffer | ||
| let HASH_KEY: Buffer; | ||
@@ -49,9 +51,9 @@ /** | ||
| */ | ||
| export function randomBytes (bytes = 32): hexstring { | ||
| export function randomBytes(bytes = 32): hexstring { | ||
| if (!Number.isInteger(bytes) || bytes <= 0) { | ||
| throw new TypeError('Bytes must be given as integer greater than zero.') | ||
| throw new TypeError('Bytes must be given as integer greater than zero.'); | ||
| } | ||
| const buf: Buffer = Buffer.allocUnsafe(bytes) | ||
| sodium.randombytes_buf(buf) | ||
| return buf.toString('hex') | ||
| const buf: Buffer = Buffer.allocUnsafe(bytes); | ||
| sodium.randombytes_buf(buf); | ||
| return buf.toString('hex'); | ||
| } | ||
@@ -64,29 +66,29 @@ | ||
| */ | ||
| export function hash (input: string, fmt = 'hex'): hexstring { | ||
| export function hash(input: string, fmt = 'hex'): hexstring { | ||
| if (!HASH_KEY) { | ||
| throw new Error('Hash key must be passed to module constructor.') | ||
| throw new Error('Hash key must be passed to module constructor.'); | ||
| } | ||
| let buf: Buffer | ||
| let buf: Buffer; | ||
| if (Buffer.isBuffer(input)) { | ||
| buf = input | ||
| buf = input; | ||
| } else { | ||
| if (typeof input !== 'string') { | ||
| throw new TypeError('Input must be a string or buffer.') | ||
| throw new TypeError('Input must be a string or buffer.'); | ||
| } | ||
| buf = Buffer.from(input, 'utf8') | ||
| buf = Buffer.from(input, 'utf8'); | ||
| } | ||
| const digest = Buffer.allocUnsafe(32) | ||
| sodium.crypto_generichash(digest, buf, HASH_KEY) | ||
| let output: any | ||
| const digest = Buffer.allocUnsafe(32); | ||
| sodium.crypto_generichash(digest, buf, HASH_KEY); | ||
| let output: any; | ||
| switch (fmt) { | ||
| case 'buffer': | ||
| output = digest | ||
| break | ||
| output = digest; | ||
| break; | ||
| case 'hex': | ||
| output = digest.toString('hex') | ||
| break | ||
| output = digest.toString('hex'); | ||
| break; | ||
| default: | ||
| throw Error('Invalid type for output format.') | ||
| throw Error('Invalid type for output format.'); | ||
| } | ||
| return output | ||
| return output; | ||
| } | ||
@@ -102,31 +104,39 @@ | ||
| // to fix that. | ||
| export function hashObj(obj: {[key: string]: any}, removeSign = false, removeTag = false): hexstring { | ||
| export function hashObj( | ||
| obj: { [key: string]: any }, | ||
| removeSign = false, | ||
| removeTag = false | ||
| ): hexstring { | ||
| if (typeof obj !== 'object') { | ||
| throw TypeError('Input must be an object.') | ||
| throw TypeError('Input must be an object.'); | ||
| } | ||
| function performHash (obj) { | ||
| const input: string = stringify(obj) | ||
| const hashed = hash(input) | ||
| return hashed | ||
| function performHash(obj) { | ||
| const input: string = stringify(obj); | ||
| const hashed = hash(input); | ||
| return hashed; | ||
| } | ||
| if (removeSign) { | ||
| if (!obj.sign) { | ||
| throw Error('Object must contain a sign field if removeSign is flagged true.') | ||
| throw Error( | ||
| 'Object must contain a sign field if removeSign is flagged true.' | ||
| ); | ||
| } | ||
| const signObj = obj.sign | ||
| delete obj.sign | ||
| const hashed = performHash(obj) | ||
| obj.sign = signObj | ||
| return hashed | ||
| const signObj = obj.sign; | ||
| delete obj.sign; | ||
| const hashed = performHash(obj); | ||
| obj.sign = signObj; | ||
| return hashed; | ||
| } else if (removeTag) { | ||
| if (!obj.tag) { | ||
| throw Error('Object must contain a tag field if removeTag is flagged true.') | ||
| throw Error( | ||
| 'Object must contain a tag field if removeTag is flagged true.' | ||
| ); | ||
| } | ||
| const tagObj = obj.tag | ||
| delete obj.tag | ||
| const hashed = performHash(obj) | ||
| obj.tag = tagObj | ||
| return hashed | ||
| const tagObj = obj.tag; | ||
| delete obj.tag; | ||
| const hashed = performHash(obj); | ||
| obj.tag = tagObj; | ||
| return hashed; | ||
| } else { | ||
| return performHash(obj) | ||
| return performHash(obj); | ||
| } | ||
@@ -138,10 +148,10 @@ } | ||
| */ | ||
| export function generateKeypair (): Keypair { | ||
| const publicKey = Buffer.allocUnsafe(sodium.crypto_sign_PUBLICKEYBYTES) | ||
| const secretKey = Buffer.allocUnsafe(sodium.crypto_sign_SECRETKEYBYTES) | ||
| sodium.crypto_sign_keypair(publicKey, secretKey) | ||
| export function generateKeypair(): Keypair { | ||
| const publicKey = Buffer.allocUnsafe(sodium.crypto_sign_PUBLICKEYBYTES); | ||
| const secretKey = Buffer.allocUnsafe(sodium.crypto_sign_SECRETKEYBYTES); | ||
| sodium.crypto_sign_keypair(publicKey, secretKey); | ||
| return { | ||
| publicKey: publicKey.toString('hex'), | ||
| secretKey: secretKey.toString('hex') | ||
| } | ||
| secretKey: secretKey.toString('hex'), | ||
| }; | ||
| } | ||
@@ -153,11 +163,11 @@ | ||
| */ | ||
| export function convertSkToCurve (sk: secretKey | Buffer): curveSecretKey { | ||
| const skBuf = _ensureBuffer(sk) | ||
| const curveSkBuf = Buffer.allocUnsafe(sodium.crypto_box_SECRETKEYBYTES) | ||
| export function convertSkToCurve(sk: secretKey | Buffer): curveSecretKey { | ||
| const skBuf = _ensureBuffer(sk); | ||
| const curveSkBuf = Buffer.allocUnsafe(sodium.crypto_box_SECRETKEYBYTES); | ||
| try { | ||
| sodium.crypto_sign_ed25519_sk_to_curve25519(curveSkBuf, skBuf) | ||
| sodium.crypto_sign_ed25519_sk_to_curve25519(curveSkBuf, skBuf); | ||
| } catch (e) { | ||
| throw new Error('Could not convert given secret key to curve secret key.') | ||
| throw new Error('Could not convert given secret key to curve secret key.'); | ||
| } | ||
| return curveSkBuf.toString('hex') | ||
| return curveSkBuf.toString('hex'); | ||
| } | ||
@@ -169,11 +179,11 @@ | ||
| */ | ||
| export function convertPkToCurve (pk: publicKey | Buffer): curvePublicKey { | ||
| const pkBuf = _ensureBuffer(pk) | ||
| const curvePkBuf = Buffer.allocUnsafe(sodium.crypto_box_PUBLICKEYBYTES) | ||
| export function convertPkToCurve(pk: publicKey | Buffer): curvePublicKey { | ||
| const pkBuf = _ensureBuffer(pk); | ||
| const curvePkBuf = Buffer.allocUnsafe(sodium.crypto_box_PUBLICKEYBYTES); | ||
| try { | ||
| sodium.crypto_sign_ed25519_pk_to_curve25519(curvePkBuf, pkBuf) | ||
| sodium.crypto_sign_ed25519_pk_to_curve25519(curvePkBuf, pkBuf); | ||
| } catch (e) { | ||
| throw new Error('Could not convert given public key to curve public key.') | ||
| throw new Error('Could not convert given public key to curve public key.'); | ||
| } | ||
| return curvePkBuf.toString('hex') | ||
| return curvePkBuf.toString('hex'); | ||
| } | ||
@@ -187,12 +197,18 @@ | ||
| */ | ||
| export function encrypt (message: string, curveSk: curveSecretKey | Buffer, curvePk: curvePublicKey | Buffer) { | ||
| const messageBuf = Buffer.from(message, 'utf8') | ||
| const curveSkBuf = _ensureBuffer(curveSk, 'Secret key') | ||
| const curvePkBuf = _ensureBuffer(curvePk, 'Public key') | ||
| const ciphertext = Buffer.allocUnsafe(messageBuf.length + sodium.crypto_box_MACBYTES) | ||
| const nonce = Buffer.allocUnsafe(sodium.crypto_box_NONCEBYTES) | ||
| sodium.randombytes_buf(nonce) | ||
| sodium.crypto_box_easy(ciphertext, messageBuf, nonce, curvePkBuf, curveSkBuf) | ||
| const payload = [ciphertext.toString('hex'), nonce.toString('hex')] | ||
| return JSON.stringify(payload) | ||
| export function encrypt( | ||
| message: string, | ||
| curveSk: curveSecretKey | Buffer, | ||
| curvePk: curvePublicKey | Buffer | ||
| ) { | ||
| const messageBuf = Buffer.from(message, 'utf8'); | ||
| const curveSkBuf = _ensureBuffer(curveSk, 'Secret key'); | ||
| const curvePkBuf = _ensureBuffer(curvePk, 'Public key'); | ||
| const ciphertext = Buffer.allocUnsafe( | ||
| messageBuf.length + sodium.crypto_box_MACBYTES | ||
| ); | ||
| const nonce = Buffer.allocUnsafe(sodium.crypto_box_NONCEBYTES); | ||
| sodium.randombytes_buf(nonce); | ||
| sodium.crypto_box_easy(ciphertext, messageBuf, nonce, curvePkBuf, curveSkBuf); | ||
| const payload = [ciphertext.toString('hex'), nonce.toString('hex')]; | ||
| return JSON.stringify(payload); | ||
| } | ||
@@ -206,11 +222,23 @@ | ||
| */ | ||
| export function decrypt (payload: any, curveSk: curveSecretKey | Buffer, curvePk: curvePublicKey | Buffer) { | ||
| payload = JSON.parse(payload) | ||
| const ciphertext = _ensureBuffer(payload[0], 'Tag ciphertext') | ||
| const nonce = _ensureBuffer(payload[1], 'Tag nonce') | ||
| const secretKey = _ensureBuffer(curveSk, 'Secret key') | ||
| const publicKey = _ensureBuffer(curvePk, 'Public key') | ||
| const message = Buffer.allocUnsafe(ciphertext.length - sodium.crypto_box_MACBYTES) | ||
| const isValid = sodium.crypto_box_open_easy(message, ciphertext, nonce, publicKey, secretKey) | ||
| return { isValid, message: message.toString('utf8') } | ||
| export function decrypt( | ||
| payload: any, | ||
| curveSk: curveSecretKey | Buffer, | ||
| curvePk: curvePublicKey | Buffer | ||
| ) { | ||
| payload = JSON.parse(payload); | ||
| const ciphertext = _ensureBuffer(payload[0], 'Tag ciphertext'); | ||
| const nonce = _ensureBuffer(payload[1], 'Tag nonce'); | ||
| const secretKey = _ensureBuffer(curveSk, 'Secret key'); | ||
| const publicKey = _ensureBuffer(curvePk, 'Public key'); | ||
| const message = Buffer.allocUnsafe( | ||
| ciphertext.length - sodium.crypto_box_MACBYTES | ||
| ); | ||
| const isValid = sodium.crypto_box_open_easy( | ||
| message, | ||
| ciphertext, | ||
| nonce, | ||
| publicKey, | ||
| secretKey | ||
| ); | ||
| return { isValid, message: message.toString('utf8') }; | ||
| } | ||
@@ -223,15 +251,15 @@ | ||
| */ | ||
| export function tag (message: string, sharedKey: sharedKey | Buffer) { | ||
| const messageBuf = Buffer.from(message, 'utf8') | ||
| export function tag(message: string, sharedKey: sharedKey | Buffer) { | ||
| const messageBuf = Buffer.from(message, 'utf8'); | ||
| const nonceBuf = Buffer.allocUnsafe(sodium.crypto_auth_BYTES) | ||
| sodium.randombytes_buf(nonceBuf) | ||
| const nonce = nonceBuf.toString('hex') | ||
| const keyBuf = _getAuthKey(sharedKey, nonce) | ||
| const nonceBuf = Buffer.allocUnsafe(sodium.crypto_auth_BYTES); | ||
| sodium.randombytes_buf(nonceBuf); | ||
| const nonce = nonceBuf.toString('hex'); | ||
| const keyBuf = _getAuthKey(sharedKey, nonce); | ||
| const tagBuf = Buffer.allocUnsafe(sodium.crypto_auth_BYTES) | ||
| sodium.crypto_auth(tagBuf, messageBuf, keyBuf) | ||
| const tagBuf = Buffer.allocUnsafe(sodium.crypto_auth_BYTES); | ||
| sodium.crypto_auth(tagBuf, messageBuf, keyBuf); | ||
| const tag = tagBuf.toString('hex') | ||
| return tag + nonce | ||
| const tag = tagBuf.toString('hex'); | ||
| return tag + nonce; | ||
| } | ||
@@ -244,15 +272,15 @@ | ||
| */ | ||
| export function tagObj (obj: TaggedObject, sharedKey: sharedKey | Buffer) { | ||
| export function tagObj(obj: TaggedObject, sharedKey: sharedKey | Buffer) { | ||
| if (typeof obj !== 'object') { | ||
| throw new TypeError('Input must be an object.') | ||
| throw new TypeError('Input must be an object.'); | ||
| } | ||
| // If it's an array, we don't want to try to sign it | ||
| if (Array.isArray(obj)) { | ||
| throw new TypeError('Input cannot be an array.') | ||
| throw new TypeError('Input cannot be an array.'); | ||
| } | ||
| if (typeof sharedKey !== 'string' && !Buffer.isBuffer(sharedKey)) { | ||
| throw new TypeError('Shared key must be a hex string or hex buffer.') | ||
| throw new TypeError('Shared key must be a hex string or hex buffer.'); | ||
| } | ||
| const objStr: string = stringify(obj) | ||
| obj.tag = tag(objStr, sharedKey) | ||
| const objStr: string = stringify(obj); | ||
| obj.tag = tag(objStr, sharedKey); | ||
| } | ||
@@ -266,11 +294,15 @@ | ||
| */ | ||
| export function authenticate (message: string, tag: string, sharedKey: sharedKey | Buffer): boolean { | ||
| const nonce = tag.substring(sodium.crypto_auth_BYTES * 2) | ||
| tag = tag.substring(0, sodium.crypto_auth_BYTES * 2) | ||
| const tagBuf = _ensureBuffer(tag, 'Tag') | ||
| export function authenticate( | ||
| message: string, | ||
| tag: string, | ||
| sharedKey: sharedKey | Buffer | ||
| ): boolean { | ||
| const nonce = tag.substring(sodium.crypto_auth_BYTES * 2); | ||
| tag = tag.substring(0, sodium.crypto_auth_BYTES * 2); | ||
| const tagBuf = _ensureBuffer(tag, 'Tag'); | ||
| const keyBuf: Buffer = _getAuthKey(sharedKey, nonce) | ||
| const keyBuf: Buffer = _getAuthKey(sharedKey, nonce); | ||
| const messageBuf = Buffer.from(message, 'utf8') | ||
| return sodium.crypto_auth_verify(tagBuf, messageBuf, keyBuf) | ||
| const messageBuf = Buffer.from(message, 'utf8'); | ||
| return sodium.crypto_auth_verify(tagBuf, messageBuf, keyBuf); | ||
| } | ||
@@ -283,15 +315,18 @@ | ||
| */ | ||
| export function authenticateObj (obj: TaggedObject, sharedKey: sharedKey | Buffer) { | ||
| export function authenticateObj( | ||
| obj: TaggedObject, | ||
| sharedKey: sharedKey | Buffer | ||
| ) { | ||
| if (typeof obj !== 'object') { | ||
| throw new TypeError('Input must be an object.') | ||
| throw new TypeError('Input must be an object.'); | ||
| } | ||
| if (!obj.tag) { | ||
| throw new Error('Object must contain a tag field') | ||
| throw new Error('Object must contain a tag field'); | ||
| } | ||
| const tag = obj.tag | ||
| let tagless: Optional<TaggedObject, 'tag'> = obj; | ||
| delete tagless.tag | ||
| const objStr: string = stringify(obj) | ||
| obj.tag = tag | ||
| return authenticate(objStr, tag, sharedKey) | ||
| const tag = obj.tag; | ||
| const tagless: Optional<TaggedObject, 'tag'> = obj; | ||
| delete tagless.tag; | ||
| const objStr: string = stringify(obj); | ||
| obj.tag = tag; | ||
| return authenticate(objStr, tag, sharedKey); | ||
| } | ||
@@ -304,16 +339,16 @@ | ||
| */ | ||
| export function sign (input: hexstring | Buffer, sk: secretKey | Buffer) { | ||
| let inputBuf: Buffer | ||
| let skBuf: Buffer | ||
| export function sign(input: hexstring | Buffer, sk: secretKey | Buffer) { | ||
| let inputBuf: Buffer; | ||
| let skBuf: Buffer; | ||
| if (typeof input !== 'string') { | ||
| if (Buffer.isBuffer(input)) { | ||
| inputBuf = input | ||
| inputBuf = input; | ||
| } else { | ||
| throw new TypeError('Input must be a hex string or buffer.') | ||
| throw new TypeError('Input must be a hex string or buffer.'); | ||
| } | ||
| } else { | ||
| try { | ||
| inputBuf = Buffer.from(input, 'hex') | ||
| inputBuf = Buffer.from(input, 'hex'); | ||
| } catch (e) { | ||
| throw new TypeError('Input string must be in hex format.') | ||
| throw new TypeError('Input string must be in hex format.'); | ||
| } | ||
@@ -323,20 +358,20 @@ } | ||
| if (Buffer.isBuffer(sk)) { | ||
| skBuf = sk | ||
| skBuf = sk; | ||
| } else { | ||
| throw new TypeError('Secret key must be a hex string or buffer.') | ||
| throw new TypeError('Secret key must be a hex string or buffer.'); | ||
| } | ||
| } else { | ||
| try { | ||
| skBuf = Buffer.from(sk, 'hex') | ||
| skBuf = Buffer.from(sk, 'hex'); | ||
| } catch (e) { | ||
| throw new TypeError('Secret key string must be in hex format') | ||
| throw new TypeError('Secret key string must be in hex format'); | ||
| } | ||
| } | ||
| const sig = Buffer.allocUnsafe(inputBuf.length + sodium.crypto_sign_BYTES) | ||
| const sig = Buffer.allocUnsafe(inputBuf.length + sodium.crypto_sign_BYTES); | ||
| try { | ||
| sodium.crypto_sign(sig, inputBuf, skBuf) | ||
| sodium.crypto_sign(sig, inputBuf, skBuf); | ||
| } catch (e) { | ||
| throw new Error('Failed to sign input with provided secret key.') | ||
| throw new Error('Failed to sign input with provided secret key.'); | ||
| } | ||
| return sig.toString('hex') | ||
| return sig.toString('hex'); | ||
| } | ||
@@ -351,15 +386,19 @@ | ||
| */ | ||
| export function signObj (obj: SignedObject, sk: secretKey | Buffer, pk: publicKey | Buffer) { | ||
| export function signObj( | ||
| obj: SignedObject, | ||
| sk: secretKey | Buffer, | ||
| pk: publicKey | Buffer | ||
| ) { | ||
| if (typeof obj !== 'object') { | ||
| throw new TypeError('Input must be an object.') | ||
| throw new TypeError('Input must be an object.'); | ||
| } | ||
| // If it's an array, we don't want to try to sign it | ||
| if (obj.length !== undefined) { | ||
| throw new TypeError('Input cannot be an array.') | ||
| throw new TypeError('Input cannot be an array.'); | ||
| } | ||
| const objStr = stringify(obj) | ||
| const hashed = hash(objStr, 'buffer') | ||
| const sig = sign(hashed, sk) | ||
| const signPk = Buffer.isBuffer(pk) ? bufferToHex(pk) : pk | ||
| obj.sign = { owner: signPk, sig } | ||
| const objStr = stringify(obj); | ||
| const hashed = hash(objStr, 'buffer'); | ||
| const sig = sign(hashed, sk); | ||
| const signPk = Buffer.isBuffer(pk) ? bufferToHex(pk) : pk; | ||
| obj.sign = { owner: signPk, sig }; | ||
| } | ||
@@ -373,15 +412,21 @@ | ||
| */ | ||
| export function verify (msg: string, sig: hexstring | Buffer, pk: publicKey | Buffer) { | ||
| export function verify( | ||
| msg: string, | ||
| sig: hexstring | Buffer, | ||
| pk: publicKey | Buffer | ||
| ) { | ||
| if (typeof msg !== 'string') { | ||
| throw new TypeError('Message to compare must be a string.') | ||
| throw new TypeError('Message to compare must be a string.'); | ||
| } | ||
| const sigBuf = _ensureBuffer(sig) | ||
| const pkBuf = _ensureBuffer(pk) | ||
| const sigBuf = _ensureBuffer(sig); | ||
| const pkBuf = _ensureBuffer(pk); | ||
| try { | ||
| const opened = Buffer.allocUnsafe(sigBuf.length - sodium.crypto_sign_BYTES) | ||
| sodium.crypto_sign_open(opened, sigBuf, pkBuf) | ||
| const verified = opened.toString('hex') | ||
| return verified === msg | ||
| const opened = Buffer.allocUnsafe(sigBuf.length - sodium.crypto_sign_BYTES); | ||
| sodium.crypto_sign_open(opened, sigBuf, pkBuf); | ||
| const verified = opened.toString('hex'); | ||
| return verified === msg; | ||
| } catch (e) { | ||
| throw new Error('Unable to verify provided signature with provided public key.') | ||
| throw new Error( | ||
| 'Unable to verify provided signature with provided public key.' | ||
| ); | ||
| } | ||
@@ -394,17 +439,23 @@ } | ||
| */ | ||
| export function verifyObj (obj: SignedObject) { | ||
| export function verifyObj(obj: SignedObject) { | ||
| if (typeof obj !== 'object') { | ||
| throw new TypeError('Input must be an object.') | ||
| throw new TypeError('Input must be an object.'); | ||
| } | ||
| if (!obj.sign || !obj.sign.owner || !obj.sign.sig) { | ||
| throw new Error('Object must contain a sign field with the following data: { owner, sig }') | ||
| throw new Error( | ||
| 'Object must contain a sign field with the following data: { owner, sig }' | ||
| ); | ||
| } | ||
| if (typeof obj.sign.owner !== 'string') { | ||
| throw new TypeError('Owner must be a public key represented as a hex string.') | ||
| throw new TypeError( | ||
| 'Owner must be a public key represented as a hex string.' | ||
| ); | ||
| } | ||
| if (typeof obj.sign.sig !== 'string') { | ||
| throw new TypeError('Signature must be a valid signature represented as a hex string.') | ||
| throw new TypeError( | ||
| 'Signature must be a valid signature represented as a hex string.' | ||
| ); | ||
| } | ||
| const objHash = hashObj(obj, true) | ||
| return verify(objHash, obj.sign.sig, obj.sign.owner) | ||
| const objHash = hashObj(obj, true); | ||
| return verify(objHash, obj.sign.sig, obj.sign.owner); | ||
| } | ||
@@ -416,13 +467,13 @@ | ||
| */ | ||
| export function init (key: hexstring) { | ||
| export function init(key: hexstring) { | ||
| if (!key) { | ||
| throw new Error('Hash key must be passed to module constructor.') | ||
| throw new Error('Hash key must be passed to module constructor.'); | ||
| } | ||
| try { | ||
| HASH_KEY = Buffer.from(key, 'hex') | ||
| HASH_KEY = Buffer.from(key, 'hex'); | ||
| if (HASH_KEY.length !== 32) { | ||
| throw new TypeError() | ||
| throw new TypeError(); | ||
| } | ||
| } catch (e) { | ||
| throw new TypeError('Hash key must be a 32-byte string.') | ||
| throw new TypeError('Hash key must be a 32-byte string.'); | ||
| } | ||
@@ -436,14 +487,14 @@ } | ||
| */ | ||
| export function _ensureBuffer (input: string | Buffer, name = 'Input') { | ||
| export function _ensureBuffer(input: string | Buffer, name = 'Input') { | ||
| if (typeof input !== 'string') { | ||
| if (Buffer.isBuffer(input)) { | ||
| return input | ||
| return input; | ||
| } else { | ||
| throw new TypeError(`${name} must be a hex string or buffer.`) | ||
| throw new TypeError(`${name} must be a hex string or buffer.`); | ||
| } | ||
| } else { | ||
| try { | ||
| return Buffer.from(input, 'hex') | ||
| return Buffer.from(input, 'hex'); | ||
| } catch (e) { | ||
| throw new TypeError(`${name} string must be in hex format.`) | ||
| throw new TypeError(`${name} string must be in hex format.`); | ||
| } | ||
@@ -458,9 +509,12 @@ } | ||
| */ | ||
| export function generateSharedKey (curveSk: curveSecretKey | Buffer, curvePk: curvePublicKey | Buffer) { | ||
| const curveSkBuf = _ensureBuffer(curveSk) | ||
| const curvePkBuf = _ensureBuffer(curvePk) | ||
| export function generateSharedKey( | ||
| curveSk: curveSecretKey | Buffer, | ||
| curvePk: curvePublicKey | Buffer | ||
| ) { | ||
| const curveSkBuf = _ensureBuffer(curveSk); | ||
| const curvePkBuf = _ensureBuffer(curvePk); | ||
| const keyBuf = Buffer.allocUnsafe(sodium.crypto_scalarmult_BYTES) | ||
| sodium.crypto_scalarmult(keyBuf, curveSkBuf, curvePkBuf) | ||
| return keyBuf | ||
| const keyBuf = Buffer.allocUnsafe(sodium.crypto_scalarmult_BYTES); | ||
| sodium.crypto_scalarmult(keyBuf, curveSkBuf, curvePkBuf); | ||
| return keyBuf; | ||
| } | ||
@@ -473,11 +527,16 @@ | ||
| */ | ||
| export function _getAuthKey (sharedKey: sharedKey | Buffer, nonce: string | Buffer): Buffer { | ||
| const sharedKeyBuf = _ensureBuffer(sharedKey) | ||
| const nonceBuf = _ensureBuffer(nonce) | ||
| const resultBuf = xor(sharedKeyBuf, nonceBuf) | ||
| return resultBuf | ||
| export function _getAuthKey( | ||
| sharedKey: sharedKey | Buffer, | ||
| nonce: string | Buffer | ||
| ): Buffer { | ||
| const sharedKeyBuf = _ensureBuffer(sharedKey); | ||
| const nonceBuf = _ensureBuffer(nonce); | ||
| const resultBuf = xor(sharedKeyBuf, nonceBuf); | ||
| return resultBuf; | ||
| } | ||
| export function bufferToHex (buffer: Buffer) { | ||
| return [...new Uint8Array(buffer)].map(byte => byte.toString(16).padStart(2, '0')).join('') | ||
| export function bufferToHex(buffer: Buffer) { | ||
| return [...new Uint8Array(buffer)] | ||
| .map((byte) => byte.toString(16).padStart(2, '0')) | ||
| .join(''); | ||
| } |
| declare module 'sodium-native' { | ||
| // Type definitions for sodium-native 2.3 | ||
| // Project: https://github.com/sodium-friends/sodium-native | ||
| // Definitions by: Florian Keller <https://github.com/ffflorian> | ||
| // Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped | ||
| // Type definitions for sodium-native 2.3 | ||
| // Project: https://github.com/sodium-friends/sodium-native | ||
| // Definitions by: Florian Keller <https://github.com/ffflorian> | ||
| // Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped | ||
| /// <reference types="node" /> | ||
| /// <reference types="node" /> | ||
| export interface CryptoGenericHashWrap { | ||
| /** | ||
| * Update the instance with a new piece of data. | ||
| * | ||
| * * `input` should be a buffer of any size. | ||
| */ | ||
| update(input: Buffer): void; | ||
| /** | ||
| * Finalize the instance. | ||
| * | ||
| * * `output` should be a buffer as above with the same length you gave when creating the instance. | ||
| * | ||
| * The generated hash is stored in `output`. | ||
| */ | ||
| final(output: Buffer): void; | ||
| } | ||
| export interface CryptoStreamChacha20XorWrap { | ||
| /** | ||
| * Encrypt the next message | ||
| */ | ||
| update(ciphertext: Buffer, message: Buffer): void; | ||
| /** | ||
| * Finalize the stream. Zeros out internal state. | ||
| */ | ||
| final(): void; | ||
| } | ||
| export interface Xchacha20poly1305State { | ||
| _pad: Buffer; | ||
| nonce: Buffer; | ||
| k: Buffer; | ||
| } | ||
| export interface CryptoOneTimeAuthWrap { | ||
| /** | ||
| * Update the instance with a new piece of data. | ||
| * | ||
| * * `input` should be a buffer of any size. | ||
| */ | ||
| update(input: Buffer): void; | ||
| /** | ||
| * Finalize the instance. | ||
| * | ||
| * * `output` should be a buffer of length `crypto_onetimeauth_BYTES`. | ||
| * | ||
| * The generated hash is stored in `output`. | ||
| */ | ||
| final(output: Buffer): void; | ||
| } | ||
| export interface CryptoHashSha256Wrap { | ||
| /** | ||
| * Update the instance with a new piece of data. | ||
| * | ||
| * * `input` should be a buffer of any size. | ||
| */ | ||
| update(input: Buffer): void; | ||
| /** | ||
| * Finalize the instance. | ||
| * | ||
| * * `output` should be a buffer of length `crypto_hash_sha256_BYTES`. | ||
| * | ||
| * The generated hash is stored in `output`. | ||
| */ | ||
| final(output: Buffer): void; | ||
| } | ||
| export const crypto_aead_xchacha20poly1305_ietf_ABYTES: number; | ||
| export const crypto_aead_xchacha20poly1305_ietf_KEYBYTES: number; | ||
| /** Note this is `Number.MAX_SAFE_INTEGER` for now */ | ||
| export const crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX: number; | ||
| export const crypto_aead_xchacha20poly1305_ietf_NPUBBYTES: number; | ||
| export const crypto_aead_xchacha20poly1305_ietf_NSECBYTES: number; | ||
| export const crypto_core_ed25519_BYTES: number; | ||
| export const crypto_core_ed25519_NONREDUCEDSCALARBYTES: number; | ||
| export const crypto_core_ed25519_SCALARBYTES: number; | ||
| export const crypto_core_ed25519_UNIFORMBYTES: number; | ||
| export const crypto_secretstream_xchacha20poly1305_ABYTES: number; | ||
| export const crypto_secretstream_xchacha20poly1305_HEADERBYTES: number; | ||
| export const crypto_generichash_BYTES_MAX: number; | ||
| export const crypto_generichash_BYTES_MIN: number; | ||
| export const crypto_generichash_BYTES: number; | ||
| export const crypto_generichash_KEYBYTES_MAX: number; | ||
| export const crypto_generichash_KEYBYTES_MIN: number; | ||
| export const crypto_generichash_KEYBYTES: number; | ||
| export const crypto_pwhash_ALG_ARGON2I13: number; | ||
| export const crypto_pwhash_ALG_ARGON2ID13: number; | ||
| export const crypto_pwhash_ALG_DEFAULT: number; | ||
| export const crypto_pwhash_MEMLIMIT_INTERACTIVE: number; | ||
| export const crypto_pwhash_MEMLIMIT_MODERATE: number; | ||
| export const crypto_pwhash_MEMLIMIT_SENSITIVE: number; | ||
| export const crypto_pwhash_OPSLIMIT_INTERACTIVE: number; | ||
| export const crypto_pwhash_OPSLIMIT_MODERATE: number; | ||
| export const crypto_pwhash_OPSLIMIT_SENSITIVE: number; | ||
| export const crypto_scalarmult_ed25519_BYTES: number; | ||
| export const crypto_secretstream_xchacha20poly1305_KEYBYTES: number; | ||
| export const crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX: number; | ||
| export const crypto_scalarmult_ed25519_SCALARBYTES: number; | ||
| export const crypto_secretstream_xchacha20poly1305_TAG_FINAL: number; | ||
| export const crypto_secretstream_xchacha20poly1305_TAG_MESSAGE: number; | ||
| export const crypto_secretstream_xchacha20poly1305_TAG_PUSH: number; | ||
| export const crypto_secretstream_xchacha20poly1305_TAG_REKEY: number; | ||
| export const crypto_sign_PUBLICKEYBYTES: number; | ||
| export const crypto_sign_SECRETKEYBYTES: number; | ||
| export const crypto_sign_BYTES: number; | ||
| export const crypto_sign_SEEDBYTES: number; | ||
| export const crypto_auth_BYTES: number; | ||
| export const crypto_auth_KEYBYTES: number; | ||
| export const crypto_scalarmult_BYTES: number; | ||
| export const crypto_scalarmult_SCALARBYTES: number; | ||
| /** NOTE: Unofficial constant */ | ||
| export const crypto_secretstream_xchacha20poly1305_TAGBYTES: number; | ||
| export const crypto_box_SEALBYTES: number; | ||
| export const crypto_box_PUBLICKEYBYTES: number; | ||
| export const crypto_box_SECRETKEYBYTES: number; | ||
| export const crypto_box_MACBYTES: number; | ||
| export const crypto_box_NONCEBYTES: number; | ||
| export interface CryptoGenericHashWrap { | ||
| /** | ||
| * Zero out the data in `buffer`. | ||
| * Update the instance with a new piece of data. | ||
| * | ||
| * * `input` should be a buffer of any size. | ||
| */ | ||
| export function sodium_memzero(buffer: Buffer): void; | ||
| update(input: Buffer): void; | ||
| /** | ||
| * Lock the memory contained in `buffer`. | ||
| * Finalize the instance. | ||
| * | ||
| * * `output` should be a buffer as above with the same length you gave when creating the instance. | ||
| * | ||
| * The generated hash is stored in `output`. | ||
| */ | ||
| export function sodium_mlock(buffer: Buffer): void; | ||
| final(output: Buffer): void; | ||
| } | ||
| export interface CryptoStreamChacha20XorWrap { | ||
| /** | ||
| * Unlock previously `sodium_mlock`ed memory contained in `buffer`. This will also `sodium_memzero` `buffer`. | ||
| * Encrypt the next message | ||
| */ | ||
| export function sodium_munlock(buffer: Buffer): void; | ||
| update(ciphertext: Buffer, message: Buffer): void; | ||
| /** | ||
| * Allocate a buffer of `size` which is memory protected. See [libsodium docs](https://download.libsodium.org/doc/memory_management#guarded-heap-allocations) for details. Be aware that many Buffer | ||
| * methods may break the security guarantees of `sodium.sodium_malloc`'ed memory. To check if a `Buffer` is a "secure" buffer, you can call access the getter `buffer.secure` which will be `true`. | ||
| * Finalize the stream. Zeros out internal state. | ||
| */ | ||
| export function sodium_malloc(size: number): Buffer; | ||
| final(): void; | ||
| } | ||
| /** | ||
| * Make `buffer` allocated using `sodium.sodium_malloc` inaccessible, crashing the process if any access is attempted. | ||
| * Note that this will have no effect for normal `Buffer`s. | ||
| */ | ||
| export function sodium_mprotect_noaccess(buffer: Buffer): void; | ||
| export interface Xchacha20poly1305State { | ||
| _pad: Buffer; | ||
| nonce: Buffer; | ||
| k: Buffer; | ||
| } | ||
| export interface CryptoOneTimeAuthWrap { | ||
| /** | ||
| * Make `buffer` allocated using `sodium.sodium_malloc` read-only, crashing the process if any writing is attempted. | ||
| * Note that this will have no effect for normal `Buffer`s. | ||
| * Update the instance with a new piece of data. | ||
| * | ||
| * * `input` should be a buffer of any size. | ||
| */ | ||
| export function sodium_mprotect_readonly(buffer: Buffer): void; | ||
| update(input: Buffer): void; | ||
| /** | ||
| * Make `buffer` allocated using `sodium.sodium_malloc` read-write, undoing `sodium_mprotect_noaccess` or `sodium_mprotect_readonly`. | ||
| * Note that this will have no effect for normal `Buffer`s. | ||
| * Finalize the instance. | ||
| * | ||
| * * `output` should be a buffer of length `crypto_onetimeauth_BYTES`. | ||
| * | ||
| * The generated hash is stored in `output`. | ||
| */ | ||
| export function sodium_mprotect_readwrite(buffer: Buffer): void; | ||
| final(output: Buffer): void; | ||
| } | ||
| export interface CryptoHashSha256Wrap { | ||
| /** | ||
| * Generate a random 32-bit unsigned integer `[0, 0xffffffff]` (both inclusive) | ||
| * Update the instance with a new piece of data. | ||
| * | ||
| * * `input` should be a buffer of any size. | ||
| */ | ||
| export function randombytes_random(): number; | ||
| update(input: Buffer): void; | ||
| /** | ||
| * Generate a random 32-bit unsigned integer `[0, upper_bound)` (last exclusive). | ||
| * `upper_bound` must be `0xffffffff` at most. | ||
| * Finalize the instance. | ||
| * | ||
| * * `output` should be a buffer of length `crypto_hash_sha256_BYTES`. | ||
| * | ||
| * The generated hash is stored in `output`. | ||
| */ | ||
| export function randombytes_uniform(upper_bound: number): number; | ||
| final(output: Buffer): void; | ||
| } | ||
| /** | ||
| * Fill `buffer` with random data. | ||
| */ | ||
| export function randombytes_buf(buffer: Buffer): void; | ||
| export const crypto_aead_xchacha20poly1305_ietf_ABYTES: number; | ||
| export const crypto_aead_xchacha20poly1305_ietf_KEYBYTES: number; | ||
| /** Note this is `Number.MAX_SAFE_INTEGER` for now */ | ||
| export const crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX: number; | ||
| export const crypto_aead_xchacha20poly1305_ietf_NPUBBYTES: number; | ||
| export const crypto_aead_xchacha20poly1305_ietf_NSECBYTES: number; | ||
| export const crypto_core_ed25519_BYTES: number; | ||
| export const crypto_core_ed25519_NONREDUCEDSCALARBYTES: number; | ||
| export const crypto_core_ed25519_SCALARBYTES: number; | ||
| export const crypto_core_ed25519_UNIFORMBYTES: number; | ||
| export const crypto_secretstream_xchacha20poly1305_ABYTES: number; | ||
| export const crypto_secretstream_xchacha20poly1305_HEADERBYTES: number; | ||
| export const crypto_generichash_BYTES_MAX: number; | ||
| export const crypto_generichash_BYTES_MIN: number; | ||
| export const crypto_generichash_BYTES: number; | ||
| export const crypto_generichash_KEYBYTES_MAX: number; | ||
| export const crypto_generichash_KEYBYTES_MIN: number; | ||
| export const crypto_generichash_KEYBYTES: number; | ||
| export const crypto_pwhash_ALG_ARGON2I13: number; | ||
| export const crypto_pwhash_ALG_ARGON2ID13: number; | ||
| export const crypto_pwhash_ALG_DEFAULT: number; | ||
| export const crypto_pwhash_MEMLIMIT_INTERACTIVE: number; | ||
| export const crypto_pwhash_MEMLIMIT_MODERATE: number; | ||
| export const crypto_pwhash_MEMLIMIT_SENSITIVE: number; | ||
| export const crypto_pwhash_OPSLIMIT_INTERACTIVE: number; | ||
| export const crypto_pwhash_OPSLIMIT_MODERATE: number; | ||
| export const crypto_pwhash_OPSLIMIT_SENSITIVE: number; | ||
| export const crypto_scalarmult_ed25519_BYTES: number; | ||
| export const crypto_secretstream_xchacha20poly1305_KEYBYTES: number; | ||
| export const crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX: number; | ||
| export const crypto_scalarmult_ed25519_SCALARBYTES: number; | ||
| export const crypto_secretstream_xchacha20poly1305_TAG_FINAL: number; | ||
| export const crypto_secretstream_xchacha20poly1305_TAG_MESSAGE: number; | ||
| export const crypto_secretstream_xchacha20poly1305_TAG_PUSH: number; | ||
| export const crypto_secretstream_xchacha20poly1305_TAG_REKEY: number; | ||
| export const crypto_sign_PUBLICKEYBYTES: number; | ||
| export const crypto_sign_SECRETKEYBYTES: number; | ||
| export const crypto_sign_BYTES: number; | ||
| export const crypto_sign_SEEDBYTES: number; | ||
| export const crypto_auth_BYTES: number; | ||
| export const crypto_auth_KEYBYTES: number; | ||
| export const crypto_scalarmult_BYTES: number; | ||
| export const crypto_scalarmult_SCALARBYTES: number; | ||
| /** NOTE: Unofficial constant */ | ||
| export const crypto_secretstream_xchacha20poly1305_TAGBYTES: number; | ||
| export const crypto_box_SEALBYTES: number; | ||
| export const crypto_box_PUBLICKEYBYTES: number; | ||
| export const crypto_box_SECRETKEYBYTES: number; | ||
| export const crypto_box_MACBYTES: number; | ||
| export const crypto_box_NONCEBYTES: number; | ||
| /** | ||
| * Fill `buffer` with random data, generated from `seed`. | ||
| * `seed` must be a Buffer of at least `sodium.randombytes_SEEDBYTES` length | ||
| */ | ||
| export function randombytes_buf_deterministic(buffer: Buffer, seed: Buffer): void; | ||
| /** | ||
| * Zero out the data in `buffer`. | ||
| */ | ||
| export function sodium_memzero(buffer: Buffer): void; | ||
| /** | ||
| * Compare `b1` with `b2`, in **constant-time** for `b1.length`. | ||
| * | ||
| * * `b1` must be `Buffer` | ||
| * * `b2` must be `Buffer` and must be `b1.length` bytes | ||
| * | ||
| * Returns `true` when equal, otherwise `false`. | ||
| */ | ||
| export function sodium_memcmp(b1: Buffer, b2: Buffer): boolean; | ||
| /** | ||
| * Lock the memory contained in `buffer`. | ||
| */ | ||
| export function sodium_mlock(buffer: Buffer): void; | ||
| /** | ||
| * Compare `b1` with `b2`, regarding either as little-endian encoded number. | ||
| * | ||
| * * `b1` must be `Buffer` | ||
| * * `b2` must be `Buffer` and must be `b1.length` bytes | ||
| * | ||
| * Returns `1`, `0` or `-1` on whether `b1` is greater, equal or less than `b2`. | ||
| * This is the same scheme as `Array.prototype.sort` expect. | ||
| */ | ||
| export function sodium_compare(b1: Buffer, b2: Buffer): 1 | 0 | -1; | ||
| /** | ||
| * Unlock previously `sodium_mlock`ed memory contained in `buffer`. This will also `sodium_memzero` `buffer`. | ||
| */ | ||
| export function sodium_munlock(buffer: Buffer): void; | ||
| /** | ||
| * Adds `b` to `a` (wrapping), regarding either as little-endian encoded number, | ||
| * and writing the result into `a`. | ||
| * | ||
| * * `a` must be `Buffer` | ||
| * * `b` must be `Buffer` and must be `a.length` bytes | ||
| */ | ||
| export function sodium_add(a: Buffer, b: Buffer): void; | ||
| /** | ||
| * Allocate a buffer of `size` which is memory protected. See [libsodium docs](https://download.libsodium.org/doc/memory_management#guarded-heap-allocations) for details. Be aware that many Buffer | ||
| * methods may break the security guarantees of `sodium.sodium_malloc`'ed memory. To check if a `Buffer` is a "secure" buffer, you can call access the getter `buffer.secure` which will be `true`. | ||
| */ | ||
| export function sodium_malloc(size: number): Buffer; | ||
| /** | ||
| * Subtracts `b` from `a` (wrapping), regarding either as little-endian encoded | ||
| * number, and writing the result into `a`. | ||
| * | ||
| * * `a` must be `Buffer` | ||
| * * `b` must be `Buffer` and must be `a.length` bytes | ||
| */ | ||
| export function sodium_sub(a: Buffer, b: Buffer): void; | ||
| /** | ||
| * Make `buffer` allocated using `sodium.sodium_malloc` inaccessible, crashing the process if any access is attempted. | ||
| * Note that this will have no effect for normal `Buffer`s. | ||
| */ | ||
| export function sodium_mprotect_noaccess(buffer: Buffer): void; | ||
| /** | ||
| * Increment `buf` as a little-endian number. This operation is **constant-time** | ||
| * for the length of `buf`. | ||
| * | ||
| * * `buf` must be `Buffer` | ||
| */ | ||
| export function sodium_increment(buf: Buffer): void; | ||
| /** | ||
| * Make `buffer` allocated using `sodium.sodium_malloc` read-only, crashing the process if any writing is attempted. | ||
| * Note that this will have no effect for normal `Buffer`s. | ||
| */ | ||
| export function sodium_mprotect_readonly(buffer: Buffer): void; | ||
| /** | ||
| * Test whether `buf` is all zero for `len` bytes. This operation is | ||
| * **constant-time** for `len`. | ||
| * | ||
| * * `len` must be integer at most the length of `buf` | ||
| * | ||
| * Returns `true` if all `len` bytes are zero, otherwise `false`. | ||
| */ | ||
| export function sodium_is_zero(buf: Buffer, len: number): boolean; | ||
| /** | ||
| * Make `buffer` allocated using `sodium.sodium_malloc` read-write, undoing `sodium_mprotect_noaccess` or `sodium_mprotect_readonly`. | ||
| * Note that this will have no effect for normal `Buffer`s. | ||
| */ | ||
| export function sodium_mprotect_readwrite(buffer: Buffer): void; | ||
| /** | ||
| * Pad `buf` with random data from index `unpaddedLength` up to closest multiple of | ||
| * `blocksize`. | ||
| * | ||
| * * `buf` must be `Buffer` | ||
| * * `unpadded_buflen` must be integer at most `buf.length` | ||
| * * `blocksize` must be integer greater than 1 but at most `buf.length` | ||
| * | ||
| * Returns the length of the padded data (so you may `.slice` the buffer to here). | ||
| */ | ||
| export function sodium_pad(buf: Buffer, unpaddedLength: number, blocksize: number): number; | ||
| /** | ||
| * Generate a random 32-bit unsigned integer `[0, 0xffffffff]` (both inclusive) | ||
| */ | ||
| export function randombytes_random(): number; | ||
| /** | ||
| * Calculate `unpaddedLength` from a padded `buf` with `blocksize` | ||
| * | ||
| * * `buf` must be `Buffer` | ||
| * * `padded_buflen` must be integer at most `buf.length` | ||
| * * `blocksize` must be integer greater than 1 but at most `buf.length` | ||
| * | ||
| * Returns the length of the unpadded data (so you may `.slice` the buffer to here). | ||
| */ | ||
| export function sodium_unpad(buf: Buffer, paddedLength: number, blocksize: number): number; | ||
| /** | ||
| * Generate a random 32-bit unsigned integer `[0, upper_bound)` (last exclusive). | ||
| * `upper_bound` must be `0xffffffff` at most. | ||
| */ | ||
| export function randombytes_uniform(upper_bound: number): number; | ||
| /** | ||
| * Create a new keypair based on a seed. | ||
| * | ||
| * * `publicKey` should be a buffer with length `crypto_sign_PUBLICKEYBYTES`. | ||
| * * `secretKey` should be a buffer with length `crypto_sign_SECRETKEYBYTES`. | ||
| * * `seed` should be a buffer with length `crypto_sign_SEEDBYTES`. | ||
| * | ||
| * The generated public and secret key will be stored in passed in buffers. | ||
| */ | ||
| export function crypto_sign_seed_keypair(publicKey: Buffer, secretKey: Buffer, seed: Buffer): void; | ||
| /** | ||
| * Fill `buffer` with random data. | ||
| */ | ||
| export function randombytes_buf(buffer: Buffer): void; | ||
| /** | ||
| * Create a new keypair. | ||
| * | ||
| * * `publicKey` should be a buffer with length `crypto_sign_PUBLICKEYBYTES`. | ||
| * * `secretKey` should be a buffer with length `crypto_sign_SECRETKEYBYTES`. | ||
| * | ||
| * The generated public and secret key will be stored in passed in buffers. | ||
| */ | ||
| export function crypto_sign_keypair(publicKey: Buffer, secretKey: Buffer): void; | ||
| /** | ||
| * Fill `buffer` with random data, generated from `seed`. | ||
| * `seed` must be a Buffer of at least `sodium.randombytes_SEEDBYTES` length | ||
| */ | ||
| export function randombytes_buf_deterministic( | ||
| buffer: Buffer, | ||
| seed: Buffer | ||
| ): void; | ||
| /** | ||
| * Sign a message. | ||
| * | ||
| * * `signedMessage` should be a buffer with length `crypto_sign_BYTES + message.length`. | ||
| * * `message` should be a buffer of any length. | ||
| * * `secretKey` should be a secret key. | ||
| * | ||
| * The generated signed message will be stored in `signedMessage`. | ||
| */ | ||
| export function crypto_sign(signedMessage: Buffer, message: Buffer, secretKey: Buffer): void; | ||
| /** | ||
| * Compare `b1` with `b2`, in **constant-time** for `b1.length`. | ||
| * | ||
| * * `b1` must be `Buffer` | ||
| * * `b2` must be `Buffer` and must be `b1.length` bytes | ||
| * | ||
| * Returns `true` when equal, otherwise `false`. | ||
| */ | ||
| export function sodium_memcmp(b1: Buffer, b2: Buffer): boolean; | ||
| /** | ||
| * Verify and open a message. | ||
| * | ||
| * * `message` should be a buffer with length `signedMessage.length - crypto_sign_BYTES`. | ||
| * * `signedMessage` at least `crypto_sign_BYTES` length. | ||
| * * `publicKey` should be a public key. | ||
| * | ||
| * Will return `true` if the message could be verified. Otherwise `false`. | ||
| * If verified the originally signed message is stored in the `message` buffer. | ||
| */ | ||
| export function crypto_sign_open(message: Buffer, signedMessage: Buffer, publicKey: Buffer): boolean; | ||
| /** | ||
| * Compare `b1` with `b2`, regarding either as little-endian encoded number. | ||
| * | ||
| * * `b1` must be `Buffer` | ||
| * * `b2` must be `Buffer` and must be `b1.length` bytes | ||
| * | ||
| * Returns `1`, `0` or `-1` on whether `b1` is greater, equal or less than `b2`. | ||
| * This is the same scheme as `Array.prototype.sort` expect. | ||
| */ | ||
| export function sodium_compare(b1: Buffer, b2: Buffer): 1 | 0 | -1; | ||
| /** | ||
| * Same as `crypto_sign` except it only stores the signature. | ||
| * | ||
| * * `signature` should be a buffer with length `crypto_sign_BYTES`. | ||
| * * `message` should be a buffer of any length. | ||
| * * `secretKey` should be a secret key. | ||
| * | ||
| * The generated signature is stored in `signature`. | ||
| */ | ||
| export function crypto_sign_detached(signature: Buffer, message: Buffer, secretKey: Buffer): void; | ||
| /** | ||
| * Adds `b` to `a` (wrapping), regarding either as little-endian encoded number, | ||
| * and writing the result into `a`. | ||
| * | ||
| * * `a` must be `Buffer` | ||
| * * `b` must be `Buffer` and must be `a.length` bytes | ||
| */ | ||
| export function sodium_add(a: Buffer, b: Buffer): void; | ||
| /** | ||
| * Verify a signature. | ||
| * | ||
| * * `signature` should be a buffer with length `crypto_sign_BYTES`. | ||
| * * `message` should be a buffer of any length. | ||
| * * `publicKey` should be a public key. | ||
| * | ||
| * Will return `true` if the message could be verified. Otherwise `false`. | ||
| */ | ||
| export function crypto_sign_verify_detached(signature: Buffer, message: Buffer, publicKey: Buffer): boolean; | ||
| /** | ||
| * Subtracts `b` from `a` (wrapping), regarding either as little-endian encoded | ||
| * number, and writing the result into `a`. | ||
| * | ||
| * * `a` must be `Buffer` | ||
| * * `b` must be `Buffer` and must be `a.length` bytes | ||
| */ | ||
| export function sodium_sub(a: Buffer, b: Buffer): void; | ||
| /** | ||
| * Convert an ed25519 public key to curve25519 (which can be used with `box` and `scalarmult`) | ||
| * | ||
| * * `curve_pk` should be a buffer with length `crypto_box_PUBLICKEYBYTES` | ||
| * * `ed_pk` should be a buffer with length `crypto_sign_PUBLICKEYBYTES` | ||
| */ | ||
| export function crypto_sign_ed25519_pk_to_curve25519(curve_pk: Buffer, ed_pk: Buffer): void; | ||
| /** | ||
| * Increment `buf` as a little-endian number. This operation is **constant-time** | ||
| * for the length of `buf`. | ||
| * | ||
| * * `buf` must be `Buffer` | ||
| */ | ||
| export function sodium_increment(buf: Buffer): void; | ||
| /** | ||
| * Convert an ed25519 secret key to curve25519 (which can be used with `box` and `scalarmult`) | ||
| * | ||
| * * `curve_sk` should be a buffer with length `crypto_box_SECRETKEYBYTES` | ||
| * * `ed_sk` should be a buffer with length `crypto_sign_SECRETKEYBYTES` | ||
| */ | ||
| export function crypto_sign_ed25519_sk_to_curve25519(curve_sk: Buffer, ed_sk: Buffer): void; | ||
| /** | ||
| * Test whether `buf` is all zero for `len` bytes. This operation is | ||
| * **constant-time** for `len`. | ||
| * | ||
| * * `len` must be integer at most the length of `buf` | ||
| * | ||
| * Returns `true` if all `len` bytes are zero, otherwise `false`. | ||
| */ | ||
| export function sodium_is_zero(buf: Buffer, len: number): boolean; | ||
| /** | ||
| * Extract an ed25519 public key from an ed25519 secret key | ||
| * | ||
| * * `pk` must be `Buffer` of at least `crypto_sign_PUBLICKEYBYTES` bytes | ||
| * * `sk` must be `Buffer` of at least `crypto_sign_SECRETKEYBYTES` bytes | ||
| */ | ||
| export function crypto_sign_ed25519_sk_to_pk(pk: Buffer, sk: Buffer): void; | ||
| /** | ||
| * Pad `buf` with random data from index `unpaddedLength` up to closest multiple of | ||
| * `blocksize`. | ||
| * | ||
| * * `buf` must be `Buffer` | ||
| * * `unpadded_buflen` must be integer at most `buf.length` | ||
| * * `blocksize` must be integer greater than 1 but at most `buf.length` | ||
| * | ||
| * Returns the length of the padded data (so you may `.slice` the buffer to here). | ||
| */ | ||
| export function sodium_pad( | ||
| buf: Buffer, | ||
| unpaddedLength: number, | ||
| blocksize: number | ||
| ): number; | ||
| /** | ||
| * Hash a value with an optional key using the generichash method. | ||
| * | ||
| * * `output` should be a buffer with length within `crypto_generichash_BYTES_MIN` - `crypto_generichash_BYTES_MAX`. | ||
| * * `input` should be a buffer of any length. | ||
| * * `key` is an optional buffer of length within `crypto_generichash_KEYBYTES_MIN` - `crypto_generichash_KEYBYTES_MAX`. | ||
| * | ||
| * The generated hash is stored in `output`. | ||
| * | ||
| * Also exposes `crypto_generichash_BYTES` and `crypto_generichash_KEYBYTES` that can be used as "default" buffer sizes. | ||
| */ | ||
| export function crypto_generichash(output: Buffer, input: Buffer, key?: Buffer): void; | ||
| /** | ||
| * Calculate `unpaddedLength` from a padded `buf` with `blocksize` | ||
| * | ||
| * * `buf` must be `Buffer` | ||
| * * `padded_buflen` must be integer at most `buf.length` | ||
| * * `blocksize` must be integer greater than 1 but at most `buf.length` | ||
| * | ||
| * Returns the length of the unpadded data (so you may `.slice` the buffer to here). | ||
| */ | ||
| export function sodium_unpad( | ||
| buf: Buffer, | ||
| paddedLength: number, | ||
| blocksize: number | ||
| ): number; | ||
| /** | ||
| * Same as `crypto_generichash` except this hashes an array of buffers instead of a single one. | ||
| */ | ||
| export function crypto_generichash_batch(output: Buffer, inputArray: Buffer[], key?: Buffer): void; | ||
| /** | ||
| * Create a new keypair based on a seed. | ||
| * | ||
| * * `publicKey` should be a buffer with length `crypto_sign_PUBLICKEYBYTES`. | ||
| * * `secretKey` should be a buffer with length `crypto_sign_SECRETKEYBYTES`. | ||
| * * `seed` should be a buffer with length `crypto_sign_SEEDBYTES`. | ||
| * | ||
| * The generated public and secret key will be stored in passed in buffers. | ||
| */ | ||
| export function crypto_sign_seed_keypair( | ||
| publicKey: Buffer, | ||
| secretKey: Buffer, | ||
| seed: Buffer | ||
| ): void; | ||
| /** | ||
| * Create a generichash instance that can hash a stream of input buffers. | ||
| * | ||
| * * `key` is an optional buffer as above. | ||
| * * `outputLength` the buffer size of your output. | ||
| */ | ||
| export function crypto_generichash_instance(key?: Buffer, outputLength?: number): CryptoGenericHashWrap; | ||
| /** | ||
| * Create a new keypair. | ||
| * | ||
| * * `publicKey` should be a buffer with length `crypto_sign_PUBLICKEYBYTES`. | ||
| * * `secretKey` should be a buffer with length `crypto_sign_SECRETKEYBYTES`. | ||
| * | ||
| * The generated public and secret key will be stored in passed in buffers. | ||
| */ | ||
| export function crypto_sign_keypair( | ||
| publicKey: Buffer, | ||
| secretKey: Buffer | ||
| ): void; | ||
| /** | ||
| * Create a new keypair based on a seed. | ||
| * | ||
| * * `publicKey` should be a buffer with length `crypto_box_PUBLICKEYBYTES`. | ||
| * * `secretKey` should be a buffer with length `crypto_box_SECRETKEYBYTES`. | ||
| * * `seed` should be a buffer with length `crypto_box_SEEDBYTES`. | ||
| * | ||
| * The generated public and secret key will be stored in passed in buffers. | ||
| */ | ||
| export function crypto_box_seed_keypair(publicKey: Buffer, secretKey: Buffer, seed: Buffer): void; | ||
| /** | ||
| * Sign a message. | ||
| * | ||
| * * `signedMessage` should be a buffer with length `crypto_sign_BYTES + message.length`. | ||
| * * `message` should be a buffer of any length. | ||
| * * `secretKey` should be a secret key. | ||
| * | ||
| * The generated signed message will be stored in `signedMessage`. | ||
| */ | ||
| export function crypto_sign( | ||
| signedMessage: Buffer, | ||
| message: Buffer, | ||
| secretKey: Buffer | ||
| ): void; | ||
| /** | ||
| * Create a new keypair. | ||
| * | ||
| * * `publicKey` should be a buffer with length `crypto_box_PUBLICKEYBYTES`. | ||
| * * `secretKey` should be a buffer with length `crypto_box_SECRETKEYBYTES`. | ||
| * | ||
| * The generated public and secret key will be stored in passed in buffers. | ||
| */ | ||
| export function crypto_box_keypair(publicKey: Buffer, secretKey: Buffer): void; | ||
| /** | ||
| * Verify and open a message. | ||
| * | ||
| * * `message` should be a buffer with length `signedMessage.length - crypto_sign_BYTES`. | ||
| * * `signedMessage` at least `crypto_sign_BYTES` length. | ||
| * * `publicKey` should be a public key. | ||
| * | ||
| * Will return `true` if the message could be verified. Otherwise `false`. | ||
| * If verified the originally signed message is stored in the `message` buffer. | ||
| */ | ||
| export function crypto_sign_open( | ||
| message: Buffer, | ||
| signedMessage: Buffer, | ||
| publicKey: Buffer | ||
| ): boolean; | ||
| /** | ||
| * Encrypt a message. | ||
| * | ||
| * * `ciphertext` should be a buffer with length `message.length`. | ||
| * * `mac` should be a buffer with length `crypto_box_MACBYTES`. | ||
| * * `message` should be a buffer of any length. | ||
| * * `nonce` should be a buffer with length `crypto_box_NONCEBYTES`. | ||
| * * `publicKey` should be a public key. | ||
| * * `secretKey` should be a secret key. | ||
| * | ||
| * The encrypted message will be stored in `ciphertext` and the authentification code will be stored in `mac`. | ||
| */ | ||
| export function crypto_box_detached( | ||
| ciphertext: Buffer, | ||
| mac: Buffer, | ||
| message: Buffer, | ||
| nonce: Buffer, | ||
| publicKey: Buffer, | ||
| secretKey: Buffer, | ||
| ): void; | ||
| /** | ||
| * Same as `crypto_sign` except it only stores the signature. | ||
| * | ||
| * * `signature` should be a buffer with length `crypto_sign_BYTES`. | ||
| * * `message` should be a buffer of any length. | ||
| * * `secretKey` should be a secret key. | ||
| * | ||
| * The generated signature is stored in `signature`. | ||
| */ | ||
| export function crypto_sign_detached( | ||
| signature: Buffer, | ||
| message: Buffer, | ||
| secretKey: Buffer | ||
| ): void; | ||
| /** | ||
| * Same as `crypto_box_detached` except it encodes the mac in the message. | ||
| * | ||
| * * `ciphertext` should be a buffer with length `message.length + crypto_box_MACBYTES`. | ||
| * * `message` should be a buffer of any length. | ||
| * * `nonce` should be a buffer with length `crypto_box_NONCEBYTES`. | ||
| * * `publicKey` should be a public key. | ||
| * * `secretKey` should be a secret key. | ||
| * | ||
| * The encrypted message and authentification code will be stored in `ciphertext`. | ||
| */ | ||
| export function crypto_box_easy( | ||
| ciphertext: Buffer, | ||
| message: Buffer, | ||
| nonce: Buffer, | ||
| publicKey: Buffer, | ||
| secretKey: Buffer, | ||
| ): void; | ||
| /** | ||
| * Verify a signature. | ||
| * | ||
| * * `signature` should be a buffer with length `crypto_sign_BYTES`. | ||
| * * `message` should be a buffer of any length. | ||
| * * `publicKey` should be a public key. | ||
| * | ||
| * Will return `true` if the message could be verified. Otherwise `false`. | ||
| */ | ||
| export function crypto_sign_verify_detached( | ||
| signature: Buffer, | ||
| message: Buffer, | ||
| publicKey: Buffer | ||
| ): boolean; | ||
| /** | ||
| * Decrypt a message. | ||
| * | ||
| * * `message` should be a buffer with length `ciphertext.length`. | ||
| * * `mac` should be a buffer with length `crypto_box_MACBYTES`. | ||
| * * `ciphertext` should be a buffer of any length. | ||
| * * `nonce` should be a buffer with length `crypto_box_NONCEBYTES`. | ||
| * * `publicKey` should be a public key. | ||
| * * `secretKey` should be a secret key. | ||
| * | ||
| * Returns `true` if the message could be decrypted. Otherwise `false`. | ||
| * | ||
| * The decrypted message will be stored in `message`. | ||
| */ | ||
| export function crypto_box_open_detached( | ||
| message: Buffer, | ||
| ciphertext: Buffer, | ||
| mac: Buffer, | ||
| nonce: Buffer, | ||
| publicKey: Buffer, | ||
| secretKey: Buffer, | ||
| ): boolean; | ||
| /** | ||
| * Convert an ed25519 public key to curve25519 (which can be used with `box` and `scalarmult`) | ||
| * | ||
| * * `curve_pk` should be a buffer with length `crypto_box_PUBLICKEYBYTES` | ||
| * * `ed_pk` should be a buffer with length `crypto_sign_PUBLICKEYBYTES` | ||
| */ | ||
| export function crypto_sign_ed25519_pk_to_curve25519( | ||
| curve_pk: Buffer, | ||
| ed_pk: Buffer | ||
| ): void; | ||
| /** | ||
| * Decrypt a message encoded with the easy method. | ||
| * | ||
| * * `message` should be a buffer with length `ciphertext.length - crypto_box_MACBYTES`. | ||
| * * `ciphertext` should be a buffer with length at least `crypto_box_MACBYTES`. | ||
| * * `nonce` should be a buffer with length `crypto_box_NONCEBYTES`. | ||
| * * `publicKey` should be a public key. | ||
| * * `secretKey` should be a secret key. | ||
| * | ||
| * Returns `true` if the message could be decrypted. Otherwise `false`. | ||
| * | ||
| * The decrypted message will be stored in `message`. | ||
| */ | ||
| export function crypto_box_open_easy( | ||
| message: Buffer, | ||
| ciphertext: Buffer, | ||
| nonce: Buffer, | ||
| publicKey: Buffer, | ||
| secretKey: Buffer, | ||
| ): boolean; | ||
| /** | ||
| * Convert an ed25519 secret key to curve25519 (which can be used with `box` and `scalarmult`) | ||
| * | ||
| * * `curve_sk` should be a buffer with length `crypto_box_SECRETKEYBYTES` | ||
| * * `ed_sk` should be a buffer with length `crypto_sign_SECRETKEYBYTES` | ||
| */ | ||
| export function crypto_sign_ed25519_sk_to_curve25519( | ||
| curve_sk: Buffer, | ||
| ed_sk: Buffer | ||
| ): void; | ||
| /** | ||
| * Encrypt a message in a sealed box using a throwaway keypair. | ||
| * The ciphertext cannot be associated with the sender due to the sender's key | ||
| * being a single use keypair that is overwritten during encryption. | ||
| * | ||
| * * `ciphertext` should be a buffer with length at least `message.length + crypto_box_SEALBYTES`. | ||
| * * `message` should be a buffer with any length. | ||
| * * `publicKey` should be the receipent's public key. | ||
| */ | ||
| export function crypto_box_seal(ciphertext: Buffer, message: Buffer, publicKey: Buffer): void; | ||
| /** | ||
| * Extract an ed25519 public key from an ed25519 secret key | ||
| * | ||
| * * `pk` must be `Buffer` of at least `crypto_sign_PUBLICKEYBYTES` bytes | ||
| * * `sk` must be `Buffer` of at least `crypto_sign_SECRETKEYBYTES` bytes | ||
| */ | ||
| export function crypto_sign_ed25519_sk_to_pk(pk: Buffer, sk: Buffer): void; | ||
| /** | ||
| * Decrypt a message encoded with the sealed box method. | ||
| * | ||
| * * `message` should be a buffer with length at least `ciphertext.length - crypto_box_SEALBYTES`. | ||
| * * `ciphertext` should be a buffer with length at least `crypto_box_SEALBYTES`. | ||
| * * `publicKey` should be the receipient's public key. | ||
| * * `secretKey` should be the receipient's secret key. | ||
| * | ||
| * Note: the keypair of the recipient is required here, both public and secret key. | ||
| * This is because during encryption the recipient's public key is used to generate | ||
| * the nonce. The throwaway public key generated by the sender is stored in the first | ||
| * `crypto_box_PUBLICKEYBYTE`'s of the ciphertext. | ||
| */ | ||
| export function crypto_box_seal_open(message: Buffer, ciphertext: Buffer, publicKey: Buffer, secretKey: Buffer): void; | ||
| /** | ||
| * Hash a value with an optional key using the generichash method. | ||
| * | ||
| * * `output` should be a buffer with length within `crypto_generichash_BYTES_MIN` - `crypto_generichash_BYTES_MAX`. | ||
| * * `input` should be a buffer of any length. | ||
| * * `key` is an optional buffer of length within `crypto_generichash_KEYBYTES_MIN` - `crypto_generichash_KEYBYTES_MAX`. | ||
| * | ||
| * The generated hash is stored in `output`. | ||
| * | ||
| * Also exposes `crypto_generichash_BYTES` and `crypto_generichash_KEYBYTES` that can be used as "default" buffer sizes. | ||
| */ | ||
| export function crypto_generichash( | ||
| output: Buffer, | ||
| input: Buffer, | ||
| key?: Buffer | ||
| ): void; | ||
| /** | ||
| * Encrypt a message. | ||
| * | ||
| * * `ciphertext` should be a buffer with length `message.length`. | ||
| * * `mac` should be a buffer with length `crypto_secretbox_MACBYTES`. | ||
| * * `message` should be a buffer of any length. | ||
| * * `nonce` should be a buffer with length `crypto_secretbox_NONCEBYTES`. | ||
| * * `secretKey` should be a secret key with legnth `crypto_secretbox_KEYBYTES`. | ||
| * | ||
| * The encrypted message will be stored in `ciphertext` and the authentification code will be stored in `mac`. | ||
| */ | ||
| export function crypto_secretbox_detached( | ||
| ciphertext: Buffer, | ||
| mac: Buffer, | ||
| message: Buffer, | ||
| nonce: Buffer, | ||
| secretKey: Buffer, | ||
| ): void; | ||
| /** | ||
| * Same as `crypto_generichash` except this hashes an array of buffers instead of a single one. | ||
| */ | ||
| export function crypto_generichash_batch( | ||
| output: Buffer, | ||
| inputArray: Buffer[], | ||
| key?: Buffer | ||
| ): void; | ||
| /** | ||
| * Same as `crypto_secretbox_detached` except it encodes the mac in the message. | ||
| * | ||
| * * `ciphertext` should be a buffer with length `message.length + crypto_secretbox_MACBYTES`. | ||
| * * `message` should be a buffer of any length. | ||
| * * `nonce` should be a buffer with length `crypto_secretbox_NONCEBYTES`. | ||
| * * `secretKey` should be a secret key with length `crypto_secretbox_KEYBYTES`. | ||
| */ | ||
| export function crypto_secretbox_easy(ciphertext: Buffer, message: Buffer, nonce: Buffer, secretKey: Buffer): void; | ||
| /** | ||
| * Create a generichash instance that can hash a stream of input buffers. | ||
| * | ||
| * * `key` is an optional buffer as above. | ||
| * * `outputLength` the buffer size of your output. | ||
| */ | ||
| export function crypto_generichash_instance( | ||
| key?: Buffer, | ||
| outputLength?: number | ||
| ): CryptoGenericHashWrap; | ||
| /** | ||
| * Decrypt a message. | ||
| * | ||
| * * `message` should be a buffer with length `ciphertext.length`. | ||
| * * `mac` should be a buffer with length `crypto_secretbox_MACBYTES`. | ||
| * * `ciphertext` should be a buffer of any length. | ||
| * * `nonce` should be a buffer with length `crypto_secretbox_NONCEBYTES`. | ||
| * * `secretKey` should be a secret key. | ||
| * | ||
| * Returns `true` if the message could be decrypted. Otherwise `false`. | ||
| * | ||
| * The decrypted message will be stored in `message`. | ||
| */ | ||
| export function crypto_secretbox_open_detached( | ||
| message: Buffer, | ||
| ciphertext: Buffer, | ||
| mac: Buffer, | ||
| nonce: Buffer, | ||
| secretKey: Buffer, | ||
| ): boolean; | ||
| /** | ||
| * Create a new keypair based on a seed. | ||
| * | ||
| * * `publicKey` should be a buffer with length `crypto_box_PUBLICKEYBYTES`. | ||
| * * `secretKey` should be a buffer with length `crypto_box_SECRETKEYBYTES`. | ||
| * * `seed` should be a buffer with length `crypto_box_SEEDBYTES`. | ||
| * | ||
| * The generated public and secret key will be stored in passed in buffers. | ||
| */ | ||
| export function crypto_box_seed_keypair( | ||
| publicKey: Buffer, | ||
| secretKey: Buffer, | ||
| seed: Buffer | ||
| ): void; | ||
| /** | ||
| * Decrypt a message encoded with the easy method. | ||
| * | ||
| * * `message` should be a buffer with length `ciphertext.length - crypto_secretbox_MACBYTES`. | ||
| * * `ciphertext` should be a buffer with length at least `crypto_secretbox_MACBYTES`. | ||
| * * `nonce` should be a buffer with length `crypto_secretbox_NONCEBYTES`. | ||
| * * `secretKey` should be a secret key. | ||
| * | ||
| * Returns `true` if the message could be decrypted. Otherwise `false`. | ||
| * | ||
| * The decrypted message will be stored in `message`. | ||
| */ | ||
| export function crypto_secretbox_open_easy( | ||
| message: Buffer, | ||
| ciphertext: Buffer, | ||
| nonce: Buffer, | ||
| secretKey: Buffer, | ||
| ): boolean; | ||
| /** | ||
| * Create a new keypair. | ||
| * | ||
| * * `publicKey` should be a buffer with length `crypto_box_PUBLICKEYBYTES`. | ||
| * * `secretKey` should be a buffer with length `crypto_box_SECRETKEYBYTES`. | ||
| * | ||
| * The generated public and secret key will be stored in passed in buffers. | ||
| */ | ||
| export function crypto_box_keypair( | ||
| publicKey: Buffer, | ||
| secretKey: Buffer | ||
| ): void; | ||
| /** | ||
| * Generate a new encryption key. | ||
| * | ||
| * * `key` should be a buffer of length `crypto_aead_xchacha20poly1305_ietf_KEYBYTES`. | ||
| * | ||
| * The generated key is stored in `key`. | ||
| */ | ||
| export function crypto_aead_xchacha20poly1305_ietf_keygen(key: Buffer): void; | ||
| /** | ||
| * Encrypt a message. | ||
| * | ||
| * * `ciphertext` should be a buffer with length `message.length`. | ||
| * * `mac` should be a buffer with length `crypto_box_MACBYTES`. | ||
| * * `message` should be a buffer of any length. | ||
| * * `nonce` should be a buffer with length `crypto_box_NONCEBYTES`. | ||
| * * `publicKey` should be a public key. | ||
| * * `secretKey` should be a secret key. | ||
| * | ||
| * The encrypted message will be stored in `ciphertext` and the authentification code will be stored in `mac`. | ||
| */ | ||
| export function crypto_box_detached( | ||
| ciphertext: Buffer, | ||
| mac: Buffer, | ||
| message: Buffer, | ||
| nonce: Buffer, | ||
| publicKey: Buffer, | ||
| secretKey: Buffer | ||
| ): void; | ||
| /** | ||
| * Encrypt a message with (`npub`, `key`) and optional additional data `ad`. | ||
| * | ||
| * * `ciphertext` should be a `Buffer` of size `message.length + crypto_aead_xchacha20poly1305_ietf_ABYTES`. | ||
| * * `message` should be a `Buffer`. | ||
| * * `ad` is optional and should be `null` or `Buffer`. Included in the computation | ||
| * of authentication tag appended to the message. | ||
| * * `nullValue` is in the position of the unused `nsec` argument. This should always be `null`. | ||
| * * `npub` should be `Buffer` of length `crypto_aead_xchacha20poly1305_ietf_NPUBBYTES`. | ||
| * * `key` should be a `Buffer` of length `crypto_aead_xchacha20poly1305_ietf_KEYBYTES`. | ||
| * | ||
| * Returns how many bytes were written to `ciphertext`. Note that in-place | ||
| * encryption is possible. | ||
| */ | ||
| export function crypto_aead_xchacha20poly1305_ietf_encrypt( | ||
| ciphertext: Buffer, | ||
| message: Buffer, | ||
| ad: Buffer | null, | ||
| nullValue: null, | ||
| npub: Buffer, | ||
| key: Buffer, | ||
| ): void; | ||
| /** | ||
| * Same as `crypto_box_detached` except it encodes the mac in the message. | ||
| * | ||
| * * `ciphertext` should be a buffer with length `message.length + crypto_box_MACBYTES`. | ||
| * * `message` should be a buffer of any length. | ||
| * * `nonce` should be a buffer with length `crypto_box_NONCEBYTES`. | ||
| * * `publicKey` should be a public key. | ||
| * * `secretKey` should be a secret key. | ||
| * | ||
| * The encrypted message and authentification code will be stored in `ciphertext`. | ||
| */ | ||
| export function crypto_box_easy( | ||
| ciphertext: Buffer, | ||
| message: Buffer, | ||
| nonce: Buffer, | ||
| publicKey: Buffer, | ||
| secretKey: Buffer | ||
| ): void; | ||
| /** | ||
| * Decrypt a message with (`npub`, `key`) and optional additional data `ad`. | ||
| * | ||
| * * `message` should be a `Buffer` of size | ||
| * `ciphertext.length - crypto_aead_xchacha20poly1305_ietf_ABYTES`. | ||
| * * `nullValue` is in the position of the unused `nsec` argument. This should always be | ||
| * `null`. | ||
| * * `ciphertext` should be a `Buffer`. | ||
| * * `ad` is optional and should be `null` or `Buffer`. Included in the computation | ||
| * of authentication tag appended to the message. | ||
| * * `npub` should be `Buffer` of length `crypto_aead_xchacha20poly1305_ietf_NPUBBYTES`. | ||
| * * `key` should be a `Buffer` of length `crypto_aead_xchacha20poly1305_ietf_KEYBYTES`. | ||
| * | ||
| * Returns how many bytes were written to `message`. Note that in-place | ||
| * encryption is possible. | ||
| */ | ||
| export function crypto_aead_xchacha20poly1305_ietf_decrypt( | ||
| message: Buffer, | ||
| nullValue: null, | ||
| ciphertext: Buffer, | ||
| ad: Buffer | null, | ||
| npub: Buffer, | ||
| key: Buffer, | ||
| ): void; | ||
| /** | ||
| * Decrypt a message. | ||
| * | ||
| * * `message` should be a buffer with length `ciphertext.length`. | ||
| * * `mac` should be a buffer with length `crypto_box_MACBYTES`. | ||
| * * `ciphertext` should be a buffer of any length. | ||
| * * `nonce` should be a buffer with length `crypto_box_NONCEBYTES`. | ||
| * * `publicKey` should be a public key. | ||
| * * `secretKey` should be a secret key. | ||
| * | ||
| * Returns `true` if the message could be decrypted. Otherwise `false`. | ||
| * | ||
| * The decrypted message will be stored in `message`. | ||
| */ | ||
| export function crypto_box_open_detached( | ||
| message: Buffer, | ||
| ciphertext: Buffer, | ||
| mac: Buffer, | ||
| nonce: Buffer, | ||
| publicKey: Buffer, | ||
| secretKey: Buffer | ||
| ): boolean; | ||
| /** | ||
| * Encrypt a message with (`npub`, `key`) and optional additional data `ad`. | ||
| * | ||
| * * `ciphertext` should be a `Buffer` of size `message.length`. | ||
| * * `mac` should be `Buffer` of size `crypto_aead_xchacha20poly1305_ietf_ABYTES`. | ||
| * * `message` should be a `Buffer`. | ||
| * * `ad` is optional and should be `null` or `Buffer`. Included in the computation | ||
| * of authentication tag appended to the message. | ||
| * * `nullValue` is in the position of the unused `nsec` argument. This should always be `null`. | ||
| * * `npub` should be `Buffer` of length `crypto_aead_xchacha20poly1305_ietf_NPUBBYTES`. | ||
| * * `key` should be a `Buffer` of length `crypto_aead_xchacha20poly1305_ietf_KEYBYTES`. | ||
| * | ||
| * Returns how many bytes were written to `mac`. Note that in-place | ||
| * encryption is possible. | ||
| */ | ||
| export function crypto_aead_xchacha20poly1305_ietf_encrypt_detached( | ||
| ciphertext: Buffer, | ||
| mac: Buffer, | ||
| message: Buffer, | ||
| ad: Buffer | null, | ||
| nullValue: null, | ||
| npub: Buffer, | ||
| key: Buffer, | ||
| ): void; | ||
| /** | ||
| * Decrypt a message encoded with the easy method. | ||
| * | ||
| * * `message` should be a buffer with length `ciphertext.length - crypto_box_MACBYTES`. | ||
| * * `ciphertext` should be a buffer with length at least `crypto_box_MACBYTES`. | ||
| * * `nonce` should be a buffer with length `crypto_box_NONCEBYTES`. | ||
| * * `publicKey` should be a public key. | ||
| * * `secretKey` should be a secret key. | ||
| * | ||
| * Returns `true` if the message could be decrypted. Otherwise `false`. | ||
| * | ||
| * The decrypted message will be stored in `message`. | ||
| */ | ||
| export function crypto_box_open_easy( | ||
| message: Buffer, | ||
| ciphertext: Buffer, | ||
| nonce: Buffer, | ||
| publicKey: Buffer, | ||
| secretKey: Buffer | ||
| ): boolean; | ||
| /** | ||
| * Decrypt a message with (`npub`, `key`) and optional additional data `ad`. | ||
| * | ||
| * * `message` should be a `Buffer` of size `ciphertext.length`. | ||
| * * `nullValue` is in the position of the unused `nsec` argument. This should always be `null`. | ||
| * * `ciphertext` should be a `Buffer`. | ||
| * * `mac` should be `Buffer` of size `crypto_aead_xchacha20poly1305_ietf_ABYTES`. | ||
| * * `ad` is optional and should be `null` or `Buffer`. Included in the computation | ||
| * of authentication tag appended to the message. | ||
| * * `npub` should be `Buffer` of length `crypto_aead_xchacha20poly1305_ietf_NPUBBYTES`. | ||
| * * `key` should be a `Buffer` of length `crypto_aead_xchacha20poly1305_ietf_KEYBYTES`. | ||
| * | ||
| * Returns nothing, but will throw on in case the MAC cannot be authenticated. Note | ||
| * that in-place encryption is possible. | ||
| */ | ||
| export function crypto_aead_xchacha20poly1305_ietf_decrypt_detached( | ||
| message: Buffer, | ||
| nullValue: null, | ||
| ciphertext: Buffer, | ||
| mac: Buffer, | ||
| ad: Buffer | null, | ||
| npub: Buffer, | ||
| key: Buffer, | ||
| ): void; | ||
| /** | ||
| * Encrypt a message in a sealed box using a throwaway keypair. | ||
| * The ciphertext cannot be associated with the sender due to the sender's key | ||
| * being a single use keypair that is overwritten during encryption. | ||
| * | ||
| * * `ciphertext` should be a buffer with length at least `message.length + crypto_box_SEALBYTES`. | ||
| * * `message` should be a buffer with any length. | ||
| * * `publicKey` should be the receipent's public key. | ||
| */ | ||
| export function crypto_box_seal( | ||
| ciphertext: Buffer, | ||
| message: Buffer, | ||
| publicKey: Buffer | ||
| ): void; | ||
| /** | ||
| * Generate random data based on a nonce and key into the ciphertext. | ||
| * | ||
| * * `ciphertext` should be a buffer of any size. | ||
| * * `nonce` should be a buffer with length `crypto_stream_NONCEBYTES`. | ||
| * * `key` should be a secret key with length `crypto_stream_KEYBYTES`. | ||
| * | ||
| * The generated data is stored in `ciphertext`. | ||
| */ | ||
| export function crypto_stream(ciphertext: Buffer, nonce: Buffer, key: Buffer): void; | ||
| /** | ||
| * Decrypt a message encoded with the sealed box method. | ||
| * | ||
| * * `message` should be a buffer with length at least `ciphertext.length - crypto_box_SEALBYTES`. | ||
| * * `ciphertext` should be a buffer with length at least `crypto_box_SEALBYTES`. | ||
| * * `publicKey` should be the receipient's public key. | ||
| * * `secretKey` should be the receipient's secret key. | ||
| * | ||
| * Note: the keypair of the recipient is required here, both public and secret key. | ||
| * This is because during encryption the recipient's public key is used to generate | ||
| * the nonce. The throwaway public key generated by the sender is stored in the first | ||
| * `crypto_box_PUBLICKEYBYTE`'s of the ciphertext. | ||
| */ | ||
| export function crypto_box_seal_open( | ||
| message: Buffer, | ||
| ciphertext: Buffer, | ||
| publicKey: Buffer, | ||
| secretKey: Buffer | ||
| ): void; | ||
| /** | ||
| * Encrypt, but *not* authenticate, a message based on a nonce and key | ||
| * | ||
| * * `ciphertext` should be a buffer with length `message.length`. | ||
| * * `message` should be a buffer of any size. | ||
| * * `nonce` should be a buffer with length `crypto_stream_NONCEBYTES`. | ||
| * * `key` should be a secret key with length `crypto_stream_KEYBYTES`. | ||
| * | ||
| * The encrypted data is stored in `ciphertext`. To decrypt, swap `ciphertext` and `message`. | ||
| * Also supports in-place encryption where you use the same buffer as `ciphertext` and `message`. | ||
| * | ||
| * Encryption defaults to XSalsa20, use `crypto_stream_chacha20_xor` if you want | ||
| * to encrypt/decrypt with ChaCha20 instead. | ||
| * | ||
| */ | ||
| export function crypto_stream_xor(ciphertext: Buffer, message: Buffer, nonce: Buffer, key: Buffer): void; | ||
| /** | ||
| * Encrypt a message. | ||
| * | ||
| * * `ciphertext` should be a buffer with length `message.length`. | ||
| * * `mac` should be a buffer with length `crypto_secretbox_MACBYTES`. | ||
| * * `message` should be a buffer of any length. | ||
| * * `nonce` should be a buffer with length `crypto_secretbox_NONCEBYTES`. | ||
| * * `secretKey` should be a secret key with legnth `crypto_secretbox_KEYBYTES`. | ||
| * | ||
| * The encrypted message will be stored in `ciphertext` and the authentification code will be stored in `mac`. | ||
| */ | ||
| export function crypto_secretbox_detached( | ||
| ciphertext: Buffer, | ||
| mac: Buffer, | ||
| message: Buffer, | ||
| nonce: Buffer, | ||
| secretKey: Buffer | ||
| ): void; | ||
| /** | ||
| * Encrypt, but *not* authenticate, a message based on a nonce and key | ||
| * | ||
| * * `ciphertext` should be a buffer with length `message.length`. | ||
| * * `message` should be a buffer of any size. | ||
| * * `nonce` should be a buffer with length `crypto_stream_NONCEBYTES`. | ||
| * * `key` should be a secret key with length `crypto_stream_KEYBYTES`. | ||
| * | ||
| * The encrypted data is stored in `ciphertext`. To decrypt, swap `ciphertext` and `message`. | ||
| * Also supports in-place encryption where you use the same buffer as `ciphertext` and `message`. | ||
| */ | ||
| export function crypto_stream_chacha20_xor(ciphertext: Buffer, message: Buffer, nonce: Buffer, key: Buffer): void; | ||
| /** | ||
| * Same as `crypto_secretbox_detached` except it encodes the mac in the message. | ||
| * | ||
| * * `ciphertext` should be a buffer with length `message.length + crypto_secretbox_MACBYTES`. | ||
| * * `message` should be a buffer of any length. | ||
| * * `nonce` should be a buffer with length `crypto_secretbox_NONCEBYTES`. | ||
| * * `secretKey` should be a secret key with length `crypto_secretbox_KEYBYTES`. | ||
| */ | ||
| export function crypto_secretbox_easy( | ||
| ciphertext: Buffer, | ||
| message: Buffer, | ||
| nonce: Buffer, | ||
| secretKey: Buffer | ||
| ): void; | ||
| /** | ||
| * A streaming instance to the `crypto_stream_xor` api. Pass a nonce and key in the constructor. | ||
| * | ||
| * Encryption defaults to XSalsa20, use `crypto_stream_chacha20_xor_instance` if | ||
| * you want to encrypt/decrypt with ChaCha20 instead. | ||
| */ | ||
| export function crypto_stream_xor_instance(nonce: Buffer, key: Buffer): CryptoStreamChacha20XorWrap; | ||
| /** | ||
| * Decrypt a message. | ||
| * | ||
| * * `message` should be a buffer with length `ciphertext.length`. | ||
| * * `mac` should be a buffer with length `crypto_secretbox_MACBYTES`. | ||
| * * `ciphertext` should be a buffer of any length. | ||
| * * `nonce` should be a buffer with length `crypto_secretbox_NONCEBYTES`. | ||
| * * `secretKey` should be a secret key. | ||
| * | ||
| * Returns `true` if the message could be decrypted. Otherwise `false`. | ||
| * | ||
| * The decrypted message will be stored in `message`. | ||
| */ | ||
| export function crypto_secretbox_open_detached( | ||
| message: Buffer, | ||
| ciphertext: Buffer, | ||
| mac: Buffer, | ||
| nonce: Buffer, | ||
| secretKey: Buffer | ||
| ): boolean; | ||
| /** | ||
| * | ||
| * A streaming instance to the `crypto_stream_xor` api. Pass a nonce and key in the constructor. | ||
| */ | ||
| export function crypto_stream_chacha20_xor_instance(nonce: Buffer, key: Buffer): CryptoStreamChacha20XorWrap; | ||
| /** | ||
| * Decrypt a message encoded with the easy method. | ||
| * | ||
| * * `message` should be a buffer with length `ciphertext.length - crypto_secretbox_MACBYTES`. | ||
| * * `ciphertext` should be a buffer with length at least `crypto_secretbox_MACBYTES`. | ||
| * * `nonce` should be a buffer with length `crypto_secretbox_NONCEBYTES`. | ||
| * * `secretKey` should be a secret key. | ||
| * | ||
| * Returns `true` if the message could be decrypted. Otherwise `false`. | ||
| * | ||
| * The decrypted message will be stored in `message`. | ||
| */ | ||
| export function crypto_secretbox_open_easy( | ||
| message: Buffer, | ||
| ciphertext: Buffer, | ||
| nonce: Buffer, | ||
| secretKey: Buffer | ||
| ): boolean; | ||
| /** | ||
| * Create an authentication token. | ||
| * | ||
| * * `output` should be a buffer of length `crypto_auth_BYTES`. | ||
| * * `input` should be a buffer of any size. | ||
| * * `key` should be a buffer of lenght `crypto_auth_KEYBYTES`. | ||
| * | ||
| * The generated token is stored in `output`. | ||
| */ | ||
| export function crypto_auth(output: Buffer, input: Buffer, key: Buffer): void; | ||
| /** | ||
| * Generate a new encryption key. | ||
| * | ||
| * * `key` should be a buffer of length `crypto_aead_xchacha20poly1305_ietf_KEYBYTES`. | ||
| * | ||
| * The generated key is stored in `key`. | ||
| */ | ||
| export function crypto_aead_xchacha20poly1305_ietf_keygen(key: Buffer): void; | ||
| /** | ||
| * Verify a token. | ||
| * | ||
| * * `output` should be a buffer of length `crypto_auth_BYTES`. | ||
| * * `input` should be a buffer of any size. | ||
| * * `key` should be a buffer of lenght `crypto_auth_KEYBYTES`. | ||
| * | ||
| * Returns `true` if the token could be verified. Otherwise `false`. | ||
| * | ||
| */ | ||
| export function crypto_auth_verify(output: Buffer, input: Buffer, key: Buffer): boolean; | ||
| /** | ||
| * Encrypt a message with (`npub`, `key`) and optional additional data `ad`. | ||
| * | ||
| * * `ciphertext` should be a `Buffer` of size `message.length + crypto_aead_xchacha20poly1305_ietf_ABYTES`. | ||
| * * `message` should be a `Buffer`. | ||
| * * `ad` is optional and should be `null` or `Buffer`. Included in the computation | ||
| * of authentication tag appended to the message. | ||
| * * `nullValue` is in the position of the unused `nsec` argument. This should always be `null`. | ||
| * * `npub` should be `Buffer` of length `crypto_aead_xchacha20poly1305_ietf_NPUBBYTES`. | ||
| * * `key` should be a `Buffer` of length `crypto_aead_xchacha20poly1305_ietf_KEYBYTES`. | ||
| * | ||
| * Returns how many bytes were written to `ciphertext`. Note that in-place | ||
| * encryption is possible. | ||
| */ | ||
| export function crypto_aead_xchacha20poly1305_ietf_encrypt( | ||
| ciphertext: Buffer, | ||
| message: Buffer, | ||
| ad: Buffer | null, | ||
| nullValue: null, | ||
| npub: Buffer, | ||
| key: Buffer | ||
| ): void; | ||
| /** | ||
| * Generate a new encryption key. | ||
| * | ||
| * * `key` should be a buffer of length `crypto_secretstream_xchacha20poly1305_KEYBYTES`. | ||
| * | ||
| * The generated key is stored in `key`. | ||
| * function crypto_secretstream_xchacha20poly1305_keygen(key) | ||
| * | ||
| * Create a new stream state. Returns an opaque object used in the next methods. | ||
| */ | ||
| export function crypto_secretstream_xchacha20poly1305_state_new(): Xchacha20poly1305State; | ||
| /** | ||
| * Decrypt a message with (`npub`, `key`) and optional additional data `ad`. | ||
| * | ||
| * * `message` should be a `Buffer` of size | ||
| * `ciphertext.length - crypto_aead_xchacha20poly1305_ietf_ABYTES`. | ||
| * * `nullValue` is in the position of the unused `nsec` argument. This should always be | ||
| * `null`. | ||
| * * `ciphertext` should be a `Buffer`. | ||
| * * `ad` is optional and should be `null` or `Buffer`. Included in the computation | ||
| * of authentication tag appended to the message. | ||
| * * `npub` should be `Buffer` of length `crypto_aead_xchacha20poly1305_ietf_NPUBBYTES`. | ||
| * * `key` should be a `Buffer` of length `crypto_aead_xchacha20poly1305_ietf_KEYBYTES`. | ||
| * | ||
| * Returns how many bytes were written to `message`. Note that in-place | ||
| * encryption is possible. | ||
| */ | ||
| export function crypto_aead_xchacha20poly1305_ietf_decrypt( | ||
| message: Buffer, | ||
| nullValue: null, | ||
| ciphertext: Buffer, | ||
| ad: Buffer | null, | ||
| npub: Buffer, | ||
| key: Buffer | ||
| ): void; | ||
| /** | ||
| * Initialise `state` from the writer side with message `header` and | ||
| * encryption key `key`. The header must be sent or stored with the stream. | ||
| * The key must be exchanged securely with the receiving / reading side. | ||
| * | ||
| * * `state` should be an opaque state object. | ||
| * * `header` should be a buffer of size `crypto_secretstream_xchacha20poly1305_HEADERBYTES`. | ||
| * * `key` should be a buffer of length `crypto_secretstream_xchacha20poly1305_KEYBYTES`. | ||
| */ | ||
| export function crypto_secretstream_xchacha20poly1305_init_push( | ||
| state: Xchacha20poly1305State, | ||
| header: Buffer, | ||
| key: Buffer, | ||
| ): void; | ||
| /** | ||
| * Encrypt a message with (`npub`, `key`) and optional additional data `ad`. | ||
| * | ||
| * * `ciphertext` should be a `Buffer` of size `message.length`. | ||
| * * `mac` should be `Buffer` of size `crypto_aead_xchacha20poly1305_ietf_ABYTES`. | ||
| * * `message` should be a `Buffer`. | ||
| * * `ad` is optional and should be `null` or `Buffer`. Included in the computation | ||
| * of authentication tag appended to the message. | ||
| * * `nullValue` is in the position of the unused `nsec` argument. This should always be `null`. | ||
| * * `npub` should be `Buffer` of length `crypto_aead_xchacha20poly1305_ietf_NPUBBYTES`. | ||
| * * `key` should be a `Buffer` of length `crypto_aead_xchacha20poly1305_ietf_KEYBYTES`. | ||
| * | ||
| * Returns how many bytes were written to `mac`. Note that in-place | ||
| * encryption is possible. | ||
| */ | ||
| export function crypto_aead_xchacha20poly1305_ietf_encrypt_detached( | ||
| ciphertext: Buffer, | ||
| mac: Buffer, | ||
| message: Buffer, | ||
| ad: Buffer | null, | ||
| nullValue: null, | ||
| npub: Buffer, | ||
| key: Buffer | ||
| ): void; | ||
| /** | ||
| * Encrypt a message with a certain tag and optional additional data `ad`. | ||
| * | ||
| * * `state` should be an opaque state object. | ||
| * * `ciphertext` should be a buffer of size `message.length + crypto_secretstream_xchacha20poly1305_ABYTES`. | ||
| * * `message` should be a buffer. | ||
| * * `ad` is optional and should be `null` or `Buffer`. Included in the computation | ||
| * of authentication tag appended to the message. | ||
| * * `tag` should be `Buffer` of length `crypto_secretstream_xchacha20poly1305_TAGBYTES` | ||
| * | ||
| * Note that `tag` should be one of the `crypto_secretstream_xchacha20poly1305_TAG_*` constants. | ||
| * Returns number of encrypted bytes written to `ciphertext`. | ||
| */ | ||
| export function crypto_secretstream_xchacha20poly1305_push( | ||
| state: Xchacha20poly1305State, | ||
| ciphertext: Buffer, | ||
| message: Buffer, | ||
| ad: Buffer | null, | ||
| tag: Buffer, | ||
| ): void; | ||
| /** | ||
| * Decrypt a message with (`npub`, `key`) and optional additional data `ad`. | ||
| * | ||
| * * `message` should be a `Buffer` of size `ciphertext.length`. | ||
| * * `nullValue` is in the position of the unused `nsec` argument. This should always be `null`. | ||
| * * `ciphertext` should be a `Buffer`. | ||
| * * `mac` should be `Buffer` of size `crypto_aead_xchacha20poly1305_ietf_ABYTES`. | ||
| * * `ad` is optional and should be `null` or `Buffer`. Included in the computation | ||
| * of authentication tag appended to the message. | ||
| * * `npub` should be `Buffer` of length `crypto_aead_xchacha20poly1305_ietf_NPUBBYTES`. | ||
| * * `key` should be a `Buffer` of length `crypto_aead_xchacha20poly1305_ietf_KEYBYTES`. | ||
| * | ||
| * Returns nothing, but will throw on in case the MAC cannot be authenticated. Note | ||
| * that in-place encryption is possible. | ||
| */ | ||
| export function crypto_aead_xchacha20poly1305_ietf_decrypt_detached( | ||
| message: Buffer, | ||
| nullValue: null, | ||
| ciphertext: Buffer, | ||
| mac: Buffer, | ||
| ad: Buffer | null, | ||
| npub: Buffer, | ||
| key: Buffer | ||
| ): void; | ||
| /** | ||
| * Initialise `state` from the reader side with message `header` and | ||
| * encryption key `key`. The header must be retrieved from somewhere. | ||
| * The key must be exchanged securely with the sending / writing side. | ||
| * | ||
| * * `state` should be an opaque state object. | ||
| * * `header` should be a buffer of size `crypto_secretstream_xchacha20poly1305_HEADERBYTES`. | ||
| * * `key` should be a buffer of length `crypto_secretstream_xchacha20poly1305_KEYBYTES`. | ||
| */ | ||
| export function crypto_secretstream_xchacha20poly1305_init_pull( | ||
| state: Xchacha20poly1305State, | ||
| header: Buffer, | ||
| key: Buffer, | ||
| ): void; | ||
| /** | ||
| * Generate random data based on a nonce and key into the ciphertext. | ||
| * | ||
| * * `ciphertext` should be a buffer of any size. | ||
| * * `nonce` should be a buffer with length `crypto_stream_NONCEBYTES`. | ||
| * * `key` should be a secret key with length `crypto_stream_KEYBYTES`. | ||
| * | ||
| * The generated data is stored in `ciphertext`. | ||
| */ | ||
| export function crypto_stream( | ||
| ciphertext: Buffer, | ||
| nonce: Buffer, | ||
| key: Buffer | ||
| ): void; | ||
| /** | ||
| * Decrypt a message with optional additional data `ad`, and write message tag to | ||
| * `tag`. Make sure to check this! | ||
| * | ||
| * * `state` should be an opaque state object. | ||
| * * `message` should be a buffer of size `ciphertext.length - crypto_secretstream_xchacha20poly1305_ABYTES`. | ||
| * * `tag` should be a buffer of `crypto_secretstream_xchacha20poly1305_TAGBYTES`. | ||
| * * `ad` is optional and should be `null` or `Buffer`. Included in the computation | ||
| * of the authentication tag appended to the message. | ||
| * | ||
| * Note that `tag` should be one of the `crypto_secretstream_xchacha20poly1305_TAG_*` constants. | ||
| * Returns number of decrypted bytes written to `message`. | ||
| */ | ||
| export function crypto_secretstream_xchacha20poly1305_pull( | ||
| state: Xchacha20poly1305State, | ||
| message: Buffer, | ||
| tag: Buffer, | ||
| ciphertext: Buffer, | ||
| ad: Buffer | null, | ||
| ): void; | ||
| /** | ||
| * Encrypt, but *not* authenticate, a message based on a nonce and key | ||
| * | ||
| * * `ciphertext` should be a buffer with length `message.length`. | ||
| * * `message` should be a buffer of any size. | ||
| * * `nonce` should be a buffer with length `crypto_stream_NONCEBYTES`. | ||
| * * `key` should be a secret key with length `crypto_stream_KEYBYTES`. | ||
| * | ||
| * The encrypted data is stored in `ciphertext`. To decrypt, swap `ciphertext` and `message`. | ||
| * Also supports in-place encryption where you use the same buffer as `ciphertext` and `message`. | ||
| * | ||
| * Encryption defaults to XSalsa20, use `crypto_stream_chacha20_xor` if you want | ||
| * to encrypt/decrypt with ChaCha20 instead. | ||
| * | ||
| */ | ||
| export function crypto_stream_xor( | ||
| ciphertext: Buffer, | ||
| message: Buffer, | ||
| nonce: Buffer, | ||
| key: Buffer | ||
| ): void; | ||
| /** | ||
| * Rekey the opaque `state` object. | ||
| */ | ||
| export function crypto_secretstream_xchacha20poly1305_rekey(state: Xchacha20poly1305State): void; | ||
| /** | ||
| * Encrypt, but *not* authenticate, a message based on a nonce and key | ||
| * | ||
| * * `ciphertext` should be a buffer with length `message.length`. | ||
| * * `message` should be a buffer of any size. | ||
| * * `nonce` should be a buffer with length `crypto_stream_NONCEBYTES`. | ||
| * * `key` should be a secret key with length `crypto_stream_KEYBYTES`. | ||
| * | ||
| * The encrypted data is stored in `ciphertext`. To decrypt, swap `ciphertext` and `message`. | ||
| * Also supports in-place encryption where you use the same buffer as `ciphertext` and `message`. | ||
| */ | ||
| export function crypto_stream_chacha20_xor( | ||
| ciphertext: Buffer, | ||
| message: Buffer, | ||
| nonce: Buffer, | ||
| key: Buffer | ||
| ): void; | ||
| /** | ||
| * Create a authentication token based on a onetime key. | ||
| * | ||
| * * `output` should be a buffer of length `crypto_onetimauth_BYTES`. | ||
| * * `input` should be a buffer of any size. | ||
| * * `key` should be a buffer of length `crypto_onetimeauth_KEYBYTES`. | ||
| * | ||
| * The generated token is stored in `output`. | ||
| */ | ||
| export function crypto_onetimeauth(output: Buffer, input: Buffer, key: Buffer): void; | ||
| /** | ||
| * A streaming instance to the `crypto_stream_xor` api. Pass a nonce and key in the constructor. | ||
| * | ||
| * Encryption defaults to XSalsa20, use `crypto_stream_chacha20_xor_instance` if | ||
| * you want to encrypt/decrypt with ChaCha20 instead. | ||
| */ | ||
| export function crypto_stream_xor_instance( | ||
| nonce: Buffer, | ||
| key: Buffer | ||
| ): CryptoStreamChacha20XorWrap; | ||
| /** | ||
| * Verify a token. | ||
| * | ||
| * * `output` should be a buffer of length `crypto_onetimeauth_BYTES`. | ||
| * * `input` should be a buffer of any size. | ||
| * * `key` should be a buffer of lenght `crypto_onetimeauth_KEYBYTES`. | ||
| * | ||
| * Returns `true` if the token could be verified. Otherwise `false`. | ||
| */ | ||
| export function crypto_onetimeauth_verify(output: Buffer, input: Buffer, key: Buffer): boolean; | ||
| /** | ||
| * | ||
| * A streaming instance to the `crypto_stream_xor` api. Pass a nonce and key in the constructor. | ||
| */ | ||
| export function crypto_stream_chacha20_xor_instance( | ||
| nonce: Buffer, | ||
| key: Buffer | ||
| ): CryptoStreamChacha20XorWrap; | ||
| /** | ||
| * Create an instance that create a token from a onetime key and a stream of input data. | ||
| * | ||
| * * `key` should be a buffer of length `crypto_onetimeauth_KEYBYTES`. | ||
| */ | ||
| export function crypto_onetimeauth_instance(key: Buffer): CryptoOneTimeAuthWrap; | ||
| /** | ||
| * Create an authentication token. | ||
| * | ||
| * * `output` should be a buffer of length `crypto_auth_BYTES`. | ||
| * * `input` should be a buffer of any size. | ||
| * * `key` should be a buffer of lenght `crypto_auth_KEYBYTES`. | ||
| * | ||
| * The generated token is stored in `output`. | ||
| */ | ||
| export function crypto_auth(output: Buffer, input: Buffer, key: Buffer): void; | ||
| /** | ||
| * Create a password hash. | ||
| * | ||
| * * `output` should be a buffer with length within `crypto_pwhash_BYTES_MIN` - `crypto_pwhash_BYTES_MAX`. | ||
| * * `password` should be a buffer of any size. | ||
| * * `salt` should be a buffer with length `crypto_pwhash_SALTBYTES`. | ||
| * * `opslimit` should a be number containing your ops limit setting in the range `crypto_pwhash_OPSLIMIT_MIN` - `crypto_pwhash_OPSLIMIT_MAX`. | ||
| * * `memlimit` should a be number containing your mem limit setting in the range `crypto_pwhash_MEMLIMIT_MIN` - `crypto_pwhash_OPSLIMIT_MAX`. | ||
| * * `algorithm` should be a number specifying the algorithm you want to use. | ||
| * | ||
| * Available default ops and mem limits are | ||
| * | ||
| * * `crypto_pwhash_OPSLIMIT_INTERACTIVE` | ||
| * * `crypto_pwhash_OPSLIMIT_MODERATE` | ||
| * * `crypto_pwhash_OPSLIMIT_SENSITIVE` | ||
| * * `crypto_pwhash_MEMLIMIT_INTERACTIVE` | ||
| * * `crypto_pwhash_MEMLIMIT_MODERATE` | ||
| * * `crypto_pwhash_MEMLIMIT_SENSITIVE` | ||
| * | ||
| * The available algorithms are | ||
| * | ||
| * * `crypto_pwhash_ALG_DEFAULT` | ||
| * * `crypto_pwhash_ALG_ARGON2ID13` | ||
| * * `crypto_pwhash_ALG_ARGON2I13` | ||
| * | ||
| * The generated hash will be stored in `output` and the entire `output` buffer will be used. | ||
| */ | ||
| export function crypto_pwhash( | ||
| output: Buffer, | ||
| password: Buffer, | ||
| salt: Buffer, | ||
| opslimit: number, | ||
| memlimit: number, | ||
| algorithm: number, | ||
| ): void; | ||
| /** | ||
| * Verify a token. | ||
| * | ||
| * * `output` should be a buffer of length `crypto_auth_BYTES`. | ||
| * * `input` should be a buffer of any size. | ||
| * * `key` should be a buffer of lenght `crypto_auth_KEYBYTES`. | ||
| * | ||
| * Returns `true` if the token could be verified. Otherwise `false`. | ||
| * | ||
| */ | ||
| export function crypto_auth_verify( | ||
| output: Buffer, | ||
| input: Buffer, | ||
| key: Buffer | ||
| ): boolean; | ||
| /** | ||
| * Create a password hash with a random salt. | ||
| * | ||
| * * `output` should be a buffer with length `crypto_pwhash_STRBYTES`. | ||
| * * `password` should be a buffer of any size. | ||
| * * `opslimit` should a be number containing your ops limit setting in the range `crypto_pwhash_OPSLIMIT_MIN` - `crypto_pwhash_OPSLIMIT_MAX`. | ||
| * * `memlimit` should a be number containing your mem limit setting in the range `crypto_pwhash_MEMLIMIT_MIN` - `crypto_pwhash_OPSLIMIT_MAX`. | ||
| * | ||
| * The generated hash, settings, salt, version and algorithm will be stored in `output` and the entire `output` buffer will be used. | ||
| */ | ||
| export function crypto_pwhash_str(output: Buffer, password: Buffer, opslimit: number, memlimit: number): void; | ||
| /** | ||
| * Generate a new encryption key. | ||
| * | ||
| * * `key` should be a buffer of length `crypto_secretstream_xchacha20poly1305_KEYBYTES`. | ||
| * | ||
| * The generated key is stored in `key`. | ||
| * function crypto_secretstream_xchacha20poly1305_keygen(key) | ||
| * | ||
| * Create a new stream state. Returns an opaque object used in the next methods. | ||
| */ | ||
| export function crypto_secretstream_xchacha20poly1305_state_new(): Xchacha20poly1305State; | ||
| /** | ||
| * Verify a password hash generated with the above method. | ||
| * | ||
| * * `str` should be a buffer with length `crypto_pwhash_STRBYTES`. | ||
| * * `password` should be a buffer of any size. | ||
| * | ||
| * Returns `true` if the hash could be verified with the settings contained in `str`. Otherwise `false`. | ||
| */ | ||
| export function crypto_pwhash_str_verify(str: Buffer, password: Buffer): boolean; | ||
| /** | ||
| * Initialise `state` from the writer side with message `header` and | ||
| * encryption key `key`. The header must be sent or stored with the stream. | ||
| * The key must be exchanged securely with the receiving / reading side. | ||
| * | ||
| * * `state` should be an opaque state object. | ||
| * * `header` should be a buffer of size `crypto_secretstream_xchacha20poly1305_HEADERBYTES`. | ||
| * * `key` should be a buffer of length `crypto_secretstream_xchacha20poly1305_KEYBYTES`. | ||
| */ | ||
| export function crypto_secretstream_xchacha20poly1305_init_push( | ||
| state: Xchacha20poly1305State, | ||
| header: Buffer, | ||
| key: Buffer | ||
| ): void; | ||
| /** | ||
| * Check if a password hash needs rehash, either because the default algorithm | ||
| * changed, opslimit or memlimit increased or because the hash is malformed. | ||
| * | ||
| * * `hash` should be a buffer with length `crypto_pwhash_STRBYTES`. | ||
| * * `opslimit` should a be number containing your ops limit setting in the range `crypto_pwhash_OPSLIMIT_MIN` - `crypto_pwhash_OPSLIMIT_MAX`. | ||
| * * `memlimit` should a be number containing your mem limit setting in the range `crypto_pwhash_MEMLIMIT_MIN` - `crypto_pwhash_OPSLIMIT_MAX`. | ||
| * | ||
| * Returns `true` if the hash should be rehashed the settings contained in `str`. | ||
| * Otherwise `false` if it is still good. | ||
| */ | ||
| export function crypto_pwhash_str_needs_rehash(hash: Buffer, opslimit: number, memlimit: number): boolean; | ||
| /** | ||
| * Encrypt a message with a certain tag and optional additional data `ad`. | ||
| * | ||
| * * `state` should be an opaque state object. | ||
| * * `ciphertext` should be a buffer of size `message.length + crypto_secretstream_xchacha20poly1305_ABYTES`. | ||
| * * `message` should be a buffer. | ||
| * * `ad` is optional and should be `null` or `Buffer`. Included in the computation | ||
| * of authentication tag appended to the message. | ||
| * * `tag` should be `Buffer` of length `crypto_secretstream_xchacha20poly1305_TAGBYTES` | ||
| * | ||
| * Note that `tag` should be one of the `crypto_secretstream_xchacha20poly1305_TAG_*` constants. | ||
| * Returns number of encrypted bytes written to `ciphertext`. | ||
| */ | ||
| export function crypto_secretstream_xchacha20poly1305_push( | ||
| state: Xchacha20poly1305State, | ||
| ciphertext: Buffer, | ||
| message: Buffer, | ||
| ad: Buffer | null, | ||
| tag: Buffer | ||
| ): void; | ||
| /** | ||
| * Just like `crypto_pwhash` but will run password hashing on a seperate worker so it will not block the event loop. `callback(err)` will receive any errors from the hashing but all argument | ||
| * errors will `throw`. The resulting hash is written to `output`. This function also supports [`async_hook`s](https://nodejs.org/dist/latest/docs/api/async_hooks.html) as the type | ||
| * `sodium-native:crypto_pwhash_async` | ||
| */ | ||
| export function crypto_pwhash_async( | ||
| output: Buffer, | ||
| password: Buffer, | ||
| salt: Buffer, | ||
| opslimit: number, | ||
| memlimit: number, | ||
| algorithm: number, | ||
| callback: (err: Error | null) => void, | ||
| ): void; | ||
| /** | ||
| * Initialise `state` from the reader side with message `header` and | ||
| * encryption key `key`. The header must be retrieved from somewhere. | ||
| * The key must be exchanged securely with the sending / writing side. | ||
| * | ||
| * * `state` should be an opaque state object. | ||
| * * `header` should be a buffer of size `crypto_secretstream_xchacha20poly1305_HEADERBYTES`. | ||
| * * `key` should be a buffer of length `crypto_secretstream_xchacha20poly1305_KEYBYTES`. | ||
| */ | ||
| export function crypto_secretstream_xchacha20poly1305_init_pull( | ||
| state: Xchacha20poly1305State, | ||
| header: Buffer, | ||
| key: Buffer | ||
| ): void; | ||
| /** | ||
| * Just like `crypto_pwhash_str` but will run password hashing on a seperate worker so it will not block the event loop. `callback(err)` will receive any errors from the hashing but all argument | ||
| * errors will `throw`. The resulting hash with parameters is written to `output`. This function also supports [`async_hook`s](https://nodejs.org/dist/latest/docs/api/async_hooks.html) as the type | ||
| * `sodium-native:crypto_pwhash_str_async` | ||
| */ | ||
| export function crypto_pwhash_str_async( | ||
| output: Buffer, | ||
| password: Buffer, | ||
| opslimit: number, | ||
| memlimit: number, | ||
| callback: (err: Error | null) => void, | ||
| ): void; | ||
| /** | ||
| * Decrypt a message with optional additional data `ad`, and write message tag to | ||
| * `tag`. Make sure to check this! | ||
| * | ||
| * * `state` should be an opaque state object. | ||
| * * `message` should be a buffer of size `ciphertext.length - crypto_secretstream_xchacha20poly1305_ABYTES`. | ||
| * * `tag` should be a buffer of `crypto_secretstream_xchacha20poly1305_TAGBYTES`. | ||
| * * `ad` is optional and should be `null` or `Buffer`. Included in the computation | ||
| * of the authentication tag appended to the message. | ||
| * | ||
| * Note that `tag` should be one of the `crypto_secretstream_xchacha20poly1305_TAG_*` constants. | ||
| * Returns number of decrypted bytes written to `message`. | ||
| */ | ||
| export function crypto_secretstream_xchacha20poly1305_pull( | ||
| state: Xchacha20poly1305State, | ||
| message: Buffer, | ||
| tag: Buffer, | ||
| ciphertext: Buffer, | ||
| ad: Buffer | null | ||
| ): void; | ||
| /** | ||
| * Just like `crypto_pwhash_str_verify` but will run password hashing on a seperate worker so it will not block the event loop. `callback(err, bool)` will receive any errors from the hashing but | ||
| * all argument errors will `throw`. If the verification succeeds `bool` is `true`, otherwise `false`. Due to an issue with libsodium `err` is currently never set. This function also supports | ||
| * [`async_hook`s](https://nodejs.org/dist/latest/docs/api/async_hooks.html) as the type `sodium-native:crypto_pwhash_str_verify_async` | ||
| */ | ||
| export function crypto_pwhash_str_verify_async( | ||
| str: Buffer, | ||
| password: Buffer, | ||
| callback: (err: Error | null, bool: boolean) => void, | ||
| ): void; | ||
| /** | ||
| * Rekey the opaque `state` object. | ||
| */ | ||
| export function crypto_secretstream_xchacha20poly1305_rekey( | ||
| state: Xchacha20poly1305State | ||
| ): void; | ||
| /** | ||
| * Create a key exchange key pair. | ||
| * | ||
| * * `publicKey` should be a buffer of length `crypto_kx_PUBLICKEYBYTES`. | ||
| * * `secretKey` should be a buffer of length `crypto_kx_SECRETKEYBYTES`. | ||
| */ | ||
| export function crypto_kx_keypair(publicKey: Buffer, secretKey: Buffer): void; | ||
| /** | ||
| * Create a authentication token based on a onetime key. | ||
| * | ||
| * * `output` should be a buffer of length `crypto_onetimauth_BYTES`. | ||
| * * `input` should be a buffer of any size. | ||
| * * `key` should be a buffer of length `crypto_onetimeauth_KEYBYTES`. | ||
| * | ||
| * The generated token is stored in `output`. | ||
| */ | ||
| export function crypto_onetimeauth( | ||
| output: Buffer, | ||
| input: Buffer, | ||
| key: Buffer | ||
| ): void; | ||
| /** | ||
| * Create a key exchange key pair based on a seed. | ||
| * | ||
| * * `publicKey` should be a buffer of length `crypto_kx_PUBLICKEYBYTES`. | ||
| * * `secretKey` should be a buffer of length `crypto_kx_SECRETKEYBYTES`. | ||
| * * `seed` should be a buffer of length `crypto_kx_SEEDBYTES` | ||
| */ | ||
| export function crypto_kx_seed_keypair(publicKey: Buffer, secretKey: Buffer, seed: Buffer): void; | ||
| /** | ||
| * Verify a token. | ||
| * | ||
| * * `output` should be a buffer of length `crypto_onetimeauth_BYTES`. | ||
| * * `input` should be a buffer of any size. | ||
| * * `key` should be a buffer of lenght `crypto_onetimeauth_KEYBYTES`. | ||
| * | ||
| * Returns `true` if the token could be verified. Otherwise `false`. | ||
| */ | ||
| export function crypto_onetimeauth_verify( | ||
| output: Buffer, | ||
| input: Buffer, | ||
| key: Buffer | ||
| ): boolean; | ||
| /** | ||
| * Generate a session receive and transmission key for a client. | ||
| * The public / secret keys should be generated using the key pair method above. | ||
| * | ||
| * * `rx` should be a buffer of length `crypto_kx_SESSIONKEYBYTES` or `null`. | ||
| * * `tx` should be a buffer of length `crypto_kx_SESSIONKEYBYTES` or `null`. | ||
| * | ||
| * You should use the `rx` to decrypt incoming data and `tx` to encrypt outgoing. | ||
| * If you need to make a one-way or half-duplex channel you can give only one of | ||
| * `rx` or `tx`. | ||
| */ | ||
| export function crypto_kx_client_session_keys( | ||
| rx: Buffer | null, | ||
| tx: Buffer | null, | ||
| clientPublicKey: Buffer, | ||
| clientSecretKey: Buffer, | ||
| serverPublicKey: Buffer, | ||
| ): void; | ||
| /** | ||
| * Create an instance that create a token from a onetime key and a stream of input data. | ||
| * | ||
| * * `key` should be a buffer of length `crypto_onetimeauth_KEYBYTES`. | ||
| */ | ||
| export function crypto_onetimeauth_instance( | ||
| key: Buffer | ||
| ): CryptoOneTimeAuthWrap; | ||
| /** | ||
| * Generate a session receive and transmission key for a server. | ||
| * The public / secret keys should be generated using the key pair method above. | ||
| * | ||
| * * `rx` should be a buffer of length `crypto_kx_SESSIONKEYBYTES` or `null`. | ||
| * * `tx` should be a buffer of length `crypto_kx_SESSIONKEYBYTES` or `null`. | ||
| * | ||
| * You should use the `rx` to decrypt incoming data and `tx` to encrypt outgoing. | ||
| * If you need to make a one-way or half-duplex channel you can give only one of | ||
| * `rx` or `tx`. | ||
| */ | ||
| export function crypto_kx_server_session_keys( | ||
| rx: Buffer | null, | ||
| tx: Buffer | null, | ||
| serverPublicKey: Buffer, | ||
| serverSecretKey: Buffer, | ||
| clientPublicKey: Buffer, | ||
| ): void; | ||
| /** | ||
| * Create a password hash. | ||
| * | ||
| * * `output` should be a buffer with length within `crypto_pwhash_BYTES_MIN` - `crypto_pwhash_BYTES_MAX`. | ||
| * * `password` should be a buffer of any size. | ||
| * * `salt` should be a buffer with length `crypto_pwhash_SALTBYTES`. | ||
| * * `opslimit` should a be number containing your ops limit setting in the range `crypto_pwhash_OPSLIMIT_MIN` - `crypto_pwhash_OPSLIMIT_MAX`. | ||
| * * `memlimit` should a be number containing your mem limit setting in the range `crypto_pwhash_MEMLIMIT_MIN` - `crypto_pwhash_OPSLIMIT_MAX`. | ||
| * * `algorithm` should be a number specifying the algorithm you want to use. | ||
| * | ||
| * Available default ops and mem limits are | ||
| * | ||
| * * `crypto_pwhash_OPSLIMIT_INTERACTIVE` | ||
| * * `crypto_pwhash_OPSLIMIT_MODERATE` | ||
| * * `crypto_pwhash_OPSLIMIT_SENSITIVE` | ||
| * * `crypto_pwhash_MEMLIMIT_INTERACTIVE` | ||
| * * `crypto_pwhash_MEMLIMIT_MODERATE` | ||
| * * `crypto_pwhash_MEMLIMIT_SENSITIVE` | ||
| * | ||
| * The available algorithms are | ||
| * | ||
| * * `crypto_pwhash_ALG_DEFAULT` | ||
| * * `crypto_pwhash_ALG_ARGON2ID13` | ||
| * * `crypto_pwhash_ALG_ARGON2I13` | ||
| * | ||
| * The generated hash will be stored in `output` and the entire `output` buffer will be used. | ||
| */ | ||
| export function crypto_pwhash( | ||
| output: Buffer, | ||
| password: Buffer, | ||
| salt: Buffer, | ||
| opslimit: number, | ||
| memlimit: number, | ||
| algorithm: number | ||
| ): void; | ||
| /** | ||
| * Create a scalar multiplication public key based on a secret key | ||
| * | ||
| * * `publicKey` should be a buffer of length `crypto_scalarmult_BYTES`. | ||
| * * `secretKey` should be a buffer of length `crypto_scalarmult_SCALARBYTES`. | ||
| * | ||
| * The generated public key is stored in `publicKey`. | ||
| */ | ||
| export function crypto_scalarmult_base(publicKey: Buffer, secretKey: Buffer): void; | ||
| /** | ||
| * Create a password hash with a random salt. | ||
| * | ||
| * * `output` should be a buffer with length `crypto_pwhash_STRBYTES`. | ||
| * * `password` should be a buffer of any size. | ||
| * * `opslimit` should a be number containing your ops limit setting in the range `crypto_pwhash_OPSLIMIT_MIN` - `crypto_pwhash_OPSLIMIT_MAX`. | ||
| * * `memlimit` should a be number containing your mem limit setting in the range `crypto_pwhash_MEMLIMIT_MIN` - `crypto_pwhash_OPSLIMIT_MAX`. | ||
| * | ||
| * The generated hash, settings, salt, version and algorithm will be stored in `output` and the entire `output` buffer will be used. | ||
| */ | ||
| export function crypto_pwhash_str( | ||
| output: Buffer, | ||
| password: Buffer, | ||
| opslimit: number, | ||
| memlimit: number | ||
| ): void; | ||
| /** | ||
| * Derive a shared secret from a local secret key and a remote public key. | ||
| * | ||
| * * `sharedSecret` shoudl be a buffer of length `crypto_scalarmult_BYTES`. | ||
| * * `secretKey` should be a buffer of length `crypto_scalarmult_SCALARBYTES`. | ||
| * * `remotePublicKey` should be a buffer of length `crypto_scalarmult_BYTES`. | ||
| * | ||
| * The generated shared secret is stored in `sharedSecret`. | ||
| */ | ||
| export function crypto_scalarmult(sharedSecret: Buffer, secretKey: Buffer, remotePublicKey: Buffer): void; | ||
| /** | ||
| * Verify a password hash generated with the above method. | ||
| * | ||
| * * `str` should be a buffer with length `crypto_pwhash_STRBYTES`. | ||
| * * `password` should be a buffer of any size. | ||
| * | ||
| * Returns `true` if the hash could be verified with the settings contained in `str`. Otherwise `false`. | ||
| */ | ||
| export function crypto_pwhash_str_verify( | ||
| str: Buffer, | ||
| password: Buffer | ||
| ): boolean; | ||
| /** | ||
| * > The crypto_core_ed25519_is_valid_point() function checks that p represents | ||
| * > a point on the edwards25519 curve, in canonical form, on the main subgroup, | ||
| * > and that the point doesn't have a small order. | ||
| * | ||
| * * `p` must be `Buffer` of at least `crypto_core_ed25519_BYTES` bytes | ||
| * | ||
| * Returns `true` or `false` | ||
| */ | ||
| export function crypto_core_ed25519_is_valid_point(p: Buffer): boolean; | ||
| /** | ||
| * Check if a password hash needs rehash, either because the default algorithm | ||
| * changed, opslimit or memlimit increased or because the hash is malformed. | ||
| * | ||
| * * `hash` should be a buffer with length `crypto_pwhash_STRBYTES`. | ||
| * * `opslimit` should a be number containing your ops limit setting in the range `crypto_pwhash_OPSLIMIT_MIN` - `crypto_pwhash_OPSLIMIT_MAX`. | ||
| * * `memlimit` should a be number containing your mem limit setting in the range `crypto_pwhash_MEMLIMIT_MIN` - `crypto_pwhash_OPSLIMIT_MAX`. | ||
| * | ||
| * Returns `true` if the hash should be rehashed the settings contained in `str`. | ||
| * Otherwise `false` if it is still good. | ||
| */ | ||
| export function crypto_pwhash_str_needs_rehash( | ||
| hash: Buffer, | ||
| opslimit: number, | ||
| memlimit: number | ||
| ): boolean; | ||
| /** | ||
| * Maps a `crypto_core_ed25519_UNIFORMBYTES` bytes vector (usually the output of | ||
| * a hash function) to a a valid curve point and stores its compressed | ||
| * representation in `p`. | ||
| * | ||
| * The point is guaranteed to be on the main subgroup. | ||
| * | ||
| * * `p` must be `Buffer` of at least `crypto_core_ed25519_BYTES` bytes | ||
| * * `r` must be `Buffer` of at least `crypto_core_ed25519_UNIFORMBYTES` bytes | ||
| */ | ||
| export function crypto_core_ed25519_from_uniform(p: Buffer, r: Buffer): void; | ||
| /** | ||
| * Just like `crypto_pwhash` but will run password hashing on a seperate worker so it will not block the event loop. `callback(err)` will receive any errors from the hashing but all argument | ||
| * errors will `throw`. The resulting hash is written to `output`. This function also supports [`async_hook`s](https://nodejs.org/dist/latest/docs/api/async_hooks.html) as the type | ||
| * `sodium-native:crypto_pwhash_async` | ||
| */ | ||
| export function crypto_pwhash_async( | ||
| output: Buffer, | ||
| password: Buffer, | ||
| salt: Buffer, | ||
| opslimit: number, | ||
| memlimit: number, | ||
| algorithm: number, | ||
| callback: (err: Error | null) => void | ||
| ): void; | ||
| /** | ||
| * Multiply point `p` by scalar `n` and store its compressed representation in `q`. | ||
| * | ||
| * * `q` must be `Buffer` of at least `crypto_scalarmult_ed25519_BYTES` bytes | ||
| * * `n` must be `Buffer` of at least `crypto_scalarmult_ed25519_SCALARBYTES` bytes | ||
| * * `p` must be `Buffer` of at least `crypto_scalarmult_ed25519_BYTES` bytes | ||
| * | ||
| * Note this function will throw if `n` is zero or `p` is an invalid curve point. | ||
| */ | ||
| export function crypto_scalarmult_ed25519(q: Buffer, n: Buffer, p: Buffer): void; | ||
| /** | ||
| * Just like `crypto_pwhash_str` but will run password hashing on a seperate worker so it will not block the event loop. `callback(err)` will receive any errors from the hashing but all argument | ||
| * errors will `throw`. The resulting hash with parameters is written to `output`. This function also supports [`async_hook`s](https://nodejs.org/dist/latest/docs/api/async_hooks.html) as the type | ||
| * `sodium-native:crypto_pwhash_str_async` | ||
| */ | ||
| export function crypto_pwhash_str_async( | ||
| output: Buffer, | ||
| password: Buffer, | ||
| opslimit: number, | ||
| memlimit: number, | ||
| callback: (err: Error | null) => void | ||
| ): void; | ||
| /** | ||
| * Multiply the basepoint by scalar `n` and store its compressed representation in | ||
| * `q`. Note that `n` will be clamped. | ||
| * | ||
| * * `q` must be `Buffer` of at least `crypto_scalarmult_ed25519_BYTES` bytes | ||
| * * `n` must be `Buffer` of at least `crypto_scalarmult_ed25519_SCALARBYTES` bytes | ||
| * | ||
| * Note this function will throw if `n` is zero | ||
| */ | ||
| export function crypto_scalarmult_ed25519_base(q: Buffer, n: Buffer): void; | ||
| /** | ||
| * Just like `crypto_pwhash_str_verify` but will run password hashing on a seperate worker so it will not block the event loop. `callback(err, bool)` will receive any errors from the hashing but | ||
| * all argument errors will `throw`. If the verification succeeds `bool` is `true`, otherwise `false`. Due to an issue with libsodium `err` is currently never set. This function also supports | ||
| * [`async_hook`s](https://nodejs.org/dist/latest/docs/api/async_hooks.html) as the type `sodium-native:crypto_pwhash_str_verify_async` | ||
| */ | ||
| export function crypto_pwhash_str_verify_async( | ||
| str: Buffer, | ||
| password: Buffer, | ||
| callback: (err: Error | null, bool: boolean) => void | ||
| ): void; | ||
| /** | ||
| * Multiply point `p` by scalar `n` and store its compressed representation in `q`. | ||
| * This version does not clamp. | ||
| * | ||
| * * `q` must be `Buffer` of at least `crypto_scalarmult_ed25519_BYTES` bytes | ||
| * * `n` must be `Buffer` of at least `crypto_scalarmult_ed25519_SCALARBYTES` bytes | ||
| * * `p` must be `Buffer` of at least `crypto_scalarmult_ed25519_BYTES` bytes | ||
| * | ||
| * Note this function will throw if `n` is zero or `p` is an invalid curve point. | ||
| */ | ||
| export function crypto_scalarmult_ed25519_noclamp(q: Buffer, n: Buffer, p: Buffer): void; | ||
| /** | ||
| * Create a key exchange key pair. | ||
| * | ||
| * * `publicKey` should be a buffer of length `crypto_kx_PUBLICKEYBYTES`. | ||
| * * `secretKey` should be a buffer of length `crypto_kx_SECRETKEYBYTES`. | ||
| */ | ||
| export function crypto_kx_keypair(publicKey: Buffer, secretKey: Buffer): void; | ||
| /** | ||
| * Multiply the basepoint by scalar `n` and store its compressed representation in | ||
| * `q`. This version does not clamp. | ||
| * | ||
| * * `q` must be `Buffer` of at least `crypto_scalarmult_ed25519_BYTES` bytes | ||
| * * `n` must be `Buffer` of at least `crypto_scalarmult_ed25519_SCALARBYTES` bytes | ||
| * | ||
| * Note this function will throw if `n` is zero | ||
| */ | ||
| export function crypto_scalarmult_ed25519_base_noclamp(q: Buffer, n: Buffer): void; | ||
| /** | ||
| * Create a key exchange key pair based on a seed. | ||
| * | ||
| * * `publicKey` should be a buffer of length `crypto_kx_PUBLICKEYBYTES`. | ||
| * * `secretKey` should be a buffer of length `crypto_kx_SECRETKEYBYTES`. | ||
| * * `seed` should be a buffer of length `crypto_kx_SEEDBYTES` | ||
| */ | ||
| export function crypto_kx_seed_keypair( | ||
| publicKey: Buffer, | ||
| secretKey: Buffer, | ||
| seed: Buffer | ||
| ): void; | ||
| /** | ||
| * Add point `q` to `p`, storing the result to `r`. | ||
| * | ||
| * * `r` must be `Buffer` of at least `crypto_core_ed25519_BYTES` bytes | ||
| * * `p` must be `Buffer` of at least `crypto_core_ed25519_BYTES` bytes | ||
| * * `q` must be `Buffer` of at least `crypto_core_ed25519_BYTES` bytes | ||
| * | ||
| * Will throw if `p`, `q` are not valid curve points | ||
| */ | ||
| export function crypto_core_ed25519_add(r: Buffer, p: Buffer, q: Buffer): void; | ||
| /** | ||
| * Generate a session receive and transmission key for a client. | ||
| * The public / secret keys should be generated using the key pair method above. | ||
| * | ||
| * * `rx` should be a buffer of length `crypto_kx_SESSIONKEYBYTES` or `null`. | ||
| * * `tx` should be a buffer of length `crypto_kx_SESSIONKEYBYTES` or `null`. | ||
| * | ||
| * You should use the `rx` to decrypt incoming data and `tx` to encrypt outgoing. | ||
| * If you need to make a one-way or half-duplex channel you can give only one of | ||
| * `rx` or `tx`. | ||
| */ | ||
| export function crypto_kx_client_session_keys( | ||
| rx: Buffer | null, | ||
| tx: Buffer | null, | ||
| clientPublicKey: Buffer, | ||
| clientSecretKey: Buffer, | ||
| serverPublicKey: Buffer | ||
| ): void; | ||
| /** | ||
| * Subtract point `q` to `p`, storing the result to `r`. | ||
| * | ||
| * * `r` must be `Buffer` of at least `crypto_core_ed25519_BYTES` bytes | ||
| * * `p` must be `Buffer` of at least `crypto_core_ed25519_BYTES` bytes | ||
| * * `q` must be `Buffer` of at least `crypto_core_ed25519_BYTES` bytes | ||
| * | ||
| * Will throw if `p`, `q` are not valid curve points | ||
| */ | ||
| export function crypto_core_ed25519_sub(r: Buffer, p: Buffer, q: Buffer): void; | ||
| /** | ||
| * Generate a session receive and transmission key for a server. | ||
| * The public / secret keys should be generated using the key pair method above. | ||
| * | ||
| * * `rx` should be a buffer of length `crypto_kx_SESSIONKEYBYTES` or `null`. | ||
| * * `tx` should be a buffer of length `crypto_kx_SESSIONKEYBYTES` or `null`. | ||
| * | ||
| * You should use the `rx` to decrypt incoming data and `tx` to encrypt outgoing. | ||
| * If you need to make a one-way or half-duplex channel you can give only one of | ||
| * `rx` or `tx`. | ||
| */ | ||
| export function crypto_kx_server_session_keys( | ||
| rx: Buffer | null, | ||
| tx: Buffer | null, | ||
| serverPublicKey: Buffer, | ||
| serverSecretKey: Buffer, | ||
| clientPublicKey: Buffer | ||
| ): void; | ||
| /** | ||
| * Generate random point, storing it in `r`. | ||
| * | ||
| * * `r` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| */ | ||
| export function crypto_core_ed25519_scalar_random(r: Buffer): void; | ||
| /** | ||
| * Create a scalar multiplication public key based on a secret key | ||
| * | ||
| * * `publicKey` should be a buffer of length `crypto_scalarmult_BYTES`. | ||
| * * `secretKey` should be a buffer of length `crypto_scalarmult_SCALARBYTES`. | ||
| * | ||
| * The generated public key is stored in `publicKey`. | ||
| */ | ||
| export function crypto_scalarmult_base( | ||
| publicKey: Buffer, | ||
| secretKey: Buffer | ||
| ): void; | ||
| /** | ||
| * Reduce `s mod L`, storing it in `r`. | ||
| * | ||
| * * `r` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| * * `s` must be `Buffer` of at least `crypto_core_ed25519_NONREDUCEDSCALARBYTES` bytes | ||
| */ | ||
| export function crypto_core_ed25519_scalar_reduce(r: Buffer, s: Buffer): void; | ||
| /** | ||
| * Derive a shared secret from a local secret key and a remote public key. | ||
| * | ||
| * * `sharedSecret` shoudl be a buffer of length `crypto_scalarmult_BYTES`. | ||
| * * `secretKey` should be a buffer of length `crypto_scalarmult_SCALARBYTES`. | ||
| * * `remotePublicKey` should be a buffer of length `crypto_scalarmult_BYTES`. | ||
| * | ||
| * The generated shared secret is stored in `sharedSecret`. | ||
| */ | ||
| export function crypto_scalarmult( | ||
| sharedSecret: Buffer, | ||
| secretKey: Buffer, | ||
| remotePublicKey: Buffer | ||
| ): void; | ||
| /** | ||
| * Find `recip` such that `s * recip = 1 (mod L)`, storing it in `recip`. | ||
| * | ||
| * * `recip` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| * * `s` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| */ | ||
| export function crypto_core_ed25519_scalar_invert(recip: Buffer, s: Buffer): void; | ||
| /** | ||
| * > The crypto_core_ed25519_is_valid_point() function checks that p represents | ||
| * > a point on the edwards25519 curve, in canonical form, on the main subgroup, | ||
| * > and that the point doesn't have a small order. | ||
| * | ||
| * * `p` must be `Buffer` of at least `crypto_core_ed25519_BYTES` bytes | ||
| * | ||
| * Returns `true` or `false` | ||
| */ | ||
| export function crypto_core_ed25519_is_valid_point(p: Buffer): boolean; | ||
| /** | ||
| * Find `neg` such that `s + neg = 0 (mod L)`, storing it in `recip`. | ||
| * | ||
| * * `recip` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| * * `s` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| */ | ||
| export function crypto_core_ed25519_scalar_negate(neg: Buffer, s: Buffer): void; | ||
| /** | ||
| * Maps a `crypto_core_ed25519_UNIFORMBYTES` bytes vector (usually the output of | ||
| * a hash function) to a a valid curve point and stores its compressed | ||
| * representation in `p`. | ||
| * | ||
| * The point is guaranteed to be on the main subgroup. | ||
| * | ||
| * * `p` must be `Buffer` of at least `crypto_core_ed25519_BYTES` bytes | ||
| * * `r` must be `Buffer` of at least `crypto_core_ed25519_UNIFORMBYTES` bytes | ||
| */ | ||
| export function crypto_core_ed25519_from_uniform(p: Buffer, r: Buffer): void; | ||
| /** | ||
| * Find `comp` such that `s + comp = 1 (mod L)`, storing it in `recip`. | ||
| * | ||
| * * `comp` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| * * `s` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| */ | ||
| export function crypto_core_ed25519_scalar_complement(comp: Buffer, s: Buffer): void; | ||
| /** | ||
| * Multiply point `p` by scalar `n` and store its compressed representation in `q`. | ||
| * | ||
| * * `q` must be `Buffer` of at least `crypto_scalarmult_ed25519_BYTES` bytes | ||
| * * `n` must be `Buffer` of at least `crypto_scalarmult_ed25519_SCALARBYTES` bytes | ||
| * * `p` must be `Buffer` of at least `crypto_scalarmult_ed25519_BYTES` bytes | ||
| * | ||
| * Note this function will throw if `n` is zero or `p` is an invalid curve point. | ||
| */ | ||
| export function crypto_scalarmult_ed25519( | ||
| q: Buffer, | ||
| n: Buffer, | ||
| p: Buffer | ||
| ): void; | ||
| /** | ||
| * Add `x` and `y` such that `x + y = z (mod L)`, storing it in `z`. | ||
| * | ||
| * * `x` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| * * `y` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| * * `z` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| */ | ||
| export function crypto_core_ed25519_scalar_add(z: Buffer, x: Buffer, y: Buffer): void; | ||
| /** | ||
| * Multiply the basepoint by scalar `n` and store its compressed representation in | ||
| * `q`. Note that `n` will be clamped. | ||
| * | ||
| * * `q` must be `Buffer` of at least `crypto_scalarmult_ed25519_BYTES` bytes | ||
| * * `n` must be `Buffer` of at least `crypto_scalarmult_ed25519_SCALARBYTES` bytes | ||
| * | ||
| * Note this function will throw if `n` is zero | ||
| */ | ||
| export function crypto_scalarmult_ed25519_base(q: Buffer, n: Buffer): void; | ||
| /** | ||
| * Subtract `x` and `y` such that `x - y = z (mod L)`, storing it in `z`. | ||
| * | ||
| * * `x` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| * * `y` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| * * `z` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| */ | ||
| export function crypto_core_ed25519_scalar_sub(z: Buffer, x: Buffer, y: Buffer): void; | ||
| /** | ||
| * Multiply point `p` by scalar `n` and store its compressed representation in `q`. | ||
| * This version does not clamp. | ||
| * | ||
| * * `q` must be `Buffer` of at least `crypto_scalarmult_ed25519_BYTES` bytes | ||
| * * `n` must be `Buffer` of at least `crypto_scalarmult_ed25519_SCALARBYTES` bytes | ||
| * * `p` must be `Buffer` of at least `crypto_scalarmult_ed25519_BYTES` bytes | ||
| * | ||
| * Note this function will throw if `n` is zero or `p` is an invalid curve point. | ||
| */ | ||
| export function crypto_scalarmult_ed25519_noclamp( | ||
| q: Buffer, | ||
| n: Buffer, | ||
| p: Buffer | ||
| ): void; | ||
| /** | ||
| * Hash a value to a short hash based on a key. | ||
| * | ||
| * * `output` should be a buffer of length `crypto_shorthash_BYTES`. | ||
| * * `input` should be a buffer of any size. | ||
| * * `key` should be a buffer of length `crypto_shorthash_KEYBYTES`. | ||
| * | ||
| * The generated short hash is stored in `output`. | ||
| */ | ||
| export function crypto_shorthash(output: Buffer, input: Buffer, key: Buffer): void; | ||
| /** | ||
| * Multiply the basepoint by scalar `n` and store its compressed representation in | ||
| * `q`. This version does not clamp. | ||
| * | ||
| * * `q` must be `Buffer` of at least `crypto_scalarmult_ed25519_BYTES` bytes | ||
| * * `n` must be `Buffer` of at least `crypto_scalarmult_ed25519_SCALARBYTES` bytes | ||
| * | ||
| * Note this function will throw if `n` is zero | ||
| */ | ||
| export function crypto_scalarmult_ed25519_base_noclamp( | ||
| q: Buffer, | ||
| n: Buffer | ||
| ): void; | ||
| /** | ||
| * Generate a new master key. | ||
| * | ||
| * * `key` should be a buffer of length `crypto_kdf_KEYBYTES` | ||
| */ | ||
| export function crypto_kdf_keygen(key: Buffer): void; | ||
| /** | ||
| * Add point `q` to `p`, storing the result to `r`. | ||
| * | ||
| * * `r` must be `Buffer` of at least `crypto_core_ed25519_BYTES` bytes | ||
| * * `p` must be `Buffer` of at least `crypto_core_ed25519_BYTES` bytes | ||
| * * `q` must be `Buffer` of at least `crypto_core_ed25519_BYTES` bytes | ||
| * | ||
| * Will throw if `p`, `q` are not valid curve points | ||
| */ | ||
| export function crypto_core_ed25519_add( | ||
| r: Buffer, | ||
| p: Buffer, | ||
| q: Buffer | ||
| ): void; | ||
| /** | ||
| * Derive a new key from a master key. | ||
| * | ||
| * * `subkey` should be a buffer between `crypto_kdf_BYTES_MIN` and `crypto_kdf_BYTES_MAX`. | ||
| * * `subkeyId` should be an integer. | ||
| * * `context` should be a buffer of length `crypto_kdf_CONTEXTBYTES` | ||
| * * `key` should by a buffer of length `crypto_kdf_KEYBYTES` | ||
| */ | ||
| export function crypto_kdf_derive_from_key(subkey: Buffer, subkeyId: number, context: Buffer, key: Buffer): void; | ||
| /** | ||
| * Subtract point `q` to `p`, storing the result to `r`. | ||
| * | ||
| * * `r` must be `Buffer` of at least `crypto_core_ed25519_BYTES` bytes | ||
| * * `p` must be `Buffer` of at least `crypto_core_ed25519_BYTES` bytes | ||
| * * `q` must be `Buffer` of at least `crypto_core_ed25519_BYTES` bytes | ||
| * | ||
| * Will throw if `p`, `q` are not valid curve points | ||
| */ | ||
| export function crypto_core_ed25519_sub( | ||
| r: Buffer, | ||
| p: Buffer, | ||
| q: Buffer | ||
| ): void; | ||
| /** | ||
| * Generate random point, storing it in `r`. | ||
| * | ||
| * * `r` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| */ | ||
| export function crypto_core_ed25519_scalar_random(r: Buffer): void; | ||
| /** | ||
| * Reduce `s mod L`, storing it in `r`. | ||
| * | ||
| * * `r` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| * * `s` must be `Buffer` of at least `crypto_core_ed25519_NONREDUCEDSCALARBYTES` bytes | ||
| */ | ||
| export function crypto_core_ed25519_scalar_reduce(r: Buffer, s: Buffer): void; | ||
| /** | ||
| * Find `recip` such that `s * recip = 1 (mod L)`, storing it in `recip`. | ||
| * | ||
| * * `recip` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| * * `s` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| */ | ||
| export function crypto_core_ed25519_scalar_invert( | ||
| recip: Buffer, | ||
| s: Buffer | ||
| ): void; | ||
| /** | ||
| * Find `neg` such that `s + neg = 0 (mod L)`, storing it in `recip`. | ||
| * | ||
| * * `recip` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| * * `s` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| */ | ||
| export function crypto_core_ed25519_scalar_negate( | ||
| neg: Buffer, | ||
| s: Buffer | ||
| ): void; | ||
| /** | ||
| * Find `comp` such that `s + comp = 1 (mod L)`, storing it in `recip`. | ||
| * | ||
| * * `comp` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| * * `s` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| */ | ||
| export function crypto_core_ed25519_scalar_complement( | ||
| comp: Buffer, | ||
| s: Buffer | ||
| ): void; | ||
| /** | ||
| * Add `x` and `y` such that `x + y = z (mod L)`, storing it in `z`. | ||
| * | ||
| * * `x` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| * * `y` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| * * `z` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| */ | ||
| export function crypto_core_ed25519_scalar_add( | ||
| z: Buffer, | ||
| x: Buffer, | ||
| y: Buffer | ||
| ): void; | ||
| /** | ||
| * Subtract `x` and `y` such that `x - y = z (mod L)`, storing it in `z`. | ||
| * | ||
| * * `x` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| * * `y` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| * * `z` must be `Buffer` of at least `crypto_core_ed25519_SCALARBYTES` bytes | ||
| */ | ||
| export function crypto_core_ed25519_scalar_sub( | ||
| z: Buffer, | ||
| x: Buffer, | ||
| y: Buffer | ||
| ): void; | ||
| /** | ||
| * Hash a value to a short hash based on a key. | ||
| * | ||
| * * `output` should be a buffer of length `crypto_shorthash_BYTES`. | ||
| * * `input` should be a buffer of any size. | ||
| * * `key` should be a buffer of length `crypto_shorthash_KEYBYTES`. | ||
| * | ||
| * The generated short hash is stored in `output`. | ||
| */ | ||
| export function crypto_shorthash( | ||
| output: Buffer, | ||
| input: Buffer, | ||
| key: Buffer | ||
| ): void; | ||
| /** | ||
| * Generate a new master key. | ||
| * | ||
| * * `key` should be a buffer of length `crypto_kdf_KEYBYTES` | ||
| */ | ||
| export function crypto_kdf_keygen(key: Buffer): void; | ||
| /** | ||
| * Derive a new key from a master key. | ||
| * | ||
| * * `subkey` should be a buffer between `crypto_kdf_BYTES_MIN` and `crypto_kdf_BYTES_MAX`. | ||
| * * `subkeyId` should be an integer. | ||
| * * `context` should be a buffer of length `crypto_kdf_CONTEXTBYTES` | ||
| * * `key` should by a buffer of length `crypto_kdf_KEYBYTES` | ||
| */ | ||
| export function crypto_kdf_derive_from_key( | ||
| subkey: Buffer, | ||
| subkeyId: number, | ||
| context: Buffer, | ||
| key: Buffer | ||
| ): void; | ||
| /** | ||
| * Hash a value to a short hash based on a key. | ||
| * | ||
| * * `output` should be a buffer of length `crypto_hash_sha256_BYTES`. | ||
| * * `input` should be a buffer of any size. | ||
| * | ||
| * The generated short hash is stored in `output`. | ||
| */ | ||
| export function crypto_hash_sha256(output: Buffer, input: Buffer): void; | ||
| /** | ||
| * Create an instance that has stream of input data to sha256. | ||
| */ | ||
| export function crypto_hash_sha256_instance(): CryptoHashSha256Wrap; | ||
| /** | ||
| * Hash a value to a short hash based on a key. | ||
| * | ||
| * * `output` should be a buffer of length `crypto_hash_sha512_BYTES`. | ||
| * * `input` should be a buffer of any size. | ||
| * | ||
| * The generated short hash is stored in `output`. | ||
| */ | ||
| export function crypto_hash_sha512(output: Buffer, input: Buffer): void; | ||
| /** | ||
| * Create an instance that has stream of input data to sha512. | ||
| */ | ||
| export function crypto_hash_sha512_instance(): CryptoHashSha512Wrap; | ||
| export interface CryptoHashSha512Wrap { | ||
| /** | ||
| * Hash a value to a short hash based on a key. | ||
| * Update the instance with a new piece of data. | ||
| * | ||
| * * `output` should be a buffer of length `crypto_hash_sha256_BYTES`. | ||
| * * `input` should be a buffer of any size. | ||
| * | ||
| * The generated short hash is stored in `output`. | ||
| */ | ||
| export function crypto_hash_sha256(output: Buffer, input: Buffer): void; | ||
| update(input: Buffer): void; | ||
| /** | ||
| * Create an instance that has stream of input data to sha256. | ||
| */ | ||
| export function crypto_hash_sha256_instance(): CryptoHashSha256Wrap; | ||
| /** | ||
| * Hash a value to a short hash based on a key. | ||
| * Finalize the instance. | ||
| * | ||
| * * `output` should be a buffer of length `crypto_hash_sha512_BYTES`. | ||
| * * `input` should be a buffer of any size. | ||
| * | ||
| * The generated short hash is stored in `output`. | ||
| * The generated hash is stored in `output`. | ||
| */ | ||
| export function crypto_hash_sha512(output: Buffer, input: Buffer): void; | ||
| /** | ||
| * Create an instance that has stream of input data to sha512. | ||
| */ | ||
| export function crypto_hash_sha512_instance(): CryptoHashSha512Wrap; | ||
| export interface CryptoHashSha512Wrap { | ||
| /** | ||
| * Update the instance with a new piece of data. | ||
| * | ||
| * * `input` should be a buffer of any size. | ||
| */ | ||
| update(input: Buffer): void; | ||
| /** | ||
| * Finalize the instance. | ||
| * | ||
| * * `output` should be a buffer of length `crypto_hash_sha512_BYTES`. | ||
| * | ||
| * The generated hash is stored in `output`. | ||
| */ | ||
| final(output: Buffer): void; | ||
| } | ||
| } | ||
| final(output: Buffer): void; | ||
| } | ||
| } |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.99%
103979
- Lines of code
- increased by10.57%
2437
Worsened metrics
- Dependency count
- increased by33.33%
4
Dependency changes
+ Added@shardus/types@1.2.0
+ Added@shardus/types@1.2.0(transitive)
+ Addedsodium-native@3.3.0(transitive)
- Removedsodium-native@3.4.1(transitive)
Updatedbuffer-xor@2.0.2
Updatedfast-stable-stringify@1.0.0
Updatedsodium-native@3.3.0