diff --git a/.github/workflows/ci.inactive b/.github/workflows/ci.yaml similarity index 100% rename from .github/workflows/ci.inactive rename to .github/workflows/ci.yaml diff --git a/src/.errors/class.ts b/src/.errors/class.ts index d54bc84..ae4159d 100644 --- a/src/.errors/class.ts +++ b/src/.errors/class.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/.helpers/getBufferSourceLength.ts b/src/.helpers/getBufferSourceLength.ts index cefc459..17cb10d 100644 --- a/src/.helpers/getBufferSourceLength.ts +++ b/src/.helpers/getBufferSourceLength.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/CipherMessage/.core/CipherKeyHarness/class.ts b/src/CipherMessage/.core/CipherKeyHarness/class.ts index 3874d9f..7bbc5f3 100644 --- a/src/CipherMessage/.core/CipherKeyHarness/class.ts +++ b/src/CipherMessage/.core/CipherKeyHarness/class.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/CipherMessage/.core/helpers/createParamsByAlgCode/index.ts b/src/CipherMessage/.core/helpers/createParamsByAlgCode/index.ts index bf1ac7b..23f69d4 100644 --- a/src/CipherMessage/.core/helpers/createParamsByAlgCode/index.ts +++ b/src/CipherMessage/.core/helpers/createParamsByAlgCode/index.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/CipherMessage/.core/helpers/getImportKeyAlgorithmByAlgCode/index.ts b/src/CipherMessage/.core/helpers/getImportKeyAlgorithmByAlgCode/index.ts index bf18cf5..632784b 100644 --- a/src/CipherMessage/.core/helpers/getImportKeyAlgorithmByAlgCode/index.ts +++ b/src/CipherMessage/.core/helpers/getImportKeyAlgorithmByAlgCode/index.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/CipherMessage/.core/helpers/getParamsByAlgCode/index.ts b/src/CipherMessage/.core/helpers/getParamsByAlgCode/index.ts index 75b7931..f443941 100644 --- a/src/CipherMessage/.core/helpers/getParamsByAlgCode/index.ts +++ b/src/CipherMessage/.core/helpers/getParamsByAlgCode/index.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/CipherMessage/.core/helpers/validateKeyByAlgCode/index.ts b/src/CipherMessage/.core/helpers/validateKeyByAlgCode/index.ts index 602ca6a..276c809 100644 --- a/src/CipherMessage/.core/helpers/validateKeyByAlgCode/index.ts +++ b/src/CipherMessage/.core/helpers/validateKeyByAlgCode/index.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/CipherMessage/.core/types/index.ts b/src/CipherMessage/.core/types/index.ts index 43cd397..f562df7 100644 --- a/src/CipherMessage/.core/types/index.ts +++ b/src/CipherMessage/.core/types/index.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -37,16 +37,30 @@ type A256CTRKey = JsonWebKey & key_ops: readonly ('encrypt' | 'decrypt')[] } +/** + * Algorithm parameters serialized alongside an AES-CTR cipher message. + */ export type A256CTRParams = { + /** The 96-bit initialization vector used for encryption. */ iv: Uint8Array } type A256CTRMessage = { + /** The encrypted payload bytes. */ ciphertext: ArrayBuffer } & A256CTRParams +/** + * Symmetric AES-CTR-256 JWK used for cipher messaging operations. + */ export type CipherKey = A256CTRKey +/** + * Serialized parameters required to decrypt a cipher message. + */ export type CipherParams = A256CTRParams +/** + * Cipher message artifact returned by cipher encryption operations. + */ export type CipherMessage = A256CTRMessage diff --git a/src/CipherMessage/CipherCluster/class.ts b/src/CipherMessage/CipherCluster/class.ts index 6a781c3..ce0e9ea 100644 --- a/src/CipherMessage/CipherCluster/class.ts +++ b/src/CipherMessage/CipherCluster/class.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/CipherMessage/deriveCipherKey/index.ts b/src/CipherMessage/deriveCipherKey/index.ts index 926967a..e34ec86 100644 --- a/src/CipherMessage/deriveCipherKey/index.ts +++ b/src/CipherMessage/deriveCipherKey/index.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/CipherMessage/generateCipherKey/index.ts b/src/CipherMessage/generateCipherKey/index.ts index ffbf282..2b38eb9 100644 --- a/src/CipherMessage/generateCipherKey/index.ts +++ b/src/CipherMessage/generateCipherKey/index.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/CipherMessage/index.ts b/src/CipherMessage/index.ts index cae91dd..2c247e9 100644 --- a/src/CipherMessage/index.ts +++ b/src/CipherMessage/index.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/DigitalSignature/.core/SignKeyHarness/class.ts b/src/DigitalSignature/.core/SignKeyHarness/class.ts index f246e74..dd982fa 100644 --- a/src/DigitalSignature/.core/SignKeyHarness/class.ts +++ b/src/DigitalSignature/.core/SignKeyHarness/class.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/DigitalSignature/.core/VerifyKeyHarness/class.ts b/src/DigitalSignature/.core/VerifyKeyHarness/class.ts index 0a145e7..466ad8b 100644 --- a/src/DigitalSignature/.core/VerifyKeyHarness/class.ts +++ b/src/DigitalSignature/.core/VerifyKeyHarness/class.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/DigitalSignature/.core/helpers/createImportKeyAlgorithmByAlgCode/index.ts b/src/DigitalSignature/.core/helpers/createImportKeyAlgorithmByAlgCode/index.ts index 0abdc3c..1572545 100644 --- a/src/DigitalSignature/.core/helpers/createImportKeyAlgorithmByAlgCode/index.ts +++ b/src/DigitalSignature/.core/helpers/createImportKeyAlgorithmByAlgCode/index.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/DigitalSignature/.core/helpers/createParamsByAlgCode/index.ts b/src/DigitalSignature/.core/helpers/createParamsByAlgCode/index.ts index 1f1faa7..969ccd3 100644 --- a/src/DigitalSignature/.core/helpers/createParamsByAlgCode/index.ts +++ b/src/DigitalSignature/.core/helpers/createParamsByAlgCode/index.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/DigitalSignature/.core/helpers/getParamsByAlgCode/index.ts b/src/DigitalSignature/.core/helpers/getParamsByAlgCode/index.ts index d3a9209..aa0bf3f 100644 --- a/src/DigitalSignature/.core/helpers/getParamsByAlgCode/index.ts +++ b/src/DigitalSignature/.core/helpers/getParamsByAlgCode/index.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/DigitalSignature/.core/helpers/validateKeyByAlgCode/index.ts b/src/DigitalSignature/.core/helpers/validateKeyByAlgCode/index.ts index 6087e07..9a49306 100644 --- a/src/DigitalSignature/.core/helpers/validateKeyByAlgCode/index.ts +++ b/src/DigitalSignature/.core/helpers/validateKeyByAlgCode/index.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/DigitalSignature/.core/types/index.ts b/src/DigitalSignature/.core/types/index.ts index 58efb46..e2dc67f 100644 --- a/src/DigitalSignature/.core/types/index.ts +++ b/src/DigitalSignature/.core/types/index.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -50,15 +50,26 @@ type MLDSA87SignKey = JsonWebKey & } type MLDSA87VerifyParams = { + /** The raw ML-DSA-87 public key bytes. */ publicKey: Uint8Array } type MLDSA87SignParams = { + /** The raw ML-DSA-87 secret key bytes. */ secretKey: Uint8Array } +/** + * Public ML-DSA-87 JWK used to verify signatures. + */ export type VerifyKey = MLDSA87VerifyKey +/** + * Private ML-DSA-87 JWK used to produce signatures. + */ export type SignKey = MLDSA87SignKey +/** + * Runtime ML-DSA-87 key material used internally by signing and verification harnesses. + */ export type DigitalSignatureParams = MLDSA87VerifyParams | MLDSA87SignParams diff --git a/src/DigitalSignature/DigitalSignatureCluster/class.ts b/src/DigitalSignature/DigitalSignatureCluster/class.ts index 4b6234a..74ad099 100644 --- a/src/DigitalSignature/DigitalSignatureCluster/class.ts +++ b/src/DigitalSignature/DigitalSignatureCluster/class.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/DigitalSignature/deriveDigitalSignatureKeypair/index.ts b/src/DigitalSignature/deriveDigitalSignatureKeypair/index.ts index b6b3073..ad09734 100644 --- a/src/DigitalSignature/deriveDigitalSignatureKeypair/index.ts +++ b/src/DigitalSignature/deriveDigitalSignatureKeypair/index.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -60,22 +60,6 @@ export async function deriveDigitalSignatureKeypair( key_ops: ['verify'], }) - /* c8 ignore next 6 */ - if (!('d' in signKey)) { - throw new CryptosuiteError( - 'SIGN_JWK_INVALID', - 'deriveDigitalSignatureKeypair: internal sign key invariant failed.' - ) - } - - /* c8 ignore next 6 */ - if (!('x' in verifyKey)) { - throw new CryptosuiteError( - 'VERIFY_JWK_INVALID', - 'deriveDigitalSignatureKeypair: internal verify key invariant failed.' - ) - } - return { signKey: signKey as SignKey, verifyKey: verifyKey as VerifyKey, diff --git a/src/DigitalSignature/generateDigitalSignatureKeypair/index.ts b/src/DigitalSignature/generateDigitalSignatureKeypair/index.ts index c60e46d..2e20cbc 100644 --- a/src/DigitalSignature/generateDigitalSignatureKeypair/index.ts +++ b/src/DigitalSignature/generateDigitalSignatureKeypair/index.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -15,7 +15,6 @@ limitations under the License. */ import { toBase64UrlString } from '@sovereignbase/bytecodec' import { ml_dsa87 } from '@noble/post-quantum/ml-dsa.js' -import { CryptosuiteError } from '../../.errors/class.js' import { validateKeyByAlgCode } from '../.core/helpers/validateKeyByAlgCode/index.js' import type { SignKey, VerifyKey } from '../.core/types/index.js' @@ -44,22 +43,6 @@ export async function generateDigitalSignatureKeypair(): Promise<{ key_ops: ['verify'], }) - /* c8 ignore next 6 */ - if (!('d' in signKey)) { - throw new CryptosuiteError( - 'SIGN_JWK_INVALID', - 'generateDigitalSignatureKeypair: internal sign key invariant failed.' - ) - } - - /* c8 ignore next 6 */ - if (!('x' in verifyKey)) { - throw new CryptosuiteError( - 'VERIFY_JWK_INVALID', - 'generateDigitalSignatureKeypair: internal verify key invariant failed.' - ) - } - return { signKey: signKey as SignKey, verifyKey: verifyKey as VerifyKey, diff --git a/src/DigitalSignature/index.ts b/src/DigitalSignature/index.ts index 8ef71b0..8d78981 100644 --- a/src/DigitalSignature/index.ts +++ b/src/DigitalSignature/index.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/Identifier/index.ts b/src/Identifier/index.ts index 58a76c7..4be83be 100644 --- a/src/Identifier/index.ts +++ b/src/Identifier/index.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/KeyAgreement/.core/DecapsulateKeyHarness/class.ts b/src/KeyAgreement/.core/DecapsulateKeyHarness/class.ts index 27925f6..67ae64e 100644 --- a/src/KeyAgreement/.core/DecapsulateKeyHarness/class.ts +++ b/src/KeyAgreement/.core/DecapsulateKeyHarness/class.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/KeyAgreement/.core/EncapsulateKeyHarness/class.ts b/src/KeyAgreement/.core/EncapsulateKeyHarness/class.ts index 650623d..c16c3c1 100644 --- a/src/KeyAgreement/.core/EncapsulateKeyHarness/class.ts +++ b/src/KeyAgreement/.core/EncapsulateKeyHarness/class.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/KeyAgreement/.core/helpers/createImportKeyAlgorithmByAlgCode/index.ts b/src/KeyAgreement/.core/helpers/createImportKeyAlgorithmByAlgCode/index.ts index 52052be..ba64ca3 100644 --- a/src/KeyAgreement/.core/helpers/createImportKeyAlgorithmByAlgCode/index.ts +++ b/src/KeyAgreement/.core/helpers/createImportKeyAlgorithmByAlgCode/index.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/KeyAgreement/.core/helpers/createParamsByAlgCode/index.ts b/src/KeyAgreement/.core/helpers/createParamsByAlgCode/index.ts index 2140d4d..8732c57 100644 --- a/src/KeyAgreement/.core/helpers/createParamsByAlgCode/index.ts +++ b/src/KeyAgreement/.core/helpers/createParamsByAlgCode/index.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/KeyAgreement/.core/helpers/getParamsByAlgCode/index.ts b/src/KeyAgreement/.core/helpers/getParamsByAlgCode/index.ts index 51251d0..4ed5bbe 100644 --- a/src/KeyAgreement/.core/helpers/getParamsByAlgCode/index.ts +++ b/src/KeyAgreement/.core/helpers/getParamsByAlgCode/index.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/KeyAgreement/.core/helpers/validateKeyByAlgCode/index.ts b/src/KeyAgreement/.core/helpers/validateKeyByAlgCode/index.ts index be78019..a522f88 100644 --- a/src/KeyAgreement/.core/helpers/validateKeyByAlgCode/index.ts +++ b/src/KeyAgreement/.core/helpers/validateKeyByAlgCode/index.ts @@ -1,5 +1,5 @@ /* -Copyright 2026 z-base +Copyright 2026 Sovereignbase Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/KeyAgreement/.core/types/index.ts b/src/KeyAgreement/.core/types/index.ts index b92a347..c10508b 100644 --- a/src/KeyAgreement/.core/types/index.ts +++ b/src/KeyAgreement/.core/types/index.ts @@ -47,23 +47,38 @@ type MLKEM1024DecapsulateKey = JsonWebKey & } type MLKEM1024KeyOffer = { + /** The encapsulated shared-secret artifact emitted by ML-KEM-1024. */ ciphertext: ArrayBuffer } type MLKEM1024EncapsulateParams = { + /** The raw ML-KEM-1024 public key bytes. */ publicKey: Uint8Array } type MLKEM1024DecapsulateParams = { + /** The raw ML-KEM-1024 secret key bytes. */ secretKey: Uint8Array } +/** + * Public ML-KEM-1024 JWK used to encapsulate a shared cipher key. + */ export type EncapsulateKey = MLKEM1024EncapsulateKey +/** + * Private ML-KEM-1024 JWK used to decapsulate a shared cipher key. + */ export type DecapsulateKey = MLKEM1024DecapsulateKey +/** + * Encapsulated key agreement artifact exchanged with the counterparty. + */ export type KeyOffer = MLKEM1024KeyOffer +/** + * Runtime ML-KEM-1024 parameters used internally by key agreement harnesses. + */ export type KeyAgreementParams = | MLKEM1024EncapsulateParams | MLKEM1024DecapsulateParams diff --git a/src/KeyAgreement/deriveKeyAgreementKeypair/index.ts b/src/KeyAgreement/deriveKeyAgreementKeypair/index.ts index 166727d..85f2fa0 100644 --- a/src/KeyAgreement/deriveKeyAgreementKeypair/index.ts +++ b/src/KeyAgreement/deriveKeyAgreementKeypair/index.ts @@ -59,27 +59,8 @@ export async function deriveKeyAgreementKeypair( key_ops: ['deriveKey', 'deriveBits'], }) - /* c8 ignore next 6 */ - if (!('x' in encapsulateKey)) { - throw new CryptosuiteError( - 'KEY_AGREEMENT_KEY_INVALID', - 'deriveKeyAgreementKeypair: internal key validation invariant failed.' - ) - } - - /* c8 ignore next 6 */ - if (!('d' in decapsulateKey)) { - throw new CryptosuiteError( - 'KEY_AGREEMENT_KEY_INVALID', - 'deriveKeyAgreementKeypair: internal key validation invariant failed.' - ) - } - - const normalizedEncapsulateKey = encapsulateKey as EncapsulateKey - const normalizedDecapsulateKey = decapsulateKey as DecapsulateKey - return { - encapsulateKey: normalizedEncapsulateKey, - decapsulateKey: normalizedDecapsulateKey, + encapsulateKey: encapsulateKey as EncapsulateKey, + decapsulateKey: decapsulateKey as DecapsulateKey, } } diff --git a/src/KeyAgreement/generateKeyAgreementKeypair/index.ts b/src/KeyAgreement/generateKeyAgreementKeypair/index.ts index 992cd0b..3417ec9 100644 --- a/src/KeyAgreement/generateKeyAgreementKeypair/index.ts +++ b/src/KeyAgreement/generateKeyAgreementKeypair/index.ts @@ -15,7 +15,6 @@ limitations under the License. */ import { toBase64UrlString } from '@sovereignbase/bytecodec' import { ml_kem1024 } from '@noble/post-quantum/ml-kem.js' -import { CryptosuiteError } from '../../.errors/class.js' import { validateKeyByAlgCode } from '../.core/helpers/validateKeyByAlgCode/index.js' import type { EncapsulateKey, DecapsulateKey } from '../.core/types/index.js' @@ -44,27 +43,8 @@ export async function generateKeyAgreementKeypair(): Promise<{ key_ops: ['deriveKey', 'deriveBits'], }) - /* c8 ignore next 6 */ - if (!('x' in encapsulateKey)) { - throw new CryptosuiteError( - 'KEY_AGREEMENT_KEY_INVALID', - 'generateKeyAgreementKeypair: internal key validation invariant failed.' - ) - } - - /* c8 ignore next 6 */ - if (!('d' in decapsulateKey)) { - throw new CryptosuiteError( - 'KEY_AGREEMENT_KEY_INVALID', - 'generateKeyAgreementKeypair: internal key validation invariant failed.' - ) - } - - const normalizedEncapsulateKey = encapsulateKey as EncapsulateKey - const normalizedDecapsulateKey = decapsulateKey as DecapsulateKey - return { - encapsulateKey: normalizedEncapsulateKey, - decapsulateKey: normalizedDecapsulateKey, + encapsulateKey: encapsulateKey as EncapsulateKey, + decapsulateKey: decapsulateKey as DecapsulateKey, } } diff --git a/src/KeyAgreement/index.ts b/src/KeyAgreement/index.ts index 70e1f25..91c4bee 100644 --- a/src/KeyAgreement/index.ts +++ b/src/KeyAgreement/index.ts @@ -16,4 +16,4 @@ limitations under the License. export { KeyAgreementCluster } from './KeyAgreementCluster/class.js' export { deriveKeyAgreementKeypair } from './deriveKeyAgreementKeypair/index.js' export { generateKeyAgreementKeypair } from './generateKeyAgreementKeypair/index.js' -export { EncapsulateKey, DecapsulateKey } from './.core/types/index.js' +export type { EncapsulateKey, DecapsulateKey } from './.core/types/index.js' diff --git a/src/MessageAuthentication/.core/types/index.ts b/src/MessageAuthentication/.core/types/index.ts index 0964e17..5289dcb 100644 --- a/src/MessageAuthentication/.core/types/index.ts +++ b/src/MessageAuthentication/.core/types/index.ts @@ -39,6 +39,14 @@ type HS256Key = JsonWebKey & type HMACParams = Record +/** + * Symmetric HMAC-SHA-256 JWK used for message authentication operations. + */ export type MessageAuthenticationKey = HS256Key +/** + * Algorithm parameters for message authentication operations. + * + * HMAC does not currently require serialized per-message parameters. + */ export type MessageAuthenticationParams = HMACParams diff --git a/src/index.ts b/src/index.ts index df1302f..bdfc094 100644 --- a/src/index.ts +++ b/src/index.ts @@ -13,42 +13,38 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ +/** + * Runtime-agnostic public API for the Sovereignbase cryptography toolkit. + * + * The package exposes opaque identifiers, symmetric encryption, message + * authentication, key agreement, and digital signatures through a declarative + * static API surface. + */ /***/ -import { - deriveOID, - generateOID, - validateOID, - type OpaqueIdentifier, -} from './Identifier/index.js' +import { deriveOID, generateOID, validateOID } from './Identifier/index.js' /***/ import { CipherCluster, deriveCipherKey, generateCipherKey, - type CipherKey, } from './CipherMessage/index.js' /***/ import { MessageAuthenticationCluster, deriveMessageAuthenticationKey, generateMessageAuthenticationKey, - type MessageAuthenticationKey, } from './MessageAuthentication/index.js' /***/ import { KeyAgreementCluster, deriveKeyAgreementKeypair, generateKeyAgreementKeypair, - type EncapsulateKey, - type DecapsulateKey, } from './KeyAgreement/index.js' /***/ import { DigitalSignatureCluster, deriveDigitalSignatureKeypair, generateDigitalSignatureKeypair, - type SignKey, - type VerifyKey, } from './DigitalSignature/index.js' /***/ @@ -121,12 +117,8 @@ export class Cryptographic { } } -export type { - OpaqueIdentifier, - CipherKey, - MessageAuthenticationKey, - EncapsulateKey, - DecapsulateKey, - SignKey, - VerifyKey, -} +export type { OpaqueIdentifier } from './Identifier/index.js' +export type { CipherKey } from './CipherMessage/index.js' +export type { MessageAuthenticationKey } from './MessageAuthentication/index.js' +export type { EncapsulateKey, DecapsulateKey } from './KeyAgreement/index.js' +export type { SignKey, VerifyKey } from './DigitalSignature/index.js' diff --git a/test/run-coverage.mjs b/test/run-coverage.mjs index 8b332d2..8ae99d8 100644 --- a/test/run-coverage.mjs +++ b/test/run-coverage.mjs @@ -19,7 +19,7 @@ if (testFiles.length === 0) { const args = [ '--check-coverage', - '--99', + '--100', '--reporter=text', '--reporter=lcov', '--reporter=json-summary',