Refine public functions for core.

x/core/mod.ts

@@ -1,8 +1,6 @@
 export type { AeadEncryptionContext } from "./src/interfaces/aeadEncryptionContext.ts";
 export type { AeadInterface } from "./src/interfaces/aeadInterface.ts";
 export type { CipherSuiteParams } from "./src/interfaces/cipherSuiteParams.ts";
-export type { DhkemPrimitives } from "./src/interfaces/dhkemPrimitives.ts";
-export type { DhkemInterface } from "./src/interfaces/dhkemInterface.ts";
 export type {
   EncryptionContext,
   RecipientContext,
@@ -15,33 +13,11 @@ export type { RecipientContextParams } from "./src/interfaces/recipientContextPa
 export type { CipherSuiteSealResponse } from "./src/interfaces/responses.ts";
 export type { SenderContextParams } from "./src/interfaces/senderContextParams.ts";
 
-export {
-  KEM_USAGES,
-  LABEL_DKP_PRK,
-  LABEL_SK,
-} from "./src/interfaces/dhkemPrimitives.ts";
-export { SUITE_ID_HEADER_KEM } from "./src/interfaces/kemInterface.ts";
-
 export { Aes128Gcm, Aes256Gcm } from "./src/aeads/aesGcm.ts";
 export { ExportOnly } from "./src/aeads/exportOnly.ts";
-export {
-  // HkdfSha256Native,
-  HkdfSha384Native,
-  HkdfSha512Native,
-} from "./src/kdfs/hkdf.ts";
-export { Dhkem } from "./src/kems/dhkem.ts";
-export { Ec } from "./src/kems/dhkemPrimitives/ec.ts";
-export { Hybridkem } from "./src/kems/hybridkem.ts";
-export {
-  base64UrlToBytes,
-  concat,
-  i2Osp,
-  isCryptoKeyPair,
-} from "./src/utils/misc.ts";
-
-export { INPUT_LENGTH_LIMIT } from "./src/consts.ts";
 export * from "./src/errors.ts";
 export { AeadId, KdfId, KemId } from "./src/identifiers.ts";
+
 export {
   CipherSuite,
   DhkemP256HkdfSha256,
@@ -51,4 +27,14 @@ export {
   HkdfSha384,
   HkdfSha512,
 } from "./src/native.ts";
+
+// Followings are disclosed for hpke-js family modules
+export type { DhkemInterface } from "./src/interfaces/dhkemInterface.ts";
+export type { DhkemPrimitives } from "./src/interfaces/dhkemPrimitives.ts";
+
+export { Dhkem } from "./src/kems/dhkem.ts";
+export { Ec } from "./src/kems/dhkemPrimitives/ec.ts";
+export { Hybridkem } from "./src/kems/hybridkem.ts";
 export { XCryptoKey } from "./src/xCryptoKey.ts";
+
+export { INPUT_LENGTH_LIMIT } from "./src/consts.ts";

x/dhkem-secp256k1/src/secp256k1.ts

@@ -6,16 +6,21 @@ import type { DhkemPrimitives, KdfInterface } from "@hpke/core";
 import {
   DeriveKeyPairError,
   DeserializeError,
-  KEM_USAGES,
-  LABEL_DKP_PRK,
-  LABEL_SK,
   NotSupportedError,
   SerializeError,
   XCryptoKey,
 } from "@hpke/core";
 
 const ALG_NAME = "ECDH";
 const EMPTY = new Uint8Array();
+// The key usages for KEM.
+const KEM_USAGES: KeyUsage[] = ["deriveBits"];
+// b"dkp_prk" deno-fmt-ignore
+const LABEL_DKP_PRK: Uint8Array = new Uint8Array([
+  100, 107, 112, 95, 112, 114, 107,
+]);
+// b"sk"
+const LABEL_SK: Uint8Array = new Uint8Array([115, 107]);
 
 export class Secp256k1 implements DhkemPrimitives {
   private _hkdf: KdfInterface;

x/dhkem-x25519/src/x25519.ts

@@ -4,19 +4,33 @@ import { x25519 } from "npm:@noble/[email protected]/ed25519";
 import type { DhkemPrimitives, KdfInterface } from "@hpke/core";
 
 import {
-  base64UrlToBytes,
   DeriveKeyPairError,
   DeserializeError,
-  KEM_USAGES,
-  LABEL_DKP_PRK,
-  LABEL_SK,
   NotSupportedError,
   SerializeError,
   XCryptoKey,
 } from "@hpke/core";
 
 const ALG_NAME = "X25519";
 const EMPTY = new Uint8Array();
+// The key usages for KEM.
+const KEM_USAGES: KeyUsage[] = ["deriveBits"];
+// b"dkp_prk" deno-fmt-ignore
+const LABEL_DKP_PRK: Uint8Array = new Uint8Array([
+  100, 107, 112, 95, 112, 114, 107,
+]);
+// b"sk"
+const LABEL_SK: Uint8Array = new Uint8Array([115, 107]);
+
+function base64UrlToBytes(v: string): Uint8Array {
+  const base64 = v.replace(/-/g, "+").replace(/_/g, "/");
+  const byteString = atob(base64);
+  const ret = new Uint8Array(byteString.length);
+  for (let i = 0; i < byteString.length; i++) {
+    ret[i] = byteString.charCodeAt(i);
+  }
+  return ret;
+}
 
 export class X25519 implements DhkemPrimitives {
   private _hkdf: KdfInterface;

x/dhkem-x448/src/hkdfSha512.ts

@@ -3,7 +3,7 @@ import { hmac } from "npm:@noble/[email protected]/hmac";
 // @ts-ignore: for "npm:"
 import { sha512 } from "npm:@noble/[email protected]/sha512";
 
-import { HkdfSha512Native } from "@hpke/core";
+import { HkdfSha512 as HkdfSha512Native } from "@hpke/core";
 
 export class HkdfSha512 extends HkdfSha512Native {
   public override async extract(

x/dhkem-x448/src/x448.ts

@@ -4,19 +4,33 @@ import { x448 } from "npm:@noble/[email protected]/ed448";
 import type { DhkemPrimitives, KdfInterface } from "@hpke/core";
 
 import {
-  base64UrlToBytes,
   DeriveKeyPairError,
   DeserializeError,
-  KEM_USAGES,
-  LABEL_DKP_PRK,
-  LABEL_SK,
   NotSupportedError,
   SerializeError,
   XCryptoKey,
 } from "@hpke/core";
 
 const ALG_NAME = "X448";
 const EMPTY = new Uint8Array();
+// The key usages for KEM.
+const KEM_USAGES: KeyUsage[] = ["deriveBits"];
+// b"dkp_prk" deno-fmt-ignore
+const LABEL_DKP_PRK: Uint8Array = new Uint8Array([
+  100, 107, 112, 95, 112, 114, 107,
+]);
+// b"sk"
+const LABEL_SK: Uint8Array = new Uint8Array([115, 107]);
+
+function base64UrlToBytes(v: string): Uint8Array {
+  const base64 = v.replace(/-/g, "+").replace(/_/g, "/");
+  const byteString = atob(base64);
+  const ret = new Uint8Array(byteString.length);
+  for (let i = 0; i < byteString.length; i++) {
+    ret[i] = byteString.charCodeAt(i);
+  }
+  return ret;
+}
 
 export class X448 implements DhkemPrimitives {
   private _hkdf: KdfInterface;

x/hpke-js/src/kdfs/hkdfSha384.ts

@@ -3,7 +3,7 @@ import { hmac } from "npm:@noble/[email protected]/hmac";
 // @ts-ignore: for "npm:"
 import { sha384 } from "npm:@noble/[email protected]/sha512";
 
-import { HkdfSha384Native } from "@hpke/core";
+import { HkdfSha384 as HkdfSha384Native } from "@hpke/core";
 
 export class HkdfSha384 extends HkdfSha384Native {
   public override async extract(

x/hpke-js/test/encryptionContext.test.ts

@@ -9,7 +9,6 @@ import {
   EncapError,
   ExportError,
   ExportOnly,
-  i2Osp,
   InvalidParamError,
   KdfId,
   KemId,
@@ -18,6 +17,7 @@ import {
 } from "@hpke/core";
 import { HkdfSha256 } from "@hpke/dhkem-x25519";
 
+import { i2Osp } from "../../core/src/utils/misc.ts";
 import { EncryptionContextImpl } from "../../core/src/encryptionContext.ts";
 import { CipherSuite } from "../src/cipherSuite.ts";
 import { loadSubtleCrypto } from "../../core/test/utils.ts";

x/hpke-js/test/kdfContext.test.ts

@@ -1,11 +1,13 @@
 import { assertEquals, assertRejects } from "@std/assert";
 import { describe, it } from "@std/testing/bdd";
 
-import { AeadId, i2Osp, KdfId, KemId } from "@hpke/core";
+import { AeadId, KdfId, KemId } from "@hpke/core";
 import { HkdfSha256 } from "@hpke/dhkem-x25519";
 import { HkdfSha512 } from "@hpke/dhkem-x448";
 
 import { HkdfSha384 } from "../src/kdfs/hkdfSha384.ts";
+
+import { i2Osp } from "../../core/src/utils/misc.ts";
 import { loadCrypto } from "../../core/test/utils.ts";
 
 // deno-fmt-ignore

x/hybridkem-x25519-kyber768/src/kemKyber768.ts

@@ -14,7 +14,6 @@ import {
   EncapError,
   INPUT_LENGTH_LIMIT,
   InvalidParamError,
-  isCryptoKeyPair,
   KemId,
   NotSupportedError,
   SerializeError,
@@ -25,6 +24,12 @@ import { Kyber768 } from "./kyber/kyber768.ts";
 
 const ALG_NAME = "Keyber768";
 
+const isCryptoKeyPair = (x: unknown): x is CryptoKeyPair =>
+  typeof x === "object" &&
+  x !== null &&
+  typeof (x as CryptoKeyPair).privateKey === "object" &&
+  typeof (x as CryptoKeyPair).publicKey === "object";
+
 export class KemKyber768 implements KemInterface {
   public readonly id: KemId = KemId.NotAssigned;
   public readonly secretSize: number = 32;