/** * @license * Copyright 2022-2026 Matter.js Authors * SPDX-License-Identifier: Apache-2.0 */ import { Bytes } from "#util/Bytes.js"; import { MaybePromise } from "#util/Promises.js"; import * as mod from "@noble/curves/abstract/modular.js"; import * as utils from "@noble/curves/utils.js"; import { Entropy } from "../util/Entropy.js"; import { EcdsaSignature } from "./EcdsaSignature.js"; import type { PrivateKey, PublicKey } from "./Key.js"; export declare const ec: { abytes: >>(value: T, length?: number, title?: string) => T; anumber: typeof import("@noble/hashes/utils.js").anumber; bytesToHex: typeof import("@noble/hashes/utils.js").bytesToHex; concatBytes: (...arrays: utils.TArg[]>) => Uint8Array & Uint8Array; hexToBytes: (hex: string) => Uint8Array & Uint8Array; isBytes: typeof import("@noble/hashes/utils.js").isBytes; randomBytes: (bytesLength?: number) => Uint8Array & Uint8Array; abool(value: boolean, title?: string): boolean; abignumber(n: T): T; asafenumber(value: number, title?: string): void; numberToHexUnpadded(num: number | bigint): string; hexToNumber(hex: string): bigint; bytesToNumberBE(bytes: utils.TArg): bigint; bytesToNumberLE(bytes: utils.TArg): bigint; numberToBytesBE(n: number | bigint, len: number): utils.TRet; numberToBytesLE(n: number | bigint, len: number): utils.TRet; numberToVarBytesBE(n: number | bigint): utils.TRet; equalBytes(a: utils.TArg, b: utils.TArg): boolean; copyBytes(bytes: utils.TArg): utils.TRet; asciiToBytes(ascii: string): utils.TRet; inRange(n: bigint, min: bigint, max: bigint): boolean; aInRange(title: string, n: bigint, min: bigint, max: bigint): void; bitLen(n: bigint): number; bitGet(n: bigint, pos: number): bigint; bitSet(n: bigint, pos: number, value: boolean): bigint; bitMask: (n: number) => bigint; createHmacDrbg(hashLen: number, qByteLen: number, hmacFn: utils.TArg): utils.TRet<(seed: Uint8Array, predicate: (v: utils.TArg) => T | undefined) => T>; validateObject(object: Record, fields?: Record, optFields?: Record): void; notImplemented: () => never; mod(a: bigint, b: bigint): bigint; pow(num: bigint, power: bigint, modulo: bigint): bigint; pow2(x: bigint, power: bigint, modulo: bigint): bigint; invert(number: bigint, modulo: bigint): bigint; tonelliShanks(P: bigint): utils.TRet<((Fp: mod.IField, n: T) => T)>; FpSqrt(P: bigint): utils.TRet<((Fp: mod.IField, n: T) => T)>; isNegativeLE: (num: bigint, modulo: bigint) => boolean; validateField(field: utils.TArg>): utils.TRet>; FpPow(Fp: utils.TArg>, num: T, power: bigint): T; FpInvertBatch(Fp: utils.TArg>, nums: T[], passZero?: boolean): T[]; FpDiv(Fp: utils.TArg>, lhs: T, rhs: T | bigint): T; FpLegendre(Fp: utils.TArg>, n: T): -1 | 0 | 1; FpIsSquare(Fp: utils.TArg>, n: T): boolean; nLength(n: bigint, nBitLength?: number): mod.NLength; Field(ORDER: bigint, opts?: Partial<{ isLE: boolean; BITS: number; sqrt: (n: bigint) => bigint; allowedLengths?: readonly number[]; modFromBytes: boolean; }>): utils.TRet & Required, "isOdd">>>>; FpSqrtOdd(Fp: utils.TArg>, elm: T): T; FpSqrtEven(Fp: utils.TArg>, elm: T): T; getFieldBytesLength(fieldOrder: bigint): number; getMinHashLength(fieldOrder: bigint): number; mapHashToField(key: utils.TArg, fieldOrder: bigint, isLE?: boolean): utils.TRet; p256: import("@noble/curves/abstract/weierstrass.js").ECDSA; }; export declare const CRYPTO_ENCRYPT_ALGORITHM = "aes-128-ccm"; export declare const CRYPTO_HASH_ALGORITHM = "sha256"; export declare const CRYPTO_EC_CURVE = "prime256v1"; export declare const CRYPTO_EC_KEY_BYTES = 32; export declare const CRYPTO_AUTH_TAG_LENGTH = 16; export declare const CRYPTO_SYMMETRIC_KEY_LENGTH = 16; /** * Hash algorithms identified by IANA Hash Function identifiers. * Based on FIPS 180-4 Section 6.2 and FIPS 202. * * The enum values are the FIPS-defined algorithm IDs. */ export type HashAlgorithm = "SHA-256" | "SHA-512" | "SHA-384" | "SHA-512/224" | "SHA-512/256" | "SHA3-256"; export declare const HASH_ALGORITHM_OUTPUT_LENGTHS: Record; export declare enum HashFipsAlgorithmId { "SHA-256" = 1, "SHA-512" = 7, "SHA-384" = 8, "SHA-512/224" = 10, "SHA-512/256" = 11, "SHA3-256" = 12 } /** * These are the cryptographic primitives required to implement the Matter protocol. * * We provide a platform-independent implementation that uses Web Crypto via {@link crypto.subtle} and a JS-based * AES-CCM implementation. * * If your platform does not fully implement Web Crypto, or offers a native implementation of AES-CCM, you can replace * the implementation in {@link Environment.default}. * * WARNING: The standard implementation is unaudited. See relevant warnings in StandardCrypto.ts. */ export declare abstract class Crypto extends Entropy { /** * The name used in log messages. */ abstract implementationName: string; /** * Encrypt using AES-CCM with constants limited to those required by Matter. */ abstract encrypt(key: Bytes, data: Bytes, nonce: Bytes, aad?: Bytes): Bytes; /** * Decrypt using AES-CCM with constants limited to those required by Matter. */ abstract decrypt(key: Bytes, data: Bytes, nonce: Bytes, aad?: Bytes): Bytes; /** * Compute a cryptographic hash using the specified algorithm. If no algorithm is specified, SHA-256 is used. */ abstract computeHash(data: Bytes | Bytes[] | ReadableStreamDefaultReader | AsyncIterator, algorithm?: HashAlgorithm): MaybePromise; /** * Create a key from a secret using PBKDF2. */ abstract createPbkdf2Key(secret: Bytes, salt: Bytes, iteration: number, keyLength: number): MaybePromise; /** * Create a key from a secret using HKDF. */ abstract createHkdfKey(secret: Bytes, salt: Bytes, info: Bytes, length?: number): MaybePromise; /** * Create an HMAC signature. */ abstract signHmac(key: Bytes, data: Bytes): MaybePromise; /** * Create an ECDSA signature. */ abstract signEcdsa(privateKey: JsonWebKey, data: Bytes | Bytes[]): MaybePromise; /** * Authenticate an ECDSA signature. */ abstract verifyEcdsa(publicKey: JsonWebKey, data: Bytes, signature: EcdsaSignature): MaybePromise; /** * Create a general-purpose EC key. */ abstract createKeyPair(): MaybePromise; /** * Compute the shared secret for a Diffie-Hellman exchange. */ abstract generateDhSecret(key: PrivateKey, peerKey: PublicKey): MaybePromise; /** * Multiply an EC point by a scalar on the P-256 curve. * * @param point - 65-byte uncompressed EC point (04 || x || y) * @param scalar - 32-byte big-endian scalar * @returns 65-byte uncompressed EC point */ abstract ecMultiply(point: Bytes, scalar: Bytes): Bytes; /** * Add two EC points on the P-256 curve. * * @param a - 65-byte uncompressed EC point (04 || x || y) * @param b - 65-byte uncompressed EC point (04 || x || y) * @returns 65-byte uncompressed EC point */ ecAdd(a: Bytes, b: Bytes): Bytes; /** * Negate an EC point on the P-256 curve. * * @param point - 65-byte uncompressed EC point (04 || x || y) * @returns 65-byte uncompressed EC point */ ecNegate(point: Bytes): Bytes; reportUsage(component?: string): void; } //# sourceMappingURL=Crypto.d.ts.map