export declare class EdhocError extends Error { constructor(message: string); } export declare class EdhocCipherSuiteError extends EdhocError { readonly peerCipherSuites: number[]; constructor(message: string, peerCipherSuites: number[]); } export declare enum EdhocCredentialsFormat { kid = 4, x5chain = 33, x5t = 34 } export interface EdhocCredentials { format: EdhocCredentialsFormat; privateKey?: Buffer; publicKey?: Buffer; } export interface EdhocCredentialsKID extends EdhocCredentials { format: EdhocCredentialsFormat.kid; kid: { kid: number | Buffer; credentials?: Buffer; isCBOR?: boolean; }; } export interface EdhocCredentialsCertificateChain extends EdhocCredentials { format: EdhocCredentialsFormat.x5chain; x5chain: { certificates: Buffer[]; }; } export interface EdhocCredentialsCertificateHash extends EdhocCredentials { format: EdhocCredentialsFormat.x5t; x5t: { certificate?: Buffer; hash: Buffer; hashAlgorithm: EdhocCredentialsCertificateHashAlgorithm; }; } export declare enum EdhocCredentialsCertificateHashAlgorithm { Sha256 = -16, Sha256_64 = -15 } export interface EdhocCredentialManager { fetch(edhoc: EDHOC): Promise | EdhocCredentials | never; verify(edhoc: EDHOC, credentials: EdhocCredentials): Promise | EdhocCredentials | never; } export type EdhocPublicKey = Buffer; export type EdhocPrivateKey = Buffer; export interface PublicPrivateTuple { publicKey: EdhocPublicKey; privateKey: EdhocPrivateKey; } export interface EdhocCryptoManager { generateKeyPair(edhoc: EDHOC): Promise | PublicPrivateTuple | never; keyAgreement(edhoc: EDHOC, privateKey: Buffer, peerPublicKey: Buffer): Promise | Buffer | never; sign(edhoc: EDHOC, privateKey: Buffer, input: Buffer): Promise | Buffer | never; verify(edhoc: EDHOC, publicKey: Buffer, input: Buffer, signature: Buffer): Promise | boolean | never; hkdfExtract(edhoc: EDHOC, ikm: Buffer, salt: Buffer): Promise | Buffer | never; hkdfExpand(edhoc: EDHOC, prk: Buffer, info: Buffer, length: number): Promise | Buffer | never; encrypt(edhoc: EDHOC, key: Buffer, nonce: Buffer, aad: Buffer, plaintext: Buffer): Promise | Buffer | never; decrypt(edhoc: EDHOC, key: Buffer, nonce: Buffer, aad: Buffer, ciphertext: Buffer): Promise | Buffer | never; hash(edhoc: EDHOC, input: Buffer): Promise | Buffer | never; } export type EdhocConnectionID = number | Buffer; export declare enum EdhocMethod { Method0 = 0, Method1 = 1, Method2 = 2, Method3 = 3 } export declare enum EdhocSuite { Suite0 = 0, Suite1 = 1, Suite2 = 2, Suite3 = 3, Suite4 = 4, Suite5 = 5, Suite6 = 6, Suite24 = 24, Suite25 = 25 } export interface EdhocEAD { label: number; value: Buffer; } export interface EdhocOscoreContext { masterSecret: Buffer; masterSalt: Buffer; senderId: Buffer; recipientId: Buffer; } export declare class EDHOC { connectionID: EdhocConnectionID; get peerConnectionID(): EdhocConnectionID; methods: EdhocMethod[]; get selectedMethod(): EdhocMethod; set selectedMethod(v: EdhocMethod); cipherSuites: EdhocSuite[]; get selectedSuite(): EdhocSuite; set selectedSuite(v: EdhocSuite); logger: (name: string, data: Buffer) => void; private readonly credMgr; private readonly crypto; private _state; private _role; private _method; private _suite; private _suiteParams; private _peerCid; private _ephPrivateKey; private _ephPub; private _peerEphPub; private _th; private _prk2e; private _prk3e2m; private _prk4e3m; private _prkOut; private _prkExporter; private _peerCredentials; constructor(connectionID: EdhocConnectionID, methods: EdhocMethod[], suites: EdhocSuite[], credentials: EdhocCredentialManager, crypto: EdhocCryptoManager); reset(): void; composeMessage1(ead?: EdhocEAD[]): Promise; processMessage1(message: Buffer): Promise; composeMessage2(ead?: EdhocEAD[]): Promise; processMessage2(message: Buffer): Promise; composeMessage3(ead?: EdhocEAD[]): Promise; processMessage3(message: Buffer): Promise; composeMessage4(ead?: EdhocEAD[]): Promise; processMessage4(message: Buffer): Promise; exportOSCORE(): Promise; exportKey(exporterLabel: number, length: number): Promise; exportUsedPeerCredentials(): EdhocCredentials | null; keyUpdate(context: Buffer): Promise; /** EDHOC-KDF(PRK, label, context, length) = HKDF-Expand(PRK, info, length) * info is a CBOR sequence: label, context, length (NOT array-wrapped) */ private kdf; /** HKDF-Extract(IKM, salt) */ private hkdfExtract; /** Hash */ private hash; /** PRK_3e2m: Methods 0,2 → PRK_2e; Methods 1,3 → Extract(SALT_3e2m, G_RX) */ private derivePrk3e2m; /** PRK_4e3m: Methods 0,1 → PRK_3e2m; Methods 2,3 → Extract(SALT_4e3m, G_IX) */ private derivePrk4e3m; private generateEphemeralKey; private destroyEphemeralKey; /** Determine MAC length based on role and method. * Responder signature methods (0, 2): tag length; otherwise hash length. * Initiator signature methods (0, 1): tag length; otherwise hash length. */ private macLength; /** Build context bytes: << [C_R,] ID_CRED_x, TH, CRED_x, ?EAD >> */ private buildContext; /** Build Enc_structure external_aad for CIPHERTEXT_3/4: ["Encrypt0", h'', TH] */ private buildEncAad; /** Compute Signature_or_MAC for the local party */ private signOrMac; /** Verify Signature_or_MAC from the peer */ private verifySignatureOrMac; /** Build the external_aad bstr for Sig_structure: concatenation of CBOR items */ private buildSigExternalAad; private aeadEncrypt; private aeadDecrypt; private xor; private log; private assertState; } //# sourceMappingURL=edhoc.d.ts.map