/** * Opacus Security Manager * Handles ECDH, HKDF, HMAC, signatures, and nonce management */ import { AgentIdentity, OpacusFrame } from '../types'; export declare class SecurityManager { private nonceWindow; private lastNonce; private sessionKeys; /** * Derive shared secret using ECDH */ deriveSharedSecret(myPriv: Uint8Array, peerPub: Uint8Array): Uint8Array; /** * Derive session key from shared secret using HKDF */ deriveSessionKey(sharedSecret: Uint8Array, info?: string): Uint8Array; /** * Generate HMAC for message authentication */ generateHMAC(key: Uint8Array, data: string): string; /** * Verify HMAC */ verifyHMAC(key: Uint8Array, data: string, expected: string): boolean; /** * Generate nonce (anti-replay protection) */ generateNonce(): string; /** * Validate nonce to prevent replay attacks */ validateNonce(nonce: string, maxAge?: number): boolean; private cleanupNonces; /** * Sign message with Ed25519 */ signMessage(priv: Uint8Array, message: Uint8Array): Promise; /** * Verify Ed25519 signature */ verifySignature(pub: Uint8Array, message: Uint8Array, sig: Uint8Array): Promise; /** * Create authenticated frame with signature + HMAC + nonce */ createAuthFrame(identity: AgentIdentity, peerXPub: Uint8Array, type: OpacusFrame['type'], to: string, payload: any): Promise; /** * Verify authenticated frame (signature + HMAC + nonce) */ verifyAuthFrame(frame: OpacusFrame, senderEdPub: Uint8Array, myXPriv: Uint8Array, senderXPub: Uint8Array): Promise<{ valid: boolean; reason?: string; }>; /** * Store session key for future use */ storeSessionKey(peerId: string, key: Uint8Array): void; /** * Get stored session key */ getSessionKey(peerId: string): Uint8Array | undefined; /** * Clear session keys */ clearSessionKeys(): void; } //# sourceMappingURL=security.d.ts.map