{"ast":null,"code":"import _asyncToGenerator from \"/home/mleku/src/orly.dev/next/signer/node_modules/@babel/runtime/helpers/esm/asyncToGenerator.js\";\n/**\n * Secure vault encryption/decryption using Argon2id + AES-GCM\n *\n * - Argon2id key derivation with ~3 second computation time\n * - AES-256-GCM authenticated encryption\n * - Random 32-byte salt per vault\n * - Random 12-byte IV per encryption\n *\n * Note: Uses main thread for Argon2id (via WebAssembly) because Web Workers\n * in browser extensions cannot load external scripts due to CSP restrictions.\n * The deriving modal provides user feedback during the ~3 second derivation.\n */\nimport { argon2id } from 'hash-wasm';\nimport { Buffer } from 'buffer';\n// Argon2id parameters tuned for ~3 second derivation on typical hardware\nconst ARGON2_CONFIG = {\n  parallelism: 4,\n  // 4 threads\n  iterations: 8,\n  // Time cost\n  memorySize: 262144,\n  // 256 MB memory\n  hashLength: 32,\n  // 256-bit key for AES-256\n  outputType: 'binary'\n};\n/**\n * Derive an encryption key from password using Argon2id\n * @param password - User's password\n * @param salt - Random 32-byte salt\n * @returns 32-byte derived key\n */\nexport function deriveKeyArgon2(_x, _x2) {\n  return _deriveKeyArgon.apply(this, arguments);\n}\n/**\n * Generate a random salt for Argon2id\n * @returns Base64 encoded 32-byte salt\n */\nfunction _deriveKeyArgon() {\n  _deriveKeyArgon = _asyncToGenerator(function* (password, salt) {\n    // Use hash-wasm's argon2id (WebAssembly-based, runs on main thread)\n    // This blocks the UI for ~3 seconds, which is why we show a modal\n    const result = yield argon2id({\n      password: password,\n      salt: salt,\n      ...ARGON2_CONFIG\n    });\n    return result;\n  });\n  return _deriveKeyArgon.apply(this, arguments);\n}\nexport function generateSalt() {\n  const salt = crypto.getRandomValues(new Uint8Array(32));\n  return Buffer.from(salt).toString('base64');\n}\n/**\n * Generate a random IV for AES-GCM\n * @returns Base64 encoded 12-byte IV\n */\nexport function generateIV() {\n  const iv = crypto.getRandomValues(new Uint8Array(12));\n  return Buffer.from(iv).toString('base64');\n}\n/**\n * Encrypt data using Argon2id-derived key + AES-256-GCM\n * @param plaintext - Data to encrypt\n * @param password - User's password\n * @param saltBase64 - Base64 encoded 32-byte salt\n * @param ivBase64 - Base64 encoded 12-byte IV\n * @returns Base64 encoded ciphertext\n */\nexport function encryptWithArgon2(_x3, _x4, _x5, _x6) {\n  return _encryptWithArgon.apply(this, arguments);\n}\n/**\n * Decrypt data using Argon2id-derived key + AES-256-GCM\n * @param ciphertextBase64 - Base64 encoded ciphertext\n * @param password - User's password\n * @param saltBase64 - Base64 encoded 32-byte salt\n * @param ivBase64 - Base64 encoded 12-byte IV\n * @returns Decrypted plaintext\n * @throws Error if password is wrong or data is corrupted\n */\nfunction _encryptWithArgon() {\n  _encryptWithArgon = _asyncToGenerator(function* (plaintext, password, saltBase64, ivBase64) {\n    const salt = Buffer.from(saltBase64, 'base64');\n    const iv = Buffer.from(ivBase64, 'base64');\n    // Derive key using Argon2id (~3 seconds, in worker)\n    const keyBytes = yield deriveKeyArgon2(password, salt);\n    // Import key for AES-GCM\n    const key = yield crypto.subtle.importKey('raw', keyBytes, {\n      name: 'AES-GCM'\n    }, false, ['encrypt']);\n    // Encrypt the data\n    const encoder = new TextEncoder();\n    const encrypted = yield crypto.subtle.encrypt({\n      name: 'AES-GCM',\n      iv: iv\n    }, key, encoder.encode(plaintext));\n    return Buffer.from(encrypted).toString('base64');\n  });\n  return _encryptWithArgon.apply(this, arguments);\n}\nexport function decryptWithArgon2(_x7, _x8, _x9, _x0) {\n  return _decryptWithArgon.apply(this, arguments);\n}\nfunction _decryptWithArgon() {\n  _decryptWithArgon = _asyncToGenerator(function* (ciphertextBase64, password, saltBase64, ivBase64) {\n    const salt = Buffer.from(saltBase64, 'base64');\n    const iv = Buffer.from(ivBase64, 'base64');\n    const ciphertext = Buffer.from(ciphertextBase64, 'base64');\n    // Derive key using Argon2id (~3 seconds, in worker)\n    const keyBytes = yield deriveKeyArgon2(password, salt);\n    // Import key for AES-GCM\n    const key = yield crypto.subtle.importKey('raw', keyBytes, {\n      name: 'AES-GCM'\n    }, false, ['decrypt']);\n    // Decrypt\n    let decrypted;\n    try {\n      decrypted = yield crypto.subtle.decrypt({\n        name: 'AES-GCM',\n        iv: iv\n      }, key, ciphertext);\n    } catch {\n      throw new Error('Decryption failed - invalid password or corrupted data');\n    }\n    const decoder = new TextDecoder();\n    return decoder.decode(decrypted);\n  });\n  return _decryptWithArgon.apply(this, arguments);\n}","map":null,"metadata":{},"sourceType":"module","externalDependencies":[]}