@bitgo-beta/sdk-lib-mpc 8.2.1-alpha.45 → 8.2.1-alpha.451

package/dist/src/tss/ecdsa-dkls/commsLayer.js

@@ -0,0 +1,268 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SIGNATURE_DATE_TOLERANCE_MS = void 0;
+exports.detachSignData = detachSignData;
+exports.encryptAndDetachSignData = encryptAndDetachSignData;
+exports.decryptAndVerifySignedData = decryptAndVerifySignedData;
+exports.verifySignedData = verifySignedData;
+exports.decryptAndVerifyIncomingMessages = decryptAndVerifyIncomingMessages;
+exports.encryptAndAuthOutgoingMessages = encryptAndAuthOutgoingMessages;
+const pgp = __importStar(require("openpgp"));
+/**
+ * Tolerance window for OpenPGP date-based key validity checks (24 hours).
+ *
+ * Background: OpenPGP.js uses the `date` parameter to check key expiry at a
+ * given point in time. We previously passed `date: null` to disable this check
+ * entirely (see HSM-706) because OVC cold-signing flows for trust and SMC
+ * clients can involve significant clock skew between the signing device and the
+ * server — the device may be air-gapped and its clock can drift by hours.
+ *
+ * Note: this GPG expiry check is not strictly required for replay protection.
+ * The DKLS protocol has its own mechanism for preventing replay attacks
+ * (session-bound commitments and round-specific message validation), so the
+ * OpenPGP date check is a defense-in-depth measure rather than the primary
+ * replay mitigation.
+ *
+ * OpenPGP's `date` parameter shifts the reference time for ALL temporal
+ * checks simultaneously (key expiry, self-signature validity, signature
+ * freshness). This means a single shifted date cannot independently relax
+ * key-expiry checks without breaking self-signature validation on fresh keys.
+ *
+ * Therefore:
+ * - encrypt/decrypt omit `date` (use default = current time) for normal key
+ *   expiry checking and self-signature validation.
+ * - verify uses `now + tolerance` so that signatures from OVC devices whose
+ *   clocks are up to 24 hours ahead are not rejected as "from the future".
+ */
+exports.SIGNATURE_DATE_TOLERANCE_MS = 24 * 60 * 60 * 1000;
+/**
+ * Detach signs a binary and encodes it in base64
+ * @param data binary to encode in base64 and sign
+ * @param privateArmor private key to sign with
+ */
+async function detachSignData(data, privateArmor) {
+    const message = await pgp.createMessage({ binary: data });
+    const privateKey = await pgp.readPrivateKey({ armoredKey: privateArmor });
+    const signature = await pgp.sign({
+        message,
+        signingKeys: privateKey,
+        format: 'armored',
+        detached: true,
+        config: {
+            rejectCurves: new Set(),
+            showVersion: false,
+            showComment: false,
+        },
+    });
+    return {
+        message: data.toString('base64'),
+        signature: signature,
+    };
+}
+/**
+ * Encrypts and detach signs a binary
+ * @param data binary to encrypt and sign
+ * @param publicArmor public key to encrypt with
+ * @param privateArmor private key to sign with
+ */
+async function encryptAndDetachSignData(data, publicArmor, privateArmor) {
+    const message = await pgp.createMessage({ binary: data });
+    const publicKey = await pgp.readKey({ armoredKey: publicArmor });
+    const privateKey = await pgp.readPrivateKey({ armoredKey: privateArmor });
+    const encryptedMessage = await pgp.encrypt({
+        message,
+        encryptionKeys: publicKey,
+        format: 'armored',
+        config: {
+            rejectCurves: new Set(),
+            showVersion: false,
+            showComment: false,
+        },
+    });
+    const signature = await pgp.sign({
+        message,
+        signingKeys: privateKey,
+        format: 'armored',
+        detached: true,
+        config: {
+            rejectCurves: new Set(),
+            showVersion: false,
+            showComment: false,
+        },
+    });
+    return {
+        encryptedMessage: encryptedMessage,
+        signature: signature,
+    };
+}
+/**
+ * Decrypts and verifies signature on a binary
+ * @param encryptedAndSignedMessage message to decrypt and verify
+ * @param publicArmor public key to verify signature with
+ * @param privateArmor private key to decrypt with
+ */
+async function decryptAndVerifySignedData(encryptedAndSignedMessage, publicArmor, privateArmor) {
+    const publicKey = await pgp.readKey({ armoredKey: publicArmor });
+    const privateKey = await pgp.readPrivateKey({ armoredKey: privateArmor });
+    const decryptedMessage = await pgp.decrypt({
+        message: await pgp.readMessage({ armoredMessage: encryptedAndSignedMessage.encryptedMessage }),
+        decryptionKeys: [privateKey],
+        config: {
+            rejectCurves: new Set(),
+            showVersion: false,
+            showComment: false,
+        },
+        format: 'binary',
+    });
+    const verificationResult = await pgp.verify({
+        message: await pgp.createMessage({ binary: decryptedMessage.data }),
+        signature: await pgp.readSignature({ armoredSignature: encryptedAndSignedMessage.signature }),
+        verificationKeys: publicKey,
+        date: new Date(Date.now() + exports.SIGNATURE_DATE_TOLERANCE_MS),
+    });
+    await verificationResult.signatures[0].verified;
+    return Buffer.from(decryptedMessage.data).toString('base64');
+}
+/**
+ * Verifies signature on a binary (message passed should be encoded in base64).
+ * @param signedMessage message to verify
+ * @param publicArmor public key to verify signature with
+ */
+async function verifySignedData(signedMessage, publicArmor) {
+    const publicKey = await pgp.readKey({ armoredKey: publicArmor });
+    const verificationResult = await pgp.verify({
+        message: await pgp.createMessage({ binary: Buffer.from(signedMessage.message, 'base64') }),
+        signature: await pgp.readSignature({ armoredSignature: signedMessage.signature }),
+        verificationKeys: publicKey,
+        date: new Date(Date.now() + exports.SIGNATURE_DATE_TOLERANCE_MS),
+    });
+    try {
+        await verificationResult.signatures[0].verified;
+        return true;
+    }
+    catch (e) {
+        return false;
+    }
+}
+/**
+ * Decrypts and verifies p2p messages + verifies broadcast messages
+ * @param messages message to decrypt and verify
+ * @param pubVerificationGpgKeys public keys to verify signatures with
+ * @param prvDecryptionGpgKeys private keys to decrypt with
+ */
+async function decryptAndVerifyIncomingMessages(messages, pubVerificationGpgKeys, prvDecryptionGpgKeys) {
+    return {
+        p2pMessages: await Promise.all(messages.p2pMessages.map(async (m) => {
+            const pubGpgKey = pubVerificationGpgKeys.find((k) => k.partyId === m.from);
+            const prvGpgKey = prvDecryptionGpgKeys.find((k) => k.partyId === m.to);
+            if (!pubGpgKey) {
+                throw Error(`No public key provided for sender with ID: ${m.from}`);
+            }
+            if (!prvGpgKey) {
+                throw Error(`No private key provided for recepient with ID: ${m.to}`);
+            }
+            return {
+                to: m.to,
+                from: m.from,
+                payload: await decryptAndVerifySignedData(m.payload, pubGpgKey.gpgKey, prvGpgKey.gpgKey),
+                commitment: m.commitment,
+            };
+        })),
+        broadcastMessages: await Promise.all(messages.broadcastMessages.map(async (m) => {
+            const pubGpgKey = pubVerificationGpgKeys.find((k) => k.partyId === m.from);
+            if (!pubGpgKey) {
+                throw Error(`No public key provided for sender with ID: ${m.from}`);
+            }
+            if (!(await verifySignedData(m.payload, pubGpgKey.gpgKey))) {
+                throw Error(`Failed to authenticate broadcast message from party: ${m.from}`);
+            }
+            if (m.signatureR !== undefined) {
+                if (!(await verifySignedData(m.signatureR, pubGpgKey.gpgKey))) {
+                    throw Error(`Failed to authenticate signatureR in broadcast message from party: ${m.from}`);
+                }
+            }
+            return {
+                from: m.from,
+                payload: m.payload.message,
+                signatureR: m.signatureR?.message,
+            };
+        })),
+    };
+}
+/**
+ * Encrypts and signs p2p messages + signs broadcast messages
+ * @param messages messages to encrypt and sign
+ * @param pubEncryptionGpgKey public keys to encrypt data to
+ * @param prvAuthenticationGpgKey private keys to sign with
+ */
+async function encryptAndAuthOutgoingMessages(messages, pubEncryptionGpgKeys, prvAuthenticationGpgKeys) {
+    return {
+        p2pMessages: await Promise.all(messages.p2pMessages.map(async (m) => {
+            const pubGpgKey = pubEncryptionGpgKeys.find((k) => k.partyId === m.to);
+            const prvGpgKey = prvAuthenticationGpgKeys.find((k) => k.partyId === m.from);
+            if (!pubGpgKey) {
+                throw Error(`No public key provided for recipient with ID: ${m.to}`);
+            }
+            if (!prvGpgKey) {
+                throw Error(`No private key provided for sender with ID: ${m.from}`);
+            }
+            return {
+                to: m.to,
+                from: m.from,
+                payload: await encryptAndDetachSignData(Buffer.from(m.payload, 'base64'), pubGpgKey.gpgKey, prvGpgKey.gpgKey),
+                commitment: m.commitment,
+            };
+        })),
+        broadcastMessages: await Promise.all(messages.broadcastMessages.map(async (m) => {
+            const prvGpgKey = prvAuthenticationGpgKeys.find((k) => k.partyId === m.from);
+            if (!prvGpgKey) {
+                throw Error(`No private key provided for sender with ID: ${m.from}`);
+            }
+            const [signedPayload, signedSignatureR] = await Promise.all([
+                detachSignData(Buffer.from(m.payload, 'base64'), prvGpgKey.gpgKey),
+                m.signatureR
+                    ? detachSignData(Buffer.from(m.signatureR, 'base64'), prvGpgKey.gpgKey)
+                    : Promise.resolve(undefined),
+            ]);
+            return {
+                from: m.from,
+                payload: signedPayload,
+                signatureR: signedSignatureR,
+            };
+        })),
+    };
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29tbXNMYXllci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy90c3MvZWNkc2EtZGtscy9jb21tc0xheWVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQW9DQSx3Q0FrQkM7QUFRRCw0REFpQ0M7QUFRRCxnRUF5QkM7QUFPRCw0Q0FjQztBQVFELDRFQThDQztBQVFELHdFQTRDQztBQTlQRCw2Q0FBK0I7QUFFL0I7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7R0F5Qkc7QUFDVSxRQUFBLDJCQUEyQixHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQztBQUUvRDs7OztHQUlHO0FBQ0ksS0FBSyxVQUFVLGNBQWMsQ0FBQyxJQUFZLEVBQUUsWUFBb0I7SUFDckUsTUFBTSxPQUFPLEdBQUcsTUFBTSxHQUFHLENBQUMsYUFBYSxDQUFDLEVBQUUsTUFBTSxFQUFFLElBQUksRUFBRSxDQUFDLENBQUM7SUFDMUQsTUFBTSxVQUFVLEdBQUcsTUFBTSxHQUFHLENBQUMsY0FBYyxDQUFDLEVBQUUsVUFBVSxFQUFFLFlBQVksRUFBRSxDQUFDLENBQUM7SUFDMUUsTUFBTSxTQUFTLEdBQUcsTUFBTSxHQUFHLENBQUMsSUFBSSxDQUFDO1FBQy9CLE9BQU87UUFDUCxXQUFXLEVBQUUsVUFBVTtRQUN2QixNQUFNLEVBQUUsU0FBUztRQUNqQixRQUFRLEVBQUUsSUFBSTtRQUNkLE1BQU0sRUFBRTtZQUNOLFlBQVksRUFBRSxJQUFJLEdBQUcsRUFBRTtZQUN2QixXQUFXLEVBQUUsS0FBSztZQUNsQixXQUFXLEVBQUUsS0FBSztTQUNuQjtLQUNGLENBQUMsQ0FBQztJQUNILE9BQU87UUFDTCxPQUFPLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUM7UUFDaEMsU0FBUyxFQUFFLFNBQVM7S0FDckIsQ0FBQztBQUNKLENBQUM7QUFFRDs7Ozs7R0FLRztBQUNJLEtBQUssVUFBVSx3QkFBd0IsQ0FDNUMsSUFBWSxFQUNaLFdBQW1CLEVBQ25CLFlBQW9CO0lBRXBCLE1BQU0sT0FBTyxHQUFHLE1BQU0sR0FBRyxDQUFDLGFBQWEsQ0FBQyxFQUFFLE1BQU0sRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUFDO0lBQzFELE1BQU0sU0FBUyxHQUFHLE1BQU0sR0FBRyxDQUFDLE9BQU8sQ0FBQyxFQUFFLFVBQVUsRUFBRSxXQUFXLEVBQUUsQ0FBQyxDQUFDO0lBQ2pFLE1BQU0sVUFBVSxHQUFHLE1BQU0sR0FBRyxDQUFDLGNBQWMsQ0FBQyxFQUFFLFVBQVUsRUFBRSxZQUFZLEVBQUUsQ0FBQyxDQUFDO0lBQzFFLE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxHQUFHLENBQUMsT0FBTyxDQUFDO1FBQ3pDLE9BQU87UUFDUCxjQUFjLEVBQUUsU0FBUztRQUN6QixNQUFNLEVBQUUsU0FBUztRQUNqQixNQUFNLEVBQUU7WUFDTixZQUFZLEVBQUUsSUFBSSxHQUFHLEVBQUU7WUFDdkIsV0FBVyxFQUFFLEtBQUs7WUFDbEIsV0FBVyxFQUFFLEtBQUs7U0FDbkI7S0FDRixDQUFDLENBQUM7SUFDSCxNQUFNLFNBQVMsR0FBRyxNQUFNLEdBQUcsQ0FBQyxJQUFJLENBQUM7UUFDL0IsT0FBTztRQUNQLFdBQVcsRUFBRSxVQUFVO1FBQ3ZCLE1BQU0sRUFBRSxTQUFTO1FBQ2pCLFFBQVEsRUFBRSxJQUFJO1FBQ2QsTUFBTSxFQUFFO1lBQ04sWUFBWSxFQUFFLElBQUksR0FBRyxFQUFFO1lBQ3ZCLFdBQVcsRUFBRSxLQUFLO1lBQ2xCLFdBQVcsRUFBRSxLQUFLO1NBQ25CO0tBQ0YsQ0FBQyxDQUFDO0lBQ0gsT0FBTztRQUNMLGdCQUFnQixFQUFFLGdCQUFnQjtRQUNsQyxTQUFTLEVBQUUsU0FBUztLQUNyQixDQUFDO0FBQ0osQ0FBQztBQUVEOzs7OztHQUtHO0FBQ0ksS0FBSyxVQUFVLDBCQUEwQixDQUM5Qyx5QkFBeUMsRUFDekMsV0FBbUIsRUFDbkIsWUFBb0I7SUFFcEIsTUFBTSxTQUFTLEdBQUcsTUFBTSxHQUFHLENBQUMsT0FBTyxDQUFDLEVBQUUsVUFBVSxFQUFFLFdBQVcsRUFBRSxDQUFDLENBQUM7SUFDakUsTUFBTSxVQUFVLEdBQUcsTUFBTSxHQUFHLENBQUMsY0FBYyxDQUFDLEVBQUUsVUFBVSxFQUFFLFlBQVksRUFBRSxDQUFDLENBQUM7SUFDMUUsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLEdBQUcsQ0FBQyxPQUFPLENBQUM7UUFDekMsT0FBTyxFQUFFLE1BQU0sR0FBRyxDQUFDLFdBQVcsQ0FBQyxFQUFFLGNBQWMsRUFBRSx5QkFBeUIsQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1FBQzlGLGNBQWMsRUFBRSxDQUFDLFVBQVUsQ0FBQztRQUM1QixNQUFNLEVBQUU7WUFDTixZQUFZLEVBQUUsSUFBSSxHQUFHLEVBQUU7WUFDdkIsV0FBVyxFQUFFLEtBQUs7WUFDbEIsV0FBVyxFQUFFLEtBQUs7U0FDbkI7UUFDRCxNQUFNLEVBQUUsUUFBUTtLQUNqQixDQUFDLENBQUM7SUFDSCxNQUFNLGtCQUFrQixHQUFHLE1BQU0sR0FBRyxDQUFDLE1BQU0sQ0FBQztRQUMxQyxPQUFPLEVBQUUsTUFBTSxHQUFHLENBQUMsYUFBYSxDQUFDLEVBQUUsTUFBTSxFQUFFLGdCQUFnQixDQUFDLElBQUksRUFBRSxDQUFDO1FBQ25FLFNBQVMsRUFBRSxNQUFNLEdBQUcsQ0FBQyxhQUFhLENBQUMsRUFBRSxnQkFBZ0IsRUFBRSx5QkFBeUIsQ0FBQyxTQUFTLEVBQUUsQ0FBQztRQUM3RixnQkFBZ0IsRUFBRSxTQUFTO1FBQzNCLElBQUksRUFBRSxJQUFJLElBQUksQ0FBQyxJQUFJLENBQUMsR0FBRyxFQUFFLEdBQUcsbUNBQTJCLENBQUM7S0FDekQsQ0FBQyxDQUFDO0lBQ0gsTUFBTSxrQkFBa0IsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUMsUUFBUSxDQUFDO0lBQ2hELE9BQU8sTUFBTSxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLENBQUMsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLENBQUM7QUFDL0QsQ0FBQztBQUVEOzs7O0dBSUc7QUFDSSxLQUFLLFVBQVUsZ0JBQWdCLENBQUMsYUFBMEIsRUFBRSxXQUFtQjtJQUNwRixNQUFNLFNBQVMsR0FBRyxNQUFNLEdBQUcsQ0FBQyxPQUFPLENBQUMsRUFBRSxVQUFVLEVBQUUsV0FBVyxFQUFFLENBQUMsQ0FBQztJQUNqRSxNQUFNLGtCQUFrQixHQUFHLE1BQU0sR0FBRyxDQUFDLE1BQU0sQ0FBQztRQUMxQyxPQUFPLEVBQUUsTUFBTSxHQUFHLENBQUMsYUFBYSxDQUFDLEVBQUUsTUFBTSxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsYUFBYSxDQUFDLE9BQU8sRUFBRSxRQUFRLENBQUMsRUFBRSxDQUFDO1FBQzFGLFNBQVMsRUFBRSxNQUFNLEdBQUcsQ0FBQyxhQUFhLENBQUMsRUFBRSxnQkFBZ0IsRUFBRSxhQUFhLENBQUMsU0FBUyxFQUFFLENBQUM7UUFDakYsZ0JBQWdCLEVBQUUsU0FBUztRQUMzQixJQUFJLEVBQUUsSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLG1DQUEyQixDQUFDO0tBQ3pELENBQUMsQ0FBQztJQUNILElBQUksQ0FBQztRQUNILE1BQU0sa0JBQWtCLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQztRQUNoRCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsT0FBTyxLQUFLLENBQUM7SUFDZixDQUFDO0FBQ0gsQ0FBQztBQUVEOzs7OztHQUtHO0FBQ0ksS0FBSyxVQUFVLGdDQUFnQyxDQUNwRCxRQUF5QixFQUN6QixzQkFBcUMsRUFDckMsb0JBQW1DO0lBRW5DLE9BQU87UUFDTCxXQUFXLEVBQUUsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUM1QixRQUFRLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxLQUFLLEVBQUUsQ0FBQyxFQUFFLEVBQUU7WUFDbkMsTUFBTSxTQUFTLEdBQUcsc0JBQXNCLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsT0FBTyxLQUFLLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQztZQUMzRSxNQUFNLFNBQVMsR0FBRyxvQkFBb0IsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxPQUFPLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBQ3ZFLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztnQkFDZixNQUFNLEtBQUssQ0FBQyw4Q0FBOEMsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7WUFDdEUsQ0FBQztZQUNELElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztnQkFDZixNQUFNLEtBQUssQ0FBQyxrREFBa0QsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUM7WUFDeEUsQ0FBQztZQUNELE9BQU87Z0JBQ0wsRUFBRSxFQUFFLENBQUMsQ0FBQyxFQUFFO2dCQUNSLElBQUksRUFBRSxDQUFDLENBQUMsSUFBSTtnQkFDWixPQUFPLEVBQUUsTUFBTSwwQkFBMEIsQ0FBQyxDQUFDLENBQUMsT0FBTyxFQUFFLFNBQVMsQ0FBQyxNQUFNLEVBQUUsU0FBUyxDQUFDLE1BQU0sQ0FBQztnQkFDeEYsVUFBVSxFQUFFLENBQUMsQ0FBQyxVQUFVO2FBQ3pCLENBQUM7UUFDSixDQUFDLENBQUMsQ0FDSDtRQUNELGlCQUFpQixFQUFFLE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FDbEMsUUFBUSxDQUFDLGlCQUFpQixDQUFDLEdBQUcsQ0FBQyxLQUFLLEVBQUUsQ0FBQyxFQUFFLEVBQUU7WUFDekMsTUFBTSxTQUFTLEdBQUcsc0JBQXNCLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsT0FBTyxLQUFLLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQztZQUMzRSxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7Z0JBQ2YsTUFBTSxLQUFLLENBQUMsOENBQThDLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDO1lBQ3RFLENBQUM7WUFDRCxJQUFJLENBQUMsQ0FBQyxNQUFNLGdCQUFnQixDQUFDLENBQUMsQ0FBQyxPQUFPLEVBQUUsU0FBUyxDQUFDLE1BQU0sQ0FBQyxDQUFDLEVBQUUsQ0FBQztnQkFDM0QsTUFBTSxLQUFLLENBQUMsd0RBQXdELENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDO1lBQ2hGLENBQUM7WUFDRCxJQUFJLENBQUMsQ0FBQyxVQUFVLEtBQUssU0FBUyxFQUFFLENBQUM7Z0JBQy9CLElBQUksQ0FBQyxDQUFDLE1BQU0sZ0JBQWdCLENBQUMsQ0FBQyxDQUFDLFVBQVUsRUFBRSxTQUFTLENBQUMsTUFBTSxDQUFDLENBQUMsRUFBRSxDQUFDO29CQUM5RCxNQUFNLEtBQUssQ0FBQyxzRUFBc0UsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7Z0JBQzlGLENBQUM7WUFDSCxDQUFDO1lBQ0QsT0FBTztnQkFDTCxJQUFJLEVBQUUsQ0FBQyxDQUFDLElBQUk7Z0JBQ1osT0FBTyxFQUFFLENBQUMsQ0FBQyxPQUFPLENBQUMsT0FBTztnQkFDMUIsVUFBVSxFQUFFLENBQUMsQ0FBQyxVQUFVLEVBQUUsT0FBTzthQUNsQyxDQUFDO1FBQ0osQ0FBQyxDQUFDLENBQ0g7S0FDRixDQUFDO0FBQ0osQ0FBQztBQUVEOzs7OztHQUtHO0FBQ0ksS0FBSyxVQUFVLDhCQUE4QixDQUNsRCxRQUE0QixFQUM1QixvQkFBbUMsRUFDbkMsd0JBQXVDO0lBRXZDLE9BQU87UUFDTCxXQUFXLEVBQUUsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUM1QixRQUFRLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxLQUFLLEVBQUUsQ0FBQyxFQUFFLEVBQUU7WUFDbkMsTUFBTSxTQUFTLEdBQUcsb0JBQW9CLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsT0FBTyxLQUFLLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUN2RSxNQUFNLFNBQVMsR0FBRyx3QkFBd0IsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxPQUFPLEtBQUssQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDO1lBQzdFLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztnQkFDZixNQUFNLEtBQUssQ0FBQyxpREFBaUQsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUM7WUFDdkUsQ0FBQztZQUNELElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztnQkFDZixNQUFNLEtBQUssQ0FBQywrQ0FBK0MsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7WUFDdkUsQ0FBQztZQUNELE9BQU87Z0JBQ0wsRUFBRSxFQUFFLENBQUMsQ0FBQyxFQUFFO2dCQUNSLElBQUksRUFBRSxDQUFDLENBQUMsSUFBSTtnQkFDWixPQUFPLEVBQUUsTUFBTSx3QkFBd0IsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxPQUFPLEVBQUUsUUFBUSxDQUFDLEVBQUUsU0FBUyxDQUFDLE1BQU0sRUFBRSxTQUFTLENBQUMsTUFBTSxDQUFDO2dCQUM3RyxVQUFVLEVBQUUsQ0FBQyxDQUFDLFVBQVU7YUFDekIsQ0FBQztRQUNKLENBQUMsQ0FBQyxDQUNIO1FBQ0QsaUJBQWlCLEVBQUUsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUNsQyxRQUFRLENBQUMsaUJBQWlCLENBQUMsR0FBRyxDQUFDLEtBQUssRUFBRSxDQUFDLEVBQUUsRUFBRTtZQUN6QyxNQUFNLFNBQVMsR0FBRyx3QkFBd0IsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxPQUFPLEtBQUssQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDO1lBQzdFLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztnQkFDZixNQUFNLEtBQUssQ0FBQywrQ0FBK0MsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7WUFDdkUsQ0FBQztZQUNELE1BQU0sQ0FBQyxhQUFhLEVBQUUsZ0JBQWdCLENBQUMsR0FBRyxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUM7Z0JBQzFELGNBQWMsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxPQUFPLEVBQUUsUUFBUSxDQUFDLEVBQUUsU0FBUyxDQUFDLE1BQU0sQ0FBQztnQkFDbEUsQ0FBQyxDQUFDLFVBQVU7b0JBQ1YsQ0FBQyxDQUFDLGNBQWMsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxVQUFVLEVBQUUsUUFBUSxDQUFDLEVBQUUsU0FBUyxDQUFDLE1BQU0sQ0FBQztvQkFDdkUsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDO2FBQy9CLENBQUMsQ0FBQztZQUNILE9BQU87Z0JBQ0wsSUFBSSxFQUFFLENBQUMsQ0FBQyxJQUFJO2dCQUNaLE9BQU8sRUFBRSxhQUFhO2dCQUN0QixVQUFVLEVBQUUsZ0JBQWdCO2FBQzdCLENBQUM7UUFDSixDQUFDLENBQUMsQ0FDSDtLQUNGLENBQUM7QUFDSixDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgU2VyaWFsaXplZE1lc3NhZ2VzLCBBdXRoRW5jTWVzc2FnZSwgQXV0aEVuY01lc3NhZ2VzLCBQYXJ0eUdwZ0tleSwgQXV0aE1lc3NhZ2UgfSBmcm9tICcuL3R5cGVzJztcbmltcG9ydCAqIGFzIHBncCBmcm9tICdvcGVucGdwJztcblxuLyoqXG4gKiBUb2xlcmFuY2Ugd2luZG93IGZvciBPcGVuUEdQIGRhdGUtYmFzZWQga2V5IHZhbGlkaXR5IGNoZWNrcyAoMjQgaG91cnMpLlxuICpcbiAqIEJhY2tncm91bmQ6IE9wZW5QR1AuanMgdXNlcyB0aGUgYGRhdGVgIHBhcmFtZXRlciB0byBjaGVjayBrZXkgZXhwaXJ5IGF0IGFcbiAqIGdpdmVuIHBvaW50IGluIHRpbWUuIFdlIHByZXZpb3VzbHkgcGFzc2VkIGBkYXRlOiBudWxsYCB0byBkaXNhYmxlIHRoaXMgY2hlY2tcbiAqIGVudGlyZWx5IChzZWUgSFNNLTcwNikgYmVjYXVzZSBPVkMgY29sZC1zaWduaW5nIGZsb3dzIGZvciB0cnVzdCBhbmQgU01DXG4gKiBjbGllbnRzIGNhbiBpbnZvbHZlIHNpZ25pZmljYW50IGNsb2NrIHNrZXcgYmV0d2VlbiB0aGUgc2lnbmluZyBkZXZpY2UgYW5kIHRoZVxuICogc2VydmVyIOKAlCB0aGUgZGV2aWNlIG1heSBiZSBhaXItZ2FwcGVkIGFuZCBpdHMgY2xvY2sgY2FuIGRyaWZ0IGJ5IGhvdXJzLlxuICpcbiAqIE5vdGU6IHRoaXMgR1BHIGV4cGlyeSBjaGVjayBpcyBub3Qgc3RyaWN0bHkgcmVxdWlyZWQgZm9yIHJlcGxheSBwcm90ZWN0aW9uLlxuICogVGhlIERLTFMgcHJvdG9jb2wgaGFzIGl0cyBvd24gbWVjaGFuaXNtIGZvciBwcmV2ZW50aW5nIHJlcGxheSBhdHRhY2tzXG4gKiAoc2Vzc2lvbi1ib3VuZCBjb21taXRtZW50cyBhbmQgcm91bmQtc3BlY2lmaWMgbWVzc2FnZSB2YWxpZGF0aW9uKSwgc28gdGhlXG4gKiBPcGVuUEdQIGRhdGUgY2hlY2sgaXMgYSBkZWZlbnNlLWluLWRlcHRoIG1lYXN1cmUgcmF0aGVyIHRoYW4gdGhlIHByaW1hcnlcbiAqIHJlcGxheSBtaXRpZ2F0aW9uLlxuICpcbiAqIE9wZW5QR1AncyBgZGF0ZWAgcGFyYW1ldGVyIHNoaWZ0cyB0aGUgcmVmZXJlbmNlIHRpbWUgZm9yIEFMTCB0ZW1wb3JhbFxuICogY2hlY2tzIHNpbXVsdGFuZW91c2x5IChrZXkgZXhwaXJ5LCBzZWxmLXNpZ25hdHVyZSB2YWxpZGl0eSwgc2lnbmF0dXJlXG4gKiBmcmVzaG5lc3MpLiBUaGlzIG1lYW5zIGEgc2luZ2xlIHNoaWZ0ZWQgZGF0ZSBjYW5ub3QgaW5kZXBlbmRlbnRseSByZWxheFxuICoga2V5LWV4cGlyeSBjaGVja3Mgd2l0aG91dCBicmVha2luZyBzZWxmLXNpZ25hdHVyZSB2YWxpZGF0aW9uIG9uIGZyZXNoIGtleXMuXG4gKlxuICogVGhlcmVmb3JlOlxuICogLSBlbmNyeXB0L2RlY3J5cHQgb21pdCBgZGF0ZWAgKHVzZSBkZWZhdWx0ID0gY3VycmVudCB0aW1lKSBmb3Igbm9ybWFsIGtleVxuICogICBleHBpcnkgY2hlY2tpbmcgYW5kIHNlbGYtc2lnbmF0dXJlIHZhbGlkYXRpb24uXG4gKiAtIHZlcmlmeSB1c2VzIGBub3cgKyB0b2xlcmFuY2VgIHNvIHRoYXQgc2lnbmF0dXJlcyBmcm9tIE9WQyBkZXZpY2VzIHdob3NlXG4gKiAgIGNsb2NrcyBhcmUgdXAgdG8gMjQgaG91cnMgYWhlYWQgYXJlIG5vdCByZWplY3RlZCBhcyBcImZyb20gdGhlIGZ1dHVyZVwiLlxuICovXG5leHBvcnQgY29uc3QgU0lHTkFUVVJFX0RBVEVfVE9MRVJBTkNFX01TID0gMjQgKiA2MCAqIDYwICogMTAwMDtcblxuLyoqXG4gKiBEZXRhY2ggc2lnbnMgYSBiaW5hcnkgYW5kIGVuY29kZXMgaXQgaW4gYmFzZTY0XG4gKiBAcGFyYW0gZGF0YSBiaW5hcnkgdG8gZW5jb2RlIGluIGJhc2U2NCBhbmQgc2lnblxuICogQHBhcmFtIHByaXZhdGVBcm1vciBwcml2YXRlIGtleSB0byBzaWduIHdpdGhcbiAqL1xuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIGRldGFjaFNpZ25EYXRhKGRhdGE6IEJ1ZmZlciwgcHJpdmF0ZUFybW9yOiBzdHJpbmcpOiBQcm9taXNlPEF1dGhNZXNzYWdlPiB7XG4gIGNvbnN0IG1lc3NhZ2UgPSBhd2FpdCBwZ3AuY3JlYXRlTWVzc2FnZSh7IGJpbmFyeTogZGF0YSB9KTtcbiAgY29uc3QgcHJpdmF0ZUtleSA9IGF3YWl0IHBncC5yZWFkUHJpdmF0ZUtleSh7IGFybW9yZWRLZXk6IHByaXZhdGVBcm1vciB9KTtcbiAgY29uc3Qgc2lnbmF0dXJlID0gYXdhaXQgcGdwLnNpZ24oe1xuICAgIG1lc3NhZ2UsXG4gICAgc2lnbmluZ0tleXM6IHByaXZhdGVLZXksXG4gICAgZm9ybWF0OiAnYXJtb3JlZCcsXG4gICAgZGV0YWNoZWQ6IHRydWUsXG4gICAgY29uZmlnOiB7XG4gICAgICByZWplY3RDdXJ2ZXM6IG5ldyBTZXQoKSxcbiAgICAgIHNob3dWZXJzaW9uOiBmYWxzZSxcbiAgICAgIHNob3dDb21tZW50OiBmYWxzZSxcbiAgICB9LFxuICB9KTtcbiAgcmV0dXJuIHtcbiAgICBtZXNzYWdlOiBkYXRhLnRvU3RyaW5nKCdiYXNlNjQnKSxcbiAgICBzaWduYXR1cmU6IHNpZ25hdHVyZSxcbiAgfTtcbn1cblxuLyoqXG4gKiBFbmNyeXB0cyBhbmQgZGV0YWNoIHNpZ25zIGEgYmluYXJ5XG4gKiBAcGFyYW0gZGF0YSBiaW5hcnkgdG8gZW5jcnlwdCBhbmQgc2lnblxuICogQHBhcmFtIHB1YmxpY0FybW9yIHB1YmxpYyBrZXkgdG8gZW5jcnlwdCB3aXRoXG4gKiBAcGFyYW0gcHJpdmF0ZUFybW9yIHByaXZhdGUga2V5IHRvIHNpZ24gd2l0aFxuICovXG5leHBvcnQgYXN5bmMgZnVuY3Rpb24gZW5jcnlwdEFuZERldGFjaFNpZ25EYXRhKFxuICBkYXRhOiBCdWZmZXIsXG4gIHB1YmxpY0FybW9yOiBzdHJpbmcsXG4gIHByaXZhdGVBcm1vcjogc3RyaW5nXG4pOiBQcm9taXNlPEF1dGhFbmNNZXNzYWdlPiB7XG4gIGNvbnN0IG1lc3NhZ2UgPSBhd2FpdCBwZ3AuY3JlYXRlTWVzc2FnZSh7IGJpbmFyeTogZGF0YSB9KTtcbiAgY29uc3QgcHVibGljS2V5ID0gYXdhaXQgcGdwLnJlYWRLZXkoeyBhcm1vcmVkS2V5OiBwdWJsaWNBcm1vciB9KTtcbiAgY29uc3QgcHJpdmF0ZUtleSA9IGF3YWl0IHBncC5yZWFkUHJpdmF0ZUtleSh7IGFybW9yZWRLZXk6IHByaXZhdGVBcm1vciB9KTtcbiAgY29uc3QgZW5jcnlwdGVkTWVzc2FnZSA9IGF3YWl0IHBncC5lbmNyeXB0KHtcbiAgICBtZXNzYWdlLFxuICAgIGVuY3J5cHRpb25LZXlzOiBwdWJsaWNLZXksXG4gICAgZm9ybWF0OiAnYXJtb3JlZCcsXG4gICAgY29uZmlnOiB7XG4gICAgICByZWplY3RDdXJ2ZXM6IG5ldyBTZXQoKSxcbiAgICAgIHNob3dWZXJzaW9uOiBmYWxzZSxcbiAgICAgIHNob3dDb21tZW50OiBmYWxzZSxcbiAgICB9LFxuICB9KTtcbiAgY29uc3Qgc2lnbmF0dXJlID0gYXdhaXQgcGdwLnNpZ24oe1xuICAgIG1lc3NhZ2UsXG4gICAgc2lnbmluZ0tleXM6IHByaXZhdGVLZXksXG4gICAgZm9ybWF0OiAnYXJtb3JlZCcsXG4gICAgZGV0YWNoZWQ6IHRydWUsXG4gICAgY29uZmlnOiB7XG4gICAgICByZWplY3RDdXJ2ZXM6IG5ldyBTZXQoKSxcbiAgICAgIHNob3dWZXJzaW9uOiBmYWxzZSxcbiAgICAgIHNob3dDb21tZW50OiBmYWxzZSxcbiAgICB9LFxuICB9KTtcbiAgcmV0dXJuIHtcbiAgICBlbmNyeXB0ZWRNZXNzYWdlOiBlbmNyeXB0ZWRNZXNzYWdlLFxuICAgIHNpZ25hdHVyZTogc2lnbmF0dXJlLFxuICB9O1xufVxuXG4vKipcbiAqIERlY3J5cHRzIGFuZCB2ZXJpZmllcyBzaWduYXR1cmUgb24gYSBiaW5hcnlcbiAqIEBwYXJhbSBlbmNyeXB0ZWRBbmRTaWduZWRNZXNzYWdlIG1lc3NhZ2UgdG8gZGVjcnlwdCBhbmQgdmVyaWZ5XG4gKiBAcGFyYW0gcHVibGljQXJtb3IgcHVibGljIGtleSB0byB2ZXJpZnkgc2lnbmF0dXJlIHdpdGhcbiAqIEBwYXJhbSBwcml2YXRlQXJtb3IgcHJpdmF0ZSBrZXkgdG8gZGVjcnlwdCB3aXRoXG4gKi9cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiBkZWNyeXB0QW5kVmVyaWZ5U2lnbmVkRGF0YShcbiAgZW5jcnlwdGVkQW5kU2lnbmVkTWVzc2FnZTogQXV0aEVuY01lc3NhZ2UsXG4gIHB1YmxpY0FybW9yOiBzdHJpbmcsXG4gIHByaXZhdGVBcm1vcjogc3RyaW5nXG4pOiBQcm9taXNlPHN0cmluZz4ge1xuICBjb25zdCBwdWJsaWNLZXkgPSBhd2FpdCBwZ3AucmVhZEtleSh7IGFybW9yZWRLZXk6IHB1YmxpY0FybW9yIH0pO1xuICBjb25zdCBwcml2YXRlS2V5ID0gYXdhaXQgcGdwLnJlYWRQcml2YXRlS2V5KHsgYXJtb3JlZEtleTogcHJpdmF0ZUFybW9yIH0pO1xuICBjb25zdCBkZWNyeXB0ZWRNZXNzYWdlID0gYXdhaXQgcGdwLmRlY3J5cHQoe1xuICAgIG1lc3NhZ2U6IGF3YWl0IHBncC5yZWFkTWVzc2FnZSh7IGFybW9yZWRNZXNzYWdlOiBlbmNyeXB0ZWRBbmRTaWduZWRNZXNzYWdlLmVuY3J5cHRlZE1lc3NhZ2UgfSksXG4gICAgZGVjcnlwdGlvbktleXM6IFtwcml2YXRlS2V5XSxcbiAgICBjb25maWc6IHtcbiAgICAgIHJlamVjdEN1cnZlczogbmV3IFNldCgpLFxuICAgICAgc2hvd1ZlcnNpb246IGZhbHNlLFxuICAgICAgc2hvd0NvbW1lbnQ6IGZhbHNlLFxuICAgIH0sXG4gICAgZm9ybWF0OiAnYmluYXJ5JyxcbiAgfSk7XG4gIGNvbnN0IHZlcmlmaWNhdGlvblJlc3VsdCA9IGF3YWl0IHBncC52ZXJpZnkoe1xuICAgIG1lc3NhZ2U6IGF3YWl0IHBncC5jcmVhdGVNZXNzYWdlKHsgYmluYXJ5OiBkZWNyeXB0ZWRNZXNzYWdlLmRhdGEgfSksXG4gICAgc2lnbmF0dXJlOiBhd2FpdCBwZ3AucmVhZFNpZ25hdHVyZSh7IGFybW9yZWRTaWduYXR1cmU6IGVuY3J5cHRlZEFuZFNpZ25lZE1lc3NhZ2Uuc2lnbmF0dXJlIH0pLFxuICAgIHZlcmlmaWNhdGlvbktleXM6IHB1YmxpY0tleSxcbiAgICBkYXRlOiBuZXcgRGF0ZShEYXRlLm5vdygpICsgU0lHTkFUVVJFX0RBVEVfVE9MRVJBTkNFX01TKSxcbiAgfSk7XG4gIGF3YWl0IHZlcmlmaWNhdGlvblJlc3VsdC5zaWduYXR1cmVzWzBdLnZlcmlmaWVkO1xuICByZXR1cm4gQnVmZmVyLmZyb20oZGVjcnlwdGVkTWVzc2FnZS5kYXRhKS50b1N0cmluZygnYmFzZTY0Jyk7XG59XG5cbi8qKlxuICogVmVyaWZpZXMgc2lnbmF0dXJlIG9uIGEgYmluYXJ5IChtZXNzYWdlIHBhc3NlZCBzaG91bGQgYmUgZW5jb2RlZCBpbiBiYXNlNjQpLlxuICogQHBhcmFtIHNpZ25lZE1lc3NhZ2UgbWVzc2FnZSB0byB2ZXJpZnlcbiAqIEBwYXJhbSBwdWJsaWNBcm1vciBwdWJsaWMga2V5IHRvIHZlcmlmeSBzaWduYXR1cmUgd2l0aFxuICovXG5leHBvcnQgYXN5bmMgZnVuY3Rpb24gdmVyaWZ5U2lnbmVkRGF0YShzaWduZWRNZXNzYWdlOiBBdXRoTWVzc2FnZSwgcHVibGljQXJtb3I6IHN0cmluZyk6IFByb21pc2U8Ym9vbGVhbj4ge1xuICBjb25zdCBwdWJsaWNLZXkgPSBhd2FpdCBwZ3AucmVhZEtleSh7IGFybW9yZWRLZXk6IHB1YmxpY0FybW9yIH0pO1xuICBjb25zdCB2ZXJpZmljYXRpb25SZXN1bHQgPSBhd2FpdCBwZ3AudmVyaWZ5KHtcbiAgICBtZXNzYWdlOiBhd2FpdCBwZ3AuY3JlYXRlTWVzc2FnZSh7IGJpbmFyeTogQnVmZmVyLmZyb20oc2lnbmVkTWVzc2FnZS5tZXNzYWdlLCAnYmFzZTY0JykgfSksXG4gICAgc2lnbmF0dXJlOiBhd2FpdCBwZ3AucmVhZFNpZ25hdHVyZSh7IGFybW9yZWRTaWduYXR1cmU6IHNpZ25lZE1lc3NhZ2Uuc2lnbmF0dXJlIH0pLFxuICAgIHZlcmlmaWNhdGlvbktleXM6IHB1YmxpY0tleSxcbiAgICBkYXRlOiBuZXcgRGF0ZShEYXRlLm5vdygpICsgU0lHTkFUVVJFX0RBVEVfVE9MRVJBTkNFX01TKSxcbiAgfSk7XG4gIHRyeSB7XG4gICAgYXdhaXQgdmVyaWZpY2F0aW9uUmVzdWx0LnNpZ25hdHVyZXNbMF0udmVyaWZpZWQ7XG4gICAgcmV0dXJuIHRydWU7XG4gIH0gY2F0Y2ggKGUpIHtcbiAgICByZXR1cm4gZmFsc2U7XG4gIH1cbn1cblxuLyoqXG4gKiBEZWNyeXB0cyBhbmQgdmVyaWZpZXMgcDJwIG1lc3NhZ2VzICsgdmVyaWZpZXMgYnJvYWRjYXN0IG1lc3NhZ2VzXG4gKiBAcGFyYW0gbWVzc2FnZXMgbWVzc2FnZSB0byBkZWNyeXB0IGFuZCB2ZXJpZnlcbiAqIEBwYXJhbSBwdWJWZXJpZmljYXRpb25HcGdLZXlzIHB1YmxpYyBrZXlzIHRvIHZlcmlmeSBzaWduYXR1cmVzIHdpdGhcbiAqIEBwYXJhbSBwcnZEZWNyeXB0aW9uR3BnS2V5cyBwcml2YXRlIGtleXMgdG8gZGVjcnlwdCB3aXRoXG4gKi9cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiBkZWNyeXB0QW5kVmVyaWZ5SW5jb21pbmdNZXNzYWdlcyhcbiAgbWVzc2FnZXM6IEF1dGhFbmNNZXNzYWdlcyxcbiAgcHViVmVyaWZpY2F0aW9uR3BnS2V5czogUGFydHlHcGdLZXlbXSxcbiAgcHJ2RGVjcnlwdGlvbkdwZ0tleXM6IFBhcnR5R3BnS2V5W11cbik6IFByb21pc2U8U2VyaWFsaXplZE1lc3NhZ2VzPiB7XG4gIHJldHVybiB7XG4gICAgcDJwTWVzc2FnZXM6IGF3YWl0IFByb21pc2UuYWxsKFxuICAgICAgbWVzc2FnZXMucDJwTWVzc2FnZXMubWFwKGFzeW5jIChtKSA9PiB7XG4gICAgICAgIGNvbnN0IHB1YkdwZ0tleSA9IHB1YlZlcmlmaWNhdGlvbkdwZ0tleXMuZmluZCgoaykgPT4gay5wYXJ0eUlkID09PSBtLmZyb20pO1xuICAgICAgICBjb25zdCBwcnZHcGdLZXkgPSBwcnZEZWNyeXB0aW9uR3BnS2V5cy5maW5kKChrKSA9PiBrLnBhcnR5SWQgPT09IG0udG8pO1xuICAgICAgICBpZiAoIXB1YkdwZ0tleSkge1xuICAgICAgICAgIHRocm93IEVycm9yKGBObyBwdWJsaWMga2V5IHByb3ZpZGVkIGZvciBzZW5kZXIgd2l0aCBJRDogJHttLmZyb219YCk7XG4gICAgICAgIH1cbiAgICAgICAgaWYgKCFwcnZHcGdLZXkpIHtcbiAgICAgICAgICB0aHJvdyBFcnJvcihgTm8gcHJpdmF0ZSBrZXkgcHJvdmlkZWQgZm9yIHJlY2VwaWVudCB3aXRoIElEOiAke20udG99YCk7XG4gICAgICAgIH1cbiAgICAgICAgcmV0dXJuIHtcbiAgICAgICAgICB0bzogbS50byxcbiAgICAgICAgICBmcm9tOiBtLmZyb20sXG4gICAgICAgICAgcGF5bG9hZDogYXdhaXQgZGVjcnlwdEFuZFZlcmlmeVNpZ25lZERhdGEobS5wYXlsb2FkLCBwdWJHcGdLZXkuZ3BnS2V5LCBwcnZHcGdLZXkuZ3BnS2V5KSxcbiAgICAgICAgICBjb21taXRtZW50OiBtLmNvbW1pdG1lbnQsXG4gICAgICAgIH07XG4gICAgICB9KVxuICAgICksXG4gICAgYnJvYWRjYXN0TWVzc2FnZXM6IGF3YWl0IFByb21pc2UuYWxsKFxuICAgICAgbWVzc2FnZXMuYnJvYWRjYXN0TWVzc2FnZXMubWFwKGFzeW5jIChtKSA9PiB7XG4gICAgICAgIGNvbnN0IHB1YkdwZ0tleSA9IHB1YlZlcmlmaWNhdGlvbkdwZ0tleXMuZmluZCgoaykgPT4gay5wYXJ0eUlkID09PSBtLmZyb20pO1xuICAgICAgICBpZiAoIXB1YkdwZ0tleSkge1xuICAgICAgICAgIHRocm93IEVycm9yKGBObyBwdWJsaWMga2V5IHByb3ZpZGVkIGZvciBzZW5kZXIgd2l0aCBJRDogJHttLmZyb219YCk7XG4gICAgICAgIH1cbiAgICAgICAgaWYgKCEoYXdhaXQgdmVyaWZ5U2lnbmVkRGF0YShtLnBheWxvYWQsIHB1YkdwZ0tleS5ncGdLZXkpKSkge1xuICAgICAgICAgIHRocm93IEVycm9yKGBGYWlsZWQgdG8gYXV0aGVudGljYXRlIGJyb2FkY2FzdCBtZXNzYWdlIGZyb20gcGFydHk6ICR7bS5mcm9tfWApO1xuICAgICAgICB9XG4gICAgICAgIGlmIChtLnNpZ25hdHVyZVIgIT09IHVuZGVmaW5lZCkge1xuICAgICAgICAgIGlmICghKGF3YWl0IHZlcmlmeVNpZ25lZERhdGEobS5zaWduYXR1cmVSLCBwdWJHcGdLZXkuZ3BnS2V5KSkpIHtcbiAgICAgICAgICAgIHRocm93IEVycm9yKGBGYWlsZWQgdG8gYXV0aGVudGljYXRlIHNpZ25hdHVyZVIgaW4gYnJvYWRjYXN0IG1lc3NhZ2UgZnJvbSBwYXJ0eTogJHttLmZyb219YCk7XG4gICAgICAgICAgfVxuICAgICAgICB9XG4gICAgICAgIHJldHVybiB7XG4gICAgICAgICAgZnJvbTogbS5mcm9tLFxuICAgICAgICAgIHBheWxvYWQ6IG0ucGF5bG9hZC5tZXNzYWdlLFxuICAgICAgICAgIHNpZ25hdHVyZVI6IG0uc2lnbmF0dXJlUj8ubWVzc2FnZSxcbiAgICAgICAgfTtcbiAgICAgIH0pXG4gICAgKSxcbiAgfTtcbn1cblxuLyoqXG4gKiBFbmNyeXB0cyBhbmQgc2lnbnMgcDJwIG1lc3NhZ2VzICsgc2lnbnMgYnJvYWRjYXN0IG1lc3NhZ2VzXG4gKiBAcGFyYW0gbWVzc2FnZXMgbWVzc2FnZXMgdG8gZW5jcnlwdCBhbmQgc2lnblxuICogQHBhcmFtIHB1YkVuY3J5cHRpb25HcGdLZXkgcHVibGljIGtleXMgdG8gZW5jcnlwdCBkYXRhIHRvXG4gKiBAcGFyYW0gcHJ2QXV0aGVudGljYXRpb25HcGdLZXkgcHJpdmF0ZSBrZXlzIHRvIHNpZ24gd2l0aFxuICovXG5leHBvcnQgYXN5bmMgZnVuY3Rpb24gZW5jcnlwdEFuZEF1dGhPdXRnb2luZ01lc3NhZ2VzKFxuICBtZXNzYWdlczogU2VyaWFsaXplZE1lc3NhZ2VzLFxuICBwdWJFbmNyeXB0aW9uR3BnS2V5czogUGFydHlHcGdLZXlbXSxcbiAgcHJ2QXV0aGVudGljYXRpb25HcGdLZXlzOiBQYXJ0eUdwZ0tleVtdXG4pOiBQcm9taXNlPEF1dGhFbmNNZXNzYWdlcz4ge1xuICByZXR1cm4ge1xuICAgIHAycE1lc3NhZ2VzOiBhd2FpdCBQcm9taXNlLmFsbChcbiAgICAgIG1lc3NhZ2VzLnAycE1lc3NhZ2VzLm1hcChhc3luYyAobSkgPT4ge1xuICAgICAgICBjb25zdCBwdWJHcGdLZXkgPSBwdWJFbmNyeXB0aW9uR3BnS2V5cy5maW5kKChrKSA9PiBrLnBhcnR5SWQgPT09IG0udG8pO1xuICAgICAgICBjb25zdCBwcnZHcGdLZXkgPSBwcnZBdXRoZW50aWNhdGlvbkdwZ0tleXMuZmluZCgoaykgPT4gay5wYXJ0eUlkID09PSBtLmZyb20pO1xuICAgICAgICBpZiAoIXB1YkdwZ0tleSkge1xuICAgICAgICAgIHRocm93IEVycm9yKGBObyBwdWJsaWMga2V5IHByb3ZpZGVkIGZvciByZWNpcGllbnQgd2l0aCBJRDogJHttLnRvfWApO1xuICAgICAgICB9XG4gICAgICAgIGlmICghcHJ2R3BnS2V5KSB7XG4gICAgICAgICAgdGhyb3cgRXJyb3IoYE5vIHByaXZhdGUga2V5IHByb3ZpZGVkIGZvciBzZW5kZXIgd2l0aCBJRDogJHttLmZyb219YCk7XG4gICAgICAgIH1cbiAgICAgICAgcmV0dXJuIHtcbiAgICAgICAgICB0bzogbS50byxcbiAgICAgICAgICBmcm9tOiBtLmZyb20sXG4gICAgICAgICAgcGF5bG9hZDogYXdhaXQgZW5jcnlwdEFuZERldGFjaFNpZ25EYXRhKEJ1ZmZlci5mcm9tKG0ucGF5bG9hZCwgJ2Jhc2U2NCcpLCBwdWJHcGdLZXkuZ3BnS2V5LCBwcnZHcGdLZXkuZ3BnS2V5KSxcbiAgICAgICAgICBjb21taXRtZW50OiBtLmNvbW1pdG1lbnQsXG4gICAgICAgIH07XG4gICAgICB9KVxuICAgICksXG4gICAgYnJvYWRjYXN0TWVzc2FnZXM6IGF3YWl0IFByb21pc2UuYWxsKFxuICAgICAgbWVzc2FnZXMuYnJvYWRjYXN0TWVzc2FnZXMubWFwKGFzeW5jIChtKSA9PiB7XG4gICAgICAgIGNvbnN0IHBydkdwZ0tleSA9IHBydkF1dGhlbnRpY2F0aW9uR3BnS2V5cy5maW5kKChrKSA9PiBrLnBhcnR5SWQgPT09IG0uZnJvbSk7XG4gICAgICAgIGlmICghcHJ2R3BnS2V5KSB7XG4gICAgICAgICAgdGhyb3cgRXJyb3IoYE5vIHByaXZhdGUga2V5IHByb3ZpZGVkIGZvciBzZW5kZXIgd2l0aCBJRDogJHttLmZyb219YCk7XG4gICAgICAgIH1cbiAgICAgICAgY29uc3QgW3NpZ25lZFBheWxvYWQsIHNpZ25lZFNpZ25hdHVyZVJdID0gYXdhaXQgUHJvbWlzZS5hbGwoW1xuICAgICAgICAgIGRldGFjaFNpZ25EYXRhKEJ1ZmZlci5mcm9tKG0ucGF5bG9hZCwgJ2Jhc2U2NCcpLCBwcnZHcGdLZXkuZ3BnS2V5KSxcbiAgICAgICAgICBtLnNpZ25hdHVyZVJcbiAgICAgICAgICAgID8gZGV0YWNoU2lnbkRhdGEoQnVmZmVyLmZyb20obS5zaWduYXR1cmVSLCAnYmFzZTY0JyksIHBydkdwZ0tleS5ncGdLZXkpXG4gICAgICAgICAgICA6IFByb21pc2UucmVzb2x2ZSh1bmRlZmluZWQpLFxuICAgICAgICBdKTtcbiAgICAgICAgcmV0dXJuIHtcbiAgICAgICAgICBmcm9tOiBtLmZyb20sXG4gICAgICAgICAgcGF5bG9hZDogc2lnbmVkUGF5bG9hZCxcbiAgICAgICAgICBzaWduYXR1cmVSOiBzaWduZWRTaWduYXR1cmVSLFxuICAgICAgICB9O1xuICAgICAgfSlcbiAgICApLFxuICB9O1xufVxuIl19

package/dist/src/tss/ecdsa-dkls/dkg.d.ts

@@ -0,0 +1,62 @@
+import type { KeygenSession, Keyshare } from '@silencelaboratories/dkls-wasm-ll-node';
+import { DeserializedBroadcastMessage, DeserializedMessages, DkgState, RetrofitData } from './types';
+type NodeWasmer = typeof import('@silencelaboratories/dkls-wasm-ll-node');
+type WebWasmer = typeof import('@silencelaboratories/dkls-wasm-ll-web');
+type BundlerWasmer = typeof import('@silencelaboratories/dkls-wasm-ll-bundler');
+type DklsWasm = NodeWasmer | WebWasmer | BundlerWasmer;
+export interface DkgSessionData {
+    dkgSessionBytes: Uint8Array;
+    dkgState: DkgState;
+    chainCodeCommitment?: Uint8Array;
+    keyShareBuff?: Buffer;
+}
+export declare class Dkg {
+    protected dkgSession: KeygenSession | undefined;
+    protected dkgSessionBytes: Uint8Array;
+    protected dkgKeyShare: Keyshare;
+    protected keyShareBuff: Buffer;
+    protected n: number;
+    protected t: number;
+    protected seed: Buffer | undefined;
+    protected chainCodeCommitment: Uint8Array | undefined;
+    protected partyIdx: number;
+    protected dkgState: DkgState;
+    protected dklsKeyShareRetrofitObject: Keyshare | undefined;
+    protected retrofitData: RetrofitData | undefined;
+    protected dklsWasm: DklsWasm | null;
+    constructor(n: number, t: number, partyIdx: number, seed?: Buffer, retrofitData?: RetrofitData, dklsWasm?: BundlerWasmer);
+    private loadDklsWasm;
+    private getDklsWasm;
+    private _restoreSession;
+    private _createDKLsRetrofitKeyShare;
+    private _deserializeState;
+    initDkg(): Promise<DeserializedBroadcastMessage>;
+    getKeyShare(): Buffer;
+    /**
+     * Returns a CBOR-encoded ReducedKeyShare buffer containing the party's private
+     * scalar (s_i) in the `prv` field. This buffer is private key material.
+     * The caller encrypts it and stores it as `reducedEncryptedPrv` on the key card QR code.
+     */
+    getReducedKeyShare(): Buffer;
+    handleIncomingMessages(messagesForIthRound: DeserializedMessages): DeserializedMessages;
+    /**
+     * Get the current session data that can be used to restore the session later
+     * @returns The current session data
+     */
+    getSessionData(): DkgSessionData;
+    /**
+     * Restore a DKG session from previous session data
+     * Note: This should not be used for Round 1 as that's the initialization phase
+     * @param n Number of parties
+     * @param t Threshold
+     * @param partyIdx Party index
+     * @param sessionData Previous session data
+     * @param seed Optional seed
+     * @param retrofitData Optional retrofit data
+     * @param dklsWasm Optional DKLS wasm instance
+     * @returns A new DKG instance with the restored session
+     */
+    static restoreSession(n: number, t: number, partyIdx: number, sessionData: DkgSessionData, seed?: Buffer, retrofitData?: RetrofitData, dklsWasm?: BundlerWasmer): Promise<Dkg>;
+}
+export {};
+//# sourceMappingURL=dkg.d.ts.map

package/dist/src/tss/ecdsa-dkls/dkg.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dkg.d.ts","sourceRoot":"","sources":["../../../../src/tss/ecdsa-dkls/dkg.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAW,MAAM,wCAAwC,CAAC;AAK/F,OAAO,EAAE,4BAA4B,EAAE,oBAAoB,EAAE,QAAQ,EAAmB,YAAY,EAAE,MAAM,SAAS,CAAC;AAEtH,KAAK,UAAU,GAAG,cAAc,wCAAwC,CAAC,CAAC;AAC1E,KAAK,SAAS,GAAG,cAAc,uCAAuC,CAAC,CAAC;AACxE,KAAK,aAAa,GAAG,cAAc,2CAA2C,CAAC,CAAC;AAEhF,KAAK,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,aAAa,CAAC;AAEvD,MAAM,WAAW,cAAc;IAC7B,eAAe,EAAE,UAAU,CAAC;IAC5B,QAAQ,EAAE,QAAQ,CAAC;IACnB,mBAAmB,CAAC,EAAE,UAAU,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,qBAAa,GAAG;IACd,SAAS,CAAC,UAAU,EAAE,aAAa,GAAG,SAAS,CAAC;IAChD,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC;IACtC,SAAS,CAAC,WAAW,EAAE,QAAQ,CAAC;IAChC,SAAS,CAAC,YAAY,EAAE,MAAM,CAAC;IAC/B,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,CAAC;IACnC,SAAS,CAAC,mBAAmB,EAAE,UAAU,GAAG,SAAS,CAAC;IACtD,SAAS,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC3B,SAAS,CAAC,QAAQ,EAAE,QAAQ,CAA0B;IACtD,SAAS,CAAC,0BAA0B,EAAE,QAAQ,GAAG,SAAS,CAAC;IAC3D,SAAS,CAAC,YAAY,EAAE,YAAY,GAAG,SAAS,CAAC;IACjD,SAAS,CAAC,QAAQ,EAAE,QAAQ,GAAG,IAAI,CAAC;gBAGlC,CAAC,EAAE,MAAM,EACT,CAAC,EAAE,MAAM,EACT,QAAQ,EAAE,MAAM,EAChB,IAAI,CAAC,EAAE,MAAM,EACb,YAAY,CAAC,EAAE,YAAY,EAC3B,QAAQ,CAAC,EAAE,aAAa;YAWZ,YAAY;IAM1B,OAAO,CAAC,WAAW;IAQnB,OAAO,CAAC,eAAe;IAMvB,OAAO,CAAC,2BAA2B;IAuCnC,OAAO,CAAC,iBAAiB;IA4BnB,OAAO,IAAI,OAAO,CAAC,4BAA4B,CAAC;IA+CtD,WAAW,IAAI,MAAM;IAOrB;;;;OAIG;IACH,kBAAkB,IAAI,MAAM;IAgB5B,sBAAsB,CAAC,mBAAmB,EAAE,oBAAoB,GAAG,oBAAoB;IAqFvF;;;OAGG;IACH,cAAc,IAAI,cAAc;IAiBhC;;;;;;;;;;;OAWG;WACU,cAAc,CACzB,CAAC,EAAE,MAAM,EACT,CAAC,EAAE,MAAM,EACT,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,cAAc,EAC3B,IAAI,CAAC,EAAE,MAAM,EACb,YAAY,CAAC,EAAE,YAAY,EAC3B,QAAQ,CAAC,EAAE,aAAa,GACvB,OAAO,CAAC,GAAG,CAAC;CAwBhB"}