@cardanowall/poe-standard 0.1.0 → 0.3.0

package/dist/validator.js

@@ -1625,7 +1625,7 @@ function decodeCanonicalCbor(bytes) {
       ...r,
       rejectStreaming: true,
       rejectDuplicateKeys: true,
-      // A CIP-309 record carries integers, byte/text strings, arrays, maps and
+      // A Label 309 record carries integers, byte/text strings, arrays, maps and
       // `null` — and nothing else. Without these rejections the major-type-7
       // surface leaks into the decoder: a float16/32/64 that happens to hold an
       // integral value (e.g. 1.0) silently decodes to the integer 1 and passes
@@ -2076,7 +2076,7 @@ function decodeCanonicalCbor2(bytes) {
       ...r,
       rejectStreaming: true,
       rejectDuplicateKeys: true,
-      // A CIP-309 record carries integers, byte/text strings, arrays, maps and
+      // A Label 309 record carries integers, byte/text strings, arrays, maps and
       // `null` — and nothing else. Without these rejections the major-type-7
       // surface leaks into the decoder: a float16/32/64 that happens to hold an
       // integral value (e.g. 1.0) silently decodes to the integer 1 and passes
@@ -2183,6 +2183,60 @@ function decodeCoseSign1(bytes) {
   };
 }
 
+// ../crypto-core/dist/sealed-poe.js
+var CARDANO_POE_SLOTS_TRANSCRIPT_PREFIX = new TextEncoder().encode(
+  "cardano-poe-slots-transcript-v1"
+);
+var CARDANO_POE_HKDF_INFO_PAYLOAD = new TextEncoder().encode(
+  "cardano-poe-payload-v1"
+);
+var CARDANO_POE_HKDF_INFO_PAYLOAD_PASSPHRASE = new TextEncoder().encode(
+  "cardano-poe-payload-passphrase-v1"
+);
+var CARDANO_POE_XWING_KEK_SALT_PREFIX = new TextEncoder().encode(
+  "cardano-poe-xwing-kek-salt-v1"
+);
+if (CARDANO_POE_SLOTS_TRANSCRIPT_PREFIX.length !== 31) {
+  throw new Error(
+    "CARDANO_POE_SLOTS_TRANSCRIPT_PREFIX byte-length invariant violated (expected 31)"
+  );
+}
+if (CARDANO_POE_HKDF_INFO_PAYLOAD.length !== 22) {
+  throw new Error("CARDANO_POE_HKDF_INFO_PAYLOAD byte-length invariant violated (expected 22)");
+}
+if (CARDANO_POE_HKDF_INFO_PAYLOAD_PASSPHRASE.length !== 33) {
+  throw new Error(
+    "CARDANO_POE_HKDF_INFO_PAYLOAD_PASSPHRASE byte-length invariant violated (expected 33)"
+  );
+}
+if (CARDANO_POE_XWING_KEK_SALT_PREFIX.length !== 29) {
+  throw new Error("CARDANO_POE_XWING_KEK_SALT_PREFIX byte-length invariant violated (expected 29)");
+}
+var MAX_SLOTS = 1024;
+var MAX_DECODED_ENVELOPE_BYTES = 65536;
+var CARDANO_POE_HKDF_INFO_KEK = new TextEncoder().encode("cardano-poe-kek-v1");
+var CARDANO_POE_HKDF_INFO_KEK_MLKEM768X25519 = new TextEncoder().encode(
+  "cardano-poe-kek-mlkem768x25519-v1"
+);
+var CARDANO_POE_HKDF_INFO_SLOTS_MAC = new TextEncoder().encode(
+  "cardano-poe-slots-mac-v1"
+);
+var ZERO_NONCE_12 = new Uint8Array(12);
+if (CARDANO_POE_HKDF_INFO_KEK.length !== 18) {
+  throw new Error("CARDANO_POE_HKDF_INFO_KEK byte-length invariant violated (expected 18)");
+}
+if (CARDANO_POE_HKDF_INFO_KEK_MLKEM768X25519.length !== 33) {
+  throw new Error(
+    "CARDANO_POE_HKDF_INFO_KEK_MLKEM768X25519 byte-length invariant violated (expected 33)"
+  );
+}
+if (CARDANO_POE_HKDF_INFO_SLOTS_MAC.length !== 24) {
+  throw new Error("CARDANO_POE_HKDF_INFO_SLOTS_MAC byte-length invariant violated (expected 24)");
+}
+if (ZERO_NONCE_12.length !== 12) {
+  throw new Error("ZERO_NONCE_12 byte-length invariant violated (expected 12)");
+}
+
 // src/chunked.ts
 var UTF8_ENCODER = new TextEncoder();
 function bytesChunkArrayConcat(chunks) {
@@ -2228,6 +2282,9 @@ var SEVERITY = Object.freeze({
   UNSUPPORTED_ENVELOPE_SCHEME: "error",
   ENC_SLOTS_EMPTY: "error",
   ENC_SLOT_INVALID_SHAPE: "error",
+  ENC_SLOTS_DUPLICATE_KEM_MATERIAL: "error",
+  ENC_SLOTS_TOO_MANY: "error",
+  ENC_ENVELOPE_TOO_LARGE: "error",
   UNSUPPORTED_KEM_ALG: "error",
   ENC_KEM_REQUIRED: "error",
   KEM_EPK_LENGTH_MISMATCH: "error",
@@ -2407,6 +2464,8 @@ var KEM_FIELD_LENGTH_CODE = {
   epk: "KEM_EPK_LENGTH_MISMATCH",
   kem_ct: "KEM_CT_LENGTH_MISMATCH"
 };
+var NONCE_LENGTH = 24;
+var SLOTS_MAC_LENGTH = 32;
 var PASSPHRASE_KDF_ALGS = /* @__PURE__ */ new Set(["argon2id"]);
 var KNOWN_SIG_ALG_IDS = /* @__PURE__ */ new Set([-8, -19]);
 function validatePoeRecord(bytes) {
@@ -2620,7 +2679,7 @@ function validateOneUri(chunks, path, errors) {
     const cid = slashIdx === -1 ? rest : rest.slice(0, slashIdx);
     if (!validateCidProfile(cid)) {
       errors.push(
-        issue("INVALID_URI", path, "ipfs:// URI is not a valid CID under the CIP-309 profile")
+        issue("INVALID_URI", path, "ipfs:// URI is not a valid CID under the Label 309 profile")
       );
     }
     return;
@@ -2668,7 +2727,7 @@ function checkItemEnc(item, idx, errors) {
       issue(
         "UNAUTHENTICATED_CIPHER_FORBIDDEN",
         [...basePath, "aead"],
-        `'${enc.aead}' is an unauthenticated cipher; CIP-309 mandates an authenticated (AEAD) cipher`
+        `'${enc.aead}' is an unauthenticated cipher; Label 309 mandates an authenticated (AEAD) cipher`
       )
     );
     return;
@@ -2723,24 +2782,62 @@ function checkItemEnc(item, idx, errors) {
     );
   }
   if (hasSlots) {
-    if (enc.slots.length < 1) {
+    const slotCount = enc.slots.length;
+    if (slotCount < 1) {
       errors.push(
-        issue("ENC_SLOTS_EMPTY", [...basePath, "slots"], `slots length ${enc.slots.length} < 1`)
+        issue("ENC_SLOTS_EMPTY", [...basePath, "slots"], `slots length ${slotCount} < 1`)
       );
-    }
-    const descriptor = enc.kem !== void 0 ? KEM_SLOT_DESCRIPTORS[enc.kem] : void 0;
-    if (descriptor !== void 0) {
-      const rawSlotKeys = rawSlotKeySets(item.enc);
-      enc.slots.forEach((slot, si) => {
-        checkSlotShape(
-          slot,
-          rawSlotKeys[si] ?? /* @__PURE__ */ new Set(),
-          descriptor,
-          enc.kem,
-          [...basePath, "slots", si],
-          errors
-        );
-      });
+    } else if (slotCount > MAX_SLOTS) {
+      errors.push(
+        issue(
+          "ENC_SLOTS_TOO_MANY",
+          [...basePath, "slots"],
+          `slots length ${slotCount} exceeds MAX_SLOTS=${MAX_SLOTS}`
+        )
+      );
+    } else {
+      const descriptor = enc.kem !== void 0 ? KEM_SLOT_DESCRIPTORS[enc.kem] : void 0;
+      if (descriptor !== void 0) {
+        const rawSlotKeys = rawSlotKeySets(item.enc);
+        const seenKemMaterial = /* @__PURE__ */ new Set();
+        enc.slots.forEach((slot, si) => {
+          const slotPath = [...basePath, "slots", si];
+          checkSlotShape(
+            slot,
+            rawSlotKeys[si] ?? /* @__PURE__ */ new Set(),
+            descriptor,
+            enc.kem,
+            slotPath,
+            errors
+          );
+          const material = slotKemMaterial(slot, descriptor);
+          if (material !== void 0) {
+            const key = bytesToHex2(material);
+            if (seenKemMaterial.has(key)) {
+              errors.push(
+                issue(
+                  "ENC_SLOTS_DUPLICATE_KEM_MATERIAL",
+                  [...slotPath, descriptor.field],
+                  `slot ${si} ${descriptor.field} duplicates an earlier slot \u2014 per-slot KEK uniqueness is violated`
+                )
+              );
+            } else {
+              seenKemMaterial.add(key);
+            }
+          }
+        });
+        const perSlotBytes = descriptor.fieldLength + descriptor.wrapLength;
+        const decodedEnvelopeBytes = NONCE_LENGTH + SLOTS_MAC_LENGTH + slotCount * perSlotBytes;
+        if (decodedEnvelopeBytes > MAX_DECODED_ENVELOPE_BYTES) {
+          errors.push(
+            issue(
+              "ENC_ENVELOPE_TOO_LARGE",
+              [...basePath, "slots"],
+              `decoded envelope size ${decodedEnvelopeBytes} exceeds MAX_DECODED_ENVELOPE_BYTES=${MAX_DECODED_ENVELOPE_BYTES}`
+            )
+          );
+        }
+      }
     }
   }
   if (hasPassphrase) {
@@ -2897,6 +2994,20 @@ function checkSlotShape(slot, rawKeys, descriptor, kem, slotPath, errors) {
     );
   }
 }
+function slotKemMaterial(slot, descriptor) {
+  if (descriptor.field === "epk") {
+    return slot.epk;
+  }
+  if (slot.kem_ct === void 0) return void 0;
+  return bytesChunkArrayConcat(slot.kem_ct);
+}
+function bytesToHex2(bytes) {
+  let hex = "";
+  for (let i = 0; i < bytes.length; i++) {
+    hex += bytes[i].toString(16).padStart(2, "0");
+  }
+  return hex;
+}
 function rawSlotKeySets(rawEnc) {
   const slots = mapLikeGet(rawEnc, "slots");
   if (!Array.isArray(slots)) return [];