@cofhe/sdk 0.2.0 → 0.3.0

package/core/decrypt/tnDecrypt.ts

@@ -0,0 +1,232 @@
+import { type Permission } from '@/permits';
+
+import { CofheError, CofheErrorCode } from '../error.js';
+
+type TnDecryptResponse = {
+  // TN returns bytes in big-endian order, e.g. [0,0,0,42]
+  decrypted: number[];
+  signature: string;
+  encryption_type: number;
+  error_message: string | null;
+};
+
+function normalizeSignature(signature: unknown): string {
+  if (typeof signature !== 'string') {
+    throw new CofheError({
+      code: CofheErrorCode.DecryptReturnedNull,
+      message: 'decrypt response missing signature',
+      context: {
+        signature,
+      },
+    });
+  }
+
+  const trimmed = signature.trim();
+  if (trimmed.length === 0) {
+    throw new CofheError({
+      code: CofheErrorCode.DecryptReturnedNull,
+      message: 'decrypt response returned empty signature',
+    });
+  }
+
+  // SDK uses "no-0x" signatures in mocks/tests; normalize to that format.
+  return trimmed.startsWith('0x') ? trimmed.slice(2) : trimmed;
+}
+
+function parseDecryptedBytesToBigInt(decrypted: unknown): bigint {
+  if (!Array.isArray(decrypted)) {
+    throw new CofheError({
+      code: CofheErrorCode.DecryptReturnedNull,
+      message: 'decrypt response field <decrypted> must be a byte array',
+      context: {
+        decrypted,
+      },
+    });
+  }
+
+  if (decrypted.length === 0) {
+    throw new CofheError({
+      code: CofheErrorCode.DecryptReturnedNull,
+      message: 'decrypt response field <decrypted> was an empty byte array',
+      context: {
+        decrypted,
+      },
+    });
+  }
+
+  let hex = '';
+  for (const b of decrypted as unknown[]) {
+    if (typeof b !== 'number' || !Number.isInteger(b) || b < 0 || b > 255) {
+      throw new CofheError({
+        code: CofheErrorCode.DecryptReturnedNull,
+        message: 'decrypt response field <decrypted> contained a non-byte value',
+        context: {
+          badElement: b,
+          decrypted,
+        },
+      });
+    }
+    hex += b.toString(16).padStart(2, '0');
+  }
+
+  return BigInt(`0x${hex}`);
+}
+
+function assertTnDecryptResponse(value: unknown): TnDecryptResponse {
+  if (value == null || typeof value !== 'object') {
+    throw new CofheError({
+      code: CofheErrorCode.DecryptFailed,
+      message: 'decrypt response must be a JSON object',
+      context: {
+        value,
+      },
+    });
+  }
+
+  const v = value as Record<string, unknown>;
+  const decrypted = v.decrypted;
+  const signature = v.signature;
+  const encryptionType = v.encryption_type;
+  const errorMessage = v.error_message;
+
+  if (!Array.isArray(decrypted)) {
+    throw new CofheError({
+      code: CofheErrorCode.DecryptReturnedNull,
+      message: 'decrypt response missing <decrypted> byte array',
+      context: { decryptResponse: value },
+    });
+  }
+  if (typeof signature !== 'string') {
+    throw new CofheError({
+      code: CofheErrorCode.DecryptReturnedNull,
+      message: 'decrypt response missing <signature> string',
+      context: { decryptResponse: value },
+    });
+  }
+  if (typeof encryptionType !== 'number') {
+    throw new CofheError({
+      code: CofheErrorCode.DecryptFailed,
+      message: 'decrypt response missing <encryption_type> number',
+      context: { decryptResponse: value },
+    });
+  }
+  if (!(typeof errorMessage === 'string' || errorMessage === null)) {
+    throw new CofheError({
+      code: CofheErrorCode.DecryptFailed,
+      message: 'decrypt response field <error_message> must be string or null',
+      context: { decryptResponse: value },
+    });
+  }
+
+  return {
+    decrypted: decrypted as number[],
+    signature,
+    encryption_type: encryptionType,
+    error_message: errorMessage,
+  };
+}
+
+export async function tnDecrypt(
+  ctHash: bigint,
+  chainId: number,
+  permission: Permission | null,
+  thresholdNetworkUrl: string
+): Promise<{ decryptedValue: bigint; signature: string }> {
+  const body: {
+    ct_tempkey: string;
+    host_chain_id: number;
+    permit?: Permission;
+  } = {
+    ct_tempkey: ctHash.toString(16).padStart(64, '0'),
+    host_chain_id: chainId,
+  };
+
+  if (permission) {
+    body.permit = permission;
+  }
+
+  let response: Response;
+  try {
+    response = await fetch(`${thresholdNetworkUrl}/decrypt`, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify(body),
+    });
+  } catch (e) {
+    throw new CofheError({
+      code: CofheErrorCode.DecryptFailed,
+      message: `decrypt request failed`,
+      hint: 'Ensure the threshold network URL is valid and reachable.',
+      cause: e instanceof Error ? e : undefined,
+      context: {
+        thresholdNetworkUrl,
+        body,
+      },
+    });
+  }
+
+  const responseText = await response.text();
+
+  // Even on non-200 responses, TN may return JSON with { error_message }.
+  if (!response.ok) {
+    let errorMessage = response.statusText || `HTTP ${response.status}`;
+    try {
+      const errorBody = JSON.parse(responseText) as Record<string, unknown>;
+      const maybeMessage = (errorBody.error_message || errorBody.message) as unknown;
+      if (typeof maybeMessage === 'string' && maybeMessage.length > 0) errorMessage = maybeMessage;
+    } catch {
+      const trimmed = responseText.trim();
+      if (trimmed.length > 0) errorMessage = trimmed;
+    }
+
+    throw new CofheError({
+      code: CofheErrorCode.DecryptFailed,
+      message: `decrypt request failed: ${errorMessage}`,
+      hint: 'Check the threshold network URL and request parameters.',
+      context: {
+        thresholdNetworkUrl,
+        status: response.status,
+        statusText: response.statusText,
+        body,
+        responseText,
+      },
+    });
+  }
+
+  let rawJson: unknown;
+  try {
+    rawJson = JSON.parse(responseText) as unknown;
+  } catch (e) {
+    throw new CofheError({
+      code: CofheErrorCode.DecryptFailed,
+      message: `Failed to parse decrypt response`,
+      cause: e instanceof Error ? e : undefined,
+      context: {
+        thresholdNetworkUrl,
+        body,
+        responseText,
+      },
+    });
+  }
+
+  const decryptResponse = assertTnDecryptResponse(rawJson);
+
+  if (decryptResponse.error_message) {
+    throw new CofheError({
+      code: CofheErrorCode.DecryptFailed,
+      message: `decrypt request failed: ${decryptResponse.error_message}`,
+      context: {
+        thresholdNetworkUrl,
+        body,
+        decryptResponse,
+      },
+    });
+  }
+
+  const decryptedValue = parseDecryptedBytesToBigInt(decryptResponse.decrypted);
+  const signature = normalizeSignature(decryptResponse.signature);
+
+  return { decryptedValue, signature };
+}

package/core/decrypt/tnSealOutputV1.ts

@@ -1,6 +1,6 @@
 import { type Permission, type EthEncryptedData } from '@/permits';
 
-import { CofhesdkError, CofhesdkErrorCode } from '../error.js';
+import { CofheError, CofheErrorCode } from '../error.js';
 
 export async function tnSealOutputV1(
   ctHash: bigint,
@@ -31,8 +31,8 @@ export async function tnSealOutputV1(
     sealed = sealOutputResult.sealed;
     errorMessage = sealOutputResult.error_message;
   } catch (e) {
-    throw new CofhesdkError({
-      code: CofhesdkErrorCode.SealOutputFailed,
+    throw new CofheError({
+      code: CofheErrorCode.SealOutputFailed,
       message: `sealOutput request failed`,
       hint: 'Ensure the threshold network URL is valid.',
       cause: e instanceof Error ? e : undefined,
@@ -44,8 +44,8 @@ export async function tnSealOutputV1(
   }
 
   if (sealed == null) {
-    throw new CofhesdkError({
-      code: CofhesdkErrorCode.SealOutputReturnedNull,
+    throw new CofheError({
+      code: CofheErrorCode.SealOutputReturnedNull,
       message: `sealOutput request returned no data | Caused by: ${errorMessage}`,
       context: {
         thresholdNetworkUrl,

package/core/decrypt/tnSealOutputV2.ts

@@ -1,6 +1,6 @@
 import { type Permission, type EthEncryptedData } from '@/permits';
 
-import { CofhesdkError, CofhesdkErrorCode } from '../error.js';
+import { CofheError, CofheErrorCode } from '../error.js';
 
 // Polling configuration
 const POLL_INTERVAL_MS = 1000; // 1 second
@@ -39,8 +39,8 @@ function numberArrayToUint8Array(arr: number[]): Uint8Array {
  */
 function convertSealedData(sealed: SealOutputStatusResponse['sealed']): EthEncryptedData {
   if (!sealed) {
-    throw new CofhesdkError({
-      code: CofhesdkErrorCode.SealOutputReturnedNull,
+    throw new CofheError({
+      code: CofheErrorCode.SealOutputReturnedNull,
       message: 'Sealed data is missing from completed response',
     });
   }
@@ -77,8 +77,8 @@ async function submitSealOutputRequest(
       body: JSON.stringify(body),
     });
   } catch (e) {
-    throw new CofhesdkError({
-      code: CofhesdkErrorCode.SealOutputFailed,
+    throw new CofheError({
+      code: CofheErrorCode.SealOutputFailed,
       message: `sealOutput request failed`,
       hint: 'Ensure the threshold network URL is valid and reachable.',
       cause: e instanceof Error ? e : undefined,
@@ -100,8 +100,8 @@ async function submitSealOutputRequest(
       errorMessage = response.statusText || errorMessage;
     }
 
-    throw new CofhesdkError({
-      code: CofhesdkErrorCode.SealOutputFailed,
+    throw new CofheError({
+      code: CofheErrorCode.SealOutputFailed,
       message: `sealOutput request failed: ${errorMessage}`,
       hint: 'Check the threshold network URL and request parameters.',
       context: {
@@ -117,8 +117,8 @@ async function submitSealOutputRequest(
   try {
     submitResponse = (await response.json()) as SealOutputSubmitResponse;
   } catch (e) {
-    throw new CofhesdkError({
-      code: CofhesdkErrorCode.SealOutputFailed,
+    throw new CofheError({
+      code: CofheErrorCode.SealOutputFailed,
       message: `Failed to parse sealOutput submit response`,
       cause: e instanceof Error ? e : undefined,
       context: {
@@ -129,8 +129,8 @@ async function submitSealOutputRequest(
   }
 
   if (!submitResponse.request_id) {
-    throw new CofhesdkError({
-      code: CofhesdkErrorCode.SealOutputFailed,
+    throw new CofheError({
+      code: CofheErrorCode.SealOutputFailed,
       message: `sealOutput submit response missing request_id`,
       context: {
         thresholdNetworkUrl,
@@ -153,8 +153,8 @@ async function pollSealOutputStatus(thresholdNetworkUrl: string, requestId: stri
   while (!completed) {
     // Check timeout
     if (Date.now() - startTime > POLL_TIMEOUT_MS) {
-      throw new CofhesdkError({
-        code: CofhesdkErrorCode.SealOutputFailed,
+      throw new CofheError({
+        code: CofheErrorCode.SealOutputFailed,
         message: `sealOutput polling timed out after ${POLL_TIMEOUT_MS}ms`,
         hint: 'The request may still be processing. Try again later.',
         context: {
@@ -174,8 +174,8 @@ async function pollSealOutputStatus(thresholdNetworkUrl: string, requestId: stri
         },
       });
     } catch (e) {
-      throw new CofhesdkError({
-        code: CofhesdkErrorCode.SealOutputFailed,
+      throw new CofheError({
+        code: CofheErrorCode.SealOutputFailed,
         message: `sealOutput status poll failed`,
         hint: 'Ensure the threshold network URL is valid and reachable.',
         cause: e instanceof Error ? e : undefined,
@@ -188,8 +188,8 @@ async function pollSealOutputStatus(thresholdNetworkUrl: string, requestId: stri
 
     // Handle 404 - request not found
     if (response.status === 404) {
-      throw new CofhesdkError({
-        code: CofhesdkErrorCode.SealOutputFailed,
+      throw new CofheError({
+        code: CofheErrorCode.SealOutputFailed,
         message: `sealOutput request not found: ${requestId}`,
         hint: 'The request may have expired or been invalid.',
         context: {
@@ -209,8 +209,8 @@ async function pollSealOutputStatus(thresholdNetworkUrl: string, requestId: stri
         errorMessage = response.statusText || errorMessage;
       }
 
-      throw new CofhesdkError({
-        code: CofhesdkErrorCode.SealOutputFailed,
+      throw new CofheError({
+        code: CofheErrorCode.SealOutputFailed,
         message: `sealOutput status poll failed: ${errorMessage}`,
         context: {
           thresholdNetworkUrl,
@@ -225,8 +225,8 @@ async function pollSealOutputStatus(thresholdNetworkUrl: string, requestId: stri
     try {
       statusResponse = (await response.json()) as SealOutputStatusResponse;
     } catch (e) {
-      throw new CofhesdkError({
-        code: CofhesdkErrorCode.SealOutputFailed,
+      throw new CofheError({
+        code: CofheErrorCode.SealOutputFailed,
         message: `Failed to parse sealOutput status response`,
         cause: e instanceof Error ? e : undefined,
         context: {
@@ -241,8 +241,8 @@ async function pollSealOutputStatus(thresholdNetworkUrl: string, requestId: stri
       // Check if succeeded
       if (statusResponse.is_succeed === false) {
         const errorMessage = statusResponse.error_message || 'Unknown error';
-        throw new CofhesdkError({
-          code: CofhesdkErrorCode.SealOutputFailed,
+        throw new CofheError({
+          code: CofheErrorCode.SealOutputFailed,
           message: `sealOutput request failed: ${errorMessage}`,
           context: {
             thresholdNetworkUrl,
@@ -254,8 +254,8 @@ async function pollSealOutputStatus(thresholdNetworkUrl: string, requestId: stri
 
       // Check if sealed data exists
       if (!statusResponse.sealed) {
-        throw new CofhesdkError({
-          code: CofhesdkErrorCode.SealOutputReturnedNull,
+        throw new CofheError({
+          code: CofheErrorCode.SealOutputReturnedNull,
           message: `sealOutput request completed but returned no sealed data`,
           context: {
             thresholdNetworkUrl,
@@ -274,8 +274,8 @@ async function pollSealOutputStatus(thresholdNetworkUrl: string, requestId: stri
   }
 
   // This should never be reached, but TypeScript requires it
-  throw new CofhesdkError({
-    code: CofhesdkErrorCode.SealOutputFailed,
+  throw new CofheError({
+    code: CofheErrorCode.SealOutputFailed,
     message: 'Polling loop exited unexpectedly',
     context: {
       thresholdNetworkUrl,

package/core/encrypt/cofheMocksZkVerifySign.ts

@@ -12,16 +12,9 @@ import {
 } from 'viem';
 import { MockZkVerifierAbi } from './MockZkVerifierAbi.js';
 import { hardhat } from 'viem/chains';
-import { CofhesdkError, CofhesdkErrorCode } from '../error.js';
+import { CofheError, CofheErrorCode } from '../error.js';
 import { privateKeyToAccount } from 'viem/accounts';
-
-// Address the Mock ZkVerifier contract is deployed to on the Hardhat chain
-export const MocksZkVerifierAddress = '0x0000000000000000000000000000000000000100';
-
-// PK & address pair for zk verifier
-export const MOCKS_ZK_VERIFIER_SIGNER_PRIVATE_KEY =
-  '0x6C8D7F768A6BB4AAFE85E8A2F5A9680355239C7E14646ED62B044E39DE154512';
-export const MOCKS_ZK_VERIFIER_SIGNER_ADDRESS = '0x6E12D8C87503D4287c294f2Fdef96ACd9DFf6bd2';
+import { MOCKS_ZK_VERIFIER_SIGNER_PRIVATE_KEY, MOCKS_ZK_VERIFIER_ADDRESS } from '../consts.js';
 
 type EncryptableItemWithCtHash = EncryptableItem & {
   ctHash: bigint;
@@ -77,8 +70,8 @@ export async function cofheMocksCheckEncryptableBits(items: EncryptableItem[]):
     }
   }
   if (totalBits > MAX_ENCRYPTABLE_BITS) {
-    throw new CofhesdkError({
-      code: CofhesdkErrorCode.ZkPackFailed,
+    throw new CofheError({
+      code: CofheErrorCode.ZkPackFailed,
       message: `Total bits ${totalBits} exceeds ${MAX_ENCRYPTABLE_BITS}`,
       hint: `Ensure that the total bits of the items to encrypt does not exceed ${MAX_ENCRYPTABLE_BITS}`,
       context: {
@@ -111,18 +104,18 @@ async function calcCtHashes(
 
   try {
     ctHashes = (await publicClient.readContract({
-      address: MocksZkVerifierAddress,
+      address: MOCKS_ZK_VERIFIER_ADDRESS,
       abi: MockZkVerifierAbi,
       functionName: 'zkVerifyCalcCtHashesPacked',
       args: calcCtHashesArgs,
     })) as bigint[];
   } catch (err) {
-    throw new CofhesdkError({
-      code: CofhesdkErrorCode.ZkMocksCalcCtHashesFailed,
+    throw new CofheError({
+      code: CofheErrorCode.ZkMocksCalcCtHashesFailed,
       message: `mockZkVerifySign calcCtHashes failed while calling zkVerifyCalcCtHashesPacked`,
       cause: err instanceof Error ? err : undefined,
       context: {
-        address: MocksZkVerifierAddress,
+        address: MOCKS_ZK_VERIFIER_ADDRESS,
         items,
         account,
         securityZone,
@@ -133,8 +126,8 @@ async function calcCtHashes(
   }
 
   if (ctHashes.length !== items.length) {
-    throw new CofhesdkError({
-      code: CofhesdkErrorCode.ZkMocksCalcCtHashesFailed,
+    throw new CofheError({
+      code: CofheErrorCode.ZkMocksCalcCtHashesFailed,
       message: `mockZkVerifySign calcCtHashes returned incorrect number of ctHashes`,
       context: {
         items,
@@ -163,7 +156,7 @@ async function insertCtHashes(items: EncryptableItemWithCtHash[], walletClient:
     const account = walletClient.account!;
 
     await walletClient.writeContract({
-      address: MocksZkVerifierAddress,
+      address: MOCKS_ZK_VERIFIER_ADDRESS,
       abi: MockZkVerifierAbi,
       functionName: 'insertPackedCtHashes',
       args: insertPackedCtHashesArgs,
@@ -171,8 +164,8 @@ async function insertCtHashes(items: EncryptableItemWithCtHash[], walletClient:
       account: account,
     });
   } catch (err) {
-    throw new CofhesdkError({
-      code: CofhesdkErrorCode.ZkMocksInsertCtHashesFailed,
+    throw new CofheError({
+      code: CofheErrorCode.ZkMocksInsertCtHashesFailed,
       message: `mockZkVerifySign insertPackedCtHashes failed while calling insertPackedCtHashes`,
       cause: err instanceof Error ? err : undefined,
       context: {
@@ -199,8 +192,8 @@ async function createProofSignatures(items: EncryptableItemWithCtHash[], securit
   try {
     encInputSignerClient = createMockZkVerifierSigner();
   } catch (err) {
-    throw new CofhesdkError({
-      code: CofhesdkErrorCode.ZkMocksCreateProofSignatureFailed,
+    throw new CofheError({
+      code: CofheErrorCode.ZkMocksCreateProofSignatureFailed,
       message: `mockZkVerifySign createProofSignatures failed while creating wallet client`,
       cause: err instanceof Error ? err : undefined,
       context: {
@@ -227,8 +220,8 @@ async function createProofSignatures(items: EncryptableItemWithCtHash[], securit
       signatures.push(signature);
     }
   } catch (err) {
-    throw new CofhesdkError({
-      code: CofhesdkErrorCode.ZkMocksCreateProofSignatureFailed,
+    throw new CofheError({
+      code: CofheErrorCode.ZkMocksCreateProofSignatureFailed,
       message: `mockZkVerifySign createProofSignatures failed while calling signMessage`,
       cause: err instanceof Error ? err : undefined,
       context: {
@@ -239,8 +232,8 @@ async function createProofSignatures(items: EncryptableItemWithCtHash[], securit
   }
 
   if (signatures.length !== items.length) {
-    throw new CofhesdkError({
-      code: CofhesdkErrorCode.ZkMocksCreateProofSignatureFailed,
+    throw new CofheError({
+      code: CofheErrorCode.ZkMocksCreateProofSignatureFailed,
       message: `mockZkVerifySign createProofSignatures returned incorrect number of signatures`,
       context: {
         items,