@digitaldefiance/ecies-lib 4.5.18 → 4.6.0

package/src/isolated-private.d.ts

@@ -0,0 +1,61 @@
+import { PrivateKey } from 'paillier-bigint';
+import { IsolatedPublicKey } from './isolated-public';
+/**
+ * IsolatedPrivateKey extends Paillier PrivateKey with instance isolation validation.
+ *
+ * This class ensures that:
+ * - Decryption only works with ciphertexts encrypted by the matching IsolatedPublicKey instance
+ * - Instance ID verification prevents cross-instance decryption attacks
+ * - HMAC validation ensures ciphertext integrity
+ *
+ * The private key stores the original keyId and instanceId from construction time,
+ * and validates them before any decryption operation.
+ */
+export declare class IsolatedPrivateKey extends PrivateKey {
+    /**
+     * Original keyId from the IsolatedPublicKey at construction time
+     */
+    private readonly _originalKeyId;
+    /**
+     * Original instanceId from the IsolatedPublicKey at construction time
+     */
+    private readonly _originalInstanceId;
+    /**
+     * Reference to the original IsolatedPublicKey
+     */
+    private readonly _originalPublicKey;
+    constructor(lambda: bigint, mu: bigint, publicKey: IsolatedPublicKey);
+    /**
+     * Converts hex string to Uint8Array
+     */
+    private hexToUint8Array;
+    /**
+     * Converts Uint8Array to hex string
+     */
+    private uint8ArrayToHex;
+    /**
+     * Compares two Uint8Arrays for equality
+     */
+    private uint8ArrayEquals;
+    /**
+     * Decrypts a tagged ciphertext after validating instance ID and HMAC
+     */
+    decryptAsync(taggedCiphertext: bigint): Promise<bigint>;
+    /**
+     * Synchronous decrypt override (throws error - use decryptAsync instead)
+     */
+    decrypt(_taggedCiphertext: bigint): bigint;
+    /**
+     * Gets a copy of the original keyId
+     */
+    getOriginalKeyId(): Uint8Array;
+    /**
+     * Gets a copy of the original instanceId
+     */
+    getOriginalInstanceId(): Uint8Array;
+    /**
+     * Gets the original public key reference
+     */
+    getOriginalPublicKey(): IsolatedPublicKey;
+}
+//# sourceMappingURL=isolated-private.d.ts.map

package/src/isolated-private.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"isolated-private.d.ts","sourceRoot":"","sources":["../../../../packages/digitaldefiance-ecies-lib/src/isolated-private.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAa,MAAM,iBAAiB,CAAC;AAIxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD;;;;;;;;;;GAUG;AACH,qBAAa,kBAAmB,SAAQ,UAAU;IAChD;;OAEG;IACH,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAa;IAE5C;;OAEG;IACH,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAa;IAEjD;;OAEG;IACH,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAoB;gBAE3C,MAAM,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,iBAAiB;IAepE;;OAEG;IACH,OAAO,CAAC,eAAe;IAWvB;;OAEG;IACH,OAAO,CAAC,eAAe;IAMvB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAQxB;;OAEG;IACU,YAAY,CAAC,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAiEpE;;OAEG;IACM,OAAO,CAAC,iBAAiB,EAAE,MAAM,GAAG,MAAM;IAInD;;OAEG;IACI,gBAAgB,IAAI,UAAU;IAIrC;;OAEG;IACI,qBAAqB,IAAI,UAAU;IAI1C;;OAEG;IACI,oBAAoB,IAAI,iBAAiB;CAGjD"}

package/src/isolated-private.js

@@ -0,0 +1,148 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IsolatedPrivateKey = void 0;
+const paillier_bigint_1 = require("paillier-bigint");
+const constants_1 = require("./constants");
+const voting_error_type_1 = require("./enumerations/voting-error-type");
+const voting_1 = require("./errors/voting");
+const isolated_public_1 = require("./isolated-public");
+/**
+ * IsolatedPrivateKey extends Paillier PrivateKey with instance isolation validation.
+ *
+ * This class ensures that:
+ * - Decryption only works with ciphertexts encrypted by the matching IsolatedPublicKey instance
+ * - Instance ID verification prevents cross-instance decryption attacks
+ * - HMAC validation ensures ciphertext integrity
+ *
+ * The private key stores the original keyId and instanceId from construction time,
+ * and validates them before any decryption operation.
+ */
+class IsolatedPrivateKey extends paillier_bigint_1.PrivateKey {
+    /**
+     * Original keyId from the IsolatedPublicKey at construction time
+     */
+    _originalKeyId;
+    /**
+     * Original instanceId from the IsolatedPublicKey at construction time
+     */
+    _originalInstanceId;
+    /**
+     * Reference to the original IsolatedPublicKey
+     */
+    _originalPublicKey;
+    constructor(lambda, mu, publicKey) {
+        if (!isolated_public_1.IsolatedPublicKey.isIsolatedPublicKey(publicKey)) {
+            throw new voting_1.VotingError(voting_error_type_1.VotingErrorType.InvalidPublicKeyFormat);
+        }
+        // Create a base PublicKey instance for the parent constructor
+        const basePublicKey = new paillier_bigint_1.PublicKey(publicKey.n, publicKey.g);
+        super(lambda, mu, basePublicKey);
+        // Store the isolated public key for our own use
+        this._originalKeyId = publicKey.getKeyId();
+        this._originalInstanceId = publicKey.getInstanceId();
+        this._originalPublicKey = publicKey;
+    }
+    /**
+     * Converts hex string to Uint8Array
+     */
+    hexToUint8Array(hex) {
+        if (hex.length % 2 !== 0) {
+            hex = '0' + hex;
+        }
+        const bytes = new Uint8Array(hex.length / 2);
+        for (let i = 0; i < hex.length; i += 2) {
+            bytes[i / 2] = parseInt(hex.substr(i, 2), 16);
+        }
+        return bytes;
+    }
+    /**
+     * Converts Uint8Array to hex string
+     */
+    uint8ArrayToHex(bytes) {
+        return Array.from(bytes)
+            .map((b) => b.toString(16).padStart(2, '0'))
+            .join('');
+    }
+    /**
+     * Compares two Uint8Arrays for equality
+     */
+    uint8ArrayEquals(a, b) {
+        if (a.length !== b.length)
+            return false;
+        for (let i = 0; i < a.length; i++) {
+            if (a[i] !== b[i])
+                return false;
+        }
+        return true;
+    }
+    /**
+     * Decrypts a tagged ciphertext after validating instance ID and HMAC
+     */
+    async decryptAsync(taggedCiphertext) {
+        // First verify if we're using a recovered key by checking the public key instance
+        if (!isolated_public_1.IsolatedPublicKey.isIsolatedPublicKey(this._originalPublicKey)) {
+            throw new voting_1.VotingError(voting_error_type_1.VotingErrorType.InvalidPublicKeyFormat);
+        }
+        // Compare instance IDs before any ciphertext operations
+        const currentInstanceId = this._originalPublicKey.getInstanceId();
+        // This check must happen before any ciphertext operations
+        if (!this.uint8ArrayEquals(currentInstanceId, this._originalInstanceId)) {
+            throw new voting_1.VotingError(voting_error_type_1.VotingErrorType.InstanceIdMismatch);
+        }
+        // Now that we've verified the instance ID, we can proceed with ciphertext operations
+        try {
+            const hmacLength = 64;
+            const ciphertextString = taggedCiphertext.toString(constants_1.VOTING.KEY_RADIX);
+            const receivedHmac = ciphertextString.slice(-hmacLength);
+            const ciphertextHex = ciphertextString.slice(0, -hmacLength);
+            const ciphertextBigInt = BigInt(`0x${ciphertextHex}`);
+            // Create HMAC key from originalKeyId + originalInstanceId
+            const hmacKeyMaterial = new Uint8Array(this._originalKeyId.length + this._originalInstanceId.length);
+            hmacKeyMaterial.set(this._originalKeyId, 0);
+            hmacKeyMaterial.set(this._originalInstanceId, this._originalKeyId.length);
+            const hmacKey = await crypto.subtle.importKey('raw', hmacKeyMaterial, { name: 'HMAC', hash: 'SHA-256' }, false, ['sign']);
+            // Calculate expected HMAC
+            const ciphertextBytes = new TextEncoder().encode(ciphertextBigInt.toString(constants_1.VOTING.KEY_RADIX));
+            const signature = await crypto.subtle.sign('HMAC', hmacKey, ciphertextBytes);
+            const expectedHmac = this.uint8ArrayToHex(new Uint8Array(signature));
+            // Verify HMAC
+            if (receivedHmac !== expectedHmac) {
+                throw new voting_1.VotingError(voting_error_type_1.VotingErrorType.InvalidCiphertextHmac);
+            }
+            // Finally decrypt the ciphertext using the parent class implementation
+            return super.decrypt(ciphertextBigInt);
+        }
+        catch (error) {
+            if (error instanceof voting_1.VotingError) {
+                throw error;
+            }
+            throw new voting_1.VotingError(voting_error_type_1.VotingErrorType.InvalidPrivateKeyBufferFailedToParse);
+        }
+    }
+    /**
+     * Synchronous decrypt override (throws error - use decryptAsync instead)
+     */
+    decrypt(_taggedCiphertext) {
+        throw new voting_1.VotingError(voting_error_type_1.VotingErrorType.KeyPairValidationFailed);
+    }
+    /**
+     * Gets a copy of the original keyId
+     */
+    getOriginalKeyId() {
+        return new Uint8Array(this._originalKeyId);
+    }
+    /**
+     * Gets a copy of the original instanceId
+     */
+    getOriginalInstanceId() {
+        return new Uint8Array(this._originalInstanceId);
+    }
+    /**
+     * Gets the original public key reference
+     */
+    getOriginalPublicKey() {
+        return this._originalPublicKey;
+    }
+}
+exports.IsolatedPrivateKey = IsolatedPrivateKey;
+//# sourceMappingURL=isolated-private.js.map

package/src/isolated-private.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"isolated-private.js","sourceRoot":"","sources":["../../../../packages/digitaldefiance-ecies-lib/src/isolated-private.ts"],"names":[],"mappings":";;;AAAA,qDAAwD;AACxD,2CAAqC;AACrC,wEAAmE;AACnE,4CAA8C;AAC9C,uDAAsD;AAEtD;;;;;;;;;;GAUG;AACH,MAAa,kBAAmB,SAAQ,4BAAU;IAChD;;OAEG;IACc,cAAc,CAAa;IAE5C;;OAEG;IACc,mBAAmB,CAAa;IAEjD;;OAEG;IACc,kBAAkB,CAAoB;IAEvD,YAAY,MAAc,EAAE,EAAU,EAAE,SAA4B;QAClE,IAAI,CAAC,mCAAiB,CAAC,mBAAmB,CAAC,SAAS,CAAC,EAAE,CAAC;YACtD,MAAM,IAAI,oBAAW,CAAC,mCAAe,CAAC,sBAAsB,CAAC,CAAC;QAChE,CAAC;QAED,8DAA8D;QAC9D,MAAM,aAAa,GAAG,IAAI,2BAAS,CAAC,SAAS,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC;QAC9D,KAAK,CAAC,MAAM,EAAE,EAAE,EAAE,aAAa,CAAC,CAAC;QAEjC,gDAAgD;QAChD,IAAI,CAAC,cAAc,GAAG,SAAS,CAAC,QAAQ,EAAE,CAAC;QAC3C,IAAI,CAAC,mBAAmB,GAAG,SAAS,CAAC,aAAa,EAAE,CAAC;QACrD,IAAI,CAAC,kBAAkB,GAAG,SAAS,CAAC;IACtC,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,GAAW;QACjC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;QAClB,CAAC;QACD,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACvC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,KAAiB;QACvC,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;aACrB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;aAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;IACd,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,CAAa,EAAE,CAAa;QACnD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAClC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAAE,OAAO,KAAK,CAAC;QAClC,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,YAAY,CAAC,gBAAwB;QAChD,kFAAkF;QAClF,IAAI,CAAC,mCAAiB,CAAC,mBAAmB,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACpE,MAAM,IAAI,oBAAW,CAAC,mCAAe,CAAC,sBAAsB,CAAC,CAAC;QAChE,CAAC;QAED,wDAAwD;QACxD,MAAM,iBAAiB,GAAG,IAAI,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC;QAElE,0DAA0D;QAC1D,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,iBAAiB,EAAE,IAAI,CAAC,mBAAmB,CAAC,EAAE,CAAC;YACxE,MAAM,IAAI,oBAAW,CAAC,mCAAe,CAAC,kBAAkB,CAAC,CAAC;QAC5D,CAAC;QAED,qFAAqF;QACrF,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,EAAE,CAAC;YACtB,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,QAAQ,CAAC,kBAAM,CAAC,SAAS,CAAC,CAAC;YACrE,MAAM,YAAY,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,CAAC;YACzD,MAAM,aAAa,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC;YAC7D,MAAM,gBAAgB,GAAG,MAAM,CAAC,KAAK,aAAa,EAAE,CAAC,CAAC;YAEtD,0DAA0D;YAC1D,MAAM,eAAe,GAAG,IAAI,UAAU,CACpC,IAAI,CAAC,cAAc,CAAC,MAAM,GAAG,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAC7D,CAAC;YACF,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC;YAC5C,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,mBAAmB,EAAE,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;YAE1E,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC3C,KAAK,EACL,eAAe,EACf,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EACjC,KAAK,EACL,CAAC,MAAM,CAAC,CACT,CAAC;YAEF,0BAA0B;YAC1B,MAAM,eAAe,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAC9C,gBAAgB,CAAC,QAAQ,CAAC,kBAAM,CAAC,SAAS,CAAC,CAC5C,CAAC;YACF,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CACxC,MAAM,EACN,OAAO,EACP,eAAe,CAChB,CAAC;YACF,MAAM,YAAY,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC;YAErE,cAAc;YACd,IAAI,YAAY,KAAK,YAAY,EAAE,CAAC;gBAClC,MAAM,IAAI,oBAAW,CAAC,mCAAe,CAAC,qBAAqB,CAAC,CAAC;YAC/D,CAAC;YAED,uEAAuE;YACvE,OAAO,KAAK,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;QACzC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,oBAAW,EAAE,CAAC;gBACjC,MAAM,KAAK,CAAC;YACd,CAAC;YACD,MAAM,IAAI,oBAAW,CACnB,mCAAe,CAAC,oCAAoC,CACrD,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACM,OAAO,CAAC,iBAAyB;QACxC,MAAM,IAAI,oBAAW,CAAC,mCAAe,CAAC,uBAAuB,CAAC,CAAC;IACjE,CAAC;IAED;;OAEG;IACI,gBAAgB;QACrB,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC7C,CAAC;IAED;;OAEG;IACI,qBAAqB;QAC1B,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAClD,CAAC;IAED;;OAEG;IACI,oBAAoB;QACzB,OAAO,IAAI,CAAC,kBAAkB,CAAC;IACjC,CAAC;CACF;AAhKD,gDAgKC"}

package/src/isolated-public.d.ts

@@ -0,0 +1,117 @@
+import { PublicKey } from 'paillier-bigint';
+/**
+ * IsolatedPublicKey extends Paillier PublicKey with instance isolation capabilities.
+ *
+ * This class provides:
+ * - keyId: A deterministic SHA-256 hash of the public key 'n' value for verification
+ * - instanceId: A unique identifier per key instance to prevent cross-instance operations
+ * - HMAC-tagged ciphertexts that bind encrypted values to a specific key instance
+ *
+ * Instance isolation ensures that ciphertexts encrypted with one instance cannot be
+ * used with another instance, even if they share the same underlying key material.
+ * This is critical for voting systems where ballot tampering must be prevented.
+ */
+export declare class IsolatedPublicKey extends PublicKey {
+    /**
+     * Type guard to check if a PublicKey is an IsolatedPublicKey
+     */
+    static isIsolatedPublicKey(key: PublicKey): key is IsolatedPublicKey;
+    /**
+     * Deterministic identifier derived from the public key (SHA-256 of 'n')
+     */
+    readonly keyId: Uint8Array;
+    /**
+     * Original instance ID generated at construction time
+     */
+    private readonly _originalInstanceId;
+    /**
+     * Current instance ID (can be updated via updateInstanceId())
+     */
+    private _currentInstanceId;
+    /**
+     * Unique salt used for instance ID generation
+     */
+    private readonly uniqueInstanceSalt;
+    /**
+     * Updates the current instance ID to a new random value.
+     * This invalidates all previously encrypted ciphertexts.
+     */
+    updateInstanceId(): Promise<void>;
+    /**
+     * Generates a deterministic instance ID from keyId, n, and a unique salt
+     */
+    private generateInstanceId;
+    /**
+     * Async SHA-256 hash using Web Crypto API
+     */
+    private sha256Async;
+    /**
+     * Converts hex string to Uint8Array
+     */
+    private hexToUint8Array;
+    /**
+     * Converts Uint8Array to hex string
+     */
+    private uint8ArrayToHex;
+    constructor(n: bigint, g: bigint, keyId: Uint8Array);
+    /**
+     * Static factory method to create IsolatedPublicKey asynchronously
+     */
+    static create(n: bigint, g: bigint, keyId: Uint8Array): Promise<IsolatedPublicKey>;
+    /**
+     * Static factory method to create IsolatedPublicKey from deserialized data
+     * Used when reconstructing a key from a buffer with a stored instanceId
+     */
+    static fromBuffer(n: bigint, g: bigint, keyId: Uint8Array, instanceId: Uint8Array): IsolatedPublicKey;
+    /**
+     * Returns a copy of the keyId
+     */
+    getKeyId(): Uint8Array;
+    /**
+     * Returns a copy of the current instance ID
+     */
+    getInstanceId(): Uint8Array;
+    /**
+     * Tags a ciphertext with an HMAC using keyId + instanceId
+     * Returns a new bigint with the HMAC appended
+     */
+    private tagCiphertext;
+    /**
+     * Extracts and validates the instance ID from a tagged ciphertext
+     * Returns the instance ID if valid, or zero-filled array if invalid
+     */
+    extractInstanceId(ciphertext: bigint): Promise<Uint8Array>;
+    /**
+     * Encrypts a message and tags it with instance HMAC
+     */
+    encryptAsync(m: bigint): Promise<bigint>;
+    /**
+     * Synchronous encrypt override (throws error - use encryptAsync instead)
+     */
+    encrypt(_m: bigint): bigint;
+    /**
+     * Multiplies a ciphertext by a constant, preserving instance HMAC
+     */
+    multiplyAsync(ciphertext: bigint, constant: bigint): Promise<bigint>;
+    /**
+     * Synchronous multiply override (throws error - use multiplyAsync instead)
+     */
+    multiply(_ciphertext: bigint, _constant: bigint): bigint;
+    /**
+     * Adds two ciphertexts, preserving instance HMAC
+     */
+    additionAsync(a: bigint, b: bigint): Promise<bigint>;
+    /**
+     * Synchronous addition override (throws error - use additionAsync instead)
+     */
+    addition(_a: bigint, _b: bigint): bigint;
+    /**
+     * Verifies that the keyId matches the SHA-256 hash of the public key 'n'
+     */
+    verifyKeyIdAsync(): Promise<void>;
+    /**
+     * Compares two Uint8Arrays for equality
+     */
+    private uint8ArrayEquals;
+}
+//# sourceMappingURL=isolated-public.d.ts.map

package/src/isolated-public.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"isolated-public.d.ts","sourceRoot":"","sources":["../../../../packages/digitaldefiance-ecies-lib/src/isolated-public.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAK5C;;;;;;;;;;;GAWG;AACH,qBAAa,iBAAkB,SAAQ,SAAS;IAC9C;;OAEG;WACW,mBAAmB,CAAC,GAAG,EAAE,SAAS,GAAG,GAAG,IAAI,iBAAiB;IAI3E;;OAEG;IACH,SAAgB,KAAK,EAAE,UAAU,CAAC;IAElC;;OAEG;IACH,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAa;IAEjD;;OAEG;IACH,OAAO,CAAC,kBAAkB,CAAa;IAEvC;;OAEG;IACH,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAa;IAEhD;;;OAGG;IACU,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC;IAU9C;;OAEG;YACW,kBAAkB;IAuBhC;;OAEG;YACW,WAAW;IAKzB;;OAEG;IACH,OAAO,CAAC,eAAe;IAWvB;;OAEG;IACH,OAAO,CAAC,eAAe;gBAMX,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU;IAiBnD;;OAEG;WACiB,MAAM,CACxB,CAAC,EAAE,MAAM,EACT,CAAC,EAAE,MAAM,EACT,KAAK,EAAE,UAAU,GAChB,OAAO,CAAC,iBAAiB,CAAC;IA4C7B;;;OAGG;WACW,UAAU,CACtB,CAAC,EAAE,MAAM,EACT,CAAC,EAAE,MAAM,EACT,KAAK,EAAE,UAAU,EACjB,UAAU,EAAE,UAAU,GACrB,iBAAiB;IA8BpB;;OAEG;IACI,QAAQ,IAAI,UAAU;IAI7B;;OAEG;IACI,aAAa,IAAI,UAAU;IAIlC;;;OAGG;YACW,aAAa;IAoC3B;;;OAGG;IACU,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IA4CvE;;OAEG;IACU,YAAY,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAMrD;;OAEG;IACM,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM;IAIpC;;OAEG;IACU,aAAa,CACxB,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,MAAM,CAAC;IAmBlB;;OAEG;IACM,QAAQ,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM;IAIjE;;OAEG;IACU,aAAa,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAuBjE;;OAEG;IACM,QAAQ,CAAC,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,GAAG,MAAM;IAIjD;;OAEG;IACU,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC;IAc9C;;OAEG;IACH,OAAO,CAAC,gBAAgB;CAOzB"}

package/src/isolated-public.js

@@ -0,0 +1,334 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IsolatedPublicKey = void 0;
+const paillier_bigint_1 = require("paillier-bigint");
+const constants_1 = require("./constants");
+const voting_error_type_1 = require("./enumerations/voting-error-type");
+const voting_1 = require("./errors/voting");
+/**
+ * IsolatedPublicKey extends Paillier PublicKey with instance isolation capabilities.
+ *
+ * This class provides:
+ * - keyId: A deterministic SHA-256 hash of the public key 'n' value for verification
+ * - instanceId: A unique identifier per key instance to prevent cross-instance operations
+ * - HMAC-tagged ciphertexts that bind encrypted values to a specific key instance
+ *
+ * Instance isolation ensures that ciphertexts encrypted with one instance cannot be
+ * used with another instance, even if they share the same underlying key material.
+ * This is critical for voting systems where ballot tampering must be prevented.
+ */
+class IsolatedPublicKey extends paillier_bigint_1.PublicKey {
+    /**
+     * Type guard to check if a PublicKey is an IsolatedPublicKey
+     */
+    static isIsolatedPublicKey(key) {
+        return key instanceof IsolatedPublicKey;
+    }
+    /**
+     * Deterministic identifier derived from the public key (SHA-256 of 'n')
+     */
+    keyId;
+    /**
+     * Original instance ID generated at construction time
+     */
+    _originalInstanceId;
+    /**
+     * Current instance ID (can be updated via updateInstanceId())
+     */
+    _currentInstanceId;
+    /**
+     * Unique salt used for instance ID generation
+     */
+    uniqueInstanceSalt;
+    /**
+     * Updates the current instance ID to a new random value.
+     * This invalidates all previously encrypted ciphertexts.
+     */
+    async updateInstanceId() {
+        const randomSalt = new Uint8Array(32);
+        crypto.getRandomValues(randomSalt);
+        this._currentInstanceId = await this.generateInstanceId(this.keyId, this.n, randomSalt);
+    }
+    /**
+     * Generates a deterministic instance ID from keyId, n, and a unique salt
+     */
+    async generateInstanceId(keyId, n, uniqueInstanceSalt) {
+        // Convert n to hex string with proper padding
+        const nHex = n
+            .toString(constants_1.VOTING.KEY_RADIX)
+            .padStart(constants_1.VOTING.PUB_KEY_OFFSET, '0');
+        const nBytes = this.hexToUint8Array(nHex);
+        // Concatenate keyId + nBytes + salt
+        const combined = new Uint8Array(keyId.length + nBytes.length + uniqueInstanceSalt.length);
+        combined.set(keyId, 0);
+        combined.set(nBytes, keyId.length);
+        combined.set(uniqueInstanceSalt, keyId.length + nBytes.length);
+        // Return async hash
+        return this.sha256Async(combined);
+    }
+    /**
+     * Async SHA-256 hash using Web Crypto API
+     */
+    async sha256Async(data) {
+        const hashBuffer = await crypto.subtle.digest('SHA-256', data);
+        return new Uint8Array(hashBuffer);
+    }
+    /**
+     * Converts hex string to Uint8Array
+     */
+    hexToUint8Array(hex) {
+        if (hex.length % 2 !== 0) {
+            hex = '0' + hex;
+        }
+        const bytes = new Uint8Array(hex.length / 2);
+        for (let i = 0; i < hex.length; i += 2) {
+            bytes[i / 2] = parseInt(hex.substr(i, 2), 16);
+        }
+        return bytes;
+    }
+    /**
+     * Converts Uint8Array to hex string
+     */
+    uint8ArrayToHex(bytes) {
+        return Array.from(bytes)
+            .map((b) => b.toString(16).padStart(2, '0'))
+            .join('');
+    }
+    constructor(n, g, keyId) {
+        super(n, g);
+        this.keyId = keyId;
+        // Generate unique salt for this instance
+        const uniqueInstanceSalt = new Uint8Array(32);
+        crypto.getRandomValues(uniqueInstanceSalt);
+        this.uniqueInstanceSalt = uniqueInstanceSalt;
+        // Generate instance IDs (this is problematic with sync constructor)
+        // We'll need to handle this differently
+        this._originalInstanceId = new Uint8Array(32); // Placeholder
+        this._currentInstanceId = new Uint8Array(32); // Placeholder
+        // TODO: This needs to be refactored to use async factory method
+    }
+    /**
+     * Static factory method to create IsolatedPublicKey asynchronously
+     */
+    static async create(n, g, keyId) {
+        const key = new IsolatedPublicKey(n, g, keyId);
+        // Generate unique salt
+        const uniqueInstanceSalt = new Uint8Array(32);
+        crypto.getRandomValues(uniqueInstanceSalt);
+        // Generate instance ID asynchronously
+        const nHex = n
+            .toString(constants_1.VOTING.KEY_RADIX)
+            .padStart(constants_1.VOTING.PUB_KEY_OFFSET, '0');
+        const nBytes = key.hexToUint8Array(nHex);
+        const combined = new Uint8Array(keyId.length + nBytes.length + uniqueInstanceSalt.length);
+        combined.set(keyId, 0);
+        combined.set(nBytes, keyId.length);
+        combined.set(uniqueInstanceSalt, keyId.length + nBytes.length);
+        const instanceId = await key.sha256Async(combined);
+        // Use Object.defineProperty to set readonly fields
+        Object.defineProperty(key, 'uniqueInstanceSalt', {
+            value: uniqueInstanceSalt,
+            writable: false,
+            enumerable: true,
+            configurable: false,
+        });
+        Object.defineProperty(key, '_originalInstanceId', {
+            value: instanceId,
+            writable: false,
+            enumerable: false,
+            configurable: false,
+        });
+        Object.defineProperty(key, '_currentInstanceId', {
+            value: new Uint8Array(instanceId),
+            writable: true,
+            enumerable: false,
+            configurable: false,
+        });
+        return key;
+    }
+    /**
+     * Static factory method to create IsolatedPublicKey from deserialized data
+     * Used when reconstructing a key from a buffer with a stored instanceId
+     */
+    static fromBuffer(n, g, keyId, instanceId) {
+        const key = new IsolatedPublicKey(n, g, keyId);
+        // For deserialized keys, we don't have the original salt
+        // Set uniqueInstanceSalt to empty array
+        const uniqueInstanceSalt = new Uint8Array(0);
+        // Use Object.defineProperty to set readonly fields
+        Object.defineProperty(key, 'uniqueInstanceSalt', {
+            value: uniqueInstanceSalt,
+            writable: false,
+            enumerable: true,
+            configurable: false,
+        });
+        Object.defineProperty(key, '_originalInstanceId', {
+            value: instanceId,
+            writable: false,
+            enumerable: false,
+            configurable: false,
+        });
+        Object.defineProperty(key, '_currentInstanceId', {
+            value: new Uint8Array(instanceId),
+            writable: true,
+            enumerable: false,
+            configurable: false,
+        });
+        return key;
+    }
+    /**
+     * Returns a copy of the keyId
+     */
+    getKeyId() {
+        return new Uint8Array(this.keyId);
+    }
+    /**
+     * Returns a copy of the current instance ID
+     */
+    getInstanceId() {
+        return new Uint8Array(this._currentInstanceId);
+    }
+    /**
+     * Tags a ciphertext with an HMAC using keyId + instanceId
+     * Returns a new bigint with the HMAC appended
+     */
+    async tagCiphertext(ciphertext) {
+        // Create HMAC key from keyId + instanceId
+        const hmacKeyMaterial = new Uint8Array(this.keyId.length + this._currentInstanceId.length);
+        hmacKeyMaterial.set(this.keyId, 0);
+        hmacKeyMaterial.set(this._currentInstanceId, this.keyId.length);
+        // Import HMAC key
+        const hmacKey = await crypto.subtle.importKey('raw', hmacKeyMaterial, { name: 'HMAC', hash: 'SHA-256' }, false, ['sign']);
+        // Sign the ciphertext
+        const ciphertextHex = ciphertext.toString(constants_1.VOTING.KEY_RADIX);
+        const ciphertextBytes = new TextEncoder().encode(ciphertextHex);
+        const signature = await crypto.subtle.sign('HMAC', hmacKey, ciphertextBytes);
+        const signatureBytes = new Uint8Array(signature);
+        const signatureHex = this.uint8ArrayToHex(signatureBytes);
+        // Pad ciphertext and append HMAC
+        const hmacLength = 64; // 256 bits = 64 hex chars
+        const paddedCiphertext = ciphertextHex.padStart(hmacLength * 2, '0');
+        const taggedCiphertextString = paddedCiphertext + signatureHex;
+        return BigInt(`0x${taggedCiphertextString}`);
+    }
+    /**
+     * Extracts and validates the instance ID from a tagged ciphertext
+     * Returns the instance ID if valid, or zero-filled array if invalid
+     */
+    async extractInstanceId(ciphertext) {
+        try {
+            const hmacLength = 64;
+            const ciphertextString = ciphertext.toString(16);
+            const receivedHmac = ciphertextString.slice(-hmacLength);
+            const calculatedCiphertext = BigInt(`0x${ciphertextString.slice(0, -hmacLength)}`);
+            // Create HMAC key from keyId + current instanceId
+            const hmacKeyMaterial = new Uint8Array(this.keyId.length + this._currentInstanceId.length);
+            hmacKeyMaterial.set(this.keyId, 0);
+            hmacKeyMaterial.set(this._currentInstanceId, this.keyId.length);
+            const hmacKey = await crypto.subtle.importKey('raw', hmacKeyMaterial, { name: 'HMAC', hash: 'SHA-256' }, false, ['sign']);
+            // Calculate expected HMAC
+            const ciphertextHex = calculatedCiphertext.toString(constants_1.VOTING.KEY_RADIX);
+            const ciphertextBytes = new TextEncoder().encode(ciphertextHex);
+            const signature = await crypto.subtle.sign('HMAC', hmacKey, ciphertextBytes);
+            const expectedHmac = this.uint8ArrayToHex(new Uint8Array(signature));
+            // If HMAC matches, return current instance ID
+            return receivedHmac === expectedHmac
+                ? new Uint8Array(this._currentInstanceId)
+                : new Uint8Array([0]);
+        }
+        catch (_error) {
+            // If any error occurs, return invalid instance ID
+            return new Uint8Array([0]);
+        }
+    }
+    /**
+     * Encrypts a message and tags it with instance HMAC
+     */
+    async encryptAsync(m) {
+        await this.verifyKeyIdAsync();
+        const ciphertext = super.encrypt(m);
+        return this.tagCiphertext(ciphertext);
+    }
+    /**
+     * Synchronous encrypt override (throws error - use encryptAsync instead)
+     */
+    encrypt(_m) {
+        throw new voting_1.VotingError(voting_error_type_1.VotingErrorType.KeyPairValidationFailed);
+    }
+    /**
+     * Multiplies a ciphertext by a constant, preserving instance HMAC
+     */
+    async multiplyAsync(ciphertext, constant) {
+        await this.verifyKeyIdAsync();
+        const instanceId = await this.extractInstanceId(ciphertext);
+        // Check if instance IDs match
+        if (!this.uint8ArrayEquals(instanceId, this._currentInstanceId)) {
+            throw new voting_1.VotingError(voting_error_type_1.VotingErrorType.InstanceIdMismatch);
+        }
+        const hmacLength = 64;
+        const ciphertextString = ciphertext.toString(constants_1.VOTING.KEY_RADIX);
+        const actualCiphertext = BigInt(`0x${ciphertextString.slice(0, -hmacLength)}`);
+        const product = super.multiply(actualCiphertext, constant);
+        return this.tagCiphertext(product);
+    }
+    /**
+     * Synchronous multiply override (throws error - use multiplyAsync instead)
+     */
+    multiply(_ciphertext, _constant) {
+        throw new voting_1.VotingError(voting_error_type_1.VotingErrorType.KeyPairValidationFailed);
+    }
+    /**
+     * Adds two ciphertexts, preserving instance HMAC
+     */
+    async additionAsync(a, b) {
+        await this.verifyKeyIdAsync();
+        const aInstanceID = await this.extractInstanceId(a);
+        const bInstanceID = await this.extractInstanceId(b);
+        if (!this.uint8ArrayEquals(aInstanceID, this._currentInstanceId) ||
+            !this.uint8ArrayEquals(bInstanceID, this._currentInstanceId)) {
+            throw new voting_1.VotingError(voting_error_type_1.VotingErrorType.InstanceIdMismatch);
+        }
+        const hmacLength = 64;
+        const aCiphertextString = a.toString(constants_1.VOTING.KEY_RADIX);
+        const bCiphertextString = b.toString(constants_1.VOTING.KEY_RADIX);
+        const aCiphertext = BigInt(`0x${aCiphertextString.slice(0, -hmacLength)}`);
+        const bCiphertext = BigInt(`0x${bCiphertextString.slice(0, -hmacLength)}`);
+        const sum = super.addition(aCiphertext, bCiphertext);
+        return this.tagCiphertext(sum);
+    }
+    /**
+     * Synchronous addition override (throws error - use additionAsync instead)
+     */
+    addition(_a, _b) {
+        throw new voting_1.VotingError(voting_error_type_1.VotingErrorType.KeyPairValidationFailed);
+    }
+    /**
+     * Verifies that the keyId matches the SHA-256 hash of the public key 'n'
+     */
+    async verifyKeyIdAsync() {
+        const nHex = this.n
+            .toString(constants_1.VOTING.KEY_RADIX)
+            .padStart(constants_1.VOTING.PUB_KEY_OFFSET, '0');
+        // Encode the hex string as UTF-8 bytes (not parse as hex digits)
+        const encoder = new TextEncoder();
+        const nBytes = encoder.encode(nHex);
+        const computedKeyId = await this.sha256Async(nBytes);
+        if (!this.uint8ArrayEquals(this.keyId, computedKeyId)) {
+            throw new voting_1.VotingError(voting_error_type_1.VotingErrorType.InvalidPublicKeyIdMismatch);
+        }
+    }
+    /**
+     * Compares two Uint8Arrays for equality
+     */
+    uint8ArrayEquals(a, b) {
+        if (a.length !== b.length)
+            return false;
+        for (let i = 0; i < a.length; i++) {
+            if (a[i] !== b[i])
+                return false;
+        }
+        return true;
+    }
+}
+exports.IsolatedPublicKey = IsolatedPublicKey;
+//# sourceMappingURL=isolated-public.js.map