@dynamic-labs-wallet/forward-mpc-shared 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +269 -34
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +584 -39
- package/dist/index.d.ts +584 -39
- package/dist/index.js +257 -35
- package/dist/index.js.map +1 -1
- package/package.json +8 -4
package/dist/index.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import * as fp_ts_lib_Either from 'fp-ts/lib/Either';
|
|
2
2
|
import * as io_ts from 'io-ts';
|
|
3
|
-
import {
|
|
3
|
+
import { Type, TypeOf } from 'io-ts';
|
|
4
4
|
import { SigningAlgorithm } from '@dynamic-labs-wallet/core';
|
|
5
5
|
import { either } from 'fp-ts';
|
|
6
6
|
|
|
@@ -73,6 +73,267 @@ declare abstract class BaseMessage<TRuntime = any, TWire = any> implements IMess
|
|
|
73
73
|
getData(): TRuntime;
|
|
74
74
|
}
|
|
75
75
|
|
|
76
|
+
declare const Uint8ArrayCodec: Type<Uint8Array<ArrayBufferLike>, string, unknown>;
|
|
77
|
+
|
|
78
|
+
declare const Uint32ArrayCodec: Type<Uint32Array<ArrayBufferLike>, string, unknown>;
|
|
79
|
+
|
|
80
|
+
/**
|
|
81
|
+
* Generic encrypted payload structure for secure transmission
|
|
82
|
+
* Contains HKDF salt and AES-256-GCM encrypted payload
|
|
83
|
+
* Used for keyshares, keygen init, and other encrypted data
|
|
84
|
+
*/
|
|
85
|
+
declare const EncryptedPayloadCodec: io_ts.TypeC<{
|
|
86
|
+
salt: io_ts.Type<Uint8Array<ArrayBufferLike>, string, unknown>;
|
|
87
|
+
encryptedPayload: io_ts.Type<Uint8Array<ArrayBufferLike>, string, unknown>;
|
|
88
|
+
}>;
|
|
89
|
+
type EncryptedPayload = TypeOf<typeof EncryptedPayloadCodec>;
|
|
90
|
+
|
|
91
|
+
/**
|
|
92
|
+
* Trace Context for request tracing
|
|
93
|
+
*/
|
|
94
|
+
interface TraceContext {
|
|
95
|
+
traceId?: string;
|
|
96
|
+
startTime?: number;
|
|
97
|
+
}
|
|
98
|
+
/**
|
|
99
|
+
* Trace Context Codec - optional by default (allows undefined)
|
|
100
|
+
*/
|
|
101
|
+
declare const TraceContextCodec: io_ts.UnionC<[io_ts.PartialC<{
|
|
102
|
+
traceId: io_ts.StringC;
|
|
103
|
+
startTime: io_ts.NumberC;
|
|
104
|
+
}>, io_ts.UndefinedC]>;
|
|
105
|
+
|
|
106
|
+
/**
|
|
107
|
+
* Optional String Codec - validates string or undefined
|
|
108
|
+
*/
|
|
109
|
+
declare const OptionalStringCodec: io_ts.UnionC<[io_ts.StringC, io_ts.UndefinedC]>;
|
|
110
|
+
|
|
111
|
+
/**
|
|
112
|
+
* ReceiveKey Response Runtime Data
|
|
113
|
+
*/
|
|
114
|
+
interface ReceiveKeyResponseData {
|
|
115
|
+
keygenResult?: EncryptedPayload;
|
|
116
|
+
error?: WebSocketError;
|
|
117
|
+
}
|
|
118
|
+
/**
|
|
119
|
+
* ReceiveKey Response Wire Format
|
|
120
|
+
*/
|
|
121
|
+
interface ReceiveKeyResponseWire {
|
|
122
|
+
type: 'receiveKey_response';
|
|
123
|
+
version: 1;
|
|
124
|
+
keygenResult?: {
|
|
125
|
+
salt: string;
|
|
126
|
+
encryptedPayload: string;
|
|
127
|
+
};
|
|
128
|
+
error?: WebSocketError;
|
|
129
|
+
}
|
|
130
|
+
/**
|
|
131
|
+
* ReceiveKey Response Schema
|
|
132
|
+
*/
|
|
133
|
+
declare const ReceiveKeyResponseSchema: io_ts.Type<any, any, unknown>;
|
|
134
|
+
type ReceiveKeyResponse = TypeOf<typeof ReceiveKeyResponseSchema>;
|
|
135
|
+
/**
|
|
136
|
+
* ReceiveKey V1 Response Message Class
|
|
137
|
+
*/
|
|
138
|
+
declare const ReceiveKeyV1ResponseMessage: {
|
|
139
|
+
new (data: ReceiveKeyResponseData): {
|
|
140
|
+
readonly type: "receiveKey_response";
|
|
141
|
+
readonly version: 1;
|
|
142
|
+
encode(): ReceiveKeyResponseWire;
|
|
143
|
+
readonly data: ReceiveKeyResponseData;
|
|
144
|
+
getData(): ReceiveKeyResponseData;
|
|
145
|
+
};
|
|
146
|
+
readonly MESSAGE_TYPE: "receiveKey_response";
|
|
147
|
+
readonly MESSAGE_VERSION: 1;
|
|
148
|
+
readonly schema: io_ts.Type<any, any, unknown>;
|
|
149
|
+
decode(wireData: unknown): fp_ts_lib_Either.Either<io_ts.Errors, {
|
|
150
|
+
readonly type: "receiveKey_response";
|
|
151
|
+
readonly version: 1;
|
|
152
|
+
encode(): ReceiveKeyResponseWire;
|
|
153
|
+
readonly data: ReceiveKeyResponseData;
|
|
154
|
+
getData(): ReceiveKeyResponseData;
|
|
155
|
+
}>;
|
|
156
|
+
};
|
|
157
|
+
|
|
158
|
+
/**
|
|
159
|
+
* ReceiveKey Request Runtime Data
|
|
160
|
+
* Used for ExportableEd25519 key generation where one party receives the key
|
|
161
|
+
*/
|
|
162
|
+
interface ReceiveKeyRequestData {
|
|
163
|
+
relayDomain: string;
|
|
164
|
+
signingAlgo: 'ed25519';
|
|
165
|
+
roomUuid: string;
|
|
166
|
+
numParties: number;
|
|
167
|
+
threshold: number;
|
|
168
|
+
keygenInit: EncryptedPayload;
|
|
169
|
+
keygenIds: string[];
|
|
170
|
+
userId?: string;
|
|
171
|
+
environmentId?: string;
|
|
172
|
+
traceContext?: TraceContext;
|
|
173
|
+
}
|
|
174
|
+
/**
|
|
175
|
+
* ReceiveKey Request Wire Format
|
|
176
|
+
*/
|
|
177
|
+
interface ReceiveKeyRequestWire {
|
|
178
|
+
type: 'receiveKey';
|
|
179
|
+
version: 1;
|
|
180
|
+
relayDomain: string;
|
|
181
|
+
signingAlgo: 'ed25519';
|
|
182
|
+
roomUuid: string;
|
|
183
|
+
numParties: number;
|
|
184
|
+
threshold: number;
|
|
185
|
+
keygenInit: {
|
|
186
|
+
salt: string;
|
|
187
|
+
encryptedPayload: string;
|
|
188
|
+
};
|
|
189
|
+
keygenIds: string[];
|
|
190
|
+
userId?: string;
|
|
191
|
+
environmentId?: string;
|
|
192
|
+
traceContext?: TraceContext;
|
|
193
|
+
}
|
|
194
|
+
/**
|
|
195
|
+
* ReceiveKey V1 Request Schema
|
|
196
|
+
*/
|
|
197
|
+
declare const ReceiveKeyRequestSchema: io_ts.Type<any, any, unknown>;
|
|
198
|
+
type ReceiveKeyRequest = TypeOf<typeof ReceiveKeyRequestSchema>;
|
|
199
|
+
/**
|
|
200
|
+
* ReceiveKey V1 Request Message Class
|
|
201
|
+
* Represents a request to receive an exportable ED25519 key from another party
|
|
202
|
+
*/
|
|
203
|
+
declare const ReceiveKeyV1RequestMessage: {
|
|
204
|
+
new (data: ReceiveKeyRequestData): {
|
|
205
|
+
readonly type: "receiveKey";
|
|
206
|
+
readonly version: 1;
|
|
207
|
+
encode(): ReceiveKeyRequestWire;
|
|
208
|
+
readonly data: ReceiveKeyRequestData;
|
|
209
|
+
getData(): ReceiveKeyRequestData;
|
|
210
|
+
};
|
|
211
|
+
readonly MESSAGE_TYPE: "receiveKey";
|
|
212
|
+
readonly MESSAGE_VERSION: 1;
|
|
213
|
+
readonly schema: io_ts.Type<any, any, unknown>;
|
|
214
|
+
decode(wireData: unknown): fp_ts_lib_Either.Either<io_ts.Errors, {
|
|
215
|
+
readonly type: "receiveKey";
|
|
216
|
+
readonly version: 1;
|
|
217
|
+
encode(): ReceiveKeyRequestWire;
|
|
218
|
+
readonly data: ReceiveKeyRequestData;
|
|
219
|
+
getData(): ReceiveKeyRequestData;
|
|
220
|
+
}>;
|
|
221
|
+
};
|
|
222
|
+
|
|
223
|
+
/**
|
|
224
|
+
* Keygen Response Runtime Data
|
|
225
|
+
*/
|
|
226
|
+
interface KeygenResponseData {
|
|
227
|
+
keygenResult?: EncryptedPayload;
|
|
228
|
+
error?: WebSocketError;
|
|
229
|
+
}
|
|
230
|
+
/**
|
|
231
|
+
* Keygen Response Wire Format
|
|
232
|
+
*/
|
|
233
|
+
interface KeygenResponseWire {
|
|
234
|
+
type: 'keygen_response';
|
|
235
|
+
version: 1;
|
|
236
|
+
keygenResult?: {
|
|
237
|
+
salt: string;
|
|
238
|
+
encryptedPayload: string;
|
|
239
|
+
};
|
|
240
|
+
error?: WebSocketError;
|
|
241
|
+
}
|
|
242
|
+
/**
|
|
243
|
+
* Keygen Response Schema
|
|
244
|
+
*/
|
|
245
|
+
declare const KeygenResponseSchema: io_ts.Type<any, any, unknown>;
|
|
246
|
+
type KeygenResponse = TypeOf<typeof KeygenResponseSchema>;
|
|
247
|
+
/**
|
|
248
|
+
* Keygen V1 Response Message Class
|
|
249
|
+
*/
|
|
250
|
+
declare const KeygenV1ResponseMessage: {
|
|
251
|
+
new (data: KeygenResponseData): {
|
|
252
|
+
readonly type: "keygen_response";
|
|
253
|
+
readonly version: 1;
|
|
254
|
+
encode(): KeygenResponseWire;
|
|
255
|
+
readonly data: KeygenResponseData;
|
|
256
|
+
getData(): KeygenResponseData;
|
|
257
|
+
};
|
|
258
|
+
readonly MESSAGE_TYPE: "keygen_response";
|
|
259
|
+
readonly MESSAGE_VERSION: 1;
|
|
260
|
+
readonly schema: io_ts.Type<any, any, unknown>;
|
|
261
|
+
decode(wireData: unknown): fp_ts_lib_Either.Either<io_ts.Errors, {
|
|
262
|
+
readonly type: "keygen_response";
|
|
263
|
+
readonly version: 1;
|
|
264
|
+
encode(): KeygenResponseWire;
|
|
265
|
+
readonly data: KeygenResponseData;
|
|
266
|
+
getData(): KeygenResponseData;
|
|
267
|
+
}>;
|
|
268
|
+
};
|
|
269
|
+
|
|
270
|
+
/**
|
|
271
|
+
* Keygen Request Runtime Data
|
|
272
|
+
* Supports ECDSA and BIP340 algorithms only
|
|
273
|
+
* Note: ED25519 uses separate SampleKeyV1Request/ReceiveKeyV1Request messages
|
|
274
|
+
*/
|
|
275
|
+
interface KeygenRequestData {
|
|
276
|
+
relayDomain: string;
|
|
277
|
+
signingAlgo: SigningAlgorithm;
|
|
278
|
+
roomUuid: string;
|
|
279
|
+
numParties: number;
|
|
280
|
+
threshold: number;
|
|
281
|
+
keygenInit: EncryptedPayload;
|
|
282
|
+
keygenIds: string[];
|
|
283
|
+
userId?: string;
|
|
284
|
+
environmentId?: string;
|
|
285
|
+
traceContext?: TraceContext;
|
|
286
|
+
}
|
|
287
|
+
/**
|
|
288
|
+
* Keygen Request Wire Format
|
|
289
|
+
* Supports ECDSA and BIP340 algorithms only
|
|
290
|
+
* Note: ED25519 uses separate 'sampleKey'/'receiveKey' message types
|
|
291
|
+
*/
|
|
292
|
+
interface KeygenRequestWire {
|
|
293
|
+
type: 'keygen';
|
|
294
|
+
version: 1;
|
|
295
|
+
relayDomain: string;
|
|
296
|
+
signingAlgo: SigningAlgorithm;
|
|
297
|
+
roomUuid: string;
|
|
298
|
+
numParties: number;
|
|
299
|
+
threshold: number;
|
|
300
|
+
keygenInit: {
|
|
301
|
+
salt: string;
|
|
302
|
+
encryptedPayload: string;
|
|
303
|
+
};
|
|
304
|
+
keygenIds: string[];
|
|
305
|
+
userId?: string;
|
|
306
|
+
environmentId?: string;
|
|
307
|
+
traceContext?: TraceContext;
|
|
308
|
+
}
|
|
309
|
+
/**
|
|
310
|
+
* Keygen Request Schema
|
|
311
|
+
*/
|
|
312
|
+
declare const KeygenRequestSchema: io_ts.Type<any, any, unknown>;
|
|
313
|
+
type KeygenRequest = TypeOf<typeof KeygenRequestSchema>;
|
|
314
|
+
/**
|
|
315
|
+
* Keygen V1 Request Message Class
|
|
316
|
+
*/
|
|
317
|
+
declare const KeygenV1RequestMessage: {
|
|
318
|
+
new (data: KeygenRequestData): {
|
|
319
|
+
readonly type: "keygen";
|
|
320
|
+
readonly version: 1;
|
|
321
|
+
encode(): unknown;
|
|
322
|
+
readonly data: KeygenRequestData;
|
|
323
|
+
getData(): KeygenRequestData;
|
|
324
|
+
};
|
|
325
|
+
readonly MESSAGE_TYPE: "keygen";
|
|
326
|
+
readonly MESSAGE_VERSION: 1;
|
|
327
|
+
readonly schema: io_ts.Type<any, any, unknown>;
|
|
328
|
+
decode(wireData: unknown): fp_ts_lib_Either.Either<io_ts.Errors, {
|
|
329
|
+
readonly type: "keygen";
|
|
330
|
+
readonly version: 1;
|
|
331
|
+
encode(): unknown;
|
|
332
|
+
readonly data: KeygenRequestData;
|
|
333
|
+
getData(): KeygenRequestData;
|
|
334
|
+
}>;
|
|
335
|
+
};
|
|
336
|
+
|
|
76
337
|
/**
|
|
77
338
|
* Connection Acknowledgment Response Runtime Data
|
|
78
339
|
*/
|
|
@@ -204,40 +465,6 @@ declare const SignMessageV1ResponseMessage: {
|
|
|
204
465
|
}>;
|
|
205
466
|
};
|
|
206
467
|
|
|
207
|
-
declare const Uint8ArrayCodec: Type<Uint8Array<ArrayBufferLike>, string, unknown>;
|
|
208
|
-
|
|
209
|
-
declare const Uint32ArrayCodec: Type<Uint32Array<ArrayBufferLike>, string, unknown>;
|
|
210
|
-
|
|
211
|
-
/**
|
|
212
|
-
* Encrypted keyshare structure for secure transmission
|
|
213
|
-
* Contains HKDF salt and AES-256-GCM encrypted payload
|
|
214
|
-
*/
|
|
215
|
-
declare const EncryptedKeyshareCodec: io_ts.TypeC<{
|
|
216
|
-
salt: io_ts.Type<Uint8Array<ArrayBufferLike>, string, unknown>;
|
|
217
|
-
encryptedPayload: io_ts.Type<Uint8Array<ArrayBufferLike>, string, unknown>;
|
|
218
|
-
}>;
|
|
219
|
-
type EncryptedKeyshare = TypeOf<typeof EncryptedKeyshareCodec>;
|
|
220
|
-
|
|
221
|
-
/**
|
|
222
|
-
* Trace Context for request tracing
|
|
223
|
-
*/
|
|
224
|
-
interface TraceContext {
|
|
225
|
-
traceId?: string;
|
|
226
|
-
startTime?: number;
|
|
227
|
-
}
|
|
228
|
-
/**
|
|
229
|
-
* Trace Context Codec - optional by default (allows undefined)
|
|
230
|
-
*/
|
|
231
|
-
declare const TraceContextCodec: io_ts.UnionC<[io_ts.PartialC<{
|
|
232
|
-
traceId: io_ts.StringC;
|
|
233
|
-
startTime: io_ts.NumberC;
|
|
234
|
-
}>, io_ts.UndefinedC]>;
|
|
235
|
-
|
|
236
|
-
/**
|
|
237
|
-
* Optional String Codec - validates string or undefined
|
|
238
|
-
*/
|
|
239
|
-
declare const OptionalStringCodec: io_ts.UnionC<[io_ts.StringC, io_ts.UndefinedC]>;
|
|
240
|
-
|
|
241
468
|
/**
|
|
242
469
|
* Base secret share data (what gets encrypted)
|
|
243
470
|
*/
|
|
@@ -279,6 +506,22 @@ declare abstract class BaseSigningAlgorithm implements ISigningAlgorithm {
|
|
|
279
506
|
abstract processSignResult(result: any): Uint8Array;
|
|
280
507
|
}
|
|
281
508
|
|
|
509
|
+
/**
|
|
510
|
+
* ED25519 signing algorithm
|
|
511
|
+
*
|
|
512
|
+
* IMPORTANT: This uses Dynamic SDK's ExportableEd25519 implementation under the hood.
|
|
513
|
+
* When you call getMPCSignatureScheme(SigningAlgorithm.ED25519), you get ExportableEd25519.
|
|
514
|
+
*
|
|
515
|
+
* Key characteristics:
|
|
516
|
+
* - Uses sampleKey/receiveKey for keygen (one party samples, other receives)
|
|
517
|
+
* - Can export private keys
|
|
518
|
+
*
|
|
519
|
+
* DERIVATION PATH CAVEAT:
|
|
520
|
+
* - The schema accepts derivationPath for backwards compatibility
|
|
521
|
+
* - However, ExportableEd25519 does NOT support BIP32/BIP44 derivation in signing
|
|
522
|
+
* - If derivationPath is provided, it may be ignored or cause errors
|
|
523
|
+
* - See: https://docs.sodot.dev/sodot-docs/mpc-api/key-management/exportable-ed25519-keys
|
|
524
|
+
*/
|
|
282
525
|
interface Ed25519SignMessageSchema {
|
|
283
526
|
signingAlgo: 'ed25519';
|
|
284
527
|
derivationPath?: Uint32Array;
|
|
@@ -337,6 +580,9 @@ declare class EcdsaSigningAlgorithm extends BaseSigningAlgorithm {
|
|
|
337
580
|
/**
|
|
338
581
|
* 🎯 SINGLE SOURCE OF TRUTH - Add new algorithms here and everything else is automatic!
|
|
339
582
|
* This is the ONLY place you need to add new signing algorithms
|
|
583
|
+
*
|
|
584
|
+
* Maps 1:1 with Dynamic SDK's SigningAlgorithm enum (ECDSA, ED25519, BIP340)
|
|
585
|
+
* NOTE: ED25519 uses ExportableEd25519 implementation (no derivation support)
|
|
340
586
|
*/
|
|
341
587
|
declare const SIGNING_ALGORITHM_CLASSES: {
|
|
342
588
|
readonly ed25519: typeof Ed25519SigningAlgorithm;
|
|
@@ -438,7 +684,7 @@ interface SignMessageRequestData {
|
|
|
438
684
|
hashAlgo?: HashAlgorithm;
|
|
439
685
|
derivationPath?: Uint32Array;
|
|
440
686
|
tweak?: Uint8Array;
|
|
441
|
-
keyshare:
|
|
687
|
+
keyshare: EncryptedPayload;
|
|
442
688
|
message: Uint8Array | string;
|
|
443
689
|
roomUuid: string;
|
|
444
690
|
userId?: string;
|
|
@@ -704,6 +950,78 @@ declare class MessageRegistry {
|
|
|
704
950
|
readonly data: ConnectionAckResponseData;
|
|
705
951
|
getData(): ConnectionAckResponseData;
|
|
706
952
|
}>;
|
|
953
|
+
} | {
|
|
954
|
+
new (data: KeygenRequestData): {
|
|
955
|
+
readonly type: "keygen";
|
|
956
|
+
readonly version: 1;
|
|
957
|
+
encode(): unknown;
|
|
958
|
+
readonly data: KeygenRequestData;
|
|
959
|
+
getData(): KeygenRequestData;
|
|
960
|
+
};
|
|
961
|
+
readonly MESSAGE_TYPE: "keygen";
|
|
962
|
+
readonly MESSAGE_VERSION: 1;
|
|
963
|
+
readonly schema: io_ts.Type<any, any, unknown>;
|
|
964
|
+
decode(wireData: unknown): either.Either<io_ts.Errors, {
|
|
965
|
+
readonly type: "keygen";
|
|
966
|
+
readonly version: 1;
|
|
967
|
+
encode(): unknown;
|
|
968
|
+
readonly data: KeygenRequestData;
|
|
969
|
+
getData(): KeygenRequestData;
|
|
970
|
+
}>;
|
|
971
|
+
} | {
|
|
972
|
+
new (data: KeygenResponseData): {
|
|
973
|
+
readonly type: "keygen_response";
|
|
974
|
+
readonly version: 1;
|
|
975
|
+
encode(): KeygenResponseWire;
|
|
976
|
+
readonly data: KeygenResponseData;
|
|
977
|
+
getData(): KeygenResponseData;
|
|
978
|
+
};
|
|
979
|
+
readonly MESSAGE_TYPE: "keygen_response";
|
|
980
|
+
readonly MESSAGE_VERSION: 1;
|
|
981
|
+
readonly schema: io_ts.Type<any, any, unknown>;
|
|
982
|
+
decode(wireData: unknown): either.Either<io_ts.Errors, {
|
|
983
|
+
readonly type: "keygen_response";
|
|
984
|
+
readonly version: 1;
|
|
985
|
+
encode(): KeygenResponseWire;
|
|
986
|
+
readonly data: KeygenResponseData;
|
|
987
|
+
getData(): KeygenResponseData;
|
|
988
|
+
}>;
|
|
989
|
+
} | {
|
|
990
|
+
new (data: ReceiveKeyRequestData): {
|
|
991
|
+
readonly type: "receiveKey";
|
|
992
|
+
readonly version: 1;
|
|
993
|
+
encode(): ReceiveKeyRequestWire;
|
|
994
|
+
readonly data: ReceiveKeyRequestData;
|
|
995
|
+
getData(): ReceiveKeyRequestData;
|
|
996
|
+
};
|
|
997
|
+
readonly MESSAGE_TYPE: "receiveKey";
|
|
998
|
+
readonly MESSAGE_VERSION: 1;
|
|
999
|
+
readonly schema: io_ts.Type<any, any, unknown>;
|
|
1000
|
+
decode(wireData: unknown): either.Either<io_ts.Errors, {
|
|
1001
|
+
readonly type: "receiveKey";
|
|
1002
|
+
readonly version: 1;
|
|
1003
|
+
encode(): ReceiveKeyRequestWire;
|
|
1004
|
+
readonly data: ReceiveKeyRequestData;
|
|
1005
|
+
getData(): ReceiveKeyRequestData;
|
|
1006
|
+
}>;
|
|
1007
|
+
} | {
|
|
1008
|
+
new (data: ReceiveKeyResponseData): {
|
|
1009
|
+
readonly type: "receiveKey_response";
|
|
1010
|
+
readonly version: 1;
|
|
1011
|
+
encode(): ReceiveKeyResponseWire;
|
|
1012
|
+
readonly data: ReceiveKeyResponseData;
|
|
1013
|
+
getData(): ReceiveKeyResponseData;
|
|
1014
|
+
};
|
|
1015
|
+
readonly MESSAGE_TYPE: "receiveKey_response";
|
|
1016
|
+
readonly MESSAGE_VERSION: 1;
|
|
1017
|
+
readonly schema: io_ts.Type<any, any, unknown>;
|
|
1018
|
+
decode(wireData: unknown): either.Either<io_ts.Errors, {
|
|
1019
|
+
readonly type: "receiveKey_response";
|
|
1020
|
+
readonly version: 1;
|
|
1021
|
+
encode(): ReceiveKeyResponseWire;
|
|
1022
|
+
readonly data: ReceiveKeyResponseData;
|
|
1023
|
+
getData(): ReceiveKeyResponseData;
|
|
1024
|
+
}>;
|
|
707
1025
|
} | undefined;
|
|
708
1026
|
/**
|
|
709
1027
|
* Create a message instance from wire data (using derived message classes)
|
|
@@ -839,6 +1157,82 @@ declare const ALL_MESSAGE_CLASSES: {
|
|
|
839
1157
|
getData(): ConnectionAckResponseData;
|
|
840
1158
|
}>;
|
|
841
1159
|
};
|
|
1160
|
+
readonly 'keygen@1': {
|
|
1161
|
+
new (data: KeygenRequestData): {
|
|
1162
|
+
readonly type: "keygen";
|
|
1163
|
+
readonly version: 1;
|
|
1164
|
+
encode(): unknown;
|
|
1165
|
+
readonly data: KeygenRequestData;
|
|
1166
|
+
getData(): KeygenRequestData;
|
|
1167
|
+
};
|
|
1168
|
+
readonly MESSAGE_TYPE: "keygen";
|
|
1169
|
+
readonly MESSAGE_VERSION: 1;
|
|
1170
|
+
readonly schema: io_ts.Type<any, any, unknown>;
|
|
1171
|
+
decode(wireData: unknown): fp_ts_lib_Either.Either<io_ts.Errors, {
|
|
1172
|
+
readonly type: "keygen";
|
|
1173
|
+
readonly version: 1;
|
|
1174
|
+
encode(): unknown;
|
|
1175
|
+
readonly data: KeygenRequestData;
|
|
1176
|
+
getData(): KeygenRequestData;
|
|
1177
|
+
}>;
|
|
1178
|
+
};
|
|
1179
|
+
readonly 'keygen_response@1': {
|
|
1180
|
+
new (data: KeygenResponseData): {
|
|
1181
|
+
readonly type: "keygen_response";
|
|
1182
|
+
readonly version: 1;
|
|
1183
|
+
encode(): KeygenResponseWire;
|
|
1184
|
+
readonly data: KeygenResponseData;
|
|
1185
|
+
getData(): KeygenResponseData;
|
|
1186
|
+
};
|
|
1187
|
+
readonly MESSAGE_TYPE: "keygen_response";
|
|
1188
|
+
readonly MESSAGE_VERSION: 1;
|
|
1189
|
+
readonly schema: io_ts.Type<any, any, unknown>;
|
|
1190
|
+
decode(wireData: unknown): fp_ts_lib_Either.Either<io_ts.Errors, {
|
|
1191
|
+
readonly type: "keygen_response";
|
|
1192
|
+
readonly version: 1;
|
|
1193
|
+
encode(): KeygenResponseWire;
|
|
1194
|
+
readonly data: KeygenResponseData;
|
|
1195
|
+
getData(): KeygenResponseData;
|
|
1196
|
+
}>;
|
|
1197
|
+
};
|
|
1198
|
+
readonly 'receiveKey@1': {
|
|
1199
|
+
new (data: ReceiveKeyRequestData): {
|
|
1200
|
+
readonly type: "receiveKey";
|
|
1201
|
+
readonly version: 1;
|
|
1202
|
+
encode(): ReceiveKeyRequestWire;
|
|
1203
|
+
readonly data: ReceiveKeyRequestData;
|
|
1204
|
+
getData(): ReceiveKeyRequestData;
|
|
1205
|
+
};
|
|
1206
|
+
readonly MESSAGE_TYPE: "receiveKey";
|
|
1207
|
+
readonly MESSAGE_VERSION: 1;
|
|
1208
|
+
readonly schema: io_ts.Type<any, any, unknown>;
|
|
1209
|
+
decode(wireData: unknown): fp_ts_lib_Either.Either<io_ts.Errors, {
|
|
1210
|
+
readonly type: "receiveKey";
|
|
1211
|
+
readonly version: 1;
|
|
1212
|
+
encode(): ReceiveKeyRequestWire;
|
|
1213
|
+
readonly data: ReceiveKeyRequestData;
|
|
1214
|
+
getData(): ReceiveKeyRequestData;
|
|
1215
|
+
}>;
|
|
1216
|
+
};
|
|
1217
|
+
readonly 'receiveKey_response@1': {
|
|
1218
|
+
new (data: ReceiveKeyResponseData): {
|
|
1219
|
+
readonly type: "receiveKey_response";
|
|
1220
|
+
readonly version: 1;
|
|
1221
|
+
encode(): ReceiveKeyResponseWire;
|
|
1222
|
+
readonly data: ReceiveKeyResponseData;
|
|
1223
|
+
getData(): ReceiveKeyResponseData;
|
|
1224
|
+
};
|
|
1225
|
+
readonly MESSAGE_TYPE: "receiveKey_response";
|
|
1226
|
+
readonly MESSAGE_VERSION: 1;
|
|
1227
|
+
readonly schema: io_ts.Type<any, any, unknown>;
|
|
1228
|
+
decode(wireData: unknown): fp_ts_lib_Either.Either<io_ts.Errors, {
|
|
1229
|
+
readonly type: "receiveKey_response";
|
|
1230
|
+
readonly version: 1;
|
|
1231
|
+
encode(): ReceiveKeyResponseWire;
|
|
1232
|
+
readonly data: ReceiveKeyResponseData;
|
|
1233
|
+
getData(): ReceiveKeyResponseData;
|
|
1234
|
+
}>;
|
|
1235
|
+
};
|
|
842
1236
|
};
|
|
843
1237
|
/**
|
|
844
1238
|
* Derive message type union from classes
|
|
@@ -959,6 +1353,78 @@ declare function getMessageClass(type: string, version: number): {
|
|
|
959
1353
|
readonly data: ConnectionAckResponseData;
|
|
960
1354
|
getData(): ConnectionAckResponseData;
|
|
961
1355
|
}>;
|
|
1356
|
+
} | {
|
|
1357
|
+
new (data: KeygenRequestData): {
|
|
1358
|
+
readonly type: "keygen";
|
|
1359
|
+
readonly version: 1;
|
|
1360
|
+
encode(): unknown;
|
|
1361
|
+
readonly data: KeygenRequestData;
|
|
1362
|
+
getData(): KeygenRequestData;
|
|
1363
|
+
};
|
|
1364
|
+
readonly MESSAGE_TYPE: "keygen";
|
|
1365
|
+
readonly MESSAGE_VERSION: 1;
|
|
1366
|
+
readonly schema: io_ts.Type<any, any, unknown>;
|
|
1367
|
+
decode(wireData: unknown): fp_ts_lib_Either.Either<io_ts.Errors, {
|
|
1368
|
+
readonly type: "keygen";
|
|
1369
|
+
readonly version: 1;
|
|
1370
|
+
encode(): unknown;
|
|
1371
|
+
readonly data: KeygenRequestData;
|
|
1372
|
+
getData(): KeygenRequestData;
|
|
1373
|
+
}>;
|
|
1374
|
+
} | {
|
|
1375
|
+
new (data: KeygenResponseData): {
|
|
1376
|
+
readonly type: "keygen_response";
|
|
1377
|
+
readonly version: 1;
|
|
1378
|
+
encode(): KeygenResponseWire;
|
|
1379
|
+
readonly data: KeygenResponseData;
|
|
1380
|
+
getData(): KeygenResponseData;
|
|
1381
|
+
};
|
|
1382
|
+
readonly MESSAGE_TYPE: "keygen_response";
|
|
1383
|
+
readonly MESSAGE_VERSION: 1;
|
|
1384
|
+
readonly schema: io_ts.Type<any, any, unknown>;
|
|
1385
|
+
decode(wireData: unknown): fp_ts_lib_Either.Either<io_ts.Errors, {
|
|
1386
|
+
readonly type: "keygen_response";
|
|
1387
|
+
readonly version: 1;
|
|
1388
|
+
encode(): KeygenResponseWire;
|
|
1389
|
+
readonly data: KeygenResponseData;
|
|
1390
|
+
getData(): KeygenResponseData;
|
|
1391
|
+
}>;
|
|
1392
|
+
} | {
|
|
1393
|
+
new (data: ReceiveKeyRequestData): {
|
|
1394
|
+
readonly type: "receiveKey";
|
|
1395
|
+
readonly version: 1;
|
|
1396
|
+
encode(): ReceiveKeyRequestWire;
|
|
1397
|
+
readonly data: ReceiveKeyRequestData;
|
|
1398
|
+
getData(): ReceiveKeyRequestData;
|
|
1399
|
+
};
|
|
1400
|
+
readonly MESSAGE_TYPE: "receiveKey";
|
|
1401
|
+
readonly MESSAGE_VERSION: 1;
|
|
1402
|
+
readonly schema: io_ts.Type<any, any, unknown>;
|
|
1403
|
+
decode(wireData: unknown): fp_ts_lib_Either.Either<io_ts.Errors, {
|
|
1404
|
+
readonly type: "receiveKey";
|
|
1405
|
+
readonly version: 1;
|
|
1406
|
+
encode(): ReceiveKeyRequestWire;
|
|
1407
|
+
readonly data: ReceiveKeyRequestData;
|
|
1408
|
+
getData(): ReceiveKeyRequestData;
|
|
1409
|
+
}>;
|
|
1410
|
+
} | {
|
|
1411
|
+
new (data: ReceiveKeyResponseData): {
|
|
1412
|
+
readonly type: "receiveKey_response";
|
|
1413
|
+
readonly version: 1;
|
|
1414
|
+
encode(): ReceiveKeyResponseWire;
|
|
1415
|
+
readonly data: ReceiveKeyResponseData;
|
|
1416
|
+
getData(): ReceiveKeyResponseData;
|
|
1417
|
+
};
|
|
1418
|
+
readonly MESSAGE_TYPE: "receiveKey_response";
|
|
1419
|
+
readonly MESSAGE_VERSION: 1;
|
|
1420
|
+
readonly schema: io_ts.Type<any, any, unknown>;
|
|
1421
|
+
decode(wireData: unknown): fp_ts_lib_Either.Either<io_ts.Errors, {
|
|
1422
|
+
readonly type: "receiveKey_response";
|
|
1423
|
+
readonly version: 1;
|
|
1424
|
+
encode(): ReceiveKeyResponseWire;
|
|
1425
|
+
readonly data: ReceiveKeyResponseData;
|
|
1426
|
+
getData(): ReceiveKeyResponseData;
|
|
1427
|
+
}>;
|
|
962
1428
|
};
|
|
963
1429
|
/**
|
|
964
1430
|
* Type-safe check if message type exists
|
|
@@ -995,6 +1461,15 @@ declare const AES_256_GCM_KEY_SIZE = 32;
|
|
|
995
1461
|
declare const AES_256_GCM_NONCE_SIZE = 12;
|
|
996
1462
|
declare const AES_256_GCM_TAG_SIZE = 16;
|
|
997
1463
|
declare const HKDF_SALT_SIZE = 32;
|
|
1464
|
+
/**
|
|
1465
|
+
* Encryption purpose enum to prevent typos and ensure consistency
|
|
1466
|
+
*/
|
|
1467
|
+
declare enum EncryptionPurpose {
|
|
1468
|
+
KEYSHARE = "keyshare",
|
|
1469
|
+
KEYGEN_INIT = "keygen_init",
|
|
1470
|
+
KEYGEN_RESULT = "keygen_result",
|
|
1471
|
+
TEST = "test"
|
|
1472
|
+
}
|
|
998
1473
|
/**
|
|
999
1474
|
* Derive AES-256 key from ML-KEM shared secret using HKDF
|
|
1000
1475
|
* Following NIST SP 800-56C recommendations
|
|
@@ -1003,7 +1478,50 @@ declare function deriveAESKey(sharedSecret: Uint8Array, salt: Uint8Array, info:
|
|
|
1003
1478
|
/**
|
|
1004
1479
|
* Create standardized context info for HKDF
|
|
1005
1480
|
*/
|
|
1006
|
-
declare function createKeyDerivationInfo(purpose:
|
|
1481
|
+
declare function createKeyDerivationInfo(purpose: EncryptionPurpose, connectionId: string, version?: number): string;
|
|
1482
|
+
|
|
1483
|
+
/**
|
|
1484
|
+
* Options for encrypting a payload
|
|
1485
|
+
*/
|
|
1486
|
+
interface EncryptPayloadOptions {
|
|
1487
|
+
/** The data to encrypt (will be JSON stringified) */
|
|
1488
|
+
payload: unknown;
|
|
1489
|
+
/** ML-KEM shared secret from handshake (min 32 bytes) */
|
|
1490
|
+
sharedSecret: Uint8Array;
|
|
1491
|
+
/** Unique connection identifier (non-empty) */
|
|
1492
|
+
connectionId: string;
|
|
1493
|
+
/** Purpose for HKDF context (prevents key reuse across contexts) */
|
|
1494
|
+
purpose: EncryptionPurpose;
|
|
1495
|
+
}
|
|
1496
|
+
/**
|
|
1497
|
+
* Generic payload encryption using AES-256-GCM with ML-KEM derived key
|
|
1498
|
+
*
|
|
1499
|
+
* @param options - Encryption options
|
|
1500
|
+
* @returns Encrypted payload with salt and encrypted data
|
|
1501
|
+
* @throws Error if inputs are invalid or encryption fails
|
|
1502
|
+
*/
|
|
1503
|
+
declare function encryptPayload(options: EncryptPayloadOptions): EncryptedPayload;
|
|
1504
|
+
/**
|
|
1505
|
+
* Options for decrypting a payload
|
|
1506
|
+
*/
|
|
1507
|
+
interface DecryptPayloadOptions {
|
|
1508
|
+
/** Encrypted payload with salt and encrypted data */
|
|
1509
|
+
encrypted: EncryptedPayload;
|
|
1510
|
+
/** ML-KEM shared secret from handshake (min 32 bytes) */
|
|
1511
|
+
sharedSecret: Uint8Array;
|
|
1512
|
+
/** Unique connection identifier (non-empty) */
|
|
1513
|
+
connectionId: string;
|
|
1514
|
+
/** Purpose for HKDF context (must match encryption) */
|
|
1515
|
+
purpose: EncryptionPurpose;
|
|
1516
|
+
}
|
|
1517
|
+
/**
|
|
1518
|
+
* Generic payload decryption using AES-256-GCM with ML-KEM derived key
|
|
1519
|
+
*
|
|
1520
|
+
* @param options - Decryption options
|
|
1521
|
+
* @returns Decrypted and parsed JSON data
|
|
1522
|
+
* @throws Error if inputs are invalid or decryption fails
|
|
1523
|
+
*/
|
|
1524
|
+
declare function decryptPayload<T = any>(options: DecryptPayloadOptions): T;
|
|
1007
1525
|
|
|
1008
1526
|
/**
|
|
1009
1527
|
* Encrypt keyshare using AES-256-GCM with ML-KEM derived key
|
|
@@ -1014,7 +1532,34 @@ declare function createKeyDerivationInfo(purpose: 'keyshare' | 'hmac', connectio
|
|
|
1014
1532
|
* @param signingAlgorithm - Algorithm name for context
|
|
1015
1533
|
* @returns Encrypted keyshare with salt and encrypted payload
|
|
1016
1534
|
*/
|
|
1017
|
-
declare function encryptKeyshare(keyshare: any, sharedSecret: Uint8Array, connectionId: string, signingAlgorithm: SigningAlgorithmName):
|
|
1535
|
+
declare function encryptKeyshare(keyshare: any, sharedSecret: Uint8Array, connectionId: string, signingAlgorithm: SigningAlgorithmName): EncryptedPayload;
|
|
1536
|
+
|
|
1537
|
+
/**
|
|
1538
|
+
* Encrypt keygen init data (keygenId + keygenSecret)
|
|
1539
|
+
*
|
|
1540
|
+
* @param keygenInit - The keygen init object with keygenId and keygenSecret
|
|
1541
|
+
* @param sharedSecret - ML-KEM shared secret from handshake
|
|
1542
|
+
* @param connectionId - Unique connection identifier
|
|
1543
|
+
* @returns Encrypted keygen init with salt and encrypted payload
|
|
1544
|
+
* @throws Error if keygenInit contains empty or invalid fields
|
|
1545
|
+
*/
|
|
1546
|
+
declare function encryptKeygenInit(keygenInit: {
|
|
1547
|
+
keygenId: string;
|
|
1548
|
+
keygenSecret: string;
|
|
1549
|
+
}, sharedSecret: Uint8Array, connectionId: string): EncryptedPayload;
|
|
1550
|
+
/**
|
|
1551
|
+
* Decrypt keygen result (pubkey + secretShare)
|
|
1552
|
+
*
|
|
1553
|
+
* @param encrypted - Encrypted keygen result from server
|
|
1554
|
+
* @param sharedSecret - ML-KEM shared secret from handshake
|
|
1555
|
+
* @param connectionId - Unique connection identifier
|
|
1556
|
+
* @returns Decrypted keygen result with pubkey and secretShare
|
|
1557
|
+
* @throws Error if decrypted data is missing required fields or has invalid types
|
|
1558
|
+
*/
|
|
1559
|
+
declare function decryptKeygenResult(encrypted: EncryptedPayload, sharedSecret: Uint8Array, connectionId: string): {
|
|
1560
|
+
pubkey: Uint8Array;
|
|
1561
|
+
secretShare: string;
|
|
1562
|
+
};
|
|
1018
1563
|
|
|
1019
1564
|
/**
|
|
1020
1565
|
* Asserts that a value is defined (not null or undefined)
|
|
@@ -1055,4 +1600,4 @@ declare class SigningAlgorithmRegistry {
|
|
|
1055
1600
|
}
|
|
1056
1601
|
declare const signingAlgorithmRegistry: SigningAlgorithmRegistry;
|
|
1057
1602
|
|
|
1058
|
-
export { AES_256_GCM_KEY_SIZE, AES_256_GCM_NONCE_SIZE, AES_256_GCM_TAG_SIZE, ALGORITHMS, ALL_MESSAGE_CLASSES, ALL_MESSAGE_KEYS, ALL_SIGNING_ALGORITHM_NAMES, ALL_SIGNING_ALGORITHM_SCHEMA, type AllMessageTypes, type AllSigningAlgorithmSchemas, BIP340SigningAlgorithm, BaseMessage, BaseSigningAlgorithm, type BaseWebSocketMessage, type ConnectionAckRequest, type ConnectionAckRequestData, ConnectionAckRequestSchema, type ConnectionAckRequestWire, type ConnectionAckResponse, type ConnectionAckResponseData, ConnectionAckResponseSchema, type ConnectionAckResponseWire, ConnectionAckV1RequestMessage, ConnectionAckV1ResponseMessage, type DecryptedSecretShare, EcdsaSigningAlgorithm, Ed25519SigningAlgorithm, type
|
|
1603
|
+
export { AES_256_GCM_KEY_SIZE, AES_256_GCM_NONCE_SIZE, AES_256_GCM_TAG_SIZE, ALGORITHMS, ALL_MESSAGE_CLASSES, ALL_MESSAGE_KEYS, ALL_SIGNING_ALGORITHM_NAMES, ALL_SIGNING_ALGORITHM_SCHEMA, type AllMessageTypes, type AllSigningAlgorithmSchemas, BIP340SigningAlgorithm, BaseMessage, BaseSigningAlgorithm, type BaseWebSocketMessage, type ConnectionAckRequest, type ConnectionAckRequestData, ConnectionAckRequestSchema, type ConnectionAckRequestWire, type ConnectionAckResponse, type ConnectionAckResponseData, ConnectionAckResponseSchema, type ConnectionAckResponseWire, ConnectionAckV1RequestMessage, ConnectionAckV1ResponseMessage, type DecryptPayloadOptions, type DecryptedSecretShare, EcdsaSigningAlgorithm, Ed25519SigningAlgorithm, type EncryptPayloadOptions, type EncryptedPayload, EncryptedPayloadCodec, EncryptionPurpose, type ErrorResponse, HKDF_SALT_SIZE, type HandshakeRequest, type HandshakeRequestData, HandshakeRequestSchema, type HandshakeRequestWire, type HandshakeResponse, type HandshakeResponseData, HandshakeResponseSchema, type HandshakeResponseWire, HandshakeV1RequestMessage, HandshakeV1ResponseMessage, type HashAlgorithm, type IMessage, type ISigningAlgorithm, type KeygenRequest, type KeygenRequestData, KeygenRequestSchema, type KeygenRequestWire, type KeygenResponse, type KeygenResponseData, KeygenResponseSchema, type KeygenResponseWire, KeygenV1RequestMessage, KeygenV1ResponseMessage, MessageRegistry, OptionalStringCodec, type ReceiveKeyRequest, type ReceiveKeyRequestData, ReceiveKeyRequestSchema, type ReceiveKeyRequestWire, type ReceiveKeyResponse, type ReceiveKeyResponseData, ReceiveKeyResponseSchema, type ReceiveKeyResponseWire, ReceiveKeyV1RequestMessage, ReceiveKeyV1ResponseMessage, SIGNING_ALGORITHM_CLASSES, SIGNING_ALGORITHM_INSTANCES, type SecretShareData, type SignMessageRequest, type SignMessageRequestData, SignMessageRequestSchema, type SignMessageRequestWire, type SignMessageResponse, type SignMessageResponseData, SignMessageResponseSchema, type SignMessageResponseWire, SignMessageV1RequestMessage, SignMessageV1ResponseMessage, SignatureAlgoSchema, type SigningAlgorithmName, type SigningAlgorithmSchemaFor, type AllSigningAlgorithmSchemas as SigningAlgorithmSchemas, type TraceContext, TraceContextCodec, Uint32ArrayCodec, Uint8ArrayCodec, type WebSocketConnectionInfo, type WebSocketError, WebSocketErrorType, assertDefined, assertNotNull, createKeyDerivationInfo, createKeygenResultFromSecretShare, decapsulateMlKem768, decryptKeygenResult, decryptPayload, deriveAESKey, encapsulateMlKem768, encryptKeygenInit, encryptKeyshare, encryptPayload, fromDynamicSigningAlgorithm, generateMlKem768Keypair, getAllSupportedMessages, getDefined, getMessageClass, isValidMessageType, isValidSigningAlgorithm, messageRegistry, parseMessageKey, signingAlgorithmRegistry, toDynamicSigningAlgorithm };
|