@dynamic-labs-wallet/forward-mpc-shared 0.6.0 → 0.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +76 -27
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +32 -34
- package/dist/index.d.ts +32 -34
- package/dist/index.js +69 -23
- package/dist/index.js.map +1 -1
- package/package.json +4 -5
package/dist/index.cjs
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
var fpTs = require('fp-ts');
|
|
4
4
|
var ioTs = require('io-ts');
|
|
5
5
|
var utils_js = require('@noble/hashes/utils.js');
|
|
6
|
-
var
|
|
6
|
+
var primitives = require('@dynamic-labs-wallet/primitives');
|
|
7
7
|
var mlKem_js = require('@noble/post-quantum/ml-kem.js');
|
|
8
8
|
var hkdf_js = require('@noble/hashes/hkdf.js');
|
|
9
9
|
var sha2_js = require('@noble/hashes/sha2.js');
|
|
@@ -100,6 +100,57 @@ var OptionalStringCodec = ioTs.union([
|
|
|
100
100
|
ioTs.string,
|
|
101
101
|
ioTs.undefined
|
|
102
102
|
]);
|
|
103
|
+
function BoundedIntCodec(name, min, max) {
|
|
104
|
+
return new ioTs.Type(name, (u) => typeof u === "number" && Number.isInteger(u) && u >= min && u <= max, (u, c) => {
|
|
105
|
+
if (typeof u !== "number") {
|
|
106
|
+
return ioTs.failure(u, c, `${name}: expected a number`);
|
|
107
|
+
}
|
|
108
|
+
if (!Number.isInteger(u)) {
|
|
109
|
+
return ioTs.failure(u, c, `${name}: expected an integer`);
|
|
110
|
+
}
|
|
111
|
+
if (u < min || u > max) {
|
|
112
|
+
return ioTs.failure(u, c, `${name}: value ${u} out of range [${min}, ${max}]`);
|
|
113
|
+
}
|
|
114
|
+
return ioTs.success(u);
|
|
115
|
+
}, (a) => a);
|
|
116
|
+
}
|
|
117
|
+
__name(BoundedIntCodec, "BoundedIntCodec");
|
|
118
|
+
var DomainCodec = new ioTs.Type("DomainCodec", (u) => typeof u === "string", (u, c) => {
|
|
119
|
+
if (typeof u !== "string") {
|
|
120
|
+
return ioTs.failure(u, c, "Value must be a string");
|
|
121
|
+
}
|
|
122
|
+
const domainPattern = /^[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*(?::\d{1,5})?$/;
|
|
123
|
+
if (!domainPattern.test(u)) {
|
|
124
|
+
return ioTs.failure(u, c, "Invalid domain format");
|
|
125
|
+
}
|
|
126
|
+
return ioTs.success(u);
|
|
127
|
+
}, ioTs.identity);
|
|
128
|
+
|
|
129
|
+
// src/codecs/RelayDomainCodec.ts
|
|
130
|
+
var BLOCKED_PATTERNS = [
|
|
131
|
+
/^localhost(:\d+)?$/i,
|
|
132
|
+
/^127\.\d{1,3}\.\d{1,3}\.\d{1,3}(:\d+)?$/,
|
|
133
|
+
/^0\.0\.0\.0(:\d+)?$/,
|
|
134
|
+
/^10\.\d{1,3}\.\d{1,3}\.\d{1,3}(:\d+)?$/,
|
|
135
|
+
/^172\.(1[6-9]|2\d|3[01])\.\d{1,3}\.\d{1,3}(:\d+)?$/,
|
|
136
|
+
/^192\.168\.\d{1,3}\.\d{1,3}(:\d+)?$/,
|
|
137
|
+
/^169\.254\.\d{1,3}\.\d{1,3}(:\d+)?$/,
|
|
138
|
+
/^\[::1\](:\d+)?$/,
|
|
139
|
+
/^\[fd[0-9a-f]{2}:/i,
|
|
140
|
+
/^\[fe80:/i,
|
|
141
|
+
/^instance-data\.ec2\.internal(:\d+)?$/i
|
|
142
|
+
];
|
|
143
|
+
var RelayDomainCodec = new ioTs.Type("RelayDomainCodec", (u) => typeof u === "string", (u, c) => {
|
|
144
|
+
const base = DomainCodec.decode(u);
|
|
145
|
+
if (base._tag === "Left") return base;
|
|
146
|
+
const domain = base.right;
|
|
147
|
+
for (const pattern of BLOCKED_PATTERNS) {
|
|
148
|
+
if (pattern.test(domain)) {
|
|
149
|
+
return ioTs.failure(u, c, "Relay domain must not be a private, loopback, or link-local address");
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
return ioTs.success(domain);
|
|
153
|
+
}, ioTs.identity);
|
|
103
154
|
function buildMessageSchema(messageType, version, additionalFields = {}, ...additionalSchemas) {
|
|
104
155
|
const schema = ioTs.type({
|
|
105
156
|
type: ioTs.literal(messageType),
|
|
@@ -378,9 +429,9 @@ function createKeygenResultFromSecretShare(algorithmName, secretShare) {
|
|
|
378
429
|
}
|
|
379
430
|
__name(createKeygenResultFromSecretShare, "createKeygenResultFromSecretShare");
|
|
380
431
|
var ALGORITHMS = {
|
|
381
|
-
[
|
|
432
|
+
[primitives.SigningAlgorithm.ECDSA]: {
|
|
382
433
|
name: "ecdsa",
|
|
383
|
-
dynamicEnum:
|
|
434
|
+
dynamicEnum: primitives.SigningAlgorithm.ECDSA,
|
|
384
435
|
className: "Ecdsa",
|
|
385
436
|
requiresHashAlgo: true,
|
|
386
437
|
supportsDerivationPath: true,
|
|
@@ -391,18 +442,18 @@ var ALGORITHMS = {
|
|
|
391
442
|
"keccak256"
|
|
392
443
|
]
|
|
393
444
|
},
|
|
394
|
-
[
|
|
445
|
+
[primitives.SigningAlgorithm.ED25519]: {
|
|
395
446
|
name: "ed25519",
|
|
396
|
-
dynamicEnum:
|
|
447
|
+
dynamicEnum: primitives.SigningAlgorithm.ED25519,
|
|
397
448
|
className: "Ed25519",
|
|
398
449
|
requiresHashAlgo: false,
|
|
399
450
|
supportsDerivationPath: true,
|
|
400
451
|
supportsTweak: false,
|
|
401
452
|
supportedHashAlgos: []
|
|
402
453
|
},
|
|
403
|
-
[
|
|
454
|
+
[primitives.SigningAlgorithm.BIP340]: {
|
|
404
455
|
name: "bip340",
|
|
405
|
-
dynamicEnum:
|
|
456
|
+
dynamicEnum: primitives.SigningAlgorithm.BIP340,
|
|
406
457
|
className: "BIP340",
|
|
407
458
|
requiresHashAlgo: false,
|
|
408
459
|
supportsDerivationPath: true,
|
|
@@ -437,16 +488,6 @@ var WebSocketCloseCode = {
|
|
|
437
488
|
/** Abnormal closure — no close frame (network drop, etc.). */
|
|
438
489
|
ABNORMAL: 1006
|
|
439
490
|
};
|
|
440
|
-
var DomainCodec = new ioTs.Type("DomainCodec", (u) => typeof u === "string", (u, c) => {
|
|
441
|
-
if (typeof u !== "string") {
|
|
442
|
-
return ioTs.failure(u, c, "Value must be a string");
|
|
443
|
-
}
|
|
444
|
-
const domainPattern = /^[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*(?::\d{1,5})?$/;
|
|
445
|
-
if (!domainPattern.test(u)) {
|
|
446
|
-
return ioTs.failure(u, c, "Invalid domain format");
|
|
447
|
-
}
|
|
448
|
-
return ioTs.success(u);
|
|
449
|
-
}, ioTs.identity);
|
|
450
491
|
var Uint8ArrayOrHexCodec = new ioTs.Type(
|
|
451
492
|
"Uint8ArrayOrHex",
|
|
452
493
|
(u) => u instanceof Uint8Array,
|
|
@@ -479,7 +520,7 @@ var Uint8ArrayOrHexCodec = new ioTs.Type(
|
|
|
479
520
|
|
|
480
521
|
// src/messages/SignMessageV1Request.ts
|
|
481
522
|
var SignMessageRequestSchema = buildMessageSchema("signMessage", 1, {
|
|
482
|
-
relayDomain:
|
|
523
|
+
relayDomain: RelayDomainCodec,
|
|
483
524
|
keyshare: EncryptedPayloadCodec,
|
|
484
525
|
message: Uint8ArrayOrHexCodec,
|
|
485
526
|
roomUuid: ioTs.string,
|
|
@@ -567,11 +608,14 @@ var ConnectionAckV1ResponseMessage = createSimpleMessage({
|
|
|
567
608
|
version: 1,
|
|
568
609
|
schema: ConnectionAckResponseSchema
|
|
569
610
|
});
|
|
611
|
+
var MAX_KEYGEN_PARTIES = 10;
|
|
612
|
+
var NumPartiesCodec = BoundedIntCodec("numParties", 2, MAX_KEYGEN_PARTIES);
|
|
613
|
+
var ThresholdCodec = BoundedIntCodec("threshold", 1, MAX_KEYGEN_PARTIES);
|
|
570
614
|
var BaseKeygenParamsCodec = ioTs.type({
|
|
571
|
-
relayDomain:
|
|
615
|
+
relayDomain: RelayDomainCodec,
|
|
572
616
|
roomUuid: ioTs.string,
|
|
573
|
-
numParties:
|
|
574
|
-
threshold:
|
|
617
|
+
numParties: NumPartiesCodec,
|
|
618
|
+
threshold: ThresholdCodec,
|
|
575
619
|
keygenInit: EncryptedPayloadCodec,
|
|
576
620
|
keygenIds: ioTs.array(ioTs.string),
|
|
577
621
|
userId: OptionalStringCodec,
|
|
@@ -591,10 +635,10 @@ var KeygenAlgoParamsCodec = ioTs.union([
|
|
|
591
635
|
BIP340KeygenParamsCodec
|
|
592
636
|
]);
|
|
593
637
|
var KeygenRequestSchema = buildMessageSchema("keygen", 1, {
|
|
594
|
-
relayDomain:
|
|
638
|
+
relayDomain: RelayDomainCodec,
|
|
595
639
|
roomUuid: ioTs.string,
|
|
596
|
-
numParties:
|
|
597
|
-
threshold:
|
|
640
|
+
numParties: NumPartiesCodec,
|
|
641
|
+
threshold: ThresholdCodec,
|
|
598
642
|
keygenInit: EncryptedPayloadCodec,
|
|
599
643
|
keygenIds: ioTs.array(ioTs.string),
|
|
600
644
|
userId: OptionalStringCodec,
|
|
@@ -644,12 +688,14 @@ var KeygenV1ResponseMessage = createStandardMessage({
|
|
|
644
688
|
error: decoded.error
|
|
645
689
|
}))
|
|
646
690
|
});
|
|
691
|
+
var NumPartiesCodec2 = BoundedIntCodec("numParties", 2, MAX_KEYGEN_PARTIES);
|
|
692
|
+
var ThresholdCodec2 = BoundedIntCodec("threshold", 1, MAX_KEYGEN_PARTIES);
|
|
647
693
|
var ReceiveKeyRequestSchema = buildMessageSchema("receiveKey", 1, {
|
|
648
|
-
relayDomain:
|
|
694
|
+
relayDomain: RelayDomainCodec,
|
|
649
695
|
signingAlgo: ioTs.literal("ed25519"),
|
|
650
696
|
roomUuid: ioTs.string,
|
|
651
|
-
numParties:
|
|
652
|
-
threshold:
|
|
697
|
+
numParties: NumPartiesCodec2,
|
|
698
|
+
threshold: ThresholdCodec2,
|
|
653
699
|
keygenInit: EncryptedPayloadCodec,
|
|
654
700
|
keygenIds: ioTs.array(ioTs.string),
|
|
655
701
|
userId: OptionalStringCodec,
|
|
@@ -1032,6 +1078,7 @@ exports.ALL_SIGNING_ALGORITHM_SCHEMA = ALL_SIGNING_ALGORITHM_SCHEMA;
|
|
|
1032
1078
|
exports.BIP340SigningAlgorithm = BIP340SigningAlgorithm;
|
|
1033
1079
|
exports.BaseMessage = BaseMessage;
|
|
1034
1080
|
exports.BaseSigningAlgorithm = BaseSigningAlgorithm;
|
|
1081
|
+
exports.BoundedIntCodec = BoundedIntCodec;
|
|
1035
1082
|
exports.ConnectionAckRequestSchema = ConnectionAckRequestSchema;
|
|
1036
1083
|
exports.ConnectionAckResponseSchema = ConnectionAckResponseSchema;
|
|
1037
1084
|
exports.ConnectionAckV1RequestMessage = ConnectionAckV1RequestMessage;
|
|
@@ -1049,12 +1096,14 @@ exports.KeygenRequestSchema = KeygenRequestSchema;
|
|
|
1049
1096
|
exports.KeygenResponseSchema = KeygenResponseSchema;
|
|
1050
1097
|
exports.KeygenV1RequestMessage = KeygenV1RequestMessage;
|
|
1051
1098
|
exports.KeygenV1ResponseMessage = KeygenV1ResponseMessage;
|
|
1099
|
+
exports.MAX_KEYGEN_PARTIES = MAX_KEYGEN_PARTIES;
|
|
1052
1100
|
exports.MessageRegistry = MessageRegistry;
|
|
1053
1101
|
exports.OptionalStringCodec = OptionalStringCodec;
|
|
1054
1102
|
exports.ReceiveKeyRequestSchema = ReceiveKeyRequestSchema;
|
|
1055
1103
|
exports.ReceiveKeyResponseSchema = ReceiveKeyResponseSchema;
|
|
1056
1104
|
exports.ReceiveKeyV1RequestMessage = ReceiveKeyV1RequestMessage;
|
|
1057
1105
|
exports.ReceiveKeyV1ResponseMessage = ReceiveKeyV1ResponseMessage;
|
|
1106
|
+
exports.RelayDomainCodec = RelayDomainCodec;
|
|
1058
1107
|
exports.SIGNING_ALGORITHM_CLASSES = SIGNING_ALGORITHM_CLASSES;
|
|
1059
1108
|
exports.SIGNING_ALGORITHM_INSTANCES = SIGNING_ALGORITHM_INSTANCES;
|
|
1060
1109
|
exports.SignMessageRequestSchema = SignMessageRequestSchema;
|