@dynamic-labs-wallet/forward-mpc-shared 0.6.0 → 0.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +76 -27
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +32 -34
- package/dist/index.d.ts +32 -34
- package/dist/index.js +69 -23
- package/dist/index.js.map +1 -1
- package/package.json +4 -5
package/dist/index.d.cts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import * as fp_ts_lib_Either from 'fp-ts/lib/Either';
|
|
2
2
|
import * as io_ts from 'io-ts';
|
|
3
3
|
import { Type, TypeOf } from 'io-ts';
|
|
4
|
-
import { SigningAlgorithm } from '@dynamic-labs-wallet/
|
|
4
|
+
import { SigningAlgorithm } from '@dynamic-labs-wallet/primitives';
|
|
5
5
|
import { either } from 'fp-ts';
|
|
6
6
|
|
|
7
7
|
/**
|
|
@@ -108,6 +108,18 @@ declare const TraceContextCodec: io_ts.UnionC<[io_ts.PartialC<{
|
|
|
108
108
|
*/
|
|
109
109
|
declare const OptionalStringCodec: io_ts.UnionC<[io_ts.StringC, io_ts.UndefinedC]>;
|
|
110
110
|
|
|
111
|
+
/**
|
|
112
|
+
* Creates an io-ts codec that validates an integer is within [min, max].
|
|
113
|
+
* Rejects non-integer numbers, NaN, and Infinity.
|
|
114
|
+
*/
|
|
115
|
+
declare function BoundedIntCodec(name: string, min: number, max: number): Type<number, number, unknown>;
|
|
116
|
+
|
|
117
|
+
/**
|
|
118
|
+
* Validates a relay domain: must be a well-formed domain (via DomainCodec)
|
|
119
|
+
* AND must not resolve to a private/loopback/link-local address.
|
|
120
|
+
*/
|
|
121
|
+
declare const RelayDomainCodec: Type<string, string, unknown>;
|
|
122
|
+
|
|
111
123
|
/**
|
|
112
124
|
* ReceiveKey Response Runtime Data
|
|
113
125
|
*/
|
|
@@ -191,9 +203,6 @@ interface ReceiveKeyRequestWire {
|
|
|
191
203
|
environmentId?: string;
|
|
192
204
|
traceContext?: TraceContext;
|
|
193
205
|
}
|
|
194
|
-
/**
|
|
195
|
-
* ReceiveKey V1 Request Schema
|
|
196
|
-
*/
|
|
197
206
|
declare const ReceiveKeyRequestSchema: io_ts.Type<any, any, unknown>;
|
|
198
207
|
type ReceiveKeyRequest = TypeOf<typeof ReceiveKeyRequestSchema>;
|
|
199
208
|
/**
|
|
@@ -267,6 +276,8 @@ declare const KeygenV1ResponseMessage: {
|
|
|
267
276
|
}>;
|
|
268
277
|
};
|
|
269
278
|
|
|
279
|
+
/** Upper bound for MPC party count — generous ceiling above any real ceremony. */
|
|
280
|
+
declare const MAX_KEYGEN_PARTIES = 10;
|
|
270
281
|
/**
|
|
271
282
|
* Keygen Request Runtime Data
|
|
272
283
|
* Supports ECDSA and BIP340 algorithms only
|
|
@@ -577,6 +588,11 @@ declare class EcdsaSigningAlgorithm extends BaseSigningAlgorithm {
|
|
|
577
588
|
processSignResult(_result: any): Uint8Array;
|
|
578
589
|
}
|
|
579
590
|
|
|
591
|
+
/**
|
|
592
|
+
* Author: Jesse
|
|
593
|
+
* Date: 2026-05-11
|
|
594
|
+
* **NOTE**: We can probably refactor this into waas-sdk somewhere like primitives packages.
|
|
595
|
+
*/
|
|
580
596
|
/**
|
|
581
597
|
* 🎯 SINGLE SOURCE OF TRUTH - Add new algorithms here and everything else is automatic!
|
|
582
598
|
* This is the ONLY place you need to add new signing algorithms
|
|
@@ -625,39 +641,21 @@ declare function isValidSigningAlgorithm(name: string): name is SigningAlgorithm
|
|
|
625
641
|
*/
|
|
626
642
|
declare function createKeygenResultFromSecretShare(algorithmName: SigningAlgorithmName, secretShare: string): any;
|
|
627
643
|
|
|
644
|
+
type SupportedSigningAlgorithm = Extract<SigningAlgorithm, SigningAlgorithm.ECDSA | SigningAlgorithm.ED25519 | SigningAlgorithm.BIP340>;
|
|
645
|
+
interface AlgorithmConfig {
|
|
646
|
+
name: SigningAlgorithmName;
|
|
647
|
+
dynamicEnum: SigningAlgorithm;
|
|
648
|
+
className: string;
|
|
649
|
+
requiresHashAlgo: boolean;
|
|
650
|
+
supportsDerivationPath: boolean;
|
|
651
|
+
supportsTweak: boolean;
|
|
652
|
+
supportedHashAlgos: string[];
|
|
653
|
+
}
|
|
628
654
|
/**
|
|
629
655
|
* Algorithm configurations for complex properties
|
|
630
656
|
* Maps Dynamic SDK enum values to our internal algorithm names
|
|
631
657
|
*/
|
|
632
|
-
declare const ALGORITHMS:
|
|
633
|
-
readonly ECDSA: {
|
|
634
|
-
readonly name: "ecdsa";
|
|
635
|
-
readonly dynamicEnum: SigningAlgorithm.ECDSA;
|
|
636
|
-
readonly className: "Ecdsa";
|
|
637
|
-
readonly requiresHashAlgo: true;
|
|
638
|
-
readonly supportsDerivationPath: true;
|
|
639
|
-
readonly supportsTweak: false;
|
|
640
|
-
readonly supportedHashAlgos: readonly ["sha256", "sha256d", "keccak256"];
|
|
641
|
-
};
|
|
642
|
-
readonly ED25519: {
|
|
643
|
-
readonly name: "ed25519";
|
|
644
|
-
readonly dynamicEnum: SigningAlgorithm.ED25519;
|
|
645
|
-
readonly className: "Ed25519";
|
|
646
|
-
readonly requiresHashAlgo: false;
|
|
647
|
-
readonly supportsDerivationPath: true;
|
|
648
|
-
readonly supportsTweak: false;
|
|
649
|
-
readonly supportedHashAlgos: readonly [];
|
|
650
|
-
};
|
|
651
|
-
readonly BIP340: {
|
|
652
|
-
readonly name: "bip340";
|
|
653
|
-
readonly dynamicEnum: SigningAlgorithm.BIP340;
|
|
654
|
-
readonly className: "BIP340";
|
|
655
|
-
readonly requiresHashAlgo: false;
|
|
656
|
-
readonly supportsDerivationPath: true;
|
|
657
|
-
readonly supportsTweak: true;
|
|
658
|
-
readonly supportedHashAlgos: readonly [];
|
|
659
|
-
};
|
|
660
|
-
};
|
|
658
|
+
declare const ALGORITHMS: Record<SupportedSigningAlgorithm, AlgorithmConfig>;
|
|
661
659
|
/**
|
|
662
660
|
* Type definitions - use Dynamic SDK's SigningAlgorithm enum
|
|
663
661
|
*/
|
|
@@ -1612,4 +1610,4 @@ declare class SigningAlgorithmRegistry {
|
|
|
1612
1610
|
}
|
|
1613
1611
|
declare const signingAlgorithmRegistry: SigningAlgorithmRegistry;
|
|
1614
1612
|
|
|
1615
|
-
export { AES_256_GCM_KEY_SIZE, AES_256_GCM_NONCE_SIZE, AES_256_GCM_TAG_SIZE, ALGORITHMS, ALL_MESSAGE_CLASSES, ALL_MESSAGE_KEYS, ALL_SIGNING_ALGORITHM_NAMES, ALL_SIGNING_ALGORITHM_SCHEMA, type AllMessageTypes, type AllSigningAlgorithmSchemas, BIP340SigningAlgorithm, BaseMessage, BaseSigningAlgorithm, type BaseWebSocketMessage, type ConnectionAckRequest, type ConnectionAckRequestData, ConnectionAckRequestSchema, type ConnectionAckRequestWire, type ConnectionAckResponse, type ConnectionAckResponseData, ConnectionAckResponseSchema, type ConnectionAckResponseWire, ConnectionAckV1RequestMessage, ConnectionAckV1ResponseMessage, type DecryptPayloadOptions, type DecryptedSecretShare, EcdsaSigningAlgorithm, Ed25519SigningAlgorithm, type EncryptPayloadOptions, type EncryptedPayload, EncryptedPayloadCodec, EncryptionPurpose, type ErrorResponse, HKDF_SALT_SIZE, type HandshakeRequest, type HandshakeRequestData, HandshakeRequestSchema, type HandshakeRequestWire, type HandshakeResponse, type HandshakeResponseData, HandshakeResponseSchema, type HandshakeResponseWire, HandshakeV1RequestMessage, HandshakeV1ResponseMessage, type HashAlgorithm, type IMessage, type ISigningAlgorithm, type KeygenRequest, type KeygenRequestData, KeygenRequestSchema, type KeygenRequestWire, type KeygenResponse, type KeygenResponseData, KeygenResponseSchema, type KeygenResponseWire, KeygenV1RequestMessage, KeygenV1ResponseMessage, MessageRegistry, OptionalStringCodec, type ReceiveKeyRequest, type ReceiveKeyRequestData, ReceiveKeyRequestSchema, type ReceiveKeyRequestWire, type ReceiveKeyResponse, type ReceiveKeyResponseData, ReceiveKeyResponseSchema, type ReceiveKeyResponseWire, ReceiveKeyV1RequestMessage, ReceiveKeyV1ResponseMessage, SIGNING_ALGORITHM_CLASSES, SIGNING_ALGORITHM_INSTANCES, type SecretShareData, type SignMessageRequest, type SignMessageRequestData, SignMessageRequestSchema, type SignMessageRequestWire, type SignMessageResponse, type SignMessageResponseData, SignMessageResponseSchema, type SignMessageResponseWire, SignMessageV1RequestMessage, SignMessageV1ResponseMessage, SignatureAlgoSchema, type SigningAlgorithmName, type SigningAlgorithmSchemaFor, type AllSigningAlgorithmSchemas as SigningAlgorithmSchemas, type TraceContext, TraceContextCodec, Uint32ArrayCodec, Uint8ArrayCodec, WebSocketCloseCode, type WebSocketConnectionInfo, type WebSocketError, WebSocketErrorType, assertDefined, assertNotNull, createKeyDerivationInfo, createKeygenResultFromSecretShare, decapsulateMlKem768, decryptKeygenResult, decryptPayload, deriveAESKey, encapsulateMlKem768, encryptKeygenInit, encryptKeyshare, encryptPayload, fromDynamicSigningAlgorithm, generateMlKem768Keypair, getAllSupportedMessages, getDefined, getMessageClass, isValidMessageType, isValidSigningAlgorithm, messageRegistry, parseMessageKey, signingAlgorithmRegistry, toDynamicSigningAlgorithm };
|
|
1613
|
+
export { AES_256_GCM_KEY_SIZE, AES_256_GCM_NONCE_SIZE, AES_256_GCM_TAG_SIZE, ALGORITHMS, ALL_MESSAGE_CLASSES, ALL_MESSAGE_KEYS, ALL_SIGNING_ALGORITHM_NAMES, ALL_SIGNING_ALGORITHM_SCHEMA, type AllMessageTypes, type AllSigningAlgorithmSchemas, BIP340SigningAlgorithm, BaseMessage, BaseSigningAlgorithm, type BaseWebSocketMessage, BoundedIntCodec, type ConnectionAckRequest, type ConnectionAckRequestData, ConnectionAckRequestSchema, type ConnectionAckRequestWire, type ConnectionAckResponse, type ConnectionAckResponseData, ConnectionAckResponseSchema, type ConnectionAckResponseWire, ConnectionAckV1RequestMessage, ConnectionAckV1ResponseMessage, type DecryptPayloadOptions, type DecryptedSecretShare, EcdsaSigningAlgorithm, Ed25519SigningAlgorithm, type EncryptPayloadOptions, type EncryptedPayload, EncryptedPayloadCodec, EncryptionPurpose, type ErrorResponse, HKDF_SALT_SIZE, type HandshakeRequest, type HandshakeRequestData, HandshakeRequestSchema, type HandshakeRequestWire, type HandshakeResponse, type HandshakeResponseData, HandshakeResponseSchema, type HandshakeResponseWire, HandshakeV1RequestMessage, HandshakeV1ResponseMessage, type HashAlgorithm, type IMessage, type ISigningAlgorithm, type KeygenRequest, type KeygenRequestData, KeygenRequestSchema, type KeygenRequestWire, type KeygenResponse, type KeygenResponseData, KeygenResponseSchema, type KeygenResponseWire, KeygenV1RequestMessage, KeygenV1ResponseMessage, MAX_KEYGEN_PARTIES, MessageRegistry, OptionalStringCodec, type ReceiveKeyRequest, type ReceiveKeyRequestData, ReceiveKeyRequestSchema, type ReceiveKeyRequestWire, type ReceiveKeyResponse, type ReceiveKeyResponseData, ReceiveKeyResponseSchema, type ReceiveKeyResponseWire, ReceiveKeyV1RequestMessage, ReceiveKeyV1ResponseMessage, RelayDomainCodec, SIGNING_ALGORITHM_CLASSES, SIGNING_ALGORITHM_INSTANCES, type SecretShareData, type SignMessageRequest, type SignMessageRequestData, SignMessageRequestSchema, type SignMessageRequestWire, type SignMessageResponse, type SignMessageResponseData, SignMessageResponseSchema, type SignMessageResponseWire, SignMessageV1RequestMessage, SignMessageV1ResponseMessage, SignatureAlgoSchema, type SigningAlgorithmName, type SigningAlgorithmSchemaFor, type AllSigningAlgorithmSchemas as SigningAlgorithmSchemas, type TraceContext, TraceContextCodec, Uint32ArrayCodec, Uint8ArrayCodec, WebSocketCloseCode, type WebSocketConnectionInfo, type WebSocketError, WebSocketErrorType, assertDefined, assertNotNull, createKeyDerivationInfo, createKeygenResultFromSecretShare, decapsulateMlKem768, decryptKeygenResult, decryptPayload, deriveAESKey, encapsulateMlKem768, encryptKeygenInit, encryptKeyshare, encryptPayload, fromDynamicSigningAlgorithm, generateMlKem768Keypair, getAllSupportedMessages, getDefined, getMessageClass, isValidMessageType, isValidSigningAlgorithm, messageRegistry, parseMessageKey, signingAlgorithmRegistry, toDynamicSigningAlgorithm };
|
package/dist/index.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import * as fp_ts_lib_Either from 'fp-ts/lib/Either';
|
|
2
2
|
import * as io_ts from 'io-ts';
|
|
3
3
|
import { Type, TypeOf } from 'io-ts';
|
|
4
|
-
import { SigningAlgorithm } from '@dynamic-labs-wallet/
|
|
4
|
+
import { SigningAlgorithm } from '@dynamic-labs-wallet/primitives';
|
|
5
5
|
import { either } from 'fp-ts';
|
|
6
6
|
|
|
7
7
|
/**
|
|
@@ -108,6 +108,18 @@ declare const TraceContextCodec: io_ts.UnionC<[io_ts.PartialC<{
|
|
|
108
108
|
*/
|
|
109
109
|
declare const OptionalStringCodec: io_ts.UnionC<[io_ts.StringC, io_ts.UndefinedC]>;
|
|
110
110
|
|
|
111
|
+
/**
|
|
112
|
+
* Creates an io-ts codec that validates an integer is within [min, max].
|
|
113
|
+
* Rejects non-integer numbers, NaN, and Infinity.
|
|
114
|
+
*/
|
|
115
|
+
declare function BoundedIntCodec(name: string, min: number, max: number): Type<number, number, unknown>;
|
|
116
|
+
|
|
117
|
+
/**
|
|
118
|
+
* Validates a relay domain: must be a well-formed domain (via DomainCodec)
|
|
119
|
+
* AND must not resolve to a private/loopback/link-local address.
|
|
120
|
+
*/
|
|
121
|
+
declare const RelayDomainCodec: Type<string, string, unknown>;
|
|
122
|
+
|
|
111
123
|
/**
|
|
112
124
|
* ReceiveKey Response Runtime Data
|
|
113
125
|
*/
|
|
@@ -191,9 +203,6 @@ interface ReceiveKeyRequestWire {
|
|
|
191
203
|
environmentId?: string;
|
|
192
204
|
traceContext?: TraceContext;
|
|
193
205
|
}
|
|
194
|
-
/**
|
|
195
|
-
* ReceiveKey V1 Request Schema
|
|
196
|
-
*/
|
|
197
206
|
declare const ReceiveKeyRequestSchema: io_ts.Type<any, any, unknown>;
|
|
198
207
|
type ReceiveKeyRequest = TypeOf<typeof ReceiveKeyRequestSchema>;
|
|
199
208
|
/**
|
|
@@ -267,6 +276,8 @@ declare const KeygenV1ResponseMessage: {
|
|
|
267
276
|
}>;
|
|
268
277
|
};
|
|
269
278
|
|
|
279
|
+
/** Upper bound for MPC party count — generous ceiling above any real ceremony. */
|
|
280
|
+
declare const MAX_KEYGEN_PARTIES = 10;
|
|
270
281
|
/**
|
|
271
282
|
* Keygen Request Runtime Data
|
|
272
283
|
* Supports ECDSA and BIP340 algorithms only
|
|
@@ -577,6 +588,11 @@ declare class EcdsaSigningAlgorithm extends BaseSigningAlgorithm {
|
|
|
577
588
|
processSignResult(_result: any): Uint8Array;
|
|
578
589
|
}
|
|
579
590
|
|
|
591
|
+
/**
|
|
592
|
+
* Author: Jesse
|
|
593
|
+
* Date: 2026-05-11
|
|
594
|
+
* **NOTE**: We can probably refactor this into waas-sdk somewhere like primitives packages.
|
|
595
|
+
*/
|
|
580
596
|
/**
|
|
581
597
|
* 🎯 SINGLE SOURCE OF TRUTH - Add new algorithms here and everything else is automatic!
|
|
582
598
|
* This is the ONLY place you need to add new signing algorithms
|
|
@@ -625,39 +641,21 @@ declare function isValidSigningAlgorithm(name: string): name is SigningAlgorithm
|
|
|
625
641
|
*/
|
|
626
642
|
declare function createKeygenResultFromSecretShare(algorithmName: SigningAlgorithmName, secretShare: string): any;
|
|
627
643
|
|
|
644
|
+
type SupportedSigningAlgorithm = Extract<SigningAlgorithm, SigningAlgorithm.ECDSA | SigningAlgorithm.ED25519 | SigningAlgorithm.BIP340>;
|
|
645
|
+
interface AlgorithmConfig {
|
|
646
|
+
name: SigningAlgorithmName;
|
|
647
|
+
dynamicEnum: SigningAlgorithm;
|
|
648
|
+
className: string;
|
|
649
|
+
requiresHashAlgo: boolean;
|
|
650
|
+
supportsDerivationPath: boolean;
|
|
651
|
+
supportsTweak: boolean;
|
|
652
|
+
supportedHashAlgos: string[];
|
|
653
|
+
}
|
|
628
654
|
/**
|
|
629
655
|
* Algorithm configurations for complex properties
|
|
630
656
|
* Maps Dynamic SDK enum values to our internal algorithm names
|
|
631
657
|
*/
|
|
632
|
-
declare const ALGORITHMS:
|
|
633
|
-
readonly ECDSA: {
|
|
634
|
-
readonly name: "ecdsa";
|
|
635
|
-
readonly dynamicEnum: SigningAlgorithm.ECDSA;
|
|
636
|
-
readonly className: "Ecdsa";
|
|
637
|
-
readonly requiresHashAlgo: true;
|
|
638
|
-
readonly supportsDerivationPath: true;
|
|
639
|
-
readonly supportsTweak: false;
|
|
640
|
-
readonly supportedHashAlgos: readonly ["sha256", "sha256d", "keccak256"];
|
|
641
|
-
};
|
|
642
|
-
readonly ED25519: {
|
|
643
|
-
readonly name: "ed25519";
|
|
644
|
-
readonly dynamicEnum: SigningAlgorithm.ED25519;
|
|
645
|
-
readonly className: "Ed25519";
|
|
646
|
-
readonly requiresHashAlgo: false;
|
|
647
|
-
readonly supportsDerivationPath: true;
|
|
648
|
-
readonly supportsTweak: false;
|
|
649
|
-
readonly supportedHashAlgos: readonly [];
|
|
650
|
-
};
|
|
651
|
-
readonly BIP340: {
|
|
652
|
-
readonly name: "bip340";
|
|
653
|
-
readonly dynamicEnum: SigningAlgorithm.BIP340;
|
|
654
|
-
readonly className: "BIP340";
|
|
655
|
-
readonly requiresHashAlgo: false;
|
|
656
|
-
readonly supportsDerivationPath: true;
|
|
657
|
-
readonly supportsTweak: true;
|
|
658
|
-
readonly supportedHashAlgos: readonly [];
|
|
659
|
-
};
|
|
660
|
-
};
|
|
658
|
+
declare const ALGORITHMS: Record<SupportedSigningAlgorithm, AlgorithmConfig>;
|
|
661
659
|
/**
|
|
662
660
|
* Type definitions - use Dynamic SDK's SigningAlgorithm enum
|
|
663
661
|
*/
|
|
@@ -1612,4 +1610,4 @@ declare class SigningAlgorithmRegistry {
|
|
|
1612
1610
|
}
|
|
1613
1611
|
declare const signingAlgorithmRegistry: SigningAlgorithmRegistry;
|
|
1614
1612
|
|
|
1615
|
-
export { AES_256_GCM_KEY_SIZE, AES_256_GCM_NONCE_SIZE, AES_256_GCM_TAG_SIZE, ALGORITHMS, ALL_MESSAGE_CLASSES, ALL_MESSAGE_KEYS, ALL_SIGNING_ALGORITHM_NAMES, ALL_SIGNING_ALGORITHM_SCHEMA, type AllMessageTypes, type AllSigningAlgorithmSchemas, BIP340SigningAlgorithm, BaseMessage, BaseSigningAlgorithm, type BaseWebSocketMessage, type ConnectionAckRequest, type ConnectionAckRequestData, ConnectionAckRequestSchema, type ConnectionAckRequestWire, type ConnectionAckResponse, type ConnectionAckResponseData, ConnectionAckResponseSchema, type ConnectionAckResponseWire, ConnectionAckV1RequestMessage, ConnectionAckV1ResponseMessage, type DecryptPayloadOptions, type DecryptedSecretShare, EcdsaSigningAlgorithm, Ed25519SigningAlgorithm, type EncryptPayloadOptions, type EncryptedPayload, EncryptedPayloadCodec, EncryptionPurpose, type ErrorResponse, HKDF_SALT_SIZE, type HandshakeRequest, type HandshakeRequestData, HandshakeRequestSchema, type HandshakeRequestWire, type HandshakeResponse, type HandshakeResponseData, HandshakeResponseSchema, type HandshakeResponseWire, HandshakeV1RequestMessage, HandshakeV1ResponseMessage, type HashAlgorithm, type IMessage, type ISigningAlgorithm, type KeygenRequest, type KeygenRequestData, KeygenRequestSchema, type KeygenRequestWire, type KeygenResponse, type KeygenResponseData, KeygenResponseSchema, type KeygenResponseWire, KeygenV1RequestMessage, KeygenV1ResponseMessage, MessageRegistry, OptionalStringCodec, type ReceiveKeyRequest, type ReceiveKeyRequestData, ReceiveKeyRequestSchema, type ReceiveKeyRequestWire, type ReceiveKeyResponse, type ReceiveKeyResponseData, ReceiveKeyResponseSchema, type ReceiveKeyResponseWire, ReceiveKeyV1RequestMessage, ReceiveKeyV1ResponseMessage, SIGNING_ALGORITHM_CLASSES, SIGNING_ALGORITHM_INSTANCES, type SecretShareData, type SignMessageRequest, type SignMessageRequestData, SignMessageRequestSchema, type SignMessageRequestWire, type SignMessageResponse, type SignMessageResponseData, SignMessageResponseSchema, type SignMessageResponseWire, SignMessageV1RequestMessage, SignMessageV1ResponseMessage, SignatureAlgoSchema, type SigningAlgorithmName, type SigningAlgorithmSchemaFor, type AllSigningAlgorithmSchemas as SigningAlgorithmSchemas, type TraceContext, TraceContextCodec, Uint32ArrayCodec, Uint8ArrayCodec, WebSocketCloseCode, type WebSocketConnectionInfo, type WebSocketError, WebSocketErrorType, assertDefined, assertNotNull, createKeyDerivationInfo, createKeygenResultFromSecretShare, decapsulateMlKem768, decryptKeygenResult, decryptPayload, deriveAESKey, encapsulateMlKem768, encryptKeygenInit, encryptKeyshare, encryptPayload, fromDynamicSigningAlgorithm, generateMlKem768Keypair, getAllSupportedMessages, getDefined, getMessageClass, isValidMessageType, isValidSigningAlgorithm, messageRegistry, parseMessageKey, signingAlgorithmRegistry, toDynamicSigningAlgorithm };
|
|
1613
|
+
export { AES_256_GCM_KEY_SIZE, AES_256_GCM_NONCE_SIZE, AES_256_GCM_TAG_SIZE, ALGORITHMS, ALL_MESSAGE_CLASSES, ALL_MESSAGE_KEYS, ALL_SIGNING_ALGORITHM_NAMES, ALL_SIGNING_ALGORITHM_SCHEMA, type AllMessageTypes, type AllSigningAlgorithmSchemas, BIP340SigningAlgorithm, BaseMessage, BaseSigningAlgorithm, type BaseWebSocketMessage, BoundedIntCodec, type ConnectionAckRequest, type ConnectionAckRequestData, ConnectionAckRequestSchema, type ConnectionAckRequestWire, type ConnectionAckResponse, type ConnectionAckResponseData, ConnectionAckResponseSchema, type ConnectionAckResponseWire, ConnectionAckV1RequestMessage, ConnectionAckV1ResponseMessage, type DecryptPayloadOptions, type DecryptedSecretShare, EcdsaSigningAlgorithm, Ed25519SigningAlgorithm, type EncryptPayloadOptions, type EncryptedPayload, EncryptedPayloadCodec, EncryptionPurpose, type ErrorResponse, HKDF_SALT_SIZE, type HandshakeRequest, type HandshakeRequestData, HandshakeRequestSchema, type HandshakeRequestWire, type HandshakeResponse, type HandshakeResponseData, HandshakeResponseSchema, type HandshakeResponseWire, HandshakeV1RequestMessage, HandshakeV1ResponseMessage, type HashAlgorithm, type IMessage, type ISigningAlgorithm, type KeygenRequest, type KeygenRequestData, KeygenRequestSchema, type KeygenRequestWire, type KeygenResponse, type KeygenResponseData, KeygenResponseSchema, type KeygenResponseWire, KeygenV1RequestMessage, KeygenV1ResponseMessage, MAX_KEYGEN_PARTIES, MessageRegistry, OptionalStringCodec, type ReceiveKeyRequest, type ReceiveKeyRequestData, ReceiveKeyRequestSchema, type ReceiveKeyRequestWire, type ReceiveKeyResponse, type ReceiveKeyResponseData, ReceiveKeyResponseSchema, type ReceiveKeyResponseWire, ReceiveKeyV1RequestMessage, ReceiveKeyV1ResponseMessage, RelayDomainCodec, SIGNING_ALGORITHM_CLASSES, SIGNING_ALGORITHM_INSTANCES, type SecretShareData, type SignMessageRequest, type SignMessageRequestData, SignMessageRequestSchema, type SignMessageRequestWire, type SignMessageResponse, type SignMessageResponseData, SignMessageResponseSchema, type SignMessageResponseWire, SignMessageV1RequestMessage, SignMessageV1ResponseMessage, SignatureAlgoSchema, type SigningAlgorithmName, type SigningAlgorithmSchemaFor, type AllSigningAlgorithmSchemas as SigningAlgorithmSchemas, type TraceContext, TraceContextCodec, Uint32ArrayCodec, Uint8ArrayCodec, WebSocketCloseCode, type WebSocketConnectionInfo, type WebSocketError, WebSocketErrorType, assertDefined, assertNotNull, createKeyDerivationInfo, createKeygenResultFromSecretShare, decapsulateMlKem768, decryptKeygenResult, decryptPayload, deriveAESKey, encapsulateMlKem768, encryptKeygenInit, encryptKeyshare, encryptPayload, fromDynamicSigningAlgorithm, generateMlKem768Keypair, getAllSupportedMessages, getDefined, getMessageClass, isValidMessageType, isValidSigningAlgorithm, messageRegistry, parseMessageKey, signingAlgorithmRegistry, toDynamicSigningAlgorithm };
|
package/dist/index.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { either } from 'fp-ts';
|
|
2
|
-
import { Type, failure, success, type, partial, number, string, union, undefined as _undefined, intersection, literal,
|
|
2
|
+
import { Type, failure, success, type, partial, number, string, union, undefined as _undefined, identity, intersection, literal, unknown, array } from 'io-ts';
|
|
3
3
|
import { hexToBytes, bytesToHex, randomBytes } from '@noble/hashes/utils.js';
|
|
4
|
-
import { SigningAlgorithm } from '@dynamic-labs-wallet/
|
|
4
|
+
import { SigningAlgorithm } from '@dynamic-labs-wallet/primitives';
|
|
5
5
|
import { ml_kem768 } from '@noble/post-quantum/ml-kem.js';
|
|
6
6
|
import { hkdf } from '@noble/hashes/hkdf.js';
|
|
7
7
|
import { sha256 } from '@noble/hashes/sha2.js';
|
|
@@ -98,6 +98,57 @@ var OptionalStringCodec = union([
|
|
|
98
98
|
string,
|
|
99
99
|
_undefined
|
|
100
100
|
]);
|
|
101
|
+
function BoundedIntCodec(name, min, max) {
|
|
102
|
+
return new Type(name, (u) => typeof u === "number" && Number.isInteger(u) && u >= min && u <= max, (u, c) => {
|
|
103
|
+
if (typeof u !== "number") {
|
|
104
|
+
return failure(u, c, `${name}: expected a number`);
|
|
105
|
+
}
|
|
106
|
+
if (!Number.isInteger(u)) {
|
|
107
|
+
return failure(u, c, `${name}: expected an integer`);
|
|
108
|
+
}
|
|
109
|
+
if (u < min || u > max) {
|
|
110
|
+
return failure(u, c, `${name}: value ${u} out of range [${min}, ${max}]`);
|
|
111
|
+
}
|
|
112
|
+
return success(u);
|
|
113
|
+
}, (a) => a);
|
|
114
|
+
}
|
|
115
|
+
__name(BoundedIntCodec, "BoundedIntCodec");
|
|
116
|
+
var DomainCodec = new Type("DomainCodec", (u) => typeof u === "string", (u, c) => {
|
|
117
|
+
if (typeof u !== "string") {
|
|
118
|
+
return failure(u, c, "Value must be a string");
|
|
119
|
+
}
|
|
120
|
+
const domainPattern = /^[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*(?::\d{1,5})?$/;
|
|
121
|
+
if (!domainPattern.test(u)) {
|
|
122
|
+
return failure(u, c, "Invalid domain format");
|
|
123
|
+
}
|
|
124
|
+
return success(u);
|
|
125
|
+
}, identity);
|
|
126
|
+
|
|
127
|
+
// src/codecs/RelayDomainCodec.ts
|
|
128
|
+
var BLOCKED_PATTERNS = [
|
|
129
|
+
/^localhost(:\d+)?$/i,
|
|
130
|
+
/^127\.\d{1,3}\.\d{1,3}\.\d{1,3}(:\d+)?$/,
|
|
131
|
+
/^0\.0\.0\.0(:\d+)?$/,
|
|
132
|
+
/^10\.\d{1,3}\.\d{1,3}\.\d{1,3}(:\d+)?$/,
|
|
133
|
+
/^172\.(1[6-9]|2\d|3[01])\.\d{1,3}\.\d{1,3}(:\d+)?$/,
|
|
134
|
+
/^192\.168\.\d{1,3}\.\d{1,3}(:\d+)?$/,
|
|
135
|
+
/^169\.254\.\d{1,3}\.\d{1,3}(:\d+)?$/,
|
|
136
|
+
/^\[::1\](:\d+)?$/,
|
|
137
|
+
/^\[fd[0-9a-f]{2}:/i,
|
|
138
|
+
/^\[fe80:/i,
|
|
139
|
+
/^instance-data\.ec2\.internal(:\d+)?$/i
|
|
140
|
+
];
|
|
141
|
+
var RelayDomainCodec = new Type("RelayDomainCodec", (u) => typeof u === "string", (u, c) => {
|
|
142
|
+
const base = DomainCodec.decode(u);
|
|
143
|
+
if (base._tag === "Left") return base;
|
|
144
|
+
const domain = base.right;
|
|
145
|
+
for (const pattern of BLOCKED_PATTERNS) {
|
|
146
|
+
if (pattern.test(domain)) {
|
|
147
|
+
return failure(u, c, "Relay domain must not be a private, loopback, or link-local address");
|
|
148
|
+
}
|
|
149
|
+
}
|
|
150
|
+
return success(domain);
|
|
151
|
+
}, identity);
|
|
101
152
|
function buildMessageSchema(messageType, version, additionalFields = {}, ...additionalSchemas) {
|
|
102
153
|
const schema = type({
|
|
103
154
|
type: literal(messageType),
|
|
@@ -435,16 +486,6 @@ var WebSocketCloseCode = {
|
|
|
435
486
|
/** Abnormal closure — no close frame (network drop, etc.). */
|
|
436
487
|
ABNORMAL: 1006
|
|
437
488
|
};
|
|
438
|
-
var DomainCodec = new Type("DomainCodec", (u) => typeof u === "string", (u, c) => {
|
|
439
|
-
if (typeof u !== "string") {
|
|
440
|
-
return failure(u, c, "Value must be a string");
|
|
441
|
-
}
|
|
442
|
-
const domainPattern = /^[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*(?::\d{1,5})?$/;
|
|
443
|
-
if (!domainPattern.test(u)) {
|
|
444
|
-
return failure(u, c, "Invalid domain format");
|
|
445
|
-
}
|
|
446
|
-
return success(u);
|
|
447
|
-
}, identity);
|
|
448
489
|
var Uint8ArrayOrHexCodec = new Type(
|
|
449
490
|
"Uint8ArrayOrHex",
|
|
450
491
|
(u) => u instanceof Uint8Array,
|
|
@@ -477,7 +518,7 @@ var Uint8ArrayOrHexCodec = new Type(
|
|
|
477
518
|
|
|
478
519
|
// src/messages/SignMessageV1Request.ts
|
|
479
520
|
var SignMessageRequestSchema = buildMessageSchema("signMessage", 1, {
|
|
480
|
-
relayDomain:
|
|
521
|
+
relayDomain: RelayDomainCodec,
|
|
481
522
|
keyshare: EncryptedPayloadCodec,
|
|
482
523
|
message: Uint8ArrayOrHexCodec,
|
|
483
524
|
roomUuid: string,
|
|
@@ -565,11 +606,14 @@ var ConnectionAckV1ResponseMessage = createSimpleMessage({
|
|
|
565
606
|
version: 1,
|
|
566
607
|
schema: ConnectionAckResponseSchema
|
|
567
608
|
});
|
|
609
|
+
var MAX_KEYGEN_PARTIES = 10;
|
|
610
|
+
var NumPartiesCodec = BoundedIntCodec("numParties", 2, MAX_KEYGEN_PARTIES);
|
|
611
|
+
var ThresholdCodec = BoundedIntCodec("threshold", 1, MAX_KEYGEN_PARTIES);
|
|
568
612
|
var BaseKeygenParamsCodec = type({
|
|
569
|
-
relayDomain:
|
|
613
|
+
relayDomain: RelayDomainCodec,
|
|
570
614
|
roomUuid: string,
|
|
571
|
-
numParties:
|
|
572
|
-
threshold:
|
|
615
|
+
numParties: NumPartiesCodec,
|
|
616
|
+
threshold: ThresholdCodec,
|
|
573
617
|
keygenInit: EncryptedPayloadCodec,
|
|
574
618
|
keygenIds: array(string),
|
|
575
619
|
userId: OptionalStringCodec,
|
|
@@ -589,10 +633,10 @@ var KeygenAlgoParamsCodec = union([
|
|
|
589
633
|
BIP340KeygenParamsCodec
|
|
590
634
|
]);
|
|
591
635
|
var KeygenRequestSchema = buildMessageSchema("keygen", 1, {
|
|
592
|
-
relayDomain:
|
|
636
|
+
relayDomain: RelayDomainCodec,
|
|
593
637
|
roomUuid: string,
|
|
594
|
-
numParties:
|
|
595
|
-
threshold:
|
|
638
|
+
numParties: NumPartiesCodec,
|
|
639
|
+
threshold: ThresholdCodec,
|
|
596
640
|
keygenInit: EncryptedPayloadCodec,
|
|
597
641
|
keygenIds: array(string),
|
|
598
642
|
userId: OptionalStringCodec,
|
|
@@ -642,12 +686,14 @@ var KeygenV1ResponseMessage = createStandardMessage({
|
|
|
642
686
|
error: decoded.error
|
|
643
687
|
}))
|
|
644
688
|
});
|
|
689
|
+
var NumPartiesCodec2 = BoundedIntCodec("numParties", 2, MAX_KEYGEN_PARTIES);
|
|
690
|
+
var ThresholdCodec2 = BoundedIntCodec("threshold", 1, MAX_KEYGEN_PARTIES);
|
|
645
691
|
var ReceiveKeyRequestSchema = buildMessageSchema("receiveKey", 1, {
|
|
646
|
-
relayDomain:
|
|
692
|
+
relayDomain: RelayDomainCodec,
|
|
647
693
|
signingAlgo: literal("ed25519"),
|
|
648
694
|
roomUuid: string,
|
|
649
|
-
numParties:
|
|
650
|
-
threshold:
|
|
695
|
+
numParties: NumPartiesCodec2,
|
|
696
|
+
threshold: ThresholdCodec2,
|
|
651
697
|
keygenInit: EncryptedPayloadCodec,
|
|
652
698
|
keygenIds: array(string),
|
|
653
699
|
userId: OptionalStringCodec,
|
|
@@ -1019,6 +1065,6 @@ var SigningAlgorithmRegistry = class SigningAlgorithmRegistry2 {
|
|
|
1019
1065
|
};
|
|
1020
1066
|
var signingAlgorithmRegistry = new SigningAlgorithmRegistry();
|
|
1021
1067
|
|
|
1022
|
-
export { AES_256_GCM_KEY_SIZE, AES_256_GCM_NONCE_SIZE, AES_256_GCM_TAG_SIZE, ALGORITHMS, ALL_MESSAGE_CLASSES, ALL_MESSAGE_KEYS, ALL_SIGNING_ALGORITHM_NAMES, ALL_SIGNING_ALGORITHM_SCHEMA, BIP340SigningAlgorithm, BaseMessage, BaseSigningAlgorithm, ConnectionAckRequestSchema, ConnectionAckResponseSchema, ConnectionAckV1RequestMessage, ConnectionAckV1ResponseMessage, EcdsaSigningAlgorithm, Ed25519SigningAlgorithm, EncryptedPayloadCodec, EncryptionPurpose, HKDF_SALT_SIZE, HandshakeRequestSchema, HandshakeResponseSchema, HandshakeV1RequestMessage, HandshakeV1ResponseMessage, KeygenRequestSchema, KeygenResponseSchema, KeygenV1RequestMessage, KeygenV1ResponseMessage, MessageRegistry, OptionalStringCodec, ReceiveKeyRequestSchema, ReceiveKeyResponseSchema, ReceiveKeyV1RequestMessage, ReceiveKeyV1ResponseMessage, SIGNING_ALGORITHM_CLASSES, SIGNING_ALGORITHM_INSTANCES, SignMessageRequestSchema, SignMessageResponseSchema, SignMessageV1RequestMessage, SignMessageV1ResponseMessage, SignatureAlgoSchema, TraceContextCodec, Uint32ArrayCodec, Uint8ArrayCodec, WebSocketCloseCode, WebSocketErrorType, assertDefined, assertNotNull, createKeyDerivationInfo, createKeygenResultFromSecretShare, decapsulateMlKem768, decryptKeygenResult, decryptPayload, deriveAESKey, encapsulateMlKem768, encryptKeygenInit, encryptKeyshare, encryptPayload, fromDynamicSigningAlgorithm, generateMlKem768Keypair, getAllSupportedMessages, getDefined, getMessageClass, isValidMessageType, isValidSigningAlgorithm, messageRegistry, parseMessageKey, signingAlgorithmRegistry, toDynamicSigningAlgorithm };
|
|
1068
|
+
export { AES_256_GCM_KEY_SIZE, AES_256_GCM_NONCE_SIZE, AES_256_GCM_TAG_SIZE, ALGORITHMS, ALL_MESSAGE_CLASSES, ALL_MESSAGE_KEYS, ALL_SIGNING_ALGORITHM_NAMES, ALL_SIGNING_ALGORITHM_SCHEMA, BIP340SigningAlgorithm, BaseMessage, BaseSigningAlgorithm, BoundedIntCodec, ConnectionAckRequestSchema, ConnectionAckResponseSchema, ConnectionAckV1RequestMessage, ConnectionAckV1ResponseMessage, EcdsaSigningAlgorithm, Ed25519SigningAlgorithm, EncryptedPayloadCodec, EncryptionPurpose, HKDF_SALT_SIZE, HandshakeRequestSchema, HandshakeResponseSchema, HandshakeV1RequestMessage, HandshakeV1ResponseMessage, KeygenRequestSchema, KeygenResponseSchema, KeygenV1RequestMessage, KeygenV1ResponseMessage, MAX_KEYGEN_PARTIES, MessageRegistry, OptionalStringCodec, ReceiveKeyRequestSchema, ReceiveKeyResponseSchema, ReceiveKeyV1RequestMessage, ReceiveKeyV1ResponseMessage, RelayDomainCodec, SIGNING_ALGORITHM_CLASSES, SIGNING_ALGORITHM_INSTANCES, SignMessageRequestSchema, SignMessageResponseSchema, SignMessageV1RequestMessage, SignMessageV1ResponseMessage, SignatureAlgoSchema, TraceContextCodec, Uint32ArrayCodec, Uint8ArrayCodec, WebSocketCloseCode, WebSocketErrorType, assertDefined, assertNotNull, createKeyDerivationInfo, createKeygenResultFromSecretShare, decapsulateMlKem768, decryptKeygenResult, decryptPayload, deriveAESKey, encapsulateMlKem768, encryptKeygenInit, encryptKeyshare, encryptPayload, fromDynamicSigningAlgorithm, generateMlKem768Keypair, getAllSupportedMessages, getDefined, getMessageClass, isValidMessageType, isValidSigningAlgorithm, messageRegistry, parseMessageKey, signingAlgorithmRegistry, toDynamicSigningAlgorithm };
|
|
1023
1069
|
//# sourceMappingURL=index.js.map
|
|
1024
1070
|
//# sourceMappingURL=index.js.map
|