@haex-space/vault-sdk 2.7.1 → 2.8.0

package/dist/index.mjs

@@ -248,13 +248,28 @@ __export(userKeypair_exports, {
   importUserPublicKeyAsync: () => importUserPublicKeyAsync
 });
 async function generateUserKeypairAsync() {
-  const keypair = await crypto.subtle.generateKey(SIGNING_ALGO, true, ["sign", "verify"]);
-  return { publicKey: keypair.publicKey, privateKey: keypair.privateKey };
+  const signing = await crypto.subtle.generateKey(SIGNING_ALGO, true, ["sign", "verify"]);
+  const agreement = await crypto.subtle.generateKey(KEY_AGREEMENT_ALGO, true, ["deriveBits"]);
+  return {
+    signingPublicKey: signing.publicKey,
+    signingPrivateKey: signing.privateKey,
+    agreementPublicKey: agreement.publicKey,
+    agreementPrivateKey: agreement.privateKey
+  };
 }
 async function exportUserKeypairAsync(keypair) {
-  const pub = await crypto.subtle.exportKey("spki", keypair.publicKey);
-  const priv = await crypto.subtle.exportKey("pkcs8", keypair.privateKey);
-  return { publicKey: arrayBufferToBase64(pub), privateKey: arrayBufferToBase64(priv) };
+  const [sigPub, sigPriv, agrPub, agrPriv] = await Promise.all([
+    crypto.subtle.exportKey("spki", keypair.signingPublicKey),
+    crypto.subtle.exportKey("pkcs8", keypair.signingPrivateKey),
+    crypto.subtle.exportKey("spki", keypair.agreementPublicKey),
+    crypto.subtle.exportKey("pkcs8", keypair.agreementPrivateKey)
+  ]);
+  return {
+    signingPublicKey: arrayBufferToBase64(sigPub),
+    signingPrivateKey: arrayBufferToBase64(sigPriv),
+    agreementPublicKey: arrayBufferToBase64(agrPub),
+    agreementPrivateKey: arrayBufferToBase64(agrPriv)
+  };
 }
 async function importUserPublicKeyAsync(base64) {
   return crypto.subtle.importKey("spki", base64ToArrayBuffer(base64), SIGNING_ALGO, true, ["verify"]);
@@ -296,8 +311,8 @@ var SIGNING_ALGO, KEY_AGREEMENT_ALGO;
 var init_userKeypair = __esm({
   "src/crypto/userKeypair.ts"() {
     init_vaultKey();
-    SIGNING_ALGO = { name: "ECDSA", namedCurve: "P-256" };
-    KEY_AGREEMENT_ALGO = { name: "ECDH", namedCurve: "P-256" };
+    SIGNING_ALGO = { name: "Ed25519" };
+    KEY_AGREEMENT_ALGO = { name: "X25519" };
   }
 });
 
@@ -1898,25 +1913,6 @@ var SpacesAPI = class {
   async listSpacesAsync() {
     return this.client.request(SPACE_COMMANDS.list);
   }
-  /**
-   * Create a new shared space.
-   * @param name - Human-readable space name
-   * @param serverUrl - The sync server URL to create the space on
-   * @returns The created space with decrypted name
-   */
-  async createSpaceAsync(name, serverUrl) {
-    return this.client.request(SPACE_COMMANDS.create, {
-      spaceName: name,
-      serverUrl
-    });
-  }
-  /**
-   * List available sync backends that can host shared spaces.
-   * @returns Array of backend info with server URLs
-   */
-  async listSyncBackendsAsync() {
-    return this.client.request(SPACE_COMMANDS.listBackends);
-  }
 };
 
 // src/api/shell.ts
@@ -3191,76 +3187,17 @@ function base58btcDecode(str) {
   }
   return result;
 }
-function compressP256Point(uncompressed) {
-  if (uncompressed.length !== 65 || uncompressed[0] !== 4) {
-    throw new Error("Expected 65-byte uncompressed P-256 point (0x04 prefix)");
-  }
-  const x = uncompressed.slice(1, 33);
-  const yLastByte = uncompressed[64];
-  const prefix = (yLastByte & 1) === 0 ? 2 : 3;
-  const compressed = new Uint8Array(33);
-  compressed[0] = prefix;
-  compressed.set(x, 1);
-  return compressed;
-}
-function decompressP256Point(compressed) {
-  if (compressed.length !== 33 || compressed[0] !== 2 && compressed[0] !== 3) {
-    throw new Error("Expected 33-byte compressed P-256 point");
-  }
-  const isOdd = compressed[0] === 3;
-  const x = bytesToBigInt(compressed.slice(1));
-  const p = BigInt("0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff");
-  const b = BigInt("0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b");
-  const a = p - 3n;
-  const ySquared = (modPow(x, 3n, p) + a * x + b) % p;
-  let y = modSqrt(ySquared, p);
-  const yIsOdd = (y & 1n) === 1n;
-  if (isOdd !== yIsOdd) {
-    y = p - y;
-  }
-  const uncompressed = new Uint8Array(65);
-  uncompressed[0] = 4;
-  uncompressed.set(bigIntToBytes(x, 32), 1);
-  uncompressed.set(bigIntToBytes(y, 32), 33);
-  return uncompressed;
-}
-function bytesToBigInt(bytes) {
-  let result = 0n;
-  for (const b of bytes) {
-    result = result << 8n | BigInt(b);
-  }
-  return result;
-}
-function bigIntToBytes(n, length) {
-  const bytes = new Uint8Array(length);
-  let val = n;
-  for (let i = length - 1; i >= 0; i--) {
-    bytes[i] = Number(val & 0xffn);
-    val >>= 8n;
-  }
-  return bytes;
-}
-function modPow(base, exp, mod) {
-  let result = 1n;
-  base = base % mod;
-  while (exp > 0n) {
-    if (exp & 1n) result = result * base % mod;
-    exp >>= 1n;
-    base = base * base % mod;
-  }
-  return result;
-}
-function modSqrt(a, p) {
-  return modPow(a, (p + 1n) / 4n, p);
-}
-var P256_MULTICODEC_PREFIX = new Uint8Array([128, 36]);
+var ED25519_MULTICODEC_PREFIX = new Uint8Array([237, 1]);
+var ED25519_PUBLIC_KEY_LENGTH = 32;
 async function publicKeyToDidKeyAsync(publicKeyBase64) {
   const cryptoKey = await importUserPublicKeyAsync(publicKeyBase64);
   const rawBytes = new Uint8Array(await crypto.subtle.exportKey("raw", cryptoKey));
-  const compressed = compressP256Point(rawBytes);
-  const multicodecBytes = new Uint8Array(P256_MULTICODEC_PREFIX.length + compressed.length);
-  multicodecBytes.set(P256_MULTICODEC_PREFIX);
-  multicodecBytes.set(compressed, P256_MULTICODEC_PREFIX.length);
+  if (rawBytes.length !== ED25519_PUBLIC_KEY_LENGTH) {
+    throw new Error(`Expected ${ED25519_PUBLIC_KEY_LENGTH}-byte Ed25519 public key, got ${rawBytes.length}`);
+  }
+  const multicodecBytes = new Uint8Array(ED25519_MULTICODEC_PREFIX.length + rawBytes.length);
+  multicodecBytes.set(ED25519_MULTICODEC_PREFIX);
+  multicodecBytes.set(rawBytes, ED25519_MULTICODEC_PREFIX.length);
   return `did:key:z${base58btcEncode(multicodecBytes)}`;
 }
 async function didKeyToPublicKeyAsync(did) {
@@ -3268,15 +3205,17 @@ async function didKeyToPublicKeyAsync(did) {
     throw new Error("Only did:key with base58-btc multibase (z prefix) is supported");
   }
   const multicodecBytes = base58btcDecode(did.slice("did:key:z".length));
-  if (multicodecBytes[0] !== P256_MULTICODEC_PREFIX[0] || multicodecBytes[1] !== P256_MULTICODEC_PREFIX[1]) {
-    throw new Error("Unsupported key type in did:key (expected P-256)");
+  if (multicodecBytes[0] !== ED25519_MULTICODEC_PREFIX[0] || multicodecBytes[1] !== ED25519_MULTICODEC_PREFIX[1]) {
+    throw new Error("Unsupported key type in did:key (expected Ed25519)");
+  }
+  const rawKey = multicodecBytes.slice(ED25519_MULTICODEC_PREFIX.length);
+  if (rawKey.length !== ED25519_PUBLIC_KEY_LENGTH) {
+    throw new Error(`Invalid Ed25519 public key length: ${rawKey.length}`);
   }
-  const compressed = multicodecBytes.slice(P256_MULTICODEC_PREFIX.length);
-  const uncompressed = decompressP256Point(compressed);
   const cryptoKey = await crypto.subtle.importKey(
     "raw",
-    uncompressed.buffer,
-    { name: "ECDSA", namedCurve: "P-256" },
+    rawKey.buffer,
+    SIGNING_ALGO,
     true,
     ["verify"]
   );
@@ -3287,11 +3226,10 @@ async function generateIdentityAsync() {
   const { generateUserKeypairAsync: generateUserKeypairAsync2, exportUserKeypairAsync: exportUserKeypairAsync2 } = await Promise.resolve().then(() => (init_userKeypair(), userKeypair_exports));
   const keypair = await generateUserKeypairAsync2();
   const exported = await exportUserKeypairAsync2(keypair);
-  const did = await publicKeyToDidKeyAsync(exported.publicKey);
+  const did = await publicKeyToDidKeyAsync(exported.signingPublicKey);
   return {
     did,
-    publicKeyBase64: exported.publicKey,
-    privateKeyBase64: exported.privateKey
+    ...exported
   };
 }
 
@@ -3305,7 +3243,7 @@ async function encryptWithPublicKeyAsync(data, recipientPublicKeyBase64) {
   const ephemeral = await crypto.subtle.generateKey(KEY_AGREEMENT_ALGO, true, ["deriveBits"]);
   const recipientKey = await importPublicKeyForKeyAgreementAsync(recipientPublicKeyBase64);
   const sharedBits = await crypto.subtle.deriveBits(
-    { name: "ECDH", public: recipientKey },
+    { ...KEY_AGREEMENT_ALGO, public: recipientKey },
     ephemeral.privateKey,
     256
   );
@@ -3340,7 +3278,7 @@ async function decryptWithPrivateKeyAsync(sealed, ownPrivateKeyBase64) {
   );
   const ownPrivKey = await importPrivateKeyForKeyAgreementAsync(ownPrivateKeyBase64);
   const sharedBits = await crypto.subtle.deriveBits(
-    { name: "ECDH", public: ephPubKey },
+    { ...KEY_AGREEMENT_ALGO, public: ephPubKey },
     ownPrivKey,
     256
   );
@@ -3394,7 +3332,7 @@ async function signClaimPresentationAsync(did, publicKeyBase64, claims, privateK
   const privateKey = await importUserPrivateKeyAsync(privateKeyBase64);
   const data = new TextEncoder().encode(canonical);
   const sig = await crypto.subtle.sign(
-    { name: "ECDSA", hash: "SHA-256" },
+    SIGNING_ALGO,
     privateKey,
     data
   );
@@ -3414,7 +3352,7 @@ async function verifyClaimPresentationAsync(presentation) {
   const data = new TextEncoder().encode(canonical);
   const sigBytes = Uint8Array.from(atob(signature), (c) => c.charCodeAt(0));
   return crypto.subtle.verify(
-    { name: "ECDSA", hash: "SHA-256" },
+    SIGNING_ALGO,
     pubKey,
     sigBytes,
     data
@@ -3436,13 +3374,13 @@ function canonicalize(record) {
 }
 async function signRecordAsync(record, privateKeyBase64) {
   const key = await importUserPrivateKeyAsync(privateKeyBase64);
-  const sig = await crypto.subtle.sign({ name: "ECDSA", hash: "SHA-256" }, key, canonicalize(record));
+  const sig = await crypto.subtle.sign(SIGNING_ALGO, key, canonicalize(record));
   return arrayBufferToBase64(sig);
 }
 async function verifyRecordSignatureAsync(record, signatureBase64, publicKeyBase64) {
   const key = await importUserPublicKeyAsync(publicKeyBase64);
   return crypto.subtle.verify(
-    { name: "ECDSA", hash: "SHA-256" },
+    SIGNING_ALGO,
     key,
     base64ToArrayBuffer(signatureBase64),
     canonicalize(record)
@@ -3456,7 +3394,7 @@ async function signSpaceChallengeAsync(spaceId, privateKeyBase64) {
   const timestamp = (/* @__PURE__ */ new Date()).toISOString();
   const key = await importUserPrivateKeyAsync(privateKeyBase64);
   const sig = await crypto.subtle.sign(
-    { name: "ECDSA", hash: "SHA-256" },
+    SIGNING_ALGO,
     key,
     canonicalizeChallenge(spaceId, timestamp)
   );
@@ -3474,7 +3412,7 @@ async function verifySpaceChallengeAsync(spaceId, timestamp, signatureBase64, pu
   try {
     const key = await importUserPublicKeyAsync(publicKeyBase64);
     const isValid = await crypto.subtle.verify(
-      { name: "ECDSA", hash: "SHA-256" },
+      SIGNING_ALGO,
       key,
       base64ToArrayBuffer(signatureBase64),
       canonicalizeChallenge(spaceId, timestamp)