@haneullabs/seal 0.1.0

package/dist/esm/kdf.js

@@ -0,0 +1,83 @@
+import { fromHex } from "@haneullabs/bcs";
+import { sha3_256 } from "@noble/hashes/sha3";
+import { G1Element } from "./bls12381.js";
+import {
+  ENCRYPTED_SHARE_LENGTH,
+  flatten,
+  KEY_LENGTH,
+  MAX_U8,
+  HANEUL_ADDRESS_LENGTH
+} from "./utils.js";
+const DST = new TextEncoder().encode("SUI-SEAL-IBE-BLS12381-00");
+const KDF_DST = new TextEncoder().encode("SUI-SEAL-IBE-BLS12381-H2-00");
+const DERIVE_KEY_DST = new TextEncoder().encode("SUI-SEAL-IBE-BLS12381-H3-00");
+function hashToG1(id) {
+  return G1Element.hashToCurve(flatten([DST, id]));
+}
+function kdf(element, nonce, id, objectId, index) {
+  if (!Number.isInteger(index) || index < 0 || index > MAX_U8) {
+    throw new Error(`Invalid index ${index}`);
+  }
+  const objectIdBytes = fromHex(objectId);
+  if (objectIdBytes.length !== HANEUL_ADDRESS_LENGTH) {
+    throw new Error(`Invalid object id ${objectId}`);
+  }
+  const hash = sha3_256.create();
+  hash.update(KDF_DST);
+  hash.update(element.toBytes());
+  hash.update(nonce.toBytes());
+  hash.update(hashToG1(id).toBytes());
+  hash.update(objectIdBytes);
+  hash.update(new Uint8Array([index]));
+  return hash.digest();
+}
+var KeyPurpose = /* @__PURE__ */ ((KeyPurpose2) => {
+  KeyPurpose2[KeyPurpose2["EncryptedRandomness"] = 0] = "EncryptedRandomness";
+  KeyPurpose2[KeyPurpose2["DEM"] = 1] = "DEM";
+  return KeyPurpose2;
+})(KeyPurpose || {});
+function tag(purpose) {
+  switch (purpose) {
+    case 0 /* EncryptedRandomness */:
+      return new Uint8Array([0]);
+    case 1 /* DEM */:
+      return new Uint8Array([1]);
+    default:
+      throw new Error(`Invalid key purpose ${purpose}`);
+  }
+}
+function deriveKey(purpose, baseKey, encryptedShares, threshold, keyServers) {
+  if (!Number.isInteger(threshold) || threshold <= 0 || threshold > MAX_U8) {
+    throw new Error(`Invalid threshold ${threshold}`);
+  }
+  if (encryptedShares.length !== keyServers.length) {
+    throw new Error(
+      `Mismatched shares ${encryptedShares.length} and key servers ${keyServers.length}`
+    );
+  }
+  const keyServerBytes = keyServers.map((keyServer) => fromHex(keyServer));
+  if (keyServerBytes.some((keyServer) => keyServer.length !== HANEUL_ADDRESS_LENGTH)) {
+    throw new Error(`Invalid key servers ${keyServers}`);
+  }
+  if (encryptedShares.some((share) => share.length !== ENCRYPTED_SHARE_LENGTH)) {
+    throw new Error(`Invalid encrypted shares ${encryptedShares}`);
+  }
+  if (baseKey.length !== KEY_LENGTH) {
+    throw new Error(`Invalid base key ${baseKey}`);
+  }
+  const hash = sha3_256.create();
+  hash.update(DERIVE_KEY_DST);
+  hash.update(baseKey);
+  hash.update(tag(purpose));
+  hash.update(new Uint8Array([threshold]));
+  encryptedShares.forEach((share) => hash.update(share));
+  keyServerBytes.forEach((keyServer) => hash.update(keyServer));
+  return hash.digest();
+}
+export {
+  KeyPurpose,
+  deriveKey,
+  hashToG1,
+  kdf
+};
+//# sourceMappingURL=kdf.js.map

package/dist/esm/kdf.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/kdf.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@haneullabs/bcs';\nimport { sha3_256 } from '@noble/hashes/sha3';\n\nimport { G1Element } from './bls12381.js';\nimport type { G2Element, GTElement } from './bls12381.js';\nimport {\n\tENCRYPTED_SHARE_LENGTH,\n\tflatten,\n\tKEY_LENGTH,\n\tMAX_U8,\n\tHANEUL_ADDRESS_LENGTH,\n} from './utils.js';\n\n/**\n * The domain separation tag for the hash-to-group function.\n */\nconst DST: Uint8Array = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-00');\nconst KDF_DST = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-H2-00');\nconst DERIVE_KEY_DST = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-H3-00');\n\n/**\n * Hash an id to a G1Element.\n *\n * @param id The id to hash.\n * @returns The G1Element.\n */\nexport function hashToG1(id: Uint8Array): G1Element {\n\treturn G1Element.hashToCurve(flatten([DST, id]));\n}\n\n/**\n * The default key derivation function.\n *\n * @returns The derived key.\n */\nexport function kdf(\n\telement: GTElement,\n\tnonce: G2Element,\n\tid: Uint8Array,\n\tobjectId: string,\n\tindex: number,\n): Uint8Array {\n\tif (!Number.isInteger(index) || index < 0 || index > MAX_U8) {\n\t\tthrow new Error(`Invalid index ${index}`);\n\t}\n\tconst objectIdBytes = fromHex(objectId);\n\tif (objectIdBytes.length !== HANEUL_ADDRESS_LENGTH) {\n\t\tthrow new Error(`Invalid object id ${objectId}`);\n\t}\n\tconst hash = sha3_256.create();\n\thash.update(KDF_DST);\n\thash.update(element.toBytes());\n\thash.update(nonce.toBytes());\n\thash.update(hashToG1(id).toBytes());\n\thash.update(objectIdBytes);\n\thash.update(new Uint8Array([index])); // this is safe because index < 256.\n\treturn hash.digest();\n}\n\nexport enum KeyPurpose {\n\tEncryptedRandomness,\n\tDEM,\n}\n\nfunction tag(purpose: KeyPurpose): Uint8Array {\n\tswitch (purpose) {\n\t\tcase KeyPurpose.EncryptedRandomness:\n\t\t\treturn new Uint8Array([0]);\n\t\tcase KeyPurpose.DEM:\n\t\t\treturn new Uint8Array([1]);\n\t\tdefault:\n\t\t\tthrow new Error(`Invalid key purpose ${purpose}`);\n\t}\n}\n\n/**\n * Derive a key from a base key and a list of encrypted shares.\n *\n * @param purpose The purpose of the key.\n * @param baseKey The base key.\n * @param encryptedShares The encrypted shares.\n * @param threshold The threshold.\n * @param keyServers The object ids of the key servers.\n * @returns The derived key.\n */\nexport function deriveKey(\n\tpurpose: KeyPurpose,\n\tbaseKey: Uint8Array,\n\tencryptedShares: Uint8Array[],\n\tthreshold: number,\n\tkeyServers: string[],\n): Uint8Array {\n\tif (!Number.isInteger(threshold) || threshold <= 0 || threshold > MAX_U8) {\n\t\tthrow new Error(`Invalid threshold ${threshold}`);\n\t}\n\n\tif (encryptedShares.length !== keyServers.length) {\n\t\tthrow new Error(\n\t\t\t`Mismatched shares ${encryptedShares.length} and key servers ${keyServers.length}`,\n\t\t);\n\t}\n\tconst keyServerBytes = keyServers.map((keyServer) => fromHex(keyServer));\n\tif (keyServerBytes.some((keyServer) => keyServer.length !== HANEUL_ADDRESS_LENGTH)) {\n\t\tthrow new Error(`Invalid key servers ${keyServers}`);\n\t}\n\tif (encryptedShares.some((share) => share.length !== ENCRYPTED_SHARE_LENGTH)) {\n\t\tthrow new Error(`Invalid encrypted shares ${encryptedShares}`);\n\t}\n\n\tif (baseKey.length !== KEY_LENGTH) {\n\t\tthrow new Error(`Invalid base key ${baseKey}`);\n\t}\n\n\tconst hash = sha3_256.create();\n\thash.update(DERIVE_KEY_DST);\n\thash.update(baseKey);\n\thash.update(tag(purpose));\n\thash.update(new Uint8Array([threshold]));\n\tencryptedShares.forEach((share) => hash.update(share));\n\tkeyServerBytes.forEach((keyServer) => hash.update(keyServer));\n\treturn hash.digest();\n}\n"],
+  "mappings": "AAGA,SAAS,eAAe;AACxB,SAAS,gBAAgB;AAEzB,SAAS,iBAAiB;AAE1B;AAAA,EACC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACM;AAKP,MAAM,MAAkB,IAAI,YAAY,EAAE,OAAO,0BAA0B;AAC3E,MAAM,UAAU,IAAI,YAAY,EAAE,OAAO,6BAA6B;AACtE,MAAM,iBAAiB,IAAI,YAAY,EAAE,OAAO,6BAA6B;AAQtE,SAAS,SAAS,IAA2B;AACnD,SAAO,UAAU,YAAY,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC;AAChD;AAOO,SAAS,IACf,SACA,OACA,IACA,UACA,OACa;AACb,MAAI,CAAC,OAAO,UAAU,KAAK,KAAK,QAAQ,KAAK,QAAQ,QAAQ;AAC5D,UAAM,IAAI,MAAM,iBAAiB,KAAK,EAAE;AAAA,EACzC;AACA,QAAM,gBAAgB,QAAQ,QAAQ;AACtC,MAAI,cAAc,WAAW,uBAAuB;AACnD,UAAM,IAAI,MAAM,qBAAqB,QAAQ,EAAE;AAAA,EAChD;AACA,QAAM,OAAO,SAAS,OAAO;AAC7B,OAAK,OAAO,OAAO;AACnB,OAAK,OAAO,QAAQ,QAAQ,CAAC;AAC7B,OAAK,OAAO,MAAM,QAAQ,CAAC;AAC3B,OAAK,OAAO,SAAS,EAAE,EAAE,QAAQ,CAAC;AAClC,OAAK,OAAO,aAAa;AACzB,OAAK,OAAO,IAAI,WAAW,CAAC,KAAK,CAAC,CAAC;AACnC,SAAO,KAAK,OAAO;AACpB;AAEO,IAAK,aAAL,kBAAKA,gBAAL;AACN,EAAAA,wBAAA;AACA,EAAAA,wBAAA;AAFW,SAAAA;AAAA,GAAA;AAKZ,SAAS,IAAI,SAAiC;AAC7C,UAAQ,SAAS;AAAA,IAChB,KAAK;AACJ,aAAO,IAAI,WAAW,CAAC,CAAC,CAAC;AAAA,IAC1B,KAAK;AACJ,aAAO,IAAI,WAAW,CAAC,CAAC,CAAC;AAAA,IAC1B;AACC,YAAM,IAAI,MAAM,uBAAuB,OAAO,EAAE;AAAA,EAClD;AACD;AAYO,SAAS,UACf,SACA,SACA,iBACA,WACA,YACa;AACb,MAAI,CAAC,OAAO,UAAU,SAAS,KAAK,aAAa,KAAK,YAAY,QAAQ;AACzE,UAAM,IAAI,MAAM,qBAAqB,SAAS,EAAE;AAAA,EACjD;AAEA,MAAI,gBAAgB,WAAW,WAAW,QAAQ;AACjD,UAAM,IAAI;AAAA,MACT,qBAAqB,gBAAgB,MAAM,oBAAoB,WAAW,MAAM;AAAA,IACjF;AAAA,EACD;AACA,QAAM,iBAAiB,WAAW,IAAI,CAAC,cAAc,QAAQ,SAAS,CAAC;AACvE,MAAI,eAAe,KAAK,CAAC,cAAc,UAAU,WAAW,qBAAqB,GAAG;AACnF,UAAM,IAAI,MAAM,uBAAuB,UAAU,EAAE;AAAA,EACpD;AACA,MAAI,gBAAgB,KAAK,CAAC,UAAU,MAAM,WAAW,sBAAsB,GAAG;AAC7E,UAAM,IAAI,MAAM,4BAA4B,eAAe,EAAE;AAAA,EAC9D;AAEA,MAAI,QAAQ,WAAW,YAAY;AAClC,UAAM,IAAI,MAAM,oBAAoB,OAAO,EAAE;AAAA,EAC9C;AAEA,QAAM,OAAO,SAAS,OAAO;AAC7B,OAAK,OAAO,cAAc;AAC1B,OAAK,OAAO,OAAO;AACnB,OAAK,OAAO,IAAI,OAAO,CAAC;AACxB,OAAK,OAAO,IAAI,WAAW,CAAC,SAAS,CAAC,CAAC;AACvC,kBAAgB,QAAQ,CAAC,UAAU,KAAK,OAAO,KAAK,CAAC;AACrD,iBAAe,QAAQ,CAAC,cAAc,KAAK,OAAO,SAAS,CAAC;AAC5D,SAAO,KAAK,OAAO;AACpB;",
+  "names": ["KeyPurpose"]
+}

package/dist/esm/key-server.d.ts

@@ -0,0 +1,98 @@
+import type { SealCompatibleClient } from './types.js';
+import type { G1Element } from './bls12381.js';
+import { Version } from './utils.js';
+import type { Certificate } from './session-key.js';
+export type KeyServer = {
+    objectId: string;
+    name: string;
+    url: string;
+    keyType: KeyServerType;
+    pk: Uint8Array<ArrayBuffer>;
+};
+export declare enum KeyServerType {
+    BonehFranklinBLS12381 = 0
+}
+export declare const SERVER_VERSION_REQUIREMENT: Version;
+/**
+ * Given a list of key server object IDs, returns a list of SealKeyServer
+ * from onchain state containing name, objectId, URL and pk.
+ *
+ * @param objectIds - The key server object IDs.
+ * @param client - The HaneulClient to use.
+ * @returns - An array of SealKeyServer.
+ */
+export declare function retrieveKeyServers({ objectIds, client, }: {
+    objectIds: string[];
+    client: SealCompatibleClient;
+}): Promise<KeyServer[]>;
+/**
+ * Given a KeyServer, fetch the proof of possession (PoP) from the URL and verify it
+ * against the pubkey. This should be used only rarely when the dapp uses a dynamic
+ * set of key servers.
+ *
+ * @param server - The KeyServer to verify.
+ * @returns - True if the key server is valid, false otherwise.
+ */
+export declare function verifyKeyServer(server: KeyServer, timeout: number, apiKeyName?: string, apiKey?: string): Promise<boolean>;
+/**
+ * Verify the key server version. Throws an `InvalidKeyServerError` if the version is not supported.
+ *
+ * @param response - The response from the key server.
+ */
+export declare function verifyKeyServerVersion(response: Response): void;
+export interface DerivedKey {
+    toString(): string;
+}
+/**
+ * A user secret key for the Boneh-Franklin BLS12381 scheme.
+ * This is a wrapper around the G1Element type.
+ */
+export declare class BonehFranklinBLS12381DerivedKey implements DerivedKey {
+    key: G1Element;
+    representation: string;
+    constructor(key: G1Element);
+    toString(): string;
+}
+/**
+ * Options for fetching keys from the key server.
+ */
+export interface FetchKeysOptions {
+    /** The URL of the key server. */
+    url: string;
+    /** The Base64 string of request signature. */
+    requestSignature: string;
+    /** The transaction bytes. */
+    transactionBytes: Uint8Array;
+    /** The ephemeral secret key. */
+    encKey: Uint8Array<ArrayBuffer>;
+    /** The ephemeral public key. */
+    encKeyPk: Uint8Array<ArrayBuffer>;
+    /** The ephemeral verification key. */
+    encVerificationKey: Uint8Array;
+    /** The certificate. */
+    certificate: Certificate;
+    /** Request timeout in milliseconds. */
+    timeout: number;
+    /** Optional API key name. */
+    apiKeyName?: string;
+    /** Optional API key. */
+    apiKey?: string;
+    /** Optional abort signal for cancellation. */
+    signal?: AbortSignal;
+}
+/**
+ * Helper function to request all keys from URL with requestSig, txBytes, ephemeral pubkey.
+ * Then decrypt the Seal key with ephemeral secret key. Returns a list decryption keys with
+ * their full IDs.
+ *
+ * @param url - The URL of the key server.
+ * @param requestSig - The Base64 string of request signature.
+ * @param txBytes - The transaction bytes.
+ * @param encKey - The ephemeral secret key.
+ * @param certificate - The certificate.
+ * @returns - A list of full ID and the decrypted key.
+ */
+export declare function fetchKeysForAllIds({ url, requestSignature, transactionBytes, encKey, encKeyPk, encVerificationKey, certificate, timeout, apiKeyName, apiKey, signal, }: FetchKeysOptions): Promise<{
+    fullId: string;
+    key: Uint8Array<ArrayBuffer>;
+}[]>;

package/dist/esm/key-server.js

@@ -0,0 +1,151 @@
+import { bcs, fromBase64, fromHex, toBase64, toHex } from "@haneullabs/bcs";
+import { bls12_381 } from "@noble/curves/bls12-381";
+import { KeyServerMove, KeyServerMoveV1 } from "./bcs.js";
+import { InvalidKeyServerError, InvalidKeyServerVersionError, SealAPIError } from "./error.js";
+import { DST_POP } from "./ibe.js";
+import { PACKAGE_VERSION } from "./version.js";
+import { flatten, Version } from "./utils.js";
+import { elgamalDecrypt } from "./elgamal.js";
+const EXPECTED_SERVER_VERSION = 1;
+var KeyServerType = /* @__PURE__ */ ((KeyServerType2) => {
+  KeyServerType2[KeyServerType2["BonehFranklinBLS12381"] = 0] = "BonehFranklinBLS12381";
+  return KeyServerType2;
+})(KeyServerType || {});
+const SERVER_VERSION_REQUIREMENT = new Version("0.4.1");
+async function retrieveKeyServers({
+  objectIds,
+  client
+}) {
+  return await Promise.all(
+    objectIds.map(async (objectId) => {
+      const res = await client.core.getObject({
+        objectId
+      });
+      const ks = KeyServerMove.parse(await res.object.content);
+      if (EXPECTED_SERVER_VERSION < Number(ks.firstVersion) || EXPECTED_SERVER_VERSION > Number(ks.lastVersion)) {
+        throw new InvalidKeyServerVersionError(
+          `Key server ${objectId} supports versions between ${ks.firstVersion} and ${ks.lastVersion} (inclusive), but SDK expects version ${EXPECTED_SERVER_VERSION}`
+        );
+      }
+      const resVersionedKs = await client.core.getDynamicField({
+        parentId: objectId,
+        name: {
+          type: "u64",
+          bcs: bcs.u64().serialize(EXPECTED_SERVER_VERSION).toBytes()
+        }
+      });
+      const ksVersioned = KeyServerMoveV1.parse(resVersionedKs.dynamicField.value.bcs);
+      if (ksVersioned.keyType !== 0 /* BonehFranklinBLS12381 */) {
+        throw new InvalidKeyServerError(
+          `Server ${objectId} has invalid key type: ${ksVersioned.keyType}`
+        );
+      }
+      return {
+        objectId,
+        name: ksVersioned.name,
+        url: ksVersioned.url,
+        keyType: ksVersioned.keyType,
+        pk: new Uint8Array(ksVersioned.pk)
+      };
+    })
+  );
+}
+async function verifyKeyServer(server, timeout, apiKeyName, apiKey) {
+  const requestId = crypto.randomUUID();
+  const response = await fetch(server.url + "/v1/service?service_id=" + server.objectId, {
+    method: "GET",
+    headers: {
+      "Content-Type": "application/json",
+      "Request-Id": requestId,
+      "Client-Sdk-Type": "typescript",
+      "Client-Sdk-Version": PACKAGE_VERSION,
+      ...apiKeyName && apiKey ? { [apiKeyName]: apiKey } : {}
+    },
+    signal: AbortSignal.timeout(timeout)
+  });
+  await SealAPIError.assertResponse(response, requestId);
+  verifyKeyServerVersion(response);
+  const serviceResponse = await response.json();
+  if (serviceResponse.service_id !== server.objectId) {
+    return false;
+  }
+  const fullMsg = flatten([DST_POP, server.pk, fromHex(server.objectId)]);
+  return bls12_381.verifyShortSignature(fromBase64(serviceResponse.pop), fullMsg, server.pk);
+}
+function verifyKeyServerVersion(response) {
+  const keyServerVersion = response.headers.get("X-KeyServer-Version");
+  if (keyServerVersion == null) {
+    throw new InvalidKeyServerVersionError("Key server version not found");
+  }
+  if (new Version(keyServerVersion).older_than(SERVER_VERSION_REQUIREMENT)) {
+    throw new InvalidKeyServerVersionError(
+      `Key server version ${keyServerVersion} is not supported`
+    );
+  }
+}
+class BonehFranklinBLS12381DerivedKey {
+  constructor(key) {
+    this.key = key;
+    this.representation = toHex(key.toBytes());
+  }
+  toString() {
+    return this.representation;
+  }
+}
+async function fetchKeysForAllIds({
+  url,
+  requestSignature,
+  transactionBytes,
+  encKey,
+  encKeyPk,
+  encVerificationKey,
+  certificate,
+  timeout,
+  apiKeyName,
+  apiKey,
+  signal
+}) {
+  const body = {
+    ptb: toBase64(transactionBytes.slice(1)),
+    // removes the byte of the transaction type version
+    enc_key: toBase64(encKeyPk),
+    enc_verification_key: toBase64(encVerificationKey),
+    request_signature: requestSignature,
+    // already b64
+    certificate
+  };
+  const timeoutSignal = AbortSignal.timeout(timeout);
+  const combinedSignal = signal ? AbortSignal.any([signal, timeoutSignal]) : timeoutSignal;
+  const requestId = crypto.randomUUID();
+  const response = await fetch(url + "/v1/fetch_key", {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "Request-Id": requestId,
+      "Client-Sdk-Type": "typescript",
+      "Client-Sdk-Version": PACKAGE_VERSION,
+      ...apiKeyName && apiKey ? { [apiKeyName]: apiKey } : {}
+    },
+    body: JSON.stringify(body),
+    signal: combinedSignal
+  });
+  await SealAPIError.assertResponse(response, requestId);
+  const resp = await response.json();
+  verifyKeyServerVersion(response);
+  return resp.decryption_keys.map(
+    (dk) => ({
+      fullId: toHex(dk.id),
+      key: elgamalDecrypt(encKey, dk.encrypted_key.map(fromBase64))
+    })
+  );
+}
+export {
+  BonehFranklinBLS12381DerivedKey,
+  KeyServerType,
+  SERVER_VERSION_REQUIREMENT,
+  fetchKeysForAllIds,
+  retrieveKeyServers,
+  verifyKeyServer,
+  verifyKeyServerVersion
+};
+//# sourceMappingURL=key-server.js.map

package/dist/esm/key-server.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/key-server.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport { bcs, fromBase64, fromHex, toBase64, toHex } from '@haneullabs/bcs';\nimport { bls12_381 } from '@noble/curves/bls12-381';\n\nimport { KeyServerMove, KeyServerMoveV1 } from './bcs.js';\nimport { InvalidKeyServerError, InvalidKeyServerVersionError, SealAPIError } from './error.js';\nimport { DST_POP } from './ibe.js';\nimport { PACKAGE_VERSION } from './version.js';\nimport type { SealCompatibleClient } from './types.js';\nimport type { G1Element } from './bls12381.js';\nimport { flatten, Version } from './utils.js';\nimport { elgamalDecrypt } from './elgamal.js';\nimport type { Certificate } from './session-key.js';\n\nconst EXPECTED_SERVER_VERSION = 1;\n\nexport type KeyServer = {\n\tobjectId: string;\n\tname: string;\n\turl: string;\n\tkeyType: KeyServerType;\n\tpk: Uint8Array<ArrayBuffer>;\n};\n\nexport enum KeyServerType {\n\tBonehFranklinBLS12381 = 0,\n}\n\nexport const SERVER_VERSION_REQUIREMENT = new Version('0.4.1');\n\n/**\n * Given a list of key server object IDs, returns a list of SealKeyServer\n * from onchain state containing name, objectId, URL and pk.\n *\n * @param objectIds - The key server object IDs.\n * @param client - The HaneulClient to use.\n * @returns - An array of SealKeyServer.\n */\nexport async function retrieveKeyServers({\n\tobjectIds,\n\tclient,\n}: {\n\tobjectIds: string[];\n\tclient: SealCompatibleClient;\n}): Promise<KeyServer[]> {\n\treturn await Promise.all(\n\t\tobjectIds.map(async (objectId) => {\n\t\t\t// First get the KeyServer object and validate it.\n\t\t\tconst res = await client.core.getObject({\n\t\t\t\tobjectId,\n\t\t\t});\n\t\t\tconst ks = KeyServerMove.parse(await res.object.content);\n\t\t\tif (\n\t\t\t\tEXPECTED_SERVER_VERSION < Number(ks.firstVersion) ||\n\t\t\t\tEXPECTED_SERVER_VERSION > Number(ks.lastVersion)\n\t\t\t) {\n\t\t\t\tthrow new InvalidKeyServerVersionError(\n\t\t\t\t\t`Key server ${objectId} supports versions between ${ks.firstVersion} and ${ks.lastVersion} (inclusive), but SDK expects version ${EXPECTED_SERVER_VERSION}`,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\t// Then fetch the expected versioned object and parse it.\n\t\t\tconst resVersionedKs = await client.core.getDynamicField({\n\t\t\t\tparentId: objectId,\n\t\t\t\tname: {\n\t\t\t\t\ttype: 'u64',\n\t\t\t\t\tbcs: bcs.u64().serialize(EXPECTED_SERVER_VERSION).toBytes(),\n\t\t\t\t},\n\t\t\t});\n\n\t\t\tconst ksVersioned = KeyServerMoveV1.parse(resVersionedKs.dynamicField.value.bcs);\n\n\t\t\tif (ksVersioned.keyType !== KeyServerType.BonehFranklinBLS12381) {\n\t\t\t\tthrow new InvalidKeyServerError(\n\t\t\t\t\t`Server ${objectId} has invalid key type: ${ksVersioned.keyType}`,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tobjectId,\n\t\t\t\tname: ksVersioned.name,\n\t\t\t\turl: ksVersioned.url,\n\t\t\t\tkeyType: ksVersioned.keyType,\n\t\t\t\tpk: new Uint8Array(ksVersioned.pk),\n\t\t\t};\n\t\t}),\n\t);\n}\n\n/**\n * Given a KeyServer, fetch the proof of possession (PoP) from the URL and verify it\n * against the pubkey. This should be used only rarely when the dapp uses a dynamic\n * set of key servers.\n *\n * @param server - The KeyServer to verify.\n * @returns - True if the key server is valid, false otherwise.\n */\nexport async function verifyKeyServer(\n\tserver: KeyServer,\n\ttimeout: number,\n\tapiKeyName?: string,\n\tapiKey?: string,\n): Promise<boolean> {\n\tconst requestId = crypto.randomUUID();\n\tconst response = await fetch(server.url! + '/v1/service?service_id=' + server.objectId, {\n\t\tmethod: 'GET',\n\t\theaders: {\n\t\t\t'Content-Type': 'application/json',\n\t\t\t'Request-Id': requestId,\n\t\t\t'Client-Sdk-Type': 'typescript',\n\t\t\t'Client-Sdk-Version': PACKAGE_VERSION,\n\t\t\t...(apiKeyName && apiKey ? { [apiKeyName]: apiKey } : {}),\n\t\t},\n\t\tsignal: AbortSignal.timeout(timeout),\n\t});\n\n\tawait SealAPIError.assertResponse(response, requestId);\n\tverifyKeyServerVersion(response);\n\tconst serviceResponse = await response.json();\n\n\tif (serviceResponse.service_id !== server.objectId) {\n\t\treturn false;\n\t}\n\tconst fullMsg = flatten([DST_POP, server.pk, fromHex(server.objectId)]);\n\treturn bls12_381.verifyShortSignature(fromBase64(serviceResponse.pop), fullMsg, server.pk);\n}\n\n/**\n * Verify the key server version. Throws an `InvalidKeyServerError` if the version is not supported.\n *\n * @param response - The response from the key server.\n */\nexport function verifyKeyServerVersion(response: Response) {\n\tconst keyServerVersion = response.headers.get('X-KeyServer-Version');\n\tif (keyServerVersion == null) {\n\t\tthrow new InvalidKeyServerVersionError('Key server version not found');\n\t}\n\tif (new Version(keyServerVersion).older_than(SERVER_VERSION_REQUIREMENT)) {\n\t\tthrow new InvalidKeyServerVersionError(\n\t\t\t`Key server version ${keyServerVersion} is not supported`,\n\t\t);\n\t}\n}\n\nexport interface DerivedKey {\n\ttoString(): string;\n}\n\n/**\n * A user secret key for the Boneh-Franklin BLS12381 scheme.\n * This is a wrapper around the G1Element type.\n */\nexport class BonehFranklinBLS12381DerivedKey implements DerivedKey {\n\trepresentation: string;\n\n\tconstructor(public key: G1Element) {\n\t\tthis.representation = toHex(key.toBytes());\n\t}\n\n\ttoString(): string {\n\t\treturn this.representation;\n\t}\n}\n\n/**\n * Options for fetching keys from the key server.\n */\nexport interface FetchKeysOptions {\n\t/** The URL of the key server. */\n\turl: string;\n\t/** The Base64 string of request signature. */\n\trequestSignature: string;\n\t/** The transaction bytes. */\n\ttransactionBytes: Uint8Array;\n\t/** The ephemeral secret key. */\n\tencKey: Uint8Array<ArrayBuffer>;\n\t/** The ephemeral public key. */\n\tencKeyPk: Uint8Array<ArrayBuffer>;\n\t/** The ephemeral verification key. */\n\tencVerificationKey: Uint8Array;\n\t/** The certificate. */\n\tcertificate: Certificate;\n\t/** Request timeout in milliseconds. */\n\ttimeout: number;\n\t/** Optional API key name. */\n\tapiKeyName?: string;\n\t/** Optional API key. */\n\tapiKey?: string;\n\t/** Optional abort signal for cancellation. */\n\tsignal?: AbortSignal;\n}\n\n/**\n * Helper function to request all keys from URL with requestSig, txBytes, ephemeral pubkey.\n * Then decrypt the Seal key with ephemeral secret key. Returns a list decryption keys with\n * their full IDs.\n *\n * @param url - The URL of the key server.\n * @param requestSig - The Base64 string of request signature.\n * @param txBytes - The transaction bytes.\n * @param encKey - The ephemeral secret key.\n * @param certificate - The certificate.\n * @returns - A list of full ID and the decrypted key.\n */\nexport async function fetchKeysForAllIds({\n\turl,\n\trequestSignature,\n\ttransactionBytes,\n\tencKey,\n\tencKeyPk,\n\tencVerificationKey,\n\tcertificate,\n\ttimeout,\n\tapiKeyName,\n\tapiKey,\n\tsignal,\n}: FetchKeysOptions): Promise<{ fullId: string; key: Uint8Array<ArrayBuffer> }[]> {\n\tconst body = {\n\t\tptb: toBase64(transactionBytes.slice(1)), // removes the byte of the transaction type version\n\t\tenc_key: toBase64(encKeyPk),\n\t\tenc_verification_key: toBase64(encVerificationKey),\n\t\trequest_signature: requestSignature, // already b64\n\t\tcertificate,\n\t};\n\n\tconst timeoutSignal = AbortSignal.timeout(timeout);\n\tconst combinedSignal = signal ? AbortSignal.any([signal, timeoutSignal]) : timeoutSignal;\n\n\tconst requestId = crypto.randomUUID();\n\tconst response = await fetch(url + '/v1/fetch_key', {\n\t\tmethod: 'POST',\n\t\theaders: {\n\t\t\t'Content-Type': 'application/json',\n\t\t\t'Request-Id': requestId,\n\t\t\t'Client-Sdk-Type': 'typescript',\n\t\t\t'Client-Sdk-Version': PACKAGE_VERSION,\n\t\t\t...(apiKeyName && apiKey ? { [apiKeyName]: apiKey } : {}),\n\t\t},\n\t\tbody: JSON.stringify(body),\n\t\tsignal: combinedSignal,\n\t});\n\tawait SealAPIError.assertResponse(response, requestId);\n\tconst resp = await response.json();\n\tverifyKeyServerVersion(response);\n\n\treturn resp.decryption_keys.map(\n\t\t(dk: { id: Uint8Array<ArrayBuffer>; encrypted_key: [string, string] }) => ({\n\t\t\tfullId: toHex(dk.id),\n\t\t\tkey: elgamalDecrypt(encKey, dk.encrypted_key.map(fromBase64) as [Uint8Array, Uint8Array]),\n\t\t}),\n\t);\n}\n"],
+  "mappings": "AAEA,SAAS,KAAK,YAAY,SAAS,UAAU,aAAa;AAC1D,SAAS,iBAAiB;AAE1B,SAAS,eAAe,uBAAuB;AAC/C,SAAS,uBAAuB,8BAA8B,oBAAoB;AAClF,SAAS,eAAe;AACxB,SAAS,uBAAuB;AAGhC,SAAS,SAAS,eAAe;AACjC,SAAS,sBAAsB;AAG/B,MAAM,0BAA0B;AAUzB,IAAK,gBAAL,kBAAKA,mBAAL;AACN,EAAAA,8BAAA,2BAAwB,KAAxB;AADW,SAAAA;AAAA,GAAA;AAIL,MAAM,6BAA6B,IAAI,QAAQ,OAAO;AAU7D,eAAsB,mBAAmB;AAAA,EACxC;AAAA,EACA;AACD,GAGyB;AACxB,SAAO,MAAM,QAAQ;AAAA,IACpB,UAAU,IAAI,OAAO,aAAa;AAEjC,YAAM,MAAM,MAAM,OAAO,KAAK,UAAU;AAAA,QACvC;AAAA,MACD,CAAC;AACD,YAAM,KAAK,cAAc,MAAM,MAAM,IAAI,OAAO,OAAO;AACvD,UACC,0BAA0B,OAAO,GAAG,YAAY,KAChD,0BAA0B,OAAO,GAAG,WAAW,GAC9C;AACD,cAAM,IAAI;AAAA,UACT,cAAc,QAAQ,8BAA8B,GAAG,YAAY,QAAQ,GAAG,WAAW,yCAAyC,uBAAuB;AAAA,QAC1J;AAAA,MACD;AAGA,YAAM,iBAAiB,MAAM,OAAO,KAAK,gBAAgB;AAAA,QACxD,UAAU;AAAA,QACV,MAAM;AAAA,UACL,MAAM;AAAA,UACN,KAAK,IAAI,IAAI,EAAE,UAAU,uBAAuB,EAAE,QAAQ;AAAA,QAC3D;AAAA,MACD,CAAC;AAED,YAAM,cAAc,gBAAgB,MAAM,eAAe,aAAa,MAAM,GAAG;AAE/E,UAAI,YAAY,YAAY,+BAAqC;AAChE,cAAM,IAAI;AAAA,UACT,UAAU,QAAQ,0BAA0B,YAAY,OAAO;AAAA,QAChE;AAAA,MACD;AAEA,aAAO;AAAA,QACN;AAAA,QACA,MAAM,YAAY;AAAA,QAClB,KAAK,YAAY;AAAA,QACjB,SAAS,YAAY;AAAA,QACrB,IAAI,IAAI,WAAW,YAAY,EAAE;AAAA,MAClC;AAAA,IACD,CAAC;AAAA,EACF;AACD;AAUA,eAAsB,gBACrB,QACA,SACA,YACA,QACmB;AACnB,QAAM,YAAY,OAAO,WAAW;AACpC,QAAM,WAAW,MAAM,MAAM,OAAO,MAAO,4BAA4B,OAAO,UAAU;AAAA,IACvF,QAAQ;AAAA,IACR,SAAS;AAAA,MACR,gBAAgB;AAAA,MAChB,cAAc;AAAA,MACd,mBAAmB;AAAA,MACnB,sBAAsB;AAAA,MACtB,GAAI,cAAc,SAAS,EAAE,CAAC,UAAU,GAAG,OAAO,IAAI,CAAC;AAAA,IACxD;AAAA,IACA,QAAQ,YAAY,QAAQ,OAAO;AAAA,EACpC,CAAC;AAED,QAAM,aAAa,eAAe,UAAU,SAAS;AACrD,yBAAuB,QAAQ;AAC/B,QAAM,kBAAkB,MAAM,SAAS,KAAK;AAE5C,MAAI,gBAAgB,eAAe,OAAO,UAAU;AACnD,WAAO;AAAA,EACR;AACA,QAAM,UAAU,QAAQ,CAAC,SAAS,OAAO,IAAI,QAAQ,OAAO,QAAQ,CAAC,CAAC;AACtE,SAAO,UAAU,qBAAqB,WAAW,gBAAgB,GAAG,GAAG,SAAS,OAAO,EAAE;AAC1F;AAOO,SAAS,uBAAuB,UAAoB;AAC1D,QAAM,mBAAmB,SAAS,QAAQ,IAAI,qBAAqB;AACnE,MAAI,oBAAoB,MAAM;AAC7B,UAAM,IAAI,6BAA6B,8BAA8B;AAAA,EACtE;AACA,MAAI,IAAI,QAAQ,gBAAgB,EAAE,WAAW,0BAA0B,GAAG;AACzE,UAAM,IAAI;AAAA,MACT,sBAAsB,gBAAgB;AAAA,IACvC;AAAA,EACD;AACD;AAUO,MAAM,gCAAsD;AAAA,EAGlE,YAAmB,KAAgB;AAAhB;AAClB,SAAK,iBAAiB,MAAM,IAAI,QAAQ,CAAC;AAAA,EAC1C;AAAA,EAEA,WAAmB;AAClB,WAAO,KAAK;AAAA,EACb;AACD;AA0CA,eAAsB,mBAAmB;AAAA,EACxC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACD,GAAkF;AACjF,QAAM,OAAO;AAAA,IACZ,KAAK,SAAS,iBAAiB,MAAM,CAAC,CAAC;AAAA;AAAA,IACvC,SAAS,SAAS,QAAQ;AAAA,IAC1B,sBAAsB,SAAS,kBAAkB;AAAA,IACjD,mBAAmB;AAAA;AAAA,IACnB;AAAA,EACD;AAEA,QAAM,gBAAgB,YAAY,QAAQ,OAAO;AACjD,QAAM,iBAAiB,SAAS,YAAY,IAAI,CAAC,QAAQ,aAAa,CAAC,IAAI;AAE3E,QAAM,YAAY,OAAO,WAAW;AACpC,QAAM,WAAW,MAAM,MAAM,MAAM,iBAAiB;AAAA,IACnD,QAAQ;AAAA,IACR,SAAS;AAAA,MACR,gBAAgB;AAAA,MAChB,cAAc;AAAA,MACd,mBAAmB;AAAA,MACnB,sBAAsB;AAAA,MACtB,GAAI,cAAc,SAAS,EAAE,CAAC,UAAU,GAAG,OAAO,IAAI,CAAC;AAAA,IACxD;AAAA,IACA,MAAM,KAAK,UAAU,IAAI;AAAA,IACzB,QAAQ;AAAA,EACT,CAAC;AACD,QAAM,aAAa,eAAe,UAAU,SAAS;AACrD,QAAM,OAAO,MAAM,SAAS,KAAK;AACjC,yBAAuB,QAAQ;AAE/B,SAAO,KAAK,gBAAgB;AAAA,IAC3B,CAAC,QAA0E;AAAA,MAC1E,QAAQ,MAAM,GAAG,EAAE;AAAA,MACnB,KAAK,eAAe,QAAQ,GAAG,cAAc,IAAI,UAAU,CAA6B;AAAA,IACzF;AAAA,EACD;AACD;",
+  "names": ["KeyServerType"]
+}

package/dist/esm/package.json

@@ -0,0 +1,5 @@
+{
+  "private": true,
+  "type": "module",
+  "sideEffects": false
+}

package/dist/esm/session-key.d.ts

@@ -0,0 +1,74 @@
+import type { Signer } from '@haneullabs/haneul/cryptography';
+import type { SealCompatibleClient } from './types.js';
+export declare const RequestFormat: import("@haneullabs/bcs").BcsStruct<{
+    ptb: import("@haneullabs/bcs").BcsType<Uint8Array<ArrayBufferLike>, Iterable<number>, "vector<u8>">;
+    encKey: import("@haneullabs/bcs").BcsType<Uint8Array<ArrayBufferLike>, Iterable<number>, "vector<u8>">;
+    encVerificationKey: import("@haneullabs/bcs").BcsType<Uint8Array<ArrayBufferLike>, Iterable<number>, "vector<u8>">;
+}, string>;
+export type Certificate = {
+    user: string;
+    session_vk: string;
+    creation_time: number;
+    ttl_min: number;
+    signature: string;
+    mvr_name?: string;
+};
+export type ExportedSessionKey = {
+    address: string;
+    packageId: string;
+    mvrName?: string;
+    creationTimeMs: number;
+    ttlMin: number;
+    personalMessageSignature?: string;
+    sessionKey: string;
+};
+export declare class SessionKey {
+    #private;
+    private constructor();
+    /**
+     * Create a new SessionKey instance.
+     * @param address - The address of the user.
+     * @param packageId - The ID of the package.
+     * @param mvrName - Optional. The name of the MVR, if there is one.
+     * @param ttlMin - The TTL in minutes.
+     * @param signer - Optional. The signer instance, e.g. EnokiSigner.
+     * @param haneulClient - The Haneul client.
+     * @returns A new SessionKey instance.
+     */
+    static create({ address, packageId, mvrName, ttlMin, signer, haneulClient, }: {
+        address: string;
+        packageId: string;
+        mvrName?: string;
+        ttlMin: number;
+        signer?: Signer;
+        haneulClient: SealCompatibleClient;
+    }): Promise<SessionKey>;
+    isExpired(): boolean;
+    getAddress(): string;
+    getPackageName(): string;
+    getPackageId(): string;
+    getPersonalMessage(): Uint8Array;
+    setPersonalMessageSignature(personalMessageSignature: string): Promise<void>;
+    getCertificate(): Promise<Certificate>;
+    /**
+     * Create request params for the given transaction bytes.
+     * @param txBytes - The transaction bytes.
+     * @returns The request params containing the ephemeral secret key,
+     * its public key and its verification key.
+     */
+    createRequestParams(txBytes: Uint8Array): Promise<{
+        encKey: Uint8Array<ArrayBuffer>;
+        encKeyPk: Uint8Array<ArrayBuffer>;
+        encVerificationKey: Uint8Array<ArrayBuffer>;
+        requestSignature: string;
+    }>;
+    /**
+     * Export the Session Key object from the instance. Store the object in IndexedDB to persist.
+     */
+    export(): ExportedSessionKey;
+    /**
+     * Restore a SessionKey instance for the given object.
+     * @returns A new SessionKey instance with restored state
+     */
+    static import(data: ExportedSessionKey, haneulClient: SealCompatibleClient, signer?: Signer): SessionKey;
+}