npm - @morseai/sdk - Versions diffs - 0.1.0-beta.5 → 0.1.0-beta.7 - Mend

@morseai/sdk 0.1.0-beta.5 → 0.1.0-beta.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/index.mjs CHANGED Viewed

@@ -26,6 +26,7 @@ __export(crypto_x25519_exports, {
   deriveKeyPairFromWalletSignature: () => deriveKeyPairFromWalletSignature,
   generateSignalId: () => generateSignalId,
   openSharedSignal: () => openSharedSignal,
+  sealDataKey: () => sealDataKey,
   verifyKeyCertificate: () => verifyKeyCertificate
 });
 async function getSodium() {
@@ -285,6 +286,54 @@ async function openSharedSignal(encryptedPayloadBase64, payloadNonceBase64, seal
   );
   return payload;
 }
+async function sealDataKey(dataKeyBytes, walletTarget, walletCreator, expiresAt, signalId, domain, chainId, signMessage) {
+  await getSodium();
+  const senderKeypair = sodium.crypto_box_keypair();
+  const recipientKeypair = await deriveKeyPairFromWalletSignature(
+    walletTarget,
+    domain,
+    chainId,
+    signMessage
+  );
+  const recipientPubKey = recipientKeypair.publicKey;
+  const sharedSecret = sodium.crypto_scalarmult(
+    senderKeypair.privateKey,
+    recipientPubKey
+  );
+  const salt = `MORSE_SEAL_${signalId}_v1`;
+  const info = "wrap_datakey";
+  const wrappingKey = await hkdfSha256(sharedSecret, salt, info, 32);
+  const sealedNonce = sodium.randombytes_buf(sodium.crypto_aead_xchacha20poly1305_ietf_NPUBBYTES);
+  const expiresAtInt = Math.floor(Number(expiresAt));
+  const abiCoder = ethers.AbiCoder.defaultAbiCoder();
+  const senderEphemeralPubKeyHex = ethers.zeroPadValue(ethers.hexlify(senderKeypair.publicKey), 32);
+  const aad = abiCoder.encode(
+    ["string", "address", "address", "uint64", "string", "bytes32"],
+    [
+      signalId,
+      walletTarget.toLowerCase(),
+      walletCreator.toLowerCase(),
+      expiresAtInt,
+      X25519_CIPHER_VERSION,
+      senderEphemeralPubKeyHex
+    ]
+  );
+  const aadBytes = ethers.getBytes(aad);
+  const aadHash = ethers.keccak256(aad).slice(2);
+  const sealedDataKey = sodium.crypto_aead_xchacha20poly1305_ietf_encrypt(
+    dataKeyBytes,
+    aadBytes,
+    null,
+    sealedNonce,
+    wrappingKey
+  );
+  return {
+    sealedDataKey: Buffer.from(sealedDataKey).toString("base64"),
+    sealedNonce: Buffer.from(sealedNonce).toString("base64"),
+    senderEphemeralPublicKey: Buffer.from(senderKeypair.publicKey).toString("base64"),
+    aadHash
+  };
+}
 function generateSignalId() {
   const bytes = new Uint8Array(16);
   globalThis.crypto.getRandomValues(bytes);
@@ -622,7 +671,7 @@ async function decryptFile(encryptedData, ivBase64, key) {
   return decrypted;
 }
 function generateShareableLink(baseUrl, signalId, keyBase64) {
-  return `${baseUrl}/view/${signalId}#k=${encodeURIComponent(keyBase64)}`;
+  return `${baseUrl}/view/${signalId}`;
 }
 // src/implementations/v1/MorseSDKV1.ts
@@ -1244,6 +1293,35 @@ var MorseSDKV1 = class {
   async createPrivateSignalEncrypted(wallet, options) {
     const key = await generateKey();
     const keyBase64 = await exportKey(key);
+    const signalId = options.signalId || generateSignalId();
+    let expiresAtMs;
+    if (options.expiresAt) {
+      expiresAtMs = new Date(options.expiresAt).getTime();
+    } else if (options.expiresIn) {
+      const match = options.expiresIn.match(/^(\d+)([smhd])$/);
+      if (!match) throw new Error("Invalid expiresIn format");
+      const value = parseInt(match[1], 10);
+      const unit = match[2];
+      const multipliers = { s: 1e3, m: 6e4, h: 36e5, d: 864e5 };
+      expiresAtMs = Date.now() + value * multipliers[unit];
+    } else {
+      expiresAtMs = Date.now() + 24 * 60 * 60 * 1e3;
+    }
+    const walletTarget = wallet.address;
+    const walletCreator = wallet.address;
+    const domain = "morse.app";
+    const chainId = 8453;
+    const keyBytes = this.base64ToUint8Array(keyBase64);
+    const sealedBox = await sealDataKey(
+      keyBytes,
+      walletTarget.toLowerCase(),
+      walletCreator.toLowerCase(),
+      expiresAtMs,
+      signalId,
+      domain,
+      chainId,
+      wallet.signMessage
+    );
     let encryptedText;
     let payloadNonce;
     let fileOptions;
@@ -1270,6 +1348,7 @@ var MorseSDKV1 = class {
       };
     }
     const signalOptions = {
+      signalId,
       walletTarget: options.walletTarget,
       shareWithRecipient: options.shareWithRecipient,
       mode: options.mode,
@@ -1278,16 +1357,18 @@ var MorseSDKV1 = class {
       cipherVersion: getCipherVersion(),
       encryptedText,
       payloadNonce,
+      sealedDataKey: sealedBox.sealedDataKey,
+      sealedNonce: sealedBox.sealedNonce,
+      senderEphemeralPublicKey: sealedBox.senderEphemeralPublicKey,
+      aadHash: sealedBox.aadHash,
       file: fileOptions,
       onChainNotification: options.onChainNotification,
-      expiresAt: options.expiresAt,
-      expiresIn: options.expiresIn
+      expiresAt: new Date(expiresAtMs).toISOString()
     };
     const result = await this.createSignal(wallet, signalOptions);
-    const shareableLink = generateShareableLink(FRONTEND_BASE_URL, result.signalId, keyBase64);
+    const shareableLink = generateShareableLink(FRONTEND_BASE_URL, result.signalId);
     return {
       ...result,
-      keyBase64,
       shareableLink
     };
   }
@@ -1385,8 +1466,6 @@ var MorseSDKV1 = class {
     const shareableLink = `${FRONTEND_BASE_URL}/view/${result.signalId}`;
     return {
       ...result,
-      keyBase64: "",
-      // No key needed for X25519 signals
       shareableLink
     };
   }