@mysten/seal 0.0.0-experimental-20250330082435

package/dist/esm/client.d.ts

@@ -0,0 +1,83 @@
+import type { SuiClient } from '@mysten/sui/client';
+import { DemType, KemType } from './encrypt.js';
+import type { KeyServer } from './key-server.js';
+import type { SessionKey } from './session-key.js';
+/**
+ * Configuration options for initializing a SealClient
+ * @property serverObjectIds: Array of object IDs for the key servers to use.
+ * @property verifyKeyServers: Whether to verify the key servers' authenticity.
+ * 	 Should be false if servers are pre-verified (e.g., getAllowlistedKeyServers).
+ * 	 Defaults to true.
+ * @property timeout: Timeout in milliseconds for network requests. Defaults to 10 seconds.
+ */
+export interface SealClientOptions {
+    suiClient: SuiClient;
+    serverObjectIds: string[];
+    verifyKeyServers?: boolean;
+    timeout?: number;
+}
+export declare class SealClient {
+    #private;
+    constructor(options: SealClientOptions);
+    /**
+     * Return an encrypted message under the identity.
+     *
+     * @param kemType - The type of KEM to use.
+     * @param demType - The type of DEM to use.
+     * @param threshold - The threshold for the TSS encryption.
+     * @param packageId - the packageId namespace.
+     * @param id - the identity to use.
+     * @param data - the data to encrypt.
+     * @param aad - optional additional authenticated data.
+     * @returns The bcs bytes of the encrypted object containing all metadata and the 256-bit symmetric key that was used to encrypt the object.
+     * 	Since the symmetric key can be used to decrypt, it should not be shared but can be used e.g. for backup.
+     */
+    encrypt({ kemType, demType, threshold, packageId, id, data, aad, }: {
+        kemType?: KemType;
+        demType?: DemType;
+        threshold: number;
+        packageId: string;
+        id: string;
+        data: Uint8Array;
+        aad?: Uint8Array;
+    }): Promise<{
+        encryptedObject: Uint8Array;
+        key: Uint8Array;
+    }>;
+    /**
+     * Decrypt the given encrypted bytes using cached keys.
+     * Calls fetchKeys in case one or more of the required keys is not cached yet.
+     * The function throws an error if the client's key servers are not a subset of
+     * the encrypted object's key servers (including the same weights) or if the
+     * threshold cannot be met.
+     *
+     * @param data - The encrypted bytes to decrypt.
+     * @param sessionKey - The session key to use.
+     * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).
+     * @returns - The decrypted plaintext corresponding to ciphertext.
+     */
+    decrypt({ data, sessionKey, txBytes, }: {
+        data: Uint8Array;
+        sessionKey: SessionKey;
+        txBytes: Uint8Array;
+    }): Promise<Uint8Array<ArrayBufferLike>>;
+    getKeyServers(): Promise<KeyServer[]>;
+    /**
+     * Fetch keys from the key servers and update the cache.
+     *
+     * It is recommended to call this function once for all ids of all encrypted obejcts if
+     * there are multiple, then call decrypt for each object. This avoids calling fetchKey
+     * individually for each decrypt.
+     *
+     * @param ids - The ids of the encrypted objects.
+     * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).
+     * @param sessionKey - The session key to use.
+     * @param threshold - The threshold for the TSS encryptions. The function returns when a threshold of key servers had returned keys for all ids.
+     */
+    fetchKeys({ ids, txBytes, sessionKey, threshold, }: {
+        ids: string[];
+        txBytes: Uint8Array;
+        sessionKey: SessionKey;
+        threshold: number;
+    }): Promise<void>;
+}

package/dist/esm/client.js

@@ -0,0 +1,268 @@
+var __typeError = (msg) => {
+  throw TypeError(msg);
+};
+var __accessCheck = (obj, member, msg) => member.has(obj) || __typeError("Cannot " + msg);
+var __privateGet = (obj, member, getter) => (__accessCheck(obj, member, "read from private field"), getter ? getter.call(obj) : member.get(obj));
+var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot add the same private member more than once") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
+var __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, "write to private field"), setter ? setter.call(obj, value) : member.set(obj, value), value);
+var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "access private method"), method);
+var _suiClient, _serverObjectIds, _verifyKeyServers, _keyServers, _cachedKeys, _timeout, _SealClient_instances, createEncryptionInput_fn, validateEncryptionServices_fn, loadKeyServers_fn;
+import { EncryptedObject } from "./bcs.js";
+import { G1Element, G2Element } from "./bls12381.js";
+import { decrypt } from "./decrypt.js";
+import { AesGcm256, Hmac256Ctr } from "./dem.js";
+import { DemType, encrypt, KemType } from "./encrypt.js";
+import {
+  InconsistentKeyServersError,
+  InvalidKeyServerError,
+  InvalidThresholdError,
+  toMajorityError
+} from "./error.js";
+import { BonehFranklinBLS12381Services, DST } from "./ibe.js";
+import { KeyServerType, retrieveKeyServers, verifyKeyServer } from "./key-server.js";
+import { fetchKeysForAllIds } from "./keys.js";
+import { createFullId } from "./utils.js";
+class SealClient {
+  constructor(options) {
+    __privateAdd(this, _SealClient_instances);
+    __privateAdd(this, _suiClient);
+    __privateAdd(this, _serverObjectIds);
+    __privateAdd(this, _verifyKeyServers);
+    __privateAdd(this, _keyServers, null);
+    // A caching map for: fullId:object_id -> partial key.
+    __privateAdd(this, _cachedKeys, /* @__PURE__ */ new Map());
+    __privateAdd(this, _timeout);
+    __privateSet(this, _suiClient, options.suiClient);
+    __privateSet(this, _serverObjectIds, options.serverObjectIds);
+    __privateSet(this, _verifyKeyServers, options.verifyKeyServers ?? true);
+    __privateSet(this, _timeout, options.timeout ?? 1e4);
+  }
+  /**
+   * Return an encrypted message under the identity.
+   *
+   * @param kemType - The type of KEM to use.
+   * @param demType - The type of DEM to use.
+   * @param threshold - The threshold for the TSS encryption.
+   * @param packageId - the packageId namespace.
+   * @param id - the identity to use.
+   * @param data - the data to encrypt.
+   * @param aad - optional additional authenticated data.
+   * @returns The bcs bytes of the encrypted object containing all metadata and the 256-bit symmetric key that was used to encrypt the object.
+   * 	Since the symmetric key can be used to decrypt, it should not be shared but can be used e.g. for backup.
+   */
+  async encrypt({
+    kemType = KemType.BonehFranklinBLS12381DemCCA,
+    demType = DemType.AesGcm256,
+    threshold,
+    packageId,
+    id,
+    data,
+    aad = new Uint8Array()
+  }) {
+    return encrypt({
+      keyServers: await this.getKeyServers(),
+      kemType,
+      threshold,
+      packageId,
+      id,
+      encryptionInput: __privateMethod(this, _SealClient_instances, createEncryptionInput_fn).call(this, demType, data, aad)
+    });
+  }
+  /**
+   * Decrypt the given encrypted bytes using cached keys.
+   * Calls fetchKeys in case one or more of the required keys is not cached yet.
+   * The function throws an error if the client's key servers are not a subset of
+   * the encrypted object's key servers (including the same weights) or if the
+   * threshold cannot be met.
+   *
+   * @param data - The encrypted bytes to decrypt.
+   * @param sessionKey - The session key to use.
+   * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).
+   * @returns - The decrypted plaintext corresponding to ciphertext.
+   */
+  async decrypt({
+    data,
+    sessionKey,
+    txBytes
+  }) {
+    const encryptedObject = EncryptedObject.parse(data);
+    __privateMethod(this, _SealClient_instances, validateEncryptionServices_fn).call(this, encryptedObject.services.map((s) => s[0]), encryptedObject.threshold);
+    await this.fetchKeys({
+      ids: [encryptedObject.id],
+      txBytes,
+      sessionKey,
+      threshold: encryptedObject.threshold
+    });
+    return decrypt({ encryptedObject, keys: __privateGet(this, _cachedKeys) });
+  }
+  async getKeyServers() {
+    if (!__privateGet(this, _keyServers)) {
+      __privateSet(this, _keyServers, __privateMethod(this, _SealClient_instances, loadKeyServers_fn).call(this).catch((error) => {
+        __privateSet(this, _keyServers, null);
+        throw error;
+      }));
+    }
+    return __privateGet(this, _keyServers);
+  }
+  /**
+   * Fetch keys from the key servers and update the cache.
+   *
+   * It is recommended to call this function once for all ids of all encrypted obejcts if
+   * there are multiple, then call decrypt for each object. This avoids calling fetchKey
+   * individually for each decrypt.
+   *
+   * @param ids - The ids of the encrypted objects.
+   * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).
+   * @param sessionKey - The session key to use.
+   * @param threshold - The threshold for the TSS encryptions. The function returns when a threshold of key servers had returned keys for all ids.
+   */
+  async fetchKeys({
+    ids,
+    txBytes,
+    sessionKey,
+    threshold
+  }) {
+    const keyServers = await this.getKeyServers();
+    if (threshold > keyServers.length || threshold < 1 || keyServers.length < 1) {
+      throw new InvalidThresholdError(
+        `Invalid threshold ${threshold} for ${keyServers.length} servers`
+      );
+    }
+    let completedServerCount = 0;
+    const remainingKeyServers = /* @__PURE__ */ new Set();
+    const fullIds = ids.map((id) => createFullId(DST, sessionKey.getPackageId(), id));
+    for (const server of keyServers) {
+      let hasAllKeys = true;
+      for (const fullId of fullIds) {
+        if (!__privateGet(this, _cachedKeys).has(`${fullId}:${server.objectId}`)) {
+          hasAllKeys = false;
+          remainingKeyServers.add(server);
+          break;
+        }
+      }
+      if (hasAllKeys) {
+        completedServerCount++;
+      }
+    }
+    if (completedServerCount >= threshold) {
+      return;
+    }
+    for (const server of remainingKeyServers) {
+      if (server.keyType !== KeyServerType.BonehFranklinBLS12381) {
+        throw new InvalidKeyServerError(
+          `Server ${server.objectId} has invalid key type: ${server.keyType}`
+        );
+      }
+    }
+    const cert = await sessionKey.getCertificate();
+    const signedRequest = await sessionKey.createRequestParams(txBytes);
+    const controller = new AbortController();
+    const errors = [];
+    const keyFetches = [...remainingKeyServers].map(async (server) => {
+      try {
+        const allKeys = await fetchKeysForAllIds(
+          server.url,
+          signedRequest.requestSignature,
+          txBytes,
+          signedRequest.decryptionKey,
+          cert,
+          __privateGet(this, _timeout),
+          controller.signal
+        );
+        let receivedIds = /* @__PURE__ */ new Set();
+        for (const { fullId, key } of allKeys) {
+          const keyElement = G1Element.fromBytes(key);
+          if (!BonehFranklinBLS12381Services.verifyUserSecretKey(
+            keyElement,
+            fullId,
+            G2Element.fromBytes(server.pk)
+          )) {
+            console.warn("Received invalid key from key server " + server.objectId);
+            continue;
+          }
+          __privateGet(this, _cachedKeys).set(`${fullId}:${server.objectId}`, keyElement);
+          receivedIds.add(fullId);
+        }
+        const expectedIds = new Set(fullIds);
+        const hasAllKeys = receivedIds.size === expectedIds.size && [...receivedIds].every((id) => expectedIds.has(id));
+        if (hasAllKeys) {
+          completedServerCount++;
+          if (completedServerCount >= threshold) {
+            controller.abort();
+          }
+        }
+      } catch (error) {
+        if (!controller.signal.aborted) {
+          errors.push(error);
+        }
+        if (remainingKeyServers.size - errors.length < threshold - completedServerCount) {
+          controller.abort(error);
+        }
+      }
+    });
+    await Promise.allSettled(keyFetches);
+    if (completedServerCount < threshold) {
+      throw toMajorityError(errors);
+    }
+  }
+}
+_suiClient = new WeakMap();
+_serverObjectIds = new WeakMap();
+_verifyKeyServers = new WeakMap();
+_keyServers = new WeakMap();
+_cachedKeys = new WeakMap();
+_timeout = new WeakMap();
+_SealClient_instances = new WeakSet();
+createEncryptionInput_fn = function(type, data, aad) {
+  switch (type) {
+    case DemType.AesGcm256:
+      return new AesGcm256(data, aad);
+    case DemType.Hmac256Ctr:
+      return new Hmac256Ctr(data, aad);
+  }
+};
+validateEncryptionServices_fn = function(services, threshold) {
+  const serverObjectIdsMap = /* @__PURE__ */ new Map();
+  for (const objectId of __privateGet(this, _serverObjectIds)) {
+    serverObjectIdsMap.set(objectId, (serverObjectIdsMap.get(objectId) ?? 0) + 1);
+  }
+  const servicesMap = /* @__PURE__ */ new Map();
+  for (const service of services) {
+    servicesMap.set(service, (servicesMap.get(service) ?? 0) + 1);
+  }
+  for (const [objectId, count] of serverObjectIdsMap) {
+    if (servicesMap.get(objectId) !== count) {
+      throw new InconsistentKeyServersError(
+        `Client's key servers must be a subset of the encrypted object's key servers`
+      );
+    }
+  }
+  if (threshold > __privateGet(this, _serverObjectIds).length) {
+    throw new InvalidThresholdError(
+      `Invalid threshold ${threshold} for ${__privateGet(this, _serverObjectIds).length} servers`
+    );
+  }
+};
+loadKeyServers_fn = async function() {
+  const keyServers = await retrieveKeyServers({
+    objectIds: __privateGet(this, _serverObjectIds),
+    client: __privateGet(this, _suiClient)
+  });
+  if (keyServers.length === 0) {
+    throw new InvalidKeyServerError("No key servers found");
+  }
+  if (__privateGet(this, _verifyKeyServers)) {
+    await Promise.all(
+      keyServers.map(async (server) => {
+        if (!await verifyKeyServer(server, __privateGet(this, _timeout))) {
+          throw new InvalidKeyServerError(`Key server ${server.objectId} is not valid`);
+        }
+      })
+    );
+  }
+  return keyServers;
+};
+export {
+  SealClient
+};
+//# sourceMappingURL=client.js.map

package/dist/esm/client.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/client.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { SuiClient } from '@mysten/sui/client';\n\nimport { EncryptedObject } from './bcs.js';\nimport { G1Element, G2Element } from './bls12381.js';\nimport { decrypt } from './decrypt.js';\nimport type { EncryptionInput } from './dem.js';\nimport { AesGcm256, Hmac256Ctr } from './dem.js';\nimport { DemType, encrypt, KemType } from './encrypt.js';\nimport {\n\tInconsistentKeyServersError,\n\tInvalidKeyServerError,\n\tInvalidThresholdError,\n\ttoMajorityError,\n} from './error.js';\nimport { BonehFranklinBLS12381Services, DST } from './ibe.js';\nimport { KeyServerType, retrieveKeyServers, verifyKeyServer } from './key-server.js';\nimport type { KeyServer } from './key-server.js';\nimport { fetchKeysForAllIds } from './keys.js';\nimport type { SessionKey } from './session-key.js';\nimport type { KeyCacheKey } from './types.js';\nimport { createFullId } from './utils.js';\n\n/**\n * Configuration options for initializing a SealClient\n * @property serverObjectIds: Array of object IDs for the key servers to use.\n * @property verifyKeyServers: Whether to verify the key servers' authenticity.\n * \t Should be false if servers are pre-verified (e.g., getAllowlistedKeyServers).\n * \t Defaults to true.\n * @property timeout: Timeout in milliseconds for network requests. Defaults to 10 seconds.\n */\nexport interface SealClientOptions {\n\tsuiClient: SuiClient;\n\tserverObjectIds: string[];\n\tverifyKeyServers?: boolean;\n\ttimeout?: number;\n}\n\nexport class SealClient {\n\t#suiClient: SuiClient;\n\t#serverObjectIds: string[];\n\t#verifyKeyServers: boolean;\n\t#keyServers: Promise<KeyServer[]> | null = null;\n\t// A caching map for: fullId:object_id -> partial key.\n\t#cachedKeys = new Map<KeyCacheKey, G1Element>();\n\t#timeout: number;\n\n\tconstructor(options: SealClientOptions) {\n\t\tthis.#suiClient = options.suiClient;\n\t\tthis.#serverObjectIds = options.serverObjectIds;\n\t\tthis.#verifyKeyServers = options.verifyKeyServers ?? true;\n\t\tthis.#timeout = options.timeout ?? 10_000;\n\t}\n\n\t/**\n\t * Return an encrypted message under the identity.\n\t *\n\t * @param kemType - The type of KEM to use.\n\t * @param demType - The type of DEM to use.\n\t * @param threshold - The threshold for the TSS encryption.\n\t * @param packageId - the packageId namespace.\n\t * @param id - the identity to use.\n\t * @param data - the data to encrypt.\n\t * @param aad - optional additional authenticated data.\n\t * @returns The bcs bytes of the encrypted object containing all metadata and the 256-bit symmetric key that was used to encrypt the object.\n\t * \tSince the symmetric key can be used to decrypt, it should not be shared but can be used e.g. for backup.\n\t */\n\tasync encrypt({\n\t\tkemType = KemType.BonehFranklinBLS12381DemCCA,\n\t\tdemType = DemType.AesGcm256,\n\t\tthreshold,\n\t\tpackageId,\n\t\tid,\n\t\tdata,\n\t\taad = new Uint8Array(),\n\t}: {\n\t\tkemType?: KemType;\n\t\tdemType?: DemType;\n\t\tthreshold: number;\n\t\tpackageId: string;\n\t\tid: string;\n\t\tdata: Uint8Array;\n\t\taad?: Uint8Array;\n\t}) {\n\t\t// TODO: Verify that packageId is first version of its package (else throw error).\n\t\treturn encrypt({\n\t\t\tkeyServers: await this.getKeyServers(),\n\t\t\tkemType,\n\t\t\tthreshold,\n\t\t\tpackageId,\n\t\t\tid,\n\t\t\tencryptionInput: this.#createEncryptionInput(demType, data, aad),\n\t\t});\n\t}\n\n\t#createEncryptionInput(type: DemType, data: Uint8Array, aad: Uint8Array): EncryptionInput {\n\t\tswitch (type) {\n\t\t\tcase DemType.AesGcm256:\n\t\t\t\treturn new AesGcm256(data, aad);\n\t\t\tcase DemType.Hmac256Ctr:\n\t\t\t\treturn new Hmac256Ctr(data, aad);\n\t\t}\n\t}\n\n\t/**\n\t * Decrypt the given encrypted bytes using cached keys.\n\t * Calls fetchKeys in case one or more of the required keys is not cached yet.\n\t * The function throws an error if the client's key servers are not a subset of\n\t * the encrypted object's key servers (including the same weights) or if the\n\t * threshold cannot be met.\n\t *\n\t * @param data - The encrypted bytes to decrypt.\n\t * @param sessionKey - The session key to use.\n\t * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).\n\t * @returns - The decrypted plaintext corresponding to ciphertext.\n\t */\n\tasync decrypt({\n\t\tdata,\n\t\tsessionKey,\n\t\ttxBytes,\n\t}: {\n\t\tdata: Uint8Array;\n\t\tsessionKey: SessionKey;\n\t\ttxBytes: Uint8Array;\n\t}) {\n\t\tconst encryptedObject = EncryptedObject.parse(data);\n\n\t\tthis.#validateEncryptionServices(\n\t\t\tencryptedObject.services.map((s) => s[0]),\n\t\t\tencryptedObject.threshold,\n\t\t);\n\n\t\tawait this.fetchKeys({\n\t\t\tids: [encryptedObject.id],\n\t\t\ttxBytes,\n\t\t\tsessionKey,\n\t\t\tthreshold: encryptedObject.threshold,\n\t\t});\n\n\t\treturn decrypt({ encryptedObject, keys: this.#cachedKeys });\n\t}\n\n\t#validateEncryptionServices(services: string[], threshold: number) {\n\t\t// Check that the client's key servers are a subset of the encrypted object's key servers.\n\t\tconst serverObjectIdsMap = new Map<string, number>();\n\t\tfor (const objectId of this.#serverObjectIds) {\n\t\t\tserverObjectIdsMap.set(objectId, (serverObjectIdsMap.get(objectId) ?? 0) + 1);\n\t\t}\n\t\tconst servicesMap = new Map<string, number>();\n\t\tfor (const service of services) {\n\t\t\tservicesMap.set(service, (servicesMap.get(service) ?? 0) + 1);\n\t\t}\n\t\tfor (const [objectId, count] of serverObjectIdsMap) {\n\t\t\tif (servicesMap.get(objectId) !== count) {\n\t\t\t\tthrow new InconsistentKeyServersError(\n\t\t\t\t\t`Client's key servers must be a subset of the encrypted object's key servers`,\n\t\t\t\t);\n\t\t\t}\n\t\t}\n\t\t// Check that the threshold can be met with the client's key servers.\n\t\tif (threshold > this.#serverObjectIds.length) {\n\t\t\tthrow new InvalidThresholdError(\n\t\t\t\t`Invalid threshold ${threshold} for ${this.#serverObjectIds.length} servers`,\n\t\t\t);\n\t\t}\n\t}\n\n\tasync getKeyServers() {\n\t\tif (!this.#keyServers) {\n\t\t\tthis.#keyServers = this.#loadKeyServers().catch((error) => {\n\t\t\t\tthis.#keyServers = null;\n\t\t\t\tthrow error;\n\t\t\t});\n\t\t}\n\n\t\treturn this.#keyServers;\n\t}\n\n\tasync #loadKeyServers(): Promise<KeyServer[]> {\n\t\tconst keyServers = await retrieveKeyServers({\n\t\t\tobjectIds: this.#serverObjectIds,\n\t\t\tclient: this.#suiClient,\n\t\t});\n\n\t\tif (keyServers.length === 0) {\n\t\t\tthrow new InvalidKeyServerError('No key servers found');\n\t\t}\n\n\t\tif (this.#verifyKeyServers) {\n\t\t\tawait Promise.all(\n\t\t\t\tkeyServers.map(async (server) => {\n\t\t\t\t\tif (!(await verifyKeyServer(server, this.#timeout))) {\n\t\t\t\t\t\tthrow new InvalidKeyServerError(`Key server ${server.objectId} is not valid`);\n\t\t\t\t\t}\n\t\t\t\t}),\n\t\t\t);\n\t\t}\n\n\t\treturn keyServers;\n\t}\n\n\t/**\n\t * Fetch keys from the key servers and update the cache.\n\t *\n\t * It is recommended to call this function once for all ids of all encrypted obejcts if\n\t * there are multiple, then call decrypt for each object. This avoids calling fetchKey\n\t * individually for each decrypt.\n\t *\n\t * @param ids - The ids of the encrypted objects.\n\t * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).\n\t * @param sessionKey - The session key to use.\n\t * @param threshold - The threshold for the TSS encryptions. The function returns when a threshold of key servers had returned keys for all ids.\n\t */\n\tasync fetchKeys({\n\t\tids,\n\t\ttxBytes,\n\t\tsessionKey,\n\t\tthreshold,\n\t}: {\n\t\tids: string[];\n\t\ttxBytes: Uint8Array;\n\t\tsessionKey: SessionKey;\n\t\tthreshold: number;\n\t}) {\n\t\tconst keyServers = await this.getKeyServers();\n\t\tif (threshold > keyServers.length || threshold < 1 || keyServers.length < 1) {\n\t\t\tthrow new InvalidThresholdError(\n\t\t\t\t`Invalid threshold ${threshold} for ${keyServers.length} servers`,\n\t\t\t);\n\t\t}\n\n\t\tlet completedServerCount = 0;\n\t\tconst remainingKeyServers = new Set<KeyServer>();\n\t\tconst fullIds = ids.map((id) => createFullId(DST, sessionKey.getPackageId(), id));\n\n\t\t// Count a server as completed if it has keys for all fullIds.\n\t\t// Duplicated key server ids will be counted towards the threshold.\n\t\tfor (const server of keyServers) {\n\t\t\tlet hasAllKeys = true;\n\t\t\tfor (const fullId of fullIds) {\n\t\t\t\tif (!this.#cachedKeys.has(`${fullId}:${server.objectId}`)) {\n\t\t\t\t\thasAllKeys = false;\n\t\t\t\t\tremainingKeyServers.add(server);\n\t\t\t\t\tbreak;\n\t\t\t\t}\n\t\t\t}\n\t\t\tif (hasAllKeys) {\n\t\t\t\tcompletedServerCount++;\n\t\t\t}\n\t\t}\n\n\t\t// Return early if we have enough keys from cache.\n\t\tif (completedServerCount >= threshold) {\n\t\t\treturn;\n\t\t}\n\n\t\t// Check server validities.\n\t\tfor (const server of remainingKeyServers) {\n\t\t\tif (server.keyType !== KeyServerType.BonehFranklinBLS12381) {\n\t\t\t\tthrow new InvalidKeyServerError(\n\t\t\t\t\t`Server ${server.objectId} has invalid key type: ${server.keyType}`,\n\t\t\t\t);\n\t\t\t}\n\t\t}\n\n\t\tconst cert = await sessionKey.getCertificate();\n\t\tconst signedRequest = await sessionKey.createRequestParams(txBytes);\n\n\t\tconst controller = new AbortController();\n\t\tconst errors: Error[] = [];\n\n\t\tconst keyFetches = [...remainingKeyServers].map(async (server) => {\n\t\t\ttry {\n\t\t\t\tconst allKeys = await fetchKeysForAllIds(\n\t\t\t\t\tserver.url,\n\t\t\t\t\tsignedRequest.requestSignature,\n\t\t\t\t\ttxBytes,\n\t\t\t\t\tsignedRequest.decryptionKey,\n\t\t\t\t\tcert,\n\t\t\t\t\tthis.#timeout,\n\t\t\t\t\tcontroller.signal,\n\t\t\t\t);\n\t\t\t\t// Check validity of the keys and add them to the cache.\n\t\t\t\tlet receivedIds = new Set<string>();\n\t\t\t\tfor (const { fullId, key } of allKeys) {\n\t\t\t\t\tconst keyElement = G1Element.fromBytes(key);\n\t\t\t\t\tif (\n\t\t\t\t\t\t!BonehFranklinBLS12381Services.verifyUserSecretKey(\n\t\t\t\t\t\t\tkeyElement,\n\t\t\t\t\t\t\tfullId,\n\t\t\t\t\t\t\tG2Element.fromBytes(server.pk),\n\t\t\t\t\t\t)\n\t\t\t\t\t) {\n\t\t\t\t\t\tconsole.warn('Received invalid key from key server ' + server.objectId);\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\t\t\t\t\tthis.#cachedKeys.set(`${fullId}:${server.objectId}`, keyElement);\n\t\t\t\t\treceivedIds.add(fullId);\n\t\t\t\t}\n\n\t\t\t\t// Check if all the receivedIds are consistent with the requested fullIds.\n\t\t\t\t// If so, consider the key server got all keys and mark as completed.\n\t\t\t\tconst expectedIds = new Set(fullIds);\n\t\t\t\tconst hasAllKeys =\n\t\t\t\t\treceivedIds.size === expectedIds.size &&\n\t\t\t\t\t[...receivedIds].every((id) => expectedIds.has(id));\n\n\t\t\t\t// Return early if the completed servers is more than threshold.\n\t\t\t\tif (hasAllKeys) {\n\t\t\t\t\tcompletedServerCount++;\n\t\t\t\t\tif (completedServerCount >= threshold) {\n\t\t\t\t\t\tcontroller.abort();\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t} catch (error) {\n\t\t\t\tif (!controller.signal.aborted) {\n\t\t\t\t\terrors.push(error as Error);\n\t\t\t\t}\n\t\t\t\t// If there are too many errors that the threshold is not attainable, return early with error.\n\t\t\t\tif (remainingKeyServers.size - errors.length < threshold - completedServerCount) {\n\t\t\t\t\tcontroller.abort(error);\n\t\t\t\t}\n\t\t\t}\n\t\t});\n\n\t\tawait Promise.allSettled(keyFetches);\n\n\t\tif (completedServerCount < threshold) {\n\t\t\tthrow toMajorityError(errors);\n\t\t}\n\t}\n}\n"],
+  "mappings": ";;;;;;;;AAAA;AAKA,SAAS,uBAAuB;AAChC,SAAS,WAAW,iBAAiB;AACrC,SAAS,eAAe;AAExB,SAAS,WAAW,kBAAkB;AACtC,SAAS,SAAS,SAAS,eAAe;AAC1C;AAAA,EACC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACM;AACP,SAAS,+BAA+B,WAAW;AACnD,SAAS,eAAe,oBAAoB,uBAAuB;AAEnE,SAAS,0BAA0B;AAGnC,SAAS,oBAAoB;AAiBtB,MAAM,WAAW;AAAA,EASvB,YAAY,SAA4B;AATlC;AACN;AACA;AACA;AACA,oCAA2C;AAE3C;AAAA,oCAAc,oBAAI,IAA4B;AAC9C;AAGC,uBAAK,YAAa,QAAQ;AAC1B,uBAAK,kBAAmB,QAAQ;AAChC,uBAAK,mBAAoB,QAAQ,oBAAoB;AACrD,uBAAK,UAAW,QAAQ,WAAW;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,MAAM,QAAQ;AAAA,IACb,UAAU,QAAQ;AAAA,IAClB,UAAU,QAAQ;AAAA,IAClB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,MAAM,IAAI,WAAW;AAAA,EACtB,GAQG;AAEF,WAAO,QAAQ;AAAA,MACd,YAAY,MAAM,KAAK,cAAc;AAAA,MACrC;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,iBAAiB,sBAAK,iDAAL,WAA4B,SAAS,MAAM;AAAA,IAC7D,CAAC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAuBA,MAAM,QAAQ;AAAA,IACb;AAAA,IACA;AAAA,IACA;AAAA,EACD,GAIG;AACF,UAAM,kBAAkB,gBAAgB,MAAM,IAAI;AAElD,0BAAK,sDAAL,WACC,gBAAgB,SAAS,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,GACxC,gBAAgB;AAGjB,UAAM,KAAK,UAAU;AAAA,MACpB,KAAK,CAAC,gBAAgB,EAAE;AAAA,MACxB;AAAA,MACA;AAAA,MACA,WAAW,gBAAgB;AAAA,IAC5B,CAAC;AAED,WAAO,QAAQ,EAAE,iBAAiB,MAAM,mBAAK,aAAY,CAAC;AAAA,EAC3D;AAAA,EA2BA,MAAM,gBAAgB;AACrB,QAAI,CAAC,mBAAK,cAAa;AACtB,yBAAK,aAAc,sBAAK,0CAAL,WAAuB,MAAM,CAAC,UAAU;AAC1D,2BAAK,aAAc;AACnB,cAAM;AAAA,MACP,CAAC;AAAA,IACF;AAEA,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAqCA,MAAM,UAAU;AAAA,IACf;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACD,GAKG;AACF,UAAM,aAAa,MAAM,KAAK,cAAc;AAC5C,QAAI,YAAY,WAAW,UAAU,YAAY,KAAK,WAAW,SAAS,GAAG;AAC5E,YAAM,IAAI;AAAA,QACT,qBAAqB,SAAS,QAAQ,WAAW,MAAM;AAAA,MACxD;AAAA,IACD;AAEA,QAAI,uBAAuB;AAC3B,UAAM,sBAAsB,oBAAI,IAAe;AAC/C,UAAM,UAAU,IAAI,IAAI,CAAC,OAAO,aAAa,KAAK,WAAW,aAAa,GAAG,EAAE,CAAC;AAIhF,eAAW,UAAU,YAAY;AAChC,UAAI,aAAa;AACjB,iBAAW,UAAU,SAAS;AAC7B,YAAI,CAAC,mBAAK,aAAY,IAAI,GAAG,MAAM,IAAI,OAAO,QAAQ,EAAE,GAAG;AAC1D,uBAAa;AACb,8BAAoB,IAAI,MAAM;AAC9B;AAAA,QACD;AAAA,MACD;AACA,UAAI,YAAY;AACf;AAAA,MACD;AAAA,IACD;AAGA,QAAI,wBAAwB,WAAW;AACtC;AAAA,IACD;AAGA,eAAW,UAAU,qBAAqB;AACzC,UAAI,OAAO,YAAY,cAAc,uBAAuB;AAC3D,cAAM,IAAI;AAAA,UACT,UAAU,OAAO,QAAQ,0BAA0B,OAAO,OAAO;AAAA,QAClE;AAAA,MACD;AAAA,IACD;AAEA,UAAM,OAAO,MAAM,WAAW,eAAe;AAC7C,UAAM,gBAAgB,MAAM,WAAW,oBAAoB,OAAO;AAElE,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,SAAkB,CAAC;AAEzB,UAAM,aAAa,CAAC,GAAG,mBAAmB,EAAE,IAAI,OAAO,WAAW;AACjE,UAAI;AACH,cAAM,UAAU,MAAM;AAAA,UACrB,OAAO;AAAA,UACP,cAAc;AAAA,UACd;AAAA,UACA,cAAc;AAAA,UACd;AAAA,UACA,mBAAK;AAAA,UACL,WAAW;AAAA,QACZ;AAEA,YAAI,cAAc,oBAAI,IAAY;AAClC,mBAAW,EAAE,QAAQ,IAAI,KAAK,SAAS;AACtC,gBAAM,aAAa,UAAU,UAAU,GAAG;AAC1C,cACC,CAAC,8BAA8B;AAAA,YAC9B;AAAA,YACA;AAAA,YACA,UAAU,UAAU,OAAO,EAAE;AAAA,UAC9B,GACC;AACD,oBAAQ,KAAK,0CAA0C,OAAO,QAAQ;AACtE;AAAA,UACD;AACA,6BAAK,aAAY,IAAI,GAAG,MAAM,IAAI,OAAO,QAAQ,IAAI,UAAU;AAC/D,sBAAY,IAAI,MAAM;AAAA,QACvB;AAIA,cAAM,cAAc,IAAI,IAAI,OAAO;AACnC,cAAM,aACL,YAAY,SAAS,YAAY,QACjC,CAAC,GAAG,WAAW,EAAE,MAAM,CAAC,OAAO,YAAY,IAAI,EAAE,CAAC;AAGnD,YAAI,YAAY;AACf;AACA,cAAI,wBAAwB,WAAW;AACtC,uBAAW,MAAM;AAAA,UAClB;AAAA,QACD;AAAA,MACD,SAAS,OAAO;AACf,YAAI,CAAC,WAAW,OAAO,SAAS;AAC/B,iBAAO,KAAK,KAAc;AAAA,QAC3B;AAEA,YAAI,oBAAoB,OAAO,OAAO,SAAS,YAAY,sBAAsB;AAChF,qBAAW,MAAM,KAAK;AAAA,QACvB;AAAA,MACD;AAAA,IACD,CAAC;AAED,UAAM,QAAQ,WAAW,UAAU;AAEnC,QAAI,uBAAuB,WAAW;AACrC,YAAM,gBAAgB,MAAM;AAAA,IAC7B;AAAA,EACD;AACD;AApSC;AACA;AACA;AACA;AAEA;AACA;AAPM;AAyDN,2BAAsB,SAAC,MAAe,MAAkB,KAAkC;AACzF,UAAQ,MAAM;AAAA,IACb,KAAK,QAAQ;AACZ,aAAO,IAAI,UAAU,MAAM,GAAG;AAAA,IAC/B,KAAK,QAAQ;AACZ,aAAO,IAAI,WAAW,MAAM,GAAG;AAAA,EACjC;AACD;AAwCA,gCAA2B,SAAC,UAAoB,WAAmB;AAElE,QAAM,qBAAqB,oBAAI,IAAoB;AACnD,aAAW,YAAY,mBAAK,mBAAkB;AAC7C,uBAAmB,IAAI,WAAW,mBAAmB,IAAI,QAAQ,KAAK,KAAK,CAAC;AAAA,EAC7E;AACA,QAAM,cAAc,oBAAI,IAAoB;AAC5C,aAAW,WAAW,UAAU;AAC/B,gBAAY,IAAI,UAAU,YAAY,IAAI,OAAO,KAAK,KAAK,CAAC;AAAA,EAC7D;AACA,aAAW,CAAC,UAAU,KAAK,KAAK,oBAAoB;AACnD,QAAI,YAAY,IAAI,QAAQ,MAAM,OAAO;AACxC,YAAM,IAAI;AAAA,QACT;AAAA,MACD;AAAA,IACD;AAAA,EACD;AAEA,MAAI,YAAY,mBAAK,kBAAiB,QAAQ;AAC7C,UAAM,IAAI;AAAA,MACT,qBAAqB,SAAS,QAAQ,mBAAK,kBAAiB,MAAM;AAAA,IACnE;AAAA,EACD;AACD;AAaM,oBAAe,iBAAyB;AAC7C,QAAM,aAAa,MAAM,mBAAmB;AAAA,IAC3C,WAAW,mBAAK;AAAA,IAChB,QAAQ,mBAAK;AAAA,EACd,CAAC;AAED,MAAI,WAAW,WAAW,GAAG;AAC5B,UAAM,IAAI,sBAAsB,sBAAsB;AAAA,EACvD;AAEA,MAAI,mBAAK,oBAAmB;AAC3B,UAAM,QAAQ;AAAA,MACb,WAAW,IAAI,OAAO,WAAW;AAChC,YAAI,CAAE,MAAM,gBAAgB,QAAQ,mBAAK,SAAQ,GAAI;AACpD,gBAAM,IAAI,sBAAsB,cAAc,OAAO,QAAQ,eAAe;AAAA,QAC7E;AAAA,MACD,CAAC;AAAA,IACF;AAAA,EACD;AAEA,SAAO;AACR;",
+  "names": []
+}

package/dist/esm/decrypt.d.ts

@@ -0,0 +1,15 @@
+import type { EncryptedObject } from './bcs.js';
+import type { G1Element } from './bls12381.js';
+import type { KeyCacheKey } from './types.js';
+export interface DecryptOptions {
+    encryptedObject: typeof EncryptedObject.$inferType;
+    keys: Map<KeyCacheKey, G1Element>;
+}
+/**
+ * Decrypt the given encrypted bytes with the given cached secret keys for the full ID.
+ * It's assumed that fetchKeys has been called to fetch the secret keys for enough key servers
+ * otherwise, this will throw an error.
+ *
+ * @returns - The decrypted plaintext corresponding to ciphertext.
+ */
+export declare function decrypt({ encryptedObject, keys }: DecryptOptions): Promise<Uint8Array>;

package/dist/esm/decrypt.js

@@ -0,0 +1,74 @@
+import { fromHex } from "@mysten/bcs";
+import { combine as externalCombine } from "shamir-secret-sharing";
+import { G2Element } from "./bls12381.js";
+import { AesGcm256, Hmac256Ctr } from "./dem.js";
+import { InvalidCiphertextError, UnsupportedFeatureError } from "./error.js";
+import { BonehFranklinBLS12381Services, DST } from "./ibe.js";
+import { deriveKey, KeyPurpose } from "./kdf.js";
+import { createFullId } from "./utils.js";
+async function decrypt({ encryptedObject, keys }) {
+  if (!encryptedObject.encryptedShares.BonehFranklinBLS12381) {
+    throw new UnsupportedFeatureError("Encryption mode not supported");
+  }
+  const fullId = createFullId(DST, encryptedObject.packageId, encryptedObject.id);
+  const inKeystore = encryptedObject.services.map((_, i) => i).filter((i) => keys.has(`${fullId}:${encryptedObject.services[i][0]}`));
+  if (inKeystore.length < encryptedObject.threshold) {
+    throw new Error("Not enough shares. Please fetch more keys.");
+  }
+  const encryptedShares = encryptedObject.encryptedShares.BonehFranklinBLS12381.encryptedShares;
+  if (encryptedShares.length !== encryptedObject.services.length) {
+    throw new InvalidCiphertextError(
+      `Mismatched shares ${encryptedShares.length} and services ${encryptedObject.services.length}`
+    );
+  }
+  const nonce = G2Element.fromBytes(encryptedObject.encryptedShares.BonehFranklinBLS12381.nonce);
+  const shares = inKeystore.map((i) => {
+    const [objectId, index] = encryptedObject.services[i];
+    const share = BonehFranklinBLS12381Services.decrypt(
+      nonce,
+      keys.get(`${fullId}:${objectId}`),
+      encryptedShares[i],
+      fromHex(fullId),
+      [objectId, index]
+    );
+    return { index, share };
+  });
+  const key = await combine(shares);
+  const demKey = deriveKey(KeyPurpose.DEM, key);
+  if (encryptedObject.ciphertext.Aes256Gcm) {
+    try {
+      return AesGcm256.decrypt(demKey, encryptedObject.ciphertext);
+    } catch {
+      throw new Error("Decryption failed");
+    }
+  } else if (encryptedObject.ciphertext.Plain) {
+    return demKey;
+  } else if (encryptedObject.ciphertext.Hmac256Ctr) {
+    try {
+      return Hmac256Ctr.decrypt(demKey, encryptedObject.ciphertext);
+    } catch {
+      throw new Error("Decryption failed");
+    }
+  } else {
+    throw new Error("Invalid encrypted object");
+  }
+}
+async function combine(shares) {
+  if (shares.length === 0) {
+    throw new Error("Invalid shares length");
+  } else if (shares.length === 1) {
+    return Promise.resolve(shares[0].share);
+  }
+  return externalCombine(
+    shares.map(({ index, share }) => {
+      const packedShare = new Uint8Array(share.length + 1);
+      packedShare.set(share, 0);
+      packedShare[share.length] = index;
+      return packedShare;
+    })
+  );
+}
+export {
+  decrypt
+};
+//# sourceMappingURL=decrypt.js.map

package/dist/esm/decrypt.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/decrypt.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\nimport { combine as externalCombine } from 'shamir-secret-sharing';\n\nimport type { EncryptedObject } from './bcs.js';\nimport type { G1Element } from './bls12381.js';\nimport { G2Element } from './bls12381.js';\nimport { AesGcm256, Hmac256Ctr } from './dem.js';\nimport { InvalidCiphertextError, UnsupportedFeatureError } from './error.js';\nimport { BonehFranklinBLS12381Services, DST } from './ibe.js';\nimport { deriveKey, KeyPurpose } from './kdf.js';\nimport type { KeyCacheKey } from './types.js';\nimport { createFullId } from './utils.js';\n\nexport interface DecryptOptions {\n\tencryptedObject: typeof EncryptedObject.$inferType;\n\tkeys: Map<KeyCacheKey, G1Element>;\n}\n\n/**\n * Decrypt the given encrypted bytes with the given cached secret keys for the full ID.\n * It's assumed that fetchKeys has been called to fetch the secret keys for enough key servers\n * otherwise, this will throw an error.\n *\n * @returns - The decrypted plaintext corresponding to ciphertext.\n */\nexport async function decrypt({ encryptedObject, keys }: DecryptOptions): Promise<Uint8Array> {\n\tif (!encryptedObject.encryptedShares.BonehFranklinBLS12381) {\n\t\tthrow new UnsupportedFeatureError('Encryption mode not supported');\n\t}\n\n\tconst fullId = createFullId(DST, encryptedObject.packageId, encryptedObject.id);\n\n\t// Get the indices of the service whose keys are in the keystore.\n\tconst inKeystore = encryptedObject.services\n\t\t.map((_, i) => i)\n\t\t.filter((i) => keys.has(`${fullId}:${encryptedObject.services[i][0]}`));\n\n\tif (inKeystore.length < encryptedObject.threshold) {\n\t\tthrow new Error('Not enough shares. Please fetch more keys.');\n\t}\n\n\tconst encryptedShares = encryptedObject.encryptedShares.BonehFranklinBLS12381.encryptedShares;\n\tif (encryptedShares.length !== encryptedObject.services.length) {\n\t\tthrow new InvalidCiphertextError(\n\t\t\t`Mismatched shares ${encryptedShares.length} and services ${encryptedObject.services.length}`,\n\t\t);\n\t}\n\n\tconst nonce = G2Element.fromBytes(encryptedObject.encryptedShares.BonehFranklinBLS12381.nonce);\n\n\t// Decrypt each share.\n\tconst shares = inKeystore.map((i: number) => {\n\t\tconst [objectId, index] = encryptedObject.services[i];\n\t\t// Use the index as the unique info parameter to allow for multiple shares per key server.\n\t\tconst share = BonehFranklinBLS12381Services.decrypt(\n\t\t\tnonce,\n\t\t\tkeys.get(`${fullId}:${objectId}`)!,\n\t\t\tencryptedShares[i],\n\t\t\tfromHex(fullId),\n\t\t\t[objectId, index],\n\t\t);\n\t\t// The Shamir secret sharing library expects the index/x-coordinate to be at the end of the share.\n\t\treturn { index, share };\n\t});\n\n\t// Combine the decrypted shares into the key.\n\tconst key = await combine(shares);\n\tconst demKey = deriveKey(KeyPurpose.DEM, key);\n\tif (encryptedObject.ciphertext.Aes256Gcm) {\n\t\ttry {\n\t\t\t// Decrypt the ciphertext with the key.\n\t\t\treturn AesGcm256.decrypt(demKey, encryptedObject.ciphertext);\n\t\t} catch {\n\t\t\tthrow new Error('Decryption failed');\n\t\t}\n\t} else if (encryptedObject.ciphertext.Plain) {\n\t\t// In case `Plain` mode is used, return the key.\n\t\treturn demKey;\n\t} else if (encryptedObject.ciphertext.Hmac256Ctr) {\n\t\ttry {\n\t\t\treturn Hmac256Ctr.decrypt(demKey, encryptedObject.ciphertext);\n\t\t} catch {\n\t\t\tthrow new Error('Decryption failed');\n\t\t}\n\t} else {\n\t\tthrow new Error('Invalid encrypted object');\n\t}\n}\n\n/**\n * Helper function that combines the shares into the key.\n * @param shares - The shares to combine.\n * @returns - The combined key.\n */\nasync function combine(shares: { index: number; share: Uint8Array }[]): Promise<Uint8Array> {\n\tif (shares.length === 0) {\n\t\tthrow new Error('Invalid shares length');\n\t} else if (shares.length === 1) {\n\t\t// The Shamir secret sharing library expects at least two shares.\n\t\t// If there is only one and the threshold is 1, the reconstructed secret is the same as the share.\n\t\treturn Promise.resolve(shares[0].share);\n\t}\n\n\t// The Shamir secret sharing library expects the index/x-coordinate to be at the end of the share\n\treturn externalCombine(\n\t\tshares.map(({ index, share }) => {\n\t\t\tconst packedShare = new Uint8Array(share.length + 1);\n\t\t\tpackedShare.set(share, 0);\n\t\t\tpackedShare[share.length] = index;\n\t\t\treturn packedShare;\n\t\t}),\n\t);\n}\n"],
+  "mappings": "AAGA,SAAS,eAAe;AACxB,SAAS,WAAW,uBAAuB;AAI3C,SAAS,iBAAiB;AAC1B,SAAS,WAAW,kBAAkB;AACtC,SAAS,wBAAwB,+BAA+B;AAChE,SAAS,+BAA+B,WAAW;AACnD,SAAS,WAAW,kBAAkB;AAEtC,SAAS,oBAAoB;AAc7B,eAAsB,QAAQ,EAAE,iBAAiB,KAAK,GAAwC;AAC7F,MAAI,CAAC,gBAAgB,gBAAgB,uBAAuB;AAC3D,UAAM,IAAI,wBAAwB,+BAA+B;AAAA,EAClE;AAEA,QAAM,SAAS,aAAa,KAAK,gBAAgB,WAAW,gBAAgB,EAAE;AAG9E,QAAM,aAAa,gBAAgB,SACjC,IAAI,CAAC,GAAG,MAAM,CAAC,EACf,OAAO,CAAC,MAAM,KAAK,IAAI,GAAG,MAAM,IAAI,gBAAgB,SAAS,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;AAEvE,MAAI,WAAW,SAAS,gBAAgB,WAAW;AAClD,UAAM,IAAI,MAAM,4CAA4C;AAAA,EAC7D;AAEA,QAAM,kBAAkB,gBAAgB,gBAAgB,sBAAsB;AAC9E,MAAI,gBAAgB,WAAW,gBAAgB,SAAS,QAAQ;AAC/D,UAAM,IAAI;AAAA,MACT,qBAAqB,gBAAgB,MAAM,iBAAiB,gBAAgB,SAAS,MAAM;AAAA,IAC5F;AAAA,EACD;AAEA,QAAM,QAAQ,UAAU,UAAU,gBAAgB,gBAAgB,sBAAsB,KAAK;AAG7F,QAAM,SAAS,WAAW,IAAI,CAAC,MAAc;AAC5C,UAAM,CAAC,UAAU,KAAK,IAAI,gBAAgB,SAAS,CAAC;AAEpD,UAAM,QAAQ,8BAA8B;AAAA,MAC3C;AAAA,MACA,KAAK,IAAI,GAAG,MAAM,IAAI,QAAQ,EAAE;AAAA,MAChC,gBAAgB,CAAC;AAAA,MACjB,QAAQ,MAAM;AAAA,MACd,CAAC,UAAU,KAAK;AAAA,IACjB;AAEA,WAAO,EAAE,OAAO,MAAM;AAAA,EACvB,CAAC;AAGD,QAAM,MAAM,MAAM,QAAQ,MAAM;AAChC,QAAM,SAAS,UAAU,WAAW,KAAK,GAAG;AAC5C,MAAI,gBAAgB,WAAW,WAAW;AACzC,QAAI;AAEH,aAAO,UAAU,QAAQ,QAAQ,gBAAgB,UAAU;AAAA,IAC5D,QAAQ;AACP,YAAM,IAAI,MAAM,mBAAmB;AAAA,IACpC;AAAA,EACD,WAAW,gBAAgB,WAAW,OAAO;AAE5C,WAAO;AAAA,EACR,WAAW,gBAAgB,WAAW,YAAY;AACjD,QAAI;AACH,aAAO,WAAW,QAAQ,QAAQ,gBAAgB,UAAU;AAAA,IAC7D,QAAQ;AACP,YAAM,IAAI,MAAM,mBAAmB;AAAA,IACpC;AAAA,EACD,OAAO;AACN,UAAM,IAAI,MAAM,0BAA0B;AAAA,EAC3C;AACD;AAOA,eAAe,QAAQ,QAAqE;AAC3F,MAAI,OAAO,WAAW,GAAG;AACxB,UAAM,IAAI,MAAM,uBAAuB;AAAA,EACxC,WAAW,OAAO,WAAW,GAAG;AAG/B,WAAO,QAAQ,QAAQ,OAAO,CAAC,EAAE,KAAK;AAAA,EACvC;AAGA,SAAO;AAAA,IACN,OAAO,IAAI,CAAC,EAAE,OAAO,MAAM,MAAM;AAChC,YAAM,cAAc,IAAI,WAAW,MAAM,SAAS,CAAC;AACnD,kBAAY,IAAI,OAAO,CAAC;AACxB,kBAAY,MAAM,MAAM,IAAI;AAC5B,aAAO;AAAA,IACR,CAAC;AAAA,EACF;AACD;",
+  "names": []
+}

package/dist/esm/dem.d.ts

@@ -0,0 +1,36 @@
+import type { Ciphertext } from './bcs.js';
+export declare const iv: Uint8Array<ArrayBuffer>;
+export interface EncryptionInput {
+    encrypt(key: Uint8Array): Promise<typeof Ciphertext.$inferInput>;
+    generateKey(): Promise<Uint8Array>;
+}
+export declare class AesGcm256 implements EncryptionInput {
+    readonly plaintext: Uint8Array;
+    readonly aad: Uint8Array;
+    constructor(msg: Uint8Array, aad: Uint8Array);
+    generateKey(): Promise<Uint8Array>;
+    encrypt(key: Uint8Array): Promise<typeof Ciphertext.$inferInput>;
+    static decrypt(key: Uint8Array, ciphertext: typeof Ciphertext.$inferInput): Promise<Uint8Array>;
+}
+export declare class Plain implements EncryptionInput {
+    encrypt(_key: Uint8Array): Promise<typeof Ciphertext.$inferInput>;
+    generateKey(): Promise<Uint8Array>;
+}
+/**
+ * Authenticated encryption using CTR mode with HMAC-SHA3-256 as a PRF.
+ * 1. Derive an encryption key, <i>k<sub>1</sub> = <b>hmac</b>(key, 1)</i>.
+ * 2. Chunk the message into blocks of 32 bytes, <i>m = m<sub>1</sub> || ... || m<sub>n</sub></i>.
+ * 3. Let the ciphertext be defined by <i>c = c<sub>1</sub> || ... || c<sub>n</sub></i> where <i>c<sub>i</sub> = m<sub>i</sub> ⊕ <b>hmac</b>(k<sub>1</sub>, i)</i>.
+ * 4. Compute a MAC over the AAD and the ciphertext, <i>mac = <b>hmac</b>(k<sub>2</sub>, aad || c) where k<sub>2</sub> = <b>hmac</b>(key, 2)</i>.
+ * 5. Return <i>mac || c</i>.
+ */
+export declare class Hmac256Ctr implements EncryptionInput {
+    readonly plaintext: Uint8Array;
+    readonly aad: Uint8Array;
+    constructor(msg: Uint8Array, aad: Uint8Array);
+    generateKey(): Promise<Uint8Array>;
+    encrypt(key: Uint8Array): Promise<typeof Ciphertext.$inferInput>;
+    static decrypt(key: Uint8Array, ciphertext: typeof Ciphertext.$inferInput): Promise<Uint8Array>;
+    private static computeMac;
+    private static encryptInCtrMode;
+}