npm - @mysten/seal - Versions diffs - 0.0.0-experimental-20250330082435 - Mend

@mysten/seal 0.0.0-experimental-20250330082435

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (109) hide show

package/CHANGELOG.md +31 -0
package/README.md +4 -0
package/dist/cjs/bcs.d.ts +132 -0
package/dist/cjs/bcs.js +67 -0
package/dist/cjs/bcs.js.map +7 -0
package/dist/cjs/bls12381.d.ts +37 -0
package/dist/cjs/bls12381.js +110 -0
package/dist/cjs/bls12381.js.map +7 -0
package/dist/cjs/client.d.ts +83 -0
package/dist/cjs/client.js +283 -0
package/dist/cjs/client.js.map +7 -0
package/dist/cjs/decrypt.d.ts +15 -0
package/dist/cjs/decrypt.js +94 -0
package/dist/cjs/decrypt.js.map +7 -0
package/dist/cjs/dem.d.ts +36 -0
package/dist/cjs/dem.js +173 -0
package/dist/cjs/dem.js.map +7 -0
package/dist/cjs/elgamal.d.ts +11 -0
package/dist/cjs/elgamal.js +46 -0
package/dist/cjs/elgamal.js.map +7 -0
package/dist/cjs/encrypt.d.ts +33 -0
package/dist/cjs/encrypt.js +118 -0
package/dist/cjs/encrypt.js.map +7 -0
package/dist/cjs/error.d.ts +58 -0
package/dist/cjs/error.js +175 -0
package/dist/cjs/error.js.map +7 -0
package/dist/cjs/ibe.d.ts +63 -0
package/dist/cjs/ibe.js +104 -0
package/dist/cjs/ibe.js.map +7 -0
package/dist/cjs/index.d.ts +4 -0
package/dist/cjs/index.js +31 -0
package/dist/cjs/index.js.map +7 -0
package/dist/cjs/kdf.d.ts +14 -0
package/dist/cjs/kdf.js +64 -0
package/dist/cjs/kdf.js.map +7 -0
package/dist/cjs/key-server.d.ts +38 -0
package/dist/cjs/key-server.js +101 -0
package/dist/cjs/key-server.js.map +7 -0
package/dist/cjs/keys.d.ts +17 -0
package/dist/cjs/keys.js +61 -0
package/dist/cjs/keys.js.map +7 -0
package/dist/cjs/package.json +5 -0
package/dist/cjs/session-key.d.ts +42 -0
package/dist/cjs/session-key.js +140 -0
package/dist/cjs/session-key.js.map +7 -0
package/dist/cjs/types.d.ts +1 -0
package/dist/cjs/types.js +17 -0
package/dist/cjs/types.js.map +7 -0
package/dist/cjs/utils.d.ts +10 -0
package/dist/cjs/utils.js +51 -0
package/dist/cjs/utils.js.map +7 -0
package/dist/cjs/version.d.ts +1 -0
package/dist/cjs/version.js +25 -0
package/dist/cjs/version.js.map +7 -0
package/dist/esm/bcs.d.ts +132 -0
package/dist/esm/bcs.js +47 -0
package/dist/esm/bcs.js.map +7 -0
package/dist/esm/bls12381.d.ts +37 -0
package/dist/esm/bls12381.js +90 -0
package/dist/esm/bls12381.js.map +7 -0
package/dist/esm/client.d.ts +83 -0
package/dist/esm/client.js +268 -0
package/dist/esm/client.js.map +7 -0
package/dist/esm/decrypt.d.ts +15 -0
package/dist/esm/decrypt.js +74 -0
package/dist/esm/decrypt.js.map +7 -0
package/dist/esm/dem.d.ts +36 -0
package/dist/esm/dem.js +153 -0
package/dist/esm/dem.js.map +7 -0
package/dist/esm/elgamal.d.ts +11 -0
package/dist/esm/elgamal.js +26 -0
package/dist/esm/elgamal.js.map +7 -0
package/dist/esm/encrypt.d.ts +33 -0
package/dist/esm/encrypt.js +98 -0
package/dist/esm/encrypt.js.map +7 -0
package/dist/esm/error.d.ts +58 -0
package/dist/esm/error.js +155 -0
package/dist/esm/error.js.map +7 -0
package/dist/esm/ibe.d.ts +63 -0
package/dist/esm/ibe.js +84 -0
package/dist/esm/ibe.js.map +7 -0
package/dist/esm/index.d.ts +4 -0
package/dist/esm/index.js +10 -0
package/dist/esm/index.js.map +7 -0
package/dist/esm/kdf.d.ts +14 -0
package/dist/esm/kdf.js +44 -0
package/dist/esm/kdf.js.map +7 -0
package/dist/esm/key-server.d.ts +38 -0
package/dist/esm/key-server.js +86 -0
package/dist/esm/key-server.js.map +7 -0
package/dist/esm/keys.d.ts +17 -0
package/dist/esm/keys.js +41 -0
package/dist/esm/keys.js.map +7 -0
package/dist/esm/package.json +5 -0
package/dist/esm/session-key.d.ts +42 -0
package/dist/esm/session-key.js +124 -0
package/dist/esm/session-key.js.map +7 -0
package/dist/esm/types.d.ts +1 -0
package/dist/esm/types.js +1 -0
package/dist/esm/types.js.map +7 -0
package/dist/esm/utils.d.ts +10 -0
package/dist/esm/utils.js +31 -0
package/dist/esm/utils.js.map +7 -0
package/dist/esm/version.d.ts +1 -0
package/dist/esm/version.js +5 -0
package/dist/esm/version.js.map +7 -0
package/dist/tsconfig.esm.tsbuildinfo +1 -0
package/dist/tsconfig.tsbuildinfo +1 -0
package/package.json +59 -0

package/dist/esm/dem.js ADDED Viewed

@@ -0,0 +1,153 @@
+import { bcs } from "@mysten/bcs";
+import { equalBytes } from "@noble/curves/abstract/utils";
+import { hmac } from "@noble/hashes/hmac";
+import { sha3_256 } from "@noble/hashes/sha3";
+import { InvalidCiphertextError } from "./error.js";
+import { xorUnchecked } from "./utils.js";
+const iv = Uint8Array.from([
+  138,
+  55,
+  153,
+  253,
+  198,
+  46,
+  121,
+  219,
+  160,
+  128,
+  89,
+  7,
+  214,
+  156,
+  148,
+  220
+]);
+async function generateAesKey() {
+  const key = await crypto.subtle.generateKey(
+    {
+      name: "AES-GCM",
+      length: 256
+    },
+    true,
+    ["encrypt", "decrypt"]
+  );
+  return await crypto.subtle.exportKey("raw", key).then((keyData) => new Uint8Array(keyData));
+}
+class AesGcm256 {
+  constructor(msg, aad) {
+    this.plaintext = msg;
+    this.aad = aad;
+  }
+  generateKey() {
+    return generateAesKey();
+  }
+  async encrypt(key) {
+    const aesCryptoKey = await crypto.subtle.importKey("raw", key, "AES-GCM", false, ["encrypt"]);
+    const blob = new Uint8Array(
+      await crypto.subtle.encrypt(
+        {
+          name: "AES-GCM",
+          iv,
+          additionalData: this.aad
+        },
+        aesCryptoKey,
+        this.plaintext
+      )
+    );
+    return {
+      Aes256Gcm: {
+        blob,
+        aad: this.aad ?? []
+      }
+    };
+  }
+  static async decrypt(key, ciphertext) {
+    if (!("Aes256Gcm" in ciphertext)) {
+      throw new InvalidCiphertextError(`Invalid ciphertext ${ciphertext}`);
+    }
+    const aesCryptoKey = await crypto.subtle.importKey("raw", key, "AES-GCM", false, ["decrypt"]);
+    return new Uint8Array(
+      await crypto.subtle.decrypt(
+        {
+          name: "AES-GCM",
+          iv,
+          additionalData: new Uint8Array(ciphertext.Aes256Gcm.aad ?? [])
+        },
+        aesCryptoKey,
+        new Uint8Array(ciphertext.Aes256Gcm.blob)
+      )
+    );
+  }
+}
+class Plain {
+  async encrypt(_key) {
+    return {
+      Plain: {}
+    };
+  }
+  generateKey() {
+    return generateAesKey();
+  }
+}
+class Hmac256Ctr {
+  constructor(msg, aad) {
+    this.plaintext = msg;
+    this.aad = aad;
+  }
+  generateKey() {
+    return generateAesKey();
+  }
+  async encrypt(key) {
+    const blob = Hmac256Ctr.encryptInCtrMode(key, this.plaintext);
+    const mac = Hmac256Ctr.computeMac(key, this.aad, blob);
+    return {
+      Hmac256Ctr: {
+        blob,
+        mac,
+        aad: this.aad ?? []
+      }
+    };
+  }
+  static async decrypt(key, ciphertext) {
+    if (!("Hmac256Ctr" in ciphertext)) {
+      throw new InvalidCiphertextError(`Invalid ciphertext ${ciphertext}`);
+    }
+    const aad = new Uint8Array(ciphertext.Hmac256Ctr.aad ?? []);
+    const blob = new Uint8Array(ciphertext.Hmac256Ctr.blob);
+    const mac = Hmac256Ctr.computeMac(key, aad, blob);
+    if (!equalBytes(mac, new Uint8Array(ciphertext.Hmac256Ctr.mac))) {
+      throw new InvalidCiphertextError(`Invalid MAC ${mac}`);
+    }
+    return Hmac256Ctr.encryptInCtrMode(key, blob);
+  }
+  static computeMac(key, aad, ciphertext) {
+    const macKey = hmac(sha3_256, key, MacKeyTag);
+    const macInput = new Uint8Array([...toBytes(aad.length), ...aad, ...ciphertext]);
+    const mac = hmac(sha3_256, macKey, macInput);
+    return mac;
+  }
+  static encryptInCtrMode(key, msg) {
+    const blockSize = 32;
+    let result = Uint8Array.from({ length: msg.length }, () => 0);
+    const encryptionKey = hmac(sha3_256, key, EncryptionKeyTag);
+    for (let i = 0; i * blockSize < msg.length; i++) {
+      const block = msg.slice(i * blockSize, (i + 1) * blockSize);
+      let mask = hmac(sha3_256, encryptionKey, toBytes(i));
+      const encryptedBlock = xorUnchecked(block, mask);
+      result.set(encryptedBlock, i * blockSize);
+    }
+    return result;
+  }
+}
+function toBytes(n) {
+  return bcs.u64().serialize(n).toBytes();
+}
+const EncryptionKeyTag = new Uint8Array([1]);
+const MacKeyTag = new Uint8Array([2]);
+export {
+  AesGcm256,
+  Hmac256Ctr,
+  Plain,
+  iv
+};
+//# sourceMappingURL=dem.js.map

package/dist/esm/dem.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/dem.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { bcs } from '@mysten/bcs';\nimport { equalBytes } from '@noble/curves/abstract/utils';\nimport { hmac } from '@noble/hashes/hmac';\nimport { sha3_256 } from '@noble/hashes/sha3';\n\nimport type { Ciphertext } from './bcs.js';\nimport { InvalidCiphertextError } from './error.js';\nimport { xorUnchecked } from './utils.js';\n\n// Use a fixed IV for AES.\nexport const iv = Uint8Array.from([\n\t138, 55, 153, 253, 198, 46, 121, 219, 160, 128, 89, 7, 214, 156, 148, 220,\n]);\n\nasync function generateAesKey(): Promise<Uint8Array> {\n\tconst key = await crypto.subtle.generateKey(\n\t\t{\n\t\t\tname: 'AES-GCM',\n\t\t\tlength: 256,\n\t\t},\n\t\ttrue,\n\t\t['encrypt', 'decrypt'],\n\t);\n\treturn await crypto.subtle.exportKey('raw', key).then((keyData) => new Uint8Array(keyData));\n}\n\nexport interface EncryptionInput {\n\tencrypt(key: Uint8Array): Promise<typeof Ciphertext.$inferInput>;\n\tgenerateKey(): Promise<Uint8Array>;\n}\n\nexport class AesGcm256 implements EncryptionInput {\n\treadonly plaintext: Uint8Array;\n\treadonly aad: Uint8Array;\n\n\tconstructor(msg: Uint8Array, aad: Uint8Array) {\n\t\tthis.plaintext = msg;\n\t\tthis.aad = aad;\n\t}\n\n\tgenerateKey(): Promise<Uint8Array> {\n\t\treturn generateAesKey();\n\t}\n\n\tasync encrypt(key: Uint8Array): Promise<typeof Ciphertext.$inferInput> {\n\t\tconst aesCryptoKey = await crypto.subtle.importKey('raw', key, 'AES-GCM', false, ['encrypt']);\n\n\t\tconst blob = new Uint8Array(\n\t\t\tawait crypto.subtle.encrypt(\n\t\t\t\t{\n\t\t\t\t\tname: 'AES-GCM',\n\t\t\t\t\tiv,\n\t\t\t\t\tadditionalData: this.aad,\n\t\t\t\t},\n\t\t\t\taesCryptoKey,\n\t\t\t\tthis.plaintext,\n\t\t\t),\n\t\t);\n\n\t\treturn {\n\t\t\tAes256Gcm: {\n\t\t\t\tblob,\n\t\t\t\taad: this.aad ?? [],\n\t\t\t},\n\t\t};\n\t}\n\n\tstatic async decrypt(\n\t\tkey: Uint8Array,\n\t\tciphertext: typeof Ciphertext.$inferInput,\n\t): Promise<Uint8Array> {\n\t\tif (!('Aes256Gcm' in ciphertext)) {\n\t\t\tthrow new InvalidCiphertextError(`Invalid ciphertext ${ciphertext}`);\n\t\t}\n\n\t\tconst aesCryptoKey = await crypto.subtle.importKey('raw', key, 'AES-GCM', false, ['decrypt']);\n\n\t\treturn new Uint8Array(\n\t\t\tawait crypto.subtle.decrypt(\n\t\t\t\t{\n\t\t\t\t\tname: 'AES-GCM',\n\t\t\t\t\tiv,\n\t\t\t\t\tadditionalData: new Uint8Array(ciphertext.Aes256Gcm.aad ?? []),\n\t\t\t\t},\n\t\t\t\taesCryptoKey,\n\t\t\t\tnew Uint8Array(ciphertext.Aes256Gcm.blob),\n\t\t\t),\n\t\t);\n\t}\n}\n\nexport class Plain implements EncryptionInput {\n\tasync encrypt(_key: Uint8Array): Promise<typeof Ciphertext.$inferInput> {\n\t\treturn {\n\t\t\tPlain: {},\n\t\t};\n\t}\n\n\tgenerateKey(): Promise<Uint8Array> {\n\t\treturn generateAesKey();\n\t}\n}\n\n/**\n * Authenticated encryption using CTR mode with HMAC-SHA3-256 as a PRF.\n * 1. Derive an encryption key, <i>k<sub>1</sub> = <b>hmac</b>(key, 1)</i>.\n * 2. Chunk the message into blocks of 32 bytes, <i>m = m<sub>1</sub> || ... || m<sub>n</sub></i>.\n * 3. Let the ciphertext be defined by <i>c = c<sub>1</sub> || ... || c<sub>n</sub></i> where <i>c<sub>i</sub> = m<sub>i</sub> \u2295 <b>hmac</b>(k<sub>1</sub>, i)</i>.\n * 4. Compute a MAC over the AAD and the ciphertext, <i>mac = <b>hmac</b>(k<sub>2</sub>, aad || c) where k<sub>2</sub> = <b>hmac</b>(key, 2)</i>.\n * 5. Return <i>mac || c</i>.\n */\nexport class Hmac256Ctr implements EncryptionInput {\n\treadonly plaintext: Uint8Array;\n\treadonly aad: Uint8Array;\n\n\tconstructor(msg: Uint8Array, aad: Uint8Array) {\n\t\tthis.plaintext = msg;\n\t\tthis.aad = aad;\n\t}\n\n\tgenerateKey(): Promise<Uint8Array> {\n\t\treturn generateAesKey();\n\t}\n\n\tasync encrypt(key: Uint8Array): Promise<typeof Ciphertext.$inferInput> {\n\t\tconst blob = Hmac256Ctr.encryptInCtrMode(key, this.plaintext);\n\t\tconst mac = Hmac256Ctr.computeMac(key, this.aad, blob);\n\t\treturn {\n\t\t\tHmac256Ctr: {\n\t\t\t\tblob,\n\t\t\t\tmac,\n\t\t\t\taad: this.aad ?? [],\n\t\t\t},\n\t\t};\n\t}\n\n\tstatic async decrypt(\n\t\tkey: Uint8Array,\n\t\tciphertext: typeof Ciphertext.$inferInput,\n\t): Promise<Uint8Array> {\n\t\tif (!('Hmac256Ctr' in ciphertext)) {\n\t\t\tthrow new InvalidCiphertextError(`Invalid ciphertext ${ciphertext}`);\n\t\t}\n\t\tconst aad = new Uint8Array(ciphertext.Hmac256Ctr.aad ?? []);\n\t\tconst blob = new Uint8Array(ciphertext.Hmac256Ctr.blob);\n\t\tconst mac = Hmac256Ctr.computeMac(key, aad, blob);\n\t\tif (!equalBytes(mac, new Uint8Array(ciphertext.Hmac256Ctr.mac))) {\n\t\t\tthrow new InvalidCiphertextError(`Invalid MAC ${mac}`);\n\t\t}\n\t\treturn Hmac256Ctr.encryptInCtrMode(key, blob);\n\t}\n\n\tprivate static computeMac(key: Uint8Array, aad: Uint8Array, ciphertext: Uint8Array): Uint8Array {\n\t\tconst macKey = hmac(sha3_256, key, MacKeyTag);\n\t\tconst macInput = new Uint8Array([...toBytes(aad.length), ...aad, ...ciphertext]);\n\t\tconst mac = hmac(sha3_256, macKey, macInput);\n\t\treturn mac;\n\t}\n\n\tprivate static encryptInCtrMode(key: Uint8Array, msg: Uint8Array): Uint8Array {\n\t\tconst blockSize = 32;\n\t\tlet result = Uint8Array.from({ length: msg.length }, () => 0);\n\t\tconst encryptionKey = hmac(sha3_256, key, EncryptionKeyTag);\n\t\tfor (let i = 0; i * blockSize < msg.length; i++) {\n\t\t\tconst block = msg.slice(i * blockSize, (i + 1) * blockSize);\n\t\t\tlet mask = hmac(sha3_256, encryptionKey, toBytes(i));\n\t\t\tconst encryptedBlock = xorUnchecked(block, mask);\n\t\t\tresult.set(encryptedBlock, i * blockSize);\n\t\t}\n\t\treturn result;\n\t}\n}\n\n/**\n * Convert a u64 to bytes using little-endian representation.\n */\nfunction toBytes(n: number): Uint8Array {\n\treturn bcs.u64().serialize(n).toBytes();\n}\n\nconst EncryptionKeyTag = new Uint8Array([1]);\nconst MacKeyTag = new Uint8Array([2]);\n"],
+  "mappings": "AAGA,SAAS,WAAW;AACpB,SAAS,kBAAkB;AAC3B,SAAS,YAAY;AACrB,SAAS,gBAAgB;AAGzB,SAAS,8BAA8B;AACvC,SAAS,oBAAoB;AAGtB,MAAM,KAAK,WAAW,KAAK;AAAA,EACjC;AAAA,EAAK;AAAA,EAAI;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AAAA,EAAI;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AAAA,EAAI;AAAA,EAAG;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AACvE,CAAC;AAED,eAAe,iBAAsC;AACpD,QAAM,MAAM,MAAM,OAAO,OAAO;AAAA,IAC/B;AAAA,MACC,MAAM;AAAA,MACN,QAAQ;AAAA,IACT;AAAA,IACA;AAAA,IACA,CAAC,WAAW,SAAS;AAAA,EACtB;AACA,SAAO,MAAM,OAAO,OAAO,UAAU,OAAO,GAAG,EAAE,KAAK,CAAC,YAAY,IAAI,WAAW,OAAO,CAAC;AAC3F;AAOO,MAAM,UAAqC;AAAA,EAIjD,YAAY,KAAiB,KAAiB;AAC7C,SAAK,YAAY;AACjB,SAAK,MAAM;AAAA,EACZ;AAAA,EAEA,cAAmC;AAClC,WAAO,eAAe;AAAA,EACvB;AAAA,EAEA,MAAM,QAAQ,KAAyD;AACtE,UAAM,eAAe,MAAM,OAAO,OAAO,UAAU,OAAO,KAAK,WAAW,OAAO,CAAC,SAAS,CAAC;AAE5F,UAAM,OAAO,IAAI;AAAA,MAChB,MAAM,OAAO,OAAO;AAAA,QACnB;AAAA,UACC,MAAM;AAAA,UACN;AAAA,UACA,gBAAgB,KAAK;AAAA,QACtB;AAAA,QACA;AAAA,QACA,KAAK;AAAA,MACN;AAAA,IACD;AAEA,WAAO;AAAA,MACN,WAAW;AAAA,QACV;AAAA,QACA,KAAK,KAAK,OAAO,CAAC;AAAA,MACnB;AAAA,IACD;AAAA,EACD;AAAA,EAEA,aAAa,QACZ,KACA,YACsB;AACtB,QAAI,EAAE,eAAe,aAAa;AACjC,YAAM,IAAI,uBAAuB,sBAAsB,UAAU,EAAE;AAAA,IACpE;AAEA,UAAM,eAAe,MAAM,OAAO,OAAO,UAAU,OAAO,KAAK,WAAW,OAAO,CAAC,SAAS,CAAC;AAE5F,WAAO,IAAI;AAAA,MACV,MAAM,OAAO,OAAO;AAAA,QACnB;AAAA,UACC,MAAM;AAAA,UACN;AAAA,UACA,gBAAgB,IAAI,WAAW,WAAW,UAAU,OAAO,CAAC,CAAC;AAAA,QAC9D;AAAA,QACA;AAAA,QACA,IAAI,WAAW,WAAW,UAAU,IAAI;AAAA,MACzC;AAAA,IACD;AAAA,EACD;AACD;AAEO,MAAM,MAAiC;AAAA,EAC7C,MAAM,QAAQ,MAA0D;AACvE,WAAO;AAAA,MACN,OAAO,CAAC;AAAA,IACT;AAAA,EACD;AAAA,EAEA,cAAmC;AAClC,WAAO,eAAe;AAAA,EACvB;AACD;AAUO,MAAM,WAAsC;AAAA,EAIlD,YAAY,KAAiB,KAAiB;AAC7C,SAAK,YAAY;AACjB,SAAK,MAAM;AAAA,EACZ;AAAA,EAEA,cAAmC;AAClC,WAAO,eAAe;AAAA,EACvB;AAAA,EAEA,MAAM,QAAQ,KAAyD;AACtE,UAAM,OAAO,WAAW,iBAAiB,KAAK,KAAK,SAAS;AAC5D,UAAM,MAAM,WAAW,WAAW,KAAK,KAAK,KAAK,IAAI;AACrD,WAAO;AAAA,MACN,YAAY;AAAA,QACX;AAAA,QACA;AAAA,QACA,KAAK,KAAK,OAAO,CAAC;AAAA,MACnB;AAAA,IACD;AAAA,EACD;AAAA,EAEA,aAAa,QACZ,KACA,YACsB;AACtB,QAAI,EAAE,gBAAgB,aAAa;AAClC,YAAM,IAAI,uBAAuB,sBAAsB,UAAU,EAAE;AAAA,IACpE;AACA,UAAM,MAAM,IAAI,WAAW,WAAW,WAAW,OAAO,CAAC,CAAC;AAC1D,UAAM,OAAO,IAAI,WAAW,WAAW,WAAW,IAAI;AACtD,UAAM,MAAM,WAAW,WAAW,KAAK,KAAK,IAAI;AAChD,QAAI,CAAC,WAAW,KAAK,IAAI,WAAW,WAAW,WAAW,GAAG,CAAC,GAAG;AAChE,YAAM,IAAI,uBAAuB,eAAe,GAAG,EAAE;AAAA,IACtD;AACA,WAAO,WAAW,iBAAiB,KAAK,IAAI;AAAA,EAC7C;AAAA,EAEA,OAAe,WAAW,KAAiB,KAAiB,YAAoC;AAC/F,UAAM,SAAS,KAAK,UAAU,KAAK,SAAS;AAC5C,UAAM,WAAW,IAAI,WAAW,CAAC,GAAG,QAAQ,IAAI,MAAM,GAAG,GAAG,KAAK,GAAG,UAAU,CAAC;AAC/E,UAAM,MAAM,KAAK,UAAU,QAAQ,QAAQ;AAC3C,WAAO;AAAA,EACR;AAAA,EAEA,OAAe,iBAAiB,KAAiB,KAA6B;AAC7E,UAAM,YAAY;AAClB,QAAI,SAAS,WAAW,KAAK,EAAE,QAAQ,IAAI,OAAO,GAAG,MAAM,CAAC;AAC5D,UAAM,gBAAgB,KAAK,UAAU,KAAK,gBAAgB;AAC1D,aAAS,IAAI,GAAG,IAAI,YAAY,IAAI,QAAQ,KAAK;AAChD,YAAM,QAAQ,IAAI,MAAM,IAAI,YAAY,IAAI,KAAK,SAAS;AAC1D,UAAI,OAAO,KAAK,UAAU,eAAe,QAAQ,CAAC,CAAC;AACnD,YAAM,iBAAiB,aAAa,OAAO,IAAI;AAC/C,aAAO,IAAI,gBAAgB,IAAI,SAAS;AAAA,IACzC;AACA,WAAO;AAAA,EACR;AACD;AAKA,SAAS,QAAQ,GAAuB;AACvC,SAAO,IAAI,IAAI,EAAE,UAAU,CAAC,EAAE,QAAQ;AACvC;AAEA,MAAM,mBAAmB,IAAI,WAAW,CAAC,CAAC,CAAC;AAC3C,MAAM,YAAY,IAAI,WAAW,CAAC,CAAC,CAAC;",
+  "names": []
+}

package/dist/esm/elgamal.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+/**
+ * Decrypt a ciphertext with a given secret key. The secret key must be a 32-byte scalar.
+ * The ciphertext is a pair of G1Elements (48 bytes).
+ */
+export declare function elgamalDecrypt(sk: Uint8Array, ciphertext: [Uint8Array, Uint8Array]): Uint8Array;
+/** Generate a random secret key. */
+export declare function generateSecretKey(): Uint8Array;
+/** Derive the BLS public key for a given secret key. */
+export declare function toPublicKey(sk: Uint8Array): Uint8Array;
+/** Derive the BLS verification key for a given secret key. */
+export declare function toVerificationKey(sk: Uint8Array): Uint8Array;

package/dist/esm/elgamal.js ADDED Viewed

@@ -0,0 +1,26 @@
+import { G1Element, G2Element, Scalar } from "./bls12381.js";
+function elgamalDecrypt(sk, ciphertext) {
+  return decrypt(Scalar.fromBytes(sk), [
+    G1Element.fromBytes(ciphertext[0]),
+    G1Element.fromBytes(ciphertext[1])
+  ]).toBytes();
+}
+function decrypt(sk, encryption) {
+  return encryption[1].subtract(encryption[0].multiply(sk));
+}
+function generateSecretKey() {
+  return Scalar.random().toBytes();
+}
+function toPublicKey(sk) {
+  return G1Element.generator().multiply(Scalar.fromBytes(sk)).toBytes();
+}
+function toVerificationKey(sk) {
+  return G2Element.generator().multiply(Scalar.fromBytes(sk)).toBytes();
+}
+export {
+  elgamalDecrypt,
+  generateSecretKey,
+  toPublicKey,
+  toVerificationKey
+};
+//# sourceMappingURL=elgamal.js.map

package/dist/esm/elgamal.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/elgamal.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { G1Element, G2Element, Scalar } from './bls12381.js';\n\n/**\n * Decrypt a ciphertext with a given secret key. The secret key must be a 32-byte scalar.\n * The ciphertext is a pair of G1Elements (48 bytes).\n */\nexport function elgamalDecrypt(sk: Uint8Array, ciphertext: [Uint8Array, Uint8Array]): Uint8Array {\n\treturn decrypt(Scalar.fromBytes(sk), [\n\t\tG1Element.fromBytes(ciphertext[0]),\n\t\tG1Element.fromBytes(ciphertext[1]),\n\t]).toBytes();\n}\n\n/**\n * Decrypt a ciphertext with a given secret key. The secret key must be a 32-byte scalar.\n * The ciphertext is a pair of G1Elements (48 bytes).\n */\nfunction decrypt(sk: Scalar, encryption: [G1Element, G1Element]): G1Element {\n\treturn encryption[1].subtract(encryption[0].multiply(sk));\n}\n\n/** Generate a random secret key. */\nexport function generateSecretKey(): Uint8Array {\n\treturn Scalar.random().toBytes();\n}\n\n/** Derive the BLS public key for a given secret key. */\nexport function toPublicKey(sk: Uint8Array): Uint8Array {\n\treturn G1Element.generator().multiply(Scalar.fromBytes(sk)).toBytes();\n}\n\n/** Derive the BLS verification key for a given secret key. */\nexport function toVerificationKey(sk: Uint8Array): Uint8Array {\n\treturn G2Element.generator().multiply(Scalar.fromBytes(sk)).toBytes();\n}\n"],
+  "mappings": "AAGA,SAAS,WAAW,WAAW,cAAc;AAMtC,SAAS,eAAe,IAAgB,YAAkD;AAChG,SAAO,QAAQ,OAAO,UAAU,EAAE,GAAG;AAAA,IACpC,UAAU,UAAU,WAAW,CAAC,CAAC;AAAA,IACjC,UAAU,UAAU,WAAW,CAAC,CAAC;AAAA,EAClC,CAAC,EAAE,QAAQ;AACZ;AAMA,SAAS,QAAQ,IAAY,YAA+C;AAC3E,SAAO,WAAW,CAAC,EAAE,SAAS,WAAW,CAAC,EAAE,SAAS,EAAE,CAAC;AACzD;AAGO,SAAS,oBAAgC;AAC/C,SAAO,OAAO,OAAO,EAAE,QAAQ;AAChC;AAGO,SAAS,YAAY,IAA4B;AACvD,SAAO,UAAU,UAAU,EAAE,SAAS,OAAO,UAAU,EAAE,CAAC,EAAE,QAAQ;AACrE;AAGO,SAAS,kBAAkB,IAA4B;AAC7D,SAAO,UAAU,UAAU,EAAE,SAAS,OAAO,UAAU,EAAE,CAAC,EAAE,QAAQ;AACrE;",
+  "names": []
+}

package/dist/esm/encrypt.d.ts ADDED Viewed

@@ -0,0 +1,33 @@
+import type { EncryptionInput } from './dem.js';
+import type { KeyServer } from './key-server.js';
+export declare const MAX_U8 = 255;
+/**
+ * Given full ID and what key servers to use, return the encrypted message under the identity and return the bcs bytes of the encrypted object.
+ *
+ * @param keyServers - A list of KeyServers (same server can be used multiple times)
+ * @param kemType - The type of KEM to use.
+ * @param packageId - packageId
+ * @param id - id
+ * @param encryptionInput - Input to the encryption. Should be one of the EncryptionInput types, AesGcmEncryptionInput or Plain.
+ * @param threshold - The threshold for the TSS encryption.
+ * @returns The bcs bytes of the encrypted object containing all metadata and the 256-bit symmetric key that was used to encrypt the object.
+ * Since the key can be used to decrypt, it should not be shared but can be used eg. for backup.
+ */
+export declare function encrypt({ keyServers, kemType, threshold, packageId, id, encryptionInput, }: {
+    keyServers: KeyServer[];
+    kemType: KemType;
+    threshold: number;
+    packageId: string;
+    id: string;
+    encryptionInput: EncryptionInput;
+}): Promise<{
+    encryptedObject: Uint8Array;
+    key: Uint8Array;
+}>;
+export declare enum KemType {
+    BonehFranklinBLS12381DemCCA = 0
+}
+export declare enum DemType {
+    AesGcm256 = 0,
+    Hmac256Ctr = 1
+}

package/dist/esm/encrypt.js ADDED Viewed

@@ -0,0 +1,98 @@
+import { fromHex } from "@mysten/bcs";
+import { isValidSuiObjectId } from "@mysten/sui/utils";
+import { split as externalSplit } from "shamir-secret-sharing";
+import { EncryptedObject } from "./bcs.js";
+import { UserError } from "./error.js";
+import { BonehFranklinBLS12381Services, DST } from "./ibe.js";
+import { deriveKey, KeyPurpose } from "./kdf.js";
+import { createFullId } from "./utils.js";
+const MAX_U8 = 255;
+async function encrypt({
+  keyServers,
+  kemType,
+  threshold,
+  packageId,
+  id,
+  encryptionInput
+}) {
+  if (keyServers.length < threshold || threshold === 0 || keyServers.length > MAX_U8 || threshold > MAX_U8 || !isValidSuiObjectId(packageId)) {
+    throw new UserError(
+      `Invalid key servers or threshold ${threshold} for ${keyServers.length} key servers for package ${packageId}`
+    );
+  }
+  const key = await encryptionInput.generateKey();
+  const demKey = deriveKey(KeyPurpose.DEM, key);
+  const ciphertext = await encryptionInput.encrypt(demKey);
+  const shares = await split(key, keyServers.length, threshold);
+  const fullId = createFullId(DST, packageId, id);
+  const encryptedShares = encryptBatched(
+    keyServers,
+    kemType,
+    fromHex(fullId),
+    shares.map(({ share, index }) => ({
+      msg: share,
+      index
+    })),
+    deriveKey(KeyPurpose.EncryptedRandomness, key)
+  );
+  const services = keyServers.map((server, i) => [
+    server.objectId,
+    shares[i].index
+  ]);
+  return {
+    encryptedObject: EncryptedObject.serialize({
+      version: 0,
+      packageId,
+      id,
+      services,
+      threshold,
+      encryptedShares,
+      ciphertext
+    }).toBytes(),
+    key: demKey
+  };
+}
+var KemType = /* @__PURE__ */ ((KemType2) => {
+  KemType2[KemType2["BonehFranklinBLS12381DemCCA"] = 0] = "BonehFranklinBLS12381DemCCA";
+  return KemType2;
+})(KemType || {});
+var DemType = /* @__PURE__ */ ((DemType2) => {
+  DemType2[DemType2["AesGcm256"] = 0] = "AesGcm256";
+  DemType2[DemType2["Hmac256Ctr"] = 1] = "Hmac256Ctr";
+  return DemType2;
+})(DemType || {});
+function encryptBatched(keyServers, kemType, id, shares, randomnessKey) {
+  switch (kemType) {
+    case 0 /* BonehFranklinBLS12381DemCCA */:
+      return new BonehFranklinBLS12381Services(keyServers).encryptBatched(
+        id,
+        shares,
+        randomnessKey
+      );
+  }
+}
+async function split(secret, n, threshold) {
+  if (n === 0 || threshold === 0 || threshold > n) {
+    throw new Error("Invalid threshold or number of shares");
+  } else if (threshold === 1) {
+    const result = [];
+    for (let i = 0; i < n; i++) {
+      result.push({ share: secret, index: i });
+    }
+    return Promise.resolve(result);
+  }
+  return externalSplit(secret, n, threshold).then(
+    (share) => share.map((s) => ({
+      share: s.subarray(0, s.length - 1),
+      // split() returns the share index in the last byte
+      index: s[s.length - 1]
+    }))
+  );
+}
+export {
+  DemType,
+  KemType,
+  MAX_U8,
+  encrypt
+};
+//# sourceMappingURL=encrypt.js.map

package/dist/esm/encrypt.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/encrypt.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\nimport { isValidSuiObjectId } from '@mysten/sui/utils';\nimport { split as externalSplit } from 'shamir-secret-sharing';\n\nimport type { IBEEncryptions } from './bcs.js';\nimport { EncryptedObject } from './bcs.js';\nimport type { EncryptionInput } from './dem.js';\nimport { UserError } from './error.js';\nimport { BonehFranklinBLS12381Services, DST } from './ibe.js';\nimport { deriveKey, KeyPurpose } from './kdf.js';\nimport type { KeyServer } from './key-server.js';\nimport { createFullId } from './utils.js';\n\nexport const MAX_U8 = 255;\n\n/**\n * Given full ID and what key servers to use, return the encrypted message under the identity and return the bcs bytes of the encrypted object.\n *\n * @param keyServers - A list of KeyServers (same server can be used multiple times)\n * @param kemType - The type of KEM to use.\n * @param packageId - packageId\n * @param id - id\n * @param encryptionInput - Input to the encryption. Should be one of the EncryptionInput types, AesGcmEncryptionInput or Plain.\n * @param threshold - The threshold for the TSS encryption.\n * @returns The bcs bytes of the encrypted object containing all metadata and the 256-bit symmetric key that was used to encrypt the object.\n * Since the key can be used to decrypt, it should not be shared but can be used eg. for backup.\n */\nexport async function encrypt({\n\tkeyServers,\n\tkemType,\n\tthreshold,\n\tpackageId,\n\tid,\n\tencryptionInput,\n}: {\n\tkeyServers: KeyServer[];\n\tkemType: KemType;\n\tthreshold: number;\n\tpackageId: string;\n\tid: string;\n\tencryptionInput: EncryptionInput;\n}): Promise<{\n\tencryptedObject: Uint8Array;\n\tkey: Uint8Array;\n}> {\n\t// Check inputs\n\tif (\n\t\tkeyServers.length < threshold ||\n\t\tthreshold === 0 ||\n\t\tkeyServers.length > MAX_U8 ||\n\t\tthreshold > MAX_U8 ||\n\t\t!isValidSuiObjectId(packageId)\n\t) {\n\t\tthrow new UserError(\n\t\t\t`Invalid key servers or threshold ${threshold} for ${keyServers.length} key servers for package ${packageId}`,\n\t\t);\n\t}\n\n\t// Generate a random symmetric key and encrypt the encryption input using this key.\n\tconst key = await encryptionInput.generateKey();\n\tconst demKey = deriveKey(KeyPurpose.DEM, key);\n\tconst ciphertext = await encryptionInput.encrypt(demKey);\n\n\t// Split the symmetric key into shares and encrypt each share with the public keys of the key servers.\n\tconst shares = await split(key, keyServers.length, threshold);\n\n\t// Encrypt the shares with the public keys of the key servers.\n\tconst fullId = createFullId(DST, packageId, id);\n\tconst encryptedShares = encryptBatched(\n\t\tkeyServers,\n\t\tkemType,\n\t\tfromHex(fullId),\n\t\tshares.map(({ share, index }) => ({\n\t\t\tmsg: share,\n\t\t\tindex,\n\t\t})),\n\t\tderiveKey(KeyPurpose.EncryptedRandomness, key),\n\t);\n\n\t// Services and indices of their shares are stored as a tuple\n\tconst services: [string, number][] = keyServers.map((server, i) => [\n\t\tserver.objectId,\n\t\tshares[i].index,\n\t]);\n\n\treturn {\n\t\tencryptedObject: EncryptedObject.serialize({\n\t\t\tversion: 0,\n\t\t\tpackageId,\n\t\t\tid,\n\t\t\tservices,\n\t\t\tthreshold,\n\t\t\tencryptedShares,\n\t\t\tciphertext,\n\t\t}).toBytes(),\n\t\tkey: demKey,\n\t};\n}\n\nexport enum KemType {\n\tBonehFranklinBLS12381DemCCA = 0,\n}\n\nexport enum DemType {\n\tAesGcm256 = 0,\n\tHmac256Ctr = 1,\n}\n\nfunction encryptBatched(\n\tkeyServers: KeyServer[],\n\tkemType: KemType,\n\tid: Uint8Array,\n\tshares: { msg: Uint8Array; index: number }[],\n\trandomnessKey: Uint8Array,\n): typeof IBEEncryptions.$inferType {\n\tswitch (kemType) {\n\t\tcase KemType.BonehFranklinBLS12381DemCCA:\n\t\t\treturn new BonehFranklinBLS12381Services(keyServers).encryptBatched(\n\t\t\t\tid,\n\t\t\t\tshares,\n\t\t\t\trandomnessKey,\n\t\t\t);\n\t}\n}\n\nasync function split(\n\tsecret: Uint8Array,\n\tn: number,\n\tthreshold: number,\n): Promise<{ index: number; share: Uint8Array }[]> {\n\t// The externalSplit function is from the 'shamir-secret-sharing' package and requires t > 1 and n >= 2.\n\t// So we handle the special cases here.\n\tif (n === 0 || threshold === 0 || threshold > n) {\n\t\tthrow new Error('Invalid threshold or number of shares');\n\t} else if (threshold === 1) {\n\t\t// If the threshold is 1, the secret is not split.\n\t\tconst result = [];\n\t\tfor (let i = 0; i < n; i++) {\n\t\t\t// The shared polynomial is a constant in this case, so the index doesn't matter.\n\t\t\t// To make sure they are unique, we use a counter.\n\t\t\tresult.push({ share: secret, index: i });\n\t\t}\n\t\treturn Promise.resolve(result);\n\t}\n\n\treturn externalSplit(secret, n, threshold).then((share) =>\n\t\tshare.map((s) => ({\n\t\t\tshare: s.subarray(0, s.length - 1),\n\t\t\t// split() returns the share index in the last byte\n\t\t\tindex: s[s.length - 1],\n\t\t})),\n\t);\n}\n"],
+  "mappings": "AAGA,SAAS,eAAe;AACxB,SAAS,0BAA0B;AACnC,SAAS,SAAS,qBAAqB;AAGvC,SAAS,uBAAuB;AAEhC,SAAS,iBAAiB;AAC1B,SAAS,+BAA+B,WAAW;AACnD,SAAS,WAAW,kBAAkB;AAEtC,SAAS,oBAAoB;AAEtB,MAAM,SAAS;AActB,eAAsB,QAAQ;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACD,GAUG;AAEF,MACC,WAAW,SAAS,aACpB,cAAc,KACd,WAAW,SAAS,UACpB,YAAY,UACZ,CAAC,mBAAmB,SAAS,GAC5B;AACD,UAAM,IAAI;AAAA,MACT,oCAAoC,SAAS,QAAQ,WAAW,MAAM,4BAA4B,SAAS;AAAA,IAC5G;AAAA,EACD;AAGA,QAAM,MAAM,MAAM,gBAAgB,YAAY;AAC9C,QAAM,SAAS,UAAU,WAAW,KAAK,GAAG;AAC5C,QAAM,aAAa,MAAM,gBAAgB,QAAQ,MAAM;AAGvD,QAAM,SAAS,MAAM,MAAM,KAAK,WAAW,QAAQ,SAAS;AAG5D,QAAM,SAAS,aAAa,KAAK,WAAW,EAAE;AAC9C,QAAM,kBAAkB;AAAA,IACvB;AAAA,IACA;AAAA,IACA,QAAQ,MAAM;AAAA,IACd,OAAO,IAAI,CAAC,EAAE,OAAO,MAAM,OAAO;AAAA,MACjC,KAAK;AAAA,MACL;AAAA,IACD,EAAE;AAAA,IACF,UAAU,WAAW,qBAAqB,GAAG;AAAA,EAC9C;AAGA,QAAM,WAA+B,WAAW,IAAI,CAAC,QAAQ,MAAM;AAAA,IAClE,OAAO;AAAA,IACP,OAAO,CAAC,EAAE;AAAA,EACX,CAAC;AAED,SAAO;AAAA,IACN,iBAAiB,gBAAgB,UAAU;AAAA,MAC1C,SAAS;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACD,CAAC,EAAE,QAAQ;AAAA,IACX,KAAK;AAAA,EACN;AACD;AAEO,IAAK,UAAL,kBAAKA,aAAL;AACN,EAAAA,kBAAA,iCAA8B,KAA9B;AADW,SAAAA;AAAA,GAAA;AAIL,IAAK,UAAL,kBAAKC,aAAL;AACN,EAAAA,kBAAA,eAAY,KAAZ;AACA,EAAAA,kBAAA,gBAAa,KAAb;AAFW,SAAAA;AAAA,GAAA;AAKZ,SAAS,eACR,YACA,SACA,IACA,QACA,eACmC;AACnC,UAAQ,SAAS;AAAA,IAChB,KAAK;AACJ,aAAO,IAAI,8BAA8B,UAAU,EAAE;AAAA,QACpD;AAAA,QACA;AAAA,QACA;AAAA,MACD;AAAA,EACF;AACD;AAEA,eAAe,MACd,QACA,GACA,WACkD;AAGlD,MAAI,MAAM,KAAK,cAAc,KAAK,YAAY,GAAG;AAChD,UAAM,IAAI,MAAM,uCAAuC;AAAA,EACxD,WAAW,cAAc,GAAG;AAE3B,UAAM,SAAS,CAAC;AAChB,aAAS,IAAI,GAAG,IAAI,GAAG,KAAK;AAG3B,aAAO,KAAK,EAAE,OAAO,QAAQ,OAAO,EAAE,CAAC;AAAA,IACxC;AACA,WAAO,QAAQ,QAAQ,MAAM;AAAA,EAC9B;AAEA,SAAO,cAAc,QAAQ,GAAG,SAAS,EAAE;AAAA,IAAK,CAAC,UAChD,MAAM,IAAI,CAAC,OAAO;AAAA,MACjB,OAAO,EAAE,SAAS,GAAG,EAAE,SAAS,CAAC;AAAA;AAAA,MAEjC,OAAO,EAAE,EAAE,SAAS,CAAC;AAAA,IACtB,EAAE;AAAA,EACH;AACD;",
+  "names": ["KemType", "DemType"]
+}

package/dist/esm/error.d.ts ADDED Viewed

@@ -0,0 +1,58 @@
+export declare class SealError extends Error {
+}
+export declare class UserError extends SealError {
+}
+export declare class SealAPIError extends SealError {
+    #private;
+    requestId?: string | undefined;
+    status?: number | undefined;
+    constructor(message: string, requestId?: string | undefined, status?: number | undefined);
+    static assertResponse(response: Response, requestId: string): Promise<void>;
+}
+export declare class InvalidPTBError extends SealAPIError {
+    constructor(requestId?: string);
+}
+export declare class InvalidPackageError extends SealAPIError {
+    constructor(requestId?: string);
+}
+export declare class OldPackageError extends SealAPIError {
+    constructor(requestId?: string);
+}
+export declare class InvalidUserSignatureError extends SealAPIError {
+    constructor(requestId?: string);
+}
+export declare class InvalidSessionKeySignatureError extends SealAPIError {
+    constructor(requestId?: string);
+}
+/** Server error indicating that the user does not have access to one or more of the requested keys */
+export declare class NoAccessError extends SealAPIError {
+    constructor(requestId?: string);
+}
+/** Server error indicating that the session key has expired */
+export declare class ExpiredSessionKeyError extends SealAPIError {
+    constructor(requestId?: string);
+}
+/** Internal server error, caller should retry */
+export declare class InternalError extends SealAPIError {
+    constructor(requestId?: string);
+}
+/** General server errors that are not specific to the Seal API (e.g., 404 "Not Found") */
+export declare class GeneralError extends SealAPIError {
+}
+export declare class InvalidPersonalMessageSignatureError extends UserError {
+}
+export declare class InvalidGetObjectError extends UserError {
+}
+export declare class UnsupportedFeatureError extends UserError {
+}
+export declare class UnsupportedNetworkError extends UserError {
+}
+export declare class InvalidKeyServerError extends UserError {
+}
+export declare class InvalidCiphertextError extends UserError {
+}
+export declare class InvalidThresholdError extends UserError {
+}
+export declare class InconsistentKeyServersError extends UserError {
+}
+export declare function toMajorityError(errors: Error[]): Error;

package/dist/esm/error.js ADDED Viewed

@@ -0,0 +1,155 @@
+var __typeError = (msg) => {
+  throw TypeError(msg);
+};
+var __accessCheck = (obj, member, msg) => member.has(obj) || __typeError("Cannot " + msg);
+var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot add the same private member more than once") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
+var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "access private method"), method);
+var _SealAPIError_static, generate_fn;
+class SealError extends Error {
+}
+class UserError extends SealError {
+}
+const _SealAPIError = class _SealAPIError extends SealError {
+  constructor(message, requestId, status) {
+    super(message);
+    this.requestId = requestId;
+    this.status = status;
+  }
+  static async assertResponse(response, requestId) {
+    var _a;
+    if (response.ok) {
+      return;
+    }
+    let errorInstance;
+    try {
+      const text = await response.text();
+      const error = JSON.parse(text)["error"];
+      errorInstance = __privateMethod(_a = _SealAPIError, _SealAPIError_static, generate_fn).call(_a, error, requestId);
+    } catch (e) {
+      errorInstance = new GeneralError(response.statusText, requestId, response.status);
+    }
+    throw errorInstance;
+  }
+};
+_SealAPIError_static = new WeakSet();
+generate_fn = function(message, requestId, status) {
+  switch (message) {
+    case "InvalidPTB":
+      return new InvalidPTBError(requestId);
+    case "InvalidPackage":
+      return new InvalidPackageError(requestId);
+    case "NoAccess":
+      return new NoAccessError(requestId);
+    case "InvalidCertificate":
+      return new ExpiredSessionKeyError(requestId);
+    case "OldPackageVersion":
+      return new OldPackageError(requestId);
+    case "InvalidSignature":
+      return new InvalidUserSignatureError(requestId);
+    case "InvalidSessionSignature":
+      return new InvalidSessionKeySignatureError(requestId);
+    case "Failure":
+      return new InternalError(requestId);
+    default:
+      return new GeneralError(message, requestId, status);
+  }
+};
+__privateAdd(_SealAPIError, _SealAPIError_static);
+let SealAPIError = _SealAPIError;
+class InvalidPTBError extends SealAPIError {
+  constructor(requestId) {
+    super("PTB does not conform to the expected format", requestId);
+  }
+}
+class InvalidPackageError extends SealAPIError {
+  constructor(requestId) {
+    super("Package ID used in PTB is invalid", requestId);
+  }
+}
+class OldPackageError extends SealAPIError {
+  constructor(requestId) {
+    super("PTB must call the latest version of the package", requestId);
+  }
+}
+class InvalidUserSignatureError extends SealAPIError {
+  constructor(requestId) {
+    super("User signature on the session key is invalid", requestId);
+  }
+}
+class InvalidSessionKeySignatureError extends SealAPIError {
+  constructor(requestId) {
+    super("Session key signature is invalid", requestId);
+  }
+}
+class NoAccessError extends SealAPIError {
+  constructor(requestId) {
+    super("User does not have access to one or more of the requested keys", requestId);
+  }
+}
+class ExpiredSessionKeyError extends SealAPIError {
+  constructor(requestId) {
+    super("Session key has expired", requestId);
+  }
+}
+class InternalError extends SealAPIError {
+  constructor(requestId) {
+    super("Internal server error, caller should retry", requestId);
+  }
+}
+class GeneralError extends SealAPIError {
+}
+class InvalidPersonalMessageSignatureError extends UserError {
+}
+class InvalidGetObjectError extends UserError {
+}
+class UnsupportedFeatureError extends UserError {
+}
+class UnsupportedNetworkError extends UserError {
+}
+class InvalidKeyServerError extends UserError {
+}
+class InvalidCiphertextError extends UserError {
+}
+class InvalidThresholdError extends UserError {
+}
+class InconsistentKeyServersError extends UserError {
+}
+function toMajorityError(errors) {
+  let maxCount = 0;
+  let majorityError = errors[0];
+  const counts = /* @__PURE__ */ new Map();
+  for (const error of errors) {
+    const errorName = error.constructor.name;
+    const newCount = (counts.get(errorName) || 0) + 1;
+    counts.set(errorName, newCount);
+    if (newCount > maxCount) {
+      maxCount = newCount;
+      majorityError = error;
+    }
+  }
+  return majorityError;
+}
+export {
+  ExpiredSessionKeyError,
+  GeneralError,
+  InconsistentKeyServersError,
+  InternalError,
+  InvalidCiphertextError,
+  InvalidGetObjectError,
+  InvalidKeyServerError,
+  InvalidPTBError,
+  InvalidPackageError,
+  InvalidPersonalMessageSignatureError,
+  InvalidSessionKeySignatureError,
+  InvalidThresholdError,
+  InvalidUserSignatureError,
+  NoAccessError,
+  OldPackageError,
+  SealAPIError,
+  SealError,
+  UnsupportedFeatureError,
+  UnsupportedNetworkError,
+  UserError,
+  toMajorityError
+};
+//# sourceMappingURL=error.js.map

package/dist/esm/error.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/error.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nexport class SealError extends Error {}\n\nexport class UserError extends SealError {}\n\n// Errors returned by the Seal server\nexport class SealAPIError extends SealError {\n\tconstructor(\n\t\tmessage: string,\n\t\tpublic requestId?: string,\n\t\tpublic status?: number,\n\t) {\n\t\tsuper(message);\n\t}\n\n\tstatic #generate(message: string, requestId: string, status?: number) {\n\t\tswitch (message) {\n\t\t\tcase 'InvalidPTB':\n\t\t\t\treturn new InvalidPTBError(requestId);\n\t\t\tcase 'InvalidPackage':\n\t\t\t\treturn new InvalidPackageError(requestId);\n\t\t\tcase 'NoAccess':\n\t\t\t\treturn new NoAccessError(requestId);\n\t\t\tcase 'InvalidCertificate':\n\t\t\t\treturn new ExpiredSessionKeyError(requestId);\n\t\t\tcase 'OldPackageVersion':\n\t\t\t\treturn new OldPackageError(requestId);\n\t\t\tcase 'InvalidSignature':\n\t\t\t\treturn new InvalidUserSignatureError(requestId);\n\t\t\tcase 'InvalidSessionSignature':\n\t\t\t\treturn new InvalidSessionKeySignatureError(requestId);\n\t\t\tcase 'Failure':\n\t\t\t\treturn new InternalError(requestId);\n\t\t\tdefault:\n\t\t\t\treturn new GeneralError(message, requestId, status);\n\t\t}\n\t}\n\n\tstatic async assertResponse(response: Response, requestId: string) {\n\t\tif (response.ok) {\n\t\t\treturn;\n\t\t}\n\t\tlet errorInstance: SealAPIError;\n\t\ttry {\n\t\t\tconst text = await response.text();\n\t\t\tconst error = JSON.parse(text)['error'];\n\t\t\terrorInstance = SealAPIError.#generate(error, requestId);\n\t\t} catch (e) {\n\t\t\t// If we can't parse the response as JSON or if it doesn't have the expected format,\n\t\t\t// fall back to using the status text\n\t\t\terrorInstance = new GeneralError(response.statusText, requestId, response.status);\n\t\t}\n\t\tthrow errorInstance;\n\t}\n}\n\n// Errors returned by the Seal server that indicate that the PTB is invalid\n\nexport class InvalidPTBError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('PTB does not conform to the expected format', requestId);\n\t}\n}\n\nexport class InvalidPackageError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Package ID used in PTB is invalid', requestId);\n\t}\n}\n\nexport class OldPackageError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('PTB must call the latest version of the package', requestId);\n\t}\n}\n\n// Errors returned by the Seal server that indicate that the user's signature is invalid\n\nexport class InvalidUserSignatureError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('User signature on the session key is invalid', requestId);\n\t}\n}\n\nexport class InvalidSessionKeySignatureError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Session key signature is invalid', requestId);\n\t}\n}\n\n/** Server error indicating that the user does not have access to one or more of the requested keys */\nexport class NoAccessError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('User does not have access to one or more of the requested keys', requestId);\n\t}\n}\n\n/** Server error indicating that the session key has expired */\nexport class ExpiredSessionKeyError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Session key has expired', requestId);\n\t}\n}\n\n/** Internal server error, caller should retry */\nexport class InternalError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Internal server error, caller should retry', requestId);\n\t}\n}\n\n/** General server errors that are not specific to the Seal API (e.g., 404 \"Not Found\") */\nexport class GeneralError extends SealAPIError {}\n\n// Errors returned by the SDK\nexport class InvalidPersonalMessageSignatureError extends UserError {}\nexport class InvalidGetObjectError extends UserError {}\nexport class UnsupportedFeatureError extends UserError {}\nexport class UnsupportedNetworkError extends UserError {}\nexport class InvalidKeyServerError extends UserError {}\nexport class InvalidCiphertextError extends UserError {}\nexport class InvalidThresholdError extends UserError {}\nexport class InconsistentKeyServersError extends UserError {}\n\nexport function toMajorityError(errors: Error[]): Error {\n\tlet maxCount = 0;\n\tlet majorityError = errors[0];\n\tconst counts = new Map<string, number>();\n\tfor (const error of errors) {\n\t\tconst errorName = error.constructor.name;\n\t\tconst newCount = (counts.get(errorName) || 0) + 1;\n\t\tcounts.set(errorName, newCount);\n\n\t\tif (newCount > maxCount) {\n\t\t\tmaxCount = newCount;\n\t\t\tmajorityError = error;\n\t\t}\n\t}\n\n\treturn majorityError;\n}\n"],
+  "mappings": ";;;;;;AAAA;AAGO,MAAM,kBAAkB,MAAM;AAAC;AAE/B,MAAM,kBAAkB,UAAU;AAAC;AAGnC,MAAM,gBAAN,MAAM,sBAAqB,UAAU;AAAA,EAC3C,YACC,SACO,WACA,QACN;AACD,UAAM,OAAO;AAHN;AACA;AAAA,EAGR;AAAA,EAyBA,aAAa,eAAe,UAAoB,WAAmB;AAxCpE;AAyCE,QAAI,SAAS,IAAI;AAChB;AAAA,IACD;AACA,QAAI;AACJ,QAAI;AACH,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAM,QAAQ,KAAK,MAAM,IAAI,EAAE,OAAO;AACtC,sBAAgB,oCAAa,mCAAb,SAAuB,OAAO;AAAA,IAC/C,SAAS,GAAG;AAGX,sBAAgB,IAAI,aAAa,SAAS,YAAY,WAAW,SAAS,MAAM;AAAA,IACjF;AACA,UAAM;AAAA,EACP;AACD;AAhDO;AASC,cAAS,SAAC,SAAiB,WAAmB,QAAiB;AACrE,UAAQ,SAAS;AAAA,IAChB,KAAK;AACJ,aAAO,IAAI,gBAAgB,SAAS;AAAA,IACrC,KAAK;AACJ,aAAO,IAAI,oBAAoB,SAAS;AAAA,IACzC,KAAK;AACJ,aAAO,IAAI,cAAc,SAAS;AAAA,IACnC,KAAK;AACJ,aAAO,IAAI,uBAAuB,SAAS;AAAA,IAC5C,KAAK;AACJ,aAAO,IAAI,gBAAgB,SAAS;AAAA,IACrC,KAAK;AACJ,aAAO,IAAI,0BAA0B,SAAS;AAAA,IAC/C,KAAK;AACJ,aAAO,IAAI,gCAAgC,SAAS;AAAA,IACrD,KAAK;AACJ,aAAO,IAAI,cAAc,SAAS;AAAA,IACnC;AACC,aAAO,IAAI,aAAa,SAAS,WAAW,MAAM;AAAA,EACpD;AACD;AA9BM,aAAM,eAAN;AAAA,IAAM,eAAN;AAoDA,MAAM,wBAAwB,aAAa;AAAA,EACjD,YAAY,WAAoB;AAC/B,UAAM,+CAA+C,SAAS;AAAA,EAC/D;AACD;AAEO,MAAM,4BAA4B,aAAa;AAAA,EACrD,YAAY,WAAoB;AAC/B,UAAM,qCAAqC,SAAS;AAAA,EACrD;AACD;AAEO,MAAM,wBAAwB,aAAa;AAAA,EACjD,YAAY,WAAoB;AAC/B,UAAM,mDAAmD,SAAS;AAAA,EACnE;AACD;AAIO,MAAM,kCAAkC,aAAa;AAAA,EAC3D,YAAY,WAAoB;AAC/B,UAAM,gDAAgD,SAAS;AAAA,EAChE;AACD;AAEO,MAAM,wCAAwC,aAAa;AAAA,EACjE,YAAY,WAAoB;AAC/B,UAAM,oCAAoC,SAAS;AAAA,EACpD;AACD;AAGO,MAAM,sBAAsB,aAAa;AAAA,EAC/C,YAAY,WAAoB;AAC/B,UAAM,kEAAkE,SAAS;AAAA,EAClF;AACD;AAGO,MAAM,+BAA+B,aAAa;AAAA,EACxD,YAAY,WAAoB;AAC/B,UAAM,2BAA2B,SAAS;AAAA,EAC3C;AACD;AAGO,MAAM,sBAAsB,aAAa;AAAA,EAC/C,YAAY,WAAoB;AAC/B,UAAM,8CAA8C,SAAS;AAAA,EAC9D;AACD;AAGO,MAAM,qBAAqB,aAAa;AAAC;AAGzC,MAAM,6CAA6C,UAAU;AAAC;AAC9D,MAAM,8BAA8B,UAAU;AAAC;AAC/C,MAAM,gCAAgC,UAAU;AAAC;AACjD,MAAM,gCAAgC,UAAU;AAAC;AACjD,MAAM,8BAA8B,UAAU;AAAC;AAC/C,MAAM,+BAA+B,UAAU;AAAC;AAChD,MAAM,8BAA8B,UAAU;AAAC;AAC/C,MAAM,oCAAoC,UAAU;AAAC;AAErD,SAAS,gBAAgB,QAAwB;AACvD,MAAI,WAAW;AACf,MAAI,gBAAgB,OAAO,CAAC;AAC5B,QAAM,SAAS,oBAAI,IAAoB;AACvC,aAAW,SAAS,QAAQ;AAC3B,UAAM,YAAY,MAAM,YAAY;AACpC,UAAM,YAAY,OAAO,IAAI,SAAS,KAAK,KAAK;AAChD,WAAO,IAAI,WAAW,QAAQ;AAE9B,QAAI,WAAW,UAAU;AACxB,iBAAW;AACX,sBAAgB;AAAA,IACjB;AAAA,EACD;AAEA,SAAO;AACR;",
+  "names": []
+}