@mysten/seal 0.2.0 → 0.3.0

package/dist/esm/session-key.d.ts

@@ -1,36 +1,42 @@
+import type { Signer } from '@mysten/sui/cryptography';
 export declare const RequestFormat: import("@mysten/bcs").BcsType<{
     ptb: number[];
-    enc_key: number[];
-    enc_verification_key: number[];
+    encKey: number[];
+    encVerificationKey: number[];
 }, {
     ptb: Iterable<number> & {
         length: number;
     };
-    enc_key: Iterable<number> & {
+    encKey: Iterable<number> & {
         length: number;
     };
-    enc_verification_key: Iterable<number> & {
+    encVerificationKey: Iterable<number> & {
         length: number;
     };
 }>;
 export type Certificate = {
+    user: string;
     session_vk: string;
     creation_time: number;
     ttl_min: number;
     signature: string;
 };
 export declare class SessionKey {
-    private packageId;
-    private creationTime;
-    private ttlMin;
-    private session_key;
-    private personalMessageSignature;
-    constructor(packageId: Uint8Array, ttlMin: number);
+    #private;
+    constructor({ address, packageId, ttlMin, signer, }: {
+        address: string;
+        packageId: string;
+        ttlMin: number;
+        signer?: Signer;
+    });
+    isExpired(): boolean;
+    getAddress(): string;
+    getPackageId(): string;
     getPersonalMessage(): Uint8Array;
-    setPersonalMessageSignature(personalMessageSignature: string): void;
-    getCertificate(): Certificate;
+    setPersonalMessageSignature(personalMessageSignature: string): Promise<void>;
+    getCertificate(): Promise<Certificate>;
     createRequestParams(txBytes: Uint8Array): Promise<{
-        decryption_key: Uint8Array;
-        request_signature: string;
+        decryptionKey: Uint8Array;
+        requestSignature: string;
     }>;
 }

package/dist/esm/session-key.js

@@ -1,51 +1,122 @@
-import { toBase64, toHex } from "@mysten/bcs";
+var __typeError = (msg) => {
+  throw TypeError(msg);
+};
+var __accessCheck = (obj, member, msg) => member.has(obj) || __typeError("Cannot " + msg);
+var __privateGet = (obj, member, getter) => (__accessCheck(obj, member, "read from private field"), getter ? getter.call(obj) : member.get(obj));
+var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot add the same private member more than once") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
+var __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, "write to private field"), setter ? setter.call(obj, value) : member.set(obj, value), value);
+var _address, _packageId, _creationTimeMs, _ttlMin, _sessionKey, _personalMessageSignature, _signer;
+import { toBase64 } from "@mysten/bcs";
 import { bcs } from "@mysten/sui/bcs";
+import { SuiGraphQLClient } from "@mysten/sui/graphql";
 import { Ed25519Keypair } from "@mysten/sui/keypairs/ed25519";
+import { isValidSuiAddress, isValidSuiObjectId } from "@mysten/sui/utils";
+import { verifyPersonalMessageSignature } from "@mysten/sui/verify";
 import { generateSecretKey, toPublicKey, toVerificationKey } from "./elgamal.js";
+import {
+  ExpiredSessionKeyError,
+  InvalidPersonalMessageSignatureError,
+  UserError
+} from "./error.js";
 const RequestFormat = bcs.struct("RequestFormat", {
   ptb: bcs.vector(bcs.U8),
-  enc_key: bcs.vector(bcs.U8),
-  enc_verification_key: bcs.vector(bcs.U8)
+  encKey: bcs.vector(bcs.U8),
+  encVerificationKey: bcs.vector(bcs.U8)
 });
 class SessionKey {
-  constructor(packageId, ttlMin) {
-    this.packageId = packageId;
-    this.creationTime = Date.now();
-    this.ttlMin = ttlMin;
-    this.session_key = Ed25519Keypair.generate();
-    this.personalMessageSignature = "";
+  constructor({
+    address,
+    packageId,
+    ttlMin,
+    signer
+  }) {
+    __privateAdd(this, _address);
+    __privateAdd(this, _packageId);
+    __privateAdd(this, _creationTimeMs);
+    __privateAdd(this, _ttlMin);
+    __privateAdd(this, _sessionKey);
+    __privateAdd(this, _personalMessageSignature);
+    __privateAdd(this, _signer);
+    if (!isValidSuiObjectId(packageId) || !isValidSuiAddress(address)) {
+      throw new UserError(`Invalid package ID ${packageId} or address ${address}`);
+    }
+    if (ttlMin > 10 || ttlMin < 1) {
+      throw new UserError(`Invalid TTL ${ttlMin}, must be between 1 and 10`);
+    }
+    __privateSet(this, _address, address);
+    __privateSet(this, _packageId, packageId);
+    __privateSet(this, _creationTimeMs, Date.now());
+    __privateSet(this, _ttlMin, ttlMin);
+    __privateSet(this, _sessionKey, Ed25519Keypair.generate());
+    __privateSet(this, _signer, signer);
+  }
+  isExpired() {
+    return __privateGet(this, _creationTimeMs) + __privateGet(this, _ttlMin) * 60 * 1e3 - 1e4 < Date.now();
+  }
+  getAddress() {
+    return __privateGet(this, _address);
+  }
+  getPackageId() {
+    return __privateGet(this, _packageId);
   }
   getPersonalMessage() {
-    const message = `Requesting access to keys of package ${toHex(this.packageId)} for ${this.ttlMin} mins, session key ${toBase64(this.session_key.getPublicKey().toRawBytes())}, created at ${this.creationTime}`;
+    const creationTimeUtc = new Date(__privateGet(this, _creationTimeMs)).toISOString().slice(0, 19).replace("T", " ") + " UTC";
+    const message = `Accessing keys of package ${__privateGet(this, _packageId)} for ${__privateGet(this, _ttlMin)} mins from ${creationTimeUtc}, session key ${toBase64(__privateGet(this, _sessionKey).getPublicKey().toRawBytes())}`;
     return new TextEncoder().encode(message);
   }
-  setPersonalMessageSignature(personalMessageSignature) {
-    this.personalMessageSignature = personalMessageSignature;
+  async setPersonalMessageSignature(personalMessageSignature) {
+    try {
+      await verifyPersonalMessageSignature(this.getPersonalMessage(), personalMessageSignature, {
+        address: __privateGet(this, _address),
+        client: new SuiGraphQLClient({
+          url: "https://sui-testnet.mystenlabs.com/graphql"
+        })
+      });
+      __privateSet(this, _personalMessageSignature, personalMessageSignature);
+    } catch (e) {
+      throw new InvalidPersonalMessageSignatureError("Not valid");
+    }
   }
-  getCertificate() {
-    if (this.personalMessageSignature === "") {
-      throw new Error("Personal message signature is not set");
+  async getCertificate() {
+    if (!__privateGet(this, _personalMessageSignature)) {
+      if (__privateGet(this, _signer)) {
+        const { signature } = await __privateGet(this, _signer).signPersonalMessage(this.getPersonalMessage());
+        __privateSet(this, _personalMessageSignature, signature);
+      } else {
+        throw new InvalidPersonalMessageSignatureError("Personal message signature is not set");
+      }
     }
     return {
-      session_vk: toBase64(this.session_key.getPublicKey().toRawBytes()),
-      creation_time: this.creationTime,
-      ttl_min: this.ttlMin,
-      signature: this.personalMessageSignature
+      user: __privateGet(this, _address),
+      session_vk: toBase64(__privateGet(this, _sessionKey).getPublicKey().toRawBytes()),
+      creation_time: __privateGet(this, _creationTimeMs),
+      ttl_min: __privateGet(this, _ttlMin),
+      signature: __privateGet(this, _personalMessageSignature)
     };
   }
   async createRequestParams(txBytes) {
-    let eg_sk = generateSecretKey();
+    if (this.isExpired()) {
+      throw new ExpiredSessionKeyError();
+    }
+    const egSk = generateSecretKey();
     const msgToSign = RequestFormat.serialize({
       ptb: txBytes.slice(1),
-      enc_key: toPublicKey(eg_sk),
-      enc_verification_key: toVerificationKey(eg_sk)
+      encKey: toPublicKey(egSk),
+      encVerificationKey: toVerificationKey(egSk)
     }).toBytes();
     return {
-      decryption_key: eg_sk,
-      request_signature: toBase64(await this.session_key.sign(msgToSign))
+      decryptionKey: egSk,
+      requestSignature: toBase64(await __privateGet(this, _sessionKey).sign(msgToSign))
     };
   }
 }
+_address = new WeakMap();
+_packageId = new WeakMap();
+_creationTimeMs = new WeakMap();
+_ttlMin = new WeakMap();
+_sessionKey = new WeakMap();
+_personalMessageSignature = new WeakMap();
+_signer = new WeakMap();
 export {
   RequestFormat,
   SessionKey

package/dist/esm/session-key.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../src/session-key.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { toBase64, toHex } from '@mysten/bcs';\nimport { bcs } from '@mysten/sui/bcs';\nimport { Ed25519Keypair } from '@mysten/sui/keypairs/ed25519';\n\nimport { generateSecretKey, toPublicKey, toVerificationKey } from './elgamal.js';\n\nexport const RequestFormat = bcs.struct('RequestFormat', {\n\tptb: bcs.vector(bcs.U8),\n\tenc_key: bcs.vector(bcs.U8),\n\tenc_verification_key: bcs.vector(bcs.U8),\n});\n\nexport type Certificate = {\n\tsession_vk: string;\n\tcreation_time: number;\n\tttl_min: number;\n\tsignature: string;\n};\n\nexport class SessionKey {\n\tprivate packageId: Uint8Array;\n\tprivate creationTime: number;\n\tprivate ttlMin: number;\n\tprivate session_key: Ed25519Keypair;\n\tprivate personalMessageSignature: string;\n\n\tconstructor(packageId: Uint8Array, ttlMin: number) {\n\t\tthis.packageId = packageId;\n\t\tthis.creationTime = Date.now();\n\t\tthis.ttlMin = ttlMin;\n\t\tthis.session_key = Ed25519Keypair.generate();\n\t\tthis.personalMessageSignature = '';\n\t}\n\n\tgetPersonalMessage(): Uint8Array {\n\t\t// TODO: decide if we want 0x on the server end\n\t\tconst message = `Requesting access to keys of package ${toHex(this.packageId)} for ${this.ttlMin} mins, session key ${toBase64(this.session_key.getPublicKey().toRawBytes())}, created at ${this.creationTime}`;\n\t\treturn new TextEncoder().encode(message);\n\t}\n\n\tsetPersonalMessageSignature(personalMessageSignature: string) {\n\t\tthis.personalMessageSignature = personalMessageSignature;\n\t}\n\n\tgetCertificate(): Certificate {\n\t\tif (this.personalMessageSignature === '') {\n\t\t\tthrow new Error('Personal message signature is not set');\n\t\t}\n\t\treturn {\n\t\t\tsession_vk: toBase64(this.session_key.getPublicKey().toRawBytes()),\n\t\t\tcreation_time: this.creationTime,\n\t\t\tttl_min: this.ttlMin,\n\t\t\tsignature: this.personalMessageSignature,\n\t\t};\n\t}\n\n\tasync createRequestParams(\n\t\ttxBytes: Uint8Array,\n\t): Promise<{ decryption_key: Uint8Array; request_signature: string }> {\n\t\tlet eg_sk = generateSecretKey();\n\t\tconst msgToSign = RequestFormat.serialize({\n\t\t\tptb: txBytes.slice(1),\n\t\t\tenc_key: toPublicKey(eg_sk),\n\t\t\tenc_verification_key: toVerificationKey(eg_sk),\n\t\t}).toBytes();\n\t\treturn {\n\t\t\tdecryption_key: eg_sk,\n\t\t\trequest_signature: toBase64(await this.session_key.sign(msgToSign)),\n\t\t};\n\t}\n}\n"],
-  "mappings": "AAGA,SAAS,UAAU,aAAa;AAChC,SAAS,WAAW;AACpB,SAAS,sBAAsB;AAE/B,SAAS,mBAAmB,aAAa,yBAAyB;AAE3D,MAAM,gBAAgB,IAAI,OAAO,iBAAiB;AAAA,EACxD,KAAK,IAAI,OAAO,IAAI,EAAE;AAAA,EACtB,SAAS,IAAI,OAAO,IAAI,EAAE;AAAA,EAC1B,sBAAsB,IAAI,OAAO,IAAI,EAAE;AACxC,CAAC;AASM,MAAM,WAAW;AAAA,EAOvB,YAAY,WAAuB,QAAgB;AAClD,SAAK,YAAY;AACjB,SAAK,eAAe,KAAK,IAAI;AAC7B,SAAK,SAAS;AACd,SAAK,cAAc,eAAe,SAAS;AAC3C,SAAK,2BAA2B;AAAA,EACjC;AAAA,EAEA,qBAAiC;AAEhC,UAAM,UAAU,wCAAwC,MAAM,KAAK,SAAS,CAAC,QAAQ,KAAK,MAAM,sBAAsB,SAAS,KAAK,YAAY,aAAa,EAAE,WAAW,CAAC,CAAC,gBAAgB,KAAK,YAAY;AAC7M,WAAO,IAAI,YAAY,EAAE,OAAO,OAAO;AAAA,EACxC;AAAA,EAEA,4BAA4B,0BAAkC;AAC7D,SAAK,2BAA2B;AAAA,EACjC;AAAA,EAEA,iBAA8B;AAC7B,QAAI,KAAK,6BAA6B,IAAI;AACzC,YAAM,IAAI,MAAM,uCAAuC;AAAA,IACxD;AACA,WAAO;AAAA,MACN,YAAY,SAAS,KAAK,YAAY,aAAa,EAAE,WAAW,CAAC;AAAA,MACjE,eAAe,KAAK;AAAA,MACpB,SAAS,KAAK;AAAA,MACd,WAAW,KAAK;AAAA,IACjB;AAAA,EACD;AAAA,EAEA,MAAM,oBACL,SACqE;AACrE,QAAI,QAAQ,kBAAkB;AAC9B,UAAM,YAAY,cAAc,UAAU;AAAA,MACzC,KAAK,QAAQ,MAAM,CAAC;AAAA,MACpB,SAAS,YAAY,KAAK;AAAA,MAC1B,sBAAsB,kBAAkB,KAAK;AAAA,IAC9C,CAAC,EAAE,QAAQ;AACX,WAAO;AAAA,MACN,gBAAgB;AAAA,MAChB,mBAAmB,SAAS,MAAM,KAAK,YAAY,KAAK,SAAS,CAAC;AAAA,IACnE;AAAA,EACD;AACD;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { toBase64 } from '@mysten/bcs';\nimport { bcs } from '@mysten/sui/bcs';\nimport type { Signer } from '@mysten/sui/cryptography';\nimport { SuiGraphQLClient } from '@mysten/sui/graphql';\nimport { Ed25519Keypair } from '@mysten/sui/keypairs/ed25519';\nimport { isValidSuiAddress, isValidSuiObjectId } from '@mysten/sui/utils';\nimport { verifyPersonalMessageSignature } from '@mysten/sui/verify';\n\nimport { generateSecretKey, toPublicKey, toVerificationKey } from './elgamal.js';\nimport {\n\tExpiredSessionKeyError,\n\tInvalidPersonalMessageSignatureError,\n\tUserError,\n} from './error.js';\n\nexport const RequestFormat = bcs.struct('RequestFormat', {\n\tptb: bcs.vector(bcs.U8),\n\tencKey: bcs.vector(bcs.U8),\n\tencVerificationKey: bcs.vector(bcs.U8),\n});\n\nexport type Certificate = {\n\tuser: string;\n\tsession_vk: string;\n\tcreation_time: number;\n\tttl_min: number;\n\tsignature: string;\n};\n\nexport class SessionKey {\n\t#address: string;\n\t#packageId: string;\n\t#creationTimeMs: number;\n\t#ttlMin: number;\n\t#sessionKey: Ed25519Keypair;\n\t#personalMessageSignature?: string;\n\t#signer?: Signer;\n\n\tconstructor({\n\t\taddress,\n\t\tpackageId,\n\t\tttlMin,\n\t\tsigner,\n\t}: {\n\t\taddress: string;\n\t\tpackageId: string;\n\t\tttlMin: number;\n\t\tsigner?: Signer;\n\t}) {\n\t\tif (!isValidSuiObjectId(packageId) || !isValidSuiAddress(address)) {\n\t\t\tthrow new UserError(`Invalid package ID ${packageId} or address ${address}`);\n\t\t}\n\t\tif (ttlMin > 10 || ttlMin < 1) {\n\t\t\tthrow new UserError(`Invalid TTL ${ttlMin}, must be between 1 and 10`);\n\t\t}\n\n\t\tthis.#address = address;\n\t\tthis.#packageId = packageId;\n\t\tthis.#creationTimeMs = Date.now();\n\t\tthis.#ttlMin = ttlMin;\n\t\tthis.#sessionKey = Ed25519Keypair.generate();\n\t\tthis.#signer = signer;\n\t}\n\n\tisExpired(): boolean {\n\t\t// Allow 10 seconds for clock skew\n\t\treturn this.#creationTimeMs + this.#ttlMin * 60 * 1000 - 10_000 < Date.now();\n\t}\n\n\tgetAddress(): string {\n\t\treturn this.#address;\n\t}\n\n\tgetPackageId(): string {\n\t\treturn this.#packageId;\n\t}\n\n\tgetPersonalMessage(): Uint8Array {\n\t\tconst creationTimeUtc =\n\t\t\tnew Date(this.#creationTimeMs).toISOString().slice(0, 19).replace('T', ' ') + ' UTC';\n\t\tconst message = `Accessing keys of package ${this.#packageId} for ${this.#ttlMin} mins from ${creationTimeUtc}, session key ${toBase64(this.#sessionKey.getPublicKey().toRawBytes())}`;\n\t\treturn new TextEncoder().encode(message);\n\t}\n\n\tasync setPersonalMessageSignature(personalMessageSignature: string) {\n\t\ttry {\n\t\t\t// TODO: Fix this to work with any network\n\t\t\tawait verifyPersonalMessageSignature(this.getPersonalMessage(), personalMessageSignature, {\n\t\t\t\taddress: this.#address,\n\t\t\t\tclient: new SuiGraphQLClient({\n\t\t\t\t\turl: 'https://sui-testnet.mystenlabs.com/graphql',\n\t\t\t\t}),\n\t\t\t});\n\t\t\tthis.#personalMessageSignature = personalMessageSignature;\n\t\t} catch (e) {\n\t\t\tthrow new InvalidPersonalMessageSignatureError('Not valid');\n\t\t}\n\t}\n\n\tasync getCertificate(): Promise<Certificate> {\n\t\tif (!this.#personalMessageSignature) {\n\t\t\tif (this.#signer) {\n\t\t\t\tconst { signature } = await this.#signer.signPersonalMessage(this.getPersonalMessage());\n\t\t\t\tthis.#personalMessageSignature = signature;\n\t\t\t} else {\n\t\t\t\tthrow new InvalidPersonalMessageSignatureError('Personal message signature is not set');\n\t\t\t}\n\t\t}\n\t\treturn {\n\t\t\tuser: this.#address,\n\t\t\tsession_vk: toBase64(this.#sessionKey.getPublicKey().toRawBytes()),\n\t\t\tcreation_time: this.#creationTimeMs,\n\t\t\tttl_min: this.#ttlMin,\n\t\t\tsignature: this.#personalMessageSignature,\n\t\t};\n\t}\n\n\tasync createRequestParams(\n\t\ttxBytes: Uint8Array,\n\t): Promise<{ decryptionKey: Uint8Array; requestSignature: string }> {\n\t\tif (this.isExpired()) {\n\t\t\tthrow new ExpiredSessionKeyError();\n\t\t}\n\t\tconst egSk = generateSecretKey();\n\t\tconst msgToSign = RequestFormat.serialize({\n\t\t\tptb: txBytes.slice(1),\n\t\t\tencKey: toPublicKey(egSk),\n\t\t\tencVerificationKey: toVerificationKey(egSk),\n\t\t}).toBytes();\n\t\treturn {\n\t\t\tdecryptionKey: egSk,\n\t\t\trequestSignature: toBase64(await this.#sessionKey.sign(msgToSign)),\n\t\t};\n\t}\n}\n"],
+  "mappings": ";;;;;;;AAAA;AAGA,SAAS,gBAAgB;AACzB,SAAS,WAAW;AAEpB,SAAS,wBAAwB;AACjC,SAAS,sBAAsB;AAC/B,SAAS,mBAAmB,0BAA0B;AACtD,SAAS,sCAAsC;AAE/C,SAAS,mBAAmB,aAAa,yBAAyB;AAClE;AAAA,EACC;AAAA,EACA;AAAA,EACA;AAAA,OACM;AAEA,MAAM,gBAAgB,IAAI,OAAO,iBAAiB;AAAA,EACxD,KAAK,IAAI,OAAO,IAAI,EAAE;AAAA,EACtB,QAAQ,IAAI,OAAO,IAAI,EAAE;AAAA,EACzB,oBAAoB,IAAI,OAAO,IAAI,EAAE;AACtC,CAAC;AAUM,MAAM,WAAW;AAAA,EASvB,YAAY;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACD,GAKG;AAlBH;AACA;AACA;AACA;AACA;AACA;AACA;AAaC,QAAI,CAAC,mBAAmB,SAAS,KAAK,CAAC,kBAAkB,OAAO,GAAG;AAClE,YAAM,IAAI,UAAU,sBAAsB,SAAS,eAAe,OAAO,EAAE;AAAA,IAC5E;AACA,QAAI,SAAS,MAAM,SAAS,GAAG;AAC9B,YAAM,IAAI,UAAU,eAAe,MAAM,4BAA4B;AAAA,IACtE;AAEA,uBAAK,UAAW;AAChB,uBAAK,YAAa;AAClB,uBAAK,iBAAkB,KAAK,IAAI;AAChC,uBAAK,SAAU;AACf,uBAAK,aAAc,eAAe,SAAS;AAC3C,uBAAK,SAAU;AAAA,EAChB;AAAA,EAEA,YAAqB;AAEpB,WAAO,mBAAK,mBAAkB,mBAAK,WAAU,KAAK,MAAO,MAAS,KAAK,IAAI;AAAA,EAC5E;AAAA,EAEA,aAAqB;AACpB,WAAO,mBAAK;AAAA,EACb;AAAA,EAEA,eAAuB;AACtB,WAAO,mBAAK;AAAA,EACb;AAAA,EAEA,qBAAiC;AAChC,UAAM,kBACL,IAAI,KAAK,mBAAK,gBAAe,EAAE,YAAY,EAAE,MAAM,GAAG,EAAE,EAAE,QAAQ,KAAK,GAAG,IAAI;AAC/E,UAAM,UAAU,6BAA6B,mBAAK,WAAU,QAAQ,mBAAK,QAAO,cAAc,eAAe,iBAAiB,SAAS,mBAAK,aAAY,aAAa,EAAE,WAAW,CAAC,CAAC;AACpL,WAAO,IAAI,YAAY,EAAE,OAAO,OAAO;AAAA,EACxC;AAAA,EAEA,MAAM,4BAA4B,0BAAkC;AACnE,QAAI;AAEH,YAAM,+BAA+B,KAAK,mBAAmB,GAAG,0BAA0B;AAAA,QACzF,SAAS,mBAAK;AAAA,QACd,QAAQ,IAAI,iBAAiB;AAAA,UAC5B,KAAK;AAAA,QACN,CAAC;AAAA,MACF,CAAC;AACD,yBAAK,2BAA4B;AAAA,IAClC,SAAS,GAAG;AACX,YAAM,IAAI,qCAAqC,WAAW;AAAA,IAC3D;AAAA,EACD;AAAA,EAEA,MAAM,iBAAuC;AAC5C,QAAI,CAAC,mBAAK,4BAA2B;AACpC,UAAI,mBAAK,UAAS;AACjB,cAAM,EAAE,UAAU,IAAI,MAAM,mBAAK,SAAQ,oBAAoB,KAAK,mBAAmB,CAAC;AACtF,2BAAK,2BAA4B;AAAA,MAClC,OAAO;AACN,cAAM,IAAI,qCAAqC,uCAAuC;AAAA,MACvF;AAAA,IACD;AACA,WAAO;AAAA,MACN,MAAM,mBAAK;AAAA,MACX,YAAY,SAAS,mBAAK,aAAY,aAAa,EAAE,WAAW,CAAC;AAAA,MACjE,eAAe,mBAAK;AAAA,MACpB,SAAS,mBAAK;AAAA,MACd,WAAW,mBAAK;AAAA,IACjB;AAAA,EACD;AAAA,EAEA,MAAM,oBACL,SACmE;AACnE,QAAI,KAAK,UAAU,GAAG;AACrB,YAAM,IAAI,uBAAuB;AAAA,IAClC;AACA,UAAM,OAAO,kBAAkB;AAC/B,UAAM,YAAY,cAAc,UAAU;AAAA,MACzC,KAAK,QAAQ,MAAM,CAAC;AAAA,MACpB,QAAQ,YAAY,IAAI;AAAA,MACxB,oBAAoB,kBAAkB,IAAI;AAAA,IAC3C,CAAC,EAAE,QAAQ;AACX,WAAO;AAAA,MACN,eAAe;AAAA,MACf,kBAAkB,SAAS,MAAM,mBAAK,aAAY,KAAK,SAAS,CAAC;AAAA,IAClE;AAAA,EACD;AACD;AAxGC;AACA;AACA;AACA;AACA;AACA;AACA;",
   "names": []
 }

package/dist/esm/types.d.ts

@@ -1,86 +1 @@
-export declare const IBEEncryptions: import("@mysten/sui/bcs").BcsType<{
-    BonehFranklinBLS12381: {
-        encapsulation: Uint8Array<ArrayBufferLike>;
-        shares: Uint8Array<ArrayBufferLike>[];
-    };
-    $kind: "BonehFranklinBLS12381";
-}, {
-    BonehFranklinBLS12381: {
-        encapsulation: Iterable<number>;
-        shares: Iterable<Iterable<number>> & {
-            length: number;
-        };
-    };
-}>;
-export type IBEEncryptionsType = typeof IBEEncryptions.$inferType;
-export declare const Ciphertext: import("@mysten/sui/bcs").BcsType<import("@mysten/bcs").EnumOutputShapeWithKeys<{
-    Aes256Gcm: {
-        blob: number[];
-        aad: number[] | null;
-    };
-    Plain: {};
-}, "Aes256Gcm" | "Plain">, import("@mysten/bcs").EnumInputShape<{
-    Aes256Gcm: {
-        blob: Iterable<number> & {
-            length: number;
-        };
-        aad: (Iterable<number> & {
-            length: number;
-        }) | null | undefined;
-    };
-    Plain: {};
-}>>;
-export type CiphertextType = typeof Ciphertext.$inferInput;
-/**
- * The encrypted object format. Should be aligned with the Rust implementation.
- */
-export declare const EncryptedObject: import("@mysten/sui/bcs").BcsType<{
-    version: number;
-    package_id: Uint8Array<ArrayBufferLike>;
-    id: number[];
-    services: [Uint8Array<ArrayBufferLike>, number][];
-    threshold: number;
-    encrypted_shares: {
-        BonehFranklinBLS12381: {
-            encapsulation: Uint8Array<ArrayBufferLike>;
-            shares: Uint8Array<ArrayBufferLike>[];
-        };
-        $kind: "BonehFranklinBLS12381";
-    };
-    ciphertext: import("@mysten/bcs").EnumOutputShapeWithKeys<{
-        Aes256Gcm: {
-            blob: number[];
-            aad: number[] | null;
-        };
-        Plain: {};
-    }, "Aes256Gcm" | "Plain">;
-}, {
-    version: number;
-    package_id: Iterable<number>;
-    id: Iterable<number> & {
-        length: number;
-    };
-    services: Iterable<readonly [Iterable<number>, number]> & {
-        length: number;
-    };
-    threshold: number;
-    encrypted_shares: {
-        BonehFranklinBLS12381: {
-            encapsulation: Iterable<number>;
-            shares: Iterable<Iterable<number>> & {
-                length: number;
-            };
-        };
-    };
-    ciphertext: import("@mysten/bcs").EnumInputShape<{
-        Aes256Gcm: {
-            blob: Iterable<number> & {
-                length: number;
-            };
-            aad: (Iterable<number> & {
-                length: number;
-            }) | null | undefined;
-        };
-        Plain: {};
-    }>;
-}>;
+export type KeyCacheKey = `${string}:${string}`;

package/dist/esm/types.js

@@ -1,29 +1 @@
-import { bcs } from "@mysten/sui/bcs";
-const IBEEncryptions = bcs.enum("IBEEncryptions", {
-  BonehFranklinBLS12381: bcs.struct("BonehFranklinBLS12381", {
-    encapsulation: bcs.bytes(96),
-    shares: bcs.vector(bcs.bytes(32))
-  })
-});
-const Ciphertext = bcs.enum("Ciphertext", {
-  Aes256Gcm: bcs.struct("Aes256Gcm", {
-    blob: bcs.vector(bcs.U8),
-    aad: bcs.option(bcs.vector(bcs.U8))
-  }),
-  Plain: bcs.struct("Plain", {})
-});
-const EncryptedObject = bcs.struct("EncryptedObject", {
-  version: bcs.U8,
-  package_id: bcs.bytes(32),
-  id: bcs.vector(bcs.U8),
-  services: bcs.vector(bcs.tuple([bcs.bytes(32), bcs.U8])),
-  threshold: bcs.U8,
-  encrypted_shares: IBEEncryptions,
-  ciphertext: Ciphertext
-});
-export {
-  Ciphertext,
-  EncryptedObject,
-  IBEEncryptions
-};
 //# sourceMappingURL=types.js.map

package/dist/esm/types.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
-  "sources": ["../../src/types.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { bcs } from '@mysten/sui/bcs';\n\nexport const IBEEncryptions = bcs.enum('IBEEncryptions', {\n\tBonehFranklinBLS12381: bcs.struct('BonehFranklinBLS12381', {\n\t\tencapsulation: bcs.bytes(96),\n\t\tshares: bcs.vector(bcs.bytes(32)),\n\t}),\n});\nexport type IBEEncryptionsType = typeof IBEEncryptions.$inferType;\n\nexport const Ciphertext = bcs.enum('Ciphertext', {\n\tAes256Gcm: bcs.struct('Aes256Gcm', {\n\t\tblob: bcs.vector(bcs.U8),\n\t\taad: bcs.option(bcs.vector(bcs.U8)),\n\t}),\n\tPlain: bcs.struct('Plain', {}),\n});\nexport type CiphertextType = typeof Ciphertext.$inferInput;\n\n/**\n * The encrypted object format. Should be aligned with the Rust implementation.\n */\nexport const EncryptedObject = bcs.struct('EncryptedObject', {\n\tversion: bcs.U8,\n\tpackage_id: bcs.bytes(32),\n\tid: bcs.vector(bcs.U8),\n\tservices: bcs.vector(bcs.tuple([bcs.bytes(32), bcs.U8])),\n\tthreshold: bcs.U8,\n\tencrypted_shares: IBEEncryptions,\n\tciphertext: Ciphertext,\n});\n"],
-  "mappings": "AAGA,SAAS,WAAW;AAEb,MAAM,iBAAiB,IAAI,KAAK,kBAAkB;AAAA,EACxD,uBAAuB,IAAI,OAAO,yBAAyB;AAAA,IAC1D,eAAe,IAAI,MAAM,EAAE;AAAA,IAC3B,QAAQ,IAAI,OAAO,IAAI,MAAM,EAAE,CAAC;AAAA,EACjC,CAAC;AACF,CAAC;AAGM,MAAM,aAAa,IAAI,KAAK,cAAc;AAAA,EAChD,WAAW,IAAI,OAAO,aAAa;AAAA,IAClC,MAAM,IAAI,OAAO,IAAI,EAAE;AAAA,IACvB,KAAK,IAAI,OAAO,IAAI,OAAO,IAAI,EAAE,CAAC;AAAA,EACnC,CAAC;AAAA,EACD,OAAO,IAAI,OAAO,SAAS,CAAC,CAAC;AAC9B,CAAC;AAMM,MAAM,kBAAkB,IAAI,OAAO,mBAAmB;AAAA,EAC5D,SAAS,IAAI;AAAA,EACb,YAAY,IAAI,MAAM,EAAE;AAAA,EACxB,IAAI,IAAI,OAAO,IAAI,EAAE;AAAA,EACrB,UAAU,IAAI,OAAO,IAAI,MAAM,CAAC,IAAI,MAAM,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC;AAAA,EACvD,WAAW,IAAI;AAAA,EACf,kBAAkB;AAAA,EAClB,YAAY;AACb,CAAC;",
+  "sources": [],
+  "sourcesContent": [],
+  "mappings": "",
   "names": []
 }

package/dist/esm/utils.d.ts

@@ -1,4 +1,5 @@
 export declare function xor(a: Uint8Array, b: Uint8Array): Uint8Array;
+export declare function xorUnchecked(a: Uint8Array, b: Uint8Array): Uint8Array;
 /**
  * Create a full ID concatenating DST || package ID || inner ID.
  * @param dst - The domain separation tag.
@@ -6,4 +7,4 @@ export declare function xor(a: Uint8Array, b: Uint8Array): Uint8Array;
  * @param innerId - The inner ID.
  * @returns The full ID.
  */
-export declare function createFullId(dst: Uint8Array, packageId: Uint8Array, innerId: Uint8Array): Uint8Array;
+export declare function createFullId(dst: Uint8Array, packageId: string, innerId: string): string;

package/dist/esm/utils.js

@@ -1,19 +1,31 @@
+import { fromHex, toHex } from "@mysten/bcs";
+import { isValidSuiObjectId } from "@mysten/sui/utils";
+import { UserError } from "./error.js";
 function xor(a, b) {
   if (a.length !== b.length) {
     throw new Error("Invalid input");
   }
+  return xorUnchecked(a, b);
+}
+function xorUnchecked(a, b) {
   return a.map((ai, i) => ai ^ b[i]);
 }
 function createFullId(dst, packageId, innerId) {
-  const fullId = new Uint8Array(1 + dst.length + packageId.length + innerId.length);
+  if (!isValidSuiObjectId(packageId)) {
+    throw new UserError(`Invalid package ID ${packageId}`);
+  }
+  const packageIdBytes = fromHex(packageId);
+  const innerIdBytes = fromHex(innerId);
+  const fullId = new Uint8Array(1 + dst.length + packageIdBytes.length + innerIdBytes.length);
   fullId.set([dst.length], 0);
   fullId.set(dst, 1);
-  fullId.set(packageId, 1 + dst.length);
-  fullId.set(innerId, 1 + dst.length + packageId.length);
-  return fullId;
+  fullId.set(packageIdBytes, 1 + dst.length);
+  fullId.set(innerIdBytes, 1 + dst.length + packageIdBytes.length);
+  return toHex(fullId);
 }
 export {
   createFullId,
-  xor
+  xor,
+  xorUnchecked
 };
 //# sourceMappingURL=utils.js.map

package/dist/esm/utils.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../src/utils.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nexport function xor(a: Uint8Array, b: Uint8Array): Uint8Array {\n\tif (a.length !== b.length) {\n\t\tthrow new Error('Invalid input');\n\t}\n\treturn a.map((ai, i) => ai ^ b[i]);\n}\n\n/**\n * Create a full ID concatenating DST || package ID || inner ID.\n * @param dst - The domain separation tag.\n * @param packageId - The package ID.\n * @param innerId - The inner ID.\n * @returns The full ID.\n */\nexport function createFullId(\n\tdst: Uint8Array,\n\tpackageId: Uint8Array,\n\tinnerId: Uint8Array,\n): Uint8Array {\n\tconst fullId = new Uint8Array(1 + dst.length + packageId.length + innerId.length);\n\tfullId.set([dst.length], 0);\n\tfullId.set(dst, 1);\n\tfullId.set(packageId, 1 + dst.length);\n\tfullId.set(innerId, 1 + dst.length + packageId.length);\n\treturn fullId;\n}\n"],
-  "mappings": "AAGO,SAAS,IAAI,GAAe,GAA2B;AAC7D,MAAI,EAAE,WAAW,EAAE,QAAQ;AAC1B,UAAM,IAAI,MAAM,eAAe;AAAA,EAChC;AACA,SAAO,EAAE,IAAI,CAAC,IAAI,MAAM,KAAK,EAAE,CAAC,CAAC;AAClC;AASO,SAAS,aACf,KACA,WACA,SACa;AACb,QAAM,SAAS,IAAI,WAAW,IAAI,IAAI,SAAS,UAAU,SAAS,QAAQ,MAAM;AAChF,SAAO,IAAI,CAAC,IAAI,MAAM,GAAG,CAAC;AAC1B,SAAO,IAAI,KAAK,CAAC;AACjB,SAAO,IAAI,WAAW,IAAI,IAAI,MAAM;AACpC,SAAO,IAAI,SAAS,IAAI,IAAI,SAAS,UAAU,MAAM;AACrD,SAAO;AACR;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex, toHex } from '@mysten/bcs';\nimport { isValidSuiObjectId } from '@mysten/sui/utils';\n\nimport { UserError } from './error.js';\n\nexport function xor(a: Uint8Array, b: Uint8Array): Uint8Array {\n\tif (a.length !== b.length) {\n\t\tthrow new Error('Invalid input');\n\t}\n\treturn xorUnchecked(a, b);\n}\n\nexport function xorUnchecked(a: Uint8Array, b: Uint8Array): Uint8Array {\n\treturn a.map((ai, i) => ai ^ b[i]);\n}\n\n/**\n * Create a full ID concatenating DST || package ID || inner ID.\n * @param dst - The domain separation tag.\n * @param packageId - The package ID.\n * @param innerId - The inner ID.\n * @returns The full ID.\n */\nexport function createFullId(dst: Uint8Array, packageId: string, innerId: string): string {\n\tif (!isValidSuiObjectId(packageId)) {\n\t\tthrow new UserError(`Invalid package ID ${packageId}`);\n\t}\n\tconst packageIdBytes = fromHex(packageId);\n\tconst innerIdBytes = fromHex(innerId);\n\tconst fullId = new Uint8Array(1 + dst.length + packageIdBytes.length + innerIdBytes.length);\n\tfullId.set([dst.length], 0);\n\tfullId.set(dst, 1);\n\tfullId.set(packageIdBytes, 1 + dst.length);\n\tfullId.set(innerIdBytes, 1 + dst.length + packageIdBytes.length);\n\treturn toHex(fullId);\n}\n"],
+  "mappings": "AAGA,SAAS,SAAS,aAAa;AAC/B,SAAS,0BAA0B;AAEnC,SAAS,iBAAiB;AAEnB,SAAS,IAAI,GAAe,GAA2B;AAC7D,MAAI,EAAE,WAAW,EAAE,QAAQ;AAC1B,UAAM,IAAI,MAAM,eAAe;AAAA,EAChC;AACA,SAAO,aAAa,GAAG,CAAC;AACzB;AAEO,SAAS,aAAa,GAAe,GAA2B;AACtE,SAAO,EAAE,IAAI,CAAC,IAAI,MAAM,KAAK,EAAE,CAAC,CAAC;AAClC;AASO,SAAS,aAAa,KAAiB,WAAmB,SAAyB;AACzF,MAAI,CAAC,mBAAmB,SAAS,GAAG;AACnC,UAAM,IAAI,UAAU,sBAAsB,SAAS,EAAE;AAAA,EACtD;AACA,QAAM,iBAAiB,QAAQ,SAAS;AACxC,QAAM,eAAe,QAAQ,OAAO;AACpC,QAAM,SAAS,IAAI,WAAW,IAAI,IAAI,SAAS,eAAe,SAAS,aAAa,MAAM;AAC1F,SAAO,IAAI,CAAC,IAAI,MAAM,GAAG,CAAC;AAC1B,SAAO,IAAI,KAAK,CAAC;AACjB,SAAO,IAAI,gBAAgB,IAAI,IAAI,MAAM;AACzC,SAAO,IAAI,cAAc,IAAI,IAAI,SAAS,eAAe,MAAM;AAC/D,SAAO,MAAM,MAAM;AACpB;",
   "names": []
 }

package/dist/esm/version.d.ts

@@ -0,0 +1 @@
+export declare const PACKAGE_VERSION = "0.3.0";

package/dist/esm/version.js

@@ -0,0 +1,5 @@
+const PACKAGE_VERSION = "0.3.0";
+export {
+  PACKAGE_VERSION
+};
+//# sourceMappingURL=version.js.map

package/dist/esm/version.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/version.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\n// This file is generated by genversion.mjs. Do not edit it directly.\n\nexport const PACKAGE_VERSION = '0.3.0';\n"],
+  "mappings": "AAKO,MAAM,kBAAkB;",
+  "names": []
+}