@mysten/seal 0.4.11 → 0.4.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +15 -0
- package/dist/cjs/decrypt.js +2 -12
- package/dist/cjs/decrypt.js.map +3 -3
- package/dist/cjs/encrypt.js +2 -21
- package/dist/cjs/encrypt.js.map +3 -3
- package/dist/cjs/key-server.js +1 -1
- package/dist/cjs/key-server.js.map +2 -2
- package/dist/cjs/shamir.d.ts +79 -0
- package/dist/cjs/shamir.js +766 -0
- package/dist/cjs/shamir.js.map +7 -0
- package/dist/cjs/utils.d.ts +4 -0
- package/dist/cjs/utils.js +11 -0
- package/dist/cjs/utils.js.map +2 -2
- package/dist/cjs/version.d.ts +1 -1
- package/dist/cjs/version.js +1 -1
- package/dist/cjs/version.js.map +1 -1
- package/dist/esm/decrypt.js +3 -13
- package/dist/esm/decrypt.js.map +2 -2
- package/dist/esm/encrypt.js +2 -21
- package/dist/esm/encrypt.js.map +2 -2
- package/dist/esm/key-server.js +1 -1
- package/dist/esm/key-server.js.map +2 -2
- package/dist/esm/shamir.d.ts +79 -0
- package/dist/esm/shamir.js +746 -0
- package/dist/esm/shamir.js.map +7 -0
- package/dist/esm/utils.d.ts +4 -0
- package/dist/esm/utils.js +11 -0
- package/dist/esm/utils.js.map +2 -2
- package/dist/esm/version.d.ts +1 -1
- package/dist/esm/version.js +1 -1
- package/dist/esm/version.js.map +1 -1
- package/dist/tsconfig.esm.tsbuildinfo +1 -1
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/package.json +3 -4
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,20 @@
|
|
|
1
1
|
# @mysten/seal
|
|
2
2
|
|
|
3
|
+
## 0.4.13
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- Updated dependencies [a00522b]
|
|
8
|
+
- @mysten/sui@1.33.0
|
|
9
|
+
- @mysten/bcs@1.6.3
|
|
10
|
+
|
|
11
|
+
## 0.4.12
|
|
12
|
+
|
|
13
|
+
### Patch Changes
|
|
14
|
+
|
|
15
|
+
- Updated dependencies [6b7deb8]
|
|
16
|
+
- @mysten/sui@1.32.0
|
|
17
|
+
|
|
3
18
|
## 0.4.11
|
|
4
19
|
|
|
5
20
|
### Patch Changes
|
package/dist/cjs/decrypt.js
CHANGED
|
@@ -22,13 +22,13 @@ __export(decrypt_exports, {
|
|
|
22
22
|
});
|
|
23
23
|
module.exports = __toCommonJS(decrypt_exports);
|
|
24
24
|
var import_bcs = require("@mysten/bcs");
|
|
25
|
-
var import_shamir_secret_sharing = require("shamir-secret-sharing");
|
|
26
25
|
var import_bls12381 = require("./bls12381.js");
|
|
27
26
|
var import_dem = require("./dem.js");
|
|
28
27
|
var import_error = require("./error.js");
|
|
29
28
|
var import_ibe = require("./ibe.js");
|
|
30
29
|
var import_kdf = require("./kdf.js");
|
|
31
30
|
var import_utils = require("./utils.js");
|
|
31
|
+
var import_shamir = require("./shamir.js");
|
|
32
32
|
async function decrypt({ encryptedObject, keys }) {
|
|
33
33
|
if (!encryptedObject.encryptedShares.BonehFranklinBLS12381) {
|
|
34
34
|
throw new import_error.UnsupportedFeatureError("Encryption mode not supported");
|
|
@@ -56,7 +56,7 @@ async function decrypt({ encryptedObject, keys }) {
|
|
|
56
56
|
);
|
|
57
57
|
return { index, share };
|
|
58
58
|
});
|
|
59
|
-
const baseKey =
|
|
59
|
+
const baseKey = (0, import_shamir.combine)(shares);
|
|
60
60
|
const randomnessKey = (0, import_kdf.deriveKey)(
|
|
61
61
|
import_kdf.KeyPurpose.EncryptedRandomness,
|
|
62
62
|
baseKey,
|
|
@@ -90,14 +90,4 @@ async function decrypt({ encryptedObject, keys }) {
|
|
|
90
90
|
throw new import_error.InvalidCiphertextError("Invalid ciphertext type");
|
|
91
91
|
}
|
|
92
92
|
}
|
|
93
|
-
async function combine(shares) {
|
|
94
|
-
if (shares.length === 0) {
|
|
95
|
-
throw new Error("Invalid shares length");
|
|
96
|
-
} else if (shares.length === 1) {
|
|
97
|
-
return Promise.resolve(shares[0].share);
|
|
98
|
-
}
|
|
99
|
-
return (0, import_shamir_secret_sharing.combine)(
|
|
100
|
-
shares.map(({ index, share }) => (0, import_utils.flatten)([share, new Uint8Array([index])]))
|
|
101
|
-
);
|
|
102
|
-
}
|
|
103
93
|
//# sourceMappingURL=decrypt.js.map
|
package/dist/cjs/decrypt.js.map
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../src/decrypt.ts"],
|
|
4
|
-
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\
|
|
5
|
-
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAwB;
|
|
6
|
-
"names": [
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\n\nimport type { EncryptedObject } from './bcs.js';\nimport type { G1Element } from './bls12381.js';\nimport { G2Element } from './bls12381.js';\nimport { AesGcm256, Hmac256Ctr } from './dem.js';\nimport { InvalidCiphertextError, UnsupportedFeatureError } from './error.js';\nimport { BonehFranklinBLS12381Services, decryptRandomness, verifyNonce } from './ibe.js';\nimport { deriveKey, KeyPurpose } from './kdf.js';\nimport type { KeyCacheKey } from './types.js';\nimport { createFullId } from './utils.js';\nimport { combine } from './shamir.js';\n\nexport interface DecryptOptions {\n\tencryptedObject: typeof EncryptedObject.$inferType;\n\tkeys: Map<KeyCacheKey, G1Element>;\n}\n\n/**\n * Decrypt the given encrypted bytes with the given cached secret keys for the full ID.\n * It's assumed that fetchKeys has been called to fetch the secret keys for enough key servers\n * otherwise, this will throw an error.\n *\n * @returns - The decrypted plaintext corresponding to ciphertext.\n */\nexport async function decrypt({ encryptedObject, keys }: DecryptOptions): Promise<Uint8Array> {\n\tif (!encryptedObject.encryptedShares.BonehFranklinBLS12381) {\n\t\tthrow new UnsupportedFeatureError('Encryption mode not supported');\n\t}\n\n\tconst fullId = createFullId(encryptedObject.packageId, encryptedObject.id);\n\n\t// Get the indices of the service whose keys are in the keystore.\n\tconst inKeystore = encryptedObject.services\n\t\t.map((_, i) => i)\n\t\t.filter((i) => keys.has(`${fullId}:${encryptedObject.services[i][0]}`));\n\n\tif (inKeystore.length < encryptedObject.threshold) {\n\t\tthrow new Error('Not enough shares. Please fetch more keys.');\n\t}\n\n\tconst encryptedShares = encryptedObject.encryptedShares.BonehFranklinBLS12381.encryptedShares;\n\tif (encryptedShares.length !== encryptedObject.services.length) {\n\t\tthrow new InvalidCiphertextError(\n\t\t\t`Mismatched shares ${encryptedShares.length} and services ${encryptedObject.services.length}`,\n\t\t);\n\t}\n\n\tconst nonce = G2Element.fromBytes(encryptedObject.encryptedShares.BonehFranklinBLS12381.nonce);\n\n\t// Decrypt each share.\n\tconst shares = inKeystore.map((i) => {\n\t\tconst [objectId, index] = encryptedObject.services[i];\n\t\t// Use the index as the unique info parameter to allow for multiple shares per key server.\n\t\tconst share = BonehFranklinBLS12381Services.decrypt(\n\t\t\tnonce,\n\t\t\tkeys.get(`${fullId}:${objectId}`)!,\n\t\t\tencryptedShares[i],\n\t\t\tfromHex(fullId),\n\t\t\t[objectId, index],\n\t\t);\n\t\t// The Shamir secret sharing library expects the index/x-coordinate to be at the end of the share.\n\t\treturn { index, share };\n\t});\n\n\t// Combine the decrypted shares into the key.\n\tconst baseKey = combine(shares);\n\n\t// Decrypt randomness and check validity of the nonce\n\tconst randomnessKey = deriveKey(\n\t\tKeyPurpose.EncryptedRandomness,\n\t\tbaseKey,\n\t\tencryptedShares,\n\t\tencryptedObject.threshold,\n\t\tencryptedObject.services.map(([objectIds, _]) => objectIds),\n\t);\n\tif (\n\t\t!verifyNonce(\n\t\t\tnonce,\n\t\t\tdecryptRandomness(\n\t\t\t\tencryptedObject.encryptedShares.BonehFranklinBLS12381.encryptedRandomness,\n\t\t\t\trandomnessKey,\n\t\t\t),\n\t\t)\n\t) {\n\t\tthrow new InvalidCiphertextError('Invalid nonce');\n\t}\n\n\t// Derive the DEM key and decrypt the ciphertext\n\tconst demKey = deriveKey(\n\t\tKeyPurpose.DEM,\n\t\tbaseKey,\n\t\tencryptedObject.encryptedShares.BonehFranklinBLS12381.encryptedShares,\n\t\tencryptedObject.threshold,\n\t\tencryptedObject.services.map(([objectId, _]) => objectId),\n\t);\n\n\tif (encryptedObject.ciphertext.Aes256Gcm) {\n\t\treturn AesGcm256.decrypt(demKey, encryptedObject.ciphertext);\n\t} else if (encryptedObject.ciphertext.Hmac256Ctr) {\n\t\treturn Hmac256Ctr.decrypt(demKey, encryptedObject.ciphertext);\n\t} else if (encryptedObject.ciphertext.Plain) {\n\t\t// In case `Plain` mode is used, return the key.\n\t\treturn demKey;\n\t} else {\n\t\tthrow new InvalidCiphertextError('Invalid ciphertext type');\n\t}\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAwB;AAIxB,sBAA0B;AAC1B,iBAAsC;AACtC,mBAAgE;AAChE,iBAA8E;AAC9E,iBAAsC;AAEtC,mBAA6B;AAC7B,oBAAwB;AAcxB,eAAsB,QAAQ,EAAE,iBAAiB,KAAK,GAAwC;AAC7F,MAAI,CAAC,gBAAgB,gBAAgB,uBAAuB;AAC3D,UAAM,IAAI,qCAAwB,+BAA+B;AAAA,EAClE;AAEA,QAAM,aAAS,2BAAa,gBAAgB,WAAW,gBAAgB,EAAE;AAGzE,QAAM,aAAa,gBAAgB,SACjC,IAAI,CAAC,GAAG,MAAM,CAAC,EACf,OAAO,CAAC,MAAM,KAAK,IAAI,GAAG,MAAM,IAAI,gBAAgB,SAAS,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;AAEvE,MAAI,WAAW,SAAS,gBAAgB,WAAW;AAClD,UAAM,IAAI,MAAM,4CAA4C;AAAA,EAC7D;AAEA,QAAM,kBAAkB,gBAAgB,gBAAgB,sBAAsB;AAC9E,MAAI,gBAAgB,WAAW,gBAAgB,SAAS,QAAQ;AAC/D,UAAM,IAAI;AAAA,MACT,qBAAqB,gBAAgB,MAAM,iBAAiB,gBAAgB,SAAS,MAAM;AAAA,IAC5F;AAAA,EACD;AAEA,QAAM,QAAQ,0BAAU,UAAU,gBAAgB,gBAAgB,sBAAsB,KAAK;AAG7F,QAAM,SAAS,WAAW,IAAI,CAAC,MAAM;AACpC,UAAM,CAAC,UAAU,KAAK,IAAI,gBAAgB,SAAS,CAAC;AAEpD,UAAM,QAAQ,yCAA8B;AAAA,MAC3C;AAAA,MACA,KAAK,IAAI,GAAG,MAAM,IAAI,QAAQ,EAAE;AAAA,MAChC,gBAAgB,CAAC;AAAA,UACjB,oBAAQ,MAAM;AAAA,MACd,CAAC,UAAU,KAAK;AAAA,IACjB;AAEA,WAAO,EAAE,OAAO,MAAM;AAAA,EACvB,CAAC;AAGD,QAAM,cAAU,uBAAQ,MAAM;AAG9B,QAAM,oBAAgB;AAAA,IACrB,sBAAW;AAAA,IACX;AAAA,IACA;AAAA,IACA,gBAAgB;AAAA,IAChB,gBAAgB,SAAS,IAAI,CAAC,CAAC,WAAW,CAAC,MAAM,SAAS;AAAA,EAC3D;AACA,MACC,KAAC;AAAA,IACA;AAAA,QACA;AAAA,MACC,gBAAgB,gBAAgB,sBAAsB;AAAA,MACtD;AAAA,IACD;AAAA,EACD,GACC;AACD,UAAM,IAAI,oCAAuB,eAAe;AAAA,EACjD;AAGA,QAAM,aAAS;AAAA,IACd,sBAAW;AAAA,IACX;AAAA,IACA,gBAAgB,gBAAgB,sBAAsB;AAAA,IACtD,gBAAgB;AAAA,IAChB,gBAAgB,SAAS,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,QAAQ;AAAA,EACzD;AAEA,MAAI,gBAAgB,WAAW,WAAW;AACzC,WAAO,qBAAU,QAAQ,QAAQ,gBAAgB,UAAU;AAAA,EAC5D,WAAW,gBAAgB,WAAW,YAAY;AACjD,WAAO,sBAAW,QAAQ,QAAQ,gBAAgB,UAAU;AAAA,EAC7D,WAAW,gBAAgB,WAAW,OAAO;AAE5C,WAAO;AAAA,EACR,OAAO;AACN,UAAM,IAAI,oCAAuB,yBAAyB;AAAA,EAC3D;AACD;",
|
|
6
|
+
"names": []
|
|
7
7
|
}
|
package/dist/cjs/encrypt.js
CHANGED
|
@@ -26,12 +26,12 @@ __export(encrypt_exports, {
|
|
|
26
26
|
module.exports = __toCommonJS(encrypt_exports);
|
|
27
27
|
var import_bcs = require("@mysten/bcs");
|
|
28
28
|
var import_utils = require("@mysten/sui/utils");
|
|
29
|
-
var import_shamir_secret_sharing = require("shamir-secret-sharing");
|
|
30
29
|
var import_bcs2 = require("./bcs.js");
|
|
31
30
|
var import_error = require("./error.js");
|
|
32
31
|
var import_ibe = require("./ibe.js");
|
|
33
32
|
var import_kdf = require("./kdf.js");
|
|
34
33
|
var import_utils2 = require("./utils.js");
|
|
34
|
+
var import_shamir = require("./shamir.js");
|
|
35
35
|
const MAX_U8 = 255;
|
|
36
36
|
async function encrypt({
|
|
37
37
|
keyServers,
|
|
@@ -47,7 +47,7 @@ async function encrypt({
|
|
|
47
47
|
);
|
|
48
48
|
}
|
|
49
49
|
const baseKey = await encryptionInput.generateKey();
|
|
50
|
-
const shares =
|
|
50
|
+
const shares = (0, import_shamir.split)(baseKey, threshold, keyServers.length);
|
|
51
51
|
const fullId = (0, import_utils2.createFullId)(packageId, id);
|
|
52
52
|
const encryptedShares = encryptBatched(
|
|
53
53
|
keyServers,
|
|
@@ -105,23 +105,4 @@ function encryptBatched(keyServers, kemType, id, msgs, baseKey, threshold) {
|
|
|
105
105
|
);
|
|
106
106
|
}
|
|
107
107
|
}
|
|
108
|
-
async function split(secret, n, threshold) {
|
|
109
|
-
if (n === 0 || threshold === 0 || threshold > n) {
|
|
110
|
-
throw new Error("Invalid threshold or number of shares");
|
|
111
|
-
} else if (threshold === 1) {
|
|
112
|
-
const share = secret;
|
|
113
|
-
const result = [];
|
|
114
|
-
for (let index = 1; index <= n; index++) {
|
|
115
|
-
result.push({ share, index });
|
|
116
|
-
}
|
|
117
|
-
return Promise.resolve(result);
|
|
118
|
-
}
|
|
119
|
-
return (0, import_shamir_secret_sharing.split)(secret, n, threshold).then(
|
|
120
|
-
(share) => share.map((s) => ({
|
|
121
|
-
share: s.subarray(0, s.length - 1),
|
|
122
|
-
// split() returns the share index in the last byte. See https://github.com/privy-io/shamir-secret-sharing/blob/b59534d03e66d44ae36fc074aaf0684aa39c7505/src/index.ts#L247.
|
|
123
|
-
index: s[s.length - 1]
|
|
124
|
-
}))
|
|
125
|
-
);
|
|
126
|
-
}
|
|
127
108
|
//# sourceMappingURL=encrypt.js.map
|
package/dist/cjs/encrypt.js.map
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../src/encrypt.ts"],
|
|
4
|
-
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\nimport { isValidSuiObjectId } from '@mysten/sui/utils';\
|
|
5
|
-
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAwB;AACxB,mBAAmC;
|
|
6
|
-
"names": ["import_bcs", "import_utils", "KemType", "DemType"
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\nimport { isValidSuiObjectId } from '@mysten/sui/utils';\n\nimport type { IBEEncryptions } from './bcs.js';\nimport { EncryptedObject } from './bcs.js';\nimport type { EncryptionInput } from './dem.js';\nimport { UserError } from './error.js';\nimport { BonehFranklinBLS12381Services } from './ibe.js';\nimport { deriveKey, KeyPurpose } from './kdf.js';\nimport type { KeyServer } from './key-server.js';\nimport { createFullId } from './utils.js';\nimport { split } from './shamir.js';\n\nexport const MAX_U8 = 255;\n\n/**\n * Given full ID and what key servers to use, return the encrypted message under the identity and return the bcs bytes of the encrypted object.\n *\n * @param keyServers - A list of KeyServers (same server can be used multiple times)\n * @param kemType - The type of KEM to use.\n * @param packageId - packageId\n * @param id - id\n * @param encryptionInput - Input to the encryption. Should be one of the EncryptionInput types, AesGcmEncryptionInput or Plain.\n * @param threshold - The threshold for the TSS encryption.\n * @returns The bcs bytes of the encrypted object containing all metadata and the 256-bit symmetric key that was used to encrypt the object.\n * Since the key can be used to decrypt, it should not be shared but can be used eg. for backup.\n */\nexport async function encrypt({\n\tkeyServers,\n\tkemType,\n\tthreshold,\n\tpackageId,\n\tid,\n\tencryptionInput,\n}: {\n\tkeyServers: KeyServer[];\n\tkemType: KemType;\n\tthreshold: number;\n\tpackageId: string;\n\tid: string;\n\tencryptionInput: EncryptionInput;\n}): Promise<{\n\tencryptedObject: Uint8Array;\n\tkey: Uint8Array;\n}> {\n\t// Check inputs\n\tif (\n\t\tkeyServers.length < threshold ||\n\t\tthreshold === 0 ||\n\t\tkeyServers.length > MAX_U8 ||\n\t\tthreshold > MAX_U8 ||\n\t\t!isValidSuiObjectId(packageId)\n\t) {\n\t\tthrow new UserError(\n\t\t\t`Invalid key servers or threshold ${threshold} for ${keyServers.length} key servers for package ${packageId}`,\n\t\t);\n\t}\n\n\t// Generate a random base key.\n\tconst baseKey = await encryptionInput.generateKey();\n\n\t// Split the key into shares and encrypt each share with the public keys of the key servers.\n\tconst shares = split(baseKey, threshold, keyServers.length);\n\n\t// Encrypt the shares with the public keys of the key servers.\n\tconst fullId = createFullId(packageId, id);\n\tconst encryptedShares = encryptBatched(\n\t\tkeyServers,\n\t\tkemType,\n\t\tfromHex(fullId),\n\t\tshares.map(({ share, index }) => ({\n\t\t\tmsg: share,\n\t\t\tindex,\n\t\t})),\n\t\tbaseKey,\n\t\tthreshold,\n\t);\n\n\t// Encrypt the object with the derived DEM key.\n\tconst demKey = deriveKey(\n\t\tKeyPurpose.DEM,\n\t\tbaseKey,\n\t\tencryptedShares.BonehFranklinBLS12381.encryptedShares,\n\t\tthreshold,\n\t\tkeyServers.map(({ objectId }) => objectId),\n\t);\n\tconst ciphertext = await encryptionInput.encrypt(demKey);\n\n\t// Services and indices of their shares are stored as a tuple\n\tconst services: [string, number][] = keyServers.map(({ objectId }, i) => [\n\t\tobjectId,\n\t\tshares[i].index,\n\t]);\n\n\treturn {\n\t\tencryptedObject: EncryptedObject.serialize({\n\t\t\tversion: 0,\n\t\t\tpackageId,\n\t\t\tid,\n\t\t\tservices,\n\t\t\tthreshold,\n\t\t\tencryptedShares,\n\t\t\tciphertext,\n\t\t}).toBytes(),\n\t\tkey: demKey,\n\t};\n}\n\nexport enum KemType {\n\tBonehFranklinBLS12381DemCCA = 0,\n}\n\nexport enum DemType {\n\tAesGcm256 = 0,\n\tHmac256Ctr = 1,\n}\n\nfunction encryptBatched(\n\tkeyServers: KeyServer[],\n\tkemType: KemType,\n\tid: Uint8Array,\n\tmsgs: { msg: Uint8Array; index: number }[],\n\tbaseKey: Uint8Array,\n\tthreshold: number,\n): typeof IBEEncryptions.$inferType {\n\tswitch (kemType) {\n\t\tcase KemType.BonehFranklinBLS12381DemCCA:\n\t\t\treturn new BonehFranklinBLS12381Services(keyServers).encryptBatched(\n\t\t\t\tid,\n\t\t\t\tmsgs,\n\t\t\t\tbaseKey,\n\t\t\t\tthreshold,\n\t\t\t);\n\t}\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAwB;AACxB,mBAAmC;AAGnC,IAAAA,cAAgC;AAEhC,mBAA0B;AAC1B,iBAA8C;AAC9C,iBAAsC;AAEtC,IAAAC,gBAA6B;AAC7B,oBAAsB;AAEf,MAAM,SAAS;AActB,eAAsB,QAAQ;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACD,GAUG;AAEF,MACC,WAAW,SAAS,aACpB,cAAc,KACd,WAAW,SAAS,UACpB,YAAY,UACZ,KAAC,iCAAmB,SAAS,GAC5B;AACD,UAAM,IAAI;AAAA,MACT,oCAAoC,SAAS,QAAQ,WAAW,MAAM,4BAA4B,SAAS;AAAA,IAC5G;AAAA,EACD;AAGA,QAAM,UAAU,MAAM,gBAAgB,YAAY;AAGlD,QAAM,aAAS,qBAAM,SAAS,WAAW,WAAW,MAAM;AAG1D,QAAM,aAAS,4BAAa,WAAW,EAAE;AACzC,QAAM,kBAAkB;AAAA,IACvB;AAAA,IACA;AAAA,QACA,oBAAQ,MAAM;AAAA,IACd,OAAO,IAAI,CAAC,EAAE,OAAO,MAAM,OAAO;AAAA,MACjC,KAAK;AAAA,MACL;AAAA,IACD,EAAE;AAAA,IACF;AAAA,IACA;AAAA,EACD;AAGA,QAAM,aAAS;AAAA,IACd,sBAAW;AAAA,IACX;AAAA,IACA,gBAAgB,sBAAsB;AAAA,IACtC;AAAA,IACA,WAAW,IAAI,CAAC,EAAE,SAAS,MAAM,QAAQ;AAAA,EAC1C;AACA,QAAM,aAAa,MAAM,gBAAgB,QAAQ,MAAM;AAGvD,QAAM,WAA+B,WAAW,IAAI,CAAC,EAAE,SAAS,GAAG,MAAM;AAAA,IACxE;AAAA,IACA,OAAO,CAAC,EAAE;AAAA,EACX,CAAC;AAED,SAAO;AAAA,IACN,iBAAiB,4BAAgB,UAAU;AAAA,MAC1C,SAAS;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACD,CAAC,EAAE,QAAQ;AAAA,IACX,KAAK;AAAA,EACN;AACD;AAEO,IAAK,UAAL,kBAAKC,aAAL;AACN,EAAAA,kBAAA,iCAA8B,KAA9B;AADW,SAAAA;AAAA,GAAA;AAIL,IAAK,UAAL,kBAAKC,aAAL;AACN,EAAAA,kBAAA,eAAY,KAAZ;AACA,EAAAA,kBAAA,gBAAa,KAAb;AAFW,SAAAA;AAAA,GAAA;AAKZ,SAAS,eACR,YACA,SACA,IACA,MACA,SACA,WACmC;AACnC,UAAQ,SAAS;AAAA,IAChB,KAAK;AACJ,aAAO,IAAI,yCAA8B,UAAU,EAAE;AAAA,QACpD;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACD;AAAA,EACF;AACD;",
|
|
6
|
+
"names": ["import_bcs", "import_utils", "KemType", "DemType"]
|
|
7
7
|
}
|
package/dist/cjs/key-server.js
CHANGED
|
@@ -59,7 +59,7 @@ async function retrieveKeyServers({
|
|
|
59
59
|
const res = await client.core.getObject({
|
|
60
60
|
objectId
|
|
61
61
|
});
|
|
62
|
-
const ks = import_bcs2.KeyServerMove.parse(res.object.content);
|
|
62
|
+
const ks = import_bcs2.KeyServerMove.parse(await res.object.content);
|
|
63
63
|
if (EXPECTED_SERVER_VERSION < Number(ks.firstVersion) || EXPECTED_SERVER_VERSION > Number(ks.lastVersion)) {
|
|
64
64
|
throw new import_error.InvalidKeyServerVersionError(
|
|
65
65
|
`Key server ${objectId} supports versions between ${ks.firstVersion} and ${ks.lastVersion} (inclusive), but SDK expects version ${EXPECTED_SERVER_VERSION}`
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../src/key-server.ts"],
|
|
4
|
-
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport { bcs, fromBase64, fromHex, toHex } from '@mysten/bcs';\nimport { bls12_381 } from '@noble/curves/bls12-381';\n\nimport { KeyServerMove, KeyServerMoveV1 } from './bcs.js';\nimport { InvalidKeyServerVersionError, SealAPIError, UnsupportedNetworkError } from './error.js';\nimport { DST_POP } from './ibe.js';\nimport { PACKAGE_VERSION } from './version.js';\nimport type { SealCompatibleClient } from './types.js';\nimport type { G1Element } from './bls12381.js';\nimport { flatten, Version } from './utils.js';\n\nconst EXPECTED_SERVER_VERSION = 1;\n\nexport type KeyServer = {\n\tobjectId: string;\n\tname: string;\n\turl: string;\n\tkeyType: KeyServerType;\n\tpk: Uint8Array;\n};\n\nexport enum KeyServerType {\n\tBonehFranklinBLS12381 = 0,\n}\n\nexport const SERVER_VERSION_REQUIREMENT = new Version('0.4.1');\n\n/**\n * Returns a static list of Seal key server object ids that the dapp can choose to use.\n * @param network - The network to use.\n * @returns The object id's of the key servers.\n */\nexport function getAllowlistedKeyServers(network: 'testnet' | 'mainnet'): string[] {\n\tif (network === 'testnet') {\n\t\treturn [\n\t\t\t'0x73d05d62c18d9374e3ea529e8e0ed6161da1a141a94d3f76ae3fe4e99356db75',\n\t\t\t'0xf5d14a81a982144ae441cd7d64b09027f116a468bd36e7eca494f750591623c8',\n\t\t];\n\t} else {\n\t\tthrow new UnsupportedNetworkError(`Unsupported network ${network}`);\n\t}\n}\n\n/**\n * Given a list of key server object IDs, returns a list of SealKeyServer\n * from onchain state containing name, objectId, URL and pk.\n *\n * @param objectIds - The key server object IDs.\n * @param client - The SuiClient to use.\n * @returns - An array of SealKeyServer.\n */\nexport async function retrieveKeyServers({\n\tobjectIds,\n\tclient,\n}: {\n\tobjectIds: string[];\n\tclient: SealCompatibleClient;\n}): Promise<KeyServer[]> {\n\treturn await Promise.all(\n\t\tobjectIds.map(async (objectId) => {\n\t\t\t// First get the KeyServer object and validate it.\n\t\t\tconst res = await client.core.getObject({\n\t\t\t\tobjectId,\n\t\t\t});\n\t\t\tconst ks = KeyServerMove.parse(res.object.content);\n\t\t\tif (\n\t\t\t\tEXPECTED_SERVER_VERSION < Number(ks.firstVersion) ||\n\t\t\t\tEXPECTED_SERVER_VERSION > Number(ks.lastVersion)\n\t\t\t) {\n\t\t\t\tthrow new InvalidKeyServerVersionError(\n\t\t\t\t\t`Key server ${objectId} supports versions between ${ks.firstVersion} and ${ks.lastVersion} (inclusive), but SDK expects version ${EXPECTED_SERVER_VERSION}`,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\t// Then fetch the expected versioned object and parse it.\n\t\t\tconst resVersionedKs = await client.core.getDynamicField({\n\t\t\t\tparentId: objectId,\n\t\t\t\tname: {\n\t\t\t\t\ttype: 'u64',\n\t\t\t\t\tbcs: bcs.u64().serialize(EXPECTED_SERVER_VERSION).toBytes(),\n\t\t\t\t},\n\t\t\t});\n\n\t\t\tconst ksVersioned = KeyServerMoveV1.parse(resVersionedKs.dynamicField.value.bcs);\n\n\t\t\treturn {\n\t\t\t\tobjectId,\n\t\t\t\tname: ksVersioned.name,\n\t\t\t\turl: ksVersioned.url,\n\t\t\t\tkeyType: ksVersioned.keyType,\n\t\t\t\tpk: new Uint8Array(ksVersioned.pk),\n\t\t\t};\n\t\t}),\n\t);\n}\n\n/**\n * Given a KeyServer, fetch the proof of possession (PoP) from the URL and verify it\n * against the pubkey. This should be used only rarely when the dapp uses a dynamic\n * set of key servers.\n *\n * @param server - The KeyServer to verify.\n * @returns - True if the key server is valid, false otherwise.\n */\nexport async function verifyKeyServer(\n\tserver: KeyServer,\n\ttimeout: number,\n\tapiKeyName?: string,\n\tapiKey?: string,\n): Promise<boolean> {\n\tconst requestId = crypto.randomUUID();\n\tconst response = await fetch(server.url! + '/v1/service?service_id=' + server.objectId, {\n\t\tmethod: 'GET',\n\t\theaders: {\n\t\t\t'Content-Type': 'application/json',\n\t\t\t'Request-Id': requestId,\n\t\t\t'Client-Sdk-Type': 'typescript',\n\t\t\t'Client-Sdk-Version': PACKAGE_VERSION,\n\t\t\t...(apiKeyName && apiKey ? { apiKeyName: apiKey } : {}),\n\t\t},\n\t\tsignal: AbortSignal.timeout(timeout),\n\t});\n\n\tawait SealAPIError.assertResponse(response, requestId);\n\tverifyKeyServerVersion(response);\n\tconst serviceResponse = await response.json();\n\n\tif (serviceResponse.service_id !== server.objectId) {\n\t\treturn false;\n\t}\n\tconst fullMsg = flatten([DST_POP, server.pk, fromHex(server.objectId)]);\n\treturn bls12_381.verifyShortSignature(fromBase64(serviceResponse.pop), fullMsg, server.pk);\n}\n\n/**\n * Verify the key server version. Throws an `InvalidKeyServerError` if the version is not supported.\n *\n * @param response - The response from the key server.\n */\nexport function verifyKeyServerVersion(response: Response) {\n\tconst keyServerVersion = response.headers.get('X-KeyServer-Version');\n\tif (keyServerVersion == null) {\n\t\tthrow new InvalidKeyServerVersionError('Key server version not found');\n\t}\n\tif (new Version(keyServerVersion).older_than(SERVER_VERSION_REQUIREMENT)) {\n\t\tthrow new InvalidKeyServerVersionError(\n\t\t\t`Key server version ${keyServerVersion} is not supported`,\n\t\t);\n\t}\n}\n\nexport interface DerivedKey {\n\ttoString(): string;\n}\n\n/**\n * A user secret key for the Boneh-Franklin BLS12381 scheme.\n * This is a wrapper around the G1Element type.\n */\nexport class BonehFranklinBLS12381DerivedKey implements DerivedKey {\n\trepresentation: string;\n\n\tconstructor(public key: G1Element) {\n\t\tthis.representation = toHex(key.toBytes());\n\t}\n\n\ttoString(): string {\n\t\treturn this.representation;\n\t}\n}\n"],
|
|
5
|
-
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,iBAAgD;AAChD,uBAA0B;AAE1B,IAAAA,cAA+C;AAC/C,mBAAoF;AACpF,iBAAwB;AACxB,qBAAgC;AAGhC,mBAAiC;AAEjC,MAAM,0BAA0B;AAUzB,IAAK,gBAAL,kBAAKC,mBAAL;AACN,EAAAA,8BAAA,2BAAwB,KAAxB;AADW,SAAAA;AAAA,GAAA;AAIL,MAAM,6BAA6B,IAAI,qBAAQ,OAAO;AAOtD,SAAS,yBAAyB,SAA0C;AAClF,MAAI,YAAY,WAAW;AAC1B,WAAO;AAAA,MACN;AAAA,MACA;AAAA,IACD;AAAA,EACD,OAAO;AACN,UAAM,IAAI,qCAAwB,uBAAuB,OAAO,EAAE;AAAA,EACnE;AACD;AAUA,eAAsB,mBAAmB;AAAA,EACxC;AAAA,EACA;AACD,GAGyB;AACxB,SAAO,MAAM,QAAQ;AAAA,IACpB,UAAU,IAAI,OAAO,aAAa;AAEjC,YAAM,MAAM,MAAM,OAAO,KAAK,UAAU;AAAA,QACvC;AAAA,MACD,CAAC;AACD,YAAM,KAAK,0BAAc,MAAM,IAAI,OAAO,OAAO;
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport { bcs, fromBase64, fromHex, toHex } from '@mysten/bcs';\nimport { bls12_381 } from '@noble/curves/bls12-381';\n\nimport { KeyServerMove, KeyServerMoveV1 } from './bcs.js';\nimport { InvalidKeyServerVersionError, SealAPIError, UnsupportedNetworkError } from './error.js';\nimport { DST_POP } from './ibe.js';\nimport { PACKAGE_VERSION } from './version.js';\nimport type { SealCompatibleClient } from './types.js';\nimport type { G1Element } from './bls12381.js';\nimport { flatten, Version } from './utils.js';\n\nconst EXPECTED_SERVER_VERSION = 1;\n\nexport type KeyServer = {\n\tobjectId: string;\n\tname: string;\n\turl: string;\n\tkeyType: KeyServerType;\n\tpk: Uint8Array;\n};\n\nexport enum KeyServerType {\n\tBonehFranklinBLS12381 = 0,\n}\n\nexport const SERVER_VERSION_REQUIREMENT = new Version('0.4.1');\n\n/**\n * Returns a static list of Seal key server object ids that the dapp can choose to use.\n * @param network - The network to use.\n * @returns The object id's of the key servers.\n */\nexport function getAllowlistedKeyServers(network: 'testnet' | 'mainnet'): string[] {\n\tif (network === 'testnet') {\n\t\treturn [\n\t\t\t'0x73d05d62c18d9374e3ea529e8e0ed6161da1a141a94d3f76ae3fe4e99356db75',\n\t\t\t'0xf5d14a81a982144ae441cd7d64b09027f116a468bd36e7eca494f750591623c8',\n\t\t];\n\t} else {\n\t\tthrow new UnsupportedNetworkError(`Unsupported network ${network}`);\n\t}\n}\n\n/**\n * Given a list of key server object IDs, returns a list of SealKeyServer\n * from onchain state containing name, objectId, URL and pk.\n *\n * @param objectIds - The key server object IDs.\n * @param client - The SuiClient to use.\n * @returns - An array of SealKeyServer.\n */\nexport async function retrieveKeyServers({\n\tobjectIds,\n\tclient,\n}: {\n\tobjectIds: string[];\n\tclient: SealCompatibleClient;\n}): Promise<KeyServer[]> {\n\treturn await Promise.all(\n\t\tobjectIds.map(async (objectId) => {\n\t\t\t// First get the KeyServer object and validate it.\n\t\t\tconst res = await client.core.getObject({\n\t\t\t\tobjectId,\n\t\t\t});\n\t\t\tconst ks = KeyServerMove.parse(await res.object.content);\n\t\t\tif (\n\t\t\t\tEXPECTED_SERVER_VERSION < Number(ks.firstVersion) ||\n\t\t\t\tEXPECTED_SERVER_VERSION > Number(ks.lastVersion)\n\t\t\t) {\n\t\t\t\tthrow new InvalidKeyServerVersionError(\n\t\t\t\t\t`Key server ${objectId} supports versions between ${ks.firstVersion} and ${ks.lastVersion} (inclusive), but SDK expects version ${EXPECTED_SERVER_VERSION}`,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\t// Then fetch the expected versioned object and parse it.\n\t\t\tconst resVersionedKs = await client.core.getDynamicField({\n\t\t\t\tparentId: objectId,\n\t\t\t\tname: {\n\t\t\t\t\ttype: 'u64',\n\t\t\t\t\tbcs: bcs.u64().serialize(EXPECTED_SERVER_VERSION).toBytes(),\n\t\t\t\t},\n\t\t\t});\n\n\t\t\tconst ksVersioned = KeyServerMoveV1.parse(resVersionedKs.dynamicField.value.bcs);\n\n\t\t\treturn {\n\t\t\t\tobjectId,\n\t\t\t\tname: ksVersioned.name,\n\t\t\t\turl: ksVersioned.url,\n\t\t\t\tkeyType: ksVersioned.keyType,\n\t\t\t\tpk: new Uint8Array(ksVersioned.pk),\n\t\t\t};\n\t\t}),\n\t);\n}\n\n/**\n * Given a KeyServer, fetch the proof of possession (PoP) from the URL and verify it\n * against the pubkey. This should be used only rarely when the dapp uses a dynamic\n * set of key servers.\n *\n * @param server - The KeyServer to verify.\n * @returns - True if the key server is valid, false otherwise.\n */\nexport async function verifyKeyServer(\n\tserver: KeyServer,\n\ttimeout: number,\n\tapiKeyName?: string,\n\tapiKey?: string,\n): Promise<boolean> {\n\tconst requestId = crypto.randomUUID();\n\tconst response = await fetch(server.url! + '/v1/service?service_id=' + server.objectId, {\n\t\tmethod: 'GET',\n\t\theaders: {\n\t\t\t'Content-Type': 'application/json',\n\t\t\t'Request-Id': requestId,\n\t\t\t'Client-Sdk-Type': 'typescript',\n\t\t\t'Client-Sdk-Version': PACKAGE_VERSION,\n\t\t\t...(apiKeyName && apiKey ? { apiKeyName: apiKey } : {}),\n\t\t},\n\t\tsignal: AbortSignal.timeout(timeout),\n\t});\n\n\tawait SealAPIError.assertResponse(response, requestId);\n\tverifyKeyServerVersion(response);\n\tconst serviceResponse = await response.json();\n\n\tif (serviceResponse.service_id !== server.objectId) {\n\t\treturn false;\n\t}\n\tconst fullMsg = flatten([DST_POP, server.pk, fromHex(server.objectId)]);\n\treturn bls12_381.verifyShortSignature(fromBase64(serviceResponse.pop), fullMsg, server.pk);\n}\n\n/**\n * Verify the key server version. Throws an `InvalidKeyServerError` if the version is not supported.\n *\n * @param response - The response from the key server.\n */\nexport function verifyKeyServerVersion(response: Response) {\n\tconst keyServerVersion = response.headers.get('X-KeyServer-Version');\n\tif (keyServerVersion == null) {\n\t\tthrow new InvalidKeyServerVersionError('Key server version not found');\n\t}\n\tif (new Version(keyServerVersion).older_than(SERVER_VERSION_REQUIREMENT)) {\n\t\tthrow new InvalidKeyServerVersionError(\n\t\t\t`Key server version ${keyServerVersion} is not supported`,\n\t\t);\n\t}\n}\n\nexport interface DerivedKey {\n\ttoString(): string;\n}\n\n/**\n * A user secret key for the Boneh-Franklin BLS12381 scheme.\n * This is a wrapper around the G1Element type.\n */\nexport class BonehFranklinBLS12381DerivedKey implements DerivedKey {\n\trepresentation: string;\n\n\tconstructor(public key: G1Element) {\n\t\tthis.representation = toHex(key.toBytes());\n\t}\n\n\ttoString(): string {\n\t\treturn this.representation;\n\t}\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,iBAAgD;AAChD,uBAA0B;AAE1B,IAAAA,cAA+C;AAC/C,mBAAoF;AACpF,iBAAwB;AACxB,qBAAgC;AAGhC,mBAAiC;AAEjC,MAAM,0BAA0B;AAUzB,IAAK,gBAAL,kBAAKC,mBAAL;AACN,EAAAA,8BAAA,2BAAwB,KAAxB;AADW,SAAAA;AAAA,GAAA;AAIL,MAAM,6BAA6B,IAAI,qBAAQ,OAAO;AAOtD,SAAS,yBAAyB,SAA0C;AAClF,MAAI,YAAY,WAAW;AAC1B,WAAO;AAAA,MACN;AAAA,MACA;AAAA,IACD;AAAA,EACD,OAAO;AACN,UAAM,IAAI,qCAAwB,uBAAuB,OAAO,EAAE;AAAA,EACnE;AACD;AAUA,eAAsB,mBAAmB;AAAA,EACxC;AAAA,EACA;AACD,GAGyB;AACxB,SAAO,MAAM,QAAQ;AAAA,IACpB,UAAU,IAAI,OAAO,aAAa;AAEjC,YAAM,MAAM,MAAM,OAAO,KAAK,UAAU;AAAA,QACvC;AAAA,MACD,CAAC;AACD,YAAM,KAAK,0BAAc,MAAM,MAAM,IAAI,OAAO,OAAO;AACvD,UACC,0BAA0B,OAAO,GAAG,YAAY,KAChD,0BAA0B,OAAO,GAAG,WAAW,GAC9C;AACD,cAAM,IAAI;AAAA,UACT,cAAc,QAAQ,8BAA8B,GAAG,YAAY,QAAQ,GAAG,WAAW,yCAAyC,uBAAuB;AAAA,QAC1J;AAAA,MACD;AAGA,YAAM,iBAAiB,MAAM,OAAO,KAAK,gBAAgB;AAAA,QACxD,UAAU;AAAA,QACV,MAAM;AAAA,UACL,MAAM;AAAA,UACN,KAAK,eAAI,IAAI,EAAE,UAAU,uBAAuB,EAAE,QAAQ;AAAA,QAC3D;AAAA,MACD,CAAC;AAED,YAAM,cAAc,4BAAgB,MAAM,eAAe,aAAa,MAAM,GAAG;AAE/E,aAAO;AAAA,QACN;AAAA,QACA,MAAM,YAAY;AAAA,QAClB,KAAK,YAAY;AAAA,QACjB,SAAS,YAAY;AAAA,QACrB,IAAI,IAAI,WAAW,YAAY,EAAE;AAAA,MAClC;AAAA,IACD,CAAC;AAAA,EACF;AACD;AAUA,eAAsB,gBACrB,QACA,SACA,YACA,QACmB;AACnB,QAAM,YAAY,OAAO,WAAW;AACpC,QAAM,WAAW,MAAM,MAAM,OAAO,MAAO,4BAA4B,OAAO,UAAU;AAAA,IACvF,QAAQ;AAAA,IACR,SAAS;AAAA,MACR,gBAAgB;AAAA,MAChB,cAAc;AAAA,MACd,mBAAmB;AAAA,MACnB,sBAAsB;AAAA,MACtB,GAAI,cAAc,SAAS,EAAE,YAAY,OAAO,IAAI,CAAC;AAAA,IACtD;AAAA,IACA,QAAQ,YAAY,QAAQ,OAAO;AAAA,EACpC,CAAC;AAED,QAAM,0BAAa,eAAe,UAAU,SAAS;AACrD,yBAAuB,QAAQ;AAC/B,QAAM,kBAAkB,MAAM,SAAS,KAAK;AAE5C,MAAI,gBAAgB,eAAe,OAAO,UAAU;AACnD,WAAO;AAAA,EACR;AACA,QAAM,cAAU,sBAAQ,CAAC,oBAAS,OAAO,QAAI,oBAAQ,OAAO,QAAQ,CAAC,CAAC;AACtE,SAAO,2BAAU,yBAAqB,uBAAW,gBAAgB,GAAG,GAAG,SAAS,OAAO,EAAE;AAC1F;AAOO,SAAS,uBAAuB,UAAoB;AAC1D,QAAM,mBAAmB,SAAS,QAAQ,IAAI,qBAAqB;AACnE,MAAI,oBAAoB,MAAM;AAC7B,UAAM,IAAI,0CAA6B,8BAA8B;AAAA,EACtE;AACA,MAAI,IAAI,qBAAQ,gBAAgB,EAAE,WAAW,0BAA0B,GAAG;AACzE,UAAM,IAAI;AAAA,MACT,sBAAsB,gBAAgB;AAAA,IACvC;AAAA,EACD;AACD;AAUO,MAAM,gCAAsD;AAAA,EAGlE,YAAmB,KAAgB;AAAhB;AAClB,SAAK,qBAAiB,kBAAM,IAAI,QAAQ,CAAC;AAAA,EAC1C;AAAA,EAEA,WAAmB;AAClB,WAAO,KAAK;AAAA,EACb;AACD;",
|
|
6
6
|
"names": ["import_bcs", "KeyServerType"]
|
|
7
7
|
}
|
|
@@ -0,0 +1,79 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* A field element in the Rijndael finite field GF(2⁸) with a fixed generator g = 0x03.
|
|
3
|
+
*/
|
|
4
|
+
export declare class GF256 {
|
|
5
|
+
value: number;
|
|
6
|
+
constructor(value: number);
|
|
7
|
+
log(): number;
|
|
8
|
+
static exp(x: number): GF256;
|
|
9
|
+
add(other: GF256): GF256;
|
|
10
|
+
sub(other: GF256): GF256;
|
|
11
|
+
neg(): GF256;
|
|
12
|
+
mul(other: GF256): GF256;
|
|
13
|
+
div(other: GF256): GF256;
|
|
14
|
+
equals(other: GF256): boolean;
|
|
15
|
+
static zero(): GF256;
|
|
16
|
+
static one(): GF256;
|
|
17
|
+
}
|
|
18
|
+
export declare class Polynomial {
|
|
19
|
+
coefficients: GF256[];
|
|
20
|
+
/**
|
|
21
|
+
* Construct a new Polynomial over [GF256] from the given coefficients.
|
|
22
|
+
* The first coefficient is the constant term.
|
|
23
|
+
*/
|
|
24
|
+
constructor(coefficients: GF256[]);
|
|
25
|
+
static fromBytes(bytes: Uint8Array): Polynomial;
|
|
26
|
+
degree(): number;
|
|
27
|
+
getCoefficient(index: number): GF256;
|
|
28
|
+
add(other: Polynomial): Polynomial;
|
|
29
|
+
mul(other: Polynomial): Polynomial;
|
|
30
|
+
/** The polynomial s * this. */
|
|
31
|
+
scale(s: GF256): Polynomial;
|
|
32
|
+
div(s: GF256): Polynomial;
|
|
33
|
+
/** The polynomial x + c. */
|
|
34
|
+
static monic_linear(c: GF256): Polynomial;
|
|
35
|
+
static zero(): Polynomial;
|
|
36
|
+
static one(): Polynomial;
|
|
37
|
+
/** Given a set of coordinates, interpolate a polynomial. */
|
|
38
|
+
static interpolate(coordinates: {
|
|
39
|
+
x: GF256;
|
|
40
|
+
y: GF256;
|
|
41
|
+
}[]): Polynomial;
|
|
42
|
+
/** Given a set of coordinates, interpolate a polynomial and evaluate it at x = 0. */
|
|
43
|
+
static combine(coordinates: {
|
|
44
|
+
x: GF256;
|
|
45
|
+
y: GF256;
|
|
46
|
+
}[]): GF256;
|
|
47
|
+
/** Evaluate the polynomial at x. */
|
|
48
|
+
evaluate(x: GF256): GF256;
|
|
49
|
+
equals(other: Polynomial): boolean;
|
|
50
|
+
}
|
|
51
|
+
/** Representation of a share of a secret. The index is a number between 1 and 255. */
|
|
52
|
+
export type Share = {
|
|
53
|
+
index: number;
|
|
54
|
+
share: Uint8Array;
|
|
55
|
+
};
|
|
56
|
+
/**
|
|
57
|
+
* Split a secret into shares.
|
|
58
|
+
*
|
|
59
|
+
* @param secret The secret to split.
|
|
60
|
+
* @param threshold The minimum number of shares required to reconstruct the secret.
|
|
61
|
+
* @param total The total number of shares to generate.
|
|
62
|
+
* @returns The shares.
|
|
63
|
+
*/
|
|
64
|
+
export declare function split(secret: Uint8Array, threshold: number, total: number): Share[];
|
|
65
|
+
/**
|
|
66
|
+
* Combine shares into a secret. If fewer than the threshold number of shares are provided,
|
|
67
|
+
* the result will be indistinguishable from random.
|
|
68
|
+
*
|
|
69
|
+
* @param shares The shares to combine.
|
|
70
|
+
* @returns The secret.
|
|
71
|
+
*/
|
|
72
|
+
export declare function combine(shares: Share[]): Uint8Array;
|
|
73
|
+
/**
|
|
74
|
+
* Interpolate a polynomial from the given shares.
|
|
75
|
+
*
|
|
76
|
+
* @param shares The shares to interpolate from.
|
|
77
|
+
* @returns A function that evaluates the polynomial at a given x.
|
|
78
|
+
*/
|
|
79
|
+
export declare function interpolate(shares: Share[]): (x: number) => Uint8Array;
|