@mysten/seal 0.4.5 → 0.4.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (54) hide show
  1. package/CHANGELOG.md +15 -0
  2. package/dist/cjs/bls12381.d.ts +1 -0
  3. package/dist/cjs/bls12381.js +3 -0
  4. package/dist/cjs/bls12381.js.map +2 -2
  5. package/dist/cjs/client.d.ts +8 -3
  6. package/dist/cjs/client.js +21 -12
  7. package/dist/cjs/client.js.map +2 -2
  8. package/dist/cjs/decrypt.js +16 -0
  9. package/dist/cjs/decrypt.js.map +2 -2
  10. package/dist/cjs/ibe.d.ts +3 -1
  11. package/dist/cjs/ibe.js +9 -1
  12. package/dist/cjs/ibe.js.map +2 -2
  13. package/dist/cjs/index.d.ts +1 -1
  14. package/dist/cjs/index.js.map +2 -2
  15. package/dist/cjs/key-server.d.ts +1 -1
  16. package/dist/cjs/key-server.js +4 -3
  17. package/dist/cjs/key-server.js.map +2 -2
  18. package/dist/cjs/keys.d.ts +1 -1
  19. package/dist/cjs/keys.js +3 -2
  20. package/dist/cjs/keys.js.map +2 -2
  21. package/dist/cjs/session-key.d.ts +7 -6
  22. package/dist/cjs/session-key.js +36 -20
  23. package/dist/cjs/session-key.js.map +2 -2
  24. package/dist/cjs/version.d.ts +1 -1
  25. package/dist/cjs/version.js +1 -1
  26. package/dist/cjs/version.js.map +1 -1
  27. package/dist/esm/bls12381.d.ts +1 -0
  28. package/dist/esm/bls12381.js +3 -0
  29. package/dist/esm/bls12381.js.map +2 -2
  30. package/dist/esm/client.d.ts +8 -3
  31. package/dist/esm/client.js +21 -12
  32. package/dist/esm/client.js.map +2 -2
  33. package/dist/esm/decrypt.js +17 -1
  34. package/dist/esm/decrypt.js.map +2 -2
  35. package/dist/esm/ibe.d.ts +3 -1
  36. package/dist/esm/ibe.js +9 -1
  37. package/dist/esm/ibe.js.map +2 -2
  38. package/dist/esm/index.d.ts +1 -1
  39. package/dist/esm/index.js.map +2 -2
  40. package/dist/esm/key-server.d.ts +1 -1
  41. package/dist/esm/key-server.js +4 -3
  42. package/dist/esm/key-server.js.map +2 -2
  43. package/dist/esm/keys.d.ts +1 -1
  44. package/dist/esm/keys.js +3 -2
  45. package/dist/esm/keys.js.map +2 -2
  46. package/dist/esm/session-key.d.ts +7 -6
  47. package/dist/esm/session-key.js +37 -21
  48. package/dist/esm/session-key.js.map +2 -2
  49. package/dist/esm/version.d.ts +1 -1
  50. package/dist/esm/version.js +1 -1
  51. package/dist/esm/version.js.map +1 -1
  52. package/dist/tsconfig.esm.tsbuildinfo +1 -1
  53. package/dist/tsconfig.tsbuildinfo +1 -1
  54. package/package.json +2 -2
package/dist/cjs/keys.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../src/keys.ts"],
4
- "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromBase64, toBase64, toHex } from '@mysten/bcs';\n\nimport { elgamalDecrypt, toPublicKey, toVerificationKey } from './elgamal.js';\nimport { SealAPIError } from './error.js';\nimport type { Certificate } from './session-key.js';\nimport { PACKAGE_VERSION } from './version.js';\nimport { verifyKeyServerVersion } from './key-server.js';\n\n/**\n * Helper function to request all keys from URL with requestSig, txBytes, ephemeral pubkey.\n * Then decrypt the Seal key with ephemeral secret key. Returns a list decryption keys with\n * their full IDs.\n *\n * @param url - The URL of the key server.\n * @param requestSig - The Base64 string of request signature.\n * @param txBytes - The transaction bytes.\n * @param encKey - The ephemeral secret key.\n * @param certificate - The certificate.\n * @returns - A list of full ID and the decrypted key.\n */\nexport async function fetchKeysForAllIds(\n\turl: string,\n\trequestSig: string,\n\ttxBytes: Uint8Array,\n\tencKey: Uint8Array,\n\tcertificate: Certificate,\n\ttimeout: number,\n\tsignal?: AbortSignal,\n): Promise<{ fullId: string; key: Uint8Array }[]> {\n\tconst encKeyPk = toPublicKey(encKey);\n\tconst encVerificationKey = toVerificationKey(encKey);\n\tconst body = {\n\t\tptb: toBase64(txBytes.slice(1)), // removes the byte of the transaction type version\n\t\tenc_key: toBase64(encKeyPk),\n\t\tenc_verification_key: toBase64(encVerificationKey),\n\t\trequest_signature: requestSig, // already b64\n\t\tcertificate,\n\t};\n\n\tconst timeoutSignal = AbortSignal.timeout(timeout);\n\tconst combinedSignal = signal ? AbortSignal.any([signal, timeoutSignal]) : timeoutSignal;\n\n\tconst requestId = crypto.randomUUID();\n\tconst response = await fetch(url + '/v1/fetch_key', {\n\t\tmethod: 'POST',\n\t\theaders: {\n\t\t\t'Content-Type': 'application/json',\n\t\t\t'Request-Id': requestId,\n\t\t\t'Client-Sdk-Type': 'typescript',\n\t\t\t'Client-Sdk-Version': PACKAGE_VERSION,\n\t\t},\n\t\tbody: JSON.stringify(body),\n\t\tsignal: combinedSignal,\n\t});\n\tawait SealAPIError.assertResponse(response, requestId);\n\tconst resp = await response.json();\n\tverifyKeyServerVersion(response);\n\n\treturn resp.decryption_keys.map((dk: { id: Uint8Array; encrypted_key: [string, string] }) => ({\n\t\tfullId: toHex(dk.id),\n\t\tkey: elgamalDecrypt(encKey, dk.encrypted_key.map(fromBase64) as [Uint8Array, Uint8Array]),\n\t}));\n}\n"],
5
- "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAA4C;AAE5C,qBAA+D;AAC/D,mBAA6B;AAE7B,qBAAgC;AAChC,wBAAuC;AAcvC,eAAsB,mBACrB,KACA,YACA,SACA,QACA,aACA,SACA,QACiD;AACjD,QAAM,eAAW,4BAAY,MAAM;AACnC,QAAM,yBAAqB,kCAAkB,MAAM;AACnD,QAAM,OAAO;AAAA,IACZ,SAAK,qBAAS,QAAQ,MAAM,CAAC,CAAC;AAAA;AAAA,IAC9B,aAAS,qBAAS,QAAQ;AAAA,IAC1B,0BAAsB,qBAAS,kBAAkB;AAAA,IACjD,mBAAmB;AAAA;AAAA,IACnB;AAAA,EACD;AAEA,QAAM,gBAAgB,YAAY,QAAQ,OAAO;AACjD,QAAM,iBAAiB,SAAS,YAAY,IAAI,CAAC,QAAQ,aAAa,CAAC,IAAI;AAE3E,QAAM,YAAY,OAAO,WAAW;AACpC,QAAM,WAAW,MAAM,MAAM,MAAM,iBAAiB;AAAA,IACnD,QAAQ;AAAA,IACR,SAAS;AAAA,MACR,gBAAgB;AAAA,MAChB,cAAc;AAAA,MACd,mBAAmB;AAAA,MACnB,sBAAsB;AAAA,IACvB;AAAA,IACA,MAAM,KAAK,UAAU,IAAI;AAAA,IACzB,QAAQ;AAAA,EACT,CAAC;AACD,QAAM,0BAAa,eAAe,UAAU,SAAS;AACrD,QAAM,OAAO,MAAM,SAAS,KAAK;AACjC,gDAAuB,QAAQ;AAE/B,SAAO,KAAK,gBAAgB,IAAI,CAAC,QAA6D;AAAA,IAC7F,YAAQ,kBAAM,GAAG,EAAE;AAAA,IACnB,SAAK,+BAAe,QAAQ,GAAG,cAAc,IAAI,qBAAU,CAA6B;AAAA,EACzF,EAAE;AACH;",
4
+ "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromBase64, toBase64, toHex } from '@mysten/bcs';\n\nimport { elgamalDecrypt, toPublicKey, toVerificationKey } from './elgamal.js';\nimport { SealAPIError } from './error.js';\nimport type { Certificate } from './session-key.js';\nimport { PACKAGE_VERSION } from './version.js';\nimport { verifyKeyServerVersion } from './key-server.js';\n\n/**\n * Helper function to request all keys from URL with requestSig, txBytes, ephemeral pubkey.\n * Then decrypt the Seal key with ephemeral secret key. Returns a list decryption keys with\n * their full IDs.\n *\n * @param url - The URL of the key server.\n * @param requestSig - The Base64 string of request signature.\n * @param txBytes - The transaction bytes.\n * @param encKey - The ephemeral secret key.\n * @param certificate - The certificate.\n * @returns - A list of full ID and the decrypted key.\n */\nexport async function fetchKeysForAllIds(\n\turl: string,\n\trequestSig: string,\n\ttxBytes: Uint8Array,\n\tencKey: Uint8Array,\n\tcertificate: Certificate,\n\ttimeout: number,\n\tapiKeyName?: string,\n\tapiKey?: string,\n\tsignal?: AbortSignal,\n): Promise<{ fullId: string; key: Uint8Array }[]> {\n\tconst encKeyPk = toPublicKey(encKey);\n\tconst encVerificationKey = toVerificationKey(encKey);\n\tconst body = {\n\t\tptb: toBase64(txBytes.slice(1)), // removes the byte of the transaction type version\n\t\tenc_key: toBase64(encKeyPk),\n\t\tenc_verification_key: toBase64(encVerificationKey),\n\t\trequest_signature: requestSig, // already b64\n\t\tcertificate,\n\t};\n\n\tconst timeoutSignal = AbortSignal.timeout(timeout);\n\tconst combinedSignal = signal ? AbortSignal.any([signal, timeoutSignal]) : timeoutSignal;\n\n\tconst requestId = crypto.randomUUID();\n\tconst response = await fetch(url + '/v1/fetch_key', {\n\t\tmethod: 'POST',\n\t\theaders: {\n\t\t\t'Content-Type': 'application/json',\n\t\t\t'Request-Id': requestId,\n\t\t\t'Client-Sdk-Type': 'typescript',\n\t\t\t'Client-Sdk-Version': PACKAGE_VERSION,\n\t\t\t...(apiKeyName && apiKey ? { apiKeyName: apiKey } : {}),\n\t\t},\n\t\tbody: JSON.stringify(body),\n\t\tsignal: combinedSignal,\n\t});\n\tawait SealAPIError.assertResponse(response, requestId);\n\tconst resp = await response.json();\n\tverifyKeyServerVersion(response);\n\n\treturn resp.decryption_keys.map((dk: { id: Uint8Array; encrypted_key: [string, string] }) => ({\n\t\tfullId: toHex(dk.id),\n\t\tkey: elgamalDecrypt(encKey, dk.encrypted_key.map(fromBase64) as [Uint8Array, Uint8Array]),\n\t}));\n}\n"],
5
+ "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAA4C;AAE5C,qBAA+D;AAC/D,mBAA6B;AAE7B,qBAAgC;AAChC,wBAAuC;AAcvC,eAAsB,mBACrB,KACA,YACA,SACA,QACA,aACA,SACA,YACA,QACA,QACiD;AACjD,QAAM,eAAW,4BAAY,MAAM;AACnC,QAAM,yBAAqB,kCAAkB,MAAM;AACnD,QAAM,OAAO;AAAA,IACZ,SAAK,qBAAS,QAAQ,MAAM,CAAC,CAAC;AAAA;AAAA,IAC9B,aAAS,qBAAS,QAAQ;AAAA,IAC1B,0BAAsB,qBAAS,kBAAkB;AAAA,IACjD,mBAAmB;AAAA;AAAA,IACnB;AAAA,EACD;AAEA,QAAM,gBAAgB,YAAY,QAAQ,OAAO;AACjD,QAAM,iBAAiB,SAAS,YAAY,IAAI,CAAC,QAAQ,aAAa,CAAC,IAAI;AAE3E,QAAM,YAAY,OAAO,WAAW;AACpC,QAAM,WAAW,MAAM,MAAM,MAAM,iBAAiB;AAAA,IACnD,QAAQ;AAAA,IACR,SAAS;AAAA,MACR,gBAAgB;AAAA,MAChB,cAAc;AAAA,MACd,mBAAmB;AAAA,MACnB,sBAAsB;AAAA,MACtB,GAAI,cAAc,SAAS,EAAE,YAAY,OAAO,IAAI,CAAC;AAAA,IACtD;AAAA,IACA,MAAM,KAAK,UAAU,IAAI;AAAA,IACzB,QAAQ;AAAA,EACT,CAAC;AACD,QAAM,0BAAa,eAAe,UAAU,SAAS;AACrD,QAAM,OAAO,MAAM,SAAS,KAAK;AACjC,gDAAuB,QAAQ;AAE/B,SAAO,KAAK,gBAAgB,IAAI,CAAC,QAA6D;AAAA,IAC7F,YAAQ,kBAAM,GAAG,EAAE;AAAA,IACnB,SAAK,+BAAe,QAAQ,GAAG,cAAc,IAAI,qBAAU,CAA6B;AAAA,EACzF,EAAE;AACH;",
6
6
  "names": []
7
7
  }
package/dist/cjs/session-key.d.ts CHANGED
@@ -21,10 +21,12 @@ export type Certificate = {
21
21
  creation_time: number;
22
22
  ttl_min: number;
23
23
  signature: string;
24
+ mvr_name?: string;
24
25
  };
25
26
  export type SessionKeyType = {
26
27
  address: string;
27
28
  packageId: string;
29
+ mvrName?: string;
28
30
  creationTimeMs: number;
29
31
  ttlMin: number;
30
32
  personalMessageSignature?: string;
@@ -32,15 +34,17 @@ export type SessionKeyType = {
32
34
  };
33
35
  export declare class SessionKey {
34
36
  #private;
35
- constructor({ address, packageId, ttlMin, signer, client, }: {
37
+ constructor({ address, packageId, mvrName, ttlMin, signer, suiClient, }: {
36
38
  address: string;
37
39
  packageId: string;
40
+ mvrName?: string;
38
41
  ttlMin: number;
39
42
  signer?: Signer;
40
- client?: ZkLoginCompatibleClient;
43
+ suiClient: ZkLoginCompatibleClient;
41
44
  });
42
45
  isExpired(): boolean;
43
46
  getAddress(): string;
47
+ getPackageName(): string;
44
48
  getPackageId(): string;
45
49
  getPersonalMessage(): Uint8Array;
46
50
  setPersonalMessageSignature(personalMessageSignature: string): Promise<void>;
@@ -57,8 +61,5 @@ export declare class SessionKey {
57
61
  * Restore a SessionKey instance for the given object.
58
62
  * @returns A new SessionKey instance with restored state
59
63
  */
60
- static import(data: SessionKeyType, { signer, client }: {
61
- signer?: Signer;
62
- client?: ZkLoginCompatibleClient;
63
- }): Promise<SessionKey>;
64
+ static import(data: SessionKeyType, suiClient: ZkLoginCompatibleClient, signer?: Signer): SessionKey;
64
65
  }
package/dist/cjs/session-key.js CHANGED
@@ -36,7 +36,7 @@ var import_utils = require("@mysten/sui/utils");
36
36
  var import_verify = require("@mysten/sui/verify");
37
37
  var import_elgamal = require("./elgamal.js");
38
38
  var import_error = require("./error.js");
39
- var _address, _packageId, _creationTimeMs, _ttlMin, _sessionKey, _personalMessageSignature, _signer, _client;
39
+ var _address, _packageId, _mvrName, _creationTimeMs, _ttlMin, _sessionKey, _personalMessageSignature, _signer, _suiClient;
40
40
  const RequestFormat = import_bcs2.bcs.struct("RequestFormat", {
41
41
  ptb: import_bcs2.bcs.vector(import_bcs2.bcs.U8),
42
42
  encKey: import_bcs2.bcs.vector(import_bcs2.bcs.U8),
@@ -46,18 +46,23 @@ const _SessionKey = class _SessionKey {
46
46
  constructor({
47
47
  address,
48
48
  packageId,
49
+ mvrName,
49
50
  ttlMin,
50
51
  signer,
51
- client
52
+ suiClient
52
53
  }) {
53
54
  __privateAdd(this, _address);
54
55
  __privateAdd(this, _packageId);
56
+ __privateAdd(this, _mvrName);
55
57
  __privateAdd(this, _creationTimeMs);
56
58
  __privateAdd(this, _ttlMin);
57
59
  __privateAdd(this, _sessionKey);
58
60
  __privateAdd(this, _personalMessageSignature);
59
61
  __privateAdd(this, _signer);
60
- __privateAdd(this, _client);
62
+ __privateAdd(this, _suiClient);
63
+ if (mvrName && !(0, import_utils.isValidNamedPackage)(mvrName)) {
64
+ throw new import_error.UserError(`Invalid package name ${mvrName}`);
65
+ }
61
66
  if (!(0, import_utils.isValidSuiObjectId)(packageId) || !(0, import_utils.isValidSuiAddress)(address)) {
62
67
  throw new import_error.UserError(`Invalid package ID ${packageId} or address ${address}`);
63
68
  }
@@ -69,11 +74,12 @@ const _SessionKey = class _SessionKey {
69
74
  }
70
75
  __privateSet(this, _address, address);
71
76
  __privateSet(this, _packageId, packageId);
77
+ __privateSet(this, _mvrName, mvrName);
72
78
  __privateSet(this, _creationTimeMs, Date.now());
73
79
  __privateSet(this, _ttlMin, ttlMin);
74
80
  __privateSet(this, _sessionKey, import_ed25519.Ed25519Keypair.generate());
75
81
  __privateSet(this, _signer, signer);
76
- __privateSet(this, _client, client);
82
+ __privateSet(this, _suiClient, suiClient);
77
83
  }
78
84
  isExpired() {
79
85
  return __privateGet(this, _creationTimeMs) + __privateGet(this, _ttlMin) * 60 * 1e3 - 1e4 < Date.now();
@@ -81,23 +87,31 @@ const _SessionKey = class _SessionKey {
81
87
  getAddress() {
82
88
  return __privateGet(this, _address);
83
89
  }
90
+ getPackageName() {
91
+ if (__privateGet(this, _mvrName)) {
92
+ return __privateGet(this, _mvrName);
93
+ }
94
+ return __privateGet(this, _packageId);
95
+ }
84
96
  getPackageId() {
85
97
  return __privateGet(this, _packageId);
86
98
  }
87
99
  getPersonalMessage() {
88
100
  const creationTimeUtc = new Date(__privateGet(this, _creationTimeMs)).toISOString().slice(0, 19).replace("T", " ") + " UTC";
89
- const message = `Accessing keys of package ${__privateGet(this, _packageId)} for ${__privateGet(this, _ttlMin)} mins from ${creationTimeUtc}, session key ${(0, import_bcs.toBase64)(__privateGet(this, _sessionKey).getPublicKey().toRawBytes())}`;
101
+ const message = `Accessing keys of package ${this.getPackageName()} for ${__privateGet(this, _ttlMin)} mins from ${creationTimeUtc}, session key ${(0, import_bcs.toBase64)(__privateGet(this, _sessionKey).getPublicKey().toRawBytes())}`;
90
102
  return new TextEncoder().encode(message);
91
103
  }
92
104
  async setPersonalMessageSignature(personalMessageSignature) {
93
- try {
94
- await (0, import_verify.verifyPersonalMessageSignature)(this.getPersonalMessage(), personalMessageSignature, {
95
- address: __privateGet(this, _address),
96
- client: __privateGet(this, _client)
97
- });
98
- __privateSet(this, _personalMessageSignature, personalMessageSignature);
99
- } catch (e) {
100
- throw new import_error.InvalidPersonalMessageSignatureError("Not valid");
105
+ if (!__privateGet(this, _personalMessageSignature)) {
106
+ try {
107
+ await (0, import_verify.verifyPersonalMessageSignature)(this.getPersonalMessage(), personalMessageSignature, {
108
+ address: __privateGet(this, _address),
109
+ client: __privateGet(this, _suiClient)
110
+ });
111
+ __privateSet(this, _personalMessageSignature, personalMessageSignature);
112
+ } catch (e) {
113
+ throw new import_error.InvalidPersonalMessageSignatureError("Not valid");
114
+ }
101
115
  }
102
116
  }
103
117
  async getCertificate() {
@@ -114,7 +128,8 @@ const _SessionKey = class _SessionKey {
114
128
  session_vk: (0, import_bcs.toBase64)(__privateGet(this, _sessionKey).getPublicKey().toRawBytes()),
115
129
  creation_time: __privateGet(this, _creationTimeMs),
116
130
  ttl_min: __privateGet(this, _ttlMin),
117
- signature: __privateGet(this, _personalMessageSignature)
131
+ signature: __privateGet(this, _personalMessageSignature),
132
+ mvr_name: __privateGet(this, _mvrName)
118
133
  };
119
134
  }
120
135
  async createRequestParams(txBytes) {
@@ -139,6 +154,7 @@ const _SessionKey = class _SessionKey {
139
154
  const obj = {
140
155
  address: __privateGet(this, _address),
141
156
  packageId: __privateGet(this, _packageId),
157
+ mvrName: __privateGet(this, _mvrName),
142
158
  creationTimeMs: __privateGet(this, _creationTimeMs),
143
159
  ttlMin: __privateGet(this, _ttlMin),
144
160
  personalMessageSignature: __privateGet(this, _personalMessageSignature),
@@ -157,19 +173,18 @@ const _SessionKey = class _SessionKey {
157
173
  * Restore a SessionKey instance for the given object.
158
174
  * @returns A new SessionKey instance with restored state
159
175
  */
160
- static async import(data, { signer, client }) {
176
+ static import(data, suiClient, signer) {
161
177
  const instance = new _SessionKey({
162
178
  address: data.address,
163
179
  packageId: data.packageId,
180
+ mvrName: data.mvrName,
164
181
  ttlMin: data.ttlMin,
165
182
  signer,
166
- client
183
+ suiClient
167
184
  });
168
185
  __privateSet(instance, _creationTimeMs, data.creationTimeMs);
169
186
  __privateSet(instance, _sessionKey, import_ed25519.Ed25519Keypair.fromSecretKey(data.sessionKey));
170
- if (data.personalMessageSignature) {
171
- await instance.setPersonalMessageSignature(data.personalMessageSignature);
172
- }
187
+ __privateSet(instance, _personalMessageSignature, data.personalMessageSignature);
173
188
  if (instance.isExpired()) {
174
189
  throw new import_error.ExpiredSessionKeyError();
175
190
  }
@@ -178,11 +193,12 @@ const _SessionKey = class _SessionKey {
178
193
  };
179
194
  _address = new WeakMap();
180
195
  _packageId = new WeakMap();
196
+ _mvrName = new WeakMap();
181
197
  _creationTimeMs = new WeakMap();
182
198
  _ttlMin = new WeakMap();
183
199
  _sessionKey = new WeakMap();
184
200
  _personalMessageSignature = new WeakMap();
185
201
  _signer = new WeakMap();
186
- _client = new WeakMap();
202
+ _suiClient = new WeakMap();
187
203
  let SessionKey = _SessionKey;
188
204
  //# sourceMappingURL=session-key.js.map
package/dist/cjs/session-key.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../src/session-key.ts"],
4
- "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { toBase64 } from '@mysten/bcs';\nimport { bcs } from '@mysten/sui/bcs';\nimport type { Signer } from '@mysten/sui/cryptography';\nimport { Ed25519Keypair } from '@mysten/sui/keypairs/ed25519';\nimport { isValidSuiAddress, isValidSuiObjectId } from '@mysten/sui/utils';\nimport { verifyPersonalMessageSignature } from '@mysten/sui/verify';\nimport { generateSecretKey, toPublicKey, toVerificationKey } from './elgamal.js';\nimport {\n\tExpiredSessionKeyError,\n\tInvalidPersonalMessageSignatureError,\n\tUserError,\n} from './error.js';\nimport type { ZkLoginCompatibleClient } from '@mysten/sui/zklogin';\n\nexport const RequestFormat = bcs.struct('RequestFormat', {\n\tptb: bcs.vector(bcs.U8),\n\tencKey: bcs.vector(bcs.U8),\n\tencVerificationKey: bcs.vector(bcs.U8),\n});\n\nexport type Certificate = {\n\tuser: string;\n\tsession_vk: string;\n\tcreation_time: number;\n\tttl_min: number;\n\tsignature: string;\n};\n\nexport type SessionKeyType = {\n\taddress: string;\n\tpackageId: string;\n\tcreationTimeMs: number;\n\tttlMin: number;\n\tpersonalMessageSignature?: string;\n\tsessionKey: string;\n};\n\nexport class SessionKey {\n\t#address: string;\n\t#packageId: string;\n\t#creationTimeMs: number;\n\t#ttlMin: number;\n\t#sessionKey: Ed25519Keypair;\n\t#personalMessageSignature?: string;\n\t#signer?: Signer;\n\t#client?: ZkLoginCompatibleClient;\n\n\tconstructor({\n\t\taddress,\n\t\tpackageId,\n\t\tttlMin,\n\t\tsigner,\n\t\tclient,\n\t}: {\n\t\taddress: string;\n\t\tpackageId: string;\n\t\tttlMin: number;\n\t\tsigner?: Signer;\n\t\tclient?: ZkLoginCompatibleClient;\n\t}) {\n\t\tif (!isValidSuiObjectId(packageId) || !isValidSuiAddress(address)) {\n\t\t\tthrow new UserError(`Invalid package ID ${packageId} or address ${address}`);\n\t\t}\n\t\tif (ttlMin > 30 || ttlMin < 1) {\n\t\t\tthrow new UserError(`Invalid TTL ${ttlMin}, must be between 1 and 30`);\n\t\t}\n\n\t\tif (signer && signer.getPublicKey().toSuiAddress() !== address) {\n\t\t\tthrow new UserError('Signer address does not match session key address');\n\t\t}\n\t\tthis.#address = address;\n\t\tthis.#packageId = packageId;\n\t\tthis.#creationTimeMs = Date.now();\n\t\tthis.#ttlMin = ttlMin;\n\t\tthis.#sessionKey = Ed25519Keypair.generate();\n\t\tthis.#signer = signer;\n\t\tthis.#client = client;\n\t}\n\n\tisExpired(): boolean {\n\t\t// Allow 10 seconds for clock skew\n\t\treturn this.#creationTimeMs + this.#ttlMin * 60 * 1000 - 10_000 < Date.now();\n\t}\n\n\tgetAddress(): string {\n\t\treturn this.#address;\n\t}\n\n\tgetPackageId(): string {\n\t\treturn this.#packageId;\n\t}\n\n\tgetPersonalMessage(): Uint8Array {\n\t\tconst creationTimeUtc =\n\t\t\tnew Date(this.#creationTimeMs).toISOString().slice(0, 19).replace('T', ' ') + ' UTC';\n\t\tconst message = `Accessing keys of package ${this.#packageId} for ${this.#ttlMin} mins from ${creationTimeUtc}, session key ${toBase64(this.#sessionKey.getPublicKey().toRawBytes())}`;\n\t\treturn new TextEncoder().encode(message);\n\t}\n\n\tasync setPersonalMessageSignature(personalMessageSignature: string) {\n\t\ttry {\n\t\t\tawait verifyPersonalMessageSignature(this.getPersonalMessage(), personalMessageSignature, {\n\t\t\t\taddress: this.#address,\n\t\t\t\tclient: this.#client,\n\t\t\t});\n\t\t\tthis.#personalMessageSignature = personalMessageSignature;\n\t\t} catch (e) {\n\t\t\tthrow new InvalidPersonalMessageSignatureError('Not valid');\n\t\t}\n\t}\n\n\tasync getCertificate(): Promise<Certificate> {\n\t\tif (!this.#personalMessageSignature) {\n\t\t\tif (this.#signer) {\n\t\t\t\tconst { signature } = await this.#signer.signPersonalMessage(this.getPersonalMessage());\n\t\t\t\tthis.#personalMessageSignature = signature;\n\t\t\t} else {\n\t\t\t\tthrow new InvalidPersonalMessageSignatureError('Personal message signature is not set');\n\t\t\t}\n\t\t}\n\t\treturn {\n\t\t\tuser: this.#address,\n\t\t\tsession_vk: toBase64(this.#sessionKey.getPublicKey().toRawBytes()),\n\t\t\tcreation_time: this.#creationTimeMs,\n\t\t\tttl_min: this.#ttlMin,\n\t\t\tsignature: this.#personalMessageSignature,\n\t\t};\n\t}\n\n\tasync createRequestParams(\n\t\ttxBytes: Uint8Array,\n\t): Promise<{ decryptionKey: Uint8Array; requestSignature: string }> {\n\t\tif (this.isExpired()) {\n\t\t\tthrow new ExpiredSessionKeyError();\n\t\t}\n\t\tconst egSk = generateSecretKey();\n\t\tconst msgToSign = RequestFormat.serialize({\n\t\t\tptb: txBytes.slice(1),\n\t\t\tencKey: toPublicKey(egSk),\n\t\t\tencVerificationKey: toVerificationKey(egSk),\n\t\t}).toBytes();\n\t\treturn {\n\t\t\tdecryptionKey: egSk,\n\t\t\trequestSignature: toBase64(await this.#sessionKey.sign(msgToSign)),\n\t\t};\n\t}\n\n\t/**\n\t * Export the Session Key object from the instance. Store the object in IndexedDB to persist.\n\t */\n\texport(): SessionKeyType {\n\t\tconst obj = {\n\t\t\taddress: this.#address,\n\t\t\tpackageId: this.#packageId,\n\t\t\tcreationTimeMs: this.#creationTimeMs,\n\t\t\tttlMin: this.#ttlMin,\n\t\t\tpersonalMessageSignature: this.#personalMessageSignature,\n\t\t\tsessionKey: this.#sessionKey.getSecretKey(), // bech32 encoded string\n\t\t};\n\n\t\tObject.defineProperty(obj, 'toJSON', {\n\t\t\tenumerable: false,\n\t\t\tvalue: () => {\n\t\t\t\tthrow new Error('This object is not serializable');\n\t\t\t},\n\t\t});\n\t\treturn obj;\n\t}\n\n\t/**\n\t * Restore a SessionKey instance for the given object.\n\t * @returns A new SessionKey instance with restored state\n\t */\n\tstatic async import(\n\t\tdata: SessionKeyType,\n\t\t{ signer, client }: { signer?: Signer; client?: ZkLoginCompatibleClient },\n\t): Promise<SessionKey> {\n\t\tconst instance = new SessionKey({\n\t\t\taddress: data.address,\n\t\t\tpackageId: data.packageId,\n\t\t\tttlMin: data.ttlMin,\n\t\t\tsigner,\n\t\t\tclient,\n\t\t});\n\n\t\tinstance.#creationTimeMs = data.creationTimeMs;\n\t\tinstance.#sessionKey = Ed25519Keypair.fromSecretKey(data.sessionKey);\n\n\t\t// check if personal message signature is consistent with the personal message committed to\n\t\t// the session key pk, package id, creationTime and ttlMin.\n\t\tif (data.personalMessageSignature) {\n\t\t\tawait instance.setPersonalMessageSignature(data.personalMessageSignature);\n\t\t}\n\n\t\tif (instance.isExpired()) {\n\t\t\tthrow new ExpiredSessionKeyError();\n\t\t}\n\t\treturn instance;\n\t}\n}\n"],
5
- "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAyB;AACzB,IAAAA,cAAoB;AAEpB,qBAA+B;AAC/B,mBAAsD;AACtD,oBAA+C;AAC/C,qBAAkE;AAClE,mBAIO;AAdP;AAiBO,MAAM,gBAAgB,gBAAI,OAAO,iBAAiB;AAAA,EACxD,KAAK,gBAAI,OAAO,gBAAI,EAAE;AAAA,EACtB,QAAQ,gBAAI,OAAO,gBAAI,EAAE;AAAA,EACzB,oBAAoB,gBAAI,OAAO,gBAAI,EAAE;AACtC,CAAC;AAmBM,MAAM,cAAN,MAAM,YAAW;AAAA,EAUvB,YAAY;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACD,GAMG;AArBH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAeC,QAAI,KAAC,iCAAmB,SAAS,KAAK,KAAC,gCAAkB,OAAO,GAAG;AAClE,YAAM,IAAI,uBAAU,sBAAsB,SAAS,eAAe,OAAO,EAAE;AAAA,IAC5E;AACA,QAAI,SAAS,MAAM,SAAS,GAAG;AAC9B,YAAM,IAAI,uBAAU,eAAe,MAAM,4BAA4B;AAAA,IACtE;AAEA,QAAI,UAAU,OAAO,aAAa,EAAE,aAAa,MAAM,SAAS;AAC/D,YAAM,IAAI,uBAAU,mDAAmD;AAAA,IACxE;AACA,uBAAK,UAAW;AAChB,uBAAK,YAAa;AAClB,uBAAK,iBAAkB,KAAK,IAAI;AAChC,uBAAK,SAAU;AACf,uBAAK,aAAc,8BAAe,SAAS;AAC3C,uBAAK,SAAU;AACf,uBAAK,SAAU;AAAA,EAChB;AAAA,EAEA,YAAqB;AAEpB,WAAO,mBAAK,mBAAkB,mBAAK,WAAU,KAAK,MAAO,MAAS,KAAK,IAAI;AAAA,EAC5E;AAAA,EAEA,aAAqB;AACpB,WAAO,mBAAK;AAAA,EACb;AAAA,EAEA,eAAuB;AACtB,WAAO,mBAAK;AAAA,EACb;AAAA,EAEA,qBAAiC;AAChC,UAAM,kBACL,IAAI,KAAK,mBAAK,gBAAe,EAAE,YAAY,EAAE,MAAM,GAAG,EAAE,EAAE,QAAQ,KAAK,GAAG,IAAI;AAC/E,UAAM,UAAU,6BAA6B,mBAAK,WAAU,QAAQ,mBAAK,QAAO,cAAc,eAAe,qBAAiB,qBAAS,mBAAK,aAAY,aAAa,EAAE,WAAW,CAAC,CAAC;AACpL,WAAO,IAAI,YAAY,EAAE,OAAO,OAAO;AAAA,EACxC;AAAA,EAEA,MAAM,4BAA4B,0BAAkC;AACnE,QAAI;AACH,gBAAM,8CAA+B,KAAK,mBAAmB,GAAG,0BAA0B;AAAA,QACzF,SAAS,mBAAK;AAAA,QACd,QAAQ,mBAAK;AAAA,MACd,CAAC;AACD,yBAAK,2BAA4B;AAAA,IAClC,SAAS,GAAG;AACX,YAAM,IAAI,kDAAqC,WAAW;AAAA,IAC3D;AAAA,EACD;AAAA,EAEA,MAAM,iBAAuC;AAC5C,QAAI,CAAC,mBAAK,4BAA2B;AACpC,UAAI,mBAAK,UAAS;AACjB,cAAM,EAAE,UAAU,IAAI,MAAM,mBAAK,SAAQ,oBAAoB,KAAK,mBAAmB,CAAC;AACtF,2BAAK,2BAA4B;AAAA,MAClC,OAAO;AACN,cAAM,IAAI,kDAAqC,uCAAuC;AAAA,MACvF;AAAA,IACD;AACA,WAAO;AAAA,MACN,MAAM,mBAAK;AAAA,MACX,gBAAY,qBAAS,mBAAK,aAAY,aAAa,EAAE,WAAW,CAAC;AAAA,MACjE,eAAe,mBAAK;AAAA,MACpB,SAAS,mBAAK;AAAA,MACd,WAAW,mBAAK;AAAA,IACjB;AAAA,EACD;AAAA,EAEA,MAAM,oBACL,SACmE;AACnE,QAAI,KAAK,UAAU,GAAG;AACrB,YAAM,IAAI,oCAAuB;AAAA,IAClC;AACA,UAAM,WAAO,kCAAkB;AAC/B,UAAM,YAAY,cAAc,UAAU;AAAA,MACzC,KAAK,QAAQ,MAAM,CAAC;AAAA,MACpB,YAAQ,4BAAY,IAAI;AAAA,MACxB,wBAAoB,kCAAkB,IAAI;AAAA,IAC3C,CAAC,EAAE,QAAQ;AACX,WAAO;AAAA,MACN,eAAe;AAAA,MACf,sBAAkB,qBAAS,MAAM,mBAAK,aAAY,KAAK,SAAS,CAAC;AAAA,IAClE;AAAA,EACD;AAAA;AAAA;AAAA;AAAA,EAKA,SAAyB;AACxB,UAAM,MAAM;AAAA,MACX,SAAS,mBAAK;AAAA,MACd,WAAW,mBAAK;AAAA,MAChB,gBAAgB,mBAAK;AAAA,MACrB,QAAQ,mBAAK;AAAA,MACb,0BAA0B,mBAAK;AAAA,MAC/B,YAAY,mBAAK,aAAY,aAAa;AAAA;AAAA,IAC3C;AAEA,WAAO,eAAe,KAAK,UAAU;AAAA,MACpC,YAAY;AAAA,MACZ,OAAO,MAAM;AACZ,cAAM,IAAI,MAAM,iCAAiC;AAAA,MAClD;AAAA,IACD,CAAC;AACD,WAAO;AAAA,EACR;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,aAAa,OACZ,MACA,EAAE,QAAQ,OAAO,GACK;AACtB,UAAM,WAAW,IAAI,YAAW;AAAA,MAC/B,SAAS,KAAK;AAAA,MACd,WAAW,KAAK;AAAA,MAChB,QAAQ,KAAK;AAAA,MACb;AAAA,MACA;AAAA,IACD,CAAC;AAED,2BAAS,iBAAkB,KAAK;AAChC,2BAAS,aAAc,8BAAe,cAAc,KAAK,UAAU;AAInE,QAAI,KAAK,0BAA0B;AAClC,YAAM,SAAS,4BAA4B,KAAK,wBAAwB;AAAA,IACzE;AAEA,QAAI,SAAS,UAAU,GAAG;AACzB,YAAM,IAAI,oCAAuB;AAAA,IAClC;AACA,WAAO;AAAA,EACR;AACD;AAjKC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AARM,IAAM,aAAN;",
4
+ "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { toBase64 } from '@mysten/bcs';\nimport { bcs } from '@mysten/sui/bcs';\nimport type { Signer } from '@mysten/sui/cryptography';\nimport { Ed25519Keypair } from '@mysten/sui/keypairs/ed25519';\nimport { isValidNamedPackage, isValidSuiAddress, isValidSuiObjectId } from '@mysten/sui/utils';\nimport { verifyPersonalMessageSignature } from '@mysten/sui/verify';\nimport { generateSecretKey, toPublicKey, toVerificationKey } from './elgamal.js';\nimport {\n\tExpiredSessionKeyError,\n\tInvalidPersonalMessageSignatureError,\n\tUserError,\n} from './error.js';\nimport type { ZkLoginCompatibleClient } from '@mysten/sui/zklogin';\n\nexport const RequestFormat = bcs.struct('RequestFormat', {\n\tptb: bcs.vector(bcs.U8),\n\tencKey: bcs.vector(bcs.U8),\n\tencVerificationKey: bcs.vector(bcs.U8),\n});\n\nexport type Certificate = {\n\tuser: string;\n\tsession_vk: string;\n\tcreation_time: number;\n\tttl_min: number;\n\tsignature: string;\n\tmvr_name?: string;\n};\n\nexport type SessionKeyType = {\n\taddress: string;\n\tpackageId: string;\n\tmvrName?: string;\n\tcreationTimeMs: number;\n\tttlMin: number;\n\tpersonalMessageSignature?: string;\n\tsessionKey: string;\n};\n\nexport class SessionKey {\n\t#address: string;\n\t#packageId: string;\n\t#mvrName?: string;\n\t#creationTimeMs: number;\n\t#ttlMin: number;\n\t#sessionKey: Ed25519Keypair;\n\t#personalMessageSignature?: string;\n\t#signer?: Signer;\n\t#suiClient: ZkLoginCompatibleClient;\n\n\tconstructor({\n\t\taddress,\n\t\tpackageId,\n\t\tmvrName,\n\t\tttlMin,\n\t\tsigner,\n\t\tsuiClient,\n\t}: {\n\t\taddress: string;\n\t\tpackageId: string;\n\t\tmvrName?: string;\n\t\tttlMin: number;\n\t\tsigner?: Signer;\n\t\tsuiClient: ZkLoginCompatibleClient;\n\t}) {\n\t\tif (mvrName && !isValidNamedPackage(mvrName)) {\n\t\t\tthrow new UserError(`Invalid package name ${mvrName}`);\n\t\t}\n\t\tif (!isValidSuiObjectId(packageId) || !isValidSuiAddress(address)) {\n\t\t\tthrow new UserError(`Invalid package ID ${packageId} or address ${address}`);\n\t\t}\n\t\tif (ttlMin > 30 || ttlMin < 1) {\n\t\t\tthrow new UserError(`Invalid TTL ${ttlMin}, must be between 1 and 30`);\n\t\t}\n\t\tif (signer && signer.getPublicKey().toSuiAddress() !== address) {\n\t\t\tthrow new UserError('Signer address does not match session key address');\n\t\t}\n\t\t// TODO: Verify that the given package is the first version of the package.\n\n\t\tthis.#address = address;\n\t\tthis.#packageId = packageId;\n\t\tthis.#mvrName = mvrName;\n\t\tthis.#creationTimeMs = Date.now();\n\t\tthis.#ttlMin = ttlMin;\n\t\tthis.#sessionKey = Ed25519Keypair.generate();\n\t\tthis.#signer = signer;\n\t\tthis.#suiClient = suiClient;\n\t}\n\n\tisExpired(): boolean {\n\t\t// Allow 10 seconds for clock skew\n\t\treturn this.#creationTimeMs + this.#ttlMin * 60 * 1000 - 10_000 < Date.now();\n\t}\n\n\tgetAddress(): string {\n\t\treturn this.#address;\n\t}\n\n\tgetPackageName(): string {\n\t\tif (this.#mvrName) {\n\t\t\treturn this.#mvrName;\n\t\t}\n\t\treturn this.#packageId;\n\t}\n\n\tgetPackageId(): string {\n\t\treturn this.#packageId;\n\t}\n\n\tgetPersonalMessage(): Uint8Array {\n\t\tconst creationTimeUtc =\n\t\t\tnew Date(this.#creationTimeMs).toISOString().slice(0, 19).replace('T', ' ') + ' UTC';\n\t\tconst message = `Accessing keys of package ${this.getPackageName()} for ${this.#ttlMin} mins from ${creationTimeUtc}, session key ${toBase64(this.#sessionKey.getPublicKey().toRawBytes())}`;\n\t\treturn new TextEncoder().encode(message);\n\t}\n\n\tasync setPersonalMessageSignature(personalMessageSignature: string) {\n\t\tif (!this.#personalMessageSignature) {\n\t\t\ttry {\n\t\t\t\tawait verifyPersonalMessageSignature(this.getPersonalMessage(), personalMessageSignature, {\n\t\t\t\t\taddress: this.#address,\n\t\t\t\t\tclient: this.#suiClient,\n\t\t\t\t});\n\t\t\t\tthis.#personalMessageSignature = personalMessageSignature;\n\t\t\t} catch (e) {\n\t\t\t\tthrow new InvalidPersonalMessageSignatureError('Not valid');\n\t\t\t}\n\t\t}\n\t}\n\n\tasync getCertificate(): Promise<Certificate> {\n\t\tif (!this.#personalMessageSignature) {\n\t\t\tif (this.#signer) {\n\t\t\t\tconst { signature } = await this.#signer.signPersonalMessage(this.getPersonalMessage());\n\t\t\t\tthis.#personalMessageSignature = signature;\n\t\t\t} else {\n\t\t\t\tthrow new InvalidPersonalMessageSignatureError('Personal message signature is not set');\n\t\t\t}\n\t\t}\n\t\treturn {\n\t\t\tuser: this.#address,\n\t\t\tsession_vk: toBase64(this.#sessionKey.getPublicKey().toRawBytes()),\n\t\t\tcreation_time: this.#creationTimeMs,\n\t\t\tttl_min: this.#ttlMin,\n\t\t\tsignature: this.#personalMessageSignature,\n\t\t\tmvr_name: this.#mvrName,\n\t\t};\n\t}\n\n\tasync createRequestParams(\n\t\ttxBytes: Uint8Array,\n\t): Promise<{ decryptionKey: Uint8Array; requestSignature: string }> {\n\t\tif (this.isExpired()) {\n\t\t\tthrow new ExpiredSessionKeyError();\n\t\t}\n\t\tconst egSk = generateSecretKey();\n\t\tconst msgToSign = RequestFormat.serialize({\n\t\t\tptb: txBytes.slice(1),\n\t\t\tencKey: toPublicKey(egSk),\n\t\t\tencVerificationKey: toVerificationKey(egSk),\n\t\t}).toBytes();\n\t\treturn {\n\t\t\tdecryptionKey: egSk,\n\t\t\trequestSignature: toBase64(await this.#sessionKey.sign(msgToSign)),\n\t\t};\n\t}\n\n\t/**\n\t * Export the Session Key object from the instance. Store the object in IndexedDB to persist.\n\t */\n\texport(): SessionKeyType {\n\t\tconst obj = {\n\t\t\taddress: this.#address,\n\t\t\tpackageId: this.#packageId,\n\t\t\tmvrName: this.#mvrName,\n\t\t\tcreationTimeMs: this.#creationTimeMs,\n\t\t\tttlMin: this.#ttlMin,\n\t\t\tpersonalMessageSignature: this.#personalMessageSignature,\n\t\t\tsessionKey: this.#sessionKey.getSecretKey(), // bech32 encoded string\n\t\t};\n\n\t\tObject.defineProperty(obj, 'toJSON', {\n\t\t\tenumerable: false,\n\t\t\tvalue: () => {\n\t\t\t\tthrow new Error('This object is not serializable');\n\t\t\t},\n\t\t});\n\t\treturn obj;\n\t}\n\n\t/**\n\t * Restore a SessionKey instance for the given object.\n\t * @returns A new SessionKey instance with restored state\n\t */\n\tstatic import(\n\t\tdata: SessionKeyType,\n\t\tsuiClient: ZkLoginCompatibleClient,\n\t\tsigner?: Signer,\n\t): SessionKey {\n\t\tconst instance = new SessionKey({\n\t\t\taddress: data.address,\n\t\t\tpackageId: data.packageId,\n\t\t\tmvrName: data.mvrName,\n\t\t\tttlMin: data.ttlMin,\n\t\t\tsigner,\n\t\t\tsuiClient,\n\t\t});\n\n\t\tinstance.#creationTimeMs = data.creationTimeMs;\n\t\tinstance.#sessionKey = Ed25519Keypair.fromSecretKey(data.sessionKey);\n\t\tinstance.#personalMessageSignature = data.personalMessageSignature;\n\n\t\tif (instance.isExpired()) {\n\t\t\tthrow new ExpiredSessionKeyError();\n\t\t}\n\t\treturn instance;\n\t}\n}\n"],
5
+ "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAyB;AACzB,IAAAA,cAAoB;AAEpB,qBAA+B;AAC/B,mBAA2E;AAC3E,oBAA+C;AAC/C,qBAAkE;AAClE,mBAIO;AAdP;AAiBO,MAAM,gBAAgB,gBAAI,OAAO,iBAAiB;AAAA,EACxD,KAAK,gBAAI,OAAO,gBAAI,EAAE;AAAA,EACtB,QAAQ,gBAAI,OAAO,gBAAI,EAAE;AAAA,EACzB,oBAAoB,gBAAI,OAAO,gBAAI,EAAE;AACtC,CAAC;AAqBM,MAAM,cAAN,MAAM,YAAW;AAAA,EAWvB,YAAY;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACD,GAOG;AAxBH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAiBC,QAAI,WAAW,KAAC,kCAAoB,OAAO,GAAG;AAC7C,YAAM,IAAI,uBAAU,wBAAwB,OAAO,EAAE;AAAA,IACtD;AACA,QAAI,KAAC,iCAAmB,SAAS,KAAK,KAAC,gCAAkB,OAAO,GAAG;AAClE,YAAM,IAAI,uBAAU,sBAAsB,SAAS,eAAe,OAAO,EAAE;AAAA,IAC5E;AACA,QAAI,SAAS,MAAM,SAAS,GAAG;AAC9B,YAAM,IAAI,uBAAU,eAAe,MAAM,4BAA4B;AAAA,IACtE;AACA,QAAI,UAAU,OAAO,aAAa,EAAE,aAAa,MAAM,SAAS;AAC/D,YAAM,IAAI,uBAAU,mDAAmD;AAAA,IACxE;AAGA,uBAAK,UAAW;AAChB,uBAAK,YAAa;AAClB,uBAAK,UAAW;AAChB,uBAAK,iBAAkB,KAAK,IAAI;AAChC,uBAAK,SAAU;AACf,uBAAK,aAAc,8BAAe,SAAS;AAC3C,uBAAK,SAAU;AACf,uBAAK,YAAa;AAAA,EACnB;AAAA,EAEA,YAAqB;AAEpB,WAAO,mBAAK,mBAAkB,mBAAK,WAAU,KAAK,MAAO,MAAS,KAAK,IAAI;AAAA,EAC5E;AAAA,EAEA,aAAqB;AACpB,WAAO,mBAAK;AAAA,EACb;AAAA,EAEA,iBAAyB;AACxB,QAAI,mBAAK,WAAU;AAClB,aAAO,mBAAK;AAAA,IACb;AACA,WAAO,mBAAK;AAAA,EACb;AAAA,EAEA,eAAuB;AACtB,WAAO,mBAAK;AAAA,EACb;AAAA,EAEA,qBAAiC;AAChC,UAAM,kBACL,IAAI,KAAK,mBAAK,gBAAe,EAAE,YAAY,EAAE,MAAM,GAAG,EAAE,EAAE,QAAQ,KAAK,GAAG,IAAI;AAC/E,UAAM,UAAU,6BAA6B,KAAK,eAAe,CAAC,QAAQ,mBAAK,QAAO,cAAc,eAAe,qBAAiB,qBAAS,mBAAK,aAAY,aAAa,EAAE,WAAW,CAAC,CAAC;AAC1L,WAAO,IAAI,YAAY,EAAE,OAAO,OAAO;AAAA,EACxC;AAAA,EAEA,MAAM,4BAA4B,0BAAkC;AACnE,QAAI,CAAC,mBAAK,4BAA2B;AACpC,UAAI;AACH,kBAAM,8CAA+B,KAAK,mBAAmB,GAAG,0BAA0B;AAAA,UACzF,SAAS,mBAAK;AAAA,UACd,QAAQ,mBAAK;AAAA,QACd,CAAC;AACD,2BAAK,2BAA4B;AAAA,MAClC,SAAS,GAAG;AACX,cAAM,IAAI,kDAAqC,WAAW;AAAA,MAC3D;AAAA,IACD;AAAA,EACD;AAAA,EAEA,MAAM,iBAAuC;AAC5C,QAAI,CAAC,mBAAK,4BAA2B;AACpC,UAAI,mBAAK,UAAS;AACjB,cAAM,EAAE,UAAU,IAAI,MAAM,mBAAK,SAAQ,oBAAoB,KAAK,mBAAmB,CAAC;AACtF,2BAAK,2BAA4B;AAAA,MAClC,OAAO;AACN,cAAM,IAAI,kDAAqC,uCAAuC;AAAA,MACvF;AAAA,IACD;AACA,WAAO;AAAA,MACN,MAAM,mBAAK;AAAA,MACX,gBAAY,qBAAS,mBAAK,aAAY,aAAa,EAAE,WAAW,CAAC;AAAA,MACjE,eAAe,mBAAK;AAAA,MACpB,SAAS,mBAAK;AAAA,MACd,WAAW,mBAAK;AAAA,MAChB,UAAU,mBAAK;AAAA,IAChB;AAAA,EACD;AAAA,EAEA,MAAM,oBACL,SACmE;AACnE,QAAI,KAAK,UAAU,GAAG;AACrB,YAAM,IAAI,oCAAuB;AAAA,IAClC;AACA,UAAM,WAAO,kCAAkB;AAC/B,UAAM,YAAY,cAAc,UAAU;AAAA,MACzC,KAAK,QAAQ,MAAM,CAAC;AAAA,MACpB,YAAQ,4BAAY,IAAI;AAAA,MACxB,wBAAoB,kCAAkB,IAAI;AAAA,IAC3C,CAAC,EAAE,QAAQ;AACX,WAAO;AAAA,MACN,eAAe;AAAA,MACf,sBAAkB,qBAAS,MAAM,mBAAK,aAAY,KAAK,SAAS,CAAC;AAAA,IAClE;AAAA,EACD;AAAA;AAAA;AAAA;AAAA,EAKA,SAAyB;AACxB,UAAM,MAAM;AAAA,MACX,SAAS,mBAAK;AAAA,MACd,WAAW,mBAAK;AAAA,MAChB,SAAS,mBAAK;AAAA,MACd,gBAAgB,mBAAK;AAAA,MACrB,QAAQ,mBAAK;AAAA,MACb,0BAA0B,mBAAK;AAAA,MAC/B,YAAY,mBAAK,aAAY,aAAa;AAAA;AAAA,IAC3C;AAEA,WAAO,eAAe,KAAK,UAAU;AAAA,MACpC,YAAY;AAAA,MACZ,OAAO,MAAM;AACZ,cAAM,IAAI,MAAM,iCAAiC;AAAA,MAClD;AAAA,IACD,CAAC;AACD,WAAO;AAAA,EACR;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,OACN,MACA,WACA,QACa;AACb,UAAM,WAAW,IAAI,YAAW;AAAA,MAC/B,SAAS,KAAK;AAAA,MACd,WAAW,KAAK;AAAA,MAChB,SAAS,KAAK;AAAA,MACd,QAAQ,KAAK;AAAA,MACb;AAAA,MACA;AAAA,IACD,CAAC;AAED,2BAAS,iBAAkB,KAAK;AAChC,2BAAS,aAAc,8BAAe,cAAc,KAAK,UAAU;AACnE,2BAAS,2BAA4B,KAAK;AAE1C,QAAI,SAAS,UAAU,GAAG;AACzB,YAAM,IAAI,oCAAuB;AAAA,IAClC;AACA,WAAO;AAAA,EACR;AACD;AAjLC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AATM,IAAM,aAAN;",
6
6
  "names": ["import_bcs"]
7
7
  }
package/dist/cjs/version.d.ts CHANGED
@@ -1 +1 @@
1
- export declare const PACKAGE_VERSION = "0.4.5";
1
+ export declare const PACKAGE_VERSION = "0.4.7";
package/dist/cjs/version.js CHANGED
@@ -21,5 +21,5 @@ __export(version_exports, {
21
21
  PACKAGE_VERSION: () => PACKAGE_VERSION
22
22
  });
23
23
  module.exports = __toCommonJS(version_exports);
24
- const PACKAGE_VERSION = "0.4.5";
24
+ const PACKAGE_VERSION = "0.4.7";
25
25
  //# sourceMappingURL=version.js.map
package/dist/cjs/version.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../src/version.ts"],
4
- "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\n// This file is generated by genversion.mjs. Do not edit it directly.\n\nexport const PACKAGE_VERSION = '0.4.5';\n"],
4
+ "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\n// This file is generated by genversion.mjs. Do not edit it directly.\n\nexport const PACKAGE_VERSION = '0.4.7';\n"],
5
5
  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAKO,MAAM,kBAAkB;",
6
6
  "names": []
7
7
  }
package/dist/esm/bls12381.d.ts CHANGED
@@ -23,6 +23,7 @@ export declare class G2Element {
23
23
  multiply(scalar: Scalar): G2Element;
24
24
  add(other: G2Element): G2Element;
25
25
  hashToCurve(data: Uint8Array): G2Element;
26
+ equals(other: G2Element): boolean;
26
27
  }
27
28
  export declare class GTElement {
28
29
  element: Fp12;
package/dist/esm/bls12381.js CHANGED
@@ -58,6 +58,9 @@ const _G2Element = class _G2Element {
58
58
  bls12_381.G2.ProjectivePoint.fromAffine(bls12_381.G2.hashToCurve(data).toAffine())
59
59
  );
60
60
  }
61
+ equals(other) {
62
+ return this.point.equals(other.point);
63
+ }
61
64
  };
62
65
  _G2Element.SIZE = 96;
63
66
  let G2Element = _G2Element;
package/dist/esm/bls12381.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../src/bls12381.ts"],
4
- "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { toHex } from '@mysten/bcs';\nimport type { Fp2, Fp12 } from '@noble/curves/abstract/tower';\nimport type { ProjPointType } from '@noble/curves/abstract/weierstrass';\nimport { bls12_381 } from '@noble/curves/bls12-381';\nimport { flatten } from './utils.js';\n\nexport class G1Element {\n\tpoint: ProjPointType<bigint>;\n\n\tpublic static readonly SIZE = 48;\n\n\tconstructor(point: ProjPointType<bigint>) {\n\t\tthis.point = point;\n\t}\n\n\tstatic generator(): G1Element {\n\t\treturn new G1Element(bls12_381.G1.ProjectivePoint.BASE);\n\t}\n\n\tstatic fromBytes(bytes: Uint8Array): G1Element {\n\t\treturn new G1Element(bls12_381.G1.ProjectivePoint.fromHex(toHex(bytes)));\n\t}\n\n\ttoBytes(): Uint8Array {\n\t\treturn this.point.toRawBytes();\n\t}\n\n\tmultiply(scalar: Scalar): G1Element {\n\t\treturn new G1Element(this.point.multiply(scalar.scalar));\n\t}\n\n\tadd(other: G1Element): G1Element {\n\t\treturn new G1Element(this.point.add(other.point));\n\t}\n\n\tsubtract(other: G1Element): G1Element {\n\t\treturn new G1Element(this.point.subtract(other.point));\n\t}\n\n\tstatic hashToCurve(data: Uint8Array): G1Element {\n\t\treturn new G1Element(\n\t\t\tbls12_381.G1.ProjectivePoint.fromAffine(bls12_381.G1.hashToCurve(data).toAffine()),\n\t\t);\n\t}\n\n\tpairing(other: G2Element): GTElement {\n\t\treturn new GTElement(bls12_381.pairing(this.point, other.point));\n\t}\n}\n\nexport class G2Element {\n\tpoint: ProjPointType<Fp2>;\n\n\tpublic static readonly SIZE = 96;\n\n\tconstructor(point: ProjPointType<Fp2>) {\n\t\tthis.point = point;\n\t}\n\n\tstatic generator(): G2Element {\n\t\treturn new G2Element(bls12_381.G2.ProjectivePoint.BASE);\n\t}\n\n\tstatic fromBytes(bytes: Uint8Array): G2Element {\n\t\treturn new G2Element(bls12_381.G2.ProjectivePoint.fromHex(toHex(bytes)));\n\t}\n\n\ttoBytes(): Uint8Array {\n\t\treturn this.point.toRawBytes();\n\t}\n\n\tmultiply(scalar: Scalar): G2Element {\n\t\treturn new G2Element(this.point.multiply(scalar.scalar));\n\t}\n\n\tadd(other: G2Element): G2Element {\n\t\treturn new G2Element(this.point.add(other.point));\n\t}\n\n\thashToCurve(data: Uint8Array): G2Element {\n\t\treturn new G2Element(\n\t\t\tbls12_381.G2.ProjectivePoint.fromAffine(bls12_381.G2.hashToCurve(data).toAffine()),\n\t\t);\n\t}\n}\n\nexport class GTElement {\n\telement: Fp12;\n\n\tpublic static readonly SIZE = 576;\n\n\tconstructor(element: Fp12) {\n\t\tthis.element = element;\n\t}\n\n\ttoBytes(): Uint8Array {\n\t\t// This permutation reorders the 6 pairs of coefficients of the GT element for compatability with the Rust and Move implementations.\n\t\t//\n\t\t// The permutation P may be computed as:\n\t\t// for i in 0..3 {\n\t\t// for j in 0..2 {\n\t\t// P[2 * i + j] = i + 3 * j;\n\t\t// }\n\t\t// }\n\t\tconst P = [0, 3, 1, 4, 2, 5];\n\t\tconst PAIR_SIZE = GTElement.SIZE / P.length;\n\n\t\tconst bytes = bls12_381.fields.Fp12.toBytes(this.element);\n\t\treturn flatten(P.map((p) => bytes.subarray(p * PAIR_SIZE, (p + 1) * PAIR_SIZE)));\n\t}\n\n\tequals(other: GTElement): boolean {\n\t\treturn bls12_381.fields.Fp12.eql(this.element, other.element);\n\t}\n}\n\nexport class Scalar {\n\tscalar: bigint;\n\n\tpublic static readonly SIZE = 32;\n\n\tconstructor(scalar: bigint) {\n\t\tthis.scalar = scalar;\n\t}\n\n\tstatic random(): Scalar {\n\t\treturn Scalar.fromBytes(bls12_381.utils.randomPrivateKey());\n\t}\n\n\ttoBytes(): Uint8Array {\n\t\treturn new Uint8Array(bls12_381.fields.Fr.toBytes(this.scalar));\n\t}\n\n\tstatic fromBytes(bytes: Uint8Array): Scalar {\n\t\treturn new Scalar(bls12_381.fields.Fr.fromBytes(bytes));\n\t}\n\n\tstatic fromNumber(num: number): Scalar {\n\t\treturn new Scalar(BigInt(num));\n\t}\n}\n"],
5
- "mappings": "AAGA,SAAS,aAAa;AAGtB,SAAS,iBAAiB;AAC1B,SAAS,eAAe;AAEjB,MAAM,aAAN,MAAM,WAAU;AAAA,EAKtB,YAAY,OAA8B;AACzC,SAAK,QAAQ;AAAA,EACd;AAAA,EAEA,OAAO,YAAuB;AAC7B,WAAO,IAAI,WAAU,UAAU,GAAG,gBAAgB,IAAI;AAAA,EACvD;AAAA,EAEA,OAAO,UAAU,OAA8B;AAC9C,WAAO,IAAI,WAAU,UAAU,GAAG,gBAAgB,QAAQ,MAAM,KAAK,CAAC,CAAC;AAAA,EACxE;AAAA,EAEA,UAAsB;AACrB,WAAO,KAAK,MAAM,WAAW;AAAA,EAC9B;AAAA,EAEA,SAAS,QAA2B;AACnC,WAAO,IAAI,WAAU,KAAK,MAAM,SAAS,OAAO,MAAM,CAAC;AAAA,EACxD;AAAA,EAEA,IAAI,OAA6B;AAChC,WAAO,IAAI,WAAU,KAAK,MAAM,IAAI,MAAM,KAAK,CAAC;AAAA,EACjD;AAAA,EAEA,SAAS,OAA6B;AACrC,WAAO,IAAI,WAAU,KAAK,MAAM,SAAS,MAAM,KAAK,CAAC;AAAA,EACtD;AAAA,EAEA,OAAO,YAAY,MAA6B;AAC/C,WAAO,IAAI;AAAA,MACV,UAAU,GAAG,gBAAgB,WAAW,UAAU,GAAG,YAAY,IAAI,EAAE,SAAS,CAAC;AAAA,IAClF;AAAA,EACD;AAAA,EAEA,QAAQ,OAA6B;AACpC,WAAO,IAAI,UAAU,UAAU,QAAQ,KAAK,OAAO,MAAM,KAAK,CAAC;AAAA,EAChE;AACD;AA1Ca,WAGW,OAAO;AAHxB,IAAM,YAAN;AA4CA,MAAM,aAAN,MAAM,WAAU;AAAA,EAKtB,YAAY,OAA2B;AACtC,SAAK,QAAQ;AAAA,EACd;AAAA,EAEA,OAAO,YAAuB;AAC7B,WAAO,IAAI,WAAU,UAAU,GAAG,gBAAgB,IAAI;AAAA,EACvD;AAAA,EAEA,OAAO,UAAU,OAA8B;AAC9C,WAAO,IAAI,WAAU,UAAU,GAAG,gBAAgB,QAAQ,MAAM,KAAK,CAAC,CAAC;AAAA,EACxE;AAAA,EAEA,UAAsB;AACrB,WAAO,KAAK,MAAM,WAAW;AAAA,EAC9B;AAAA,EAEA,SAAS,QAA2B;AACnC,WAAO,IAAI,WAAU,KAAK,MAAM,SAAS,OAAO,MAAM,CAAC;AAAA,EACxD;AAAA,EAEA,IAAI,OAA6B;AAChC,WAAO,IAAI,WAAU,KAAK,MAAM,IAAI,MAAM,KAAK,CAAC;AAAA,EACjD;AAAA,EAEA,YAAY,MAA6B;AACxC,WAAO,IAAI;AAAA,MACV,UAAU,GAAG,gBAAgB,WAAW,UAAU,GAAG,YAAY,IAAI,EAAE,SAAS,CAAC;AAAA,IAClF;AAAA,EACD;AACD;AAlCa,WAGW,OAAO;AAHxB,IAAM,YAAN;AAoCA,MAAM,aAAN,MAAM,WAAU;AAAA,EAKtB,YAAY,SAAe;AAC1B,SAAK,UAAU;AAAA,EAChB;AAAA,EAEA,UAAsB;AASrB,UAAM,IAAI,CAAC,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AAC3B,UAAM,YAAY,WAAU,OAAO,EAAE;AAErC,UAAM,QAAQ,UAAU,OAAO,KAAK,QAAQ,KAAK,OAAO;AACxD,WAAO,QAAQ,EAAE,IAAI,CAAC,MAAM,MAAM,SAAS,IAAI,YAAY,IAAI,KAAK,SAAS,CAAC,CAAC;AAAA,EAChF;AAAA,EAEA,OAAO,OAA2B;AACjC,WAAO,UAAU,OAAO,KAAK,IAAI,KAAK,SAAS,MAAM,OAAO;AAAA,EAC7D;AACD;AA5Ba,WAGW,OAAO;AAHxB,IAAM,YAAN;AA8BA,MAAM,UAAN,MAAM,QAAO;AAAA,EAKnB,YAAY,QAAgB;AAC3B,SAAK,SAAS;AAAA,EACf;AAAA,EAEA,OAAO,SAAiB;AACvB,WAAO,QAAO,UAAU,UAAU,MAAM,iBAAiB,CAAC;AAAA,EAC3D;AAAA,EAEA,UAAsB;AACrB,WAAO,IAAI,WAAW,UAAU,OAAO,GAAG,QAAQ,KAAK,MAAM,CAAC;AAAA,EAC/D;AAAA,EAEA,OAAO,UAAU,OAA2B;AAC3C,WAAO,IAAI,QAAO,UAAU,OAAO,GAAG,UAAU,KAAK,CAAC;AAAA,EACvD;AAAA,EAEA,OAAO,WAAW,KAAqB;AACtC,WAAO,IAAI,QAAO,OAAO,GAAG,CAAC;AAAA,EAC9B;AACD;AAxBa,QAGW,OAAO;AAHxB,IAAM,SAAN;",
4
+ "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { toHex } from '@mysten/bcs';\nimport type { Fp2, Fp12 } from '@noble/curves/abstract/tower';\nimport type { ProjPointType } from '@noble/curves/abstract/weierstrass';\nimport { bls12_381 } from '@noble/curves/bls12-381';\nimport { flatten } from './utils.js';\n\nexport class G1Element {\n\tpoint: ProjPointType<bigint>;\n\n\tpublic static readonly SIZE = 48;\n\n\tconstructor(point: ProjPointType<bigint>) {\n\t\tthis.point = point;\n\t}\n\n\tstatic generator(): G1Element {\n\t\treturn new G1Element(bls12_381.G1.ProjectivePoint.BASE);\n\t}\n\n\tstatic fromBytes(bytes: Uint8Array): G1Element {\n\t\treturn new G1Element(bls12_381.G1.ProjectivePoint.fromHex(toHex(bytes)));\n\t}\n\n\ttoBytes(): Uint8Array {\n\t\treturn this.point.toRawBytes();\n\t}\n\n\tmultiply(scalar: Scalar): G1Element {\n\t\treturn new G1Element(this.point.multiply(scalar.scalar));\n\t}\n\n\tadd(other: G1Element): G1Element {\n\t\treturn new G1Element(this.point.add(other.point));\n\t}\n\n\tsubtract(other: G1Element): G1Element {\n\t\treturn new G1Element(this.point.subtract(other.point));\n\t}\n\n\tstatic hashToCurve(data: Uint8Array): G1Element {\n\t\treturn new G1Element(\n\t\t\tbls12_381.G1.ProjectivePoint.fromAffine(bls12_381.G1.hashToCurve(data).toAffine()),\n\t\t);\n\t}\n\n\tpairing(other: G2Element): GTElement {\n\t\treturn new GTElement(bls12_381.pairing(this.point, other.point));\n\t}\n}\n\nexport class G2Element {\n\tpoint: ProjPointType<Fp2>;\n\n\tpublic static readonly SIZE = 96;\n\n\tconstructor(point: ProjPointType<Fp2>) {\n\t\tthis.point = point;\n\t}\n\n\tstatic generator(): G2Element {\n\t\treturn new G2Element(bls12_381.G2.ProjectivePoint.BASE);\n\t}\n\n\tstatic fromBytes(bytes: Uint8Array): G2Element {\n\t\treturn new G2Element(bls12_381.G2.ProjectivePoint.fromHex(toHex(bytes)));\n\t}\n\n\ttoBytes(): Uint8Array {\n\t\treturn this.point.toRawBytes();\n\t}\n\n\tmultiply(scalar: Scalar): G2Element {\n\t\treturn new G2Element(this.point.multiply(scalar.scalar));\n\t}\n\n\tadd(other: G2Element): G2Element {\n\t\treturn new G2Element(this.point.add(other.point));\n\t}\n\n\thashToCurve(data: Uint8Array): G2Element {\n\t\treturn new G2Element(\n\t\t\tbls12_381.G2.ProjectivePoint.fromAffine(bls12_381.G2.hashToCurve(data).toAffine()),\n\t\t);\n\t}\n\n\tequals(other: G2Element): boolean {\n\t\treturn this.point.equals(other.point);\n\t}\n}\n\nexport class GTElement {\n\telement: Fp12;\n\n\tpublic static readonly SIZE = 576;\n\n\tconstructor(element: Fp12) {\n\t\tthis.element = element;\n\t}\n\n\ttoBytes(): Uint8Array {\n\t\t// This permutation reorders the 6 pairs of coefficients of the GT element for compatability with the Rust and Move implementations.\n\t\t//\n\t\t// The permutation P may be computed as:\n\t\t// for i in 0..3 {\n\t\t// for j in 0..2 {\n\t\t// P[2 * i + j] = i + 3 * j;\n\t\t// }\n\t\t// }\n\t\tconst P = [0, 3, 1, 4, 2, 5];\n\t\tconst PAIR_SIZE = GTElement.SIZE / P.length;\n\n\t\tconst bytes = bls12_381.fields.Fp12.toBytes(this.element);\n\t\treturn flatten(P.map((p) => bytes.subarray(p * PAIR_SIZE, (p + 1) * PAIR_SIZE)));\n\t}\n\n\tequals(other: GTElement): boolean {\n\t\treturn bls12_381.fields.Fp12.eql(this.element, other.element);\n\t}\n}\n\nexport class Scalar {\n\tscalar: bigint;\n\n\tpublic static readonly SIZE = 32;\n\n\tconstructor(scalar: bigint) {\n\t\tthis.scalar = scalar;\n\t}\n\n\tstatic random(): Scalar {\n\t\treturn Scalar.fromBytes(bls12_381.utils.randomPrivateKey());\n\t}\n\n\ttoBytes(): Uint8Array {\n\t\treturn new Uint8Array(bls12_381.fields.Fr.toBytes(this.scalar));\n\t}\n\n\tstatic fromBytes(bytes: Uint8Array): Scalar {\n\t\treturn new Scalar(bls12_381.fields.Fr.fromBytes(bytes));\n\t}\n\n\tstatic fromNumber(num: number): Scalar {\n\t\treturn new Scalar(BigInt(num));\n\t}\n}\n"],
5
+ "mappings": "AAGA,SAAS,aAAa;AAGtB,SAAS,iBAAiB;AAC1B,SAAS,eAAe;AAEjB,MAAM,aAAN,MAAM,WAAU;AAAA,EAKtB,YAAY,OAA8B;AACzC,SAAK,QAAQ;AAAA,EACd;AAAA,EAEA,OAAO,YAAuB;AAC7B,WAAO,IAAI,WAAU,UAAU,GAAG,gBAAgB,IAAI;AAAA,EACvD;AAAA,EAEA,OAAO,UAAU,OAA8B;AAC9C,WAAO,IAAI,WAAU,UAAU,GAAG,gBAAgB,QAAQ,MAAM,KAAK,CAAC,CAAC;AAAA,EACxE;AAAA,EAEA,UAAsB;AACrB,WAAO,KAAK,MAAM,WAAW;AAAA,EAC9B;AAAA,EAEA,SAAS,QAA2B;AACnC,WAAO,IAAI,WAAU,KAAK,MAAM,SAAS,OAAO,MAAM,CAAC;AAAA,EACxD;AAAA,EAEA,IAAI,OAA6B;AAChC,WAAO,IAAI,WAAU,KAAK,MAAM,IAAI,MAAM,KAAK,CAAC;AAAA,EACjD;AAAA,EAEA,SAAS,OAA6B;AACrC,WAAO,IAAI,WAAU,KAAK,MAAM,SAAS,MAAM,KAAK,CAAC;AAAA,EACtD;AAAA,EAEA,OAAO,YAAY,MAA6B;AAC/C,WAAO,IAAI;AAAA,MACV,UAAU,GAAG,gBAAgB,WAAW,UAAU,GAAG,YAAY,IAAI,EAAE,SAAS,CAAC;AAAA,IAClF;AAAA,EACD;AAAA,EAEA,QAAQ,OAA6B;AACpC,WAAO,IAAI,UAAU,UAAU,QAAQ,KAAK,OAAO,MAAM,KAAK,CAAC;AAAA,EAChE;AACD;AA1Ca,WAGW,OAAO;AAHxB,IAAM,YAAN;AA4CA,MAAM,aAAN,MAAM,WAAU;AAAA,EAKtB,YAAY,OAA2B;AACtC,SAAK,QAAQ;AAAA,EACd;AAAA,EAEA,OAAO,YAAuB;AAC7B,WAAO,IAAI,WAAU,UAAU,GAAG,gBAAgB,IAAI;AAAA,EACvD;AAAA,EAEA,OAAO,UAAU,OAA8B;AAC9C,WAAO,IAAI,WAAU,UAAU,GAAG,gBAAgB,QAAQ,MAAM,KAAK,CAAC,CAAC;AAAA,EACxE;AAAA,EAEA,UAAsB;AACrB,WAAO,KAAK,MAAM,WAAW;AAAA,EAC9B;AAAA,EAEA,SAAS,QAA2B;AACnC,WAAO,IAAI,WAAU,KAAK,MAAM,SAAS,OAAO,MAAM,CAAC;AAAA,EACxD;AAAA,EAEA,IAAI,OAA6B;AAChC,WAAO,IAAI,WAAU,KAAK,MAAM,IAAI,MAAM,KAAK,CAAC;AAAA,EACjD;AAAA,EAEA,YAAY,MAA6B;AACxC,WAAO,IAAI;AAAA,MACV,UAAU,GAAG,gBAAgB,WAAW,UAAU,GAAG,YAAY,IAAI,EAAE,SAAS,CAAC;AAAA,IAClF;AAAA,EACD;AAAA,EAEA,OAAO,OAA2B;AACjC,WAAO,KAAK,MAAM,OAAO,MAAM,KAAK;AAAA,EACrC;AACD;AAtCa,WAGW,OAAO;AAHxB,IAAM,YAAN;AAwCA,MAAM,aAAN,MAAM,WAAU;AAAA,EAKtB,YAAY,SAAe;AAC1B,SAAK,UAAU;AAAA,EAChB;AAAA,EAEA,UAAsB;AASrB,UAAM,IAAI,CAAC,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AAC3B,UAAM,YAAY,WAAU,OAAO,EAAE;AAErC,UAAM,QAAQ,UAAU,OAAO,KAAK,QAAQ,KAAK,OAAO;AACxD,WAAO,QAAQ,EAAE,IAAI,CAAC,MAAM,MAAM,SAAS,IAAI,YAAY,IAAI,KAAK,SAAS,CAAC,CAAC;AAAA,EAChF;AAAA,EAEA,OAAO,OAA2B;AACjC,WAAO,UAAU,OAAO,KAAK,IAAI,KAAK,SAAS,MAAM,OAAO;AAAA,EAC7D;AACD;AA5Ba,WAGW,OAAO;AAHxB,IAAM,YAAN;AA8BA,MAAM,UAAN,MAAM,QAAO;AAAA,EAKnB,YAAY,QAAgB;AAC3B,SAAK,SAAS;AAAA,EACf;AAAA,EAEA,OAAO,SAAiB;AACvB,WAAO,QAAO,UAAU,UAAU,MAAM,iBAAiB,CAAC;AAAA,EAC3D;AAAA,EAEA,UAAsB;AACrB,WAAO,IAAI,WAAW,UAAU,OAAO,GAAG,QAAQ,KAAK,MAAM,CAAC;AAAA,EAC/D;AAAA,EAEA,OAAO,UAAU,OAA2B;AAC3C,WAAO,IAAI,QAAO,UAAU,OAAO,GAAG,UAAU,KAAK,CAAC;AAAA,EACvD;AAAA,EAEA,OAAO,WAAW,KAAqB;AACtC,WAAO,IAAI,QAAO,OAAO,GAAG,CAAC;AAAA,EAC9B;AACD;AAxBa,QAGW,OAAO;AAHxB,IAAM,SAAN;",
6
6
  "names": []
7
7
  }
package/dist/esm/client.d.ts CHANGED
@@ -4,18 +4,23 @@ import type { SessionKey } from './session-key.js';
4
4
  import type { SealCompatibleClient } from './types.js';
5
5
  /**
6
6
  * Configuration options for initializing a SealClient
7
- * @property serverObjectIds: Array of the key servers to use.
8
- * The first element is the object ID, and the second element is the weight of the key server.
7
+ * @property serverConfigs: Array of key server configs consisting of objectId, weight, optional API key name and API key.
9
8
  * @property verifyKeyServers: Whether to verify the key servers' authenticity.
10
9
  * Should be false if servers are pre-verified (e.g., getAllowlistedKeyServers).
11
10
  * Defaults to true.
12
11
  * @property timeout: Timeout in milliseconds for network requests. Defaults to 10 seconds.
13
12
  */
14
13
  export interface SealClientExtensionOptions {
15
- serverObjectIds: [string, number][];
14
+ serverConfigs: KeyServerConfig[];
16
15
  verifyKeyServers?: boolean;
17
16
  timeout?: number;
18
17
  }
18
+ export interface KeyServerConfig {
19
+ objectId: string;
20
+ weight: number;
21
+ apiKeyName?: string;
22
+ apiKey?: string;
23
+ }
19
24
  export interface SealClientOptions extends SealClientExtensionOptions {
20
25
  suiClient: SealCompatibleClient;
21
26
  }
package/dist/esm/client.js CHANGED
@@ -6,7 +6,7 @@ var __privateGet = (obj, member, getter) => (__accessCheck(obj, member, "read fr
6
6
  var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot add the same private member more than once") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
7
7
  var __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, "write to private field"), setter ? setter.call(obj, value) : member.set(obj, value), value);
8
8
  var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "access private method"), method);
9
- var _suiClient, _weights, _keyServers, _verifyKeyServers, _cachedKeys, _timeout, _totalWeight, _SealClient_instances, createEncryptionInput_fn, weight_fn, validateEncryptionServices_fn, getWeightedKeyServers_fn, loadKeyServers_fn;
9
+ var _suiClient, _configs, _keyServers, _verifyKeyServers, _cachedKeys, _timeout, _totalWeight, _SealClient_instances, createEncryptionInput_fn, weight_fn, validateEncryptionServices_fn, getWeightedKeyServers_fn, loadKeyServers_fn;
10
10
  import { EncryptedObject } from "./bcs.js";
11
11
  import { G1Element, G2Element } from "./bls12381.js";
12
12
  import { decrypt } from "./decrypt.js";
@@ -33,7 +33,7 @@ const _SealClient = class _SealClient {
33
33
  constructor(options) {
34
34
  __privateAdd(this, _SealClient_instances);
35
35
  __privateAdd(this, _suiClient);
36
- __privateAdd(this, _weights);
36
+ __privateAdd(this, _configs);
37
37
  __privateAdd(this, _keyServers, null);
38
38
  __privateAdd(this, _verifyKeyServers);
39
39
  // A caching map for: fullId:object_id -> partial key.
@@ -41,11 +41,16 @@ const _SealClient = class _SealClient {
41
41
  __privateAdd(this, _timeout);
42
42
  __privateAdd(this, _totalWeight);
43
43
  __privateSet(this, _suiClient, options.suiClient);
44
- if (new Set(options.serverObjectIds.map(([objectId, _]) => objectId)).size !== options.serverObjectIds.length) {
44
+ if (new Set(options.serverConfigs.map((s) => s.objectId)).size !== options.serverConfigs.length) {
45
45
  throw new InvalidClientOptionsError("Duplicate object IDs");
46
46
  }
47
- __privateSet(this, _weights, new Map(options.serverObjectIds));
48
- __privateSet(this, _totalWeight, options.serverObjectIds.map(([_, weight]) => weight).reduce((sum, term) => sum + term, 0));
47
+ if (options.serverConfigs.some((s) => s.apiKeyName && !s.apiKey || !s.apiKeyName && s.apiKey)) {
48
+ throw new InvalidClientOptionsError(
49
+ "Both apiKeyName and apiKey must be provided or not provided for all key servers"
50
+ );
51
+ }
52
+ __privateSet(this, _configs, new Map(options.serverConfigs.map((server) => [server.objectId, server])));
53
+ __privateSet(this, _totalWeight, options.serverConfigs.map((server) => server.weight).reduce((sum, term) => sum + term, 0));
49
54
  __privateSet(this, _verifyKeyServers, options.verifyKeyServers ?? true);
50
55
  __privateSet(this, _timeout, options.timeout ?? 1e4);
51
56
  }
@@ -146,7 +151,7 @@ const _SealClient = class _SealClient {
146
151
  }) {
147
152
  if (threshold > __privateGet(this, _totalWeight) || threshold < 1) {
148
153
  throw new InvalidThresholdError(
149
- `Invalid threshold ${threshold} servers with weights ${__privateGet(this, _weights)}`
154
+ `Invalid threshold ${threshold} servers with weights ${__privateGet(this, _configs)}`
150
155
  );
151
156
  }
152
157
  const keyServers = await this.getKeyServers();
@@ -180,6 +185,7 @@ const _SealClient = class _SealClient {
180
185
  const keyFetches = remainingKeyServers.map(async (objectId) => {
181
186
  const server = keyServers.get(objectId);
182
187
  try {
188
+ const config = __privateGet(this, _configs).get(objectId);
183
189
  const allKeys = await fetchKeysForAllIds(
184
190
  server.url,
185
191
  signedRequest.requestSignature,
@@ -187,6 +193,8 @@ const _SealClient = class _SealClient {
187
193
  signedRequest.decryptionKey,
188
194
  cert,
189
195
  __privateGet(this, _timeout),
196
+ config?.apiKeyName,
197
+ config?.apiKey,
190
198
  controller.signal
191
199
  );
192
200
  for (const { fullId, key } of allKeys) {
@@ -271,7 +279,7 @@ const _SealClient = class _SealClient {
271
279
  }
272
280
  };
273
281
  _suiClient = new WeakMap();
274
- _weights = new WeakMap();
282
+ _configs = new WeakMap();
275
283
  _keyServers = new WeakMap();
276
284
  _verifyKeyServers = new WeakMap();
277
285
  _cachedKeys = new WeakMap();
@@ -287,7 +295,7 @@ createEncryptionInput_fn = function(type, data, aad) {
287
295
  }
288
296
  };
289
297
  weight_fn = function(objectId) {
290
- return __privateGet(this, _weights).get(objectId) ?? 0;
298
+ return __privateGet(this, _configs).get(objectId)?.weight ?? 0;
291
299
  };
292
300
  validateEncryptionServices_fn = function(services, threshold) {
293
301
  if (services.some((objectId) => {
@@ -307,9 +315,9 @@ validateEncryptionServices_fn = function(services, threshold) {
307
315
  getWeightedKeyServers_fn = async function() {
308
316
  const keyServers = await this.getKeyServers();
309
317
  const keyServersWithMultiplicity = [];
310
- for (const [objectId, weight] of __privateGet(this, _weights)) {
318
+ for (const [objectId, config] of __privateGet(this, _configs)) {
311
319
  const keyServer = keyServers.get(objectId);
312
- for (let i = 0; i < weight; i++) {
320
+ for (let i = 0; i < config.weight; i++) {
313
321
  keyServersWithMultiplicity.push(keyServer);
314
322
  }
315
323
  }
@@ -317,7 +325,7 @@ getWeightedKeyServers_fn = async function() {
317
325
  };
318
326
  loadKeyServers_fn = async function() {
319
327
  const keyServers = await retrieveKeyServers({
320
- objectIds: [...__privateGet(this, _weights)].map(([objectId]) => objectId),
328
+ objectIds: [...__privateGet(this, _configs)].map(([objectId]) => objectId),
321
329
  client: __privateGet(this, _suiClient)
322
330
  });
323
331
  if (keyServers.length === 0) {
@@ -326,7 +334,8 @@ loadKeyServers_fn = async function() {
326
334
  if (__privateGet(this, _verifyKeyServers)) {
327
335
  await Promise.all(
328
336
  keyServers.map(async (server) => {
329
- if (!await verifyKeyServer(server, __privateGet(this, _timeout))) {
337
+ const config = __privateGet(this, _configs).get(server.objectId);
338
+ if (!await verifyKeyServer(server, __privateGet(this, _timeout), config?.apiKeyName, config?.apiKey)) {
330
339
  throw new InvalidKeyServerError(`Key server ${server.objectId} is not valid`);
331
340
  }
332
341
  })
package/dist/esm/client.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../src/client.ts"],
4
- "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { EncryptedObject } from './bcs.js';\nimport { G1Element, G2Element } from './bls12381.js';\nimport { decrypt } from './decrypt.js';\nimport type { EncryptionInput } from './dem.js';\nimport { AesGcm256, Hmac256Ctr } from './dem.js';\nimport { DemType, encrypt, KemType } from './encrypt.js';\nimport {\n\tInconsistentKeyServersError,\n\tInvalidClientOptionsError,\n\tInvalidKeyServerError,\n\tInvalidThresholdError,\n\ttoMajorityError,\n\tTooManyFailedFetchKeyRequestsError,\n} from './error.js';\nimport { BonehFranklinBLS12381Services } from './ibe.js';\nimport {\n\tBonehFranklinBLS12381DerivedKey,\n\tKeyServerType,\n\tretrieveKeyServers,\n\tverifyKeyServer,\n} from './key-server.js';\nimport type { DerivedKey, KeyServer } from './key-server.js';\nimport { fetchKeysForAllIds } from './keys.js';\nimport type { SessionKey } from './session-key.js';\nimport type { KeyCacheKey, SealCompatibleClient } from './types.js';\nimport { createFullId, count } from './utils.js';\n\n/**\n * Configuration options for initializing a SealClient\n * @property serverObjectIds: Array of the key servers to use.\n * \t The first element is the object ID, and the second element is the weight of the key server.\n * @property verifyKeyServers: Whether to verify the key servers' authenticity.\n * \t Should be false if servers are pre-verified (e.g., getAllowlistedKeyServers).\n * \t Defaults to true.\n * @property timeout: Timeout in milliseconds for network requests. Defaults to 10 seconds.\n */\nexport interface SealClientExtensionOptions {\n\tserverObjectIds: [string, number][];\n\tverifyKeyServers?: boolean;\n\ttimeout?: number;\n}\n\nexport interface SealClientOptions extends SealClientExtensionOptions {\n\tsuiClient: SealCompatibleClient;\n}\n\nexport class SealClient {\n\t#suiClient: SealCompatibleClient;\n\t#weights: Map<string, number>;\n\t#keyServers: Promise<Map<string, KeyServer>> | null = null;\n\t#verifyKeyServers: boolean;\n\t// A caching map for: fullId:object_id -> partial key.\n\t#cachedKeys = new Map<KeyCacheKey, G1Element>();\n\t#timeout: number;\n\t#totalWeight: number;\n\n\tconstructor(options: SealClientOptions) {\n\t\tthis.#suiClient = options.suiClient;\n\n\t\tif (\n\t\t\tnew Set(options.serverObjectIds.map(([objectId, _]) => objectId)).size !==\n\t\t\toptions.serverObjectIds.length\n\t\t) {\n\t\t\tthrow new InvalidClientOptionsError('Duplicate object IDs');\n\t\t}\n\n\t\tthis.#weights = new Map(options.serverObjectIds);\n\t\tthis.#totalWeight = options.serverObjectIds\n\t\t\t.map(([_, weight]) => weight)\n\t\t\t.reduce((sum, term) => sum + term, 0);\n\n\t\tthis.#verifyKeyServers = options.verifyKeyServers ?? true;\n\t\tthis.#timeout = options.timeout ?? 10_000;\n\t}\n\n\tstatic experimental_asClientExtension(options: SealClientExtensionOptions) {\n\t\treturn {\n\t\t\tname: 'seal' as const,\n\t\t\tregister: (client: SealCompatibleClient) => {\n\t\t\t\treturn new SealClient({\n\t\t\t\t\tsuiClient: client,\n\t\t\t\t\t...options,\n\t\t\t\t});\n\t\t\t},\n\t\t};\n\t}\n\n\t/**\n\t * Return an encrypted message under the identity.\n\t *\n\t * @param kemType - The type of KEM to use.\n\t * @param demType - The type of DEM to use.\n\t * @param threshold - The threshold for the TSS encryption.\n\t * @param packageId - the packageId namespace.\n\t * @param id - the identity to use.\n\t * @param data - the data to encrypt.\n\t * @param aad - optional additional authenticated data.\n\t * @returns The bcs bytes of the encrypted object containing all metadata and the 256-bit symmetric key that was used to encrypt the object.\n\t * \tSince the symmetric key can be used to decrypt, it should not be shared but can be used e.g. for backup.\n\t */\n\tasync encrypt({\n\t\tkemType = KemType.BonehFranklinBLS12381DemCCA,\n\t\tdemType = DemType.AesGcm256,\n\t\tthreshold,\n\t\tpackageId,\n\t\tid,\n\t\tdata,\n\t\taad = new Uint8Array(),\n\t}: {\n\t\tkemType?: KemType;\n\t\tdemType?: DemType;\n\t\tthreshold: number;\n\t\tpackageId: string;\n\t\tid: string;\n\t\tdata: Uint8Array;\n\t\taad?: Uint8Array;\n\t}) {\n\t\t// TODO: Verify that packageId is first version of its package (else throw error).\n\t\treturn encrypt({\n\t\t\tkeyServers: await this.#getWeightedKeyServers(),\n\t\t\tkemType,\n\t\t\tthreshold,\n\t\t\tpackageId,\n\t\t\tid,\n\t\t\tencryptionInput: this.#createEncryptionInput(demType, data, aad),\n\t\t});\n\t}\n\n\t#createEncryptionInput(type: DemType, data: Uint8Array, aad: Uint8Array): EncryptionInput {\n\t\tswitch (type) {\n\t\t\tcase DemType.AesGcm256:\n\t\t\t\treturn new AesGcm256(data, aad);\n\t\t\tcase DemType.Hmac256Ctr:\n\t\t\t\treturn new Hmac256Ctr(data, aad);\n\t\t}\n\t}\n\n\t/**\n\t * Decrypt the given encrypted bytes using cached keys.\n\t * Calls fetchKeys in case one or more of the required keys is not cached yet.\n\t * The function throws an error if the client's key servers are not a subset of\n\t * the encrypted object's key servers or if the threshold cannot be met.\n\t *\n\t * @param data - The encrypted bytes to decrypt.\n\t * @param sessionKey - The session key to use.\n\t * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).\n\t * @returns - The decrypted plaintext corresponding to ciphertext.\n\t */\n\tasync decrypt({\n\t\tdata,\n\t\tsessionKey,\n\t\ttxBytes,\n\t}: {\n\t\tdata: Uint8Array;\n\t\tsessionKey: SessionKey;\n\t\ttxBytes: Uint8Array;\n\t}) {\n\t\tconst encryptedObject = EncryptedObject.parse(data);\n\n\t\tthis.#validateEncryptionServices(\n\t\t\tencryptedObject.services.map((s) => s[0]),\n\t\t\tencryptedObject.threshold,\n\t\t);\n\n\t\tawait this.fetchKeys({\n\t\t\tids: [encryptedObject.id],\n\t\t\ttxBytes,\n\t\t\tsessionKey,\n\t\t\tthreshold: encryptedObject.threshold,\n\t\t});\n\n\t\treturn decrypt({ encryptedObject, keys: this.#cachedKeys });\n\t}\n\n\t#weight(objectId: string) {\n\t\treturn this.#weights.get(objectId) ?? 0;\n\t}\n\n\t#validateEncryptionServices(services: string[], threshold: number) {\n\t\t// Check that the client's key servers are a subset of the encrypted object's key servers.\n\t\tif (\n\t\t\tservices.some((objectId) => {\n\t\t\t\tconst countInClient = this.#weight(objectId);\n\t\t\t\treturn countInClient > 0 && countInClient !== count(services, objectId);\n\t\t\t})\n\t\t) {\n\t\t\tthrow new InconsistentKeyServersError(\n\t\t\t\t`Client's key servers must be a subset of the encrypted object's key servers`,\n\t\t\t);\n\t\t}\n\t\t// Check that the threshold can be met with the client's key servers.\n\t\tif (threshold > this.#totalWeight) {\n\t\t\tthrow new InvalidThresholdError(\n\t\t\t\t`Invalid threshold ${threshold} for ${this.#totalWeight} servers`,\n\t\t\t);\n\t\t}\n\t}\n\n\tasync getKeyServers(): Promise<Map<string, KeyServer>> {\n\t\tif (!this.#keyServers) {\n\t\t\tthis.#keyServers = this.#loadKeyServers().catch((error) => {\n\t\t\t\tthis.#keyServers = null;\n\t\t\t\tthrow error;\n\t\t\t});\n\t\t}\n\t\treturn this.#keyServers;\n\t}\n\n\t/**\n\t * Returns a list of key servers with multiplicity according to their weights.\n\t * The list is used for encryption.\n\t */\n\tasync #getWeightedKeyServers() {\n\t\tconst keyServers = await this.getKeyServers();\n\t\tconst keyServersWithMultiplicity = [];\n\t\tfor (const [objectId, weight] of this.#weights) {\n\t\t\tconst keyServer = keyServers.get(objectId)!;\n\t\t\tfor (let i = 0; i < weight; i++) {\n\t\t\t\tkeyServersWithMultiplicity.push(keyServer);\n\t\t\t}\n\t\t}\n\t\treturn keyServersWithMultiplicity;\n\t}\n\n\tasync #loadKeyServers(): Promise<Map<string, KeyServer>> {\n\t\tconst keyServers = await retrieveKeyServers({\n\t\t\tobjectIds: [...this.#weights].map(([objectId]) => objectId),\n\t\t\tclient: this.#suiClient,\n\t\t});\n\n\t\tif (keyServers.length === 0) {\n\t\t\tthrow new InvalidKeyServerError('No key servers found');\n\t\t}\n\n\t\tif (this.#verifyKeyServers) {\n\t\t\tawait Promise.all(\n\t\t\t\tkeyServers.map(async (server) => {\n\t\t\t\t\tif (!(await verifyKeyServer(server, this.#timeout))) {\n\t\t\t\t\t\tthrow new InvalidKeyServerError(`Key server ${server.objectId} is not valid`);\n\t\t\t\t\t}\n\t\t\t\t}),\n\t\t\t);\n\t\t}\n\t\treturn new Map(keyServers.map((server) => [server.objectId, server]));\n\t}\n\n\t/**\n\t * Fetch keys from the key servers and update the cache.\n\t *\n\t * It is recommended to call this function once for all ids of all encrypted objects if\n\t * there are multiple, then call decrypt for each object. This avoids calling fetchKey\n\t * individually for each decrypt.\n\t *\n\t * @param ids - The ids of the encrypted objects.\n\t * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).\n\t * @param sessionKey - The session key to use.\n\t * @param threshold - The threshold for the TSS encryptions. The function returns when a threshold of key servers had returned keys for all ids.\n\t */\n\tasync fetchKeys({\n\t\tids,\n\t\ttxBytes,\n\t\tsessionKey,\n\t\tthreshold,\n\t}: {\n\t\tids: string[];\n\t\ttxBytes: Uint8Array;\n\t\tsessionKey: SessionKey;\n\t\tthreshold: number;\n\t}) {\n\t\tif (threshold > this.#totalWeight || threshold < 1) {\n\t\t\tthrow new InvalidThresholdError(\n\t\t\t\t`Invalid threshold ${threshold} servers with weights ${this.#weights}`,\n\t\t\t);\n\t\t}\n\t\tconst keyServers = await this.getKeyServers();\n\t\tconst fullIds = ids.map((id) => createFullId(sessionKey.getPackageId(), id));\n\n\t\t// Count a server as completed if it has keys for all fullIds.\n\t\t// Duplicated key server ids will be counted towards the threshold.\n\t\tlet completedWeight = 0;\n\t\tconst remainingKeyServers = [];\n\t\tlet remainingKeyServersWeight = 0;\n\t\tfor (const objectId of keyServers.keys()) {\n\t\t\tif (fullIds.every((fullId) => this.#cachedKeys.has(`${fullId}:${objectId}`))) {\n\t\t\t\tcompletedWeight += this.#weight(objectId)!;\n\t\t\t} else {\n\t\t\t\tremainingKeyServers.push(objectId);\n\t\t\t\tremainingKeyServersWeight += this.#weight(objectId)!;\n\t\t\t}\n\t\t}\n\n\t\t// Return early if we have enough keys from cache.\n\t\tif (completedWeight >= threshold) {\n\t\t\treturn;\n\t\t}\n\n\t\t// Check server validities.\n\t\tfor (const objectId of remainingKeyServers) {\n\t\t\tconst server = keyServers.get(objectId)!;\n\t\t\tif (server.keyType !== KeyServerType.BonehFranklinBLS12381) {\n\t\t\t\tthrow new InvalidKeyServerError(\n\t\t\t\t\t`Server ${server.objectId} has invalid key type: ${server.keyType}`,\n\t\t\t\t);\n\t\t\t}\n\t\t}\n\n\t\tconst cert = await sessionKey.getCertificate();\n\t\tconst signedRequest = await sessionKey.createRequestParams(txBytes);\n\n\t\tconst controller = new AbortController();\n\t\tconst errors: Error[] = [];\n\n\t\tconst keyFetches = remainingKeyServers.map(async (objectId) => {\n\t\t\tconst server = keyServers.get(objectId)!;\n\t\t\ttry {\n\t\t\t\tconst allKeys = await fetchKeysForAllIds(\n\t\t\t\t\tserver.url,\n\t\t\t\t\tsignedRequest.requestSignature,\n\t\t\t\t\ttxBytes,\n\t\t\t\t\tsignedRequest.decryptionKey,\n\t\t\t\t\tcert,\n\t\t\t\t\tthis.#timeout,\n\t\t\t\t\tcontroller.signal,\n\t\t\t\t);\n\t\t\t\t// Check validity of the keys and add them to the cache.\n\t\t\t\tfor (const { fullId, key } of allKeys) {\n\t\t\t\t\tconst keyElement = G1Element.fromBytes(key);\n\t\t\t\t\tif (\n\t\t\t\t\t\t!BonehFranklinBLS12381Services.verifyUserSecretKey(\n\t\t\t\t\t\t\tkeyElement,\n\t\t\t\t\t\t\tfullId,\n\t\t\t\t\t\t\tG2Element.fromBytes(server.pk),\n\t\t\t\t\t\t)\n\t\t\t\t\t) {\n\t\t\t\t\t\tconsole.warn('Received invalid key from key server ' + server.objectId);\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\t\t\t\t\tthis.#cachedKeys.set(`${fullId}:${server.objectId}`, keyElement);\n\t\t\t\t}\n\n\t\t\t\t// Check if all the receivedIds are consistent with the requested fullIds.\n\t\t\t\t// If so, consider the key server got all keys and mark as completed.\n\t\t\t\tif (fullIds.every((fullId) => this.#cachedKeys.has(`${fullId}:${server.objectId}`))) {\n\t\t\t\t\tcompletedWeight += this.#weight(objectId)!;\n\n\t\t\t\t\t// Return early if the completed servers is more than the threshold.\n\t\t\t\t\tif (completedWeight >= threshold) {\n\t\t\t\t\t\tcontroller.abort();\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t} catch (error) {\n\t\t\t\tif (!controller.signal.aborted) {\n\t\t\t\t\terrors.push(error as Error);\n\t\t\t\t}\n\t\t\t} finally {\n\t\t\t\t// If there are too many errors that the threshold is not attainable, return early with error.\n\t\t\t\tremainingKeyServersWeight -= this.#weight(objectId)!;\n\t\t\t\tif (remainingKeyServersWeight < threshold - completedWeight) {\n\t\t\t\t\tcontroller.abort(new TooManyFailedFetchKeyRequestsError());\n\t\t\t\t}\n\t\t\t}\n\t\t});\n\n\t\tawait Promise.allSettled(keyFetches);\n\n\t\tif (completedWeight < threshold) {\n\t\t\tthrow toMajorityError(errors);\n\t\t}\n\t}\n\n\t/**\n\t * Get derived keys from the given services.\n\t *\n\t * @param id - The id of the encrypted object.\n\t * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).\n\t * @param sessionKey - The session key to use.\n\t * @param threshold - The threshold.\n\t * @returns - Derived keys for the given services that are in the cache as a \"service object ID\" -> derived key map. If the call is succesful, exactly threshold keys will be returned.\n\t */\n\tasync getDerivedKeys({\n\t\tkemType = KemType.BonehFranklinBLS12381DemCCA,\n\t\tid,\n\t\ttxBytes,\n\t\tsessionKey,\n\t\tthreshold,\n\t}: {\n\t\tkemType?: KemType;\n\t\tid: string;\n\t\ttxBytes: Uint8Array;\n\t\tsessionKey: SessionKey;\n\t\tthreshold: number;\n\t}): Promise<Map<string, DerivedKey>> {\n\t\tswitch (kemType) {\n\t\t\tcase KemType.BonehFranklinBLS12381DemCCA:\n\t\t\t\tconst keyServers = await this.getKeyServers();\n\t\t\t\tif (threshold > this.#totalWeight) {\n\t\t\t\t\tthrow new InvalidThresholdError(\n\t\t\t\t\t\t`Invalid threshold ${threshold} for ${this.#totalWeight} servers`,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tawait this.fetchKeys({\n\t\t\t\t\tids: [id],\n\t\t\t\t\ttxBytes,\n\t\t\t\t\tsessionKey,\n\t\t\t\t\tthreshold,\n\t\t\t\t});\n\n\t\t\t\t// After calling fetchKeys, we can be sure that there are at least `threshold` of the required keys in the cache.\n\t\t\t\t// It is also checked there that the KeyServerType is BonehFranklinBLS12381 for all services.\n\n\t\t\t\tconst fullId = createFullId(sessionKey.getPackageId(), id);\n\n\t\t\t\tconst derivedKeys = new Map();\n\t\t\t\tlet weight = 0;\n\t\t\t\tfor (const objectId of keyServers.keys()) {\n\t\t\t\t\t// The code below assumes that the KeyServerType is BonehFranklinBLS12381.\n\t\t\t\t\tconst cachedKey = this.#cachedKeys.get(`${fullId}:${objectId}`);\n\t\t\t\t\tif (cachedKey) {\n\t\t\t\t\t\tderivedKeys.set(objectId, new BonehFranklinBLS12381DerivedKey(cachedKey));\n\t\t\t\t\t\tweight += this.#weight(objectId)!;\n\t\t\t\t\t\tif (weight >= threshold) {\n\t\t\t\t\t\t\t// We have enough keys, so we can stop.\n\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\treturn derivedKeys;\n\t\t}\n\t}\n}\n"],
5
- "mappings": ";;;;;;;;AAAA;AAGA,SAAS,uBAAuB;AAChC,SAAS,WAAW,iBAAiB;AACrC,SAAS,eAAe;AAExB,SAAS,WAAW,kBAAkB;AACtC,SAAS,SAAS,SAAS,eAAe;AAC1C;AAAA,EACC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACM;AACP,SAAS,qCAAqC;AAC9C;AAAA,EACC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACM;AAEP,SAAS,0BAA0B;AAGnC,SAAS,cAAc,aAAa;AAqB7B,MAAM,cAAN,MAAM,YAAW;AAAA,EAUvB,YAAY,SAA4B;AAVlC;AACN;AACA;AACA,oCAAsD;AACtD;AAEA;AAAA,oCAAc,oBAAI,IAA4B;AAC9C;AACA;AAGC,uBAAK,YAAa,QAAQ;AAE1B,QACC,IAAI,IAAI,QAAQ,gBAAgB,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,QAAQ,CAAC,EAAE,SAClE,QAAQ,gBAAgB,QACvB;AACD,YAAM,IAAI,0BAA0B,sBAAsB;AAAA,IAC3D;AAEA,uBAAK,UAAW,IAAI,IAAI,QAAQ,eAAe;AAC/C,uBAAK,cAAe,QAAQ,gBAC1B,IAAI,CAAC,CAAC,GAAG,MAAM,MAAM,MAAM,EAC3B,OAAO,CAAC,KAAK,SAAS,MAAM,MAAM,CAAC;AAErC,uBAAK,mBAAoB,QAAQ,oBAAoB;AACrD,uBAAK,UAAW,QAAQ,WAAW;AAAA,EACpC;AAAA,EAEA,OAAO,+BAA+B,SAAqC;AAC1E,WAAO;AAAA,MACN,MAAM;AAAA,MACN,UAAU,CAAC,WAAiC;AAC3C,eAAO,IAAI,YAAW;AAAA,UACrB,WAAW;AAAA,UACX,GAAG;AAAA,QACJ,CAAC;AAAA,MACF;AAAA,IACD;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,MAAM,QAAQ;AAAA,IACb,UAAU,QAAQ;AAAA,IAClB,UAAU,QAAQ;AAAA,IAClB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,MAAM,IAAI,WAAW;AAAA,EACtB,GAQG;AAEF,WAAO,QAAQ;AAAA,MACd,YAAY,MAAM,sBAAK,iDAAL;AAAA,MAClB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,iBAAiB,sBAAK,iDAAL,WAA4B,SAAS,MAAM;AAAA,IAC7D,CAAC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAsBA,MAAM,QAAQ;AAAA,IACb;AAAA,IACA;AAAA,IACA;AAAA,EACD,GAIG;AACF,UAAM,kBAAkB,gBAAgB,MAAM,IAAI;AAElD,0BAAK,sDAAL,WACC,gBAAgB,SAAS,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,GACxC,gBAAgB;AAGjB,UAAM,KAAK,UAAU;AAAA,MACpB,KAAK,CAAC,gBAAgB,EAAE;AAAA,MACxB;AAAA,MACA;AAAA,MACA,WAAW,gBAAgB;AAAA,IAC5B,CAAC;AAED,WAAO,QAAQ,EAAE,iBAAiB,MAAM,mBAAK,aAAY,CAAC;AAAA,EAC3D;AAAA,EA0BA,MAAM,gBAAiD;AACtD,QAAI,CAAC,mBAAK,cAAa;AACtB,yBAAK,aAAc,sBAAK,0CAAL,WAAuB,MAAM,CAAC,UAAU;AAC1D,2BAAK,aAAc;AACnB,cAAM;AAAA,MACP,CAAC;AAAA,IACF;AACA,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAoDA,MAAM,UAAU;AAAA,IACf;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACD,GAKG;AACF,QAAI,YAAY,mBAAK,iBAAgB,YAAY,GAAG;AACnD,YAAM,IAAI;AAAA,QACT,qBAAqB,SAAS,yBAAyB,mBAAK,SAAQ;AAAA,MACrE;AAAA,IACD;AACA,UAAM,aAAa,MAAM,KAAK,cAAc;AAC5C,UAAM,UAAU,IAAI,IAAI,CAAC,OAAO,aAAa,WAAW,aAAa,GAAG,EAAE,CAAC;AAI3E,QAAI,kBAAkB;AACtB,UAAM,sBAAsB,CAAC;AAC7B,QAAI,4BAA4B;AAChC,eAAW,YAAY,WAAW,KAAK,GAAG;AACzC,UAAI,QAAQ,MAAM,CAAC,WAAW,mBAAK,aAAY,IAAI,GAAG,MAAM,IAAI,QAAQ,EAAE,CAAC,GAAG;AAC7E,2BAAmB,sBAAK,kCAAL,WAAa;AAAA,MACjC,OAAO;AACN,4BAAoB,KAAK,QAAQ;AACjC,qCAA6B,sBAAK,kCAAL,WAAa;AAAA,MAC3C;AAAA,IACD;AAGA,QAAI,mBAAmB,WAAW;AACjC;AAAA,IACD;AAGA,eAAW,YAAY,qBAAqB;AAC3C,YAAM,SAAS,WAAW,IAAI,QAAQ;AACtC,UAAI,OAAO,YAAY,cAAc,uBAAuB;AAC3D,cAAM,IAAI;AAAA,UACT,UAAU,OAAO,QAAQ,0BAA0B,OAAO,OAAO;AAAA,QAClE;AAAA,MACD;AAAA,IACD;AAEA,UAAM,OAAO,MAAM,WAAW,eAAe;AAC7C,UAAM,gBAAgB,MAAM,WAAW,oBAAoB,OAAO;AAElE,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,SAAkB,CAAC;AAEzB,UAAM,aAAa,oBAAoB,IAAI,OAAO,aAAa;AAC9D,YAAM,SAAS,WAAW,IAAI,QAAQ;AACtC,UAAI;AACH,cAAM,UAAU,MAAM;AAAA,UACrB,OAAO;AAAA,UACP,cAAc;AAAA,UACd;AAAA,UACA,cAAc;AAAA,UACd;AAAA,UACA,mBAAK;AAAA,UACL,WAAW;AAAA,QACZ;AAEA,mBAAW,EAAE,QAAQ,IAAI,KAAK,SAAS;AACtC,gBAAM,aAAa,UAAU,UAAU,GAAG;AAC1C,cACC,CAAC,8BAA8B;AAAA,YAC9B;AAAA,YACA;AAAA,YACA,UAAU,UAAU,OAAO,EAAE;AAAA,UAC9B,GACC;AACD,oBAAQ,KAAK,0CAA0C,OAAO,QAAQ;AACtE;AAAA,UACD;AACA,6BAAK,aAAY,IAAI,GAAG,MAAM,IAAI,OAAO,QAAQ,IAAI,UAAU;AAAA,QAChE;AAIA,YAAI,QAAQ,MAAM,CAAC,WAAW,mBAAK,aAAY,IAAI,GAAG,MAAM,IAAI,OAAO,QAAQ,EAAE,CAAC,GAAG;AACpF,6BAAmB,sBAAK,kCAAL,WAAa;AAGhC,cAAI,mBAAmB,WAAW;AACjC,uBAAW,MAAM;AAAA,UAClB;AAAA,QACD;AAAA,MACD,SAAS,OAAO;AACf,YAAI,CAAC,WAAW,OAAO,SAAS;AAC/B,iBAAO,KAAK,KAAc;AAAA,QAC3B;AAAA,MACD,UAAE;AAED,qCAA6B,sBAAK,kCAAL,WAAa;AAC1C,YAAI,4BAA4B,YAAY,iBAAiB;AAC5D,qBAAW,MAAM,IAAI,mCAAmC,CAAC;AAAA,QAC1D;AAAA,MACD;AAAA,IACD,CAAC;AAED,UAAM,QAAQ,WAAW,UAAU;AAEnC,QAAI,kBAAkB,WAAW;AAChC,YAAM,gBAAgB,MAAM;AAAA,IAC7B;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,eAAe;AAAA,IACpB,UAAU,QAAQ;AAAA,IAClB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACD,GAMqC;AACpC,YAAQ,SAAS;AAAA,MAChB,KAAK,QAAQ;AACZ,cAAM,aAAa,MAAM,KAAK,cAAc;AAC5C,YAAI,YAAY,mBAAK,eAAc;AAClC,gBAAM,IAAI;AAAA,YACT,qBAAqB,SAAS,QAAQ,mBAAK,aAAY;AAAA,UACxD;AAAA,QACD;AACA,cAAM,KAAK,UAAU;AAAA,UACpB,KAAK,CAAC,EAAE;AAAA,UACR;AAAA,UACA;AAAA,UACA;AAAA,QACD,CAAC;AAKD,cAAM,SAAS,aAAa,WAAW,aAAa,GAAG,EAAE;AAEzD,cAAM,cAAc,oBAAI,IAAI;AAC5B,YAAI,SAAS;AACb,mBAAW,YAAY,WAAW,KAAK,GAAG;AAEzC,gBAAM,YAAY,mBAAK,aAAY,IAAI,GAAG,MAAM,IAAI,QAAQ,EAAE;AAC9D,cAAI,WAAW;AACd,wBAAY,IAAI,UAAU,IAAI,gCAAgC,SAAS,CAAC;AACxE,sBAAU,sBAAK,kCAAL,WAAa;AACvB,gBAAI,UAAU,WAAW;AAExB;AAAA,YACD;AAAA,UACD;AAAA,QACD;AACA,eAAO;AAAA,IACT;AAAA,EACD;AACD;AA9XC;AACA;AACA;AACA;AAEA;AACA;AACA;AARM;AAkFN,2BAAsB,SAAC,MAAe,MAAkB,KAAkC;AACzF,UAAQ,MAAM;AAAA,IACb,KAAK,QAAQ;AACZ,aAAO,IAAI,UAAU,MAAM,GAAG;AAAA,IAC/B,KAAK,QAAQ;AACZ,aAAO,IAAI,WAAW,MAAM,GAAG;AAAA,EACjC;AACD;AAuCA,YAAO,SAAC,UAAkB;AACzB,SAAO,mBAAK,UAAS,IAAI,QAAQ,KAAK;AACvC;AAEA,gCAA2B,SAAC,UAAoB,WAAmB;AAElE,MACC,SAAS,KAAK,CAAC,aAAa;AAC3B,UAAM,gBAAgB,sBAAK,kCAAL,WAAa;AACnC,WAAO,gBAAgB,KAAK,kBAAkB,MAAM,UAAU,QAAQ;AAAA,EACvE,CAAC,GACA;AACD,UAAM,IAAI;AAAA,MACT;AAAA,IACD;AAAA,EACD;AAEA,MAAI,YAAY,mBAAK,eAAc;AAClC,UAAM,IAAI;AAAA,MACT,qBAAqB,SAAS,QAAQ,mBAAK,aAAY;AAAA,IACxD;AAAA,EACD;AACD;AAgBM,2BAAsB,iBAAG;AAC9B,QAAM,aAAa,MAAM,KAAK,cAAc;AAC5C,QAAM,6BAA6B,CAAC;AACpC,aAAW,CAAC,UAAU,MAAM,KAAK,mBAAK,WAAU;AAC/C,UAAM,YAAY,WAAW,IAAI,QAAQ;AACzC,aAAS,IAAI,GAAG,IAAI,QAAQ,KAAK;AAChC,iCAA2B,KAAK,SAAS;AAAA,IAC1C;AAAA,EACD;AACA,SAAO;AACR;AAEM,oBAAe,iBAAoC;AACxD,QAAM,aAAa,MAAM,mBAAmB;AAAA,IAC3C,WAAW,CAAC,GAAG,mBAAK,SAAQ,EAAE,IAAI,CAAC,CAAC,QAAQ,MAAM,QAAQ;AAAA,IAC1D,QAAQ,mBAAK;AAAA,EACd,CAAC;AAED,MAAI,WAAW,WAAW,GAAG;AAC5B,UAAM,IAAI,sBAAsB,sBAAsB;AAAA,EACvD;AAEA,MAAI,mBAAK,oBAAmB;AAC3B,UAAM,QAAQ;AAAA,MACb,WAAW,IAAI,OAAO,WAAW;AAChC,YAAI,CAAE,MAAM,gBAAgB,QAAQ,mBAAK,SAAQ,GAAI;AACpD,gBAAM,IAAI,sBAAsB,cAAc,OAAO,QAAQ,eAAe;AAAA,QAC7E;AAAA,MACD,CAAC;AAAA,IACF;AAAA,EACD;AACA,SAAO,IAAI,IAAI,WAAW,IAAI,CAAC,WAAW,CAAC,OAAO,UAAU,MAAM,CAAC,CAAC;AACrE;AAtMM,IAAM,aAAN;",
4
+ "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { EncryptedObject } from './bcs.js';\nimport { G1Element, G2Element } from './bls12381.js';\nimport { decrypt } from './decrypt.js';\nimport type { EncryptionInput } from './dem.js';\nimport { AesGcm256, Hmac256Ctr } from './dem.js';\nimport { DemType, encrypt, KemType } from './encrypt.js';\nimport {\n\tInconsistentKeyServersError,\n\tInvalidClientOptionsError,\n\tInvalidKeyServerError,\n\tInvalidThresholdError,\n\ttoMajorityError,\n\tTooManyFailedFetchKeyRequestsError,\n} from './error.js';\nimport { BonehFranklinBLS12381Services } from './ibe.js';\nimport {\n\tBonehFranklinBLS12381DerivedKey,\n\tKeyServerType,\n\tretrieveKeyServers,\n\tverifyKeyServer,\n} from './key-server.js';\nimport type { DerivedKey, KeyServer } from './key-server.js';\nimport { fetchKeysForAllIds } from './keys.js';\nimport type { SessionKey } from './session-key.js';\nimport type { KeyCacheKey, SealCompatibleClient } from './types.js';\nimport { createFullId, count } from './utils.js';\n\n/**\n * Configuration options for initializing a SealClient\n * @property serverConfigs: Array of key server configs consisting of objectId, weight, optional API key name and API key.\n * @property verifyKeyServers: Whether to verify the key servers' authenticity.\n * \t Should be false if servers are pre-verified (e.g., getAllowlistedKeyServers).\n * \t Defaults to true.\n * @property timeout: Timeout in milliseconds for network requests. Defaults to 10 seconds.\n */\nexport interface SealClientExtensionOptions {\n\tserverConfigs: KeyServerConfig[];\n\tverifyKeyServers?: boolean;\n\ttimeout?: number;\n}\n\nexport interface KeyServerConfig {\n\tobjectId: string;\n\tweight: number;\n\tapiKeyName?: string;\n\tapiKey?: string;\n}\n\nexport interface SealClientOptions extends SealClientExtensionOptions {\n\tsuiClient: SealCompatibleClient;\n}\n\nexport class SealClient {\n\t#suiClient: SealCompatibleClient;\n\t#configs: Map<string, KeyServerConfig>;\n\t#keyServers: Promise<Map<string, KeyServer>> | null = null;\n\t#verifyKeyServers: boolean;\n\t// A caching map for: fullId:object_id -> partial key.\n\t#cachedKeys = new Map<KeyCacheKey, G1Element>();\n\t#timeout: number;\n\t#totalWeight: number;\n\n\tconstructor(options: SealClientOptions) {\n\t\tthis.#suiClient = options.suiClient;\n\n\t\tif (\n\t\t\tnew Set(options.serverConfigs.map((s) => s.objectId)).size !== options.serverConfigs.length\n\t\t) {\n\t\t\tthrow new InvalidClientOptionsError('Duplicate object IDs');\n\t\t}\n\n\t\tif (\n\t\t\toptions.serverConfigs.some((s) => (s.apiKeyName && !s.apiKey) || (!s.apiKeyName && s.apiKey))\n\t\t) {\n\t\t\tthrow new InvalidClientOptionsError(\n\t\t\t\t'Both apiKeyName and apiKey must be provided or not provided for all key servers',\n\t\t\t);\n\t\t}\n\n\t\tthis.#configs = new Map(options.serverConfigs.map((server) => [server.objectId, server]));\n\t\tthis.#totalWeight = options.serverConfigs\n\t\t\t.map((server) => server.weight)\n\t\t\t.reduce((sum, term) => sum + term, 0);\n\n\t\tthis.#verifyKeyServers = options.verifyKeyServers ?? true;\n\t\tthis.#timeout = options.timeout ?? 10_000;\n\t}\n\n\tstatic experimental_asClientExtension(options: SealClientExtensionOptions) {\n\t\treturn {\n\t\t\tname: 'seal' as const,\n\t\t\tregister: (client: SealCompatibleClient) => {\n\t\t\t\treturn new SealClient({\n\t\t\t\t\tsuiClient: client,\n\t\t\t\t\t...options,\n\t\t\t\t});\n\t\t\t},\n\t\t};\n\t}\n\n\t/**\n\t * Return an encrypted message under the identity.\n\t *\n\t * @param kemType - The type of KEM to use.\n\t * @param demType - The type of DEM to use.\n\t * @param threshold - The threshold for the TSS encryption.\n\t * @param packageId - the packageId namespace.\n\t * @param id - the identity to use.\n\t * @param data - the data to encrypt.\n\t * @param aad - optional additional authenticated data.\n\t * @returns The bcs bytes of the encrypted object containing all metadata and the 256-bit symmetric key that was used to encrypt the object.\n\t * \tSince the symmetric key can be used to decrypt, it should not be shared but can be used e.g. for backup.\n\t */\n\tasync encrypt({\n\t\tkemType = KemType.BonehFranklinBLS12381DemCCA,\n\t\tdemType = DemType.AesGcm256,\n\t\tthreshold,\n\t\tpackageId,\n\t\tid,\n\t\tdata,\n\t\taad = new Uint8Array(),\n\t}: {\n\t\tkemType?: KemType;\n\t\tdemType?: DemType;\n\t\tthreshold: number;\n\t\tpackageId: string;\n\t\tid: string;\n\t\tdata: Uint8Array;\n\t\taad?: Uint8Array;\n\t}) {\n\t\t// TODO: Verify that packageId is first version of its package (else throw error).\n\t\treturn encrypt({\n\t\t\tkeyServers: await this.#getWeightedKeyServers(),\n\t\t\tkemType,\n\t\t\tthreshold,\n\t\t\tpackageId,\n\t\t\tid,\n\t\t\tencryptionInput: this.#createEncryptionInput(demType, data, aad),\n\t\t});\n\t}\n\n\t#createEncryptionInput(type: DemType, data: Uint8Array, aad: Uint8Array): EncryptionInput {\n\t\tswitch (type) {\n\t\t\tcase DemType.AesGcm256:\n\t\t\t\treturn new AesGcm256(data, aad);\n\t\t\tcase DemType.Hmac256Ctr:\n\t\t\t\treturn new Hmac256Ctr(data, aad);\n\t\t}\n\t}\n\n\t/**\n\t * Decrypt the given encrypted bytes using cached keys.\n\t * Calls fetchKeys in case one or more of the required keys is not cached yet.\n\t * The function throws an error if the client's key servers are not a subset of\n\t * the encrypted object's key servers or if the threshold cannot be met.\n\t *\n\t * @param data - The encrypted bytes to decrypt.\n\t * @param sessionKey - The session key to use.\n\t * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).\n\t * @returns - The decrypted plaintext corresponding to ciphertext.\n\t */\n\tasync decrypt({\n\t\tdata,\n\t\tsessionKey,\n\t\ttxBytes,\n\t}: {\n\t\tdata: Uint8Array;\n\t\tsessionKey: SessionKey;\n\t\ttxBytes: Uint8Array;\n\t}) {\n\t\tconst encryptedObject = EncryptedObject.parse(data);\n\n\t\tthis.#validateEncryptionServices(\n\t\t\tencryptedObject.services.map((s) => s[0]),\n\t\t\tencryptedObject.threshold,\n\t\t);\n\n\t\tawait this.fetchKeys({\n\t\t\tids: [encryptedObject.id],\n\t\t\ttxBytes,\n\t\t\tsessionKey,\n\t\t\tthreshold: encryptedObject.threshold,\n\t\t});\n\n\t\treturn decrypt({ encryptedObject, keys: this.#cachedKeys });\n\t}\n\n\t#weight(objectId: string) {\n\t\treturn this.#configs.get(objectId)?.weight ?? 0;\n\t}\n\n\t#validateEncryptionServices(services: string[], threshold: number) {\n\t\t// Check that the client's key servers are a subset of the encrypted object's key servers.\n\t\tif (\n\t\t\tservices.some((objectId) => {\n\t\t\t\tconst countInClient = this.#weight(objectId);\n\t\t\t\treturn countInClient > 0 && countInClient !== count(services, objectId);\n\t\t\t})\n\t\t) {\n\t\t\tthrow new InconsistentKeyServersError(\n\t\t\t\t`Client's key servers must be a subset of the encrypted object's key servers`,\n\t\t\t);\n\t\t}\n\t\t// Check that the threshold can be met with the client's key servers.\n\t\tif (threshold > this.#totalWeight) {\n\t\t\tthrow new InvalidThresholdError(\n\t\t\t\t`Invalid threshold ${threshold} for ${this.#totalWeight} servers`,\n\t\t\t);\n\t\t}\n\t}\n\n\tasync getKeyServers(): Promise<Map<string, KeyServer>> {\n\t\tif (!this.#keyServers) {\n\t\t\tthis.#keyServers = this.#loadKeyServers().catch((error) => {\n\t\t\t\tthis.#keyServers = null;\n\t\t\t\tthrow error;\n\t\t\t});\n\t\t}\n\t\treturn this.#keyServers;\n\t}\n\n\t/**\n\t * Returns a list of key servers with multiplicity according to their weights.\n\t * The list is used for encryption.\n\t */\n\tasync #getWeightedKeyServers() {\n\t\tconst keyServers = await this.getKeyServers();\n\t\tconst keyServersWithMultiplicity = [];\n\t\tfor (const [objectId, config] of this.#configs) {\n\t\t\tconst keyServer = keyServers.get(objectId)!;\n\t\t\tfor (let i = 0; i < config.weight; i++) {\n\t\t\t\tkeyServersWithMultiplicity.push(keyServer);\n\t\t\t}\n\t\t}\n\t\treturn keyServersWithMultiplicity;\n\t}\n\n\tasync #loadKeyServers(): Promise<Map<string, KeyServer>> {\n\t\tconst keyServers = await retrieveKeyServers({\n\t\t\tobjectIds: [...this.#configs].map(([objectId]) => objectId),\n\t\t\tclient: this.#suiClient,\n\t\t});\n\n\t\tif (keyServers.length === 0) {\n\t\t\tthrow new InvalidKeyServerError('No key servers found');\n\t\t}\n\n\t\tif (this.#verifyKeyServers) {\n\t\t\tawait Promise.all(\n\t\t\t\tkeyServers.map(async (server) => {\n\t\t\t\t\tconst config = this.#configs.get(server.objectId);\n\t\t\t\t\tif (!(await verifyKeyServer(server, this.#timeout, config?.apiKeyName, config?.apiKey))) {\n\t\t\t\t\t\tthrow new InvalidKeyServerError(`Key server ${server.objectId} is not valid`);\n\t\t\t\t\t}\n\t\t\t\t}),\n\t\t\t);\n\t\t}\n\t\treturn new Map(keyServers.map((server) => [server.objectId, server]));\n\t}\n\n\t/**\n\t * Fetch keys from the key servers and update the cache.\n\t *\n\t * It is recommended to call this function once for all ids of all encrypted objects if\n\t * there are multiple, then call decrypt for each object. This avoids calling fetchKey\n\t * individually for each decrypt.\n\t *\n\t * @param ids - The ids of the encrypted objects.\n\t * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).\n\t * @param sessionKey - The session key to use.\n\t * @param threshold - The threshold for the TSS encryptions. The function returns when a threshold of key servers had returned keys for all ids.\n\t */\n\tasync fetchKeys({\n\t\tids,\n\t\ttxBytes,\n\t\tsessionKey,\n\t\tthreshold,\n\t}: {\n\t\tids: string[];\n\t\ttxBytes: Uint8Array;\n\t\tsessionKey: SessionKey;\n\t\tthreshold: number;\n\t}) {\n\t\tif (threshold > this.#totalWeight || threshold < 1) {\n\t\t\tthrow new InvalidThresholdError(\n\t\t\t\t`Invalid threshold ${threshold} servers with weights ${this.#configs}`,\n\t\t\t);\n\t\t}\n\t\tconst keyServers = await this.getKeyServers();\n\t\tconst fullIds = ids.map((id) => createFullId(sessionKey.getPackageId(), id));\n\n\t\t// Count a server as completed if it has keys for all fullIds.\n\t\t// Duplicated key server ids will be counted towards the threshold.\n\t\tlet completedWeight = 0;\n\t\tconst remainingKeyServers = [];\n\t\tlet remainingKeyServersWeight = 0;\n\t\tfor (const objectId of keyServers.keys()) {\n\t\t\tif (fullIds.every((fullId) => this.#cachedKeys.has(`${fullId}:${objectId}`))) {\n\t\t\t\tcompletedWeight += this.#weight(objectId);\n\t\t\t} else {\n\t\t\t\tremainingKeyServers.push(objectId);\n\t\t\t\tremainingKeyServersWeight += this.#weight(objectId);\n\t\t\t}\n\t\t}\n\n\t\t// Return early if we have enough keys from cache.\n\t\tif (completedWeight >= threshold) {\n\t\t\treturn;\n\t\t}\n\n\t\t// Check server validities.\n\t\tfor (const objectId of remainingKeyServers) {\n\t\t\tconst server = keyServers.get(objectId)!;\n\t\t\tif (server.keyType !== KeyServerType.BonehFranklinBLS12381) {\n\t\t\t\tthrow new InvalidKeyServerError(\n\t\t\t\t\t`Server ${server.objectId} has invalid key type: ${server.keyType}`,\n\t\t\t\t);\n\t\t\t}\n\t\t}\n\n\t\tconst cert = await sessionKey.getCertificate();\n\t\tconst signedRequest = await sessionKey.createRequestParams(txBytes);\n\n\t\tconst controller = new AbortController();\n\t\tconst errors: Error[] = [];\n\n\t\tconst keyFetches = remainingKeyServers.map(async (objectId) => {\n\t\t\tconst server = keyServers.get(objectId)!;\n\t\t\ttry {\n\t\t\t\tconst config = this.#configs.get(objectId);\n\t\t\t\tconst allKeys = await fetchKeysForAllIds(\n\t\t\t\t\tserver.url,\n\t\t\t\t\tsignedRequest.requestSignature,\n\t\t\t\t\ttxBytes,\n\t\t\t\t\tsignedRequest.decryptionKey,\n\t\t\t\t\tcert,\n\t\t\t\t\tthis.#timeout,\n\t\t\t\t\tconfig?.apiKeyName,\n\t\t\t\t\tconfig?.apiKey,\n\t\t\t\t\tcontroller.signal,\n\t\t\t\t);\n\t\t\t\t// Check validity of the keys and add them to the cache.\n\t\t\t\tfor (const { fullId, key } of allKeys) {\n\t\t\t\t\tconst keyElement = G1Element.fromBytes(key);\n\t\t\t\t\tif (\n\t\t\t\t\t\t!BonehFranklinBLS12381Services.verifyUserSecretKey(\n\t\t\t\t\t\t\tkeyElement,\n\t\t\t\t\t\t\tfullId,\n\t\t\t\t\t\t\tG2Element.fromBytes(server.pk),\n\t\t\t\t\t\t)\n\t\t\t\t\t) {\n\t\t\t\t\t\tconsole.warn('Received invalid key from key server ' + server.objectId);\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\t\t\t\t\tthis.#cachedKeys.set(`${fullId}:${server.objectId}`, keyElement);\n\t\t\t\t}\n\n\t\t\t\t// Check if all the receivedIds are consistent with the requested fullIds.\n\t\t\t\t// If so, consider the key server got all keys and mark as completed.\n\t\t\t\tif (fullIds.every((fullId) => this.#cachedKeys.has(`${fullId}:${server.objectId}`))) {\n\t\t\t\t\tcompletedWeight += this.#weight(objectId);\n\n\t\t\t\t\t// Return early if the completed servers is more than the threshold.\n\t\t\t\t\tif (completedWeight >= threshold) {\n\t\t\t\t\t\tcontroller.abort();\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t} catch (error) {\n\t\t\t\tif (!controller.signal.aborted) {\n\t\t\t\t\terrors.push(error as Error);\n\t\t\t\t}\n\t\t\t} finally {\n\t\t\t\t// If there are too many errors that the threshold is not attainable, return early with error.\n\t\t\t\tremainingKeyServersWeight -= this.#weight(objectId);\n\t\t\t\tif (remainingKeyServersWeight < threshold - completedWeight) {\n\t\t\t\t\tcontroller.abort(new TooManyFailedFetchKeyRequestsError());\n\t\t\t\t}\n\t\t\t}\n\t\t});\n\n\t\tawait Promise.allSettled(keyFetches);\n\n\t\tif (completedWeight < threshold) {\n\t\t\tthrow toMajorityError(errors);\n\t\t}\n\t}\n\n\t/**\n\t * Get derived keys from the given services.\n\t *\n\t * @param id - The id of the encrypted object.\n\t * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).\n\t * @param sessionKey - The session key to use.\n\t * @param threshold - The threshold.\n\t * @returns - Derived keys for the given services that are in the cache as a \"service object ID\" -> derived key map. If the call is succesful, exactly threshold keys will be returned.\n\t */\n\tasync getDerivedKeys({\n\t\tkemType = KemType.BonehFranklinBLS12381DemCCA,\n\t\tid,\n\t\ttxBytes,\n\t\tsessionKey,\n\t\tthreshold,\n\t}: {\n\t\tkemType?: KemType;\n\t\tid: string;\n\t\ttxBytes: Uint8Array;\n\t\tsessionKey: SessionKey;\n\t\tthreshold: number;\n\t}): Promise<Map<string, DerivedKey>> {\n\t\tswitch (kemType) {\n\t\t\tcase KemType.BonehFranklinBLS12381DemCCA:\n\t\t\t\tconst keyServers = await this.getKeyServers();\n\t\t\t\tif (threshold > this.#totalWeight) {\n\t\t\t\t\tthrow new InvalidThresholdError(\n\t\t\t\t\t\t`Invalid threshold ${threshold} for ${this.#totalWeight} servers`,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tawait this.fetchKeys({\n\t\t\t\t\tids: [id],\n\t\t\t\t\ttxBytes,\n\t\t\t\t\tsessionKey,\n\t\t\t\t\tthreshold,\n\t\t\t\t});\n\n\t\t\t\t// After calling fetchKeys, we can be sure that there are at least `threshold` of the required keys in the cache.\n\t\t\t\t// It is also checked there that the KeyServerType is BonehFranklinBLS12381 for all services.\n\n\t\t\t\tconst fullId = createFullId(sessionKey.getPackageId(), id);\n\n\t\t\t\tconst derivedKeys = new Map();\n\t\t\t\tlet weight = 0;\n\t\t\t\tfor (const objectId of keyServers.keys()) {\n\t\t\t\t\t// The code below assumes that the KeyServerType is BonehFranklinBLS12381.\n\t\t\t\t\tconst cachedKey = this.#cachedKeys.get(`${fullId}:${objectId}`);\n\t\t\t\t\tif (cachedKey) {\n\t\t\t\t\t\tderivedKeys.set(objectId, new BonehFranklinBLS12381DerivedKey(cachedKey));\n\t\t\t\t\t\tweight += this.#weight(objectId);\n\t\t\t\t\t\tif (weight >= threshold) {\n\t\t\t\t\t\t\t// We have enough keys, so we can stop.\n\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\treturn derivedKeys;\n\t\t}\n\t}\n}\n"],
5
+ "mappings": ";;;;;;;;AAAA;AAGA,SAAS,uBAAuB;AAChC,SAAS,WAAW,iBAAiB;AACrC,SAAS,eAAe;AAExB,SAAS,WAAW,kBAAkB;AACtC,SAAS,SAAS,SAAS,eAAe;AAC1C;AAAA,EACC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACM;AACP,SAAS,qCAAqC;AAC9C;AAAA,EACC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACM;AAEP,SAAS,0BAA0B;AAGnC,SAAS,cAAc,aAAa;AA2B7B,MAAM,cAAN,MAAM,YAAW;AAAA,EAUvB,YAAY,SAA4B;AAVlC;AACN;AACA;AACA,oCAAsD;AACtD;AAEA;AAAA,oCAAc,oBAAI,IAA4B;AAC9C;AACA;AAGC,uBAAK,YAAa,QAAQ;AAE1B,QACC,IAAI,IAAI,QAAQ,cAAc,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,SAAS,QAAQ,cAAc,QACpF;AACD,YAAM,IAAI,0BAA0B,sBAAsB;AAAA,IAC3D;AAEA,QACC,QAAQ,cAAc,KAAK,CAAC,MAAO,EAAE,cAAc,CAAC,EAAE,UAAY,CAAC,EAAE,cAAc,EAAE,MAAO,GAC3F;AACD,YAAM,IAAI;AAAA,QACT;AAAA,MACD;AAAA,IACD;AAEA,uBAAK,UAAW,IAAI,IAAI,QAAQ,cAAc,IAAI,CAAC,WAAW,CAAC,OAAO,UAAU,MAAM,CAAC,CAAC;AACxF,uBAAK,cAAe,QAAQ,cAC1B,IAAI,CAAC,WAAW,OAAO,MAAM,EAC7B,OAAO,CAAC,KAAK,SAAS,MAAM,MAAM,CAAC;AAErC,uBAAK,mBAAoB,QAAQ,oBAAoB;AACrD,uBAAK,UAAW,QAAQ,WAAW;AAAA,EACpC;AAAA,EAEA,OAAO,+BAA+B,SAAqC;AAC1E,WAAO;AAAA,MACN,MAAM;AAAA,MACN,UAAU,CAAC,WAAiC;AAC3C,eAAO,IAAI,YAAW;AAAA,UACrB,WAAW;AAAA,UACX,GAAG;AAAA,QACJ,CAAC;AAAA,MACF;AAAA,IACD;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,MAAM,QAAQ;AAAA,IACb,UAAU,QAAQ;AAAA,IAClB,UAAU,QAAQ;AAAA,IAClB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,MAAM,IAAI,WAAW;AAAA,EACtB,GAQG;AAEF,WAAO,QAAQ;AAAA,MACd,YAAY,MAAM,sBAAK,iDAAL;AAAA,MAClB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,iBAAiB,sBAAK,iDAAL,WAA4B,SAAS,MAAM;AAAA,IAC7D,CAAC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAsBA,MAAM,QAAQ;AAAA,IACb;AAAA,IACA;AAAA,IACA;AAAA,EACD,GAIG;AACF,UAAM,kBAAkB,gBAAgB,MAAM,IAAI;AAElD,0BAAK,sDAAL,WACC,gBAAgB,SAAS,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,GACxC,gBAAgB;AAGjB,UAAM,KAAK,UAAU;AAAA,MACpB,KAAK,CAAC,gBAAgB,EAAE;AAAA,MACxB;AAAA,MACA;AAAA,MACA,WAAW,gBAAgB;AAAA,IAC5B,CAAC;AAED,WAAO,QAAQ,EAAE,iBAAiB,MAAM,mBAAK,aAAY,CAAC;AAAA,EAC3D;AAAA,EA0BA,MAAM,gBAAiD;AACtD,QAAI,CAAC,mBAAK,cAAa;AACtB,yBAAK,aAAc,sBAAK,0CAAL,WAAuB,MAAM,CAAC,UAAU;AAC1D,2BAAK,aAAc;AACnB,cAAM;AAAA,MACP,CAAC;AAAA,IACF;AACA,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAqDA,MAAM,UAAU;AAAA,IACf;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACD,GAKG;AACF,QAAI,YAAY,mBAAK,iBAAgB,YAAY,GAAG;AACnD,YAAM,IAAI;AAAA,QACT,qBAAqB,SAAS,yBAAyB,mBAAK,SAAQ;AAAA,MACrE;AAAA,IACD;AACA,UAAM,aAAa,MAAM,KAAK,cAAc;AAC5C,UAAM,UAAU,IAAI,IAAI,CAAC,OAAO,aAAa,WAAW,aAAa,GAAG,EAAE,CAAC;AAI3E,QAAI,kBAAkB;AACtB,UAAM,sBAAsB,CAAC;AAC7B,QAAI,4BAA4B;AAChC,eAAW,YAAY,WAAW,KAAK,GAAG;AACzC,UAAI,QAAQ,MAAM,CAAC,WAAW,mBAAK,aAAY,IAAI,GAAG,MAAM,IAAI,QAAQ,EAAE,CAAC,GAAG;AAC7E,2BAAmB,sBAAK,kCAAL,WAAa;AAAA,MACjC,OAAO;AACN,4BAAoB,KAAK,QAAQ;AACjC,qCAA6B,sBAAK,kCAAL,WAAa;AAAA,MAC3C;AAAA,IACD;AAGA,QAAI,mBAAmB,WAAW;AACjC;AAAA,IACD;AAGA,eAAW,YAAY,qBAAqB;AAC3C,YAAM,SAAS,WAAW,IAAI,QAAQ;AACtC,UAAI,OAAO,YAAY,cAAc,uBAAuB;AAC3D,cAAM,IAAI;AAAA,UACT,UAAU,OAAO,QAAQ,0BAA0B,OAAO,OAAO;AAAA,QAClE;AAAA,MACD;AAAA,IACD;AAEA,UAAM,OAAO,MAAM,WAAW,eAAe;AAC7C,UAAM,gBAAgB,MAAM,WAAW,oBAAoB,OAAO;AAElE,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,SAAkB,CAAC;AAEzB,UAAM,aAAa,oBAAoB,IAAI,OAAO,aAAa;AAC9D,YAAM,SAAS,WAAW,IAAI,QAAQ;AACtC,UAAI;AACH,cAAM,SAAS,mBAAK,UAAS,IAAI,QAAQ;AACzC,cAAM,UAAU,MAAM;AAAA,UACrB,OAAO;AAAA,UACP,cAAc;AAAA,UACd;AAAA,UACA,cAAc;AAAA,UACd;AAAA,UACA,mBAAK;AAAA,UACL,QAAQ;AAAA,UACR,QAAQ;AAAA,UACR,WAAW;AAAA,QACZ;AAEA,mBAAW,EAAE,QAAQ,IAAI,KAAK,SAAS;AACtC,gBAAM,aAAa,UAAU,UAAU,GAAG;AAC1C,cACC,CAAC,8BAA8B;AAAA,YAC9B;AAAA,YACA;AAAA,YACA,UAAU,UAAU,OAAO,EAAE;AAAA,UAC9B,GACC;AACD,oBAAQ,KAAK,0CAA0C,OAAO,QAAQ;AACtE;AAAA,UACD;AACA,6BAAK,aAAY,IAAI,GAAG,MAAM,IAAI,OAAO,QAAQ,IAAI,UAAU;AAAA,QAChE;AAIA,YAAI,QAAQ,MAAM,CAAC,WAAW,mBAAK,aAAY,IAAI,GAAG,MAAM,IAAI,OAAO,QAAQ,EAAE,CAAC,GAAG;AACpF,6BAAmB,sBAAK,kCAAL,WAAa;AAGhC,cAAI,mBAAmB,WAAW;AACjC,uBAAW,MAAM;AAAA,UAClB;AAAA,QACD;AAAA,MACD,SAAS,OAAO;AACf,YAAI,CAAC,WAAW,OAAO,SAAS;AAC/B,iBAAO,KAAK,KAAc;AAAA,QAC3B;AAAA,MACD,UAAE;AAED,qCAA6B,sBAAK,kCAAL,WAAa;AAC1C,YAAI,4BAA4B,YAAY,iBAAiB;AAC5D,qBAAW,MAAM,IAAI,mCAAmC,CAAC;AAAA,QAC1D;AAAA,MACD;AAAA,IACD,CAAC;AAED,UAAM,QAAQ,WAAW,UAAU;AAEnC,QAAI,kBAAkB,WAAW;AAChC,YAAM,gBAAgB,MAAM;AAAA,IAC7B;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,eAAe;AAAA,IACpB,UAAU,QAAQ;AAAA,IAClB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACD,GAMqC;AACpC,YAAQ,SAAS;AAAA,MAChB,KAAK,QAAQ;AACZ,cAAM,aAAa,MAAM,KAAK,cAAc;AAC5C,YAAI,YAAY,mBAAK,eAAc;AAClC,gBAAM,IAAI;AAAA,YACT,qBAAqB,SAAS,QAAQ,mBAAK,aAAY;AAAA,UACxD;AAAA,QACD;AACA,cAAM,KAAK,UAAU;AAAA,UACpB,KAAK,CAAC,EAAE;AAAA,UACR;AAAA,UACA;AAAA,UACA;AAAA,QACD,CAAC;AAKD,cAAM,SAAS,aAAa,WAAW,aAAa,GAAG,EAAE;AAEzD,cAAM,cAAc,oBAAI,IAAI;AAC5B,YAAI,SAAS;AACb,mBAAW,YAAY,WAAW,KAAK,GAAG;AAEzC,gBAAM,YAAY,mBAAK,aAAY,IAAI,GAAG,MAAM,IAAI,QAAQ,EAAE;AAC9D,cAAI,WAAW;AACd,wBAAY,IAAI,UAAU,IAAI,gCAAgC,SAAS,CAAC;AACxE,sBAAU,sBAAK,kCAAL,WAAa;AACvB,gBAAI,UAAU,WAAW;AAExB;AAAA,YACD;AAAA,UACD;AAAA,QACD;AACA,eAAO;AAAA,IACT;AAAA,EACD;AACD;AAzYC;AACA;AACA;AACA;AAEA;AACA;AACA;AARM;AAyFN,2BAAsB,SAAC,MAAe,MAAkB,KAAkC;AACzF,UAAQ,MAAM;AAAA,IACb,KAAK,QAAQ;AACZ,aAAO,IAAI,UAAU,MAAM,GAAG;AAAA,IAC/B,KAAK,QAAQ;AACZ,aAAO,IAAI,WAAW,MAAM,GAAG;AAAA,EACjC;AACD;AAuCA,YAAO,SAAC,UAAkB;AACzB,SAAO,mBAAK,UAAS,IAAI,QAAQ,GAAG,UAAU;AAC/C;AAEA,gCAA2B,SAAC,UAAoB,WAAmB;AAElE,MACC,SAAS,KAAK,CAAC,aAAa;AAC3B,UAAM,gBAAgB,sBAAK,kCAAL,WAAa;AACnC,WAAO,gBAAgB,KAAK,kBAAkB,MAAM,UAAU,QAAQ;AAAA,EACvE,CAAC,GACA;AACD,UAAM,IAAI;AAAA,MACT;AAAA,IACD;AAAA,EACD;AAEA,MAAI,YAAY,mBAAK,eAAc;AAClC,UAAM,IAAI;AAAA,MACT,qBAAqB,SAAS,QAAQ,mBAAK,aAAY;AAAA,IACxD;AAAA,EACD;AACD;AAgBM,2BAAsB,iBAAG;AAC9B,QAAM,aAAa,MAAM,KAAK,cAAc;AAC5C,QAAM,6BAA6B,CAAC;AACpC,aAAW,CAAC,UAAU,MAAM,KAAK,mBAAK,WAAU;AAC/C,UAAM,YAAY,WAAW,IAAI,QAAQ;AACzC,aAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACvC,iCAA2B,KAAK,SAAS;AAAA,IAC1C;AAAA,EACD;AACA,SAAO;AACR;AAEM,oBAAe,iBAAoC;AACxD,QAAM,aAAa,MAAM,mBAAmB;AAAA,IAC3C,WAAW,CAAC,GAAG,mBAAK,SAAQ,EAAE,IAAI,CAAC,CAAC,QAAQ,MAAM,QAAQ;AAAA,IAC1D,QAAQ,mBAAK;AAAA,EACd,CAAC;AAED,MAAI,WAAW,WAAW,GAAG;AAC5B,UAAM,IAAI,sBAAsB,sBAAsB;AAAA,EACvD;AAEA,MAAI,mBAAK,oBAAmB;AAC3B,UAAM,QAAQ;AAAA,MACb,WAAW,IAAI,OAAO,WAAW;AAChC,cAAM,SAAS,mBAAK,UAAS,IAAI,OAAO,QAAQ;AAChD,YAAI,CAAE,MAAM,gBAAgB,QAAQ,mBAAK,WAAU,QAAQ,YAAY,QAAQ,MAAM,GAAI;AACxF,gBAAM,IAAI,sBAAsB,cAAc,OAAO,QAAQ,eAAe;AAAA,QAC7E;AAAA,MACD,CAAC;AAAA,IACF;AAAA,EACD;AACA,SAAO,IAAI,IAAI,WAAW,IAAI,CAAC,WAAW,CAAC,OAAO,UAAU,MAAM,CAAC,CAAC;AACrE;AA9MM,IAAM,aAAN;",
6
6
  "names": []
7
7
  }