@mysten/seal 0.9.4 → 0.9.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +15 -0
- package/dist/cjs/decrypt.js +0 -2
- package/dist/cjs/decrypt.js.map +2 -2
- package/dist/cjs/dem.d.ts +6 -0
- package/dist/cjs/dem.js.map +2 -2
- package/dist/cjs/encrypt.d.ts +1 -1
- package/dist/cjs/encrypt.js +2 -2
- package/dist/cjs/encrypt.js.map +2 -2
- package/dist/cjs/ibe.d.ts +2 -1
- package/dist/cjs/ibe.js +2 -1
- package/dist/cjs/ibe.js.map +2 -2
- package/dist/cjs/kdf.d.ts +1 -1
- package/dist/cjs/kdf.js +23 -4
- package/dist/cjs/kdf.js.map +2 -2
- package/dist/cjs/shamir.d.ts +13 -1
- package/dist/cjs/shamir.js +10 -6
- package/dist/cjs/shamir.js.map +2 -2
- package/dist/cjs/utils.d.ts +6 -0
- package/dist/cjs/utils.js +6 -0
- package/dist/cjs/utils.js.map +2 -2
- package/dist/cjs/version.d.ts +1 -1
- package/dist/cjs/version.js +1 -1
- package/dist/cjs/version.js.map +1 -1
- package/dist/esm/decrypt.js +0 -2
- package/dist/esm/decrypt.js.map +2 -2
- package/dist/esm/dem.d.ts +6 -0
- package/dist/esm/dem.js.map +2 -2
- package/dist/esm/encrypt.d.ts +1 -1
- package/dist/esm/encrypt.js +2 -2
- package/dist/esm/encrypt.js.map +2 -2
- package/dist/esm/ibe.d.ts +2 -1
- package/dist/esm/ibe.js +2 -1
- package/dist/esm/ibe.js.map +2 -2
- package/dist/esm/kdf.d.ts +1 -1
- package/dist/esm/kdf.js +30 -5
- package/dist/esm/kdf.js.map +2 -2
- package/dist/esm/shamir.d.ts +13 -1
- package/dist/esm/shamir.js +10 -6
- package/dist/esm/shamir.js.map +2 -2
- package/dist/esm/utils.d.ts +6 -0
- package/dist/esm/utils.js +6 -0
- package/dist/esm/utils.js.map +2 -2
- package/dist/esm/version.d.ts +1 -1
- package/dist/esm/version.js +1 -1
- package/dist/esm/version.js.map +1 -1
- package/dist/tsconfig.esm.tsbuildinfo +1 -1
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/package.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,20 @@
|
|
|
1
1
|
# @mysten/seal
|
|
2
2
|
|
|
3
|
+
## 0.9.6
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- Updated dependencies [29e8b92]
|
|
8
|
+
- @mysten/sui@1.45.2
|
|
9
|
+
|
|
10
|
+
## 0.9.5
|
|
11
|
+
|
|
12
|
+
### Patch Changes
|
|
13
|
+
|
|
14
|
+
- 2a0d7e5: More input validation and add missing docs
|
|
15
|
+
- Updated dependencies [e3811f1]
|
|
16
|
+
- @mysten/sui@1.45.1
|
|
17
|
+
|
|
3
18
|
## 0.9.4
|
|
4
19
|
|
|
5
20
|
### Patch Changes
|
package/dist/cjs/decrypt.js
CHANGED
|
@@ -102,8 +102,6 @@ async function decrypt({
|
|
|
102
102
|
return import_dem.AesGcm256.decrypt(demKey, encryptedObject.ciphertext);
|
|
103
103
|
} else if (encryptedObject.ciphertext.Hmac256Ctr) {
|
|
104
104
|
return import_dem.Hmac256Ctr.decrypt(demKey, encryptedObject.ciphertext);
|
|
105
|
-
} else if (encryptedObject.ciphertext.Plain) {
|
|
106
|
-
return demKey;
|
|
107
105
|
} else {
|
|
108
106
|
throw new import_error.InvalidCiphertextError("Invalid ciphertext type");
|
|
109
107
|
}
|
package/dist/cjs/decrypt.js.map
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../src/decrypt.ts"],
|
|
4
|
-
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\n\nimport type { EncryptedObject } from './bcs.js';\nimport type { G1Element } from './bls12381.js';\nimport { G2Element } from './bls12381.js';\nimport { AesGcm256, Hmac256Ctr } from './dem.js';\nimport { InvalidCiphertextError, UnsupportedFeatureError } from './error.js';\nimport {\n\tBonehFranklinBLS12381Services,\n\tdecryptRandomness,\n\tverifyNonce,\n\tverifyNonceWithLE,\n} from './ibe.js';\nimport { deriveKey, KeyPurpose } from './kdf.js';\nimport type { KeyCacheKey } from './types.js';\nimport { createFullId, equals } from './utils.js';\nimport { combine, interpolate } from './shamir.js';\n\nexport interface DecryptOptions {\n\tencryptedObject: typeof EncryptedObject.$inferType;\n\tkeys: Map<KeyCacheKey, G1Element>;\n\tpublicKeys?: G2Element[];\n\tcheckLEEncoding?: boolean;\n}\n\n/**\n * Decrypt the given encrypted bytes with the given cached secret keys for the full ID.\n * It's assumed that fetchKeys has been called to fetch the secret keys for enough key servers\n * otherwise, this will throw an error.\n * Also, it's assumed that the keys were verified by the caller.\n *\n * If publicKeys are provided, the decrypted shares are checked for consistency, meaning that\n * any combination of at least threshold shares should either succesfully combine to the plaintext or fail.\n *\n * @returns - The decrypted plaintext corresponding to ciphertext.\n */\nexport async function decrypt({\n\tencryptedObject,\n\tkeys,\n\tpublicKeys,\n\tcheckLEEncoding,\n}: DecryptOptions): Promise<Uint8Array> {\n\tif (!encryptedObject.encryptedShares.BonehFranklinBLS12381) {\n\t\tthrow new UnsupportedFeatureError('Encryption mode not supported');\n\t}\n\n\tconst fullId = createFullId(encryptedObject.packageId, encryptedObject.id);\n\n\t// Get the indices of the service whose keys are in the keystore.\n\tconst inKeystore = encryptedObject.services\n\t\t.map((_, i) => i)\n\t\t.filter((i) => keys.has(`${fullId}:${encryptedObject.services[i][0]}`));\n\n\tif (inKeystore.length < encryptedObject.threshold) {\n\t\tthrow new Error('Not enough shares. Please fetch more keys.');\n\t}\n\n\tconst encryptedShares = encryptedObject.encryptedShares.BonehFranklinBLS12381.encryptedShares;\n\tif (encryptedShares.length !== encryptedObject.services.length) {\n\t\tthrow new InvalidCiphertextError(\n\t\t\t`Mismatched shares ${encryptedShares.length} and services ${encryptedObject.services.length}`,\n\t\t);\n\t}\n\n\tconst nonce = G2Element.fromBytes(encryptedObject.encryptedShares.BonehFranklinBLS12381.nonce);\n\n\t// Decrypt each share.\n\tconst shares = inKeystore.map((i) => {\n\t\tconst [objectId, index] = encryptedObject.services[i];\n\t\t// Use the index as the unique info parameter to allow for multiple shares per key server.\n\t\tconst share = BonehFranklinBLS12381Services.decrypt(\n\t\t\tnonce,\n\t\t\tkeys.get(`${fullId}:${objectId}`)!,\n\t\t\tencryptedShares[i],\n\t\t\tfromHex(fullId),\n\t\t\t[objectId, index],\n\t\t) as Uint8Array<ArrayBuffer>;\n\t\treturn { index, share };\n\t});\n\n\t// Combine the decrypted shares into the key\n\tconst baseKey = combine(shares);\n\n\t// Decrypt randomness\n\tconst randomnessKey = deriveKey(\n\t\tKeyPurpose.EncryptedRandomness,\n\t\tbaseKey,\n\t\tencryptedShares,\n\t\tencryptedObject.threshold,\n\t\tencryptedObject.services.map(([objectIds, _]) => objectIds),\n\t);\n\tconst randomness = decryptRandomness(\n\t\tencryptedObject.encryptedShares.BonehFranklinBLS12381.encryptedRandomness,\n\t\trandomnessKey,\n\t);\n\n\t// Verify that the nonce was created with the randomness.\n\tif (!(checkLEEncoding ? verifyNonceWithLE(nonce, randomness) : verifyNonce(nonce, randomness))) {\n\t\tthrow new InvalidCiphertextError('Invalid nonce');\n\t}\n\n\t// If public keys are provided, check consistency of the shares.\n\tconst checkShareConsistency = publicKeys !== undefined;\n\tif (checkShareConsistency) {\n\t\tconst polynomial = interpolate(shares);\n\t\tconst allShares = BonehFranklinBLS12381Services.decryptAllSharesUsingRandomness(\n\t\t\trandomness,\n\t\t\tencryptedShares,\n\t\t\tencryptedObject.services,\n\t\t\tpublicKeys,\n\t\t\tnonce,\n\t\t\tfromHex(fullId),\n\t\t);\n\t\tif (allShares.some(({ index, share }) => !equals(polynomial(index), share))) {\n\t\t\tthrow new InvalidCiphertextError('Invalid shares');\n\t\t}\n\t}\n\n\t// Derive the DEM key\n\tconst demKey = deriveKey(\n\t\tKeyPurpose.DEM,\n\t\tbaseKey,\n\t\tencryptedShares,\n\t\tencryptedObject.threshold,\n\t\tencryptedObject.services.map(([objectId, _]) => objectId),\n\t);\n\n\t// Decrypt the ciphertext\n\tif (encryptedObject.ciphertext.Aes256Gcm) {\n\t\treturn AesGcm256.decrypt(demKey, encryptedObject.ciphertext);\n\t} else if (encryptedObject.ciphertext.Hmac256Ctr) {\n\t\treturn Hmac256Ctr.decrypt(demKey, encryptedObject.ciphertext);\n\t} else
|
|
5
|
-
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAwB;AAIxB,sBAA0B;AAC1B,iBAAsC;AACtC,mBAAgE;AAChE,iBAKO;AACP,iBAAsC;AAEtC,mBAAqC;AACrC,oBAAqC;AAoBrC,eAAsB,QAAQ;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACD,GAAwC;AACvC,MAAI,CAAC,gBAAgB,gBAAgB,uBAAuB;AAC3D,UAAM,IAAI,qCAAwB,+BAA+B;AAAA,EAClE;AAEA,QAAM,aAAS,2BAAa,gBAAgB,WAAW,gBAAgB,EAAE;AAGzE,QAAM,aAAa,gBAAgB,SACjC,IAAI,CAAC,GAAG,MAAM,CAAC,EACf,OAAO,CAAC,MAAM,KAAK,IAAI,GAAG,MAAM,IAAI,gBAAgB,SAAS,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;AAEvE,MAAI,WAAW,SAAS,gBAAgB,WAAW;AAClD,UAAM,IAAI,MAAM,4CAA4C;AAAA,EAC7D;AAEA,QAAM,kBAAkB,gBAAgB,gBAAgB,sBAAsB;AAC9E,MAAI,gBAAgB,WAAW,gBAAgB,SAAS,QAAQ;AAC/D,UAAM,IAAI;AAAA,MACT,qBAAqB,gBAAgB,MAAM,iBAAiB,gBAAgB,SAAS,MAAM;AAAA,IAC5F;AAAA,EACD;AAEA,QAAM,QAAQ,0BAAU,UAAU,gBAAgB,gBAAgB,sBAAsB,KAAK;AAG7F,QAAM,SAAS,WAAW,IAAI,CAAC,MAAM;AACpC,UAAM,CAAC,UAAU,KAAK,IAAI,gBAAgB,SAAS,CAAC;AAEpD,UAAM,QAAQ,yCAA8B;AAAA,MAC3C;AAAA,MACA,KAAK,IAAI,GAAG,MAAM,IAAI,QAAQ,EAAE;AAAA,MAChC,gBAAgB,CAAC;AAAA,UACjB,oBAAQ,MAAM;AAAA,MACd,CAAC,UAAU,KAAK;AAAA,IACjB;AACA,WAAO,EAAE,OAAO,MAAM;AAAA,EACvB,CAAC;AAGD,QAAM,cAAU,uBAAQ,MAAM;AAG9B,QAAM,oBAAgB;AAAA,IACrB,sBAAW;AAAA,IACX;AAAA,IACA;AAAA,IACA,gBAAgB;AAAA,IAChB,gBAAgB,SAAS,IAAI,CAAC,CAAC,WAAW,CAAC,MAAM,SAAS;AAAA,EAC3D;AACA,QAAM,iBAAa;AAAA,IAClB,gBAAgB,gBAAgB,sBAAsB;AAAA,IACtD;AAAA,EACD;AAGA,MAAI,EAAE,sBAAkB,8BAAkB,OAAO,UAAU,QAAI,wBAAY,OAAO,UAAU,IAAI;AAC/F,UAAM,IAAI,oCAAuB,eAAe;AAAA,EACjD;AAGA,QAAM,wBAAwB,eAAe;AAC7C,MAAI,uBAAuB;AAC1B,UAAM,iBAAa,2BAAY,MAAM;AACrC,UAAM,YAAY,yCAA8B;AAAA,MAC/C;AAAA,MACA;AAAA,MACA,gBAAgB;AAAA,MAChB;AAAA,MACA;AAAA,UACA,oBAAQ,MAAM;AAAA,IACf;AACA,QAAI,UAAU,KAAK,CAAC,EAAE,OAAO,MAAM,MAAM,KAAC,qBAAO,WAAW,KAAK,GAAG,KAAK,CAAC,GAAG;AAC5E,YAAM,IAAI,oCAAuB,gBAAgB;AAAA,IAClD;AAAA,EACD;AAGA,QAAM,aAAS;AAAA,IACd,sBAAW;AAAA,IACX;AAAA,IACA;AAAA,IACA,gBAAgB;AAAA,IAChB,gBAAgB,SAAS,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,QAAQ;AAAA,EACzD;AAGA,MAAI,gBAAgB,WAAW,WAAW;AACzC,WAAO,qBAAU,QAAQ,QAAQ,gBAAgB,UAAU;AAAA,EAC5D,WAAW,gBAAgB,WAAW,YAAY;AACjD,WAAO,sBAAW,QAAQ,QAAQ,gBAAgB,UAAU;AAAA,EAC7D,
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\n\nimport type { EncryptedObject } from './bcs.js';\nimport type { G1Element } from './bls12381.js';\nimport { G2Element } from './bls12381.js';\nimport { AesGcm256, Hmac256Ctr } from './dem.js';\nimport { InvalidCiphertextError, UnsupportedFeatureError } from './error.js';\nimport {\n\tBonehFranklinBLS12381Services,\n\tdecryptRandomness,\n\tverifyNonce,\n\tverifyNonceWithLE,\n} from './ibe.js';\nimport { deriveKey, KeyPurpose } from './kdf.js';\nimport type { KeyCacheKey } from './types.js';\nimport { createFullId, equals } from './utils.js';\nimport { combine, interpolate } from './shamir.js';\n\nexport interface DecryptOptions {\n\tencryptedObject: typeof EncryptedObject.$inferType;\n\tkeys: Map<KeyCacheKey, G1Element>;\n\tpublicKeys?: G2Element[];\n\tcheckLEEncoding?: boolean;\n}\n\n/**\n * Decrypt the given encrypted bytes with the given cached secret keys for the full ID.\n * It's assumed that fetchKeys has been called to fetch the secret keys for enough key servers\n * otherwise, this will throw an error.\n * Also, it's assumed that the keys were verified by the caller.\n *\n * If publicKeys are provided, the decrypted shares are checked for consistency, meaning that\n * any combination of at least threshold shares should either succesfully combine to the plaintext or fail.\n *\n * @returns - The decrypted plaintext corresponding to ciphertext.\n */\nexport async function decrypt({\n\tencryptedObject,\n\tkeys,\n\tpublicKeys,\n\tcheckLEEncoding,\n}: DecryptOptions): Promise<Uint8Array> {\n\tif (!encryptedObject.encryptedShares.BonehFranklinBLS12381) {\n\t\tthrow new UnsupportedFeatureError('Encryption mode not supported');\n\t}\n\n\tconst fullId = createFullId(encryptedObject.packageId, encryptedObject.id);\n\n\t// Get the indices of the service whose keys are in the keystore.\n\tconst inKeystore = encryptedObject.services\n\t\t.map((_, i) => i)\n\t\t.filter((i) => keys.has(`${fullId}:${encryptedObject.services[i][0]}`));\n\n\tif (inKeystore.length < encryptedObject.threshold) {\n\t\tthrow new Error('Not enough shares. Please fetch more keys.');\n\t}\n\n\tconst encryptedShares = encryptedObject.encryptedShares.BonehFranklinBLS12381.encryptedShares;\n\tif (encryptedShares.length !== encryptedObject.services.length) {\n\t\tthrow new InvalidCiphertextError(\n\t\t\t`Mismatched shares ${encryptedShares.length} and services ${encryptedObject.services.length}`,\n\t\t);\n\t}\n\n\tconst nonce = G2Element.fromBytes(encryptedObject.encryptedShares.BonehFranklinBLS12381.nonce);\n\n\t// Decrypt each share.\n\tconst shares = inKeystore.map((i) => {\n\t\tconst [objectId, index] = encryptedObject.services[i];\n\t\t// Use the index as the unique info parameter to allow for multiple shares per key server.\n\t\tconst share = BonehFranklinBLS12381Services.decrypt(\n\t\t\tnonce,\n\t\t\tkeys.get(`${fullId}:${objectId}`)!,\n\t\t\tencryptedShares[i],\n\t\t\tfromHex(fullId),\n\t\t\t[objectId, index],\n\t\t) as Uint8Array<ArrayBuffer>;\n\t\treturn { index, share };\n\t});\n\n\t// Combine the decrypted shares into the key\n\tconst baseKey = combine(shares);\n\n\t// Decrypt randomness\n\tconst randomnessKey = deriveKey(\n\t\tKeyPurpose.EncryptedRandomness,\n\t\tbaseKey,\n\t\tencryptedShares,\n\t\tencryptedObject.threshold,\n\t\tencryptedObject.services.map(([objectIds, _]) => objectIds),\n\t);\n\tconst randomness = decryptRandomness(\n\t\tencryptedObject.encryptedShares.BonehFranklinBLS12381.encryptedRandomness,\n\t\trandomnessKey,\n\t);\n\n\t// Verify that the nonce was created with the randomness.\n\tif (!(checkLEEncoding ? verifyNonceWithLE(nonce, randomness) : verifyNonce(nonce, randomness))) {\n\t\tthrow new InvalidCiphertextError('Invalid nonce');\n\t}\n\n\t// If public keys are provided, check consistency of the shares.\n\tconst checkShareConsistency = publicKeys !== undefined;\n\tif (checkShareConsistency) {\n\t\tconst polynomial = interpolate(shares);\n\t\tconst allShares = BonehFranklinBLS12381Services.decryptAllSharesUsingRandomness(\n\t\t\trandomness,\n\t\t\tencryptedShares,\n\t\t\tencryptedObject.services,\n\t\t\tpublicKeys,\n\t\t\tnonce,\n\t\t\tfromHex(fullId),\n\t\t);\n\t\tif (allShares.some(({ index, share }) => !equals(polynomial(index), share))) {\n\t\t\tthrow new InvalidCiphertextError('Invalid shares');\n\t\t}\n\t}\n\n\t// Derive the DEM key\n\tconst demKey = deriveKey(\n\t\tKeyPurpose.DEM,\n\t\tbaseKey,\n\t\tencryptedShares,\n\t\tencryptedObject.threshold,\n\t\tencryptedObject.services.map(([objectId, _]) => objectId),\n\t);\n\n\t// Decrypt the ciphertext\n\tif (encryptedObject.ciphertext.Aes256Gcm) {\n\t\treturn AesGcm256.decrypt(demKey, encryptedObject.ciphertext);\n\t} else if (encryptedObject.ciphertext.Hmac256Ctr) {\n\t\treturn Hmac256Ctr.decrypt(demKey, encryptedObject.ciphertext);\n\t} else {\n\t\tthrow new InvalidCiphertextError('Invalid ciphertext type');\n\t}\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAwB;AAIxB,sBAA0B;AAC1B,iBAAsC;AACtC,mBAAgE;AAChE,iBAKO;AACP,iBAAsC;AAEtC,mBAAqC;AACrC,oBAAqC;AAoBrC,eAAsB,QAAQ;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACD,GAAwC;AACvC,MAAI,CAAC,gBAAgB,gBAAgB,uBAAuB;AAC3D,UAAM,IAAI,qCAAwB,+BAA+B;AAAA,EAClE;AAEA,QAAM,aAAS,2BAAa,gBAAgB,WAAW,gBAAgB,EAAE;AAGzE,QAAM,aAAa,gBAAgB,SACjC,IAAI,CAAC,GAAG,MAAM,CAAC,EACf,OAAO,CAAC,MAAM,KAAK,IAAI,GAAG,MAAM,IAAI,gBAAgB,SAAS,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;AAEvE,MAAI,WAAW,SAAS,gBAAgB,WAAW;AAClD,UAAM,IAAI,MAAM,4CAA4C;AAAA,EAC7D;AAEA,QAAM,kBAAkB,gBAAgB,gBAAgB,sBAAsB;AAC9E,MAAI,gBAAgB,WAAW,gBAAgB,SAAS,QAAQ;AAC/D,UAAM,IAAI;AAAA,MACT,qBAAqB,gBAAgB,MAAM,iBAAiB,gBAAgB,SAAS,MAAM;AAAA,IAC5F;AAAA,EACD;AAEA,QAAM,QAAQ,0BAAU,UAAU,gBAAgB,gBAAgB,sBAAsB,KAAK;AAG7F,QAAM,SAAS,WAAW,IAAI,CAAC,MAAM;AACpC,UAAM,CAAC,UAAU,KAAK,IAAI,gBAAgB,SAAS,CAAC;AAEpD,UAAM,QAAQ,yCAA8B;AAAA,MAC3C;AAAA,MACA,KAAK,IAAI,GAAG,MAAM,IAAI,QAAQ,EAAE;AAAA,MAChC,gBAAgB,CAAC;AAAA,UACjB,oBAAQ,MAAM;AAAA,MACd,CAAC,UAAU,KAAK;AAAA,IACjB;AACA,WAAO,EAAE,OAAO,MAAM;AAAA,EACvB,CAAC;AAGD,QAAM,cAAU,uBAAQ,MAAM;AAG9B,QAAM,oBAAgB;AAAA,IACrB,sBAAW;AAAA,IACX;AAAA,IACA;AAAA,IACA,gBAAgB;AAAA,IAChB,gBAAgB,SAAS,IAAI,CAAC,CAAC,WAAW,CAAC,MAAM,SAAS;AAAA,EAC3D;AACA,QAAM,iBAAa;AAAA,IAClB,gBAAgB,gBAAgB,sBAAsB;AAAA,IACtD;AAAA,EACD;AAGA,MAAI,EAAE,sBAAkB,8BAAkB,OAAO,UAAU,QAAI,wBAAY,OAAO,UAAU,IAAI;AAC/F,UAAM,IAAI,oCAAuB,eAAe;AAAA,EACjD;AAGA,QAAM,wBAAwB,eAAe;AAC7C,MAAI,uBAAuB;AAC1B,UAAM,iBAAa,2BAAY,MAAM;AACrC,UAAM,YAAY,yCAA8B;AAAA,MAC/C;AAAA,MACA;AAAA,MACA,gBAAgB;AAAA,MAChB;AAAA,MACA;AAAA,UACA,oBAAQ,MAAM;AAAA,IACf;AACA,QAAI,UAAU,KAAK,CAAC,EAAE,OAAO,MAAM,MAAM,KAAC,qBAAO,WAAW,KAAK,GAAG,KAAK,CAAC,GAAG;AAC5E,YAAM,IAAI,oCAAuB,gBAAgB;AAAA,IAClD;AAAA,EACD;AAGA,QAAM,aAAS;AAAA,IACd,sBAAW;AAAA,IACX;AAAA,IACA;AAAA,IACA,gBAAgB;AAAA,IAChB,gBAAgB,SAAS,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,QAAQ;AAAA,EACzD;AAGA,MAAI,gBAAgB,WAAW,WAAW;AACzC,WAAO,qBAAU,QAAQ,QAAQ,gBAAgB,UAAU;AAAA,EAC5D,WAAW,gBAAgB,WAAW,YAAY;AACjD,WAAO,sBAAW,QAAQ,QAAQ,gBAAgB,UAAU;AAAA,EAC7D,OAAO;AACN,UAAM,IAAI,oCAAuB,yBAAyB;AAAA,EAC3D;AACD;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|
package/dist/cjs/dem.d.ts
CHANGED
|
@@ -1,9 +1,15 @@
|
|
|
1
1
|
import type { Ciphertext } from './bcs.js';
|
|
2
2
|
export declare const iv: Uint8Array<ArrayBuffer>;
|
|
3
|
+
/**
|
|
4
|
+
* An interface for supported DEMs.
|
|
5
|
+
*/
|
|
3
6
|
export interface EncryptionInput {
|
|
4
7
|
encrypt(key: Uint8Array): Promise<typeof Ciphertext.$inferInput>;
|
|
5
8
|
generateKey(): Promise<Uint8Array<ArrayBuffer>>;
|
|
6
9
|
}
|
|
10
|
+
/**
|
|
11
|
+
* AES-GCM encryption.
|
|
12
|
+
*/
|
|
7
13
|
export declare class AesGcm256 implements EncryptionInput {
|
|
8
14
|
readonly plaintext: Uint8Array<ArrayBuffer>;
|
|
9
15
|
readonly aad: Uint8Array<ArrayBuffer>;
|
package/dist/cjs/dem.js.map
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../src/dem.ts"],
|
|
4
|
-
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { bcs } from '@mysten/bcs';\nimport { equalBytes } from '@noble/curves/abstract/utils';\nimport { hmac } from '@noble/hashes/hmac';\nimport { sha3_256 } from '@noble/hashes/sha3';\n\nimport type { Ciphertext } from './bcs.js';\nimport { DecryptionError, InvalidCiphertextError } from './error.js';\nimport { flatten, xorUnchecked } from './utils.js';\n\n// Use a fixed IV for AES. This is okay because the key is unique for each message.\nexport const iv = Uint8Array.from([\n\t138, 55, 153, 253, 198, 46, 121, 219, 160, 128, 89, 7, 214, 156, 148, 220,\n]);\n\nasync function generateAesKey(): Promise<Uint8Array<ArrayBuffer>> {\n\tconst key = await crypto.subtle.generateKey(\n\t\t{\n\t\t\tname: 'AES-GCM',\n\t\t\tlength: 256,\n\t\t},\n\t\ttrue,\n\t\t['encrypt', 'decrypt'],\n\t);\n\treturn await crypto.subtle.exportKey('raw', key).then((keyData) => new Uint8Array(keyData));\n}\n\nexport interface EncryptionInput {\n\tencrypt(key: Uint8Array): Promise<typeof Ciphertext.$inferInput>;\n\tgenerateKey(): Promise<Uint8Array<ArrayBuffer>>;\n}\n\nexport class AesGcm256 implements EncryptionInput {\n\treadonly plaintext: Uint8Array<ArrayBuffer>;\n\treadonly aad: Uint8Array<ArrayBuffer>;\n\n\tconstructor(msg: Uint8Array<ArrayBuffer>, aad: Uint8Array<ArrayBuffer>) {\n\t\tthis.plaintext = msg;\n\t\tthis.aad = aad;\n\t}\n\n\tgenerateKey(): Promise<Uint8Array<ArrayBuffer>> {\n\t\t// generate a random key\n\t\treturn generateAesKey();\n\t}\n\n\tasync encrypt(key: Uint8Array): Promise<typeof Ciphertext.$inferInput> {\n\t\tif (key.length !== 32) {\n\t\t\tthrow new Error('Key must be 32 bytes');\n\t\t}\n\t\tconst aesCryptoKey = await crypto.subtle.importKey(\n\t\t\t'raw',\n\t\t\tkey as BufferSource,\n\t\t\t'AES-GCM',\n\t\t\tfalse,\n\t\t\t['encrypt'],\n\t\t);\n\n\t\tconst blob = new Uint8Array(\n\t\t\tawait crypto.subtle.encrypt(\n\t\t\t\t{\n\t\t\t\t\tname: 'AES-GCM',\n\t\t\t\t\tiv,\n\t\t\t\t\tadditionalData: this.aad as BufferSource,\n\t\t\t\t},\n\t\t\t\taesCryptoKey,\n\t\t\t\tthis.plaintext as BufferSource,\n\t\t\t),\n\t\t);\n\n\t\treturn {\n\t\t\tAes256Gcm: {\n\t\t\t\tblob,\n\t\t\t\taad: this.aad ?? [],\n\t\t\t},\n\t\t};\n\t}\n\n\tstatic async decrypt(\n\t\tkey: Uint8Array,\n\t\tciphertext: typeof Ciphertext.$inferInput,\n\t): Promise<Uint8Array> {\n\t\tif (!('Aes256Gcm' in ciphertext)) {\n\t\t\tthrow new InvalidCiphertextError(`Invalid ciphertext ${JSON.stringify(ciphertext)}`);\n\t\t}\n\t\tif (key.length !== 32) {\n\t\t\tthrow new Error('Key must be 32 bytes');\n\t\t}\n\n\t\ttry {\n\t\t\tconst aesCryptoKey = await crypto.subtle.importKey(\n\t\t\t\t'raw',\n\t\t\t\tkey as BufferSource,\n\t\t\t\t'AES-GCM',\n\t\t\t\tfalse,\n\t\t\t\t['decrypt'],\n\t\t\t);\n\t\t\treturn new Uint8Array(\n\t\t\t\tawait crypto.subtle.decrypt(\n\t\t\t\t\t{\n\t\t\t\t\t\tname: 'AES-GCM',\n\t\t\t\t\t\tiv,\n\t\t\t\t\t\tadditionalData: new Uint8Array(ciphertext.Aes256Gcm.aad ?? []),\n\t\t\t\t\t},\n\t\t\t\t\taesCryptoKey,\n\t\t\t\t\tnew Uint8Array(ciphertext.Aes256Gcm.blob),\n\t\t\t\t),\n\t\t\t);\n\t\t} catch {\n\t\t\tthrow new DecryptionError(`Decryption failed`);\n\t\t}\n\t}\n}\n\n/**\n * Authenticated encryption using CTR mode with HMAC-SHA3-256 as a PRF.\n * 1. Derive an encryption key, <i>k<sub>1</sub> = <b>hmac</b>(key, 1)</i>.\n * 2. Chunk the message into blocks of 32 bytes, <i>m = m<sub>1</sub> || ... || m<sub>n</sub></i>.\n * 3. Let the ciphertext be defined by <i>c = c<sub>1</sub> || ... || c<sub>n</sub></i> where <i>c<sub>i</sub> = m<sub>i</sub> \u2295 <b>hmac</b>(k<sub>1</sub>, i)</i>.\n * 4. Compute a MAC over the AAD and the ciphertext, <i>mac = <b>hmac</b>(k<sub>2</sub>, aad || c) where k<sub>2</sub> = <b>hmac</b>(key, 2)</i>.\n * 5. Return <i>mac || aad || c</i>.\n */\nexport class Hmac256Ctr implements EncryptionInput {\n\treadonly plaintext: Uint8Array<ArrayBuffer>;\n\treadonly aad: Uint8Array<ArrayBuffer>;\n\n\tconstructor(msg: Uint8Array<ArrayBuffer>, aad: Uint8Array<ArrayBuffer>) {\n\t\tthis.plaintext = msg;\n\t\tthis.aad = aad;\n\t}\n\n\tgenerateKey(): Promise<Uint8Array<ArrayBuffer>> {\n\t\t// generate a random key\n\t\treturn generateAesKey();\n\t}\n\n\tasync encrypt(key: Uint8Array): Promise<typeof Ciphertext.$inferInput> {\n\t\tconst blob = Hmac256Ctr.encryptInCtrMode(key, this.plaintext);\n\t\tconst mac = Hmac256Ctr.computeMac(key, this.aad, blob);\n\t\treturn {\n\t\t\tHmac256Ctr: {\n\t\t\t\tblob,\n\t\t\t\tmac,\n\t\t\t\taad: this.aad ?? [],\n\t\t\t},\n\t\t};\n\t}\n\n\tstatic async decrypt(\n\t\tkey: Uint8Array,\n\t\tciphertext: typeof Ciphertext.$inferInput,\n\t): Promise<Uint8Array> {\n\t\tif (!('Hmac256Ctr' in ciphertext)) {\n\t\t\tthrow new InvalidCiphertextError(`Invalid ciphertext ${JSON.stringify(ciphertext)}`);\n\t\t}\n\t\tif (key.length !== 32) {\n\t\t\tthrow new Error('Key must be 32 bytes');\n\t\t}\n\t\tconst aad = new Uint8Array(ciphertext.Hmac256Ctr.aad ?? []);\n\t\tconst blob = new Uint8Array(ciphertext.Hmac256Ctr.blob);\n\t\tconst mac = Hmac256Ctr.computeMac(key, aad, blob);\n\t\tif (!equalBytes(mac, new Uint8Array(ciphertext.Hmac256Ctr.mac))) {\n\t\t\tthrow new DecryptionError(`Invalid MAC ${mac}`);\n\t\t}\n\t\treturn Hmac256Ctr.encryptInCtrMode(key, blob);\n\t}\n\n\tprivate static computeMac(key: Uint8Array, aad: Uint8Array, ciphertext: Uint8Array): Uint8Array {\n\t\tconst macInput = flatten([MacKeyTag, toBytes(aad.length), aad, ciphertext]);\n\t\tconst mac = hmac(sha3_256, key, macInput);\n\t\treturn mac;\n\t}\n\n\tprivate static encryptInCtrMode(key: Uint8Array, msg: Uint8Array): Uint8Array {\n\t\tconst blockSize = 32;\n\t\tconst result = new Uint8Array(msg.length);\n\t\tfor (let i = 0; i * blockSize < msg.length; i++) {\n\t\t\tconst block = msg.subarray(i * blockSize, (i + 1) * blockSize);\n\t\t\tconst mask = hmac(sha3_256, key, flatten([EncryptionKeyTag, toBytes(i)]));\n\t\t\tconst encryptedBlock = xorUnchecked(block, mask);\n\t\t\tresult.set(encryptedBlock, i * blockSize);\n\t\t}\n\t\treturn result;\n\t}\n}\n\n/**\n * Convert a u64 to bytes using little-endian representation.\n */\nfunction toBytes(n: number): Uint8Array {\n\treturn bcs.u64().serialize(n).toBytes();\n}\n\nconst EncryptionKeyTag = new TextEncoder().encode('HMAC-CTR-ENC');\nconst MacKeyTag = new TextEncoder().encode('HMAC-CTR-MAC');\n"],
|
|
5
|
-
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAoB;AACpB,mBAA2B;AAC3B,kBAAqB;AACrB,kBAAyB;AAGzB,mBAAwD;AACxD,IAAAA,gBAAsC;AAG/B,MAAM,KAAK,WAAW,KAAK;AAAA,EACjC;AAAA,EAAK;AAAA,EAAI;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AAAA,EAAI;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AAAA,EAAI;AAAA,EAAG;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AACvE,CAAC;AAED,eAAe,iBAAmD;AACjE,QAAM,MAAM,MAAM,OAAO,OAAO;AAAA,IAC/B;AAAA,MACC,MAAM;AAAA,MACN,QAAQ;AAAA,IACT;AAAA,IACA;AAAA,IACA,CAAC,WAAW,SAAS;AAAA,EACtB;AACA,SAAO,MAAM,OAAO,OAAO,UAAU,OAAO,GAAG,EAAE,KAAK,CAAC,YAAY,IAAI,WAAW,OAAO,CAAC;AAC3F;
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { bcs } from '@mysten/bcs';\nimport { equalBytes } from '@noble/curves/abstract/utils';\nimport { hmac } from '@noble/hashes/hmac';\nimport { sha3_256 } from '@noble/hashes/sha3';\n\nimport type { Ciphertext } from './bcs.js';\nimport { DecryptionError, InvalidCiphertextError } from './error.js';\nimport { flatten, xorUnchecked } from './utils.js';\n\n// Use a fixed IV for AES. This is okay because the key is unique for each message.\nexport const iv = Uint8Array.from([\n\t138, 55, 153, 253, 198, 46, 121, 219, 160, 128, 89, 7, 214, 156, 148, 220,\n]);\n\nasync function generateAesKey(): Promise<Uint8Array<ArrayBuffer>> {\n\tconst key = await crypto.subtle.generateKey(\n\t\t{\n\t\t\tname: 'AES-GCM',\n\t\t\tlength: 256,\n\t\t},\n\t\ttrue,\n\t\t['encrypt', 'decrypt'],\n\t);\n\treturn await crypto.subtle.exportKey('raw', key).then((keyData) => new Uint8Array(keyData));\n}\n\n/**\n * An interface for supported DEMs.\n */\nexport interface EncryptionInput {\n\tencrypt(key: Uint8Array): Promise<typeof Ciphertext.$inferInput>;\n\tgenerateKey(): Promise<Uint8Array<ArrayBuffer>>;\n}\n\n/**\n * AES-GCM encryption.\n */\nexport class AesGcm256 implements EncryptionInput {\n\treadonly plaintext: Uint8Array<ArrayBuffer>;\n\treadonly aad: Uint8Array<ArrayBuffer>;\n\n\tconstructor(msg: Uint8Array<ArrayBuffer>, aad: Uint8Array<ArrayBuffer>) {\n\t\tthis.plaintext = msg;\n\t\tthis.aad = aad;\n\t}\n\n\tgenerateKey(): Promise<Uint8Array<ArrayBuffer>> {\n\t\t// generate a random key\n\t\treturn generateAesKey();\n\t}\n\n\tasync encrypt(key: Uint8Array): Promise<typeof Ciphertext.$inferInput> {\n\t\tif (key.length !== 32) {\n\t\t\tthrow new Error('Key must be 32 bytes');\n\t\t}\n\t\tconst aesCryptoKey = await crypto.subtle.importKey(\n\t\t\t'raw',\n\t\t\tkey as BufferSource,\n\t\t\t'AES-GCM',\n\t\t\tfalse,\n\t\t\t['encrypt'],\n\t\t);\n\n\t\tconst blob = new Uint8Array(\n\t\t\tawait crypto.subtle.encrypt(\n\t\t\t\t{\n\t\t\t\t\tname: 'AES-GCM',\n\t\t\t\t\tiv,\n\t\t\t\t\tadditionalData: this.aad as BufferSource,\n\t\t\t\t},\n\t\t\t\taesCryptoKey,\n\t\t\t\tthis.plaintext as BufferSource,\n\t\t\t),\n\t\t);\n\n\t\treturn {\n\t\t\tAes256Gcm: {\n\t\t\t\tblob,\n\t\t\t\taad: this.aad ?? [],\n\t\t\t},\n\t\t};\n\t}\n\n\tstatic async decrypt(\n\t\tkey: Uint8Array,\n\t\tciphertext: typeof Ciphertext.$inferInput,\n\t): Promise<Uint8Array> {\n\t\tif (!('Aes256Gcm' in ciphertext)) {\n\t\t\tthrow new InvalidCiphertextError(`Invalid ciphertext ${JSON.stringify(ciphertext)}`);\n\t\t}\n\t\tif (key.length !== 32) {\n\t\t\tthrow new Error('Key must be 32 bytes');\n\t\t}\n\n\t\ttry {\n\t\t\tconst aesCryptoKey = await crypto.subtle.importKey(\n\t\t\t\t'raw',\n\t\t\t\tkey as BufferSource,\n\t\t\t\t'AES-GCM',\n\t\t\t\tfalse,\n\t\t\t\t['decrypt'],\n\t\t\t);\n\t\t\treturn new Uint8Array(\n\t\t\t\tawait crypto.subtle.decrypt(\n\t\t\t\t\t{\n\t\t\t\t\t\tname: 'AES-GCM',\n\t\t\t\t\t\tiv,\n\t\t\t\t\t\tadditionalData: new Uint8Array(ciphertext.Aes256Gcm.aad ?? []),\n\t\t\t\t\t},\n\t\t\t\t\taesCryptoKey,\n\t\t\t\t\tnew Uint8Array(ciphertext.Aes256Gcm.blob),\n\t\t\t\t),\n\t\t\t);\n\t\t} catch {\n\t\t\tthrow new DecryptionError(`Decryption failed`);\n\t\t}\n\t}\n}\n\n/**\n * Authenticated encryption using CTR mode with HMAC-SHA3-256 as a PRF.\n * 1. Derive an encryption key, <i>k<sub>1</sub> = <b>hmac</b>(key, 1)</i>.\n * 2. Chunk the message into blocks of 32 bytes, <i>m = m<sub>1</sub> || ... || m<sub>n</sub></i>.\n * 3. Let the ciphertext be defined by <i>c = c<sub>1</sub> || ... || c<sub>n</sub></i> where <i>c<sub>i</sub> = m<sub>i</sub> \u2295 <b>hmac</b>(k<sub>1</sub>, i)</i>.\n * 4. Compute a MAC over the AAD and the ciphertext, <i>mac = <b>hmac</b>(k<sub>2</sub>, aad || c) where k<sub>2</sub> = <b>hmac</b>(key, 2)</i>.\n * 5. Return <i>mac || aad || c</i>.\n */\nexport class Hmac256Ctr implements EncryptionInput {\n\treadonly plaintext: Uint8Array<ArrayBuffer>;\n\treadonly aad: Uint8Array<ArrayBuffer>;\n\n\tconstructor(msg: Uint8Array<ArrayBuffer>, aad: Uint8Array<ArrayBuffer>) {\n\t\tthis.plaintext = msg;\n\t\tthis.aad = aad;\n\t}\n\n\tgenerateKey(): Promise<Uint8Array<ArrayBuffer>> {\n\t\t// generate a random key\n\t\treturn generateAesKey();\n\t}\n\n\tasync encrypt(key: Uint8Array): Promise<typeof Ciphertext.$inferInput> {\n\t\tconst blob = Hmac256Ctr.encryptInCtrMode(key, this.plaintext);\n\t\tconst mac = Hmac256Ctr.computeMac(key, this.aad, blob);\n\t\treturn {\n\t\t\tHmac256Ctr: {\n\t\t\t\tblob,\n\t\t\t\tmac,\n\t\t\t\taad: this.aad ?? [],\n\t\t\t},\n\t\t};\n\t}\n\n\tstatic async decrypt(\n\t\tkey: Uint8Array,\n\t\tciphertext: typeof Ciphertext.$inferInput,\n\t): Promise<Uint8Array> {\n\t\tif (!('Hmac256Ctr' in ciphertext)) {\n\t\t\tthrow new InvalidCiphertextError(`Invalid ciphertext ${JSON.stringify(ciphertext)}`);\n\t\t}\n\t\tif (key.length !== 32) {\n\t\t\tthrow new Error('Key must be 32 bytes');\n\t\t}\n\t\tconst aad = new Uint8Array(ciphertext.Hmac256Ctr.aad ?? []);\n\t\tconst blob = new Uint8Array(ciphertext.Hmac256Ctr.blob);\n\t\tconst mac = Hmac256Ctr.computeMac(key, aad, blob);\n\t\tif (!equalBytes(mac, new Uint8Array(ciphertext.Hmac256Ctr.mac))) {\n\t\t\tthrow new DecryptionError(`Invalid MAC ${mac}`);\n\t\t}\n\t\treturn Hmac256Ctr.encryptInCtrMode(key, blob);\n\t}\n\n\tprivate static computeMac(key: Uint8Array, aad: Uint8Array, ciphertext: Uint8Array): Uint8Array {\n\t\tconst macInput = flatten([MacKeyTag, toBytes(aad.length), aad, ciphertext]);\n\t\tconst mac = hmac(sha3_256, key, macInput);\n\t\treturn mac;\n\t}\n\n\tprivate static encryptInCtrMode(key: Uint8Array, msg: Uint8Array): Uint8Array {\n\t\tconst blockSize = 32;\n\t\tconst result = new Uint8Array(msg.length);\n\t\tfor (let i = 0; i * blockSize < msg.length; i++) {\n\t\t\tconst block = msg.subarray(i * blockSize, (i + 1) * blockSize);\n\t\t\tconst mask = hmac(sha3_256, key, flatten([EncryptionKeyTag, toBytes(i)]));\n\t\t\tconst encryptedBlock = xorUnchecked(block, mask);\n\t\t\tresult.set(encryptedBlock, i * blockSize);\n\t\t}\n\t\treturn result;\n\t}\n}\n\n/**\n * Convert a u64 to bytes using little-endian representation.\n */\nfunction toBytes(n: number): Uint8Array {\n\treturn bcs.u64().serialize(n).toBytes();\n}\n\nconst EncryptionKeyTag = new TextEncoder().encode('HMAC-CTR-ENC');\nconst MacKeyTag = new TextEncoder().encode('HMAC-CTR-MAC');\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAoB;AACpB,mBAA2B;AAC3B,kBAAqB;AACrB,kBAAyB;AAGzB,mBAAwD;AACxD,IAAAA,gBAAsC;AAG/B,MAAM,KAAK,WAAW,KAAK;AAAA,EACjC;AAAA,EAAK;AAAA,EAAI;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AAAA,EAAI;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AAAA,EAAI;AAAA,EAAG;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AACvE,CAAC;AAED,eAAe,iBAAmD;AACjE,QAAM,MAAM,MAAM,OAAO,OAAO;AAAA,IAC/B;AAAA,MACC,MAAM;AAAA,MACN,QAAQ;AAAA,IACT;AAAA,IACA;AAAA,IACA,CAAC,WAAW,SAAS;AAAA,EACtB;AACA,SAAO,MAAM,OAAO,OAAO,UAAU,OAAO,GAAG,EAAE,KAAK,CAAC,YAAY,IAAI,WAAW,OAAO,CAAC;AAC3F;AAaO,MAAM,UAAqC;AAAA,EAIjD,YAAY,KAA8B,KAA8B;AACvE,SAAK,YAAY;AACjB,SAAK,MAAM;AAAA,EACZ;AAAA,EAEA,cAAgD;AAE/C,WAAO,eAAe;AAAA,EACvB;AAAA,EAEA,MAAM,QAAQ,KAAyD;AACtE,QAAI,IAAI,WAAW,IAAI;AACtB,YAAM,IAAI,MAAM,sBAAsB;AAAA,IACvC;AACA,UAAM,eAAe,MAAM,OAAO,OAAO;AAAA,MACxC;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,CAAC,SAAS;AAAA,IACX;AAEA,UAAM,OAAO,IAAI;AAAA,MAChB,MAAM,OAAO,OAAO;AAAA,QACnB;AAAA,UACC,MAAM;AAAA,UACN;AAAA,UACA,gBAAgB,KAAK;AAAA,QACtB;AAAA,QACA;AAAA,QACA,KAAK;AAAA,MACN;AAAA,IACD;AAEA,WAAO;AAAA,MACN,WAAW;AAAA,QACV;AAAA,QACA,KAAK,KAAK,OAAO,CAAC;AAAA,MACnB;AAAA,IACD;AAAA,EACD;AAAA,EAEA,aAAa,QACZ,KACA,YACsB;AACtB,QAAI,EAAE,eAAe,aAAa;AACjC,YAAM,IAAI,oCAAuB,sBAAsB,KAAK,UAAU,UAAU,CAAC,EAAE;AAAA,IACpF;AACA,QAAI,IAAI,WAAW,IAAI;AACtB,YAAM,IAAI,MAAM,sBAAsB;AAAA,IACvC;AAEA,QAAI;AACH,YAAM,eAAe,MAAM,OAAO,OAAO;AAAA,QACxC;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,CAAC,SAAS;AAAA,MACX;AACA,aAAO,IAAI;AAAA,QACV,MAAM,OAAO,OAAO;AAAA,UACnB;AAAA,YACC,MAAM;AAAA,YACN;AAAA,YACA,gBAAgB,IAAI,WAAW,WAAW,UAAU,OAAO,CAAC,CAAC;AAAA,UAC9D;AAAA,UACA;AAAA,UACA,IAAI,WAAW,WAAW,UAAU,IAAI;AAAA,QACzC;AAAA,MACD;AAAA,IACD,QAAQ;AACP,YAAM,IAAI,6BAAgB,mBAAmB;AAAA,IAC9C;AAAA,EACD;AACD;AAUO,MAAM,WAAsC;AAAA,EAIlD,YAAY,KAA8B,KAA8B;AACvE,SAAK,YAAY;AACjB,SAAK,MAAM;AAAA,EACZ;AAAA,EAEA,cAAgD;AAE/C,WAAO,eAAe;AAAA,EACvB;AAAA,EAEA,MAAM,QAAQ,KAAyD;AACtE,UAAM,OAAO,WAAW,iBAAiB,KAAK,KAAK,SAAS;AAC5D,UAAM,MAAM,WAAW,WAAW,KAAK,KAAK,KAAK,IAAI;AACrD,WAAO;AAAA,MACN,YAAY;AAAA,QACX;AAAA,QACA;AAAA,QACA,KAAK,KAAK,OAAO,CAAC;AAAA,MACnB;AAAA,IACD;AAAA,EACD;AAAA,EAEA,aAAa,QACZ,KACA,YACsB;AACtB,QAAI,EAAE,gBAAgB,aAAa;AAClC,YAAM,IAAI,oCAAuB,sBAAsB,KAAK,UAAU,UAAU,CAAC,EAAE;AAAA,IACpF;AACA,QAAI,IAAI,WAAW,IAAI;AACtB,YAAM,IAAI,MAAM,sBAAsB;AAAA,IACvC;AACA,UAAM,MAAM,IAAI,WAAW,WAAW,WAAW,OAAO,CAAC,CAAC;AAC1D,UAAM,OAAO,IAAI,WAAW,WAAW,WAAW,IAAI;AACtD,UAAM,MAAM,WAAW,WAAW,KAAK,KAAK,IAAI;AAChD,QAAI,KAAC,yBAAW,KAAK,IAAI,WAAW,WAAW,WAAW,GAAG,CAAC,GAAG;AAChE,YAAM,IAAI,6BAAgB,eAAe,GAAG,EAAE;AAAA,IAC/C;AACA,WAAO,WAAW,iBAAiB,KAAK,IAAI;AAAA,EAC7C;AAAA,EAEA,OAAe,WAAW,KAAiB,KAAiB,YAAoC;AAC/F,UAAM,eAAW,uBAAQ,CAAC,WAAW,QAAQ,IAAI,MAAM,GAAG,KAAK,UAAU,CAAC;AAC1E,UAAM,UAAM,kBAAK,sBAAU,KAAK,QAAQ;AACxC,WAAO;AAAA,EACR;AAAA,EAEA,OAAe,iBAAiB,KAAiB,KAA6B;AAC7E,UAAM,YAAY;AAClB,UAAM,SAAS,IAAI,WAAW,IAAI,MAAM;AACxC,aAAS,IAAI,GAAG,IAAI,YAAY,IAAI,QAAQ,KAAK;AAChD,YAAM,QAAQ,IAAI,SAAS,IAAI,YAAY,IAAI,KAAK,SAAS;AAC7D,YAAM,WAAO,kBAAK,sBAAU,SAAK,uBAAQ,CAAC,kBAAkB,QAAQ,CAAC,CAAC,CAAC,CAAC;AACxE,YAAM,qBAAiB,4BAAa,OAAO,IAAI;AAC/C,aAAO,IAAI,gBAAgB,IAAI,SAAS;AAAA,IACzC;AACA,WAAO;AAAA,EACR;AACD;AAKA,SAAS,QAAQ,GAAuB;AACvC,SAAO,eAAI,IAAI,EAAE,UAAU,CAAC,EAAE,QAAQ;AACvC;AAEA,MAAM,mBAAmB,IAAI,YAAY,EAAE,OAAO,cAAc;AAChE,MAAM,YAAY,IAAI,YAAY,EAAE,OAAO,cAAc;",
|
|
6
6
|
"names": ["import_utils"]
|
|
7
7
|
}
|
package/dist/cjs/encrypt.d.ts
CHANGED
|
@@ -7,7 +7,7 @@ import type { KeyServer } from './key-server.js';
|
|
|
7
7
|
* @param kemType - The type of KEM to use.
|
|
8
8
|
* @param packageId - packageId
|
|
9
9
|
* @param id - id
|
|
10
|
-
* @param encryptionInput - Input to the encryption. Should be one of the EncryptionInput types, AesGcmEncryptionInput or
|
|
10
|
+
* @param encryptionInput - Input to the encryption. Should be one of the EncryptionInput types, AesGcmEncryptionInput or Hmac256CtrEncryptionInput.
|
|
11
11
|
* @param threshold - The threshold for the TSS encryption.
|
|
12
12
|
* @returns The bcs bytes of the encrypted object containing all metadata and the 256-bit symmetric key that was used to encrypt the object.
|
|
13
13
|
* Since the key can be used to decrypt, it should not be shared but can be used eg. for backup.
|
package/dist/cjs/encrypt.js
CHANGED
|
@@ -38,7 +38,7 @@ async function encrypt({
|
|
|
38
38
|
id,
|
|
39
39
|
encryptionInput
|
|
40
40
|
}) {
|
|
41
|
-
if (threshold <= 0 || threshold
|
|
41
|
+
if (threshold <= 0 || threshold >= import_utils.MAX_U8 || keyServers.length < threshold || keyServers.length >= import_utils.MAX_U8) {
|
|
42
42
|
throw new import_error.UserError(
|
|
43
43
|
`Invalid key servers or threshold ${threshold} for ${keyServers.length} key servers for package ${packageId}`
|
|
44
44
|
);
|
|
@@ -76,7 +76,7 @@ async function encrypt({
|
|
|
76
76
|
encryptedShares,
|
|
77
77
|
ciphertext
|
|
78
78
|
}).toBytes(),
|
|
79
|
-
key: demKey
|
|
79
|
+
key: new Uint8Array(demKey)
|
|
80
80
|
};
|
|
81
81
|
}
|
|
82
82
|
var KemType = /* @__PURE__ */ ((KemType2) => {
|
package/dist/cjs/encrypt.js.map
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../src/encrypt.ts"],
|
|
4
|
-
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\n\nimport type { IBEEncryptions } from './bcs.js';\nimport { EncryptedObject } from './bcs.js';\nimport type { EncryptionInput } from './dem.js';\nimport { UserError } from './error.js';\nimport { BonehFranklinBLS12381Services } from './ibe.js';\nimport { deriveKey, KeyPurpose } from './kdf.js';\nimport type { KeyServer } from './key-server.js';\nimport { createFullId, MAX_U8 } from './utils.js';\nimport type { Share } from './shamir.js';\nimport { split } from './shamir.js';\n\n/**\n * Given full ID and what key servers to use, return the encrypted message under the identity and return the bcs bytes of the encrypted object.\n *\n * @param keyServers - A list of KeyServers (same server can be used multiple times)\n * @param kemType - The type of KEM to use.\n * @param packageId - packageId\n * @param id - id\n * @param encryptionInput - Input to the encryption. Should be one of the EncryptionInput types, AesGcmEncryptionInput or
|
|
5
|
-
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAwB;AAGxB,IAAAA,cAAgC;AAEhC,mBAA0B;AAC1B,iBAA8C;AAC9C,iBAAsC;AAEtC,mBAAqC;AAErC,oBAAsB;AActB,eAAsB,QAAQ;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACD,GAUG;AAEF,MACC,aAAa,KACb,
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\n\nimport type { IBEEncryptions } from './bcs.js';\nimport { EncryptedObject } from './bcs.js';\nimport type { EncryptionInput } from './dem.js';\nimport { UserError } from './error.js';\nimport { BonehFranklinBLS12381Services } from './ibe.js';\nimport { deriveKey, KeyPurpose } from './kdf.js';\nimport type { KeyServer } from './key-server.js';\nimport { createFullId, MAX_U8 } from './utils.js';\nimport type { Share } from './shamir.js';\nimport { split } from './shamir.js';\n\n/**\n * Given full ID and what key servers to use, return the encrypted message under the identity and return the bcs bytes of the encrypted object.\n *\n * @param keyServers - A list of KeyServers (same server can be used multiple times)\n * @param kemType - The type of KEM to use.\n * @param packageId - packageId\n * @param id - id\n * @param encryptionInput - Input to the encryption. Should be one of the EncryptionInput types, AesGcmEncryptionInput or Hmac256CtrEncryptionInput.\n * @param threshold - The threshold for the TSS encryption.\n * @returns The bcs bytes of the encrypted object containing all metadata and the 256-bit symmetric key that was used to encrypt the object.\n * Since the key can be used to decrypt, it should not be shared but can be used eg. for backup.\n */\nexport async function encrypt({\n\tkeyServers,\n\tkemType,\n\tthreshold,\n\tpackageId,\n\tid,\n\tencryptionInput,\n}: {\n\tkeyServers: KeyServer[];\n\tkemType: KemType;\n\tthreshold: number;\n\tpackageId: string;\n\tid: string;\n\tencryptionInput: EncryptionInput;\n}): Promise<{\n\tencryptedObject: Uint8Array<ArrayBuffer>;\n\tkey: Uint8Array<ArrayBuffer>;\n}> {\n\t// Check inputs\n\tif (\n\t\tthreshold <= 0 ||\n\t\tthreshold >= MAX_U8 ||\n\t\tkeyServers.length < threshold ||\n\t\tkeyServers.length >= MAX_U8\n\t) {\n\t\tthrow new UserError(\n\t\t\t`Invalid key servers or threshold ${threshold} for ${keyServers.length} key servers for package ${packageId}`,\n\t\t);\n\t}\n\n\t// Generate a random base key.\n\tconst baseKey = await encryptionInput.generateKey();\n\n\t// Split the key into shares and encrypt each share with the public keys of the key servers.\n\tconst shares = split(baseKey, threshold, keyServers.length);\n\n\t// Encrypt the shares with the public keys of the key servers.\n\tconst fullId = createFullId(packageId, id);\n\tconst encryptedShares = encryptBatched(\n\t\tkeyServers,\n\t\tkemType,\n\t\tfromHex(fullId),\n\t\tshares,\n\t\tbaseKey,\n\t\tthreshold,\n\t);\n\n\t// Encrypt the object with the derived DEM key.\n\tconst demKey = deriveKey(\n\t\tKeyPurpose.DEM,\n\t\tbaseKey,\n\t\tencryptedShares.BonehFranklinBLS12381.encryptedShares,\n\t\tthreshold,\n\t\tkeyServers.map(({ objectId }) => objectId),\n\t);\n\tconst ciphertext = await encryptionInput.encrypt(demKey);\n\n\t// Services and indices of their shares are stored as a tuple\n\tconst services: [string, number][] = keyServers.map(({ objectId }, i) => [\n\t\tobjectId,\n\t\tshares[i].index,\n\t]);\n\n\treturn {\n\t\tencryptedObject: EncryptedObject.serialize({\n\t\t\tversion: 0,\n\t\t\tpackageId,\n\t\t\tid,\n\t\t\tservices,\n\t\t\tthreshold,\n\t\t\tencryptedShares,\n\t\t\tciphertext,\n\t\t}).toBytes(),\n\t\tkey: new Uint8Array(demKey),\n\t};\n}\n\nexport enum KemType {\n\tBonehFranklinBLS12381DemCCA = 0,\n}\n\nexport enum DemType {\n\tAesGcm256 = 0,\n\tHmac256Ctr = 1,\n}\n\nfunction encryptBatched(\n\tkeyServers: KeyServer[],\n\tkemType: KemType,\n\tid: Uint8Array,\n\tshares: Share[],\n\tbaseKey: Uint8Array,\n\tthreshold: number,\n): typeof IBEEncryptions.$inferType {\n\tswitch (kemType) {\n\t\tcase KemType.BonehFranklinBLS12381DemCCA:\n\t\t\treturn new BonehFranklinBLS12381Services(keyServers).encryptBatched(\n\t\t\t\tid,\n\t\t\t\tshares,\n\t\t\t\tbaseKey,\n\t\t\t\tthreshold,\n\t\t\t);\n\t\tdefault:\n\t\t\tthrow new Error(`Invalid KEM type ${kemType}`);\n\t}\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAwB;AAGxB,IAAAA,cAAgC;AAEhC,mBAA0B;AAC1B,iBAA8C;AAC9C,iBAAsC;AAEtC,mBAAqC;AAErC,oBAAsB;AActB,eAAsB,QAAQ;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACD,GAUG;AAEF,MACC,aAAa,KACb,aAAa,uBACb,WAAW,SAAS,aACpB,WAAW,UAAU,qBACpB;AACD,UAAM,IAAI;AAAA,MACT,oCAAoC,SAAS,QAAQ,WAAW,MAAM,4BAA4B,SAAS;AAAA,IAC5G;AAAA,EACD;AAGA,QAAM,UAAU,MAAM,gBAAgB,YAAY;AAGlD,QAAM,aAAS,qBAAM,SAAS,WAAW,WAAW,MAAM;AAG1D,QAAM,aAAS,2BAAa,WAAW,EAAE;AACzC,QAAM,kBAAkB;AAAA,IACvB;AAAA,IACA;AAAA,QACA,oBAAQ,MAAM;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,EACD;AAGA,QAAM,aAAS;AAAA,IACd,sBAAW;AAAA,IACX;AAAA,IACA,gBAAgB,sBAAsB;AAAA,IACtC;AAAA,IACA,WAAW,IAAI,CAAC,EAAE,SAAS,MAAM,QAAQ;AAAA,EAC1C;AACA,QAAM,aAAa,MAAM,gBAAgB,QAAQ,MAAM;AAGvD,QAAM,WAA+B,WAAW,IAAI,CAAC,EAAE,SAAS,GAAG,MAAM;AAAA,IACxE;AAAA,IACA,OAAO,CAAC,EAAE;AAAA,EACX,CAAC;AAED,SAAO;AAAA,IACN,iBAAiB,4BAAgB,UAAU;AAAA,MAC1C,SAAS;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACD,CAAC,EAAE,QAAQ;AAAA,IACX,KAAK,IAAI,WAAW,MAAM;AAAA,EAC3B;AACD;AAEO,IAAK,UAAL,kBAAKC,aAAL;AACN,EAAAA,kBAAA,iCAA8B,KAA9B;AADW,SAAAA;AAAA,GAAA;AAIL,IAAK,UAAL,kBAAKC,aAAL;AACN,EAAAA,kBAAA,eAAY,KAAZ;AACA,EAAAA,kBAAA,gBAAa,KAAb;AAFW,SAAAA;AAAA,GAAA;AAKZ,SAAS,eACR,YACA,SACA,IACA,QACA,SACA,WACmC;AACnC,UAAQ,SAAS;AAAA,IAChB,KAAK;AACJ,aAAO,IAAI,yCAA8B,UAAU,EAAE;AAAA,QACpD;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACD;AAAA,IACD;AACC,YAAM,IAAI,MAAM,oBAAoB,OAAO,EAAE;AAAA,EAC/C;AACD;",
|
|
6
6
|
"names": ["import_bcs", "KemType", "DemType"]
|
|
7
7
|
}
|
package/dist/cjs/ibe.d.ts
CHANGED
|
@@ -46,7 +46,8 @@ export declare class BonehFranklinBLS12381Services extends IBEServers {
|
|
|
46
46
|
* @param nonce The encryption nonce.
|
|
47
47
|
* @param sk The user secret key.
|
|
48
48
|
* @param ciphertext The encrypted message.
|
|
49
|
-
* @param
|
|
49
|
+
* @param id The identity.
|
|
50
|
+
* @param [objectId, index] The object id and index of the share.
|
|
50
51
|
* @returns The decrypted message.
|
|
51
52
|
*/
|
|
52
53
|
static decrypt(nonce: G2Element, sk: G1Element, ciphertext: Uint8Array, id: Uint8Array, [objectId, index]: [string, number]): Uint8Array;
|
package/dist/cjs/ibe.js
CHANGED
|
@@ -85,7 +85,8 @@ class BonehFranklinBLS12381Services extends IBEServers {
|
|
|
85
85
|
* @param nonce The encryption nonce.
|
|
86
86
|
* @param sk The user secret key.
|
|
87
87
|
* @param ciphertext The encrypted message.
|
|
88
|
-
* @param
|
|
88
|
+
* @param id The identity.
|
|
89
|
+
* @param [objectId, index] The object id and index of the share.
|
|
89
90
|
* @returns The decrypted message.
|
|
90
91
|
*/
|
|
91
92
|
static decrypt(nonce, sk, ciphertext, id, [objectId, index]) {
|
package/dist/cjs/ibe.js.map
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../src/ibe.ts"],
|
|
4
|
-
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\n\nimport type { IBEEncryptions } from './bcs.js';\nimport type { G1Element, GTElement } from './bls12381.js';\nimport { G2Element, Scalar } from './bls12381.js';\nimport { deriveKey, hashToG1, kdf, KeyPurpose } from './kdf.js';\nimport type { KeyServer } from './key-server.js';\nimport { xor } from './utils.js';\nimport type { Share } from './shamir.js';\nimport { InvalidCiphertextError } from './error.js';\n\n/**\n * The domain separation tag for the signing proof of possession.\n */\nexport const DST_POP: Uint8Array = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-POP-00');\n\n/**\n * The interface for the key servers.\n */\nexport abstract class IBEServers {\n\tobjectIds: string[];\n\n\tconstructor(objectIds: string[]) {\n\t\tthis.objectIds = objectIds;\n\t}\n\n\t/**\n\t * Encrypt a batch of messages for the given identity.\n\t *\n\t * @param id The identity.\n\t * @param msgAndIndices The messages and the corresponding indices of the share being encrypted.\n\t * @returns The encrypted messages.\n\t */\n\tabstract encryptBatched(\n\t\tid: Uint8Array,\n\t\tshares: Share[],\n\t\tbaseKey: Uint8Array,\n\t\tthreshold: number,\n\t): typeof IBEEncryptions.$inferType;\n}\n\n/**\n * Identity-based encryption based on the Boneh-Franklin IBE scheme (https://eprint.iacr.org/2001/090).\n * Note that this implementation is of the \"BasicIdent\" protocol which on its own is not CCA secure, so this IBE implementation should not be used on its own.\n *\n * This object represents a set of key servers that can be used to encrypt messages for a given identity.\n */\nexport class BonehFranklinBLS12381Services extends IBEServers {\n\treadonly publicKeys: G2Element[];\n\n\tconstructor(services: KeyServer[]) {\n\t\tsuper(services.map((service) => service.objectId));\n\t\tthis.publicKeys = services.map((service) => G2Element.fromBytes(service.pk));\n\t}\n\n\tencryptBatched(\n\t\tid: Uint8Array,\n\t\tshares: Share[],\n\t\tbaseKey: Uint8Array,\n\t\tthreshold: number,\n\t): typeof IBEEncryptions.$inferType {\n\t\tif (this.publicKeys.length === 0 || this.publicKeys.length !== shares.length) {\n\t\t\tthrow new Error('Invalid public keys');\n\t\t}\n\t\tconst [r, nonce, keys] = encapBatched(this.publicKeys, id);\n\t\tconst encryptedShares = shares.map(({ share, index }, i) =>\n\t\t\txor(share, kdf(keys[i], nonce, id, this.objectIds[i], index)),\n\t\t);\n\t\tconst randomnessKey = deriveKey(\n\t\t\tKeyPurpose.EncryptedRandomness,\n\t\t\tbaseKey,\n\t\t\tencryptedShares,\n\t\t\tthreshold,\n\t\t\tthis.objectIds,\n\t\t);\n\t\tconst encryptedRandomness = xor(randomnessKey, r.toBytes());\n\n\t\treturn {\n\t\t\tBonehFranklinBLS12381: {\n\t\t\t\tnonce: nonce.toBytes(),\n\t\t\t\tencryptedShares,\n\t\t\t\tencryptedRandomness,\n\t\t\t},\n\t\t\t$kind: 'BonehFranklinBLS12381',\n\t\t};\n\t}\n\n\t/**\n\t * Returns true if the user secret key is valid for the given public key and id.\n\t * @param user_secret_key - The user secret key.\n\t * @param id - The identity.\n\t * @param public_key - The public key.\n\t * @returns True if the user secret key is valid for the given public key and id.\n\t */\n\tstatic verifyUserSecretKey(userSecretKey: G1Element, id: string, publicKey: G2Element): boolean {\n\t\tconst lhs = userSecretKey.pairing(G2Element.generator());\n\t\tconst rhs = hashToG1(fromHex(id)).pairing(publicKey);\n\t\treturn lhs.equals(rhs);\n\t}\n\n\t/**\n\t * Identity-based decryption.\n\t *\n\t * @param nonce The encryption nonce.\n\t * @param sk The user secret key.\n\t * @param ciphertext The encrypted message.\n\t * @param
|
|
5
|
-
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAwB;AAIxB,sBAAkC;AAClC,iBAAqD;AAErD,mBAAoB;AAEpB,mBAAuC;AAKhC,MAAM,UAAsB,IAAI,YAAY,EAAE,OAAO,8BAA8B;AAKnF,MAAe,WAAW;AAAA,EAGhC,YAAY,WAAqB;AAChC,SAAK,YAAY;AAAA,EAClB;AAeD;AAQO,MAAM,sCAAsC,WAAW;AAAA,EAG7D,YAAY,UAAuB;AAClC,UAAM,SAAS,IAAI,CAAC,YAAY,QAAQ,QAAQ,CAAC;AACjD,SAAK,aAAa,SAAS,IAAI,CAAC,YAAY,0BAAU,UAAU,QAAQ,EAAE,CAAC;AAAA,EAC5E;AAAA,EAEA,eACC,IACA,QACA,SACA,WACmC;AACnC,QAAI,KAAK,WAAW,WAAW,KAAK,KAAK,WAAW,WAAW,OAAO,QAAQ;AAC7E,YAAM,IAAI,MAAM,qBAAqB;AAAA,IACtC;AACA,UAAM,CAAC,GAAG,OAAO,IAAI,IAAI,aAAa,KAAK,YAAY,EAAE;AACzD,UAAM,kBAAkB,OAAO;AAAA,MAAI,CAAC,EAAE,OAAO,MAAM,GAAG,UACrD,kBAAI,WAAO,gBAAI,KAAK,CAAC,GAAG,OAAO,IAAI,KAAK,UAAU,CAAC,GAAG,KAAK,CAAC;AAAA,IAC7D;AACA,UAAM,oBAAgB;AAAA,MACrB,sBAAW;AAAA,MACX;AAAA,MACA;AAAA,MACA;AAAA,MACA,KAAK;AAAA,IACN;AACA,UAAM,0BAAsB,kBAAI,eAAe,EAAE,QAAQ,CAAC;AAE1D,WAAO;AAAA,MACN,uBAAuB;AAAA,QACtB,OAAO,MAAM,QAAQ;AAAA,QACrB;AAAA,QACA;AAAA,MACD;AAAA,MACA,OAAO;AAAA,IACR;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,OAAO,oBAAoB,eAA0B,IAAY,WAA+B;AAC/F,UAAM,MAAM,cAAc,QAAQ,0BAAU,UAAU,CAAC;AACvD,UAAM,UAAM,yBAAS,oBAAQ,EAAE,CAAC,EAAE,QAAQ,SAAS;AACnD,WAAO,IAAI,OAAO,GAAG;AAAA,EACtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\n\nimport type { IBEEncryptions } from './bcs.js';\nimport type { G1Element, GTElement } from './bls12381.js';\nimport { G2Element, Scalar } from './bls12381.js';\nimport { deriveKey, hashToG1, kdf, KeyPurpose } from './kdf.js';\nimport type { KeyServer } from './key-server.js';\nimport { xor } from './utils.js';\nimport type { Share } from './shamir.js';\nimport { InvalidCiphertextError } from './error.js';\n\n/**\n * The domain separation tag for the signing proof of possession.\n */\nexport const DST_POP: Uint8Array = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-POP-00');\n\n/**\n * The interface for the key servers.\n */\nexport abstract class IBEServers {\n\tobjectIds: string[];\n\n\tconstructor(objectIds: string[]) {\n\t\tthis.objectIds = objectIds;\n\t}\n\n\t/**\n\t * Encrypt a batch of messages for the given identity.\n\t *\n\t * @param id The identity.\n\t * @param msgAndIndices The messages and the corresponding indices of the share being encrypted.\n\t * @returns The encrypted messages.\n\t */\n\tabstract encryptBatched(\n\t\tid: Uint8Array,\n\t\tshares: Share[],\n\t\tbaseKey: Uint8Array,\n\t\tthreshold: number,\n\t): typeof IBEEncryptions.$inferType;\n}\n\n/**\n * Identity-based encryption based on the Boneh-Franklin IBE scheme (https://eprint.iacr.org/2001/090).\n * Note that this implementation is of the \"BasicIdent\" protocol which on its own is not CCA secure, so this IBE implementation should not be used on its own.\n *\n * This object represents a set of key servers that can be used to encrypt messages for a given identity.\n */\nexport class BonehFranklinBLS12381Services extends IBEServers {\n\treadonly publicKeys: G2Element[];\n\n\tconstructor(services: KeyServer[]) {\n\t\tsuper(services.map((service) => service.objectId));\n\t\tthis.publicKeys = services.map((service) => G2Element.fromBytes(service.pk));\n\t}\n\n\tencryptBatched(\n\t\tid: Uint8Array,\n\t\tshares: Share[],\n\t\tbaseKey: Uint8Array,\n\t\tthreshold: number,\n\t): typeof IBEEncryptions.$inferType {\n\t\tif (this.publicKeys.length === 0 || this.publicKeys.length !== shares.length) {\n\t\t\tthrow new Error('Invalid public keys');\n\t\t}\n\t\tconst [r, nonce, keys] = encapBatched(this.publicKeys, id);\n\t\tconst encryptedShares = shares.map(({ share, index }, i) =>\n\t\t\txor(share, kdf(keys[i], nonce, id, this.objectIds[i], index)),\n\t\t);\n\t\tconst randomnessKey = deriveKey(\n\t\t\tKeyPurpose.EncryptedRandomness,\n\t\t\tbaseKey,\n\t\t\tencryptedShares,\n\t\t\tthreshold,\n\t\t\tthis.objectIds,\n\t\t);\n\t\tconst encryptedRandomness = xor(randomnessKey, r.toBytes());\n\n\t\treturn {\n\t\t\tBonehFranklinBLS12381: {\n\t\t\t\tnonce: nonce.toBytes(),\n\t\t\t\tencryptedShares,\n\t\t\t\tencryptedRandomness,\n\t\t\t},\n\t\t\t$kind: 'BonehFranklinBLS12381',\n\t\t};\n\t}\n\n\t/**\n\t * Returns true if the user secret key is valid for the given public key and id.\n\t * @param user_secret_key - The user secret key.\n\t * @param id - The identity.\n\t * @param public_key - The public key.\n\t * @returns True if the user secret key is valid for the given public key and id.\n\t */\n\tstatic verifyUserSecretKey(userSecretKey: G1Element, id: string, publicKey: G2Element): boolean {\n\t\tconst lhs = userSecretKey.pairing(G2Element.generator());\n\t\tconst rhs = hashToG1(fromHex(id)).pairing(publicKey);\n\t\treturn lhs.equals(rhs);\n\t}\n\n\t/**\n\t * Identity-based decryption.\n\t *\n\t * @param nonce The encryption nonce.\n\t * @param sk The user secret key.\n\t * @param ciphertext The encrypted message.\n\t * @param id The identity.\n\t * @param [objectId, index] The object id and index of the share.\n\t * @returns The decrypted message.\n\t */\n\tstatic decrypt(\n\t\tnonce: G2Element,\n\t\tsk: G1Element,\n\t\tciphertext: Uint8Array,\n\t\tid: Uint8Array,\n\t\t[objectId, index]: [string, number],\n\t): Uint8Array {\n\t\treturn xor(ciphertext, kdf(decap(nonce, sk), nonce, id, objectId, index));\n\t}\n\n\t/**\n\t * Decrypt all shares and verify that the randomness was used to create the given nonce.\n\t *\n\t * @param randomness - The randomness.\n\t * @param encryptedShares - The encrypted shares.\n\t * @param services - The services.\n\t * @param publicKeys - The public keys.\n\t * @param nonce - The nonce.\n\t * @param id - The id.\n\t * @returns All decrypted shares.\n\t */\n\tstatic decryptAllSharesUsingRandomness(\n\t\trandomness: Uint8Array,\n\t\tencryptedShares: Uint8Array[],\n\t\tservices: [string, number][],\n\t\tpublicKeys: G2Element[],\n\t\tnonce: G2Element,\n\t\tid: Uint8Array,\n\t): { index: number; share: Uint8Array }[] {\n\t\tif (publicKeys.length !== encryptedShares.length || publicKeys.length !== services.length) {\n\t\t\tthrow new Error('The number of public keys, encrypted shares and services must be the same');\n\t\t}\n\t\tlet r;\n\t\ttry {\n\t\t\tr = Scalar.fromBytes(randomness);\n\t\t} catch {\n\t\t\tthrow new InvalidCiphertextError('Invalid randomness');\n\t\t}\n\t\tconst gid_r = hashToG1(id).multiply(r);\n\t\treturn services.map(([objectId, index], i) => {\n\t\t\treturn {\n\t\t\t\tindex,\n\t\t\t\tshare: xor(\n\t\t\t\t\tencryptedShares[i],\n\t\t\t\t\tkdf(gid_r.pairing(publicKeys[i]), nonce, id, objectId, index),\n\t\t\t\t),\n\t\t\t};\n\t\t});\n\t}\n}\n\n/**\n * Batched identity-based key-encapsulation mechanism: encapsulate multiple keys for given identity using different key servers.\n *\n * @param publicKeys Public keys for a set of key servers.\n * @param id The identity used to encapsulate the keys.\n * @returns The randomness, a common nonce of the keys and a list of keys.\n */\nfunction encapBatched(publicKeys: G2Element[], id: Uint8Array): [Scalar, G2Element, GTElement[]] {\n\tif (publicKeys.length === 0) {\n\t\tthrow new Error('No public keys provided');\n\t}\n\tconst r = Scalar.random();\n\tconst nonce = G2Element.generator().multiply(r);\n\tconst gid_r = hashToG1(id).multiply(r);\n\treturn [r, nonce, publicKeys.map((public_key) => gid_r.pairing(public_key))];\n}\n\n/**\n * Decapsulate a key using a user secret key and the nonce.\n *\n * @param usk The user secret key.\n * @param nonce The nonce.\n * @returns The encapsulated key.\n */\nfunction decap(nonce: G2Element, usk: G1Element): GTElement {\n\treturn usk.pairing(nonce);\n}\n\n/**\n * Verify that the given randomness was used to crate the nonce.\n * Throws an error if the given randomness is invalid (not a BLS scalar).\n *\n * @param randomness - The randomness.\n * @param nonce - The nonce.\n * @param useBE - Flag to indicate if BE encoding is used for the randomness. Defaults to true.\n * @returns True if the randomness was used to create the nonce, false otherwise.\n */\nexport function verifyNonce(\n\tnonce: G2Element,\n\trandomness: Uint8Array,\n\tuseBE: boolean = true,\n): boolean {\n\ttry {\n\t\tconst r = decodeRandomness(randomness, useBE);\n\t\treturn G2Element.generator().multiply(r).equals(nonce);\n\t} catch {\n\t\tthrow new InvalidCiphertextError('Invalid randomness');\n\t}\n}\n\nfunction decodeRandomness(bytes: Uint8Array, useBE: boolean): Scalar {\n\tif (useBE) {\n\t\treturn Scalar.fromBytes(bytes);\n\t} else {\n\t\treturn Scalar.fromBytesLE(bytes);\n\t}\n}\n\n/**\n * Decrypt the randomness using a key.\n *\n * @param encrypted_randomness - The encrypted randomness.\n * @param derived_key - The derived key.\n * @returns The randomness. Returns both the scalar interpreted in big-endian and little-endian encoding.\n */\nexport function decryptRandomness(\n\tencryptedRandomness: Uint8Array,\n\trandomnessKey: Uint8Array,\n): Uint8Array {\n\treturn xor(encryptedRandomness, randomnessKey);\n}\n\n/**\n * Verify that the given randomness was used to crate the nonce.\n * Check using both big-endian and little-endian encoding of the randomness.\n *\n * Throws an error if the nonce check doesn't pass using LE encoding _and_ the randomness is invalid as a BE encoded scalar.\n *\n * @param randomness - The randomness.\n * @param nonce - The nonce.\n * @returns True if the randomness was used to create the nonce using either LE or BE encoding, false otherwise.\n */\nexport function verifyNonceWithLE(nonce: G2Element, randomness: Uint8Array): boolean {\n\ttry {\n\t\t// First try little-endian encoding\n\t\tif (verifyNonce(nonce, randomness, false)) {\n\t\t\treturn true;\n\t\t}\n\t} catch {\n\t\t// Ignore error and try big-endian encoding\n\t}\n\treturn verifyNonce(nonce, randomness, true);\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAwB;AAIxB,sBAAkC;AAClC,iBAAqD;AAErD,mBAAoB;AAEpB,mBAAuC;AAKhC,MAAM,UAAsB,IAAI,YAAY,EAAE,OAAO,8BAA8B;AAKnF,MAAe,WAAW;AAAA,EAGhC,YAAY,WAAqB;AAChC,SAAK,YAAY;AAAA,EAClB;AAeD;AAQO,MAAM,sCAAsC,WAAW;AAAA,EAG7D,YAAY,UAAuB;AAClC,UAAM,SAAS,IAAI,CAAC,YAAY,QAAQ,QAAQ,CAAC;AACjD,SAAK,aAAa,SAAS,IAAI,CAAC,YAAY,0BAAU,UAAU,QAAQ,EAAE,CAAC;AAAA,EAC5E;AAAA,EAEA,eACC,IACA,QACA,SACA,WACmC;AACnC,QAAI,KAAK,WAAW,WAAW,KAAK,KAAK,WAAW,WAAW,OAAO,QAAQ;AAC7E,YAAM,IAAI,MAAM,qBAAqB;AAAA,IACtC;AACA,UAAM,CAAC,GAAG,OAAO,IAAI,IAAI,aAAa,KAAK,YAAY,EAAE;AACzD,UAAM,kBAAkB,OAAO;AAAA,MAAI,CAAC,EAAE,OAAO,MAAM,GAAG,UACrD,kBAAI,WAAO,gBAAI,KAAK,CAAC,GAAG,OAAO,IAAI,KAAK,UAAU,CAAC,GAAG,KAAK,CAAC;AAAA,IAC7D;AACA,UAAM,oBAAgB;AAAA,MACrB,sBAAW;AAAA,MACX;AAAA,MACA;AAAA,MACA;AAAA,MACA,KAAK;AAAA,IACN;AACA,UAAM,0BAAsB,kBAAI,eAAe,EAAE,QAAQ,CAAC;AAE1D,WAAO;AAAA,MACN,uBAAuB;AAAA,QACtB,OAAO,MAAM,QAAQ;AAAA,QACrB;AAAA,QACA;AAAA,MACD;AAAA,MACA,OAAO;AAAA,IACR;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,OAAO,oBAAoB,eAA0B,IAAY,WAA+B;AAC/F,UAAM,MAAM,cAAc,QAAQ,0BAAU,UAAU,CAAC;AACvD,UAAM,UAAM,yBAAS,oBAAQ,EAAE,CAAC,EAAE,QAAQ,SAAS;AACnD,WAAO,IAAI,OAAO,GAAG;AAAA,EACtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,OAAO,QACN,OACA,IACA,YACA,IACA,CAAC,UAAU,KAAK,GACH;AACb,eAAO,kBAAI,gBAAY,gBAAI,MAAM,OAAO,EAAE,GAAG,OAAO,IAAI,UAAU,KAAK,CAAC;AAAA,EACzE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,OAAO,gCACN,YACA,iBACA,UACA,YACA,OACA,IACyC;AACzC,QAAI,WAAW,WAAW,gBAAgB,UAAU,WAAW,WAAW,SAAS,QAAQ;AAC1F,YAAM,IAAI,MAAM,2EAA2E;AAAA,IAC5F;AACA,QAAI;AACJ,QAAI;AACH,UAAI,uBAAO,UAAU,UAAU;AAAA,IAChC,QAAQ;AACP,YAAM,IAAI,oCAAuB,oBAAoB;AAAA,IACtD;AACA,UAAM,YAAQ,qBAAS,EAAE,EAAE,SAAS,CAAC;AACrC,WAAO,SAAS,IAAI,CAAC,CAAC,UAAU,KAAK,GAAG,MAAM;AAC7C,aAAO;AAAA,QACN;AAAA,QACA,WAAO;AAAA,UACN,gBAAgB,CAAC;AAAA,cACjB,gBAAI,MAAM,QAAQ,WAAW,CAAC,CAAC,GAAG,OAAO,IAAI,UAAU,KAAK;AAAA,QAC7D;AAAA,MACD;AAAA,IACD,CAAC;AAAA,EACF;AACD;AASA,SAAS,aAAa,YAAyB,IAAkD;AAChG,MAAI,WAAW,WAAW,GAAG;AAC5B,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC1C;AACA,QAAM,IAAI,uBAAO,OAAO;AACxB,QAAM,QAAQ,0BAAU,UAAU,EAAE,SAAS,CAAC;AAC9C,QAAM,YAAQ,qBAAS,EAAE,EAAE,SAAS,CAAC;AACrC,SAAO,CAAC,GAAG,OAAO,WAAW,IAAI,CAAC,eAAe,MAAM,QAAQ,UAAU,CAAC,CAAC;AAC5E;AASA,SAAS,MAAM,OAAkB,KAA2B;AAC3D,SAAO,IAAI,QAAQ,KAAK;AACzB;AAWO,SAAS,YACf,OACA,YACA,QAAiB,MACP;AACV,MAAI;AACH,UAAM,IAAI,iBAAiB,YAAY,KAAK;AAC5C,WAAO,0BAAU,UAAU,EAAE,SAAS,CAAC,EAAE,OAAO,KAAK;AAAA,EACtD,QAAQ;AACP,UAAM,IAAI,oCAAuB,oBAAoB;AAAA,EACtD;AACD;AAEA,SAAS,iBAAiB,OAAmB,OAAwB;AACpE,MAAI,OAAO;AACV,WAAO,uBAAO,UAAU,KAAK;AAAA,EAC9B,OAAO;AACN,WAAO,uBAAO,YAAY,KAAK;AAAA,EAChC;AACD;AASO,SAAS,kBACf,qBACA,eACa;AACb,aAAO,kBAAI,qBAAqB,aAAa;AAC9C;AAYO,SAAS,kBAAkB,OAAkB,YAAiC;AACpF,MAAI;AAEH,QAAI,YAAY,OAAO,YAAY,KAAK,GAAG;AAC1C,aAAO;AAAA,IACR;AAAA,EACD,QAAQ;AAAA,EAER;AACA,SAAO,YAAY,OAAO,YAAY,IAAI;AAC3C;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|
package/dist/cjs/kdf.d.ts
CHANGED
|
@@ -27,4 +27,4 @@ export declare enum KeyPurpose {
|
|
|
27
27
|
* @param keyServers The object ids of the key servers.
|
|
28
28
|
* @returns The derived key.
|
|
29
29
|
*/
|
|
30
|
-
export declare function deriveKey(purpose: KeyPurpose, baseKey: Uint8Array, encryptedShares: Uint8Array[], threshold: number, keyServers: string[]): Uint8Array
|
|
30
|
+
export declare function deriveKey(purpose: KeyPurpose, baseKey: Uint8Array, encryptedShares: Uint8Array[], threshold: number, keyServers: string[]): Uint8Array;
|
package/dist/cjs/kdf.js
CHANGED
|
@@ -35,15 +35,19 @@ function hashToG1(id) {
|
|
|
35
35
|
return import_bls12381.G1Element.hashToCurve((0, import_utils.flatten)([DST, id]));
|
|
36
36
|
}
|
|
37
37
|
function kdf(element, nonce, id, objectId, index) {
|
|
38
|
-
if (index < 0 || index > import_utils.MAX_U8) {
|
|
38
|
+
if (!Number.isInteger(index) || index < 0 || index > import_utils.MAX_U8) {
|
|
39
39
|
throw new Error(`Invalid index ${index}`);
|
|
40
40
|
}
|
|
41
|
+
const objectIdBytes = (0, import_bcs.fromHex)(objectId);
|
|
42
|
+
if (objectIdBytes.length !== import_utils.SUI_ADDRESS_LENGTH) {
|
|
43
|
+
throw new Error(`Invalid object id ${objectId}`);
|
|
44
|
+
}
|
|
41
45
|
const hash = import_sha3.sha3_256.create();
|
|
42
46
|
hash.update(KDF_DST);
|
|
43
47
|
hash.update(element.toBytes());
|
|
44
48
|
hash.update(nonce.toBytes());
|
|
45
49
|
hash.update(hashToG1(id).toBytes());
|
|
46
|
-
hash.update(
|
|
50
|
+
hash.update(objectIdBytes);
|
|
47
51
|
hash.update(new Uint8Array([index]));
|
|
48
52
|
return hash.digest();
|
|
49
53
|
}
|
|
@@ -63,16 +67,31 @@ function tag(purpose) {
|
|
|
63
67
|
}
|
|
64
68
|
}
|
|
65
69
|
function deriveKey(purpose, baseKey, encryptedShares, threshold, keyServers) {
|
|
66
|
-
if (threshold <= 0 || threshold > import_utils.MAX_U8) {
|
|
70
|
+
if (!Number.isInteger(threshold) || threshold <= 0 || threshold > import_utils.MAX_U8) {
|
|
67
71
|
throw new Error(`Invalid threshold ${threshold}`);
|
|
68
72
|
}
|
|
73
|
+
if (encryptedShares.length !== keyServers.length) {
|
|
74
|
+
throw new Error(
|
|
75
|
+
`Mismatched shares ${encryptedShares.length} and key servers ${keyServers.length}`
|
|
76
|
+
);
|
|
77
|
+
}
|
|
78
|
+
const keyServerBytes = keyServers.map((keyServer) => (0, import_bcs.fromHex)(keyServer));
|
|
79
|
+
if (keyServerBytes.some((keyServer) => keyServer.length !== import_utils.SUI_ADDRESS_LENGTH)) {
|
|
80
|
+
throw new Error(`Invalid key servers ${keyServers}`);
|
|
81
|
+
}
|
|
82
|
+
if (encryptedShares.some((share) => share.length !== import_utils.ENCRYPTED_SHARE_LENGTH)) {
|
|
83
|
+
throw new Error(`Invalid encrypted shares ${encryptedShares}`);
|
|
84
|
+
}
|
|
85
|
+
if (baseKey.length !== import_utils.KEY_LENGTH) {
|
|
86
|
+
throw new Error(`Invalid base key ${baseKey}`);
|
|
87
|
+
}
|
|
69
88
|
const hash = import_sha3.sha3_256.create();
|
|
70
89
|
hash.update(DERIVE_KEY_DST);
|
|
71
90
|
hash.update(baseKey);
|
|
72
91
|
hash.update(tag(purpose));
|
|
73
92
|
hash.update(new Uint8Array([threshold]));
|
|
74
93
|
encryptedShares.forEach((share) => hash.update(share));
|
|
75
|
-
|
|
94
|
+
keyServerBytes.forEach((keyServer) => hash.update(keyServer));
|
|
76
95
|
return hash.digest();
|
|
77
96
|
}
|
|
78
97
|
//# sourceMappingURL=kdf.js.map
|
package/dist/cjs/kdf.js.map
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../src/kdf.ts"],
|
|
4
|
-
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\nimport { sha3_256 } from '@noble/hashes/sha3';\n\nimport { G1Element } from './bls12381.js';\nimport type { G2Element, GTElement } from './bls12381.js';\nimport {
|
|
5
|
-
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAwB;AACxB,kBAAyB;AAEzB,sBAA0B;AAE1B,
|
|
4
|
+
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\nimport { sha3_256 } from '@noble/hashes/sha3';\n\nimport { G1Element } from './bls12381.js';\nimport type { G2Element, GTElement } from './bls12381.js';\nimport {\n\tENCRYPTED_SHARE_LENGTH,\n\tflatten,\n\tKEY_LENGTH,\n\tMAX_U8,\n\tSUI_ADDRESS_LENGTH,\n} from './utils.js';\n\n/**\n * The domain separation tag for the hash-to-group function.\n */\nconst DST: Uint8Array = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-00');\nconst KDF_DST = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-H2-00');\nconst DERIVE_KEY_DST = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-H3-00');\n\n/**\n * Hash an id to a G1Element.\n *\n * @param id The id to hash.\n * @returns The G1Element.\n */\nexport function hashToG1(id: Uint8Array): G1Element {\n\treturn G1Element.hashToCurve(flatten([DST, id]));\n}\n\n/**\n * The default key derivation function.\n *\n * @returns The derived key.\n */\nexport function kdf(\n\telement: GTElement,\n\tnonce: G2Element,\n\tid: Uint8Array,\n\tobjectId: string,\n\tindex: number,\n): Uint8Array {\n\tif (!Number.isInteger(index) || index < 0 || index > MAX_U8) {\n\t\tthrow new Error(`Invalid index ${index}`);\n\t}\n\tconst objectIdBytes = fromHex(objectId);\n\tif (objectIdBytes.length !== SUI_ADDRESS_LENGTH) {\n\t\tthrow new Error(`Invalid object id ${objectId}`);\n\t}\n\tconst hash = sha3_256.create();\n\thash.update(KDF_DST);\n\thash.update(element.toBytes());\n\thash.update(nonce.toBytes());\n\thash.update(hashToG1(id).toBytes());\n\thash.update(objectIdBytes);\n\thash.update(new Uint8Array([index])); // this is safe because index < 256.\n\treturn hash.digest();\n}\n\nexport enum KeyPurpose {\n\tEncryptedRandomness,\n\tDEM,\n}\n\nfunction tag(purpose: KeyPurpose): Uint8Array {\n\tswitch (purpose) {\n\t\tcase KeyPurpose.EncryptedRandomness:\n\t\t\treturn new Uint8Array([0]);\n\t\tcase KeyPurpose.DEM:\n\t\t\treturn new Uint8Array([1]);\n\t\tdefault:\n\t\t\tthrow new Error(`Invalid key purpose ${purpose}`);\n\t}\n}\n\n/**\n * Derive a key from a base key and a list of encrypted shares.\n *\n * @param purpose The purpose of the key.\n * @param baseKey The base key.\n * @param encryptedShares The encrypted shares.\n * @param threshold The threshold.\n * @param keyServers The object ids of the key servers.\n * @returns The derived key.\n */\nexport function deriveKey(\n\tpurpose: KeyPurpose,\n\tbaseKey: Uint8Array,\n\tencryptedShares: Uint8Array[],\n\tthreshold: number,\n\tkeyServers: string[],\n): Uint8Array {\n\tif (!Number.isInteger(threshold) || threshold <= 0 || threshold > MAX_U8) {\n\t\tthrow new Error(`Invalid threshold ${threshold}`);\n\t}\n\n\tif (encryptedShares.length !== keyServers.length) {\n\t\tthrow new Error(\n\t\t\t`Mismatched shares ${encryptedShares.length} and key servers ${keyServers.length}`,\n\t\t);\n\t}\n\tconst keyServerBytes = keyServers.map((keyServer) => fromHex(keyServer));\n\tif (keyServerBytes.some((keyServer) => keyServer.length !== SUI_ADDRESS_LENGTH)) {\n\t\tthrow new Error(`Invalid key servers ${keyServers}`);\n\t}\n\tif (encryptedShares.some((share) => share.length !== ENCRYPTED_SHARE_LENGTH)) {\n\t\tthrow new Error(`Invalid encrypted shares ${encryptedShares}`);\n\t}\n\n\tif (baseKey.length !== KEY_LENGTH) {\n\t\tthrow new Error(`Invalid base key ${baseKey}`);\n\t}\n\n\tconst hash = sha3_256.create();\n\thash.update(DERIVE_KEY_DST);\n\thash.update(baseKey);\n\thash.update(tag(purpose));\n\thash.update(new Uint8Array([threshold]));\n\tencryptedShares.forEach((share) => hash.update(share));\n\tkeyServerBytes.forEach((keyServer) => hash.update(keyServer));\n\treturn hash.digest();\n}\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAwB;AACxB,kBAAyB;AAEzB,sBAA0B;AAE1B,mBAMO;AAKP,MAAM,MAAkB,IAAI,YAAY,EAAE,OAAO,0BAA0B;AAC3E,MAAM,UAAU,IAAI,YAAY,EAAE,OAAO,6BAA6B;AACtE,MAAM,iBAAiB,IAAI,YAAY,EAAE,OAAO,6BAA6B;AAQtE,SAAS,SAAS,IAA2B;AACnD,SAAO,0BAAU,gBAAY,sBAAQ,CAAC,KAAK,EAAE,CAAC,CAAC;AAChD;AAOO,SAAS,IACf,SACA,OACA,IACA,UACA,OACa;AACb,MAAI,CAAC,OAAO,UAAU,KAAK,KAAK,QAAQ,KAAK,QAAQ,qBAAQ;AAC5D,UAAM,IAAI,MAAM,iBAAiB,KAAK,EAAE;AAAA,EACzC;AACA,QAAM,oBAAgB,oBAAQ,QAAQ;AACtC,MAAI,cAAc,WAAW,iCAAoB;AAChD,UAAM,IAAI,MAAM,qBAAqB,QAAQ,EAAE;AAAA,EAChD;AACA,QAAM,OAAO,qBAAS,OAAO;AAC7B,OAAK,OAAO,OAAO;AACnB,OAAK,OAAO,QAAQ,QAAQ,CAAC;AAC7B,OAAK,OAAO,MAAM,QAAQ,CAAC;AAC3B,OAAK,OAAO,SAAS,EAAE,EAAE,QAAQ,CAAC;AAClC,OAAK,OAAO,aAAa;AACzB,OAAK,OAAO,IAAI,WAAW,CAAC,KAAK,CAAC,CAAC;AACnC,SAAO,KAAK,OAAO;AACpB;AAEO,IAAK,aAAL,kBAAKA,gBAAL;AACN,EAAAA,wBAAA;AACA,EAAAA,wBAAA;AAFW,SAAAA;AAAA,GAAA;AAKZ,SAAS,IAAI,SAAiC;AAC7C,UAAQ,SAAS;AAAA,IAChB,KAAK;AACJ,aAAO,IAAI,WAAW,CAAC,CAAC,CAAC;AAAA,IAC1B,KAAK;AACJ,aAAO,IAAI,WAAW,CAAC,CAAC,CAAC;AAAA,IAC1B;AACC,YAAM,IAAI,MAAM,uBAAuB,OAAO,EAAE;AAAA,EAClD;AACD;AAYO,SAAS,UACf,SACA,SACA,iBACA,WACA,YACa;AACb,MAAI,CAAC,OAAO,UAAU,SAAS,KAAK,aAAa,KAAK,YAAY,qBAAQ;AACzE,UAAM,IAAI,MAAM,qBAAqB,SAAS,EAAE;AAAA,EACjD;AAEA,MAAI,gBAAgB,WAAW,WAAW,QAAQ;AACjD,UAAM,IAAI;AAAA,MACT,qBAAqB,gBAAgB,MAAM,oBAAoB,WAAW,MAAM;AAAA,IACjF;AAAA,EACD;AACA,QAAM,iBAAiB,WAAW,IAAI,CAAC,kBAAc,oBAAQ,SAAS,CAAC;AACvE,MAAI,eAAe,KAAK,CAAC,cAAc,UAAU,WAAW,+BAAkB,GAAG;AAChF,UAAM,IAAI,MAAM,uBAAuB,UAAU,EAAE;AAAA,EACpD;AACA,MAAI,gBAAgB,KAAK,CAAC,UAAU,MAAM,WAAW,mCAAsB,GAAG;AAC7E,UAAM,IAAI,MAAM,4BAA4B,eAAe,EAAE;AAAA,EAC9D;AAEA,MAAI,QAAQ,WAAW,yBAAY;AAClC,UAAM,IAAI,MAAM,oBAAoB,OAAO,EAAE;AAAA,EAC9C;AAEA,QAAM,OAAO,qBAAS,OAAO;AAC7B,OAAK,OAAO,cAAc;AAC1B,OAAK,OAAO,OAAO;AACnB,OAAK,OAAO,IAAI,OAAO,CAAC;AACxB,OAAK,OAAO,IAAI,WAAW,CAAC,SAAS,CAAC,CAAC;AACvC,kBAAgB,QAAQ,CAAC,UAAU,KAAK,OAAO,KAAK,CAAC;AACrD,iBAAe,QAAQ,CAAC,cAAc,KAAK,OAAO,SAAS,CAAC;AAC5D,SAAO,KAAK,OAAO;AACpB;",
|
|
6
6
|
"names": ["KeyPurpose"]
|
|
7
7
|
}
|
package/dist/cjs/shamir.d.ts
CHANGED
|
@@ -15,6 +15,9 @@ export declare class GF256 {
|
|
|
15
15
|
static zero(): GF256;
|
|
16
16
|
static one(): GF256;
|
|
17
17
|
}
|
|
18
|
+
/**
|
|
19
|
+
* A polynomial over the field GF(2⁸).
|
|
20
|
+
*/
|
|
18
21
|
export declare class Polynomial {
|
|
19
22
|
coefficients: GF256[];
|
|
20
23
|
/**
|
|
@@ -22,17 +25,27 @@ export declare class Polynomial {
|
|
|
22
25
|
* The first coefficient is the constant term.
|
|
23
26
|
*/
|
|
24
27
|
constructor(coefficients: GF256[]);
|
|
28
|
+
/**
|
|
29
|
+
* Construct a polynomial from the given bytes.
|
|
30
|
+
* Each byte is a coefficient of the polynomial starting from the constant term.
|
|
31
|
+
*/
|
|
25
32
|
static fromBytes(bytes: Uint8Array): Polynomial;
|
|
26
33
|
degree(): number;
|
|
34
|
+
/** Get the coefficient of the polynomial at the given index. */
|
|
27
35
|
getCoefficient(index: number): GF256;
|
|
36
|
+
/** Add two polynomials. */
|
|
28
37
|
add(other: Polynomial): Polynomial;
|
|
38
|
+
/** Multiply two polynomials. */
|
|
29
39
|
mul(other: Polynomial): Polynomial;
|
|
30
40
|
/** The polynomial s * this. */
|
|
31
41
|
scale(s: GF256): Polynomial;
|
|
42
|
+
/** The polynomial (1 / s) * this. */
|
|
32
43
|
div(s: GF256): Polynomial;
|
|
33
44
|
/** The polynomial x + c. */
|
|
34
45
|
static monic_linear(c: GF256): Polynomial;
|
|
46
|
+
/** The zero polynomial. */
|
|
35
47
|
static zero(): Polynomial;
|
|
48
|
+
/** The polynomial 1. */
|
|
36
49
|
static one(): Polynomial;
|
|
37
50
|
/** Given a set of coordinates, interpolate a polynomial. */
|
|
38
51
|
static interpolate(coordinates: {
|
|
@@ -46,7 +59,6 @@ export declare class Polynomial {
|
|
|
46
59
|
}[]): GF256;
|
|
47
60
|
/** Evaluate the polynomial at x. */
|
|
48
61
|
evaluate(x: GF256): GF256;
|
|
49
|
-
equals(other: Polynomial): boolean;
|
|
50
62
|
}
|
|
51
63
|
/** Representation of a share of a secret. The index is a number between 1 and 255. */
|
|
52
64
|
export type Share = {
|
package/dist/cjs/shamir.js
CHANGED
|
@@ -596,6 +596,10 @@ class Polynomial {
|
|
|
596
596
|
this.coefficients.pop();
|
|
597
597
|
}
|
|
598
598
|
}
|
|
599
|
+
/**
|
|
600
|
+
* Construct a polynomial from the given bytes.
|
|
601
|
+
* Each byte is a coefficient of the polynomial starting from the constant term.
|
|
602
|
+
*/
|
|
599
603
|
static fromBytes(bytes) {
|
|
600
604
|
return new Polynomial(Array.from(bytes, (b) => new GF256(b)));
|
|
601
605
|
}
|
|
@@ -605,12 +609,14 @@ class Polynomial {
|
|
|
605
609
|
}
|
|
606
610
|
return this.coefficients.length - 1;
|
|
607
611
|
}
|
|
612
|
+
/** Get the coefficient of the polynomial at the given index. */
|
|
608
613
|
getCoefficient(index) {
|
|
609
614
|
if (index >= this.coefficients.length) {
|
|
610
615
|
return GF256.zero();
|
|
611
616
|
}
|
|
612
617
|
return this.coefficients[index];
|
|
613
618
|
}
|
|
619
|
+
/** Add two polynomials. */
|
|
614
620
|
add(other) {
|
|
615
621
|
const degree = Math.max(this.degree(), other.degree());
|
|
616
622
|
return new Polynomial(
|
|
@@ -620,6 +626,7 @@ class Polynomial {
|
|
|
620
626
|
)
|
|
621
627
|
);
|
|
622
628
|
}
|
|
629
|
+
/** Multiply two polynomials. */
|
|
623
630
|
mul(other) {
|
|
624
631
|
const degree = this.degree() + other.degree();
|
|
625
632
|
return new Polynomial(
|
|
@@ -638,6 +645,7 @@ class Polynomial {
|
|
|
638
645
|
scale(s) {
|
|
639
646
|
return new Polynomial(this.coefficients.map((c) => c.mul(s)));
|
|
640
647
|
}
|
|
648
|
+
/** The polynomial (1 / s) * this. */
|
|
641
649
|
div(s) {
|
|
642
650
|
return this.scale(new GF256(1).div(s));
|
|
643
651
|
}
|
|
@@ -645,9 +653,11 @@ class Polynomial {
|
|
|
645
653
|
static monic_linear(c) {
|
|
646
654
|
return new Polynomial([c, GF256.one()]);
|
|
647
655
|
}
|
|
656
|
+
/** The zero polynomial. */
|
|
648
657
|
static zero() {
|
|
649
658
|
return new Polynomial([]);
|
|
650
659
|
}
|
|
660
|
+
/** The polynomial 1. */
|
|
651
661
|
static one() {
|
|
652
662
|
return new Polynomial([GF256.one()]);
|
|
653
663
|
}
|
|
@@ -690,12 +700,6 @@ class Polynomial {
|
|
|
690
700
|
evaluate(x) {
|
|
691
701
|
return this.coefficients.toReversed().reduce((sum, coefficient) => sum.mul(x).add(coefficient), GF256.zero());
|
|
692
702
|
}
|
|
693
|
-
equals(other) {
|
|
694
|
-
if (this.coefficients.length !== other.coefficients.length) {
|
|
695
|
-
return false;
|
|
696
|
-
}
|
|
697
|
-
return this.coefficients.every((c, i) => c.equals(other.getCoefficient(i)));
|
|
698
|
-
}
|
|
699
703
|
}
|
|
700
704
|
function toInternalShare(share) {
|
|
701
705
|
return {
|