@novasamatech/statement-store 0.8.4 → 0.8.6

package/dist/session/session.d.ts

@@ -9,7 +9,21 @@ export type SessionParams = {
     statementStore: StatementStoreAdapter;
     encryption: Encryption;
     prover: StatementProver;
+    /**
+     * Keyed-hash input for SessionId derivation:
+     *   SessionId(A, B) = khash(sessionKey, "session" : AccountId(A) : AccountId(B) : "/" : "/")
+     *
+     * Required because blake2b's key length is bounded (≤ 64 bytes) and the
+     * caller must decide what semantically goes here. V1 sessions historically
+     * passed `remoteAccount.publicKey` (33-byte compressed P-256 — fits) which
+     * conflated the encryption pubkey with the session-derivation key. The V2
+     * spec (Mobile SSO v0.2.2) is explicit that SessionId is keyed by the
+     * ECDH-derived shared secret, so V2 callers should pass that 32-byte value
+     * directly. Pass any 32–64 byte material; out-of-range inputs make blake2b
+     * throw.
+     */
+    sessionKey: Uint8Array;
     maxRequestSize?: number;
 };
 export declare function nextExpiry(current: bigint): bigint;
-export declare function createSession({ localAccount, remoteAccount, statementStore, encryption, prover, maxRequestSize, }: SessionParams): Session;
+export declare function createSession({ localAccount, remoteAccount, statementStore, encryption, prover, sessionKey, maxRequestSize, }: SessionParams): Session;

package/dist/session/session.js

@@ -14,9 +14,9 @@ export function nextExpiry(current) {
     const fresh = createExpiryFromDuration(DEFAULT_EXPIRY_DURATION_SECS);
     return fresh > current ? fresh : current + 1n;
 }
-export function createSession({ localAccount, remoteAccount, statementStore, encryption, prover, maxRequestSize = DEFAULT_MAX_REQUEST_SIZE, }) {
-    const outgoingSessionId = createSessionId(remoteAccount.publicKey, localAccount, remoteAccount);
-    const incomingSessionId = createSessionId(remoteAccount.publicKey, remoteAccount, localAccount);
+export function createSession({ localAccount, remoteAccount, statementStore, encryption, prover, sessionKey, maxRequestSize = DEFAULT_MAX_REQUEST_SIZE, }) {
+    const outgoingSessionId = createSessionId(sessionKey, localAccount, remoteAccount);
+    const incomingSessionId = createSessionId(sessionKey, remoteAccount, localAccount);
     const state = {
         phase: 'initialization',
         initError: null,

package/dist/session/session.spec.js

@@ -57,6 +57,9 @@ function makeSession(overrides) {
         statementStore: adapter,
         encryption: mockEncryption(),
         prover: mockProver,
+        // Preserve the pre-refactor SessionId derivation (keyed on the peer's
+        // encryption pubkey) so existing channel/topic assertions hold.
+        sessionKey: remoteAccount.publicKey,
         maxRequestSize,
     });
     return { session, adapter };

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@novasamatech/statement-store",
   "type": "module",
-  "version": "0.8.4",
+  "version": "0.8.6",
   "description": "Statement store integration",
   "license": "Apache-2.0",
   "repository": {
@@ -25,9 +25,9 @@
     "README.md"
   ],
   "dependencies": {
-    "@novasamatech/scale": "0.8.4",
+    "@novasamatech/scale": "0.8.6",
     "@novasamatech/sdk-statement": "^0.6.0",
-    "@novasamatech/substrate-slot-sr25519-wasm": "0.8.4",
+    "@novasamatech/substrate-slot-sr25519-wasm": "0.8.6",
     "@polkadot-api/substrate-bindings": "^0.20.3",
     "@polkadot-api/substrate-client": "^0.7.0",
     "@polkadot-labs/hdkd-helpers": "^0.0.30",