@opendatalabs/vana-sdk 0.1.0-alpha.f9cc6ed → 0.1.0-alpha.fd33fc9

package/dist/crypto/ecies/constants.js

@@ -0,0 +1,101 @@
+const CURVE = {
+  /** The elliptic curve used (secp256k1 - same as Bitcoin/Ethereum) */
+  name: "secp256k1",
+  /** Private key length in bytes */
+  PRIVATE_KEY_LENGTH: 32,
+  /** Compressed public key length in bytes (0x02 or 0x03 prefix + 32 bytes) */
+  COMPRESSED_PUBLIC_KEY_LENGTH: 33,
+  /** Uncompressed public key length in bytes (0x04 prefix + 64 bytes) */
+  UNCOMPRESSED_PUBLIC_KEY_LENGTH: 65,
+  /** ECDH shared secret X coordinate length */
+  SHARED_SECRET_LENGTH: 32,
+  /** Public key prefixes */
+  PREFIX: {
+    /** Uncompressed public key prefix */
+    UNCOMPRESSED: 4,
+    /** Compressed public key prefix for even Y */
+    COMPRESSED_EVEN: 2,
+    /** Compressed public key prefix for odd Y */
+    COMPRESSED_ODD: 3
+  },
+  /** X coordinate starts at byte 1 (after prefix) */
+  X_COORDINATE_OFFSET: 1,
+  /** X coordinate ends at byte 33 (1 + 32) */
+  X_COORDINATE_END: 33
+};
+const CIPHER = {
+  /** Cipher algorithm - must match eccrypto */
+  algorithm: "aes-256-cbc",
+  /** AES key length in bytes */
+  KEY_LENGTH: 32,
+  /** Initialization vector length in bytes */
+  IV_LENGTH: 16,
+  /** Block size for AES */
+  BLOCK_SIZE: 16
+};
+const KDF = {
+  /** Hash algorithm for key derivation - must match eccrypto */
+  algorithm: "sha512",
+  /** Output length of SHA-512 in bytes */
+  OUTPUT_LENGTH: 64,
+  /** Encryption key slice (first 32 bytes of KDF output) */
+  ENCRYPTION_KEY_OFFSET: 0,
+  ENCRYPTION_KEY_LENGTH: 32,
+  /** MAC key slice (last 32 bytes of KDF output) */
+  MAC_KEY_OFFSET: 32,
+  MAC_KEY_LENGTH: 32
+};
+const MAC = {
+  /** MAC algorithm - must match eccrypto */
+  algorithm: "sha256",
+  /** HMAC-SHA256 output length in bytes */
+  LENGTH: 32
+};
+const FORMAT = {
+  /** Offsets for each component in serialized format */
+  IV_OFFSET: 0,
+  IV_LENGTH: CIPHER.IV_LENGTH,
+  /** Ephemeral public key (always uncompressed in eccrypto format) */
+  EPHEMERAL_KEY_OFFSET: CIPHER.IV_LENGTH,
+  EPHEMERAL_KEY_LENGTH: CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,
+  /** Ciphertext starts after IV and ephemeral key */
+  CIPHERTEXT_OFFSET: CIPHER.IV_LENGTH + CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,
+  /** MAC is always the last 32 bytes */
+  MAC_LENGTH: MAC.LENGTH,
+  /** Minimum size of encrypted data (IV + ephemKey + MAC, no ciphertext) */
+  MIN_ENCRYPTED_LENGTH: CIPHER.IV_LENGTH + CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH + MAC.LENGTH,
+  /**
+   * Helper to calculate total length of encrypted data
+   *
+   * @param ciphertextLength - Length of the ciphertext portion
+   * @returns Total length including all components
+   */
+  getTotalLength: (ciphertextLength) => CIPHER.IV_LENGTH + CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH + ciphertextLength + MAC.LENGTH
+};
+const SECURITY = {
+  /** Overwrite patterns for secure data clearing */
+  CLEAR_PATTERNS: {
+    ZEROS: 0,
+    ONES: 255,
+    /** Pattern multiplier for third pass */
+    PATTERN_MULTIPLIER: 7,
+    /** Pattern offset for third pass */
+    PATTERN_OFFSET: 13
+  }
+};
+const VALIDATION = {
+  isValidPrivateKey: (key) => key.length === CURVE.PRIVATE_KEY_LENGTH,
+  isValidPublicKey: (key) => key.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH || key.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,
+  isCompressedPublicKey: (key) => key.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH && (key[0] === CURVE.PREFIX.COMPRESSED_EVEN || key[0] === CURVE.PREFIX.COMPRESSED_ODD),
+  isUncompressedPublicKey: (key) => key.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH && key[0] === CURVE.PREFIX.UNCOMPRESSED
+};
+export {
+  CIPHER,
+  CURVE,
+  FORMAT,
+  KDF,
+  MAC,
+  SECURITY,
+  VALIDATION
+};
+//# sourceMappingURL=constants.js.map

package/dist/crypto/ecies/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/crypto/ecies/constants.ts"],"sourcesContent":["/**\n * ECIES Constants and Format Specification\n *\n * These constants define the eccrypto-compatible ECIES format used throughout the SDK.\n * Maintaining these exact values ensures backward compatibility with data encrypted\n * using the original eccrypto library.\n */\n\n/**\n * Elliptic curve parameters\n */\nexport const CURVE = {\n  /** The elliptic curve used (secp256k1 - same as Bitcoin/Ethereum) */\n  name: \"secp256k1\",\n  /** Private key length in bytes */\n  PRIVATE_KEY_LENGTH: 32,\n  /** Compressed public key length in bytes (0x02 or 0x03 prefix + 32 bytes) */\n  COMPRESSED_PUBLIC_KEY_LENGTH: 33,\n  /** Uncompressed public key length in bytes (0x04 prefix + 64 bytes) */\n  UNCOMPRESSED_PUBLIC_KEY_LENGTH: 65,\n  /** ECDH shared secret X coordinate length */\n  SHARED_SECRET_LENGTH: 32,\n  /** Public key prefixes */\n  PREFIX: {\n    /** Uncompressed public key prefix */\n    UNCOMPRESSED: 0x04,\n    /** Compressed public key prefix for even Y */\n    COMPRESSED_EVEN: 0x02,\n    /** Compressed public key prefix for odd Y */\n    COMPRESSED_ODD: 0x03,\n  },\n  /** X coordinate starts at byte 1 (after prefix) */\n  X_COORDINATE_OFFSET: 1,\n  /** X coordinate ends at byte 33 (1 + 32) */\n  X_COORDINATE_END: 33,\n} as const;\n\n/**\n * Symmetric encryption parameters (AES-256-CBC)\n */\nexport const CIPHER = {\n  /** Cipher algorithm - must match eccrypto */\n  algorithm: \"aes-256-cbc\",\n  /** AES key length in bytes */\n  KEY_LENGTH: 32,\n  /** Initialization vector length in bytes */\n  IV_LENGTH: 16,\n  /** Block size for AES */\n  BLOCK_SIZE: 16,\n} as const;\n\n/**\n * Key derivation function parameters\n */\nexport const KDF = {\n  /** Hash algorithm for key derivation - must match eccrypto */\n  algorithm: \"sha512\",\n  /** Output length of SHA-512 in bytes */\n  OUTPUT_LENGTH: 64,\n  /** Encryption key slice (first 32 bytes of KDF output) */\n  ENCRYPTION_KEY_OFFSET: 0,\n  ENCRYPTION_KEY_LENGTH: 32,\n  /** MAC key slice (last 32 bytes of KDF output) */\n  MAC_KEY_OFFSET: 32,\n  MAC_KEY_LENGTH: 32,\n} as const;\n\n/**\n * Message authentication code parameters\n */\nexport const MAC = {\n  /** MAC algorithm - must match eccrypto */\n  algorithm: \"sha256\",\n  /** HMAC-SHA256 output length in bytes */\n  LENGTH: 32,\n} as const;\n\n/**\n * ECIES encrypted data format offsets and lengths\n * Format: [iv(16)][ephemPublicKey(65)][ciphertext(variable)][mac(32)]\n */\nexport const FORMAT = {\n  /** Offsets for each component in serialized format */\n  IV_OFFSET: 0,\n  IV_LENGTH: CIPHER.IV_LENGTH,\n\n  /** Ephemeral public key (always uncompressed in eccrypto format) */\n  EPHEMERAL_KEY_OFFSET: CIPHER.IV_LENGTH,\n  EPHEMERAL_KEY_LENGTH: CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,\n\n  /** Ciphertext starts after IV and ephemeral key */\n  CIPHERTEXT_OFFSET: CIPHER.IV_LENGTH + CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,\n\n  /** MAC is always the last 32 bytes */\n  MAC_LENGTH: MAC.LENGTH,\n\n  /** Minimum size of encrypted data (IV + ephemKey + MAC, no ciphertext) */\n  MIN_ENCRYPTED_LENGTH:\n    CIPHER.IV_LENGTH + CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH + MAC.LENGTH,\n\n  /**\n   * Helper to calculate total length of encrypted data\n   *\n   * @param ciphertextLength - Length of the ciphertext portion\n   * @returns Total length including all components\n   */\n  getTotalLength: (ciphertextLength: number) =>\n    CIPHER.IV_LENGTH +\n    CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH +\n    ciphertextLength +\n    MAC.LENGTH,\n} as const;\n\n/**\n * Security constants for data clearing\n */\nexport const SECURITY = {\n  /** Overwrite patterns for secure data clearing */\n  CLEAR_PATTERNS: {\n    ZEROS: 0x00,\n    ONES: 0xff,\n    /** Pattern multiplier for third pass */\n    PATTERN_MULTIPLIER: 7,\n    /** Pattern offset for third pass */\n    PATTERN_OFFSET: 13,\n  },\n} as const;\n\n/**\n * Validation helpers\n */\nexport const VALIDATION = {\n  isValidPrivateKey: (key: Uint8Array): boolean =>\n    key.length === CURVE.PRIVATE_KEY_LENGTH,\n\n  isValidPublicKey: (key: Uint8Array): boolean =>\n    key.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH ||\n    key.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,\n\n  isCompressedPublicKey: (key: Uint8Array): boolean =>\n    key.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH &&\n    (key[0] === CURVE.PREFIX.COMPRESSED_EVEN ||\n      key[0] === CURVE.PREFIX.COMPRESSED_ODD),\n\n  isUncompressedPublicKey: (key: Uint8Array): boolean =>\n    key.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH &&\n    key[0] === CURVE.PREFIX.UNCOMPRESSED,\n} as const;\n"],"mappings":"AAWO,MAAM,QAAQ;AAAA;AAAA,EAEnB,MAAM;AAAA;AAAA,EAEN,oBAAoB;AAAA;AAAA,EAEpB,8BAA8B;AAAA;AAAA,EAE9B,gCAAgC;AAAA;AAAA,EAEhC,sBAAsB;AAAA;AAAA,EAEtB,QAAQ;AAAA;AAAA,IAEN,cAAc;AAAA;AAAA,IAEd,iBAAiB;AAAA;AAAA,IAEjB,gBAAgB;AAAA,EAClB;AAAA;AAAA,EAEA,qBAAqB;AAAA;AAAA,EAErB,kBAAkB;AACpB;AAKO,MAAM,SAAS;AAAA;AAAA,EAEpB,WAAW;AAAA;AAAA,EAEX,YAAY;AAAA;AAAA,EAEZ,WAAW;AAAA;AAAA,EAEX,YAAY;AACd;AAKO,MAAM,MAAM;AAAA;AAAA,EAEjB,WAAW;AAAA;AAAA,EAEX,eAAe;AAAA;AAAA,EAEf,uBAAuB;AAAA,EACvB,uBAAuB;AAAA;AAAA,EAEvB,gBAAgB;AAAA,EAChB,gBAAgB;AAClB;AAKO,MAAM,MAAM;AAAA;AAAA,EAEjB,WAAW;AAAA;AAAA,EAEX,QAAQ;AACV;AAMO,MAAM,SAAS;AAAA;AAAA,EAEpB,WAAW;AAAA,EACX,WAAW,OAAO;AAAA;AAAA,EAGlB,sBAAsB,OAAO;AAAA,EAC7B,sBAAsB,MAAM;AAAA;AAAA,EAG5B,mBAAmB,OAAO,YAAY,MAAM;AAAA;AAAA,EAG5C,YAAY,IAAI;AAAA;AAAA,EAGhB,sBACE,OAAO,YAAY,MAAM,iCAAiC,IAAI;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQhE,gBAAgB,CAAC,qBACf,OAAO,YACP,MAAM,iCACN,mBACA,IAAI;AACR;AAKO,MAAM,WAAW;AAAA;AAAA,EAEtB,gBAAgB;AAAA,IACd,OAAO;AAAA,IACP,MAAM;AAAA;AAAA,IAEN,oBAAoB;AAAA;AAAA,IAEpB,gBAAgB;AAAA,EAClB;AACF;AAKO,MAAM,aAAa;AAAA,EACxB,mBAAmB,CAAC,QAClB,IAAI,WAAW,MAAM;AAAA,EAEvB,kBAAkB,CAAC,QACjB,IAAI,WAAW,MAAM,gCACrB,IAAI,WAAW,MAAM;AAAA,EAEvB,uBAAuB,CAAC,QACtB,IAAI,WAAW,MAAM,iCACpB,IAAI,CAAC,MAAM,MAAM,OAAO,mBACvB,IAAI,CAAC,MAAM,MAAM,OAAO;AAAA,EAE5B,yBAAyB,CAAC,QACxB,IAAI,WAAW,MAAM,kCACrB,IAAI,CAAC,MAAM,MAAM,OAAO;AAC5B;","names":[]}

package/dist/crypto/ecies/index.cjs

@@ -0,0 +1,35 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var ecies_exports = {};
+__export(ecies_exports, {
+  ECIESError: () => import_interface.ECIESError,
+  deserializeECIES: () => import_interface.deserializeECIES,
+  isECIESEncrypted: () => import_interface.isECIESEncrypted,
+  serializeECIES: () => import_interface.serializeECIES
+});
+module.exports = __toCommonJS(ecies_exports);
+var import_interface = require("./interface");
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ECIESError,
+  deserializeECIES,
+  isECIESEncrypted,
+  serializeECIES
+});
+//# sourceMappingURL=index.cjs.map

package/dist/crypto/ecies/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/crypto/ecies/index.ts"],"sourcesContent":["/**\n * ECIES Module Entry Point\n *\n * Exports interface and utilities for ECIES encryption/decryption\n * Platform-specific implementations are imported separately\n */\n\nexport type { ECIESProvider, ECIESEncrypted, ECIESOptions } from \"./interface\";\n\nexport {\n  ECIESError,\n  isECIESEncrypted,\n  serializeECIES,\n  deserializeECIES,\n} from \"./interface\";\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AASA,uBAKO;","names":[]}

package/dist/crypto/ecies/index.d.ts

@@ -0,0 +1,8 @@
+/**
+ * ECIES Module Entry Point
+ *
+ * Exports interface and utilities for ECIES encryption/decryption
+ * Platform-specific implementations are imported separately
+ */
+export type { ECIESProvider, ECIESEncrypted, ECIESOptions } from "./interface";
+export { ECIESError, isECIESEncrypted, serializeECIES, deserializeECIES, } from "./interface";

package/dist/crypto/ecies/index.js

@@ -0,0 +1,13 @@
+import {
+  ECIESError,
+  isECIESEncrypted,
+  serializeECIES,
+  deserializeECIES
+} from "./interface";
+export {
+  ECIESError,
+  deserializeECIES,
+  isECIESEncrypted,
+  serializeECIES
+};
+//# sourceMappingURL=index.js.map

package/dist/crypto/ecies/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/crypto/ecies/index.ts"],"sourcesContent":["/**\n * ECIES Module Entry Point\n *\n * Exports interface and utilities for ECIES encryption/decryption\n * Platform-specific implementations are imported separately\n */\n\nexport type { ECIESProvider, ECIESEncrypted, ECIESOptions } from \"./interface\";\n\nexport {\n  ECIESError,\n  isECIESEncrypted,\n  serializeECIES,\n  deserializeECIES,\n} from \"./interface\";\n"],"mappings":"AASA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;","names":[]}

package/dist/crypto/ecies/interface.cjs

@@ -0,0 +1,87 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var interface_exports = {};
+__export(interface_exports, {
+  ECIESError: () => ECIESError,
+  deserializeECIES: () => deserializeECIES,
+  isECIESEncrypted: () => isECIESEncrypted,
+  serializeECIES: () => serializeECIES
+});
+module.exports = __toCommonJS(interface_exports);
+var import_constants = require("./constants");
+var import_viem = require("viem");
+class ECIESError extends Error {
+  constructor(message, code, cause) {
+    super(message);
+    this.code = code;
+    this.cause = cause;
+    this.name = "ECIESError";
+  }
+}
+function isECIESEncrypted(obj) {
+  if (!obj || typeof obj !== "object") return false;
+  const enc = obj;
+  const isUint8Array = (value) => {
+    return value instanceof Uint8Array || typeof Buffer !== "undefined" && Buffer.isBuffer(value);
+  };
+  return isUint8Array(enc.iv) && enc.iv.length === import_constants.CIPHER.IV_LENGTH && isUint8Array(enc.ephemPublicKey) && (enc.ephemPublicKey.length === import_constants.CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH || enc.ephemPublicKey.length === import_constants.CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) && isUint8Array(enc.ciphertext) && enc.ciphertext.length > 0 && isUint8Array(enc.mac) && enc.mac.length === import_constants.MAC.LENGTH;
+}
+function serializeECIES(encrypted) {
+  const combined = new Uint8Array(
+    encrypted.iv.length + encrypted.ephemPublicKey.length + encrypted.ciphertext.length + encrypted.mac.length
+  );
+  let offset = 0;
+  combined.set(encrypted.iv, offset);
+  offset += encrypted.iv.length;
+  combined.set(encrypted.ephemPublicKey, offset);
+  offset += encrypted.ephemPublicKey.length;
+  combined.set(encrypted.ciphertext, offset);
+  offset += encrypted.ciphertext.length;
+  combined.set(encrypted.mac, offset);
+  return (0, import_viem.toHex)(combined).slice(2);
+}
+function deserializeECIES(hex) {
+  const hexWithPrefix = hex.startsWith("0x") ? hex : `0x${hex}`;
+  const bytes = (0, import_viem.fromHex)(hexWithPrefix, "bytes");
+  const ephemKeySize = bytes[import_constants.FORMAT.EPHEMERAL_KEY_OFFSET] === import_constants.CURVE.PREFIX.UNCOMPRESSED ? import_constants.CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH : import_constants.CURVE.COMPRESSED_PUBLIC_KEY_LENGTH;
+  const minLength = import_constants.FORMAT.IV_LENGTH + ephemKeySize + import_constants.MAC.LENGTH + 1;
+  if (bytes.length < minLength) {
+    throw new ECIESError("Invalid ECIES data: too short", "DECRYPTION_FAILED");
+  }
+  return {
+    iv: bytes.subarray(import_constants.FORMAT.IV_OFFSET, import_constants.FORMAT.IV_OFFSET + import_constants.FORMAT.IV_LENGTH),
+    ephemPublicKey: bytes.subarray(
+      import_constants.FORMAT.EPHEMERAL_KEY_OFFSET,
+      import_constants.FORMAT.EPHEMERAL_KEY_OFFSET + ephemKeySize
+    ),
+    ciphertext: bytes.subarray(
+      import_constants.FORMAT.EPHEMERAL_KEY_OFFSET + ephemKeySize,
+      bytes.length - import_constants.MAC.LENGTH
+    ),
+    mac: bytes.subarray(bytes.length - import_constants.MAC.LENGTH)
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ECIESError,
+  deserializeECIES,
+  isECIESEncrypted,
+  serializeECIES
+});
+//# sourceMappingURL=interface.cjs.map

package/dist/crypto/ecies/interface.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/crypto/ecies/interface.ts"],"sourcesContent":["/**\n * ECIES (Elliptic Curve Integrated Encryption Scheme) Interface\n *\n * @remarks\n * Defines the contract for platform-specific ECIES implementations.\n * All implementations maintain compatibility with the eccrypto format to ensure\n * backward compatibility with existing encrypted data.\n *\n * **Format specification:**\n * `[iv (16 bytes)][ephemPublicKey (65 bytes)][ciphertext (variable)][mac (32 bytes)]`\n *\n * @category Cryptography\n */\n\nimport { CIPHER, CURVE, MAC, FORMAT } from \"./constants\";\nimport { fromHex, toHex } from \"viem\";\n\n/**\n * Represents ECIES encrypted data in eccrypto-compatible format.\n *\n * @remarks\n * This structure maintains backward compatibility with data encrypted using\n * the legacy eccrypto library.\n */\nexport interface ECIESEncrypted {\n  /** Initialization vector (16 bytes) */\n  iv: Uint8Array;\n  /** Ephemeral public key (65 bytes uncompressed) */\n  ephemPublicKey: Uint8Array;\n  /** Encrypted data */\n  ciphertext: Uint8Array;\n  /** Message authentication code (32 bytes) */\n  mac: Uint8Array;\n}\n\n/**\n * Provides ECIES encryption and decryption operations.\n *\n * @remarks\n * Platform-specific implementations handle the underlying cryptographic primitives\n * while maintaining consistent data format across environments.\n *\n * @category Cryptography\n */\nexport interface ECIESProvider {\n  /**\n   * Encrypts data using ECIES with secp256k1.\n   *\n   * @param publicKey - Recipient's public key (65 bytes uncompressed or 33 bytes compressed).\n   *   Obtain via `vana.server.getIdentity(userAddress).public_key`.\n   * @param message - Data to encrypt.\n   * @returns Encrypted data structure compatible with eccrypto format.\n   * @throws {ECIESError} When public key is invalid.\n   *   Verify key format matches secp256k1 requirements.\n   *\n   * @example\n   * ```typescript\n   * const encrypted = await provider.encrypt(\n   *   fromHex(publicKey, 'bytes'),\n   *   new TextEncoder().encode('sensitive data')\n   * );\n   * ```\n   */\n  encrypt(publicKey: Uint8Array, message: Uint8Array): Promise<ECIESEncrypted>;\n\n  /**\n   * Decrypts ECIES encrypted data.\n   *\n   * @param privateKey - Recipient's private key (32 bytes).\n   * @param encrypted - Encrypted data structure from `encrypt()` or legacy eccrypto.\n   * @returns Decrypted message as Uint8Array.\n   * @throws {ECIESError} When MAC verification fails.\n   *   Ensure the private key matches the public key used for encryption.\n   *\n   * @example\n   * ```typescript\n   * const decrypted = await provider.decrypt(\n   *   fromHex(privateKey, 'bytes'),\n   *   encrypted\n   * );\n   * const message = new TextDecoder().decode(decrypted);\n   * ```\n   */\n  decrypt(\n    privateKey: Uint8Array,\n    encrypted: ECIESEncrypted,\n  ): Promise<Uint8Array>;\n\n  /**\n   * Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).\n   *\n   * @remarks\n   * Strict policy: Only accepts properly formatted compressed (33 bytes) or\n   * uncompressed (65 bytes) public keys. Does not accept 64-byte raw coordinates\n   * to ensure data integrity and prevent masking of malformed inputs.\n   *\n   * @param publicKey - Public key in compressed or uncompressed format\n   * @returns Normalized uncompressed public key (65 bytes with 0x04 prefix)\n   * @throws {Error} When public key format is invalid, including raw coordinates (64 bytes)\n   * @throws {Error} When decompression of compressed key fails\n   *\n   * @example\n   * ```typescript\n   * // Compressed key (33 bytes)\n   * const compressed = new Uint8Array(33);\n   * compressed[0] = 0x02;\n   * const uncompressed = provider.normalizeToUncompressed(compressed);\n   * console.log(uncompressed.length); // 65\n   * console.log(uncompressed[0]); // 0x04\n   *\n   * // Already uncompressed (65 bytes)\n   * const already = provider.normalizeToUncompressed(uncompressedKey);\n   * console.log(already === uncompressedKey); // true (returns same reference)\n   *\n   * // Raw coordinates rejected (64 bytes)\n   * const raw = new Uint8Array(64);\n   * provider.normalizeToUncompressed(raw); // Throws error\n   * ```\n   */\n  normalizeToUncompressed(publicKey: Uint8Array): Uint8Array;\n}\n\n/**\n * Configures ECIES operation behavior.\n */\nexport interface ECIESOptions {\n  /** Use compressed public keys (33 bytes) instead of uncompressed (65 bytes) */\n  useCompressed?: boolean;\n}\n\n/**\n * Represents failures in ECIES cryptographic operations.\n *\n * @remarks\n * Provides specific error codes to help identify and recover from\n * different failure scenarios.\n *\n * @category Errors\n */\nexport class ECIESError extends Error {\n  constructor(\n    message: string,\n    public readonly code:\n      | \"INVALID_KEY\"\n      | \"ENCRYPTION_FAILED\"\n      | \"DECRYPTION_FAILED\"\n      | \"MAC_MISMATCH\"\n      | \"ECDH_FAILED\",\n    public override readonly cause?: Error,\n  ) {\n    super(message);\n    this.name = \"ECIESError\";\n  }\n}\n\n/**\n * Validates if an object conforms to the ECIESEncrypted structure.\n *\n * @param obj - Object to validate.\n * @returns `true` if object is a valid ECIESEncrypted structure.\n *\n * @example\n * ```typescript\n * if (isECIESEncrypted(data)) {\n *   const decrypted = await provider.decrypt(privateKey, data);\n * }\n * ```\n */\nexport function isECIESEncrypted(obj: unknown): obj is ECIESEncrypted {\n  if (!obj || typeof obj !== \"object\") return false;\n  const enc = obj as Record<string, unknown>;\n\n  const isUint8Array = (value: unknown): value is Uint8Array => {\n    return (\n      value instanceof Uint8Array ||\n      (typeof Buffer !== \"undefined\" && Buffer.isBuffer(value))\n    );\n  };\n\n  return (\n    isUint8Array(enc.iv) &&\n    enc.iv.length === CIPHER.IV_LENGTH &&\n    isUint8Array(enc.ephemPublicKey) &&\n    (enc.ephemPublicKey.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH ||\n      enc.ephemPublicKey.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) &&\n    isUint8Array(enc.ciphertext) &&\n    enc.ciphertext.length > 0 &&\n    isUint8Array(enc.mac) &&\n    enc.mac.length === MAC.LENGTH\n  );\n}\n\n/**\n * Serializes ECIESEncrypted to hex string for storage or transmission.\n *\n * @param encrypted - Encrypted data structure from `encrypt()`.\n * @returns Hex string representation.\n *\n * @example\n * ```typescript\n * const hexString = serializeECIES(encrypted);\n * // Store hexString in database or send over network\n * ```\n */\nexport function serializeECIES(encrypted: ECIESEncrypted): string {\n  const combined = new Uint8Array(\n    encrypted.iv.length +\n      encrypted.ephemPublicKey.length +\n      encrypted.ciphertext.length +\n      encrypted.mac.length,\n  );\n\n  let offset = 0;\n  combined.set(encrypted.iv, offset);\n  offset += encrypted.iv.length;\n  combined.set(encrypted.ephemPublicKey, offset);\n  offset += encrypted.ephemPublicKey.length;\n  combined.set(encrypted.ciphertext, offset);\n  offset += encrypted.ciphertext.length;\n  combined.set(encrypted.mac, offset);\n\n  return toHex(combined).slice(2);\n}\n\n/**\n * Deserializes hex string to ECIESEncrypted structure.\n *\n * @param hex - Hex string from `serializeECIES()` or storage.\n * @returns ECIESEncrypted structure ready for decryption.\n * @throws {ECIESError} When hex string format is invalid.\n *   Verify the hex string is complete and uncorrupted.\n *\n * @example\n * ```typescript\n * const encrypted = deserializeECIES(hexString);\n * const decrypted = await provider.decrypt(privateKey, encrypted);\n * ```\n */\nexport function deserializeECIES(hex: string): ECIESEncrypted {\n  const hexWithPrefix = hex.startsWith(\"0x\") ? hex : `0x${hex}`;\n  const bytes = fromHex(hexWithPrefix as `0x${string}`, \"bytes\");\n\n  // Determine ephemPublicKey size based on prefix\n  const ephemKeySize =\n    bytes[FORMAT.EPHEMERAL_KEY_OFFSET] === CURVE.PREFIX.UNCOMPRESSED\n      ? CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH\n      : CURVE.COMPRESSED_PUBLIC_KEY_LENGTH;\n\n  const minLength = FORMAT.IV_LENGTH + ephemKeySize + MAC.LENGTH + 1; // +1 for at least 1 byte of ciphertext\n  if (bytes.length < minLength) {\n    throw new ECIESError(\"Invalid ECIES data: too short\", \"DECRYPTION_FAILED\");\n  }\n\n  return {\n    iv: bytes.subarray(FORMAT.IV_OFFSET, FORMAT.IV_OFFSET + FORMAT.IV_LENGTH),\n    ephemPublicKey: bytes.subarray(\n      FORMAT.EPHEMERAL_KEY_OFFSET,\n      FORMAT.EPHEMERAL_KEY_OFFSET + ephemKeySize,\n    ),\n    ciphertext: bytes.subarray(\n      FORMAT.EPHEMERAL_KEY_OFFSET + ephemKeySize,\n      bytes.length - MAC.LENGTH,\n    ),\n    mac: bytes.subarray(bytes.length - MAC.LENGTH),\n  };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAcA,uBAA2C;AAC3C,kBAA+B;AA4HxB,MAAM,mBAAmB,MAAM;AAAA,EACpC,YACE,SACgB,MAMS,OACzB;AACA,UAAM,OAAO;AARG;AAMS;AAGzB,SAAK,OAAO;AAAA,EACd;AACF;AAeO,SAAS,iBAAiB,KAAqC;AACpE,MAAI,CAAC,OAAO,OAAO,QAAQ,SAAU,QAAO;AAC5C,QAAM,MAAM;AAEZ,QAAM,eAAe,CAAC,UAAwC;AAC5D,WACE,iBAAiB,cAChB,OAAO,WAAW,eAAe,OAAO,SAAS,KAAK;AAAA,EAE3D;AAEA,SACE,aAAa,IAAI,EAAE,KACnB,IAAI,GAAG,WAAW,wBAAO,aACzB,aAAa,IAAI,cAAc,MAC9B,IAAI,eAAe,WAAW,uBAAM,kCACnC,IAAI,eAAe,WAAW,uBAAM,iCACtC,aAAa,IAAI,UAAU,KAC3B,IAAI,WAAW,SAAS,KACxB,aAAa,IAAI,GAAG,KACpB,IAAI,IAAI,WAAW,qBAAI;AAE3B;AAcO,SAAS,eAAe,WAAmC;AAChE,QAAM,WAAW,IAAI;AAAA,IACnB,UAAU,GAAG,SACX,UAAU,eAAe,SACzB,UAAU,WAAW,SACrB,UAAU,IAAI;AAAA,EAClB;AAEA,MAAI,SAAS;AACb,WAAS,IAAI,UAAU,IAAI,MAAM;AACjC,YAAU,UAAU,GAAG;AACvB,WAAS,IAAI,UAAU,gBAAgB,MAAM;AAC7C,YAAU,UAAU,eAAe;AACnC,WAAS,IAAI,UAAU,YAAY,MAAM;AACzC,YAAU,UAAU,WAAW;AAC/B,WAAS,IAAI,UAAU,KAAK,MAAM;AAElC,aAAO,mBAAM,QAAQ,EAAE,MAAM,CAAC;AAChC;AAgBO,SAAS,iBAAiB,KAA6B;AAC5D,QAAM,gBAAgB,IAAI,WAAW,IAAI,IAAI,MAAM,KAAK,GAAG;AAC3D,QAAM,YAAQ,qBAAQ,eAAgC,OAAO;AAG7D,QAAM,eACJ,MAAM,wBAAO,oBAAoB,MAAM,uBAAM,OAAO,eAChD,uBAAM,iCACN,uBAAM;AAEZ,QAAM,YAAY,wBAAO,YAAY,eAAe,qBAAI,SAAS;AACjE,MAAI,MAAM,SAAS,WAAW;AAC5B,UAAM,IAAI,WAAW,iCAAiC,mBAAmB;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI,MAAM,SAAS,wBAAO,WAAW,wBAAO,YAAY,wBAAO,SAAS;AAAA,IACxE,gBAAgB,MAAM;AAAA,MACpB,wBAAO;AAAA,MACP,wBAAO,uBAAuB;AAAA,IAChC;AAAA,IACA,YAAY,MAAM;AAAA,MAChB,wBAAO,uBAAuB;AAAA,MAC9B,MAAM,SAAS,qBAAI;AAAA,IACrB;AAAA,IACA,KAAK,MAAM,SAAS,MAAM,SAAS,qBAAI,MAAM;AAAA,EAC/C;AACF;","names":[]}

package/dist/crypto/ecies/interface.d.ts

@@ -0,0 +1,174 @@
+/**
+ * ECIES (Elliptic Curve Integrated Encryption Scheme) Interface
+ *
+ * @remarks
+ * Defines the contract for platform-specific ECIES implementations.
+ * All implementations maintain compatibility with the eccrypto format to ensure
+ * backward compatibility with existing encrypted data.
+ *
+ * **Format specification:**
+ * `[iv (16 bytes)][ephemPublicKey (65 bytes)][ciphertext (variable)][mac (32 bytes)]`
+ *
+ * @category Cryptography
+ */
+/**
+ * Represents ECIES encrypted data in eccrypto-compatible format.
+ *
+ * @remarks
+ * This structure maintains backward compatibility with data encrypted using
+ * the legacy eccrypto library.
+ */
+export interface ECIESEncrypted {
+    /** Initialization vector (16 bytes) */
+    iv: Uint8Array;
+    /** Ephemeral public key (65 bytes uncompressed) */
+    ephemPublicKey: Uint8Array;
+    /** Encrypted data */
+    ciphertext: Uint8Array;
+    /** Message authentication code (32 bytes) */
+    mac: Uint8Array;
+}
+/**
+ * Provides ECIES encryption and decryption operations.
+ *
+ * @remarks
+ * Platform-specific implementations handle the underlying cryptographic primitives
+ * while maintaining consistent data format across environments.
+ *
+ * @category Cryptography
+ */
+export interface ECIESProvider {
+    /**
+     * Encrypts data using ECIES with secp256k1.
+     *
+     * @param publicKey - Recipient's public key (65 bytes uncompressed or 33 bytes compressed).
+     *   Obtain via `vana.server.getIdentity(userAddress).public_key`.
+     * @param message - Data to encrypt.
+     * @returns Encrypted data structure compatible with eccrypto format.
+     * @throws {ECIESError} When public key is invalid.
+     *   Verify key format matches secp256k1 requirements.
+     *
+     * @example
+     * ```typescript
+     * const encrypted = await provider.encrypt(
+     *   fromHex(publicKey, 'bytes'),
+     *   new TextEncoder().encode('sensitive data')
+     * );
+     * ```
+     */
+    encrypt(publicKey: Uint8Array, message: Uint8Array): Promise<ECIESEncrypted>;
+    /**
+     * Decrypts ECIES encrypted data.
+     *
+     * @param privateKey - Recipient's private key (32 bytes).
+     * @param encrypted - Encrypted data structure from `encrypt()` or legacy eccrypto.
+     * @returns Decrypted message as Uint8Array.
+     * @throws {ECIESError} When MAC verification fails.
+     *   Ensure the private key matches the public key used for encryption.
+     *
+     * @example
+     * ```typescript
+     * const decrypted = await provider.decrypt(
+     *   fromHex(privateKey, 'bytes'),
+     *   encrypted
+     * );
+     * const message = new TextDecoder().decode(decrypted);
+     * ```
+     */
+    decrypt(privateKey: Uint8Array, encrypted: ECIESEncrypted): Promise<Uint8Array>;
+    /**
+     * Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).
+     *
+     * @remarks
+     * Strict policy: Only accepts properly formatted compressed (33 bytes) or
+     * uncompressed (65 bytes) public keys. Does not accept 64-byte raw coordinates
+     * to ensure data integrity and prevent masking of malformed inputs.
+     *
+     * @param publicKey - Public key in compressed or uncompressed format
+     * @returns Normalized uncompressed public key (65 bytes with 0x04 prefix)
+     * @throws {Error} When public key format is invalid, including raw coordinates (64 bytes)
+     * @throws {Error} When decompression of compressed key fails
+     *
+     * @example
+     * ```typescript
+     * // Compressed key (33 bytes)
+     * const compressed = new Uint8Array(33);
+     * compressed[0] = 0x02;
+     * const uncompressed = provider.normalizeToUncompressed(compressed);
+     * console.log(uncompressed.length); // 65
+     * console.log(uncompressed[0]); // 0x04
+     *
+     * // Already uncompressed (65 bytes)
+     * const already = provider.normalizeToUncompressed(uncompressedKey);
+     * console.log(already === uncompressedKey); // true (returns same reference)
+     *
+     * // Raw coordinates rejected (64 bytes)
+     * const raw = new Uint8Array(64);
+     * provider.normalizeToUncompressed(raw); // Throws error
+     * ```
+     */
+    normalizeToUncompressed(publicKey: Uint8Array): Uint8Array;
+}
+/**
+ * Configures ECIES operation behavior.
+ */
+export interface ECIESOptions {
+    /** Use compressed public keys (33 bytes) instead of uncompressed (65 bytes) */
+    useCompressed?: boolean;
+}
+/**
+ * Represents failures in ECIES cryptographic operations.
+ *
+ * @remarks
+ * Provides specific error codes to help identify and recover from
+ * different failure scenarios.
+ *
+ * @category Errors
+ */
+export declare class ECIESError extends Error {
+    readonly code: "INVALID_KEY" | "ENCRYPTION_FAILED" | "DECRYPTION_FAILED" | "MAC_MISMATCH" | "ECDH_FAILED";
+    readonly cause?: Error | undefined;
+    constructor(message: string, code: "INVALID_KEY" | "ENCRYPTION_FAILED" | "DECRYPTION_FAILED" | "MAC_MISMATCH" | "ECDH_FAILED", cause?: Error | undefined);
+}
+/**
+ * Validates if an object conforms to the ECIESEncrypted structure.
+ *
+ * @param obj - Object to validate.
+ * @returns `true` if object is a valid ECIESEncrypted structure.
+ *
+ * @example
+ * ```typescript
+ * if (isECIESEncrypted(data)) {
+ *   const decrypted = await provider.decrypt(privateKey, data);
+ * }
+ * ```
+ */
+export declare function isECIESEncrypted(obj: unknown): obj is ECIESEncrypted;
+/**
+ * Serializes ECIESEncrypted to hex string for storage or transmission.
+ *
+ * @param encrypted - Encrypted data structure from `encrypt()`.
+ * @returns Hex string representation.
+ *
+ * @example
+ * ```typescript
+ * const hexString = serializeECIES(encrypted);
+ * // Store hexString in database or send over network
+ * ```
+ */
+export declare function serializeECIES(encrypted: ECIESEncrypted): string;
+/**
+ * Deserializes hex string to ECIESEncrypted structure.
+ *
+ * @param hex - Hex string from `serializeECIES()` or storage.
+ * @returns ECIESEncrypted structure ready for decryption.
+ * @throws {ECIESError} When hex string format is invalid.
+ *   Verify the hex string is complete and uncorrupted.
+ *
+ * @example
+ * ```typescript
+ * const encrypted = deserializeECIES(hexString);
+ * const decrypted = await provider.decrypt(privateKey, encrypted);
+ * ```
+ */
+export declare function deserializeECIES(hex: string): ECIESEncrypted;

package/dist/crypto/ecies/interface.js

@@ -0,0 +1,60 @@
+import { CIPHER, CURVE, MAC, FORMAT } from "./constants";
+import { fromHex, toHex } from "viem";
+class ECIESError extends Error {
+  constructor(message, code, cause) {
+    super(message);
+    this.code = code;
+    this.cause = cause;
+    this.name = "ECIESError";
+  }
+}
+function isECIESEncrypted(obj) {
+  if (!obj || typeof obj !== "object") return false;
+  const enc = obj;
+  const isUint8Array = (value) => {
+    return value instanceof Uint8Array || typeof Buffer !== "undefined" && Buffer.isBuffer(value);
+  };
+  return isUint8Array(enc.iv) && enc.iv.length === CIPHER.IV_LENGTH && isUint8Array(enc.ephemPublicKey) && (enc.ephemPublicKey.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH || enc.ephemPublicKey.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) && isUint8Array(enc.ciphertext) && enc.ciphertext.length > 0 && isUint8Array(enc.mac) && enc.mac.length === MAC.LENGTH;
+}
+function serializeECIES(encrypted) {
+  const combined = new Uint8Array(
+    encrypted.iv.length + encrypted.ephemPublicKey.length + encrypted.ciphertext.length + encrypted.mac.length
+  );
+  let offset = 0;
+  combined.set(encrypted.iv, offset);
+  offset += encrypted.iv.length;
+  combined.set(encrypted.ephemPublicKey, offset);
+  offset += encrypted.ephemPublicKey.length;
+  combined.set(encrypted.ciphertext, offset);
+  offset += encrypted.ciphertext.length;
+  combined.set(encrypted.mac, offset);
+  return toHex(combined).slice(2);
+}
+function deserializeECIES(hex) {
+  const hexWithPrefix = hex.startsWith("0x") ? hex : `0x${hex}`;
+  const bytes = fromHex(hexWithPrefix, "bytes");
+  const ephemKeySize = bytes[FORMAT.EPHEMERAL_KEY_OFFSET] === CURVE.PREFIX.UNCOMPRESSED ? CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH : CURVE.COMPRESSED_PUBLIC_KEY_LENGTH;
+  const minLength = FORMAT.IV_LENGTH + ephemKeySize + MAC.LENGTH + 1;
+  if (bytes.length < minLength) {
+    throw new ECIESError("Invalid ECIES data: too short", "DECRYPTION_FAILED");
+  }
+  return {
+    iv: bytes.subarray(FORMAT.IV_OFFSET, FORMAT.IV_OFFSET + FORMAT.IV_LENGTH),
+    ephemPublicKey: bytes.subarray(
+      FORMAT.EPHEMERAL_KEY_OFFSET,
+      FORMAT.EPHEMERAL_KEY_OFFSET + ephemKeySize
+    ),
+    ciphertext: bytes.subarray(
+      FORMAT.EPHEMERAL_KEY_OFFSET + ephemKeySize,
+      bytes.length - MAC.LENGTH
+    ),
+    mac: bytes.subarray(bytes.length - MAC.LENGTH)
+  };
+}
+export {
+  ECIESError,
+  deserializeECIES,
+  isECIESEncrypted,
+  serializeECIES
+};
+//# sourceMappingURL=interface.js.map

package/dist/crypto/ecies/interface.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/crypto/ecies/interface.ts"],"sourcesContent":["/**\n * ECIES (Elliptic Curve Integrated Encryption Scheme) Interface\n *\n * @remarks\n * Defines the contract for platform-specific ECIES implementations.\n * All implementations maintain compatibility with the eccrypto format to ensure\n * backward compatibility with existing encrypted data.\n *\n * **Format specification:**\n * `[iv (16 bytes)][ephemPublicKey (65 bytes)][ciphertext (variable)][mac (32 bytes)]`\n *\n * @category Cryptography\n */\n\nimport { CIPHER, CURVE, MAC, FORMAT } from \"./constants\";\nimport { fromHex, toHex } from \"viem\";\n\n/**\n * Represents ECIES encrypted data in eccrypto-compatible format.\n *\n * @remarks\n * This structure maintains backward compatibility with data encrypted using\n * the legacy eccrypto library.\n */\nexport interface ECIESEncrypted {\n  /** Initialization vector (16 bytes) */\n  iv: Uint8Array;\n  /** Ephemeral public key (65 bytes uncompressed) */\n  ephemPublicKey: Uint8Array;\n  /** Encrypted data */\n  ciphertext: Uint8Array;\n  /** Message authentication code (32 bytes) */\n  mac: Uint8Array;\n}\n\n/**\n * Provides ECIES encryption and decryption operations.\n *\n * @remarks\n * Platform-specific implementations handle the underlying cryptographic primitives\n * while maintaining consistent data format across environments.\n *\n * @category Cryptography\n */\nexport interface ECIESProvider {\n  /**\n   * Encrypts data using ECIES with secp256k1.\n   *\n   * @param publicKey - Recipient's public key (65 bytes uncompressed or 33 bytes compressed).\n   *   Obtain via `vana.server.getIdentity(userAddress).public_key`.\n   * @param message - Data to encrypt.\n   * @returns Encrypted data structure compatible with eccrypto format.\n   * @throws {ECIESError} When public key is invalid.\n   *   Verify key format matches secp256k1 requirements.\n   *\n   * @example\n   * ```typescript\n   * const encrypted = await provider.encrypt(\n   *   fromHex(publicKey, 'bytes'),\n   *   new TextEncoder().encode('sensitive data')\n   * );\n   * ```\n   */\n  encrypt(publicKey: Uint8Array, message: Uint8Array): Promise<ECIESEncrypted>;\n\n  /**\n   * Decrypts ECIES encrypted data.\n   *\n   * @param privateKey - Recipient's private key (32 bytes).\n   * @param encrypted - Encrypted data structure from `encrypt()` or legacy eccrypto.\n   * @returns Decrypted message as Uint8Array.\n   * @throws {ECIESError} When MAC verification fails.\n   *   Ensure the private key matches the public key used for encryption.\n   *\n   * @example\n   * ```typescript\n   * const decrypted = await provider.decrypt(\n   *   fromHex(privateKey, 'bytes'),\n   *   encrypted\n   * );\n   * const message = new TextDecoder().decode(decrypted);\n   * ```\n   */\n  decrypt(\n    privateKey: Uint8Array,\n    encrypted: ECIESEncrypted,\n  ): Promise<Uint8Array>;\n\n  /**\n   * Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).\n   *\n   * @remarks\n   * Strict policy: Only accepts properly formatted compressed (33 bytes) or\n   * uncompressed (65 bytes) public keys. Does not accept 64-byte raw coordinates\n   * to ensure data integrity and prevent masking of malformed inputs.\n   *\n   * @param publicKey - Public key in compressed or uncompressed format\n   * @returns Normalized uncompressed public key (65 bytes with 0x04 prefix)\n   * @throws {Error} When public key format is invalid, including raw coordinates (64 bytes)\n   * @throws {Error} When decompression of compressed key fails\n   *\n   * @example\n   * ```typescript\n   * // Compressed key (33 bytes)\n   * const compressed = new Uint8Array(33);\n   * compressed[0] = 0x02;\n   * const uncompressed = provider.normalizeToUncompressed(compressed);\n   * console.log(uncompressed.length); // 65\n   * console.log(uncompressed[0]); // 0x04\n   *\n   * // Already uncompressed (65 bytes)\n   * const already = provider.normalizeToUncompressed(uncompressedKey);\n   * console.log(already === uncompressedKey); // true (returns same reference)\n   *\n   * // Raw coordinates rejected (64 bytes)\n   * const raw = new Uint8Array(64);\n   * provider.normalizeToUncompressed(raw); // Throws error\n   * ```\n   */\n  normalizeToUncompressed(publicKey: Uint8Array): Uint8Array;\n}\n\n/**\n * Configures ECIES operation behavior.\n */\nexport interface ECIESOptions {\n  /** Use compressed public keys (33 bytes) instead of uncompressed (65 bytes) */\n  useCompressed?: boolean;\n}\n\n/**\n * Represents failures in ECIES cryptographic operations.\n *\n * @remarks\n * Provides specific error codes to help identify and recover from\n * different failure scenarios.\n *\n * @category Errors\n */\nexport class ECIESError extends Error {\n  constructor(\n    message: string,\n    public readonly code:\n      | \"INVALID_KEY\"\n      | \"ENCRYPTION_FAILED\"\n      | \"DECRYPTION_FAILED\"\n      | \"MAC_MISMATCH\"\n      | \"ECDH_FAILED\",\n    public override readonly cause?: Error,\n  ) {\n    super(message);\n    this.name = \"ECIESError\";\n  }\n}\n\n/**\n * Validates if an object conforms to the ECIESEncrypted structure.\n *\n * @param obj - Object to validate.\n * @returns `true` if object is a valid ECIESEncrypted structure.\n *\n * @example\n * ```typescript\n * if (isECIESEncrypted(data)) {\n *   const decrypted = await provider.decrypt(privateKey, data);\n * }\n * ```\n */\nexport function isECIESEncrypted(obj: unknown): obj is ECIESEncrypted {\n  if (!obj || typeof obj !== \"object\") return false;\n  const enc = obj as Record<string, unknown>;\n\n  const isUint8Array = (value: unknown): value is Uint8Array => {\n    return (\n      value instanceof Uint8Array ||\n      (typeof Buffer !== \"undefined\" && Buffer.isBuffer(value))\n    );\n  };\n\n  return (\n    isUint8Array(enc.iv) &&\n    enc.iv.length === CIPHER.IV_LENGTH &&\n    isUint8Array(enc.ephemPublicKey) &&\n    (enc.ephemPublicKey.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH ||\n      enc.ephemPublicKey.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) &&\n    isUint8Array(enc.ciphertext) &&\n    enc.ciphertext.length > 0 &&\n    isUint8Array(enc.mac) &&\n    enc.mac.length === MAC.LENGTH\n  );\n}\n\n/**\n * Serializes ECIESEncrypted to hex string for storage or transmission.\n *\n * @param encrypted - Encrypted data structure from `encrypt()`.\n * @returns Hex string representation.\n *\n * @example\n * ```typescript\n * const hexString = serializeECIES(encrypted);\n * // Store hexString in database or send over network\n * ```\n */\nexport function serializeECIES(encrypted: ECIESEncrypted): string {\n  const combined = new Uint8Array(\n    encrypted.iv.length +\n      encrypted.ephemPublicKey.length +\n      encrypted.ciphertext.length +\n      encrypted.mac.length,\n  );\n\n  let offset = 0;\n  combined.set(encrypted.iv, offset);\n  offset += encrypted.iv.length;\n  combined.set(encrypted.ephemPublicKey, offset);\n  offset += encrypted.ephemPublicKey.length;\n  combined.set(encrypted.ciphertext, offset);\n  offset += encrypted.ciphertext.length;\n  combined.set(encrypted.mac, offset);\n\n  return toHex(combined).slice(2);\n}\n\n/**\n * Deserializes hex string to ECIESEncrypted structure.\n *\n * @param hex - Hex string from `serializeECIES()` or storage.\n * @returns ECIESEncrypted structure ready for decryption.\n * @throws {ECIESError} When hex string format is invalid.\n *   Verify the hex string is complete and uncorrupted.\n *\n * @example\n * ```typescript\n * const encrypted = deserializeECIES(hexString);\n * const decrypted = await provider.decrypt(privateKey, encrypted);\n * ```\n */\nexport function deserializeECIES(hex: string): ECIESEncrypted {\n  const hexWithPrefix = hex.startsWith(\"0x\") ? hex : `0x${hex}`;\n  const bytes = fromHex(hexWithPrefix as `0x${string}`, \"bytes\");\n\n  // Determine ephemPublicKey size based on prefix\n  const ephemKeySize =\n    bytes[FORMAT.EPHEMERAL_KEY_OFFSET] === CURVE.PREFIX.UNCOMPRESSED\n      ? CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH\n      : CURVE.COMPRESSED_PUBLIC_KEY_LENGTH;\n\n  const minLength = FORMAT.IV_LENGTH + ephemKeySize + MAC.LENGTH + 1; // +1 for at least 1 byte of ciphertext\n  if (bytes.length < minLength) {\n    throw new ECIESError(\"Invalid ECIES data: too short\", \"DECRYPTION_FAILED\");\n  }\n\n  return {\n    iv: bytes.subarray(FORMAT.IV_OFFSET, FORMAT.IV_OFFSET + FORMAT.IV_LENGTH),\n    ephemPublicKey: bytes.subarray(\n      FORMAT.EPHEMERAL_KEY_OFFSET,\n      FORMAT.EPHEMERAL_KEY_OFFSET + ephemKeySize,\n    ),\n    ciphertext: bytes.subarray(\n      FORMAT.EPHEMERAL_KEY_OFFSET + ephemKeySize,\n      bytes.length - MAC.LENGTH,\n    ),\n    mac: bytes.subarray(bytes.length - MAC.LENGTH),\n  };\n}\n"],"mappings":"AAcA,SAAS,QAAQ,OAAO,KAAK,cAAc;AAC3C,SAAS,SAAS,aAAa;AA4HxB,MAAM,mBAAmB,MAAM;AAAA,EACpC,YACE,SACgB,MAMS,OACzB;AACA,UAAM,OAAO;AARG;AAMS;AAGzB,SAAK,OAAO;AAAA,EACd;AACF;AAeO,SAAS,iBAAiB,KAAqC;AACpE,MAAI,CAAC,OAAO,OAAO,QAAQ,SAAU,QAAO;AAC5C,QAAM,MAAM;AAEZ,QAAM,eAAe,CAAC,UAAwC;AAC5D,WACE,iBAAiB,cAChB,OAAO,WAAW,eAAe,OAAO,SAAS,KAAK;AAAA,EAE3D;AAEA,SACE,aAAa,IAAI,EAAE,KACnB,IAAI,GAAG,WAAW,OAAO,aACzB,aAAa,IAAI,cAAc,MAC9B,IAAI,eAAe,WAAW,MAAM,kCACnC,IAAI,eAAe,WAAW,MAAM,iCACtC,aAAa,IAAI,UAAU,KAC3B,IAAI,WAAW,SAAS,KACxB,aAAa,IAAI,GAAG,KACpB,IAAI,IAAI,WAAW,IAAI;AAE3B;AAcO,SAAS,eAAe,WAAmC;AAChE,QAAM,WAAW,IAAI;AAAA,IACnB,UAAU,GAAG,SACX,UAAU,eAAe,SACzB,UAAU,WAAW,SACrB,UAAU,IAAI;AAAA,EAClB;AAEA,MAAI,SAAS;AACb,WAAS,IAAI,UAAU,IAAI,MAAM;AACjC,YAAU,UAAU,GAAG;AACvB,WAAS,IAAI,UAAU,gBAAgB,MAAM;AAC7C,YAAU,UAAU,eAAe;AACnC,WAAS,IAAI,UAAU,YAAY,MAAM;AACzC,YAAU,UAAU,WAAW;AAC/B,WAAS,IAAI,UAAU,KAAK,MAAM;AAElC,SAAO,MAAM,QAAQ,EAAE,MAAM,CAAC;AAChC;AAgBO,SAAS,iBAAiB,KAA6B;AAC5D,QAAM,gBAAgB,IAAI,WAAW,IAAI,IAAI,MAAM,KAAK,GAAG;AAC3D,QAAM,QAAQ,QAAQ,eAAgC,OAAO;AAG7D,QAAM,eACJ,MAAM,OAAO,oBAAoB,MAAM,MAAM,OAAO,eAChD,MAAM,iCACN,MAAM;AAEZ,QAAM,YAAY,OAAO,YAAY,eAAe,IAAI,SAAS;AACjE,MAAI,MAAM,SAAS,WAAW;AAC5B,UAAM,IAAI,WAAW,iCAAiC,mBAAmB;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI,MAAM,SAAS,OAAO,WAAW,OAAO,YAAY,OAAO,SAAS;AAAA,IACxE,gBAAgB,MAAM;AAAA,MACpB,OAAO;AAAA,MACP,OAAO,uBAAuB;AAAA,IAChC;AAAA,IACA,YAAY,MAAM;AAAA,MAChB,OAAO,uBAAuB;AAAA,MAC9B,MAAM,SAAS,IAAI;AAAA,IACrB;AAAA,IACA,KAAK,MAAM,SAAS,MAAM,SAAS,IAAI,MAAM;AAAA,EAC/C;AACF;","names":[]}