@opendatalabs/vana-sdk 0.1.0-alpha.ffe4659 → 2.1.0

package/dist/crypto/ecies/base.cjs

@@ -0,0 +1,245 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var base_exports = {};
+__export(base_exports, {
+  BaseECIESUint8: () => BaseECIESUint8
+});
+module.exports = __toCommonJS(base_exports);
+var import_interface = require("./interface");
+var import_constants = require("./constants");
+var import_utils = require("./utils");
+var import_viem = require("viem");
+class BaseECIESUint8 {
+  // Cache for validated public keys to avoid repeated validation
+  static validatedKeys = /* @__PURE__ */ new WeakMap();
+  /**
+   * Normalizes a public key to uncompressed format.
+   *
+   * @param publicKey - Public key in any format.
+   * @returns Uncompressed public key (65 bytes).
+   * @throws {ECIESError} If key format is invalid.
+   */
+  normalizePublicKey(publicKey) {
+    if (BaseECIESUint8.validatedKeys.has(publicKey)) {
+      return publicKey;
+    }
+    if (publicKey.length === import_constants.CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH) {
+      if (publicKey[0] !== import_constants.CURVE.PREFIX.UNCOMPRESSED) {
+        throw new import_interface.ECIESError(
+          "Invalid uncompressed public key prefix",
+          "INVALID_KEY"
+        );
+      }
+      if (!this.validatePublicKey(publicKey)) {
+        throw new import_interface.ECIESError("Invalid public key", "INVALID_KEY");
+      }
+      BaseECIESUint8.validatedKeys.set(publicKey, true);
+      return publicKey;
+    }
+    if (publicKey.length === import_constants.CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) {
+      const decompressed = this.decompressPublicKey(publicKey);
+      if (!decompressed) {
+        throw new import_interface.ECIESError("Failed to decompress public key", "INVALID_KEY");
+      }
+      BaseECIESUint8.validatedKeys.set(decompressed, true);
+      return decompressed;
+    }
+    throw new import_interface.ECIESError(
+      `Invalid public key length: ${publicKey.length}`,
+      "INVALID_KEY"
+    );
+  }
+  /**
+   * Encrypts data using ECIES.
+   *
+   * @param publicKey - The recipient's public key (compressed or uncompressed)
+   * @param message - The data to encrypt
+   * @returns Promise resolving to encrypted data structure
+   */
+  async encrypt(publicKey, message) {
+    try {
+      if (!(publicKey instanceof Uint8Array)) {
+        throw new import_interface.ECIESError("Public key must be a Uint8Array", "INVALID_KEY");
+      }
+      if (!(message instanceof Uint8Array)) {
+        throw new import_interface.ECIESError(
+          "Message must be a Uint8Array",
+          "ENCRYPTION_FAILED"
+        );
+      }
+      if (publicKey.length === 0) {
+        throw new import_interface.ECIESError("Public key cannot be empty", "INVALID_KEY");
+      }
+      const pubKey = this.normalizePublicKey(publicKey);
+      let ephemeralPrivateKey;
+      do {
+        ephemeralPrivateKey = this.generateRandomBytes(
+          import_constants.CURVE.PRIVATE_KEY_LENGTH
+        );
+      } while (!this.verifyPrivateKey(ephemeralPrivateKey));
+      const ephemeralPublicKey = this.createPublicKey(
+        ephemeralPrivateKey,
+        false
+      );
+      if (!ephemeralPublicKey) {
+        throw new import_interface.ECIESError(
+          "Failed to generate ephemeral public key",
+          "ENCRYPTION_FAILED"
+        );
+      }
+      const sharedSecret = this.performECDH(pubKey, ephemeralPrivateKey);
+      const kdf = this.sha512(sharedSecret);
+      const encryptionKey = kdf.slice(
+        import_constants.KDF.ENCRYPTION_KEY_OFFSET,
+        import_constants.KDF.ENCRYPTION_KEY_OFFSET + import_constants.KDF.ENCRYPTION_KEY_LENGTH
+      );
+      const macKey = kdf.slice(
+        import_constants.KDF.MAC_KEY_OFFSET,
+        import_constants.KDF.MAC_KEY_OFFSET + import_constants.KDF.MAC_KEY_LENGTH
+      );
+      const iv = this.generateRandomBytes(import_constants.CIPHER.IV_LENGTH);
+      const ciphertext = await this.aesEncrypt(encryptionKey, iv, message);
+      const macData = (0, import_viem.concat)([iv, ephemeralPublicKey, ciphertext]);
+      const mac = this.hmacSha256(macKey, macData);
+      this.clearBuffer(ephemeralPrivateKey);
+      this.clearBuffer(sharedSecret);
+      this.clearBuffer(kdf);
+      return {
+        iv,
+        ephemPublicKey: ephemeralPublicKey,
+        ciphertext,
+        mac
+      };
+    } catch (error) {
+      if (error instanceof import_interface.ECIESError) throw error;
+      throw new import_interface.ECIESError(
+        `Encryption failed: ${error instanceof Error ? error.message : "Unknown error"}`,
+        "ENCRYPTION_FAILED",
+        error instanceof Error ? error : void 0
+      );
+    }
+  }
+  /**
+   * Decrypts ECIES encrypted data.
+   *
+   * @param privateKey - The recipient's private key (32 bytes)
+   * @param encrypted - The encrypted data structure from encrypt()
+   * @returns Promise resolving to the original plaintext
+   */
+  async decrypt(privateKey, encrypted) {
+    try {
+      if (!(privateKey instanceof Uint8Array)) {
+        throw new import_interface.ECIESError("Private key must be a Uint8Array", "INVALID_KEY");
+      }
+      if (!(0, import_interface.isECIESEncrypted)(encrypted)) {
+        throw new import_interface.ECIESError(
+          "Invalid encrypted data structure",
+          "DECRYPTION_FAILED"
+        );
+      }
+      if (privateKey.length !== import_constants.CURVE.PRIVATE_KEY_LENGTH) {
+        throw new import_interface.ECIESError(
+          `Invalid private key length: ${privateKey.length}`,
+          "INVALID_KEY"
+        );
+      }
+      if (!this.verifyPrivateKey(privateKey)) {
+        throw new import_interface.ECIESError("Invalid private key", "INVALID_KEY");
+      }
+      if (encrypted.ephemPublicKey.length !== import_constants.CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH) {
+        throw new import_interface.ECIESError(
+          `Invalid ephemeral public key: expected ${import_constants.CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH} bytes (uncompressed), got ${encrypted.ephemPublicKey.length} bytes`,
+          "INVALID_KEY"
+        );
+      }
+      if (encrypted.ephemPublicKey[0] !== import_constants.CURVE.PREFIX.UNCOMPRESSED) {
+        throw new import_interface.ECIESError(
+          "Invalid ephemeral public key: must be uncompressed format with 0x04 prefix (eccrypto standard)",
+          "INVALID_KEY"
+        );
+      }
+      if (!this.validatePublicKey(encrypted.ephemPublicKey)) {
+        throw new import_interface.ECIESError("Invalid ephemeral public key", "INVALID_KEY");
+      }
+      const ephemeralPublicKey = encrypted.ephemPublicKey;
+      const sharedSecret = this.performECDH(ephemeralPublicKey, privateKey);
+      const kdf = this.sha512(sharedSecret);
+      const encryptionKey = kdf.slice(
+        import_constants.KDF.ENCRYPTION_KEY_OFFSET,
+        import_constants.KDF.ENCRYPTION_KEY_OFFSET + import_constants.KDF.ENCRYPTION_KEY_LENGTH
+      );
+      const macKey = kdf.slice(
+        import_constants.KDF.MAC_KEY_OFFSET,
+        import_constants.KDF.MAC_KEY_OFFSET + import_constants.KDF.MAC_KEY_LENGTH
+      );
+      const macData = (0, import_viem.concat)([
+        encrypted.iv,
+        encrypted.ephemPublicKey,
+        encrypted.ciphertext
+      ]);
+      const expectedMac = this.hmacSha256(macKey, macData);
+      if (!(0, import_utils.constantTimeEqual)(encrypted.mac, expectedMac)) {
+        throw new import_interface.ECIESError("MAC verification failed", "MAC_MISMATCH");
+      }
+      const decrypted = await this.aesDecrypt(
+        encryptionKey,
+        encrypted.iv,
+        encrypted.ciphertext
+      );
+      this.clearBuffer(sharedSecret);
+      this.clearBuffer(kdf);
+      return decrypted;
+    } catch (error) {
+      if (error instanceof import_interface.ECIESError) throw error;
+      throw new import_interface.ECIESError(
+        `Decryption failed: ${error instanceof Error ? error.message : "Unknown error"}`,
+        "DECRYPTION_FAILED",
+        error instanceof Error ? error : void 0
+      );
+    }
+  }
+  /**
+   * Clears sensitive data from memory using multi-pass overwrite.
+   *
+   * @remarks
+   * Uses multiple passes with different patterns to make it harder
+   * for JIT compilers to optimize away the operation. While not
+   * guaranteed in JavaScript, this is a best-effort approach to
+   * clear sensitive data from memory.
+   *
+   * @param buffer - The buffer to clear
+   */
+  clearBuffer(buffer) {
+    if (buffer && buffer.length > 0) {
+      buffer.fill(0);
+      buffer.fill(255);
+      buffer.fill(170);
+      buffer.fill(0);
+      for (let i = 0; i < buffer.length; i++) {
+        buffer[i] = i & 255 ^ 90;
+      }
+      buffer.fill(0);
+    }
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  BaseECIESUint8
+});
+//# sourceMappingURL=base.cjs.map

package/dist/crypto/ecies/base.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/crypto/ecies/base.ts"],"sourcesContent":["import type { ECIESProvider, ECIESEncrypted } from \"./interface\";\nimport { ECIESError, isECIESEncrypted } from \"./interface\";\nimport { CURVE, CIPHER, KDF } from \"./constants\";\nimport { constantTimeEqual } from \"./utils\";\nimport { concat } from \"viem\";\n\n/**\n * Provides shared ECIES encryption logic across platforms using Uint8Array.\n *\n * @remarks\n * Platform implementations extend this class and provide crypto primitives.\n * The base class handles the ECIES protocol flow while maintaining\n * compatibility with the eccrypto data format.\n *\n * **Implementation details:**\n * - KDF: SHA-512(shared_secret) → encKey (32B) || macKey (32B)\n * - Cipher: AES-256-CBC with random 16-byte IV\n * - MAC: HMAC-SHA256(macKey, iv || ephemPublicKey || ciphertext)\n *\n * @category Cryptography\n */\nexport abstract class BaseECIESUint8 implements ECIESProvider {\n  // Cache for validated public keys to avoid repeated validation\n  private static readonly validatedKeys = new WeakMap<Uint8Array, boolean>();\n\n  /**\n   * Generates cryptographically secure random bytes.\n   *\n   * @param length - Number of random bytes to generate.\n   * @returns Random bytes array.\n   */\n  protected abstract generateRandomBytes(length: number): Uint8Array;\n\n  /**\n   * Verifies a private key is valid for secp256k1.\n   *\n   * @param privateKey - Private key to verify (32 bytes).\n   * @returns `true` if valid private key.\n   */\n  protected abstract verifyPrivateKey(privateKey: Uint8Array): boolean;\n\n  /**\n   * Creates a public key from a private key.\n   *\n   * @param privateKey - Source private key (32 bytes).\n   * @param compressed - Generate compressed (33B) or uncompressed (65B) format.\n   * @returns Public key or `null` if creation failed.\n   */\n  protected abstract createPublicKey(\n    privateKey: Uint8Array,\n    compressed: boolean,\n  ): Uint8Array | null;\n\n  /**\n   * Validates a public key on the secp256k1 curve.\n   *\n   * @param publicKey - Public key to validate.\n   * @returns `true` if valid public key.\n   */\n  protected abstract validatePublicKey(publicKey: Uint8Array): boolean;\n\n  /**\n   * Decompresses a compressed public key.\n   *\n   * @param publicKey - Compressed public key (33 bytes).\n   * @returns Uncompressed public key (65 bytes) or `null` if decompression failed.\n   */\n  protected abstract decompressPublicKey(\n    publicKey: Uint8Array,\n  ): Uint8Array | null;\n\n  /**\n   * Performs ECDH key agreement.\n   *\n   * @param publicKey - Other party's public key.\n   * @param privateKey - Your private key.\n   * @returns Raw X coordinate of shared point (32 bytes).\n   */\n  protected abstract performECDH(\n    publicKey: Uint8Array,\n    privateKey: Uint8Array,\n  ): Uint8Array;\n\n  /**\n   * Computes SHA-512 hash.\n   *\n   * @param data - Data to hash.\n   * @returns SHA-512 hash (64 bytes).\n   */\n  protected abstract sha512(data: Uint8Array): Uint8Array;\n\n  /**\n   * Computes HMAC-SHA256 authentication tag.\n   *\n   * @param key - HMAC key.\n   * @param data - Data to authenticate.\n   * @returns HMAC-SHA256 (32 bytes).\n   */\n  protected abstract hmacSha256(key: Uint8Array, data: Uint8Array): Uint8Array;\n\n  /**\n   * Encrypts data using AES-256-CBC.\n   *\n   * @param key - Encryption key (32 bytes).\n   * @param iv - Initialization vector (16 bytes).\n   * @param plaintext - Data to encrypt.\n   * @returns Ciphertext with PKCS#7 padding.\n   */\n  protected abstract aesEncrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    plaintext: Uint8Array,\n  ): Promise<Uint8Array>;\n\n  /**\n   * Decrypts data using AES-256-CBC.\n   *\n   * @param key - Decryption key (32 bytes).\n   * @param iv - Initialization vector (16 bytes).\n   * @param ciphertext - Data to decrypt.\n   * @returns Plaintext with padding removed.\n   */\n  protected abstract aesDecrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    ciphertext: Uint8Array,\n  ): Promise<Uint8Array>;\n\n  /**\n   * Normalizes a public key to uncompressed format.\n   *\n   * @param publicKey - Public key in any format.\n   * @returns Uncompressed public key (65 bytes).\n   * @throws {ECIESError} If key format is invalid.\n   */\n  protected normalizePublicKey(publicKey: Uint8Array): Uint8Array {\n    // Check cache first\n    if (BaseECIESUint8.validatedKeys.has(publicKey)) {\n      return publicKey;\n    }\n\n    if (publicKey.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH) {\n      if (publicKey[0] !== CURVE.PREFIX.UNCOMPRESSED) {\n        throw new ECIESError(\n          \"Invalid uncompressed public key prefix\",\n          \"INVALID_KEY\",\n        );\n      }\n      // Validate and cache\n      if (!this.validatePublicKey(publicKey)) {\n        throw new ECIESError(\"Invalid public key\", \"INVALID_KEY\");\n      }\n      BaseECIESUint8.validatedKeys.set(publicKey, true);\n      return publicKey;\n    }\n\n    if (publicKey.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) {\n      const decompressed = this.decompressPublicKey(publicKey);\n      if (!decompressed) {\n        throw new ECIESError(\"Failed to decompress public key\", \"INVALID_KEY\");\n      }\n      // Cache the decompressed key\n      BaseECIESUint8.validatedKeys.set(decompressed, true);\n      return decompressed;\n    }\n\n    throw new ECIESError(\n      `Invalid public key length: ${publicKey.length}`,\n      \"INVALID_KEY\",\n    );\n  }\n\n  /**\n   * Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).\n   * Must be implemented by derived classes to handle platform-specific operations.\n   *\n   * @param publicKey - The public key to normalize\n   * @returns The normalized uncompressed public key\n   */\n  public abstract normalizeToUncompressed(publicKey: Uint8Array): Uint8Array;\n\n  /**\n   * Encrypts data using ECIES.\n   *\n   * @param publicKey - The recipient's public key (compressed or uncompressed)\n   * @param message - The data to encrypt\n   * @returns Promise resolving to encrypted data structure\n   */\n  async encrypt(\n    publicKey: Uint8Array,\n    message: Uint8Array,\n  ): Promise<ECIESEncrypted> {\n    try {\n      // Validate inputs\n      if (!(publicKey instanceof Uint8Array)) {\n        throw new ECIESError(\"Public key must be a Uint8Array\", \"INVALID_KEY\");\n      }\n      if (!(message instanceof Uint8Array)) {\n        throw new ECIESError(\n          \"Message must be a Uint8Array\",\n          \"ENCRYPTION_FAILED\",\n        );\n      }\n      if (publicKey.length === 0) {\n        throw new ECIESError(\"Public key cannot be empty\", \"INVALID_KEY\");\n      }\n\n      // Normalize public key to uncompressed format\n      const pubKey = this.normalizePublicKey(publicKey);\n\n      // Generate ephemeral key pair\n      let ephemeralPrivateKey: Uint8Array;\n      do {\n        ephemeralPrivateKey = this.generateRandomBytes(\n          CURVE.PRIVATE_KEY_LENGTH,\n        );\n      } while (!this.verifyPrivateKey(ephemeralPrivateKey));\n\n      const ephemeralPublicKey = this.createPublicKey(\n        ephemeralPrivateKey,\n        false,\n      );\n      if (!ephemeralPublicKey) {\n        throw new ECIESError(\n          \"Failed to generate ephemeral public key\",\n          \"ENCRYPTION_FAILED\",\n        );\n      }\n\n      // Perform ECDH to get shared secret (raw X coordinate)\n      const sharedSecret = this.performECDH(pubKey, ephemeralPrivateKey);\n\n      // Derive keys using SHA-512 (eccrypto-compatible KDF)\n      const kdf = this.sha512(sharedSecret);\n      const encryptionKey = kdf.slice(\n        KDF.ENCRYPTION_KEY_OFFSET,\n        KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH,\n      );\n      const macKey = kdf.slice(\n        KDF.MAC_KEY_OFFSET,\n        KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH,\n      );\n\n      // Generate random IV and encrypt\n      const iv = this.generateRandomBytes(CIPHER.IV_LENGTH);\n      const ciphertext = await this.aesEncrypt(encryptionKey, iv, message);\n\n      // Calculate MAC (Encrypt-then-MAC)\n      const macData = concat([iv, ephemeralPublicKey, ciphertext]);\n      const mac = this.hmacSha256(macKey, macData);\n\n      // Clear sensitive data\n      this.clearBuffer(ephemeralPrivateKey);\n      this.clearBuffer(sharedSecret);\n      this.clearBuffer(kdf);\n\n      return {\n        iv,\n        ephemPublicKey: ephemeralPublicKey,\n        ciphertext,\n        mac,\n      };\n    } catch (error) {\n      if (error instanceof ECIESError) throw error;\n      throw new ECIESError(\n        `Encryption failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n        \"ENCRYPTION_FAILED\",\n        error instanceof Error ? error : undefined,\n      );\n    }\n  }\n\n  /**\n   * Decrypts ECIES encrypted data.\n   *\n   * @param privateKey - The recipient's private key (32 bytes)\n   * @param encrypted - The encrypted data structure from encrypt()\n   * @returns Promise resolving to the original plaintext\n   */\n  async decrypt(\n    privateKey: Uint8Array,\n    encrypted: ECIESEncrypted,\n  ): Promise<Uint8Array> {\n    try {\n      // Validate inputs\n      if (!(privateKey instanceof Uint8Array)) {\n        throw new ECIESError(\"Private key must be a Uint8Array\", \"INVALID_KEY\");\n      }\n      if (!isECIESEncrypted(encrypted)) {\n        throw new ECIESError(\n          \"Invalid encrypted data structure\",\n          \"DECRYPTION_FAILED\",\n        );\n      }\n      if (privateKey.length !== CURVE.PRIVATE_KEY_LENGTH) {\n        throw new ECIESError(\n          `Invalid private key length: ${privateKey.length}`,\n          \"INVALID_KEY\",\n        );\n      }\n      if (!this.verifyPrivateKey(privateKey)) {\n        throw new ECIESError(\"Invalid private key\", \"INVALID_KEY\");\n      }\n\n      // Strict validation: ephemeral keys must be 65-byte uncompressed (eccrypto standard)\n      if (\n        encrypted.ephemPublicKey.length !== CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH\n      ) {\n        throw new ECIESError(\n          `Invalid ephemeral public key: expected ${CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH} bytes (uncompressed), got ${encrypted.ephemPublicKey.length} bytes`,\n          \"INVALID_KEY\",\n        );\n      }\n      if (encrypted.ephemPublicKey[0] !== CURVE.PREFIX.UNCOMPRESSED) {\n        throw new ECIESError(\n          \"Invalid ephemeral public key: must be uncompressed format with 0x04 prefix (eccrypto standard)\",\n          \"INVALID_KEY\",\n        );\n      }\n      if (!this.validatePublicKey(encrypted.ephemPublicKey)) {\n        throw new ECIESError(\"Invalid ephemeral public key\", \"INVALID_KEY\");\n      }\n      const ephemeralPublicKey = encrypted.ephemPublicKey;\n\n      // Perform ECDH to recover shared secret\n      const sharedSecret = this.performECDH(ephemeralPublicKey, privateKey);\n\n      // Derive keys using SHA-512 (eccrypto-compatible KDF)\n      const kdf = this.sha512(sharedSecret);\n      const encryptionKey = kdf.slice(\n        KDF.ENCRYPTION_KEY_OFFSET,\n        KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH,\n      );\n      const macKey = kdf.slice(\n        KDF.MAC_KEY_OFFSET,\n        KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH,\n      );\n\n      // Verify MAC before decryption (Encrypt-then-MAC)\n      const macData = concat([\n        encrypted.iv,\n        encrypted.ephemPublicKey,\n        encrypted.ciphertext,\n      ]);\n      const expectedMac = this.hmacSha256(macKey, macData);\n\n      if (!constantTimeEqual(encrypted.mac, expectedMac)) {\n        throw new ECIESError(\"MAC verification failed\", \"MAC_MISMATCH\");\n      }\n\n      // Decrypt the ciphertext\n      const decrypted = await this.aesDecrypt(\n        encryptionKey,\n        encrypted.iv,\n        encrypted.ciphertext,\n      );\n\n      // Clear sensitive data\n      this.clearBuffer(sharedSecret);\n      this.clearBuffer(kdf);\n\n      return decrypted;\n    } catch (error) {\n      if (error instanceof ECIESError) throw error;\n      throw new ECIESError(\n        `Decryption failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n        \"DECRYPTION_FAILED\",\n        error instanceof Error ? error : undefined,\n      );\n    }\n  }\n\n  /**\n   * Clears sensitive data from memory using multi-pass overwrite.\n   *\n   * @remarks\n   * Uses multiple passes with different patterns to make it harder\n   * for JIT compilers to optimize away the operation. While not\n   * guaranteed in JavaScript, this is a best-effort approach to\n   * clear sensitive data from memory.\n   *\n   * @param buffer - The buffer to clear\n   */\n  protected clearBuffer(buffer: Uint8Array): void {\n    if (buffer && buffer.length > 0) {\n      // Multi-pass overwrite to resist compiler optimization\n      buffer.fill(0x00); // Fill with zeros\n      buffer.fill(0xff); // Fill with ones\n      buffer.fill(0xaa); // Fill with alternating pattern\n      buffer.fill(0x00); // Final zero fill\n\n      // Additional pattern write to further discourage optimization\n      for (let i = 0; i < buffer.length; i++) {\n        buffer[i] = (i & 0xff) ^ 0x5a; // XOR with pattern\n      }\n      buffer.fill(0x00); // Final clear\n    }\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,uBAA6C;AAC7C,uBAAmC;AACnC,mBAAkC;AAClC,kBAAuB;AAiBhB,MAAe,eAAwC;AAAA;AAAA,EAE5D,OAAwB,gBAAgB,oBAAI,QAA6B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgH/D,mBAAmB,WAAmC;AAE9D,QAAI,eAAe,cAAc,IAAI,SAAS,GAAG;AAC/C,aAAO;AAAA,IACT;AAEA,QAAI,UAAU,WAAW,uBAAM,gCAAgC;AAC7D,UAAI,UAAU,CAAC,MAAM,uBAAM,OAAO,cAAc;AAC9C,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAEA,UAAI,CAAC,KAAK,kBAAkB,SAAS,GAAG;AACtC,cAAM,IAAI,4BAAW,sBAAsB,aAAa;AAAA,MAC1D;AACA,qBAAe,cAAc,IAAI,WAAW,IAAI;AAChD,aAAO;AAAA,IACT;AAEA,QAAI,UAAU,WAAW,uBAAM,8BAA8B;AAC3D,YAAM,eAAe,KAAK,oBAAoB,SAAS;AACvD,UAAI,CAAC,cAAc;AACjB,cAAM,IAAI,4BAAW,mCAAmC,aAAa;AAAA,MACvE;AAEA,qBAAe,cAAc,IAAI,cAAc,IAAI;AACnD,aAAO;AAAA,IACT;AAEA,UAAM,IAAI;AAAA,MACR,8BAA8B,UAAU,MAAM;AAAA,MAC9C;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkBA,MAAM,QACJ,WACA,SACyB;AACzB,QAAI;AAEF,UAAI,EAAE,qBAAqB,aAAa;AACtC,cAAM,IAAI,4BAAW,mCAAmC,aAAa;AAAA,MACvE;AACA,UAAI,EAAE,mBAAmB,aAAa;AACpC,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,UAAU,WAAW,GAAG;AAC1B,cAAM,IAAI,4BAAW,8BAA8B,aAAa;AAAA,MAClE;AAGA,YAAM,SAAS,KAAK,mBAAmB,SAAS;AAGhD,UAAI;AACJ,SAAG;AACD,8BAAsB,KAAK;AAAA,UACzB,uBAAM;AAAA,QACR;AAAA,MACF,SAAS,CAAC,KAAK,iBAAiB,mBAAmB;AAEnD,YAAM,qBAAqB,KAAK;AAAA,QAC9B;AAAA,QACA;AAAA,MACF;AACA,UAAI,CAAC,oBAAoB;AACvB,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAGA,YAAM,eAAe,KAAK,YAAY,QAAQ,mBAAmB;AAGjE,YAAM,MAAM,KAAK,OAAO,YAAY;AACpC,YAAM,gBAAgB,IAAI;AAAA,QACxB,qBAAI;AAAA,QACJ,qBAAI,wBAAwB,qBAAI;AAAA,MAClC;AACA,YAAM,SAAS,IAAI;AAAA,QACjB,qBAAI;AAAA,QACJ,qBAAI,iBAAiB,qBAAI;AAAA,MAC3B;AAGA,YAAM,KAAK,KAAK,oBAAoB,wBAAO,SAAS;AACpD,YAAM,aAAa,MAAM,KAAK,WAAW,eAAe,IAAI,OAAO;AAGnE,YAAM,cAAU,oBAAO,CAAC,IAAI,oBAAoB,UAAU,CAAC;AAC3D,YAAM,MAAM,KAAK,WAAW,QAAQ,OAAO;AAG3C,WAAK,YAAY,mBAAmB;AACpC,WAAK,YAAY,YAAY;AAC7B,WAAK,YAAY,GAAG;AAEpB,aAAO;AAAA,QACL;AAAA,QACA,gBAAgB;AAAA,QAChB;AAAA,QACA;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,UAAI,iBAAiB,4BAAY,OAAM;AACvC,YAAM,IAAI;AAAA,QACR,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,QAC9E;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,QACJ,YACA,WACqB;AACrB,QAAI;AAEF,UAAI,EAAE,sBAAsB,aAAa;AACvC,cAAM,IAAI,4BAAW,oCAAoC,aAAa;AAAA,MACxE;AACA,UAAI,KAAC,mCAAiB,SAAS,GAAG;AAChC,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,WAAW,WAAW,uBAAM,oBAAoB;AAClD,cAAM,IAAI;AAAA,UACR,+BAA+B,WAAW,MAAM;AAAA,UAChD;AAAA,QACF;AAAA,MACF;AACA,UAAI,CAAC,KAAK,iBAAiB,UAAU,GAAG;AACtC,cAAM,IAAI,4BAAW,uBAAuB,aAAa;AAAA,MAC3D;AAGA,UACE,UAAU,eAAe,WAAW,uBAAM,gCAC1C;AACA,cAAM,IAAI;AAAA,UACR,0CAA0C,uBAAM,8BAA8B,8BAA8B,UAAU,eAAe,MAAM;AAAA,UAC3I;AAAA,QACF;AAAA,MACF;AACA,UAAI,UAAU,eAAe,CAAC,MAAM,uBAAM,OAAO,cAAc;AAC7D,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,CAAC,KAAK,kBAAkB,UAAU,cAAc,GAAG;AACrD,cAAM,IAAI,4BAAW,gCAAgC,aAAa;AAAA,MACpE;AACA,YAAM,qBAAqB,UAAU;AAGrC,YAAM,eAAe,KAAK,YAAY,oBAAoB,UAAU;AAGpE,YAAM,MAAM,KAAK,OAAO,YAAY;AACpC,YAAM,gBAAgB,IAAI;AAAA,QACxB,qBAAI;AAAA,QACJ,qBAAI,wBAAwB,qBAAI;AAAA,MAClC;AACA,YAAM,SAAS,IAAI;AAAA,QACjB,qBAAI;AAAA,QACJ,qBAAI,iBAAiB,qBAAI;AAAA,MAC3B;AAGA,YAAM,cAAU,oBAAO;AAAA,QACrB,UAAU;AAAA,QACV,UAAU;AAAA,QACV,UAAU;AAAA,MACZ,CAAC;AACD,YAAM,cAAc,KAAK,WAAW,QAAQ,OAAO;AAEnD,UAAI,KAAC,gCAAkB,UAAU,KAAK,WAAW,GAAG;AAClD,cAAM,IAAI,4BAAW,2BAA2B,cAAc;AAAA,MAChE;AAGA,YAAM,YAAY,MAAM,KAAK;AAAA,QAC3B;AAAA,QACA,UAAU;AAAA,QACV,UAAU;AAAA,MACZ;AAGA,WAAK,YAAY,YAAY;AAC7B,WAAK,YAAY,GAAG;AAEpB,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,iBAAiB,4BAAY,OAAM;AACvC,YAAM,IAAI;AAAA,QACR,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,QAC9E;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaU,YAAY,QAA0B;AAC9C,QAAI,UAAU,OAAO,SAAS,GAAG;AAE/B,aAAO,KAAK,CAAI;AAChB,aAAO,KAAK,GAAI;AAChB,aAAO,KAAK,GAAI;AAChB,aAAO,KAAK,CAAI;AAGhB,eAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACtC,eAAO,CAAC,IAAK,IAAI,MAAQ;AAAA,MAC3B;AACA,aAAO,KAAK,CAAI;AAAA,IAClB;AAAA,EACF;AACF;","names":[]}

package/dist/crypto/ecies/base.d.ts

@@ -0,0 +1,140 @@
+import type { ECIESProvider, ECIESEncrypted } from "./interface";
+/**
+ * Provides shared ECIES encryption logic across platforms using Uint8Array.
+ *
+ * @remarks
+ * Platform implementations extend this class and provide crypto primitives.
+ * The base class handles the ECIES protocol flow while maintaining
+ * compatibility with the eccrypto data format.
+ *
+ * **Implementation details:**
+ * - KDF: SHA-512(shared_secret) → encKey (32B) || macKey (32B)
+ * - Cipher: AES-256-CBC with random 16-byte IV
+ * - MAC: HMAC-SHA256(macKey, iv || ephemPublicKey || ciphertext)
+ *
+ * @category Cryptography
+ */
+export declare abstract class BaseECIESUint8 implements ECIESProvider {
+    private static readonly validatedKeys;
+    /**
+     * Generates cryptographically secure random bytes.
+     *
+     * @param length - Number of random bytes to generate.
+     * @returns Random bytes array.
+     */
+    protected abstract generateRandomBytes(length: number): Uint8Array;
+    /**
+     * Verifies a private key is valid for secp256k1.
+     *
+     * @param privateKey - Private key to verify (32 bytes).
+     * @returns `true` if valid private key.
+     */
+    protected abstract verifyPrivateKey(privateKey: Uint8Array): boolean;
+    /**
+     * Creates a public key from a private key.
+     *
+     * @param privateKey - Source private key (32 bytes).
+     * @param compressed - Generate compressed (33B) or uncompressed (65B) format.
+     * @returns Public key or `null` if creation failed.
+     */
+    protected abstract createPublicKey(privateKey: Uint8Array, compressed: boolean): Uint8Array | null;
+    /**
+     * Validates a public key on the secp256k1 curve.
+     *
+     * @param publicKey - Public key to validate.
+     * @returns `true` if valid public key.
+     */
+    protected abstract validatePublicKey(publicKey: Uint8Array): boolean;
+    /**
+     * Decompresses a compressed public key.
+     *
+     * @param publicKey - Compressed public key (33 bytes).
+     * @returns Uncompressed public key (65 bytes) or `null` if decompression failed.
+     */
+    protected abstract decompressPublicKey(publicKey: Uint8Array): Uint8Array | null;
+    /**
+     * Performs ECDH key agreement.
+     *
+     * @param publicKey - Other party's public key.
+     * @param privateKey - Your private key.
+     * @returns Raw X coordinate of shared point (32 bytes).
+     */
+    protected abstract performECDH(publicKey: Uint8Array, privateKey: Uint8Array): Uint8Array;
+    /**
+     * Computes SHA-512 hash.
+     *
+     * @param data - Data to hash.
+     * @returns SHA-512 hash (64 bytes).
+     */
+    protected abstract sha512(data: Uint8Array): Uint8Array;
+    /**
+     * Computes HMAC-SHA256 authentication tag.
+     *
+     * @param key - HMAC key.
+     * @param data - Data to authenticate.
+     * @returns HMAC-SHA256 (32 bytes).
+     */
+    protected abstract hmacSha256(key: Uint8Array, data: Uint8Array): Uint8Array;
+    /**
+     * Encrypts data using AES-256-CBC.
+     *
+     * @param key - Encryption key (32 bytes).
+     * @param iv - Initialization vector (16 bytes).
+     * @param plaintext - Data to encrypt.
+     * @returns Ciphertext with PKCS#7 padding.
+     */
+    protected abstract aesEncrypt(key: Uint8Array, iv: Uint8Array, plaintext: Uint8Array): Promise<Uint8Array>;
+    /**
+     * Decrypts data using AES-256-CBC.
+     *
+     * @param key - Decryption key (32 bytes).
+     * @param iv - Initialization vector (16 bytes).
+     * @param ciphertext - Data to decrypt.
+     * @returns Plaintext with padding removed.
+     */
+    protected abstract aesDecrypt(key: Uint8Array, iv: Uint8Array, ciphertext: Uint8Array): Promise<Uint8Array>;
+    /**
+     * Normalizes a public key to uncompressed format.
+     *
+     * @param publicKey - Public key in any format.
+     * @returns Uncompressed public key (65 bytes).
+     * @throws {ECIESError} If key format is invalid.
+     */
+    protected normalizePublicKey(publicKey: Uint8Array): Uint8Array;
+    /**
+     * Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).
+     * Must be implemented by derived classes to handle platform-specific operations.
+     *
+     * @param publicKey - The public key to normalize
+     * @returns The normalized uncompressed public key
+     */
+    abstract normalizeToUncompressed(publicKey: Uint8Array): Uint8Array;
+    /**
+     * Encrypts data using ECIES.
+     *
+     * @param publicKey - The recipient's public key (compressed or uncompressed)
+     * @param message - The data to encrypt
+     * @returns Promise resolving to encrypted data structure
+     */
+    encrypt(publicKey: Uint8Array, message: Uint8Array): Promise<ECIESEncrypted>;
+    /**
+     * Decrypts ECIES encrypted data.
+     *
+     * @param privateKey - The recipient's private key (32 bytes)
+     * @param encrypted - The encrypted data structure from encrypt()
+     * @returns Promise resolving to the original plaintext
+     */
+    decrypt(privateKey: Uint8Array, encrypted: ECIESEncrypted): Promise<Uint8Array>;
+    /**
+     * Clears sensitive data from memory using multi-pass overwrite.
+     *
+     * @remarks
+     * Uses multiple passes with different patterns to make it harder
+     * for JIT compilers to optimize away the operation. While not
+     * guaranteed in JavaScript, this is a best-effort approach to
+     * clear sensitive data from memory.
+     *
+     * @param buffer - The buffer to clear
+     */
+    protected clearBuffer(buffer: Uint8Array): void;
+}

package/dist/crypto/ecies/base.js

@@ -0,0 +1,221 @@
+import { ECIESError, isECIESEncrypted } from "./interface";
+import { CURVE, CIPHER, KDF } from "./constants";
+import { constantTimeEqual } from "./utils";
+import { concat } from "viem";
+class BaseECIESUint8 {
+  // Cache for validated public keys to avoid repeated validation
+  static validatedKeys = /* @__PURE__ */ new WeakMap();
+  /**
+   * Normalizes a public key to uncompressed format.
+   *
+   * @param publicKey - Public key in any format.
+   * @returns Uncompressed public key (65 bytes).
+   * @throws {ECIESError} If key format is invalid.
+   */
+  normalizePublicKey(publicKey) {
+    if (BaseECIESUint8.validatedKeys.has(publicKey)) {
+      return publicKey;
+    }
+    if (publicKey.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH) {
+      if (publicKey[0] !== CURVE.PREFIX.UNCOMPRESSED) {
+        throw new ECIESError(
+          "Invalid uncompressed public key prefix",
+          "INVALID_KEY"
+        );
+      }
+      if (!this.validatePublicKey(publicKey)) {
+        throw new ECIESError("Invalid public key", "INVALID_KEY");
+      }
+      BaseECIESUint8.validatedKeys.set(publicKey, true);
+      return publicKey;
+    }
+    if (publicKey.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) {
+      const decompressed = this.decompressPublicKey(publicKey);
+      if (!decompressed) {
+        throw new ECIESError("Failed to decompress public key", "INVALID_KEY");
+      }
+      BaseECIESUint8.validatedKeys.set(decompressed, true);
+      return decompressed;
+    }
+    throw new ECIESError(
+      `Invalid public key length: ${publicKey.length}`,
+      "INVALID_KEY"
+    );
+  }
+  /**
+   * Encrypts data using ECIES.
+   *
+   * @param publicKey - The recipient's public key (compressed or uncompressed)
+   * @param message - The data to encrypt
+   * @returns Promise resolving to encrypted data structure
+   */
+  async encrypt(publicKey, message) {
+    try {
+      if (!(publicKey instanceof Uint8Array)) {
+        throw new ECIESError("Public key must be a Uint8Array", "INVALID_KEY");
+      }
+      if (!(message instanceof Uint8Array)) {
+        throw new ECIESError(
+          "Message must be a Uint8Array",
+          "ENCRYPTION_FAILED"
+        );
+      }
+      if (publicKey.length === 0) {
+        throw new ECIESError("Public key cannot be empty", "INVALID_KEY");
+      }
+      const pubKey = this.normalizePublicKey(publicKey);
+      let ephemeralPrivateKey;
+      do {
+        ephemeralPrivateKey = this.generateRandomBytes(
+          CURVE.PRIVATE_KEY_LENGTH
+        );
+      } while (!this.verifyPrivateKey(ephemeralPrivateKey));
+      const ephemeralPublicKey = this.createPublicKey(
+        ephemeralPrivateKey,
+        false
+      );
+      if (!ephemeralPublicKey) {
+        throw new ECIESError(
+          "Failed to generate ephemeral public key",
+          "ENCRYPTION_FAILED"
+        );
+      }
+      const sharedSecret = this.performECDH(pubKey, ephemeralPrivateKey);
+      const kdf = this.sha512(sharedSecret);
+      const encryptionKey = kdf.slice(
+        KDF.ENCRYPTION_KEY_OFFSET,
+        KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH
+      );
+      const macKey = kdf.slice(
+        KDF.MAC_KEY_OFFSET,
+        KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH
+      );
+      const iv = this.generateRandomBytes(CIPHER.IV_LENGTH);
+      const ciphertext = await this.aesEncrypt(encryptionKey, iv, message);
+      const macData = concat([iv, ephemeralPublicKey, ciphertext]);
+      const mac = this.hmacSha256(macKey, macData);
+      this.clearBuffer(ephemeralPrivateKey);
+      this.clearBuffer(sharedSecret);
+      this.clearBuffer(kdf);
+      return {
+        iv,
+        ephemPublicKey: ephemeralPublicKey,
+        ciphertext,
+        mac
+      };
+    } catch (error) {
+      if (error instanceof ECIESError) throw error;
+      throw new ECIESError(
+        `Encryption failed: ${error instanceof Error ? error.message : "Unknown error"}`,
+        "ENCRYPTION_FAILED",
+        error instanceof Error ? error : void 0
+      );
+    }
+  }
+  /**
+   * Decrypts ECIES encrypted data.
+   *
+   * @param privateKey - The recipient's private key (32 bytes)
+   * @param encrypted - The encrypted data structure from encrypt()
+   * @returns Promise resolving to the original plaintext
+   */
+  async decrypt(privateKey, encrypted) {
+    try {
+      if (!(privateKey instanceof Uint8Array)) {
+        throw new ECIESError("Private key must be a Uint8Array", "INVALID_KEY");
+      }
+      if (!isECIESEncrypted(encrypted)) {
+        throw new ECIESError(
+          "Invalid encrypted data structure",
+          "DECRYPTION_FAILED"
+        );
+      }
+      if (privateKey.length !== CURVE.PRIVATE_KEY_LENGTH) {
+        throw new ECIESError(
+          `Invalid private key length: ${privateKey.length}`,
+          "INVALID_KEY"
+        );
+      }
+      if (!this.verifyPrivateKey(privateKey)) {
+        throw new ECIESError("Invalid private key", "INVALID_KEY");
+      }
+      if (encrypted.ephemPublicKey.length !== CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH) {
+        throw new ECIESError(
+          `Invalid ephemeral public key: expected ${CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH} bytes (uncompressed), got ${encrypted.ephemPublicKey.length} bytes`,
+          "INVALID_KEY"
+        );
+      }
+      if (encrypted.ephemPublicKey[0] !== CURVE.PREFIX.UNCOMPRESSED) {
+        throw new ECIESError(
+          "Invalid ephemeral public key: must be uncompressed format with 0x04 prefix (eccrypto standard)",
+          "INVALID_KEY"
+        );
+      }
+      if (!this.validatePublicKey(encrypted.ephemPublicKey)) {
+        throw new ECIESError("Invalid ephemeral public key", "INVALID_KEY");
+      }
+      const ephemeralPublicKey = encrypted.ephemPublicKey;
+      const sharedSecret = this.performECDH(ephemeralPublicKey, privateKey);
+      const kdf = this.sha512(sharedSecret);
+      const encryptionKey = kdf.slice(
+        KDF.ENCRYPTION_KEY_OFFSET,
+        KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH
+      );
+      const macKey = kdf.slice(
+        KDF.MAC_KEY_OFFSET,
+        KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH
+      );
+      const macData = concat([
+        encrypted.iv,
+        encrypted.ephemPublicKey,
+        encrypted.ciphertext
+      ]);
+      const expectedMac = this.hmacSha256(macKey, macData);
+      if (!constantTimeEqual(encrypted.mac, expectedMac)) {
+        throw new ECIESError("MAC verification failed", "MAC_MISMATCH");
+      }
+      const decrypted = await this.aesDecrypt(
+        encryptionKey,
+        encrypted.iv,
+        encrypted.ciphertext
+      );
+      this.clearBuffer(sharedSecret);
+      this.clearBuffer(kdf);
+      return decrypted;
+    } catch (error) {
+      if (error instanceof ECIESError) throw error;
+      throw new ECIESError(
+        `Decryption failed: ${error instanceof Error ? error.message : "Unknown error"}`,
+        "DECRYPTION_FAILED",
+        error instanceof Error ? error : void 0
+      );
+    }
+  }
+  /**
+   * Clears sensitive data from memory using multi-pass overwrite.
+   *
+   * @remarks
+   * Uses multiple passes with different patterns to make it harder
+   * for JIT compilers to optimize away the operation. While not
+   * guaranteed in JavaScript, this is a best-effort approach to
+   * clear sensitive data from memory.
+   *
+   * @param buffer - The buffer to clear
+   */
+  clearBuffer(buffer) {
+    if (buffer && buffer.length > 0) {
+      buffer.fill(0);
+      buffer.fill(255);
+      buffer.fill(170);
+      buffer.fill(0);
+      for (let i = 0; i < buffer.length; i++) {
+        buffer[i] = i & 255 ^ 90;
+      }
+      buffer.fill(0);
+    }
+  }
+}
+export {
+  BaseECIESUint8
+};
+//# sourceMappingURL=base.js.map