npm - @opendatalabs/vana-sdk - Versions diffs - 2.1.0 → 2.2.1 - Mend

@opendatalabs/vana-sdk 2.1.0 → 2.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (150) hide show

package/dist/crypto/ecies/base.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../src/crypto/ecies/base.ts"],"sourcesContent":["import type { ECIESProvider, ECIESEncrypted } from \"./interface\";\nimport { ECIESError, isECIESEncrypted } from \"./interface\";\nimport { CURVE, CIPHER, KDF } from \"./constants\";\nimport { constantTimeEqual } from \"./utils\";\nimport { concat } from \"viem\";\n\n/*\n Provides shared ECIES encryption logic across platforms using Uint8Array.\n \n @remarks\n * Platform implementations extend this class and provide crypto primitives.\n * The base class handles the ECIES protocol flow while maintaining\n * compatibility with the eccrypto data format.\n \n Implementation details:\n * - KDF: SHA-512(shared_secret) → encKey (32B) \|\| macKey (32B)\n * - Cipher: AES-256-CBC with random 16-byte IV\n * - MAC: HMAC-SHA256(macKey, iv \|\| ephemPublicKey \|\| ciphertext)\n \n @category Cryptography\n /\nexport abstract class BaseECIESUint8 implements ECIESProvider {\n // Cache for validated public keys to avoid repeated validation\n private static readonly validatedKeys = new WeakMap<Uint8Array, boolean>();\n\n /\n Generates cryptographically secure random bytes.\n \n @param length - Number of random bytes to generate.\n * @returns Random bytes array.\n /\n protected abstract generateRandomBytes(length: number): Uint8Array;\n\n /\n Verifies a private key is valid for secp256k1.\n \n @param privateKey - Private key to verify (32 bytes).\n * @returns `true` if valid private key.\n /\n protected abstract verifyPrivateKey(privateKey: Uint8Array): boolean;\n\n /\n Creates a public key from a private key.\n \n @param privateKey - Source private key (32 bytes).\n * @param compressed - Generate compressed (33B) or uncompressed (65B) format.\n * @returns Public key or `null` if creation failed.\n /\n protected abstract createPublicKey(\n privateKey: Uint8Array,\n compressed: boolean,\n ): Uint8Array \| null;\n\n /\n Validates a public key on the secp256k1 curve.\n \n @param publicKey - Public key to validate.\n * @returns `true` if valid public key.\n /\n protected abstract validatePublicKey(publicKey: Uint8Array): boolean;\n\n /\n Decompresses a compressed public key.\n \n @param publicKey - Compressed public key (33 bytes).\n * @returns Uncompressed public key (65 bytes) or `null` if decompression failed.\n /\n protected abstract decompressPublicKey(\n publicKey: Uint8Array,\n ): Uint8Array \| null;\n\n /\n Performs ECDH key agreement.\n \n @param publicKey - Other party's public key.\n * @param privateKey - Your private key.\n * @returns Raw X coordinate of shared point (32 bytes).\n /\n protected abstract performECDH(\n publicKey: Uint8Array,\n privateKey: Uint8Array,\n ): Uint8Array;\n\n /\n Computes SHA-512 hash.\n \n @param data - Data to hash.\n * @returns SHA-512 hash (64 bytes).\n /\n protected abstract sha512(data: Uint8Array): Uint8Array;\n\n /\n Computes HMAC-SHA256 authentication tag.\n \n @param key - HMAC key.\n * @param data - Data to authenticate.\n * @returns HMAC-SHA256 (32 bytes).\n /\n protected abstract hmacSha256(key: Uint8Array, data: Uint8Array): Uint8Array;\n\n /\n Encrypts data using AES-256-CBC.\n \n @param key - Encryption key (32 bytes).\n * @param iv - Initialization vector (16 bytes).\n * @param plaintext - Data to encrypt.\n * @returns Ciphertext with PKCS#7 padding.\n /\n protected abstract aesEncrypt(\n key: Uint8Array,\n iv: Uint8Array,\n plaintext: Uint8Array,\n ): Promise<Uint8Array>;\n\n /\n Decrypts data using AES-256-CBC.\n \n @param key - Decryption key (32 bytes).\n * @param iv - Initialization vector (16 bytes).\n * @param ciphertext - Data to decrypt.\n * @returns Plaintext with padding removed.\n /\n protected abstract aesDecrypt(\n key: Uint8Array,\n iv: Uint8Array,\n ciphertext: Uint8Array,\n ): Promise<Uint8Array>;\n\n /\n Normalizes a public key to uncompressed format.\n \n @param publicKey - Public key in any format.\n * @returns Uncompressed public key (65 bytes).\n * @throws {ECIESError} If key format is invalid.\n /\n protected normalizePublicKey(publicKey: Uint8Array): Uint8Array {\n // Check cache first\n if (BaseECIESUint8.validatedKeys.has(publicKey)) {\n return publicKey;\n }\n\n if (publicKey.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH) {\n if (publicKey[0] !== CURVE.PREFIX.UNCOMPRESSED) {\n throw new ECIESError(\n \"Invalid uncompressed public key prefix\",\n \"INVALID_KEY\",\n );\n }\n // Validate and cache\n if (!this.validatePublicKey(publicKey)) {\n throw new ECIESError(\"Invalid public key\", \"INVALID_KEY\");\n }\n BaseECIESUint8.validatedKeys.set(publicKey, true);\n return publicKey;\n }\n\n if (publicKey.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) {\n const decompressed = this.decompressPublicKey(publicKey);\n if (!decompressed) {\n throw new ECIESError(\"Failed to decompress public key\", \"INVALID_KEY\");\n }\n // Cache the decompressed key\n BaseECIESUint8.validatedKeys.set(decompressed, true);\n return decompressed;\n }\n\n throw new ECIESError(\n `Invalid public key length: ${publicKey.length}`,\n \"INVALID_KEY\",\n );\n }\n\n /\n Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).\n * Must be implemented by derived classes to handle platform-specific operations.\n \n @param publicKey - The public key to normalize\n * @returns The normalized uncompressed public key\n /\n public abstract normalizeToUncompressed(publicKey: Uint8Array): Uint8Array;\n\n /\n Encrypts data using ECIES.\n \n @param publicKey - The recipient's public key (compressed or uncompressed)\n * @param message - The data to encrypt\n * @returns Promise resolving to encrypted data structure\n /\n async encrypt(\n publicKey: Uint8Array,\n message: Uint8Array,\n ): Promise<ECIESEncrypted> {\n try {\n // Validate inputs\n if (!(publicKey instanceof Uint8Array)) {\n throw new ECIESError(\"Public key must be a Uint8Array\", \"INVALID_KEY\");\n }\n if (!(message instanceof Uint8Array)) {\n throw new ECIESError(\n \"Message must be a Uint8Array\",\n \"ENCRYPTION_FAILED\",\n );\n }\n if (publicKey.length === 0) {\n throw new ECIESError(\"Public key cannot be empty\", \"INVALID_KEY\");\n }\n\n // Normalize public key to uncompressed format\n const pubKey = this.normalizePublicKey(publicKey);\n\n // Generate ephemeral key pair\n let ephemeralPrivateKey: Uint8Array;\n do {\n ephemeralPrivateKey = this.generateRandomBytes(\n CURVE.PRIVATE_KEY_LENGTH,\n );\n } while (!this.verifyPrivateKey(ephemeralPrivateKey));\n\n const ephemeralPublicKey = this.createPublicKey(\n ephemeralPrivateKey,\n false,\n );\n if (!ephemeralPublicKey) {\n throw new ECIESError(\n \"Failed to generate ephemeral public key\",\n \"ENCRYPTION_FAILED\",\n );\n }\n\n // Perform ECDH to get shared secret (raw X coordinate)\n const sharedSecret = this.performECDH(pubKey, ephemeralPrivateKey);\n\n // Derive keys using SHA-512 (eccrypto-compatible KDF)\n const kdf = this.sha512(sharedSecret);\n const encryptionKey = kdf.slice(\n KDF.ENCRYPTION_KEY_OFFSET,\n KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH,\n );\n const macKey = kdf.slice(\n KDF.MAC_KEY_OFFSET,\n KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH,\n );\n\n // Generate random IV and encrypt\n const iv = this.generateRandomBytes(CIPHER.IV_LENGTH);\n const ciphertext = await this.aesEncrypt(encryptionKey, iv, message);\n\n // Calculate MAC (Encrypt-then-MAC)\n const macData = concat([iv, ephemeralPublicKey, ciphertext]);\n const mac = this.hmacSha256(macKey, macData);\n\n // Clear sensitive data\n this.clearBuffer(ephemeralPrivateKey);\n this.clearBuffer(sharedSecret);\n this.clearBuffer(kdf);\n\n return {\n iv,\n ephemPublicKey: ephemeralPublicKey,\n ciphertext,\n mac,\n };\n } catch (error) {\n if (error instanceof ECIESError) throw error;\n throw new ECIESError(\n `Encryption failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n \"ENCRYPTION_FAILED\",\n error instanceof Error ? error : undefined,\n );\n }\n }\n\n /\n Decrypts ECIES encrypted data.\n \n @param privateKey - The recipient's private key (32 bytes)\n * @param encrypted - The encrypted data structure from encrypt()\n * @returns Promise resolving to the original plaintext\n /\n async decrypt(\n privateKey: Uint8Array,\n encrypted: ECIESEncrypted,\n ): Promise<Uint8Array> {\n try {\n // Validate inputs\n if (!(privateKey instanceof Uint8Array)) {\n throw new ECIESError(\"Private key must be a Uint8Array\", \"INVALID_KEY\");\n }\n if (!isECIESEncrypted(encrypted)) {\n throw new ECIESError(\n \"Invalid encrypted data structure\",\n \"DECRYPTION_FAILED\",\n );\n }\n if (privateKey.length !== CURVE.PRIVATE_KEY_LENGTH) {\n throw new ECIESError(\n `Invalid private key length: ${privateKey.length}`,\n \"INVALID_KEY\",\n );\n }\n if (!this.verifyPrivateKey(privateKey)) {\n throw new ECIESError(\"Invalid private key\", \"INVALID_KEY\");\n }\n\n // Strict validation: ephemeral keys must be 65-byte uncompressed (eccrypto standard)\n if (\n encrypted.ephemPublicKey.length !== CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH\n ) {\n throw new ECIESError(\n `Invalid ephemeral public key: expected ${CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH} bytes (uncompressed), got ${encrypted.ephemPublicKey.length} bytes`,\n \"INVALID_KEY\",\n );\n }\n if (encrypted.ephemPublicKey[0] !== CURVE.PREFIX.UNCOMPRESSED) {\n throw new ECIESError(\n \"Invalid ephemeral public key: must be uncompressed format with 0x04 prefix (eccrypto standard)\",\n \"INVALID_KEY\",\n );\n }\n if (!this.validatePublicKey(encrypted.ephemPublicKey)) {\n throw new ECIESError(\"Invalid ephemeral public key\", \"INVALID_KEY\");\n }\n const ephemeralPublicKey = encrypted.ephemPublicKey;\n\n // Perform ECDH to recover shared secret\n const sharedSecret = this.performECDH(ephemeralPublicKey, privateKey);\n\n // Derive keys using SHA-512 (eccrypto-compatible KDF)\n const kdf = this.sha512(sharedSecret);\n const encryptionKey = kdf.slice(\n KDF.ENCRYPTION_KEY_OFFSET,\n KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH,\n );\n const macKey = kdf.slice(\n KDF.MAC_KEY_OFFSET,\n KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH,\n );\n\n // Verify MAC before decryption (Encrypt-then-MAC)\n const macData = concat([\n encrypted.iv,\n encrypted.ephemPublicKey,\n encrypted.ciphertext,\n ]);\n const expectedMac = this.hmacSha256(macKey, macData);\n\n if (!constantTimeEqual(encrypted.mac, expectedMac)) {\n throw new ECIESError(\"MAC verification failed\", \"MAC_MISMATCH\");\n }\n\n // Decrypt the ciphertext\n const decrypted = await this.aesDecrypt(\n encryptionKey,\n encrypted.iv,\n encrypted.ciphertext,\n );\n\n // Clear sensitive data\n this.clearBuffer(sharedSecret);\n this.clearBuffer(kdf);\n\n return decrypted;\n } catch (error) {\n if (error instanceof ECIESError) throw error;\n throw new ECIESError(\n `Decryption failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n \"DECRYPTION_FAILED\",\n error instanceof Error ? error : undefined,\n );\n }\n }\n\n /\n Clears sensitive data from memory using multi-pass overwrite.\n \n @remarks\n * Uses multiple passes with different patterns to make it harder\n * for JIT compilers to optimize away the operation. While not\n * guaranteed in JavaScript, this is a best-effort approach to\n * clear sensitive data from memory.\n \n @param buffer - The buffer to clear\n */\n protected clearBuffer(buffer: Uint8Array): void {\n if (buffer && buffer.length > 0) {\n // Multi-pass overwrite to resist compiler optimization\n buffer.fill(0x00); // Fill with zeros\n buffer.fill(0xff); // Fill with ones\n buffer.fill(0xaa); // Fill with alternating pattern\n buffer.fill(0x00); // Final zero fill\n\n // Additional pattern write to further discourage optimization\n for (let i = 0; i < buffer.length; i++) {\n buffer[i] = (i & 0xff) ^ 0x5a; // XOR with pattern\n }\n buffer.fill(0x00); // Final clear\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,uBAA6C;AAC7C,uBAAmC;AACnC,mBAAkC;AAClC,kBAAuB;AAiBhB,MAAe,eAAwC;AAAA;AAAA,EAE5D,OAAwB,gBAAgB,oBAAI,QAA6B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgH/D,mBAAmB,WAAmC;AAE9D,QAAI,eAAe,cAAc,IAAI,SAAS,GAAG;AAC/C,aAAO;AAAA,IACT;AAEA,QAAI,UAAU,WAAW,uBAAM,gCAAgC;AAC7D,UAAI,UAAU,CAAC,MAAM,uBAAM,OAAO,cAAc;AAC9C,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAEA,UAAI,CAAC,KAAK,kBAAkB,SAAS,GAAG;AACtC,cAAM,IAAI,4BAAW,sBAAsB,aAAa;AAAA,MAC1D;AACA,qBAAe,cAAc,IAAI,WAAW,IAAI;AAChD,aAAO;AAAA,IACT;AAEA,QAAI,UAAU,WAAW,uBAAM,8BAA8B;AAC3D,YAAM,eAAe,KAAK,oBAAoB,SAAS;AACvD,UAAI,CAAC,cAAc;AACjB,cAAM,IAAI,4BAAW,mCAAmC,aAAa;AAAA,MACvE;AAEA,qBAAe,cAAc,IAAI,cAAc,IAAI;AACnD,aAAO;AAAA,IACT;AAEA,UAAM,IAAI;AAAA,MACR,8BAA8B,UAAU,MAAM;AAAA,MAC9C;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkBA,MAAM,QACJ,WACA,SACyB;AACzB,QAAI;AAEF,UAAI,EAAE,qBAAqB,aAAa;AACtC,cAAM,IAAI,4BAAW,mCAAmC,aAAa;AAAA,MACvE;AACA,UAAI,EAAE,mBAAmB,aAAa;AACpC,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,UAAU,WAAW,GAAG;AAC1B,cAAM,IAAI,4BAAW,8BAA8B,aAAa;AAAA,MAClE;AAGA,YAAM,SAAS,KAAK,mBAAmB,SAAS;AAGhD,UAAI;AACJ,SAAG;AACD,8BAAsB,KAAK;AAAA,UACzB,uBAAM;AAAA,QACR;AAAA,MACF,SAAS,CAAC,KAAK,iBAAiB,mBAAmB;AAEnD,YAAM,qBAAqB,KAAK;AAAA,QAC9B;AAAA,QACA;AAAA,MACF;AACA,UAAI,CAAC,oBAAoB;AACvB,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAGA,YAAM,eAAe,KAAK,YAAY,QAAQ,mBAAmB;AAGjE,YAAM,MAAM,KAAK,OAAO,YAAY;AACpC,YAAM,gBAAgB,IAAI;AAAA,QACxB,qBAAI;AAAA,QACJ,qBAAI,wBAAwB,qBAAI;AAAA,MAClC;AACA,YAAM,SAAS,IAAI;AAAA,QACjB,qBAAI;AAAA,QACJ,qBAAI,iBAAiB,qBAAI;AAAA,MAC3B;AAGA,YAAM,KAAK,KAAK,oBAAoB,wBAAO,SAAS;AACpD,YAAM,aAAa,MAAM,KAAK,WAAW,eAAe,IAAI,OAAO;AAGnE,YAAM,cAAU,oBAAO,CAAC,IAAI,oBAAoB,UAAU,CAAC;AAC3D,YAAM,MAAM,KAAK,WAAW,QAAQ,OAAO;AAG3C,WAAK,YAAY,mBAAmB;AACpC,WAAK,YAAY,YAAY;AAC7B,WAAK,YAAY,GAAG;AAEpB,aAAO;AAAA,QACL;AAAA,QACA,gBAAgB;AAAA,QAChB;AAAA,QACA;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,UAAI,iBAAiB,4BAAY,OAAM;AACvC,YAAM,IAAI;AAAA,QACR,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,QAC9E;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,QACJ,YACA,WACqB;AACrB,QAAI;AAEF,UAAI,EAAE,sBAAsB,aAAa;AACvC,cAAM,IAAI,4BAAW,oCAAoC,aAAa;AAAA,MACxE;AACA,UAAI,KAAC,mCAAiB,SAAS,GAAG;AAChC,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,WAAW,WAAW,uBAAM,oBAAoB;AAClD,cAAM,IAAI;AAAA,UACR,+BAA+B,WAAW,MAAM;AAAA,UAChD;AAAA,QACF;AAAA,MACF;AACA,UAAI,CAAC,KAAK,iBAAiB,UAAU,GAAG;AACtC,cAAM,IAAI,4BAAW,uBAAuB,aAAa;AAAA,MAC3D;AAGA,UACE,UAAU,eAAe,WAAW,uBAAM,gCAC1C;AACA,cAAM,IAAI;AAAA,UACR,0CAA0C,uBAAM,8BAA8B,8BAA8B,UAAU,eAAe,MAAM;AAAA,UAC3I;AAAA,QACF;AAAA,MACF;AACA,UAAI,UAAU,eAAe,CAAC,MAAM,uBAAM,OAAO,cAAc;AAC7D,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,CAAC,KAAK,kBAAkB,UAAU,cAAc,GAAG;AACrD,cAAM,IAAI,4BAAW,gCAAgC,aAAa;AAAA,MACpE;AACA,YAAM,qBAAqB,UAAU;AAGrC,YAAM,eAAe,KAAK,YAAY,oBAAoB,UAAU;AAGpE,YAAM,MAAM,KAAK,OAAO,YAAY;AACpC,YAAM,gBAAgB,IAAI;AAAA,QACxB,qBAAI;AAAA,QACJ,qBAAI,wBAAwB,qBAAI;AAAA,MAClC;AACA,YAAM,SAAS,IAAI;AAAA,QACjB,qBAAI;AAAA,QACJ,qBAAI,iBAAiB,qBAAI;AAAA,MAC3B;AAGA,YAAM,cAAU,oBAAO;AAAA,QACrB,UAAU;AAAA,QACV,UAAU;AAAA,QACV,UAAU;AAAA,MACZ,CAAC;AACD,YAAM,cAAc,KAAK,WAAW,QAAQ,OAAO;AAEnD,UAAI,KAAC,gCAAkB,UAAU,KAAK,WAAW,GAAG;AAClD,cAAM,IAAI,4BAAW,2BAA2B,cAAc;AAAA,MAChE;AAGA,YAAM,YAAY,MAAM,KAAK;AAAA,QAC3B;AAAA,QACA,UAAU;AAAA,QACV,UAAU;AAAA,MACZ;AAGA,WAAK,YAAY,YAAY;AAC7B,WAAK,YAAY,GAAG;AAEpB,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,iBAAiB,4BAAY,OAAM;AACvC,YAAM,IAAI;AAAA,QACR,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,QAC9E;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaU,YAAY,QAA0B;AAC9C,QAAI,UAAU,OAAO,SAAS,GAAG;AAE/B,aAAO,KAAK,CAAI;AAChB,aAAO,KAAK,GAAI;AAChB,aAAO,KAAK,GAAI;AAChB,aAAO,KAAK,CAAI;AAGhB,eAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACtC,eAAO,CAAC,IAAK,IAAI,MAAQ;AAAA,MAC3B;AACA,aAAO,KAAK,CAAI;AAAA,IAClB;AAAA,EACF;AACF;","names":[]}
1	+ {"version":3,"sources":["../../../src/crypto/ecies/base.ts"],"sourcesContent":["import type { ECIESProvider, ECIESEncrypted } from \"./interface\";\nimport { ECIESError, isECIESEncrypted } from \"./interface\";\nimport { CURVE, CIPHER, KDF } from \"./constants\";\nimport { constantTimeEqual } from \"./utils\";\nimport { concat } from \"viem\";\n\n/*\n Provides shared ECIES encryption logic across platforms using Uint8Array.\n \n @remarks\n * Platform implementations extend this class and provide crypto primitives.\n * The base class handles the ECIES protocol flow while maintaining\n * compatibility with the eccrypto data format.\n \n Implementation details:\n * - KDF: SHA-512(shared_secret) → encKey (32B) \|\| macKey (32B)\n * - Cipher: AES-256-CBC with random 16-byte IV\n * - MAC: HMAC-SHA256(macKey, iv \|\| ephemPublicKey \|\| ciphertext)\n \n @category Cryptography\n /\nexport abstract class BaseECIESUint8 implements ECIESProvider {\n // Cache for validated public keys to avoid repeated validation\n private static readonly validatedKeys = new WeakMap<Uint8Array, boolean>();\n\n /\n Generates cryptographically secure random bytes.\n \n @param length - Number of random bytes to generate.\n * @returns Random bytes array.\n /\n protected abstract generateRandomBytes(length: number): Uint8Array;\n\n /\n Verifies a private key is valid for secp256k1.\n \n @param privateKey - Private key to verify (32 bytes).\n * @returns `true` if valid private key.\n /\n protected abstract verifyPrivateKey(privateKey: Uint8Array): boolean;\n\n /\n Creates a public key from a private key.\n \n @param privateKey - Source private key (32 bytes).\n * @param compressed - Generate compressed (33B) or uncompressed (65B) format.\n * @returns Public key or `null` if creation failed.\n /\n protected abstract createPublicKey(\n privateKey: Uint8Array,\n compressed: boolean,\n ): Uint8Array \| null;\n\n /\n Validates a public key on the secp256k1 curve.\n \n @param publicKey - Public key to validate.\n * @returns `true` if valid public key.\n /\n protected abstract validatePublicKey(publicKey: Uint8Array): boolean;\n\n /\n Decompresses a compressed public key.\n \n @param publicKey - Compressed public key (33 bytes).\n * @returns Uncompressed public key (65 bytes) or `null` if decompression failed.\n /\n protected abstract decompressPublicKey(\n publicKey: Uint8Array,\n ): Uint8Array \| null;\n\n /\n Performs ECDH key agreement.\n \n @param publicKey - Other party's public key.\n * @param privateKey - Your private key.\n * @returns Raw X coordinate of shared point (32 bytes).\n /\n protected abstract performECDH(\n publicKey: Uint8Array,\n privateKey: Uint8Array,\n ): Uint8Array;\n\n /\n Computes SHA-512 hash.\n \n @param data - Data to hash.\n * @returns SHA-512 hash (64 bytes).\n /\n protected abstract sha512(data: Uint8Array): Uint8Array;\n\n /\n Computes HMAC-SHA256 authentication tag.\n \n @param key - HMAC key.\n * @param data - Data to authenticate.\n * @returns HMAC-SHA256 (32 bytes).\n /\n protected abstract hmacSha256(key: Uint8Array, data: Uint8Array): Uint8Array;\n\n /\n Encrypts data using AES-256-CBC.\n \n @param key - Encryption key (32 bytes).\n * @param iv - Initialization vector (16 bytes).\n * @param plaintext - Data to encrypt.\n * @returns Ciphertext with PKCS#7 padding.\n /\n protected abstract aesEncrypt(\n key: Uint8Array,\n iv: Uint8Array,\n plaintext: Uint8Array,\n ): Promise<Uint8Array>;\n\n /\n Decrypts data using AES-256-CBC.\n \n @param key - Decryption key (32 bytes).\n * @param iv - Initialization vector (16 bytes).\n * @param ciphertext - Data to decrypt.\n * @returns Plaintext with padding removed.\n /\n protected abstract aesDecrypt(\n key: Uint8Array,\n iv: Uint8Array,\n ciphertext: Uint8Array,\n ): Promise<Uint8Array>;\n\n /\n Normalizes a public key to uncompressed format.\n \n @param publicKey - Public key in any format.\n * @returns Uncompressed public key (65 bytes).\n * @throws {ECIESError} If key format is invalid.\n /\n protected normalizePublicKey(publicKey: Uint8Array): Uint8Array {\n // Check cache first\n if (BaseECIESUint8.validatedKeys.get(publicKey)) {\n return publicKey;\n }\n\n if (publicKey.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH) {\n if (publicKey[0] !== CURVE.PREFIX.UNCOMPRESSED) {\n throw new ECIESError(\n \"Invalid uncompressed public key prefix\",\n \"INVALID_KEY\",\n );\n }\n // Validate and cache\n if (!this.validatePublicKey(publicKey)) {\n throw new ECIESError(\"Invalid public key\", \"INVALID_KEY\");\n }\n BaseECIESUint8.validatedKeys.set(publicKey, true);\n return publicKey;\n }\n\n if (publicKey.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) {\n if (\n publicKey[0] === CURVE.PREFIX.COMPRESSED_EVEN \|\|\n publicKey[0] === CURVE.PREFIX.COMPRESSED_ODD\n ) {\n const decompressed = this.decompressPublicKey(publicKey);\n if (!decompressed) {\n throw new ECIESError(\n \"Failed to decompress public key\",\n \"INVALID_KEY\",\n );\n }\n // Cache the decompressed key\n BaseECIESUint8.validatedKeys.set(decompressed, true);\n return decompressed;\n }\n throw new ECIESError(\n `Invalid compressed public key prefix: expected 0x02 or 0x03, got 0x${publicKey[0].toString(16).padStart(2, \"0\")}`,\n \"INVALID_KEY\",\n );\n }\n\n throw new ECIESError(\n `Invalid public key length: ${publicKey.length}`,\n \"INVALID_KEY\",\n );\n }\n\n /\n Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).\n * Must be implemented by derived classes to handle platform-specific operations.\n \n @param publicKey - The public key to normalize\n * @returns The normalized uncompressed public key\n /\n public abstract normalizeToUncompressed(publicKey: Uint8Array): Uint8Array;\n\n /\n Encrypts data using ECIES.\n \n @param publicKey - The recipient's public key (compressed or uncompressed)\n * @param message - The data to encrypt\n * @returns Promise resolving to encrypted data structure\n /\n async encrypt(\n publicKey: Uint8Array,\n message: Uint8Array,\n ): Promise<ECIESEncrypted> {\n // Declare sensitive variables outside try so finally can access them\n let ephemeralPrivateKey: Uint8Array \| undefined;\n let sharedSecret: Uint8Array \| undefined;\n let kdf: Uint8Array \| undefined;\n let encryptionKey: Uint8Array \| undefined;\n let macKey: Uint8Array \| undefined;\n\n try {\n // Validate inputs\n if (!(publicKey instanceof Uint8Array)) {\n throw new ECIESError(\"Public key must be a Uint8Array\", \"INVALID_KEY\");\n }\n if (!(message instanceof Uint8Array)) {\n throw new ECIESError(\n \"Message must be a Uint8Array\",\n \"ENCRYPTION_FAILED\",\n );\n }\n if (publicKey.length === 0) {\n throw new ECIESError(\"Public key cannot be empty\", \"INVALID_KEY\");\n }\n\n // Normalize public key to uncompressed format\n const pubKey = this.normalizePublicKey(publicKey);\n\n // Generate ephemeral key pair\n do {\n ephemeralPrivateKey = this.generateRandomBytes(\n CURVE.PRIVATE_KEY_LENGTH,\n );\n } while (!this.verifyPrivateKey(ephemeralPrivateKey));\n\n const ephemeralPublicKey = this.createPublicKey(\n ephemeralPrivateKey,\n false,\n );\n if (!ephemeralPublicKey) {\n throw new ECIESError(\n \"Failed to generate ephemeral public key\",\n \"ENCRYPTION_FAILED\",\n );\n }\n\n // Perform ECDH to get shared secret (raw X coordinate)\n sharedSecret = this.performECDH(pubKey, ephemeralPrivateKey);\n\n // Derive keys using SHA-512 (eccrypto-compatible KDF)\n kdf = this.sha512(sharedSecret);\n encryptionKey = kdf.slice(\n KDF.ENCRYPTION_KEY_OFFSET,\n KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH,\n );\n macKey = kdf.slice(\n KDF.MAC_KEY_OFFSET,\n KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH,\n );\n\n // Generate random IV and encrypt\n const iv = this.generateRandomBytes(CIPHER.IV_LENGTH);\n const ciphertext = await this.aesEncrypt(encryptionKey, iv, message);\n\n // Calculate MAC (Encrypt-then-MAC)\n const macData = concat([iv, ephemeralPublicKey, ciphertext]);\n const mac = this.hmacSha256(macKey, macData);\n\n return {\n iv,\n ephemPublicKey: ephemeralPublicKey,\n ciphertext,\n mac,\n };\n } catch (error) {\n if (error instanceof ECIESError) throw error;\n throw new ECIESError(\n `Encryption failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n \"ENCRYPTION_FAILED\",\n error instanceof Error ? error : undefined,\n );\n } finally {\n // Clear sensitive data on all code paths (success, error, throw)\n if (ephemeralPrivateKey) this.clearBuffer(ephemeralPrivateKey);\n if (sharedSecret) this.clearBuffer(sharedSecret);\n if (kdf) this.clearBuffer(kdf);\n if (encryptionKey) this.clearBuffer(encryptionKey);\n if (macKey) this.clearBuffer(macKey);\n }\n }\n\n /\n Decrypts ECIES encrypted data.\n \n @param privateKey - The recipient's private key (32 bytes)\n * @param encrypted - The encrypted data structure from encrypt()\n * @returns Promise resolving to the original plaintext\n /\n async decrypt(\n privateKey: Uint8Array,\n encrypted: ECIESEncrypted,\n ): Promise<Uint8Array> {\n // Declare sensitive variables outside try so finally can access them\n let sharedSecret: Uint8Array \| undefined;\n let kdf: Uint8Array \| undefined;\n let encryptionKey: Uint8Array \| undefined;\n let macKey: Uint8Array \| undefined;\n\n try {\n // Validate inputs\n if (!(privateKey instanceof Uint8Array)) {\n throw new ECIESError(\"Private key must be a Uint8Array\", \"INVALID_KEY\");\n }\n if (!isECIESEncrypted(encrypted)) {\n throw new ECIESError(\n \"Invalid encrypted data structure\",\n \"DECRYPTION_FAILED\",\n );\n }\n if (privateKey.length !== CURVE.PRIVATE_KEY_LENGTH) {\n throw new ECIESError(\n `Invalid private key length: ${privateKey.length}`,\n \"INVALID_KEY\",\n );\n }\n if (!this.verifyPrivateKey(privateKey)) {\n throw new ECIESError(\"Invalid private key\", \"INVALID_KEY\");\n }\n\n // Strict validation: ephemeral keys must be 65-byte uncompressed (eccrypto standard)\n if (\n encrypted.ephemPublicKey.length !== CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH\n ) {\n throw new ECIESError(\n `Invalid ephemeral public key: expected ${CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH} bytes (uncompressed), got ${encrypted.ephemPublicKey.length} bytes`,\n \"INVALID_KEY\",\n );\n }\n if (encrypted.ephemPublicKey[0] !== CURVE.PREFIX.UNCOMPRESSED) {\n throw new ECIESError(\n \"Invalid ephemeral public key: must be uncompressed format with 0x04 prefix (eccrypto standard)\",\n \"INVALID_KEY\",\n );\n }\n if (!this.validatePublicKey(encrypted.ephemPublicKey)) {\n throw new ECIESError(\"Invalid ephemeral public key\", \"INVALID_KEY\");\n }\n const ephemeralPublicKey = encrypted.ephemPublicKey;\n\n // Perform ECDH to recover shared secret\n sharedSecret = this.performECDH(ephemeralPublicKey, privateKey);\n\n // Derive keys using SHA-512 (eccrypto-compatible KDF)\n kdf = this.sha512(sharedSecret);\n encryptionKey = kdf.slice(\n KDF.ENCRYPTION_KEY_OFFSET,\n KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH,\n );\n macKey = kdf.slice(\n KDF.MAC_KEY_OFFSET,\n KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH,\n );\n\n // Verify MAC before decryption (Encrypt-then-MAC)\n const macData = concat([\n encrypted.iv,\n encrypted.ephemPublicKey,\n encrypted.ciphertext,\n ]);\n const expectedMac = this.hmacSha256(macKey, macData);\n\n if (!constantTimeEqual(encrypted.mac, expectedMac)) {\n throw new ECIESError(\"MAC verification failed\", \"MAC_MISMATCH\");\n }\n\n // Decrypt the ciphertext\n const decrypted = await this.aesDecrypt(\n encryptionKey,\n encrypted.iv,\n encrypted.ciphertext,\n );\n\n return decrypted;\n } catch (error) {\n if (error instanceof ECIESError) throw error;\n throw new ECIESError(\n `Decryption failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n \"DECRYPTION_FAILED\",\n error instanceof Error ? error : undefined,\n );\n } finally {\n // Clear sensitive data on all code paths (success, error, throw)\n if (sharedSecret) this.clearBuffer(sharedSecret);\n if (kdf) this.clearBuffer(kdf);\n if (encryptionKey) this.clearBuffer(encryptionKey);\n if (macKey) this.clearBuffer(macKey);\n }\n }\n\n /\n Clears sensitive data from memory using multi-pass overwrite.\n \n @remarks\n * Uses multiple passes with different patterns to make it harder\n * for JIT compilers to optimize away the operation. While not\n * guaranteed in JavaScript, this is a best-effort approach to\n * clear sensitive data from memory.\n \n @param buffer - The buffer to clear\n */\n protected clearBuffer(buffer: Uint8Array): void {\n if (buffer && buffer.length > 0) {\n // Multi-pass overwrite to resist compiler optimization\n buffer.fill(0x00); // Fill with zeros\n buffer.fill(0xff); // Fill with ones\n buffer.fill(0xaa); // Fill with alternating pattern\n buffer.fill(0x00); // Final zero fill\n\n // Additional pattern write to further discourage optimization\n for (let i = 0; i < buffer.length; i++) {\n buffer[i] = (i & 0xff) ^ 0x5a; // XOR with pattern\n }\n buffer.fill(0x00); // Final clear\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,uBAA6C;AAC7C,uBAAmC;AACnC,mBAAkC;AAClC,kBAAuB;AAiBhB,MAAe,eAAwC;AAAA;AAAA,EAE5D,OAAwB,gBAAgB,oBAAI,QAA6B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgH/D,mBAAmB,WAAmC;AAE9D,QAAI,eAAe,cAAc,IAAI,SAAS,GAAG;AAC/C,aAAO;AAAA,IACT;AAEA,QAAI,UAAU,WAAW,uBAAM,gCAAgC;AAC7D,UAAI,UAAU,CAAC,MAAM,uBAAM,OAAO,cAAc;AAC9C,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAEA,UAAI,CAAC,KAAK,kBAAkB,SAAS,GAAG;AACtC,cAAM,IAAI,4BAAW,sBAAsB,aAAa;AAAA,MAC1D;AACA,qBAAe,cAAc,IAAI,WAAW,IAAI;AAChD,aAAO;AAAA,IACT;AAEA,QAAI,UAAU,WAAW,uBAAM,8BAA8B;AAC3D,UACE,UAAU,CAAC,MAAM,uBAAM,OAAO,mBAC9B,UAAU,CAAC,MAAM,uBAAM,OAAO,gBAC9B;AACA,cAAM,eAAe,KAAK,oBAAoB,SAAS;AACvD,YAAI,CAAC,cAAc;AACjB,gBAAM,IAAI;AAAA,YACR;AAAA,YACA;AAAA,UACF;AAAA,QACF;AAEA,uBAAe,cAAc,IAAI,cAAc,IAAI;AACnD,eAAO;AAAA,MACT;AACA,YAAM,IAAI;AAAA,QACR,sEAAsE,UAAU,CAAC,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC;AAAA,QAChH;AAAA,MACF;AAAA,IACF;AAEA,UAAM,IAAI;AAAA,MACR,8BAA8B,UAAU,MAAM;AAAA,MAC9C;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkBA,MAAM,QACJ,WACA,SACyB;AAEzB,QAAI;AACJ,QAAI;AACJ,QAAI;AACJ,QAAI;AACJ,QAAI;AAEJ,QAAI;AAEF,UAAI,EAAE,qBAAqB,aAAa;AACtC,cAAM,IAAI,4BAAW,mCAAmC,aAAa;AAAA,MACvE;AACA,UAAI,EAAE,mBAAmB,aAAa;AACpC,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,UAAU,WAAW,GAAG;AAC1B,cAAM,IAAI,4BAAW,8BAA8B,aAAa;AAAA,MAClE;AAGA,YAAM,SAAS,KAAK,mBAAmB,SAAS;AAGhD,SAAG;AACD,8BAAsB,KAAK;AAAA,UACzB,uBAAM;AAAA,QACR;AAAA,MACF,SAAS,CAAC,KAAK,iBAAiB,mBAAmB;AAEnD,YAAM,qBAAqB,KAAK;AAAA,QAC9B;AAAA,QACA;AAAA,MACF;AACA,UAAI,CAAC,oBAAoB;AACvB,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAGA,qBAAe,KAAK,YAAY,QAAQ,mBAAmB;AAG3D,YAAM,KAAK,OAAO,YAAY;AAC9B,sBAAgB,IAAI;AAAA,QAClB,qBAAI;AAAA,QACJ,qBAAI,wBAAwB,qBAAI;AAAA,MAClC;AACA,eAAS,IAAI;AAAA,QACX,qBAAI;AAAA,QACJ,qBAAI,iBAAiB,qBAAI;AAAA,MAC3B;AAGA,YAAM,KAAK,KAAK,oBAAoB,wBAAO,SAAS;AACpD,YAAM,aAAa,MAAM,KAAK,WAAW,eAAe,IAAI,OAAO;AAGnE,YAAM,cAAU,oBAAO,CAAC,IAAI,oBAAoB,UAAU,CAAC;AAC3D,YAAM,MAAM,KAAK,WAAW,QAAQ,OAAO;AAE3C,aAAO;AAAA,QACL;AAAA,QACA,gBAAgB;AAAA,QAChB;AAAA,QACA;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,UAAI,iBAAiB,4BAAY,OAAM;AACvC,YAAM,IAAI;AAAA,QACR,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,QAC9E;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF,UAAE;AAEA,UAAI,oBAAqB,MAAK,YAAY,mBAAmB;AAC7D,UAAI,aAAc,MAAK,YAAY,YAAY;AAC/C,UAAI,IAAK,MAAK,YAAY,GAAG;AAC7B,UAAI,cAAe,MAAK,YAAY,aAAa;AACjD,UAAI,OAAQ,MAAK,YAAY,MAAM;AAAA,IACrC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,QACJ,YACA,WACqB;AAErB,QAAI;AACJ,QAAI;AACJ,QAAI;AACJ,QAAI;AAEJ,QAAI;AAEF,UAAI,EAAE,sBAAsB,aAAa;AACvC,cAAM,IAAI,4BAAW,oCAAoC,aAAa;AAAA,MACxE;AACA,UAAI,KAAC,mCAAiB,SAAS,GAAG;AAChC,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,WAAW,WAAW,uBAAM,oBAAoB;AAClD,cAAM,IAAI;AAAA,UACR,+BAA+B,WAAW,MAAM;AAAA,UAChD;AAAA,QACF;AAAA,MACF;AACA,UAAI,CAAC,KAAK,iBAAiB,UAAU,GAAG;AACtC,cAAM,IAAI,4BAAW,uBAAuB,aAAa;AAAA,MAC3D;AAGA,UACE,UAAU,eAAe,WAAW,uBAAM,gCAC1C;AACA,cAAM,IAAI;AAAA,UACR,0CAA0C,uBAAM,8BAA8B,8BAA8B,UAAU,eAAe,MAAM;AAAA,UAC3I;AAAA,QACF;AAAA,MACF;AACA,UAAI,UAAU,eAAe,CAAC,MAAM,uBAAM,OAAO,cAAc;AAC7D,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,CAAC,KAAK,kBAAkB,UAAU,cAAc,GAAG;AACrD,cAAM,IAAI,4BAAW,gCAAgC,aAAa;AAAA,MACpE;AACA,YAAM,qBAAqB,UAAU;AAGrC,qBAAe,KAAK,YAAY,oBAAoB,UAAU;AAG9D,YAAM,KAAK,OAAO,YAAY;AAC9B,sBAAgB,IAAI;AAAA,QAClB,qBAAI;AAAA,QACJ,qBAAI,wBAAwB,qBAAI;AAAA,MAClC;AACA,eAAS,IAAI;AAAA,QACX,qBAAI;AAAA,QACJ,qBAAI,iBAAiB,qBAAI;AAAA,MAC3B;AAGA,YAAM,cAAU,oBAAO;AAAA,QACrB,UAAU;AAAA,QACV,UAAU;AAAA,QACV,UAAU;AAAA,MACZ,CAAC;AACD,YAAM,cAAc,KAAK,WAAW,QAAQ,OAAO;AAEnD,UAAI,KAAC,gCAAkB,UAAU,KAAK,WAAW,GAAG;AAClD,cAAM,IAAI,4BAAW,2BAA2B,cAAc;AAAA,MAChE;AAGA,YAAM,YAAY,MAAM,KAAK;AAAA,QAC3B;AAAA,QACA,UAAU;AAAA,QACV,UAAU;AAAA,MACZ;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,iBAAiB,4BAAY,OAAM;AACvC,YAAM,IAAI;AAAA,QACR,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,QAC9E;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF,UAAE;AAEA,UAAI,aAAc,MAAK,YAAY,YAAY;AAC/C,UAAI,IAAK,MAAK,YAAY,GAAG;AAC7B,UAAI,cAAe,MAAK,YAAY,aAAa;AACjD,UAAI,OAAQ,MAAK,YAAY,MAAM;AAAA,IACrC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaU,YAAY,QAA0B;AAC9C,QAAI,UAAU,OAAO,SAAS,GAAG;AAE/B,aAAO,KAAK,CAAI;AAChB,aAAO,KAAK,GAAI;AAChB,aAAO,KAAK,GAAI;AAChB,aAAO,KAAK,CAAI;AAGhB,eAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACtC,eAAO,CAAC,IAAK,IAAI,MAAQ;AAAA,MAC3B;AACA,aAAO,KAAK,CAAI;AAAA,IAClB;AAAA,EACF;AACF;","names":[]}

package/dist/crypto/ecies/base.js CHANGED Viewed

@@ -13,7 +13,7 @@ class BaseECIESUint8 {
    * @throws {ECIESError} If key format is invalid.
    */
   normalizePublicKey(publicKey) {
-    if (BaseECIESUint8.validatedKeys.has(publicKey)) {
+    if (BaseECIESUint8.validatedKeys.get(publicKey)) {
       return publicKey;
     }
     if (publicKey.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH) {
@@ -30,12 +30,21 @@ class BaseECIESUint8 {
       return publicKey;
     }
     if (publicKey.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) {
-      const decompressed = this.decompressPublicKey(publicKey);
-      if (!decompressed) {
-        throw new ECIESError("Failed to decompress public key", "INVALID_KEY");
+      if (publicKey[0] === CURVE.PREFIX.COMPRESSED_EVEN || publicKey[0] === CURVE.PREFIX.COMPRESSED_ODD) {
+        const decompressed = this.decompressPublicKey(publicKey);
+        if (!decompressed) {
+          throw new ECIESError(
+            "Failed to decompress public key",
+            "INVALID_KEY"
+          );
+        }
+        BaseECIESUint8.validatedKeys.set(decompressed, true);
+        return decompressed;
       }
-      BaseECIESUint8.validatedKeys.set(decompressed, true);
-      return decompressed;
+      throw new ECIESError(
+        `Invalid compressed public key prefix: expected 0x02 or 0x03, got 0x${publicKey[0].toString(16).padStart(2, "0")}`,
+        "INVALID_KEY"
+      );
     }
     throw new ECIESError(
       `Invalid public key length: ${publicKey.length}`,
@@ -50,6 +59,11 @@ class BaseECIESUint8 {
    * @returns Promise resolving to encrypted data structure
    */
   async encrypt(publicKey, message) {
+    let ephemeralPrivateKey;
+    let sharedSecret;
+    let kdf;
+    let encryptionKey;
+    let macKey;
     try {
       if (!(publicKey instanceof Uint8Array)) {
         throw new ECIESError("Public key must be a Uint8Array", "INVALID_KEY");
@@ -64,7 +78,6 @@ class BaseECIESUint8 {
         throw new ECIESError("Public key cannot be empty", "INVALID_KEY");
       }
       const pubKey = this.normalizePublicKey(publicKey);
-      let ephemeralPrivateKey;
       do {
         ephemeralPrivateKey = this.generateRandomBytes(
           CURVE.PRIVATE_KEY_LENGTH
@@ -80,13 +93,13 @@ class BaseECIESUint8 {
           "ENCRYPTION_FAILED"
         );
       }
-      const sharedSecret = this.performECDH(pubKey, ephemeralPrivateKey);
-      const kdf = this.sha512(sharedSecret);
-      const encryptionKey = kdf.slice(
+      sharedSecret = this.performECDH(pubKey, ephemeralPrivateKey);
+      kdf = this.sha512(sharedSecret);
+      encryptionKey = kdf.slice(
         KDF.ENCRYPTION_KEY_OFFSET,
         KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH
       );
-      const macKey = kdf.slice(
+      macKey = kdf.slice(
         KDF.MAC_KEY_OFFSET,
         KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH
       );
@@ -94,9 +107,6 @@ class BaseECIESUint8 {
       const ciphertext = await this.aesEncrypt(encryptionKey, iv, message);
       const macData = concat([iv, ephemeralPublicKey, ciphertext]);
       const mac = this.hmacSha256(macKey, macData);
-      this.clearBuffer(ephemeralPrivateKey);
-      this.clearBuffer(sharedSecret);
-      this.clearBuffer(kdf);
       return {
         iv,
         ephemPublicKey: ephemeralPublicKey,
@@ -110,6 +120,12 @@ class BaseECIESUint8 {
         "ENCRYPTION_FAILED",
         error instanceof Error ? error : void 0
       );
+    } finally {
+      if (ephemeralPrivateKey) this.clearBuffer(ephemeralPrivateKey);
+      if (sharedSecret) this.clearBuffer(sharedSecret);
+      if (kdf) this.clearBuffer(kdf);
+      if (encryptionKey) this.clearBuffer(encryptionKey);
+      if (macKey) this.clearBuffer(macKey);
     }
   }
   /**
@@ -120,6 +136,10 @@ class BaseECIESUint8 {
    * @returns Promise resolving to the original plaintext
    */
   async decrypt(privateKey, encrypted) {
+    let sharedSecret;
+    let kdf;
+    let encryptionKey;
+    let macKey;
     try {
       if (!(privateKey instanceof Uint8Array)) {
         throw new ECIESError("Private key must be a Uint8Array", "INVALID_KEY");
@@ -155,13 +175,13 @@ class BaseECIESUint8 {
         throw new ECIESError("Invalid ephemeral public key", "INVALID_KEY");
       }
       const ephemeralPublicKey = encrypted.ephemPublicKey;
-      const sharedSecret = this.performECDH(ephemeralPublicKey, privateKey);
-      const kdf = this.sha512(sharedSecret);
-      const encryptionKey = kdf.slice(
+      sharedSecret = this.performECDH(ephemeralPublicKey, privateKey);
+      kdf = this.sha512(sharedSecret);
+      encryptionKey = kdf.slice(
         KDF.ENCRYPTION_KEY_OFFSET,
         KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH
       );
-      const macKey = kdf.slice(
+      macKey = kdf.slice(
         KDF.MAC_KEY_OFFSET,
         KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH
       );
@@ -179,8 +199,6 @@ class BaseECIESUint8 {
         encrypted.iv,
         encrypted.ciphertext
       );
-      this.clearBuffer(sharedSecret);
-      this.clearBuffer(kdf);
       return decrypted;
     } catch (error) {
       if (error instanceof ECIESError) throw error;
@@ -189,6 +207,11 @@ class BaseECIESUint8 {
         "DECRYPTION_FAILED",
         error instanceof Error ? error : void 0
       );
+    } finally {
+      if (sharedSecret) this.clearBuffer(sharedSecret);
+      if (kdf) this.clearBuffer(kdf);
+      if (encryptionKey) this.clearBuffer(encryptionKey);
+      if (macKey) this.clearBuffer(macKey);
     }
   }
   /**

package/dist/crypto/ecies/base.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../src/crypto/ecies/base.ts"],"sourcesContent":["import type { ECIESProvider, ECIESEncrypted } from \"./interface\";\nimport { ECIESError, isECIESEncrypted } from \"./interface\";\nimport { CURVE, CIPHER, KDF } from \"./constants\";\nimport { constantTimeEqual } from \"./utils\";\nimport { concat } from \"viem\";\n\n/*\n Provides shared ECIES encryption logic across platforms using Uint8Array.\n \n @remarks\n * Platform implementations extend this class and provide crypto primitives.\n * The base class handles the ECIES protocol flow while maintaining\n * compatibility with the eccrypto data format.\n \n Implementation details:\n * - KDF: SHA-512(shared_secret) → encKey (32B) \|\| macKey (32B)\n * - Cipher: AES-256-CBC with random 16-byte IV\n * - MAC: HMAC-SHA256(macKey, iv \|\| ephemPublicKey \|\| ciphertext)\n \n @category Cryptography\n /\nexport abstract class BaseECIESUint8 implements ECIESProvider {\n // Cache for validated public keys to avoid repeated validation\n private static readonly validatedKeys = new WeakMap<Uint8Array, boolean>();\n\n /\n Generates cryptographically secure random bytes.\n \n @param length - Number of random bytes to generate.\n * @returns Random bytes array.\n /\n protected abstract generateRandomBytes(length: number): Uint8Array;\n\n /\n Verifies a private key is valid for secp256k1.\n \n @param privateKey - Private key to verify (32 bytes).\n * @returns `true` if valid private key.\n /\n protected abstract verifyPrivateKey(privateKey: Uint8Array): boolean;\n\n /\n Creates a public key from a private key.\n \n @param privateKey - Source private key (32 bytes).\n * @param compressed - Generate compressed (33B) or uncompressed (65B) format.\n * @returns Public key or `null` if creation failed.\n /\n protected abstract createPublicKey(\n privateKey: Uint8Array,\n compressed: boolean,\n ): Uint8Array \| null;\n\n /\n Validates a public key on the secp256k1 curve.\n \n @param publicKey - Public key to validate.\n * @returns `true` if valid public key.\n /\n protected abstract validatePublicKey(publicKey: Uint8Array): boolean;\n\n /\n Decompresses a compressed public key.\n \n @param publicKey - Compressed public key (33 bytes).\n * @returns Uncompressed public key (65 bytes) or `null` if decompression failed.\n /\n protected abstract decompressPublicKey(\n publicKey: Uint8Array,\n ): Uint8Array \| null;\n\n /\n Performs ECDH key agreement.\n \n @param publicKey - Other party's public key.\n * @param privateKey - Your private key.\n * @returns Raw X coordinate of shared point (32 bytes).\n /\n protected abstract performECDH(\n publicKey: Uint8Array,\n privateKey: Uint8Array,\n ): Uint8Array;\n\n /\n Computes SHA-512 hash.\n \n @param data - Data to hash.\n * @returns SHA-512 hash (64 bytes).\n /\n protected abstract sha512(data: Uint8Array): Uint8Array;\n\n /\n Computes HMAC-SHA256 authentication tag.\n \n @param key - HMAC key.\n * @param data - Data to authenticate.\n * @returns HMAC-SHA256 (32 bytes).\n /\n protected abstract hmacSha256(key: Uint8Array, data: Uint8Array): Uint8Array;\n\n /\n Encrypts data using AES-256-CBC.\n \n @param key - Encryption key (32 bytes).\n * @param iv - Initialization vector (16 bytes).\n * @param plaintext - Data to encrypt.\n * @returns Ciphertext with PKCS#7 padding.\n /\n protected abstract aesEncrypt(\n key: Uint8Array,\n iv: Uint8Array,\n plaintext: Uint8Array,\n ): Promise<Uint8Array>;\n\n /\n Decrypts data using AES-256-CBC.\n \n @param key - Decryption key (32 bytes).\n * @param iv - Initialization vector (16 bytes).\n * @param ciphertext - Data to decrypt.\n * @returns Plaintext with padding removed.\n /\n protected abstract aesDecrypt(\n key: Uint8Array,\n iv: Uint8Array,\n ciphertext: Uint8Array,\n ): Promise<Uint8Array>;\n\n /\n Normalizes a public key to uncompressed format.\n \n @param publicKey - Public key in any format.\n * @returns Uncompressed public key (65 bytes).\n * @throws {ECIESError} If key format is invalid.\n /\n protected normalizePublicKey(publicKey: Uint8Array): Uint8Array {\n // Check cache first\n if (BaseECIESUint8.validatedKeys.has(publicKey)) {\n return publicKey;\n }\n\n if (publicKey.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH) {\n if (publicKey[0] !== CURVE.PREFIX.UNCOMPRESSED) {\n throw new ECIESError(\n \"Invalid uncompressed public key prefix\",\n \"INVALID_KEY\",\n );\n }\n // Validate and cache\n if (!this.validatePublicKey(publicKey)) {\n throw new ECIESError(\"Invalid public key\", \"INVALID_KEY\");\n }\n BaseECIESUint8.validatedKeys.set(publicKey, true);\n return publicKey;\n }\n\n if (publicKey.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) {\n const decompressed = this.decompressPublicKey(publicKey);\n if (!decompressed) {\n throw new ECIESError(\"Failed to decompress public key\", \"INVALID_KEY\");\n }\n // Cache the decompressed key\n BaseECIESUint8.validatedKeys.set(decompressed, true);\n return decompressed;\n }\n\n throw new ECIESError(\n `Invalid public key length: ${publicKey.length}`,\n \"INVALID_KEY\",\n );\n }\n\n /\n Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).\n * Must be implemented by derived classes to handle platform-specific operations.\n \n @param publicKey - The public key to normalize\n * @returns The normalized uncompressed public key\n /\n public abstract normalizeToUncompressed(publicKey: Uint8Array): Uint8Array;\n\n /\n Encrypts data using ECIES.\n \n @param publicKey - The recipient's public key (compressed or uncompressed)\n * @param message - The data to encrypt\n * @returns Promise resolving to encrypted data structure\n /\n async encrypt(\n publicKey: Uint8Array,\n message: Uint8Array,\n ): Promise<ECIESEncrypted> {\n try {\n // Validate inputs\n if (!(publicKey instanceof Uint8Array)) {\n throw new ECIESError(\"Public key must be a Uint8Array\", \"INVALID_KEY\");\n }\n if (!(message instanceof Uint8Array)) {\n throw new ECIESError(\n \"Message must be a Uint8Array\",\n \"ENCRYPTION_FAILED\",\n );\n }\n if (publicKey.length === 0) {\n throw new ECIESError(\"Public key cannot be empty\", \"INVALID_KEY\");\n }\n\n // Normalize public key to uncompressed format\n const pubKey = this.normalizePublicKey(publicKey);\n\n // Generate ephemeral key pair\n let ephemeralPrivateKey: Uint8Array;\n do {\n ephemeralPrivateKey = this.generateRandomBytes(\n CURVE.PRIVATE_KEY_LENGTH,\n );\n } while (!this.verifyPrivateKey(ephemeralPrivateKey));\n\n const ephemeralPublicKey = this.createPublicKey(\n ephemeralPrivateKey,\n false,\n );\n if (!ephemeralPublicKey) {\n throw new ECIESError(\n \"Failed to generate ephemeral public key\",\n \"ENCRYPTION_FAILED\",\n );\n }\n\n // Perform ECDH to get shared secret (raw X coordinate)\n const sharedSecret = this.performECDH(pubKey, ephemeralPrivateKey);\n\n // Derive keys using SHA-512 (eccrypto-compatible KDF)\n const kdf = this.sha512(sharedSecret);\n const encryptionKey = kdf.slice(\n KDF.ENCRYPTION_KEY_OFFSET,\n KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH,\n );\n const macKey = kdf.slice(\n KDF.MAC_KEY_OFFSET,\n KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH,\n );\n\n // Generate random IV and encrypt\n const iv = this.generateRandomBytes(CIPHER.IV_LENGTH);\n const ciphertext = await this.aesEncrypt(encryptionKey, iv, message);\n\n // Calculate MAC (Encrypt-then-MAC)\n const macData = concat([iv, ephemeralPublicKey, ciphertext]);\n const mac = this.hmacSha256(macKey, macData);\n\n // Clear sensitive data\n this.clearBuffer(ephemeralPrivateKey);\n this.clearBuffer(sharedSecret);\n this.clearBuffer(kdf);\n\n return {\n iv,\n ephemPublicKey: ephemeralPublicKey,\n ciphertext,\n mac,\n };\n } catch (error) {\n if (error instanceof ECIESError) throw error;\n throw new ECIESError(\n `Encryption failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n \"ENCRYPTION_FAILED\",\n error instanceof Error ? error : undefined,\n );\n }\n }\n\n /\n Decrypts ECIES encrypted data.\n \n @param privateKey - The recipient's private key (32 bytes)\n * @param encrypted - The encrypted data structure from encrypt()\n * @returns Promise resolving to the original plaintext\n /\n async decrypt(\n privateKey: Uint8Array,\n encrypted: ECIESEncrypted,\n ): Promise<Uint8Array> {\n try {\n // Validate inputs\n if (!(privateKey instanceof Uint8Array)) {\n throw new ECIESError(\"Private key must be a Uint8Array\", \"INVALID_KEY\");\n }\n if (!isECIESEncrypted(encrypted)) {\n throw new ECIESError(\n \"Invalid encrypted data structure\",\n \"DECRYPTION_FAILED\",\n );\n }\n if (privateKey.length !== CURVE.PRIVATE_KEY_LENGTH) {\n throw new ECIESError(\n `Invalid private key length: ${privateKey.length}`,\n \"INVALID_KEY\",\n );\n }\n if (!this.verifyPrivateKey(privateKey)) {\n throw new ECIESError(\"Invalid private key\", \"INVALID_KEY\");\n }\n\n // Strict validation: ephemeral keys must be 65-byte uncompressed (eccrypto standard)\n if (\n encrypted.ephemPublicKey.length !== CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH\n ) {\n throw new ECIESError(\n `Invalid ephemeral public key: expected ${CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH} bytes (uncompressed), got ${encrypted.ephemPublicKey.length} bytes`,\n \"INVALID_KEY\",\n );\n }\n if (encrypted.ephemPublicKey[0] !== CURVE.PREFIX.UNCOMPRESSED) {\n throw new ECIESError(\n \"Invalid ephemeral public key: must be uncompressed format with 0x04 prefix (eccrypto standard)\",\n \"INVALID_KEY\",\n );\n }\n if (!this.validatePublicKey(encrypted.ephemPublicKey)) {\n throw new ECIESError(\"Invalid ephemeral public key\", \"INVALID_KEY\");\n }\n const ephemeralPublicKey = encrypted.ephemPublicKey;\n\n // Perform ECDH to recover shared secret\n const sharedSecret = this.performECDH(ephemeralPublicKey, privateKey);\n\n // Derive keys using SHA-512 (eccrypto-compatible KDF)\n const kdf = this.sha512(sharedSecret);\n const encryptionKey = kdf.slice(\n KDF.ENCRYPTION_KEY_OFFSET,\n KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH,\n );\n const macKey = kdf.slice(\n KDF.MAC_KEY_OFFSET,\n KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH,\n );\n\n // Verify MAC before decryption (Encrypt-then-MAC)\n const macData = concat([\n encrypted.iv,\n encrypted.ephemPublicKey,\n encrypted.ciphertext,\n ]);\n const expectedMac = this.hmacSha256(macKey, macData);\n\n if (!constantTimeEqual(encrypted.mac, expectedMac)) {\n throw new ECIESError(\"MAC verification failed\", \"MAC_MISMATCH\");\n }\n\n // Decrypt the ciphertext\n const decrypted = await this.aesDecrypt(\n encryptionKey,\n encrypted.iv,\n encrypted.ciphertext,\n );\n\n // Clear sensitive data\n this.clearBuffer(sharedSecret);\n this.clearBuffer(kdf);\n\n return decrypted;\n } catch (error) {\n if (error instanceof ECIESError) throw error;\n throw new ECIESError(\n `Decryption failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n \"DECRYPTION_FAILED\",\n error instanceof Error ? error : undefined,\n );\n }\n }\n\n /\n Clears sensitive data from memory using multi-pass overwrite.\n \n @remarks\n * Uses multiple passes with different patterns to make it harder\n * for JIT compilers to optimize away the operation. While not\n * guaranteed in JavaScript, this is a best-effort approach to\n * clear sensitive data from memory.\n \n @param buffer - The buffer to clear\n */\n protected clearBuffer(buffer: Uint8Array): void {\n if (buffer && buffer.length > 0) {\n // Multi-pass overwrite to resist compiler optimization\n buffer.fill(0x00); // Fill with zeros\n buffer.fill(0xff); // Fill with ones\n buffer.fill(0xaa); // Fill with alternating pattern\n buffer.fill(0x00); // Final zero fill\n\n // Additional pattern write to further discourage optimization\n for (let i = 0; i < buffer.length; i++) {\n buffer[i] = (i & 0xff) ^ 0x5a; // XOR with pattern\n }\n buffer.fill(0x00); // Final clear\n }\n }\n}\n"],"mappings":"AACA,SAAS,YAAY,wBAAwB;AAC7C,SAAS,OAAO,QAAQ,WAAW;AACnC,SAAS,yBAAyB;AAClC,SAAS,cAAc;AAiBhB,MAAe,eAAwC;AAAA;AAAA,EAE5D,OAAwB,gBAAgB,oBAAI,QAA6B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgH/D,mBAAmB,WAAmC;AAE9D,QAAI,eAAe,cAAc,IAAI,SAAS,GAAG;AAC/C,aAAO;AAAA,IACT;AAEA,QAAI,UAAU,WAAW,MAAM,gCAAgC;AAC7D,UAAI,UAAU,CAAC,MAAM,MAAM,OAAO,cAAc;AAC9C,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAEA,UAAI,CAAC,KAAK,kBAAkB,SAAS,GAAG;AACtC,cAAM,IAAI,WAAW,sBAAsB,aAAa;AAAA,MAC1D;AACA,qBAAe,cAAc,IAAI,WAAW,IAAI;AAChD,aAAO;AAAA,IACT;AAEA,QAAI,UAAU,WAAW,MAAM,8BAA8B;AAC3D,YAAM,eAAe,KAAK,oBAAoB,SAAS;AACvD,UAAI,CAAC,cAAc;AACjB,cAAM,IAAI,WAAW,mCAAmC,aAAa;AAAA,MACvE;AAEA,qBAAe,cAAc,IAAI,cAAc,IAAI;AACnD,aAAO;AAAA,IACT;AAEA,UAAM,IAAI;AAAA,MACR,8BAA8B,UAAU,MAAM;AAAA,MAC9C;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkBA,MAAM,QACJ,WACA,SACyB;AACzB,QAAI;AAEF,UAAI,EAAE,qBAAqB,aAAa;AACtC,cAAM,IAAI,WAAW,mCAAmC,aAAa;AAAA,MACvE;AACA,UAAI,EAAE,mBAAmB,aAAa;AACpC,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,UAAU,WAAW,GAAG;AAC1B,cAAM,IAAI,WAAW,8BAA8B,aAAa;AAAA,MAClE;AAGA,YAAM,SAAS,KAAK,mBAAmB,SAAS;AAGhD,UAAI;AACJ,SAAG;AACD,8BAAsB,KAAK;AAAA,UACzB,MAAM;AAAA,QACR;AAAA,MACF,SAAS,CAAC,KAAK,iBAAiB,mBAAmB;AAEnD,YAAM,qBAAqB,KAAK;AAAA,QAC9B;AAAA,QACA;AAAA,MACF;AACA,UAAI,CAAC,oBAAoB;AACvB,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAGA,YAAM,eAAe,KAAK,YAAY,QAAQ,mBAAmB;AAGjE,YAAM,MAAM,KAAK,OAAO,YAAY;AACpC,YAAM,gBAAgB,IAAI;AAAA,QACxB,IAAI;AAAA,QACJ,IAAI,wBAAwB,IAAI;AAAA,MAClC;AACA,YAAM,SAAS,IAAI;AAAA,QACjB,IAAI;AAAA,QACJ,IAAI,iBAAiB,IAAI;AAAA,MAC3B;AAGA,YAAM,KAAK,KAAK,oBAAoB,OAAO,SAAS;AACpD,YAAM,aAAa,MAAM,KAAK,WAAW,eAAe,IAAI,OAAO;AAGnE,YAAM,UAAU,OAAO,CAAC,IAAI,oBAAoB,UAAU,CAAC;AAC3D,YAAM,MAAM,KAAK,WAAW,QAAQ,OAAO;AAG3C,WAAK,YAAY,mBAAmB;AACpC,WAAK,YAAY,YAAY;AAC7B,WAAK,YAAY,GAAG;AAEpB,aAAO;AAAA,QACL;AAAA,QACA,gBAAgB;AAAA,QAChB;AAAA,QACA;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,UAAI,iBAAiB,WAAY,OAAM;AACvC,YAAM,IAAI;AAAA,QACR,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,QAC9E;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,QACJ,YACA,WACqB;AACrB,QAAI;AAEF,UAAI,EAAE,sBAAsB,aAAa;AACvC,cAAM,IAAI,WAAW,oCAAoC,aAAa;AAAA,MACxE;AACA,UAAI,CAAC,iBAAiB,SAAS,GAAG;AAChC,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,WAAW,WAAW,MAAM,oBAAoB;AAClD,cAAM,IAAI;AAAA,UACR,+BAA+B,WAAW,MAAM;AAAA,UAChD;AAAA,QACF;AAAA,MACF;AACA,UAAI,CAAC,KAAK,iBAAiB,UAAU,GAAG;AACtC,cAAM,IAAI,WAAW,uBAAuB,aAAa;AAAA,MAC3D;AAGA,UACE,UAAU,eAAe,WAAW,MAAM,gCAC1C;AACA,cAAM,IAAI;AAAA,UACR,0CAA0C,MAAM,8BAA8B,8BAA8B,UAAU,eAAe,MAAM;AAAA,UAC3I;AAAA,QACF;AAAA,MACF;AACA,UAAI,UAAU,eAAe,CAAC,MAAM,MAAM,OAAO,cAAc;AAC7D,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,CAAC,KAAK,kBAAkB,UAAU,cAAc,GAAG;AACrD,cAAM,IAAI,WAAW,gCAAgC,aAAa;AAAA,MACpE;AACA,YAAM,qBAAqB,UAAU;AAGrC,YAAM,eAAe,KAAK,YAAY,oBAAoB,UAAU;AAGpE,YAAM,MAAM,KAAK,OAAO,YAAY;AACpC,YAAM,gBAAgB,IAAI;AAAA,QACxB,IAAI;AAAA,QACJ,IAAI,wBAAwB,IAAI;AAAA,MAClC;AACA,YAAM,SAAS,IAAI;AAAA,QACjB,IAAI;AAAA,QACJ,IAAI,iBAAiB,IAAI;AAAA,MAC3B;AAGA,YAAM,UAAU,OAAO;AAAA,QACrB,UAAU;AAAA,QACV,UAAU;AAAA,QACV,UAAU;AAAA,MACZ,CAAC;AACD,YAAM,cAAc,KAAK,WAAW,QAAQ,OAAO;AAEnD,UAAI,CAAC,kBAAkB,UAAU,KAAK,WAAW,GAAG;AAClD,cAAM,IAAI,WAAW,2BAA2B,cAAc;AAAA,MAChE;AAGA,YAAM,YAAY,MAAM,KAAK;AAAA,QAC3B;AAAA,QACA,UAAU;AAAA,QACV,UAAU;AAAA,MACZ;AAGA,WAAK,YAAY,YAAY;AAC7B,WAAK,YAAY,GAAG;AAEpB,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,iBAAiB,WAAY,OAAM;AACvC,YAAM,IAAI;AAAA,QACR,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,QAC9E;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaU,YAAY,QAA0B;AAC9C,QAAI,UAAU,OAAO,SAAS,GAAG;AAE/B,aAAO,KAAK,CAAI;AAChB,aAAO,KAAK,GAAI;AAChB,aAAO,KAAK,GAAI;AAChB,aAAO,KAAK,CAAI;AAGhB,eAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACtC,eAAO,CAAC,IAAK,IAAI,MAAQ;AAAA,MAC3B;AACA,aAAO,KAAK,CAAI;AAAA,IAClB;AAAA,EACF;AACF;","names":[]}
1	+ {"version":3,"sources":["../../../src/crypto/ecies/base.ts"],"sourcesContent":["import type { ECIESProvider, ECIESEncrypted } from \"./interface\";\nimport { ECIESError, isECIESEncrypted } from \"./interface\";\nimport { CURVE, CIPHER, KDF } from \"./constants\";\nimport { constantTimeEqual } from \"./utils\";\nimport { concat } from \"viem\";\n\n/*\n Provides shared ECIES encryption logic across platforms using Uint8Array.\n \n @remarks\n * Platform implementations extend this class and provide crypto primitives.\n * The base class handles the ECIES protocol flow while maintaining\n * compatibility with the eccrypto data format.\n \n Implementation details:\n * - KDF: SHA-512(shared_secret) → encKey (32B) \|\| macKey (32B)\n * - Cipher: AES-256-CBC with random 16-byte IV\n * - MAC: HMAC-SHA256(macKey, iv \|\| ephemPublicKey \|\| ciphertext)\n \n @category Cryptography\n /\nexport abstract class BaseECIESUint8 implements ECIESProvider {\n // Cache for validated public keys to avoid repeated validation\n private static readonly validatedKeys = new WeakMap<Uint8Array, boolean>();\n\n /\n Generates cryptographically secure random bytes.\n \n @param length - Number of random bytes to generate.\n * @returns Random bytes array.\n /\n protected abstract generateRandomBytes(length: number): Uint8Array;\n\n /\n Verifies a private key is valid for secp256k1.\n \n @param privateKey - Private key to verify (32 bytes).\n * @returns `true` if valid private key.\n /\n protected abstract verifyPrivateKey(privateKey: Uint8Array): boolean;\n\n /\n Creates a public key from a private key.\n \n @param privateKey - Source private key (32 bytes).\n * @param compressed - Generate compressed (33B) or uncompressed (65B) format.\n * @returns Public key or `null` if creation failed.\n /\n protected abstract createPublicKey(\n privateKey: Uint8Array,\n compressed: boolean,\n ): Uint8Array \| null;\n\n /\n Validates a public key on the secp256k1 curve.\n \n @param publicKey - Public key to validate.\n * @returns `true` if valid public key.\n /\n protected abstract validatePublicKey(publicKey: Uint8Array): boolean;\n\n /\n Decompresses a compressed public key.\n \n @param publicKey - Compressed public key (33 bytes).\n * @returns Uncompressed public key (65 bytes) or `null` if decompression failed.\n /\n protected abstract decompressPublicKey(\n publicKey: Uint8Array,\n ): Uint8Array \| null;\n\n /\n Performs ECDH key agreement.\n \n @param publicKey - Other party's public key.\n * @param privateKey - Your private key.\n * @returns Raw X coordinate of shared point (32 bytes).\n /\n protected abstract performECDH(\n publicKey: Uint8Array,\n privateKey: Uint8Array,\n ): Uint8Array;\n\n /\n Computes SHA-512 hash.\n \n @param data - Data to hash.\n * @returns SHA-512 hash (64 bytes).\n /\n protected abstract sha512(data: Uint8Array): Uint8Array;\n\n /\n Computes HMAC-SHA256 authentication tag.\n \n @param key - HMAC key.\n * @param data - Data to authenticate.\n * @returns HMAC-SHA256 (32 bytes).\n /\n protected abstract hmacSha256(key: Uint8Array, data: Uint8Array): Uint8Array;\n\n /\n Encrypts data using AES-256-CBC.\n \n @param key - Encryption key (32 bytes).\n * @param iv - Initialization vector (16 bytes).\n * @param plaintext - Data to encrypt.\n * @returns Ciphertext with PKCS#7 padding.\n /\n protected abstract aesEncrypt(\n key: Uint8Array,\n iv: Uint8Array,\n plaintext: Uint8Array,\n ): Promise<Uint8Array>;\n\n /\n Decrypts data using AES-256-CBC.\n \n @param key - Decryption key (32 bytes).\n * @param iv - Initialization vector (16 bytes).\n * @param ciphertext - Data to decrypt.\n * @returns Plaintext with padding removed.\n /\n protected abstract aesDecrypt(\n key: Uint8Array,\n iv: Uint8Array,\n ciphertext: Uint8Array,\n ): Promise<Uint8Array>;\n\n /\n Normalizes a public key to uncompressed format.\n \n @param publicKey - Public key in any format.\n * @returns Uncompressed public key (65 bytes).\n * @throws {ECIESError} If key format is invalid.\n /\n protected normalizePublicKey(publicKey: Uint8Array): Uint8Array {\n // Check cache first\n if (BaseECIESUint8.validatedKeys.get(publicKey)) {\n return publicKey;\n }\n\n if (publicKey.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH) {\n if (publicKey[0] !== CURVE.PREFIX.UNCOMPRESSED) {\n throw new ECIESError(\n \"Invalid uncompressed public key prefix\",\n \"INVALID_KEY\",\n );\n }\n // Validate and cache\n if (!this.validatePublicKey(publicKey)) {\n throw new ECIESError(\"Invalid public key\", \"INVALID_KEY\");\n }\n BaseECIESUint8.validatedKeys.set(publicKey, true);\n return publicKey;\n }\n\n if (publicKey.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) {\n if (\n publicKey[0] === CURVE.PREFIX.COMPRESSED_EVEN \|\|\n publicKey[0] === CURVE.PREFIX.COMPRESSED_ODD\n ) {\n const decompressed = this.decompressPublicKey(publicKey);\n if (!decompressed) {\n throw new ECIESError(\n \"Failed to decompress public key\",\n \"INVALID_KEY\",\n );\n }\n // Cache the decompressed key\n BaseECIESUint8.validatedKeys.set(decompressed, true);\n return decompressed;\n }\n throw new ECIESError(\n `Invalid compressed public key prefix: expected 0x02 or 0x03, got 0x${publicKey[0].toString(16).padStart(2, \"0\")}`,\n \"INVALID_KEY\",\n );\n }\n\n throw new ECIESError(\n `Invalid public key length: ${publicKey.length}`,\n \"INVALID_KEY\",\n );\n }\n\n /\n Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).\n * Must be implemented by derived classes to handle platform-specific operations.\n \n @param publicKey - The public key to normalize\n * @returns The normalized uncompressed public key\n /\n public abstract normalizeToUncompressed(publicKey: Uint8Array): Uint8Array;\n\n /\n Encrypts data using ECIES.\n \n @param publicKey - The recipient's public key (compressed or uncompressed)\n * @param message - The data to encrypt\n * @returns Promise resolving to encrypted data structure\n /\n async encrypt(\n publicKey: Uint8Array,\n message: Uint8Array,\n ): Promise<ECIESEncrypted> {\n // Declare sensitive variables outside try so finally can access them\n let ephemeralPrivateKey: Uint8Array \| undefined;\n let sharedSecret: Uint8Array \| undefined;\n let kdf: Uint8Array \| undefined;\n let encryptionKey: Uint8Array \| undefined;\n let macKey: Uint8Array \| undefined;\n\n try {\n // Validate inputs\n if (!(publicKey instanceof Uint8Array)) {\n throw new ECIESError(\"Public key must be a Uint8Array\", \"INVALID_KEY\");\n }\n if (!(message instanceof Uint8Array)) {\n throw new ECIESError(\n \"Message must be a Uint8Array\",\n \"ENCRYPTION_FAILED\",\n );\n }\n if (publicKey.length === 0) {\n throw new ECIESError(\"Public key cannot be empty\", \"INVALID_KEY\");\n }\n\n // Normalize public key to uncompressed format\n const pubKey = this.normalizePublicKey(publicKey);\n\n // Generate ephemeral key pair\n do {\n ephemeralPrivateKey = this.generateRandomBytes(\n CURVE.PRIVATE_KEY_LENGTH,\n );\n } while (!this.verifyPrivateKey(ephemeralPrivateKey));\n\n const ephemeralPublicKey = this.createPublicKey(\n ephemeralPrivateKey,\n false,\n );\n if (!ephemeralPublicKey) {\n throw new ECIESError(\n \"Failed to generate ephemeral public key\",\n \"ENCRYPTION_FAILED\",\n );\n }\n\n // Perform ECDH to get shared secret (raw X coordinate)\n sharedSecret = this.performECDH(pubKey, ephemeralPrivateKey);\n\n // Derive keys using SHA-512 (eccrypto-compatible KDF)\n kdf = this.sha512(sharedSecret);\n encryptionKey = kdf.slice(\n KDF.ENCRYPTION_KEY_OFFSET,\n KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH,\n );\n macKey = kdf.slice(\n KDF.MAC_KEY_OFFSET,\n KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH,\n );\n\n // Generate random IV and encrypt\n const iv = this.generateRandomBytes(CIPHER.IV_LENGTH);\n const ciphertext = await this.aesEncrypt(encryptionKey, iv, message);\n\n // Calculate MAC (Encrypt-then-MAC)\n const macData = concat([iv, ephemeralPublicKey, ciphertext]);\n const mac = this.hmacSha256(macKey, macData);\n\n return {\n iv,\n ephemPublicKey: ephemeralPublicKey,\n ciphertext,\n mac,\n };\n } catch (error) {\n if (error instanceof ECIESError) throw error;\n throw new ECIESError(\n `Encryption failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n \"ENCRYPTION_FAILED\",\n error instanceof Error ? error : undefined,\n );\n } finally {\n // Clear sensitive data on all code paths (success, error, throw)\n if (ephemeralPrivateKey) this.clearBuffer(ephemeralPrivateKey);\n if (sharedSecret) this.clearBuffer(sharedSecret);\n if (kdf) this.clearBuffer(kdf);\n if (encryptionKey) this.clearBuffer(encryptionKey);\n if (macKey) this.clearBuffer(macKey);\n }\n }\n\n /\n Decrypts ECIES encrypted data.\n \n @param privateKey - The recipient's private key (32 bytes)\n * @param encrypted - The encrypted data structure from encrypt()\n * @returns Promise resolving to the original plaintext\n /\n async decrypt(\n privateKey: Uint8Array,\n encrypted: ECIESEncrypted,\n ): Promise<Uint8Array> {\n // Declare sensitive variables outside try so finally can access them\n let sharedSecret: Uint8Array \| undefined;\n let kdf: Uint8Array \| undefined;\n let encryptionKey: Uint8Array \| undefined;\n let macKey: Uint8Array \| undefined;\n\n try {\n // Validate inputs\n if (!(privateKey instanceof Uint8Array)) {\n throw new ECIESError(\"Private key must be a Uint8Array\", \"INVALID_KEY\");\n }\n if (!isECIESEncrypted(encrypted)) {\n throw new ECIESError(\n \"Invalid encrypted data structure\",\n \"DECRYPTION_FAILED\",\n );\n }\n if (privateKey.length !== CURVE.PRIVATE_KEY_LENGTH) {\n throw new ECIESError(\n `Invalid private key length: ${privateKey.length}`,\n \"INVALID_KEY\",\n );\n }\n if (!this.verifyPrivateKey(privateKey)) {\n throw new ECIESError(\"Invalid private key\", \"INVALID_KEY\");\n }\n\n // Strict validation: ephemeral keys must be 65-byte uncompressed (eccrypto standard)\n if (\n encrypted.ephemPublicKey.length !== CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH\n ) {\n throw new ECIESError(\n `Invalid ephemeral public key: expected ${CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH} bytes (uncompressed), got ${encrypted.ephemPublicKey.length} bytes`,\n \"INVALID_KEY\",\n );\n }\n if (encrypted.ephemPublicKey[0] !== CURVE.PREFIX.UNCOMPRESSED) {\n throw new ECIESError(\n \"Invalid ephemeral public key: must be uncompressed format with 0x04 prefix (eccrypto standard)\",\n \"INVALID_KEY\",\n );\n }\n if (!this.validatePublicKey(encrypted.ephemPublicKey)) {\n throw new ECIESError(\"Invalid ephemeral public key\", \"INVALID_KEY\");\n }\n const ephemeralPublicKey = encrypted.ephemPublicKey;\n\n // Perform ECDH to recover shared secret\n sharedSecret = this.performECDH(ephemeralPublicKey, privateKey);\n\n // Derive keys using SHA-512 (eccrypto-compatible KDF)\n kdf = this.sha512(sharedSecret);\n encryptionKey = kdf.slice(\n KDF.ENCRYPTION_KEY_OFFSET,\n KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH,\n );\n macKey = kdf.slice(\n KDF.MAC_KEY_OFFSET,\n KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH,\n );\n\n // Verify MAC before decryption (Encrypt-then-MAC)\n const macData = concat([\n encrypted.iv,\n encrypted.ephemPublicKey,\n encrypted.ciphertext,\n ]);\n const expectedMac = this.hmacSha256(macKey, macData);\n\n if (!constantTimeEqual(encrypted.mac, expectedMac)) {\n throw new ECIESError(\"MAC verification failed\", \"MAC_MISMATCH\");\n }\n\n // Decrypt the ciphertext\n const decrypted = await this.aesDecrypt(\n encryptionKey,\n encrypted.iv,\n encrypted.ciphertext,\n );\n\n return decrypted;\n } catch (error) {\n if (error instanceof ECIESError) throw error;\n throw new ECIESError(\n `Decryption failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n \"DECRYPTION_FAILED\",\n error instanceof Error ? error : undefined,\n );\n } finally {\n // Clear sensitive data on all code paths (success, error, throw)\n if (sharedSecret) this.clearBuffer(sharedSecret);\n if (kdf) this.clearBuffer(kdf);\n if (encryptionKey) this.clearBuffer(encryptionKey);\n if (macKey) this.clearBuffer(macKey);\n }\n }\n\n /\n Clears sensitive data from memory using multi-pass overwrite.\n \n @remarks\n * Uses multiple passes with different patterns to make it harder\n * for JIT compilers to optimize away the operation. While not\n * guaranteed in JavaScript, this is a best-effort approach to\n * clear sensitive data from memory.\n \n @param buffer - The buffer to clear\n */\n protected clearBuffer(buffer: Uint8Array): void {\n if (buffer && buffer.length > 0) {\n // Multi-pass overwrite to resist compiler optimization\n buffer.fill(0x00); // Fill with zeros\n buffer.fill(0xff); // Fill with ones\n buffer.fill(0xaa); // Fill with alternating pattern\n buffer.fill(0x00); // Final zero fill\n\n // Additional pattern write to further discourage optimization\n for (let i = 0; i < buffer.length; i++) {\n buffer[i] = (i & 0xff) ^ 0x5a; // XOR with pattern\n }\n buffer.fill(0x00); // Final clear\n }\n }\n}\n"],"mappings":"AACA,SAAS,YAAY,wBAAwB;AAC7C,SAAS,OAAO,QAAQ,WAAW;AACnC,SAAS,yBAAyB;AAClC,SAAS,cAAc;AAiBhB,MAAe,eAAwC;AAAA;AAAA,EAE5D,OAAwB,gBAAgB,oBAAI,QAA6B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgH/D,mBAAmB,WAAmC;AAE9D,QAAI,eAAe,cAAc,IAAI,SAAS,GAAG;AAC/C,aAAO;AAAA,IACT;AAEA,QAAI,UAAU,WAAW,MAAM,gCAAgC;AAC7D,UAAI,UAAU,CAAC,MAAM,MAAM,OAAO,cAAc;AAC9C,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAEA,UAAI,CAAC,KAAK,kBAAkB,SAAS,GAAG;AACtC,cAAM,IAAI,WAAW,sBAAsB,aAAa;AAAA,MAC1D;AACA,qBAAe,cAAc,IAAI,WAAW,IAAI;AAChD,aAAO;AAAA,IACT;AAEA,QAAI,UAAU,WAAW,MAAM,8BAA8B;AAC3D,UACE,UAAU,CAAC,MAAM,MAAM,OAAO,mBAC9B,UAAU,CAAC,MAAM,MAAM,OAAO,gBAC9B;AACA,cAAM,eAAe,KAAK,oBAAoB,SAAS;AACvD,YAAI,CAAC,cAAc;AACjB,gBAAM,IAAI;AAAA,YACR;AAAA,YACA;AAAA,UACF;AAAA,QACF;AAEA,uBAAe,cAAc,IAAI,cAAc,IAAI;AACnD,eAAO;AAAA,MACT;AACA,YAAM,IAAI;AAAA,QACR,sEAAsE,UAAU,CAAC,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC;AAAA,QAChH;AAAA,MACF;AAAA,IACF;AAEA,UAAM,IAAI;AAAA,MACR,8BAA8B,UAAU,MAAM;AAAA,MAC9C;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkBA,MAAM,QACJ,WACA,SACyB;AAEzB,QAAI;AACJ,QAAI;AACJ,QAAI;AACJ,QAAI;AACJ,QAAI;AAEJ,QAAI;AAEF,UAAI,EAAE,qBAAqB,aAAa;AACtC,cAAM,IAAI,WAAW,mCAAmC,aAAa;AAAA,MACvE;AACA,UAAI,EAAE,mBAAmB,aAAa;AACpC,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,UAAU,WAAW,GAAG;AAC1B,cAAM,IAAI,WAAW,8BAA8B,aAAa;AAAA,MAClE;AAGA,YAAM,SAAS,KAAK,mBAAmB,SAAS;AAGhD,SAAG;AACD,8BAAsB,KAAK;AAAA,UACzB,MAAM;AAAA,QACR;AAAA,MACF,SAAS,CAAC,KAAK,iBAAiB,mBAAmB;AAEnD,YAAM,qBAAqB,KAAK;AAAA,QAC9B;AAAA,QACA;AAAA,MACF;AACA,UAAI,CAAC,oBAAoB;AACvB,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAGA,qBAAe,KAAK,YAAY,QAAQ,mBAAmB;AAG3D,YAAM,KAAK,OAAO,YAAY;AAC9B,sBAAgB,IAAI;AAAA,QAClB,IAAI;AAAA,QACJ,IAAI,wBAAwB,IAAI;AAAA,MAClC;AACA,eAAS,IAAI;AAAA,QACX,IAAI;AAAA,QACJ,IAAI,iBAAiB,IAAI;AAAA,MAC3B;AAGA,YAAM,KAAK,KAAK,oBAAoB,OAAO,SAAS;AACpD,YAAM,aAAa,MAAM,KAAK,WAAW,eAAe,IAAI,OAAO;AAGnE,YAAM,UAAU,OAAO,CAAC,IAAI,oBAAoB,UAAU,CAAC;AAC3D,YAAM,MAAM,KAAK,WAAW,QAAQ,OAAO;AAE3C,aAAO;AAAA,QACL;AAAA,QACA,gBAAgB;AAAA,QAChB;AAAA,QACA;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,UAAI,iBAAiB,WAAY,OAAM;AACvC,YAAM,IAAI;AAAA,QACR,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,QAC9E;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF,UAAE;AAEA,UAAI,oBAAqB,MAAK,YAAY,mBAAmB;AAC7D,UAAI,aAAc,MAAK,YAAY,YAAY;AAC/C,UAAI,IAAK,MAAK,YAAY,GAAG;AAC7B,UAAI,cAAe,MAAK,YAAY,aAAa;AACjD,UAAI,OAAQ,MAAK,YAAY,MAAM;AAAA,IACrC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,QACJ,YACA,WACqB;AAErB,QAAI;AACJ,QAAI;AACJ,QAAI;AACJ,QAAI;AAEJ,QAAI;AAEF,UAAI,EAAE,sBAAsB,aAAa;AACvC,cAAM,IAAI,WAAW,oCAAoC,aAAa;AAAA,MACxE;AACA,UAAI,CAAC,iBAAiB,SAAS,GAAG;AAChC,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,WAAW,WAAW,MAAM,oBAAoB;AAClD,cAAM,IAAI;AAAA,UACR,+BAA+B,WAAW,MAAM;AAAA,UAChD;AAAA,QACF;AAAA,MACF;AACA,UAAI,CAAC,KAAK,iBAAiB,UAAU,GAAG;AACtC,cAAM,IAAI,WAAW,uBAAuB,aAAa;AAAA,MAC3D;AAGA,UACE,UAAU,eAAe,WAAW,MAAM,gCAC1C;AACA,cAAM,IAAI;AAAA,UACR,0CAA0C,MAAM,8BAA8B,8BAA8B,UAAU,eAAe,MAAM;AAAA,UAC3I;AAAA,QACF;AAAA,MACF;AACA,UAAI,UAAU,eAAe,CAAC,MAAM,MAAM,OAAO,cAAc;AAC7D,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,CAAC,KAAK,kBAAkB,UAAU,cAAc,GAAG;AACrD,cAAM,IAAI,WAAW,gCAAgC,aAAa;AAAA,MACpE;AACA,YAAM,qBAAqB,UAAU;AAGrC,qBAAe,KAAK,YAAY,oBAAoB,UAAU;AAG9D,YAAM,KAAK,OAAO,YAAY;AAC9B,sBAAgB,IAAI;AAAA,QAClB,IAAI;AAAA,QACJ,IAAI,wBAAwB,IAAI;AAAA,MAClC;AACA,eAAS,IAAI;AAAA,QACX,IAAI;AAAA,QACJ,IAAI,iBAAiB,IAAI;AAAA,MAC3B;AAGA,YAAM,UAAU,OAAO;AAAA,QACrB,UAAU;AAAA,QACV,UAAU;AAAA,QACV,UAAU;AAAA,MACZ,CAAC;AACD,YAAM,cAAc,KAAK,WAAW,QAAQ,OAAO;AAEnD,UAAI,CAAC,kBAAkB,UAAU,KAAK,WAAW,GAAG;AAClD,cAAM,IAAI,WAAW,2BAA2B,cAAc;AAAA,MAChE;AAGA,YAAM,YAAY,MAAM,KAAK;AAAA,QAC3B;AAAA,QACA,UAAU;AAAA,QACV,UAAU;AAAA,MACZ;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,iBAAiB,WAAY,OAAM;AACvC,YAAM,IAAI;AAAA,QACR,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,QAC9E;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF,UAAE;AAEA,UAAI,aAAc,MAAK,YAAY,YAAY;AAC/C,UAAI,IAAK,MAAK,YAAY,GAAG;AAC7B,UAAI,cAAe,MAAK,YAAY,aAAa;AACjD,UAAI,OAAQ,MAAK,YAAY,MAAM;AAAA,IACrC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaU,YAAY,QAA0B;AAC9C,QAAI,UAAU,OAAO,SAAS,GAAG;AAE/B,aAAO,KAAK,CAAI;AAChB,aAAO,KAAK,GAAI;AAChB,aAAO,KAAK,GAAI;AAChB,aAAO,KAAK,CAAI;AAGhB,eAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACtC,eAAO,CAAC,IAAK,IAAI,MAAQ;AAAA,MAC3B;AACA,aAAO,KAAK,CAAI;AAAA,IAClB;AAAA,EACF;AACF;","names":[]}

package/dist/crypto/ecies/constants.cjs CHANGED Viewed

@@ -23,8 +23,7 @@ __export(constants_exports, {
   FORMAT: () => FORMAT,
   KDF: () => KDF,
   MAC: () => MAC,
-  SECURITY: () => SECURITY,
-  VALIDATION: () => VALIDATION
+  SECURITY: () => SECURITY
 });
 module.exports = __toCommonJS(constants_exports);
 const CURVE = {
@@ -112,12 +111,6 @@ const SECURITY = {
     PATTERN_OFFSET: 13
   }
 };
-const VALIDATION = {
-  isValidPrivateKey: (key) => key.length === CURVE.PRIVATE_KEY_LENGTH,
-  isValidPublicKey: (key) => key.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH || key.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,
-  isCompressedPublicKey: (key) => key.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH && (key[0] === CURVE.PREFIX.COMPRESSED_EVEN || key[0] === CURVE.PREFIX.COMPRESSED_ODD),
-  isUncompressedPublicKey: (key) => key.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH && key[0] === CURVE.PREFIX.UNCOMPRESSED
-};
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   CIPHER,
@@ -125,7 +118,6 @@ const VALIDATION = {
   FORMAT,
   KDF,
   MAC,
-  SECURITY,
-  VALIDATION
+  SECURITY
 });
 //# sourceMappingURL=constants.cjs.map

package/dist/crypto/ecies/constants.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../src/crypto/ecies/constants.ts"],"sourcesContent":["/*\n ECIES Constants and Format Specification\n \n These constants define the eccrypto-compatible ECIES format used throughout the SDK.\n * Maintaining these exact values ensures backward compatibility with data encrypted\n * using the original eccrypto library.\n /\n\n/\n Elliptic curve parameters\n /\nexport const CURVE = {\n /* The elliptic curve used (secp256k1 - same as Bitcoin/Ethereum) /\n name: \"secp256k1\",\n /* Private key length in bytes /\n PRIVATE_KEY_LENGTH: 32,\n /* Compressed public key length in bytes (0x02 or 0x03 prefix + 32 bytes) /\n COMPRESSED_PUBLIC_KEY_LENGTH: 33,\n /* Uncompressed public key length in bytes (0x04 prefix + 64 bytes) /\n UNCOMPRESSED_PUBLIC_KEY_LENGTH: 65,\n /* ECDH shared secret X coordinate length /\n SHARED_SECRET_LENGTH: 32,\n /* Public key prefixes /\n PREFIX: {\n /* Uncompressed public key prefix /\n UNCOMPRESSED: 0x04,\n /* Compressed public key prefix for even Y /\n COMPRESSED_EVEN: 0x02,\n /* Compressed public key prefix for odd Y /\n COMPRESSED_ODD: 0x03,\n },\n /* X coordinate starts at byte 1 (after prefix) /\n X_COORDINATE_OFFSET: 1,\n /* X coordinate ends at byte 33 (1 + 32) /\n X_COORDINATE_END: 33,\n} as const;\n\n/\n Symmetric encryption parameters (AES-256-CBC)\n /\nexport const CIPHER = {\n /* Cipher algorithm - must match eccrypto /\n algorithm: \"aes-256-cbc\",\n /* AES key length in bytes /\n KEY_LENGTH: 32,\n /* Initialization vector length in bytes /\n IV_LENGTH: 16,\n /* Block size for AES /\n BLOCK_SIZE: 16,\n} as const;\n\n/\n Key derivation function parameters\n /\nexport const KDF = {\n /* Hash algorithm for key derivation - must match eccrypto /\n algorithm: \"sha512\",\n /* Output length of SHA-512 in bytes /\n OUTPUT_LENGTH: 64,\n /* Encryption key slice (first 32 bytes of KDF output) /\n ENCRYPTION_KEY_OFFSET: 0,\n ENCRYPTION_KEY_LENGTH: 32,\n /* MAC key slice (last 32 bytes of KDF output) /\n MAC_KEY_OFFSET: 32,\n MAC_KEY_LENGTH: 32,\n} as const;\n\n/\n Message authentication code parameters\n /\nexport const MAC = {\n /* MAC algorithm - must match eccrypto /\n algorithm: \"sha256\",\n /* HMAC-SHA256 output length in bytes /\n LENGTH: 32,\n} as const;\n\n/\n ECIES encrypted data format offsets and lengths\n * Format: [iv(16)][ephemPublicKey(65)][ciphertext(variable)][mac(32)]\n /\nexport const FORMAT = {\n /* Offsets for each component in serialized format /\n IV_OFFSET: 0,\n IV_LENGTH: CIPHER.IV_LENGTH,\n\n /* Ephemeral public key (always uncompressed in eccrypto format) /\n EPHEMERAL_KEY_OFFSET: CIPHER.IV_LENGTH,\n EPHEMERAL_KEY_LENGTH: CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,\n\n /* Ciphertext starts after IV and ephemeral key /\n CIPHERTEXT_OFFSET: CIPHER.IV_LENGTH + CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,\n\n /* MAC is always the last 32 bytes /\n MAC_LENGTH: MAC.LENGTH,\n\n /* Minimum size of encrypted data (IV + ephemKey + MAC, no ciphertext) /\n MIN_ENCRYPTED_LENGTH:\n CIPHER.IV_LENGTH + CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH + MAC.LENGTH,\n\n /\n Helper to calculate total length of encrypted data\n \n @param ciphertextLength - Length of the ciphertext portion\n * @returns Total length including all components\n /\n getTotalLength: (ciphertextLength: number) =>\n CIPHER.IV_LENGTH +\n CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH +\n ciphertextLength +\n MAC.LENGTH,\n} as const;\n\n/\n Security constants for data clearing\n /\nexport const SECURITY = {\n /* Overwrite patterns for secure data clearing /\n CLEAR_PATTERNS: {\n ZEROS: 0x00,\n ONES: 0xff,\n /* Pattern multiplier for third pass /\n PATTERN_MULTIPLIER: 7,\n /* Pattern offset for third pass /\n PATTERN_OFFSET: 13,\n },\n} as const;\n\n/\n Validation helpers\n */\nexport const VALIDATION = {\n isValidPrivateKey: (key: Uint8Array): boolean =>\n key.length === CURVE.PRIVATE_KEY_LENGTH,\n\n isValidPublicKey: (key: Uint8Array): boolean =>\n key.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH \|\|\n key.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,\n\n isCompressedPublicKey: (key: Uint8Array): boolean =>\n key.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH &&\n (key[0] === CURVE.PREFIX.COMPRESSED_EVEN \|\|\n key[0] === CURVE.PREFIX.COMPRESSED_ODD),\n\n isUncompressedPublicKey: (key: Uint8Array): boolean =>\n key.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH &&\n key[0] === CURVE.PREFIX.UNCOMPRESSED,\n} as const;\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;~~AAAA;~~AAWO,MAAM,QAAQ;AAAA;AAAA,EAEnB,MAAM;AAAA;AAAA,EAEN,oBAAoB;AAAA;AAAA,EAEpB,8BAA8B;AAAA;AAAA,EAE9B,gCAAgC;AAAA;AAAA,EAEhC,sBAAsB;AAAA;AAAA,EAEtB,QAAQ;AAAA;AAAA,IAEN,cAAc;AAAA;AAAA,IAEd,iBAAiB;AAAA;AAAA,IAEjB,gBAAgB;AAAA,EAClB;AAAA;AAAA,EAEA,qBAAqB;AAAA;AAAA,EAErB,kBAAkB;AACpB;AAKO,MAAM,SAAS;AAAA;AAAA,EAEpB,WAAW;AAAA;AAAA,EAEX,YAAY;AAAA;AAAA,EAEZ,WAAW;AAAA;AAAA,EAEX,YAAY;AACd;AAKO,MAAM,MAAM;AAAA;AAAA,EAEjB,WAAW;AAAA;AAAA,EAEX,eAAe;AAAA;AAAA,EAEf,uBAAuB;AAAA,EACvB,uBAAuB;AAAA;AAAA,EAEvB,gBAAgB;AAAA,EAChB,gBAAgB;AAClB;AAKO,MAAM,MAAM;AAAA;AAAA,EAEjB,WAAW;AAAA;AAAA,EAEX,QAAQ;AACV;AAMO,MAAM,SAAS;AAAA;AAAA,EAEpB,WAAW;AAAA,EACX,WAAW,OAAO;AAAA;AAAA,EAGlB,sBAAsB,OAAO;AAAA,EAC7B,sBAAsB,MAAM;AAAA;AAAA,EAG5B,mBAAmB,OAAO,YAAY,MAAM;AAAA;AAAA,EAG5C,YAAY,IAAI;AAAA;AAAA,EAGhB,sBACE,OAAO,YAAY,MAAM,iCAAiC,IAAI;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQhE,gBAAgB,CAAC,qBACf,OAAO,YACP,MAAM,iCACN,mBACA,IAAI;AACR;AAKO,MAAM,WAAW;AAAA;AAAA,EAEtB,gBAAgB;AAAA,IACd,OAAO;AAAA,IACP,MAAM;AAAA;AAAA,IAEN,oBAAoB;AAAA;AAAA,IAEpB,gBAAgB;AAAA,EAClB;AACF;AAKO,MAAM,aAAa;AAAA,EACxB,mBAAmB,CAAC,QAClB,IAAI,WAAW,MAAM;AAAA,EAEvB,kBAAkB,CAAC,QACjB,IAAI,WAAW,MAAM,gCACrB,IAAI,WAAW,MAAM;AAAA,EAEvB,uBAAuB,CAAC,QACtB,IAAI,WAAW,MAAM,iCACpB,IAAI,CAAC,MAAM,MAAM,OAAO,mBACvB,IAAI,CAAC,MAAM,MAAM,OAAO;AAAA,EAE5B,yBAAyB,CAAC,QACxB,IAAI,WAAW,MAAM,kCACrB,IAAI,CAAC,MAAM,MAAM,OAAO;AAC5B;","names":[]}
1	+ {"version":3,"sources":["../../../src/crypto/ecies/constants.ts"],"sourcesContent":["/*\n ECIES Constants and Format Specification\n \n These constants define the eccrypto-compatible ECIES format used throughout the SDK.\n * Maintaining these exact values ensures backward compatibility with data encrypted\n * using the original eccrypto library.\n /\n\n/\n Elliptic curve parameters\n /\nexport const CURVE = {\n /* The elliptic curve used (secp256k1 - same as Bitcoin/Ethereum) /\n name: \"secp256k1\",\n /* Private key length in bytes /\n PRIVATE_KEY_LENGTH: 32,\n /* Compressed public key length in bytes (0x02 or 0x03 prefix + 32 bytes) /\n COMPRESSED_PUBLIC_KEY_LENGTH: 33,\n /* Uncompressed public key length in bytes (0x04 prefix + 64 bytes) /\n UNCOMPRESSED_PUBLIC_KEY_LENGTH: 65,\n /* ECDH shared secret X coordinate length /\n SHARED_SECRET_LENGTH: 32,\n /* Public key prefixes /\n PREFIX: {\n /* Uncompressed public key prefix /\n UNCOMPRESSED: 0x04,\n /* Compressed public key prefix for even Y /\n COMPRESSED_EVEN: 0x02,\n /* Compressed public key prefix for odd Y /\n COMPRESSED_ODD: 0x03,\n },\n /* X coordinate starts at byte 1 (after prefix) /\n X_COORDINATE_OFFSET: 1,\n /* X coordinate ends at byte 33 (1 + 32) /\n X_COORDINATE_END: 33,\n} as const;\n\n/\n Symmetric encryption parameters (AES-256-CBC)\n /\nexport const CIPHER = {\n /* Cipher algorithm - must match eccrypto /\n algorithm: \"aes-256-cbc\",\n /* AES key length in bytes /\n KEY_LENGTH: 32,\n /* Initialization vector length in bytes /\n IV_LENGTH: 16,\n /* Block size for AES /\n BLOCK_SIZE: 16,\n} as const;\n\n/\n Key derivation function parameters\n /\nexport const KDF = {\n /* Hash algorithm for key derivation - must match eccrypto /\n algorithm: \"sha512\",\n /* Output length of SHA-512 in bytes /\n OUTPUT_LENGTH: 64,\n /* Encryption key slice (first 32 bytes of KDF output) /\n ENCRYPTION_KEY_OFFSET: 0,\n ENCRYPTION_KEY_LENGTH: 32,\n /* MAC key slice (last 32 bytes of KDF output) /\n MAC_KEY_OFFSET: 32,\n MAC_KEY_LENGTH: 32,\n} as const;\n\n/\n Message authentication code parameters\n /\nexport const MAC = {\n /* MAC algorithm - must match eccrypto /\n algorithm: \"sha256\",\n /* HMAC-SHA256 output length in bytes /\n LENGTH: 32,\n} as const;\n\n/\n ECIES encrypted data format offsets and lengths\n * Format: [iv(16)][ephemPublicKey(65)][ciphertext(variable)][mac(32)]\n /\nexport const FORMAT = {\n /* Offsets for each component in serialized format /\n IV_OFFSET: 0,\n IV_LENGTH: CIPHER.IV_LENGTH,\n\n /* Ephemeral public key (always uncompressed in eccrypto format) /\n EPHEMERAL_KEY_OFFSET: CIPHER.IV_LENGTH,\n EPHEMERAL_KEY_LENGTH: CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,\n\n /* Ciphertext starts after IV and ephemeral key /\n CIPHERTEXT_OFFSET: CIPHER.IV_LENGTH + CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,\n\n /* MAC is always the last 32 bytes /\n MAC_LENGTH: MAC.LENGTH,\n\n /* Minimum size of encrypted data (IV + ephemKey + MAC, no ciphertext) /\n MIN_ENCRYPTED_LENGTH:\n CIPHER.IV_LENGTH + CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH + MAC.LENGTH,\n\n /\n Helper to calculate total length of encrypted data\n \n @param ciphertextLength - Length of the ciphertext portion\n * @returns Total length including all components\n /\n getTotalLength: (ciphertextLength: number) =>\n CIPHER.IV_LENGTH +\n CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH +\n ciphertextLength +\n MAC.LENGTH,\n} as const;\n\n/\n Security constants for data clearing\n /\nexport const SECURITY = {\n /* Overwrite patterns for secure data clearing /\n CLEAR_PATTERNS: {\n ZEROS: 0x00,\n ONES: 0xff,\n /* Pattern multiplier for third pass /\n PATTERN_MULTIPLIER: 7,\n /* Pattern offset for third pass */\n PATTERN_OFFSET: 13,\n },\n} as const;\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAWO,MAAM,QAAQ;AAAA;AAAA,EAEnB,MAAM;AAAA;AAAA,EAEN,oBAAoB;AAAA;AAAA,EAEpB,8BAA8B;AAAA;AAAA,EAE9B,gCAAgC;AAAA;AAAA,EAEhC,sBAAsB;AAAA;AAAA,EAEtB,QAAQ;AAAA;AAAA,IAEN,cAAc;AAAA;AAAA,IAEd,iBAAiB;AAAA;AAAA,IAEjB,gBAAgB;AAAA,EAClB;AAAA;AAAA,EAEA,qBAAqB;AAAA;AAAA,EAErB,kBAAkB;AACpB;AAKO,MAAM,SAAS;AAAA;AAAA,EAEpB,WAAW;AAAA;AAAA,EAEX,YAAY;AAAA;AAAA,EAEZ,WAAW;AAAA;AAAA,EAEX,YAAY;AACd;AAKO,MAAM,MAAM;AAAA;AAAA,EAEjB,WAAW;AAAA;AAAA,EAEX,eAAe;AAAA;AAAA,EAEf,uBAAuB;AAAA,EACvB,uBAAuB;AAAA;AAAA,EAEvB,gBAAgB;AAAA,EAChB,gBAAgB;AAClB;AAKO,MAAM,MAAM;AAAA;AAAA,EAEjB,WAAW;AAAA;AAAA,EAEX,QAAQ;AACV;AAMO,MAAM,SAAS;AAAA;AAAA,EAEpB,WAAW;AAAA,EACX,WAAW,OAAO;AAAA;AAAA,EAGlB,sBAAsB,OAAO;AAAA,EAC7B,sBAAsB,MAAM;AAAA;AAAA,EAG5B,mBAAmB,OAAO,YAAY,MAAM;AAAA;AAAA,EAG5C,YAAY,IAAI;AAAA;AAAA,EAGhB,sBACE,OAAO,YAAY,MAAM,iCAAiC,IAAI;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQhE,gBAAgB,CAAC,qBACf,OAAO,YACP,MAAM,iCACN,mBACA,IAAI;AACR;AAKO,MAAM,WAAW;AAAA;AAAA,EAEtB,gBAAgB;AAAA,IACd,OAAO;AAAA,IACP,MAAM;AAAA;AAAA,IAEN,oBAAoB;AAAA;AAAA,IAEpB,gBAAgB;AAAA,EAClB;AACF;","names":[]}

package/dist/crypto/ecies/constants.d.ts CHANGED Viewed

@@ -109,12 +109,3 @@ export declare const SECURITY: {
         readonly PATTERN_OFFSET: 13;
     };
 };
-/**
- * Validation helpers
- */
-export declare const VALIDATION: {
-    readonly isValidPrivateKey: (key: Uint8Array) => boolean;
-    readonly isValidPublicKey: (key: Uint8Array) => boolean;
-    readonly isCompressedPublicKey: (key: Uint8Array) => boolean;
-    readonly isUncompressedPublicKey: (key: Uint8Array) => boolean;
-};

package/dist/crypto/ecies/constants.js CHANGED Viewed

@@ -83,19 +83,12 @@ const SECURITY = {
     PATTERN_OFFSET: 13
   }
 };
-const VALIDATION = {
-  isValidPrivateKey: (key) => key.length === CURVE.PRIVATE_KEY_LENGTH,
-  isValidPublicKey: (key) => key.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH || key.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,
-  isCompressedPublicKey: (key) => key.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH && (key[0] === CURVE.PREFIX.COMPRESSED_EVEN || key[0] === CURVE.PREFIX.COMPRESSED_ODD),
-  isUncompressedPublicKey: (key) => key.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH && key[0] === CURVE.PREFIX.UNCOMPRESSED
-};
 export {
   CIPHER,
   CURVE,
   FORMAT,
   KDF,
   MAC,
-  SECURITY,
-  VALIDATION
+  SECURITY
 };
 //# sourceMappingURL=constants.js.map

package/dist/crypto/ecies/constants.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../src/crypto/ecies/constants.ts"],"sourcesContent":["/*\n ECIES Constants and Format Specification\n \n These constants define the eccrypto-compatible ECIES format used throughout the SDK.\n * Maintaining these exact values ensures backward compatibility with data encrypted\n * using the original eccrypto library.\n /\n\n/\n Elliptic curve parameters\n /\nexport const CURVE = {\n /* The elliptic curve used (secp256k1 - same as Bitcoin/Ethereum) /\n name: \"secp256k1\",\n /* Private key length in bytes /\n PRIVATE_KEY_LENGTH: 32,\n /* Compressed public key length in bytes (0x02 or 0x03 prefix + 32 bytes) /\n COMPRESSED_PUBLIC_KEY_LENGTH: 33,\n /* Uncompressed public key length in bytes (0x04 prefix + 64 bytes) /\n UNCOMPRESSED_PUBLIC_KEY_LENGTH: 65,\n /* ECDH shared secret X coordinate length /\n SHARED_SECRET_LENGTH: 32,\n /* Public key prefixes /\n PREFIX: {\n /* Uncompressed public key prefix /\n UNCOMPRESSED: 0x04,\n /* Compressed public key prefix for even Y /\n COMPRESSED_EVEN: 0x02,\n /* Compressed public key prefix for odd Y /\n COMPRESSED_ODD: 0x03,\n },\n /* X coordinate starts at byte 1 (after prefix) /\n X_COORDINATE_OFFSET: 1,\n /* X coordinate ends at byte 33 (1 + 32) /\n X_COORDINATE_END: 33,\n} as const;\n\n/\n Symmetric encryption parameters (AES-256-CBC)\n /\nexport const CIPHER = {\n /* Cipher algorithm - must match eccrypto /\n algorithm: \"aes-256-cbc\",\n /* AES key length in bytes /\n KEY_LENGTH: 32,\n /* Initialization vector length in bytes /\n IV_LENGTH: 16,\n /* Block size for AES /\n BLOCK_SIZE: 16,\n} as const;\n\n/\n Key derivation function parameters\n /\nexport const KDF = {\n /* Hash algorithm for key derivation - must match eccrypto /\n algorithm: \"sha512\",\n /* Output length of SHA-512 in bytes /\n OUTPUT_LENGTH: 64,\n /* Encryption key slice (first 32 bytes of KDF output) /\n ENCRYPTION_KEY_OFFSET: 0,\n ENCRYPTION_KEY_LENGTH: 32,\n /* MAC key slice (last 32 bytes of KDF output) /\n MAC_KEY_OFFSET: 32,\n MAC_KEY_LENGTH: 32,\n} as const;\n\n/\n Message authentication code parameters\n /\nexport const MAC = {\n /* MAC algorithm - must match eccrypto /\n algorithm: \"sha256\",\n /* HMAC-SHA256 output length in bytes /\n LENGTH: 32,\n} as const;\n\n/\n ECIES encrypted data format offsets and lengths\n * Format: [iv(16)][ephemPublicKey(65)][ciphertext(variable)][mac(32)]\n /\nexport const FORMAT = {\n /* Offsets for each component in serialized format /\n IV_OFFSET: 0,\n IV_LENGTH: CIPHER.IV_LENGTH,\n\n /* Ephemeral public key (always uncompressed in eccrypto format) /\n EPHEMERAL_KEY_OFFSET: CIPHER.IV_LENGTH,\n EPHEMERAL_KEY_LENGTH: CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,\n\n /* Ciphertext starts after IV and ephemeral key /\n CIPHERTEXT_OFFSET: CIPHER.IV_LENGTH + CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,\n\n /* MAC is always the last 32 bytes /\n MAC_LENGTH: MAC.LENGTH,\n\n /* Minimum size of encrypted data (IV + ephemKey + MAC, no ciphertext) /\n MIN_ENCRYPTED_LENGTH:\n CIPHER.IV_LENGTH + CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH + MAC.LENGTH,\n\n /\n Helper to calculate total length of encrypted data\n \n @param ciphertextLength - Length of the ciphertext portion\n * @returns Total length including all components\n /\n getTotalLength: (ciphertextLength: number) =>\n CIPHER.IV_LENGTH +\n CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH +\n ciphertextLength +\n MAC.LENGTH,\n} as const;\n\n/\n Security constants for data clearing\n /\nexport const SECURITY = {\n /* Overwrite patterns for secure data clearing /\n CLEAR_PATTERNS: {\n ZEROS: 0x00,\n ONES: 0xff,\n /* Pattern multiplier for third pass /\n PATTERN_MULTIPLIER: 7,\n /* Pattern offset for third pass /\n PATTERN_OFFSET: 13,\n },\n} as const;\n\n/\n Validation helpers\n */\nexport const VALIDATION = {\n isValidPrivateKey: (key: Uint8Array): boolean =>\n key.length === CURVE.PRIVATE_KEY_LENGTH,\n\n isValidPublicKey: (key: Uint8Array): boolean =>\n key.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH \|\|\n key.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,\n\n isCompressedPublicKey: (key: Uint8Array): boolean =>\n key.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH &&\n (key[0] === CURVE.PREFIX.COMPRESSED_EVEN \|\|\n key[0] === CURVE.PREFIX.COMPRESSED_ODD),\n\n isUncompressedPublicKey: (key: Uint8Array): boolean =>\n key.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH &&\n key[0] === CURVE.PREFIX.UNCOMPRESSED,\n} as const;\n"],"mappings":"AAWO,MAAM,QAAQ;AAAA;AAAA,EAEnB,MAAM;AAAA;AAAA,EAEN,oBAAoB;AAAA;AAAA,EAEpB,8BAA8B;AAAA;AAAA,EAE9B,gCAAgC;AAAA;AAAA,EAEhC,sBAAsB;AAAA;AAAA,EAEtB,QAAQ;AAAA;AAAA,IAEN,cAAc;AAAA;AAAA,IAEd,iBAAiB;AAAA;AAAA,IAEjB,gBAAgB;AAAA,EAClB;AAAA;AAAA,EAEA,qBAAqB;AAAA;AAAA,EAErB,kBAAkB;AACpB;AAKO,MAAM,SAAS;AAAA;AAAA,EAEpB,WAAW;AAAA;AAAA,EAEX,YAAY;AAAA;AAAA,EAEZ,WAAW;AAAA;AAAA,EAEX,YAAY;AACd;AAKO,MAAM,MAAM;AAAA;AAAA,EAEjB,WAAW;AAAA;AAAA,EAEX,eAAe;AAAA;AAAA,EAEf,uBAAuB;AAAA,EACvB,uBAAuB;AAAA;AAAA,EAEvB,gBAAgB;AAAA,EAChB,gBAAgB;AAClB;AAKO,MAAM,MAAM;AAAA;AAAA,EAEjB,WAAW;AAAA;AAAA,EAEX,QAAQ;AACV;AAMO,MAAM,SAAS;AAAA;AAAA,EAEpB,WAAW;AAAA,EACX,WAAW,OAAO;AAAA;AAAA,EAGlB,sBAAsB,OAAO;AAAA,EAC7B,sBAAsB,MAAM;AAAA;AAAA,EAG5B,mBAAmB,OAAO,YAAY,MAAM;AAAA;AAAA,EAG5C,YAAY,IAAI;AAAA;AAAA,EAGhB,sBACE,OAAO,YAAY,MAAM,iCAAiC,IAAI;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQhE,gBAAgB,CAAC,qBACf,OAAO,YACP,MAAM,iCACN,mBACA,IAAI;AACR;AAKO,MAAM,WAAW;AAAA;AAAA,EAEtB,gBAAgB;AAAA,IACd,OAAO;AAAA,IACP,MAAM;AAAA;AAAA,IAEN,oBAAoB;AAAA;AAAA,IAEpB,gBAAgB;AAAA,EAClB;AACF;AAKO,MAAM,aAAa;AAAA,EACxB,mBAAmB,CAAC,QAClB,IAAI,WAAW,MAAM;AAAA,EAEvB,kBAAkB,CAAC,QACjB,IAAI,WAAW,MAAM,gCACrB,IAAI,WAAW,MAAM;AAAA,EAEvB,uBAAuB,CAAC,QACtB,IAAI,WAAW,MAAM,iCACpB,IAAI,CAAC,MAAM,MAAM,OAAO,mBACvB,IAAI,CAAC,MAAM,MAAM,OAAO;AAAA,EAE5B,yBAAyB,CAAC,QACxB,IAAI,WAAW,MAAM,kCACrB,IAAI,CAAC,MAAM,MAAM,OAAO;AAC5B;","names":[]}
1	+ {"version":3,"sources":["../../../src/crypto/ecies/constants.ts"],"sourcesContent":["/*\n ECIES Constants and Format Specification\n \n These constants define the eccrypto-compatible ECIES format used throughout the SDK.\n * Maintaining these exact values ensures backward compatibility with data encrypted\n * using the original eccrypto library.\n /\n\n/\n Elliptic curve parameters\n /\nexport const CURVE = {\n /* The elliptic curve used (secp256k1 - same as Bitcoin/Ethereum) /\n name: \"secp256k1\",\n /* Private key length in bytes /\n PRIVATE_KEY_LENGTH: 32,\n /* Compressed public key length in bytes (0x02 or 0x03 prefix + 32 bytes) /\n COMPRESSED_PUBLIC_KEY_LENGTH: 33,\n /* Uncompressed public key length in bytes (0x04 prefix + 64 bytes) /\n UNCOMPRESSED_PUBLIC_KEY_LENGTH: 65,\n /* ECDH shared secret X coordinate length /\n SHARED_SECRET_LENGTH: 32,\n /* Public key prefixes /\n PREFIX: {\n /* Uncompressed public key prefix /\n UNCOMPRESSED: 0x04,\n /* Compressed public key prefix for even Y /\n COMPRESSED_EVEN: 0x02,\n /* Compressed public key prefix for odd Y /\n COMPRESSED_ODD: 0x03,\n },\n /* X coordinate starts at byte 1 (after prefix) /\n X_COORDINATE_OFFSET: 1,\n /* X coordinate ends at byte 33 (1 + 32) /\n X_COORDINATE_END: 33,\n} as const;\n\n/\n Symmetric encryption parameters (AES-256-CBC)\n /\nexport const CIPHER = {\n /* Cipher algorithm - must match eccrypto /\n algorithm: \"aes-256-cbc\",\n /* AES key length in bytes /\n KEY_LENGTH: 32,\n /* Initialization vector length in bytes /\n IV_LENGTH: 16,\n /* Block size for AES /\n BLOCK_SIZE: 16,\n} as const;\n\n/\n Key derivation function parameters\n /\nexport const KDF = {\n /* Hash algorithm for key derivation - must match eccrypto /\n algorithm: \"sha512\",\n /* Output length of SHA-512 in bytes /\n OUTPUT_LENGTH: 64,\n /* Encryption key slice (first 32 bytes of KDF output) /\n ENCRYPTION_KEY_OFFSET: 0,\n ENCRYPTION_KEY_LENGTH: 32,\n /* MAC key slice (last 32 bytes of KDF output) /\n MAC_KEY_OFFSET: 32,\n MAC_KEY_LENGTH: 32,\n} as const;\n\n/\n Message authentication code parameters\n /\nexport const MAC = {\n /* MAC algorithm - must match eccrypto /\n algorithm: \"sha256\",\n /* HMAC-SHA256 output length in bytes /\n LENGTH: 32,\n} as const;\n\n/\n ECIES encrypted data format offsets and lengths\n * Format: [iv(16)][ephemPublicKey(65)][ciphertext(variable)][mac(32)]\n /\nexport const FORMAT = {\n /* Offsets for each component in serialized format /\n IV_OFFSET: 0,\n IV_LENGTH: CIPHER.IV_LENGTH,\n\n /* Ephemeral public key (always uncompressed in eccrypto format) /\n EPHEMERAL_KEY_OFFSET: CIPHER.IV_LENGTH,\n EPHEMERAL_KEY_LENGTH: CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,\n\n /* Ciphertext starts after IV and ephemeral key /\n CIPHERTEXT_OFFSET: CIPHER.IV_LENGTH + CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,\n\n /* MAC is always the last 32 bytes /\n MAC_LENGTH: MAC.LENGTH,\n\n /* Minimum size of encrypted data (IV + ephemKey + MAC, no ciphertext) /\n MIN_ENCRYPTED_LENGTH:\n CIPHER.IV_LENGTH + CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH + MAC.LENGTH,\n\n /\n Helper to calculate total length of encrypted data\n \n @param ciphertextLength - Length of the ciphertext portion\n * @returns Total length including all components\n /\n getTotalLength: (ciphertextLength: number) =>\n CIPHER.IV_LENGTH +\n CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH +\n ciphertextLength +\n MAC.LENGTH,\n} as const;\n\n/\n Security constants for data clearing\n /\nexport const SECURITY = {\n /* Overwrite patterns for secure data clearing /\n CLEAR_PATTERNS: {\n ZEROS: 0x00,\n ONES: 0xff,\n /* Pattern multiplier for third pass /\n PATTERN_MULTIPLIER: 7,\n /* Pattern offset for third pass */\n PATTERN_OFFSET: 13,\n },\n} as const;\n"],"mappings":"AAWO,MAAM,QAAQ;AAAA;AAAA,EAEnB,MAAM;AAAA;AAAA,EAEN,oBAAoB;AAAA;AAAA,EAEpB,8BAA8B;AAAA;AAAA,EAE9B,gCAAgC;AAAA;AAAA,EAEhC,sBAAsB;AAAA;AAAA,EAEtB,QAAQ;AAAA;AAAA,IAEN,cAAc;AAAA;AAAA,IAEd,iBAAiB;AAAA;AAAA,IAEjB,gBAAgB;AAAA,EAClB;AAAA;AAAA,EAEA,qBAAqB;AAAA;AAAA,EAErB,kBAAkB;AACpB;AAKO,MAAM,SAAS;AAAA;AAAA,EAEpB,WAAW;AAAA;AAAA,EAEX,YAAY;AAAA;AAAA,EAEZ,WAAW;AAAA;AAAA,EAEX,YAAY;AACd;AAKO,MAAM,MAAM;AAAA;AAAA,EAEjB,WAAW;AAAA;AAAA,EAEX,eAAe;AAAA;AAAA,EAEf,uBAAuB;AAAA,EACvB,uBAAuB;AAAA;AAAA,EAEvB,gBAAgB;AAAA,EAChB,gBAAgB;AAClB;AAKO,MAAM,MAAM;AAAA;AAAA,EAEjB,WAAW;AAAA;AAAA,EAEX,QAAQ;AACV;AAMO,MAAM,SAAS;AAAA;AAAA,EAEpB,WAAW;AAAA,EACX,WAAW,OAAO;AAAA;AAAA,EAGlB,sBAAsB,OAAO;AAAA,EAC7B,sBAAsB,MAAM;AAAA;AAAA,EAG5B,mBAAmB,OAAO,YAAY,MAAM;AAAA;AAAA,EAG5C,YAAY,IAAI;AAAA;AAAA,EAGhB,sBACE,OAAO,YAAY,MAAM,iCAAiC,IAAI;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQhE,gBAAgB,CAAC,qBACf,OAAO,YACP,MAAM,iCACN,mBACA,IAAI;AACR;AAKO,MAAM,WAAW;AAAA;AAAA,EAEtB,gBAAgB;AAAA,IACd,OAAO;AAAA,IACP,MAAM;AAAA;AAAA,IAEN,oBAAoB;AAAA;AAAA,IAEpB,gBAAgB;AAAA,EAClB;AACF;","names":[]}

package/dist/crypto/ecies/interface.cjs CHANGED Viewed

@@ -59,10 +59,27 @@ function serializeECIES(encrypted) {
 function deserializeECIES(hex) {
   const hexWithPrefix = hex.startsWith("0x") ? hex : `0x${hex}`;
   const bytes = (0, import_viem.fromHex)(hexWithPrefix, "bytes");
-  const ephemKeySize = bytes[import_constants.FORMAT.EPHEMERAL_KEY_OFFSET] === import_constants.CURVE.PREFIX.UNCOMPRESSED ? import_constants.CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH : import_constants.CURVE.COMPRESSED_PUBLIC_KEY_LENGTH;
+  const absoluteMinLength = import_constants.FORMAT.IV_LENGTH + 1 + import_constants.MAC.LENGTH + 1;
+  if (bytes.length < absoluteMinLength) {
+    throw new ECIESError(
+      `Invalid ECIES data: too short (${bytes.length} bytes, minimum ${absoluteMinLength} bytes required)`,
+      "DECRYPTION_FAILED"
+    );
+  }
+  const prefix = bytes[import_constants.FORMAT.EPHEMERAL_KEY_OFFSET];
+  if (prefix !== import_constants.CURVE.PREFIX.UNCOMPRESSED) {
+    throw new ECIESError(
+      `Invalid ephemeral public key: must be uncompressed format (0x04 prefix), got 0x${prefix.toString(16).padStart(2, "0")}`,
+      "DECRYPTION_FAILED"
+    );
+  }
+  const ephemKeySize = import_constants.CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH;
   const minLength = import_constants.FORMAT.IV_LENGTH + ephemKeySize + import_constants.MAC.LENGTH + 1;
   if (bytes.length < minLength) {
-    throw new ECIESError("Invalid ECIES data: too short", "DECRYPTION_FAILED");
+    throw new ECIESError(
+      `Invalid ECIES data: too short (${bytes.length} bytes, minimum ${minLength} bytes required)`,
+      "DECRYPTION_FAILED"
+    );
   }
   return {
     iv: bytes.subarray(import_constants.FORMAT.IV_OFFSET, import_constants.FORMAT.IV_OFFSET + import_constants.FORMAT.IV_LENGTH),

package/dist/crypto/ecies/interface.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../src/crypto/ecies/interface.ts"],"sourcesContent":["/*\n ECIES (Elliptic Curve Integrated Encryption Scheme) Interface\n \n @remarks\n * Defines the contract for platform-specific ECIES implementations.\n * All implementations maintain compatibility with the eccrypto format to ensure\n * backward compatibility with existing encrypted data.\n \n Format specification:\n * `[iv (16 bytes)][ephemPublicKey (65 bytes)][ciphertext (variable)][mac (32 bytes)]`\n \n @category Cryptography\n /\n\nimport { CIPHER, CURVE, MAC, FORMAT } from \"./constants\";\nimport { fromHex, toHex } from \"viem\";\n\n/\n Represents ECIES encrypted data in eccrypto-compatible format.\n \n @remarks\n * This structure maintains backward compatibility with data encrypted using\n * the legacy eccrypto library.\n /\nexport interface ECIESEncrypted {\n /* Initialization vector (16 bytes) /\n iv: Uint8Array;\n /* Ephemeral public key (65 bytes uncompressed) /\n ephemPublicKey: Uint8Array;\n /* Encrypted data /\n ciphertext: Uint8Array;\n /* Message authentication code (32 bytes) /\n mac: Uint8Array;\n}\n\n/\n Provides ECIES encryption and decryption operations.\n \n @remarks\n * Platform-specific implementations handle the underlying cryptographic primitives\n * while maintaining consistent data format across environments.\n \n @category Cryptography\n /\nexport interface ECIESProvider {\n /\n Encrypts data using ECIES with secp256k1.\n \n @param publicKey - Recipient's public key (65 bytes uncompressed or 33 bytes compressed).\n * Obtain via `vana.server.getIdentity(userAddress).public_key`.\n * @param message - Data to encrypt.\n * @returns Encrypted data structure compatible with eccrypto format.\n * @throws {ECIESError} When public key is invalid.\n * Verify key format matches secp256k1 requirements.\n \n @example\n * ```typescript\n * const encrypted = await provider.encrypt(\n * fromHex(publicKey, 'bytes'),\n * new TextEncoder().encode('sensitive data')\n * );\n * ```\n /\n encrypt(publicKey: Uint8Array, message: Uint8Array): Promise<ECIESEncrypted>;\n\n /\n Decrypts ECIES encrypted data.\n \n @param privateKey - Recipient's private key (32 bytes).\n * @param encrypted - Encrypted data structure from `encrypt()` or legacy eccrypto.\n * @returns Decrypted message as Uint8Array.\n * @throws {ECIESError} When MAC verification fails.\n * Ensure the private key matches the public key used for encryption.\n \n @example\n * ```typescript\n * const decrypted = await provider.decrypt(\n * fromHex(privateKey, 'bytes'),\n * encrypted\n * );\n * const message = new TextDecoder().decode(decrypted);\n * ```\n /\n decrypt(\n privateKey: Uint8Array,\n encrypted: ECIESEncrypted,\n ): Promise<Uint8Array>;\n\n /\n Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).\n \n @remarks\n * Strict policy: Only accepts properly formatted compressed (33 bytes) or\n * uncompressed (65 bytes) public keys. Does not accept 64-byte raw coordinates\n * to ensure data integrity and prevent masking of malformed inputs.\n \n @param publicKey - Public key in compressed or uncompressed format\n * @returns Normalized uncompressed public key (65 bytes with 0x04 prefix)\n * @throws {Error} When public key format is invalid, including raw coordinates (64 bytes)\n * @throws {Error} When decompression of compressed key fails\n \n @example\n * ```typescript\n * // Compressed key (33 bytes)\n * const compressed = new Uint8Array(33);\n * compressed[0] = 0x02;\n * const uncompressed = provider.normalizeToUncompressed(compressed);\n * console.log(uncompressed.length); // 65\n * console.log(uncompressed[0]); // 0x04\n \n // Already uncompressed (65 bytes)\n * const already = provider.normalizeToUncompressed(uncompressedKey);\n * console.log(already === uncompressedKey); // true (returns same reference)\n \n // Raw coordinates rejected (64 bytes)\n * const raw = new Uint8Array(64);\n * provider.normalizeToUncompressed(raw); // Throws error\n * ```\n /\n normalizeToUncompressed(publicKey: Uint8Array): Uint8Array;\n}\n\n/\n Configures ECIES operation behavior.\n /\nexport interface ECIESOptions {\n /* Use compressed public keys (33 bytes) instead of uncompressed (65 bytes) /\n useCompressed?: boolean;\n}\n\n/\n Represents failures in ECIES cryptographic operations.\n \n @remarks\n * Provides specific error codes to help identify and recover from\n * different failure scenarios.\n \n @category Errors\n /\nexport class ECIESError extends Error {\n constructor(\n message: string,\n public readonly code:\n \| \"INVALID_KEY\"\n \| \"ENCRYPTION_FAILED\"\n \| \"DECRYPTION_FAILED\"\n \| \"MAC_MISMATCH\"\n \| \"ECDH_FAILED\",\n public override readonly cause?: Error,\n ) {\n super(message);\n this.name = \"ECIESError\";\n }\n}\n\n/\n Validates if an object conforms to the ECIESEncrypted structure.\n \n @param obj - Object to validate.\n * @returns `true` if object is a valid ECIESEncrypted structure.\n \n @example\n * ```typescript\n * if (isECIESEncrypted(data)) {\n * const decrypted = await provider.decrypt(privateKey, data);\n * }\n * ```\n /\nexport function isECIESEncrypted(obj: unknown): obj is ECIESEncrypted {\n if (!obj \|\| typeof obj !== \"object\") return false;\n const enc = obj as Record<string, unknown>;\n\n const isUint8Array = (value: unknown): value is Uint8Array => {\n return (\n value instanceof Uint8Array \|\|\n (typeof Buffer !== \"undefined\" && Buffer.isBuffer(value))\n );\n };\n\n return (\n isUint8Array(enc.iv) &&\n enc.iv.length === CIPHER.IV_LENGTH &&\n isUint8Array(enc.ephemPublicKey) &&\n (enc.ephemPublicKey.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH \|\|\n enc.ephemPublicKey.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) &&\n isUint8Array(enc.ciphertext) &&\n enc.ciphertext.length > 0 &&\n isUint8Array(enc.mac) &&\n enc.mac.length === MAC.LENGTH\n );\n}\n\n/\n Serializes ECIESEncrypted to hex string for storage or transmission.\n \n @param encrypted - Encrypted data structure from `encrypt()`.\n * @returns Hex string representation.\n \n @example\n * ```typescript\n * const hexString = serializeECIES(encrypted);\n * // Store hexString in database or send over network\n * ```\n /\nexport function serializeECIES(encrypted: ECIESEncrypted): string {\n const combined = new Uint8Array(\n encrypted.iv.length +\n encrypted.ephemPublicKey.length +\n encrypted.ciphertext.length +\n encrypted.mac.length,\n );\n\n let offset = 0;\n combined.set(encrypted.iv, offset);\n offset += encrypted.iv.length;\n combined.set(encrypted.ephemPublicKey, offset);\n offset += encrypted.ephemPublicKey.length;\n combined.set(encrypted.ciphertext, offset);\n offset += encrypted.ciphertext.length;\n combined.set(encrypted.mac, offset);\n\n return toHex(combined).slice(2);\n}\n\n/\n Deserializes hex string to ECIESEncrypted structure.\n \n @param hex - Hex string from `serializeECIES()` or storage.\n * @returns ECIESEncrypted structure ready for decryption.\n * @throws {ECIESError} When hex string format is invalid.\n * Verify the hex string is complete and uncorrupted.\n \n @example\n * ```typescript\n * const encrypted = deserializeECIES(hexString);\n * const decrypted = await provider.decrypt(privateKey, encrypted);\n * ```\n */\nexport function deserializeECIES(hex: string): ECIESEncrypted {\n const hexWithPrefix = hex.startsWith(\"0x\") ? hex : `0x${hex}`;\n const bytes = fromHex(hexWithPrefix as `0x${string}`, \"bytes\");\n\n // Determine ephemPublicKey size based on prefix\n const ephemKeySize =\n bytes[FORMAT.EPHEMERAL_KEY_OFFSET] === CURVE.PREFIX.UNCOMPRESSED\n ? CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH\n : CURVE.COMPRESSED_PUBLIC_KEY_LENGTH;\n\n const minLength = FORMAT.IV_LENGTH + ephemKeySize + MAC.LENGTH + 1; // +1 for at least 1 byte of ciphertext\n if (bytes.length < minLength) {\n throw new ECIESError(\"Invalid ECIES data: too short\", \"DECRYPTION_FAILED\");\n }\n\n return {\n iv: bytes.subarray(FORMAT.IV_OFFSET, FORMAT.IV_OFFSET + FORMAT.IV_LENGTH),\n ephemPublicKey: bytes.subarray(\n FORMAT.EPHEMERAL_KEY_OFFSET,\n FORMAT.EPHEMERAL_KEY_OFFSET + ephemKeySize,\n ),\n ciphertext: bytes.subarray(\n FORMAT.EPHEMERAL_KEY_OFFSET + ephemKeySize,\n bytes.length - MAC.LENGTH,\n ),\n mac: bytes.subarray(bytes.length - MAC.LENGTH),\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAcA,uBAA2C;AAC3C,kBAA+B;AA4HxB,MAAM,mBAAmB,MAAM;AAAA,EACpC,YACE,SACgB,MAMS,OACzB;AACA,UAAM,OAAO;AARG;AAMS;AAGzB,SAAK,OAAO;AAAA,EACd;AACF;AAeO,SAAS,iBAAiB,KAAqC;AACpE,MAAI,CAAC,OAAO,OAAO,QAAQ,SAAU,QAAO;AAC5C,QAAM,MAAM;AAEZ,QAAM,eAAe,CAAC,UAAwC;AAC5D,WACE,iBAAiB,cAChB,OAAO,WAAW,eAAe,OAAO,SAAS,KAAK;AAAA,EAE3D;AAEA,SACE,aAAa,IAAI,EAAE,KACnB,IAAI,GAAG,WAAW,wBAAO,aACzB,aAAa,IAAI,cAAc,MAC9B,IAAI,eAAe,WAAW,uBAAM,kCACnC,IAAI,eAAe,WAAW,uBAAM,iCACtC,aAAa,IAAI,UAAU,KAC3B,IAAI,WAAW,SAAS,KACxB,aAAa,IAAI,GAAG,KACpB,IAAI,IAAI,WAAW,qBAAI;AAE3B;AAcO,SAAS,eAAe,WAAmC;AAChE,QAAM,WAAW,IAAI;AAAA,IACnB,UAAU,GAAG,SACX,UAAU,eAAe,SACzB,UAAU,WAAW,SACrB,UAAU,IAAI;AAAA,EAClB;AAEA,MAAI,SAAS;AACb,WAAS,IAAI,UAAU,IAAI,MAAM;AACjC,YAAU,UAAU,GAAG;AACvB,WAAS,IAAI,UAAU,gBAAgB,MAAM;AAC7C,YAAU,UAAU,eAAe;AACnC,WAAS,IAAI,UAAU,YAAY,MAAM;AACzC,YAAU,UAAU,WAAW;AAC/B,WAAS,IAAI,UAAU,KAAK,MAAM;AAElC,aAAO,mBAAM,QAAQ,EAAE,MAAM,CAAC;AAChC;AAgBO,SAAS,iBAAiB,KAA6B;AAC5D,QAAM,gBAAgB,IAAI,WAAW,IAAI,IAAI,MAAM,KAAK,GAAG;AAC3D,QAAM,YAAQ,qBAAQ,eAAgC,OAAO;AAG7D,QAAM,eACJ,MAAM,wBAAO,oBAAoB,MAAM,uBAAM,OAAO,eAChD,uBAAM,iCACN,uBAAM;AAEZ,QAAM,YAAY,wBAAO,YAAY,eAAe,qBAAI,SAAS;AACjE,MAAI,MAAM,SAAS,WAAW;AAC5B,UAAM,IAAI,WAAW,iCAAiC,mBAAmB;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI,MAAM,SAAS,wBAAO,WAAW,wBAAO,YAAY,wBAAO,SAAS;AAAA,IACxE,gBAAgB,MAAM;AAAA,MACpB,wBAAO;AAAA,MACP,wBAAO,uBAAuB;AAAA,IAChC;AAAA,IACA,YAAY,MAAM;AAAA,MAChB,wBAAO,uBAAuB;AAAA,MAC9B,MAAM,SAAS,qBAAI;AAAA,IACrB;AAAA,IACA,KAAK,MAAM,SAAS,MAAM,SAAS,qBAAI,MAAM;AAAA,EAC/C;AACF;","names":[]}
1	+ {"version":3,"sources":["../../../src/crypto/ecies/interface.ts"],"sourcesContent":["/*\n ECIES (Elliptic Curve Integrated Encryption Scheme) Interface\n \n @remarks\n * Defines the contract for platform-specific ECIES implementations.\n * All implementations maintain compatibility with the eccrypto format to ensure\n * backward compatibility with existing encrypted data.\n \n Format specification:\n * `[iv (16 bytes)][ephemPublicKey (65 bytes)][ciphertext (variable)][mac (32 bytes)]`\n \n @category Cryptography\n /\n\nimport { CIPHER, CURVE, MAC, FORMAT } from \"./constants\";\nimport { fromHex, toHex } from \"viem\";\n\n/\n Represents ECIES encrypted data in eccrypto-compatible format.\n \n @remarks\n * This structure maintains backward compatibility with data encrypted using\n * the legacy eccrypto library.\n /\nexport interface ECIESEncrypted {\n /* Initialization vector (16 bytes) /\n iv: Uint8Array;\n /* Ephemeral public key (65 bytes uncompressed) /\n ephemPublicKey: Uint8Array;\n /* Encrypted data /\n ciphertext: Uint8Array;\n /* Message authentication code (32 bytes) /\n mac: Uint8Array;\n}\n\n/\n Provides ECIES encryption and decryption operations.\n \n @remarks\n * Platform-specific implementations handle the underlying cryptographic primitives\n * while maintaining consistent data format across environments.\n \n @category Cryptography\n /\nexport interface ECIESProvider {\n /\n Encrypts data using ECIES with secp256k1.\n \n @param publicKey - Recipient's public key (65 bytes uncompressed or 33 bytes compressed).\n * Obtain via `vana.server.getIdentity(userAddress).public_key`.\n * @param message - Data to encrypt.\n * @returns Encrypted data structure compatible with eccrypto format.\n * @throws {ECIESError} When public key is invalid.\n * Verify key format matches secp256k1 requirements.\n \n @example\n * ```typescript\n * const encrypted = await provider.encrypt(\n * fromHex(publicKey, 'bytes'),\n * new TextEncoder().encode('sensitive data')\n * );\n * ```\n /\n encrypt(publicKey: Uint8Array, message: Uint8Array): Promise<ECIESEncrypted>;\n\n /\n Decrypts ECIES encrypted data.\n \n @param privateKey - Recipient's private key (32 bytes).\n * @param encrypted - Encrypted data structure from `encrypt()` or legacy eccrypto.\n * @returns Decrypted message as Uint8Array.\n * @throws {ECIESError} When MAC verification fails.\n * Ensure the private key matches the public key used for encryption.\n \n @example\n * ```typescript\n * const decrypted = await provider.decrypt(\n * fromHex(privateKey, 'bytes'),\n * encrypted\n * );\n * const message = new TextDecoder().decode(decrypted);\n * ```\n /\n decrypt(\n privateKey: Uint8Array,\n encrypted: ECIESEncrypted,\n ): Promise<Uint8Array>;\n\n /\n Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).\n \n @remarks\n * Strict policy: Only accepts properly formatted compressed (33 bytes) or\n * uncompressed (65 bytes) public keys. Does not accept 64-byte raw coordinates\n * to ensure data integrity and prevent masking of malformed inputs.\n \n @param publicKey - Public key in compressed or uncompressed format\n * @returns Normalized uncompressed public key (65 bytes with 0x04 prefix)\n * @throws {Error} When public key format is invalid, including raw coordinates (64 bytes)\n * @throws {Error} When decompression of compressed key fails\n \n @example\n * ```typescript\n * // Compressed key (33 bytes)\n * const compressed = new Uint8Array(33);\n * compressed[0] = 0x02;\n * const uncompressed = provider.normalizeToUncompressed(compressed);\n * console.log(uncompressed.length); // 65\n * console.log(uncompressed[0]); // 0x04\n \n // Already uncompressed (65 bytes)\n * const already = provider.normalizeToUncompressed(uncompressedKey);\n * console.log(already === uncompressedKey); // true (returns same reference)\n \n // Raw coordinates rejected (64 bytes)\n * const raw = new Uint8Array(64);\n * provider.normalizeToUncompressed(raw); // Throws error\n * ```\n /\n normalizeToUncompressed(publicKey: Uint8Array): Uint8Array;\n}\n\n/\n Configures ECIES operation behavior.\n /\nexport interface ECIESOptions {\n /* Use compressed public keys (33 bytes) instead of uncompressed (65 bytes) /\n useCompressed?: boolean;\n}\n\n/\n Represents failures in ECIES cryptographic operations.\n \n @remarks\n * Provides specific error codes to help identify and recover from\n * different failure scenarios.\n \n @category Errors\n /\nexport class ECIESError extends Error {\n constructor(\n message: string,\n public readonly code:\n \| \"INVALID_KEY\"\n \| \"ENCRYPTION_FAILED\"\n \| \"DECRYPTION_FAILED\"\n \| \"MAC_MISMATCH\"\n \| \"ECDH_FAILED\",\n public override readonly cause?: Error,\n ) {\n super(message);\n this.name = \"ECIESError\";\n }\n}\n\n/\n Validates if an object conforms to the ECIESEncrypted structure.\n \n @param obj - Object to validate.\n * @returns `true` if object is a valid ECIESEncrypted structure.\n \n @example\n * ```typescript\n * if (isECIESEncrypted(data)) {\n * const decrypted = await provider.decrypt(privateKey, data);\n * }\n * ```\n /\nexport function isECIESEncrypted(obj: unknown): obj is ECIESEncrypted {\n if (!obj \|\| typeof obj !== \"object\") return false;\n const enc = obj as Record<string, unknown>;\n\n const isUint8Array = (value: unknown): value is Uint8Array => {\n return (\n value instanceof Uint8Array \|\|\n (typeof Buffer !== \"undefined\" && Buffer.isBuffer(value))\n );\n };\n\n return (\n isUint8Array(enc.iv) &&\n enc.iv.length === CIPHER.IV_LENGTH &&\n isUint8Array(enc.ephemPublicKey) &&\n (enc.ephemPublicKey.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH \|\|\n enc.ephemPublicKey.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) &&\n isUint8Array(enc.ciphertext) &&\n enc.ciphertext.length > 0 &&\n isUint8Array(enc.mac) &&\n enc.mac.length === MAC.LENGTH\n );\n}\n\n/\n Serializes ECIESEncrypted to hex string for storage or transmission.\n \n @param encrypted - Encrypted data structure from `encrypt()`.\n * @returns Hex string representation.\n \n @example\n * ```typescript\n * const hexString = serializeECIES(encrypted);\n * // Store hexString in database or send over network\n * ```\n /\nexport function serializeECIES(encrypted: ECIESEncrypted): string {\n const combined = new Uint8Array(\n encrypted.iv.length +\n encrypted.ephemPublicKey.length +\n encrypted.ciphertext.length +\n encrypted.mac.length,\n );\n\n let offset = 0;\n combined.set(encrypted.iv, offset);\n offset += encrypted.iv.length;\n combined.set(encrypted.ephemPublicKey, offset);\n offset += encrypted.ephemPublicKey.length;\n combined.set(encrypted.ciphertext, offset);\n offset += encrypted.ciphertext.length;\n combined.set(encrypted.mac, offset);\n\n return toHex(combined).slice(2);\n}\n\n/\n Deserializes hex string to ECIESEncrypted structure.\n \n @param hex - Hex string from `serializeECIES()` or storage.\n * @returns ECIESEncrypted structure ready for decryption.\n * @throws {ECIESError} When hex string format is invalid.\n * Verify the hex string is complete and uncorrupted.\n \n @example\n * ```typescript\n * const encrypted = deserializeECIES(hexString);\n * const decrypted = await provider.decrypt(privateKey, encrypted);\n * ```\n */\nexport function deserializeECIES(hex: string): ECIESEncrypted {\n const hexWithPrefix = hex.startsWith(\"0x\") ? hex : `0x${hex}`;\n const bytes = fromHex(hexWithPrefix as `0x${string}`, \"bytes\");\n\n // Check minimum length before accessing prefix byte\n // Need at least: IV (16 bytes) + 1 byte for prefix check + MAC (32 bytes) + 1 byte ciphertext\n const absoluteMinLength = FORMAT.IV_LENGTH + 1 + MAC.LENGTH + 1;\n if (bytes.length < absoluteMinLength) {\n throw new ECIESError(\n `Invalid ECIES data: too short (${bytes.length} bytes, minimum ${absoluteMinLength} bytes required)`,\n \"DECRYPTION_FAILED\",\n );\n }\n\n // Validate ephemeral public key prefix (must be uncompressed for eccrypto compatibility)\n const prefix = bytes[FORMAT.EPHEMERAL_KEY_OFFSET];\n\n if (prefix !== CURVE.PREFIX.UNCOMPRESSED) {\n throw new ECIESError(\n `Invalid ephemeral public key: must be uncompressed format (0x04 prefix), got 0x${prefix.toString(16).padStart(2, \"0\")}`,\n \"DECRYPTION_FAILED\",\n );\n }\n\n const ephemKeySize = CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH;\n\n const minLength = FORMAT.IV_LENGTH + ephemKeySize + MAC.LENGTH + 1; // +1 for at least 1 byte of ciphertext\n if (bytes.length < minLength) {\n throw new ECIESError(\n `Invalid ECIES data: too short (${bytes.length} bytes, minimum ${minLength} bytes required)`,\n \"DECRYPTION_FAILED\",\n );\n }\n\n return {\n iv: bytes.subarray(FORMAT.IV_OFFSET, FORMAT.IV_OFFSET + FORMAT.IV_LENGTH),\n ephemPublicKey: bytes.subarray(\n FORMAT.EPHEMERAL_KEY_OFFSET,\n FORMAT.EPHEMERAL_KEY_OFFSET + ephemKeySize,\n ),\n ciphertext: bytes.subarray(\n FORMAT.EPHEMERAL_KEY_OFFSET + ephemKeySize,\n bytes.length - MAC.LENGTH,\n ),\n mac: bytes.subarray(bytes.length - MAC.LENGTH),\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAcA,uBAA2C;AAC3C,kBAA+B;AA4HxB,MAAM,mBAAmB,MAAM;AAAA,EACpC,YACE,SACgB,MAMS,OACzB;AACA,UAAM,OAAO;AARG;AAMS;AAGzB,SAAK,OAAO;AAAA,EACd;AACF;AAeO,SAAS,iBAAiB,KAAqC;AACpE,MAAI,CAAC,OAAO,OAAO,QAAQ,SAAU,QAAO;AAC5C,QAAM,MAAM;AAEZ,QAAM,eAAe,CAAC,UAAwC;AAC5D,WACE,iBAAiB,cAChB,OAAO,WAAW,eAAe,OAAO,SAAS,KAAK;AAAA,EAE3D;AAEA,SACE,aAAa,IAAI,EAAE,KACnB,IAAI,GAAG,WAAW,wBAAO,aACzB,aAAa,IAAI,cAAc,MAC9B,IAAI,eAAe,WAAW,uBAAM,kCACnC,IAAI,eAAe,WAAW,uBAAM,iCACtC,aAAa,IAAI,UAAU,KAC3B,IAAI,WAAW,SAAS,KACxB,aAAa,IAAI,GAAG,KACpB,IAAI,IAAI,WAAW,qBAAI;AAE3B;AAcO,SAAS,eAAe,WAAmC;AAChE,QAAM,WAAW,IAAI;AAAA,IACnB,UAAU,GAAG,SACX,UAAU,eAAe,SACzB,UAAU,WAAW,SACrB,UAAU,IAAI;AAAA,EAClB;AAEA,MAAI,SAAS;AACb,WAAS,IAAI,UAAU,IAAI,MAAM;AACjC,YAAU,UAAU,GAAG;AACvB,WAAS,IAAI,UAAU,gBAAgB,MAAM;AAC7C,YAAU,UAAU,eAAe;AACnC,WAAS,IAAI,UAAU,YAAY,MAAM;AACzC,YAAU,UAAU,WAAW;AAC/B,WAAS,IAAI,UAAU,KAAK,MAAM;AAElC,aAAO,mBAAM,QAAQ,EAAE,MAAM,CAAC;AAChC;AAgBO,SAAS,iBAAiB,KAA6B;AAC5D,QAAM,gBAAgB,IAAI,WAAW,IAAI,IAAI,MAAM,KAAK,GAAG;AAC3D,QAAM,YAAQ,qBAAQ,eAAgC,OAAO;AAI7D,QAAM,oBAAoB,wBAAO,YAAY,IAAI,qBAAI,SAAS;AAC9D,MAAI,MAAM,SAAS,mBAAmB;AACpC,UAAM,IAAI;AAAA,MACR,kCAAkC,MAAM,MAAM,mBAAmB,iBAAiB;AAAA,MAClF;AAAA,IACF;AAAA,EACF;AAGA,QAAM,SAAS,MAAM,wBAAO,oBAAoB;AAEhD,MAAI,WAAW,uBAAM,OAAO,cAAc;AACxC,UAAM,IAAI;AAAA,MACR,kFAAkF,OAAO,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC;AAAA,MACtH;AAAA,IACF;AAAA,EACF;AAEA,QAAM,eAAe,uBAAM;AAE3B,QAAM,YAAY,wBAAO,YAAY,eAAe,qBAAI,SAAS;AACjE,MAAI,MAAM,SAAS,WAAW;AAC5B,UAAM,IAAI;AAAA,MACR,kCAAkC,MAAM,MAAM,mBAAmB,SAAS;AAAA,MAC1E;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,IAAI,MAAM,SAAS,wBAAO,WAAW,wBAAO,YAAY,wBAAO,SAAS;AAAA,IACxE,gBAAgB,MAAM;AAAA,MACpB,wBAAO;AAAA,MACP,wBAAO,uBAAuB;AAAA,IAChC;AAAA,IACA,YAAY,MAAM;AAAA,MAChB,wBAAO,uBAAuB;AAAA,MAC9B,MAAM,SAAS,qBAAI;AAAA,IACrB;AAAA,IACA,KAAK,MAAM,SAAS,MAAM,SAAS,qBAAI,MAAM;AAAA,EAC/C;AACF;","names":[]}

package/dist/crypto/ecies/interface.js CHANGED Viewed

@@ -33,10 +33,27 @@ function serializeECIES(encrypted) {
 function deserializeECIES(hex) {
   const hexWithPrefix = hex.startsWith("0x") ? hex : `0x${hex}`;
   const bytes = fromHex(hexWithPrefix, "bytes");
-  const ephemKeySize = bytes[FORMAT.EPHEMERAL_KEY_OFFSET] === CURVE.PREFIX.UNCOMPRESSED ? CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH : CURVE.COMPRESSED_PUBLIC_KEY_LENGTH;
+  const absoluteMinLength = FORMAT.IV_LENGTH + 1 + MAC.LENGTH + 1;
+  if (bytes.length < absoluteMinLength) {
+    throw new ECIESError(
+      `Invalid ECIES data: too short (${bytes.length} bytes, minimum ${absoluteMinLength} bytes required)`,
+      "DECRYPTION_FAILED"
+    );
+  }
+  const prefix = bytes[FORMAT.EPHEMERAL_KEY_OFFSET];
+  if (prefix !== CURVE.PREFIX.UNCOMPRESSED) {
+    throw new ECIESError(
+      `Invalid ephemeral public key: must be uncompressed format (0x04 prefix), got 0x${prefix.toString(16).padStart(2, "0")}`,
+      "DECRYPTION_FAILED"
+    );
+  }
+  const ephemKeySize = CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH;
   const minLength = FORMAT.IV_LENGTH + ephemKeySize + MAC.LENGTH + 1;
   if (bytes.length < minLength) {
-    throw new ECIESError("Invalid ECIES data: too short", "DECRYPTION_FAILED");
+    throw new ECIESError(
+      `Invalid ECIES data: too short (${bytes.length} bytes, minimum ${minLength} bytes required)`,
+      "DECRYPTION_FAILED"
+    );
   }
   return {
     iv: bytes.subarray(FORMAT.IV_OFFSET, FORMAT.IV_OFFSET + FORMAT.IV_LENGTH),