@private.me/xbind 3.0.2 → 3.0.4

package/dist-standalone/cjs/split-channel.js

@@ -1,225 +1 @@
-"use strict";
-/**
- * XorIDA split-channel bridge for @private.me/xbind.
- *
- * Bridges @private.me/crypto threshold sharing with the agent-sdk
- * TransportEnvelope format. Splits plaintext into n shares with HMAC
- * integrity, each share wrapped in its own envelope for independent routing.
- *
- * Pipeline:
- *   split:  pad -> HMAC -> XorIDA split -> share Uint8Arrays with metadata
- *   reconstruct: collect k shares -> XorIDA reconstruct -> HMAC verify -> unpad
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.DEFAULT_SPLIT_CONFIG = void 0;
-exports.splitForChannel = splitForChannel;
-exports.splitForChannelWithGroupId = splitForChannelWithGroupId;
-exports.reconstructFromChannel = reconstructFromChannel;
-const shared_1 = require("../_deps/shared/index.js");
-const crypto_utils_js_1 = require("./crypto-utils.js");
-/** Default split-channel configuration: 3 shares, threshold 2. */
-exports.DEFAULT_SPLIT_CONFIG = {
-    totalShares: 3,
-    threshold: 2,
-};
-/* ── Split ── */
-/**
- * Split plaintext into n shares via XorIDA with HMAC integrity.
- *
- * Pipeline: pad(PKCS#7) -> HMAC(padded) -> XorIDA split -> ChannelShare[]
- *
- * Information-theoretic security: Any k shares can reconstruct the plaintext,
- * but k-1 shares reveal ZERO information (proven secure).
- *
- * @param plaintext - Raw plaintext bytes to split
- * @param config - Split configuration (totalShares, threshold)
- * @returns Array of n ChannelShare objects ready for envelope wrapping
- *
- * @example
- * ```typescript
- * import { splitForChannel, DEFAULT_SPLIT_CONFIG } from '@private.me/xbind';
- *
- * const plaintext = new TextEncoder().encode('Sensitive data');
- *
- * // Default: 3 shares, need 2 to reconstruct
- * const shares = await splitForChannel(plaintext);
- * if (!shares.ok) throw new Error(shares.error);
- *
- * console.log('Created shares:', shares.value.length);
- * // Send each share through different channels (email, SMS, push)
- * shares.value.forEach((share, i) => {
- *   console.log(`Share ${i}: ${share.groupId}`);
- * });
- *
- * // Custom configuration: 5 shares, need 3
- * const customShares = await splitForChannel(plaintext, {
- *   totalShares: 5,
- *   threshold: 3
- * });
- * ```
- */
-async function splitForChannel(plaintext, config = exports.DEFAULT_SPLIT_CONFIG) {
-    const { totalShares: n, threshold: k } = config;
-    if (n < 2 || k < 2 || k > n) {
-        return (0, shared_1.err)('SPLIT_FAILED:INVALID_PARAMS');
-    }
-    const groupId = (0, crypto_utils_js_1.generateUUID)();
-    return splitForChannelWithGroupId(plaintext, config, groupId);
-}
-/**
- * Split plaintext with a specific groupId (for testability).
- *
- * @param plaintext - Raw plaintext bytes
- * @param config - Split configuration
- * @param groupId - UUID to use for the share group
- * @returns Array of ChannelShare objects
- */
-async function splitForChannelWithGroupId(plaintext, config, groupId) {
-    const { totalShares: n, threshold: k } = config;
-    if (n < 2 || k < 2 || k > n) {
-        return (0, shared_1.err)('SPLIT_FAILED:INVALID_PARAMS');
-    }
-    const p = (0, crypto_utils_js_1.nextOddPrime)(n);
-    const blockSize = p - 1;
-    const padded = (0, crypto_utils_js_1.pkcs7Pad)(plaintext, blockSize);
-    const { key: hmacKey, signature: hmacSig } = await (0, crypto_utils_js_1.generateHMAC)(padded);
-    let shareArrays;
-    try {
-        shareArrays = (0, crypto_utils_js_1.splitXorIDA)(padded, n, k);
-    }
-    catch {
-        return (0, shared_1.err)('SPLIT_FAILED');
-    }
-    const hmacKeyB64 = (0, crypto_utils_js_1.toBase64)(hmacKey);
-    const hmacSigB64 = (0, crypto_utils_js_1.toBase64)(hmacSig);
-    const shares = shareArrays.map((data, index) => ({
-        data: (0, crypto_utils_js_1.formatShareHeader)((0, crypto_utils_js_1.toBase64)(data)),
-        index,
-        total: n,
-        threshold: k,
-        groupId,
-        hmacKey: hmacKeyB64,
-        hmacSig: hmacSigB64,
-    }));
-    return (0, shared_1.ok)(shares);
-}
-/* ── Reconstruct ── */
-/**
- * Reconstruct plaintext from k-of-n shares.
- *
- * Pipeline: validate -> XorIDA reconstruct -> HMAC verify -> unpad -> plaintext
- * HMAC verification happens BEFORE the data is trusted.
- *
- * @param shares - Array of at least k ChannelShare objects (must have same groupId)
- * @returns Reconstructed plaintext bytes
- *
- * @example
- * ```typescript
- * import { reconstructFromChannel, type ChannelShare } from '@private.me/xbind';
- *
- * // Collect shares from different channels
- * const receivedShares: ChannelShare[] = [
- *   emailShare,   // Received via email
- *   smsShare,     // Received via SMS
- *   // Only need 2 shares (threshold = 2)
- * ];
- *
- * // Reconstruct original message
- * const plaintext = await reconstructFromChannel(receivedShares);
- * if (!plaintext.ok) {
- *   console.error('Reconstruction failed:', plaintext.error);
- *   return;
- * }
- *
- * const message = new TextDecoder().decode(plaintext.value);
- * console.log('Reconstructed message:', message);
- * ```
- */
-async function reconstructFromChannel(shares) {
-    const validationResult = validateShares(shares);
-    if (!validationResult.ok)
-        return validationResult;
-    const { k, n } = validationResult.value;
-    const usedShares = shares.slice(0, k);
-    return reconstructValidated(usedShares, n, k);
-}
-/**
- * Validate share consistency before reconstruction.
- *
- * @param shares - Shares to validate
- * @returns Validated parameters or error
- */
-function validateShares(shares) {
-    if (shares.length === 0) {
-        return (0, shared_1.err)('INSUFFICIENT_SHARES');
-    }
-    const first = shares[0];
-    const k = first.threshold;
-    const n = first.total;
-    if (shares.length < k) {
-        return (0, shared_1.err)('INSUFFICIENT_SHARES');
-    }
-    const indexSet = new Set();
-    for (const share of shares) {
-        if (share.groupId !== first.groupId) {
-            return (0, shared_1.err)('INCONSISTENT_SHARES');
-        }
-        if (share.total !== n || share.threshold !== k) {
-            return (0, shared_1.err)('INCONSISTENT_SHARES');
-        }
-        if (share.index < 0 || share.index >= n) {
-            return (0, shared_1.err)('INVALID_SHARE_DATA');
-        }
-        if (indexSet.has(share.index)) {
-            return (0, shared_1.err)('INVALID_SHARE_DATA');
-        }
-        indexSet.add(share.index);
-    }
-    return (0, shared_1.ok)({ k, n, groupId: first.groupId });
-}
-/**
- * Perform XorIDA reconstruction and HMAC verification.
- *
- * @param usedShares - Exactly k validated shares
- * @param n - Total shares
- * @param k - Threshold
- * @returns Reconstructed plaintext
- */
-async function reconstructValidated(usedShares, n, k) {
-    let shareData;
-    try {
-        shareData = usedShares.map((s) => (0, crypto_utils_js_1.fromBase64)((0, crypto_utils_js_1.parseShareHeader)(s.data)));
-    }
-    catch {
-        return (0, shared_1.err)('INVALID_SHARE_DATA:BASE64');
-    }
-    const indices = usedShares.map((s) => s.index);
-    let padded;
-    try {
-        padded = (0, crypto_utils_js_1.reconstructXorIDA)(shareData, indices, n, k);
-    }
-    catch {
-        return (0, shared_1.err)('SPLIT_FAILED:RECONSTRUCT');
-    }
-    const first = usedShares[0];
-    let hmacKey;
-    let hmacSig;
-    try {
-        hmacKey = (0, crypto_utils_js_1.fromBase64)(first.hmacKey);
-        hmacSig = (0, crypto_utils_js_1.fromBase64)(first.hmacSig);
-    }
-    catch {
-        return (0, shared_1.err)('INVALID_SHARE_DATA:HMAC_DECODE');
-    }
-    const hmacValid = await (0, crypto_utils_js_1.verifyHMAC)(hmacKey, padded, hmacSig);
-    if (!hmacValid) {
-        return (0, shared_1.err)('HMAC_VERIFICATION_FAILED');
-    }
-    const p = (0, crypto_utils_js_1.nextOddPrime)(n);
-    const blockSize = p - 1;
-    const unpadResult = (0, crypto_utils_js_1.pkcs7Unpad)(padded, blockSize);
-    if (!unpadResult.ok) {
-        return (0, shared_1.err)('UNPAD_FAILED');
-    }
-    return (0, shared_1.ok)(unpadResult.value);
-}
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.DEFAULT_SPLIT_CONFIG=void 0,exports.splitForChannel=splitForChannel,exports.splitForChannelWithGroupId=splitForChannelWithGroupId,exports.reconstructFromChannel=reconstructFromChannel;const shared_1=require("../_deps/shared/index.js"),crypto_utils_js_1=require("./crypto-utils.js");async function splitForChannel(r,t=exports.DEFAULT_SPLIT_CONFIG){const{totalShares:e,threshold:s}=t;if(e<2||s<2||s>e)return(0,shared_1.err)("SPLIT_FAILED:INVALID_PARAMS");return splitForChannelWithGroupId(r,t,(0,crypto_utils_js_1.generateUUID)())}async function splitForChannelWithGroupId(r,t,e){const{totalShares:s,threshold:_}=t;if(s<2||_<2||_>s)return(0,shared_1.err)("SPLIT_FAILED:INVALID_PARAMS");let o,a,n;try{const t=(0,crypto_utils_js_1.nextOddPrime)(s)-1,e=(0,crypto_utils_js_1.pkcs7Pad)(r,t),i=await(0,crypto_utils_js_1.generateHMAC)(e);a=i.key,n=i.signature,o=(0,crypto_utils_js_1.splitXorIDA)(e,s,_)}catch(r){return(0,shared_1.err)("SPLIT_FAILED:CRYPTO_NOT_LOADED")}const i=(0,crypto_utils_js_1.toBase64)(a),c=(0,crypto_utils_js_1.toBase64)(n),u=o.map((r,t)=>({data:(0,crypto_utils_js_1.formatShareHeader)((0,crypto_utils_js_1.toBase64)(r)),index:t,total:s,threshold:_,groupId:e,hmacKey:i,hmacSig:c}));return(0,shared_1.ok)(u)}async function reconstructFromChannel(r){const t=validateShares(r);if(!t.ok)return t;const{k:e,n:s}=t.value;return reconstructValidated(r.slice(0,e),s,e)}function validateShares(r){if(0===r.length)return(0,shared_1.err)("INSUFFICIENT_SHARES");const t=r[0],e=t.threshold,s=t.total;if(r.length<e)return(0,shared_1.err)("INSUFFICIENT_SHARES");const _=new Set;for(const o of r){if(o.groupId!==t.groupId)return(0,shared_1.err)("INCONSISTENT_SHARES");if(o.total!==s||o.threshold!==e)return(0,shared_1.err)("INCONSISTENT_SHARES");if(o.index<0||o.index>=s)return(0,shared_1.err)("INVALID_SHARE_DATA");if(_.has(o.index))return(0,shared_1.err)("INVALID_SHARE_DATA");_.add(o.index)}return(0,shared_1.ok)({k:e,n:s,groupId:t.groupId})}async function reconstructValidated(r,t,e){let s;try{s=r.map(r=>(0,crypto_utils_js_1.fromBase64)((0,crypto_utils_js_1.parseShareHeader)(r.data)))}catch{return(0,shared_1.err)("INVALID_SHARE_DATA:BASE64")}const _=r.map(r=>r.index),o=r[0];let a,n;try{a=(0,crypto_utils_js_1.fromBase64)(o.hmacKey),n=(0,crypto_utils_js_1.fromBase64)(o.hmacSig)}catch{return(0,shared_1.err)("INVALID_SHARE_DATA:HMAC_DECODE")}try{const r=(0,crypto_utils_js_1.reconstructXorIDA)(s,_,t,e);if(!await(0,crypto_utils_js_1.verifyHMAC)(a,r,n))return(0,shared_1.err)("HMAC_VERIFICATION_FAILED");const o=(0,crypto_utils_js_1.nextOddPrime)(t)-1,i=(0,crypto_utils_js_1.pkcs7Unpad)(r,o);return i.ok?(0,shared_1.ok)(i.value):(0,shared_1.err)("UNPAD_FAILED")}catch(r){return(0,shared_1.err)("SPLIT_FAILED:CRYPTO_NOT_LOADED")}}exports.DEFAULT_SPLIT_CONFIG={totalShares:3,threshold:2};

package/dist-standalone/cjs/subscription-proof.js

@@ -1,230 +1 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createSubscriptionProof = createSubscriptionProof;
-exports.verifySubscriptionProof = verifySubscriptionProof;
-exports.resumeSubscription = resumeSubscription;
-exports.hashBloomFilter = hashBloomFilter;
-const shared_1 = require("../_deps/shared/index.js");
-const identity_js_1 = require("./identity.js");
-/* ── Internal Helpers ── */
-/**
- * Compute SHA-256 hash of a Uint8Array.
- *
- * @param data - Data to hash.
- * @returns Hex-encoded SHA-256 hash.
- */
-async function sha256Hash(data) {
-    try {
-        // SAFETY: Creating fresh copy ensures proper ArrayBuffer type (not SharedArrayBuffer)
-        const buffer = new Uint8Array(data);
-        const hashBuffer = await crypto.subtle.digest('SHA-256', buffer);
-        const hashArray = Array.from(new Uint8Array(hashBuffer));
-        const hashHex = hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
-        return (0, shared_1.ok)(hashHex);
-    }
-    catch {
-        return (0, shared_1.err)('HASH_FAILED');
-    }
-}
-/**
- * Serialize subscription proof data for signing (canonical format).
- *
- * Format: type|version|peer_did|bloom_filter_hash|asserted_at|expires_at
- *
- * @param proof - Subscription proof (without signature).
- * @returns Canonical byte representation.
- */
-function serializeForSigning(proof) {
-    const canonical = `${proof.type}|${proof.version}|${proof.peer_did}|${proof.bloom_filter_hash}|${proof.asserted_at}|${proof.expires_at}`;
-    return new TextEncoder().encode(canonical);
-}
-/**
- * Base64 encode (standard, not URL-safe).
- */
-function toBase64(data) {
-    // Use Buffer in Node.js, btoa in browser
-    if (typeof Buffer !== 'undefined') {
-        return Buffer.from(data).toString('base64');
-    }
-    // SAFETY: btoa is standard in browsers
-    return globalThis.btoa(String.fromCharCode(...data));
-}
-/**
- * Base64 decode (standard, not URL-safe).
- */
-function fromBase64(data) {
-    // Use Buffer in Node.js, atob in browser
-    if (typeof Buffer !== 'undefined') {
-        return new Uint8Array(Buffer.from(data, 'base64'));
-    }
-    // SAFETY: atob is standard in browsers
-    const binary = globalThis.atob(data);
-    const bytes = new Uint8Array(binary.length);
-    for (let i = 0; i < binary.length; i++) {
-        bytes[i] = binary.charCodeAt(i);
-    }
-    return bytes;
-}
-/* ── Public API ── */
-/**
- * Create a subscription proof (client-side).
- *
- * Signs a bloom filter hash with the peer's ML-DSA-65 private key, creating
- * a portable proof that can be used to resume subscriptions on a new gateway.
- *
- * @param peerDid - Subscriber's DID (must match the private key).
- * @param bloomFilterHash - SHA-256 hash of the bloom filter (hex string).
- * @param privateKey - 32-byte ML-DSA-65 secret key seed.
- * @param expiresAt - Optional expiration timestamp (ms). Default: 30 days from now.
- * @returns Subscription proof with ML-DSA-65 signature.
- *
- * @example
- * ```typescript
- * const proof = await createSubscriptionProof(
- *   'did:key:z6Mk...',
- *   'a1b2c3...',
- *   mlDsaPrivateKey,
- *   Date.now() + 30 * 24 * 60 * 60 * 1000
- * );
- * ```
- */
-async function createSubscriptionProof(peerDid, bloomFilterHash, privateKey, expiresAt) {
-    const assertedAt = Date.now();
-    const expiresAtFinal = expiresAt ?? (assertedAt + 30 * 24 * 60 * 60 * 1000); // 30 days default
-    // Build proof without signature
-    const proofWithoutSig = {
-        type: 'SubscriptionProof',
-        version: '1.0',
-        peer_did: peerDid,
-        bloom_filter_hash: bloomFilterHash,
-        asserted_at: assertedAt,
-        expires_at: expiresAtFinal,
-    };
-    // Serialize and sign
-    const dataToSign = serializeForSigning(proofWithoutSig);
-    const signatureResult = await (0, identity_js_1.signMlDsa65)(privateKey, dataToSign);
-    if (!signatureResult.ok) {
-        return (0, shared_1.err)('SIGNATURE_VERIFICATION_FAILED');
-    }
-    const signature = signatureResult.value;
-    if (signature.length !== identity_js_1.ML_DSA65_SIG_BYTES) {
-        return (0, shared_1.err)('SIGNATURE_VERIFICATION_FAILED');
-    }
-    // Build final proof
-    const proof = {
-        ...proofWithoutSig,
-        peer_signature_algorithm: 'ML-DSA-65',
-        peer_signature: toBase64(signature),
-    };
-    return (0, shared_1.ok)(proof);
-}
-/**
- * Verify a subscription proof (gateway-side).
- *
- * Validates the ML-DSA-65 signature and checks expiration.
- *
- * @param proof - Subscription proof to verify.
- * @param peerPublicKey - 1952-byte ML-DSA-65 public key of the subscriber.
- * @returns true if valid, false if invalid or expired.
- *
- * @example
- * ```typescript
- * const isValid = await verifySubscriptionProof(proof, mlDsaPublicKey);
- * if (isValid.ok && isValid.value) {
- *   // Resume subscription
- * }
- * ```
- */
-async function verifySubscriptionProof(proof, peerPublicKey) {
-    // Check proof version
-    if (proof.version !== '1.0' || proof.type !== 'SubscriptionProof') {
-        return (0, shared_1.ok)(false);
-    }
-    // Check expiration
-    if (Date.now() > proof.expires_at) {
-        return (0, shared_1.err)('EXPIRED');
-    }
-    // Check signature algorithm
-    if (proof.peer_signature_algorithm !== 'ML-DSA-65') {
-        return (0, shared_1.ok)(false);
-    }
-    // Decode signature
-    let signature;
-    try {
-        signature = fromBase64(proof.peer_signature);
-    }
-    catch {
-        return (0, shared_1.ok)(false);
-    }
-    if (signature.length !== identity_js_1.ML_DSA65_SIG_BYTES) {
-        return (0, shared_1.ok)(false);
-    }
-    // Reconstruct signed data
-    const proofWithoutSig = {
-        type: proof.type,
-        version: proof.version,
-        peer_did: proof.peer_did,
-        bloom_filter_hash: proof.bloom_filter_hash,
-        asserted_at: proof.asserted_at,
-        expires_at: proof.expires_at,
-    };
-    const dataToVerify = serializeForSigning(proofWithoutSig);
-    // Verify signature
-    const verifyResult = await (0, identity_js_1.verifyMlDsa65)(peerPublicKey, signature, dataToVerify);
-    if (!verifyResult.ok) {
-        return (0, shared_1.err)('SIGNATURE_VERIFICATION_FAILED');
-    }
-    return (0, shared_1.ok)(verifyResult.value);
-}
-/**
- * Resume subscription on a new gateway using a proof.
- *
- * Presents the subscription proof to the new gateway, allowing the client
- * to resume receiving trust events without re-subscribing.
- *
- * @param proof - Valid subscription proof.
- * @param newGatewayUrl - Base URL of the new gateway (e.g., https://atelier2.xail.io).
- * @returns Success or network error.
- *
- * @example
- * ```typescript
- * const result = await resumeSubscription(proof, 'https://atelier2.xail.io');
- * if (result.ok) {
- *   console.log('Subscription resumed on new gateway');
- * }
- * ```
- */
-async function resumeSubscription(proof, newGatewayUrl) {
-    try {
-        const baseUrl = newGatewayUrl.replace(/\/$/, '');
-        const response = await fetch(`${baseUrl}/trust/resume`, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify(proof),
-        });
-        if (!response.ok) {
-            return (0, shared_1.err)('NETWORK_ERROR');
-        }
-        return (0, shared_1.ok)(undefined);
-    }
-    catch {
-        return (0, shared_1.err)('NETWORK_ERROR');
-    }
-}
-/**
- * Compute SHA-256 hash of a bloom filter for proof creation.
- *
- * @param bloomFilter - Bloom filter bytes.
- * @returns Hex-encoded SHA-256 hash.
- *
- * @example
- * ```typescript
- * const hash = await hashBloomFilter(bloomFilterBytes);
- * if (hash.ok) {
- *   const proof = await createSubscriptionProof(did, hash.value, privateKey);
- * }
- * ```
- */
-async function hashBloomFilter(bloomFilter) {
-    return sha256Hash(bloomFilter);
-}
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.createSubscriptionProof=createSubscriptionProof,exports.verifySubscriptionProof=verifySubscriptionProof,exports.resumeSubscription=resumeSubscription,exports.hashBloomFilter=hashBloomFilter;const shared_1=require("../_deps/shared/index.js"),identity_js_1=require("./identity.js");async function sha256Hash(e){try{const r=new Uint8Array(e),t=await crypto.subtle.digest("SHA-256",r),i=Array.from(new Uint8Array(t)).map(e=>e.toString(16).padStart(2,"0")).join("");return(0,shared_1.ok)(i)}catch{return(0,shared_1.err)("HASH_FAILED")}}function serializeForSigning(e){const r=`${e.type}|${e.version}|${e.peer_did}|${e.bloom_filter_hash}|${e.asserted_at}|${e.expires_at}`;return(new TextEncoder).encode(r)}function toBase64(e){return"undefined"!=typeof Buffer?Buffer.from(e).toString("base64"):globalThis.btoa(String.fromCharCode(...e))}function fromBase64(e){if("undefined"!=typeof Buffer)return new Uint8Array(Buffer.from(e,"base64"));const r=globalThis.atob(e),t=new Uint8Array(r.length);for(let e=0;e<r.length;e++)t[e]=r.charCodeAt(e);return t}async function createSubscriptionProof(e,r,t,i){const o=Date.now(),s={type:"SubscriptionProof",version:"1.0",peer_did:e,bloom_filter_hash:r,asserted_at:o,expires_at:i??o+2592e6},n=serializeForSigning(s),a=await(0,identity_js_1.signMlDsa65)(t,n);if(!a.ok)return(0,shared_1.err)("SIGNATURE_VERIFICATION_FAILED");const _=a.value;if(_.length!==identity_js_1.ML_DSA65_SIG_BYTES)return(0,shared_1.err)("SIGNATURE_VERIFICATION_FAILED");const u={...s,peer_signature_algorithm:"ML-DSA-65",peer_signature:toBase64(_)};return(0,shared_1.ok)(u)}async function verifySubscriptionProof(e,r){if("1.0"!==e.version||"SubscriptionProof"!==e.type)return(0,shared_1.ok)(!1);if(Date.now()>e.expires_at)return(0,shared_1.err)("EXPIRED");if("ML-DSA-65"!==e.peer_signature_algorithm)return(0,shared_1.ok)(!1);let t;try{t=fromBase64(e.peer_signature)}catch{return(0,shared_1.ok)(!1)}if(t.length!==identity_js_1.ML_DSA65_SIG_BYTES)return(0,shared_1.ok)(!1);const i=serializeForSigning({type:e.type,version:e.version,peer_did:e.peer_did,bloom_filter_hash:e.bloom_filter_hash,asserted_at:e.asserted_at,expires_at:e.expires_at}),o=await(0,identity_js_1.verifyMlDsa65)(r,t,i);return o.ok?(0,shared_1.ok)(o.value):(0,shared_1.err)("SIGNATURE_VERIFICATION_FAILED")}async function resumeSubscription(e,r){try{const t=r.replace(/\/$/,"");return(await fetch(`${t}/trust/resume`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(e)})).ok?(0,shared_1.ok)(void 0):(0,shared_1.err)("NETWORK_ERROR")}catch{return(0,shared_1.err)("NETWORK_ERROR")}}async function hashBloomFilter(e){return sha256Hash(e)}

package/dist-standalone/cjs/succession.js

@@ -1,148 +1 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createSuccession = createSuccession;
-exports.verifySuccession = verifySuccession;
-exports.encodeSuccession = encodeSuccession;
-exports.decodeSuccession = decodeSuccession;
-const identity_js_1 = require("./identity.js");
-const shared_1 = require("../_deps/shared/index.js");
-/**
- * Create DID succession announcement with dual signatures.
- *
- * Format: did:key:OLD||did:key:NEW||sequence||effective_at||expires_at||grace_period||timestamp||sig_OLD||sig_NEW
- * Both old and new keys must sign to prove possession.
- *
- * @param oldDid - DID being rotated (old key)
- * @param oldPrivateKey - ML-DSA-65 secret key (32-byte seed) for old DID
- * @param newDid - DID replacing old DID
- * @param newPrivateKey - ML-DSA-65 secret key (32-byte seed) for new DID
- * @param rotationSequence - Monotonically increasing sequence number
- * @param gracePeriodMs - Overlap window in milliseconds (default: 7 days)
- * @returns Succession announcement with dual signatures or error
- */
-async function createSuccession(oldDid, oldPrivateKey, newDid, newPrivateKey, rotationSequence, gracePeriodMs = 7 * 24 * 60 * 60 * 1000 // 7 days default
-) {
-    const timestamp = Date.now();
-    const effective_at = timestamp;
-    const expires_at = timestamp + 30 * 24 * 60 * 60 * 1000; // 30 days proof validity
-    const message = `${oldDid}||${newDid}||${rotationSequence}||${effective_at}||${expires_at}||${gracePeriodMs}||${timestamp}`;
-    const messageBytes = new TextEncoder().encode(message);
-    const oldSigResult = await (0, identity_js_1.signMlDsa65)(oldPrivateKey, messageBytes);
-    if (!oldSigResult.ok) {
-        return (0, shared_1.err)('SIGN_FAILED');
-    }
-    const newSigResult = await (0, identity_js_1.signMlDsa65)(newPrivateKey, messageBytes);
-    if (!newSigResult.ok) {
-        return (0, shared_1.err)('SIGN_FAILED');
-    }
-    return (0, shared_1.ok)({
-        oldDid,
-        newDid,
-        rotation_sequence: rotationSequence,
-        effective_at,
-        expires_at,
-        grace_period_ms: gracePeriodMs,
-        timestamp,
-        oldSignature: oldSigResult.value,
-        newSignature: newSigResult.value
-    });
-}
-/**
- * Verify succession announcement dual signatures.
- *
- * Both old and new keys must have valid signatures.
- * Also checks sequence monotonicity (new sequence must be greater than current).
- *
- * @param announcement - Succession announcement to verify
- * @param oldPublicKey - ML-DSA-65 public key (1952 bytes) for old DID
- * @param newPublicKey - ML-DSA-65 public key (1952 bytes) for new DID
- * @returns true if both signatures valid, false otherwise
- */
-async function verifySuccession(announcement, oldPublicKey, newPublicKey) {
-    const message = `${announcement.oldDid}||${announcement.newDid}||${announcement.rotation_sequence}||${announcement.effective_at}||${announcement.expires_at}||${announcement.grace_period_ms}||${announcement.timestamp}`;
-    const messageBytes = new TextEncoder().encode(message);
-    const oldValidResult = await (0, identity_js_1.verifyMlDsa65)(oldPublicKey, announcement.oldSignature, messageBytes);
-    if (!oldValidResult.ok) {
-        return (0, shared_1.err)('VERIFY_FAILED');
-    }
-    const newValidResult = await (0, identity_js_1.verifyMlDsa65)(newPublicKey, announcement.newSignature, messageBytes);
-    if (!newValidResult.ok) {
-        return (0, shared_1.err)('VERIFY_FAILED');
-    }
-    const bothValid = oldValidResult.value && newValidResult.value;
-    return (0, shared_1.ok)(bothValid);
-}
-/**
- * Encode succession announcement to wire format.
- *
- * Format: did:key:OLD||did:key:NEW||sequence||effective_at||expires_at||grace_period||timestamp||sig_OLD||sig_NEW
- *
- * @param announcement - Succession announcement to encode
- * @returns Wire format string (base64-encoded signatures)
- */
-function encodeSuccession(announcement) {
-    const parts = [
-        announcement.oldDid,
-        announcement.newDid,
-        announcement.rotation_sequence.toString(),
-        announcement.effective_at.toString(),
-        announcement.expires_at.toString(),
-        announcement.grace_period_ms.toString(),
-        announcement.timestamp.toString(),
-        Buffer.from(announcement.oldSignature).toString('base64'),
-        Buffer.from(announcement.newSignature).toString('base64')
-    ];
-    return parts.join('||');
-}
-/**
- * Decode succession announcement from wire format.
- *
- * @param encoded - Wire format string
- * @returns Parsed succession announcement or error
- */
-function decodeSuccession(encoded) {
-    const parts = encoded.split('||');
-    if (parts.length !== 9) {
-        return (0, shared_1.err)('INVALID_FORMAT');
-    }
-    const oldDid = parts[0];
-    const newDid = parts[1];
-    const sequenceStr = parts[2];
-    const effectiveAtStr = parts[3];
-    const expiresAtStr = parts[4];
-    const gracePeriodStr = parts[5];
-    const timestampStr = parts[6];
-    const oldSigB64 = parts[7];
-    const newSigB64 = parts[8];
-    if (!oldDid || !newDid || !sequenceStr || !effectiveAtStr || !expiresAtStr || !gracePeriodStr || !timestampStr || !oldSigB64 || !newSigB64) {
-        return (0, shared_1.err)('INVALID_FORMAT');
-    }
-    const rotation_sequence = parseInt(sequenceStr, 10);
-    const effective_at = parseInt(effectiveAtStr, 10);
-    const expires_at = parseInt(expiresAtStr, 10);
-    const grace_period_ms = parseInt(gracePeriodStr, 10);
-    const timestamp = parseInt(timestampStr, 10);
-    if (isNaN(rotation_sequence) || rotation_sequence < 0 ||
-        isNaN(effective_at) || effective_at < 0 ||
-        isNaN(expires_at) || expires_at < 0 ||
-        isNaN(grace_period_ms) || grace_period_ms < 0 ||
-        isNaN(timestamp) || timestamp < 0) {
-        return (0, shared_1.err)('INVALID_TIMESTAMP');
-    }
-    try {
-        return (0, shared_1.ok)({
-            oldDid,
-            newDid,
-            rotation_sequence,
-            effective_at,
-            expires_at,
-            grace_period_ms,
-            timestamp,
-            oldSignature: new Uint8Array(Buffer.from(oldSigB64, 'base64')),
-            newSignature: new Uint8Array(Buffer.from(newSigB64, 'base64'))
-        });
-    }
-    catch {
-        return (0, shared_1.err)('INVALID_FORMAT');
-    }
-}
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.createSuccession=createSuccession,exports.verifySuccession=verifySuccession,exports.encodeSuccession=encodeSuccession,exports.decodeSuccession=decodeSuccession;const identity_js_1=require("./identity.js"),shared_1=require("../_deps/shared/index.js");async function createSuccession(e,r,t,n,i,s=6048e5){const o=Date.now(),a=o,c=o+2592e6,d=`${e}||${t}||${i}||${a}||${c}||${s}||${o}`,_=(new TextEncoder).encode(d),u=await(0,identity_js_1.signMlDsa65)(r,_);if(!u.ok)return(0,shared_1.err)("SIGN_FAILED");const f=await(0,identity_js_1.signMlDsa65)(n,_);return f.ok?(0,shared_1.ok)({oldDid:e,newDid:t,rotation_sequence:i,effective_at:a,expires_at:c,grace_period_ms:s,timestamp:o,oldSignature:u.value,newSignature:f.value}):(0,shared_1.err)("SIGN_FAILED")}async function verifySuccession(e,r,t){const n=`${e.oldDid}||${e.newDid}||${e.rotation_sequence}||${e.effective_at}||${e.expires_at}||${e.grace_period_ms}||${e.timestamp}`,i=(new TextEncoder).encode(n),s=await(0,identity_js_1.verifyMlDsa65)(r,e.oldSignature,i);if(!s.ok)return(0,shared_1.err)("VERIFY_FAILED");const o=await(0,identity_js_1.verifyMlDsa65)(t,e.newSignature,i);if(!o.ok)return(0,shared_1.err)("VERIFY_FAILED");const a=s.value&&o.value;return(0,shared_1.ok)(a)}function encodeSuccession(e){return[e.oldDid,e.newDid,e.rotation_sequence.toString(),e.effective_at.toString(),e.expires_at.toString(),e.grace_period_ms.toString(),e.timestamp.toString(),Buffer.from(e.oldSignature).toString("base64"),Buffer.from(e.newSignature).toString("base64")].join("||")}function decodeSuccession(e){const r=e.split("||");if(9!==r.length)return(0,shared_1.err)("INVALID_FORMAT");const t=r[0],n=r[1],i=r[2],s=r[3],o=r[4],a=r[5],c=r[6],d=r[7],_=r[8];if(!(t&&n&&i&&s&&o&&a&&c&&d&&_))return(0,shared_1.err)("INVALID_FORMAT");const u=parseInt(i,10),f=parseInt(s,10),S=parseInt(o,10),p=parseInt(a,10),g=parseInt(c,10);if(isNaN(u)||u<0||isNaN(f)||f<0||isNaN(S)||S<0||isNaN(p)||p<0||isNaN(g)||g<0)return(0,shared_1.err)("INVALID_TIMESTAMP");try{return(0,shared_1.ok)({oldDid:t,newDid:n,rotation_sequence:u,effective_at:f,expires_at:S,grace_period_ms:p,timestamp:g,oldSignature:new Uint8Array(Buffer.from(d,"base64")),newSignature:new Uint8Array(Buffer.from(_,"base64"))})}catch{return(0,shared_1.err)("INVALID_FORMAT")}}