@terminal3/t3n-sdk 3.3.0 → 3.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +33 -796
- package/dist/index.d.ts +281 -115
- package/dist/index.esm.js +1 -1
- package/dist/index.js +1 -1
- package/package.json +10 -60
- package/README.OIDC.md +0 -216
- package/dist/demo.d.ts +0 -25
- package/dist/src/client/actions.d.ts +0 -31
- package/dist/src/client/config.d.ts +0 -33
- package/dist/src/client/contract-response.d.ts +0 -59
- package/dist/src/client/delegation.d.ts +0 -388
- package/dist/src/client/encryption.d.ts +0 -30
- package/dist/src/client/handlers.d.ts +0 -73
- package/dist/src/client/index.d.ts +0 -13
- package/dist/src/client/org-data.d.ts +0 -276
- package/dist/src/client/request-parser.d.ts +0 -48
- package/dist/src/client/t3n-client.d.ts +0 -544
- package/dist/src/client/transport.d.ts +0 -131
- package/dist/src/config/index.d.ts +0 -82
- package/dist/src/config/loader.d.ts +0 -8
- package/dist/src/config/types.d.ts +0 -25
- package/dist/src/index.d.ts +0 -39
- package/dist/src/types/auth.d.ts +0 -66
- package/dist/src/types/index.d.ts +0 -45
- package/dist/src/types/kyc.d.ts +0 -135
- package/dist/src/types/org-data.d.ts +0 -180
- package/dist/src/types/session.d.ts +0 -24
- package/dist/src/types/token.d.ts +0 -102
- package/dist/src/types/user.d.ts +0 -236
- package/dist/src/utils/contract-version.d.ts +0 -5
- package/dist/src/utils/crypto.d.ts +0 -52
- package/dist/src/utils/errors.d.ts +0 -144
- package/dist/src/utils/index.d.ts +0 -10
- package/dist/src/utils/logger.d.ts +0 -102
- package/dist/src/utils/redaction.d.ts +0 -13
- package/dist/src/utils/session.d.ts +0 -37
- package/dist/src/utils/shape.d.ts +0 -30
- package/dist/src/wasm/index.d.ts +0 -5
- package/dist/src/wasm/interface.d.ts +0 -110
- package/dist/src/wasm/loader.d.ts +0 -43
- package/dist/src/wasm/quote-verifier/quote_verifier_bytes.d.ts +0 -1
- package/dist/src/wasm/quote-verifier-loader.d.ts +0 -58
|
@@ -1,58 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* TDX quote verifier backed by the Rust `signature` crate compiled to
|
|
3
|
-
* WASM. Full cryptographic verification: ECDSA P-256 attestation-key
|
|
4
|
-
* signature, PCK certificate chain walk to Intel's root CA, and
|
|
5
|
-
* report_data + RTMR comparison.
|
|
6
|
-
*
|
|
7
|
-
* The WASM bytes are inlined as base64 (see quote_verifier_bytes.ts)
|
|
8
|
-
* so the SDK works without bundler WASM plugins and without runtime
|
|
9
|
-
* asset URL resolution.
|
|
10
|
-
*/
|
|
11
|
-
export interface QuoteVerifyResult {
|
|
12
|
-
valid: boolean;
|
|
13
|
-
error?: string;
|
|
14
|
-
rtmr3?: string;
|
|
15
|
-
report_data?: string;
|
|
16
|
-
}
|
|
17
|
-
export interface PeerQuoteResult {
|
|
18
|
-
peer_id: string;
|
|
19
|
-
valid: boolean;
|
|
20
|
-
error?: string;
|
|
21
|
-
rtmr3?: string;
|
|
22
|
-
}
|
|
23
|
-
export interface DkgVerifyResult {
|
|
24
|
-
valid: boolean;
|
|
25
|
-
results: PeerQuoteResult[];
|
|
26
|
-
valid_count: number;
|
|
27
|
-
expected_count: number;
|
|
28
|
-
error?: string;
|
|
29
|
-
}
|
|
30
|
-
/**
|
|
31
|
-
* Verify a single TDX attestation quote with full cryptographic verification.
|
|
32
|
-
*
|
|
33
|
-
* @param quoteB64 - Base64-encoded raw TDX v4 quote
|
|
34
|
-
* @param attestationMsgB64 - Base64-encoded attestation message
|
|
35
|
-
* (for DKG: encaps_key || sorted_peer_id_bytes)
|
|
36
|
-
* @param expectedRtmr3B64 - Optional base64-encoded 48-byte RTMR3
|
|
37
|
-
* @returns Verification result with extracted measurements
|
|
38
|
-
*/
|
|
39
|
-
export declare function verifyTdxQuote(quoteB64: string, attestationMsgB64: string, expectedRtmr3B64?: string): Promise<QuoteVerifyResult>;
|
|
40
|
-
/**
|
|
41
|
-
* Verify a full DKG attestation bundle: multiple TDX quotes from all
|
|
42
|
-
* participating nodes, plus the binding between the quotes and the
|
|
43
|
-
* ML-KEM encapsulation key. Checks:
|
|
44
|
-
* 1. attestationMsg starts with encapsKey (server can't swap the key)
|
|
45
|
-
* 2. Every quote's ECDSA signature chains to Intel's SGX root CA
|
|
46
|
-
* 3. Every quote's report_data == keccak512(attestationMsg)
|
|
47
|
-
* 4. Optional RTMR3 pinning per quote
|
|
48
|
-
*
|
|
49
|
-
* @param encapsKeyB64 - Base64-encoded ML-KEM encapsulation key
|
|
50
|
-
* (from `/status.encaps_key`)
|
|
51
|
-
* @param attestationMsgB64 - Base64-encoded raw attestation message
|
|
52
|
-
* (from `/status.dkg_attestation.attestation_msg`)
|
|
53
|
-
* @param peerIds - Sorted array of base58 peer IDs
|
|
54
|
-
* @param quotes - Map of peer_id → base64-encoded TDX quote
|
|
55
|
-
* @param expectedRtmr3B64 - Optional base64-encoded 48-byte RTMR3
|
|
56
|
-
* @returns Per-peer verification results and overall validity
|
|
57
|
-
*/
|
|
58
|
-
export declare function verifyDkgAttestation(encapsKeyB64: string, attestationMsgB64: string, peerIds: string[], quotes: Record<string, string>, expectedRtmr3B64?: string): Promise<DkgVerifyResult>;
|