@tideorg/js 0.13.19

package/dist/Flow/EncryptionFlows/AuthorizedEncryptionFlow.js

@@ -0,0 +1,183 @@
+// 
+// Tide Protocol - Infrastructure for a TRUE Zero-Trust paradigm
+// Copyright (C) 2022 Tide Foundation Ltd
+// 
+// This program is free software and is subject to the terms of 
+// the Tide Community Open Code License as published by the 
+// Tide Foundation Limited. You may modify it and redistribute 
+// it in accordance with and subject to the terms of that License.
+// This program is distributed WITHOUT WARRANTY of any kind, 
+// including without any implied warranty of MERCHANTABILITY or 
+// FITNESS FOR A PARTICULAR PURPOSE.
+// See the Tide Community Open Code License for more details.
+// You should have received a copy of the Tide Community Open 
+// Code License along with this program.
+// If not, see https://tide.org/licenses_tcoc2-0-0-en
+//
+import { Encryption, Serialization } from "../../Cryptide/index";
+import { decryptDataRawOutput, encryptDataRawOutput } from "../../Cryptide/Encryption/AES";
+import { numberToUint8Array, StringToUint8Array } from "../../Cryptide/Serialization";
+import { CurrentTime } from "../../Tools/Utils";
+import BaseTideRequest from "../../Models/BaseTideRequest";
+import dVVKSigningFlow from "../SigningFlows/dVVKSigningFlow";
+import SerializedField from "../../Models/SerializedField";
+import dVVKDecryptionFlow from "../DecryptionFlows/dVVKDecryptionFlow";
+/**
+ *
+ * @param {{
+ * vendorId: string,
+ * token: Doken,
+ * sessionKey: TideKey
+ * voucherURL: string,
+ * homeOrkUrl: string | null
+ * keyInfo: KeyInfo
+ * }} config
+ */
+export function AuthorizedEncryptionFlow(config) {
+    if (!(this instanceof AuthorizedEncryptionFlow)) {
+        throw new Error("The 'AuthorizedEncryptionFlow' constructor must be invoked with 'new'.");
+    }
+    var encryptionFlow = this;
+    if (!config.token.payload.sessionKey.Equals(config.sessionKey.get_public_component())) {
+        throw Error("Mismatch between session key private and Doken session key public");
+    }
+    encryptionFlow.vvkId = config.vendorId;
+    encryptionFlow.token = config.token;
+    encryptionFlow.sessKey = config.sessionKey;
+    encryptionFlow.voucherURL = config.voucherURL;
+    encryptionFlow.vvkInfo = config.keyInfo;
+    /**
+     *
+     * @param {[
+    * {
+    *      data: Uint8Array,
+    *      tags: string[]
+    * }
+    * ]} datasToEncrypt
+     * @returns
+     */
+    encryptionFlow.encrypt = async function (datasToEncrypt) {
+        const encReqs = await Promise.all(datasToEncrypt.map(async (d) => {
+            const d_b = d.data;
+            if (d_b.length < 32) {
+                // if data is less than 32B
+                // Gr. EncryptedData 
+                const encryptedData = await Encryption.ElGamal.encryptDataRaw(d_b, encryptionFlow.vvkInfo.UserPublic);
+                const tags_b = d.tags.map(t => StringToUint8Array(t));
+                return {
+                    encryptionToSign: encryptedData,
+                    encryptedData: encryptedData,
+                    tags: tags_b,
+                    sizeLessThan32: true
+                };
+            }
+            else {
+                // if data is more than 32B
+                const largeDataKey = window.crypto.getRandomValues(new Uint8Array(32));
+                const encryptedData = await encryptDataRawOutput(d_b, largeDataKey);
+                const encryptedKey = await Encryption.ElGamal.encryptDataRaw(largeDataKey, encryptionFlow.vvkInfo.UserPublic);
+                const tags_b = d.tags.map(t => StringToUint8Array(t));
+                return {
+                    encryptionToSign: encryptedKey,
+                    encryptedData: encryptedData,
+                    tags: tags_b,
+                    sizeLessThan32: false
+                };
+            }
+        }));
+        // Start signing flow to authorize this encryption
+        const timestamp = CurrentTime();
+        const timestamp_b = numberToUint8Array(timestamp, 8);
+        const size = encReqs.reduce((sum, next) => {
+            // init 4 + as we'll be creating tide memory within tide memory
+            // + 4 again since its another index
+            const nsize = 4 + 4 + (4 + next.encryptionToSign.length + next.tags.reduce((sum, next) => sum + 4 + next.length, 0));
+            return sum + nsize;
+        }, 0) + 4 + timestamp_b.length;
+        const draft = Serialization.CreateTideMemory(timestamp_b, size);
+        encReqs.forEach((enc, i) => {
+            const entry = Serialization.CreateTideMemory(enc.encryptionToSign, 4 + enc.encryptionToSign.length + enc.tags.reduce((sum, next) => sum + 4 + next.length, 0));
+            enc.tags.forEach((tag, j) => {
+                Serialization.WriteValue(entry, j + 1, tag);
+            });
+            Serialization.WriteValue(draft, i + 1, entry);
+        });
+        const encryptionRequest = new BaseTideRequest("TideSelfEncryption", "1", "Doken:1", draft);
+        // Deserialize token to retrieve vuid - if it exists
+        const vuid = this.token.payload.vuid;
+        if (vuid)
+            encryptionRequest.setNewDynamicData(StringToUint8Array(vuid));
+        // Initiate signing flow
+        const encryptingSigningFlow = new dVVKSigningFlow(this.vvkId, encryptionFlow.vvkInfo.UserPublic, encryptionFlow.vvkInfo.OrkInfo, encryptionFlow.sessKey, encryptionFlow.token, this.voucherURL);
+        const signatures = await encryptingSigningFlow.start(encryptionRequest);
+        // Construct final serialized payloads for client to store
+        return signatures.map((sig, i) => SerializedField.create(encReqs[i].encryptedData, timestamp, encReqs[i].sizeLessThan32 ? null : encReqs[i].encryptionToSign, sig));
+    };
+    /**
+         *
+         * @param {[
+         * {
+         *    encrypted: Uint8Array,
+         *    tags: string[]
+         * }
+         * ]} datasToDecrypt
+         */
+    encryptionFlow.decrypt = async function (datasToDecrypt) {
+        // Deserialize all datasToDecrypt + include tags in object
+        const deserializedDatas = datasToDecrypt.map(d => {
+            const b = SerializedField.deserialize(d.encrypted);
+            if (b.signature == null)
+                throw Error("Signature must be provided in Tide Serialized Data to an Authorized Decryption");
+            const tags_b = d.tags.map(t => StringToUint8Array(t));
+            return {
+                ...b,
+                tags: tags_b
+            };
+        });
+        // Get orks to apply vvk    
+        const entries = deserializedDatas.map((data, i) => {
+            if (data.encKey) {
+                // We must decrypt the encrypted key, not the data itself
+                const entry = Serialization.CreateTideMemory(data.encKey, 4 + data.encKey.length + 4 + data.signature.length + 4 + data.timestamp.length + data.tags.reduce((sum, next) => sum + 4 + next.length, 0));
+                Serialization.WriteValue(entry, 1, data.signature); // won't be null
+                Serialization.WriteValue(entry, 2, data.timestamp);
+                data.tags.forEach((tag, j) => {
+                    Serialization.WriteValue(entry, j + 3, tag); // + 3 as we start at index 3
+                });
+                return entry;
+            }
+            else {
+                // decrypt data directly
+                const entry = Serialization.CreateTideMemory(data.encFieldChk, 4 + data.encFieldChk.length + 4 + data.signature.length + 4 + data.timestamp.length + data.tags.reduce((sum, next) => sum + 4 + next.length, 0));
+                Serialization.WriteValue(entry, 1, data.signature); // won't be null
+                Serialization.WriteValue(entry, 2, data.timestamp);
+                data.tags.forEach((tag, j) => {
+                    Serialization.WriteValue(entry, j + 3, tag); // + 3 as we start at index 3
+                });
+                return entry;
+            }
+        });
+        const draft = Serialization.CreateTideMemory(entries[0], entries.reduce((sum, next) => sum + 4 + next.length, 0));
+        for (let i = 1; i < entries.length; i++) {
+            Serialization.WriteValue(draft, i, entries[i]);
+        }
+        const decryptionRequest = new BaseTideRequest("SelfDecrypt", "1", "Doken:1", draft);
+        const flow = new dVVKDecryptionFlow(this.vvkId, this.vvkInfo.UserPublic, this.vvkInfo.OrkInfo, this.sessKey, this.token, this.voucherURL);
+        const dataKeys = await flow.start(decryptionRequest);
+        // Decrypt all datas
+        const decryptedDatas = await Promise.all(deserializedDatas.map(async (data, i) => {
+            // if encKey exists - decrypt with elgamal that
+            // then decrypt encField with key
+            if (data.encKey) {
+                const key = await decryptDataRawOutput(data.encKey.slice(32), dataKeys[i]);
+                return await decryptDataRawOutput(data.encFieldChk, key);
+            }
+            else {
+                // else - decrypt encField with elgamal
+                return await decryptDataRawOutput(data.encFieldChk.slice(32), dataKeys[i]);
+            }
+        }));
+        // Return as bytes
+        return decryptedDatas;
+    };
+}

package/dist/Flow/EncryptionFlows/PolicyAuthorizedEncryptionFlow.d.ts

@@ -0,0 +1,57 @@
+import BaseTideRequest from "../../Models/BaseTideRequest";
+import TideKey from "../../Cryptide/TideKey";
+import KeyInfo from "../../Models/Infos/KeyInfo";
+import { Tools } from "../..";
+import { Doken } from "../../Models/Doken";
+interface EncryptionFlowConfig {
+    vendorId: string;
+    token: Doken;
+    sessionKey: TideKey;
+    voucherURL: string;
+    homeOrkUrl: string | null;
+    keyInfo: KeyInfo;
+}
+export interface DataToEncrypt {
+    data: Uint8Array;
+    tags: string[];
+}
+export interface DataToDecrypt {
+    encrypted: Uint8Array;
+    tags: string[];
+}
+export declare class PolicyAuthorizedEncryptionFlow {
+    vvkId: string;
+    token: Doken;
+    sessKey: TideKey;
+    voucherURL: string;
+    policy: Uint8Array;
+    vvkInfo: KeyInfo;
+    constructor(config: EncryptionFlowConfig);
+    createEncryptionRequest(datasToEncrypt: DataToEncrypt[], addHeavyDataToReq?: boolean): Promise<{
+        request: BaseTideRequest;
+        encReqs: {
+            encryptionToSign: Uint8Array<ArrayBuffer>;
+            encryptionAuthData: any;
+            encryptedData: Uint8Array<ArrayBuffer>;
+            tags: Uint8Array<ArrayBuffer>[];
+            sizeLessThan32: boolean;
+        }[];
+        timestamp: number;
+    }>;
+    encrypt(datasToEncrypt: DataToEncrypt[], policy: Uint8Array): Promise<Uint8Array[]>;
+    commitEncrypt(request: Uint8Array, policy: Uint8Array): Promise<Tools.TideMemory[]>;
+    createDecryptionRequest(datasToDecrypt: DataToDecrypt[], addHeavyDataToReq?: boolean): {
+        request: BaseTideRequest;
+        deserializedDatas: {
+            tags: Uint8Array<ArrayBuffer>[];
+            encFieldChk: Uint8Array<ArrayBufferLike>;
+            timestamp: Uint8Array<ArrayBufferLike>;
+            encKey: Uint8Array<ArrayBufferLike>;
+            signature: Uint8Array<ArrayBufferLike>;
+        }[];
+    };
+    decrypt(datasToDecrypt: DataToDecrypt[], policy: Uint8Array): Promise<Uint8Array[]>;
+    commitDecrypt(request: Uint8Array, policy: Uint8Array): Promise<any[]>;
+}
+export {};
+//# sourceMappingURL=PolicyAuthorizedEncryptionFlow.d.ts.map

package/dist/Flow/EncryptionFlows/PolicyAuthorizedEncryptionFlow.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"PolicyAuthorizedEncryptionFlow.d.ts","sourceRoot":"","sources":["../../../Flow/EncryptionFlows/PolicyAuthorizedEncryptionFlow.ts"],"names":[],"mappings":"AAqBA,OAAO,eAAe,MAAM,8BAA8B,CAAC;AAI3D,OAAO,OAAO,MAAM,wBAAwB,CAAC;AAC7C,OAAO,OAAO,MAAM,4BAA4B,CAAC;AAEjD,OAAO,EAAE,KAAK,EAAE,MAAM,OAAO,CAAC;AAE9B,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAE3C,UAAU,oBAAoB;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,KAAK,CAAC;IACb,UAAU,EAAE,OAAO,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,OAAO,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,aAAa;IAC1B,IAAI,EAAE,UAAU,CAAC;IACjB,IAAI,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,MAAM,WAAW,aAAa;IAC1B,SAAS,EAAE,UAAU,CAAC;IACtB,IAAI,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,qBAAa,8BAA8B;IACvC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,KAAK,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,UAAU,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;gBAEL,MAAM,EAAE,oBAAoB;IAYlC,uBAAuB,CAAC,cAAc,EAAE,aAAa,EAAE,EAAE,iBAAiB,UAAQ;;;;;;;;;;;IAsElF,OAAO,CAAC,cAAc,EAAE,aAAa,EAAE,EAAE,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IAkBnF,aAAa,CAAC,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU;IAoC3D,uBAAuB,CAAC,cAAc,EAAE,aAAa,EAAE,EAAE,iBAAiB,UAAM;;;;;;;;;;IAgD1E,OAAO,CAAC,cAAc,EAAE,aAAa,EAAE,EAAE,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IAwBnF,aAAa,CAAC,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU;CA8B9D"}

package/dist/Flow/EncryptionFlows/PolicyAuthorizedEncryptionFlow.js

@@ -0,0 +1,220 @@
+//
+// Tide Protocol - Infrastructure for a TRUE Zero-Trust paradigm
+// Copyright (C) 2022 Tide Foundation Ltd
+//
+// This program is free software and is subject to the terms of
+// the Tide Community Open Code License as published by the
+// Tide Foundation Limited. You may modify it and redistribute
+// it in accordance with and subject to the terms of that License.
+// This program is distributed WITHOUT WARRANTY of any kind,
+// including without any implied warranty of MERCHANTABILITY or
+// FITNESS FOR A PARTICULAR PURPOSE.
+// See the Tide Community Open Code License for more details.
+// You should have received a copy of the Tide Community Open
+// Code License along with this program.
+// If not, see https://tide.org/licenses_tcoc2-0-0-en
+//
+import { Encryption, Serialization } from "../../Cryptide/index";
+import { decryptDataRawOutput, encryptDataRawOutput } from "../../Cryptide/Encryption/AES";
+import { CreateTideMemoryFromArray, GetValue, numberToUint8Array, StringToUint8Array, TryGetValue } from "../../Cryptide/Serialization";
+import { CurrentTime } from "../../Tools/Utils";
+import BaseTideRequest from "../../Models/BaseTideRequest";
+import dVVKSigningFlow from "../SigningFlows/dVVKSigningFlow";
+import dVVKDecryptionFlow from "../DecryptionFlows/dVVKDecryptionFlow";
+import PolicyProtectedSerializedField from "../../Models/PolicyProtectedSerializedField";
+import { Tools } from "../..";
+import { TideMemory } from "../../Tools";
+export class PolicyAuthorizedEncryptionFlow {
+    constructor(config) {
+        if (!config.token.payload.sessionKey.Equals(config.sessionKey.get_public_component())) {
+            throw Error("Mismatch between session key private and Doken session key public");
+        }
+        this.vvkId = config.vendorId;
+        this.token = config.token;
+        this.sessKey = config.sessionKey;
+        this.voucherURL = config.voucherURL;
+        this.vvkInfo = config.keyInfo;
+    }
+    async createEncryptionRequest(datasToEncrypt, addHeavyDataToReq = false) {
+        const encReqs = await Promise.all(datasToEncrypt.map(async (d) => {
+            const d_b = d.data;
+            if (d_b.length < 32) {
+                const tags_b = d.tags.map(t => StringToUint8Array(t));
+                // if data is less than 32B
+                // Gr. EncryptedData
+                const encryptedData = await Encryption.ElGamal.encryptDataRaw_withAuthentication(d_b, this.vvkInfo.UserPublic, Serialization.ConcatUint8Arrays(tags_b));
+                return {
+                    encryptionToSign: encryptedData.cipher,
+                    encryptionAuthData: encryptedData.auth,
+                    encryptedData: encryptedData.cipher,
+                    tags: tags_b,
+                    sizeLessThan32: true
+                };
+            }
+            else {
+                const tags_b = d.tags.map(t => StringToUint8Array(t));
+                // if data is more than 32B
+                const largeDataKey = window.crypto.getRandomValues(new Uint8Array(32));
+                const encryptedData = await encryptDataRawOutput(d_b, largeDataKey);
+                const encryptedKey = await Encryption.ElGamal.encryptDataRaw_withAuthentication(largeDataKey, this.vvkInfo.UserPublic, Serialization.ConcatUint8Arrays(tags_b));
+                return {
+                    encryptionToSign: encryptedKey.cipher,
+                    encryptionAuthData: encryptedKey.auth,
+                    encryptedData: encryptedData,
+                    tags: tags_b,
+                    sizeLessThan32: false
+                };
+            }
+        }));
+        // Start signing flow to authorize this encryption
+        const timestamp = CurrentTime();
+        const timestamp_b = numberToUint8Array(timestamp, 8);
+        let arr = [timestamp_b];
+        encReqs.forEach((enc) => {
+            const entry = CreateTideMemoryFromArray([
+                enc.encryptionToSign.slice(0, 32), // only get C1 point for draft
+                enc.encryptionAuthData,
+                ...enc.tags
+            ]);
+            arr.push(entry);
+        });
+        const draft = CreateTideMemoryFromArray(arr);
+        const request = new BaseTideRequest("PolicyEnabledEncryption", "1", "Policy:1", draft);
+        if (addHeavyDataToReq) {
+            request.setCustomExpiry(604800); // default one week - assuming this req is drafted
+            // we need to store the actual encrypted data (if size larger than 32) in request as well
+            // this is for when we create the PolicyProtectedSerializedField object after committion
+            const dataToStoreLater = Serialization.CreateTideMemoryFromArray(encReqs.map((e) => PolicyProtectedSerializedField.create(e.encryptedData, timestamp, e.sizeLessThan32 ? null : e.encryptionToSign, null))); // no signature for now
+            request.addAuthorizerCertificate(dataToStoreLater); // authorizer cert not used by the tide network in this flow but useful for us to serialize the data for local storage
+        }
+        return { request, encReqs, timestamp };
+    }
+    async encrypt(datasToEncrypt, policy) {
+        const { request: encryptionRequest, encReqs, timestamp } = await this.createEncryptionRequest(datasToEncrypt);
+        encryptionRequest.addPolicy(policy);
+        // Initiate signing flow
+        const encryptingSigningFlow = new dVVKSigningFlow(this.vvkId, this.vvkInfo.UserPublic, this.vvkInfo.OrkInfo, this.sessKey, this.token, this.voucherURL);
+        const signatures = await encryptingSigningFlow.start(encryptionRequest);
+        // Construct final serialized payloads for client to store
+        return signatures.map((sig, i) => PolicyProtectedSerializedField.create(encReqs[i].encryptedData, timestamp, encReqs[i].sizeLessThan32 ? null : encReqs[i].encryptionToSign, sig));
+    }
+    async commitEncrypt(request, policy) {
+        // Remove authorizer cert from request before sending it up to the orks
+        const readyEncRequest = BaseTideRequest.decode(request);
+        const encryptedData = readyEncRequest.authorizerCert;
+        readyEncRequest.authorizerCert = new Tools.TideMemory(); // clear request of the heavy data
+        // Deserialize data stored in the request previously
+        let encryptedDatas = [];
+        let resultObj = { result: undefined };
+        for (let i = 0; Serialization.TryGetValue(encryptedData, i, resultObj); i++) {
+            encryptedDatas.push(resultObj.result);
+        }
+        const deserializedDatas = encryptedDatas.map(e => {
+            const b = PolicyProtectedSerializedField.deserialize(e);
+            if (b.signature != null)
+                throw Error("There shouldn't be any signatures in this data");
+            return b;
+        });
+        // Add the policy to the request
+        readyEncRequest.addPolicy(policy);
+        // Initiate signing flow
+        const encryptingSigningFlow = new dVVKSigningFlow(this.vvkId, this.vvkInfo.UserPublic, this.vvkInfo.OrkInfo, this.sessKey, this.token, this.voucherURL);
+        const signatures = await encryptingSigningFlow.start(readyEncRequest);
+        // Construct final serialized payloads for client to store WITH SIGNATURE - that's the only reason we are doing this again
+        return signatures.map((sig, i) => PolicyProtectedSerializedField.create(deserializedDatas[i].encFieldChk, deserializedDatas[i].timestamp, deserializedDatas[i].encKey ? deserializedDatas[i].encKey : null, sig));
+    }
+    createDecryptionRequest(datasToDecrypt, addHeavyDataToReq = false) {
+        // Deserialize all datasToDecrypt + include tags in object
+        const deserializedDatas = datasToDecrypt.map(d => {
+            const b = PolicyProtectedSerializedField.deserialize(d.encrypted);
+            if (b.signature == null)
+                throw Error("Signature must be provided in Tide Serialized Data to an Authorized Decryption");
+            const tags_b = d.tags.map(t => StringToUint8Array(t));
+            return {
+                ...b,
+                tags: tags_b
+            };
+        });
+        // Get orks to apply vvk
+        const entries = deserializedDatas.map((data, i) => {
+            if (data.encKey) {
+                // We must decrypt the encrypted key, not the data itself
+                const entry = CreateTideMemoryFromArray([
+                    data.encKey.slice(0, 32), // only send c1 (point)
+                    data.signature,
+                    data.timestamp,
+                    ...data.tags
+                ]);
+                return entry;
+            }
+            else {
+                // decrypt data directly
+                const entry = CreateTideMemoryFromArray([
+                    data.encFieldChk.slice(0, 32), // only send c1 (point)
+                    data.signature,
+                    data.timestamp,
+                    ...data.tags
+                ]);
+                return entry;
+            }
+        });
+        const draft = CreateTideMemoryFromArray(entries);
+        const request = new BaseTideRequest("PolicyEnabledDecryption", "1", "Policy:1", draft);
+        if (addHeavyDataToReq) {
+            request.setCustomExpiry(604800); // default for now - assuming this req is drafted
+            const dynData = TideMemory.CreateFromArray(deserializedDatas.map(d => {
+                return TideMemory.CreateFromArray([d.encFieldChk, d.encKey ? d.encKey : new Uint8Array()]);
+            })); // efficient serialized of heavy data
+            request.addAuthorizerCertificate(dynData); // authorizer cert not used by the tide network in this flow but useful for us to serialize the data for local storage
+        }
+        return { request, deserializedDatas };
+    }
+    async decrypt(datasToDecrypt, policy) {
+        const { request: decryptionRequest, deserializedDatas } = this.createDecryptionRequest(datasToDecrypt);
+        decryptionRequest.addPolicy(policy);
+        const flow = new dVVKDecryptionFlow(this.vvkId, this.vvkInfo.UserPublic, this.vvkInfo.OrkInfo, this.sessKey, this.token, this.voucherURL);
+        const dataKeys = await flow.start(decryptionRequest);
+        // Decrypt all datas
+        const decryptedDatas = await Promise.all(deserializedDatas.map(async (data, i) => {
+            // if encKey exists - decrypt with elgamal that
+            // then decrypt encField with key
+            if (data.encKey) {
+                const key = await decryptDataRawOutput(data.encKey.slice(32), dataKeys[i]);
+                return await decryptDataRawOutput(data.encFieldChk, key);
+            }
+            else {
+                // else - decrypt encField with elgamal
+                return await decryptDataRawOutput(data.encFieldChk.slice(32), dataKeys[i]);
+            }
+        }));
+        // Return as bytes
+        return decryptedDatas;
+    }
+    async commitDecrypt(request, policy) {
+        const decryptionRequest = BaseTideRequest.decode(request);
+        decryptionRequest.addPolicy(policy);
+        const heavyData = decryptionRequest.authorizerCert;
+        decryptionRequest.authorizerCert = new TideMemory(); // clear decryption request of heavy data
+        const flow = new dVVKDecryptionFlow(this.vvkId, this.vvkInfo.UserPublic, this.vvkInfo.OrkInfo, this.sessKey, this.token, this.voucherURL);
+        const dataKeys = await flow.start(decryptionRequest);
+        // Decrypt all datas
+        let resultObj = { result: undefined };
+        let decryptedDatas = [];
+        for (let i = 0; TryGetValue(heavyData, i, resultObj); i++) {
+            const encFieldChk = GetValue(resultObj.result, 0);
+            const encKey = GetValue(resultObj.result, 1);
+            // if encKey exists - decrypt with elgamal that
+            // then decrypt encField with key
+            if (encKey.length > 0) {
+                const key = await decryptDataRawOutput(encKey.slice(32), dataKeys[i]);
+                decryptedDatas.push(await decryptDataRawOutput(encFieldChk, key));
+            }
+            else {
+                // else - decrypt encField with elgamal
+                decryptedDatas.push(await decryptDataRawOutput(encFieldChk.slice(32), dataKeys[i]));
+            }
+        }
+        // Return as bytes
+        return decryptedDatas;
+    }
+}

package/dist/Flow/EncryptionFlows/index.d.ts

@@ -0,0 +1,3 @@
+export { AuthorizedEncryptionFlow } from './AuthorizedEncryptionFlow';
+export { PolicyAuthorizedEncryptionFlow, DataToDecrypt, DataToEncrypt } from './PolicyAuthorizedEncryptionFlow';
+//# sourceMappingURL=index.d.ts.map

package/dist/Flow/EncryptionFlows/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../Flow/EncryptionFlows/index.ts"],"names":[],"mappings":"AAiBA,OAAO,EAAE,wBAAwB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,EAAE,8BAA8B,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,kCAAkC,CAAA"}

package/dist/Flow/EncryptionFlows/index.js

@@ -0,0 +1,18 @@
+//
+// Tide Protocol - Infrastructure for a TRUE Zero-Trust paradigm
+// Copyright (C) 2022 Tide Foundation Ltd
+//
+// This program is free software and is subject to the terms of
+// the Tide Community Open Code License as published by the
+// Tide Foundation Limited. You may modify it and redistribute
+// it in accordance with and subject to the terms of that License.
+// This program is distributed WITHOUT WARRANTY of any kind,
+// including without any implied warranty of MERCHANTABILITY or
+// FITNESS FOR A PARTICULAR PURPOSE.
+// See the Tide Community Open Code License for more details.
+// You should have received a copy of the Tide Community Open
+// Code License along with this program.
+// If not, see https://tide.org/licenses_tcoc2-0-0-en
+//
+export { AuthorizedEncryptionFlow } from './AuthorizedEncryptionFlow';
+export { PolicyAuthorizedEncryptionFlow } from './PolicyAuthorizedEncryptionFlow';

package/dist/Flow/SigningFlows/AuthorizedSigningFlow.d.ts

@@ -0,0 +1,12 @@
+import TideKey from "../../Cryptide/TideKey";
+import KeyInfo from "../../Models/Infos/KeyInfo";
+import { Doken } from "../../Models/Doken";
+export declare function AuthorizedSigningFlow(config: {
+    vendorId: string;
+    token: Doken;
+    sessionKey: TideKey;
+    voucherURL: string;
+    homeOrkUrl: string | null;
+    keyInfo: KeyInfo;
+}): void;
+//# sourceMappingURL=AuthorizedSigningFlow.d.ts.map

package/dist/Flow/SigningFlows/AuthorizedSigningFlow.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthorizedSigningFlow.d.ts","sourceRoot":"","sources":["../../../Flow/SigningFlows/AuthorizedSigningFlow.ts"],"names":[],"mappings":"AAmBA,OAAO,OAAO,MAAM,wBAAwB,CAAC;AAC7C,OAAO,OAAO,MAAM,4BAA4B,CAAC;AAEjD,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAE3C,wBAAgB,qBAAqB,CAAC,MAAM,EAAE;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,KAAK,CAAC;IAAC,UAAU,EAAE,OAAO,CAAC;IAAC,UAAU,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,QAyCrK"}

package/dist/Flow/SigningFlows/AuthorizedSigningFlow.js

@@ -0,0 +1,50 @@
+// 
+// Tide Protocol - Infrastructure for a TRUE Zero-Trust paradigm
+// Copyright (C) 2022 Tide Foundation Ltd
+// 
+// This program is free software and is subject to the terms of 
+// the Tide Community Open Code License as published by the 
+// Tide Foundation Limited. You may modify it and redistribute 
+// it in accordance with and subject to the terms of that License.
+// This program is distributed WITHOUT WARRANTY of any kind, 
+// including without any implied warranty of MERCHANTABILITY or 
+// FITNESS FOR A PARTICULAR PURPOSE.
+// See the Tide Community Open Code License for more details.
+// You should have received a copy of the Tide Community Open 
+// Code License along with this program.
+// If not, see https://tide.org/licenses_tcoc2-0-0-en
+//
+import BaseTideRequest from "../../Models/BaseTideRequest";
+import dVVKSigningFlow from "../SigningFlows/dVVKSigningFlow";
+import { Tools } from "../..";
+export function AuthorizedSigningFlow(config) {
+    if (!(this instanceof AuthorizedSigningFlow)) {
+        throw new Error("The 'AuthorizedSigningFlow' constructor must be invoked with 'new'.");
+    }
+    if (config.token) {
+        if (!config.token.payload.sessionKey.Equals(config.sessionKey.get_public_component()))
+            throw Error("Mismatch between session key private and Doken session key public");
+    }
+    var signingFlow = this;
+    signingFlow.vvkId = config.vendorId;
+    signingFlow.token = config.token;
+    signingFlow.voucherURL = config.voucherURL;
+    signingFlow.sessKey = config.sessionKey;
+    signingFlow.vvkInfo = config.keyInfo;
+    signingFlow.signv2 = async function (tideSerializedRequest, waitForAll) {
+        const flow = new dVVKSigningFlow(this.vvkId, signingFlow.vvkInfo.UserPublic, signingFlow.vvkInfo.OrkInfo, signingFlow.sessKey, signingFlow.token, this.voucherURL);
+        return flow.start(BaseTideRequest.decode(tideSerializedRequest), waitForAll);
+    };
+    signingFlow.initializeRequest = async function (tideReqToInitialize, waitForAll) {
+        const requestToInitializeDetails = await tideReqToInitialize.getRequestInitDetails();
+        const initRequest = new BaseTideRequest("TideRequestInitialization", "1", "Doken:1", Tools.TideMemory.CreateFromArray([
+            requestToInitializeDetails.creationTime,
+            requestToInitializeDetails.expireTime,
+            requestToInitializeDetails.modelId,
+            requestToInitializeDetails.draftHash
+        ]), new Tools.TideMemory());
+        const flow = new dVVKSigningFlow(this.vvkId, signingFlow.vvkInfo.UserPublic, signingFlow.vvkInfo.OrkInfo, signingFlow.sessKey, signingFlow.token, this.voucherURL);
+        const sig = (await flow.start(initRequest, waitForAll))[0];
+        tideReqToInitialize.addCreationSignature(requestToInitializeDetails.creationTime, sig);
+    };
+}

package/dist/Flow/SigningFlows/dTestVVkSigningFlow.d.ts

@@ -0,0 +1,15 @@
+import OrkInfo from "../../Models/Infos/OrkInfo";
+export default class dTestVVKSigningFlow {
+    vvkid: string;
+    vvkPublic: any;
+    orks: OrkInfo[];
+    sessKey: Uint8Array;
+    gSessKey: any;
+    vrk: bigint;
+    authorizer: Uint8Array;
+    authorizerCert: Uint8Array;
+    voucherURL: string;
+    constructor(vvkid: string, vvkPublic: any, orks: OrkInfo[], sessKey: Uint8Array, gSessKey: any, vrk: bigint, authorizer: Uint8Array, authorizerCert: Uint8Array, voucherURL: string);
+    start(): Promise<void>;
+}
+//# sourceMappingURL=dTestVVkSigningFlow.d.ts.map

package/dist/Flow/SigningFlows/dTestVVkSigningFlow.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dTestVVkSigningFlow.d.ts","sourceRoot":"","sources":["../../../Flow/SigningFlows/dTestVVkSigningFlow.ts"],"names":[],"mappings":"AAqBA,OAAO,OAAO,MAAM,4BAA4B,CAAC;AAMjD,MAAM,CAAC,OAAO,OAAO,mBAAmB;IACpC,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,GAAG,CAAC;IACf,IAAI,EAAE,OAAO,EAAE,CAAC;IAChB,OAAO,EAAE,UAAU,CAAC;IACpB,QAAQ,EAAE,GAAG,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,EAAE,UAAU,CAAC;IACvB,cAAc,EAAE,UAAU,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;gBAEP,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,cAAc,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM;IAa7K,KAAK;CAoCd"}

package/dist/Flow/SigningFlows/dTestVVkSigningFlow.js

@@ -0,0 +1,67 @@
+// 
+// Tide Protocol - Infrastructure for a TRUE Zero-Trust paradigm
+// Copyright (C) 2022 Tide Foundation Ltd
+// 
+// This program is free software and is subject to the terms of 
+// the Tide Community Open Code License as published by the 
+// Tide Foundation Limited. You may modify it and redistribute 
+// it in accordance with and subject to the terms of that License.
+// This program is distributed WITHOUT WARRANTY of any kind, 
+// including without any implied warranty of MERCHANTABILITY or 
+// FITNESS FOR A PARTICULAR PURPOSE.
+// See the Tide Community Open Code License for more details.
+// You should have received a copy of the Tide Community Open 
+// Code License along with this program.
+// If not, see https://tide.org/licenses_tcoc2-0-0-en
+//
+import { Signing } from "../../Cryptide/index";
+import BaseTideRequest from "../../Models/BaseTideRequest";
+import { Threshold, WaitForNumberofORKs, sortORKs } from "../../Tools/Utils";
+import NodeClient from "../../Clients/NodeClient";
+import { PreSign, Sign as SumS } from "../../Math/KeySigning";
+import { BigIntToByteArray, ConcatUint8Arrays, StringToUint8Array, base64ToBytes, bytesToBase64, serializeBitArray } from "../../Cryptide/Serialization";
+import VoucherFlow from "../VoucherFlows/VoucherFlow";
+import { TestSignatureFormat } from "../../Cryptide/Signing/TideSignature";
+export default class dTestVVKSigningFlow {
+    constructor(vvkid, vvkPublic, orks, sessKey, gSessKey, vrk, authorizer, authorizerCert, voucherURL) {
+        this.vvkid = vvkid;
+        this.vvkPublic = vvkPublic;
+        this.orks = orks;
+        this.orks = sortORKs(this.orks); // sort for bitwise!
+        this.sessKey = sessKey;
+        this.gSessKey = gSessKey;
+        this.vrk = vrk;
+        this.authorizer = authorizer;
+        this.authorizerCert = authorizerCert;
+        this.voucherURL = voucherURL;
+    }
+    async start() {
+        const startTime = performance.now();
+        const draft = `{"SomeStaticData":"This msg was previously authorized"}`;
+        const dynamicData = `{"SomeDynamicData":"New log in"}`;
+        const request = new BaseTideRequest("TestInit", "1", "VRK:1", StringToUint8Array(draft), StringToUint8Array(dynamicData));
+        const proof = base64ToBytes(await Signing.EdDSA.sign(await request.dataToAuthorize(), this.vrk));
+        var x = await request.dataToAuthorize();
+        request.addAuthorization(proof);
+        request.addAuthorizer(this.authorizer);
+        request.addAuthorizerCertificate(this.authorizerCert);
+        const clients = await Promise.all(this.orks.map(async (info) => await new NodeClient(info.orkURL).EnableTideDH(this.gSessKey, this.sessKey, info.orkPublic)));
+        const voucherFlow = new VoucherFlow(this.orks.map(o => o.orkPaymentPublic), this.voucherURL, "vendorsign");
+        const { vouchers } = await voucherFlow.GetVouchers();
+        const pre_PreSignResponses = clients.map((client, i) => client.PreSign(i, this.vvkid, request, vouchers.toORK(i)));
+        const { fulfilledResponses, bitwise } = await WaitForNumberofORKs(this.orks, pre_PreSignResponses, "VVK", Threshold, null, clients);
+        const GRj = PreSign(fulfilledResponses);
+        const pre_SignResponses = clients.map(client => client.Sign(this.vvkid, request, GRj, serializeBitArray(bitwise)));
+        const SignResponses = await Promise.all(pre_SignResponses);
+        const Sj = SumS(SignResponses.map(s => s.Sij));
+        if (GRj.length != Sj.length)
+            throw Error("Weird amount of GRjs and Sjs");
+        const testSig = bytesToBase64(ConcatUint8Arrays([GRj[0].toRawBytes(), BigIntToByteArray(Sj[0])]));
+        const toVerify = "This msg was previously authorized <-mix-> New log in";
+        const valid = await Signing.EdDSA.verify(testSig, this.vvkPublic, new TestSignatureFormat(toVerify).format());
+        if (!valid)
+            throw Error("Test VVK Signing failed");
+        const endTime = performance.now();
+        console.log(`Test VVK Signing took ${endTime - startTime} milliseconds.`);
+    }
+}