npm - @verbeth/sdk - Versions diffs - 0.1.4 → 0.1.6 - Mend

@verbeth/sdk 0.1.4 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (190) hide show

package/README.md +20 -168
package/dist/esm/src/addresses.d.ts +20 -0
package/dist/esm/src/addresses.d.ts.map +1 -0
package/dist/esm/src/addresses.js +33 -0
package/dist/esm/src/client/HsrTagIndex.d.ts +77 -0
package/dist/esm/src/client/HsrTagIndex.d.ts.map +1 -0
package/dist/esm/src/client/HsrTagIndex.js +157 -0
package/dist/esm/src/client/PendingManager.d.ts +65 -0
package/dist/esm/src/client/PendingManager.d.ts.map +1 -0
package/dist/esm/src/client/PendingManager.js +84 -0
package/dist/esm/src/client/SessionManager.d.ts +65 -0
package/dist/esm/src/client/SessionManager.d.ts.map +1 -0
package/dist/esm/src/client/SessionManager.js +146 -0
package/dist/esm/src/client/VerbethClient.d.ts +153 -99
package/dist/esm/src/client/VerbethClient.d.ts.map +1 -1
package/dist/esm/src/client/VerbethClient.js +429 -123
package/dist/esm/src/client/VerbethClientBuilder.d.ts +105 -0
package/dist/esm/src/client/VerbethClientBuilder.d.ts.map +1 -0
package/dist/esm/src/client/VerbethClientBuilder.js +146 -0
package/dist/esm/src/client/hsrMatcher.d.ts +22 -0
package/dist/esm/src/client/hsrMatcher.d.ts.map +1 -0
package/dist/esm/src/client/hsrMatcher.js +31 -0
package/dist/esm/src/client/index.d.ts +6 -1
package/dist/esm/src/client/index.d.ts.map +1 -1
package/dist/esm/src/client/index.js +2 -0
package/dist/esm/src/client/types.d.ts +151 -10
package/dist/esm/src/client/types.d.ts.map +1 -1
package/dist/esm/src/crypto(old).d.ts +46 -0
package/dist/esm/src/crypto(old).d.ts.map +1 -0
package/dist/esm/src/crypto(old).js +137 -0
package/dist/esm/src/crypto.d.ts +7 -29
package/dist/esm/src/crypto.d.ts.map +1 -1
package/dist/esm/src/crypto.js +36 -72
package/dist/esm/src/executor.d.ts +17 -18
package/dist/esm/src/executor.d.ts.map +1 -1
package/dist/esm/src/executor.js +54 -70
package/dist/esm/src/handshake.d.ts +51 -0
package/dist/esm/src/handshake.d.ts.map +1 -0
package/dist/esm/src/handshake.js +105 -0
package/dist/esm/src/identity.d.ts +24 -18
package/dist/esm/src/identity.d.ts.map +1 -1
package/dist/esm/src/identity.js +126 -31
package/dist/esm/src/index.d.ts +11 -7
package/dist/esm/src/index.d.ts.map +1 -1
package/dist/esm/src/index.js +10 -7
package/dist/esm/src/payload.d.ts +3 -30
package/dist/esm/src/payload.d.ts.map +1 -1
package/dist/esm/src/payload.js +3 -77
package/dist/esm/src/pq/kem.d.ts +33 -0
package/dist/esm/src/pq/kem.d.ts.map +1 -0
package/dist/esm/src/pq/kem.js +40 -0
package/dist/esm/src/ratchet/auth.d.ts +34 -0
package/dist/esm/src/ratchet/auth.d.ts.map +1 -0
package/dist/esm/src/ratchet/auth.js +88 -0
package/dist/esm/src/ratchet/codec.d.ts +52 -0
package/dist/esm/src/ratchet/codec.d.ts.map +1 -0
package/dist/esm/src/ratchet/codec.js +127 -0
package/dist/esm/src/ratchet/decrypt.d.ts +28 -0
package/dist/esm/src/ratchet/decrypt.d.ts.map +1 -0
package/dist/esm/src/ratchet/decrypt.js +255 -0
package/dist/esm/src/ratchet/encrypt.d.ts +17 -0
package/dist/esm/src/ratchet/encrypt.d.ts.map +1 -0
package/dist/esm/src/ratchet/encrypt.js +78 -0
package/dist/esm/src/ratchet/index.d.ts +8 -0
package/dist/esm/src/ratchet/index.d.ts.map +1 -0
package/dist/esm/src/ratchet/index.js +8 -0
package/dist/esm/src/ratchet/kdf.d.ts +60 -0
package/dist/esm/src/ratchet/kdf.d.ts.map +1 -0
package/dist/esm/src/ratchet/kdf.js +91 -0
package/dist/esm/src/ratchet/session.d.ts +43 -0
package/dist/esm/src/ratchet/session.d.ts.map +1 -0
package/dist/esm/src/ratchet/session.js +139 -0
package/dist/esm/src/ratchet/types.d.ts +168 -0
package/dist/esm/src/ratchet/types.d.ts.map +1 -0
package/dist/esm/src/ratchet/types.js +27 -0
package/dist/esm/src/safeSessionSigner.d.ts +35 -0
package/dist/esm/src/safeSessionSigner.d.ts.map +1 -0
package/dist/esm/src/safeSessionSigner.js +59 -0
package/dist/esm/src/send.d.ts +32 -24
package/dist/esm/src/send.d.ts.map +1 -1
package/dist/esm/src/send.js +84 -39
package/dist/esm/src/types.d.ts +8 -13
package/dist/esm/src/types.d.ts.map +1 -1
package/dist/esm/src/utils/safeSessionSigner.d.ts +23 -0
package/dist/esm/src/utils/safeSessionSigner.d.ts.map +1 -0
package/dist/esm/src/utils/safeSessionSigner.js +59 -0
package/dist/esm/src/utils/txQueue.d.ts +12 -0
package/dist/esm/src/utils/txQueue.d.ts.map +1 -0
package/dist/esm/src/utils/txQueue.js +25 -0
package/dist/esm/src/utils.d.ts +2 -3
package/dist/esm/src/utils.d.ts.map +1 -1
package/dist/esm/src/utils.js +5 -5
package/dist/esm/src/verify.d.ts +9 -25
package/dist/esm/src/verify.d.ts.map +1 -1
package/dist/esm/src/verify.js +49 -50
package/dist/src/addresses.d.ts +20 -0
package/dist/src/addresses.d.ts.map +1 -0
package/dist/src/addresses.js +33 -0
package/dist/src/client/HsrTagIndex.d.ts +77 -0
package/dist/src/client/HsrTagIndex.d.ts.map +1 -0
package/dist/src/client/HsrTagIndex.js +157 -0
package/dist/src/client/PendingManager.d.ts +65 -0
package/dist/src/client/PendingManager.d.ts.map +1 -0
package/dist/src/client/PendingManager.js +84 -0
package/dist/src/client/SessionManager.d.ts +65 -0
package/dist/src/client/SessionManager.d.ts.map +1 -0
package/dist/src/client/SessionManager.js +146 -0
package/dist/src/client/VerbethClient.d.ts +153 -99
package/dist/src/client/VerbethClient.d.ts.map +1 -1
package/dist/src/client/VerbethClient.js +429 -123
package/dist/src/client/VerbethClientBuilder.d.ts +105 -0
package/dist/src/client/VerbethClientBuilder.d.ts.map +1 -0
package/dist/src/client/VerbethClientBuilder.js +146 -0
package/dist/src/client/hsrMatcher.d.ts +22 -0
package/dist/src/client/hsrMatcher.d.ts.map +1 -0
package/dist/src/client/hsrMatcher.js +31 -0
package/dist/src/client/index.d.ts +6 -1
package/dist/src/client/index.d.ts.map +1 -1
package/dist/src/client/index.js +2 -0
package/dist/src/client/types.d.ts +151 -10
package/dist/src/client/types.d.ts.map +1 -1
package/dist/src/crypto(old).d.ts +46 -0
package/dist/src/crypto(old).d.ts.map +1 -0
package/dist/src/crypto(old).js +137 -0
package/dist/src/crypto.d.ts +7 -29
package/dist/src/crypto.d.ts.map +1 -1
package/dist/src/crypto.js +36 -72
package/dist/src/executor.d.ts +17 -18
package/dist/src/executor.d.ts.map +1 -1
package/dist/src/executor.js +54 -70
package/dist/src/handshake.d.ts +51 -0
package/dist/src/handshake.d.ts.map +1 -0
package/dist/src/handshake.js +105 -0
package/dist/src/identity.d.ts +24 -18
package/dist/src/identity.d.ts.map +1 -1
package/dist/src/identity.js +126 -31
package/dist/src/index.d.ts +11 -7
package/dist/src/index.d.ts.map +1 -1
package/dist/src/index.js +10 -7
package/dist/src/payload.d.ts +3 -30
package/dist/src/payload.d.ts.map +1 -1
package/dist/src/payload.js +3 -77
package/dist/src/pq/kem.d.ts +33 -0
package/dist/src/pq/kem.d.ts.map +1 -0
package/dist/src/pq/kem.js +40 -0
package/dist/src/ratchet/auth.d.ts +34 -0
package/dist/src/ratchet/auth.d.ts.map +1 -0
package/dist/src/ratchet/auth.js +88 -0
package/dist/src/ratchet/codec.d.ts +52 -0
package/dist/src/ratchet/codec.d.ts.map +1 -0
package/dist/src/ratchet/codec.js +127 -0
package/dist/src/ratchet/decrypt.d.ts +28 -0
package/dist/src/ratchet/decrypt.d.ts.map +1 -0
package/dist/src/ratchet/decrypt.js +255 -0
package/dist/src/ratchet/encrypt.d.ts +17 -0
package/dist/src/ratchet/encrypt.d.ts.map +1 -0
package/dist/src/ratchet/encrypt.js +78 -0
package/dist/src/ratchet/index.d.ts +8 -0
package/dist/src/ratchet/index.d.ts.map +1 -0
package/dist/src/ratchet/index.js +8 -0
package/dist/src/ratchet/kdf.d.ts +60 -0
package/dist/src/ratchet/kdf.d.ts.map +1 -0
package/dist/src/ratchet/kdf.js +91 -0
package/dist/src/ratchet/session.d.ts +43 -0
package/dist/src/ratchet/session.d.ts.map +1 -0
package/dist/src/ratchet/session.js +139 -0
package/dist/src/ratchet/types.d.ts +168 -0
package/dist/src/ratchet/types.d.ts.map +1 -0
package/dist/src/ratchet/types.js +27 -0
package/dist/src/safeSessionSigner.d.ts +35 -0
package/dist/src/safeSessionSigner.d.ts.map +1 -0
package/dist/src/safeSessionSigner.js +59 -0
package/dist/src/send.d.ts +32 -24
package/dist/src/send.d.ts.map +1 -1
package/dist/src/send.js +84 -39
package/dist/src/types.d.ts +8 -13
package/dist/src/types.d.ts.map +1 -1
package/dist/src/utils/safeSessionSigner.d.ts +23 -0
package/dist/src/utils/safeSessionSigner.d.ts.map +1 -0
package/dist/src/utils/safeSessionSigner.js +59 -0
package/dist/src/utils/txQueue.d.ts +12 -0
package/dist/src/utils/txQueue.d.ts.map +1 -0
package/dist/src/utils/txQueue.js +25 -0
package/dist/src/utils.d.ts +2 -3
package/dist/src/utils.d.ts.map +1 -1
package/dist/src/utils.js +5 -5
package/dist/src/verify.d.ts +9 -25
package/dist/src/verify.d.ts.map +1 -1
package/dist/src/verify.js +49 -50
package/package.json +2 -1

package/dist/src/verify.js CHANGED Viewed

@@ -1,13 +1,14 @@
 // packages/sdk/src/verify.ts
 import { getBytes, hexlify, getAddress } from "ethers";
-import { decryptAndExtractHandshakeKeys, computeTagFromInitiator, verifyDuplexTopicsChecksum, deriveDuplexTopics } from "./crypto.js";
+import { decryptAndExtractHandshakeKeys, computeHybridTagFromInitiator } from "./crypto.js";
+import { kem } from "./pq/kem.js";
 import { parseHandshakePayload, parseHandshakeKeys } from "./payload.js";
 import { makeViemPublicClient, parseBindingMessage, } from "./utils.js";
 // ============= Handshake Verification =============
 /**
  * handshake verification with mandatory identity proof
  */
-export async function verifyHandshakeIdentity(handshakeEvent, provider) {
+export async function verifyHandshakeIdentity(handshakeEvent, provider, ctx) {
     try {
         let plaintextPayload = handshakeEvent.plaintextPayload;
         if (typeof plaintextPayload === "string" &&
@@ -27,13 +28,7 @@ export async function verifyHandshakeIdentity(handshakeEvent, provider) {
             console.error("Failed to parse unified pubKeys from handshake event");
             return false;
         }
-        // // 6492 awareness
-        // const dp: any = content.identityProof;
-        // const sigPrimary: string = dp.signature;
-        // const sig6492: string | undefined = dp.signature6492 ?? dp.erc6492;
-        // const uses6492 = hasERC6492Suffix(sigPrimary) || !!sig6492;
-        // const isContract1271 = await isSmartContract1271(handshakeEvent.sender, provider);
-        return await verifyIdentityProof(content.identityProof, handshakeEvent.sender, parsedKeys, provider);
+        return await verifyIdentityProof(content.identityProof, handshakeEvent.sender, parsedKeys, provider, ctx);
     }
     catch (err) {
         console.error("verifyHandshakeIdentity error:", err);
@@ -44,7 +39,7 @@ export async function verifyHandshakeIdentity(handshakeEvent, provider) {
 /**
  * handshake response verification with mandatory identity proof
  */
-export async function verifyHandshakeResponseIdentity(responseEvent, responderIdentityPubKey, initiatorEphemeralSecretKey, provider) {
+export async function verifyHandshakeResponseIdentity(responseEvent, responderIdentityPubKey, initiatorEphemeralSecretKey, provider, ctx) {
     try {
         const extractedResponse = decryptAndExtractHandshakeKeys(responseEvent.ciphertext, initiatorEphemeralSecretKey);
         if (!extractedResponse) {
@@ -55,21 +50,16 @@ export async function verifyHandshakeResponseIdentity(responseEvent, responderId
             console.error("Identity public key mismatch in handshake response");
             return false;
         }
-        // 6492 awareness
         const dpAny = extractedResponse.identityProof;
         if (!dpAny) {
             console.error("Missing identityProof in handshake response payload");
             return false;
         }
-        // const sigPrimary: string = dpAny.signature;
-        // const sig6492: string | undefined = dpAny.signature6492 ?? dpAny.erc6492;
-        // const uses6492 = hasERC6492Suffix(sigPrimary) || !!sig6492;
-        // const isContract1271 = await isSmartContract1271(responseEvent.responder,provider);
         const expectedKeys = {
             identityPubKey: extractedResponse.identityPubKey,
             signingPubKey: extractedResponse.signingPubKey,
         };
-        return await verifyIdentityProof(extractedResponse.identityProof, responseEvent.responder, expectedKeys, provider);
+        return await verifyIdentityProof(extractedResponse.identityProof, responseEvent.responder, expectedKeys, provider, ctx);
     }
     catch (err) {
         console.error("verifyHandshakeResponseIdentity error:", err);
@@ -77,31 +67,36 @@ export async function verifyHandshakeResponseIdentity(responseEvent, responderId
     }
 }
 /**
- * Verify "IdentityProof" for EOAs and smart accounts.
+ * Verify IdentityProof for EOAs and smart accounts.
  * - Verifies the signature with viem (EOA / ERC-1271 / ERC-6492).
  * - Parses and checks the expected address and public key against the message content.
  */
-export async function verifyIdentityProof(identityProof, smartAccountAddress, expectedUnifiedKeys, provider) {
+export async function verifyIdentityProof(identityProof, address, expectedUnifiedKeys, provider, ctx) {
     try {
         const client = await makeViemPublicClient(provider);
-        const address = smartAccountAddress;
+        const inputAddress = address;
+        const parsed = parseBindingMessage(identityProof.message);
+        if (!parsed.address) {
+            console.error("Parsed address is undefined");
+            return false;
+        }
+        const signerAddress = getAddress(parsed.address);
         const okSig = await client.verifyMessage({
-            address,
+            address: signerAddress,
             message: identityProof.message,
             signature: identityProof.signature,
         });
         if (!okSig) {
-            console.error("Binding signature invalid for address");
+            console.error("Binding signature invalid for signer address");
             return false;
         }
-        const parsed = parseBindingMessage(identityProof.message);
         if (parsed.header && parsed.header !== "VerbEth Key Binding v1") {
             console.error("Unexpected binding header:", parsed.header);
             return false;
         }
-        if (!parsed.address ||
-            getAddress(parsed.address) !== getAddress(smartAccountAddress)) {
-            console.error("Binding message address mismatch");
+        if (!parsed.executorSafeAddress ||
+            getAddress(parsed.executorSafeAddress) !== getAddress(inputAddress)) {
+            console.error("Binding message Safe address mismatch");
             return false;
         }
         const expectedPkX = hexlify(expectedUnifiedKeys.identityPubKey);
@@ -122,7 +117,19 @@ export async function verifyIdentityProof(identityProof, smartAccountAddress, ex
             console.error("Unexpected version:", parsed.version);
             return false;
         }
-        // if (typeof parsed.chainId === 'number' && parsed.chainId !== currentChainId) return false;
+        // anti replay cross chain or cross dapp:
+        if (typeof ctx?.chainId === "number") {
+            if (typeof parsed.chainId !== "number" || parsed.chainId !== ctx.chainId) {
+                console.error("ChainId mismatch");
+                return false;
+            }
+        }
+        if (ctx?.rpId) {
+            if (!parsed.rpId || parsed.rpId !== ctx.rpId) {
+                console.error("RpId mismatch");
+                return false;
+            }
+        }
         return true;
     }
     catch (err) {
@@ -131,8 +138,8 @@ export async function verifyIdentityProof(identityProof, smartAccountAddress, ex
     }
 }
 // ============= Utility Functions =============
-export async function verifyAndExtractHandshakeKeys(handshakeEvent, provider) {
-    const isValid = await verifyHandshakeIdentity(handshakeEvent, provider);
+export async function verifyAndExtractHandshakeKeys(handshakeEvent, provider, ctx) {
+    const isValid = await verifyHandshakeIdentity(handshakeEvent, provider, ctx);
     if (!isValid) {
         return { isValid: false };
     }
@@ -145,17 +152,23 @@ export async function verifyAndExtractHandshakeKeys(handshakeEvent, provider) {
         keys: parsedKeys,
     };
 }
-export async function verifyAndExtractHandshakeResponseKeys(responseEvent, initiatorEphemeralSecretKey, provider) {
-    const Rbytes = getBytes(responseEvent.responderEphemeralR); // hex -> Uint8Array
-    const expectedTag = computeTagFromInitiator(initiatorEphemeralSecretKey, Rbytes);
-    if (expectedTag !== responseEvent.inResponseTo) {
-        return { isValid: false };
-    }
+export async function verifyAndExtractHandshakeResponseKeys(responseEvent, initiatorEphemeralSecretKey, initiatorKemSecretKey, provider, ctx) {
+    // Decrypt first to get kemCiphertext
     const extractedResponse = decryptAndExtractHandshakeKeys(responseEvent.ciphertext, initiatorEphemeralSecretKey);
     if (!extractedResponse) {
         return { isValid: false };
     }
-    const isValid = await verifyHandshakeResponseIdentity(responseEvent, extractedResponse.identityPubKey, initiatorEphemeralSecretKey, provider);
+    if (!extractedResponse.kemCiphertext) {
+        return { isValid: false };
+    }
+    // Decapsulate and verify hybrid tag
+    const Rbytes = getBytes(responseEvent.responderEphemeralR);
+    const kemSecret = kem.decapsulate(extractedResponse.kemCiphertext, initiatorKemSecretKey);
+    const expectedTag = computeHybridTagFromInitiator(initiatorEphemeralSecretKey, Rbytes, kemSecret);
+    if (expectedTag !== responseEvent.inResponseTo) {
+        return { isValid: false };
+    }
+    const isValid = await verifyHandshakeResponseIdentity(responseEvent, extractedResponse.identityPubKey, initiatorEphemeralSecretKey, provider, ctx);
     if (!isValid) {
         return { isValid: false };
     }
@@ -165,22 +178,8 @@ export async function verifyAndExtractHandshakeResponseKeys(responseEvent, initi
             identityPubKey: extractedResponse.identityPubKey,
             signingPubKey: extractedResponse.signingPubKey,
             ephemeralPubKey: extractedResponse.ephemeralPubKey,
+            kemCiphertext: extractedResponse.kemCiphertext,
             note: extractedResponse.note,
         },
     };
 }
-/**
- * Verify and derive duplex topics from a long-term DH secret.
- * - Accepts either `tag` (inResponseTo) or a raw salt as KDF input.
- * - Recomputes topicOut/topicIn deterministically from the identity DH.
- * - If topicInfo is provided (from HSR), also verify the checksum.
- * - Used by the initiator after decrypting a HandshakeResponse to confirm responder’s topics.
- */
-export function verifyDerivedDuplexTopics({ myIdentitySecretKey, theirIdentityPubKey, tag, salt, topicInfo }) {
-    const s = salt ?? (tag ? getBytes(tag) : undefined);
-    if (!s)
-        throw new Error("Provide either salt or inResponseTo");
-    const { topicOut, topicIn, checksum } = deriveDuplexTopics(myIdentitySecretKey, theirIdentityPubKey, s);
-    const ok = topicInfo ? verifyDuplexTopicsChecksum(topicOut, topicIn, topicInfo.chk) : undefined;
-    return { topics: { topicOut, topicIn }, ok };
-}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@verbeth/sdk",
-  "version": "0.1.4",
+  "version": "0.1.6",
   "private": false,
   "main": "dist/src/index.js",
   "module": "dist/esm/src/index.js",
@@ -17,6 +17,7 @@
   "dependencies": {
     "@noble/curves": "^1.8.1",
     "@noble/hashes": "^1.8.0",
+    "@noble/post-quantum": "^0.5.4",
     "@noble/secp256k1": "^2.2.3",
     "ethers": "^6.7.0",
     "tweetnacl": "^1.0.3",