@zerodev/wallet-core 0.0.1-alpha.17 → 0.0.1-alpha.18

package/dist/_esm/utils/hpke.js

@@ -0,0 +1,135 @@
+/**
+ * HPKE (RFC 9180) seal for Turnkey enclave-encrypted requests.
+ *
+ * Suite: DHKEM(P-256, HKDF-SHA256) / HKDF-SHA256 / AES-256-GCM
+ *   - KEM ID  = 0x0010 (DHKEM-P256-HKDF-SHA256)
+ *   - KDF ID  = 0x0001 (HKDF-SHA256)
+ *   - AEAD ID = 0x0002 (AES-256-GCM)
+ *
+ * Wire format and AAD construction match Turnkey's enclave_encrypt Go package:
+ *   info = "turnkey_hpke"
+ *   aad  = enc || pkR  (both 65-byte uncompressed P-256 points)
+ *
+ * References:
+ *   - RFC 9180 §4 / §5
+ *   - tkhq/go-sdk/pkg/enclave_encrypt
+ */
+import { p256 } from '@noble/curves/nist.js';
+import { expand, extract } from '@noble/hashes/hkdf.js';
+import { sha256 } from '@noble/hashes/sha2.js';
+const KEM_ID = 0x0010;
+const KDF_ID = 0x0001;
+const AEAD_ID = 0x0002;
+// Output sizes for the chosen primitives.
+const NH = 32; // SHA-256 output
+const NK = 32; // AES-256 key
+const NN = 12; // AES-GCM nonce
+const NPK = 65; // uncompressed P-256 point: 0x04 || X || Y
+const TURNKEY_HPKE_INFO = new TextEncoder().encode('turnkey_hpke');
+const HPKE_VERSION = new TextEncoder().encode('HPKE-v1');
+// suite_id for the HPKE context: "HPKE" || I2OSP(KEM,2) || I2OSP(KDF,2) || I2OSP(AEAD,2)
+const HPKE_SUITE_ID = concat(new TextEncoder().encode('HPKE'), i2osp(KEM_ID, 2), i2osp(KDF_ID, 2), i2osp(AEAD_ID, 2));
+// suite_id for the KEM scope: "KEM" || I2OSP(KEM,2)
+const KEM_SUITE_ID = concat(new TextEncoder().encode('KEM'), i2osp(KEM_ID, 2));
+function concat(...parts) {
+    const total = parts.reduce((sum, p) => sum + p.length, 0);
+    const out = new Uint8Array(total);
+    let offset = 0;
+    for (const p of parts) {
+        out.set(p, offset);
+        offset += p.length;
+    }
+    return out;
+}
+function i2osp(n, len) {
+    const out = new Uint8Array(len);
+    for (let i = len - 1; i >= 0; i--) {
+        out[i] = n & 0xff;
+        n >>>= 8;
+    }
+    return out;
+}
+// LabeledExtract(salt, label, ikm, suite_id) =
+//   HKDF-Extract(salt, "HPKE-v1" || suite_id || label || ikm)
+function labeledExtract(salt, label, ikm, suiteId) {
+    const labeledIkm = concat(HPKE_VERSION, suiteId, new TextEncoder().encode(label), ikm);
+    return extract(sha256, labeledIkm, salt);
+}
+// LabeledExpand(prk, label, info, L, suite_id) =
+//   HKDF-Expand(prk, I2OSP(L,2) || "HPKE-v1" || suite_id || label || info, L)
+function labeledExpand(prk, label, info, length, suiteId) {
+    const labeledInfo = concat(i2osp(length, 2), HPKE_VERSION, suiteId, new TextEncoder().encode(label), info);
+    return expand(sha256, prk, labeledInfo, length);
+}
+// DHKEM Encap: returns (sharedSecret, enc)
+// sharedSecret is 32 bytes; enc is the serialized ephemeral pubkey (65 bytes uncompressed).
+function encap(receiverPublicKey) {
+    const ephSk = p256.utils.randomSecretKey();
+    const ephPkUncompressed = p256.getPublicKey(ephSk, false);
+    // ECDH: returns the serialized shared point. Pass isCompressed=true so the
+    // first byte is the SEC1 prefix and bytes [1, 33) are the x-coordinate.
+    const sharedPoint = p256.getSharedSecret(ephSk, receiverPublicKey, 
+    /* isCompressed */ true);
+    const dh = sharedPoint.slice(1, 33);
+    const kemContext = concat(ephPkUncompressed, receiverPublicKey);
+    const eaePrk = labeledExtract(new Uint8Array(0), 'eae_prk', dh, KEM_SUITE_ID);
+    const sharedSecret = labeledExpand(eaePrk, 'shared_secret', kemContext, NH, KEM_SUITE_ID);
+    return { sharedSecret, enc: ephPkUncompressed };
+}
+// KeySchedule for mode_base: returns (key, base_nonce).
+function keySchedule(sharedSecret, info) {
+    const empty = new Uint8Array(0);
+    const pskIdHash = labeledExtract(empty, 'psk_id_hash', empty, HPKE_SUITE_ID);
+    const infoHash = labeledExtract(empty, 'info_hash', info, HPKE_SUITE_ID);
+    // mode_base = 0x00 prepended to (psk_id_hash || info_hash)
+    const keyScheduleContext = concat(new Uint8Array([0]), pskIdHash, infoHash);
+    const secret = labeledExtract(sharedSecret, 'secret', empty, HPKE_SUITE_ID);
+    const key = labeledExpand(secret, 'key', keyScheduleContext, NK, HPKE_SUITE_ID);
+    const baseNonce = labeledExpand(secret, 'base_nonce', keyScheduleContext, NN, HPKE_SUITE_ID);
+    return { key, baseNonce };
+}
+// Web Crypto's BufferSource type rejects `Uint8Array<ArrayBufferLike>` (which
+// noble/v2 returns) under strict TS lib settings because the underlying buffer
+// could in principle be a SharedArrayBuffer. Copy into a fresh ArrayBuffer to
+// satisfy the type.
+function toArrayBuffer(u8) {
+    const out = new ArrayBuffer(u8.byteLength);
+    new Uint8Array(out).set(u8);
+    return out;
+}
+async function aesGcmSeal(key, nonce, aad, plaintext) {
+    // Web Crypto returns ciphertext || tag (16 bytes appended). Matches the
+    // single-blob format Turnkey's `Sealer.Seal` produces.
+    const cryptoKey = await crypto.subtle.importKey('raw', toArrayBuffer(key), { name: 'AES-GCM' }, 
+    /* extractable */ false, ['encrypt']);
+    const ct = await crypto.subtle.encrypt({
+        name: 'AES-GCM',
+        iv: toArrayBuffer(nonce),
+        additionalData: toArrayBuffer(aad),
+        tagLength: 128,
+    }, cryptoKey, toArrayBuffer(plaintext));
+    return new Uint8Array(ct);
+}
+/**
+ * Single-shot HPKE seal in mode_base for Turnkey's TLS Fetcher enclave.
+ *
+ * Uses the fixed Turnkey `info = "turnkey_hpke"` and the AAD shape
+ * `enc || receiverPublicKey` so the resulting bundle is decryptable by
+ * `enclave_encrypt.EnclaveEncryptServer.Decrypt`.
+ *
+ * @param receiverPublicKey - The enclave's ephemeral target public key
+ *   (uncompressed P-256, 65 bytes), extracted from the encryption target bundle.
+ * @param plaintext - The bytes to encrypt (e.g. the JSON-encoded OTP attempt).
+ */
+export async function hpkeSealP256({ receiverPublicKey, plaintext, }) {
+    if (receiverPublicKey.length !== NPK) {
+        throw new Error(`hpkeSealP256: receiverPublicKey must be ${NPK} bytes (uncompressed P-256), got ${receiverPublicKey.length}`);
+    }
+    const { sharedSecret, enc } = encap(receiverPublicKey);
+    const { key, baseNonce } = keySchedule(sharedSecret, TURNKEY_HPKE_INFO);
+    // First message of the context, sequence 0 → nonce = base_nonce.
+    const aad = concat(enc, receiverPublicKey);
+    const ciphertext = await aesGcmSeal(key, baseNonce, aad, plaintext);
+    return { encappedPublic: enc, ciphertext };
+}
+//# sourceMappingURL=hpke.js.map

package/dist/_esm/utils/hpke.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hpke.js","sourceRoot":"","sources":["../../../src/utils/hpke.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAA;AAC5C,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAA;AACvD,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAA;AAE9C,MAAM,MAAM,GAAG,MAAM,CAAA;AACrB,MAAM,MAAM,GAAG,MAAM,CAAA;AACrB,MAAM,OAAO,GAAG,MAAM,CAAA;AAEtB,0CAA0C;AAC1C,MAAM,EAAE,GAAG,EAAE,CAAA,CAAC,iBAAiB;AAC/B,MAAM,EAAE,GAAG,EAAE,CAAA,CAAC,cAAc;AAC5B,MAAM,EAAE,GAAG,EAAE,CAAA,CAAC,gBAAgB;AAC9B,MAAM,GAAG,GAAG,EAAE,CAAA,CAAC,2CAA2C;AAE1D,MAAM,iBAAiB,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,CAAA;AAElE,MAAM,YAAY,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;AAExD,yFAAyF;AACzF,MAAM,aAAa,GAAG,MAAM,CAC1B,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,EAChC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,EAChB,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,EAChB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAClB,CAAA;AAED,oDAAoD;AACpD,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAA;AAE9E,SAAS,MAAM,CAAC,GAAG,KAAmB;IACpC,MAAM,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAA;IACzD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAA;IACjC,IAAI,MAAM,GAAG,CAAC,CAAA;IACd,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAA;QAClB,MAAM,IAAI,CAAC,CAAC,MAAM,CAAA;IACpB,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,SAAS,KAAK,CAAC,CAAS,EAAE,GAAW;IACnC,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAA;IAC/B,KAAK,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,IAAI,CAAA;QACjB,CAAC,MAAM,CAAC,CAAA;IACV,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,+CAA+C;AAC/C,8DAA8D;AAC9D,SAAS,cAAc,CACrB,IAAgB,EAChB,KAAa,EACb,GAAe,EACf,OAAmB;IAEnB,MAAM,UAAU,GAAG,MAAM,CACvB,YAAY,EACZ,OAAO,EACP,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,EAC/B,GAAG,CACJ,CAAA;IACD,OAAO,OAAO,CAAC,MAAM,EAAE,UAAU,EAAE,IAAI,CAAC,CAAA;AAC1C,CAAC;AAED,iDAAiD;AACjD,8EAA8E;AAC9E,SAAS,aAAa,CACpB,GAAe,EACf,KAAa,EACb,IAAgB,EAChB,MAAc,EACd,OAAmB;IAEnB,MAAM,WAAW,GAAG,MAAM,CACxB,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,EAChB,YAAY,EACZ,OAAO,EACP,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,EAC/B,IAAI,CACL,CAAA;IACD,OAAO,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,WAAW,EAAE,MAAM,CAAC,CAAA;AACjD,CAAC;AAED,2CAA2C;AAC3C,4FAA4F;AAC5F,SAAS,KAAK,CAAC,iBAA6B;IAI1C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE,CAAA;IAC1C,MAAM,iBAAiB,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;IAEzD,2EAA2E;IAC3E,wEAAwE;IACxE,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,CACtC,KAAK,EACL,iBAAiB;IACjB,kBAAkB,CAAC,IAAI,CACxB,CAAA;IACD,MAAM,EAAE,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;IAEnC,MAAM,UAAU,GAAG,MAAM,CAAC,iBAAiB,EAAE,iBAAiB,CAAC,CAAA;IAE/D,MAAM,MAAM,GAAG,cAAc,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,YAAY,CAAC,CAAA;IAC7E,MAAM,YAAY,GAAG,aAAa,CAChC,MAAM,EACN,eAAe,EACf,UAAU,EACV,EAAE,EACF,YAAY,CACb,CAAA;IAED,OAAO,EAAE,YAAY,EAAE,GAAG,EAAE,iBAAiB,EAAE,CAAA;AACjD,CAAC;AAED,wDAAwD;AACxD,SAAS,WAAW,CAClB,YAAwB,EACxB,IAAgB;IAEhB,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAA;IAE/B,MAAM,SAAS,GAAG,cAAc,CAAC,KAAK,EAAE,aAAa,EAAE,KAAK,EAAE,aAAa,CAAC,CAAA;IAC5E,MAAM,QAAQ,GAAG,cAAc,CAAC,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,aAAa,CAAC,CAAA;IAExE,2DAA2D;IAC3D,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAA;IAE3E,MAAM,MAAM,GAAG,cAAc,CAAC,YAAY,EAAE,QAAQ,EAAE,KAAK,EAAE,aAAa,CAAC,CAAA;IAE3E,MAAM,GAAG,GAAG,aAAa,CACvB,MAAM,EACN,KAAK,EACL,kBAAkB,EAClB,EAAE,EACF,aAAa,CACd,CAAA;IACD,MAAM,SAAS,GAAG,aAAa,CAC7B,MAAM,EACN,YAAY,EACZ,kBAAkB,EAClB,EAAE,EACF,aAAa,CACd,CAAA;IAED,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,CAAA;AAC3B,CAAC;AAED,8EAA8E;AAC9E,+EAA+E;AAC/E,8EAA8E;AAC9E,oBAAoB;AACpB,SAAS,aAAa,CAAC,EAAc;IACnC,MAAM,GAAG,GAAG,IAAI,WAAW,CAAC,EAAE,CAAC,UAAU,CAAC,CAAA;IAC1C,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IAC3B,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,GAAe,EACf,KAAiB,EACjB,GAAe,EACf,SAAqB;IAErB,wEAAwE;IACxE,uDAAuD;IACvD,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC7C,KAAK,EACL,aAAa,CAAC,GAAG,CAAC,EAClB,EAAE,IAAI,EAAE,SAAS,EAAE;IACnB,iBAAiB,CAAC,KAAK,EACvB,CAAC,SAAS,CAAC,CACZ,CAAA;IACD,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CACpC;QACE,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,aAAa,CAAC,KAAK,CAAC;QACxB,cAAc,EAAE,aAAa,CAAC,GAAG,CAAC;QAClC,SAAS,EAAE,GAAG;KACf,EACD,SAAS,EACT,aAAa,CAAC,SAAS,CAAC,CACzB,CAAA;IACD,OAAO,IAAI,UAAU,CAAC,EAAE,CAAC,CAAA;AAC3B,CAAC;AASD;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,EACjC,iBAAiB,EACjB,SAAS,GAIV;IACC,IAAI,iBAAiB,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,2CAA2C,GAAG,oCAAoC,iBAAiB,CAAC,MAAM,EAAE,CAC7G,CAAA;IACH,CAAC;IAED,MAAM,EAAE,YAAY,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC,iBAAiB,CAAC,CAAA;IACtD,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,WAAW,CAAC,YAAY,EAAE,iBAAiB,CAAC,CAAA;IAEvE,iEAAiE;IACjE,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAA;IAC1C,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,SAAS,CAAC,CAAA;IAEnE,OAAO,EAAE,cAAc,EAAE,GAAG,EAAE,UAAU,EAAE,CAAA;AAC5C,CAAC"}

package/dist/_types/actions/auth/registerWithOTP.d.ts

@@ -27,6 +27,12 @@ export type RegisterWithOTPParameters = {
 export type RegisterWithOTPReturnType = {
     /** The OTP ID needed for verification */
     otpId: string;
+    /**
+     * Signed encryption target bundle issued by the TLS Fetcher enclave for
+     * this OTP session. Passed verbatim to the verify step so the SDK can
+     * HPKE-encrypt the OTP attempt to the enclave's ephemeral target key.
+     */
+    otpEncryptionTargetBundle: string;
 };
 /**
  * Initiates OTP (One-Time Password) authentication

package/dist/_types/actions/auth/registerWithOTP.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"registerWithOTP.d.ts","sourceRoot":"","sources":["../../../../src/actions/auth/registerWithOTP.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAA;AACnD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAA;AAEpE,MAAM,MAAM,UAAU,GAAG;IACvB,kEAAkE;IAClE,IAAI,EAAE,OAAO,GAAG,KAAK,CAAA;IACrB,8DAA8D;IAC9D,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG;IACjC,qEAAqE;IACrE,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IACrB,kDAAkD;IAClD,YAAY,EAAE,OAAO,CAAA;CACtB,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,oCAAoC;IACpC,KAAK,EAAE,MAAM,CAAA;IACb,+CAA+C;IAC/C,OAAO,EAAE,UAAU,CAAA;IACnB,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAA;IACjB,4CAA4C;IAC5C,kBAAkB,CAAC,EAAE,kBAAkB,CAAA;IACvC,+CAA+C;IAC/C,oBAAoB,CAAC,EAAE,oBAAoB,CAAA;CAC5C,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,yCAAyC;IACzC,KAAK,EAAE,MAAM,CAAA;CACd,CAAA;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAsB,eAAe,CACnC,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,yBAAyB,GAChC,OAAO,CAAC,yBAAyB,CAAC,CA0BpC"}
+{"version":3,"file":"registerWithOTP.d.ts","sourceRoot":"","sources":["../../../../src/actions/auth/registerWithOTP.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAA;AACnD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAA;AAEpE,MAAM,MAAM,UAAU,GAAG;IACvB,kEAAkE;IAClE,IAAI,EAAE,OAAO,GAAG,KAAK,CAAA;IACrB,8DAA8D;IAC9D,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG;IACjC,qEAAqE;IACrE,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IACrB,kDAAkD;IAClD,YAAY,EAAE,OAAO,CAAA;CACtB,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,oCAAoC;IACpC,KAAK,EAAE,MAAM,CAAA;IACb,+CAA+C;IAC/C,OAAO,EAAE,UAAU,CAAA;IACnB,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAA;IACjB,4CAA4C;IAC5C,kBAAkB,CAAC,EAAE,kBAAkB,CAAA;IACvC,+CAA+C;IAC/C,oBAAoB,CAAC,EAAE,oBAAoB,CAAA;CAC5C,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,yCAAyC;IACzC,KAAK,EAAE,MAAM,CAAA;IACb;;;;OAIG;IACH,yBAAyB,EAAE,MAAM,CAAA;CAClC,CAAA;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAsB,eAAe,CACnC,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,yBAAyB,GAChC,OAAO,CAAC,yBAAyB,CAAC,CA0BpC"}

package/dist/_types/client/authProxy.d.ts

@@ -7,10 +7,11 @@ export type AuthProxyClientConfig = {
 export type AuthProxyVerifyOtpRequest = {
     /** The OTP ID from registration */
     otpId: string;
-    /** The OTP code entered by the user */
-    otpCode: string;
-    /** The public key to associate with the verification */
-    public_key: string;
+    /**
+     * HPKE-sealed bundle containing `{otp_code, public_key}` encrypted to the
+     * enclave's per-session target key. Produced by `encryptOtpAttempt`.
+     */
+    encryptedOtpBundle: string;
 };
 export type AuthProxyVerifyOtpResponse = {
     /** The verification token to use for login */
@@ -25,10 +26,15 @@ export type AuthProxyVerifyOtpResponse = {
  */
 export declare function createAuthProxyClient(config: AuthProxyClientConfig): {
     /**
-     * Verifies an OTP code with Turnkey's Auth Proxy
+     * Verifies an OTP attempt with Turnkey's Auth Proxy.
+     *
+     * The `encryptedOtpBundle` is HPKE-sealed `{otp_code, public_key}` JSON
+     * (see `encryptOtpAttempt`). The auth proxy forwards the ciphertext to
+     * the TLS Fetcher enclave, which decrypts it, verifies the OTP code, and
+     * returns a `verificationToken` bound to the embedded public key.
      *
-     * Returns a verificationToken that should be passed to the backend's
-     * /auth/login/otp endpoint along with a client signature.
+     * Pass the returned `verificationToken` to `/auth/login/otp` along with
+     * a client signature to complete the login.
      */
     verifyOtp(params: AuthProxyVerifyOtpRequest): Promise<AuthProxyVerifyOtpResponse>;
 };

package/dist/_types/client/authProxy.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authProxy.d.ts","sourceRoot":"","sources":["../../../src/client/authProxy.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,qBAAqB,GAAG;IAClC,gDAAgD;IAChD,iBAAiB,EAAE,MAAM,CAAA;IACzB,+CAA+C;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,mCAAmC;IACnC,KAAK,EAAE,MAAM,CAAA;IACb,uCAAuC;IACvC,OAAO,EAAE,MAAM,CAAA;IACf,wDAAwD;IACxD,UAAU,EAAE,MAAM,CAAA;CACnB,CAAA;AAED,MAAM,MAAM,0BAA0B,GAAG;IACvC,8CAA8C;IAC9C,iBAAiB,EAAE,MAAM,CAAA;CAC1B,CAAA;AAED;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,qBAAqB;IAiC/D;;;;;OAKG;sBAEO,yBAAyB,GAChC,OAAO,CAAC,0BAA0B,CAAC;EAIzC;AAED,MAAM,MAAM,eAAe,GAAG,UAAU,CAAC,OAAO,qBAAqB,CAAC,CAAA"}
+{"version":3,"file":"authProxy.d.ts","sourceRoot":"","sources":["../../../src/client/authProxy.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,qBAAqB,GAAG;IAClC,gDAAgD;IAChD,iBAAiB,EAAE,MAAM,CAAA;IACzB,+CAA+C;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,yBAAyB,GAAG;IACtC,mCAAmC;IACnC,KAAK,EAAE,MAAM,CAAA;IACb;;;OAGG;IACH,kBAAkB,EAAE,MAAM,CAAA;CAC3B,CAAA;AAED,MAAM,MAAM,0BAA0B,GAAG;IACvC,8CAA8C;IAC9C,iBAAiB,EAAE,MAAM,CAAA;CAC1B,CAAA;AAED;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,qBAAqB;IAiC/D;;;;;;;;;;OAUG;sBAEO,yBAAyB,GAChC,OAAO,CAAC,0BAA0B,CAAC;EAIzC;AAED,MAAM,MAAM,eAAe,GAAG,UAAU,CAAC,OAAO,qBAAqB,CAAC,CAAA"}

package/dist/_types/constants.d.ts

@@ -3,4 +3,5 @@ export declare const DEFAULT_IFRAME_CONTAINER_ID = "turnkey-auth-iframe-containe
 export declare const DEFAULT_IFRAME_ELEMENT_ID = "turnkey-default-iframe-element-id";
 export declare const DEFAULT_ORGANIZATION_ID = "0d98e826-dd8f-44ca-a585-3afcd27d4002";
 export declare const KMS_SERVER_URL = "https://kms.staging.zerodev.app";
+export declare const TURNKEY_TLS_FETCHER_SIGN_PUBLIC_KEY = "046b4f88421f76b6ba418afc2ea1d8ced671337d7db6b80478a60d8531bf8f17fa9a512f0fef96fc0c9b4cd9dff70b34992e520ce04c79d931f6ff6296b547d201";
 //# sourceMappingURL=constants.d.ts.map

package/dist/_types/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,qCAAqC,QAAQ,CAAA;AAC1D,eAAO,MAAM,2BAA2B,qCAAqC,CAAA;AAC7E,eAAO,MAAM,yBAAyB,sCAAsC,CAAA;AAC5E,eAAO,MAAM,uBAAuB,yCAAyC,CAAA;AAC7E,eAAO,MAAM,cAAc,oCAAoC,CAAA"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,qCAAqC,QAAQ,CAAA;AAC1D,eAAO,MAAM,2BAA2B,qCAAqC,CAAA;AAC7E,eAAO,MAAM,yBAAyB,sCAAsC,CAAA;AAC5E,eAAO,MAAM,uBAAuB,yCAAyC,CAAA;AAC7E,eAAO,MAAM,cAAc,oCAAoC,CAAA;AAO/D,eAAO,MAAM,mCAAmC,uIACsF,CAAA"}

package/dist/_types/core/createZeroDevWallet.d.ts

@@ -35,6 +35,11 @@ export type AuthParams = {
     mode: 'verifyOtp';
     otpId: string;
     otpCode: string;
+    /**
+     * The encryption target bundle returned by the matching `sendOtp` call.
+     * Required — used to HPKE-encrypt the OTP attempt to the enclave.
+     */
+    otpEncryptionTargetBundle: string;
 } | {
     type: 'magicLink';
     mode: 'send';
@@ -46,6 +51,11 @@ export type AuthParams = {
     mode: 'verify';
     otpId: string;
     code: string;
+    /**
+     * The encryption target bundle returned by the matching `sendMagicLink`
+     * (a.k.a. magicLink `send`) call. Required for the encrypted-OTP flow.
+     */
+    otpEncryptionTargetBundle: string;
 };
 export interface ZeroDevWalletSDK {
     client: ZeroDevWalletClient;

package/dist/_types/core/createZeroDevWallet.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"createZeroDevWallet.d.ts","sourceRoot":"","sources":["../../../src/core/createZeroDevWallet.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,eAAe,CAAA;AACjD,OAAO,KAAK,EACV,kBAAkB,EAClB,oBAAoB,EACrB,MAAM,0BAA0B,CAAA;AAEjC,OAAO,EAGL,KAAK,mBAAmB,EAEzB,MAAM,oBAAoB,CAAA;AAS3B,OAAO,EAEL,KAAK,cAAc,EACpB,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EAAe,KAAK,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAS5E,MAAM,WAAW,mBAAmB;IAClC,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,SAAS,EAAE,MAAM,CAAA;IACjB,cAAc,CAAC,EAAE,cAAc,CAAA;IAC/B,IAAI,CAAC,EAAE,MAAM,CAAA;CACd;AAGD,YAAY,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAA;AAClE,YAAY,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAA;AAE3E,YAAY,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAE5E,MAAM,MAAM,UAAU,GAClB;IACE,IAAI,EAAE,OAAO,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;CAClB,GACD;IACE,IAAI,EAAE,SAAS,CAAA;IACf,IAAI,EAAE,UAAU,GAAG,OAAO,CAAA;CAC3B,GACD;IACE,IAAI,EAAE,KAAK,CAAA;IACX,IAAI,EAAE,SAAS,CAAA;IACf,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE;QACP,IAAI,EAAE,OAAO,GAAG,KAAK,CAAA;QACrB,OAAO,EAAE,MAAM,CAAA;KAChB,CAAA;IACD,kBAAkB,CAAC,EAAE,kBAAkB,CAAA;IACvC,oBAAoB,CAAC,EAAE,oBAAoB,CAAA;CAC5C,GACD;IACE,IAAI,EAAE,KAAK,CAAA;IACX,IAAI,EAAE,WAAW,CAAA;IACjB,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,MAAM,CAAA;CAChB,GACD;IACE,IAAI,EAAE,WAAW,CAAA;IACjB,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;IACb,WAAW,EAAE,MAAM,CAAA;IACnB,oBAAoB,CAAC,EAAE,oBAAoB,CAAA;CAC5C,GACD;IACE,IAAI,EAAE,WAAW,CAAA;IACjB,IAAI,EAAE,QAAQ,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;IACb,IAAI,EAAE,MAAM,CAAA;CACb,CAAA;AAEL,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,mBAAmB,CAAA;IAC3B,IAAI,EAAE,CAAC,MAAM,EAAE,UAAU,KAAK,OAAO,CAAC,GAAG,CAAC,CAAA;IAE1C,YAAY,EAAE,MAAM,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAA;IAE1C,UAAU,EAAE,MAAM,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC,CAAA;IAC3D,cAAc,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC,CAAA;IACnE,aAAa,EAAE,CACb,SAAS,EAAE,MAAM,KACd,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC,CAAA;IAC9C,YAAY,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAClD,gBAAgB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;IACrC,cAAc,EAAE,CACd,SAAS,CAAC,EAAE,MAAM,KACf,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC,CAAA;IAE9C,MAAM,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,CAAA;IAE9B,SAAS,EAAE,MAAM,OAAO,CAAC,YAAY,CAAC,CAAA;CACvC;AAED,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,mBAAmB,GAC1B,OAAO,CAAC,gBAAgB,CAAC,CA2X3B"}
+{"version":3,"file":"createZeroDevWallet.d.ts","sourceRoot":"","sources":["../../../src/core/createZeroDevWallet.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,eAAe,CAAA;AACjD,OAAO,KAAK,EACV,kBAAkB,EAClB,oBAAoB,EACrB,MAAM,0BAA0B,CAAA;AAEjC,OAAO,EAGL,KAAK,mBAAmB,EAEzB,MAAM,oBAAoB,CAAA;AAS3B,OAAO,EAEL,KAAK,cAAc,EACpB,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EAAe,KAAK,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAU5E,MAAM,WAAW,mBAAmB;IAClC,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,SAAS,EAAE,MAAM,CAAA;IACjB,cAAc,CAAC,EAAE,cAAc,CAAA;IAC/B,IAAI,CAAC,EAAE,MAAM,CAAA;CACd;AAGD,YAAY,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAA;AAClE,YAAY,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAA;AAE3E,YAAY,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAE5E,MAAM,MAAM,UAAU,GAClB;IACE,IAAI,EAAE,OAAO,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;CAClB,GACD;IACE,IAAI,EAAE,SAAS,CAAA;IACf,IAAI,EAAE,UAAU,GAAG,OAAO,CAAA;CAC3B,GACD;IACE,IAAI,EAAE,KAAK,CAAA;IACX,IAAI,EAAE,SAAS,CAAA;IACf,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE;QACP,IAAI,EAAE,OAAO,GAAG,KAAK,CAAA;QACrB,OAAO,EAAE,MAAM,CAAA;KAChB,CAAA;IACD,kBAAkB,CAAC,EAAE,kBAAkB,CAAA;IACvC,oBAAoB,CAAC,EAAE,oBAAoB,CAAA;CAC5C,GACD;IACE,IAAI,EAAE,KAAK,CAAA;IACX,IAAI,EAAE,WAAW,CAAA;IACjB,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,MAAM,CAAA;IACf;;;OAGG;IACH,yBAAyB,EAAE,MAAM,CAAA;CAClC,GACD;IACE,IAAI,EAAE,WAAW,CAAA;IACjB,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;IACb,WAAW,EAAE,MAAM,CAAA;IACnB,oBAAoB,CAAC,EAAE,oBAAoB,CAAA;CAC5C,GACD;IACE,IAAI,EAAE,WAAW,CAAA;IACjB,IAAI,EAAE,QAAQ,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;IACb,IAAI,EAAE,MAAM,CAAA;IACZ;;;OAGG;IACH,yBAAyB,EAAE,MAAM,CAAA;CAClC,CAAA;AAEL,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,mBAAmB,CAAA;IAC3B,IAAI,EAAE,CAAC,MAAM,EAAE,UAAU,KAAK,OAAO,CAAC,GAAG,CAAC,CAAA;IAE1C,YAAY,EAAE,MAAM,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAA;IAE1C,UAAU,EAAE,MAAM,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC,CAAA;IAC3D,cAAc,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC,CAAA;IACnE,aAAa,EAAE,CACb,SAAS,EAAE,MAAM,KACd,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC,CAAA;IAC9C,YAAY,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAClD,gBAAgB,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;IACrC,cAAc,EAAE,CACd,SAAS,CAAC,EAAE,MAAM,KACf,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC,CAAA;IAE9C,MAAM,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,CAAA;IAE9B,SAAS,EAAE,MAAM,OAAO,CAAC,YAAY,CAAC,CAAA;CACvC;AAED,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,mBAAmB,GAC1B,OAAO,CAAC,gBAAgB,CAAC,CAmY3B"}

package/dist/_types/utils/encryptOtpAttempt.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Wraps the OTP code + client public key in a Turnkey-compatible HPKE bundle
+ * for the `/v1/otp_verify_v2` auth-proxy endpoint.
+ *
+ * Bundle flow (RFC 9180 mode_base over Turnkey's TLS Fetcher enclave):
+ *   1. The backend's /init/otp returns a signed envelope that contains an
+ *      ephemeral HPKE public key (`targetPublic`) generated fresh by the
+ *      enclave for this OTP attempt.
+ *   2. We verify the envelope's ECDSA signature against a pinned production
+ *      key (`TURNKEY_TLS_FETCHER_SIGN_PUBLIC_KEY`) so a compromised proxy
+ *      cannot substitute its own ephemeral key.
+ *   3. We HPKE-seal `{otp_code, public_key}` to `targetPublic`. The auth proxy
+ *      forwards the ciphertext to the enclave; only the enclave can decrypt
+ *      it. The enclave then issues a `verificationToken` bound to the public
+ *      key embedded in the plaintext.
+ *
+ * See: tkhq/go-sdk `examples/email_otp` and `pkg/enclave_encrypt`.
+ */
+export type EncryptOtpAttemptParams = {
+    /** The OTP code the user entered. */
+    otpCode: string;
+    /**
+     * The client's session public key (compressed P-256 hex). The enclave binds
+     * this key into the `verificationToken` it issues.
+     */
+    publicKey: string;
+    /** The signed envelope returned by `/auth/init/otp`. */
+    encryptionTargetBundle: string;
+    /**
+     * Test-only override for the pinned signing key. Production callers should
+     * leave this undefined; it exists so tests don't have to use the real key.
+     */
+    dangerouslyOverrideSignerPublicKey?: string;
+};
+/**
+ * Returns a JSON string ready to be sent as `encryptedOtpBundle` on
+ * `POST /v1/otp_verify_v2`.
+ */
+export declare function encryptOtpAttempt({ otpCode, publicKey, encryptionTargetBundle, dangerouslyOverrideSignerPublicKey, }: EncryptOtpAttemptParams): Promise<string>;
+//# sourceMappingURL=encryptOtpAttempt.d.ts.map

package/dist/_types/utils/encryptOtpAttempt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryptOtpAttempt.d.ts","sourceRoot":"","sources":["../../../src/utils/encryptOtpAttempt.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAyBH,MAAM,MAAM,uBAAuB,GAAG;IACpC,qCAAqC;IACrC,OAAO,EAAE,MAAM,CAAA;IACf;;;OAGG;IACH,SAAS,EAAE,MAAM,CAAA;IACjB,wDAAwD;IACxD,sBAAsB,EAAE,MAAM,CAAA;IAC9B;;;OAGG;IACH,kCAAkC,CAAC,EAAE,MAAM,CAAA;CAC5C,CAAA;AAED;;;GAGG;AACH,wBAAsB,iBAAiB,CAAC,EACtC,OAAO,EACP,SAAS,EACT,sBAAsB,EACtB,kCAAkC,GACnC,EAAE,uBAAuB,GAAG,OAAO,CAAC,MAAM,CAAC,CAyE3C"}

package/dist/_types/utils/hpke.d.ts

@@ -0,0 +1,38 @@
+/**
+ * HPKE (RFC 9180) seal for Turnkey enclave-encrypted requests.
+ *
+ * Suite: DHKEM(P-256, HKDF-SHA256) / HKDF-SHA256 / AES-256-GCM
+ *   - KEM ID  = 0x0010 (DHKEM-P256-HKDF-SHA256)
+ *   - KDF ID  = 0x0001 (HKDF-SHA256)
+ *   - AEAD ID = 0x0002 (AES-256-GCM)
+ *
+ * Wire format and AAD construction match Turnkey's enclave_encrypt Go package:
+ *   info = "turnkey_hpke"
+ *   aad  = enc || pkR  (both 65-byte uncompressed P-256 points)
+ *
+ * References:
+ *   - RFC 9180 §4 / §5
+ *   - tkhq/go-sdk/pkg/enclave_encrypt
+ */
+export type HpkeSealResult = {
+    /** Ephemeral sender public key (uncompressed P-256, 65 bytes). */
+    encappedPublic: Uint8Array;
+    /** AES-256-GCM ciphertext with a 16-byte authentication tag appended. */
+    ciphertext: Uint8Array;
+};
+/**
+ * Single-shot HPKE seal in mode_base for Turnkey's TLS Fetcher enclave.
+ *
+ * Uses the fixed Turnkey `info = "turnkey_hpke"` and the AAD shape
+ * `enc || receiverPublicKey` so the resulting bundle is decryptable by
+ * `enclave_encrypt.EnclaveEncryptServer.Decrypt`.
+ *
+ * @param receiverPublicKey - The enclave's ephemeral target public key
+ *   (uncompressed P-256, 65 bytes), extracted from the encryption target bundle.
+ * @param plaintext - The bytes to encrypt (e.g. the JSON-encoded OTP attempt).
+ */
+export declare function hpkeSealP256({ receiverPublicKey, plaintext, }: {
+    receiverPublicKey: Uint8Array;
+    plaintext: Uint8Array;
+}): Promise<HpkeSealResult>;
+//# sourceMappingURL=hpke.d.ts.map

package/dist/_types/utils/hpke.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hpke.d.ts","sourceRoot":"","sources":["../../../src/utils/hpke.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AA8LH,MAAM,MAAM,cAAc,GAAG;IAC3B,kEAAkE;IAClE,cAAc,EAAE,UAAU,CAAA;IAC1B,yEAAyE;IACzE,UAAU,EAAE,UAAU,CAAA;CACvB,CAAA;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,YAAY,CAAC,EACjC,iBAAiB,EACjB,SAAS,GACV,EAAE;IACD,iBAAiB,EAAE,UAAU,CAAA;IAC7B,SAAS,EAAE,UAAU,CAAA;CACtB,GAAG,OAAO,CAAC,cAAc,CAAC,CAe1B"}