@zkproofport-ai/sdk 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +21 -3
- package/dist/flow.d.ts +5 -0
- package/dist/flow.d.ts.map +1 -1
- package/dist/flow.js +39 -15
- package/dist/flow.js.map +1 -1
- package/dist/index.d.ts +5 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +5 -1
- package/dist/index.js.map +1 -1
- package/dist/prove.d.ts +11 -0
- package/dist/prove.d.ts.map +1 -1
- package/dist/prove.js +27 -0
- package/dist/prove.js.map +1 -1
- package/dist/session.d.ts +1 -1
- package/dist/session.d.ts.map +1 -1
- package/dist/session.js +1 -1
- package/dist/session.js.map +1 -1
- package/dist/tee.d.ts +15 -0
- package/dist/tee.d.ts.map +1 -0
- package/dist/tee.js +33 -0
- package/dist/tee.js.map +1 -0
- package/dist/toml.d.ts +21 -0
- package/dist/toml.d.ts.map +1 -0
- package/dist/toml.js +102 -0
- package/dist/toml.js.map +1 -0
- package/dist/types.d.ts +16 -1
- package/dist/types.d.ts.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -8,6 +8,23 @@ Client SDK for ZKProofport zero-knowledge proof generation on Base Mainnet.
|
|
|
8
8
|
|
|
9
9
|
Proofs are generated in trusted execution environments (Nitro Enclaves) with cryptographic attestation. Payment is handled transparently via the x402 protocol using EIP-3009 (no user gas costs).
|
|
10
10
|
|
|
11
|
+
## E2E Encryption (TEE Blind Relay)
|
|
12
|
+
|
|
13
|
+
All proof inputs are **end-to-end encrypted** using X25519 ECDH + AES-256-GCM. The ZKProofport server acts as a **blind relay** — it cannot read your inputs, even during proof generation. Only the TEE (AWS Nitro Enclave) can decrypt.
|
|
14
|
+
|
|
15
|
+
**How it works:**
|
|
16
|
+
|
|
17
|
+
1. `generateProof()` requests a 402 payment challenge from the server
|
|
18
|
+
2. The 402 response includes `teePublicKey` — the TEE's attested X25519 public key (cryptographically bound to the Nitro Enclave via COSE Sign1 attestation)
|
|
19
|
+
3. The SDK generates an ephemeral X25519 keypair, performs ECDH key agreement, and encrypts all circuit inputs with AES-256-GCM
|
|
20
|
+
4. The encrypted payload is sent to the server, which relays it blindly to the TEE
|
|
21
|
+
5. The TEE decrypts, generates the ZK proof, and returns it
|
|
22
|
+
|
|
23
|
+
**This is fully automatic.** `generateProof()` detects `teePublicKey` in the 402 response and applies E2E encryption when available. No additional configuration or code changes needed.
|
|
24
|
+
|
|
25
|
+
- **TEE enabled (production):** Inputs are E2E encrypted. Server rejects plaintext (`PLAINTEXT_REJECTED`).
|
|
26
|
+
- **TEE disabled (local dev):** Inputs are sent in plaintext. No encryption overhead.
|
|
27
|
+
|
|
11
28
|
## Installation
|
|
12
29
|
|
|
13
30
|
```bash
|
|
@@ -176,9 +193,10 @@ if (result.attestation) {
|
|
|
176
193
|
2. Fetch Coinbase KYC attestation from EAS
|
|
177
194
|
3. Build circuit inputs (Merkle tree, hashes)
|
|
178
195
|
4. Request 402 payment challenge
|
|
179
|
-
5.
|
|
180
|
-
6.
|
|
181
|
-
7.
|
|
196
|
+
5. **Auto-detect E2E encryption** — if `teePublicKey` is present in 402 response, encrypt inputs with X25519 ECDH + AES-256-GCM
|
|
197
|
+
6. Sign EIP-3009 TransferWithAuthorization
|
|
198
|
+
7. Submit payment via x402 facilitator
|
|
199
|
+
8. Generate proof in TEE with payment proof (encrypted inputs if TEE enabled)
|
|
182
200
|
|
|
183
201
|
**Result fields:**
|
|
184
202
|
|
package/dist/flow.d.ts
CHANGED
|
@@ -6,6 +6,11 @@ export interface FlowCallbacks {
|
|
|
6
6
|
/**
|
|
7
7
|
* Generate a ZK proof end-to-end using x402 single-step flow.
|
|
8
8
|
*
|
|
9
|
+
* Automatically detects E2E encryption: if the server returns a TEE public key
|
|
10
|
+
* in the 402 challenge response (TEE mode = nitro), inputs are encrypted with
|
|
11
|
+
* the TEE's attested X25519 public key. Otherwise (TEE disabled), inputs are
|
|
12
|
+
* sent in plaintext.
|
|
13
|
+
*
|
|
9
14
|
* @param config - Server URL and RPC endpoints
|
|
10
15
|
* @param signers - ProofportSigner for attestation (required) and payment (optional, defaults to attestation)
|
|
11
16
|
* @param params - Circuit name, scope, and optional country params
|
package/dist/flow.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flow.d.ts","sourceRoot":"","sources":["../src/flow.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,YAAY,EAEZ,WAAW,EACX,WAAW,EACX,UAAU,EAEX,MAAM,YAAY,CAAC;AAMpB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"flow.d.ts","sourceRoot":"","sources":["../src/flow.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,YAAY,EAEZ,WAAW,EACX,WAAW,EACX,UAAU,EAEX,MAAM,YAAY,CAAC;AAMpB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAKnD,MAAM,WAAW,aAAa;IAC5B,MAAM,CAAC,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,IAAI,CAAC;CACrC;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,aAAa,CACjC,MAAM,EAAE,YAAY,EACpB,OAAO,EAAE;IAAE,WAAW,EAAE,eAAe,CAAC;IAAC,OAAO,CAAC,EAAE,eAAe,CAAA;CAAE,EACpE,MAAM,EAAE,WAAW,EACnB,SAAS,CAAC,EAAE,aAAa,GACxB,OAAO,CAAC,WAAW,CAAC,CA2FtB"}
|
package/dist/flow.js
CHANGED
|
@@ -3,11 +3,18 @@ import { CIRCUIT_NAME_MAP } from './types.js';
|
|
|
3
3
|
import { requestChallenge } from './session.js';
|
|
4
4
|
import { prepareInputs, computeSignalHash } from './inputs.js';
|
|
5
5
|
import { makePayment } from './payment.js';
|
|
6
|
-
import { submitProof } from './prove.js';
|
|
6
|
+
import { submitProof, submitEncryptedProof } from './prove.js';
|
|
7
7
|
import { USDC_ADDRESSES } from './constants.js';
|
|
8
|
+
import { encryptForTee } from './tee.js';
|
|
9
|
+
import { buildProverToml } from './toml.js';
|
|
8
10
|
/**
|
|
9
11
|
* Generate a ZK proof end-to-end using x402 single-step flow.
|
|
10
12
|
*
|
|
13
|
+
* Automatically detects E2E encryption: if the server returns a TEE public key
|
|
14
|
+
* in the 402 challenge response (TEE mode = nitro), inputs are encrypted with
|
|
15
|
+
* the TEE's attested X25519 public key. Otherwise (TEE disabled), inputs are
|
|
16
|
+
* sent in plaintext.
|
|
17
|
+
*
|
|
11
18
|
* @param config - Server URL and RPC endpoints
|
|
12
19
|
* @param signers - ProofportSigner for attestation (required) and payment (optional, defaults to attestation)
|
|
13
20
|
* @param params - Circuit name, scope, and optional country params
|
|
@@ -25,14 +32,14 @@ export async function generateProof(config, signers, params, callbacks) {
|
|
|
25
32
|
callbacks?.onStep?.(result);
|
|
26
33
|
return data;
|
|
27
34
|
}
|
|
28
|
-
// Step 1: Sign signal hash
|
|
35
|
+
// Step 1: Sign signal hash
|
|
29
36
|
let t = Date.now();
|
|
30
37
|
const attestationAddress = await signers.attestation.getAddress();
|
|
31
38
|
const signalHash = computeSignalHash(attestationAddress, scope, circuitId);
|
|
32
39
|
const signalHashHex = ethers.hexlify(signalHash);
|
|
33
40
|
const signature = await signers.attestation.signMessage(signalHash);
|
|
34
41
|
recordStep(1, 'Sign Signal Hash', { signalHash: signalHashHex, signature }, t);
|
|
35
|
-
// Step 2: Prepare
|
|
42
|
+
// Step 2: Prepare inputs + build proverToml locally
|
|
36
43
|
t = Date.now();
|
|
37
44
|
const inputs = await prepareInputs(config, {
|
|
38
45
|
circuitId,
|
|
@@ -42,11 +49,13 @@ export async function generateProof(config, signers, params, callbacks) {
|
|
|
42
49
|
countryList: params.countryList,
|
|
43
50
|
isIncluded: params.isIncluded,
|
|
44
51
|
});
|
|
45
|
-
|
|
46
|
-
|
|
52
|
+
const proverToml = buildProverToml(circuitId, inputs);
|
|
53
|
+
recordStep(2, 'Prepare Inputs', { inputFields: Object.keys(inputs).length, tomlLength: proverToml.length }, t);
|
|
54
|
+
// Step 3: Request 402 challenge (without inputs — server only needs circuit)
|
|
47
55
|
t = Date.now();
|
|
48
|
-
const challenge = await requestChallenge(config, params.circuit
|
|
49
|
-
|
|
56
|
+
const challenge = await requestChallenge(config, params.circuit);
|
|
57
|
+
const isE2E = !!challenge.teePublicKey;
|
|
58
|
+
recordStep(3, 'Request Challenge', { nonce: challenge.nonce, e2e: isE2E, keyId: challenge.teePublicKey?.keyId ?? null }, t);
|
|
50
59
|
// Step 4: Make payment
|
|
51
60
|
t = Date.now();
|
|
52
61
|
const network = challenge.payment.network;
|
|
@@ -60,15 +69,30 @@ export async function generateProof(config, signers, params, callbacks) {
|
|
|
60
69
|
};
|
|
61
70
|
const paymentTxHash = await makePayment(paymentSigner, paymentInfo);
|
|
62
71
|
recordStep(4, 'Make Payment', { txHash: paymentTxHash }, t);
|
|
63
|
-
// Step 5: Submit proof
|
|
72
|
+
// Step 5: Submit proof (encrypted or plaintext based on TEE availability)
|
|
64
73
|
t = Date.now();
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
inputs
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
74
|
+
let proveResponse;
|
|
75
|
+
if (isE2E) {
|
|
76
|
+
// E2E path: encrypt inputs with TEE's attested public key
|
|
77
|
+
const encryptedPayload = encryptForTee(JSON.stringify({ circuitId, proverToml }), challenge.teePublicKey.publicKey);
|
|
78
|
+
proveResponse = await submitEncryptedProof(config, {
|
|
79
|
+
circuit: params.circuit,
|
|
80
|
+
encryptedPayload,
|
|
81
|
+
paymentTxHash,
|
|
82
|
+
paymentNonce: challenge.nonce,
|
|
83
|
+
});
|
|
84
|
+
recordStep(5, 'Generate Proof (E2E Encrypted)', proveResponse, t);
|
|
85
|
+
}
|
|
86
|
+
else {
|
|
87
|
+
// Standard path: send plaintext inputs (TEE disabled / local dev)
|
|
88
|
+
proveResponse = await submitProof(config, {
|
|
89
|
+
circuit: params.circuit,
|
|
90
|
+
inputs,
|
|
91
|
+
paymentTxHash,
|
|
92
|
+
paymentNonce: challenge.nonce,
|
|
93
|
+
});
|
|
94
|
+
recordStep(5, 'Generate Proof', proveResponse, t);
|
|
95
|
+
}
|
|
72
96
|
return {
|
|
73
97
|
proof: proveResponse.proof,
|
|
74
98
|
publicInputs: proveResponse.publicInputs,
|
package/dist/flow.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flow.js","sourceRoot":"","sources":["../src/flow.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAShC,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"flow.js","sourceRoot":"","sources":["../src/flow.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAShC,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAE/D,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAM5C;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAAoB,EACpB,OAAoE,EACpE,MAAmB,EACnB,SAAyB;IAEzB,MAAM,SAAS,GAAc,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9D,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,WAAW,CAAC;IAC1C,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,WAAW,CAAC;IAE7D,MAAM,KAAK,GAAiB,EAAE,CAAC;IAC/B,SAAS,UAAU,CAAI,IAAY,EAAE,IAAY,EAAE,IAAO,EAAE,SAAiB;QAC3E,MAAM,MAAM,GAAkB,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,EAAE,CAAC;QACvF,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACnB,SAAS,EAAE,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC;QAC5B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,2BAA2B;IAC3B,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACnB,MAAM,kBAAkB,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC;IAClE,MAAM,UAAU,GAAG,iBAAiB,CAAC,kBAAkB,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;IAC3E,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IACpE,UAAU,CAAC,CAAC,EAAE,kBAAkB,EAAE,EAAE,UAAU,EAAE,aAAa,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC;IAE/E,oDAAoD;IACpD,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACf,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE;QACzC,SAAS;QACT,WAAW,EAAE,kBAAkB;QAC/B,aAAa,EAAE,SAAS;QACxB,KAAK;QACL,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,UAAU,EAAE,MAAM,CAAC,UAAU;KAC9B,CAAC,CAAC;IACH,MAAM,UAAU,GAAG,eAAe,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACtD,UAAU,CAAC,CAAC,EAAE,gBAAgB,EAAE,EAAE,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC;IAE/G,6EAA6E;IAC7E,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACf,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IACjE,MAAM,KAAK,GAAG,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC;IACvC,UAAU,CAAC,CAAC,EAAE,mBAAmB,EAAE,EAAE,KAAK,EAAE,SAAS,CAAC,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,CAAC,YAAY,EAAE,KAAK,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;IAE5H,uBAAuB;IACvB,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACf,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC,OAAiB,CAAC;IACpD,MAAM,WAAW,GAAgB;QAC/B,KAAK,EAAE,SAAS,CAAC,KAAK;QACtB,SAAS,EAAE,SAAS,CAAC,OAAO,CAAC,KAAK;QAClC,MAAM,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,iBAAiB,CAAC;QACrD,KAAK,EAAE,cAAc,CAAC,OAAsC,CAAC;QAC7D,OAAO,EAAE,SAAS,CAAC,OAAO,CAAC,OAAO;QAClC,WAAW,EAAE,SAAS,CAAC,OAAO,CAAC,WAAW;KAC3C,CAAC;IACF,MAAM,aAAa,GAAG,MAAM,WAAW,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;IACpE,UAAU,CAAC,CAAC,EAAE,cAAc,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE,EAAE,CAAC,CAAC,CAAC;IAE5D,0EAA0E;IAC1E,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACf,IAAI,aAAa,CAAC;IAElB,IAAI,KAAK,EAAE,CAAC;QACV,0DAA0D;QAC1D,MAAM,gBAAgB,GAAG,aAAa,CACpC,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,EACzC,SAAS,CAAC,YAAa,CAAC,SAAS,CAClC,CAAC;QACF,aAAa,GAAG,MAAM,oBAAoB,CAAC,MAAM,EAAE;YACjD,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,gBAAgB;YAChB,aAAa;YACb,YAAY,EAAE,SAAS,CAAC,KAAK;SAC9B,CAAC,CAAC;QACH,UAAU,CAAC,CAAC,EAAE,gCAAgC,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC;IACpE,CAAC;SAAM,CAAC;QACN,kEAAkE;QAClE,aAAa,GAAG,MAAM,WAAW,CAAC,MAAM,EAAE;YACxC,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,MAAM;YACN,aAAa;YACb,YAAY,EAAE,SAAS,CAAC,KAAK;SAC9B,CAAC,CAAC;QACH,UAAU,CAAC,CAAC,EAAE,gBAAgB,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC;IACpD,CAAC;IAED,OAAO;QACL,KAAK,EAAE,aAAa,CAAC,KAAK;QAC1B,YAAY,EAAE,aAAa,CAAC,YAAY;QACxC,eAAe,EAAE,aAAa,CAAC,eAAe;QAC9C,aAAa;QACb,WAAW,EAAE,aAAa,CAAC,WAAW;QACtC,MAAM,EAAE,aAAa,CAAC,MAAM;QAC5B,YAAY,EAAE,aAAa,CAAC,YAAY;KACzC,CAAC;AACJ,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export type { ClientConfig, CircuitName, CircuitId, PaymentInfo, PaymentRequirements, ChallengeResponse, ProveInputs, ProveRequest, ProveResponse, VerifyResult, EASAttestation, AttestationData, ProofParams, ProofResult, StepResult, } from './types.js';
|
|
1
|
+
export type { ClientConfig, CircuitName, CircuitId, PaymentInfo, PaymentRequirements, ChallengeResponse, ProveInputs, ProveRequest, ProveResponse, VerifyResult, EASAttestation, AttestationData, ProofParams, ProofResult, StepResult, EncryptedProveRequest, } from './types.js';
|
|
2
2
|
export { CIRCUIT_NAME_MAP, CIRCUIT_ID_MAP } from './types.js';
|
|
3
3
|
export { CIRCUITS, COINBASE_ATTESTER_CONTRACT, AUTHORIZED_SIGNERS, USDC_ADDRESSES, } from './constants.js';
|
|
4
4
|
export { createConfig } from './config.js';
|
|
@@ -6,9 +6,12 @@ export { generateProof } from './flow.js';
|
|
|
6
6
|
export type { FlowCallbacks } from './flow.js';
|
|
7
7
|
export { requestChallenge, createSession } from './session.js';
|
|
8
8
|
export { makePayment } from './payment.js';
|
|
9
|
-
export { submitProof } from './prove.js';
|
|
9
|
+
export { submitProof, submitEncryptedProof } from './prove.js';
|
|
10
10
|
export { verifyOnChain, verifyProof } from './verify.js';
|
|
11
11
|
export { prepareInputs, computeSignalHash, computeScope, computeNullifier, recoverUserPubkey, hexToBytes, extractPubkeyCoordinates, } from './inputs.js';
|
|
12
|
+
export { buildProverToml } from './toml.js';
|
|
13
|
+
export { encryptForTee } from './tee.js';
|
|
14
|
+
export type { EncryptedEnvelope } from './tee.js';
|
|
12
15
|
export type { ProofportSigner } from './signer.js';
|
|
13
16
|
export { EthersWalletSigner, fromEthersWallet, fromPrivateKey } from './signer.js';
|
|
14
17
|
export { CdpWalletSigner } from './cdp.js';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,YAAY,EACV,YAAY,EACZ,WAAW,EACX,SAAS,EACT,WAAW,EACX,mBAAmB,EACnB,iBAAiB,EACjB,WAAW,EACX,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,cAAc,EACd,eAAe,EACf,WAAW,EACX,WAAW,EACX,UAAU,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,YAAY,EACV,YAAY,EACZ,WAAW,EACX,SAAS,EACT,WAAW,EACX,mBAAmB,EACnB,iBAAiB,EACjB,WAAW,EACX,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,cAAc,EACd,eAAe,EACf,WAAW,EACX,WAAW,EACX,UAAU,EACV,qBAAqB,GACtB,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAG9D,OAAO,EACL,QAAQ,EACR,0BAA0B,EAC1B,kBAAkB,EAClB,cAAc,GACf,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG3C,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAC1C,YAAY,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAG/C,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAGzD,OAAO,EACL,aAAa,EACb,iBAAiB,EACjB,YAAY,EACZ,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,wBAAwB,GACzB,MAAM,aAAa,CAAC;AAGrB,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAG5C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,YAAY,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAGlD,YAAY,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAGnF,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAG3C,OAAO,EACL,gBAAgB,EAChB,uBAAuB,EACvB,mBAAmB,EACnB,qBAAqB,EACrB,gBAAgB,GACjB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,qBAAqB,GACtB,MAAM,aAAa,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -8,10 +8,14 @@ export { generateProof } from './flow.js';
|
|
|
8
8
|
// Individual steps (for step-by-step usage)
|
|
9
9
|
export { requestChallenge, createSession } from './session.js';
|
|
10
10
|
export { makePayment } from './payment.js';
|
|
11
|
-
export { submitProof } from './prove.js';
|
|
11
|
+
export { submitProof, submitEncryptedProof } from './prove.js';
|
|
12
12
|
export { verifyOnChain, verifyProof } from './verify.js';
|
|
13
13
|
// Input computation
|
|
14
14
|
export { prepareInputs, computeSignalHash, computeScope, computeNullifier, recoverUserPubkey, hexToBytes, extractPubkeyCoordinates, } from './inputs.js';
|
|
15
|
+
// Prover.toml builder (for E2E encryption)
|
|
16
|
+
export { buildProverToml } from './toml.js';
|
|
17
|
+
// E2E Encryption
|
|
18
|
+
export { encryptForTee } from './tee.js';
|
|
15
19
|
export { EthersWalletSigner, fromEthersWallet, fromPrivateKey } from './signer.js';
|
|
16
20
|
// CDP (Coinbase Developer Platform) signer
|
|
17
21
|
export { CdpWalletSigner } from './cdp.js';
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAoBA,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAE9D,YAAY;AACZ,OAAO,EACL,QAAQ,EACR,0BAA0B,EAC1B,kBAAkB,EAClB,cAAc,GACf,MAAM,gBAAgB,CAAC;AAExB,gBAAgB;AAChB,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,0BAA0B;AAC1B,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAG1C,4CAA4C;AAC5C,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAEzD,oBAAoB;AACpB,OAAO,EACL,aAAa,EACb,iBAAiB,EACjB,YAAY,EACZ,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,wBAAwB,GACzB,MAAM,aAAa,CAAC;AAErB,2CAA2C;AAC3C,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAE5C,iBAAiB;AACjB,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAKzC,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAEnF,2CAA2C;AAC3C,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAE3C,cAAc;AACd,OAAO,EACL,gBAAgB,EAChB,uBAAuB,EACvB,mBAAmB,EACnB,qBAAqB,EACrB,gBAAgB,GACjB,MAAM,kBAAkB,CAAC;AAE1B,SAAS;AACT,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,qBAAqB,GACtB,MAAM,aAAa,CAAC"}
|
package/dist/prove.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import type { ClientConfig, CircuitName, ProveInputs, ProveResponse } from './types.js';
|
|
2
|
+
import type { EncryptedEnvelope } from './tee.js';
|
|
2
3
|
/**
|
|
3
4
|
* Submit proof generation with x402 payment headers.
|
|
4
5
|
* POST /api/v1/prove with X-Payment-TX and X-Payment-Nonce headers.
|
|
@@ -9,4 +10,14 @@ export declare function submitProof(config: ClientConfig, request: {
|
|
|
9
10
|
paymentTxHash: string;
|
|
10
11
|
paymentNonce: string;
|
|
11
12
|
}): Promise<ProveResponse>;
|
|
13
|
+
/**
|
|
14
|
+
* Submit an E2E encrypted proof request.
|
|
15
|
+
* The server acts as a blind relay -- it cannot read the inputs.
|
|
16
|
+
*/
|
|
17
|
+
export declare function submitEncryptedProof(config: ClientConfig, request: {
|
|
18
|
+
circuit: CircuitName;
|
|
19
|
+
encryptedPayload: EncryptedEnvelope;
|
|
20
|
+
paymentTxHash: string;
|
|
21
|
+
paymentNonce: string;
|
|
22
|
+
}): Promise<ProveResponse>;
|
|
12
23
|
//# sourceMappingURL=prove.d.ts.map
|
package/dist/prove.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"prove.d.ts","sourceRoot":"","sources":["../src/prove.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"prove.d.ts","sourceRoot":"","sources":["../src/prove.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AACxF,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAElD;;;GAGG;AACH,wBAAsB,WAAW,CAC/B,MAAM,EAAE,YAAY,EACpB,OAAO,EAAE;IACP,OAAO,EAAE,WAAW,CAAC;IACrB,MAAM,EAAE,WAAW,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;CACtB,GACA,OAAO,CAAC,aAAa,CAAC,CAqBxB;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,YAAY,EACpB,OAAO,EAAE;IACP,OAAO,EAAE,WAAW,CAAC;IACrB,gBAAgB,EAAE,iBAAiB,CAAC;IACpC,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;CACtB,GACA,OAAO,CAAC,aAAa,CAAC,CA0BxB"}
|
package/dist/prove.js
CHANGED
|
@@ -22,4 +22,31 @@ export async function submitProof(config, request) {
|
|
|
22
22
|
}
|
|
23
23
|
return response.json();
|
|
24
24
|
}
|
|
25
|
+
/**
|
|
26
|
+
* Submit an E2E encrypted proof request.
|
|
27
|
+
* The server acts as a blind relay -- it cannot read the inputs.
|
|
28
|
+
*/
|
|
29
|
+
export async function submitEncryptedProof(config, request) {
|
|
30
|
+
const url = `${config.baseUrl}/api/v1/prove`;
|
|
31
|
+
const response = await fetch(url, {
|
|
32
|
+
method: 'POST',
|
|
33
|
+
headers: {
|
|
34
|
+
'Content-Type': 'application/json',
|
|
35
|
+
'X-Payment-TX': request.paymentTxHash,
|
|
36
|
+
'X-Payment-Nonce': request.paymentNonce,
|
|
37
|
+
},
|
|
38
|
+
body: JSON.stringify({
|
|
39
|
+
circuit: request.circuit,
|
|
40
|
+
encrypted_payload: request.encryptedPayload,
|
|
41
|
+
}),
|
|
42
|
+
});
|
|
43
|
+
if (!response.ok) {
|
|
44
|
+
const error = await response.json().catch(() => ({ message: `HTTP ${response.status}` }));
|
|
45
|
+
if (response.status === 409) {
|
|
46
|
+
throw new Error('TEE key rotated. Retry with a new 402 challenge to get the updated key.');
|
|
47
|
+
}
|
|
48
|
+
throw new Error(`Proof generation failed: ${JSON.stringify(error)}`);
|
|
49
|
+
}
|
|
50
|
+
return response.json();
|
|
51
|
+
}
|
|
25
52
|
//# sourceMappingURL=prove.js.map
|
package/dist/prove.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"prove.js","sourceRoot":"","sources":["../src/prove.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"prove.js","sourceRoot":"","sources":["../src/prove.ts"],"names":[],"mappings":"AAGA;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,MAAoB,EACpB,OAKC;IAED,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,OAAO,eAAe,CAAC;IAC7C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,cAAc,EAAE,OAAO,CAAC,aAAa;YACrC,iBAAiB,EAAE,OAAO,CAAC,YAAY;SACxC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,MAAM,EAAE,OAAO,CAAC,MAAM;SACvB,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,QAAQ,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC;QAC1F,MAAM,IAAI,KAAK,CAAC,4BAA4B,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,OAAO,QAAQ,CAAC,IAAI,EAA4B,CAAC;AACnD,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,MAAoB,EACpB,OAKC;IAED,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,OAAO,eAAe,CAAC;IAC7C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,cAAc,EAAE,OAAO,CAAC,aAAa;YACrC,iBAAiB,EAAE,OAAO,CAAC,YAAY;SACxC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,iBAAiB,EAAE,OAAO,CAAC,gBAAgB;SAC5C,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,QAAQ,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC;QAE1F,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;QAC7F,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,4BAA4B,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,OAAO,QAAQ,CAAC,IAAI,EAA4B,CAAC;AACnD,CAAC"}
|
package/dist/session.d.ts
CHANGED
|
@@ -3,6 +3,6 @@ import type { ClientConfig, CircuitName, ChallengeResponse, ProveInputs } from '
|
|
|
3
3
|
* Request a 402 payment challenge from the server.
|
|
4
4
|
* POST /api/v1/prove without payment headers → 402 with nonce + payment info.
|
|
5
5
|
*/
|
|
6
|
-
export declare function requestChallenge(config: ClientConfig, circuit: CircuitName, inputs
|
|
6
|
+
export declare function requestChallenge(config: ClientConfig, circuit: CircuitName, inputs?: ProveInputs): Promise<ChallengeResponse>;
|
|
7
7
|
export { requestChallenge as createSession };
|
|
8
8
|
//# sourceMappingURL=session.d.ts.map
|
package/dist/session.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE5F;;;GAGG;AACH,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,YAAY,EACpB,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,WAAW,
|
|
1
|
+
{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE5F;;;GAGG;AACH,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,YAAY,EACpB,OAAO,EAAE,WAAW,EACpB,MAAM,CAAC,EAAE,WAAW,GACnB,OAAO,CAAC,iBAAiB,CAAC,CAc5B;AAGD,OAAO,EAAE,gBAAgB,IAAI,aAAa,EAAE,CAAC"}
|
package/dist/session.js
CHANGED
|
@@ -7,7 +7,7 @@ export async function requestChallenge(config, circuit, inputs) {
|
|
|
7
7
|
const response = await fetch(url, {
|
|
8
8
|
method: 'POST',
|
|
9
9
|
headers: { 'Content-Type': 'application/json' },
|
|
10
|
-
body: JSON.stringify({ circuit, inputs }),
|
|
10
|
+
body: JSON.stringify({ circuit, ...(inputs && { inputs }) }),
|
|
11
11
|
});
|
|
12
12
|
if (response.status !== 402) {
|
|
13
13
|
const error = await response.json().catch(() => ({ message: `HTTP ${response.status}` }));
|
package/dist/session.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.js","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,MAAoB,EACpB,OAAoB,EACpB,
|
|
1
|
+
{"version":3,"file":"session.js","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,MAAoB,EACpB,OAAoB,EACpB,MAAoB;IAEpB,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,OAAO,eAAe,CAAC;IAC7C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;KAC7D,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC5B,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,QAAQ,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC;QAC1F,MAAM,IAAI,KAAK,CAAC,+BAA+B,QAAQ,CAAC,MAAM,KAAM,KAAa,CAAC,OAAO,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAClH,CAAC;IAED,OAAO,QAAQ,CAAC,IAAI,EAAgC,CAAC;AACvD,CAAC;AAED,wEAAwE;AACxE,OAAO,EAAE,gBAAgB,IAAI,aAAa,EAAE,CAAC"}
|
package/dist/tee.d.ts
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* TEE E2E Encryption -- Client-side X25519 ECDH + AES-256-GCM
|
|
3
|
+
*/
|
|
4
|
+
export interface EncryptedEnvelope {
|
|
5
|
+
ephemeralPublicKey: string;
|
|
6
|
+
iv: string;
|
|
7
|
+
ciphertext: string;
|
|
8
|
+
authTag: string;
|
|
9
|
+
keyId: string;
|
|
10
|
+
}
|
|
11
|
+
/**
|
|
12
|
+
* Encrypt a payload for the TEE using X25519 ECDH + AES-256-GCM.
|
|
13
|
+
*/
|
|
14
|
+
export declare function encryptForTee(plaintext: string, teePublicKeyHex: string): EncryptedEnvelope;
|
|
15
|
+
//# sourceMappingURL=tee.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tee.d.ts","sourceRoot":"","sources":["../src/tee.ts"],"names":[],"mappings":"AAAA;;GAEG;AAaH,MAAM,WAAW,iBAAiB;IAChC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;CACf;AAUD;;GAEG;AACH,wBAAgB,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,iBAAiB,CAuB3F"}
|
package/dist/tee.js
ADDED
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* TEE E2E Encryption -- Client-side X25519 ECDH + AES-256-GCM
|
|
3
|
+
*/
|
|
4
|
+
import { createHash, generateKeyPairSync, diffieHellman, randomBytes, createCipheriv, createPublicKey, } from 'crypto';
|
|
5
|
+
// ─── Encryption ─────────────────────────────────────────────────────────
|
|
6
|
+
const X25519_SPKI_HEADER = Buffer.from('302a300506032b656e032100', 'hex');
|
|
7
|
+
function computeKeyId(publicKeyHex) {
|
|
8
|
+
return createHash('sha256').update(Buffer.from(publicKeyHex, 'hex')).digest('hex').slice(0, 16);
|
|
9
|
+
}
|
|
10
|
+
/**
|
|
11
|
+
* Encrypt a payload for the TEE using X25519 ECDH + AES-256-GCM.
|
|
12
|
+
*/
|
|
13
|
+
export function encryptForTee(plaintext, teePublicKeyHex) {
|
|
14
|
+
const { publicKey: ephPublic, privateKey: ephPrivate } = generateKeyPairSync('x25519');
|
|
15
|
+
const ephPublicDer = ephPublic.export({ type: 'spki', format: 'der' });
|
|
16
|
+
const ephPublicRaw = ephPublicDer.subarray(12);
|
|
17
|
+
const teePubDer = Buffer.concat([X25519_SPKI_HEADER, Buffer.from(teePublicKeyHex, 'hex')]);
|
|
18
|
+
const teePubKeyObj = createPublicKey({ key: teePubDer, format: 'der', type: 'spki' });
|
|
19
|
+
const shared = diffieHellman({ publicKey: teePubKeyObj, privateKey: ephPrivate });
|
|
20
|
+
const aesKey = createHash('sha256').update(shared).digest();
|
|
21
|
+
const iv = randomBytes(12);
|
|
22
|
+
const cipher = createCipheriv('aes-256-gcm', aesKey, iv);
|
|
23
|
+
const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);
|
|
24
|
+
const authTag = cipher.getAuthTag();
|
|
25
|
+
return {
|
|
26
|
+
ephemeralPublicKey: ephPublicRaw.toString('hex'),
|
|
27
|
+
iv: iv.toString('hex'),
|
|
28
|
+
ciphertext: encrypted.toString('hex'),
|
|
29
|
+
authTag: authTag.toString('hex'),
|
|
30
|
+
keyId: computeKeyId(teePublicKeyHex),
|
|
31
|
+
};
|
|
32
|
+
}
|
|
33
|
+
//# sourceMappingURL=tee.js.map
|
package/dist/tee.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tee.js","sourceRoot":"","sources":["../src/tee.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EACL,UAAU,EACV,mBAAmB,EACnB,aAAa,EACb,WAAW,EACX,cAAc,EACd,eAAe,GAChB,MAAM,QAAQ,CAAC;AAYhB,2EAA2E;AAE3E,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;AAE1E,SAAS,YAAY,CAAC,YAAoB;IACxC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAClG,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,SAAiB,EAAE,eAAuB;IACtE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IACvF,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAW,CAAC;IACjF,MAAM,YAAY,GAAG,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAE/C,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,kBAAkB,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;IAC3F,MAAM,YAAY,GAAG,eAAe,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;IAEtF,MAAM,MAAM,GAAG,aAAa,CAAC,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC;IAClF,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC;IAE5D,MAAM,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC3B,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACpF,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAEpC,OAAO;QACL,kBAAkB,EAAE,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC;QAChD,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;QACtB,UAAU,EAAE,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;QACrC,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC;QAChC,KAAK,EAAE,YAAY,CAAC,eAAe,CAAC;KACrC,CAAC;AACJ,CAAC"}
|
package/dist/toml.d.ts
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Prover.toml builder for client-side E2E encryption.
|
|
3
|
+
*
|
|
4
|
+
* Converts SDK ProveInputs to Prover.toml string format that the TEE's
|
|
5
|
+
* bb CLI can consume directly. This enables the client to build the complete
|
|
6
|
+
* proverToml locally, encrypt it with the TEE's public key, and send the
|
|
7
|
+
* encrypted blob — making the server a blind relay.
|
|
8
|
+
*/
|
|
9
|
+
import type { ProveInputs, CircuitId } from './types.js';
|
|
10
|
+
/**
|
|
11
|
+
* Build a Prover.toml string from SDK ProveInputs.
|
|
12
|
+
*
|
|
13
|
+
* This is the client-side equivalent of the server's toProverToml().
|
|
14
|
+
* The output format must exactly match what the TEE's enclave-server.py expects.
|
|
15
|
+
*
|
|
16
|
+
* @param circuitId - Canonical circuit ID ('coinbase_attestation' or 'coinbase_country_attestation')
|
|
17
|
+
* @param inputs - Client-computed ProveInputs from prepareInputs()
|
|
18
|
+
* @returns Prover.toml content string
|
|
19
|
+
*/
|
|
20
|
+
export declare function buildProverToml(circuitId: CircuitId, inputs: ProveInputs): string;
|
|
21
|
+
//# sourceMappingURL=toml.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"toml.d.ts","sourceRoot":"","sources":["../src/toml.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AA+DzD;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,GAAG,MAAM,CA8BjF"}
|
package/dist/toml.js
ADDED
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Prover.toml builder for client-side E2E encryption.
|
|
3
|
+
*
|
|
4
|
+
* Converts SDK ProveInputs to Prover.toml string format that the TEE's
|
|
5
|
+
* bb CLI can consume directly. This enables the client to build the complete
|
|
6
|
+
* proverToml locally, encrypt it with the TEE's public key, and send the
|
|
7
|
+
* encrypted blob — making the server a blind relay.
|
|
8
|
+
*/
|
|
9
|
+
import { ethers } from 'ethers';
|
|
10
|
+
// ─── Helpers ────────────────────────────────────────────────────────────
|
|
11
|
+
function hexToBytes(hex) {
|
|
12
|
+
const clean = hex.startsWith('0x') ? hex.slice(2) : hex;
|
|
13
|
+
const bytes = [];
|
|
14
|
+
for (let i = 0; i < clean.length; i += 2) {
|
|
15
|
+
bytes.push(parseInt(clean.slice(i, i + 2), 16));
|
|
16
|
+
}
|
|
17
|
+
return bytes;
|
|
18
|
+
}
|
|
19
|
+
function padBytes(bytes, length) {
|
|
20
|
+
const padded = [...bytes];
|
|
21
|
+
while (padded.length < length) {
|
|
22
|
+
padded.push(0);
|
|
23
|
+
}
|
|
24
|
+
return padded;
|
|
25
|
+
}
|
|
26
|
+
function bytesToHexArray(bytes) {
|
|
27
|
+
const arr = Array.from(bytes);
|
|
28
|
+
return '[' + arr.map(b => '0x' + b.toString(16).padStart(2, '0')).join(', ') + ']';
|
|
29
|
+
}
|
|
30
|
+
function splitSignature(sig) {
|
|
31
|
+
const signature = ethers.Signature.from(sig);
|
|
32
|
+
const rBytes = hexToBytes(signature.r);
|
|
33
|
+
// Use _s to get raw s value, bypassing canonical check
|
|
34
|
+
const sValue = signature._s || signature.s;
|
|
35
|
+
const sBytes = hexToBytes(sValue);
|
|
36
|
+
return [...rBytes, ...sBytes];
|
|
37
|
+
}
|
|
38
|
+
function formatMerkleProof(proof, maxDepth) {
|
|
39
|
+
const paddedProof = [];
|
|
40
|
+
for (let i = 0; i < maxDepth; i++) {
|
|
41
|
+
if (i < proof.length) {
|
|
42
|
+
paddedProof.push(padBytes(hexToBytes(proof[i]), 32));
|
|
43
|
+
}
|
|
44
|
+
else {
|
|
45
|
+
paddedProof.push(new Array(32).fill(0));
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
const lines = paddedProof.map(entry => ' ' + bytesToHexArray(entry));
|
|
49
|
+
return '[\n' + lines.join(',\n') + '\n]';
|
|
50
|
+
}
|
|
51
|
+
function formatCountryList(countries, maxEntries) {
|
|
52
|
+
const paddedList = [];
|
|
53
|
+
for (let i = 0; i < maxEntries; i++) {
|
|
54
|
+
if (i < countries.length) {
|
|
55
|
+
paddedList.push([countries[i].charCodeAt(0), countries[i].charCodeAt(1)]);
|
|
56
|
+
}
|
|
57
|
+
else {
|
|
58
|
+
paddedList.push([0, 0]);
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
const lines = paddedList.map(entry => ' ' + bytesToHexArray(entry));
|
|
62
|
+
return '[\n' + lines.join(',\n') + '\n]';
|
|
63
|
+
}
|
|
64
|
+
// ─── Main Export ────────────────────────────────────────────────────────
|
|
65
|
+
/**
|
|
66
|
+
* Build a Prover.toml string from SDK ProveInputs.
|
|
67
|
+
*
|
|
68
|
+
* This is the client-side equivalent of the server's toProverToml().
|
|
69
|
+
* The output format must exactly match what the TEE's enclave-server.py expects.
|
|
70
|
+
*
|
|
71
|
+
* @param circuitId - Canonical circuit ID ('coinbase_attestation' or 'coinbase_country_attestation')
|
|
72
|
+
* @param inputs - Client-computed ProveInputs from prepareInputs()
|
|
73
|
+
* @returns Prover.toml content string
|
|
74
|
+
*/
|
|
75
|
+
export function buildProverToml(circuitId, inputs) {
|
|
76
|
+
const lines = [];
|
|
77
|
+
lines.push(`signal_hash = ${bytesToHexArray(hexToBytes(inputs.signal_hash))}`);
|
|
78
|
+
lines.push(`signer_list_merkle_root = ${bytesToHexArray(hexToBytes(inputs.merkle_root))}`);
|
|
79
|
+
if (circuitId === 'coinbase_country_attestation') {
|
|
80
|
+
if (!inputs.country_list || inputs.is_included === undefined) {
|
|
81
|
+
throw new Error('country_list and is_included are required for coinbase_country_attestation');
|
|
82
|
+
}
|
|
83
|
+
lines.push(`country_list = ${formatCountryList(inputs.country_list, 10)}`);
|
|
84
|
+
lines.push(`country_list_length = ${inputs.country_list.length}`);
|
|
85
|
+
lines.push(`is_included = ${inputs.is_included}`);
|
|
86
|
+
}
|
|
87
|
+
lines.push(`scope = ${bytesToHexArray(hexToBytes(inputs.scope_bytes))}`);
|
|
88
|
+
lines.push(`nullifier = ${bytesToHexArray(hexToBytes(inputs.nullifier))}`);
|
|
89
|
+
lines.push(`user_address = ${bytesToHexArray(hexToBytes(inputs.user_address))}`);
|
|
90
|
+
lines.push(`user_signature = ${bytesToHexArray(splitSignature(inputs.signature))}`);
|
|
91
|
+
lines.push(`user_pubkey_x = ${bytesToHexArray(hexToBytes(inputs.user_pubkey_x))}`);
|
|
92
|
+
lines.push(`user_pubkey_y = ${bytesToHexArray(hexToBytes(inputs.user_pubkey_y))}`);
|
|
93
|
+
lines.push(`tx_length = ${inputs.tx_length}`);
|
|
94
|
+
lines.push(`raw_transaction = ${bytesToHexArray(padBytes(hexToBytes(inputs.raw_transaction), 300))}`);
|
|
95
|
+
lines.push(`coinbase_attester_pubkey_x = ${bytesToHexArray(hexToBytes(inputs.coinbase_attester_pubkey_x))}`);
|
|
96
|
+
lines.push(`coinbase_attester_pubkey_y = ${bytesToHexArray(hexToBytes(inputs.coinbase_attester_pubkey_y))}`);
|
|
97
|
+
lines.push(`coinbase_signer_merkle_proof = ${formatMerkleProof(inputs.merkle_proof, 8)}`);
|
|
98
|
+
lines.push(`coinbase_signer_leaf_index = ${inputs.leaf_index}`);
|
|
99
|
+
lines.push(`merkle_proof_depth = ${inputs.depth}`);
|
|
100
|
+
return lines.join('\n');
|
|
101
|
+
}
|
|
102
|
+
//# sourceMappingURL=toml.js.map
|
package/dist/toml.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"toml.js","sourceRoot":"","sources":["../src/toml.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAGhC,2EAA2E;AAE3E,SAAS,UAAU,CAAC,GAAW;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IACxD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QACzC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,QAAQ,CAAC,KAAe,EAAE,MAAc;IAC/C,MAAM,MAAM,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC;IAC1B,OAAO,MAAM,CAAC,MAAM,GAAG,MAAM,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACjB,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,eAAe,CAAC,KAA4B;IACnD,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9B,OAAO,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;AACrF,CAAC;AAED,SAAS,cAAc,CAAC,GAAW;IACjC,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACvC,uDAAuD;IACvD,MAAM,MAAM,GAAI,SAAiB,CAAC,EAAE,IAAI,SAAS,CAAC,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IAClC,OAAO,CAAC,GAAG,MAAM,EAAE,GAAG,MAAM,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAe,EAAE,QAAgB;IAC1D,MAAM,WAAW,GAAe,EAAE,CAAC;IACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;YACrB,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;QACvD,CAAC;aAAM,CAAC;YACN,WAAW,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IACD,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC;IACxE,OAAO,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC;AAC3C,CAAC;AAED,SAAS,iBAAiB,CAAC,SAAmB,EAAE,UAAkB;IAChE,MAAM,UAAU,GAAe,EAAE,CAAC;IAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,IAAI,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC;YACzB,UAAU,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5E,CAAC;aAAM,CAAC;YACN,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IACD,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC;IACvE,OAAO,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC;AAC3C,CAAC;AAED,2EAA2E;AAE3E;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAAC,SAAoB,EAAE,MAAmB;IACvE,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,CAAC,IAAI,CAAC,iBAAiB,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC,CAAC;IAC/E,KAAK,CAAC,IAAI,CAAC,6BAA6B,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC,CAAC;IAE3F,IAAI,SAAS,KAAK,8BAA8B,EAAE,CAAC;QACjD,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YAC7D,MAAM,IAAI,KAAK,CAAC,4EAA4E,CAAC,CAAC;QAChG,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,kBAAkB,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;QAC3E,KAAK,CAAC,IAAI,CAAC,yBAAyB,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;QAClE,KAAK,CAAC,IAAI,CAAC,iBAAiB,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,WAAW,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC,CAAC;IACzE,KAAK,CAAC,IAAI,CAAC,eAAe,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC;IAC3E,KAAK,CAAC,IAAI,CAAC,kBAAkB,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC;IACjF,KAAK,CAAC,IAAI,CAAC,oBAAoB,eAAe,CAAC,cAAc,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC;IACpF,KAAK,CAAC,IAAI,CAAC,mBAAmB,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC;IACnF,KAAK,CAAC,IAAI,CAAC,mBAAmB,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC;IACnF,KAAK,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;IAC9C,KAAK,CAAC,IAAI,CAAC,qBAAqB,eAAe,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC;IACtG,KAAK,CAAC,IAAI,CAAC,gCAAgC,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,0BAA0B,CAAC,CAAC,EAAE,CAAC,CAAC;IAC7G,KAAK,CAAC,IAAI,CAAC,gCAAgC,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,0BAA0B,CAAC,CAAC,EAAE,CAAC,CAAC;IAC7G,KAAK,CAAC,IAAI,CAAC,kCAAkC,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;IAC1F,KAAK,CAAC,IAAI,CAAC,gCAAgC,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;IAChE,KAAK,CAAC,IAAI,CAAC,wBAAwB,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;IAEnD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -41,6 +41,11 @@ export interface ChallengeResponse {
|
|
|
41
41
|
message: string;
|
|
42
42
|
nonce: string;
|
|
43
43
|
payment: PaymentRequirements;
|
|
44
|
+
teePublicKey?: {
|
|
45
|
+
publicKey: string;
|
|
46
|
+
keyId: string;
|
|
47
|
+
attestationDocument: string | null;
|
|
48
|
+
} | null;
|
|
44
49
|
}
|
|
45
50
|
export interface ProveInputs {
|
|
46
51
|
signal_hash: string;
|
|
@@ -63,7 +68,17 @@ export interface ProveInputs {
|
|
|
63
68
|
}
|
|
64
69
|
export interface ProveRequest {
|
|
65
70
|
circuit: CircuitName;
|
|
66
|
-
inputs
|
|
71
|
+
inputs?: ProveInputs;
|
|
72
|
+
encrypted_payload?: EncryptedProveRequest['encrypted_payload'];
|
|
73
|
+
}
|
|
74
|
+
export interface EncryptedProveRequest {
|
|
75
|
+
encrypted_payload: {
|
|
76
|
+
ephemeralPublicKey: string;
|
|
77
|
+
iv: string;
|
|
78
|
+
ciphertext: string;
|
|
79
|
+
authTag: string;
|
|
80
|
+
keyId: string;
|
|
81
|
+
};
|
|
67
82
|
}
|
|
68
83
|
export interface ProveResponse {
|
|
69
84
|
proof: string;
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAEA,uCAAuC;AACvC,MAAM,MAAM,WAAW,GAAG,cAAc,GAAG,kBAAkB,CAAC;AAE9D,uDAAuD;AACvD,MAAM,MAAM,SAAS,GAAG,sBAAsB,GAAG,8BAA8B,CAAC;AAEhF,0DAA0D;AAC1D,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,WAAW,EAAE,SAAS,CAG3D,CAAC;AAEF,+DAA+D;AAC/D,eAAO,MAAM,cAAc,EAAE,MAAM,CAAC,SAAS,EAAE,WAAW,CAGzD,CAAC;AAIF,MAAM,WAAW,YAAY;IAC3B,oEAAoE;IACpE,OAAO,EAAE,MAAM,CAAC;IAChB,oDAAoD;IACpD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,2BAA2B;IAC3B,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAID,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB;AAID,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;CACzD;AAED,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAEA,uCAAuC;AACvC,MAAM,MAAM,WAAW,GAAG,cAAc,GAAG,kBAAkB,CAAC;AAE9D,uDAAuD;AACvD,MAAM,MAAM,SAAS,GAAG,sBAAsB,GAAG,8BAA8B,CAAC;AAEhF,0DAA0D;AAC1D,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,WAAW,EAAE,SAAS,CAG3D,CAAC;AAEF,+DAA+D;AAC/D,eAAO,MAAM,cAAc,EAAE,MAAM,CAAC,SAAS,EAAE,WAAW,CAGzD,CAAC;AAIF,MAAM,WAAW,YAAY;IAC3B,oEAAoE;IACpE,OAAO,EAAE,MAAM,CAAC;IAChB,oDAAoD;IACpD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,2BAA2B;IAC3B,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAID,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB;AAID,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;CACzD;AAED,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,mBAAmB,CAAC;IAC7B,YAAY,CAAC,EAAE;QACb,SAAS,EAAE,MAAM,CAAC;QAClB,KAAK,EAAE,MAAM,CAAC;QACd,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;KACpC,GAAG,IAAI,CAAC;CACV;AAID,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,0BAA0B,EAAE,MAAM,CAAC;IACnC,0BAA0B,EAAE,MAAM,CAAC;IACnC,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,WAAW,CAAC;IACrB,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,iBAAiB,CAAC,EAAE,qBAAqB,CAAC,mBAAmB,CAAC,CAAC;CAChE;AAID,MAAM,WAAW,qBAAqB;IACpC,iBAAiB,EAAE;QACjB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,EAAE,EAAE,MAAM,CAAC;QACX,UAAU,EAAE,MAAM,CAAC;QACnB,OAAO,EAAE,MAAM,CAAC;QAChB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE;QACX,QAAQ,EAAE,MAAM,CAAC;QACjB,UAAU,EAAE,MAAM,CAAC;QACnB,YAAY,EAAE;YACZ,WAAW,EAAE,OAAO,CAAC;YACrB,UAAU,EAAE,OAAO,CAAC;YACpB,cAAc,EAAE,OAAO,CAAC;YACxB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;SAC9B,CAAC;KACH,GAAG,IAAI,CAAC;IACT,MAAM,EAAE;QACN,OAAO,EAAE,MAAM,CAAC;QAChB,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,YAAY,EAAE;QACZ,OAAO,EAAE,MAAM,CAAC;QAChB,eAAe,EAAE,MAAM,CAAC;QACxB,MAAM,EAAE,MAAM,CAAC;KAChB,GAAG,IAAI,CAAC;CACV;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,OAAO,CAAC;IACf,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAID,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,cAAc,CAAC;IAC5B,cAAc,EAAE,MAAM,CAAC;CACxB;AAID,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,WAAW,CAAC;IACrB,2DAA2D;IAC3D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gEAAgE;IAChE,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,iEAAiE;IACjE,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,aAAa,CAAC,aAAa,CAAC,CAAC;IAC1C,MAAM,EAAE,aAAa,CAAC,QAAQ,CAAC,CAAC;IAChC,YAAY,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;CAC7C;AAID,MAAM,WAAW,UAAU,CAAC,CAAC,GAAG,OAAO;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,CAAC,CAAC;IACR,UAAU,EAAE,MAAM,CAAC;CACpB"}
|