lightnode-sdk 0.4.5 → 0.4.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/crypto.d.ts +6 -4
- package/dist/crypto.js +61 -21
- package/dist/inference.js +1 -1
- package/package.json +1 -1
package/dist/crypto.d.ts
CHANGED
|
@@ -9,12 +9,14 @@
|
|
|
9
9
|
* - AES-GCM ciphertext layout: nonce(12) || ciphertext || tag(16).
|
|
10
10
|
* - Encrypted session key layout: ephemeralPub(65) || nonce(12) || ciphertext || tag(16).
|
|
11
11
|
*
|
|
12
|
-
* Uses the Web Crypto API
|
|
13
|
-
* Node
|
|
14
|
-
*
|
|
12
|
+
* Uses the Web Crypto API. Tries `globalThis.crypto` first (real browsers +
|
|
13
|
+
* Node 19+ where it is global), then falls back to `node:crypto`'s
|
|
14
|
+
* `webcrypto` export (Node 18 and StackBlitz's WebContainer, which exposes
|
|
15
|
+
* the node: module but not the global). No hard dependency on Node, and no
|
|
16
|
+
* polyfill in the browser bundle.
|
|
15
17
|
*/
|
|
16
18
|
/** A fresh 32-byte symmetric session key (random, never derived). */
|
|
17
|
-
export declare function generateSessionKey(): Uint8Array
|
|
19
|
+
export declare function generateSessionKey(): Promise<Uint8Array>;
|
|
18
20
|
/** Fresh ECDH P-256 keypair (extractable; we need to export the public key on the wire). */
|
|
19
21
|
export declare function generateEcdhKeyPair(): Promise<CryptoKeyPair>;
|
|
20
22
|
/** Export an ECDH public key to its raw uncompressed P-256 encoding (65 bytes). */
|
package/dist/crypto.js
CHANGED
|
@@ -9,23 +9,61 @@
|
|
|
9
9
|
* - AES-GCM ciphertext layout: nonce(12) || ciphertext || tag(16).
|
|
10
10
|
* - Encrypted session key layout: ephemeralPub(65) || nonce(12) || ciphertext || tag(16).
|
|
11
11
|
*
|
|
12
|
-
* Uses the Web Crypto API
|
|
13
|
-
* Node
|
|
14
|
-
*
|
|
12
|
+
* Uses the Web Crypto API. Tries `globalThis.crypto` first (real browsers +
|
|
13
|
+
* Node 19+ where it is global), then falls back to `node:crypto`'s
|
|
14
|
+
* `webcrypto` export (Node 18 and StackBlitz's WebContainer, which exposes
|
|
15
|
+
* the node: module but not the global). No hard dependency on Node, and no
|
|
16
|
+
* polyfill in the browser bundle.
|
|
15
17
|
*/
|
|
16
18
|
const AES_KEY_BYTES = 32;
|
|
17
19
|
const GCM_NONCE_BYTES = 12;
|
|
18
20
|
const P256_UNCOMPRESSED_KEY_BYTES = 65;
|
|
19
21
|
const SESSION_KEY_BYTES = 32;
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
22
|
+
let resolvedCrypto = null;
|
|
23
|
+
let resolvingCrypto = null;
|
|
24
|
+
async function getCrypto() {
|
|
25
|
+
if (resolvedCrypto)
|
|
26
|
+
return resolvedCrypto;
|
|
27
|
+
if (resolvingCrypto)
|
|
28
|
+
return resolvingCrypto;
|
|
29
|
+
resolvingCrypto = (async () => {
|
|
30
|
+
const g = globalThis.crypto;
|
|
31
|
+
if (g?.subtle && typeof g.getRandomValues === "function") {
|
|
32
|
+
const provider = { subtle: g.subtle, getRandomValues: g.getRandomValues.bind(g) };
|
|
33
|
+
resolvedCrypto = provider;
|
|
34
|
+
return provider;
|
|
35
|
+
}
|
|
36
|
+
// Node 18 + StackBlitz WebContainer: globalThis.crypto is missing, but
|
|
37
|
+
// `node:crypto` exposes the same Web Crypto API via `webcrypto`.
|
|
38
|
+
try {
|
|
39
|
+
const mod = (await import("node:crypto"));
|
|
40
|
+
const wc = mod.webcrypto;
|
|
41
|
+
if (wc?.subtle && typeof wc.getRandomValues === "function") {
|
|
42
|
+
const provider = { subtle: wc.subtle, getRandomValues: wc.getRandomValues.bind(wc) };
|
|
43
|
+
resolvedCrypto = provider;
|
|
44
|
+
return provider;
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
catch {
|
|
48
|
+
// node:crypto not importable - we're in a browser bundle without a
|
|
49
|
+
// global crypto. The fall-through error below explains the fix.
|
|
50
|
+
}
|
|
51
|
+
throw new Error("Web Crypto unavailable: globalThis.crypto is missing and node:crypto could not be loaded. " +
|
|
52
|
+
"The SDK requires Node 18+ or a modern browser.");
|
|
53
|
+
})();
|
|
54
|
+
try {
|
|
55
|
+
return await resolvingCrypto;
|
|
56
|
+
}
|
|
57
|
+
finally {
|
|
58
|
+
resolvingCrypto = null;
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
async function subtle() {
|
|
62
|
+
return (await getCrypto()).subtle;
|
|
25
63
|
}
|
|
26
|
-
function randomBytes(n) {
|
|
64
|
+
async function randomBytes(n) {
|
|
27
65
|
const buf = new Uint8Array(n);
|
|
28
|
-
|
|
66
|
+
(await getCrypto()).getRandomValues(buf);
|
|
29
67
|
return buf;
|
|
30
68
|
}
|
|
31
69
|
/** A fresh 32-byte symmetric session key (random, never derived). */
|
|
@@ -33,16 +71,16 @@ export function generateSessionKey() {
|
|
|
33
71
|
return randomBytes(SESSION_KEY_BYTES);
|
|
34
72
|
}
|
|
35
73
|
/** Fresh ECDH P-256 keypair (extractable; we need to export the public key on the wire). */
|
|
36
|
-
export function generateEcdhKeyPair() {
|
|
37
|
-
return subtle().generateKey({ name: "ECDH", namedCurve: "P-256" }, true, ["deriveBits"]);
|
|
74
|
+
export async function generateEcdhKeyPair() {
|
|
75
|
+
return (await subtle()).generateKey({ name: "ECDH", namedCurve: "P-256" }, true, ["deriveBits"]);
|
|
38
76
|
}
|
|
39
77
|
/** Export an ECDH public key to its raw uncompressed P-256 encoding (65 bytes). */
|
|
40
78
|
export async function exportPublicKey(key) {
|
|
41
|
-
return new Uint8Array(await subtle().exportKey("raw", key));
|
|
79
|
+
return new Uint8Array(await (await subtle()).exportKey("raw", key));
|
|
42
80
|
}
|
|
43
81
|
/** Import a raw uncompressed P-256 public key (65 bytes) into a CryptoKey. */
|
|
44
|
-
export function importPublicKey(raw) {
|
|
45
|
-
return subtle().importKey("raw", raw, { name: "ECDH", namedCurve: "P-256" }, true, []);
|
|
82
|
+
export async function importPublicKey(raw) {
|
|
83
|
+
return (await subtle()).importKey("raw", raw, { name: "ECDH", namedCurve: "P-256" }, true, []);
|
|
46
84
|
}
|
|
47
85
|
/**
|
|
48
86
|
* Derive a 32-byte shared secret from a local ECDH private key and a remote
|
|
@@ -50,15 +88,16 @@ export function importPublicKey(raw) {
|
|
|
50
88
|
* protocol's `priv.ECDH(remotePub)` output exactly.
|
|
51
89
|
*/
|
|
52
90
|
export async function deriveSharedSecret(privateKey, remotePublicKey) {
|
|
53
|
-
return new Uint8Array(await subtle().deriveBits({ name: "ECDH", public: remotePublicKey }, privateKey, 256));
|
|
91
|
+
return new Uint8Array(await (await subtle()).deriveBits({ name: "ECDH", public: remotePublicKey }, privateKey, 256));
|
|
54
92
|
}
|
|
55
93
|
/** Encrypt with AES-256-GCM. Output: nonce(12) || ciphertext || tag(16). */
|
|
56
94
|
export async function encrypt(key, plaintext) {
|
|
57
95
|
if (key.length !== AES_KEY_BYTES)
|
|
58
96
|
throw new Error(`AES key must be ${AES_KEY_BYTES} bytes`);
|
|
59
|
-
const
|
|
60
|
-
const
|
|
61
|
-
const
|
|
97
|
+
const s = await subtle();
|
|
98
|
+
const aesKey = await s.importKey("raw", key, "AES-GCM", false, ["encrypt"]);
|
|
99
|
+
const nonce = await randomBytes(GCM_NONCE_BYTES);
|
|
100
|
+
const ctPlusTag = new Uint8Array(await s.encrypt({ name: "AES-GCM", iv: nonce }, aesKey, plaintext));
|
|
62
101
|
const out = new Uint8Array(GCM_NONCE_BYTES + ctPlusTag.byteLength);
|
|
63
102
|
out.set(nonce, 0);
|
|
64
103
|
out.set(ctPlusTag, GCM_NONCE_BYTES);
|
|
@@ -70,10 +109,11 @@ export async function decrypt(key, ciphertext) {
|
|
|
70
109
|
throw new Error(`AES key must be ${AES_KEY_BYTES} bytes`);
|
|
71
110
|
if (ciphertext.length < GCM_NONCE_BYTES + 16)
|
|
72
111
|
throw new Error("ciphertext too short");
|
|
73
|
-
const
|
|
112
|
+
const s = await subtle();
|
|
113
|
+
const aesKey = await s.importKey("raw", key, "AES-GCM", false, ["decrypt"]);
|
|
74
114
|
const nonce = ciphertext.slice(0, GCM_NONCE_BYTES);
|
|
75
115
|
const body = ciphertext.slice(GCM_NONCE_BYTES);
|
|
76
|
-
return new Uint8Array(await
|
|
116
|
+
return new Uint8Array(await s.decrypt({ name: "AES-GCM", iv: nonce }, aesKey, body));
|
|
77
117
|
}
|
|
78
118
|
/**
|
|
79
119
|
* Wrap (encrypt) a 32-byte session key for delivery to a remote party (e.g. the
|
package/dist/inference.js
CHANGED
|
@@ -76,7 +76,7 @@ export const JOB_REGISTRY_CONSUMER_ABI = [
|
|
|
76
76
|
export async function prepareSession(gateway, modelTag) {
|
|
77
77
|
const id = modelId(modelTag);
|
|
78
78
|
const selected = await gateway.selectSession(id);
|
|
79
|
-
const sessionKey = generateSessionKey();
|
|
79
|
+
const sessionKey = await generateSessionKey();
|
|
80
80
|
// Workers' pubkeys arrive as base64; disputer's as hex - decodePublicKey
|
|
81
81
|
// accepts either.
|
|
82
82
|
const workerPub = await importPublicKey(decodePublicKey(selected.workerEncryptionKey));
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "lightnode-sdk",
|
|
3
|
-
"version": "0.4.
|
|
3
|
+
"version": "0.4.6",
|
|
4
4
|
"description": "Read-only TypeScript client for LightChain AI: workers, jobs, models, on-chain registration, and per-model network analytics. Independent, community-built (not an official LightChain package).",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.js",
|