UNPKG

@opendatalabs/vana-sdk

Version:

A TypeScript library for interacting with Vana Network smart contracts.

github.com/vana-com/vana-sdk

vana-com/vana-sdk

268 lines 10.2 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
"use strict"; var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; var __hasOwnProp = Object.prototype.hasOwnProperty; var __export = (target, all) => { for (var name in all) __defProp(target, name, { get: all[name], enumerable: true }); }; var __copyProps = (to, from, except, desc) => { if (from && typeof from === "object" || typeof from === "function") { for (let key of __getOwnPropNames(from)) if (!__hasOwnProp.call(to, key) && key !== except) __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } return to; }; var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); var base_exports = {}; __export(base_exports, { BaseECIESUint8: () => BaseECIESUint8 }); module.exports = __toCommonJS(base_exports); var import_interface = require("./interface"); var import_constants = require("./constants"); var import_utils = require("./utils"); var import_viem = require("viem"); class BaseECIESUint8 { // Cache for validated public keys to avoid repeated validation static validatedKeys = /* @__PURE__ */ new WeakMap(); /** * Normalizes a public key to uncompressed format. * * @param publicKey - Public key in any format. * @returns Uncompressed public key (65 bytes). * @throws {ECIESError} If key format is invalid. */ normalizePublicKey(publicKey) { if (BaseECIESUint8.validatedKeys.get(publicKey)) { return publicKey; } if (publicKey.length === import_constants.CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH) { if (publicKey[0] !== import_constants.CURVE.PREFIX.UNCOMPRESSED) { throw new import_interface.ECIESError( "Invalid uncompressed public key prefix", "INVALID_KEY" ); } if (!this.validatePublicKey(publicKey)) { throw new import_interface.ECIESError("Invalid public key", "INVALID_KEY"); } BaseECIESUint8.validatedKeys.set(publicKey, true); return publicKey; } if (publicKey.length === import_constants.CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) { if (publicKey[0] === import_constants.CURVE.PREFIX.COMPRESSED_EVEN || publicKey[0] === import_constants.CURVE.PREFIX.COMPRESSED_ODD) { const decompressed = this.decompressPublicKey(publicKey); if (!decompressed) { throw new import_interface.ECIESError( "Failed to decompress public key", "INVALID_KEY" ); } BaseECIESUint8.validatedKeys.set(decompressed, true); return decompressed; } throw new import_interface.ECIESError( `Invalid compressed public key prefix: expected 0x02 or 0x03, got 0x${publicKey[0].toString(16).padStart(2, "0")}`, "INVALID_KEY" ); } throw new import_interface.ECIESError( `Invalid public key length: ${publicKey.length}`, "INVALID_KEY" ); } /** * Encrypts data using ECIES. * * @param publicKey - The recipient's public key (compressed or uncompressed) * @param message - The data to encrypt * @returns Promise resolving to encrypted data structure */ async encrypt(publicKey, message) { let ephemeralPrivateKey; let sharedSecret; let kdf; let encryptionKey; let macKey; try { if (!(publicKey instanceof Uint8Array)) { throw new import_interface.ECIESError("Public key must be a Uint8Array", "INVALID_KEY"); } if (!(message instanceof Uint8Array)) { throw new import_interface.ECIESError( "Message must be a Uint8Array", "ENCRYPTION_FAILED" ); } if (publicKey.length === 0) { throw new import_interface.ECIESError("Public key cannot be empty", "INVALID_KEY"); } const pubKey = this.normalizePublicKey(publicKey); do { ephemeralPrivateKey = this.generateRandomBytes( import_constants.CURVE.PRIVATE_KEY_LENGTH ); } while (!this.verifyPrivateKey(ephemeralPrivateKey)); const ephemeralPublicKey = this.createPublicKey( ephemeralPrivateKey, false ); if (!ephemeralPublicKey) { throw new import_interface.ECIESError( "Failed to generate ephemeral public key", "ENCRYPTION_FAILED" ); } sharedSecret = this.performECDH(pubKey, ephemeralPrivateKey); kdf = this.sha512(sharedSecret); encryptionKey = kdf.slice( import_constants.KDF.ENCRYPTION_KEY_OFFSET, import_constants.KDF.ENCRYPTION_KEY_OFFSET + import_constants.KDF.ENCRYPTION_KEY_LENGTH ); macKey = kdf.slice( import_constants.KDF.MAC_KEY_OFFSET, import_constants.KDF.MAC_KEY_OFFSET + import_constants.KDF.MAC_KEY_LENGTH ); const iv = this.generateRandomBytes(import_constants.CIPHER.IV_LENGTH); const ciphertext = await this.aesEncrypt(encryptionKey, iv, message); const macData = (0, import_viem.concat)([iv, ephemeralPublicKey, ciphertext]); const mac = this.hmacSha256(macKey, macData); return { iv, ephemPublicKey: ephemeralPublicKey, ciphertext, mac }; } catch (error) { if (error instanceof import_interface.ECIESError) throw error; throw new import_interface.ECIESError( `Encryption failed: ${error instanceof Error ? error.message : "Unknown error"}`, "ENCRYPTION_FAILED", error instanceof Error ? error : void 0 ); } finally { if (ephemeralPrivateKey) this.clearBuffer(ephemeralPrivateKey); if (sharedSecret) this.clearBuffer(sharedSecret); if (kdf) this.clearBuffer(kdf); if (encryptionKey) this.clearBuffer(encryptionKey); if (macKey) this.clearBuffer(macKey); } } /** * Decrypts ECIES encrypted data. * * @param privateKey - The recipient's private key (32 bytes) * @param encrypted - The encrypted data structure from encrypt() * @returns Promise resolving to the original plaintext */ async decrypt(privateKey, encrypted) { let sharedSecret; let kdf; let encryptionKey; let macKey; try { if (!(privateKey instanceof Uint8Array)) { throw new import_interface.ECIESError("Private key must be a Uint8Array", "INVALID_KEY"); } if (!(0, import_interface.isECIESEncrypted)(encrypted)) { throw new import_interface.ECIESError( "Invalid encrypted data structure", "DECRYPTION_FAILED" ); } if (privateKey.length !== import_constants.CURVE.PRIVATE_KEY_LENGTH) { throw new import_interface.ECIESError( `Invalid private key length: ${privateKey.length}`, "INVALID_KEY" ); } if (!this.verifyPrivateKey(privateKey)) { throw new import_interface.ECIESError("Invalid private key", "INVALID_KEY"); } if (encrypted.ephemPublicKey.length !== import_constants.CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH) { throw new import_interface.ECIESError( `Invalid ephemeral public key: expected ${import_constants.CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH} bytes (uncompressed), got ${encrypted.ephemPublicKey.length} bytes`, "INVALID_KEY" ); } if (encrypted.ephemPublicKey[0] !== import_constants.CURVE.PREFIX.UNCOMPRESSED) { throw new import_interface.ECIESError( "Invalid ephemeral public key: must be uncompressed format with 0x04 prefix (eccrypto standard)", "INVALID_KEY" ); } if (!this.validatePublicKey(encrypted.ephemPublicKey)) { throw new import_interface.ECIESError("Invalid ephemeral public key", "INVALID_KEY"); } const ephemeralPublicKey = encrypted.ephemPublicKey; sharedSecret = this.performECDH(ephemeralPublicKey, privateKey); kdf = this.sha512(sharedSecret); encryptionKey = kdf.slice( import_constants.KDF.ENCRYPTION_KEY_OFFSET, import_constants.KDF.ENCRYPTION_KEY_OFFSET + import_constants.KDF.ENCRYPTION_KEY_LENGTH ); macKey = kdf.slice( import_constants.KDF.MAC_KEY_OFFSET, import_constants.KDF.MAC_KEY_OFFSET + import_constants.KDF.MAC_KEY_LENGTH ); const macData = (0, import_viem.concat)([ encrypted.iv, encrypted.ephemPublicKey, encrypted.ciphertext ]); const expectedMac = this.hmacSha256(macKey, macData); if (!(0, import_utils.constantTimeEqual)(encrypted.mac, expectedMac)) { throw new import_interface.ECIESError("MAC verification failed", "MAC_MISMATCH"); } const decrypted = await this.aesDecrypt( encryptionKey, encrypted.iv, encrypted.ciphertext ); return decrypted; } catch (error) { if (error instanceof import_interface.ECIESError) throw error; throw new import_interface.ECIESError( `Decryption failed: ${error instanceof Error ? error.message : "Unknown error"}`, "DECRYPTION_FAILED", error instanceof Error ? error : void 0 ); } finally { if (sharedSecret) this.clearBuffer(sharedSecret); if (kdf) this.clearBuffer(kdf); if (encryptionKey) this.clearBuffer(encryptionKey); if (macKey) this.clearBuffer(macKey); } } /** * Clears sensitive data from memory using multi-pass overwrite. * * @remarks * Uses multiple passes with different patterns to make it harder * for JIT compilers to optimize away the operation. While not * guaranteed in JavaScript, this is a best-effort approach to * clear sensitive data from memory. * * @param buffer - The buffer to clear */ clearBuffer(buffer) { if (buffer && buffer.length > 0) { buffer.fill(0); buffer.fill(255); buffer.fill(170); buffer.fill(0); for (let i = 0; i < buffer.length; i++) { buffer[i] = i & 255 ^ 90; } buffer.fill(0); } } } // Annotate the CommonJS export names for ESM import in node: 0 && (module.exports = { BaseECIESUint8 }); //# sourceMappingURL=base.cjs.map