@agentunion/fastaun-browser 0.2.20 → 0.3.0

package/dist/v2/e2ee/encrypt-group.js

@@ -0,0 +1,196 @@
+/**
+ * AUN E2EE V2: Group 加密引擎（浏览器版，async）
+ *
+ * 构造完整的 e2ee.group_encrypted envelope。纯计算，无 IO。
+ * 与 P2P 引擎同构，差异在 AAD（含 group_id/epoch/state_commitment）。
+ *
+ * 参考实现: python/src/aun_core/v2/e2ee/encrypt_group.py
+ */
+import { canonicalJson } from '../crypto/canonical';
+import { ecdsaSignRaw } from '../crypto/ecdsa';
+import { aesGcmEncrypt } from '../crypto/aead';
+import { generateP256Keypair } from '../crypto/ecdh';
+import { compute3DHWrap, compute1DHWrap } from '../crypto/dh-path';
+import { sortRecipients, computeRecipientsDigest } from '../crypto/recipients';
+import { SUITE_NAME, } from './types';
+import { withMetadataAuth, PROTECTED_HEADERS_DOMAIN, PROTECTED_CONTEXT_DOMAIN, } from './metadata-auth';
+import { normalizeProtectedHeaders } from './encrypt-p2p';
+const encoder = new TextEncoder();
+async function sha256(data) {
+    const buf = await crypto.subtle.digest('SHA-256', data.slice().buffer);
+    return new Uint8Array(buf);
+}
+function bytesToBase64(b) {
+    let bin = '';
+    for (let i = 0; i < b.length; i++)
+        bin += String.fromCharCode(b[i]);
+    return btoa(bin);
+}
+function bytesToHex(b) {
+    let s = '';
+    for (let i = 0; i < b.length; i++)
+        s += b[i].toString(16).padStart(2, '0');
+    return s;
+}
+function hexToBytes(s) {
+    if (s.length % 2 !== 0)
+        throw new Error('hex length must be even');
+    const out = new Uint8Array(s.length / 2);
+    for (let i = 0; i < out.length; i++) {
+        const hi = parseInt(s.charAt(i * 2), 16);
+        const lo = parseInt(s.charAt(i * 2 + 1), 16);
+        if (Number.isNaN(hi) || Number.isNaN(lo))
+            throw new Error('invalid hex char');
+        out[i] = (hi << 4) | lo;
+    }
+    return out;
+}
+function uuid4Hex() {
+    if (typeof crypto.randomUUID === 'function') {
+        return crypto.randomUUID().replace(/-/g, '');
+    }
+    const b = new Uint8Array(16);
+    crypto.getRandomValues(b);
+    b[6] = (b[6] & 0x0f) | 0x40;
+    b[8] = (b[8] & 0x3f) | 0x80;
+    return bytesToHex(b);
+}
+function randomBytes(n) {
+    const b = new Uint8Array(n);
+    crypto.getRandomValues(b);
+    return b;
+}
+/**
+ * 构造完整的 V2 Group 加密 envelope。
+ *
+ * @param sender           发送方身份
+ * @param groupId          群 ID
+ * @param epoch            当前加密 epoch
+ * @param targets          所有接收设备列表
+ * @param payload          业务 payload（将被加密）
+ * @param opts             可选参数（messageId / timestamp）
+ * @param stateCommitment  绑定到 AAD 的 state 信息；缺省 → sv=0 占位
+ */
+export async function encryptGroupMessage(sender, groupId, epoch, targets, payload, opts = {}, stateCommitment) {
+    const masterKey = randomBytes(32);
+    const msgNonce = randomBytes(12);
+    const messageId = opts.messageId ?? `m-${uuid4Hex()}`;
+    const timestamp = opts.timestamp ?? Date.now();
+    const protocolSet = new Set();
+    for (const t of targets) {
+        if (t.spkPkDer
+            && (t.keySource === 'peer_device_prekey' || t.keySource === 'group_device_prekey')) {
+            protocolSet.add('3DH');
+        }
+        else {
+            protocolSet.add('1DH');
+        }
+    }
+    const wrapProtocolStr = protocolSet.size > 0 ? [...protocolSet].sort().join('+') : '1DH';
+    const sc = stateCommitment ?? {};
+    const stateCommitmentAad = {
+        state_version: Math.trunc(Number(sc.state_version ?? 0)) || 0,
+        state_hash: String(sc.state_hash ?? ''),
+        state_chain: String(sc.state_chain ?? ''),
+    };
+    const aad = {
+        from: sender.aid,
+        from_device: sender.deviceId,
+        group_id: groupId,
+        epoch,
+        message_id: messageId,
+        timestamp,
+        suite: SUITE_NAME,
+        wrap_protocol: wrapProtocolStr,
+        state_commitment: stateCommitmentAad,
+    };
+    const plaintextBytes = canonicalJson(payload);
+    const aadBytes = canonicalJson(aad);
+    const { ciphertext, tag } = await aesGcmEncrypt(masterKey, msgNonce, plaintextBytes, aadBytes);
+    const [senderSessionPriv, senderSessionPubDer] = await generateP256Keypair();
+    const suiteBytes = encoder.encode(SUITE_NAME);
+    const saltInput = new Uint8Array(aadBytes.length + senderSessionPubDer.length + suiteBytes.length);
+    saltInput.set(aadBytes, 0);
+    saltInput.set(senderSessionPubDer, aadBytes.length);
+    saltInput.set(suiteBytes, aadBytes.length + senderSessionPubDer.length);
+    const wrapSalt = (await sha256(saltInput)).subarray(0, 16);
+    const recipientsRows = [];
+    for (const target of targets) {
+        recipientsRows.push(await wrapForRecipient(target, masterKey, senderSessionPriv, sender.ikPriv, wrapSalt));
+    }
+    const sortedRows = sortRecipients(recipientsRows);
+    const digestHex = await computeRecipientsDigest(sortedRows);
+    const digestBytes = hexToBytes(digestHex);
+    const signInput = new Uint8Array(ciphertext.length + tag.length + aadBytes.length + digestBytes.length);
+    let pos = 0;
+    signInput.set(ciphertext, pos);
+    pos += ciphertext.length;
+    signInput.set(tag, pos);
+    pos += tag.length;
+    signInput.set(aadBytes, pos);
+    pos += aadBytes.length;
+    signInput.set(digestBytes, pos);
+    const senderSig = await ecdsaSignRaw(sender.ikPriv, signInput);
+    const certFpHash = bytesToHex(await sha256(sender.ikPubDer));
+    const certFp = `sha256:${certFpHash.substring(0, 16)}`;
+    const envelope = {
+        type: 'e2ee.group_encrypted',
+        version: 'v2',
+        suite: SUITE_NAME,
+        msg_type: 'original',
+        group_id: groupId,
+        epoch,
+        t_send: timestamp,
+        t_server: null,
+        nonce: bytesToBase64(msgNonce),
+        ciphertext: bytesToBase64(ciphertext),
+        tag: bytesToBase64(tag),
+        sender_signature: bytesToBase64(senderSig),
+        sender_cert_fingerprint: certFp,
+        sender_session_pk: bytesToBase64(senderSessionPubDer),
+        recipients_digest: digestHex,
+        recipients: sortedRows,
+        aad,
+    };
+    // protected_headers / context：HMAC 签名（与 V1 对齐），不进 AAD
+    // payload_type 自动注入 + value 转 string（与 Python _normalize_headers 对齐）
+    const { context } = opts;
+    const normalizedHeaders = normalizeProtectedHeaders(opts.protectedHeaders, payload);
+    if (Object.keys(normalizedHeaders).length > 0) {
+        envelope.protected_headers = await withMetadataAuth(normalizedHeaders, masterKey, PROTECTED_HEADERS_DOMAIN);
+    }
+    if (context && typeof context === 'object' && Object.keys(context).length > 0) {
+        envelope.context = await withMetadataAuth(context, masterKey, PROTECTED_CONTEXT_DOMAIN);
+    }
+    return envelope;
+}
+async function wrapForRecipient(target, masterKey, senderSessionPriv, senderMasterPriv, wrapSalt) {
+    const role = target.role ?? 'member';
+    const keySource = target.keySource ?? 'aid_master';
+    const fpHash = bytesToHex(await sha256(target.ikPkDer));
+    const fp = `sha256:${fpHash.substring(0, 16)}`;
+    const wrapNonce = randomBytes(12);
+    let wrapKey;
+    if (target.spkPkDer
+        && (keySource === 'peer_device_prekey' || keySource === 'group_device_prekey')) {
+        wrapKey = await compute3DHWrap(senderSessionPriv, senderMasterPriv, target.ikPkDer, target.spkPkDer, wrapSalt);
+    }
+    else {
+        wrapKey = await compute1DHWrap(senderSessionPriv, target.ikPkDer, wrapSalt);
+    }
+    const { ciphertext: wrappedCt, tag: wrappedTag } = await aesGcmEncrypt(wrapKey, wrapNonce, masterKey, new Uint8Array(0));
+    const wrappedKey = new Uint8Array(wrappedCt.length + wrappedTag.length);
+    wrappedKey.set(wrappedCt, 0);
+    wrappedKey.set(wrappedTag, wrappedCt.length);
+    return [
+        target.aid,
+        target.deviceId,
+        role,
+        keySource,
+        fp,
+        target.spkId ?? '',
+        bytesToBase64(wrapNonce),
+        bytesToBase64(wrappedKey),
+    ];
+}
+//# sourceMappingURL=encrypt-group.js.map

package/dist/v2/e2ee/encrypt-group.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encrypt-group.js","sourceRoot":"","sources":["../../../src/v2/e2ee/encrypt-group.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAC/E,OAAO,EAKL,UAAU,GACX,MAAM,SAAS,CAAC;AACjB,OAAO,EACL,gBAAgB,EAChB,wBAAwB,EACxB,wBAAwB,GACzB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,yBAAyB,EAAE,MAAM,eAAe,CAAC;AAE1D,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;AAElC,KAAK,UAAU,MAAM,CAAC,IAAgB;IACpC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,MAAM,CAAC,CAAC;IACvE,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,aAAa,CAAC,CAAa;IAClC,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACpE,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;AACnB,CAAC;AAED,SAAS,UAAU,CAAC,CAAa;IAC/B,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC3E,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IACnE,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,MAAM,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACzC,MAAM,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QAC9E,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC;IAC1B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,QAAQ;IACf,IAAI,OAAO,MAAM,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;QAC5C,OAAO,MAAM,CAAC,UAAU,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAC/C,CAAC;IACD,MAAM,CAAC,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAC7B,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;IAC5B,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;IAC5B,OAAO,UAAU,CAAC,CAAC,CAAC,CAAC;AACvB,CAAC;AAED,SAAS,WAAW,CAAC,CAAS;IAC5B,MAAM,CAAC,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IAC5B,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAC1B,OAAO,CAAC,CAAC;AACX,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,MAAc,EACd,OAAe,EACf,KAAa,EACb,OAAiB,EACjB,OAAgC,EAChC,OAAuB,EAAE,EACzB,eAA6C;IAE7C,MAAM,SAAS,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAClC,MAAM,QAAQ,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAEjC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,KAAK,QAAQ,EAAE,EAAE,CAAC;IACtD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;IAE/C,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IACtC,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IACE,CAAC,CAAC,QAAQ;eACP,CAAC,CAAC,CAAC,SAAS,KAAK,oBAAoB,IAAI,CAAC,CAAC,SAAS,KAAK,qBAAqB,CAAC,EAClF,CAAC;YACD,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IACD,MAAM,eAAe,GAAG,WAAW,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IAEzF,MAAM,EAAE,GAAG,eAAe,IAAI,EAAE,CAAC;IACjC,MAAM,kBAAkB,GAAuB;QAC7C,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,aAAa,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;QAC7D,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC,UAAU,IAAI,EAAE,CAAC;QACvC,WAAW,EAAE,MAAM,CAAC,EAAE,CAAC,WAAW,IAAI,EAAE,CAAC;KAC1C,CAAC;IAEF,MAAM,GAAG,GAA4B;QACnC,IAAI,EAAE,MAAM,CAAC,GAAG;QAChB,WAAW,EAAE,MAAM,CAAC,QAAQ;QAC5B,QAAQ,EAAE,OAAO;QACjB,KAAK;QACL,UAAU,EAAE,SAAS;QACrB,SAAS;QACT,KAAK,EAAE,UAAU;QACjB,aAAa,EAAE,eAAe;QAC9B,gBAAgB,EAAE,kBAAkB;KACrC,CAAC;IAEF,MAAM,cAAc,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IACpC,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,MAAM,aAAa,CAAC,SAAS,EAAE,QAAQ,EAAE,cAAc,EAAE,QAAQ,CAAC,CAAC;IAE/F,MAAM,CAAC,iBAAiB,EAAE,mBAAmB,CAAC,GAAG,MAAM,mBAAmB,EAAE,CAAC;IAE7E,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,IAAI,UAAU,CAC9B,QAAQ,CAAC,MAAM,GAAG,mBAAmB,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CACjE,CAAC;IACF,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC3B,SAAS,CAAC,GAAG,CAAC,mBAAmB,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IACpD,SAAS,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,MAAM,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IACxE,MAAM,QAAQ,GAAG,CAAC,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAE3D,MAAM,cAAc,GAAe,EAAE,CAAC;IACtC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,cAAc,CAAC,IAAI,CACjB,MAAM,gBAAgB,CAAC,MAAM,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CACtF,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,cAAc,CAAC,cAAc,CAAC,CAAC;IAClD,MAAM,SAAS,GAAG,MAAM,uBAAuB,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,WAAW,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,IAAI,UAAU,CAC9B,UAAU,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,GAAG,WAAW,CAAC,MAAM,CACtE,CAAC;IACF,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,SAAS,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IAC/B,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC;IACzB,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACxB,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC;IAClB,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAC7B,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC;IACvB,SAAS,CAAC,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;IAChC,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAE/D,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC7D,MAAM,MAAM,GAAG,UAAU,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;IAEvD,MAAM,QAAQ,GAA4B;QACxC,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,IAAI;QACb,KAAK,EAAE,UAAU;QACjB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,OAAO;QACjB,KAAK;QACL,MAAM,EAAE,SAAS;QACjB,QAAQ,EAAE,IAAI;QACd,KAAK,EAAE,aAAa,CAAC,QAAQ,CAAC;QAC9B,UAAU,EAAE,aAAa,CAAC,UAAU,CAAC;QACrC,GAAG,EAAE,aAAa,CAAC,GAAG,CAAC;QACvB,gBAAgB,EAAE,aAAa,CAAC,SAAS,CAAC;QAC1C,uBAAuB,EAAE,MAAM;QAC/B,iBAAiB,EAAE,aAAa,CAAC,mBAAmB,CAAC;QACrD,iBAAiB,EAAE,SAAS;QAC5B,UAAU,EAAE,UAAU;QACtB,GAAG;KACJ,CAAC;IAEF,sDAAsD;IACtD,qEAAqE;IACrE,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IACzB,MAAM,iBAAiB,GAAG,yBAAyB,CAAC,IAAI,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;IACpF,IAAI,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,QAAQ,CAAC,iBAAiB,GAAG,MAAM,gBAAgB,CAAC,iBAAiB,EAAE,SAAS,EAAE,wBAAwB,CAAC,CAAC;IAC9G,CAAC;IACD,IAAI,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9E,QAAQ,CAAC,OAAO,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,SAAS,EAAE,wBAAwB,CAAC,CAAC;IAC1F,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,MAAc,EACd,SAAqB,EACrB,iBAA6B,EAC7B,gBAA4B,EAC5B,QAAoB;IAEpB,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,QAAQ,CAAC;IACrC,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,YAAY,CAAC;IAEnD,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;IACxD,MAAM,EAAE,GAAG,UAAU,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;IAE/C,MAAM,SAAS,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAElC,IAAI,OAAmB,CAAC;IACxB,IACE,MAAM,CAAC,QAAQ;WACZ,CAAC,SAAS,KAAK,oBAAoB,IAAI,SAAS,KAAK,qBAAqB,CAAC,EAC9E,CAAC;QACD,OAAO,GAAG,MAAM,cAAc,CAC5B,iBAAiB,EACjB,gBAAgB,EAChB,MAAM,CAAC,OAAO,EACd,MAAM,CAAC,QAAQ,EACf,QAAQ,CACT,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,MAAM,cAAc,CAAC,iBAAiB,EAAE,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC9E,CAAC;IAED,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,MAAM,aAAa,CACpE,OAAO,EACP,SAAS,EACT,SAAS,EACT,IAAI,UAAU,CAAC,CAAC,CAAC,CAClB,CAAC;IACF,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACxE,UAAU,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;IAC7B,UAAU,CAAC,GAAG,CAAC,UAAU,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IAE7C,OAAO;QACL,MAAM,CAAC,GAAG;QACV,MAAM,CAAC,QAAQ;QACf,IAAI;QACJ,SAAS;QACT,EAAE;QACF,MAAM,CAAC,KAAK,IAAI,EAAE;QAClB,aAAa,CAAC,SAAS,CAAC;QACxB,aAAa,CAAC,UAAU,CAAC;KAC1B,CAAC;AACJ,CAAC"}

package/dist/v2/e2ee/encrypt-p2p.d.ts

@@ -0,0 +1,15 @@
+import { type Sender, type TargetSet, type EncryptOptions } from './types';
+/**
+ * 构造完整的 V2 P2P 加密 envelope。
+ *
+ * 与 Python `encrypt_p2p_message` 字节级对齐（除了随机字段：master_key/msg_nonce/
+ * sender_session keypair/wrap_nonce/message_id/timestamp，以及由此影响的 ciphertext/
+ * tag/recipients_digest/sender_signature）。
+ */
+export declare function encryptP2PMessage(sender: Sender, targetSet: TargetSet, payload: Record<string, unknown>, opts?: EncryptOptions): Promise<Record<string, unknown>>;
+/**
+ * 规范化 protected_headers：value 转 string + 自动注入 payload_type。
+ * 与 Python `_normalize_headers` 对齐。
+ */
+export declare function normalizeProtectedHeaders(headers: Record<string, unknown> | undefined | null, payload: Record<string, unknown>): Record<string, string>;
+//# sourceMappingURL=encrypt-p2p.d.ts.map

package/dist/v2/e2ee/encrypt-p2p.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encrypt-p2p.d.ts","sourceRoot":"","sources":["../../../src/v2/e2ee/encrypt-p2p.ts"],"names":[],"mappings":"AAeA,OAAO,EACL,KAAK,MAAM,EAEX,KAAK,SAAS,EACd,KAAK,cAAc,EAEpB,MAAM,SAAS,CAAC;AAyDjB;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,SAAS,EACpB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,IAAI,GAAE,cAAmB,GACxB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CA+IlC;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,CACvC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,GAAG,IAAI,EACnD,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAexB"}

package/dist/v2/e2ee/encrypt-p2p.js

@@ -0,0 +1,240 @@
+/**
+ * AUN E2EE V2: P2P 加密引擎（浏览器版，async）
+ *
+ * 构造完整的 e2ee.p2p_encrypted envelope。纯计算，无 IO。
+ *
+ * 规范引用: §4 / §5
+ *
+ * 参考实现: python/src/aun_core/v2/e2ee/encrypt_p2p.py
+ */
+import { canonicalJson } from '../crypto/canonical';
+import { ecdsaSignRaw } from '../crypto/ecdsa';
+import { aesGcmEncrypt } from '../crypto/aead';
+import { generateP256Keypair } from '../crypto/ecdh';
+import { compute3DHWrap, compute1DHWrap } from '../crypto/dh-path';
+import { sortRecipients, computeRecipientsDigest } from '../crypto/recipients';
+import { SUITE_NAME, } from './types';
+import { withMetadataAuth, PROTECTED_HEADERS_DOMAIN, PROTECTED_CONTEXT_DOMAIN, } from './metadata-auth';
+const encoder = new TextEncoder();
+async function sha256(data) {
+    const buf = await crypto.subtle.digest('SHA-256', data.slice().buffer);
+    return new Uint8Array(buf);
+}
+function bytesToBase64(b) {
+    let bin = '';
+    for (let i = 0; i < b.length; i++)
+        bin += String.fromCharCode(b[i]);
+    return btoa(bin);
+}
+function bytesToHex(b) {
+    let s = '';
+    for (let i = 0; i < b.length; i++)
+        s += b[i].toString(16).padStart(2, '0');
+    return s;
+}
+function hexToBytes(s) {
+    if (s.length % 2 !== 0)
+        throw new Error('hex length must be even');
+    const out = new Uint8Array(s.length / 2);
+    for (let i = 0; i < out.length; i++) {
+        const hi = parseInt(s.charAt(i * 2), 16);
+        const lo = parseInt(s.charAt(i * 2 + 1), 16);
+        if (Number.isNaN(hi) || Number.isNaN(lo))
+            throw new Error('invalid hex char');
+        out[i] = (hi << 4) | lo;
+    }
+    return out;
+}
+function uuid4Hex() {
+    // crypto.randomUUID() 在浏览器和 Node 18+ 都可用，去掉 dash 与 Python uuid4().hex 对齐
+    if (typeof crypto.randomUUID === 'function') {
+        return crypto.randomUUID().replace(/-/g, '');
+    }
+    // 降级：用 16B 随机字节构造 v4 hex
+    const b = new Uint8Array(16);
+    crypto.getRandomValues(b);
+    b[6] = (b[6] & 0x0f) | 0x40; // version 4
+    b[8] = (b[8] & 0x3f) | 0x80; // variant
+    return bytesToHex(b);
+}
+function randomBytes(n) {
+    const b = new Uint8Array(n);
+    crypto.getRandomValues(b);
+    return b;
+}
+/**
+ * 构造完整的 V2 P2P 加密 envelope。
+ *
+ * 与 Python `encrypt_p2p_message` 字节级对齐（除了随机字段：master_key/msg_nonce/
+ * sender_session keypair/wrap_nonce/message_id/timestamp，以及由此影响的 ciphertext/
+ * tag/recipients_digest/sender_signature）。
+ */
+export async function encryptP2PMessage(sender, targetSet, payload, opts = {}) {
+    // 1. master_key + msg_nonce
+    const masterKey = randomBytes(32);
+    const msgNonce = randomBytes(12);
+    // 2. 构造 AAD
+    const messageId = opts.messageId ?? `m-${uuid4Hex()}`;
+    const timestamp = opts.timestamp ?? Date.now();
+    // 确定 to（第一个非 audit 的 aid）
+    let peerAid = '';
+    for (const t of targetSet.targets) {
+        if (t.role !== 'audit') {
+            peerAid = t.aid;
+            break;
+        }
+    }
+    // wrap_protocol_set（防服务端篡改 key_source 引导接收方走 1DH）
+    const allTargetsForProto = [
+        ...targetSet.targets,
+        ...(targetSet.auditRecipients ?? []),
+    ];
+    const protocolSet = new Set();
+    for (const t of allTargetsForProto) {
+        if (t.spkPkDer
+            && (t.keySource === 'peer_device_prekey' || t.keySource === 'group_device_prekey')) {
+            protocolSet.add('3DH');
+        }
+        else {
+            protocolSet.add('1DH');
+        }
+    }
+    const wrapProtocolStr = protocolSet.size > 0 ? [...protocolSet].sort().join('+') : '1DH';
+    const aad = {
+        from: sender.aid,
+        from_device: sender.deviceId,
+        to: peerAid,
+        message_id: messageId,
+        timestamp,
+        suite: SUITE_NAME,
+        wrap_protocol: wrapProtocolStr,
+    };
+    // 3. 加密正文
+    const plaintextBytes = canonicalJson(payload);
+    const aadBytes = canonicalJson(aad);
+    const { ciphertext, tag } = await aesGcmEncrypt(masterKey, msgNonce, plaintextBytes, aadBytes);
+    // 4. sender_session keypair
+    const [senderSessionPriv, senderSessionPubDer] = await generateP256Keypair();
+    // wrap_salt = SHA256(canonical_aad || sender_session_pk_der || suite)[:16]
+    const suiteBytes = encoder.encode(SUITE_NAME);
+    const saltInput = new Uint8Array(aadBytes.length + senderSessionPubDer.length + suiteBytes.length);
+    saltInput.set(aadBytes, 0);
+    saltInput.set(senderSessionPubDer, aadBytes.length);
+    saltInput.set(suiteBytes, aadBytes.length + senderSessionPubDer.length);
+    const wrapSalt = (await sha256(saltInput)).subarray(0, 16);
+    // 5. 为每个 recipient wrap master_key
+    const allTargets = [
+        ...targetSet.targets,
+        ...(targetSet.auditRecipients ?? []),
+    ];
+    const recipientsRows = [];
+    for (const target of allTargets) {
+        recipientsRows.push(await wrapForRecipient(target, masterKey, senderSessionPriv, sender.ikPriv, wrapSalt, 'peer'));
+    }
+    // 6. sort + 7. digest
+    const sortedRows = sortRecipients(recipientsRows);
+    const digestHex = await computeRecipientsDigest(sortedRows);
+    // 8. sender_signature = ECDSA(ik_priv, ct || tag || aad || digest_bytes)
+    const digestBytes = hexToBytes(digestHex);
+    const signInput = new Uint8Array(ciphertext.length + tag.length + aadBytes.length + digestBytes.length);
+    let pos = 0;
+    signInput.set(ciphertext, pos);
+    pos += ciphertext.length;
+    signInput.set(tag, pos);
+    pos += tag.length;
+    signInput.set(aadBytes, pos);
+    pos += aadBytes.length;
+    signInput.set(digestBytes, pos);
+    const senderSig = await ecdsaSignRaw(sender.ikPriv, signInput);
+    // 9. cert fingerprint = "sha256:" + sha256(ik_pub_der).hex()[:16]
+    const certFpHash = bytesToHex(await sha256(sender.ikPubDer));
+    const certFp = `sha256:${certFpHash.substring(0, 16)}`;
+    // 10. 组装 envelope
+    const envelope = {
+        type: 'e2ee.p2p_encrypted',
+        version: 'v2',
+        suite: SUITE_NAME,
+        msg_type: 'original',
+        t_send: timestamp,
+        t_supplement: null,
+        t_server: null,
+        nonce: bytesToBase64(msgNonce),
+        ciphertext: bytesToBase64(ciphertext),
+        tag: bytesToBase64(tag),
+        sender_signature: bytesToBase64(senderSig),
+        sender_cert_fingerprint: certFp,
+        sender_session_pk: bytesToBase64(senderSessionPubDer),
+        recipients_digest: digestHex,
+        recipients: sortedRows,
+        aad,
+    };
+    // 11. protected_headers / context：HMAC 签名（与 V1 对齐），不进 AAD
+    // payload_type 自动注入 + value 转 string（与 Python _normalize_headers 对齐）
+    const normalizedHeaders = normalizeProtectedHeaders(opts.protectedHeaders, payload);
+    if (Object.keys(normalizedHeaders).length > 0) {
+        envelope.protected_headers = await withMetadataAuth(normalizedHeaders, masterKey, PROTECTED_HEADERS_DOMAIN);
+    }
+    const { context } = opts;
+    if (context && typeof context === 'object' && Object.keys(context).length > 0) {
+        envelope.context = await withMetadataAuth(context, masterKey, PROTECTED_CONTEXT_DOMAIN);
+    }
+    return envelope;
+}
+/**
+ * 规范化 protected_headers：value 转 string + 自动注入 payload_type。
+ * 与 Python `_normalize_headers` 对齐。
+ */
+export function normalizeProtectedHeaders(headers, payload) {
+    const normalized = {};
+    if (headers && typeof headers === 'object') {
+        for (const [k, v] of Object.entries(headers)) {
+            if (k === '_auth')
+                continue;
+            const sv = v != null ? String(v) : '';
+            if (sv)
+                normalized[k] = sv;
+        }
+    }
+    // payload_type 自动注入（与 Python 对齐：payload.get("type") → protected_headers["payload_type"]）
+    const payloadType = typeof payload?.type === 'string' ? payload.type : '';
+    if (payloadType && !('payload_type' in normalized)) {
+        normalized['payload_type'] = payloadType;
+    }
+    return normalized;
+}
+/**
+ * 为单个 recipient 生成 wrap 行（[aid, device_id, role, key_source, fp,
+ * spk_id, wrap_nonce_b64, wrapped_key_b64]）。
+ */
+async function wrapForRecipient(target, masterKey, senderSessionPriv, senderMasterPriv, wrapSalt, defaultRole) {
+    const role = target.role ?? defaultRole;
+    const keySource = target.keySource ?? 'aid_master';
+    // fp = "sha256:" + sha256(ik_pk_der).hex()[:16]
+    const fpHash = bytesToHex(await sha256(target.ikPkDer));
+    const fp = `sha256:${fpHash.substring(0, 16)}`;
+    const wrapNonce = randomBytes(12);
+    let wrapKey;
+    if (target.spkPkDer
+        && (keySource === 'peer_device_prekey' || keySource === 'group_device_prekey')) {
+        wrapKey = await compute3DHWrap(senderSessionPriv, senderMasterPriv, target.ikPkDer, target.spkPkDer, wrapSalt);
+    }
+    else {
+        wrapKey = await compute1DHWrap(senderSessionPriv, target.ikPkDer, wrapSalt);
+    }
+    // wrapped_key = ciphertext (32B) + tag (16B) = 48B
+    const { ciphertext: wrappedCt, tag: wrappedTag } = await aesGcmEncrypt(wrapKey, wrapNonce, masterKey, new Uint8Array(0));
+    const wrappedKey = new Uint8Array(wrappedCt.length + wrappedTag.length);
+    wrappedKey.set(wrappedCt, 0);
+    wrappedKey.set(wrappedTag, wrappedCt.length);
+    return [
+        target.aid,
+        target.deviceId,
+        role,
+        keySource,
+        fp,
+        target.spkId ?? '',
+        bytesToBase64(wrapNonce),
+        bytesToBase64(wrappedKey),
+    ];
+}
+//# sourceMappingURL=encrypt-p2p.js.map

package/dist/v2/e2ee/encrypt-p2p.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encrypt-p2p.js","sourceRoot":"","sources":["../../../src/v2/e2ee/encrypt-p2p.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AACH,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAC/E,OAAO,EAKL,UAAU,GACX,MAAM,SAAS,CAAC;AACjB,OAAO,EACL,gBAAgB,EAChB,wBAAwB,EACxB,wBAAwB,GACzB,MAAM,iBAAiB,CAAC;AAEzB,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;AAElC,KAAK,UAAU,MAAM,CAAC,IAAgB;IACpC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,MAAM,CAAC,CAAC;IACvE,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,aAAa,CAAC,CAAa;IAClC,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACpE,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;AACnB,CAAC;AAED,SAAS,UAAU,CAAC,CAAa;IAC/B,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC3E,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IACnE,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,MAAM,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACzC,MAAM,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QAC9E,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC;IAC1B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,QAAQ;IACf,yEAAyE;IACzE,IAAI,OAAO,MAAM,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;QAC5C,OAAO,MAAM,CAAC,UAAU,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAC/C,CAAC;IACD,yBAAyB;IACzB,MAAM,CAAC,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAC7B,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC,YAAY;IACzC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC,UAAU;IACvC,OAAO,UAAU,CAAC,CAAC,CAAC,CAAC;AACvB,CAAC;AAED,SAAS,WAAW,CAAC,CAAS;IAC5B,MAAM,CAAC,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IAC5B,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAC1B,OAAO,CAAC,CAAC;AACX,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,MAAc,EACd,SAAoB,EACpB,OAAgC,EAChC,OAAuB,EAAE;IAEzB,4BAA4B;IAC5B,MAAM,SAAS,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAClC,MAAM,QAAQ,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAEjC,YAAY;IACZ,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,KAAK,QAAQ,EAAE,EAAE,CAAC;IACtD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;IAE/C,0BAA0B;IAC1B,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;QAClC,IAAI,CAAC,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YACvB,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC;YAChB,MAAM;QACR,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,MAAM,kBAAkB,GAAa;QACnC,GAAG,SAAS,CAAC,OAAO;QACpB,GAAG,CAAC,SAAS,CAAC,eAAe,IAAI,EAAE,CAAC;KACrC,CAAC;IACF,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IACtC,KAAK,MAAM,CAAC,IAAI,kBAAkB,EAAE,CAAC;QACnC,IACE,CAAC,CAAC,QAAQ;eACP,CAAC,CAAC,CAAC,SAAS,KAAK,oBAAoB,IAAI,CAAC,CAAC,SAAS,KAAK,qBAAqB,CAAC,EAClF,CAAC;YACD,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IACD,MAAM,eAAe,GAAG,WAAW,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IAEzF,MAAM,GAAG,GAA4B;QACnC,IAAI,EAAE,MAAM,CAAC,GAAG;QAChB,WAAW,EAAE,MAAM,CAAC,QAAQ;QAC5B,EAAE,EAAE,OAAO;QACX,UAAU,EAAE,SAAS;QACrB,SAAS;QACT,KAAK,EAAE,UAAU;QACjB,aAAa,EAAE,eAAe;KAC/B,CAAC;IAEF,UAAU;IACV,MAAM,cAAc,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IACpC,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,MAAM,aAAa,CAC7C,SAAS,EACT,QAAQ,EACR,cAAc,EACd,QAAQ,CACT,CAAC;IAEF,4BAA4B;IAC5B,MAAM,CAAC,iBAAiB,EAAE,mBAAmB,CAAC,GAAG,MAAM,mBAAmB,EAAE,CAAC;IAE7E,2EAA2E;IAC3E,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,IAAI,UAAU,CAC9B,QAAQ,CAAC,MAAM,GAAG,mBAAmB,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CACjE,CAAC;IACF,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC3B,SAAS,CAAC,GAAG,CAAC,mBAAmB,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IACpD,SAAS,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,MAAM,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IACxE,MAAM,QAAQ,GAAG,CAAC,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAE3D,mCAAmC;IACnC,MAAM,UAAU,GAAa;QAC3B,GAAG,SAAS,CAAC,OAAO;QACpB,GAAG,CAAC,SAAS,CAAC,eAAe,IAAI,EAAE,CAAC;KACrC,CAAC;IACF,MAAM,cAAc,GAAe,EAAE,CAAC;IACtC,KAAK,MAAM,MAAM,IAAI,UAAU,EAAE,CAAC;QAChC,cAAc,CAAC,IAAI,CACjB,MAAM,gBAAgB,CACpB,MAAM,EACN,SAAS,EACT,iBAAiB,EACjB,MAAM,CAAC,MAAM,EACb,QAAQ,EACR,MAAM,CACP,CACF,CAAC;IACJ,CAAC;IAED,sBAAsB;IACtB,MAAM,UAAU,GAAG,cAAc,CAAC,cAAc,CAAC,CAAC;IAClD,MAAM,SAAS,GAAG,MAAM,uBAAuB,CAAC,UAAU,CAAC,CAAC;IAE5D,yEAAyE;IACzE,MAAM,WAAW,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,IAAI,UAAU,CAC9B,UAAU,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,GAAG,WAAW,CAAC,MAAM,CACtE,CAAC;IACF,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,SAAS,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IAC/B,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC;IACzB,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACxB,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC;IAClB,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAC7B,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC;IACvB,SAAS,CAAC,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;IAChC,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAE/D,kEAAkE;IAClE,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC7D,MAAM,MAAM,GAAG,UAAU,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;IAEvD,kBAAkB;IAClB,MAAM,QAAQ,GAA4B;QACxC,IAAI,EAAE,oBAAoB;QAC1B,OAAO,EAAE,IAAI;QACb,KAAK,EAAE,UAAU;QACjB,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,SAAS;QACjB,YAAY,EAAE,IAAI;QAClB,QAAQ,EAAE,IAAI;QACd,KAAK,EAAE,aAAa,CAAC,QAAQ,CAAC;QAC9B,UAAU,EAAE,aAAa,CAAC,UAAU,CAAC;QACrC,GAAG,EAAE,aAAa,CAAC,GAAG,CAAC;QACvB,gBAAgB,EAAE,aAAa,CAAC,SAAS,CAAC;QAC1C,uBAAuB,EAAE,MAAM;QAC/B,iBAAiB,EAAE,aAAa,CAAC,mBAAmB,CAAC;QACrD,iBAAiB,EAAE,SAAS;QAC5B,UAAU,EAAE,UAAU;QACtB,GAAG;KACJ,CAAC;IAEF,0DAA0D;IAC1D,qEAAqE;IACrE,MAAM,iBAAiB,GAAG,yBAAyB,CAAC,IAAI,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;IACpF,IAAI,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,QAAQ,CAAC,iBAAiB,GAAG,MAAM,gBAAgB,CAAC,iBAAiB,EAAE,SAAS,EAAE,wBAAwB,CAAC,CAAC;IAC9G,CAAC;IACD,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IACzB,IAAI,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9E,QAAQ,CAAC,OAAO,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,SAAS,EAAE,wBAAwB,CAAC,CAAC;IAC1F,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,yBAAyB,CACvC,OAAmD,EACnD,OAAgC;IAEhC,MAAM,UAAU,GAA2B,EAAE,CAAC;IAC9C,IAAI,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC3C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7C,IAAI,CAAC,KAAK,OAAO;gBAAE,SAAS;YAC5B,MAAM,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACtC,IAAI,EAAE;gBAAE,UAAU,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;QAC7B,CAAC;IACH,CAAC;IACD,yFAAyF;IACzF,MAAM,WAAW,GAAG,OAAO,OAAO,EAAE,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;IAC1E,IAAI,WAAW,IAAI,CAAC,CAAC,cAAc,IAAI,UAAU,CAAC,EAAE,CAAC;QACnD,UAAU,CAAC,cAAc,CAAC,GAAG,WAAW,CAAC;IAC3C,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,gBAAgB,CAC7B,MAAc,EACd,SAAqB,EACrB,iBAA6B,EAC7B,gBAA4B,EAC5B,QAAoB,EACpB,WAA8B;IAE9B,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,WAAW,CAAC;IACxC,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,YAAY,CAAC;IAEnD,gDAAgD;IAChD,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;IACxD,MAAM,EAAE,GAAG,UAAU,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;IAE/C,MAAM,SAAS,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAElC,IAAI,OAAmB,CAAC;IACxB,IACE,MAAM,CAAC,QAAQ;WACZ,CAAC,SAAS,KAAK,oBAAoB,IAAI,SAAS,KAAK,qBAAqB,CAAC,EAC9E,CAAC;QACD,OAAO,GAAG,MAAM,cAAc,CAC5B,iBAAiB,EACjB,gBAAgB,EAChB,MAAM,CAAC,OAAO,EACd,MAAM,CAAC,QAAQ,EACf,QAAQ,CACT,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,MAAM,cAAc,CAAC,iBAAiB,EAAE,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC9E,CAAC;IAED,mDAAmD;IACnD,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,MAAM,aAAa,CACpE,OAAO,EACP,SAAS,EACT,SAAS,EACT,IAAI,UAAU,CAAC,CAAC,CAAC,CAClB,CAAC;IACF,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACxE,UAAU,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;IAC7B,UAAU,CAAC,GAAG,CAAC,UAAU,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IAE7C,OAAO;QACL,MAAM,CAAC,GAAG;QACV,MAAM,CAAC,QAAQ;QACf,IAAI;QACJ,SAAS;QACT,EAAE;QACF,MAAM,CAAC,KAAK,IAAI,EAAE;QAClB,aAAa,CAAC,SAAS,CAAC;QACxB,aAAa,CAAC,UAAU,CAAC;KAC1B,CAAC;AACJ,CAAC"}

package/dist/v2/e2ee/index.d.ts

@@ -0,0 +1,9 @@
+/**
+ * AUN E2EE V2: e2ee 模块统一导出
+ */
+export * from './types';
+export { encryptP2PMessage } from './encrypt-p2p';
+export { encryptGroupMessage } from './encrypt-group';
+export { decryptMessage } from './decrypt';
+export { withMetadataAuth, METADATA_KEY_DOMAIN, PROTECTED_HEADERS_DOMAIN, PROTECTED_CONTEXT_DOMAIN, } from './metadata-auth';
+//# sourceMappingURL=index.d.ts.map

package/dist/v2/e2ee/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/v2/e2ee/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,cAAc,SAAS,CAAC;AACxB,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EACL,gBAAgB,EAChB,mBAAmB,EACnB,wBAAwB,EACxB,wBAAwB,GACzB,MAAM,iBAAiB,CAAC"}

package/dist/v2/e2ee/index.js

@@ -0,0 +1,9 @@
+/**
+ * AUN E2EE V2: e2ee 模块统一导出
+ */
+export * from './types';
+export { encryptP2PMessage } from './encrypt-p2p';
+export { encryptGroupMessage } from './encrypt-group';
+export { decryptMessage } from './decrypt';
+export { withMetadataAuth, METADATA_KEY_DOMAIN, PROTECTED_HEADERS_DOMAIN, PROTECTED_CONTEXT_DOMAIN, } from './metadata-auth';
+//# sourceMappingURL=index.js.map

package/dist/v2/e2ee/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/v2/e2ee/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,cAAc,SAAS,CAAC;AACxB,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EACL,gBAAgB,EAChB,mBAAmB,EACnB,wBAAwB,EACxB,wBAAwB,GACzB,MAAM,iBAAiB,CAAC"}

package/dist/v2/e2ee/metadata-auth.d.ts

@@ -0,0 +1,9 @@
+export declare const METADATA_KEY_DOMAIN: Uint8Array<ArrayBuffer>;
+export declare const PROTECTED_HEADERS_DOMAIN: Uint8Array<ArrayBuffer>;
+export declare const PROTECTED_CONTEXT_DOMAIN: Uint8Array<ArrayBuffer>;
+/**
+ * 对 metadata 对象签名，返回带 _auth 字段的新对象。
+ * 如果 metadata 去掉 _auth 后为空，返回空对象。
+ */
+export declare function withMetadataAuth(metadata: Record<string, unknown>, key: Uint8Array, domain: Uint8Array): Promise<Record<string, unknown>>;
+//# sourceMappingURL=metadata-auth.d.ts.map

package/dist/v2/e2ee/metadata-auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"metadata-auth.d.ts","sourceRoot":"","sources":["../../../src/v2/e2ee/metadata-auth.ts"],"names":[],"mappings":"AAcA,eAAO,MAAM,mBAAmB,yBAAiD,CAAC;AAClF,eAAO,MAAM,wBAAwB,yBAA6C,CAAC;AACnF,eAAO,MAAM,wBAAwB,yBAA6C,CAAC;AAqCnF;;;GAGG;AACH,wBAAsB,gBAAgB,CACpC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,GAAG,EAAE,UAAU,EACf,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAclC"}

package/dist/v2/e2ee/metadata-auth.js

@@ -0,0 +1,60 @@
+/**
+ * AUN E2EE V2: Metadata HMAC 签名（protected_headers / context）
+ *
+ * 算法：两级 HMAC-SHA256 key 派生
+ *   metadataKey = HMAC-SHA256(masterKey, METADATA_KEY_DOMAIN)
+ *   signInput   = domain + "\0" + canonicalJson(body)
+ *   tag         = HMAC-SHA256(metadataKey, signInput)
+ *
+ * 参考实现: python/src/aun_core/v2/e2ee/encrypt_p2p.py
+ */
+import { canonicalJson } from '../crypto/canonical';
+const encoder = new TextEncoder();
+export const METADATA_KEY_DOMAIN = encoder.encode('aun-envelope-metadata-key-v1');
+export const PROTECTED_HEADERS_DOMAIN = encoder.encode('aun-protected-headers-v1');
+export const PROTECTED_CONTEXT_DOMAIN = encoder.encode('aun-protected-context-v1');
+function bytesToBase64(b) {
+    let bin = '';
+    for (let i = 0; i < b.length; i++)
+        bin += String.fromCharCode(b[i]);
+    return btoa(bin);
+}
+async function hmacSha256(key, data) {
+    const hmacKey = await crypto.subtle.importKey('raw', key.slice().buffer, { name: 'HMAC', hash: 'SHA-256' }, false, ['sign']);
+    const sig = await crypto.subtle.sign('HMAC', hmacKey, data.slice().buffer);
+    return new Uint8Array(sig);
+}
+/**
+ * 计算 metadata auth tag。
+ */
+async function metadataAuthTag(key, domain, body) {
+    const metadataKey = await hmacSha256(key, METADATA_KEY_DOMAIN);
+    const bodyBytes = canonicalJson(body);
+    const signInput = new Uint8Array(domain.length + 1 + bodyBytes.length);
+    signInput.set(domain, 0);
+    signInput[domain.length] = 0; // "\0" 分隔符
+    signInput.set(bodyBytes, domain.length + 1);
+    return hmacSha256(metadataKey, signInput);
+}
+/**
+ * 对 metadata 对象签名，返回带 _auth 字段的新对象。
+ * 如果 metadata 去掉 _auth 后为空，返回空对象。
+ */
+export async function withMetadataAuth(metadata, key, domain) {
+    const body = {};
+    for (const [k, v] of Object.entries(metadata)) {
+        if (k !== '_auth')
+            body[k] = v;
+    }
+    if (Object.keys(body).length === 0)
+        return {};
+    const tag = await metadataAuthTag(key, domain, body);
+    return {
+        ...body,
+        _auth: {
+            alg: 'HMAC-SHA256',
+            tag: bytesToBase64(tag),
+        },
+    };
+}
+//# sourceMappingURL=metadata-auth.js.map

package/dist/v2/e2ee/metadata-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"metadata-auth.js","sourceRoot":"","sources":["../../../src/v2/e2ee/metadata-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEpD,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;AAElC,MAAM,CAAC,MAAM,mBAAmB,GAAG,OAAO,CAAC,MAAM,CAAC,8BAA8B,CAAC,CAAC;AAClF,MAAM,CAAC,MAAM,wBAAwB,GAAG,OAAO,CAAC,MAAM,CAAC,0BAA0B,CAAC,CAAC;AACnF,MAAM,CAAC,MAAM,wBAAwB,GAAG,OAAO,CAAC,MAAM,CAAC,0BAA0B,CAAC,CAAC;AAEnF,SAAS,aAAa,CAAC,CAAa;IAClC,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACpE,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;AACnB,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,GAAe,EAAE,IAAgB;IACzD,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC3C,KAAK,EACL,GAAG,CAAC,KAAK,EAAE,CAAC,MAAM,EAClB,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EACjC,KAAK,EACL,CAAC,MAAM,CAAC,CACT,CAAC;IACF,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,MAAM,CAAC,CAAC;IAC3E,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,eAAe,CAC5B,GAAe,EACf,MAAkB,EAClB,IAA6B;IAE7B,MAAM,WAAW,GAAG,MAAM,UAAU,CAAC,GAAG,EAAE,mBAAmB,CAAC,CAAC;IAC/D,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IACvE,SAAS,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACzB,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW;IACzC,SAAS,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC5C,OAAO,UAAU,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;AAC5C,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,QAAiC,EACjC,GAAe,EACf,MAAkB;IAElB,MAAM,IAAI,GAA4B,EAAE,CAAC;IACzC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9C,IAAI,CAAC,KAAK,OAAO;YAAE,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IACD,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAC9C,MAAM,GAAG,GAAG,MAAM,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;IACrD,OAAO;QACL,GAAG,IAAI;QACP,KAAK,EAAE;YACL,GAAG,EAAE,aAAa;YAClB,GAAG,EAAE,aAAa,CAAC,GAAG,CAAC;SACxB;KACF,CAAC;AACJ,CAAC"}

package/dist/v2/e2ee/types.d.ts

@@ -0,0 +1,57 @@
+/**
+ * AUN E2EE V2: 加解密引擎类型定义
+ *
+ * 与 Python `aun_core.v2.e2ee.encrypt_p2p` / `encrypt_group` / `decrypt` 对齐。
+ */
+export declare const SUITE_NAME: "P256_HKDF_SHA256_AES_256_GCM";
+/** 发送方身份。 */
+export interface Sender {
+    /** 发送方 AID。 */
+    aid: string;
+    /** 发送方 device_id。 */
+    deviceId: string;
+    /** 32 字节 P-256 私钥标量（AID 主私钥）。 */
+    ikPriv: Uint8Array;
+    /** SPKI DER 编码的公钥（用于签名指纹计算）。 */
+    ikPubDer: Uint8Array;
+}
+/** 接收方目标设备。 */
+export interface Target {
+    aid: string;
+    deviceId: string;
+    /** "peer" | "member" | "self_sync" | "audit" 等。 */
+    role: string;
+    /** "peer_device_prekey" | "group_device_prekey" | "aid_master"。 */
+    keySource: string;
+    /** 接收方 IK 公钥（DER SPKI）。 */
+    ikPkDer: Uint8Array;
+    /** 接收方 SPK 公钥（DER SPKI）；undefined 表示走 1DH 路径。 */
+    spkPkDer?: Uint8Array;
+    /** SPK 标识；3DH 时为非空字符串，1DH 时为空串/未定义。 */
+    spkId?: string;
+}
+/** 接收方集合（P2P）。 */
+export interface TargetSet {
+    /** 普通接收设备。 */
+    targets: Target[];
+    /** 监管方设备（可选）。 */
+    auditRecipients?: Target[];
+}
+/** 加密可选参数。 */
+export interface EncryptOptions {
+    /** 消息 ID；不传则自动生成 `m-{uuid4 hex}`。 */
+    messageId?: string;
+    /** 时间戳（毫秒）；不传则用 Date.now()。 */
+    timestamp?: number;
+    /** 受保护头部（HMAC 签名后附加到 envelope.protected_headers）。 */
+    protectedHeaders?: Record<string, unknown>;
+    /** 上下文元数据（HMAC 签名后附加到 envelope.context）。 */
+    context?: Record<string, unknown>;
+}
+/** Group AAD 中的 state_commitment 子结构。 */
+export interface StateCommitmentAAD {
+    state_version: number;
+    state_hash: string;
+    state_chain: string;
+}
+//# sourceMappingURL=types.d.ts.map