@agentunion/fastaun-browser 0.2.20 → 0.3.1

package/dist/v2/crypto/recipients.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"recipients.js","sourceRoot":"","sources":["../../../src/v2/crypto/recipients.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;AACpE,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;AAEpE,KAAK,UAAU,MAAM,CAAC,IAAgB;IACpC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,MAAM,CAAC,CAAC;IACvE,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,UAAU,CAAC,CAAa;IAC/B,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC3E,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IACnE,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,MAAM,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACzC,MAAM,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QAC9E,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC;IAC1B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,MAAM,CAAC,GAAG,IAAkB;IACnC,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,IAAI;QAAE,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;IACxC,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC;IAClC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAChB,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC;IAClB,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;GAKG;AACH,SAAS,WAAW,CAAC,KAAa;IAChC,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IACrC,0CAA0C;IAC1C,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,IAAI,wBAAwB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACvF,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;YACxB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;gBAAE,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAChE,OAAO,GAAG,CAAC;QACb,CAAC;QAAC,MAAM,CAAC;YACP,eAAe;QACjB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,IAAgB;IAC7C,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC7B,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/C,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/C,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/C,OAAO,CAAC,CAAC;IACX,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,GAAa;IACjD,MAAM,GAAG,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC7D,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACtC,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAC3C,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACvC,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAC5C,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACrC,MAAM,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACxD,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAC1E,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAE3E,MAAM,IAAI,GAAG,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC9B,MAAM,IAAI,GAAG,MAAM,CACjB,WAAW,EACX,GAAG,EACH,IAAI,EACJ,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,SAAS,EACT,IAAI,EACJ,EAAE,EACF,IAAI,EACJ,KAAK,EACL,IAAI,EACJ,SAAS,EACT,UAAU,CACX,CAAC;IACF,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC;AACtB,CAAC;AAED,KAAK,UAAU,QAAQ,CAAC,IAAgB,EAAE,KAAiB;IACzD,OAAO,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;AAClD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,IAAgB;IACtD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACjC,IAAI,KAAK,GAAiB,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,IAAI;QAAE,KAAK,CAAC,IAAI,CAAC,MAAM,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC;IAE3D,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;QAChE,MAAM,IAAI,GAAiB,EAAE,CAAC;QAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACzC,IAAI,CAAC,IAAI,CAAC,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,CAAC;QACD,KAAK,GAAG,IAAI,CAAC;IACf,CAAC;IACD,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AAC9B,CAAC;AAOD;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,IAAgB,EAChB,WAAmB;IAEnB,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,WAAW,GAAG,CAAC,IAAI,WAAW,IAAI,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,CAAC;IAClF,IAAI,KAAK,GAAiB,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,IAAI;QAAE,KAAK,CAAC,IAAI,CAAC,MAAM,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC;IAE3D,IAAI,GAAG,GAAG,WAAW,CAAC;IACtB,MAAM,KAAK,GAAgB,EAAE,CAAC;IAC9B,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;QAChE,MAAM,UAAU,GAAG,GAAG,GAAG,CAAC,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC;YACT,OAAO,EAAE,UAAU,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YACtC,QAAQ,EAAE,UAAU,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG;SACvC,CAAC,CAAC;QACH,MAAM,IAAI,GAAiB,EAAE,CAAC;QAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACzC,IAAI,CAAC,IAAI,CAAC,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,CAAC;QACD,KAAK,GAAG,IAAI,CAAC;QACb,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;IAC5B,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,IAAgB,EAChB,KAAkB,EAClB,eAAuB;IAEvB,IAAI,CAAC,eAAe;QAAE,OAAO,KAAK,CAAC;IACnC,IAAI,GAAG,GAAG,IAAI,CAAC;IACf,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,OAAmB,CAAC;QACxB,IAAI,CAAC;YACH,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,KAAK,GAAG;YAAE,GAAG,GAAG,MAAM,QAAQ,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;aACzD,IAAI,IAAI,CAAC,QAAQ,KAAK,GAAG;YAAE,GAAG,GAAG,MAAM,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;;YAC9D,OAAO,KAAK,CAAC;IACpB,CAAC;IACD,OAAO,UAAU,CAAC,GAAG,CAAC,KAAK,eAAe,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAAC,IAAgB;IAC5D,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC;AACjC,CAAC"}

package/dist/v2/e2ee/decrypt.d.ts

@@ -0,0 +1,13 @@
+/**
+ * 解密 V2 加密消息（P2P 或 Group）。
+ *
+ * @param envelope         完整 envelope dict
+ * @param selfAid          接收方 AID
+ * @param selfDeviceId     接收方 device_id
+ * @param selfIkPriv       接收方 IK 私钥（32B scalar）
+ * @param selfSpkPriv      接收方 SPK 私钥（32B scalar）；undefined 表示无 SPK（1DH）
+ * @param senderPubDer     发送方 AID 主公钥（DER），用于验签
+ * @returns                解密后的 payload；null 表示找不到自己的 recipient 行
+ */
+export declare function decryptMessage(envelope: Record<string, unknown>, selfAid: string, selfDeviceId: string, selfIkPriv: Uint8Array, selfSpkPriv: Uint8Array | undefined, senderPubDer: Uint8Array): Promise<Record<string, unknown> | null>;
+//# sourceMappingURL=decrypt.d.ts.map

package/dist/v2/e2ee/decrypt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"decrypt.d.ts","sourceRoot":"","sources":["../../../src/v2/e2ee/decrypt.ts"],"names":[],"mappings":"AA2EA;;;;;;;;;;GAUG;AACH,wBAAsB,cAAc,CAClC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,EACpB,UAAU,EAAE,UAAU,EACtB,WAAW,EAAE,UAAU,GAAG,SAAS,EACnC,YAAY,EAAE,UAAU,GACvB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,CA4FzC"}

package/dist/v2/e2ee/decrypt.js

@@ -0,0 +1,176 @@
+/**
+ * AUN E2EE V2: 统一解密引擎（浏览器版，async）
+ *
+ * 支持 P2P 和 Group 消息解密（按 envelope.type 分流）。纯计算，无 IO。
+ *
+ * 规范引用: §4.6 / §5.5
+ *
+ * 参考实现: python/src/aun_core/v2/e2ee/decrypt.py
+ */
+import { canonicalJson } from '../crypto/canonical';
+import { ecdsaVerifyRaw } from '../crypto/ecdsa';
+import { ecdhComputeShared } from '../crypto/ecdh';
+import { hkdfSha256 } from '../crypto/hkdf';
+import { aesGcmDecrypt } from '../crypto/aead';
+import { computeLeafHash, computeMerkleRoot, verifyMerkleProof, } from '../crypto/recipients';
+import { SUITE_NAME } from './types';
+const encoder = new TextEncoder();
+const INFO_3DH = encoder.encode('AUN-V2-3DH');
+const INFO_1DH = encoder.encode('AUN-V2-1DH');
+async function sha256(data) {
+    const buf = await crypto.subtle.digest('SHA-256', data.slice().buffer);
+    return new Uint8Array(buf);
+}
+function base64ToBytes(s) {
+    const bin = atob(s);
+    const out = new Uint8Array(bin.length);
+    for (let i = 0; i < bin.length; i++)
+        out[i] = bin.charCodeAt(i);
+    return out;
+}
+function hexToBytes(s) {
+    if (s.length % 2 !== 0)
+        throw new Error('hex length must be even');
+    const out = new Uint8Array(s.length / 2);
+    for (let i = 0; i < out.length; i++) {
+        const hi = parseInt(s.charAt(i * 2), 16);
+        const lo = parseInt(s.charAt(i * 2 + 1), 16);
+        if (Number.isNaN(hi) || Number.isNaN(lo))
+            throw new Error('invalid hex char');
+        out[i] = (hi << 4) | lo;
+    }
+    return out;
+}
+/**
+ * 解密 V2 加密消息（P2P 或 Group）。
+ *
+ * @param envelope         完整 envelope dict
+ * @param selfAid          接收方 AID
+ * @param selfDeviceId     接收方 device_id
+ * @param selfIkPriv       接收方 IK 私钥（32B scalar）
+ * @param selfSpkPriv      接收方 SPK 私钥（32B scalar）；undefined 表示无 SPK（1DH）
+ * @param senderPubDer     发送方 AID 主公钥（DER），用于验签
+ * @returns                解密后的 payload；null 表示找不到自己的 recipient 行
+ */
+export async function decryptMessage(envelope, selfAid, selfDeviceId, selfIkPriv, selfSpkPriv, senderPubDer) {
+    const env = envelope;
+    // 1. 验 sender_signature
+    if (!(await verifySenderSignature(env, senderPubDer))) {
+        throw new Error('sender_signature verification failed');
+    }
+    // 2. 找自己的 row（完整 recipients 数组 / 单个 recipient + merkle_proof）
+    let row = null;
+    if (Array.isArray(env.recipients)) {
+        const rows = env.recipients;
+        const expected = await computeMerkleRoot(rows);
+        if (expected !== env.recipients_digest) {
+            throw new Error('recipients_digest mismatch');
+        }
+        row = findMyRow(rows, selfAid, selfDeviceId);
+        if (!row)
+            return null;
+    }
+    else if (env.recipient && typeof env.recipient === 'object') {
+        const r = env.recipient;
+        row = [
+            r.aid ?? '',
+            r.device_id ?? '',
+            r.role ?? '',
+            r.key_source ?? '',
+            r.fp ?? '',
+            r.spk_id ?? '',
+            r.wrap_nonce ?? '',
+            r.wrapped_key ?? '',
+        ];
+        // 服务端拆分后存储：用 Merkle proof 验证 wrap 在签名集中
+        const proof = env.merkle_proof;
+        const expectedRoot = env.recipients_digest;
+        if (proof != null && expectedRoot) {
+            const leaf = await computeLeafHash(row);
+            const ok = await verifyMerkleProof(leaf, proof, expectedRoot);
+            if (!ok) {
+                // 服务端篡改/替换 wrap，拒绝
+                return null;
+            }
+        }
+    }
+    else {
+        return null;
+    }
+    // 3. wrap_salt = SHA256(canonical_aad || sender_session_pk_der || suite)[:16]
+    const senderSessionPkDer = base64ToBytes(env.sender_session_pk);
+    const aadBytes = canonicalJson(env.aad);
+    const suiteStr = env.suite ?? SUITE_NAME;
+    const suiteBytes = encoder.encode(suiteStr);
+    const saltInput = new Uint8Array(aadBytes.length + senderSessionPkDer.length + suiteBytes.length);
+    saltInput.set(aadBytes, 0);
+    saltInput.set(senderSessionPkDer, aadBytes.length);
+    saltInput.set(suiteBytes, aadBytes.length + senderSessionPkDer.length);
+    const wrapSalt = (await sha256(saltInput)).subarray(0, 16);
+    // 4. compute wrap_key
+    const wrapKey = await computeWrapKey(row, selfIkPriv, selfSpkPriv, senderSessionPkDer, senderPubDer, wrapSalt);
+    // 5. decrypt master_key（wrapped_key = ciphertext(32B) + tag(16B) = 48B）
+    const wrapNonce = base64ToBytes(row[6]);
+    const wrappedKey = base64ToBytes(row[7]);
+    if (wrappedKey.length < 16) {
+        throw new Error(`wrapped_key too short: ${wrappedKey.length}`);
+    }
+    const wrappedCt = wrappedKey.subarray(0, wrappedKey.length - 16);
+    const wrappedTag = wrappedKey.subarray(wrappedKey.length - 16);
+    const masterKey = await aesGcmDecrypt(wrapKey, wrapNonce, wrappedCt, wrappedTag, new Uint8Array(0));
+    // 6. decrypt body
+    const msgNonce = base64ToBytes(env.nonce);
+    const ct = base64ToBytes(env.ciphertext);
+    const tag = base64ToBytes(env.tag);
+    const plaintext = await aesGcmDecrypt(masterKey, msgNonce, ct, tag, aadBytes);
+    // 7. 解析 payload
+    return JSON.parse(new TextDecoder().decode(plaintext));
+}
+async function verifySenderSignature(env, senderPubDer) {
+    const sig = base64ToBytes(env.sender_signature);
+    const ct = base64ToBytes(env.ciphertext);
+    const tag = base64ToBytes(env.tag);
+    const aadBytes = canonicalJson(env.aad);
+    const digestBytes = hexToBytes(env.recipients_digest);
+    const signInput = new Uint8Array(ct.length + tag.length + aadBytes.length + digestBytes.length);
+    let pos = 0;
+    signInput.set(ct, pos);
+    pos += ct.length;
+    signInput.set(tag, pos);
+    pos += tag.length;
+    signInput.set(aadBytes, pos);
+    pos += aadBytes.length;
+    signInput.set(digestBytes, pos);
+    return ecdsaVerifyRaw(senderPubDer, sig, signInput);
+}
+function findMyRow(recipients, selfAid, selfDeviceId) {
+    for (const row of recipients) {
+        if (row[0] === selfAid && row[1] === selfDeviceId)
+            return row;
+    }
+    return null;
+}
+async function computeWrapKey(row, selfIkPriv, selfSpkPriv, senderSessionPkDer, senderMasterPkDer, salt) {
+    const spkId = row[5];
+    if (spkId && selfSpkPriv) {
+        // 3DH 接收方路径
+        // dh1 = ECDH(self_ik_priv, sender_session_pk)
+        // dh2 = ECDH(self_spk_priv, sender_master_pk)
+        // dh3 = ECDH(self_spk_priv, sender_session_pk)
+        const dh1 = await ecdhComputeShared(selfIkPriv, senderSessionPkDer);
+        const dh2 = await ecdhComputeShared(selfSpkPriv, senderMasterPkDer);
+        const dh3 = await ecdhComputeShared(selfSpkPriv, senderSessionPkDer);
+        if (dh1.length !== 32 || dh2.length !== 32 || dh3.length !== 32) {
+            throw new Error(`3DH expected 32B shares, got dh1=${dh1.length} dh2=${dh2.length} dh3=${dh3.length}`);
+        }
+        const ikm = new Uint8Array(96);
+        ikm.set(dh1, 0);
+        ikm.set(dh2, 32);
+        ikm.set(dh3, 64);
+        return hkdfSha256(ikm, salt, INFO_3DH, 32);
+    }
+    // 1DH 接收方路径
+    const dh1 = await ecdhComputeShared(selfIkPriv, senderSessionPkDer);
+    return hkdfSha256(dh1, salt, INFO_1DH, 32);
+}
+//# sourceMappingURL=decrypt.js.map

package/dist/v2/e2ee/decrypt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"decrypt.js","sourceRoot":"","sources":["../../../src/v2/e2ee/decrypt.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AACH,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EACL,eAAe,EACf,iBAAiB,EACjB,iBAAiB,GAElB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAErC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;AAClC,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;AAC9C,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;AAE9C,KAAK,UAAU,MAAM,CAAC,IAAgB;IACpC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,MAAM,CAAC,CAAC;IACvE,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,aAAa,CAAC,CAAS;IAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAChE,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IACnE,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,MAAM,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACzC,MAAM,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QAC9E,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC;IAC1B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AA2BD;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAAiC,EACjC,OAAe,EACf,YAAoB,EACpB,UAAsB,EACtB,WAAmC,EACnC,YAAwB;IAExB,MAAM,GAAG,GAAG,QAAoC,CAAC;IAEjD,wBAAwB;IACxB,IAAI,CAAC,CAAC,MAAM,qBAAqB,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IAED,8DAA8D;IAC9D,IAAI,GAAG,GAAoB,IAAI,CAAC;IAChC,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,GAAG,CAAC,UAAU,CAAC;QAC5B,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAC/C,IAAI,QAAQ,KAAK,GAAG,CAAC,iBAAiB,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QACD,GAAG,GAAG,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;QAC7C,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;IACxB,CAAC;SAAM,IAAI,GAAG,CAAC,SAAS,IAAI,OAAO,GAAG,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;QAC9D,MAAM,CAAC,GAAG,GAAG,CAAC,SAAS,CAAC;QACxB,GAAG,GAAG;YACJ,CAAC,CAAC,GAAG,IAAI,EAAE;YACX,CAAC,CAAC,SAAS,IAAI,EAAE;YACjB,CAAC,CAAC,IAAI,IAAI,EAAE;YACZ,CAAC,CAAC,UAAU,IAAI,EAAE;YAClB,CAAC,CAAC,EAAE,IAAI,EAAE;YACV,CAAC,CAAC,MAAM,IAAI,EAAE;YACd,CAAC,CAAC,UAAU,IAAI,EAAE;YAClB,CAAC,CAAC,WAAW,IAAI,EAAE;SACpB,CAAC;QACF,wCAAwC;QACxC,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC;QAC/B,MAAM,YAAY,GAAG,GAAG,CAAC,iBAAiB,CAAC;QAC3C,IAAI,KAAK,IAAI,IAAI,IAAI,YAAY,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,MAAM,eAAe,CAAC,GAAG,CAAC,CAAC;YACxC,MAAM,EAAE,GAAG,MAAM,iBAAiB,CAAC,IAAI,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;YAC9D,IAAI,CAAC,EAAE,EAAE,CAAC;gBACR,mBAAmB;gBACnB,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,IAAI,CAAC;IACd,CAAC;IAED,8EAA8E;IAC9E,MAAM,kBAAkB,GAAG,aAAa,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAChE,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,IAAI,UAAU,CAAC;IACzC,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC5C,MAAM,SAAS,GAAG,IAAI,UAAU,CAC9B,QAAQ,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAChE,CAAC;IACF,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC3B,SAAS,CAAC,GAAG,CAAC,kBAAkB,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IACnD,SAAS,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IACvE,MAAM,QAAQ,GAAG,CAAC,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAE3D,sBAAsB;IACtB,MAAM,OAAO,GAAG,MAAM,cAAc,CAClC,GAAG,EACH,UAAU,EACV,WAAW,EACX,kBAAkB,EAClB,YAAY,EACZ,QAAQ,CACT,CAAC;IAEF,wEAAwE;IACxE,MAAM,SAAS,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACxC,MAAM,UAAU,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACzC,IAAI,UAAU,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,0BAA0B,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;IACjE,CAAC;IACD,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,EAAE,UAAU,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IACjE,MAAM,UAAU,GAAG,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IAC/D,MAAM,SAAS,GAAG,MAAM,aAAa,CACnC,OAAO,EACP,SAAS,EACT,SAAS,EACT,UAAU,EACV,IAAI,UAAU,CAAC,CAAC,CAAC,CAClB,CAAC;IAEF,kBAAkB;IAClB,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC1C,MAAM,EAAE,GAAG,aAAa,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACzC,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACnC,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IAE9E,gBAAgB;IAChB,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAA4B,CAAC;AACpF,CAAC;AAED,KAAK,UAAU,qBAAqB,CAClC,GAAkB,EAClB,YAAwB;IAExB,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;IAChD,MAAM,EAAE,GAAG,aAAa,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACzC,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACnC,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,WAAW,GAAG,UAAU,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAEtD,MAAM,SAAS,GAAG,IAAI,UAAU,CAC9B,EAAE,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,GAAG,WAAW,CAAC,MAAM,CAC9D,CAAC;IACF,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;IACvB,GAAG,IAAI,EAAE,CAAC,MAAM,CAAC;IACjB,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACxB,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC;IAClB,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAC7B,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC;IACvB,SAAS,CAAC,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;IAEhC,OAAO,cAAc,CAAC,YAAY,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC;AACtD,CAAC;AAED,SAAS,SAAS,CAChB,UAAsB,EACtB,OAAe,EACf,YAAoB;IAEpB,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,OAAO,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,YAAY;YAAE,OAAO,GAAG,CAAC;IAChE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,cAAc,CAC3B,GAAa,EACb,UAAsB,EACtB,WAAmC,EACnC,kBAA8B,EAC9B,iBAA6B,EAC7B,IAAgB;IAEhB,MAAM,KAAK,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;IACrB,IAAI,KAAK,IAAI,WAAW,EAAE,CAAC;QACzB,YAAY;QACZ,8CAA8C;QAC9C,8CAA8C;QAC9C,+CAA+C;QAC/C,MAAM,GAAG,GAAG,MAAM,iBAAiB,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAC;QACpE,MAAM,GAAG,GAAG,MAAM,iBAAiB,CAAC,WAAW,EAAE,iBAAiB,CAAC,CAAC;QACpE,MAAM,GAAG,GAAG,MAAM,iBAAiB,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACrE,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YAChE,MAAM,IAAI,KAAK,CACb,oCAAoC,GAAG,CAAC,MAAM,QAAQ,GAAG,CAAC,MAAM,QAAQ,GAAG,CAAC,MAAM,EAAE,CACrF,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;QAC/B,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QAChB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACjB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACjB,OAAO,UAAU,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;IAC7C,CAAC;IACD,YAAY;IACZ,MAAM,GAAG,GAAG,MAAM,iBAAiB,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAC;IACpE,OAAO,UAAU,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;AAC7C,CAAC"}

package/dist/v2/e2ee/encrypt-group.d.ts

@@ -0,0 +1,14 @@
+import { type Sender, type Target, type EncryptOptions, type StateCommitmentAAD } from './types';
+/**
+ * 构造完整的 V2 Group 加密 envelope。
+ *
+ * @param sender           发送方身份
+ * @param groupId          群 ID
+ * @param epoch            当前加密 epoch
+ * @param targets          所有接收设备列表
+ * @param payload          业务 payload（将被加密）
+ * @param opts             可选参数（messageId / timestamp）
+ * @param stateCommitment  绑定到 AAD 的 state 信息；缺省 → sv=0 占位
+ */
+export declare function encryptGroupMessage(sender: Sender, groupId: string, epoch: number, targets: Target[], payload: Record<string, unknown>, opts?: EncryptOptions, stateCommitment?: Partial<StateCommitmentAAD>): Promise<Record<string, unknown>>;
+//# sourceMappingURL=encrypt-group.d.ts.map

package/dist/v2/e2ee/encrypt-group.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encrypt-group.d.ts","sourceRoot":"","sources":["../../../src/v2/e2ee/encrypt-group.ts"],"names":[],"mappings":"AAcA,OAAO,EACL,KAAK,MAAM,EACX,KAAK,MAAM,EACX,KAAK,cAAc,EACnB,KAAK,kBAAkB,EAExB,MAAM,SAAS,CAAC;AAwDjB;;;;;;;;;;GAUG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,MAAM,EAAE,EACjB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,IAAI,GAAE,cAAmB,EACzB,eAAe,CAAC,EAAE,OAAO,CAAC,kBAAkB,CAAC,GAC5C,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAiHlC"}

package/dist/v2/e2ee/encrypt-group.js

@@ -0,0 +1,196 @@
+/**
+ * AUN E2EE V2: Group 加密引擎（浏览器版，async）
+ *
+ * 构造完整的 e2ee.group_encrypted envelope。纯计算，无 IO。
+ * 与 P2P 引擎同构，差异在 AAD（含 group_id/epoch/state_commitment）。
+ *
+ * 参考实现: python/src/aun_core/v2/e2ee/encrypt_group.py
+ */
+import { canonicalJson } from '../crypto/canonical';
+import { ecdsaSignRaw } from '../crypto/ecdsa';
+import { aesGcmEncrypt } from '../crypto/aead';
+import { generateP256Keypair } from '../crypto/ecdh';
+import { compute3DHWrap, compute1DHWrap } from '../crypto/dh-path';
+import { sortRecipients, computeRecipientsDigest } from '../crypto/recipients';
+import { SUITE_NAME, } from './types';
+import { withMetadataAuth, PROTECTED_HEADERS_DOMAIN, PROTECTED_CONTEXT_DOMAIN, } from './metadata-auth';
+import { normalizeProtectedHeaders } from './encrypt-p2p';
+const encoder = new TextEncoder();
+async function sha256(data) {
+    const buf = await crypto.subtle.digest('SHA-256', data.slice().buffer);
+    return new Uint8Array(buf);
+}
+function bytesToBase64(b) {
+    let bin = '';
+    for (let i = 0; i < b.length; i++)
+        bin += String.fromCharCode(b[i]);
+    return btoa(bin);
+}
+function bytesToHex(b) {
+    let s = '';
+    for (let i = 0; i < b.length; i++)
+        s += b[i].toString(16).padStart(2, '0');
+    return s;
+}
+function hexToBytes(s) {
+    if (s.length % 2 !== 0)
+        throw new Error('hex length must be even');
+    const out = new Uint8Array(s.length / 2);
+    for (let i = 0; i < out.length; i++) {
+        const hi = parseInt(s.charAt(i * 2), 16);
+        const lo = parseInt(s.charAt(i * 2 + 1), 16);
+        if (Number.isNaN(hi) || Number.isNaN(lo))
+            throw new Error('invalid hex char');
+        out[i] = (hi << 4) | lo;
+    }
+    return out;
+}
+function uuid4Hex() {
+    if (typeof crypto.randomUUID === 'function') {
+        return crypto.randomUUID().replace(/-/g, '');
+    }
+    const b = new Uint8Array(16);
+    crypto.getRandomValues(b);
+    b[6] = (b[6] & 0x0f) | 0x40;
+    b[8] = (b[8] & 0x3f) | 0x80;
+    return bytesToHex(b);
+}
+function randomBytes(n) {
+    const b = new Uint8Array(n);
+    crypto.getRandomValues(b);
+    return b;
+}
+/**
+ * 构造完整的 V2 Group 加密 envelope。
+ *
+ * @param sender           发送方身份
+ * @param groupId          群 ID
+ * @param epoch            当前加密 epoch
+ * @param targets          所有接收设备列表
+ * @param payload          业务 payload（将被加密）
+ * @param opts             可选参数（messageId / timestamp）
+ * @param stateCommitment  绑定到 AAD 的 state 信息；缺省 → sv=0 占位
+ */
+export async function encryptGroupMessage(sender, groupId, epoch, targets, payload, opts = {}, stateCommitment) {
+    const masterKey = randomBytes(32);
+    const msgNonce = randomBytes(12);
+    const messageId = opts.messageId ?? `m-${uuid4Hex()}`;
+    const timestamp = opts.timestamp ?? Date.now();
+    const protocolSet = new Set();
+    for (const t of targets) {
+        if (t.spkPkDer
+            && (t.keySource === 'peer_device_prekey' || t.keySource === 'group_device_prekey')) {
+            protocolSet.add('3DH');
+        }
+        else {
+            protocolSet.add('1DH');
+        }
+    }
+    const wrapProtocolStr = protocolSet.size > 0 ? [...protocolSet].sort().join('+') : '1DH';
+    const sc = stateCommitment ?? {};
+    const stateCommitmentAad = {
+        state_version: Math.trunc(Number(sc.state_version ?? 0)) || 0,
+        state_hash: String(sc.state_hash ?? ''),
+        state_chain: String(sc.state_chain ?? ''),
+    };
+    const aad = {
+        from: sender.aid,
+        from_device: sender.deviceId,
+        group_id: groupId,
+        epoch,
+        message_id: messageId,
+        timestamp,
+        suite: SUITE_NAME,
+        wrap_protocol: wrapProtocolStr,
+        state_commitment: stateCommitmentAad,
+    };
+    const plaintextBytes = canonicalJson(payload);
+    const aadBytes = canonicalJson(aad);
+    const { ciphertext, tag } = await aesGcmEncrypt(masterKey, msgNonce, plaintextBytes, aadBytes);
+    const [senderSessionPriv, senderSessionPubDer] = await generateP256Keypair();
+    const suiteBytes = encoder.encode(SUITE_NAME);
+    const saltInput = new Uint8Array(aadBytes.length + senderSessionPubDer.length + suiteBytes.length);
+    saltInput.set(aadBytes, 0);
+    saltInput.set(senderSessionPubDer, aadBytes.length);
+    saltInput.set(suiteBytes, aadBytes.length + senderSessionPubDer.length);
+    const wrapSalt = (await sha256(saltInput)).subarray(0, 16);
+    const recipientsRows = [];
+    for (const target of targets) {
+        recipientsRows.push(await wrapForRecipient(target, masterKey, senderSessionPriv, sender.ikPriv, wrapSalt));
+    }
+    const sortedRows = sortRecipients(recipientsRows);
+    const digestHex = await computeRecipientsDigest(sortedRows);
+    const digestBytes = hexToBytes(digestHex);
+    const signInput = new Uint8Array(ciphertext.length + tag.length + aadBytes.length + digestBytes.length);
+    let pos = 0;
+    signInput.set(ciphertext, pos);
+    pos += ciphertext.length;
+    signInput.set(tag, pos);
+    pos += tag.length;
+    signInput.set(aadBytes, pos);
+    pos += aadBytes.length;
+    signInput.set(digestBytes, pos);
+    const senderSig = await ecdsaSignRaw(sender.ikPriv, signInput);
+    const certFpHash = bytesToHex(await sha256(sender.ikPubDer));
+    const certFp = `sha256:${certFpHash.substring(0, 16)}`;
+    const envelope = {
+        type: 'e2ee.group_encrypted',
+        version: 'v2',
+        suite: SUITE_NAME,
+        msg_type: 'original',
+        group_id: groupId,
+        epoch,
+        t_send: timestamp,
+        t_server: null,
+        nonce: bytesToBase64(msgNonce),
+        ciphertext: bytesToBase64(ciphertext),
+        tag: bytesToBase64(tag),
+        sender_signature: bytesToBase64(senderSig),
+        sender_cert_fingerprint: certFp,
+        sender_session_pk: bytesToBase64(senderSessionPubDer),
+        recipients_digest: digestHex,
+        recipients: sortedRows,
+        aad,
+    };
+    // protected_headers / context：HMAC 签名（与 V1 对齐），不进 AAD
+    // payload_type 自动注入 + value 转 string（与 Python _normalize_headers 对齐）
+    const { context } = opts;
+    const normalizedHeaders = normalizeProtectedHeaders(opts.protectedHeaders, payload);
+    if (Object.keys(normalizedHeaders).length > 0) {
+        envelope.protected_headers = await withMetadataAuth(normalizedHeaders, masterKey, PROTECTED_HEADERS_DOMAIN);
+    }
+    if (context && typeof context === 'object' && Object.keys(context).length > 0) {
+        envelope.context = await withMetadataAuth(context, masterKey, PROTECTED_CONTEXT_DOMAIN);
+    }
+    return envelope;
+}
+async function wrapForRecipient(target, masterKey, senderSessionPriv, senderMasterPriv, wrapSalt) {
+    const role = target.role ?? 'member';
+    const keySource = target.keySource ?? 'aid_master';
+    const fpHash = bytesToHex(await sha256(target.ikPkDer));
+    const fp = `sha256:${fpHash.substring(0, 16)}`;
+    const wrapNonce = randomBytes(12);
+    let wrapKey;
+    if (target.spkPkDer
+        && (keySource === 'peer_device_prekey' || keySource === 'group_device_prekey')) {
+        wrapKey = await compute3DHWrap(senderSessionPriv, senderMasterPriv, target.ikPkDer, target.spkPkDer, wrapSalt);
+    }
+    else {
+        wrapKey = await compute1DHWrap(senderSessionPriv, target.ikPkDer, wrapSalt);
+    }
+    const { ciphertext: wrappedCt, tag: wrappedTag } = await aesGcmEncrypt(wrapKey, wrapNonce, masterKey, new Uint8Array(0));
+    const wrappedKey = new Uint8Array(wrappedCt.length + wrappedTag.length);
+    wrappedKey.set(wrappedCt, 0);
+    wrappedKey.set(wrappedTag, wrappedCt.length);
+    return [
+        target.aid,
+        target.deviceId,
+        role,
+        keySource,
+        fp,
+        target.spkId ?? '',
+        bytesToBase64(wrapNonce),
+        bytesToBase64(wrappedKey),
+    ];
+}
+//# sourceMappingURL=encrypt-group.js.map

package/dist/v2/e2ee/encrypt-group.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encrypt-group.js","sourceRoot":"","sources":["../../../src/v2/e2ee/encrypt-group.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAC/E,OAAO,EAKL,UAAU,GACX,MAAM,SAAS,CAAC;AACjB,OAAO,EACL,gBAAgB,EAChB,wBAAwB,EACxB,wBAAwB,GACzB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,yBAAyB,EAAE,MAAM,eAAe,CAAC;AAE1D,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;AAElC,KAAK,UAAU,MAAM,CAAC,IAAgB;IACpC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,MAAM,CAAC,CAAC;IACvE,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,aAAa,CAAC,CAAa;IAClC,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACpE,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;AACnB,CAAC;AAED,SAAS,UAAU,CAAC,CAAa;IAC/B,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC3E,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IACnE,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,MAAM,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACzC,MAAM,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QAC9E,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC;IAC1B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,QAAQ;IACf,IAAI,OAAO,MAAM,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;QAC5C,OAAO,MAAM,CAAC,UAAU,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAC/C,CAAC;IACD,MAAM,CAAC,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAC7B,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;IAC5B,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;IAC5B,OAAO,UAAU,CAAC,CAAC,CAAC,CAAC;AACvB,CAAC;AAED,SAAS,WAAW,CAAC,CAAS;IAC5B,MAAM,CAAC,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IAC5B,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAC1B,OAAO,CAAC,CAAC;AACX,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,MAAc,EACd,OAAe,EACf,KAAa,EACb,OAAiB,EACjB,OAAgC,EAChC,OAAuB,EAAE,EACzB,eAA6C;IAE7C,MAAM,SAAS,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAClC,MAAM,QAAQ,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAEjC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,KAAK,QAAQ,EAAE,EAAE,CAAC;IACtD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;IAE/C,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IACtC,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IACE,CAAC,CAAC,QAAQ;eACP,CAAC,CAAC,CAAC,SAAS,KAAK,oBAAoB,IAAI,CAAC,CAAC,SAAS,KAAK,qBAAqB,CAAC,EAClF,CAAC;YACD,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IACD,MAAM,eAAe,GAAG,WAAW,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IAEzF,MAAM,EAAE,GAAG,eAAe,IAAI,EAAE,CAAC;IACjC,MAAM,kBAAkB,GAAuB;QAC7C,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,aAAa,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;QAC7D,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC,UAAU,IAAI,EAAE,CAAC;QACvC,WAAW,EAAE,MAAM,CAAC,EAAE,CAAC,WAAW,IAAI,EAAE,CAAC;KAC1C,CAAC;IAEF,MAAM,GAAG,GAA4B;QACnC,IAAI,EAAE,MAAM,CAAC,GAAG;QAChB,WAAW,EAAE,MAAM,CAAC,QAAQ;QAC5B,QAAQ,EAAE,OAAO;QACjB,KAAK;QACL,UAAU,EAAE,SAAS;QACrB,SAAS;QACT,KAAK,EAAE,UAAU;QACjB,aAAa,EAAE,eAAe;QAC9B,gBAAgB,EAAE,kBAAkB;KACrC,CAAC;IAEF,MAAM,cAAc,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IACpC,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,MAAM,aAAa,CAAC,SAAS,EAAE,QAAQ,EAAE,cAAc,EAAE,QAAQ,CAAC,CAAC;IAE/F,MAAM,CAAC,iBAAiB,EAAE,mBAAmB,CAAC,GAAG,MAAM,mBAAmB,EAAE,CAAC;IAE7E,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,IAAI,UAAU,CAC9B,QAAQ,CAAC,MAAM,GAAG,mBAAmB,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CACjE,CAAC;IACF,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC3B,SAAS,CAAC,GAAG,CAAC,mBAAmB,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IACpD,SAAS,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,MAAM,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IACxE,MAAM,QAAQ,GAAG,CAAC,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAE3D,MAAM,cAAc,GAAe,EAAE,CAAC;IACtC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,cAAc,CAAC,IAAI,CACjB,MAAM,gBAAgB,CAAC,MAAM,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CACtF,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,cAAc,CAAC,cAAc,CAAC,CAAC;IAClD,MAAM,SAAS,GAAG,MAAM,uBAAuB,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,WAAW,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,IAAI,UAAU,CAC9B,UAAU,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,GAAG,WAAW,CAAC,MAAM,CACtE,CAAC;IACF,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,SAAS,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IAC/B,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC;IACzB,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACxB,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC;IAClB,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAC7B,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC;IACvB,SAAS,CAAC,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;IAChC,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAE/D,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC7D,MAAM,MAAM,GAAG,UAAU,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;IAEvD,MAAM,QAAQ,GAA4B;QACxC,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,IAAI;QACb,KAAK,EAAE,UAAU;QACjB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,OAAO;QACjB,KAAK;QACL,MAAM,EAAE,SAAS;QACjB,QAAQ,EAAE,IAAI;QACd,KAAK,EAAE,aAAa,CAAC,QAAQ,CAAC;QAC9B,UAAU,EAAE,aAAa,CAAC,UAAU,CAAC;QACrC,GAAG,EAAE,aAAa,CAAC,GAAG,CAAC;QACvB,gBAAgB,EAAE,aAAa,CAAC,SAAS,CAAC;QAC1C,uBAAuB,EAAE,MAAM;QAC/B,iBAAiB,EAAE,aAAa,CAAC,mBAAmB,CAAC;QACrD,iBAAiB,EAAE,SAAS;QAC5B,UAAU,EAAE,UAAU;QACtB,GAAG;KACJ,CAAC;IAEF,sDAAsD;IACtD,qEAAqE;IACrE,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IACzB,MAAM,iBAAiB,GAAG,yBAAyB,CAAC,IAAI,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;IACpF,IAAI,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,QAAQ,CAAC,iBAAiB,GAAG,MAAM,gBAAgB,CAAC,iBAAiB,EAAE,SAAS,EAAE,wBAAwB,CAAC,CAAC;IAC9G,CAAC;IACD,IAAI,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9E,QAAQ,CAAC,OAAO,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,SAAS,EAAE,wBAAwB,CAAC,CAAC;IAC1F,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,MAAc,EACd,SAAqB,EACrB,iBAA6B,EAC7B,gBAA4B,EAC5B,QAAoB;IAEpB,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,QAAQ,CAAC;IACrC,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,YAAY,CAAC;IAEnD,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;IACxD,MAAM,EAAE,GAAG,UAAU,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;IAE/C,MAAM,SAAS,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAElC,IAAI,OAAmB,CAAC;IACxB,IACE,MAAM,CAAC,QAAQ;WACZ,CAAC,SAAS,KAAK,oBAAoB,IAAI,SAAS,KAAK,qBAAqB,CAAC,EAC9E,CAAC;QACD,OAAO,GAAG,MAAM,cAAc,CAC5B,iBAAiB,EACjB,gBAAgB,EAChB,MAAM,CAAC,OAAO,EACd,MAAM,CAAC,QAAQ,EACf,QAAQ,CACT,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,MAAM,cAAc,CAAC,iBAAiB,EAAE,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC9E,CAAC;IAED,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,MAAM,aAAa,CACpE,OAAO,EACP,SAAS,EACT,SAAS,EACT,IAAI,UAAU,CAAC,CAAC,CAAC,CAClB,CAAC;IACF,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACxE,UAAU,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;IAC7B,UAAU,CAAC,GAAG,CAAC,UAAU,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IAE7C,OAAO;QACL,MAAM,CAAC,GAAG;QACV,MAAM,CAAC,QAAQ;QACf,IAAI;QACJ,SAAS;QACT,EAAE;QACF,MAAM,CAAC,KAAK,IAAI,EAAE;QAClB,aAAa,CAAC,SAAS,CAAC;QACxB,aAAa,CAAC,UAAU,CAAC;KAC1B,CAAC;AACJ,CAAC"}

package/dist/v2/e2ee/encrypt-p2p.d.ts

@@ -0,0 +1,15 @@
+import { type Sender, type TargetSet, type EncryptOptions } from './types';
+/**
+ * 构造完整的 V2 P2P 加密 envelope。
+ *
+ * 与 Python `encrypt_p2p_message` 字节级对齐（除了随机字段：master_key/msg_nonce/
+ * sender_session keypair/wrap_nonce/message_id/timestamp，以及由此影响的 ciphertext/
+ * tag/recipients_digest/sender_signature）。
+ */
+export declare function encryptP2PMessage(sender: Sender, targetSet: TargetSet, payload: Record<string, unknown>, opts?: EncryptOptions): Promise<Record<string, unknown>>;
+/**
+ * 规范化 protected_headers：value 转 string + 自动注入 payload_type。
+ * 与 Python `_normalize_headers` 对齐。
+ */
+export declare function normalizeProtectedHeaders(headers: Record<string, unknown> | undefined | null, payload: Record<string, unknown>): Record<string, string>;
+//# sourceMappingURL=encrypt-p2p.d.ts.map

package/dist/v2/e2ee/encrypt-p2p.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encrypt-p2p.d.ts","sourceRoot":"","sources":["../../../src/v2/e2ee/encrypt-p2p.ts"],"names":[],"mappings":"AAeA,OAAO,EACL,KAAK,MAAM,EAEX,KAAK,SAAS,EACd,KAAK,cAAc,EAEpB,MAAM,SAAS,CAAC;AAyDjB;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,SAAS,EACpB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,IAAI,GAAE,cAAmB,GACxB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CA+IlC;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,CACvC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,GAAG,IAAI,EACnD,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAexB"}