npm - @agentunion/fastaun - Versions diffs - 0.2.19 → 0.3.0 - Mend

@agentunion/fastaun 0.2.19 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (162) hide show

package/dist/v2/crypto/recipients.js ADDED Viewed

@@ -0,0 +1,183 @@
+/**
+ * AUN E2EE V2: Recipients 排序与 Merkle Digest
+ *
+ * 规范引用：§5.3 / §10.3
+ *
+ * - 行排序：(aid asc, device_id asc, role asc) 字典序
+ * - 每行固定 8 字段：[aid, device_id, role, key_source, fp, spk_id, wrap_nonce, wrapped_key]
+ * - Digest = Merkle root（leaf/inner 各有独立前缀）
+ * - 奇数节点复制最后一个
+ */
+import { createHash } from 'node:crypto';
+const TEXT = new TextEncoder();
+const LEAF_PREFIX = TEXT.encode('AUN-V2-RCPT-LEAF-v1');
+const NODE_PREFIX = TEXT.encode('AUN-V2-RCPT-NODE-v1');
+/** 按 (aid, device_id, role) 字典序稳定排序 recipients。 */
+export function sortRecipients(rows) {
+    return [...rows].sort((a, b) => {
+        const ka0 = a[0] ?? '';
+        const kb0 = b[0] ?? '';
+        if (ka0 !== kb0)
+            return ka0 < kb0 ? -1 : 1;
+        const ka1 = a[1] ?? '';
+        const kb1 = b[1] ?? '';
+        if (ka1 !== kb1)
+            return ka1 < kb1 ? -1 : 1;
+        const ka2 = a[2] ?? '';
+        const kb2 = b[2] ?? '';
+        if (ka2 !== kb2)
+            return ka2 < kb2 ? -1 : 1;
+        return 0;
+    });
+}
+/**
+ * wrap_nonce / wrapped_key 字段优先按 base64 解码，失败则按 utf-8 字节回退（与 Python 行为一致）。
+ */
+function decodeOrRaw(value) {
+    if (!value)
+        return new Uint8Array(0);
+    // Node Buffer.from(..., 'base64') 对非法字符会忽略而非抛错，
+    // 因此校验"再编码回去"是否一致来判断输入是否合法 base64。
+    // 这与 Python base64.b64decode(value) 的行为相近：
+    // 不合法时 Python 抛错 → 我们 fallback 到 utf-8。
+    // 不过 Python 默认非严格模式也容错；这里采用与 Python 完全等价的判定：
+    // 1) 仅含 base64 字符集 [A-Za-z0-9+/=]
+    // 2) 长度是 4 的倍数
+    // 否则按 utf-8 处理。
+    if (isLikelyBase64(value)) {
+        try {
+            const decoded = Buffer.from(value, 'base64');
+            // 双重校验：重编码与原值一致（忽略 padding 差异）。
+            const reencoded = decoded.toString('base64');
+            // 比较时归一化 padding：Python 会抛 binascii.Error 在 padding 不正确时。
+            if (reencoded === value || reencoded.replace(/=+$/, '') === value.replace(/=+$/, '')) {
+                return new Uint8Array(decoded);
+            }
+        }
+        catch {
+            /* fallthrough */
+        }
+    }
+    return new Uint8Array(TEXT.encode(value));
+}
+function isLikelyBase64(s) {
+    if (s.length === 0)
+        return false;
+    if (s.length % 4 !== 0)
+        return false;
+    return /^[A-Za-z0-9+/]+={0,2}$/.test(s);
+}
+/** 计算单个 recipient 行的 leaf hash（32 字节）。 */
+export function computeLeafHash(row) {
+    const aid = TEXT.encode(String(row[0] ?? ''));
+    const deviceId = TEXT.encode(String(row[1] ?? ''));
+    const role = TEXT.encode(String(row[2] ?? ''));
+    const keySource = TEXT.encode(String(row[3] ?? ''));
+    const fp = TEXT.encode(String(row[4] ?? ''));
+    const spkId = TEXT.encode(String(row[5] ?? ''));
+    const wrapNonce = decodeOrRaw(String(row[6] ?? ''));
+    const wrappedKey = decodeOrRaw(String(row[7] ?? ''));
+    const h = createHash('sha256');
+    h.update(LEAF_PREFIX);
+    h.update(aid);
+    h.update(Uint8Array.of(0));
+    h.update(deviceId);
+    h.update(Uint8Array.of(0));
+    h.update(role);
+    h.update(Uint8Array.of(0));
+    h.update(keySource);
+    h.update(Uint8Array.of(0));
+    h.update(fp);
+    h.update(Uint8Array.of(0));
+    h.update(spkId);
+    h.update(Uint8Array.of(0));
+    h.update(wrapNonce);
+    h.update(wrappedKey);
+    return new Uint8Array(h.digest());
+}
+function nodeHash(left, right) {
+    const h = createHash('sha256');
+    h.update(NODE_PREFIX);
+    h.update(left);
+    h.update(right);
+    return new Uint8Array(h.digest());
+}
+function merkleRootFromLeaves(leaves) {
+    if (leaves.length === 1)
+        return leaves[0];
+    let layer = [...leaves];
+    while (layer.length > 1) {
+        if (layer.length % 2 === 1)
+            layer.push(layer[layer.length - 1]);
+        const next = [];
+        for (let i = 0; i < layer.length; i += 2) {
+            next.push(nodeHash(layer[i], layer[i + 1]));
+        }
+        layer = next;
+    }
+    return layer[0];
+}
+/**
+ * 计算 recipients 的 Merkle root（hex）。空列表返回空字符串（与 Python 一致）。
+ */
+export function computeMerkleRoot(rows) {
+    if (rows.length === 0)
+        return '';
+    const leaves = rows.map(computeLeafHash);
+    return Buffer.from(merkleRootFromLeaves(leaves)).toString('hex');
+}
+/** 兼容入口，等价 computeMerkleRoot。调用方应先调 sortRecipients。 */
+export function computeRecipientsDigest(rows) {
+    return computeMerkleRoot(rows);
+}
+/**
+ * 为 targetIndex 行生成 Merkle proof（log N 步）。
+ */
+export function computeMerkleProof(rows, targetIndex) {
+    if (rows.length === 0 || targetIndex < 0 || targetIndex >= rows.length)
+        return [];
+    const leaves = rows.map(computeLeafHash);
+    const proof = [];
+    let layer = [...leaves];
+    let idx = targetIndex;
+    while (layer.length > 1) {
+        if (layer.length % 2 === 1)
+            layer.push(layer[layer.length - 1]);
+        const siblingIdx = idx ^ 1;
+        proof.push({
+            sibling: Buffer.from(layer[siblingIdx]).toString('hex'),
+            position: siblingIdx > idx ? 'R' : 'L',
+        });
+        const next = [];
+        for (let i = 0; i < layer.length; i += 2) {
+            next.push(nodeHash(layer[i], layer[i + 1]));
+        }
+        layer = next;
+        idx = Math.floor(idx / 2);
+    }
+    return proof;
+}
+/**
+ * 验证 leaf + proof 重建出的 root 与期望值一致。
+ */
+export function verifyMerkleProof(leaf, proof, expectedRootHex) {
+    if (!expectedRootHex)
+        return false;
+    let cur = leaf;
+    for (const step of proof) {
+        if (!/^[0-9a-fA-F]*$/.test(step.sibling) || step.sibling.length % 2 !== 0)
+            return false;
+        const sibling = Uint8Array.from(Buffer.from(step.sibling, 'hex'));
+        if (step.position === 'L') {
+            cur = nodeHash(sibling, cur);
+        }
+        else if (step.position === 'R') {
+            cur = nodeHash(cur, sibling);
+        }
+        else {
+            return false;
+        }
+    }
+    return Buffer.from(cur).toString('hex') === expectedRootHex;
+}
+//# sourceMappingURL=recipients.js.map

package/dist/v2/crypto/recipients.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"recipients.js","sourceRoot":"","sources":["../../../src/v2/crypto/recipients.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC;AAC/B,MAAM,WAAW,GAAe,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;AACnE,MAAM,WAAW,GAAe,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;AAOnE,mDAAmD;AACnD,MAAM,UAAU,cAAc,CAAC,IAAgB;IAC7C,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC7B,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACvB,IAAI,GAAG,KAAK,GAAG;YAAE,OAAO,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3C,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACvB,IAAI,GAAG,KAAK,GAAG;YAAE,OAAO,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3C,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACvB,IAAI,GAAG,KAAK,GAAG;YAAE,OAAO,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3C,OAAO,CAAC,CAAC;IACX,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,KAAa;IAChC,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IACrC,gDAAgD;IAChD,mCAAmC;IACnC,2CAA2C;IAC3C,wCAAwC;IACxC,6CAA6C;IAC7C,kCAAkC;IAClC,eAAe;IACf,gBAAgB;IAChB,IAAI,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;YAC7C,gCAAgC;YAChC,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAC7C,0DAA0D;YAC1D,IAAI,SAAS,KAAK,KAAK,IAAI,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,EAAE,CAAC;gBACrF,OAAO,IAAI,UAAU,CAAC,OAAO,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,iBAAiB;QACnB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;AAC5C,CAAC;AAED,SAAS,cAAc,CAAC,CAAS;IAC/B,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACjC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACrC,OAAO,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC1C,CAAC;AAED,0CAA0C;AAC1C,MAAM,UAAU,eAAe,CAAC,GAAa;IAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACnD,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAC/C,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACpD,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAC7C,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAChD,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACpD,MAAM,UAAU,GAAG,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAErD,MAAM,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC/B,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACtB,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3C,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IACzC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5C,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpB,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IACrB,OAAO,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,QAAQ,CAAC,IAAgB,EAAE,KAAiB;IACnD,MAAM,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC/B,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACtB,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACf,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAChB,OAAO,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAoB;IAChD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;IAC1C,IAAI,KAAK,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC;IACxB,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;QAChE,MAAM,IAAI,GAAiB,EAAE,CAAC;QAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACzC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9C,CAAC;QACD,KAAK,GAAG,IAAI,CAAC;IACf,CAAC;IACD,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAgB;IAChD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACjC,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACzC,OAAO,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACnE,CAAC;AAED,uDAAuD;AACvD,MAAM,UAAU,uBAAuB,CAAC,IAAgB;IACtD,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAgB,EAAE,WAAmB;IACtE,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,WAAW,GAAG,CAAC,IAAI,WAAW,IAAI,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,CAAC;IAClF,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACzC,MAAM,KAAK,GAAgB,EAAE,CAAC;IAC9B,IAAI,KAAK,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC;IACxB,IAAI,GAAG,GAAG,WAAW,CAAC;IACtB,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;QAChE,MAAM,UAAU,GAAG,GAAG,GAAG,CAAC,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC;YACT,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;YACvD,QAAQ,EAAE,UAAU,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG;SACvC,CAAC,CAAC;QACH,MAAM,IAAI,GAAiB,EAAE,CAAC;QAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACzC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9C,CAAC;QACD,KAAK,GAAG,IAAI,CAAC;QACb,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;IAC5B,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAC/B,IAAgB,EAChB,KAAkB,EAClB,eAAuB;IAEvB,IAAI,CAAC,eAAe;QAAE,OAAO,KAAK,CAAC;IACnC,IAAI,GAAG,GAAG,IAAI,CAAC;IACf,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QACxF,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;QAClE,IAAI,IAAI,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;YAC1B,GAAG,GAAG,QAAQ,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAC/B,CAAC;aAAM,IAAI,IAAI,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;YACjC,GAAG,GAAG,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAC/B,CAAC;aAAM,CAAC;YACN,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,eAAe,CAAC;AAC9D,CAAC"}

package/dist/v2/e2ee/decrypt.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * AUN E2EE V2: 统一解密引擎
+ *
+ * 支持 P2P 和 Group 消息解密（按 envelope.type / 字段结构分流）。
+ * 纯计算，无 IO。
+ *
+ * 与 Python `aun_core.v2.e2ee.decrypt.decrypt_message` 对齐。
+ *
+ * 流程：
+ *  1. 验 sender_signature
+ *  2. 找自己的 row（recipients 数组或 per-device recipient + 可选 merkle_proof）
+ *  3. 计算 wrap_salt
+ *  4. 派生 wrap_key（3DH 或 1DH）
+ *  5. 解 master_key
+ *  6. 解 body
+ *  7. 解析 JSON payload
+ */
+/**
+ * 解密 V2 加密消息（P2P 或 Group）。
+ *
+ * @param envelope 完整 envelope（已 JSON.parse 的对象）
+ * @param selfAid 接收方 AID
+ * @param selfDeviceId 接收方 device_id
+ * @param selfIkPriv 接收方 IK 私钥（32B scalar）
+ * @param selfSpkPriv 接收方 SPK 私钥（32B scalar）；undefined/null 表示无 SPK（1DH）
+ * @param senderPubDer 发送方 AID 主公钥（DER），用于验签 + 3DH 接收侧 DH2
+ * @returns 解密后的 payload；null 表示在 recipients 中找不到自己的 row
+ */
+export declare function decryptMessage(envelope: Record<string, unknown>, selfAid: string, selfDeviceId: string, selfIkPriv: Uint8Array, selfSpkPriv: Uint8Array | undefined, senderPubDer: Uint8Array): Record<string, unknown> | null;

package/dist/v2/e2ee/decrypt.js ADDED Viewed

@@ -0,0 +1,159 @@
+/**
+ * AUN E2EE V2: 统一解密引擎
+ *
+ * 支持 P2P 和 Group 消息解密（按 envelope.type / 字段结构分流）。
+ * 纯计算，无 IO。
+ *
+ * 与 Python `aun_core.v2.e2ee.decrypt.decrypt_message` 对齐。
+ *
+ * 流程：
+ *  1. 验 sender_signature
+ *  2. 找自己的 row（recipients 数组或 per-device recipient + 可选 merkle_proof）
+ *  3. 计算 wrap_salt
+ *  4. 派生 wrap_key（3DH 或 1DH）
+ *  5. 解 master_key
+ *  6. 解 body
+ *  7. 解析 JSON payload
+ */
+import { createHash } from 'node:crypto';
+import { canonicalJson } from '../crypto/canonical.js';
+import { ecdsaVerifyRaw } from '../crypto/ecdsa.js';
+import { ecdhComputeShared } from '../crypto/ecdh.js';
+import { hkdfSha256 } from '../crypto/hkdf.js';
+import { aesGcmDecrypt } from '../crypto/aead.js';
+import { computeLeafHash, computeRecipientsDigest, verifyMerkleProof, } from '../crypto/recipients.js';
+import { SUITE_NAME } from './types.js';
+const TEXT = new TextEncoder();
+const INFO_3DH = TEXT.encode('AUN-V2-3DH');
+const INFO_1DH = TEXT.encode('AUN-V2-1DH');
+/**
+ * 解密 V2 加密消息（P2P 或 Group）。
+ *
+ * @param envelope 完整 envelope（已 JSON.parse 的对象）
+ * @param selfAid 接收方 AID
+ * @param selfDeviceId 接收方 device_id
+ * @param selfIkPriv 接收方 IK 私钥（32B scalar）
+ * @param selfSpkPriv 接收方 SPK 私钥（32B scalar）；undefined/null 表示无 SPK（1DH）
+ * @param senderPubDer 发送方 AID 主公钥（DER），用于验签 + 3DH 接收侧 DH2
+ * @returns 解密后的 payload；null 表示在 recipients 中找不到自己的 row
+ */
+export function decryptMessage(envelope, selfAid, selfDeviceId, selfIkPriv, selfSpkPriv, senderPubDer) {
+    // 1. 验签
+    if (!verifySenderSignature(envelope, senderPubDer)) {
+        throw new Error('sender_signature verification failed');
+    }
+    // 2. 找自己的 row
+    let row = null;
+    if (Array.isArray(envelope.recipients)) {
+        const rows = envelope.recipients;
+        const expectedDigest = String(envelope.recipients_digest ?? '');
+        if (computeRecipientsDigest(rows) !== expectedDigest) {
+            throw new Error('recipients_digest mismatch');
+        }
+        row = findMyRow(rows, selfAid, selfDeviceId);
+        if (!row)
+            return null;
+    }
+    else if (envelope.recipient && typeof envelope.recipient === 'object') {
+        const r = envelope.recipient;
+        row = [
+            String(r.aid ?? ''),
+            String(r.device_id ?? ''),
+            String(r.role ?? ''),
+            String(r.key_source ?? ''),
+            String(r.fp ?? ''),
+            String(r.spk_id ?? ''),
+            String(r.wrap_nonce ?? ''),
+            String(r.wrapped_key ?? ''),
+        ];
+        // per-device 形态可能携带 merkle_proof
+        const proof = envelope.merkle_proof;
+        const expectedRoot = String(envelope.recipients_digest ?? '');
+        if (proof && expectedRoot) {
+            const leaf = computeLeafHash(row);
+            if (!verifyMerkleProof(leaf, proof, expectedRoot)) {
+                // 服务端篡改/替换 wrap，拒绝
+                return null;
+            }
+        }
+    }
+    else {
+        return null;
+    }
+    // 3. wrap_salt
+    const senderSessionPkDer = new Uint8Array(Buffer.from(String(envelope.sender_session_pk ?? ''), 'base64'));
+    const aad = envelope.aad;
+    const aadBytes = canonicalJson(aad);
+    const suiteStr = String(envelope.suite ?? SUITE_NAME);
+    const wrapSalt = computeWrapSalt(aadBytes, senderSessionPkDer, suiteStr);
+    // 4. wrap_key
+    const wrapKey = computeWrapKey(row, selfIkPriv, selfSpkPriv, senderSessionPkDer, senderPubDer, wrapSalt);
+    // 5. decrypt master_key
+    const wrapNonce = new Uint8Array(Buffer.from(row[6], 'base64'));
+    const wrappedKey = new Uint8Array(Buffer.from(row[7], 'base64'));
+    if (wrappedKey.length < 16) {
+        throw new Error('wrapped_key too short');
+    }
+    const wrappedCt = wrappedKey.subarray(0, wrappedKey.length - 16);
+    const wrappedTag = wrappedKey.subarray(wrappedKey.length - 16);
+    const masterKey = aesGcmDecrypt(wrapKey, wrapNonce, wrappedCt, wrappedTag, new Uint8Array(0));
+    // 6. decrypt body
+    const msgNonce = new Uint8Array(Buffer.from(String(envelope.nonce ?? ''), 'base64'));
+    const ct = new Uint8Array(Buffer.from(String(envelope.ciphertext ?? ''), 'base64'));
+    const tag = new Uint8Array(Buffer.from(String(envelope.tag ?? ''), 'base64'));
+    const plaintext = aesGcmDecrypt(masterKey, msgNonce, ct, tag, aadBytes);
+    // 7. parse JSON
+    return JSON.parse(Buffer.from(plaintext).toString('utf-8'));
+}
+function computeWrapSalt(aadBytes, senderSessionPkDer, suiteStr) {
+    const suiteBytes = TEXT.encode(suiteStr);
+    const h = createHash('sha256');
+    h.update(Buffer.from(aadBytes));
+    h.update(Buffer.from(senderSessionPkDer));
+    h.update(Buffer.from(suiteBytes));
+    return new Uint8Array(h.digest()).subarray(0, 16);
+}
+function computeWrapKey(row, selfIkPriv, selfSpkPriv, senderSessionPkDer, senderMasterPkDer, salt) {
+    const spkId = row[5];
+    if (spkId && selfSpkPriv) {
+        // 3DH 接收方：DH1=ECDH(self_ik, sender_session)；DH2=ECDH(self_spk, sender_master)；DH3=ECDH(self_spk, sender_session)
+        const dh1 = ecdhComputeShared(selfIkPriv, senderSessionPkDer);
+        const dh2 = ecdhComputeShared(selfSpkPriv, senderMasterPkDer);
+        const dh3 = ecdhComputeShared(selfSpkPriv, senderSessionPkDer);
+        const ikm = new Uint8Array(96);
+        ikm.set(dh1, 0);
+        ikm.set(dh2, 32);
+        ikm.set(dh3, 64);
+        return hkdfSha256(ikm, salt, INFO_3DH, 32);
+    }
+    // 1DH 接收方
+    const dh1 = ecdhComputeShared(selfIkPriv, senderSessionPkDer);
+    return hkdfSha256(dh1, salt, INFO_1DH, 32);
+}
+function findMyRow(rows, aid, deviceId) {
+    for (const r of rows) {
+        if (r[0] === aid && r[1] === deviceId)
+            return r;
+    }
+    return null;
+}
+function verifySenderSignature(envelope, senderPubDer) {
+    const sigStr = envelope.sender_signature;
+    const ctStr = envelope.ciphertext;
+    const tagStr = envelope.tag;
+    const digestHex = envelope.recipients_digest;
+    if (typeof sigStr !== 'string' ||
+        typeof ctStr !== 'string' ||
+        typeof tagStr !== 'string' ||
+        typeof digestHex !== 'string') {
+        return false;
+    }
+    const sig = new Uint8Array(Buffer.from(sigStr, 'base64'));
+    const ct = Buffer.from(ctStr, 'base64');
+    const tag = Buffer.from(tagStr, 'base64');
+    const aadBytes = canonicalJson(envelope.aad);
+    const digestBytes = Buffer.from(digestHex, 'hex');
+    const signInput = new Uint8Array(Buffer.concat([ct, tag, Buffer.from(aadBytes), digestBytes]));
+    return ecdsaVerifyRaw(senderPubDer, sig, signInput);
+}
+//# sourceMappingURL=decrypt.js.map

package/dist/v2/e2ee/decrypt.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"decrypt.js","sourceRoot":"","sources":["../../../src/v2/e2ee/decrypt.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,EACL,eAAe,EACf,uBAAuB,EACvB,iBAAiB,GAElB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAExC,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC;AAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;AAC3C,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;AAE3C;;;;;;;;;;GAUG;AACH,MAAM,UAAU,cAAc,CAC5B,QAAiC,EACjC,OAAe,EACf,YAAoB,EACpB,UAAsB,EACtB,WAAmC,EACnC,YAAwB;IAExB,QAAQ;IACR,IAAI,CAAC,qBAAqB,CAAC,QAAQ,EAAE,YAAY,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IAED,cAAc;IACd,IAAI,GAAG,GAAoB,IAAI,CAAC;IAChC,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,GAAG,QAAQ,CAAC,UAAwB,CAAC;QAC/C,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC;QAChE,IAAI,uBAAuB,CAAC,IAAI,CAAC,KAAK,cAAc,EAAE,CAAC;YACrD,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QACD,GAAG,GAAG,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;QAC7C,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;IACxB,CAAC;SAAM,IAAI,QAAQ,CAAC,SAAS,IAAI,OAAO,QAAQ,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;QACxE,MAAM,CAAC,GAAG,QAAQ,CAAC,SAAoC,CAAC;QACxD,GAAG,GAAG;YACJ,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,EAAE,CAAC;YACnB,MAAM,CAAC,CAAC,CAAC,SAAS,IAAI,EAAE,CAAC;YACzB,MAAM,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;YACpB,MAAM,CAAC,CAAC,CAAC,UAAU,IAAI,EAAE,CAAC;YAC1B,MAAM,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;YAClB,MAAM,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC;YACtB,MAAM,CAAC,CAAC,CAAC,UAAU,IAAI,EAAE,CAAC;YAC1B,MAAM,CAAC,CAAC,CAAC,WAAW,IAAI,EAAE,CAAC;SAC5B,CAAC;QACF,iCAAiC;QACjC,MAAM,KAAK,GAAG,QAAQ,CAAC,YAAuC,CAAC;QAC/D,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC;QAC9D,IAAI,KAAK,IAAI,YAAY,EAAE,CAAC;YAC1B,MAAM,IAAI,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;YAClC,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,KAAK,EAAE,YAAY,CAAC,EAAE,CAAC;gBAClD,mBAAmB;gBACnB,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,IAAI,CAAC;IACd,CAAC;IAED,eAAe;IACf,MAAM,kBAAkB,GAAG,IAAI,UAAU,CACvC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,iBAAiB,IAAI,EAAE,CAAC,EAAE,QAAQ,CAAC,CAChE,CAAC;IACF,MAAM,GAAG,GAAG,QAAQ,CAAC,GAA8B,CAAC;IACpD,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IACpC,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,IAAI,UAAU,CAAC,CAAC;IACtD,MAAM,QAAQ,GAAG,eAAe,CAAC,QAAQ,EAAE,kBAAkB,EAAE,QAAQ,CAAC,CAAC;IAEzE,cAAc;IACd,MAAM,OAAO,GAAG,cAAc,CAC5B,GAAG,EACH,UAAU,EACV,WAAW,EACX,kBAAkB,EAClB,YAAY,EACZ,QAAQ,CACT,CAAC;IAEF,wBAAwB;IACxB,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;IAChE,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;IACjE,IAAI,UAAU,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC3C,CAAC;IACD,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,EAAE,UAAU,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IACjE,MAAM,UAAU,GAAG,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IAC/D,MAAM,SAAS,GAAG,aAAa,CAAC,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;IAE9F,kBAAkB;IAClB,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;IACrF,MAAM,EAAE,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,IAAI,EAAE,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;IACpF,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,IAAI,EAAE,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;IAC9E,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IAExE,gBAAgB;IAChB,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAA4B,CAAC;AACzF,CAAC;AAED,SAAS,eAAe,CACtB,QAAoB,EACpB,kBAA8B,EAC9B,QAAgB;IAEhB,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACzC,MAAM,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC/B,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;IAChC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;IAClC,OAAO,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACpD,CAAC;AAED,SAAS,cAAc,CACrB,GAAa,EACb,UAAsB,EACtB,WAAmC,EACnC,kBAA8B,EAC9B,iBAA6B,EAC7B,IAAgB;IAEhB,MAAM,KAAK,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;IACrB,IAAI,KAAK,IAAI,WAAW,EAAE,CAAC;QACzB,iHAAiH;QACjH,MAAM,GAAG,GAAG,iBAAiB,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAC;QAC9D,MAAM,GAAG,GAAG,iBAAiB,CAAC,WAAW,EAAE,iBAAiB,CAAC,CAAC;QAC9D,MAAM,GAAG,GAAG,iBAAiB,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QAC/D,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;QAC/B,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QAChB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACjB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACjB,OAAO,UAAU,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;IAC7C,CAAC;IACD,UAAU;IACV,MAAM,GAAG,GAAG,iBAAiB,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAC;IAC9D,OAAO,UAAU,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,SAAS,CAAC,IAAgB,EAAE,GAAW,EAAE,QAAgB;IAChE,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,QAAQ;YAAE,OAAO,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,qBAAqB,CAC5B,QAAiC,EACjC,YAAwB;IAExB,MAAM,MAAM,GAAG,QAAQ,CAAC,gBAAgB,CAAC;IACzC,MAAM,KAAK,GAAG,QAAQ,CAAC,UAAU,CAAC;IAClC,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC;IAC5B,MAAM,SAAS,GAAG,QAAQ,CAAC,iBAAiB,CAAC;IAC7C,IACE,OAAO,MAAM,KAAK,QAAQ;QAC1B,OAAO,KAAK,KAAK,QAAQ;QACzB,OAAO,MAAM,KAAK,QAAQ;QAC1B,OAAO,SAAS,KAAK,QAAQ,EAC7B,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;IAC1D,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IACxC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IAClD,MAAM,SAAS,GAAG,IAAI,UAAU,CAC9B,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,WAAW,CAAC,CAAC,CAC7D,CAAC;IACF,OAAO,cAAc,CAAC,YAAY,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC;AACtD,CAAC"}

package/dist/v2/e2ee/encrypt-group.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+/**
+ * AUN E2EE V2: Group 加密引擎
+ *
+ * 构造完整的 `e2ee.group_encrypted` envelope。纯计算，无 IO。
+ *
+ * 与 Python `aun_core.v2.e2ee.encrypt_group.encrypt_group_message` 对齐。
+ *
+ * 与 P2P 同构，AAD 多 group_id / epoch / state_commitment；envelope 顶层多
+ * group_id / epoch，无 to / t_supplement。
+ */
+import { Sender, Target, EncryptOptions, StateCommitmentAAD } from './types.js';
+/**
+ * 构造完整的 V2 Group 加密 envelope。
+ *
+ * @param stateCommitment 可选；缺省时写入占位（state_version=0）以兼容未启用 state 的群。
+ */
+export declare function encryptGroupMessage(sender: Sender, groupId: string, epoch: number, targets: Target[], payload: Record<string, unknown>, opts?: EncryptOptions, stateCommitment?: StateCommitmentAAD | null): Record<string, unknown>;

package/dist/v2/e2ee/encrypt-group.js ADDED Viewed

@@ -0,0 +1,143 @@
+/**
+ * AUN E2EE V2: Group 加密引擎
+ *
+ * 构造完整的 `e2ee.group_encrypted` envelope。纯计算，无 IO。
+ *
+ * 与 Python `aun_core.v2.e2ee.encrypt_group.encrypt_group_message` 对齐。
+ *
+ * 与 P2P 同构，AAD 多 group_id / epoch / state_commitment；envelope 顶层多
+ * group_id / epoch，无 to / t_supplement。
+ */
+import { createHash, randomUUID, randomBytes } from 'node:crypto';
+import { canonicalJson } from '../crypto/canonical.js';
+import { ecdsaSignRaw } from '../crypto/ecdsa.js';
+import { aesGcmEncrypt } from '../crypto/aead.js';
+import { generateP256Keypair } from '../crypto/ecdh.js';
+import { compute3DHWrap, compute1DHWrap } from '../crypto/dh-path.js';
+import { sortRecipients, computeRecipientsDigest } from '../crypto/recipients.js';
+import { SUITE_NAME, } from './types.js';
+import { withMetadataAuth, PROTECTED_HEADERS_DOMAIN, PROTECTED_CONTEXT_DOMAIN } from './metadata-auth.js';
+import { normalizeProtectedHeaders } from './encrypt-p2p.js';
+const TEXT = new TextEncoder();
+/**
+ * 构造完整的 V2 Group 加密 envelope。
+ *
+ * @param stateCommitment 可选；缺省时写入占位（state_version=0）以兼容未启用 state 的群。
+ */
+export function encryptGroupMessage(sender, groupId, epoch, targets, payload, opts = {}, stateCommitment) {
+    const masterKey = new Uint8Array(randomBytes(32));
+    const msgNonce = new Uint8Array(randomBytes(12));
+    const messageId = opts.messageId ?? `m-${randomUUID().replace(/-/g, '')}`;
+    const timestamp = opts.timestamp ?? Date.now();
+    // wrap_protocol_str
+    const protocolSet = new Set();
+    for (const t of targets) {
+        const has3DH = !!t.spkPkDer &&
+            (t.keySource === 'peer_device_prekey' || t.keySource === 'group_device_prekey');
+        protocolSet.add(has3DH ? '3DH' : '1DH');
+    }
+    const wrapProtocolStr = protocolSet.size === 0 ? '1DH' : [...protocolSet].sort().join('+');
+    // state_commitment（缺省占位）
+    const sc = stateCommitment ?? {};
+    const stateCommitmentAAD = {
+        state_version: Number(sc.state_version ?? 0) || 0,
+        state_hash: String(sc.state_hash ?? ''),
+        state_chain: String(sc.state_chain ?? ''),
+    };
+    const aad = {
+        from: sender.aid,
+        from_device: sender.deviceId,
+        group_id: groupId,
+        epoch,
+        message_id: messageId,
+        timestamp,
+        suite: SUITE_NAME,
+        wrap_protocol: wrapProtocolStr,
+        state_commitment: stateCommitmentAAD,
+    };
+    const plaintextBytes = canonicalJson(payload);
+    const aadBytes = canonicalJson(aad);
+    const { ciphertext, tag } = aesGcmEncrypt(masterKey, msgNonce, plaintextBytes, aadBytes);
+    const [senderSessionPriv, senderSessionPubDer] = generateP256Keypair();
+    // wrap_salt = SHA256(canonical_aad || sender_session_pk_der || suite)[:16]
+    const wrapSalt = computeWrapSalt(aadBytes, senderSessionPubDer);
+    const recipientsRows = [];
+    for (const target of targets) {
+        recipientsRows.push(wrapForRecipient(target, masterKey, senderSessionPriv, sender.ikPriv, wrapSalt));
+    }
+    const sortedRows = sortRecipients(recipientsRows);
+    const digestHex = computeRecipientsDigest(sortedRows);
+    const digestBytes = Buffer.from(digestHex, 'hex');
+    const signInput = Buffer.concat([
+        Buffer.from(ciphertext),
+        Buffer.from(tag),
+        Buffer.from(aadBytes),
+        digestBytes,
+    ]);
+    const senderSig = ecdsaSignRaw(sender.ikPriv, new Uint8Array(signInput));
+    const certFpHash = createHash('sha256').update(Buffer.from(sender.ikPubDer)).digest('hex');
+    const certFp = `sha256:${certFpHash.substring(0, 16)}`;
+    const envelope = {
+        type: 'e2ee.group_encrypted',
+        version: 'v2',
+        suite: SUITE_NAME,
+        msg_type: 'original',
+        group_id: groupId,
+        epoch,
+        t_send: timestamp,
+        t_server: null,
+        nonce: Buffer.from(msgNonce).toString('base64'),
+        ciphertext: Buffer.from(ciphertext).toString('base64'),
+        tag: Buffer.from(tag).toString('base64'),
+        sender_signature: Buffer.from(senderSig).toString('base64'),
+        sender_cert_fingerprint: certFp,
+        sender_session_pk: Buffer.from(senderSessionPubDer).toString('base64'),
+        recipients_digest: digestHex,
+        recipients: sortedRows,
+        aad,
+    };
+    // protected_headers / context：HMAC 签名，不进 AAD。
+    // payload_type 自动注入 + value 转 string（与 Python _normalize_headers 对齐）
+    const normalizedHeaders = normalizeProtectedHeaders(opts.protectedHeaders, payload);
+    if (Object.keys(normalizedHeaders).length > 0) {
+        envelope.protected_headers = withMetadataAuth(normalizedHeaders, masterKey, PROTECTED_HEADERS_DOMAIN);
+    }
+    if (opts.context && typeof opts.context === 'object' && !Array.isArray(opts.context) && Object.keys(opts.context).length > 0) {
+        envelope.context = withMetadataAuth(opts.context, masterKey, PROTECTED_CONTEXT_DOMAIN);
+    }
+    return envelope;
+}
+function computeWrapSalt(aadBytes, senderSessionPubDer) {
+    const suiteBytes = TEXT.encode(SUITE_NAME);
+    const h = createHash('sha256');
+    h.update(Buffer.from(aadBytes));
+    h.update(Buffer.from(senderSessionPubDer));
+    h.update(Buffer.from(suiteBytes));
+    return new Uint8Array(h.digest()).subarray(0, 16);
+}
+function wrapForRecipient(target, masterKey, senderSessionPriv, senderMasterPriv, wrapSalt) {
+    const fpHash = createHash('sha256').update(Buffer.from(target.ikPkDer)).digest('hex');
+    const fp = `sha256:${fpHash.substring(0, 16)}`;
+    const wrapNonce = new Uint8Array(randomBytes(12));
+    let wrapKey;
+    if (target.spkPkDer &&
+        (target.keySource === 'peer_device_prekey' || target.keySource === 'group_device_prekey')) {
+        wrapKey = compute3DHWrap(senderSessionPriv, senderMasterPriv, target.ikPkDer, target.spkPkDer, wrapSalt);
+    }
+    else {
+        wrapKey = compute1DHWrap(senderSessionPriv, target.ikPkDer, wrapSalt);
+    }
+    const { ciphertext: wrappedCt, tag: wrappedTag } = aesGcmEncrypt(wrapKey, wrapNonce, masterKey, new Uint8Array(0));
+    const wrappedKey = Buffer.concat([Buffer.from(wrappedCt), Buffer.from(wrappedTag)]);
+    return [
+        target.aid,
+        target.deviceId,
+        target.role,
+        target.keySource,
+        fp,
+        target.spkId ?? '',
+        Buffer.from(wrapNonce).toString('base64'),
+        wrappedKey.toString('base64'),
+    ];
+}
+//# sourceMappingURL=encrypt-group.js.map

package/dist/v2/e2ee/encrypt-group.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"encrypt-group.js","sourceRoot":"","sources":["../../../src/v2/e2ee/encrypt-group.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtE,OAAO,EAAE,cAAc,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAKL,UAAU,GACX,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,gBAAgB,EAAE,wBAAwB,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAC1G,OAAO,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAE7D,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC;AAE/B;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CACjC,MAAc,EACd,OAAe,EACf,KAAa,EACb,OAAiB,EACjB,OAAgC,EAChC,OAAuB,EAAE,EACzB,eAA2C;IAE3C,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IAClD,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IAEjD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,KAAK,UAAU,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,CAAC;IAC1E,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;IAE/C,oBAAoB;IACpB,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IACtC,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,MAAM,GACV,CAAC,CAAC,CAAC,CAAC,QAAQ;YACZ,CAAC,CAAC,CAAC,SAAS,KAAK,oBAAoB,IAAI,CAAC,CAAC,SAAS,KAAK,qBAAqB,CAAC,CAAC;QAClF,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAC1C,CAAC;IACD,MAAM,eAAe,GACnB,WAAW,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAErE,yBAAyB;IACzB,MAAM,EAAE,GAAG,eAAe,IAAI,EAAE,CAAC;IACjC,MAAM,kBAAkB,GAAG;QACzB,aAAa,EAAE,MAAM,CAAE,EAAiC,CAAC,aAAa,IAAI,CAAC,CAAC,IAAI,CAAC;QACjF,UAAU,EAAE,MAAM,CAAE,EAA8B,CAAC,UAAU,IAAI,EAAE,CAAC;QACpE,WAAW,EAAE,MAAM,CAAE,EAA+B,CAAC,WAAW,IAAI,EAAE,CAAC;KACxE,CAAC;IAEF,MAAM,GAAG,GAA4B;QACnC,IAAI,EAAE,MAAM,CAAC,GAAG;QAChB,WAAW,EAAE,MAAM,CAAC,QAAQ;QAC5B,QAAQ,EAAE,OAAO;QACjB,KAAK;QACL,UAAU,EAAE,SAAS;QACrB,SAAS;QACT,KAAK,EAAE,UAAU;QACjB,aAAa,EAAE,eAAe;QAC9B,gBAAgB,EAAE,kBAAkB;KACrC,CAAC;IAEF,MAAM,cAAc,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IACpC,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,aAAa,CAAC,SAAS,EAAE,QAAQ,EAAE,cAAc,EAAE,QAAQ,CAAC,CAAC;IAEzF,MAAM,CAAC,iBAAiB,EAAE,mBAAmB,CAAC,GAAG,mBAAmB,EAAE,CAAC;IAEvE,2EAA2E;IAC3E,MAAM,QAAQ,GAAG,eAAe,CAAC,QAAQ,EAAE,mBAAmB,CAAC,CAAC;IAEhE,MAAM,cAAc,GAAe,EAAE,CAAC;IACtC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,cAAc,CAAC,IAAI,CACjB,gBAAgB,CAAC,MAAM,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAChF,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,cAAc,CAAC,cAAc,CAAC,CAAC;IAClD,MAAM,SAAS,GAAG,uBAAuB,CAAC,UAAU,CAAC,CAAC;IAEtD,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IAClD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;QACvB,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;QAChB,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC;QACrB,WAAW;KACZ,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC;IAEzE,MAAM,UAAU,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC3F,MAAM,MAAM,GAAG,UAAU,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;IAEvD,MAAM,QAAQ,GAA4B;QACxC,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,IAAI;QACb,KAAK,EAAE,UAAU;QACjB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,OAAO;QACjB,KAAK;QACL,MAAM,EAAE,SAAS;QACjB,QAAQ,EAAE,IAAI;QACd,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC/C,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACtD,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACxC,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC3D,uBAAuB,EAAE,MAAM;QAC/B,iBAAiB,EAAE,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACtE,iBAAiB,EAAE,SAAS;QAC5B,UAAU,EAAE,UAAU;QACtB,GAAG;KACJ,CAAC;IAEF,8CAA8C;IAC9C,qEAAqE;IACrE,MAAM,iBAAiB,GAAG,yBAAyB,CAAC,IAAI,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;IACpF,IAAI,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,QAAQ,CAAC,iBAAiB,GAAG,gBAAgB,CAAC,iBAAiB,EAAE,SAAS,EAAE,wBAAwB,CAAC,CAAC;IACxG,CAAC;IACD,IAAI,IAAI,CAAC,OAAO,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7H,QAAQ,CAAC,OAAO,GAAG,gBAAgB,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE,wBAAwB,CAAC,CAAC;IACzF,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,eAAe,CAAC,QAAoB,EAAE,mBAA+B;IAC5E,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAC3C,MAAM,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC/B,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;IAChC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC;IAC3C,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;IAClC,OAAO,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACpD,CAAC;AAED,SAAS,gBAAgB,CACvB,MAAc,EACd,SAAqB,EACrB,iBAA6B,EAC7B,gBAA4B,EAC5B,QAAoB;IAEpB,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACtF,MAAM,EAAE,GAAG,UAAU,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;IAE/C,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IAElD,IAAI,OAAmB,CAAC;IACxB,IACE,MAAM,CAAC,QAAQ;QACf,CAAC,MAAM,CAAC,SAAS,KAAK,oBAAoB,IAAI,MAAM,CAAC,SAAS,KAAK,qBAAqB,CAAC,EACzF,CAAC;QACD,OAAO,GAAG,cAAc,CACtB,iBAAiB,EACjB,gBAAgB,EAChB,MAAM,CAAC,OAAO,EACd,MAAM,CAAC,QAAQ,EACf,QAAQ,CACT,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,cAAc,CAAC,iBAAiB,EAAE,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IACxE,CAAC;IAED,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,aAAa,CAC9D,OAAO,EACP,SAAS,EACT,SAAS,EACT,IAAI,UAAU,CAAC,CAAC,CAAC,CAClB,CAAC;IACF,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAEpF,OAAO;QACL,MAAM,CAAC,GAAG;QACV,MAAM,CAAC,QAAQ;QACf,MAAM,CAAC,IAAI;QACX,MAAM,CAAC,SAAS;QAChB,EAAE;QACF,MAAM,CAAC,KAAK,IAAI,EAAE;QAClB,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACzC,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC;KAC9B,CAAC;AACJ,CAAC"}

package/dist/v2/e2ee/encrypt-p2p.d.ts ADDED Viewed

@@ -0,0 +1,31 @@
+/**
+ * AUN E2EE V2: P2P 加密引擎
+ *
+ * 构造完整的 `e2ee.p2p_encrypted` envelope。纯计算，无 IO。
+ *
+ * 与 Python `aun_core.v2.e2ee.encrypt_p2p.encrypt_p2p_message` 对齐。
+ *
+ * 步骤：
+ *  1. 生成 master_key + msg_nonce
+ *  2. 构造 message_id / timestamp
+ *  3. 推导 peer_aid 与 wrap_protocol_str
+ *  4. 构造 AAD 并加密 payload
+ *  5. 生成 sender_session keypair
+ *  6. 计算 wrap_salt
+ *  7. 为每个 target wrap master_key
+ *  8. 排序 recipients + 计算 digest
+ *  9. 计算 sender_signature
+ * 10. 计算 sender_cert_fingerprint
+ * 11. 组装 envelope
+ */
+import { type ProtectedHeadersInput } from '../../protected-headers.js';
+import { Sender, TargetSet, EncryptOptions } from './types.js';
+/**
+ * 构造完整的 V2 P2P 加密 envelope。
+ */
+export declare function encryptP2PMessage(sender: Sender, targetSet: TargetSet, payload: Record<string, unknown>, opts?: EncryptOptions): Record<string, unknown>;
+/**
+ * 规范化 protected_headers：value 转 string + 自动注入 payload_type。
+ * 与 Python `_normalize_headers` 对齐。
+ */
+export declare function normalizeProtectedHeaders(headers: ProtectedHeadersInput, payload: Record<string, unknown>): Record<string, string>;