@bharper/atv-js 0.2.3

package/src/opack.ts

@@ -0,0 +1,299 @@
+/**
+ * OPACK serialization format - Apple's binary encoding (similar to MessagePack).
+ * Direct port of pyatv/support/opack.py.
+ */
+
+/**
+ * Wrapper to force a number to be encoded as float64.
+ * In JavaScript, 1000.0 === 1000, so we can't distinguish floats from integers.
+ * Use opackFloat(1000) to ensure encoding as float64.
+ */
+export class OpackFloat {
+  constructor(public readonly value: number) {}
+}
+
+export function opackFloat(value: number): OpackFloat {
+  return new OpackFloat(value);
+}
+
+export function pack(data: unknown): Buffer {
+  return Buffer.from(_pack(data, []));
+}
+
+function _pack(data: unknown, objectList: Uint8Array[]): Uint8Array {
+  let packed: Uint8Array;
+
+  if (data === null || data === undefined) {
+    packed = new Uint8Array([0x04]);
+  } else if (typeof data === 'boolean') {
+    packed = new Uint8Array([data ? 0x01 : 0x02]);
+  } else if (data instanceof OpackFloat) {
+    // Force float64 encoding
+    const buf = Buffer.alloc(9);
+    buf[0] = 0x36;
+    buf.writeDoubleLE(data.value, 1);
+    packed = buf;
+  } else if (typeof data === 'number') {
+    if (Number.isInteger(data)) {
+      packed = packInteger(data);
+    } else {
+      // float64
+      const buf = Buffer.alloc(9);
+      buf[0] = 0x36;
+      buf.writeDoubleLE(data, 1);
+      packed = buf;
+    }
+  } else if (typeof data === 'string') {
+    packed = packString(data);
+  } else if (Buffer.isBuffer(data) || data instanceof Uint8Array) {
+    packed = packBytes(data instanceof Uint8Array ? Buffer.from(data) : data);
+  } else if (Array.isArray(data)) {
+    const parts: Uint8Array[] = [new Uint8Array([0xd0 + Math.min(data.length, 0xf)])];
+    for (const item of data) {
+      parts.push(_pack(item, objectList));
+    }
+    if (data.length >= 0xf) {
+      parts.push(new Uint8Array([0x03]));
+    }
+    packed = concatBytes(parts);
+  } else if (typeof data === 'object') {
+    const entries = Object.entries(data as Record<string, unknown>);
+    const parts: Uint8Array[] = [new Uint8Array([0xe0 + Math.min(entries.length, 0xf)])];
+    for (const [key, value] of entries) {
+      parts.push(_pack(key, objectList));
+      parts.push(_pack(value, objectList));
+    }
+    if (entries.length >= 0xf) {
+      parts.push(new Uint8Array([0x03]));
+    }
+    packed = concatBytes(parts);
+  } else {
+    throw new TypeError(`Unsupported type: ${typeof data}`);
+  }
+
+  // Object deduplication
+  const idx = findInObjectList(objectList, packed);
+  if (idx >= 0) {
+    if (idx < 0x21) {
+      packed = new Uint8Array([0xa0 + idx]);
+    } else if (idx <= 0xff) {
+      packed = new Uint8Array([0xc1, idx]);
+    } else if (idx <= 0xffff) {
+      const buf = Buffer.alloc(3);
+      buf[0] = 0xc2;
+      buf.writeUInt16LE(idx, 1);
+      packed = buf;
+    }
+  } else if (packed.length > 1) {
+    objectList.push(packed);
+  }
+
+  return packed;
+}
+
+function packInteger(data: number): Uint8Array {
+  if (data >= 0 && data < 0x28) {
+    return new Uint8Array([data + 8]);
+  } else if (data >= 0 && data <= 0xff) {
+    return new Uint8Array([0x30, data]);
+  } else if (data >= 0 && data <= 0xffff) {
+    const buf = Buffer.alloc(3);
+    buf[0] = 0x31;
+    buf.writeUInt16LE(data, 1);
+    return buf;
+  } else if (data >= 0 && data <= 0xffffffff) {
+    const buf = Buffer.alloc(5);
+    buf[0] = 0x32;
+    buf.writeUInt32LE(data, 1);
+    return buf;
+  } else {
+    const buf = Buffer.alloc(9);
+    buf[0] = 0x33;
+    buf.writeBigUInt64LE(BigInt(data), 1);
+    return buf;
+  }
+}
+
+function packString(data: string): Uint8Array {
+  const encoded = Buffer.from(data, 'utf-8');
+  if (encoded.length <= 0x20) {
+    return Buffer.concat([Buffer.from([0x40 + encoded.length]), encoded]);
+  } else if (encoded.length <= 0xff) {
+    return Buffer.concat([Buffer.from([0x61, encoded.length]), encoded]);
+  } else if (encoded.length <= 0xffff) {
+    const hdr = Buffer.alloc(3);
+    hdr[0] = 0x62;
+    hdr.writeUInt16LE(encoded.length, 1);
+    return Buffer.concat([hdr, encoded]);
+  } else if (encoded.length <= 0xffffff) {
+    const hdr = Buffer.alloc(4);
+    hdr[0] = 0x63;
+    hdr.writeUIntLE(encoded.length, 1, 3);
+    return Buffer.concat([hdr, encoded]);
+  } else {
+    const hdr = Buffer.alloc(5);
+    hdr[0] = 0x64;
+    hdr.writeUInt32LE(encoded.length, 1);
+    return Buffer.concat([hdr, encoded]);
+  }
+}
+
+function packBytes(data: Buffer): Uint8Array {
+  if (data.length <= 0x20) {
+    return Buffer.concat([Buffer.from([0x70 + data.length]), data]);
+  } else if (data.length <= 0xff) {
+    return Buffer.concat([Buffer.from([0x91, data.length]), data]);
+  } else if (data.length <= 0xffff) {
+    const hdr = Buffer.alloc(3);
+    hdr[0] = 0x92;
+    hdr.writeUInt16LE(data.length, 1);
+    return Buffer.concat([hdr, data]);
+  } else if (data.length <= 0xffffffff) {
+    const hdr = Buffer.alloc(5);
+    hdr[0] = 0x93;
+    hdr.writeUInt32LE(data.length, 1);
+    return Buffer.concat([hdr, data]);
+  } else {
+    const hdr = Buffer.alloc(9);
+    hdr[0] = 0x94;
+    hdr.writeBigUInt64LE(BigInt(data.length), 1);
+    return Buffer.concat([hdr, data]);
+  }
+}
+
+function concatBytes(parts: Uint8Array[]): Uint8Array {
+  return Buffer.concat(parts.map(p => Buffer.from(p)));
+}
+
+function findInObjectList(list: Uint8Array[], item: Uint8Array): number {
+  for (let i = 0; i < list.length; i++) {
+    if (Buffer.from(list[i]).equals(Buffer.from(item))) return i;
+  }
+  return -1;
+}
+
+export interface UnpackResult {
+  value: unknown;
+  remaining: Buffer;
+}
+
+export function unpack(data: Buffer): UnpackResult {
+  const [value, remaining] = _unpack(data, []);
+  return { value, remaining: Buffer.from(remaining) };
+}
+
+function _unpack(data: Buffer, objectList: unknown[]): [unknown, Buffer] {
+  const byte0 = data[0];
+  let value: unknown;
+  let remaining: Buffer;
+  let addToObjectList = true;
+
+  if (byte0 === 0x01) {
+    value = true; remaining = data.subarray(1); addToObjectList = false;
+  } else if (byte0 === 0x02) {
+    value = false; remaining = data.subarray(1); addToObjectList = false;
+  } else if (byte0 === 0x04) {
+    value = null; remaining = data.subarray(1); addToObjectList = false;
+  } else if (byte0 === 0x05) {
+    // UUID - 16 bytes
+    value = data.subarray(1, 17);
+    remaining = data.subarray(17);
+  } else if (byte0 === 0x06) {
+    // Absolute time as integer
+    value = Number(data.readBigUInt64LE(1));
+    remaining = data.subarray(9);
+  } else if (byte0 >= 0x08 && byte0 <= 0x2f) {
+    value = byte0 - 8; remaining = data.subarray(1); addToObjectList = false;
+  } else if (byte0 === 0x35) {
+    value = data.readFloatLE(1); remaining = data.subarray(5);
+  } else if (byte0 === 0x36) {
+    value = data.readDoubleLE(1); remaining = data.subarray(9);
+  } else if ((byte0 & 0xf0) === 0x30) {
+    const numBytes = 1 << (byte0 & 0xf);
+    value = readUIntLE(data, 1, numBytes);
+    remaining = data.subarray(1 + numBytes);
+  } else if (byte0 >= 0x40 && byte0 <= 0x60) {
+    const length = byte0 - 0x40;
+    value = data.subarray(1, 1 + length).toString('utf-8');
+    remaining = data.subarray(1 + length);
+  } else if (byte0 > 0x60 && byte0 <= 0x64) {
+    const numBytes = byte0 & 0xf;
+    const length = readUIntLE(data, 1, numBytes);
+    value = data.subarray(1 + numBytes, 1 + numBytes + length).toString('utf-8');
+    remaining = data.subarray(1 + numBytes + length);
+  } else if (byte0 >= 0x70 && byte0 <= 0x90) {
+    const length = byte0 - 0x70;
+    value = Buffer.from(data.subarray(1, 1 + length));
+    remaining = data.subarray(1 + length);
+  } else if (byte0 >= 0x91 && byte0 <= 0x94) {
+    const numBytes = 1 << ((byte0 & 0xf) - 1);
+    const length = readUIntLE(data, 1, numBytes);
+    value = Buffer.from(data.subarray(1 + numBytes, 1 + numBytes + length));
+    remaining = data.subarray(1 + numBytes + length);
+  } else if ((byte0 & 0xf0) === 0xd0) {
+    const count = byte0 & 0xf;
+    const output: unknown[] = [];
+    let ptr = data.subarray(1);
+    if (count === 0xf) {
+      while (ptr[0] !== 0x03) {
+        const [v, rest] = _unpack(Buffer.from(ptr), objectList);
+        output.push(v);
+        ptr = rest;
+      }
+      ptr = ptr.subarray(1);
+    } else {
+      for (let i = 0; i < count; i++) {
+        const [v, rest] = _unpack(Buffer.from(ptr), objectList);
+        output.push(v);
+        ptr = rest;
+      }
+    }
+    value = output; remaining = Buffer.from(ptr); addToObjectList = false;
+  } else if ((byte0 & 0xe0) === 0xe0) {
+    const count = byte0 & 0xf;
+    const output: Record<string, unknown> = {};
+    let ptr = data.subarray(1);
+    if (count === 0xf) {
+      while (ptr[0] !== 0x03) {
+        const [k, rest1] = _unpack(Buffer.from(ptr), objectList);
+        const [v, rest2] = _unpack(Buffer.from(rest1), objectList);
+        output[String(k)] = v;
+        ptr = rest2;
+      }
+      ptr = ptr.subarray(1);
+    } else {
+      for (let i = 0; i < count; i++) {
+        const [k, rest1] = _unpack(Buffer.from(ptr), objectList);
+        const [v, rest2] = _unpack(Buffer.from(rest1), objectList);
+        output[String(k)] = v;
+        ptr = rest2;
+      }
+    }
+    value = output; remaining = Buffer.from(ptr); addToObjectList = false;
+  } else if (byte0 >= 0xa0 && byte0 <= 0xc0) {
+    value = objectList[byte0 - 0xa0]; remaining = data.subarray(1);
+    addToObjectList = false;
+  } else if (byte0 >= 0xc1 && byte0 <= 0xc4) {
+    const length = byte0 - 0xc0;
+    const uid = readUIntLE(data, 1, length);
+    value = objectList[uid];
+    remaining = data.subarray(1 + length);
+    addToObjectList = false;
+  } else {
+    throw new TypeError(`Unknown OPACK type: 0x${byte0.toString(16)}`);
+  }
+
+  if (addToObjectList && !objectList.includes(value)) {
+    objectList.push(value);
+  }
+
+  return [value, remaining];
+}
+
+function readUIntLE(buf: Buffer, offset: number, numBytes: number): number {
+  if (numBytes === 1) return buf[offset];
+  if (numBytes === 2) return buf.readUInt16LE(offset);
+  if (numBytes === 4) return buf.readUInt32LE(offset);
+  if (numBytes === 8) return Number(buf.readBigUInt64LE(offset));
+  throw new Error(`Unsupported integer size: ${numBytes}`);
+}

package/src/pairing/credentials.ts

@@ -0,0 +1,44 @@
+/**
+ * HAP credentials storage and parsing.
+ * Port of pyatv/auth/hap_pairing.py HapCredentials + parse_credentials().
+ *
+ * Format: "LTPK:LTSK:ATV_ID:CLIENT_ID" (all hex-encoded)
+ */
+
+export interface HapCredentials {
+  /** Apple TV's Ed25519 public key */
+  ltpk: Buffer;
+  /** Client's Ed25519 private key */
+  ltsk: Buffer;
+  /** Device identifier */
+  atvId: Buffer;
+  /** Client identifier (UUID) */
+  clientId: Buffer;
+}
+
+export interface Credentials {
+  airplay: string;
+  companion: string;
+}
+
+export function serializeCredentials(creds: HapCredentials): string {
+  return [
+    creds.ltpk.toString('hex'),
+    creds.ltsk.toString('hex'),
+    creds.atvId.toString('hex'),
+    creds.clientId.toString('hex'),
+  ].join(':');
+}
+
+export function parseCredentials(credString: string): HapCredentials {
+  const parts = credString.split(':');
+  if (parts.length === 4) {
+    return {
+      ltpk: Buffer.from(parts[0], 'hex'),
+      ltsk: Buffer.from(parts[1], 'hex'),
+      atvId: Buffer.from(parts[2], 'hex'),
+      clientId: Buffer.from(parts[3], 'hex'),
+    };
+  }
+  throw new Error(`Invalid credentials format: expected 4 hex parts separated by ':'`);
+}

package/src/pairing/srp.ts

@@ -0,0 +1,234 @@
+/**
+ * SRP authentication handler for HAP pair-setup and pair-verify.
+ * Port of pyatv/auth/hap_srp.py SRPAuthHandler.
+ *
+ * Uses fast-srp-hap for SRP 3072-bit with SHA-512,
+ * and Node.js crypto for Ed25519 and X25519.
+ */
+
+import * as crypto from 'crypto';
+import { SRP, SrpClient } from 'fast-srp-hap';
+import { Chacha20Cipher8byteNonce } from '../crypto/chacha20';
+import { hkdfExpand } from '../crypto/hkdf';
+import { HapCredentials } from './credentials';
+import { TlvValue, readTlv, writeTlv } from './tlv';
+import { pack as opackPack } from '../opack';
+
+// Ed25519 DER prefixes for raw key import/export
+const ED25519_SPKI_PREFIX = Buffer.from('302a300506032b6570032100', 'hex');
+const ED25519_PKCS8_PREFIX = Buffer.from('302e020100300506032b657004220420', 'hex');
+const X25519_SPKI_PREFIX = Buffer.from('302a300506032b656e032100', 'hex');
+const X25519_PKCS8_PREFIX = Buffer.from('302e020100300506032b656e04220420', 'hex');
+
+export class SRPAuthHandler {
+  pairingId: Buffer;
+  private signingKey: crypto.KeyObject | null = null;
+  private authPrivate: Buffer | null = null;
+  private authPublic: Buffer | null = null;
+  private verifyPrivate: crypto.KeyObject | null = null;
+  private verifyPublic: Buffer | null = null;
+  private srpClient: SrpClient | null = null;
+  private shared: Buffer | null = null;
+  private sessionKey: Buffer | null = null;
+  private pin: string = '';
+  private clientSecret: Buffer | null = null;
+
+  constructor() {
+    this.pairingId = Buffer.from(crypto.randomUUID(), 'utf-8');
+  }
+
+  /**
+   * Initialize by generating new Ed25519 signing keys and X25519 verify keys.
+   * Returns [authPublic, verifyPublic].
+   */
+  initialize(): [Buffer, Buffer] {
+    // Generate raw 32-byte seeds first, like pyatv does
+    // pyatv: self._signing_key = Ed25519PrivateKey.from_private_bytes(os.urandom(32))
+    const authSeed = crypto.randomBytes(32);
+    const verifySeed = crypto.randomBytes(32);
+
+    // Create Ed25519 signing key from seed
+    // pyatv exports with Encoding.Raw, Format.Raw which gives the 32-byte seed
+    this.signingKey = crypto.createPrivateKey({
+      key: Buffer.concat([ED25519_PKCS8_PREFIX, authSeed]),
+      format: 'der',
+      type: 'pkcs8',
+    });
+    this.authPrivate = authSeed;
+    this.authPublic = crypto.createPublicKey(this.signingKey)
+      .export({ type: 'spki', format: 'der' }).subarray(-32);
+
+    // X25519 verify key
+    this.verifyPrivate = crypto.createPrivateKey({
+      key: Buffer.concat([X25519_PKCS8_PREFIX, verifySeed]),
+      format: 'der',
+      type: 'pkcs8',
+    });
+    this.verifyPublic = crypto.createPublicKey(this.verifyPrivate)
+      .export({ type: 'spki', format: 'der' }).subarray(-32);
+
+    // Use the raw seed as SRP client secret (matches pyatv behavior)
+    // pyatv uses binascii.hexlify(self._auth_private) as the SRP exponent 'a'
+    this.clientSecret = this.authPrivate;
+
+    return [this.authPublic, this.verifyPublic];
+  }
+
+  // ---- Pair-Verify ----
+
+  /**
+   * Pair-Verify step 1: X25519 shared secret + decrypt server identity + sign our identity.
+   */
+  verify1(credentials: HapCredentials, sessionPubKey: Buffer, encrypted: Buffer): Buffer {
+    const serverKey = crypto.createPublicKey({
+      key: Buffer.concat([X25519_SPKI_PREFIX, sessionPubKey]),
+      format: 'der',
+      type: 'spki',
+    });
+    this.shared = crypto.diffieHellman({
+      privateKey: this.verifyPrivate!,
+      publicKey: serverKey,
+    });
+
+    const verifyKey = hkdfExpand('Pair-Verify-Encrypt-Salt', 'Pair-Verify-Encrypt-Info', this.shared);
+
+    const chacha = new Chacha20Cipher8byteNonce(verifyKey, verifyKey);
+    const decryptedBytes = chacha.decrypt(encrypted, Buffer.from('PV-Msg02', 'utf-8'));
+    const decryptedTlv = readTlv(decryptedBytes);
+
+    const identifier = decryptedTlv.get(TlvValue.Identifier)!;
+    const signature = decryptedTlv.get(TlvValue.Signature)!;
+
+    if (!identifier.equals(credentials.atvId)) {
+      throw new Error('Incorrect device response: identifier mismatch');
+    }
+
+    // Verify server Ed25519 signature
+    const info = Buffer.concat([sessionPubKey, identifier, this.verifyPublic!]);
+    const ltpk = crypto.createPublicKey({
+      key: Buffer.concat([ED25519_SPKI_PREFIX, credentials.ltpk]),
+      format: 'der',
+      type: 'spki',
+    });
+    if (!crypto.verify(null, info, ltpk, signature)) {
+      throw new Error('Signature verification failed');
+    }
+
+    // Sign our identity
+    const deviceInfo = Buffer.concat([this.verifyPublic!, credentials.clientId, sessionPubKey]);
+    const ltsk = crypto.createPrivateKey({
+      key: Buffer.concat([ED25519_PKCS8_PREFIX, credentials.ltsk]),
+      format: 'der',
+      type: 'pkcs8',
+    });
+    const deviceSignature = crypto.sign(null, deviceInfo, ltsk);
+
+    const tlv = writeTlv(new Map([
+      [TlvValue.Identifier, credentials.clientId],
+      [TlvValue.Signature, deviceSignature],
+    ]));
+
+    return chacha.encrypt(tlv, Buffer.from('PV-Msg03', 'utf-8'));
+  }
+
+  /**
+   * Pair-Verify step 2: derive final encryption keys.
+   */
+  verify2(salt: string, outputInfo: string, inputInfo: string): [Buffer, Buffer] {
+    if (!this.shared) throw new Error('Must call verify1 first');
+    const outputKey = hkdfExpand(salt, outputInfo, this.shared);
+    const inputKey = hkdfExpand(salt, inputInfo, this.shared);
+    return [outputKey, inputKey];
+  }
+
+  // ---- Pair-Setup ----
+
+  /**
+   * Pair-Setup step 1: store PIN for later use with salt.
+   */
+  step1(pin: string): void {
+    this.pin = pin;
+  }
+
+  /**
+   * Pair-Setup step 2: process server's public key and salt, compute SRP proof.
+   * Returns [clientPublicKey, clientProof].
+   */
+  step2(atvPubKey: Buffer, atvSalt: Buffer): [Buffer, Buffer] {
+    // HAP uses 3072-bit SRP with SHA-512 - use the 'hap' preset
+    const params = SRP.params.hap;
+
+    this.srpClient = new SrpClient(
+      params,
+      atvSalt,
+      Buffer.from('Pair-Setup', 'utf-8'),
+      Buffer.from(this.pin, 'utf-8'),
+      this.clientSecret!,
+    );
+    this.srpClient.setB(atvPubKey);
+
+    const pubKey = this.srpClient.computeA();
+    const proof = this.srpClient.computeM1();
+
+    return [pubKey, proof];
+  }
+
+  /**
+   * Pair-Setup step 3: sign identity and encrypt with session key.
+   * Returns encrypted data to send as SeqNo 0x05.
+   */
+  step3(name?: string): Buffer {
+    const srpKey = this.srpClient!.computeK();
+
+    const iosDeviceX = hkdfExpand(
+      'Pair-Setup-Controller-Sign-Salt',
+      'Pair-Setup-Controller-Sign-Info',
+      srpKey,
+    );
+
+    this.sessionKey = hkdfExpand(
+      'Pair-Setup-Encrypt-Salt',
+      'Pair-Setup-Encrypt-Info',
+      srpKey,
+    );
+
+    const deviceInfo = Buffer.concat([iosDeviceX, this.pairingId, this.authPublic!]);
+    const deviceSignature = crypto.sign(null, deviceInfo, this.signingKey!);
+
+    const tlvData = new Map<number, Buffer>([
+      [TlvValue.Identifier, this.pairingId],
+      [TlvValue.PublicKey, this.authPublic!],
+      [TlvValue.Signature, deviceSignature],
+    ]);
+
+    if (name) {
+      tlvData.set(TlvValue.Name, opackPack({ name }));
+    }
+
+    const chacha = new Chacha20Cipher8byteNonce(this.sessionKey, this.sessionKey);
+    return chacha.encrypt(writeTlv(tlvData), Buffer.from('PS-Msg05', 'utf-8'));
+  }
+
+  /**
+   * Pair-Setup step 4: decrypt device response and extract credentials.
+   */
+  step4(encryptedData: Buffer): HapCredentials {
+    const chacha = new Chacha20Cipher8byteNonce(this.sessionKey!, this.sessionKey!);
+    const decrypted = chacha.decrypt(encryptedData, Buffer.from('PS-Msg06', 'utf-8'));
+
+    if (!decrypted || decrypted.length === 0) {
+      throw new Error('Failed to decrypt pairing response');
+    }
+
+    const tlv = readTlv(decrypted);
+    const atvIdentifier = tlv.get(TlvValue.Identifier)!;
+    const atvPubKey = tlv.get(TlvValue.PublicKey)!;
+
+    return {
+      ltpk: atvPubKey,
+      ltsk: this.authPrivate!,
+      atvId: atvIdentifier,
+      clientId: this.pairingId,
+    };
+  }
+}

package/src/pairing/tlv.ts

@@ -0,0 +1,64 @@
+/**
+ * TLV8 encoding/decoding for HAP (HomeKit Accessory Protocol).
+ * Direct port of pyatv/auth/hap_tlv8.py.
+ */
+
+export enum TlvValue {
+  Method = 0x00,
+  Identifier = 0x01,
+  Salt = 0x02,
+  PublicKey = 0x03,
+  Proof = 0x04,
+  EncryptedData = 0x05,
+  SeqNo = 0x06,
+  Error = 0x07,
+  BackOff = 0x08,
+  Certificate = 0x09,
+  Signature = 0x0a,
+  Permissions = 0x0b,
+  FragmentData = 0x0c,
+  FragmentLast = 0x0d,
+  Name = 0x11,
+  Flags = 0x13,
+}
+
+export type TlvData = Map<number, Buffer>;
+
+export function readTlv(data: Buffer): TlvData {
+  const result = new Map<number, Buffer>();
+  let pos = 0;
+  while (pos < data.length) {
+    const tag = data[pos];
+    const length = data[pos + 1];
+    const value = data.subarray(pos + 2, pos + 2 + length);
+    if (result.has(tag)) {
+      result.set(tag, Buffer.concat([result.get(tag)!, value]));
+    } else {
+      result.set(tag, Buffer.from(value));
+    }
+    pos += 2 + length;
+  }
+  return result;
+}
+
+export function writeTlv(data: Map<number, Buffer> | Record<number, Buffer>): Buffer {
+  const entries = data instanceof Map ? Array.from(data.entries()) : Object.entries(data).map(([k, v]) => [Number(k), v] as [number, Buffer]);
+  const parts: Buffer[] = [];
+  for (const [key, value] of entries) {
+    const tag = Buffer.from([key]);
+    let pos = 0;
+    let remaining = value.length;
+    while (pos < value.length || remaining === 0) {
+      const size = Math.min(remaining, 255);
+      parts.push(tag);
+      parts.push(Buffer.from([size]));
+      if (size > 0) {
+        parts.push(value.subarray(pos, pos + size));
+      }
+      pos += size;
+      remaining -= size;
+      if (remaining === 0 && pos >= value.length) break;
+    }
+  }
+  return Buffer.concat(parts);
+}

package/tsconfig.json

@@ -0,0 +1,19 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "commonjs",
+    "lib": ["ES2022"],
+    "outDir": "./dist",
+    "rootDir": "./src",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "resolveJsonModule": true,
+    "declaration": true,
+    "declarationMap": true,
+    "sourceMap": true
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist"]
+}