@brashkie/signalis-core 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +110 -0
- package/MIGRATION.md +256 -0
- package/NOTICE +107 -9
- package/README.es.md +214 -19
- package/README.md +227 -22
- package/SECURITY.md +191 -0
- package/dist/index.cjs +214 -3
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.mts +183 -3
- package/dist/index.d.ts +183 -3
- package/dist/index.mjs +202 -3
- package/dist/index.mjs.map +1 -1
- package/index.d.ts +16 -0
- package/index.js +13 -1
- package/package.json +36 -24
package/CHANGELOG.md
ADDED
|
@@ -0,0 +1,110 @@
|
|
|
1
|
+
# Changelog
|
|
2
|
+
|
|
3
|
+
All notable changes to `@brashkie/signalis-core` are documented here.
|
|
4
|
+
|
|
5
|
+
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
6
|
+
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
|
+
|
|
8
|
+
## [0.2.0] — 2026-05-22
|
|
9
|
+
|
|
10
|
+
### ✨ Added
|
|
11
|
+
|
|
12
|
+
- **Ed25519 signatures** (RFC 8032) — new `Ed25519` namespace
|
|
13
|
+
- `Ed25519.generateKeyPair()`
|
|
14
|
+
- `Ed25519.keyPairFromSeed(seed)` — deterministic from 32-byte seed
|
|
15
|
+
- `Ed25519.publicFromPrivate(privateKey)`
|
|
16
|
+
- `Ed25519.sign(privateKey, message)` — deterministic
|
|
17
|
+
- `Ed25519.verify(publicKey, message, signature)` — throws on failure
|
|
18
|
+
- `Ed25519.verifyBool(publicKey, message, signature)` — returns boolean
|
|
19
|
+
- Constants: `Ed25519.PRIVATE_KEY_SIZE`, `PUBLIC_KEY_SIZE`, `SIGNATURE_SIZE`, `SEED_SIZE`
|
|
20
|
+
|
|
21
|
+
- **XEd25519 signatures** (Signal Protocol style) — new `XEd25519` namespace
|
|
22
|
+
- Sign with Curve25519 keys: ONE keypair for both ECDH and signing
|
|
23
|
+
- `XEd25519.sign(privateKey, message)` — uses OS RNG, non-deterministic
|
|
24
|
+
- `XEd25519.signWithRandom(privateKey, message, random)` — deterministic with 64-byte nonce
|
|
25
|
+
- `XEd25519.verify(publicKey, message, signature)`
|
|
26
|
+
- `XEd25519.verifyBool(publicKey, message, signature)`
|
|
27
|
+
- Constants: `XEd25519.PRIVATE_KEY_SIZE`, `PUBLIC_KEY_SIZE`, `SIGNATURE_SIZE`, `RANDOM_SIZE`
|
|
28
|
+
|
|
29
|
+
- **AES-GCM with AAD** — Additional Authenticated Data support
|
|
30
|
+
- `AES_GCM.encryptWithAad(key, nonce, plaintext, aad)`
|
|
31
|
+
- `AES_GCM.decryptWithAad(key, nonce, ciphertext, aad)`
|
|
32
|
+
- Bind metadata (headers) to ciphertext without encrypting them
|
|
33
|
+
- Tampering with AAD fails decryption (just like tampering with ciphertext)
|
|
34
|
+
|
|
35
|
+
- **New error class:**
|
|
36
|
+
- `SignatureError extends CryptoError` — thrown by `Ed25519.verify` / `XEd25519.verify`
|
|
37
|
+
|
|
38
|
+
- **New type:**
|
|
39
|
+
- `Signature = Buffer & { __brand?: 'Signature' }` — branded type for signatures
|
|
40
|
+
- Helper: `asSignature(buf): Signature`
|
|
41
|
+
|
|
42
|
+
- **New constants exported:**
|
|
43
|
+
- `ED25519_PRIVATE_KEY_SIZE`, `ED25519_PUBLIC_KEY_SIZE`, `ED25519_SIGNATURE_SIZE`, `ED25519_SEED_SIZE`
|
|
44
|
+
- `XED25519_PRIVATE_KEY_SIZE`, `XED25519_PUBLIC_KEY_SIZE`, `XED25519_SIGNATURE_SIZE`, `XED25519_RANDOM_SIZE`
|
|
45
|
+
|
|
46
|
+
- **New Rust crates:**
|
|
47
|
+
- `sc-ed25519` — Ed25519 signing (built on `ed25519-dalek`)
|
|
48
|
+
- `sc-xed25519` — XEd25519 with Curve25519 keys (built on `curve25519-dalek`)
|
|
49
|
+
|
|
50
|
+
- **New runnable examples** in `examples/`:
|
|
51
|
+
- `basic.mjs` — ECDH + HKDF + AES-GCM
|
|
52
|
+
- `signing.mjs` — Ed25519 + XEd25519
|
|
53
|
+
- `aad.mjs` — AES-GCM with AAD
|
|
54
|
+
- `e2e-channel.mjs` — Complete E2E channel
|
|
55
|
+
|
|
56
|
+
- **New documentation:**
|
|
57
|
+
- `MIGRATION.md` — Upgrade guide v0.1 → v0.2
|
|
58
|
+
- Updated `README.md`, `README.es.md`, `API.md`, `EXAMPLES.md`
|
|
59
|
+
|
|
60
|
+
### 🔄 Changed
|
|
61
|
+
|
|
62
|
+
- `VERSION` constant bumped to `'0.2.0'`
|
|
63
|
+
- `package.json` keywords expanded with `ed25519`, `xed25519`, `aead`
|
|
64
|
+
- `AesGcmParams` interface now includes optional `aad?: Buffer`
|
|
65
|
+
|
|
66
|
+
### 🔒 Security
|
|
67
|
+
|
|
68
|
+
- All new primitives use audited crates:
|
|
69
|
+
- `ed25519-dalek 2.x` — RFC 8032 reference implementation
|
|
70
|
+
- `curve25519-dalek 4.x` — Constant-time scalar operations
|
|
71
|
+
- XEd25519 implementation follows the [Signal spec](https://signal.org/docs/specifications/xeddsa/)
|
|
72
|
+
- All new Rust modules carry `#![deny(missing_docs)] #![deny(unsafe_code)] #![deny(clippy::unwrap_used)]`
|
|
73
|
+
|
|
74
|
+
### ✅ Compatibility
|
|
75
|
+
|
|
76
|
+
**100% backwards compatible with v0.1.0.** Every existing API works unchanged:
|
|
77
|
+
|
|
78
|
+
- All existing imports continue to work
|
|
79
|
+
- All existing function signatures unchanged
|
|
80
|
+
- All existing error classes preserved
|
|
81
|
+
- All existing constants preserved
|
|
82
|
+
- Drop-in upgrade: just bump the version
|
|
83
|
+
|
|
84
|
+
### 🧪 Testing
|
|
85
|
+
|
|
86
|
+
- **Total: ~269 tests passing**
|
|
87
|
+
- **Rust:** 48 tests (8 sc-aes incl. 3 AAD + 10 sc-ed25519 + 8 sc-xed25519 + existing)
|
|
88
|
+
- **Vitest:** 172 tests across 4 files
|
|
89
|
+
- **CJS:** 12 assertions
|
|
90
|
+
- **ESM:** 15 assertions
|
|
91
|
+
|
|
92
|
+
## [0.1.0] — 2026-05-18
|
|
93
|
+
|
|
94
|
+
### ✨ Initial release
|
|
95
|
+
|
|
96
|
+
- `Curve25519` — X25519 ECDH key agreement
|
|
97
|
+
- `HKDF` — RFC 5869 key derivation (extract, expand, derive, deriveMultiple)
|
|
98
|
+
- `AES_GCM` — AES-256-GCM authenticated encryption
|
|
99
|
+
- `AES_CBC` — AES-256-CBC block cipher (paired with HMAC)
|
|
100
|
+
- `HMAC` — HMAC-SHA256 with constant-time verification
|
|
101
|
+
- `SHA256` — SHA-256 hashing (hash, hashAll)
|
|
102
|
+
- Utility helpers: `secureRandom`, `randomNonce`, `randomIv`, `randomKey`, `toHex`, `fromHex`, `toBase64`, `fromBase64`, `toBase64Url`, `fromBase64Url`, `concat`, `zeroize`, `xor`, `constantTimeEqual`
|
|
103
|
+
- Validators: `assertBuffer`, `assertBufferLength`, `assertBufferOfSize`, `assertPositiveInteger`, `assertHkdfLength`
|
|
104
|
+
- Errors: `SignalisError`, `ValidationError`, `CryptoError`, `AuthenticationError`, `KeyDerivationError`, `LengthError`
|
|
105
|
+
- TypeScript types: `KeyPair`, `PublicKey`, `PrivateKey`, `SharedSecret`, `HkdfParams`, etc.
|
|
106
|
+
- Native bindings via napi-rs (7 platforms supported)
|
|
107
|
+
- 172 tests passing
|
|
108
|
+
|
|
109
|
+
[0.2.0]: https://github.com/Brashkie/signalis-core/releases/tag/v0.2.0
|
|
110
|
+
[0.1.0]: https://github.com/Brashkie/signalis-core/releases/tag/v0.1.0
|
package/MIGRATION.md
ADDED
|
@@ -0,0 +1,256 @@
|
|
|
1
|
+
# Migration Guide
|
|
2
|
+
|
|
3
|
+
## v0.1.0 → v0.2.0
|
|
4
|
+
|
|
5
|
+
**TL;DR:** It's a 100% drop-in replacement. Just bump the version.
|
|
6
|
+
|
|
7
|
+
```bash
|
|
8
|
+
npm install @brashkie/signalis-core@^0.2.0
|
|
9
|
+
```
|
|
10
|
+
|
|
11
|
+
No code changes needed. All v0.1.0 APIs continue to work identically.
|
|
12
|
+
|
|
13
|
+
---
|
|
14
|
+
|
|
15
|
+
## What's New
|
|
16
|
+
|
|
17
|
+
You now have access to:
|
|
18
|
+
|
|
19
|
+
- **`Ed25519`** namespace for standard digital signatures
|
|
20
|
+
- **`XEd25519`** namespace for Signal-style signatures with Curve25519 keys
|
|
21
|
+
- **`AES_GCM.encryptWithAad()` / `decryptWithAad()`** for authenticated encryption with associated data
|
|
22
|
+
- **`SignatureError`** class for signature verification failures
|
|
23
|
+
- **`Signature`** branded type and **`asSignature()`** helper
|
|
24
|
+
- New constants: `ED25519_*` and `XED25519_*`
|
|
25
|
+
|
|
26
|
+
---
|
|
27
|
+
|
|
28
|
+
## What's NOT Changed
|
|
29
|
+
|
|
30
|
+
These continue to work exactly as in v0.1.0:
|
|
31
|
+
|
|
32
|
+
| API | Status |
|
|
33
|
+
|-----|--------|
|
|
34
|
+
| `Curve25519.generateKeyPair()` | ✅ Unchanged — still returns `{ privateKey, publicKey }`, still frozen |
|
|
35
|
+
| `Curve25519.publicFromPrivate()` | ✅ Unchanged |
|
|
36
|
+
| `Curve25519.diffieHellman()` | ✅ Unchanged |
|
|
37
|
+
| `HKDF.extract()`, `expand()`, `derive()`, `deriveMultiple()`, `deriveFromParams()` | ✅ Unchanged |
|
|
38
|
+
| `AES_GCM.encrypt()`, `decrypt()` | ✅ Unchanged |
|
|
39
|
+
| `AES_CBC.encrypt()`, `decrypt()` | ✅ Unchanged |
|
|
40
|
+
| `HMAC.sha256()`, `verifySha256()` | ✅ Unchanged |
|
|
41
|
+
| `SHA256.hash()`, `hashAll()` | ✅ Unchanged |
|
|
42
|
+
| All utilities (`secureRandom`, `toHex`, etc.) | ✅ Unchanged |
|
|
43
|
+
| All errors (`SignalisError`, `ValidationError`, etc.) | ✅ Unchanged |
|
|
44
|
+
| All constants (`CURVE25519_*`, `AES_*`, `HKDF_*`, etc.) | ✅ Unchanged |
|
|
45
|
+
| Default export (`SignalisCore`) | ✅ Unchanged (now includes `Ed25519` and `XEd25519`) |
|
|
46
|
+
|
|
47
|
+
The only change you'll observe in your code base is that `VERSION === '0.2.0'`.
|
|
48
|
+
|
|
49
|
+
---
|
|
50
|
+
|
|
51
|
+
## Step-by-Step Migration
|
|
52
|
+
|
|
53
|
+
### 1. Update the package
|
|
54
|
+
|
|
55
|
+
```bash
|
|
56
|
+
npm install @brashkie/signalis-core@^0.2.0
|
|
57
|
+
```
|
|
58
|
+
|
|
59
|
+
### 2. Verify
|
|
60
|
+
|
|
61
|
+
```bash
|
|
62
|
+
node -e "console.log(require('@brashkie/signalis-core').VERSION)"
|
|
63
|
+
# Should print: 0.2.0
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
### 3. Run your tests
|
|
67
|
+
|
|
68
|
+
Your existing test suite should pass without modifications. If anything fails, [open an issue](https://github.com/Brashkie/signalis-core/issues) — that would be a bug in v0.2.0.
|
|
69
|
+
|
|
70
|
+
### 4. (Optional) Use new features
|
|
71
|
+
|
|
72
|
+
#### Adopt Ed25519 for separate signing keys
|
|
73
|
+
|
|
74
|
+
```typescript
|
|
75
|
+
import { Ed25519 } from '@brashkie/signalis-core';
|
|
76
|
+
|
|
77
|
+
const keys = Ed25519.generateKeyPair();
|
|
78
|
+
const sig = Ed25519.sign(keys.privateKey, message);
|
|
79
|
+
Ed25519.verify(keys.publicKey, message, sig);
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
#### Or adopt XEd25519 (Signal-style)
|
|
83
|
+
|
|
84
|
+
```typescript
|
|
85
|
+
import { Curve25519, XEd25519 } from '@brashkie/signalis-core';
|
|
86
|
+
|
|
87
|
+
const identity = Curve25519.generateKeyPair();
|
|
88
|
+
|
|
89
|
+
// Use the SAME key for both ECDH and signing:
|
|
90
|
+
const shared = Curve25519.diffieHellman(identity.privateKey, peer);
|
|
91
|
+
const sig = XEd25519.sign(identity.privateKey, message);
|
|
92
|
+
XEd25519.verify(identity.publicKey, message, sig);
|
|
93
|
+
```
|
|
94
|
+
|
|
95
|
+
#### Bind metadata to ciphertext with AAD
|
|
96
|
+
|
|
97
|
+
```typescript
|
|
98
|
+
import { AES_GCM } from '@brashkie/signalis-core';
|
|
99
|
+
|
|
100
|
+
const header = Buffer.from('msg_id=42|sender=alice');
|
|
101
|
+
const ct = AES_GCM.encryptWithAad(key, nonce, plaintext, header);
|
|
102
|
+
|
|
103
|
+
// Decrypt MUST pass same AAD or fails
|
|
104
|
+
const pt = AES_GCM.decryptWithAad(key, nonce, ct, header);
|
|
105
|
+
```
|
|
106
|
+
|
|
107
|
+
---
|
|
108
|
+
|
|
109
|
+
## Common Patterns
|
|
110
|
+
|
|
111
|
+
### Pattern: Replacing HMAC-based authentication with proper signatures
|
|
112
|
+
|
|
113
|
+
**Before (v0.1.0):**
|
|
114
|
+
|
|
115
|
+
```typescript
|
|
116
|
+
// Using HMAC over arbitrary data — symmetric, both parties share the key
|
|
117
|
+
const tag = HMAC.sha256(sharedKey, dataToAuthenticate);
|
|
118
|
+
const valid = HMAC.verifySha256(sharedKey, dataToAuthenticate, receivedTag);
|
|
119
|
+
```
|
|
120
|
+
|
|
121
|
+
**After (v0.2.0):**
|
|
122
|
+
|
|
123
|
+
```typescript
|
|
124
|
+
// Using Ed25519 — asymmetric, sender signs, anyone with public key verifies
|
|
125
|
+
const sig = Ed25519.sign(signerPrivateKey, dataToAuthenticate);
|
|
126
|
+
Ed25519.verify(signerPublicKey, dataToAuthenticate, sig);
|
|
127
|
+
```
|
|
128
|
+
|
|
129
|
+
**When to use which:**
|
|
130
|
+
|
|
131
|
+
- **HMAC** — When both parties already share a secret (e.g., session key)
|
|
132
|
+
- **Ed25519/XEd25519** — When sender's identity needs to be verified by parties who only have the sender's public key
|
|
133
|
+
|
|
134
|
+
### Pattern: Single identity key for ECDH + Signing
|
|
135
|
+
|
|
136
|
+
**Before (v0.1.0):**
|
|
137
|
+
|
|
138
|
+
```typescript
|
|
139
|
+
// Needed two separate keypairs
|
|
140
|
+
const ecdhKeys = Curve25519.generateKeyPair();
|
|
141
|
+
// (no native signing — would need to roll your own)
|
|
142
|
+
```
|
|
143
|
+
|
|
144
|
+
**After (v0.2.0):**
|
|
145
|
+
|
|
146
|
+
```typescript
|
|
147
|
+
// One keypair for both!
|
|
148
|
+
const identity = Curve25519.generateKeyPair();
|
|
149
|
+
|
|
150
|
+
// ECDH:
|
|
151
|
+
const shared = Curve25519.diffieHellman(identity.privateKey, peerPublic);
|
|
152
|
+
|
|
153
|
+
// Signing with the SAME key:
|
|
154
|
+
const sig = XEd25519.sign(identity.privateKey, message);
|
|
155
|
+
```
|
|
156
|
+
|
|
157
|
+
This is the Signal Protocol's design: one identity key, multiple uses.
|
|
158
|
+
|
|
159
|
+
### Pattern: Authenticated metadata in encrypted messages
|
|
160
|
+
|
|
161
|
+
**Before (v0.1.0):**
|
|
162
|
+
|
|
163
|
+
```typescript
|
|
164
|
+
// Had to manually MAC the header alongside ciphertext
|
|
165
|
+
const ciphertext = AES_GCM.encrypt(key, nonce, body);
|
|
166
|
+
const headerMac = HMAC.sha256(key, header);
|
|
167
|
+
const packet = Buffer.concat([header, headerMac, ciphertext]);
|
|
168
|
+
// Receiver: verify MAC, then decrypt
|
|
169
|
+
```
|
|
170
|
+
|
|
171
|
+
**After (v0.2.0):**
|
|
172
|
+
|
|
173
|
+
```typescript
|
|
174
|
+
// AES-GCM with AAD handles both at once
|
|
175
|
+
const ciphertext = AES_GCM.encryptWithAad(key, nonce, body, header);
|
|
176
|
+
const packet = Buffer.concat([header, ciphertext]);
|
|
177
|
+
// Receiver: decrypt with same header
|
|
178
|
+
const body = AES_GCM.decryptWithAad(key, nonce, ciphertext, header);
|
|
179
|
+
// Header tampering → AuthenticationError automatically
|
|
180
|
+
```
|
|
181
|
+
|
|
182
|
+
---
|
|
183
|
+
|
|
184
|
+
## Performance Notes
|
|
185
|
+
|
|
186
|
+
- **No regressions** — all v0.1.0 paths are unchanged
|
|
187
|
+
- **New primitives:**
|
|
188
|
+
- Ed25519 signing: ~25,000 ops/sec
|
|
189
|
+
- Ed25519 verification: ~10,000 ops/sec
|
|
190
|
+
- XEd25519 signing: ~20,000 ops/sec
|
|
191
|
+
- XEd25519 verification: ~10,000 ops/sec
|
|
192
|
+
- AAD adds <5% overhead vs no AAD
|
|
193
|
+
- **Bundle size:** +~50 KB (Ed25519 + XEd25519 Rust bindings, compressed)
|
|
194
|
+
|
|
195
|
+
---
|
|
196
|
+
|
|
197
|
+
## Compatibility Matrix
|
|
198
|
+
|
|
199
|
+
| Node.js | Status |
|
|
200
|
+
|---------|--------|
|
|
201
|
+
| 18.x | ✅ Supported |
|
|
202
|
+
| 20.x | ✅ Supported |
|
|
203
|
+
| 22.x | ✅ Supported |
|
|
204
|
+
| 24.x | ✅ Supported |
|
|
205
|
+
|
|
206
|
+
| Platform | Status |
|
|
207
|
+
|----------|--------|
|
|
208
|
+
| Windows x64 (MSVC) | ✅ Prebuilt |
|
|
209
|
+
| macOS x64 | ✅ Prebuilt |
|
|
210
|
+
| macOS ARM64 | ✅ Prebuilt |
|
|
211
|
+
| Linux x64 (glibc) | ✅ Prebuilt |
|
|
212
|
+
| Linux x64 (musl) | ✅ Prebuilt |
|
|
213
|
+
| Linux ARM64 (glibc) | ✅ Prebuilt |
|
|
214
|
+
| Linux ARM64 (musl) | ✅ Prebuilt |
|
|
215
|
+
|
|
216
|
+
---
|
|
217
|
+
|
|
218
|
+
## FAQ
|
|
219
|
+
|
|
220
|
+
### Q: Do I have to change anything in my code?
|
|
221
|
+
|
|
222
|
+
**A:** No. v0.2.0 is 100% backwards compatible.
|
|
223
|
+
|
|
224
|
+
### Q: When should I use Ed25519 vs XEd25519?
|
|
225
|
+
|
|
226
|
+
**A:**
|
|
227
|
+
- **Ed25519** if you want clean separation between signing and ECDH keys, or you need deterministic signatures.
|
|
228
|
+
- **XEd25519** if you want to follow the Signal Protocol design (one identity key for both).
|
|
229
|
+
|
|
230
|
+
### Q: Is XEd25519 less secure than Ed25519?
|
|
231
|
+
|
|
232
|
+
**A:** No. Both provide the same 128-bit security level. XEd25519 is a clever construction that lets you reuse a Curve25519 key for signing without compromising security. It's been used by Signal in production for years.
|
|
233
|
+
|
|
234
|
+
### Q: Does AAD add overhead?
|
|
235
|
+
|
|
236
|
+
**A:** Negligible (<5%). AES-GCM natively supports AAD without performance penalty in the cryptographic operation; the small overhead is just the extra data passed across the NAPI boundary.
|
|
237
|
+
|
|
238
|
+
### Q: Will there be a v0.3.0?
|
|
239
|
+
|
|
240
|
+
**A:** Yes, but it will be handled by the higher-level `@brashkie/signalis` package, which builds X3DH and Double Ratchet on top of these primitives.
|
|
241
|
+
|
|
242
|
+
### Q: What if I find a bug?
|
|
243
|
+
|
|
244
|
+
**A:** [Open an issue](https://github.com/Brashkie/signalis-core/issues) on GitHub. For security issues, see [SECURITY.md](SECURITY.md) for the responsible disclosure process.
|
|
245
|
+
|
|
246
|
+
---
|
|
247
|
+
|
|
248
|
+
## Resources
|
|
249
|
+
|
|
250
|
+
- [README.md](README.md) — Library overview
|
|
251
|
+
- [API.md](API.md) — Full API reference
|
|
252
|
+
- [EXAMPLES.md](EXAMPLES.md) — More usage examples
|
|
253
|
+
- [`examples/`](examples/) — Runnable code samples
|
|
254
|
+
- [CHANGELOG.md](CHANGELOG.md) — Full release history
|
|
255
|
+
|
|
256
|
+
🦀 + ❤️ Hepein Oficial
|
package/NOTICE
CHANGED
|
@@ -1,12 +1,110 @@
|
|
|
1
|
-
|
|
2
|
-
Copyright 2026 Brashkie
|
|
1
|
+
@brashkie/signalis-core
|
|
2
|
+
Copyright 2026 Brashkie / Hepein Oficial
|
|
3
3
|
|
|
4
|
-
This product
|
|
5
|
-
|
|
6
|
-
- The RustCrypto project (https://github.com/RustCrypto)
|
|
7
|
-
- The napi-rs project (https://github.com/napi-rs/napi-rs)
|
|
4
|
+
This product is licensed under the Apache License, Version 2.0
|
|
5
|
+
(see LICENSE file in the project root).
|
|
8
6
|
|
|
9
|
-
|
|
10
|
-
|
|
7
|
+
═══════════════════════════════════════════════════════════════════════════
|
|
8
|
+
Third-party software included
|
|
9
|
+
═══════════════════════════════════════════════════════════════════════════
|
|
11
10
|
|
|
12
|
-
|
|
11
|
+
This product includes the following third-party software, licensed under
|
|
12
|
+
their respective terms:
|
|
13
|
+
|
|
14
|
+
─── Rust Dependencies ─────────────────────────────────────────────────────
|
|
15
|
+
|
|
16
|
+
curve25519-dalek 4.x
|
|
17
|
+
Copyright (c) Isis Lovecruft, Henry de Valence
|
|
18
|
+
Licensed under BSD-3-Clause
|
|
19
|
+
https://github.com/dalek-cryptography/curve25519-dalek
|
|
20
|
+
|
|
21
|
+
ed25519-dalek 2.x
|
|
22
|
+
Copyright (c) Isis Lovecruft
|
|
23
|
+
Licensed under BSD-3-Clause
|
|
24
|
+
https://github.com/dalek-cryptography/ed25519-dalek
|
|
25
|
+
|
|
26
|
+
x25519-dalek 2.x
|
|
27
|
+
Copyright (c) Isis Lovecruft, Henry de Valence
|
|
28
|
+
Licensed under BSD-3-Clause
|
|
29
|
+
https://github.com/dalek-cryptography/x25519-dalek
|
|
30
|
+
|
|
31
|
+
aes-gcm (RustCrypto)
|
|
32
|
+
Copyright (c) RustCrypto Developers
|
|
33
|
+
Licensed under Apache-2.0 OR MIT
|
|
34
|
+
https://github.com/RustCrypto/AEADs
|
|
35
|
+
|
|
36
|
+
aes (RustCrypto)
|
|
37
|
+
Copyright (c) RustCrypto Developers
|
|
38
|
+
Licensed under Apache-2.0 OR MIT
|
|
39
|
+
https://github.com/RustCrypto/block-ciphers
|
|
40
|
+
|
|
41
|
+
cbc (RustCrypto)
|
|
42
|
+
Copyright (c) RustCrypto Developers
|
|
43
|
+
Licensed under Apache-2.0 OR MIT
|
|
44
|
+
https://github.com/RustCrypto/block-modes
|
|
45
|
+
|
|
46
|
+
sha2 (RustCrypto)
|
|
47
|
+
Copyright (c) RustCrypto Developers
|
|
48
|
+
Licensed under Apache-2.0 OR MIT
|
|
49
|
+
https://github.com/RustCrypto/hashes
|
|
50
|
+
|
|
51
|
+
hmac (RustCrypto)
|
|
52
|
+
Copyright (c) RustCrypto Developers
|
|
53
|
+
Licensed under Apache-2.0 OR MIT
|
|
54
|
+
https://github.com/RustCrypto/MACs
|
|
55
|
+
|
|
56
|
+
hkdf (RustCrypto)
|
|
57
|
+
Copyright (c) RustCrypto Developers
|
|
58
|
+
Licensed under Apache-2.0 OR MIT
|
|
59
|
+
https://github.com/RustCrypto/KDFs
|
|
60
|
+
|
|
61
|
+
zeroize
|
|
62
|
+
Copyright (c) Tony Arcieri
|
|
63
|
+
Licensed under Apache-2.0 OR MIT
|
|
64
|
+
https://github.com/RustCrypto/utils/tree/master/zeroize
|
|
65
|
+
|
|
66
|
+
subtle
|
|
67
|
+
Copyright (c) Isis Lovecruft, Henry de Valence
|
|
68
|
+
Licensed under BSD-3-Clause
|
|
69
|
+
https://github.com/dalek-cryptography/subtle
|
|
70
|
+
|
|
71
|
+
rand
|
|
72
|
+
Licensed under Apache-2.0 OR MIT
|
|
73
|
+
https://github.com/rust-random/rand
|
|
74
|
+
|
|
75
|
+
thiserror
|
|
76
|
+
Copyright (c) David Tolnay
|
|
77
|
+
Licensed under Apache-2.0 OR MIT
|
|
78
|
+
https://github.com/dtolnay/thiserror
|
|
79
|
+
|
|
80
|
+
─── NAPI Bindings ────────────────────────────────────────────────────────
|
|
81
|
+
|
|
82
|
+
napi-rs
|
|
83
|
+
Copyright (c) napi-rs contributors
|
|
84
|
+
Licensed under MIT
|
|
85
|
+
https://github.com/napi-rs/napi-rs
|
|
86
|
+
|
|
87
|
+
═══════════════════════════════════════════════════════════════════════════
|
|
88
|
+
Specifications referenced
|
|
89
|
+
═══════════════════════════════════════════════════════════════════════════
|
|
90
|
+
|
|
91
|
+
- RFC 7748 — Elliptic Curves for Security
|
|
92
|
+
- RFC 8032 — Edwards-Curve Digital Signature Algorithm (EdDSA)
|
|
93
|
+
- RFC 5869 — HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
|
|
94
|
+
- NIST SP 800-38D — AES-GCM
|
|
95
|
+
- FIPS 180-4 — Secure Hash Standard (SHA-256)
|
|
96
|
+
- FIPS 198-1 — HMAC
|
|
97
|
+
|
|
98
|
+
Signal Protocol specifications:
|
|
99
|
+
- X3DH: https://signal.org/docs/specifications/x3dh/
|
|
100
|
+
- Double Ratchet: https://signal.org/docs/specifications/doubleratchet/
|
|
101
|
+
- XEdDSA: https://signal.org/docs/specifications/xeddsa/
|
|
102
|
+
|
|
103
|
+
═══════════════════════════════════════════════════════════════════════════
|
|
104
|
+
|
|
105
|
+
The full text of all third-party licenses can be found in the respective
|
|
106
|
+
crate repositories linked above, or obtained by running:
|
|
107
|
+
|
|
108
|
+
cargo about generate licenses.html
|
|
109
|
+
|
|
110
|
+
For questions about licensing, contact: brashkie@hepein.com
|