@decentnetwork/peer 0.1.0

package/dist/compat/express.d.ts

@@ -0,0 +1,21 @@
+import type { KeyPair } from "../crypto/keypair.js";
+import type { NetworkNode } from "../types/peer.js";
+type PullCallbacks = {
+    onOfflineFriendRequest: (fromUserId: string, packet: Uint8Array, timestamp: number) => void;
+    onOfflineFriendMessage: (fromUserId: string, packet: Uint8Array, timestamp: number) => void;
+};
+export declare class LegacyExpressClient {
+    #private;
+    constructor(opts: {
+        nodes: NetworkNode[];
+        selfKeyPair: KeyPair;
+        selfUserId: string;
+        selfAddress: string;
+        callbacks: PullCallbacks;
+    });
+    hasNodes(): boolean;
+    sendOfflineFriendRequest(address: string, hello: Uint8Array): Promise<void>;
+    sendOfflineText(friendUserId: string, carrierPacket: Uint8Array): Promise<void>;
+    pullOnce(): Promise<void>;
+}
+export {};

package/dist/compat/express.js

@@ -0,0 +1,263 @@
+import { ByteBuffer, Encoding } from "flatbuffers";
+import nacl from "tweetnacl";
+import { base58ToBytes, bytesToBase58 } from "../utils/base58.js";
+import { randomBytes } from "../utils/bytes.js";
+const EXPRESS_MAGIC = 0xca6ee595;
+const NONCE_SIZE = 24;
+const HTTP_TIMEOUT_MS = 15000;
+export class LegacyExpressClient {
+    #nodes;
+    #selfKeyPair;
+    #selfUserId;
+    #selfAddress;
+    #currNode = 0;
+    #callbacks;
+    #debug = process.env.DECENT_DEBUG === "1";
+    constructor(opts) {
+        this.#selfKeyPair = opts.selfKeyPair;
+        this.#selfUserId = opts.selfUserId;
+        this.#selfAddress = opts.selfAddress;
+        this.#callbacks = opts.callbacks;
+        this.#nodes = opts.nodes
+            .filter((node) => typeof node.pk === "string" && node.pk.length > 0)
+            .map((node) => {
+            const expressPk = base58ToBytes(node.pk);
+            if (expressPk.length !== 32) {
+                throw new Error(`invalid express public key for ${node.host}:${node.port}`);
+            }
+            return {
+                host: node.host,
+                port: node.port,
+                sharedKey: nacl.box.before(expressPk, this.#selfKeyPair.secretKey)
+            };
+        });
+    }
+    hasNodes() {
+        return this.#nodes.length > 0;
+    }
+    async sendOfflineFriendRequest(address, hello) {
+        await this.#postEncrypted(address, hello);
+    }
+    async sendOfflineText(friendUserId, carrierPacket) {
+        const friendPk = base58ToBytes(friendUserId);
+        if (friendPk.length !== 32) {
+            throw new Error("friend user id must decode to 32-byte public key");
+        }
+        const friendSharedKey = nacl.box.before(friendPk, this.#selfKeyPair.secretKey);
+        const friendEncrypted = encrypt(friendSharedKey, carrierPacket);
+        await this.#postEncrypted(friendUserId, friendEncrypted);
+    }
+    async pullOnce() {
+        if (!this.#nodes.length) {
+            return;
+        }
+        let lastTimestamp = 0;
+        const { node, body } = await this.#withAnyNode(async (candidate) => ({
+            node: candidate,
+            body: await this.#http(candidate, "GET", encodeURIComponent(this.#selfUserId))
+        }));
+        const messages = parseExpressResponseFrames(body);
+        if (messages.length > 0) {
+            this.#debugLog(`pullOnce got ${messages.length} offline frame(s) from ${node.host}:${node.port}`);
+        }
+        let requestCount = 0;
+        let messageCount = 0;
+        for (const encrypted of messages) {
+            const plain = decrypt(node.sharedKey, encrypted);
+            if (!plain) {
+                continue;
+            }
+            const msg = decodePullMessage(plain);
+            if (!msg) {
+                continue;
+            }
+            lastTimestamp = Math.max(lastTimestamp, msg.timestamp);
+            if (msg.type === "R") {
+                if (!msg.address || msg.address !== this.#selfAddress) {
+                    this.#debugLog(`drop offline request with unmatched address from ${msg.from}`);
+                    continue;
+                }
+                this.#callbacks.onOfflineFriendRequest(msg.from, msg.payload, msg.timestamp);
+                requestCount += 1;
+                this.#debugLog(`offline friend request from ${msg.from} ts=${msg.timestamp}`);
+            }
+            else if (msg.type === "M") {
+                try {
+                    const friendPk = base58ToBytes(msg.from);
+                    if (friendPk.length !== 32) {
+                        continue;
+                    }
+                    const friendSharedKey = nacl.box.before(friendPk, this.#selfKeyPair.secretKey);
+                    const packet = decrypt(friendSharedKey, msg.payload);
+                    if (!packet) {
+                        continue;
+                    }
+                    this.#callbacks.onOfflineFriendMessage(msg.from, packet, msg.timestamp);
+                    messageCount += 1;
+                    this.#debugLog(`offline message from ${msg.from} ts=${msg.timestamp}`);
+                }
+                catch {
+                    // Skip invalid sender ids.
+                }
+            }
+        }
+        if (lastTimestamp > 0) {
+            this.#debugLog(`pull processed: requests=${requestCount} messages=${messageCount}; ack until ts=${lastTimestamp}`);
+            await this.#deleteUntil(lastTimestamp).catch(() => { });
+        }
+    }
+    async #postEncrypted(to, plainData) {
+        await this.#withAnyNode(async (node) => {
+            const encrypted = encrypt(node.sharedKey, plainData);
+            const path = `${encodeURIComponent(to)}/${encodeURIComponent(this.#selfUserId)}`;
+            await this.#http(node, "POST", path, encrypted);
+        });
+    }
+    async #deleteUntil(timestamp) {
+        const tsBytes = new TextEncoder().encode(String(timestamp));
+        await this.#withAnyNode(async (node) => {
+            const encrypted = encrypt(node.sharedKey, tsBytes);
+            const encoded = bytesToBase58(encrypted);
+            const path = `${encodeURIComponent(this.#selfUserId)}?until=${encodeURIComponent(encoded)}`;
+            await this.#http(node, "DELETE", path);
+        });
+    }
+    async #withAnyNode(fn) {
+        if (!this.#nodes.length) {
+            throw new Error("no express nodes configured");
+        }
+        let lastError;
+        for (let i = 0; i < this.#nodes.length; i++) {
+            const idx = (this.#currNode + i) % this.#nodes.length;
+            const node = this.#nodes[idx];
+            try {
+                const value = await fn(node);
+                this.#currNode = idx;
+                return value;
+            }
+            catch (error) {
+                lastError = error;
+            }
+        }
+        throw lastError instanceof Error ? lastError : new Error(String(lastError));
+    }
+    async #http(node, method, path, body) {
+        const url = `https://${node.host}:${node.port}/${path}`;
+        const controller = new AbortController();
+        const timer = setTimeout(() => controller.abort(), HTTP_TIMEOUT_MS);
+        try {
+            const response = await fetch(url, {
+                method,
+                body: body ? Buffer.from(body) : undefined,
+                headers: body ? { "Content-Type": "application/binary" } : undefined,
+                signal: controller.signal
+            });
+            if ((method === "POST" && response.status !== 201) ||
+                (method === "GET" && response.status !== 200) ||
+                (method === "DELETE" && response.status !== 205)) {
+                throw new Error(`express ${method} ${node.host}:${node.port} failed status=${response.status}`);
+            }
+            const bytes = new Uint8Array(await response.arrayBuffer());
+            return bytes;
+        }
+        finally {
+            clearTimeout(timer);
+        }
+    }
+    #debugLog(message) {
+        if (!this.#debug) {
+            return;
+        }
+        console.log(`[peer-debug:express] ${message}`);
+    }
+}
+function encrypt(key, plain) {
+    const nonce = randomBytes(NONCE_SIZE);
+    const cipher = nacl.secretbox(plain, nonce, key);
+    const out = new Uint8Array(nonce.length + cipher.length);
+    out.set(nonce, 0);
+    out.set(cipher, nonce.length);
+    return out;
+}
+function decrypt(key, encrypted) {
+    if (encrypted.length < NONCE_SIZE + 16) {
+        return undefined;
+    }
+    const nonce = encrypted.slice(0, NONCE_SIZE);
+    const cipher = encrypted.slice(NONCE_SIZE);
+    return nacl.secretbox.open(cipher, nonce, key) ?? undefined;
+}
+function parseExpressResponseFrames(body) {
+    const out = [];
+    let offset = 0;
+    while (offset + 8 <= body.length) {
+        const magic = readUint32Be(body, offset);
+        const len = readUint32Be(body, offset + 4);
+        offset += 8;
+        if (magic !== EXPRESS_MAGIC) {
+            break;
+        }
+        if (len === 0 || offset + len > body.length) {
+            break;
+        }
+        out.push(body.slice(offset, offset + len));
+        offset += len;
+    }
+    return out;
+}
+function readUint32Be(bytes, offset) {
+    return ((bytes[offset] << 24) |
+        (bytes[offset + 1] << 16) |
+        (bytes[offset + 2] << 8) |
+        bytes[offset + 3]) >>> 0;
+}
+function decodePullMessage(bytes) {
+    const bb = new ByteBuffer(bytes);
+    const root = bb.readInt32(bb.position()) + bb.position();
+    const table = { bb, bb_pos: root };
+    const from = readStringField(table, 1) ?? "";
+    const typeNum = readUint8Field(table, 2);
+    const timestamp = Number(readUint64Field(table, 3));
+    const payload = readByteVectorField(table, 5) ?? new Uint8Array();
+    const address = readStringField(table, 4);
+    if (!from || !Number.isFinite(timestamp)) {
+        return undefined;
+    }
+    return {
+        from,
+        type: String.fromCharCode(typeNum),
+        timestamp,
+        address,
+        payload
+    };
+}
+function readUint8Field(table, field) {
+    const offset = table.bb.__offset(table.bb_pos, 4 + field * 2);
+    return offset ? table.bb.readUint8(table.bb_pos + offset) : 0;
+}
+function readUint64Field(table, field) {
+    const offset = table.bb.__offset(table.bb_pos, 4 + field * 2);
+    if (!offset) {
+        return 0n;
+    }
+    const pos = table.bb_pos + offset;
+    const low = BigInt(table.bb.readUint32(pos));
+    const high = BigInt(table.bb.readUint32(pos + 4));
+    return (high << 32n) | low;
+}
+function readStringField(table, field) {
+    const offset = table.bb.__offset(table.bb_pos, 4 + field * 2);
+    if (!offset) {
+        return undefined;
+    }
+    return table.bb.__string(table.bb_pos + offset, Encoding.UTF16_STRING);
+}
+function readByteVectorField(table, field) {
+    const offset = table.bb.__offset(table.bb_pos, 4 + field * 2);
+    if (!offset) {
+        return undefined;
+    }
+    const vector = table.bb.__vector(table.bb_pos + offset);
+    const length = table.bb.__vector_len(table.bb_pos + offset);
+    return table.bb.bytes().slice(vector, vector + length);
+}

package/dist/compat/friend.d.ts

@@ -0,0 +1,4 @@
+export declare class LegacyFriendClient {
+    sendRequest(pubkey: string, hello?: string): Promise<never>;
+    accept(pubkey: string): Promise<never>;
+}

package/dist/compat/friend.js

@@ -0,0 +1,12 @@
+import { LegacyProtocolNotImplementedError } from "../runtime/errors.js";
+export class LegacyFriendClient {
+    async sendRequest(pubkey, hello) {
+        void pubkey;
+        void hello;
+        throw new LegacyProtocolNotImplementedError("Legacy friend request");
+    }
+    async accept(pubkey) {
+        void pubkey;
+        throw new LegacyProtocolNotImplementedError("Legacy friend accept");
+    }
+}

package/dist/compat/net-crypto.d.ts

@@ -0,0 +1,84 @@
+export declare const NET_PACKET_COOKIE_REQUEST = 24;
+export declare const NET_PACKET_COOKIE_RESPONSE = 25;
+export declare const NET_PACKET_CRYPTO_HS = 26;
+export declare const NET_PACKET_CRYPTO_DATA = 27;
+export type CookieRequest = {
+    senderDhtPublicKey: Uint8Array;
+    senderRealPublicKey: Uint8Array;
+    echo: bigint;
+};
+export type CookieResponse = {
+    cookie: Uint8Array;
+    echo: bigint;
+};
+export type CryptoHandshake = {
+    recipientCookie: Uint8Array;
+    baseNonce: Uint8Array;
+    sessionPublicKey: Uint8Array;
+    cookieHash: Uint8Array;
+    embeddedCookie: Uint8Array;
+    senderRealPublicKey: Uint8Array;
+    senderDhtPublicKey: Uint8Array;
+};
+export declare function createCookieRequest(opts: {
+    senderRealPublicKey: Uint8Array;
+    senderDhtPublicKey: Uint8Array;
+    senderDhtSecretKey: Uint8Array;
+    receiverDhtPublicKey: Uint8Array;
+    echo: bigint;
+}): Uint8Array;
+export declare function openCookieRequest(packet: Uint8Array, opts: {
+    receiverDhtSecretKey: Uint8Array;
+}): CookieRequest | undefined;
+export declare function createCookieResponse(opts: {
+    request: CookieRequest;
+    receiverDhtSecretKey: Uint8Array;
+    receiverCookieSymmetricKey: Uint8Array;
+}): Uint8Array;
+export declare function openCookieResponse(packet: Uint8Array, opts: {
+    receiverDhtPublicKey: Uint8Array;
+    senderDhtSecretKey: Uint8Array;
+}): CookieResponse | undefined;
+export declare function openCookie(cookie: Uint8Array, opts: {
+    symmetricKey: Uint8Array;
+}): {
+    timestamp: bigint;
+    realPublicKey: Uint8Array;
+    dhtPublicKey: Uint8Array;
+} | undefined;
+export declare function createCryptoHandshake(opts: {
+    recipientCookie: Uint8Array;
+    baseNonce: Uint8Array;
+    sessionPublicKey: Uint8Array;
+    senderRealSecretKey: Uint8Array;
+    senderRealPublicKey: Uint8Array;
+    senderDhtPublicKey: Uint8Array;
+    receiverRealPublicKey: Uint8Array;
+    /**
+     * Peer's DHT public key. Falls back to receiverRealPublicKey when omitted
+     * (Carrier C SDK uses the same key for real and DHT identity).
+     */
+    receiverDhtPublicKey?: Uint8Array;
+    localCookieSymmetricKey: Uint8Array;
+}): Uint8Array;
+export declare function openCryptoHandshake(packet: Uint8Array, opts: {
+    receiverRealSecretKey: Uint8Array;
+    receiverCookieSymmetricKey: Uint8Array;
+}): CryptoHandshake | undefined;
+export declare function createCryptoDataPacket(opts: {
+    sessionSharedKey: Uint8Array;
+    sentNonce: Uint8Array;
+    bufferStart: number;
+    packetNumber: number;
+    payload: Uint8Array;
+}): Uint8Array;
+export declare function openCryptoDataPacket(packet: Uint8Array, opts: {
+    sessionSharedKey: Uint8Array;
+    recvBaseNonce: Uint8Array;
+}): {
+    payload: Uint8Array;
+    bufferStart: number;
+    packetNumber: number;
+    nonceLast2: number;
+} | undefined;
+export declare function incrementNonce(nonce: Uint8Array): void;

package/dist/compat/net-crypto.js

@@ -0,0 +1,278 @@
+import nacl from "tweetnacl";
+import { createHash } from "node:crypto";
+import { concatBytes, randomBytes } from "../utils/bytes.js";
+export const NET_PACKET_COOKIE_REQUEST = 0x18;
+export const NET_PACKET_COOKIE_RESPONSE = 0x19;
+export const NET_PACKET_CRYPTO_HS = 0x1a;
+export const NET_PACKET_CRYPTO_DATA = 0x1b;
+const KEY_SIZE = 32;
+const NONCE_SIZE = 24;
+const MAC_SIZE = 16;
+const COOKIE_DATA_LENGTH = 64;
+const COOKIE_CONTENTS_LENGTH = 8 + COOKIE_DATA_LENGTH;
+const COOKIE_LENGTH = NONCE_SIZE + COOKIE_CONTENTS_LENGTH + MAC_SIZE; // 112
+const COOKIE_REQUEST_PLAIN_LENGTH = COOKIE_DATA_LENGTH + 8; // 72
+const COOKIE_REQUEST_LENGTH = 1 + KEY_SIZE + NONCE_SIZE + COOKIE_REQUEST_PLAIN_LENGTH + MAC_SIZE; // 145
+const COOKIE_RESPONSE_PLAIN_LENGTH = COOKIE_LENGTH + 8; // 120
+const COOKIE_RESPONSE_LENGTH = 1 + NONCE_SIZE + COOKIE_RESPONSE_PLAIN_LENGTH + MAC_SIZE; // 161
+const HANDSHAKE_INNER_LENGTH = 24 + 32 + 64 + COOKIE_LENGTH; // 232
+const HANDSHAKE_LENGTH = 1 + COOKIE_LENGTH + NONCE_SIZE + HANDSHAKE_INNER_LENGTH + MAC_SIZE; // 385
+const MAX_CRYPTO_PACKET_SIZE = 1400;
+const CRYPTO_DATA_PACKET_MIN_SIZE = 1 + 2 + 4 + 4 + MAC_SIZE;
+const MAX_CRYPTO_DATA_SIZE = MAX_CRYPTO_PACKET_SIZE - CRYPTO_DATA_PACKET_MIN_SIZE;
+const CRYPTO_MAX_PADDING = 8;
+const CRYPTO_DATA_PLAIN_HEADER_LENGTH = 8;
+export function createCookieRequest(opts) {
+    if (opts.senderRealPublicKey.length !== KEY_SIZE) {
+        throw new Error("sender real public key must be 32 bytes");
+    }
+    if (opts.senderDhtPublicKey.length !== KEY_SIZE) {
+        throw new Error("sender dht public key must be 32 bytes");
+    }
+    if (opts.senderDhtSecretKey.length !== KEY_SIZE) {
+        throw new Error("sender dht secret key must be 32 bytes");
+    }
+    if (opts.receiverDhtPublicKey.length !== KEY_SIZE) {
+        throw new Error("receiver dht public key must be 32 bytes");
+    }
+    const plain = concatBytes([
+        opts.senderRealPublicKey,
+        opts.senderDhtPublicKey,
+        writeUint64Le(opts.echo)
+    ]);
+    if (plain.length !== COOKIE_REQUEST_PLAIN_LENGTH) {
+        throw new Error("cookie request plaintext size mismatch");
+    }
+    const nonce = randomBytes(NONCE_SIZE);
+    const sharedKey = nacl.box.before(opts.receiverDhtPublicKey, opts.senderDhtSecretKey);
+    const cipher = nacl.secretbox(plain, nonce, sharedKey);
+    return concatBytes([
+        Uint8Array.of(NET_PACKET_COOKIE_REQUEST),
+        opts.senderDhtPublicKey,
+        nonce,
+        cipher
+    ]);
+}
+export function openCookieRequest(packet, opts) {
+    if (packet.length !== COOKIE_REQUEST_LENGTH || packet[0] !== NET_PACKET_COOKIE_REQUEST) {
+        return undefined;
+    }
+    const senderDhtPublicKey = packet.slice(1, 1 + KEY_SIZE);
+    const nonce = packet.slice(1 + KEY_SIZE, 1 + KEY_SIZE + NONCE_SIZE);
+    const cipher = packet.slice(1 + KEY_SIZE + NONCE_SIZE);
+    const sharedKey = nacl.box.before(senderDhtPublicKey, opts.receiverDhtSecretKey);
+    const plain = nacl.secretbox.open(cipher, nonce, sharedKey);
+    if (!plain || plain.length !== COOKIE_REQUEST_PLAIN_LENGTH) {
+        return undefined;
+    }
+    return {
+        senderDhtPublicKey,
+        senderRealPublicKey: plain.slice(0, KEY_SIZE),
+        echo: readUint64Le(plain, COOKIE_DATA_LENGTH)
+    };
+}
+export function createCookieResponse(opts) {
+    const cookie = createCookie({
+        symmetricKey: opts.receiverCookieSymmetricKey,
+        realPublicKey: opts.request.senderRealPublicKey,
+        dhtPublicKey: opts.request.senderDhtPublicKey
+    });
+    const plain = concatBytes([cookie, writeUint64Le(opts.request.echo)]);
+    const nonce = randomBytes(NONCE_SIZE);
+    const sharedKey = nacl.box.before(opts.request.senderDhtPublicKey, opts.receiverDhtSecretKey);
+    const cipher = nacl.secretbox(plain, nonce, sharedKey);
+    return concatBytes([Uint8Array.of(NET_PACKET_COOKIE_RESPONSE), nonce, cipher]);
+}
+export function openCookieResponse(packet, opts) {
+    if (packet.length !== COOKIE_RESPONSE_LENGTH || packet[0] !== NET_PACKET_COOKIE_RESPONSE) {
+        return undefined;
+    }
+    const nonce = packet.slice(1, 1 + NONCE_SIZE);
+    const cipher = packet.slice(1 + NONCE_SIZE);
+    const sharedKey = nacl.box.before(opts.receiverDhtPublicKey, opts.senderDhtSecretKey);
+    const plain = nacl.secretbox.open(cipher, nonce, sharedKey);
+    if (!plain || plain.length !== COOKIE_RESPONSE_PLAIN_LENGTH) {
+        return undefined;
+    }
+    return {
+        cookie: plain.slice(0, COOKIE_LENGTH),
+        echo: readUint64Le(plain, COOKIE_LENGTH)
+    };
+}
+export function openCookie(cookie, opts) {
+    if (cookie.length !== COOKIE_LENGTH) {
+        return undefined;
+    }
+    const nonce = cookie.slice(0, NONCE_SIZE);
+    const cipher = cookie.slice(NONCE_SIZE);
+    const plain = nacl.secretbox.open(cipher, nonce, opts.symmetricKey);
+    if (!plain || plain.length !== COOKIE_CONTENTS_LENGTH) {
+        return undefined;
+    }
+    return {
+        timestamp: readUint64Le(plain, 0),
+        realPublicKey: plain.slice(8, 8 + KEY_SIZE),
+        dhtPublicKey: plain.slice(8 + KEY_SIZE, 8 + KEY_SIZE + KEY_SIZE)
+    };
+}
+export function createCryptoHandshake(opts) {
+    const innerNonce = randomBytes(NONCE_SIZE);
+    // Toxcore create_crypto_handshake: the embedded "own cookie" is encrypted
+    // for the *peer's* future use and contains the PEER's real_pk + dht_pk.
+    // The peer attaches this cookie at handshake[1..113] when they reply, and
+    // we decrypt it with our symmetric key to recover their keys for inner box.
+    // Earlier versions of this code mistakenly stored the SENDER's own keys in
+    // ownCookie, which made the responder's reply handshake fail to decrypt
+    // because we recovered our own pubkey instead of the peer's.
+    const ownCookie = createCookie({
+        symmetricKey: opts.localCookieSymmetricKey,
+        realPublicKey: opts.receiverRealPublicKey,
+        dhtPublicKey: opts.receiverDhtPublicKey ?? opts.receiverRealPublicKey
+    });
+    const innerPlain = concatBytes([
+        opts.baseNonce,
+        opts.sessionPublicKey,
+        sha512(opts.recipientCookie),
+        ownCookie
+    ]);
+    const sharedKey = nacl.box.before(opts.receiverRealPublicKey, opts.senderRealSecretKey);
+    const innerCipher = nacl.secretbox(innerPlain, innerNonce, sharedKey);
+    return concatBytes([Uint8Array.of(NET_PACKET_CRYPTO_HS), opts.recipientCookie, innerNonce, innerCipher]);
+}
+export function openCryptoHandshake(packet, opts) {
+    if (packet.length !== HANDSHAKE_LENGTH || packet[0] !== NET_PACKET_CRYPTO_HS) {
+        return undefined;
+    }
+    const recipientCookie = packet.slice(1, 1 + COOKIE_LENGTH);
+    const cookieParsed = openCookie(recipientCookie, { symmetricKey: opts.receiverCookieSymmetricKey });
+    if (!cookieParsed) {
+        return undefined;
+    }
+    const senderRealPublicKey = cookieParsed.realPublicKey;
+    const senderDhtPublicKey = cookieParsed.dhtPublicKey;
+    const nonce = packet.slice(1 + COOKIE_LENGTH, 1 + COOKIE_LENGTH + NONCE_SIZE);
+    const cipher = packet.slice(1 + COOKIE_LENGTH + NONCE_SIZE);
+    const sharedKey = nacl.box.before(senderRealPublicKey, opts.receiverRealSecretKey);
+    const inner = nacl.secretbox.open(cipher, nonce, sharedKey);
+    if (!inner || inner.length !== HANDSHAKE_INNER_LENGTH) {
+        return undefined;
+    }
+    const baseNonce = inner.slice(0, NONCE_SIZE);
+    const sessionPublicKey = inner.slice(NONCE_SIZE, NONCE_SIZE + KEY_SIZE);
+    const cookieHash = inner.slice(NONCE_SIZE + KEY_SIZE, NONCE_SIZE + KEY_SIZE + 64);
+    if (!bytesEqual(cookieHash, sha512(recipientCookie))) {
+        return undefined;
+    }
+    const embeddedCookie = inner.slice(NONCE_SIZE + KEY_SIZE + 64);
+    return {
+        recipientCookie,
+        baseNonce,
+        sessionPublicKey,
+        cookieHash,
+        embeddedCookie,
+        senderRealPublicKey,
+        senderDhtPublicKey
+    };
+}
+export function createCryptoDataPacket(opts) {
+    if (opts.payload.length === 0 || opts.payload.length > MAX_CRYPTO_DATA_SIZE) {
+        throw new Error(`crypto data payload must be 1..${MAX_CRYPTO_DATA_SIZE} bytes`);
+    }
+    const paddingLength = (MAX_CRYPTO_DATA_SIZE - opts.payload.length) % CRYPTO_MAX_PADDING;
+    const plain = new Uint8Array(CRYPTO_DATA_PLAIN_HEADER_LENGTH + paddingLength + opts.payload.length);
+    writeUint32BeInto(plain, 0, opts.bufferStart);
+    writeUint32BeInto(plain, 4, opts.packetNumber);
+    plain.set(opts.payload, CRYPTO_DATA_PLAIN_HEADER_LENGTH + paddingLength);
+    const cipher = nacl.secretbox(plain, opts.sentNonce, opts.sessionSharedKey);
+    const last2 = opts.sentNonce.slice(opts.sentNonce.length - 2);
+    return concatBytes([Uint8Array.of(NET_PACKET_CRYPTO_DATA), last2, cipher]);
+}
+export function openCryptoDataPacket(packet, opts) {
+    if (packet.length <= CRYPTO_DATA_PACKET_MIN_SIZE || packet[0] !== NET_PACKET_CRYPTO_DATA) {
+        return undefined;
+    }
+    const nonce = opts.recvBaseNonce.slice();
+    nonce[nonce.length - 2] = packet[1];
+    nonce[nonce.length - 1] = packet[2];
+    const cipher = packet.slice(3);
+    const plain = nacl.secretbox.open(cipher, nonce, opts.sessionSharedKey);
+    if (!plain || plain.length <= CRYPTO_DATA_PLAIN_HEADER_LENGTH) {
+        return undefined;
+    }
+    const bufferStart = readUint32Be(plain, 0);
+    const packetNumber = readUint32Be(plain, 4);
+    let payloadOffset = CRYPTO_DATA_PLAIN_HEADER_LENGTH;
+    while (payloadOffset < plain.length && plain[payloadOffset] === 0) {
+        payloadOffset += 1;
+    }
+    if (payloadOffset >= plain.length) {
+        return undefined;
+    }
+    return {
+        payload: plain.slice(payloadOffset),
+        bufferStart,
+        packetNumber,
+        nonceLast2: ((packet[1] << 8) | packet[2]) >>> 0
+    };
+}
+function createCookie(opts) {
+    const timestamp = BigInt(Math.floor(Date.now() / 1000));
+    const contents = concatBytes([
+        writeUint64Le(timestamp),
+        opts.realPublicKey,
+        opts.dhtPublicKey
+    ]);
+    const nonce = randomBytes(NONCE_SIZE);
+    const cipher = nacl.secretbox(contents, nonce, opts.symmetricKey);
+    return concatBytes([nonce, cipher]);
+}
+export function incrementNonce(nonce) {
+    for (let i = nonce.length - 1; i >= 0; i--) {
+        nonce[i] = (nonce[i] + 1) & 0xff;
+        if (nonce[i] !== 0) {
+            break;
+        }
+    }
+}
+function sha512(data) {
+    return new Uint8Array(createHash("sha512").update(data).digest());
+}
+function bytesEqual(a, b) {
+    if (a.length !== b.length) {
+        return false;
+    }
+    let diff = 0;
+    for (let i = 0; i < a.length; i++) {
+        diff |= a[i] ^ b[i];
+    }
+    return diff === 0;
+}
+function writeUint64Le(value) {
+    const bytes = new Uint8Array(8);
+    let v = value;
+    for (let i = 0; i < 8; i++) {
+        bytes[i] = Number(v & 0xffn);
+        v >>= 8n;
+    }
+    return bytes;
+}
+function readUint64Le(bytes, offset) {
+    let value = 0n;
+    for (let i = 7; i >= 0; i--) {
+        value = (value << 8n) | BigInt(bytes[offset + i]);
+    }
+    return value;
+}
+function writeUint32BeInto(bytes, offset, value) {
+    const v = value >>> 0;
+    bytes[offset] = (v >>> 24) & 0xff;
+    bytes[offset + 1] = (v >>> 16) & 0xff;
+    bytes[offset + 2] = (v >>> 8) & 0xff;
+    bytes[offset + 3] = v & 0xff;
+}
+function readUint32Be(bytes, offset) {
+    return (((bytes[offset] << 24) >>> 0) |
+        (bytes[offset + 1] << 16) |
+        (bytes[offset + 2] << 8) |
+        bytes[offset + 3]) >>> 0;
+}