@freesignal/protocol 0.1.2 → 0.1.5

package/README.md

@@ -0,0 +1,34 @@
+# freesignal-protocol
+
+This library implements a secure messaging protocol inspired by Signal, with support for encryption, data management, and key exchange.
+
+## Main File Structure
+
+- **[src/crypto.ts](src/crypto.ts)**  
+    Contains cryptographic primitives, including box, ECDH, EdDSA, and UUID.  
+    See [`crypto.box`](src/crypto.ts), [`crypto.ECDH`](src/crypto.ts), [`crypto.EdDSA`](src/crypto.ts), [`crypto.UUID`](src/crypto.ts).
+
+- **[src/data.ts](src/data.ts)**  
+    Defines data structures for messages and datagrams, including attachments and serialization.  
+    See [`Datagram`](src/data.ts), [`Message`](src/data.ts).
+
+- **[src/double-ratchet.ts](src/double-ratchet.ts)**  
+    Implements the Double Ratchet algorithm for forward secrecy in conversations.
+
+- **[src/types.ts](src/types.ts)**  
+    Defines types and interfaces used throughout the project.
+
+- **[src/utils.ts](src/utils.ts)**  
+    Utility functions for manipulating arrays, strings, and binary data.
+
+- **[src/x3dh.ts](src/x3dh.ts)**  
+    Implements the X3DH protocol for secure key exchange between users.
+
+## How to Use
+
+Import the required modules from [src/index.ts](src/index.ts) to access the main protocol features.
+
+## License
+
+Distributed under the GPL v3 license.  
+See [LICENSE](LICENSE) for details.

package/crypto.d.ts

@@ -18,22 +18,31 @@
  */
 export type HashAlgorithms = 'sha224' | 'sha256' | 'sha384' | 'sha512';
 export type HmacAlgorithms = 'kmac128' | 'kmac256';
+interface UUIDv4 {
+    toString(): string;
+    toJSON(): string;
+    toBuffer(): Uint8Array;
+}
 export interface Crypto {
     hash(message: Uint8Array, algorithm?: HashAlgorithms): Uint8Array;
     hmac(key: Uint8Array, message: Uint8Array, length?: number, algorithm?: HmacAlgorithms): Uint8Array;
     hkdf(key: Uint8Array, salt: Uint8Array, info?: Uint8Array | string, length?: number): Uint8Array;
+    readonly KeyPair: typeof Crypto.KeyPair;
     readonly box: Crypto.box;
     readonly ECDH: Crypto.ECDH;
     readonly EdDSA: Crypto.EdDSA;
+    readonly UUID: Crypto.UUID;
     randomBytes(n: number): Uint8Array;
     scalarMult(n: Uint8Array, p: Uint8Array): Uint8Array;
-    generateId(): Crypto.UUID;
 }
 export declare namespace Crypto {
     type KeyPair = {
-        publicKey: Uint8Array;
-        secretKey: Uint8Array;
+        readonly publicKey: Uint8Array;
+        readonly secretKey: Uint8Array;
     };
+    namespace KeyPair {
+        function isKeyPair(obj: any): boolean;
+    }
     interface box {
         readonly keyLength: number;
         readonly nonceLength: number;
@@ -57,9 +66,9 @@ export declare namespace Crypto {
         verify(msg: Uint8Array, sig: Uint8Array, publicKey: Uint8Array): boolean;
     }
     interface UUID {
-        toString(): string;
-        toJSON(): string;
-        toBuffer(): Uint8Array;
+        generate(): UUIDv4;
+        stringify(arr: Uint8Array, offset?: number): string;
+        parse(uuid: string): Uint8Array;
     }
 }
 declare const crypto: Crypto;

package/crypto.js

@@ -21,15 +21,27 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.Crypto = void 0;
 const js_sha3_1 = require("js-sha3");
 const tweetnacl_1 = __importDefault(require("tweetnacl"));
 const uuid_1 = require("uuid");
 const utils_1 = require("./utils");
+var Crypto;
+(function (Crypto) {
+})(Crypto || (exports.Crypto = Crypto = {}));
 class CryptoConstructor {
     constructor() {
+        this.KeyPair = {
+            isKeyPair(obj) {
+                if (typeof obj === 'object' && obj.publicKey && obj.secretKey)
+                    return true;
+                return false;
+            }
+        };
         this.box = new CryptoConstructor.box();
         this.ECDH = new CryptoConstructor.ECDH();
         this.EdDSA = new CryptoConstructor.EdDSA();
+        this.UUID = new CryptoConstructor.UUID();
         this.randomBytes = tweetnacl_1.default.randomBytes;
     }
     hash(message, algorithm = 'sha256') {
@@ -63,9 +75,6 @@ class CryptoConstructor {
     scalarMult(n, p) {
         return tweetnacl_1.default.scalarMult(n, p);
     }
-    generateId() {
-        return new CryptoConstructor.UUID();
-    }
 }
 (function (CryptoConstructor) {
     class box {
@@ -121,6 +130,18 @@ class CryptoConstructor {
     }
     CryptoConstructor.EdDSA = EdDSA;
     class UUID {
+        generate() {
+            return new UUIDv4();
+        }
+        stringify(arr, offset) {
+            return (0, uuid_1.stringify)(arr, offset);
+        }
+        parse(uuid) {
+            return (0, uuid_1.parse)(uuid);
+        }
+    }
+    CryptoConstructor.UUID = UUID;
+    class UUIDv4 {
         constructor() {
             this.value = (0, uuid_1.v4)();
         }
@@ -134,7 +155,6 @@ class CryptoConstructor {
             return (0, utils_1.decodeUTF8)(this.value);
         }
     }
-    CryptoConstructor.UUID = UUID;
 })(CryptoConstructor || (CryptoConstructor = {}));
 const crypto = new CryptoConstructor();
 exports.default = crypto;

package/data.d.ts

@@ -16,15 +16,7 @@
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <https://www.gnu.org/licenses/>
  */
-export interface Encodable {
-    readonly length: number;
-    encode(): Uint8Array;
-    toString(): string;
-    toJSON(): string;
-}
-export declare namespace Encodable {
-    function isEncodable(obj: any): boolean;
-}
+import { Encodable } from "./types";
 export declare enum Protocols {
     NULL = "",
     MESSAGE = "/freesignal/message/1.0.0",
@@ -40,11 +32,13 @@ export declare namespace Protocols {
 export interface Datagram {
     readonly id: string;
     readonly version: number;
-    readonly sender: string;
-    readonly receiver: string;
+    readonly senderKey: string;
+    readonly senderRelay?: string;
+    readonly receiverKey: string;
+    readonly receiverRelay?: string;
     readonly protocol: Protocols;
-    payload?: Uint8Array;
     readonly createdAt: number;
+    payload?: Uint8Array;
 }
 export declare namespace Datagram {
     const version = 1;
@@ -53,63 +47,21 @@ export declare namespace Datagram {
     function from(data: Uint8Array): DatagramConstructor;
 }
 declare class DatagramConstructor implements Encodable, Datagram {
-    readonly createdAt: number;
     readonly id: string;
     readonly version: number;
-    readonly sender: string;
-    readonly receiver: string;
+    readonly senderKey: string;
+    readonly senderRelay?: string;
+    readonly receiverKey: string;
+    readonly receiverRelay?: string;
     readonly protocol: Protocols;
+    readonly createdAt: number;
     payload?: Uint8Array;
+    private static headerOffset;
     constructor(sender: Uint8Array | string, receiver: Uint8Array | string, protocol: Protocols, payload?: Uint8Array | Encodable);
     constructor(data: Uint8Array | Datagram);
-    get length(): number;
-    encode(): Uint8Array;
+    encode(compression?: boolean): Uint8Array;
+    encodeSigned(secretKey: Uint8Array, compression?: boolean): Uint8Array;
     toString(): string;
     toJSON(): string;
 }
-type Attachment = any;
-export interface Message {
-    readonly version: number;
-    text: string;
-    group?: string;
-    attachments?: Attachment[];
-}
-export declare namespace Message {
-    function isMessage(obj: any): boolean;
-    function create(opts?: {
-        text?: string;
-        group?: string;
-        attachments?: Attachment[];
-    }): MessageConstructor;
-    function from(data: Uint8Array | Message): MessageConstructor;
-}
-declare class MessageConstructor implements Encodable, Message {
-    static readonly version = 1;
-    readonly version: number;
-    text: string;
-    group?: string;
-    attachments?: Attachment[];
-    constructor(opts?: {
-        text?: string;
-        group?: string;
-        attachments?: Attachment[];
-    });
-    constructor(data: Uint8Array | Message);
-    get length(): number;
-    setText(str: string): this;
-    setGroup(str: string): this;
-    addAttachment(obj: Attachment): this;
-    delAttachment(obj: Attachment): this | undefined;
-    encode(): Uint8Array;
-    toString(): string;
-    toJSON(): string;
-}
-type LocalStorageIterator<T> = Iterable<T>;
-export interface LocalStorage<K, T> {
-    set(key: K, value: T): this;
-    get(key: K): T | undefined;
-    has(key: K): boolean;
-    delete(key: K): boolean;
-    entries(): LocalStorageIterator<[K, T]>;
-}
 export {};

package/data.js

@@ -21,17 +21,10 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.Message = exports.Datagram = exports.Protocols = exports.Encodable = void 0;
+exports.Datagram = exports.Protocols = void 0;
 const utils_1 = require("./utils");
 const crypto_1 = __importDefault(require("./crypto"));
-var Encodable;
-(function (Encodable) {
-    const properties = ['length', 'encode', 'toString', 'toJSON'];
-    function isEncodable(obj) {
-        return !properties.some(prop => !obj[prop]);
-    }
-    Encodable.isEncodable = isEncodable;
-})(Encodable || (exports.Encodable = Encodable = {}));
+const fflate_1 = __importDefault(require("fflate"));
 var Protocols;
 (function (Protocols) {
     Protocols["NULL"] = "";
@@ -52,9 +45,10 @@ var Protocols;
     }
     Protocols.toCode = toCode;
     function encode(protocol, length) {
-        const raw = (0, utils_1.numberToUint8Array)(Protocols.toCode(protocol), length).reverse();
+        /*const raw = numberToUint8Array(Protocols.toCode(protocol), length).reverse();
         raw[0] |= (raw.length - 1) << 6;
-        return raw;
+        return raw;*/
+        return (0, utils_1.numberToUint8Array)(Protocols.toCode(protocol), length !== null && length !== void 0 ? length : 4, 'big');
     }
     Protocols.encode = encode;
     function decode(array) {
@@ -84,149 +78,99 @@ class DatagramConstructor {
     constructor(data, receiver, protocol, payload) {
         if (!receiver && !protocol && !payload) {
             if (data instanceof Uint8Array) {
-                const obj = (0, utils_1.encodeUTF8)(data).split(':');
-                this.id = obj[0];
-                this.version = parseInt(obj[1]);
-                this.sender = obj[2];
-                this.receiver = obj[3];
-                this.protocol = Protocols.fromCode(parseInt(obj[4]));
-                this.payload = obj[5] ? (0, utils_1.decodeUTF8)(obj[5]) : undefined;
-                this.createdAt = parseInt(obj[6]);
+                this.version = data[0] & 63;
+                this.protocol = Protocols.decode(data.subarray(1, 4));
+                this.id = crypto_1.default.UUID.stringify(data.subarray(4, 20));
+                this.createdAt = (0, utils_1.numberFromUint8Array)(data.subarray(20, 28));
+                this.senderKey = (0, utils_1.encodeBase64)(data.subarray(28, 28 + crypto_1.default.EdDSA.publicKeyLength));
+                this.receiverKey = (0, utils_1.encodeBase64)(data.subarray(28 + crypto_1.default.EdDSA.publicKeyLength, DatagramConstructor.headerOffset));
+                const senderRelayOffset = data.indexOf(255, DatagramConstructor.headerOffset);
+                const receiverRelayOffset = data.indexOf(255, senderRelayOffset + 1);
+                this.senderRelay = (0, utils_1.encodeUTF8)(data.subarray(DatagramConstructor.headerOffset, senderRelayOffset)) ? "" : undefined;
+                this.receiverRelay = (0, utils_1.encodeUTF8)(data.subarray(senderRelayOffset + 1, receiverRelayOffset)) ? "" : undefined;
+                if (data[0] & 128) {
+                    const signature = data.subarray(data.length - crypto_1.default.EdDSA.signatureLength);
+                    if (!crypto_1.default.EdDSA.verify(data.subarray(0, data.length - crypto_1.default.EdDSA.signatureLength), signature, data.subarray(28, 28 + crypto_1.default.EdDSA.publicKeyLength)))
+                        throw new Error('Invalid signature for Datagram');
+                }
+                if (data[0] & 64)
+                    this.payload = fflate_1.default.inflateSync(data.subarray(receiverRelayOffset + 1, data.length));
+                else
+                    this.payload = data.subarray(receiverRelayOffset + 1, data.length);
             }
-            else {
+            else if (Datagram.isDatagram(data)) {
                 const datagram = data;
                 this.id = datagram.id;
                 this.version = datagram.version;
-                this.sender = datagram.sender;
-                this.receiver = datagram.receiver;
+                this.senderKey = datagram.senderKey;
+                this.receiverKey = datagram.receiverKey;
                 this.protocol = datagram.protocol;
-                this.payload = datagram.payload;
                 this.createdAt = datagram.createdAt;
+                this.senderRelay = datagram.senderRelay;
+                this.receiverRelay = datagram.receiverRelay;
+                this.payload = datagram.payload;
             }
+            else
+                throw new Error('Invalid constructor arguments for Datagram');
         }
         else if (typeof data === 'string' || data instanceof Uint8Array) {
-            this.id = crypto_1.default.generateId().toString();
+            this.id = crypto_1.default.UUID.generate().toString();
             this.version = Datagram.version;
-            this.sender = typeof data === 'string' ? data : (0, utils_1.encodeBase64)(data);
-            this.receiver = typeof receiver === 'string' ? receiver : (0, utils_1.encodeBase64)(receiver);
+            if (typeof data === 'string') {
+                const address = data.split('@');
+                this.senderKey = address[0];
+                this.senderRelay = address[1];
+            }
+            else
+                this.senderKey = (0, utils_1.encodeBase64)(data);
+            if (typeof receiver === 'string') {
+                const address = receiver.split('@');
+                this.receiverKey = address[0];
+                this.receiverRelay = address[1];
+            }
+            else
+                this.receiverKey = (0, utils_1.encodeBase64)(receiver);
             this.protocol = protocol;
-            this.payload = payload instanceof Uint8Array ? payload : payload === null || payload === void 0 ? void 0 : payload.encode();
             this.createdAt = Date.now();
+            this.payload = payload instanceof Uint8Array ? payload : payload === null || payload === void 0 ? void 0 : payload.encode();
         }
         else
             throw new Error('Invalid constructor arguments for Datagram');
     }
-    get length() { return this.encode().length; }
-    encode() {
-        return (0, utils_1.decodeUTF8)([
-            this.id,
-            this.version,
-            this.sender,
-            this.receiver,
-            Protocols.toCode(this.protocol).toString(),
-            this.payload ? this.payload : undefined, this.createdAt
-        ].filter(x => x !== undefined).join(':'));
+    encode(compression = true) {
+        var _a;
+        compression = compression && this.payload != undefined && this.payload.length > 1024;
+        return (0, utils_1.concatUint8Array)(new Uint8Array(1).fill(this.version | (compression ? 64 : 0)), //1
+        Protocols.encode(this.protocol, 3), //3
+        (_a = crypto_1.default.UUID.parse(this.id)) !== null && _a !== void 0 ? _a : [], //16
+        (0, utils_1.numberToUint8Array)(this.createdAt, 8), //8
+        (0, utils_1.decodeBase64)(this.senderKey), //32
+        (0, utils_1.decodeBase64)(this.receiverKey), //32
+        ...(this.senderRelay ? [(0, utils_1.decodeUTF8)(this.senderRelay)] : []), new Uint8Array(1).fill(255), ...(this.receiverRelay ? [(0, utils_1.decodeUTF8)(this.receiverRelay)] : []), new Uint8Array(1).fill(255), ...(this.payload ? [compression ? fflate_1.default.deflateSync(this.payload) : this.payload] : []));
+    }
+    encodeSigned(secretKey, compression) {
+        //if (!this.payload) throw new Error('Cannot sign a datagram without payload');
+        const header = this.encode(compression);
+        header[0] |= 128; // Set the sign bit
+        const signature = crypto_1.default.EdDSA.sign(header, secretKey);
+        return (0, utils_1.concatUint8Array)(header, signature);
     }
     toString() {
-        return this.toJSON();
+        return (0, utils_1.encodeBase64)(this.encode());
     }
     toJSON() {
-        return JSON.stringify({
+        /*return JSON.stringify({
             id: this.id,
             version: this.version,
-            sender: this.sender,
-            receiver: this.receiver,
+            senderKey: this.senderKey,
+            senderRelay: this.senderRelay,
+            receiverKey: this.receiverKey,
+            receiverRelay: this.receiverRelay,
             protocol: this.protocol,
-            payload: this.payload ? (0, utils_1.encodeUTF8)(this.payload) : undefined,
-            createdAt: this.createdAt
-        });
-    }
-}
-var Message;
-(function (Message) {
-    function isMessage(obj) {
-        return obj instanceof MessageConstructor || (obj && typeof obj === 'object' && 'version' in obj && 'text' in obj && 'group' in obj && 'attachments' in obj);
-    }
-    Message.isMessage = isMessage;
-    function create(opts) {
-        return new MessageConstructor(opts);
-    }
-    Message.create = create;
-    ;
-    function from(data) {
-        return new MessageConstructor(data);
-    }
-    Message.from = from;
-})(Message || (exports.Message = Message = {}));
-class MessageConstructor {
-    constructor(opts) {
-        var _a;
-        this.version = MessageConstructor.version;
-        this.text = "";
-        if (Message.isMessage(opts)) {
-            const json = opts;
-            this.version = json.version;
-            this.text = json.text;
-            this.group = json.group;
-            this.attachments = json.attachments;
-        }
-        else if (!opts) {
-            this.text = "";
-        }
-        else if (opts instanceof Uint8Array) {
-            const arr = (0, utils_1.encodeUTF8)(opts).split(':');
-            this.version = arr[0];
-            this.text = (_a = arr[1]) !== null && _a !== void 0 ? _a : "";
-            this.group = arr[2];
-            this.attachments = arr[3] ? JSON.parse(arr[3]) : undefined;
-        }
-        else if (typeof opts === 'object') {
-            const { text, group, attachments } = opts;
-            this.text = text || "";
-            this.group = group;
-            this.attachments = attachments || [];
-        }
-        else {
-            throw new Error('Invalid constructor arguments for Message');
-        }
-    }
-    get length() { return this.encode().length; }
-    setText(str) {
-        this.text = str;
-        return this;
-    }
-    setGroup(str) {
-        this.group = str;
-        return this;
-    }
-    addAttachment(obj) {
-        if (this.attachments)
-            this.attachments.push(obj);
-        else
-            this.attachments = [obj];
-        return this;
-    }
-    delAttachment(obj) {
-        var _a;
-        const index = (_a = this.attachments) === null || _a === void 0 ? void 0 : _a.indexOf(obj);
-        if (!index || !this.attachments)
-            return undefined;
-        this.attachments = this.attachments.filter((v, i) => index !== i);
-        return this;
-    }
-    encode() {
-        return (0, utils_1.decodeUTF8)([this.version, this.text, this.group, JSON.stringify(this.attachments || [])].join(':'));
-    }
-    toString() {
-        return this.toJSON();
-    }
-    toJSON() {
-        return JSON.stringify({
-            version: MessageConstructor.version,
-            text: this.text,
-            group: this.group,
-            attachments: JSON.stringify(this.attachments)
-        });
+            createdAt: this.createdAt,
+            payload: this.payload ? encodeBase64(this.payload) : undefined
+        });*/
+        return this.toString();
     }
 }
-MessageConstructor.version = 1;
+DatagramConstructor.headerOffset = 28 + crypto_1.default.EdDSA.publicKeyLength * 2;

package/double-ratchet.d.ts

@@ -16,7 +16,7 @@
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <https://www.gnu.org/licenses/>
  */
-import { Encodable } from "./data";
+import { Encodable } from "./types";
 type ExportedKeySession = {
     secretKey: string;
     remoteKey: string;
@@ -72,14 +72,14 @@ export declare class KeySession {
      * @param message - The message as a Uint8Array.
      * @returns An EncryptedPayload or undefined if encryption fails.
      */
-    encrypt(message: Uint8Array): EncryptedPayload;
+    encrypt(message: Uint8Array): EncryptedData;
     /**
      * Decrypts an encrypted message.
      *
      * @param payload - The received encrypted message.
      * @returns The decrypted message as a Uint8Array, or undefined if decryption fails.
      */
-    decrypt(payload: Uint8Array | EncryptedPayload): Uint8Array | undefined;
+    decrypt(payload: Uint8Array | EncryptedData): Uint8Array | undefined;
     /**
      * Export the state of the session;
      */
@@ -102,7 +102,7 @@ export declare class KeySession {
  * Interface representing an encrypted payload.
  * Provides metadata and de/serialization methods.
  */
-export interface EncryptedPayload extends Encodable {
+export interface EncryptedData extends Encodable {
     /**
      * The length of the payload.
      */
@@ -144,13 +144,13 @@ export interface EncryptedPayload extends Encodable {
      */
     toJSON(): string;
 }
-export declare class EncryptedPayload {
+export declare class EncryptedData {
     /**
      * Static factory method that constructs an `EncryptedPayload` from a raw Uint8Array.
      *
      * @param array - A previously serialized encrypted payload.
      * @returns An instance of `EncryptedPayload`.
      */
-    static from(array: Uint8Array | EncryptedPayload): EncryptedPayload;
+    static from(array: Uint8Array | EncryptedData): EncryptedData;
 }
 export {};

package/double-ratchet.js

@@ -21,7 +21,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.EncryptedPayload = exports.KeySession = void 0;
+exports.EncryptedData = exports.KeySession = void 0;
 const crypto_1 = __importDefault(require("./crypto"));
 const utils_1 = require("./utils");
 /**
@@ -57,12 +57,12 @@ class KeySession {
     setRemoteKey(key) {
         this._remoteKey = key;
         this.receivingChain = this.ratchetKeys();
-        if (this.receivingCount > (EncryptedPayloadConstructor.maxCount - KeySession.skipLimit * 2))
+        if (this.receivingCount > (EncryptedDataConstructor.maxCount - KeySession.skipLimit * 2))
             this.receivingCount = 0;
         this.previousCount = this.sendingCount;
         this.keyPair = crypto_1.default.ECDH.keyPair();
         this.sendingChain = this.ratchetKeys();
-        if (this.sendingCount > (EncryptedPayloadConstructor.maxCount - KeySession.skipLimit * 2))
+        if (this.sendingCount > (EncryptedDataConstructor.maxCount - KeySession.skipLimit * 2))
             this.sendingCount = 0;
         return this;
     }
@@ -100,11 +100,11 @@ class KeySession {
      */
     encrypt(message) {
         const key = this.getSendingKey();
-        if (this.sendingCount >= EncryptedPayloadConstructor.maxCount || this.previousCount >= EncryptedPayloadConstructor.maxCount)
+        if (this.sendingCount >= EncryptedDataConstructor.maxCount || this.previousCount >= EncryptedDataConstructor.maxCount)
             throw new Error();
-        const nonce = crypto_1.default.randomBytes(EncryptedPayloadConstructor.nonceLength);
+        const nonce = crypto_1.default.randomBytes(EncryptedDataConstructor.nonceLength);
         const ciphertext = crypto_1.default.box.encrypt(message, nonce, key);
-        return new EncryptedPayloadConstructor(this.sendingCount, this.previousCount, this.keyPair.publicKey, nonce, ciphertext);
+        return new EncryptedDataConstructor(this.sendingCount, this.previousCount, this.keyPair.publicKey, nonce, ciphertext);
     }
     /**
      * Decrypts an encrypted message.
@@ -114,7 +114,7 @@ class KeySession {
      */
     decrypt(payload) {
         var _a;
-        const encrypted = EncryptedPayload.from(payload);
+        const encrypted = EncryptedData.from(payload);
         const publicKey = encrypted.publicKey;
         if (!(0, utils_1.verifyUint8Array)(publicKey, this._remoteKey)) {
             while (this.receivingCount < encrypted.previous)
@@ -188,7 +188,7 @@ KeySession.rootKeyLength = crypto_1.default.box.keyLength;
  * Typically 32 bytes (256 bits) for symmetric keys.
  */
 KeySession.keyLength = 32;
-class EncryptedPayload {
+class EncryptedData {
     /**
      * Static factory method that constructs an `EncryptedPayload` from a raw Uint8Array.
      *
@@ -196,24 +196,27 @@ class EncryptedPayload {
      * @returns An instance of `EncryptedPayload`.
      */
     static from(array) {
-        return new EncryptedPayloadConstructor(array);
+        return new EncryptedDataConstructor(array);
     }
 }
-exports.EncryptedPayload = EncryptedPayload;
-class EncryptedPayloadConstructor {
+exports.EncryptedData = EncryptedData;
+class EncryptedDataConstructor {
     constructor(...arrays) {
-        var _a;
         arrays = arrays.filter(value => value !== undefined);
-        if (arrays[0] instanceof EncryptedPayloadConstructor) {
+        if (arrays[0] instanceof EncryptedDataConstructor) {
             this.raw = arrays[0].raw;
             return this;
         }
         if (typeof arrays[0] === 'number')
-            arrays[0] = (0, utils_1.numberToUint8Array)(arrays[0], EncryptedPayloadConstructor.countLength);
+            arrays[0] = (0, utils_1.numberToUint8Array)(arrays[0], EncryptedDataConstructor.countLength);
         if (typeof arrays[1] === 'number')
-            arrays[1] = (0, utils_1.numberToUint8Array)(arrays[1], EncryptedPayloadConstructor.countLength);
-        if (arrays.length > 1) {
-            arrays.unshift((_a = (typeof arrays[5] === 'number' ? (0, utils_1.numberToUint8Array)(arrays[5]) : arrays[5])) !== null && _a !== void 0 ? _a : (0, utils_1.numberToUint8Array)(KeySession.version));
+            arrays[1] = (0, utils_1.numberToUint8Array)(arrays[1], EncryptedDataConstructor.countLength);
+        if (arrays.length === 6) {
+            arrays.unshift(typeof arrays[5] === 'number' ? (0, utils_1.numberToUint8Array)(arrays[5]) : arrays[5]);
+            arrays.pop();
+        }
+        else if (arrays.length > 1) {
+            arrays.unshift((0, utils_1.numberToUint8Array)(KeySession.version));
         }
         this.raw = (0, utils_1.concatUint8Array)(...arrays);
     }
@@ -244,12 +247,12 @@ class EncryptedPayloadConstructor {
         return JSON.stringify(this.decode());
     }
 }
-EncryptedPayloadConstructor.secretKeyLength = crypto_1.default.ECDH.secretKeyLength;
-EncryptedPayloadConstructor.publicKeyLength = crypto_1.default.ECDH.publicKeyLength;
-EncryptedPayloadConstructor.keyLength = crypto_1.default.box.keyLength;
-EncryptedPayloadConstructor.nonceLength = crypto_1.default.box.nonceLength;
-EncryptedPayloadConstructor.maxCount = 65536; //32768;
-EncryptedPayloadConstructor.countLength = 2;
+EncryptedDataConstructor.secretKeyLength = crypto_1.default.ECDH.secretKeyLength;
+EncryptedDataConstructor.publicKeyLength = crypto_1.default.ECDH.publicKeyLength;
+EncryptedDataConstructor.keyLength = crypto_1.default.box.keyLength;
+EncryptedDataConstructor.nonceLength = crypto_1.default.box.nonceLength;
+EncryptedDataConstructor.maxCount = 65536; //32768;
+EncryptedDataConstructor.countLength = 2;
 class Offsets {
     static set(start, length) {
         class Offset {
@@ -268,10 +271,10 @@ class Offsets {
 }
 Offsets.checksum = Offsets.set(0, 0);
 Offsets.version = Offsets.set(Offsets.checksum.end, 1);
-Offsets.count = Offsets.set(Offsets.version.end, EncryptedPayloadConstructor.countLength);
-Offsets.previous = Offsets.set(Offsets.count.end, EncryptedPayloadConstructor.countLength);
-Offsets.publicKey = Offsets.set(Offsets.previous.end, EncryptedPayloadConstructor.publicKeyLength);
-Offsets.nonce = Offsets.set(Offsets.publicKey.end, EncryptedPayloadConstructor.nonceLength);
+Offsets.count = Offsets.set(Offsets.version.end, EncryptedDataConstructor.countLength);
+Offsets.previous = Offsets.set(Offsets.count.end, EncryptedDataConstructor.countLength);
+Offsets.publicKey = Offsets.set(Offsets.previous.end, EncryptedDataConstructor.publicKeyLength);
+Offsets.nonce = Offsets.set(Offsets.publicKey.end, EncryptedDataConstructor.nonceLength);
 Offsets.ciphertext = Offsets.set(Offsets.nonce.end, undefined);
 class KeyMap extends Map {
     get(key) {

package/index.d.ts

@@ -1,5 +1,23 @@
+/**
+ * FreeSignal Protocol
+ *
+ * Copyright (C) 2025  Christian Braghette
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>
+ */
 import crypto from "./crypto";
-import { LocalStorage } from "./data";
+import { LocalStorage } from "./types";
 import { KeySession } from "./double-ratchet";
 import { KeyExchange } from "./x3dh";
 /**
@@ -22,4 +40,7 @@ export declare function createKeySession(opts?: {
  * @param bundleStore
  * @returns A new X3DH session.
  */
-export declare function createKeyExchange(signKeyPair: crypto.KeyPair, bundleStore?: LocalStorage<string, crypto.KeyPair>): KeyExchange;
+export declare function createKeyExchange(signSecretKey: Uint8Array, boxSecretKey: Uint8Array, bundleStore?: LocalStorage<string, crypto.KeyPair>): KeyExchange;
+export * from "./types";
+export { Protocols, Datagram } from "./data";
+export { EncryptedData } from "./double-ratchet";

package/index.js

@@ -1,5 +1,38 @@
 "use strict";
+/**
+ * FreeSignal Protocol
+ *
+ * Copyright (C) 2025  Christian Braghette
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.EncryptedData = exports.Datagram = exports.Protocols = void 0;
 exports.createKeySession = createKeySession;
 exports.createKeyExchange = createKeyExchange;
 const double_ratchet_1 = require("./double-ratchet");
@@ -22,6 +55,12 @@ function createKeySession(opts) {
  * @param bundleStore
  * @returns A new X3DH session.
  */
-function createKeyExchange(signKeyPair, bundleStore) {
-    return new x3dh_1.KeyExchange(signKeyPair, bundleStore);
+function createKeyExchange(signSecretKey, boxSecretKey, bundleStore) {
+    return new x3dh_1.KeyExchange(signSecretKey, boxSecretKey, bundleStore);
 }
+__exportStar(require("./types"), exports);
+var data_1 = require("./data");
+Object.defineProperty(exports, "Protocols", { enumerable: true, get: function () { return data_1.Protocols; } });
+Object.defineProperty(exports, "Datagram", { enumerable: true, get: function () { return data_1.Datagram; } });
+var double_ratchet_2 = require("./double-ratchet");
+Object.defineProperty(exports, "EncryptedData", { enumerable: true, get: function () { return double_ratchet_2.EncryptedData; } });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@freesignal/protocol",
-  "version": "0.1.2",
+  "version": "0.1.5",
   "description": "Signal Protocol implementation in javascript",
   "license": "GPL-3.0-or-later",
   "author": "Christian Braghette",
@@ -12,6 +12,7 @@
   },
   "dependencies": {
     "base64-js": "^1.5.1",
+    "fflate": "^0.8.2",
     "js-sha3": "^0.9.3",
     "tweetnacl": "^1.0.3",
     "uuid": "^11.1.0"

package/test.js

@@ -6,20 +6,26 @@ var _a, _b;
 Object.defineProperty(exports, "__esModule", { value: true });
 const _1 = require(".");
 const crypto_1 = __importDefault(require("./crypto"));
+const data_1 = require("./data");
 const utils_1 = require("./utils");
-const bob = (0, _1.createKeyExchange)(crypto_1.default.EdDSA.keyPair());
-const alice = (0, _1.createKeyExchange)(crypto_1.default.EdDSA.keyPair());
-const bobmessage = bob.generateSyn();
-const { session: alicesession, ackMessage: aliceack } = alice.digestSyn(bobmessage);
-const { session: bobsession, cleartext } = (_a = bob.digestAck(aliceack)) !== null && _a !== void 0 ? _a : {};
+const bob = (0, _1.createKeyExchange)(crypto_1.default.EdDSA.keyPair().secretKey, crypto_1.default.ECDH.keyPair().secretKey);
+const alice = (0, _1.createKeyExchange)(crypto_1.default.EdDSA.keyPair().secretKey, crypto_1.default.ECDH.keyPair().secretKey);
+const bobmessage = bob.generateData();
+const { session: alicesession, message: aliceack } = alice.digestData(bobmessage);
+const { session: bobsession, cleartext } = (_a = bob.digestMessage(aliceack)) !== null && _a !== void 0 ? _a : {};
 if (bobsession && cleartext) {
     console.log("Session established successfully between Alice and Bob.");
-    const msg = (_b = bobsession.encrypt((0, utils_1.decodeUTF8)("Hi Alice!"))) === null || _b === void 0 ? void 0 : _b.encode();
-    console.log((0, utils_1.encodeUTF8)(alicesession.decrypt(msg)));
+    const datagram = data_1.Datagram.create(bob.signatureKey, alice.signatureKey, data_1.Protocols.MESSAGE, (_b = bobsession.encrypt((0, utils_1.decodeUTF8)("Hi Alice!"))) === null || _b === void 0 ? void 0 : _b.encode());
+    //console.log(datagram.payload);
+    const msg = datagram.encode();
+    console.log((0, utils_1.encodeUTF8)(alicesession.decrypt(data_1.Datagram.from(msg).payload)));
     if (alicesession.handshaked && bobsession.handshaked)
         console.log("Successfully handshaked");
     else
         console.log("Error during handshake");
+    const longmsg = data_1.Datagram.create(alice.signatureKey, bob.signatureKey, data_1.Protocols.MESSAGE, alicesession.encrypt(new Uint8Array(1000000).fill(33).map(val => val + Math.floor(Math.random() * 93))));
+    console.log(longmsg.encode().length);
+    console.log(longmsg.encode(false).length);
 }
 else
     console.log("Error");

package/types.d.ts

@@ -0,0 +1,61 @@
+/**
+ * FreeSignal Protocol
+ *
+ * Copyright (C) 2025  Christian Braghette
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>
+ */
+/** */
+export interface Encodable {
+    encode(): Uint8Array;
+    toString(): string;
+    toJSON(): string;
+}
+export declare namespace Encodable {
+    function isEncodable(obj: any): boolean;
+}
+type LocalStorageIterator<T> = Iterable<T>;
+export interface LocalStorage<K, T> {
+    set(key: K, value: T): this;
+    get(key: K): T | undefined;
+    has(key: K): boolean;
+    delete(key: K): boolean;
+    entries(): LocalStorageIterator<[K, T]>;
+}
+export interface KeyExchangeData {
+    readonly version: number;
+    readonly publicKey: string;
+    readonly identityKey: string;
+    readonly signedPreKey: string;
+    readonly signature: string;
+    readonly onetimePreKey: string;
+}
+export interface KeyExchangeSynMessage {
+    readonly version: number;
+    readonly publicKey: string;
+    readonly identityKey: string;
+    readonly ephemeralKey: string;
+    readonly signedPreKeyHash: string;
+    readonly onetimePreKeyHash: string;
+    readonly associatedData: string;
+}
+export interface KeyExchangeDataBundle {
+    readonly version: number;
+    readonly publicKey: string;
+    readonly identityKey: string;
+    readonly signedPreKey: string;
+    readonly signature: string;
+    readonly onetimePreKey: string[];
+}
+export {};

package/types.js

@@ -0,0 +1,29 @@
+"use strict";
+/**
+ * FreeSignal Protocol
+ *
+ * Copyright (C) 2025  Christian Braghette
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Encodable = void 0;
+var Encodable;
+(function (Encodable) {
+    const properties = ['encode', 'toString', 'toJSON'];
+    function isEncodable(obj) {
+        return !properties.some(prop => !obj[prop]);
+    }
+    Encodable.isEncodable = isEncodable;
+})(Encodable || (exports.Encodable = Encodable = {}));

package/utils.js

@@ -135,6 +135,7 @@ function verifyUint8Array(a, ...b) {
  * @returns A Uint8Array
  */
 function concatUint8Array(...arrays) {
+    //arrays = arrays.filter(array => array != undefined);
     const out = new Uint8Array(arrays.map(value => value.length).reduce((prev, curr) => prev + curr));
     let offset = 0;
     arrays.forEach(array => {

package/x3dh.d.ts

@@ -17,52 +17,28 @@
  * along with this program.  If not, see <https://www.gnu.org/licenses/>
  */
 import crypto from "./crypto";
-import { LocalStorage } from "./data";
+import { KeyExchangeData, KeyExchangeDataBundle, KeyExchangeSynMessage, LocalStorage } from "./types";
 import { KeySession } from "./double-ratchet";
-interface SynMessage {
-    readonly version: number;
-    readonly publicKey: string;
-    readonly identityKey: string;
-    readonly signedPreKey: string;
-    readonly signature: string;
-    readonly onetimePreKey: string;
-}
-interface AckMessage {
-    readonly version: number;
-    readonly publicKey: string;
-    readonly identityKey: string;
-    readonly ephemeralKey: string;
-    readonly signedPreKeyHash: string;
-    readonly onetimePreKeyHash: string;
-    readonly associatedData: string;
-}
-export interface Bundle {
-    readonly version: number;
-    readonly publicKey: string;
-    readonly identityKey: string;
-    readonly signedPreKey: string;
-    readonly signature: string;
-    readonly onetimePreKeyHash: string[];
-}
 export declare class KeyExchange {
     static readonly version = 1;
     private static readonly hkdfInfo;
     private static readonly maxOPK;
-    private readonly publicKey;
-    private readonly identityKey;
+    private readonly _signatureKey;
+    private readonly _identityKey;
     private readonly bundleStore;
-    constructor(signKeyPair: crypto.KeyPair, bundleStore?: LocalStorage<string, crypto.KeyPair>);
+    constructor(signSecretKey: Uint8Array, boxSecretKey: Uint8Array, bundleStore?: LocalStorage<string, crypto.KeyPair>);
+    get signatureKey(): Uint8Array;
+    get identityKey(): Uint8Array;
     private generateSPK;
     private generateOPK;
-    generateBundle(length?: number): Bundle;
-    generateSyn(): SynMessage;
-    digestSyn(message: SynMessage): {
+    generateBundle(length?: number): KeyExchangeDataBundle;
+    generateData(): KeyExchangeData;
+    digestData(message: KeyExchangeData): {
         session: KeySession;
-        ackMessage: AckMessage;
+        message: KeyExchangeSynMessage;
     };
-    digestAck(message: AckMessage): {
+    digestMessage(message: KeyExchangeSynMessage): {
         session: KeySession;
         cleartext: Uint8Array;
     };
 }
-export {};

package/x3dh.js

@@ -26,11 +26,13 @@ const crypto_1 = __importDefault(require("./crypto"));
 const double_ratchet_1 = require("./double-ratchet");
 const utils_1 = require("./utils");
 class KeyExchange {
-    constructor(signKeyPair, bundleStore) {
-        this.publicKey = signKeyPair;
-        this.identityKey = crypto_1.default.ECDH.keyPair(crypto_1.default.hash(signKeyPair.secretKey));
+    constructor(signSecretKey, boxSecretKey, bundleStore) {
+        this._signatureKey = crypto_1.default.EdDSA.keyPair(signSecretKey);
+        this._identityKey = crypto_1.default.ECDH.keyPair(boxSecretKey);
         this.bundleStore = bundleStore !== null && bundleStore !== void 0 ? bundleStore : new Map();
     }
+    get signatureKey() { return this._signatureKey.publicKey; }
+    get identityKey() { return this._identityKey.publicKey; }
     generateSPK() {
         const signedPreKey = crypto_1.default.ECDH.keyPair();
         const signedPreKeyHash = crypto_1.default.hash(signedPreKey.publicKey);
@@ -48,48 +50,50 @@ class KeyExchange {
         const onetimePreKey = new Array(length !== null && length !== void 0 ? length : KeyExchange.maxOPK).fill(0).map(() => this.generateOPK(signedPreKeyHash).onetimePreKey);
         return {
             version: KeyExchange.version,
-            publicKey: (0, utils_1.encodeBase64)(this.publicKey.publicKey),
-            identityKey: (0, utils_1.encodeBase64)(this.identityKey.publicKey),
+            publicKey: (0, utils_1.encodeBase64)(this._signatureKey.publicKey),
+            identityKey: (0, utils_1.encodeBase64)(this._identityKey.publicKey),
             signedPreKey: (0, utils_1.encodeBase64)(signedPreKey.publicKey),
-            signature: (0, utils_1.encodeBase64)(crypto_1.default.EdDSA.sign(signedPreKeyHash, this.publicKey.secretKey)),
-            onetimePreKeyHash: onetimePreKey.map(opk => (0, utils_1.encodeBase64)(opk.publicKey))
+            signature: (0, utils_1.encodeBase64)(crypto_1.default.EdDSA.sign(signedPreKeyHash, this._signatureKey.secretKey)),
+            onetimePreKey: onetimePreKey.map(opk => (0, utils_1.encodeBase64)(opk.publicKey))
         };
     }
-    generateSyn() {
+    generateData() {
         const { signedPreKey, signedPreKeyHash } = this.generateSPK();
         const { onetimePreKey } = this.generateOPK(signedPreKeyHash);
         return {
             version: KeyExchange.version,
-            publicKey: (0, utils_1.encodeBase64)(this.publicKey.publicKey),
-            identityKey: (0, utils_1.encodeBase64)(this.identityKey.publicKey),
+            publicKey: (0, utils_1.encodeBase64)(this._signatureKey.publicKey),
+            identityKey: (0, utils_1.encodeBase64)(this._identityKey.publicKey),
             signedPreKey: (0, utils_1.encodeBase64)(signedPreKey.publicKey),
-            signature: (0, utils_1.encodeBase64)(crypto_1.default.EdDSA.sign(signedPreKeyHash, this.publicKey.secretKey)),
+            signature: (0, utils_1.encodeBase64)(crypto_1.default.EdDSA.sign(signedPreKeyHash, this._signatureKey.secretKey)),
             onetimePreKey: (0, utils_1.encodeBase64)(onetimePreKey.publicKey)
         };
     }
-    digestSyn(message) {
+    digestData(message) {
         const ephemeralKey = crypto_1.default.ECDH.keyPair();
         const signedPreKey = (0, utils_1.decodeBase64)(message.signedPreKey);
+        if (!crypto_1.default.EdDSA.verify(signedPreKey, (0, utils_1.decodeBase64)(message.signature), (0, utils_1.decodeBase64)(message.publicKey)))
+            throw new Error("Signature verification failed");
         const identityKey = (0, utils_1.decodeBase64)(message.identityKey);
         const onetimePreKey = message.onetimePreKey ? (0, utils_1.decodeBase64)(message.onetimePreKey) : undefined;
         const signedPreKeyHash = crypto_1.default.hash(signedPreKey);
         const onetimePreKeyHash = onetimePreKey ? crypto_1.default.hash(onetimePreKey) : new Uint8Array();
         const rootKey = crypto_1.default.hkdf(new Uint8Array([
-            ...crypto_1.default.scalarMult(this.identityKey.secretKey, signedPreKey),
+            ...crypto_1.default.scalarMult(this._identityKey.secretKey, signedPreKey),
             ...crypto_1.default.scalarMult(ephemeralKey.secretKey, identityKey),
             ...crypto_1.default.scalarMult(ephemeralKey.secretKey, signedPreKey),
             ...onetimePreKey ? crypto_1.default.scalarMult(ephemeralKey.secretKey, onetimePreKey) : new Uint8Array()
         ]), new Uint8Array(double_ratchet_1.KeySession.rootKeyLength).fill(0), KeyExchange.hkdfInfo, double_ratchet_1.KeySession.rootKeyLength);
-        const session = new double_ratchet_1.KeySession({ secretKey: this.identityKey.secretKey, remoteKey: identityKey, rootKey });
-        const cyphertext = session.encrypt((0, utils_1.concatUint8Array)(crypto_1.default.hash(this.identityKey.publicKey), crypto_1.default.hash(identityKey)));
+        const session = new double_ratchet_1.KeySession({ remoteKey: identityKey, rootKey });
+        const cyphertext = session.encrypt((0, utils_1.concatUint8Array)(crypto_1.default.hash(this._identityKey.publicKey), crypto_1.default.hash(identityKey)));
         if (!cyphertext)
             throw new Error();
         return {
             session,
-            ackMessage: {
+            message: {
                 version: KeyExchange.version,
-                publicKey: (0, utils_1.encodeBase64)(this.publicKey.publicKey),
-                identityKey: (0, utils_1.encodeBase64)(this.identityKey.publicKey),
+                publicKey: (0, utils_1.encodeBase64)(this._signatureKey.publicKey),
+                identityKey: (0, utils_1.encodeBase64)(this._identityKey.publicKey),
                 ephemeralKey: (0, utils_1.encodeBase64)(ephemeralKey.publicKey),
                 signedPreKeyHash: (0, utils_1.encodeBase64)(signedPreKeyHash),
                 onetimePreKeyHash: (0, utils_1.encodeBase64)(onetimePreKeyHash),
@@ -97,7 +101,7 @@ class KeyExchange {
             }
         };
     }
-    digestAck(message) {
+    digestMessage(message) {
         const signedPreKey = this.bundleStore.get(message.signedPreKeyHash);
         const hash = message.signedPreKeyHash.concat(message.onetimePreKeyHash);
         const onetimePreKey = this.bundleStore.get(hash);
@@ -109,14 +113,16 @@ class KeyExchange {
         const ephemeralKey = (0, utils_1.decodeBase64)(message.ephemeralKey);
         const rootKey = crypto_1.default.hkdf(new Uint8Array([
             ...crypto_1.default.scalarMult(signedPreKey.secretKey, identityKey),
-            ...crypto_1.default.scalarMult(this.identityKey.secretKey, ephemeralKey),
+            ...crypto_1.default.scalarMult(this._identityKey.secretKey, ephemeralKey),
             ...crypto_1.default.scalarMult(signedPreKey.secretKey, ephemeralKey),
             ...onetimePreKey ? crypto_1.default.scalarMult(onetimePreKey.secretKey, ephemeralKey) : new Uint8Array()
         ]), new Uint8Array(double_ratchet_1.KeySession.rootKeyLength).fill(0), KeyExchange.hkdfInfo, double_ratchet_1.KeySession.rootKeyLength);
-        const session = new double_ratchet_1.KeySession({ secretKey: this.identityKey.secretKey, rootKey });
+        const session = new double_ratchet_1.KeySession({ secretKey: this._identityKey.secretKey, rootKey });
         const cleartext = session.decrypt((0, utils_1.decodeBase64)(message.associatedData));
         if (!cleartext)
             throw new Error("Error decrypting ACK message");
+        if (!(0, utils_1.verifyUint8Array)(cleartext, (0, utils_1.concatUint8Array)(crypto_1.default.hash(identityKey), crypto_1.default.hash(this._identityKey.publicKey))))
+            throw new Error("Error verifing Associated Data");
         return { session, cleartext };
     }
 }