@freesignal/protocol 0.2.11 → 0.3.2

package/dist/node.js

@@ -0,0 +1,242 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
+    if (kind === "m") throw new TypeError("Private method is not writable");
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
+};
+var _BootstrapRequest_status;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FreeSignalNode = void 0;
+const types_1 = require("./types");
+const x3dh_1 = require("./x3dh");
+const double_ratchet_1 = require("./double-ratchet");
+const _1 = require(".");
+const utils_1 = require("@freesignal/utils");
+class BootstrapRequest {
+    constructor(senderId, data, acceptFn) {
+        this.senderId = senderId;
+        this.data = data;
+        this.acceptFn = acceptFn;
+        _BootstrapRequest_status.set(this, 'pending');
+    }
+    get status() {
+        return __classPrivateFieldGet(this, _BootstrapRequest_status, "f");
+    }
+    accept() {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.status === 'pending')
+                __classPrivateFieldSet(this, _BootstrapRequest_status, 'accepted', "f");
+            if (__classPrivateFieldGet(this, _BootstrapRequest_status, "f") === 'accepted')
+                return yield this.acceptFn(this.data);
+        });
+    }
+    deny() {
+        if (this.status === 'pending')
+            __classPrivateFieldSet(this, _BootstrapRequest_status, 'denied', "f");
+        return;
+    }
+}
+_BootstrapRequest_status = new WeakMap();
+class FreeSignalNode {
+    constructor(storage, privateIdentityKey) {
+        this.discovers = new Set();
+        this.bootstraps = new Set();
+        this.privateIdentityKey = privateIdentityKey !== null && privateIdentityKey !== void 0 ? privateIdentityKey : (0, _1.createIdentity)();
+        this.sessions = new SessionMap(storage.sessions);
+        this.keyExchange = new x3dh_1.KeyExchange({ keys: storage.keyExchange, sessions: storage.sessions }, this.privateIdentityKey);
+        this.users = storage.users;
+        this.bundles = storage.bundles;
+    }
+    get identityKey() {
+        return this.privateIdentityKey.identityKey;
+    }
+    get userId() {
+        return types_1.UserId.fromKey(this.identityKey);
+    }
+    get requests() {
+        return Array.from(this.bootstraps.values());
+    }
+    encrypt(receiverId, protocol, data) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (receiverId instanceof types_1.UserId)
+                receiverId = receiverId.toString();
+            const session = yield this.sessions.get(receiverId);
+            if (!session)
+                throw new Error("Session not found for user: " + receiverId);
+            return new types_1.Datagram(this.userId.toString(), receiverId, protocol, yield session.encrypt(data)).sign(this.privateIdentityKey.signatureKey);
+        });
+    }
+    packHandshake(data) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { session, message, identityKey } = yield this.keyExchange.digestData(data, (0, utils_1.encodeData)(yield this.keyExchange.generateBundle()));
+            const remoteId = types_1.UserId.fromKey(identityKey);
+            yield this.users.set(remoteId.toString(), identityKey);
+            yield this.sessions.set(remoteId.toString(), session);
+            return new types_1.Datagram(this.userId.toString(), types_1.UserId.fromKey(data.identityKey).toString(), types_1.Protocols.HANDSHAKE, (0, utils_1.encodeData)(message)).sign(this.privateIdentityKey.signatureKey);
+        });
+    }
+    packData(receiverId, data) {
+        return this.encrypt(receiverId, types_1.Protocols.MESSAGE, (0, utils_1.encodeData)(data));
+    }
+    packRelay(receiverId, data) {
+        return this.encrypt(receiverId, types_1.Protocols.RELAY, (0, utils_1.encodeData)(data));
+    }
+    packDiscover(receiverId, discoverId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (receiverId instanceof types_1.UserId)
+                receiverId = receiverId.toString();
+            if (discoverId instanceof types_1.UserId)
+                discoverId = discoverId.toString();
+            const message = {
+                type: types_1.DiscoverType.REQUEST,
+                discoverId
+            };
+            this.discovers.add(receiverId);
+            return this.encrypt(receiverId, types_1.Protocols.DISCOVER, (0, utils_1.encodeData)(message));
+        });
+    }
+    packBootstrap(receiverId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return new types_1.Datagram(this.userId.toString(), receiverId.toString(), types_1.Protocols.BOOTSTRAP, (0, utils_1.encodeData)(yield this.keyExchange.generateData()));
+        });
+    }
+    decrypt(datagram) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const signatureKey = yield this.users.get(datagram.sender);
+            if (!signatureKey)
+                throw new Error("User IdentityKey not found");
+            if (!types_1.Datagram.verify(datagram, signatureKey.signatureKey))
+                throw new Error("Signature not verified");
+            const session = yield this.sessions.get(datagram.sender);
+            if (!session)
+                throw new Error("Session not found for user: " + datagram.sender);
+            if (!datagram.payload)
+                throw new Error("Missing payload");
+            const decrypted = yield session.decrypt(datagram.payload);
+            if (!decrypted)
+                throw new Error("Decryption failed");
+            return decrypted;
+        });
+    }
+    open(datagram) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (datagram instanceof Uint8Array)
+                datagram = types_1.Datagram.from(datagram);
+            switch (datagram.protocol) {
+                case types_1.Protocols.HANDSHAKE:
+                    if (!datagram.payload)
+                        throw new Error("Missing payload");
+                    const data = (0, utils_1.decodeData)(datagram.payload);
+                    if (!types_1.Datagram.verify(datagram, types_1.IdentityKey.from(data.identityKey).signatureKey))
+                        throw new Error("Signature not verified");
+                    const { session, identityKey, associatedData } = yield this.keyExchange.digestMessage(data);
+                    const userId = types_1.UserId.fromKey(identityKey);
+                    yield this.users.set(userId.toString(), identityKey);
+                    yield this.sessions.set(userId.toString(), session);
+                    yield this.bundles.set(userId.toString(), (0, utils_1.decodeData)(associatedData));
+                    return;
+                case types_1.Protocols.MESSAGE:
+                    return (0, utils_1.decodeData)(yield this.decrypt(datagram));
+                case types_1.Protocols.RELAY:
+                    return (0, utils_1.decodeData)(yield this.decrypt(datagram));
+                case types_1.Protocols.DISCOVER:
+                    const message = (0, utils_1.decodeData)(yield this.decrypt(datagram));
+                    if (message.type === types_1.DiscoverType.REQUEST && message.discoverId && !(yield this.users.has(message.discoverId))) {
+                        let data;
+                        if (message.discoverId === this.userId.toString()) {
+                            data = yield this.keyExchange.generateData();
+                        }
+                        else {
+                            const bundle = yield this.bundles.get(message.discoverId);
+                            if (!bundle)
+                                return;
+                            const { version, identityKey, signedPreKey, signature } = bundle;
+                            const onetimePreKey = bundle.onetimePreKeys.shift();
+                            if (!onetimePreKey) {
+                                yield this.bundles.delete(message.discoverId);
+                                return;
+                            }
+                            data = {
+                                version,
+                                identityKey,
+                                signedPreKey,
+                                signature,
+                                onetimePreKey
+                            };
+                        }
+                        const response = { type: types_1.DiscoverType.RESPONSE, discoverId: message.discoverId, data };
+                        return yield this.encrypt(datagram.sender, types_1.Protocols.DISCOVER, (0, utils_1.encodeData)(response));
+                    }
+                    else if (message.type === types_1.DiscoverType.RESPONSE && this.discovers.has(message.discoverId)) {
+                        this.discovers.delete(message.discoverId);
+                        return message.data;
+                    }
+                    return;
+                case types_1.Protocols.BOOTSTRAP:
+                    if (datagram.payload) {
+                        const data = (0, utils_1.decodeData)(datagram.payload);
+                        if (!(0, utils_1.compareBytes)(types_1.UserId.fromKey(data.identityKey).toBytes(), (0, utils_1.encodeBase64)(datagram.sender)))
+                            return;
+                        this.bootstraps.add(new BootstrapRequest(datagram.sender, data, (data) => this.packHandshake(data)));
+                    }
+                    ;
+                    return;
+                default:
+                    throw new Error("Invalid protocol");
+            }
+        });
+    }
+}
+exports.FreeSignalNode = FreeSignalNode;
+class SessionMap {
+    constructor(storage, maxSize = 50) {
+        this.storage = storage;
+        this.maxSize = maxSize;
+        this.cache = new Map();
+    }
+    set(key, value) {
+        this.cache.set(key, value);
+        return this.storage.set(key, value.toJSON());
+    }
+    get(key) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const session = this.cache.get(key);
+            if (!session) {
+                const sessionData = yield this.storage.get(key);
+                if (!sessionData)
+                    return undefined;
+                return double_ratchet_1.KeySession.from(sessionData, this.storage);
+            }
+            return session;
+        });
+    }
+    has(key) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return this.cache.has(key) || (yield this.storage.has(key));
+        });
+    }
+    delete(key) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return this.cache.delete(key) || (yield this.storage.delete(key));
+        });
+    }
+    clear() {
+        this.cache.clear();
+        return this.storage.clear();
+    }
+}

package/dist/test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/test.js

@@ -0,0 +1,41 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const utils_1 = require("@freesignal/utils");
+const _1 = require(".");
+const crypto_1 = __importDefault(require("@freesignal/crypto"));
+console.log("FreeSignal protocol test");
+const bob = (0, _1.createNode)({ keyExchange: new _1.AsyncMap(), sessions: new _1.AsyncMap(), users: new _1.AsyncMap(), bundles: new _1.AsyncMap() });
+const alice = (0, _1.createNode)({ keyExchange: new _1.AsyncMap(), sessions: new _1.AsyncMap(), users: new _1.AsyncMap(), bundles: new _1.AsyncMap() });
+setImmediate(() => __awaiter(void 0, void 0, void 0, function* () {
+    const bobBootstrap = yield bob.packBootstrap(alice.userId);
+    yield alice.open(bobBootstrap);
+    const bootstraps = yield Promise.all(alice.requests.map(request => request.accept()));
+    const aliceHandshake = bootstraps.filter(value => (value === null || value === void 0 ? void 0 : value.receiver) === bob.userId.toString())[0];
+    if (!aliceHandshake)
+        throw new Error("Bootstrap Failed");
+    yield bob.open(aliceHandshake);
+    const first = (yield bob.packData(alice.userId, "Hi Alice!")).toBytes();
+    console.log("Bob: ", yield alice.open(first));
+    const second = yield alice.packData(bob.userId, "Hi Bob!");
+    console.log("Alice: ", yield bob.open(second));
+    const third = yield Promise.all(["How are you?", "How are this days?", "For me it's a good time"].map(msg => bob.packData(alice.userId, msg)));
+    third.forEach((data) => __awaiter(void 0, void 0, void 0, function* () {
+        console.log("Bob: ", yield alice.open(data));
+    }));
+    const fourth = yield alice.packData(bob.userId, "Not so bad my man");
+    console.log("Alice: ", yield bob.open(fourth));
+    const testone = yield Promise.all(Array(400).fill(0).map(() => alice.packData(bob.userId, (0, utils_1.decodeBase64)(crypto_1.default.randomBytes(64)))));
+    console.log((yield bob.open(testone[350])));
+}));

package/{types.d.ts → dist/types.d.ts}

@@ -16,13 +16,13 @@
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <https://www.gnu.org/licenses/>
  */
-import { LocalStorage, Encodable } from "@freesignal/interfaces";
-export declare class UserId {
+import { LocalStorage, Encodable, KeyExchangeData } from "@freesignal/interfaces";
+export declare class UserId implements Encodable {
     private readonly array;
     private constructor();
     toString(): string;
     toJSON(): string;
-    toUint8Array(): Uint8Array;
+    toBytes(): Uint8Array;
     static fromKey(identityKey: string | Uint8Array | IdentityKey): UserId;
     static from(userId: string | Uint8Array | UserId): UserId;
 }
@@ -51,12 +51,22 @@ export declare namespace PrivateIdentityKey {
     function from(identityKey: PrivateIdentityKey | Uint8Array | string): PrivateIdentityKey;
     function from(signatureKey: Uint8Array | string, exchangeKey: Uint8Array | string): PrivateIdentityKey;
 }
+export declare enum DiscoverType {
+    REQUEST = 0,
+    RESPONSE = 1
+}
+export interface DiscoverMessage {
+    type: DiscoverType;
+    discoverId: string;
+    data?: KeyExchangeData;
+}
 export declare enum Protocols {
     NULL = "",
     MESSAGE = "/freesignal/message",
     RELAY = "/freesignal/relay",
     HANDSHAKE = "/freesignal/handshake",
-    DISCOVER = "/freesignal/discover"
+    DISCOVER = "/freesignal/discover",
+    BOOTSTRAP = "/freesignal/bootstrap"
 }
 export declare namespace Protocols {
     function isProtocol(protocol: any): boolean;
@@ -65,6 +75,19 @@ export declare namespace Protocols {
     function encode(protocol: Protocols, length?: number): Uint8Array;
     function decode(array: Uint8Array): Protocols;
 }
+interface DatagramJSON {
+    id: string;
+    version: number;
+    sender: string;
+    receiver: string;
+    protocol: Protocols;
+    createdAt: number;
+    payload: string | undefined;
+    signature: string | undefined;
+}
+export interface SignedDatagram extends Datagram {
+    signature: string;
+}
 export declare class Datagram implements Encodable {
     static version: number;
     private _id;
@@ -75,20 +98,20 @@ export declare class Datagram implements Encodable {
     private _createdAt;
     private _payload?;
     private _signature?;
-    private secretKey?;
     private static headerOffset;
     constructor(sender: Uint8Array | string, receiver: Uint8Array | string, protocol: Protocols, payload?: Uint8Array | Encodable);
     get id(): string;
     get version(): number;
     get createdAt(): number;
-    get signed(): boolean;
-    get signature(): string | undefined;
     set payload(data: Uint8Array);
     get payload(): Uint8Array | undefined;
+    get signature(): string | undefined;
+    private get unsigned();
     toBytes(): Uint8Array;
-    sign(secretKey: Uint8Array): this;
+    sign(secretKey: Uint8Array): SignedDatagram;
     toString(): string;
-    toJSON(): string;
+    toJSON(): DatagramJSON;
+    static verify(datagram: Datagram, publicKey: Uint8Array): boolean;
     static from(data: Uint8Array | Datagram | string): Datagram;
 }
 /**
@@ -163,3 +186,4 @@ export declare class AsyncMap<K, V> implements LocalStorage<K, V> {
     clear(): Promise<void>;
     entries(): ArrayIterator<[K, V]>;
 }
+export {};

package/{types.js → dist/types.js}

@@ -30,7 +30,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.AsyncMap = exports.EncryptedData = exports.Datagram = exports.Protocols = exports.PrivateIdentityKey = exports.IdentityKey = exports.UserId = void 0;
+exports.AsyncMap = exports.EncryptedData = exports.Datagram = exports.Protocols = exports.DiscoverType = exports.PrivateIdentityKey = exports.IdentityKey = exports.UserId = void 0;
 const utils_1 = require("@freesignal/utils");
 const crypto_1 = __importDefault(require("@freesignal/crypto"));
 const double_ratchet_1 = require("./double-ratchet");
@@ -45,7 +45,7 @@ class UserId {
     toJSON() {
         return this.toString();
     }
-    toUint8Array() {
+    toBytes() {
         return this.array;
     }
     static fromKey(identityKey) {
@@ -53,7 +53,7 @@ class UserId {
             identityKey = (0, utils_1.encodeBase64)(identityKey);
         else if (IdentityKey.isIdentityKeys(identityKey))
             identityKey = identityKey.toBytes();
-        return new UserId(crypto_1.default.hash(identityKey));
+        return new UserId(crypto_1.default.hkdf(identityKey, new Uint8Array(32).fill(0), "/freesignal/userid"));
     }
     static from(userId) {
         if (typeof userId === 'string')
@@ -88,7 +88,7 @@ var IdentityKey;
             return UserId.fromKey(this.toBytes()).toString();
         }
         toBytes() {
-            return (0, utils_1.concatArrays)((0, utils_1.numberToArray)(this.info), this.signatureKey, this.exchangeKey);
+            return (0, utils_1.concatBytes)((0, utils_1.numberToBytes)(this.info, 1), this.signatureKey, this.exchangeKey);
         }
         toString() {
             return (0, utils_1.decodeBase64)(this.toBytes());
@@ -110,7 +110,7 @@ var IdentityKey;
             else
                 return key;
         });
-        return new IdentityKeyConstructor(keys.length === 2 ? (0, utils_1.concatArrays)((0, utils_1.numberToArray)(info + IdentityKey.version), ...keys) : keys[0]);
+        return new IdentityKeyConstructor(keys.length === 2 ? (0, utils_1.concatBytes)((0, utils_1.numberToBytes)(info + IdentityKey.version, 1), ...keys) : keys[0]);
     }
     IdentityKey.from = from;
 })(IdentityKey || (exports.IdentityKey = IdentityKey = {}));
@@ -121,8 +121,8 @@ var PrivateIdentityKey;
     PrivateIdentityKey.version = 1;
     class PrivateIdentityKeyConstructor {
         constructor(privateIdentityKey) {
-            this.info = info + PrivateIdentityKey.version;
             if (privateIdentityKey instanceof PrivateIdentityKeyConstructor) {
+                this.info = privateIdentityKey.info;
                 this.signatureKey = privateIdentityKey.signatureKey;
                 this.exchangeKey = privateIdentityKey.exchangeKey;
                 this.identityKey = privateIdentityKey.identityKey;
@@ -132,6 +132,7 @@ var PrivateIdentityKey;
                     privateIdentityKey = (0, utils_1.encodeBase64)(privateIdentityKey);
                 if (!isIdentityKeys(privateIdentityKey))
                     throw new Error("Invalid key length");
+                this.info = privateIdentityKey[0];
                 this.signatureKey = privateIdentityKey.subarray(1, crypto_1.default.EdDSA.secretKeyLength + 1);
                 this.exchangeKey = privateIdentityKey.subarray(crypto_1.default.EdDSA.secretKeyLength + 1, PrivateIdentityKey.keyLength);
                 this.identityKey = IdentityKey.from(crypto_1.default.EdDSA.keyPair(this.signatureKey).publicKey, crypto_1.default.ECDH.keyPair(this.exchangeKey).publicKey);
@@ -141,7 +142,7 @@ var PrivateIdentityKey;
             return UserId.fromKey(this.identityKey.toBytes()).toString();
         }
         toBytes() {
-            return (0, utils_1.concatArrays)((0, utils_1.numberToArray)(this.info), this.signatureKey, this.exchangeKey);
+            return (0, utils_1.concatBytes)((0, utils_1.numberToBytes)(this.info, 1), this.signatureKey, this.exchangeKey);
         }
         toString() {
             return (0, utils_1.decodeBase64)(this.toBytes());
@@ -163,10 +164,15 @@ var PrivateIdentityKey;
             else
                 return key;
         });
-        return new PrivateIdentityKeyConstructor(keys.length === 2 ? (0, utils_1.concatArrays)((0, utils_1.numberToArray)(info + PrivateIdentityKey.version), ...keys) : keys[0]);
+        return new PrivateIdentityKeyConstructor(keys.length === 2 ? (0, utils_1.concatBytes)((0, utils_1.numberToBytes)(info + PrivateIdentityKey.version, 1), ...keys) : keys[0]);
     }
     PrivateIdentityKey.from = from;
 })(PrivateIdentityKey || (exports.PrivateIdentityKey = PrivateIdentityKey = {}));
+var DiscoverType;
+(function (DiscoverType) {
+    DiscoverType[DiscoverType["REQUEST"] = 0] = "REQUEST";
+    DiscoverType[DiscoverType["RESPONSE"] = 1] = "RESPONSE";
+})(DiscoverType || (exports.DiscoverType = DiscoverType = {}));
 var Protocols;
 (function (Protocols) {
     Protocols["NULL"] = "";
@@ -174,6 +180,7 @@ var Protocols;
     Protocols["RELAY"] = "/freesignal/relay";
     Protocols["HANDSHAKE"] = "/freesignal/handshake";
     Protocols["DISCOVER"] = "/freesignal/discover";
+    Protocols["BOOTSTRAP"] = "/freesignal/bootstrap";
 })(Protocols || (exports.Protocols = Protocols = {}));
 (function (Protocols) {
     function isProtocol(protocol) {
@@ -188,15 +195,16 @@ var Protocols;
         return Object.values(Protocols).indexOf(protocol);
     }
     Protocols.toCode = toCode;
-    function encode(protocol, length) {
-        return (0, utils_1.numberToArray)(Protocols.toCode(protocol), length);
+    function encode(protocol, length = 1) {
+        return (0, utils_1.numberToBytes)(Protocols.toCode(protocol), length);
     }
     Protocols.encode = encode;
     function decode(array) {
-        return Protocols.fromCode((0, utils_1.numberFromArray)(array));
+        return Protocols.fromCode((0, utils_1.bytesToNumber)(array));
     }
     Protocols.decode = decode;
 })(Protocols || (exports.Protocols = Protocols = {}));
+;
 class Datagram {
     constructor(sender, receiver, protocol, payload) {
         this._id = crypto_1.default.UUID.generate().toString();
@@ -216,16 +224,6 @@ class Datagram {
     get createdAt() {
         return this._createdAt;
     }
-    get signed() {
-        return !!this._signature || !!this.secretKey;
-    }
-    get signature() {
-        if (this.signed) {
-            if (!this._signature)
-                this.toBytes();
-            return (0, utils_1.decodeBase64)(this._signature);
-        }
-    }
     set payload(data) {
         this._signature = undefined;
         this._payload = data;
@@ -233,37 +231,56 @@ class Datagram {
     get payload() {
         return this._payload;
     }
+    get signature() {
+        return this._signature ? (0, utils_1.decodeBase64)(this._signature) : undefined;
+    }
+    get unsigned() {
+        const data = this.toBytes();
+        data[0] &= 127;
+        return data.subarray(0, data.length - (this._signature ? crypto_1.default.EdDSA.signatureLength : 0));
+    }
     toBytes() {
         var _a, _b, _c;
-        const data = (0, utils_1.concatArrays)(new Uint8Array(1).fill(this.version | (this.secretKey ? 128 : 0)), //1
+        return (0, utils_1.concatBytes)(new Uint8Array(1).fill(this.version | (this.signature ? 128 : 0)), //1
         Protocols.encode(this.protocol), //1
         (_a = crypto_1.default.UUID.parse(this.id)) !== null && _a !== void 0 ? _a : [], //16
-        (0, utils_1.numberToArray)(this.createdAt, 8), //8
+        new Uint8Array((0, utils_1.numberToBytes)(this._createdAt, 8)), //8
         (0, utils_1.encodeBase64)(this.sender), //32
         (0, utils_1.encodeBase64)(this.receiver), //32
-        (_b = this._payload) !== null && _b !== void 0 ? _b : new Uint8Array());
-        if (this.secretKey)
-            this._signature = crypto_1.default.EdDSA.sign(data, this.secretKey);
-        return (0, utils_1.concatArrays)(data, (_c = this._signature) !== null && _c !== void 0 ? _c : new Uint8Array());
+        (_b = this._payload) !== null && _b !== void 0 ? _b : new Uint8Array(), (_c = this._signature) !== null && _c !== void 0 ? _c : new Uint8Array());
     }
     sign(secretKey) {
-        this.secretKey = secretKey;
+        this._signature = crypto_1.default.EdDSA.sign(this.unsigned, secretKey);
         return this;
     }
     toString() {
         return (0, utils_1.decodeBase64)(this.toBytes());
     }
     toJSON() {
-        return this.toString();
+        return {
+            id: this.id,
+            version: this.version,
+            sender: this.sender,
+            receiver: this.receiver,
+            protocol: this.protocol,
+            createdAt: this.createdAt,
+            payload: this.payload ? (0, utils_1.decodeBase64)(this.payload) : undefined,
+            signature: this._signature ? (0, utils_1.decodeBase64)(this._signature) : undefined
+        };
+    }
+    static verify(datagram, publicKey) {
+        if (!datagram._signature)
+            throw new Error("Datagram not signed");
+        return crypto_1.default.EdDSA.verify(datagram.unsigned, datagram._signature, publicKey);
     }
     static from(data) {
         if (typeof data === 'string')
             data = (0, utils_1.encodeBase64)(data);
         if (data instanceof Uint8Array) {
-            const datagram = new Datagram((0, utils_1.decodeBase64)(data.subarray(26, 26 + crypto_1.default.EdDSA.publicKeyLength)), (0, utils_1.decodeBase64)(data.subarray(26 + crypto_1.default.EdDSA.publicKeyLength, Datagram.headerOffset)), Protocols.decode(data.subarray(1, 2)), data.subarray(Datagram.headerOffset, data.length));
+            const datagram = new Datagram((0, utils_1.decodeBase64)(data.subarray(26, 26 + crypto_1.default.EdDSA.publicKeyLength)), (0, utils_1.decodeBase64)(data.subarray(26 + crypto_1.default.EdDSA.publicKeyLength, Datagram.headerOffset)), Protocols.decode(data.subarray(1, 2)), data.subarray(Datagram.headerOffset, data.length - (data[0] & 128 ? crypto_1.default.EdDSA.signatureLength : 0)));
             datagram._version = data[0] & 127;
             datagram._id = crypto_1.default.UUID.stringify(data.subarray(2, 18));
-            datagram._createdAt = (0, utils_1.numberFromArray)(data.subarray(18, 26));
+            datagram._createdAt = (0, utils_1.bytesToNumber)(data.subarray(18, 26));
             if (data[0] & 128)
                 datagram._signature = data.subarray(data.length - crypto_1.default.EdDSA.signatureLength);
             return datagram;
@@ -272,8 +289,8 @@ class Datagram {
             const datagram = new Datagram(data.sender, data.receiver, data.protocol, data.payload);
             datagram._id = datagram.id;
             datagram._version = datagram.version;
-            datagram._createdAt = datagram.createdAt;
-            datagram._signature = datagram.signature ? (0, utils_1.encodeBase64)(datagram.signature) : undefined;
+            datagram._createdAt = datagram._createdAt;
+            datagram._signature = datagram._signature;
             return datagram;
         }
         else

package/{x3dh.d.ts → dist/x3dh.d.ts}

@@ -39,7 +39,7 @@ export declare class KeyExchange {
     private generateOPK;
     generateBundle(length?: number): Promise<KeyExchangeDataBundle>;
     generateData(): Promise<KeyExchangeData>;
-    digestData(message: KeyExchangeData): Promise<{
+    digestData(message: KeyExchangeData, associatedData?: Uint8Array): Promise<{
         session: KeySession;
         message: KeyExchangeSynMessage;
         identityKey: IdentityKey;
@@ -47,5 +47,6 @@ export declare class KeyExchange {
     digestMessage(message: KeyExchangeSynMessage): Promise<{
         session: KeySession;
         identityKey: IdentityKey;
+        associatedData: Uint8Array;
     }>;
 }

package/{x3dh.js → dist/x3dh.js}

@@ -66,7 +66,7 @@ class KeyExchange {
                 identityKey: this.identityKey.toString(),
                 signedPreKey: (0, utils_1.decodeBase64)(signedPreKey.publicKey),
                 signature: (0, utils_1.decodeBase64)(crypto_1.default.EdDSA.sign(signedPreKeyHash, this.privateIdentityKey.signatureKey)),
-                onetimePreKey: onetimePreKey.map(opk => (0, utils_1.decodeBase64)(opk.publicKey))
+                onetimePreKeys: onetimePreKey.map(opk => (0, utils_1.decodeBase64)(opk.publicKey))
             };
         });
     }
@@ -83,7 +83,7 @@ class KeyExchange {
             };
         });
     }
-    digestData(message) {
+    digestData(message, associatedData) {
         return __awaiter(this, void 0, void 0, function* () {
             const ephemeralKey = crypto_1.default.ECDH.keyPair();
             const signedPreKey = (0, utils_1.encodeBase64)(message.signedPreKey);
@@ -98,9 +98,9 @@ class KeyExchange {
                 ...crypto_1.default.ECDH.scalarMult(ephemeralKey.secretKey, identityKey.exchangeKey),
                 ...crypto_1.default.ECDH.scalarMult(ephemeralKey.secretKey, signedPreKey),
                 ...onetimePreKey ? crypto_1.default.ECDH.scalarMult(ephemeralKey.secretKey, onetimePreKey) : new Uint8Array()
-            ]), new Uint8Array(double_ratchet_1.KeySession.rootKeyLength).fill(0), KeyExchange.hkdfInfo, double_ratchet_1.KeySession.rootKeyLength);
+            ]), new Uint8Array(double_ratchet_1.KeySession.keyLength).fill(0), KeyExchange.hkdfInfo, double_ratchet_1.KeySession.keyLength);
             const session = new double_ratchet_1.KeySession(this.sessions, { remoteKey: identityKey.exchangeKey, rootKey });
-            const cyphertext = yield session.encrypt((0, utils_1.concatArrays)(crypto_1.default.hash(this.identityKey.exchangeKey), crypto_1.default.hash(identityKey.exchangeKey)));
+            const cyphertext = yield session.encrypt((0, utils_1.concatBytes)(crypto_1.default.hash(this.identityKey.toBytes()), crypto_1.default.hash(identityKey.toBytes()), associatedData !== null && associatedData !== void 0 ? associatedData : new Uint8Array()));
             if (!cyphertext)
                 throw new Error("Decryption error");
             return {
@@ -133,21 +133,22 @@ class KeyExchange {
                 ...crypto_1.default.ECDH.scalarMult(this.privateIdentityKey.exchangeKey, ephemeralKey),
                 ...crypto_1.default.ECDH.scalarMult(signedPreKey.secretKey, ephemeralKey),
                 ...onetimePreKey ? crypto_1.default.ECDH.scalarMult(onetimePreKey.secretKey, ephemeralKey) : new Uint8Array()
-            ]), new Uint8Array(double_ratchet_1.KeySession.rootKeyLength).fill(0), KeyExchange.hkdfInfo, double_ratchet_1.KeySession.rootKeyLength);
+            ]), new Uint8Array(double_ratchet_1.KeySession.keyLength).fill(0), KeyExchange.hkdfInfo, double_ratchet_1.KeySession.keyLength);
             const session = new double_ratchet_1.KeySession(this.sessions, { secretKey: this.privateIdentityKey.exchangeKey, rootKey });
             const cleartext = yield session.decrypt((0, utils_1.encodeBase64)(message.associatedData));
             if (!cleartext)
                 throw new Error("Error decrypting ACK message");
-            if (!(0, utils_1.verifyArrays)(cleartext, (0, utils_1.concatArrays)(crypto_1.default.hash(identityKey.exchangeKey), crypto_1.default.hash(this.identityKey.exchangeKey))))
+            if (!(0, utils_1.compareBytes)(cleartext.subarray(0, 64), (0, utils_1.concatBytes)(crypto_1.default.hash(identityKey.toBytes()), crypto_1.default.hash(this.identityKey.toBytes()))))
                 throw new Error("Error verifing Associated Data");
             return {
                 session,
-                identityKey
+                identityKey,
+                associatedData: cleartext.subarray(64)
             };
         });
     }
 }
 exports.KeyExchange = KeyExchange;
 KeyExchange.version = 1;
-KeyExchange.hkdfInfo = (0, utils_1.encodeUTF8)("freesignal/x3dh/" + KeyExchange.version);
+KeyExchange.hkdfInfo = "freesignal/x3dh/" + KeyExchange.version;
 KeyExchange.maxOPK = 10;