@freesignal/protocol 0.3.0 → 0.4.0

package/{types.d.ts → dist/types.d.ts}

@@ -16,13 +16,16 @@
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <https://www.gnu.org/licenses/>
  */
-import { LocalStorage, Encodable } from "@freesignal/interfaces";
-export declare class UserId {
+import { LocalStorage, Encodable, KeyExchangeData } from "@freesignal/interfaces";
+import { KeySession } from "./double-ratchet";
+export declare function encryptData(session: KeySession, data: Uint8Array): EncryptedData;
+export declare function decryptData(session: KeySession, encryptedData: Uint8Array): Uint8Array;
+export declare class UserId implements Encodable {
     private readonly array;
     private constructor();
     toString(): string;
     toJSON(): string;
-    toUint8Array(): Uint8Array;
+    toBytes(): Uint8Array;
     static fromKey(identityKey: string | Uint8Array | IdentityKey): UserId;
     static from(userId: string | Uint8Array | UserId): UserId;
 }
@@ -51,12 +54,22 @@ export declare namespace PrivateIdentityKey {
     function from(identityKey: PrivateIdentityKey | Uint8Array | string): PrivateIdentityKey;
     function from(signatureKey: Uint8Array | string, exchangeKey: Uint8Array | string): PrivateIdentityKey;
 }
+export declare enum DiscoverType {
+    REQUEST = 0,
+    RESPONSE = 1
+}
+export interface DiscoverMessage {
+    type: DiscoverType;
+    discoverId: string;
+    data?: KeyExchangeData;
+}
 export declare enum Protocols {
     NULL = "",
     MESSAGE = "/freesignal/message",
     RELAY = "/freesignal/relay",
     HANDSHAKE = "/freesignal/handshake",
-    DISCOVER = "/freesignal/discover"
+    DISCOVER = "/freesignal/discover",
+    BOOTSTRAP = "/freesignal/bootstrap"
 }
 export declare namespace Protocols {
     function isProtocol(protocol: any): boolean;
@@ -65,6 +78,19 @@ export declare namespace Protocols {
     function encode(protocol: Protocols, length?: number): Uint8Array;
     function decode(array: Uint8Array): Protocols;
 }
+interface DatagramJSON {
+    id: string;
+    version: number;
+    sender: string;
+    receiver: string;
+    protocol: Protocols;
+    createdAt: number;
+    payload: string | undefined;
+    signature: string | undefined;
+}
+export interface SignedDatagram extends Datagram {
+    signature: string;
+}
 export declare class Datagram implements Encodable {
     static version: number;
     private _id;
@@ -75,20 +101,20 @@ export declare class Datagram implements Encodable {
     private _createdAt;
     private _payload?;
     private _signature?;
-    private secretKey?;
     private static headerOffset;
     constructor(sender: Uint8Array | string, receiver: Uint8Array | string, protocol: Protocols, payload?: Uint8Array | Encodable);
     get id(): string;
     get version(): number;
     get createdAt(): number;
-    get signed(): boolean;
-    get signature(): string | undefined;
     set payload(data: Uint8Array);
     get payload(): Uint8Array | undefined;
+    get signature(): string | undefined;
+    private get unsigned();
     toBytes(): Uint8Array;
-    sign(secretKey: Uint8Array): this;
+    sign(secretKey: Uint8Array): SignedDatagram;
     toString(): string;
-    toJSON(): string;
+    toJSON(): DatagramJSON;
+    static verify(datagram: Datagram, publicKey: Uint8Array): boolean;
     static from(data: Uint8Array | Datagram | string): Datagram;
 }
 /**
@@ -144,14 +170,14 @@ export interface EncryptedData extends Encodable {
         ciphertext: string;
     };
 }
-export declare class EncryptedData {
+export declare namespace EncryptedData {
     /**
      * Static factory method that constructs an `EncryptedPayload` from a raw Uint8Array.
      *
      * @param array - A previously serialized encrypted payload.
      * @returns An instance of `EncryptedPayload`.
      */
-    static from(array: Uint8Array | EncryptedData): EncryptedData;
+    function from(array: Uint8Array | EncryptedData): EncryptedData;
 }
 export declare class AsyncMap<K, V> implements LocalStorage<K, V> {
     private readonly map;
@@ -163,3 +189,4 @@ export declare class AsyncMap<K, V> implements LocalStorage<K, V> {
     clear(): Promise<void>;
     entries(): ArrayIterator<[K, V]>;
 }
+export {};

package/{types.js → dist/types.js}

@@ -30,10 +30,30 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.AsyncMap = exports.EncryptedData = exports.Datagram = exports.Protocols = exports.PrivateIdentityKey = exports.IdentityKey = exports.UserId = void 0;
+exports.AsyncMap = exports.EncryptedData = exports.Datagram = exports.Protocols = exports.DiscoverType = exports.PrivateIdentityKey = exports.IdentityKey = exports.UserId = void 0;
+exports.encryptData = encryptData;
+exports.decryptData = decryptData;
 const utils_1 = require("@freesignal/utils");
 const crypto_1 = __importDefault(require("@freesignal/crypto"));
 const double_ratchet_1 = require("./double-ratchet");
+function encryptData(session, data) {
+    const key = session.getSendingKey();
+    if (!key)
+        throw new Error("Error generating key");
+    const nonce = crypto_1.default.randomBytes(EncryptedDataConstructor.nonceLength);
+    const ciphertext = crypto_1.default.box.encrypt(data, nonce, key.secretKey);
+    return new EncryptedDataConstructor(key.count, key.previous, key.publicKey, nonce, ciphertext);
+}
+function decryptData(session, encryptedData) {
+    const encrypted = EncryptedData.from(encryptedData);
+    const key = session.getReceivingKey(encrypted);
+    if (!key)
+        throw new Error("Error calculating key");
+    const decrypted = crypto_1.default.box.decrypt(encrypted.ciphertext, encrypted.nonce, key);
+    if (!decrypted)
+        throw new Error("Error decrypting data");
+    return decrypted;
+}
 class UserId {
     constructor(array) {
         this.array = array;
@@ -45,7 +65,7 @@ class UserId {
     toJSON() {
         return this.toString();
     }
-    toUint8Array() {
+    toBytes() {
         return this.array;
     }
     static fromKey(identityKey) {
@@ -88,7 +108,7 @@ var IdentityKey;
             return UserId.fromKey(this.toBytes()).toString();
         }
         toBytes() {
-            return (0, utils_1.concatArrays)((0, utils_1.numberToArray)(this.info), this.signatureKey, this.exchangeKey);
+            return (0, utils_1.concatBytes)((0, utils_1.numberToBytes)(this.info, 1), this.signatureKey, this.exchangeKey);
         }
         toString() {
             return (0, utils_1.decodeBase64)(this.toBytes());
@@ -110,7 +130,7 @@ var IdentityKey;
             else
                 return key;
         });
-        return new IdentityKeyConstructor(keys.length === 2 ? (0, utils_1.concatArrays)((0, utils_1.numberToArray)(info + IdentityKey.version), ...keys) : keys[0]);
+        return new IdentityKeyConstructor(keys.length === 2 ? (0, utils_1.concatBytes)((0, utils_1.numberToBytes)(info + IdentityKey.version, 1), ...keys) : keys[0]);
     }
     IdentityKey.from = from;
 })(IdentityKey || (exports.IdentityKey = IdentityKey = {}));
@@ -121,8 +141,8 @@ var PrivateIdentityKey;
     PrivateIdentityKey.version = 1;
     class PrivateIdentityKeyConstructor {
         constructor(privateIdentityKey) {
-            this.info = info + PrivateIdentityKey.version;
             if (privateIdentityKey instanceof PrivateIdentityKeyConstructor) {
+                this.info = privateIdentityKey.info;
                 this.signatureKey = privateIdentityKey.signatureKey;
                 this.exchangeKey = privateIdentityKey.exchangeKey;
                 this.identityKey = privateIdentityKey.identityKey;
@@ -132,6 +152,7 @@ var PrivateIdentityKey;
                     privateIdentityKey = (0, utils_1.encodeBase64)(privateIdentityKey);
                 if (!isIdentityKeys(privateIdentityKey))
                     throw new Error("Invalid key length");
+                this.info = privateIdentityKey[0];
                 this.signatureKey = privateIdentityKey.subarray(1, crypto_1.default.EdDSA.secretKeyLength + 1);
                 this.exchangeKey = privateIdentityKey.subarray(crypto_1.default.EdDSA.secretKeyLength + 1, PrivateIdentityKey.keyLength);
                 this.identityKey = IdentityKey.from(crypto_1.default.EdDSA.keyPair(this.signatureKey).publicKey, crypto_1.default.ECDH.keyPair(this.exchangeKey).publicKey);
@@ -141,7 +162,7 @@ var PrivateIdentityKey;
             return UserId.fromKey(this.identityKey.toBytes()).toString();
         }
         toBytes() {
-            return (0, utils_1.concatArrays)((0, utils_1.numberToArray)(this.info), this.signatureKey, this.exchangeKey);
+            return (0, utils_1.concatBytes)((0, utils_1.numberToBytes)(this.info, 1), this.signatureKey, this.exchangeKey);
         }
         toString() {
             return (0, utils_1.decodeBase64)(this.toBytes());
@@ -163,10 +184,15 @@ var PrivateIdentityKey;
             else
                 return key;
         });
-        return new PrivateIdentityKeyConstructor(keys.length === 2 ? (0, utils_1.concatArrays)((0, utils_1.numberToArray)(info + PrivateIdentityKey.version), ...keys) : keys[0]);
+        return new PrivateIdentityKeyConstructor(keys.length === 2 ? (0, utils_1.concatBytes)((0, utils_1.numberToBytes)(info + PrivateIdentityKey.version, 1), ...keys) : keys[0]);
     }
     PrivateIdentityKey.from = from;
 })(PrivateIdentityKey || (exports.PrivateIdentityKey = PrivateIdentityKey = {}));
+var DiscoverType;
+(function (DiscoverType) {
+    DiscoverType[DiscoverType["REQUEST"] = 0] = "REQUEST";
+    DiscoverType[DiscoverType["RESPONSE"] = 1] = "RESPONSE";
+})(DiscoverType || (exports.DiscoverType = DiscoverType = {}));
 var Protocols;
 (function (Protocols) {
     Protocols["NULL"] = "";
@@ -174,6 +200,7 @@ var Protocols;
     Protocols["RELAY"] = "/freesignal/relay";
     Protocols["HANDSHAKE"] = "/freesignal/handshake";
     Protocols["DISCOVER"] = "/freesignal/discover";
+    Protocols["BOOTSTRAP"] = "/freesignal/bootstrap";
 })(Protocols || (exports.Protocols = Protocols = {}));
 (function (Protocols) {
     function isProtocol(protocol) {
@@ -188,15 +215,16 @@ var Protocols;
         return Object.values(Protocols).indexOf(protocol);
     }
     Protocols.toCode = toCode;
-    function encode(protocol, length) {
-        return (0, utils_1.numberToArray)(Protocols.toCode(protocol), length);
+    function encode(protocol, length = 1) {
+        return (0, utils_1.numberToBytes)(Protocols.toCode(protocol), length);
     }
     Protocols.encode = encode;
     function decode(array) {
-        return Protocols.fromCode((0, utils_1.numberFromArray)(array));
+        return Protocols.fromCode((0, utils_1.bytesToNumber)(array));
     }
     Protocols.decode = decode;
 })(Protocols || (exports.Protocols = Protocols = {}));
+;
 class Datagram {
     constructor(sender, receiver, protocol, payload) {
         this._id = crypto_1.default.UUID.generate().toString();
@@ -216,16 +244,6 @@ class Datagram {
     get createdAt() {
         return this._createdAt;
     }
-    get signed() {
-        return !!this._signature || !!this.secretKey;
-    }
-    get signature() {
-        if (this.signed) {
-            if (!this._signature)
-                this.toBytes();
-            return (0, utils_1.decodeBase64)(this._signature);
-        }
-    }
     set payload(data) {
         this._signature = undefined;
         this._payload = data;
@@ -233,37 +251,56 @@ class Datagram {
     get payload() {
         return this._payload;
     }
+    get signature() {
+        return this._signature ? (0, utils_1.decodeBase64)(this._signature) : undefined;
+    }
+    get unsigned() {
+        const data = this.toBytes();
+        data[0] &= 127;
+        return data.subarray(0, data.length - (this._signature ? crypto_1.default.EdDSA.signatureLength : 0));
+    }
     toBytes() {
         var _a, _b, _c;
-        const data = (0, utils_1.concatArrays)(new Uint8Array(1).fill(this.version | (this.secretKey ? 128 : 0)), //1
+        return (0, utils_1.concatBytes)(new Uint8Array(1).fill(this.version | (this.signature ? 128 : 0)), //1
         Protocols.encode(this.protocol), //1
         (_a = crypto_1.default.UUID.parse(this.id)) !== null && _a !== void 0 ? _a : [], //16
-        (0, utils_1.numberToArray)(this.createdAt, 8), //8
+        new Uint8Array((0, utils_1.numberToBytes)(this._createdAt, 8)), //8
         (0, utils_1.encodeBase64)(this.sender), //32
         (0, utils_1.encodeBase64)(this.receiver), //32
-        (_b = this._payload) !== null && _b !== void 0 ? _b : new Uint8Array());
-        if (this.secretKey)
-            this._signature = crypto_1.default.EdDSA.sign(data, this.secretKey);
-        return (0, utils_1.concatArrays)(data, (_c = this._signature) !== null && _c !== void 0 ? _c : new Uint8Array());
+        (_b = this._payload) !== null && _b !== void 0 ? _b : new Uint8Array(), (_c = this._signature) !== null && _c !== void 0 ? _c : new Uint8Array());
     }
     sign(secretKey) {
-        this.secretKey = secretKey;
+        this._signature = crypto_1.default.EdDSA.sign(this.unsigned, secretKey);
         return this;
     }
     toString() {
         return (0, utils_1.decodeBase64)(this.toBytes());
     }
     toJSON() {
-        return this.toString();
+        return {
+            id: this.id,
+            version: this.version,
+            sender: this.sender,
+            receiver: this.receiver,
+            protocol: this.protocol,
+            createdAt: this.createdAt,
+            payload: this.payload ? (0, utils_1.decodeBase64)(this.payload) : undefined,
+            signature: this._signature ? (0, utils_1.decodeBase64)(this._signature) : undefined
+        };
+    }
+    static verify(datagram, publicKey) {
+        if (!datagram._signature)
+            throw new Error("Datagram not signed");
+        return crypto_1.default.EdDSA.verify(datagram.unsigned, datagram._signature, publicKey);
     }
     static from(data) {
         if (typeof data === 'string')
             data = (0, utils_1.encodeBase64)(data);
         if (data instanceof Uint8Array) {
-            const datagram = new Datagram((0, utils_1.decodeBase64)(data.subarray(26, 26 + crypto_1.default.EdDSA.publicKeyLength)), (0, utils_1.decodeBase64)(data.subarray(26 + crypto_1.default.EdDSA.publicKeyLength, Datagram.headerOffset)), Protocols.decode(data.subarray(1, 2)), data.subarray(Datagram.headerOffset, data.length));
+            const datagram = new Datagram((0, utils_1.decodeBase64)(data.subarray(26, 26 + crypto_1.default.EdDSA.publicKeyLength)), (0, utils_1.decodeBase64)(data.subarray(26 + crypto_1.default.EdDSA.publicKeyLength, Datagram.headerOffset)), Protocols.decode(data.subarray(1, 2)), data.subarray(Datagram.headerOffset, data.length - (data[0] & 128 ? crypto_1.default.EdDSA.signatureLength : 0)));
             datagram._version = data[0] & 127;
             datagram._id = crypto_1.default.UUID.stringify(data.subarray(2, 18));
-            datagram._createdAt = (0, utils_1.numberFromArray)(data.subarray(18, 26));
+            datagram._createdAt = (0, utils_1.bytesToNumber)(data.subarray(18, 26));
             if (data[0] & 128)
                 datagram._signature = data.subarray(data.length - crypto_1.default.EdDSA.signatureLength);
             return datagram;
@@ -272,8 +309,8 @@ class Datagram {
             const datagram = new Datagram(data.sender, data.receiver, data.protocol, data.payload);
             datagram._id = datagram.id;
             datagram._version = datagram.version;
-            datagram._createdAt = datagram.createdAt;
-            datagram._signature = datagram.signature ? (0, utils_1.encodeBase64)(datagram.signature) : undefined;
+            datagram._createdAt = datagram._createdAt;
+            datagram._signature = datagram._signature;
             return datagram;
         }
         else
@@ -283,18 +320,91 @@ class Datagram {
 exports.Datagram = Datagram;
 Datagram.version = 1;
 Datagram.headerOffset = 26 + crypto_1.default.EdDSA.publicKeyLength * 2;
-class EncryptedData {
+var EncryptedData;
+(function (EncryptedData) {
     /**
      * Static factory method that constructs an `EncryptedPayload` from a raw Uint8Array.
      *
      * @param array - A previously serialized encrypted payload.
      * @returns An instance of `EncryptedPayload`.
      */
-    static from(array) {
-        return new double_ratchet_1.EncryptedDataConstructor(array);
+    function from(array) {
+        return new EncryptedDataConstructor(array);
+    }
+    EncryptedData.from = from;
+})(EncryptedData || (exports.EncryptedData = EncryptedData = {}));
+class EncryptedDataConstructor {
+    constructor(...arrays) {
+        arrays = arrays.filter(value => value !== undefined);
+        if (arrays[0] instanceof EncryptedDataConstructor) {
+            this.raw = arrays[0].raw;
+            return this;
+        }
+        if (typeof arrays[0] === 'number')
+            arrays[0] = (0, utils_1.numberToBytes)(arrays[0], EncryptedDataConstructor.countLength);
+        if (typeof arrays[1] === 'number')
+            arrays[1] = (0, utils_1.numberToBytes)(arrays[1], EncryptedDataConstructor.countLength);
+        if (arrays.length === 6) {
+            arrays.unshift(typeof arrays[5] === 'number' ? (0, utils_1.numberToBytes)(arrays[5], 1) : arrays[5]);
+            arrays.pop();
+        }
+        else if (arrays.length > 1) {
+            arrays.unshift((0, utils_1.numberToBytes)(double_ratchet_1.KeySession.version, 1));
+        }
+        this.raw = (0, utils_1.concatBytes)(...arrays);
+    }
+    get length() { return this.raw.length; }
+    get version() { return (0, utils_1.bytesToNumber)(new Uint8Array(this.raw.buffer, ...Offsets.version.get)); }
+    get count() { return (0, utils_1.bytesToNumber)(new Uint8Array(this.raw.buffer, ...Offsets.count.get)); }
+    get previous() { return (0, utils_1.bytesToNumber)(new Uint8Array(this.raw.buffer, ...Offsets.previous.get)); }
+    get publicKey() { return new Uint8Array(this.raw.buffer, ...Offsets.publicKey.get); }
+    get nonce() { return new Uint8Array(this.raw.buffer, ...Offsets.nonce.get); }
+    get ciphertext() { return new Uint8Array(this.raw.buffer, Offsets.ciphertext.start); }
+    toBytes() {
+        return this.raw;
+    }
+    toString() {
+        return (0, utils_1.decodeBase64)(this.raw);
+    }
+    toJSON() {
+        return {
+            version: this.version,
+            count: this.count,
+            previous: this.previous,
+            publicKey: (0, utils_1.decodeBase64)(this.publicKey),
+            nonce: (0, utils_1.decodeBase64)(this.nonce),
+            ciphertext: (0, utils_1.decodeBase64)(this.ciphertext)
+        };
+    }
+}
+EncryptedDataConstructor.secretKeyLength = crypto_1.default.ECDH.secretKeyLength;
+EncryptedDataConstructor.publicKeyLength = crypto_1.default.ECDH.publicKeyLength;
+EncryptedDataConstructor.keyLength = crypto_1.default.box.keyLength;
+EncryptedDataConstructor.nonceLength = crypto_1.default.box.nonceLength;
+EncryptedDataConstructor.countLength = 2;
+class Offsets {
+    static set(start, length) {
+        class Offset {
+            constructor(start, length) {
+                this.start = start;
+                this.length = length;
+                if (typeof length === 'number')
+                    this.end = start + length;
+            }
+            get get() {
+                return [this.start, this.length];
+            }
+        }
+        return new Offset(start, length);
     }
 }
-exports.EncryptedData = EncryptedData;
+Offsets.checksum = Offsets.set(0, 0);
+Offsets.version = Offsets.set(Offsets.checksum.end, 1);
+Offsets.count = Offsets.set(Offsets.version.end, EncryptedDataConstructor.countLength);
+Offsets.previous = Offsets.set(Offsets.count.end, EncryptedDataConstructor.countLength);
+Offsets.publicKey = Offsets.set(Offsets.previous.end, EncryptedDataConstructor.publicKeyLength);
+Offsets.nonce = Offsets.set(Offsets.publicKey.end, EncryptedDataConstructor.nonceLength);
+Offsets.ciphertext = Offsets.set(Offsets.nonce.end, undefined);
 class AsyncMap {
     constructor(iterable) {
         this.map = new Map(iterable);

package/{x3dh.d.ts → dist/x3dh.d.ts}

@@ -17,7 +17,7 @@
  * along with this program.  If not, see <https://www.gnu.org/licenses/>
  */
 import { KeyExchangeData, KeyExchangeDataBundle, KeyExchangeSynMessage, LocalStorage, Crypto } from "@freesignal/interfaces";
-import { ExportedKeySession, KeySession } from "./double-ratchet";
+import { KeySession } from "./double-ratchet";
 import { IdentityKey, PrivateIdentityKey } from "./types";
 export interface ExportedKeyExchange {
     privateIdentityKey: PrivateIdentityKey;
@@ -29,17 +29,13 @@ export declare class KeyExchange {
     private static readonly maxOPK;
     private readonly privateIdentityKey;
     private readonly storage;
-    private readonly sessions;
-    constructor(storage: {
-        keys: LocalStorage<string, Crypto.KeyPair>;
-        sessions: LocalStorage<string, ExportedKeySession>;
-    }, privateIdentityKey?: PrivateIdentityKey);
+    constructor(storage: LocalStorage<string, Crypto.KeyPair>, privateIdentityKey?: PrivateIdentityKey);
     get identityKey(): IdentityKey;
     private generateSPK;
     private generateOPK;
     generateBundle(length?: number): Promise<KeyExchangeDataBundle>;
     generateData(): Promise<KeyExchangeData>;
-    digestData(message: KeyExchangeData): Promise<{
+    digestData(message: KeyExchangeData, associatedData?: Uint8Array): Promise<{
         session: KeySession;
         message: KeyExchangeSynMessage;
         identityKey: IdentityKey;
@@ -47,5 +43,6 @@ export declare class KeyExchange {
     digestMessage(message: KeyExchangeSynMessage): Promise<{
         session: KeySession;
         identityKey: IdentityKey;
+        associatedData: Uint8Array;
     }>;
 }

package/{x3dh.js → dist/x3dh.js}

@@ -38,8 +38,7 @@ const types_1 = require("./types");
 const _1 = require(".");
 class KeyExchange {
     constructor(storage, privateIdentityKey) {
-        this.storage = storage.keys;
-        this.sessions = storage.sessions;
+        this.storage = storage;
         this.privateIdentityKey = privateIdentityKey !== null && privateIdentityKey !== void 0 ? privateIdentityKey : (0, _1.createIdentity)();
     }
     get identityKey() {
@@ -66,7 +65,7 @@ class KeyExchange {
                 identityKey: this.identityKey.toString(),
                 signedPreKey: (0, utils_1.decodeBase64)(signedPreKey.publicKey),
                 signature: (0, utils_1.decodeBase64)(crypto_1.default.EdDSA.sign(signedPreKeyHash, this.privateIdentityKey.signatureKey)),
-                onetimePreKey: onetimePreKey.map(opk => (0, utils_1.decodeBase64)(opk.publicKey))
+                onetimePreKeys: onetimePreKey.map(opk => (0, utils_1.decodeBase64)(opk.publicKey))
             };
         });
     }
@@ -83,7 +82,7 @@ class KeyExchange {
             };
         });
     }
-    digestData(message) {
+    digestData(message, associatedData) {
         return __awaiter(this, void 0, void 0, function* () {
             const ephemeralKey = crypto_1.default.ECDH.keyPair();
             const signedPreKey = (0, utils_1.encodeBase64)(message.signedPreKey);
@@ -99,9 +98,9 @@ class KeyExchange {
                 ...crypto_1.default.ECDH.scalarMult(ephemeralKey.secretKey, signedPreKey),
                 ...onetimePreKey ? crypto_1.default.ECDH.scalarMult(ephemeralKey.secretKey, onetimePreKey) : new Uint8Array()
             ]), new Uint8Array(double_ratchet_1.KeySession.keyLength).fill(0), KeyExchange.hkdfInfo, double_ratchet_1.KeySession.keyLength);
-            const session = new double_ratchet_1.KeySession(this.sessions, { remoteKey: identityKey.exchangeKey, rootKey });
-            const cyphertext = yield session.encrypt((0, utils_1.concatArrays)(crypto_1.default.hash(this.identityKey.toBytes()), crypto_1.default.hash(identityKey.toBytes())));
-            if (!cyphertext)
+            const session = new double_ratchet_1.KeySession({ remoteKey: identityKey.exchangeKey, rootKey });
+            const encrypted = (0, types_1.encryptData)(session, (0, utils_1.concatBytes)(crypto_1.default.hash(this.identityKey.toBytes()), crypto_1.default.hash(identityKey.toBytes()), associatedData !== null && associatedData !== void 0 ? associatedData : new Uint8Array()));
+            if (!encrypted)
                 throw new Error("Decryption error");
             return {
                 session,
@@ -111,7 +110,7 @@ class KeyExchange {
                     ephemeralKey: (0, utils_1.decodeBase64)(ephemeralKey.publicKey),
                     signedPreKeyHash: (0, utils_1.decodeBase64)(signedPreKeyHash),
                     onetimePreKeyHash: (0, utils_1.decodeBase64)(onetimePreKeyHash),
-                    associatedData: (0, utils_1.decodeBase64)(cyphertext.toBytes())
+                    associatedData: (0, utils_1.decodeBase64)(encrypted.toBytes())
                 },
                 identityKey
             };
@@ -134,15 +133,16 @@ class KeyExchange {
                 ...crypto_1.default.ECDH.scalarMult(signedPreKey.secretKey, ephemeralKey),
                 ...onetimePreKey ? crypto_1.default.ECDH.scalarMult(onetimePreKey.secretKey, ephemeralKey) : new Uint8Array()
             ]), new Uint8Array(double_ratchet_1.KeySession.keyLength).fill(0), KeyExchange.hkdfInfo, double_ratchet_1.KeySession.keyLength);
-            const session = new double_ratchet_1.KeySession(this.sessions, { secretKey: this.privateIdentityKey.exchangeKey, rootKey });
-            const cleartext = yield session.decrypt((0, utils_1.encodeBase64)(message.associatedData));
-            if (!cleartext)
+            const session = new double_ratchet_1.KeySession({ secretKey: this.privateIdentityKey.exchangeKey, rootKey });
+            const data = (0, types_1.decryptData)(session, (0, utils_1.encodeBase64)(message.associatedData));
+            if (!data)
                 throw new Error("Error decrypting ACK message");
-            if (!(0, utils_1.verifyArrays)(cleartext, (0, utils_1.concatArrays)(crypto_1.default.hash(identityKey.toBytes()), crypto_1.default.hash(this.identityKey.toBytes()))))
+            if (!(0, utils_1.compareBytes)(data.subarray(0, 64), (0, utils_1.concatBytes)(crypto_1.default.hash(identityKey.toBytes()), crypto_1.default.hash(this.identityKey.toBytes()))))
                 throw new Error("Error verifing Associated Data");
             return {
                 session,
-                identityKey
+                identityKey,
+                associatedData: data.subarray(64)
             };
         });
     }

package/package.json

@@ -1,22 +1,45 @@
 {
   "name": "@freesignal/protocol",
-  "version": "0.3.0",
+  "version": "0.4.0",
   "description": "Signal Protocol implementation in javascript",
   "license": "GPL-3.0-or-later",
   "author": "Christian Braghette",
   "type": "commonjs",
-  "main": "index.js",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "require": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    },
+    "./double-ratchet": {
+      "import": "./dist/double-ratchet.js",
+      "require": "./dist/double-ratchet.js",
+      "types": "./dist/double-ratchet.d.ts"
+    },
+    "./node": {
+      "import": "./dist/node.js",
+      "require": "./dist/node.js",
+      "types": "./dist/node.d.ts"
+    },
+    "./x3dh": {
+      "import": "./dist/x3dh.js",
+      "require": "./dist/x3dh.js",
+      "types": "./dist/x3dh.d.ts"
+    }
+  },
+  "main": "./dist/index.js",
   "scripts": {
-    "test": "tsc && node ./build/test.js",
-    "build": "tsc && node ./build/build.js"
+    "pretest": "tsc",
+    "test": "node ./dist/test.js",
+    "prepare": "tsc"
   },
   "dependencies": {
     "@freesignal/crypto": "^0.3.0",
     "@freesignal/interfaces": "^0.2.0",
-    "@freesignal/utils": "^1.3.0",
+    "@freesignal/utils": "^1.4.1",
     "semaphore.ts": "^0.2.0"
   },
   "devDependencies": {
     "@types/node": "^24.2.1"
   }
-}
+}