@freesignal/protocol 0.4.6 → 0.5.0

package/dist/double-ratchet.d.ts

@@ -51,8 +51,6 @@ export declare class KeySession {
         id?: string;
         secretKey?: Uint8Array;
         remoteKey?: Uint8Array;
-        headerKey?: Uint8Array;
-        nextHeaderKey?: Uint8Array;
         rootKey?: Uint8Array;
     });
     private getChain;

package/dist/double-ratchet.js

@@ -29,6 +29,7 @@ const utils_1 = require("@freesignal/utils");
  * Used for forward-secure encryption and decryption of messages.
  */
 class KeySession {
+    //headerKey?: Uint8Array, nextHeaderKey?: Uint8Array,
     constructor(opts = {}) {
         var _a;
         this.previousKeys = new KeyMap();
@@ -36,10 +37,10 @@ class KeySession {
         this.keyPair = crypto_1.default.ECDH.keyPair(opts.secretKey);
         if (opts.rootKey)
             this.rootKey = opts.rootKey;
-        if (opts.nextHeaderKey)
-            this.nextHeaderKey = opts.nextHeaderKey;
+        //if (opts.nextHeaderKey)
+        //    this.nextHeaderKey = opts.nextHeaderKey;
         if (opts.remoteKey) {
-            this.sendingChain = this.getChain(opts.remoteKey, opts.headerKey);
+            this.sendingChain = this.getChain(opts.remoteKey); //, opts.headerKey);
         }
     }
     getChain(remoteKey, headerKey, previousCount) {
@@ -51,10 +52,10 @@ class KeySession {
         return new KeyChain(this.publicKey, remoteKey, hashkey.subarray(KeySession.keyLength, KeySession.keyLength * 2), hashkey.subarray(KeySession.keyLength * 2), headerKey, previousCount);
     }
     getHeaderKeys() {
-        var _a, _b, _c;
+        var _a, _b, _c, _d, _e;
         return {
             sending: (_a = this.sendingChain) === null || _a === void 0 ? void 0 : _a.headerKey,
-            receiving: (_b = this.nextHeaderKey) !== null && _b !== void 0 ? _b : (_c = this.receivingChain) === null || _c === void 0 ? void 0 : _c.headerKey
+            receiving: (_e = ((_c = (_b = this.receivingChain) === null || _b === void 0 ? void 0 : _b.headerKey) !== null && _c !== void 0 ? _c : (_d = this.receivingChain) === null || _d === void 0 ? void 0 : _d.nextHeaderKey)) !== null && _e !== void 0 ? _e : this.nextHeaderKey
         };
     }
     getSendingKey() {

package/dist/node.d.ts

@@ -17,7 +17,7 @@
  * along with this program.  If not, see <https://www.gnu.org/licenses/>
  */
 import { Database, LocalStorage, Crypto, KeyExchangeDataBundle, KeyExchangeData } from "@freesignal/interfaces";
-import { Datagram, DatagramHeader, DiscoverType, IdentityKey, PrivateIdentityKey, Protocols, UserId } from "./types";
+import { Datagram, DatagramHeader, IdentityKey, PrivateIdentityKey, Protocols, UserId } from "./types";
 import { KeyExchange } from "./x3dh";
 import { ExportedKeySession, KeySession } from "./double-ratchet";
 export declare class BootstrapRequest {
@@ -65,7 +65,7 @@ export declare class FreeSignalNode {
     open(datagram: Datagram | Uint8Array): Promise<{
         header: DatagramHeader;
         payload?: Uint8Array;
-        discoverType?: DiscoverType;
+        datagram?: Datagram;
     }>;
 }
 declare class SessionMap implements LocalStorage<string, KeySession> {

package/dist/node.js

@@ -168,6 +168,7 @@ class FreeSignalNode {
      */
     open(datagram) {
         return __awaiter(this, void 0, void 0, function* () {
+            var _a;
             if (datagram instanceof Uint8Array)
                 datagram = types_1.Datagram.from(datagram);
             let out = {
@@ -218,15 +219,12 @@ class FreeSignalNode {
                             };
                         }
                         const response = { type: types_1.DiscoverType.RESPONSE, discoverId: message.discoverId, data };
-                        out.payload = (yield this.encrypt(datagram.sender, types_1.Protocols.DISCOVER, (0, utils_1.encodeData)(response))).toBytes();
-                        out.discoverType = types_1.DiscoverType.REQUEST;
+                        out.datagram = yield this.encrypt(datagram.sender, types_1.Protocols.DISCOVER, (0, utils_1.encodeData)(response));
                     }
                     else if (message.type === types_1.DiscoverType.RESPONSE && this.discovers.has(message.discoverId)) {
                         this.discovers.delete(message.discoverId);
-                        if (message.data) {
-                            out.payload = (0, utils_1.encodeData)(message.data);
-                            out.discoverType = types_1.DiscoverType.RESPONSE;
-                        }
+                        if (message.data)
+                            out.datagram = yield this.packHandshake(message.data);
                     }
                     return out;
                 case types_1.Protocols.BOOTSTRAP:
@@ -239,12 +237,9 @@ class FreeSignalNode {
                         this.onRequest(request);
                     }
                     ;
-                    const request = yield this.bootstraps.get(datagram.sender);
-                    if (request) {
-                        const data = yield request.get();
-                        if (data)
-                            out.payload = (0, utils_1.encodeData)(data);
-                    }
+                    const bootstrap = yield ((_a = (yield this.bootstraps.get(datagram.sender))) === null || _a === void 0 ? void 0 : _a.get());
+                    if (bootstrap)
+                        out.datagram = yield this.packHandshake(bootstrap);
                     return out;
                 default:
                     throw new Error("Invalid protocol");

package/dist/test.js

@@ -9,6 +9,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+const utils_1 = require("@freesignal/utils");
 const _1 = require(".");
 console.log("FreeSignal protocol test");
 const bob = (0, _1.createNode)({ keyExchange: new _1.AsyncMap(), sessions: new _1.AsyncMap(), users: new _1.AsyncMap(), bundles: new _1.AsyncMap(), bootstraps: new _1.AsyncMap() });
@@ -16,22 +17,27 @@ const alice = (0, _1.createNode)({ keyExchange: new _1.AsyncMap(), sessions: new
 setImmediate(() => __awaiter(void 0, void 0, void 0, function* () {
     const bobBootstrap = yield bob.packBootstrap(alice.userId);
     alice.onRequest = (request) => { request.accept(); };
-    yield alice.open(bobBootstrap);
+    const test = (yield alice.open(bobBootstrap)).datagram;
+    console.log("Valid bootstrap: ", !!test);
     const bobRequest = yield alice.getRequest(bob.userId.toString());
     if (!bobRequest)
         throw new Error("Bootstrap Failed");
     const aliceHandshake = yield alice.packHandshake(bobRequest);
     yield bob.open(aliceHandshake);
     const first = (yield bob.packData(alice.userId, "Hi Alice!")).toBytes();
-    console.log("Bob: ", (yield alice.open(first)).payload);
+    console.log("Bob: ", (0, utils_1.decodeData)((yield alice.open(first)).payload));
     const second = yield alice.packData(bob.userId, "Hi Bob!");
-    console.log("Alice: ", (yield bob.open(second)).payload);
+    console.log("Alice: ", (0, utils_1.decodeData)((yield bob.open(second)).payload));
     const third = yield Promise.all(["How are you?", "How are this days?", "For me it's a good time"].map(msg => bob.packData(alice.userId, msg)));
     third.forEach((data) => __awaiter(void 0, void 0, void 0, function* () {
-        console.log("Bob: ", (yield alice.open(data)).payload);
+        console.log("Bob: ", (0, utils_1.decodeData)((yield alice.open(data)).payload));
     }));
     const fourth = yield alice.packData(bob.userId, "Not so bad my man");
-    console.log("Alice: ", (yield bob.open(fourth)).payload);
+    console.log("Alice: ", (0, utils_1.decodeData)((yield bob.open(fourth)).payload));
+    const fifth = yield Promise.all(["I'm thinking...", "His this secure?"].map(msg => bob.packData(alice.userId, msg)));
+    fifth.forEach((data) => __awaiter(void 0, void 0, void 0, function* () {
+        console.log("Bob: ", (0, utils_1.decodeData)((yield alice.open(data)).payload));
+    }));
     //const testone = await Promise.all(Array(400).fill(0).map(() => alice.packData(bob.userId, decodeBase64(crypto.randomBytes(64)))));
     //console.log(((await bob.open(testone[350])).payload));
 }));

package/dist/types.d.ts

@@ -17,7 +17,7 @@
  * along with this program.  If not, see <https://www.gnu.org/licenses/>
  */
 import { LocalStorage, Encodable, KeyExchangeData } from "@freesignal/interfaces";
-import { KeySession } from "./double-ratchet";
+import { EncryptionKeys, KeySession } from "./double-ratchet";
 export declare function encryptData(session: KeySession, data: Uint8Array): EncryptedData;
 export declare function decryptData(session: KeySession, encryptedData: Uint8Array): Uint8Array;
 export declare class UserId implements Encodable {
@@ -130,67 +130,41 @@ export declare class Datagram implements Encodable, DatagramHeader {
     static verify(datagram: Datagram, publicKey: Uint8Array): boolean;
     static from(data: Uint8Array | Datagram | string): Datagram;
 }
-/**
- * Interface representing an encrypted payload.
- * Provides metadata and de/serialization methods.
- */
-export interface EncryptedData extends Encodable {
-    /**
-     * The length of the payload.
-     */
-    readonly length: number;
-    /**
-     * Version of the payload.
-     */
-    readonly version: number;
-    /**
-     * The current message count of the sending chain.
-     */
+export declare class EncryptionHeader implements EncryptionKeys, Encodable {
+    readonly nonce: Uint8Array;
+    static readonly keyLength: number;
+    static readonly nonceLength: number;
+    static readonly countLength = 2;
     readonly count: number;
-    /**
-     * The count of the previous sending chain.
-     */
     readonly previous: number;
-    /**
-     * The sender's public key used for this message.
-     */
     readonly publicKey: Uint8Array;
-    /**
-     * The nonce used during encryption.
-     */
-    readonly nonce: Uint8Array;
-    /**
-     * The encrypted message content.
-     */
-    readonly ciphertext: Uint8Array;
-    /**
-     * Serializes the payload into a Uint8Array for transport.
-     */
+    constructor(keys: EncryptionKeys, nonce: Uint8Array);
     toBytes(): Uint8Array;
-    /**
-     * Returns the payload as a Base64 string.
-     */
-    toString(): string;
-    /**
-     * Returns the decoded object as a JSON string.
-     */
     toJSON(): {
-        version: number;
         count: number;
         previous: number;
         publicKey: string;
-        nonce: string;
-        ciphertext: string;
     };
+    static from(data: Uint8Array | EncryptionHeader): EncryptionHeader;
 }
-export declare namespace EncryptedData {
-    /**
-     * Static factory method that constructs an `EncryptedPayload` from a raw Uint8Array.
-     *
-     * @param array - A previously serialized encrypted payload.
-     * @returns An instance of `EncryptedPayload`.
-     */
-    function from(array: Uint8Array | EncryptedData): EncryptedData;
+export declare class EncryptedData implements Encodable {
+    readonly header: Uint8Array;
+    readonly nonce: Uint8Array;
+    readonly payload: Uint8Array;
+    static readonly version = 1;
+    static readonly nonceLength: number;
+    private _version;
+    constructor(header: Uint8Array, nonce: Uint8Array, payload: Uint8Array);
+    get version(): number;
+    get length(): number;
+    toBytes(): Uint8Array;
+    toJSON(): {
+        version: number;
+        header: string;
+        nonce: string;
+        payload: string;
+    };
+    static from(data: Uint8Array | EncryptedData): EncryptedData;
 }
 export declare class AsyncMap<K, V> implements LocalStorage<K, V> {
     private readonly map;

package/dist/types.js

@@ -30,26 +30,41 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.AsyncMap = exports.EncryptedData = exports.Datagram = exports.DatagramHeader = exports.Protocols = exports.DiscoverType = exports.PrivateIdentityKey = exports.IdentityKey = exports.UserId = void 0;
+exports.AsyncMap = exports.EncryptedData = exports.EncryptionHeader = exports.Datagram = exports.DatagramHeader = exports.Protocols = exports.DiscoverType = exports.PrivateIdentityKey = exports.IdentityKey = exports.UserId = void 0;
 exports.encryptData = encryptData;
 exports.decryptData = decryptData;
 const utils_1 = require("@freesignal/utils");
 const crypto_1 = __importDefault(require("@freesignal/crypto"));
-const double_ratchet_1 = require("./double-ratchet");
 function encryptData(session, data) {
+    //console.log(session.id, ' Sending: ', decodeBase64(session.getHeaderKeys().sending ?? new Uint8Array()));
     const key = session.getSendingKey();
     if (!key)
         throw new Error("Error generating key");
-    const nonce = crypto_1.default.randomBytes(EncryptedDataConstructor.nonceLength);
+    const nonce = crypto_1.default.randomBytes(EncryptionHeader.nonceLength);
     const ciphertext = crypto_1.default.box.encrypt(data, nonce, key.secretKey);
-    return new EncryptedDataConstructor(key.count, key.previous, key.publicKey, nonce, ciphertext);
+    const headerKey = session.getHeaderKeys().sending;
+    let header = new EncryptionHeader(key, nonce).toBytes();
+    const headerNonce = crypto_1.default.randomBytes(EncryptionHeader.nonceLength);
+    if (headerKey)
+        header = crypto_1.default.box.encrypt(header, headerNonce, headerKey);
+    const test = new EncryptedData(header, headerNonce, ciphertext);
+    return test;
 }
 function decryptData(session, encryptedData) {
+    //console.log(session.id, ' Receiving: ', decodeBase64(session.getHeaderKeys().receiving ?? new Uint8Array()));
     const encrypted = EncryptedData.from(encryptedData);
-    const key = session.getReceivingKey(encrypted);
+    const headerKey = session.getHeaderKeys().receiving;
+    let headerData = encrypted.header;
+    if (headerKey) {
+        headerData = crypto_1.default.box.decrypt(headerData, encrypted.nonce, headerKey);
+        if (!headerData)
+            throw new Error("Error calculating header");
+    }
+    const header = EncryptionHeader.from(headerData);
+    const key = session.getReceivingKey(header);
     if (!key)
         throw new Error("Error calculating key");
-    const decrypted = crypto_1.default.box.decrypt(encrypted.ciphertext, encrypted.nonce, key);
+    const decrypted = crypto_1.default.box.decrypt(encrypted.payload, header.nonce, key);
     if (!decrypted)
         throw new Error("Error decrypting data");
     return decrypted;
@@ -330,10 +345,10 @@ class Datagram {
         }
         else if (data instanceof Datagram) {
             const datagram = new Datagram(data.sender, data.receiver, data.protocol, data.payload);
-            datagram._id = datagram.id;
-            datagram._version = datagram.version;
-            datagram._createdAt = datagram._createdAt;
-            datagram._signature = datagram._signature;
+            datagram._id = data.id;
+            datagram._version = data.version;
+            datagram._createdAt = data._createdAt;
+            datagram._signature = data._signature;
             return datagram;
         }
         else
@@ -343,91 +358,73 @@ class Datagram {
 exports.Datagram = Datagram;
 Datagram.version = 1;
 Datagram.headerOffset = 26 + crypto_1.default.EdDSA.publicKeyLength * 2;
-var EncryptedData;
-(function (EncryptedData) {
-    /**
-     * Static factory method that constructs an `EncryptedPayload` from a raw Uint8Array.
-     *
-     * @param array - A previously serialized encrypted payload.
-     * @returns An instance of `EncryptedPayload`.
-     */
-    function from(array) {
-        return new EncryptedDataConstructor(array);
-    }
-    EncryptedData.from = from;
-})(EncryptedData || (exports.EncryptedData = EncryptedData = {}));
-class EncryptedDataConstructor {
-    constructor(...arrays) {
-        arrays = arrays.filter(value => value !== undefined);
-        if (arrays[0] instanceof EncryptedDataConstructor) {
-            this.raw = arrays[0].raw;
-            return this;
-        }
-        if (typeof arrays[0] === 'number')
-            arrays[0] = (0, utils_1.numberToBytes)(arrays[0], EncryptedDataConstructor.countLength);
-        if (typeof arrays[1] === 'number')
-            arrays[1] = (0, utils_1.numberToBytes)(arrays[1], EncryptedDataConstructor.countLength);
-        if (arrays.length === 6) {
-            arrays.unshift(typeof arrays[5] === 'number' ? (0, utils_1.numberToBytes)(arrays[5], 1) : arrays[5]);
-            arrays.pop();
-        }
-        else if (arrays.length > 1) {
-            arrays.unshift((0, utils_1.numberToBytes)(double_ratchet_1.KeySession.version, 1));
-        }
-        this.raw = (0, utils_1.concatBytes)(...arrays);
-    }
-    get length() { return this.raw.length; }
-    get version() { return (0, utils_1.bytesToNumber)(new Uint8Array(this.raw.buffer, ...Offsets.version.get)); }
-    get count() { return (0, utils_1.bytesToNumber)(new Uint8Array(this.raw.buffer, ...Offsets.count.get)); }
-    get previous() { return (0, utils_1.bytesToNumber)(new Uint8Array(this.raw.buffer, ...Offsets.previous.get)); }
-    get publicKey() { return new Uint8Array(this.raw.buffer, ...Offsets.publicKey.get); }
-    get nonce() { return new Uint8Array(this.raw.buffer, ...Offsets.nonce.get); }
-    get ciphertext() { return new Uint8Array(this.raw.buffer, Offsets.ciphertext.start); }
-    toBytes() {
-        return this.raw;
+class EncryptionHeader {
+    constructor(keys, nonce) {
+        this.nonce = nonce;
+        this.count = keys.count;
+        this.previous = keys.previous;
+        this.publicKey = keys.publicKey;
     }
-    toString() {
-        return (0, utils_1.decodeBase64)(this.raw);
+    toBytes() {
+        return (0, utils_1.concatBytes)((0, utils_1.numberToBytes)(this.count, EncryptionHeader.countLength), (0, utils_1.numberToBytes)(this.previous, EncryptionHeader.countLength), this.publicKey, this.nonce);
     }
     toJSON() {
         return {
-            version: this.version,
             count: this.count,
             previous: this.previous,
-            publicKey: (0, utils_1.decodeBase64)(this.publicKey),
-            nonce: (0, utils_1.decodeBase64)(this.nonce),
-            ciphertext: (0, utils_1.decodeBase64)(this.ciphertext)
+            publicKey: (0, utils_1.decodeBase64)(this.publicKey)
         };
     }
+    static from(data) {
+        if (data instanceof EncryptionHeader)
+            data = data.toBytes();
+        return new EncryptionHeader({
+            count: (0, utils_1.bytesToNumber)(data.subarray(0, EncryptionHeader.countLength)),
+            previous: (0, utils_1.bytesToNumber)(data.subarray(EncryptionHeader.countLength, EncryptionHeader.countLength * 2)),
+            publicKey: data.subarray(EncryptionHeader.countLength * 2, EncryptionHeader.countLength * 2 + EncryptionHeader.keyLength)
+        }, data.subarray(EncryptionHeader.countLength * 2 + EncryptionHeader.keyLength, EncryptionHeader.countLength * 2 + EncryptionHeader.keyLength + EncryptedData.nonceLength));
+    }
 }
-EncryptedDataConstructor.secretKeyLength = crypto_1.default.ECDH.secretKeyLength;
-EncryptedDataConstructor.publicKeyLength = crypto_1.default.ECDH.publicKeyLength;
-EncryptedDataConstructor.keyLength = crypto_1.default.box.keyLength;
-EncryptedDataConstructor.nonceLength = crypto_1.default.box.nonceLength;
-EncryptedDataConstructor.countLength = 2;
-class Offsets {
-    static set(start, length) {
-        class Offset {
-            constructor(start, length) {
-                this.start = start;
-                this.length = length;
-                if (typeof length === 'number')
-                    this.end = start + length;
-            }
-            get get() {
-                return [this.start, this.length];
-            }
-        }
-        return new Offset(start, length);
+exports.EncryptionHeader = EncryptionHeader;
+EncryptionHeader.keyLength = crypto_1.default.box.keyLength;
+EncryptionHeader.nonceLength = crypto_1.default.box.nonceLength;
+EncryptionHeader.countLength = 2;
+class EncryptedData {
+    constructor(header, nonce, payload) {
+        this.header = header;
+        this.nonce = nonce;
+        this.payload = payload;
+        this._version = EncryptedData.version;
+    }
+    get version() {
+        return this._version;
+    }
+    get length() {
+        return this.toBytes().length;
+    }
+    toBytes() {
+        return (0, utils_1.concatBytes)((0, utils_1.numberToBytes)(this._version, 1), (0, utils_1.numberToBytes)(this.header.length, 3), this.header, this.nonce, this.payload);
+    }
+    toJSON() {
+        return {
+            version: this._version,
+            header: (0, utils_1.decodeBase64)(this.header),
+            nonce: (0, utils_1.decodeBase64)(this.nonce),
+            payload: (0, utils_1.decodeBase64)(this.payload)
+        };
+    }
+    static from(data) {
+        if (data instanceof EncryptedData)
+            data = data.toBytes();
+        const headerLength = (0, utils_1.bytesToNumber)(data.subarray(1, 4));
+        const obj = new EncryptedData(data.subarray(4, 4 + headerLength), data.subarray(4 + headerLength, 4 + headerLength + this.nonceLength), data.subarray(4 + headerLength + this.nonceLength));
+        obj._version = (0, utils_1.bytesToNumber)(data.subarray(0, 1));
+        return obj;
     }
 }
-Offsets.checksum = Offsets.set(0, 0);
-Offsets.version = Offsets.set(Offsets.checksum.end, 1);
-Offsets.count = Offsets.set(Offsets.version.end, EncryptedDataConstructor.countLength);
-Offsets.previous = Offsets.set(Offsets.count.end, EncryptedDataConstructor.countLength);
-Offsets.publicKey = Offsets.set(Offsets.previous.end, EncryptedDataConstructor.publicKeyLength);
-Offsets.nonce = Offsets.set(Offsets.publicKey.end, EncryptedDataConstructor.nonceLength);
-Offsets.ciphertext = Offsets.set(Offsets.nonce.end, undefined);
+exports.EncryptedData = EncryptedData;
+EncryptedData.version = 1;
+EncryptedData.nonceLength = crypto_1.default.box.nonceLength;
 class AsyncMap {
     constructor(iterable) {
         this.map = new Map(iterable);

package/dist/x3dh.js

@@ -92,13 +92,14 @@ class KeyExchange {
             const onetimePreKey = message.onetimePreKey ? (0, utils_1.encodeBase64)(message.onetimePreKey) : undefined;
             const signedPreKeyHash = crypto_1.default.hash(signedPreKey);
             const onetimePreKeyHash = onetimePreKey ? crypto_1.default.hash(onetimePreKey) : new Uint8Array();
-            const rootKey = crypto_1.default.hkdf(new Uint8Array([
+            const derivedKey = crypto_1.default.hkdf(new Uint8Array([
                 ...crypto_1.default.ECDH.scalarMult(this.privateIdentityKey.exchangeKey, signedPreKey),
                 ...crypto_1.default.ECDH.scalarMult(ephemeralKey.secretKey, identityKey.exchangeKey),
                 ...crypto_1.default.ECDH.scalarMult(ephemeralKey.secretKey, signedPreKey),
                 ...onetimePreKey ? crypto_1.default.ECDH.scalarMult(ephemeralKey.secretKey, onetimePreKey) : new Uint8Array()
-            ]), new Uint8Array(double_ratchet_1.KeySession.keyLength).fill(0), KeyExchange.hkdfInfo, double_ratchet_1.KeySession.keyLength);
-            const session = new double_ratchet_1.KeySession({ remoteKey: identityKey.exchangeKey, rootKey });
+            ]), new Uint8Array(double_ratchet_1.KeySession.keyLength).fill(0), KeyExchange.hkdfInfo, double_ratchet_1.KeySession.keyLength * 2);
+            //, headerKey: derivedKey.subarray(KeySession.keyLength)
+            const session = new double_ratchet_1.KeySession({ remoteKey: identityKey.exchangeKey, rootKey: derivedKey.subarray(0, double_ratchet_1.KeySession.keyLength) });
             const encrypted = (0, types_1.encryptData)(session, (0, utils_1.concatBytes)(crypto_1.default.hash(this.identityKey.toBytes()), crypto_1.default.hash(identityKey.toBytes()), associatedData !== null && associatedData !== void 0 ? associatedData : new Uint8Array()));
             if (!encrypted)
                 throw new Error("Decryption error");
@@ -127,13 +128,14 @@ class KeyExchange {
             if (!this.storage.delete(hash))
                 throw new Error("Bundle store deleting error");
             const ephemeralKey = (0, utils_1.encodeBase64)(message.ephemeralKey);
-            const rootKey = crypto_1.default.hkdf(new Uint8Array([
+            const derivedKey = crypto_1.default.hkdf(new Uint8Array([
                 ...crypto_1.default.ECDH.scalarMult(signedPreKey.secretKey, identityKey.exchangeKey),
                 ...crypto_1.default.ECDH.scalarMult(this.privateIdentityKey.exchangeKey, ephemeralKey),
                 ...crypto_1.default.ECDH.scalarMult(signedPreKey.secretKey, ephemeralKey),
                 ...onetimePreKey ? crypto_1.default.ECDH.scalarMult(onetimePreKey.secretKey, ephemeralKey) : new Uint8Array()
-            ]), new Uint8Array(double_ratchet_1.KeySession.keyLength).fill(0), KeyExchange.hkdfInfo, double_ratchet_1.KeySession.keyLength);
-            const session = new double_ratchet_1.KeySession({ secretKey: this.privateIdentityKey.exchangeKey, rootKey });
+            ]), new Uint8Array(double_ratchet_1.KeySession.keyLength).fill(0), KeyExchange.hkdfInfo, double_ratchet_1.KeySession.keyLength * 2);
+            //, nextHeaderKey: derivedKey.subarray(KeySession.keyLength)
+            const session = new double_ratchet_1.KeySession({ secretKey: this.privateIdentityKey.exchangeKey, rootKey: derivedKey.subarray(0, double_ratchet_1.KeySession.keyLength) });
             const data = (0, types_1.decryptData)(session, (0, utils_1.encodeBase64)(message.associatedData));
             if (!data)
                 throw new Error("Error decrypting ACK message");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@freesignal/protocol",
-  "version": "0.4.6",
+  "version": "0.5.0",
   "description": "Signal Protocol implementation in javascript",
   "license": "GPL-3.0-or-later",
   "author": "Christian Braghette",