@gqb333/based 2.7.79 → 2.7.80

package/lib/Utils/crypto.js

@@ -1,9 +1,10 @@
 "use strict";
+
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
     var desc = Object.getOwnPropertyDescriptor(m, k);
     if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
+        desc = { enumerable: true, get: function() { return m[k]; } };
     }
     Object.defineProperty(o, k2, desc);
 }) : (function(o, m, k, k2) {
@@ -32,162 +33,278 @@ var __importStar = (this && this.__importStar) || (function () {
         return result;
     };
 })();
+
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.signedKeyPair = exports.Curve = exports.generateSignalPubKey = void 0;
-exports.aesEncryptGCM = aesEncryptGCM;
-exports.aesDecryptGCM = aesDecryptGCM;
-exports.aesEncryptCTR = aesEncryptCTR;
-exports.aesDecryptCTR = aesDecryptCTR;
-exports.aesDecrypt = aesDecrypt;
+exports.aesEncryptGCM    = aesEncryptGCM;
+exports.aesDecryptGCM    = aesDecryptGCM;
+exports.aesEncryptCTR    = aesEncryptCTR;
+exports.aesDecryptCTR    = aesDecryptCTR;
+exports.aesDecrypt       = aesDecrypt;
 exports.aesDecryptWithIV = aesDecryptWithIV;
-exports.aesEncrypt = aesEncrypt;
-exports.aesEncrypWithIV = aesEncrypWithIV;
-exports.hmacSign = hmacSign;
-exports.sha256 = sha256;
-exports.md5 = md5;
-exports.hkdf = hkdf;
+exports.aesEncrypt       = aesEncrypt;
+exports.aesEncrypWithIV  = aesEncrypWithIV;
+exports.hmacSign         = hmacSign;
+exports.sha256           = sha256;
+exports.sha512           = sha512;
+exports.md5              = md5;
+exports.hkdf             = hkdf;
 exports.derivePairingCodeKey = derivePairingCodeKey;
-const crypto_1 = require("crypto");
-const libsignal = __importStar(require("libsignal"));
+exports.randomBytes      = safeRandomBytes;
+exports.timingSafeEqual  = timingSafeEqual;
+
+const crypto_1   = require("crypto");
+const libsignal  = __importStar(require("libsignal"));
 const Defaults_1 = require("../Defaults");
-// insure browser & node compatibility
+
+// ─── Costanti ────────────────────────────────────────────────────────────────
+
+const GCM_TAG_LENGTH  = 16;   // 128 bit
+const IV_LENGTH       = 16;   // 128 bit
+const AES_KEY_LENGTH  = 32;   // 256 bit
+const PBKDF2_ITER     = 2 << 16; // 131.072 iterazioni
+
 const { subtle } = globalThis.crypto;
-/** prefix version byte to the pub keys, required for some curve crypto functions */
-const generateSignalPubKey = (pubKey) => (pubKey.length === 33
-    ? pubKey
-    : Buffer.concat([Defaults_1.KEY_BUNDLE_TYPE, pubKey]));
+
+// ─── Helpers interni ─────────────────────────────────────────────────────────
+
+/** Genera bytes casuali sicuri */
+function safeRandomBytes(size) {
+    if (!Number.isInteger(size) || size <= 0) throw new TypeError(`randomBytes: size non valida (${size})`);
+    return (0, crypto_1.randomBytes)(size);
+}
+
+/** Confronto a tempo costante per prevenire timing attacks */
+function timingSafeEqual(a, b) {
+    if (!Buffer.isBuffer(a)) a = Buffer.from(a);
+    if (!Buffer.isBuffer(b)) b = Buffer.from(b);
+    if (a.length !== b.length) return false;
+    return (0, crypto_1.timingSafeEqual)(a, b);
+}
+
+/** Valida che una chiave AES sia della lunghezza corretta */
+function validateAESKey(key) {
+    if (!key || key.length !== AES_KEY_LENGTH) {
+        throw new RangeError(`Chiave AES non valida: attesi ${AES_KEY_LENGTH} byte, ricevuti ${key?.length ?? 0}`);
+    }
+}
+
+/** Valida che un IV sia della lunghezza corretta */
+function validateIV(iv, expected = IV_LENGTH) {
+    if (!iv || iv.length !== expected) {
+        throw new RangeError(`IV non valido: attesi ${expected} byte, ricevuti ${iv?.length ?? 0}`);
+    }
+}
+
+// ─── Signal / Curve ──────────────────────────────────────────────────────────
+
+/**
+ * Aggiunge il byte di versione alla chiave pubblica Signal se mancante
+ */
+const generateSignalPubKey = (pubKey) => (
+    pubKey.length === 33
+        ? pubKey
+        : Buffer.concat([Defaults_1.KEY_BUNDLE_TYPE, pubKey])
+);
 exports.generateSignalPubKey = generateSignalPubKey;
+
 exports.Curve = {
     generateKeyPair: () => {
         const { pubKey, privKey } = libsignal.curve.generateKeyPair();
         return {
             private: Buffer.from(privKey),
-            // remove version byte
-            public: Buffer.from(pubKey.slice(1))
+            public:  Buffer.from(pubKey.slice(1)) // rimuove byte versione
         };
     },
+
     sharedKey: (privateKey, publicKey) => {
-        const shared = libsignal.curve.calculateAgreement((0, exports.generateSignalPubKey)(publicKey), privateKey);
+        const shared = libsignal.curve.calculateAgreement(
+            generateSignalPubKey(publicKey),
+            privateKey
+        );
         return Buffer.from(shared);
     },
-    sign: (privateKey, buf) => (libsignal.curve.calculateSignature(privateKey, buf)),
+
+    sign: (privateKey, buf) => (
+        libsignal.curve.calculateSignature(privateKey, buf)
+    ),
+
     verify: (pubKey, message, signature) => {
         try {
-            libsignal.curve.verifySignature((0, exports.generateSignalPubKey)(pubKey), message, signature);
+            libsignal.curve.verifySignature(generateSignalPubKey(pubKey), message, signature);
             return true;
-        }
-        catch (error) {
+        } catch {
             return false;
         }
     }
 };
+
 const signedKeyPair = (identityKeyPair, keyId) => {
-    const preKey = exports.Curve.generateKeyPair();
-    const pubKey = (0, exports.generateSignalPubKey)(preKey.public);
+    const preKey    = exports.Curve.generateKeyPair();
+    const pubKey    = generateSignalPubKey(preKey.public);
     const signature = exports.Curve.sign(identityKeyPair.private, pubKey);
     return { keyPair: preKey, signature, keyId };
 };
 exports.signedKeyPair = signedKeyPair;
-const GCM_TAG_LENGTH = 128 >> 3;
+
+// ─── AES-256-GCM ─────────────────────────────────────────────────────────────
+
 /**
- * encrypt AES 256 GCM;
- * where the tag tag is suffixed to the ciphertext
- * */
+ * Cifra con AES-256-GCM.
+ * L'auth tag (16 byte) è suffisso al ciphertext.
+ */
 function aesEncryptGCM(plaintext, key, iv, additionalData) {
+    validateAESKey(key);
     const cipher = (0, crypto_1.createCipheriv)('aes-256-gcm', key, iv);
-    cipher.setAAD(additionalData);
-    return Buffer.concat([cipher.update(plaintext), cipher.final(), cipher.getAuthTag()]);
+    if (additionalData) cipher.setAAD(additionalData);
+    const encrypted = Buffer.concat([cipher.update(plaintext), cipher.final()]);
+    return Buffer.concat([encrypted, cipher.getAuthTag()]);
 }
+
 /**
- * decrypt AES 256 GCM;
- * where the auth tag is suffixed to the ciphertext
- * */
+ * Decifra con AES-256-GCM.
+ * L'auth tag (16 byte) è suffisso al ciphertext.
+ */
 function aesDecryptGCM(ciphertext, key, iv, additionalData) {
+    validateAESKey(key);
+    if (ciphertext.length < GCM_TAG_LENGTH) throw new RangeError('Ciphertext GCM troppo corto');
     const decipher = (0, crypto_1.createDecipheriv)('aes-256-gcm', key, iv);
-    // decrypt additional adata
     const enc = ciphertext.slice(0, ciphertext.length - GCM_TAG_LENGTH);
     const tag = ciphertext.slice(ciphertext.length - GCM_TAG_LENGTH);
-    // set additional data
-    decipher.setAAD(additionalData);
+    if (additionalData) decipher.setAAD(additionalData);
     decipher.setAuthTag(tag);
     return Buffer.concat([decipher.update(enc), decipher.final()]);
 }
+
+// ─── AES-256-CTR ─────────────────────────────────────────────────────────────
+
 function aesEncryptCTR(plaintext, key, iv) {
+    validateAESKey(key);
     const cipher = (0, crypto_1.createCipheriv)('aes-256-ctr', key, iv);
     return Buffer.concat([cipher.update(plaintext), cipher.final()]);
 }
+
 function aesDecryptCTR(ciphertext, key, iv) {
+    validateAESKey(key);
     const decipher = (0, crypto_1.createDecipheriv)('aes-256-ctr', key, iv);
     return Buffer.concat([decipher.update(ciphertext), decipher.final()]);
 }
-/** decrypt AES 256 CBC; where the IV is prefixed to the buffer */
+
+// ─── AES-256-CBC ─────────────────────────────────────────────────────────────
+
+/**
+ * Decifra AES-256-CBC dove l'IV (16 byte) è prefisso al buffer.
+ */
 function aesDecrypt(buffer, key) {
-    return aesDecryptWithIV(buffer.slice(16, buffer.length), key, buffer.slice(0, 16));
+    if (buffer.length < IV_LENGTH) throw new RangeError('Buffer CBC troppo corto per contenere IV');
+    return aesDecryptWithIV(
+        buffer.slice(IV_LENGTH),
+        key,
+        buffer.slice(0, IV_LENGTH)
+    );
 }
-/** decrypt AES 256 CBC */
+
+/** Decifra AES-256-CBC con IV esplicito */
 function aesDecryptWithIV(buffer, key, IV) {
+    validateAESKey(key);
+    validateIV(IV);
     const aes = (0, crypto_1.createDecipheriv)('aes-256-cbc', key, IV);
     return Buffer.concat([aes.update(buffer), aes.final()]);
 }
-// encrypt AES 256 CBC; where a random IV is prefixed to the buffer
+
+/**
+ * Cifra AES-256-CBC con IV casuale (prefissato al risultato).
+ */
 function aesEncrypt(buffer, key) {
-    const IV = (0, crypto_1.randomBytes)(16);
+    validateAESKey(key);
+    const IV  = safeRandomBytes(IV_LENGTH);
     const aes = (0, crypto_1.createCipheriv)('aes-256-cbc', key, IV);
-    return Buffer.concat([IV, aes.update(buffer), aes.final()]); // prefix IV to the buffer
+    return Buffer.concat([IV, aes.update(buffer), aes.final()]);
 }
-// encrypt AES 256 CBC with a given IV
+
+/** Cifra AES-256-CBC con IV esplicito */
 function aesEncrypWithIV(buffer, key, IV) {
+    validateAESKey(key);
+    validateIV(IV);
     const aes = (0, crypto_1.createCipheriv)('aes-256-cbc', key, IV);
-    return Buffer.concat([aes.update(buffer), aes.final()]); // prefix IV to the buffer
+    return Buffer.concat([aes.update(buffer), aes.final()]);
 }
-// sign HMAC using SHA 256
+
+// ─── Hash / HMAC ─────────────────────────────────────────────────────────────
+
+/** HMAC-SHA256 (o altra variante) */
 function hmacSign(buffer, key, variant = 'sha256') {
     return (0, crypto_1.createHmac)(variant, key).update(buffer).digest();
 }
+
+/** SHA-256 */
 function sha256(buffer) {
     return (0, crypto_1.createHash)('sha256').update(buffer).digest();
 }
+
+/** SHA-512 (aggiunto per completezza) */
+function sha512(buffer) {
+    return (0, crypto_1.createHash)('sha512').update(buffer).digest();
+}
+
+/** MD5 — usare solo dove strettamente necessario (non per sicurezza) */
 function md5(buffer) {
     return (0, crypto_1.createHash)('md5').update(buffer).digest();
 }
-// HKDF key expansion
+
+// ─── KDF ─────────────────────────────────────────────────────────────────────
+
+/**
+ * HKDF (RFC 5869) tramite Web Crypto API.
+ * @param {Buffer|Uint8Array} buffer  - Input Key Material
+ * @param {number}            expandedLength - Byte da derivare
+ * @param {{ salt?: Buffer, info?: string }} info
+ */
 async function hkdf(buffer, expandedLength, info) {
-    // Ensure we have a Uint8Array for the key material
-    const inputKeyMaterial = buffer instanceof Uint8Array
-        ? buffer
-        : new Uint8Array(buffer);
-    // Set default values if not provided
-    const salt = info.salt ? new Uint8Array(info.salt) : new Uint8Array(0);
-    const infoBytes = info.info
-        ? new TextEncoder().encode(info.info)
-        : new Uint8Array(0);
-    // Import the input key material
-    const importedKey = await subtle.importKey('raw', inputKeyMaterial, { name: 'HKDF' }, false, ['deriveBits']);
-    // Derive bits using HKDF
-    const derivedBits = await subtle.deriveBits({
-        name: 'HKDF',
-        hash: 'SHA-256',
-        salt: salt,
-        info: infoBytes
-    }, importedKey, expandedLength * 8 // Convert bytes to bits
+    if (expandedLength <= 0) throw new RangeError('expandedLength deve essere > 0');
+
+    const inputKeyMaterial = buffer instanceof Uint8Array ? buffer : new Uint8Array(buffer);
+    const salt     = info.salt ? new Uint8Array(info.salt) : new Uint8Array(0);
+    const infoBytes = info.info ? new TextEncoder().encode(info.info) : new Uint8Array(0);
+
+    const importedKey = await subtle.importKey(
+        'raw', inputKeyMaterial,
+        { name: 'HKDF' },
+        false, ['deriveBits']
+    );
+
+    const derivedBits = await subtle.deriveBits(
+        { name: 'HKDF', hash: 'SHA-256', salt, info: infoBytes },
+        importedKey,
+        expandedLength * 8
     );
+
     return Buffer.from(derivedBits);
 }
+
+/**
+ * Deriva una chiave dal pairing code tramite PBKDF2.
+ * @param {string}          pairingCode
+ * @param {Buffer|Uint8Array} salt
+ */
 async function derivePairingCodeKey(pairingCode, salt) {
-    // Convert inputs to formats Web Crypto API can work with
-    const encoder = new TextEncoder();
-    const pairingCodeBuffer = encoder.encode(pairingCode);
+    if (!pairingCode || typeof pairingCode !== 'string') throw new TypeError('pairingCode deve essere una stringa');
+
+    const encoder    = new TextEncoder();
+    const codeBuffer = encoder.encode(pairingCode);
     const saltBuffer = salt instanceof Uint8Array ? salt : new Uint8Array(salt);
-    // Import the pairing code as key material
-    const keyMaterial = await subtle.importKey('raw', pairingCodeBuffer, { name: 'PBKDF2' }, false, ['deriveBits']);
-    // Derive bits using PBKDF2 with the same parameters
-    // 2 << 16 = 131,072 iterations
-    const derivedBits = await subtle.deriveBits({
-        name: 'PBKDF2',
-        salt: saltBuffer,
-        iterations: 2 << 16,
-        hash: 'SHA-256'
-    }, keyMaterial, 32 * 8 // 32 bytes * 8 = 256 bits
+
+    const keyMaterial = await subtle.importKey(
+        'raw', codeBuffer,
+        { name: 'PBKDF2' },
+        false, ['deriveBits']
+    );
+
+    const derivedBits = await subtle.deriveBits(
+        { name: 'PBKDF2', salt: saltBuffer, iterations: PBKDF2_ITER, hash: 'SHA-256' },
+        keyMaterial,
+        256 // 32 byte
     );
+
     return Buffer.from(derivedBits);
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gqb333/based",
-  "version": "2.7.79",
+  "version": "2.7.80",
   "description": "Whatsapp api by GabWT333",
   "keywords": [
     "baileys",