@hamradio/meshcore 1.1.1

package/LICENSE

@@ -0,0 +1,18 @@
+MIT License
+
+Copyright (c) 2026 ham
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and 
+associated documentation files (the "Software"), to deal in the Software without restriction, including 
+without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 
+copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the 
+following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial 
+portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT 
+LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO 
+EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE 
+USE OR OTHER DEALINGS IN THE SOFTWARE.

package/README.md

@@ -0,0 +1,19 @@
+# meshcore
+
+TypeScript library for MeshCore protocol utilities.
+
+Quick start
+
+1. Install dev dependencies:
+
+```bash
+npm install --save-dev typescript tsup
+```
+
+2. Build the library:
+
+```bash
+npm run build
+```
+
+3. Use the build output from the `dist/` folder or publish to npm.

package/dist/crypto.d.ts

@@ -0,0 +1,42 @@
+import { IPublicKey, ISharedSecret, IStaticSecret } from './crypto.types';
+import { NodeHash } from './identity.types';
+export declare class PublicKey implements IPublicKey {
+    key: Uint8Array;
+    constructor(key: Uint8Array | string);
+    toHash(): NodeHash;
+    toBytes(): Uint8Array;
+    toString(): string;
+    equals(other: PublicKey | Uint8Array | string): boolean;
+    verify(message: Uint8Array, signature: Uint8Array): boolean;
+}
+export declare class PrivateKey {
+    private secretKey;
+    private publicKey;
+    constructor(seed: Uint8Array | string);
+    toPublicKey(): PublicKey;
+    toBytes(): Uint8Array;
+    toString(): string;
+    sign(message: Uint8Array): Uint8Array;
+    calculateSharedSecret(other: PublicKey | Uint8Array | string): Uint8Array;
+    static generate(): PrivateKey;
+}
+export declare class SharedSecret implements ISharedSecret {
+    private secret;
+    constructor(secret: Uint8Array);
+    toHash(): NodeHash;
+    toBytes(): Uint8Array;
+    toString(): string;
+    decrypt(hmac: Uint8Array, ciphertext: Uint8Array): Uint8Array;
+    encrypt(data: Uint8Array): {
+        hmac: Uint8Array;
+        ciphertext: Uint8Array;
+    };
+    private calculateHmac;
+    static fromName(name: string): SharedSecret;
+}
+export declare class StaticSecret implements IStaticSecret {
+    private secret;
+    constructor(secret: Uint8Array | string);
+    publicKey(): IPublicKey;
+    diffieHellman(otherPublicKey: IPublicKey): SharedSecret;
+}

package/dist/crypto.js

@@ -0,0 +1,199 @@
+import { ed25519, x25519 } from '@noble/curves/ed25519.js';
+import { sha256 } from "@noble/hashes/sha2.js";
+import { hmac } from '@noble/hashes/hmac.js';
+import { ecb } from '@noble/ciphers/aes.js';
+import { bytesToHex, equalBytes, hexToBytes } from "./parser";
+const PUBLIC_KEY_SIZE = 32;
+const SEED_SIZE = 32;
+const HMAC_SIZE = 2;
+const SHARED_SECRET_SIZE = 32;
+const SIGNATURE_SIZE = 64;
+const STATIC_SECRET_SIZE = 32;
+// The "Public" group is a special group that all nodes are implicitly part of.
+const publicSecret = hexToBytes("8b3387e9c5cdea6ac9e5edbaa115cd72", 16);
+export class PublicKey {
+    constructor(key) {
+        if (typeof key === 'string') {
+            this.key = hexToBytes(key, PUBLIC_KEY_SIZE);
+        }
+        else if (key instanceof Uint8Array) {
+            this.key = key;
+        }
+        else {
+            throw new Error('Invalid type for PublicKey constructor');
+        }
+    }
+    toHash() {
+        return sha256.create().update(this.key).digest()[0];
+    }
+    toBytes() {
+        return this.key;
+    }
+    toString() {
+        return bytesToHex(this.key);
+    }
+    equals(other) {
+        let otherKey;
+        if (other instanceof PublicKey) {
+            otherKey = other.toBytes();
+        }
+        else if (other instanceof Uint8Array) {
+            otherKey = other;
+        }
+        else if (typeof other === 'string') {
+            otherKey = hexToBytes(other, PUBLIC_KEY_SIZE);
+        }
+        else {
+            throw new Error('Invalid type for PublicKey comparison');
+        }
+        return equalBytes(this.key, otherKey);
+    }
+    verify(message, signature) {
+        if (signature.length !== SIGNATURE_SIZE) {
+            throw new Error(`Invalid signature length: expected ${SIGNATURE_SIZE} bytes, got ${signature.length}`);
+        }
+        return ed25519.verify(signature, message, this.key);
+    }
+}
+export class PrivateKey {
+    constructor(seed) {
+        if (typeof seed === 'string') {
+            seed = hexToBytes(seed, SEED_SIZE);
+        }
+        if (seed.length !== SEED_SIZE) {
+            throw new Error(`Invalid seed length: expected ${SEED_SIZE} bytes, got ${seed.length}`);
+        }
+        const { secretKey, publicKey } = ed25519.keygen(seed); // Validate seed by generating keys
+        this.secretKey = secretKey;
+        this.publicKey = new PublicKey(publicKey);
+    }
+    toPublicKey() {
+        return this.publicKey;
+    }
+    toBytes() {
+        return this.secretKey;
+    }
+    toString() {
+        return bytesToHex(this.secretKey);
+    }
+    sign(message) {
+        return ed25519.sign(message, this.secretKey);
+    }
+    calculateSharedSecret(other) {
+        let otherPublicKey;
+        if (other instanceof PublicKey) {
+            otherPublicKey = other;
+        }
+        else if (other instanceof Uint8Array) {
+            otherPublicKey = new PublicKey(other);
+        }
+        else if (typeof other === 'string') {
+            otherPublicKey = new PublicKey(other);
+        }
+        else {
+            throw new Error('Invalid type for calculateSharedSecret comparison');
+        }
+        return x25519.getSharedSecret(this.secretKey, otherPublicKey.toBytes());
+    }
+    static generate() {
+        const { secretKey } = ed25519.keygen(); // Ensure ed25519 is initialized
+        return new PrivateKey(secretKey);
+    }
+}
+export class SharedSecret {
+    constructor(secret) {
+        if (secret.length === SHARED_SECRET_SIZE / 2) {
+            // Zero pad to the left if the secret is too short (e.g. from x25519)
+            const padded = new Uint8Array(SHARED_SECRET_SIZE);
+            padded.set(secret, SHARED_SECRET_SIZE - secret.length);
+            secret = padded;
+        }
+        if (secret.length !== SHARED_SECRET_SIZE) {
+            throw new Error(`Invalid shared secret length: expected ${SHARED_SECRET_SIZE} bytes, got ${secret.length}`);
+        }
+        this.secret = secret;
+    }
+    toHash() {
+        return this.secret[0];
+    }
+    toBytes() {
+        return this.secret;
+    }
+    toString() {
+        return bytesToHex(this.secret);
+    }
+    decrypt(hmac, ciphertext) {
+        if (hmac.length !== HMAC_SIZE) {
+            throw new Error(`Invalid HMAC length: expected ${HMAC_SIZE} bytes, got ${hmac.length}`);
+        }
+        const expectedHmac = this.calculateHmac(ciphertext);
+        if (!equalBytes(hmac, expectedHmac)) {
+            throw new Error(`Invalid HMAC: decryption failed: expected ${bytesToHex(expectedHmac)}, got ${bytesToHex(hmac)}`);
+        }
+        const cipher = ecb(this.secret.slice(0, 16), { disablePadding: true });
+        const plaintext = new Uint8Array(ciphertext.length);
+        for (let i = 0; i < ciphertext.length; i += 16) {
+            const block = ciphertext.slice(i, i + 16);
+            const dec = cipher.decrypt(block);
+            plaintext.set(dec, i);
+        }
+        // Remove trailing null bytes (0x00) due to padding
+        let end = plaintext.length;
+        while (end > 0 && plaintext[end - 1] === 0) {
+            end--;
+        }
+        return plaintext.slice(0, end);
+    }
+    encrypt(data) {
+        const key = this.secret.slice(0, 16);
+        const cipher = ecb(key, { disablePadding: true });
+        const fullBlocks = Math.floor(data.length / 16);
+        const remaining = data.length % 16;
+        const ciphertext = new Uint8Array((fullBlocks + (remaining > 0 ? 1 : 0)) * 16);
+        for (let i = 0; i < fullBlocks; i++) {
+            const block = data.slice(i * 16, (i + 1) * 16);
+            const enc = cipher.encrypt(block);
+            ciphertext.set(enc, i * 16);
+        }
+        if (remaining > 0) {
+            const lastBlock = new Uint8Array(16);
+            lastBlock.set(data.slice(fullBlocks * 16));
+            const enc = cipher.encrypt(lastBlock);
+            ciphertext.set(enc, fullBlocks * 16);
+        }
+        const hmac = this.calculateHmac(ciphertext);
+        return { hmac, ciphertext };
+    }
+    calculateHmac(data) {
+        return hmac(sha256, this.secret, data).slice(0, HMAC_SIZE);
+    }
+    static fromName(name) {
+        if (name === "Public") {
+            return new SharedSecret(publicSecret);
+        }
+        else if (!/^#/.test(name)) {
+            throw new Error("Only the 'Public' group or groups starting with '#' are supported");
+        }
+        const hash = sha256.create().update(new TextEncoder().encode(name)).digest();
+        return new SharedSecret(hash.slice(0, SHARED_SECRET_SIZE));
+    }
+}
+export class StaticSecret {
+    constructor(secret) {
+        if (typeof secret === 'string') {
+            secret = hexToBytes(secret, STATIC_SECRET_SIZE);
+        }
+        if (secret.length !== STATIC_SECRET_SIZE) {
+            throw new Error(`Invalid static secret length: expected ${STATIC_SECRET_SIZE} bytes, got ${secret.length}`);
+        }
+        this.secret = secret;
+    }
+    publicKey() {
+        const publicKey = x25519.getPublicKey(this.secret);
+        return new PublicKey(publicKey);
+    }
+    diffieHellman(otherPublicKey) {
+        const sharedSecret = x25519.getSharedSecret(this.secret, otherPublicKey.toBytes());
+        return new SharedSecret(sharedSecret);
+    }
+}

package/dist/crypto.types.d.ts

@@ -0,0 +1,26 @@
+import { NodeHash } from "./identity.types";
+export interface IPublicKey {
+    toHash(): NodeHash;
+    toBytes(): Uint8Array;
+    toString(): string;
+    equals(other: IPublicKey | Uint8Array | string): boolean;
+    verify(message: Uint8Array, signature: Uint8Array): boolean;
+}
+export interface IPrivateKey extends IPublicKey {
+    toPublicKey(): IPublicKey;
+    sign(message: Uint8Array): Uint8Array;
+}
+export interface ISharedSecret {
+    toHash(): NodeHash;
+    toBytes(): Uint8Array;
+    toString(): string;
+    decrypt(hmac: Uint8Array, ciphertext: Uint8Array): Uint8Array;
+    encrypt(data: Uint8Array): {
+        hmac: Uint8Array;
+        ciphertext: Uint8Array;
+    };
+}
+export interface IStaticSecret {
+    publicKey(): IPublicKey;
+    diffieHellman(otherPublicKey: IPublicKey): ISharedSecret;
+}

package/dist/crypto.types.js

@@ -0,0 +1 @@
+export {};

package/dist/identity.d.ts

@@ -0,0 +1,65 @@
+import { PrivateKey, PublicKey, SharedSecret } from "./crypto";
+import { IPublicKey } from "./crypto.types";
+import { NodeHash, IIdentity, ILocalIdentity } from "./identity.types";
+import { DecryptedGroupData, DecryptedGroupText } from "./packet.types";
+export declare const parseNodeHash: (hash: NodeHash | string | Uint8Array) => NodeHash;
+export declare class Identity implements IIdentity {
+    publicKey: PublicKey;
+    constructor(publicKey: PublicKey | Uint8Array | string);
+    hash(): NodeHash;
+    toString(): string;
+    verify(signature: Uint8Array, message: Uint8Array): boolean;
+    matches(other: Identity | PublicKey | Uint8Array | string): boolean;
+}
+export declare class LocalIdentity extends Identity implements ILocalIdentity {
+    private privateKey;
+    constructor(privateKey: PrivateKey | Uint8Array | string, publicKey: PublicKey | Uint8Array | string);
+    sign(message: Uint8Array): Uint8Array;
+    calculateSharedSecret(other: IIdentity | IPublicKey): SharedSecret;
+}
+export declare class Contact {
+    name: string;
+    identity: Identity;
+    constructor(name: string, identity: Identity | PublicKey | Uint8Array | string);
+    matches(hash: Uint8Array | PublicKey): boolean;
+    publicKey(): PublicKey;
+    calculateSharedSecret(me: LocalIdentity): SharedSecret;
+}
+export declare class Group {
+    name: string;
+    private secret;
+    constructor(name: string, secret?: SharedSecret);
+    hash(): NodeHash;
+    decryptText(hmac: Uint8Array, ciphertext: Uint8Array): DecryptedGroupText;
+    encryptText(plain: DecryptedGroupText): {
+        hmac: Uint8Array;
+        ciphertext: Uint8Array;
+    };
+    decryptData(hmac: Uint8Array, ciphertext: Uint8Array): DecryptedGroupData;
+    encryptData(plain: DecryptedGroupData): {
+        hmac: Uint8Array;
+        ciphertext: Uint8Array;
+    };
+}
+export declare class Contacts {
+    private localIdentities;
+    private contacts;
+    private groups;
+    addLocalIdentity(identity: LocalIdentity): void;
+    addContact(contact: Contact): void;
+    decrypt(src: NodeHash | PublicKey, dst: NodeHash, hmac: Uint8Array, ciphertext: Uint8Array): {
+        localIdentity: LocalIdentity;
+        contact: Contact;
+        decrypted: Uint8Array;
+    };
+    private calculateSharedSecret;
+    addGroup(group: Group): void;
+    decryptGroupText(channelHash: NodeHash, hmac: Uint8Array, ciphertext: Uint8Array): {
+        decrypted: DecryptedGroupText;
+        group: Group;
+    };
+    decryptGroupData(channelHash: NodeHash, hmac: Uint8Array, ciphertext: Uint8Array): {
+        decrypted: DecryptedGroupData;
+        group: Group;
+    };
+}

package/dist/identity.js

@@ -0,0 +1,302 @@
+import { PrivateKey, PublicKey, SharedSecret } from "./crypto";
+import { hexToBytes, BufferReader, BufferWriter } from "./parser";
+export const parseNodeHash = (hash) => {
+    if (hash instanceof Uint8Array) {
+        return hash[0];
+    }
+    if (typeof hash === "number") {
+        if (hash < 0 || hash > 255) {
+            throw new Error("NodeHash number must be between 0x00 and 0xFF");
+        }
+        return hash;
+    }
+    else if (typeof hash === "string") {
+        const parsed = hexToBytes(hash);
+        if (parsed.length !== 1) {
+            throw new Error("NodeHash string must represent a single byte");
+        }
+        return parsed[0];
+    }
+    throw new Error("Invalid NodeHash type");
+};
+const toPublicKeyBytes = (key) => {
+    if (key instanceof Identity) {
+        return key.publicKey.toBytes();
+    }
+    else if (key instanceof PublicKey) {
+        return key.toBytes();
+    }
+    else if (key instanceof Uint8Array) {
+        return key;
+    }
+    else if (typeof key === 'string') {
+        return hexToBytes(key);
+    }
+    else {
+        throw new Error('Invalid type for toPublicKeyBytes');
+    }
+};
+export class Identity {
+    constructor(publicKey) {
+        if (publicKey instanceof PublicKey) {
+            this.publicKey = publicKey;
+        }
+        else if (publicKey instanceof Uint8Array || typeof publicKey === 'string') {
+            this.publicKey = new PublicKey(publicKey);
+        }
+        else {
+            throw new Error('Invalid type for Identity constructor');
+        }
+    }
+    hash() {
+        return this.publicKey.toHash();
+    }
+    toString() {
+        return this.publicKey.toString();
+    }
+    verify(signature, message) {
+        return this.publicKey.verify(message, signature);
+    }
+    matches(other) {
+        return this.publicKey.equals(toPublicKeyBytes(other));
+    }
+}
+export class LocalIdentity extends Identity {
+    constructor(privateKey, publicKey) {
+        if (publicKey instanceof PublicKey) {
+            super(publicKey.toBytes());
+        }
+        else {
+            super(publicKey);
+        }
+        if (privateKey instanceof PrivateKey) {
+            this.privateKey = privateKey;
+        }
+        else {
+            this.privateKey = new PrivateKey(privateKey);
+        }
+    }
+    sign(message) {
+        return this.privateKey.sign(message);
+    }
+    calculateSharedSecret(other) {
+        let otherPublicKey;
+        if (other instanceof Identity) {
+            otherPublicKey = other.publicKey;
+        }
+        else if ('toBytes' in other) {
+            otherPublicKey = new PublicKey(other.toBytes());
+        }
+        else if ('publicKey' in other && other.publicKey instanceof Uint8Array) {
+            otherPublicKey = new PublicKey(other.publicKey);
+        }
+        else if ('publicKey' in other && other.publicKey instanceof PublicKey) {
+            otherPublicKey = other.publicKey;
+        }
+        else if ('publicKey' in other && typeof other.publicKey === 'function') {
+            otherPublicKey = new PublicKey(other.publicKey().toBytes());
+        }
+        else {
+            throw new Error('Invalid type for calculateSharedSecret comparison');
+        }
+        return new SharedSecret(this.privateKey.calculateSharedSecret(otherPublicKey));
+    }
+}
+export class Contact {
+    constructor(name, identity) {
+        this.name = "";
+        this.name = name;
+        if (identity instanceof Identity) {
+            this.identity = identity;
+        }
+        else if (identity instanceof PublicKey) {
+            this.identity = new Identity(identity);
+        }
+        else if (identity instanceof Uint8Array || typeof identity === 'string') {
+            this.identity = new Identity(identity);
+        }
+        else {
+            throw new Error('Invalid type for Contact constructor');
+        }
+    }
+    matches(hash) {
+        return this.identity.publicKey.equals(hash);
+    }
+    publicKey() {
+        return this.identity.publicKey;
+    }
+    calculateSharedSecret(me) {
+        return me.calculateSharedSecret(this.identity);
+    }
+}
+export class Group {
+    constructor(name, secret) {
+        this.name = name;
+        if (secret) {
+            this.secret = secret;
+        }
+        else {
+            this.secret = SharedSecret.fromName(name);
+        }
+    }
+    hash() {
+        return this.secret.toHash();
+    }
+    decryptText(hmac, ciphertext) {
+        const data = this.secret.decrypt(hmac, ciphertext);
+        if (data.length < 5) {
+            throw new Error("Invalid ciphertext");
+        }
+        const reader = new BufferReader(data);
+        const timestamp = reader.readTimestamp();
+        const flags = reader.readByte();
+        const textType = (flags >> 2) & 0x3F;
+        const attempt = flags & 0x03;
+        const message = new TextDecoder('utf-8').decode(reader.readBytes());
+        return {
+            timestamp,
+            textType,
+            attempt,
+            message
+        };
+    }
+    encryptText(plain) {
+        const writer = new BufferWriter();
+        writer.writeTimestamp(plain.timestamp);
+        const flags = ((plain.textType & 0x3F) << 2) | (plain.attempt & 0x03);
+        writer.writeByte(flags);
+        writer.writeBytes(new TextEncoder().encode(plain.message));
+        const data = writer.toBytes();
+        return this.secret.encrypt(data);
+    }
+    decryptData(hmac, ciphertext) {
+        const data = this.secret.decrypt(hmac, ciphertext);
+        if (data.length < 4) {
+            throw new Error("Invalid ciphertext");
+        }
+        const reader = new BufferReader(data);
+        return {
+            timestamp: reader.readTimestamp(),
+            data: reader.readBytes(reader.remainingBytes())
+        };
+    }
+    encryptData(plain) {
+        const writer = new BufferWriter();
+        writer.writeTimestamp(plain.timestamp);
+        writer.writeBytes(plain.data);
+        const data = writer.toBytes();
+        return this.secret.encrypt(data);
+    }
+}
+export class Contacts {
+    constructor() {
+        this.localIdentities = [];
+        this.contacts = {};
+        this.groups = {};
+    }
+    addLocalIdentity(identity) {
+        this.localIdentities.push({ identity, sharedSecrets: {} });
+    }
+    addContact(contact) {
+        const hash = parseNodeHash(contact.identity.hash());
+        if (!this.contacts[hash]) {
+            this.contacts[hash] = [];
+        }
+        this.contacts[hash].push(contact);
+    }
+    decrypt(src, dst, hmac, ciphertext) {
+        // Find the public key associated with the source hash.
+        let contacts = [];
+        if (src instanceof PublicKey) {
+            // Check if we have a contact with this exact public key (for direct messages).
+            const srcHash = parseNodeHash(src.toHash());
+            for (const contact of this.contacts[srcHash] || []) {
+                if (contact.identity.matches(src)) {
+                    contacts.push(contact);
+                }
+            }
+            // If no contact matches the public key, add a temporary contact with the hash and no name.
+            if (contacts.length === 0) {
+                contacts.push(new Contact("", new Identity(src.toBytes())));
+            }
+        }
+        else {
+            const srcHash = parseNodeHash(src);
+            contacts = this.contacts[srcHash] || [];
+        }
+        if (contacts.length === 0) {
+            throw new Error("Unknown source hash");
+        }
+        // Find the local identity associated with the destination hash.
+        const dstHash = parseNodeHash(dst);
+        const localIdentities = this.localIdentities.filter(li => li.identity.publicKey.key[0] === dstHash);
+        if (localIdentities.length === 0) {
+            throw new Error("Unknown destination hash");
+        }
+        // Try to decrypt with each combination of local identity and their public key.
+        for (const localIdentity of localIdentities) {
+            for (const contact of contacts) {
+                const sharedSecret = this.calculateSharedSecret(localIdentity, contact);
+                try {
+                    const decrypted = sharedSecret.decrypt(hmac, ciphertext);
+                    return { localIdentity: localIdentity.identity, contact, decrypted };
+                }
+                catch {
+                    // Ignore decryption errors and try the next combination.
+                }
+            }
+        }
+        throw new Error("Decryption failed with all known identities and contacts");
+    }
+    // Caches the calculated shared secret for a given local identity and contact to avoid redundant calculations.
+    calculateSharedSecret(localIdentity, contact) {
+        const cacheKey = contact.identity.toString();
+        if (localIdentity.sharedSecrets[cacheKey]) {
+            return localIdentity.sharedSecrets[cacheKey];
+        }
+        const sharedSecret = localIdentity.identity.calculateSharedSecret(contact.identity);
+        localIdentity.sharedSecrets[cacheKey] = sharedSecret;
+        return sharedSecret;
+    }
+    addGroup(group) {
+        const hash = parseNodeHash(group.hash());
+        if (!this.groups[hash]) {
+            this.groups[hash] = [];
+        }
+        this.groups[hash].push(group);
+    }
+    decryptGroupText(channelHash, hmac, ciphertext) {
+        const hash = parseNodeHash(channelHash);
+        const groups = this.groups[hash] || [];
+        if (groups.length === 0) {
+            throw new Error("Unknown group hash");
+        }
+        for (const group of groups) {
+            try {
+                const decrypted = group.decryptText(hmac, ciphertext);
+                return { decrypted, group };
+            }
+            catch {
+                // Ignore decryption errors and try the next group.
+            }
+        }
+        throw new Error("Decryption failed with all known groups");
+    }
+    decryptGroupData(channelHash, hmac, ciphertext) {
+        const hash = parseNodeHash(channelHash);
+        const groups = this.groups[hash] || [];
+        if (groups.length === 0) {
+            throw new Error("Unknown group hash");
+        }
+        for (const group of groups) {
+            try {
+                const decrypted = group.decryptData(hmac, ciphertext);
+                return { decrypted, group };
+            }
+            catch {
+                // Ignore decryption errors and try the next group.
+            }
+        }
+        throw new Error("Decryption failed with all known groups");
+    }
+}

package/dist/identity.types.d.ts

@@ -0,0 +1,17 @@
+import { IPublicKey, ISharedSecret } from "./crypto.types";
+export type NodeHash = number;
+export interface IIdentity {
+    hash(): NodeHash;
+    toString(): string;
+    verify(signature: Uint8Array, message: Uint8Array): boolean;
+    matches(other: IIdentity | IPublicKey | Uint8Array | string): boolean;
+}
+export interface ILocalIdentity extends IIdentity {
+    sign(message: Uint8Array): Uint8Array;
+    calculateSharedSecret(other: IIdentity | IPublicKey): ISharedSecret;
+}
+export interface IContact {
+    name: string;
+    identity: IIdentity;
+    calculateSharedSecret(me: ILocalIdentity): ISharedSecret;
+}

package/dist/identity.types.js

@@ -0,0 +1 @@
+export {};