@immahq/aegis 0.0.1

package/dist/session-manager.js

@@ -0,0 +1,177 @@
+import { ml_kem768 } from "@noble/post-quantum/ml-kem.js";
+import { ml_dsa65 } from "@noble/post-quantum/ml-dsa.js";
+import { Logger } from "./logger.js";
+import { ERRORS } from "./constants.js";
+import { SessionKeyExchange } from "./session.js";
+import { validatePublicBundle } from "./utils.js";
+export class SessionManager {
+    constructor(storage) {
+        Object.defineProperty(this, "storage", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        this.storage = storage;
+    }
+    async createSession(identity, peerBundle) {
+        try {
+            Logger.log("Session", "Creating new session as initiator");
+            validatePublicBundle(peerBundle);
+            const isValid = ml_dsa65.verify(peerBundle.preKey.signature, peerBundle.preKey.key, peerBundle.dsaPublicKey);
+            if (!isValid) {
+                throw new Error(ERRORS.INVALID_PREKEY_SIGNATURE);
+            }
+            const { sessionId, rootKey, sendingChainKey, receivingChainKey, ciphertext, confirmationMac, } = SessionKeyExchange.createInitiatorSession(identity, peerBundle);
+            const ratchetKeyPair = ml_kem768.keygen();
+            const session = {
+                sessionId,
+                peerUserId: peerBundle.userId,
+                peerDsaPublicKey: peerBundle.dsaPublicKey,
+                rootKey,
+                currentRatchetKeyPair: ratchetKeyPair,
+                peerRatchetPublicKey: null,
+                sendingChain: {
+                    chainKey: sendingChainKey,
+                    messageNumber: 0,
+                },
+                receivingChain: {
+                    chainKey: receivingChainKey,
+                    messageNumber: 0,
+                },
+                previousSendingChainLength: 0,
+                skippedMessageKeys: new Map(),
+                highestReceivedMessageNumber: -1,
+                maxSkippedMessages: 100,
+                createdAt: Date.now(),
+                lastUsed: Date.now(),
+                isInitiator: true,
+                ratchetCount: 0,
+                state: "CREATED",
+                confirmed: false,
+                confirmationMac,
+                // Simple replay protection
+                receivedMessageIds: new Set(),
+                replayWindowSize: 100,
+                lastProcessedTimestamp: Date.now(),
+            };
+            await this.storage.saveSession(sessionId, session);
+            Logger.log("Session", "Session created successfully as initiator", {
+                sessionId: sessionId.substring(0, 16) + "...",
+            });
+            return { sessionId, ciphertext, confirmationMac };
+        }
+        catch (error) {
+            Logger.error("Session", "Failed to create session", error);
+            throw error;
+        }
+    }
+    async createResponderSession(identity, peerBundle, ciphertext, initiatorConfirmationMac) {
+        try {
+            Logger.log("Session", "Creating session as responder");
+            validatePublicBundle(peerBundle);
+            const isValidSignature = ml_dsa65.verify(peerBundle.preKey.signature, peerBundle.preKey.key, peerBundle.dsaPublicKey);
+            if (!isValidSignature) {
+                throw new Error(ERRORS.INVALID_PREKEY_SIGNATURE);
+            }
+            const { sessionId, rootKey, sendingChainKey, receivingChainKey, confirmationMac, isValid, } = SessionKeyExchange.createResponderSession(identity, peerBundle, ciphertext, initiatorConfirmationMac);
+            if (!isValid && initiatorConfirmationMac) {
+                throw new Error(ERRORS.KEY_CONFIRMATION_FAILED);
+            }
+            const ratchetKeyPair = ml_kem768.keygen();
+            const session = {
+                sessionId,
+                peerUserId: peerBundle.userId,
+                peerDsaPublicKey: peerBundle.dsaPublicKey,
+                rootKey,
+                currentRatchetKeyPair: ratchetKeyPair,
+                peerRatchetPublicKey: null,
+                sendingChain: {
+                    chainKey: sendingChainKey,
+                    messageNumber: 0,
+                },
+                receivingChain: {
+                    chainKey: receivingChainKey,
+                    messageNumber: 0,
+                },
+                previousSendingChainLength: 0,
+                skippedMessageKeys: new Map(),
+                highestReceivedMessageNumber: -1,
+                maxSkippedMessages: 100,
+                createdAt: Date.now(),
+                lastUsed: Date.now(),
+                isInitiator: false,
+                ratchetCount: 0,
+                state: "CREATED",
+                confirmed: isValid && initiatorConfirmationMac !== undefined,
+                confirmationMac,
+                // Simple replay protection
+                receivedMessageIds: new Set(),
+                replayWindowSize: 100,
+                lastProcessedTimestamp: Date.now(),
+            };
+            await this.storage.saveSession(sessionId, session);
+            Logger.log("Session", "Session created as responder", {
+                sessionId: sessionId.substring(0, 16) + "...",
+                keyConfirmed: session.confirmed,
+            });
+            return { sessionId, confirmationMac, isValid };
+        }
+        catch (error) {
+            Logger.error("Session", "Failed to create responder session", error);
+            throw error;
+        }
+    }
+    async confirmSession(sessionId, responderConfirmationMac) {
+        try {
+            Logger.log("Session", "Confirming session keys");
+            const session = await this.storage.getSession(sessionId);
+            if (!session)
+                throw new Error(ERRORS.SESSION_NOT_FOUND);
+            if (!session.sendingChain) {
+                throw new Error("No sending chain available");
+            }
+            const isValid = SessionKeyExchange.verifyKeyConfirmation(sessionId, session.rootKey, session.receivingChain.chainKey, responderConfirmationMac);
+            if (isValid) {
+                session.confirmed = true;
+                session.state = "KEY_CONFIRMED";
+                await this.storage.saveSession(sessionId, session);
+                Logger.log("Session", "Session keys confirmed successfully");
+            }
+            else {
+                session.state = "ERROR";
+                await this.storage.saveSession(sessionId, session);
+                Logger.warn("Session", "Key confirmation failed");
+            }
+            return isValid;
+        }
+        catch (error) {
+            Logger.error("Session", "Failed to confirm session", error);
+            throw error;
+        }
+    }
+    async getSessions() {
+        const sessionIds = await this.storage.listSessions();
+        const sessions = [];
+        for (const sessionId of sessionIds) {
+            const session = await this.storage.getSession(sessionId);
+            if (session) {
+                sessions.push(session);
+            }
+        }
+        return sessions;
+    }
+    async cleanupOldSessions(maxAge) {
+        const sessions = await this.getSessions();
+        const cutoff = Date.now() - (maxAge || 30 * 24 * 60 * 60 * 1000); // Default 30 days
+        for (const session of sessions) {
+            if (session.lastUsed < cutoff) {
+                await this.storage.deleteSession(session.sessionId);
+                Logger.log("Cleanup", "Removed old session", {
+                    sessionId: session.sessionId.substring(0, 16) + "...",
+                    age: Math.round((Date.now() - session.lastUsed) / (1000 * 60 * 60 * 24)) + " days",
+                });
+            }
+        }
+    }
+}

package/dist/session.js

@@ -0,0 +1,131 @@
+import { ml_kem768 } from "@noble/post-quantum/ml-kem.js";
+import { ml_dsa65 } from "@noble/post-quantum/ml-dsa.js";
+import { blake3 } from "@noble/hashes/blake3.js";
+import { bytesToHex, concatBytes, utf8ToBytes } from "@noble/hashes/utils.js";
+import { KemRatchet } from "./ratchet";
+export class SessionKeyExchange {
+    // Helper: Sort two Uint8Arrays lexicographically and return in consistent order
+    static getSortedKeys(key1, key2) {
+        const str1 = bytesToHex(key1);
+        const str2 = bytesToHex(key2);
+        return str1 < str2 ? [key1, key2] : [key2, key1];
+    }
+    // Helper: Create deterministic session ID
+    static createSessionId(key1, key2, ciphertext) {
+        const [sortedKey1, sortedKey2] = this.getSortedKeys(key1, key2);
+        return bytesToHex(blake3(concatBytes(sortedKey1, sortedKey2, ciphertext), { dkLen: 32 }));
+    }
+    // For initiator (Alice): creates session with Bob's bundle
+    static createInitiatorSession(localIdentity, peerBundle) {
+        // Validate inputs
+        if (!(localIdentity.kemKeyPair.publicKey instanceof Uint8Array)) {
+            throw new Error("localIdentity.kemKeyPair.publicKey is not Uint8Array");
+        }
+        if (!(peerBundle.preKey.key instanceof Uint8Array)) {
+            throw new Error("peerBundle.preKey.key is not Uint8Array");
+        }
+        if (!(peerBundle.kemPublicKey instanceof Uint8Array)) {
+            throw new Error("peerBundle.kemPublicKey is not Uint8Array");
+        }
+        if (!(peerBundle.preKey.signature instanceof Uint8Array)) {
+            throw new Error("peerBundle.preKey.signature is not Uint8Array");
+        }
+        // Verify the prekey signature
+        const isValidPreKeySignature = SessionKeyExchange.verifyPreKeySignature(peerBundle.preKey.key, peerBundle.preKey.signature, peerBundle.dsaPublicKey);
+        if (!isValidPreKeySignature) {
+            throw new Error("Invalid prekey signature");
+        }
+        // Perform KEM with peer's prekey
+        const prekeyResult = ml_kem768.encapsulate(peerBundle.preKey.key);
+        if (!prekeyResult || typeof prekeyResult !== "object") {
+            throw new Error("ml_kem768.encapsulate returned invalid result");
+        }
+        const prekeySecret = prekeyResult.sharedSecret;
+        const ciphertext = prekeyResult.cipherText;
+        if (!(prekeySecret instanceof Uint8Array)) {
+            throw new Error(`prekeySecret is not Uint8Array, got ${typeof prekeySecret}`);
+        }
+        if (!(ciphertext instanceof Uint8Array)) {
+            throw new Error(`ciphertext is not Uint8Array, got ${typeof ciphertext}`);
+        }
+        // Create session ID (both parties will compute same)
+        const sessionId = this.createSessionId(localIdentity.kemKeyPair.publicKey, peerBundle.kemPublicKey, ciphertext);
+        // Derive keys - BOTH PARTIES MUST USE EXACT SAME INPUTS
+        const [sortedKey1, sortedKey2] = this.getSortedKeys(localIdentity.kemKeyPair.publicKey, peerBundle.kemPublicKey);
+        const combined = concatBytes(prekeySecret, ciphertext, sortedKey1, sortedKey2);
+        const rootKey = blake3(combined, { dkLen: 32 });
+        // Initial chain keys: Initiator sends on A, receives on B
+        const sendingChainKey = blake3(concatBytes(rootKey, utf8ToBytes("chain_a")), {
+            dkLen: 32,
+        });
+        const receivingChainKey = blake3(concatBytes(rootKey, utf8ToBytes("chain_b")), {
+            dkLen: 32,
+        });
+        // Generate confirmation MAC
+        const confirmationMac = KemRatchet.generateConfirmationMac(sessionId, rootKey, sendingChainKey, false);
+        return {
+            sessionId,
+            rootKey,
+            sendingChainKey,
+            receivingChainKey,
+            ciphertext,
+            confirmationMac,
+        };
+    }
+    static createResponderSession(localIdentity, peerBundle, ciphertext, initiatorConfirmationMac) {
+        // Validate inputs
+        if (!(ciphertext instanceof Uint8Array)) {
+            throw new Error("ciphertext is not Uint8Array");
+        }
+        if (!localIdentity.preKeySecret ||
+            !(localIdentity.preKeySecret instanceof Uint8Array)) {
+            throw new Error("No valid prekey secret available");
+        }
+        if (!(localIdentity.kemKeyPair.publicKey instanceof Uint8Array)) {
+            throw new Error("localIdentity.kemKeyPair.publicKey is not Uint8Array");
+        }
+        if (!(peerBundle.kemPublicKey instanceof Uint8Array)) {
+            throw new Error("peerBundle.kemPublicKey is not Uint8Array");
+        }
+        // Decapsulate prekey ciphertext
+        const prekeySecret = ml_kem768.decapsulate(ciphertext, localIdentity.preKeySecret);
+        if (!(prekeySecret instanceof Uint8Array)) {
+            throw new Error(`ml_kem768.decapsulate returned non-Uint8Array: ${typeof prekeySecret}`);
+        }
+        const sessionId = this.createSessionId(localIdentity.kemKeyPair.publicKey, peerBundle.kemPublicKey, ciphertext);
+        // Derive keys - MUST USE EXACT SAME INPUTS AS INITIATOR
+        const [sortedKey1, sortedKey2] = this.getSortedKeys(localIdentity.kemKeyPair.publicKey, peerBundle.kemPublicKey);
+        const combined = concatBytes(prekeySecret, ciphertext, sortedKey1, sortedKey2);
+        const rootKey = blake3(combined, { dkLen: 32 });
+        // Initial chain keys: Responder sends on B, receives on A
+        const sendingChainKey = blake3(concatBytes(rootKey, utf8ToBytes("chain_b")), {
+            dkLen: 32,
+        });
+        const receivingChainKey = blake3(concatBytes(rootKey, utf8ToBytes("chain_a")), {
+            dkLen: 32,
+        });
+        // Generate response confirmation MAC
+        const confirmationMac = KemRatchet.generateConfirmationMac(sessionId, rootKey, sendingChainKey, true);
+        // Verify initiator's MAC if provided
+        let isValid = true;
+        if (initiatorConfirmationMac) {
+            isValid = KemRatchet.verifyConfirmationMac(sessionId, rootKey, receivingChainKey, initiatorConfirmationMac, false);
+        }
+        return {
+            sessionId,
+            rootKey,
+            sendingChainKey,
+            receivingChainKey,
+            confirmationMac,
+            isValid,
+        };
+    }
+    // Verify key confirmation (for initiator to verify responder's MAC)
+    static verifyKeyConfirmation(sessionId, rootKey, chainKey, responseMac) {
+        return KemRatchet.verifyConfirmationMac(sessionId, rootKey, chainKey, responseMac, true);
+    }
+    // Verify prekey signature
+    static verifyPreKeySignature(preKey, signature, dsaPublicKey) {
+        return ml_dsa65.verify(signature, preKey, dsaPublicKey);
+    }
+}

package/dist/storage.js

@@ -0,0 +1,54 @@
+export class MemoryStorage {
+    constructor() {
+        Object.defineProperty(this, "identity", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: null
+        });
+        Object.defineProperty(this, "sessions", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: new Map()
+        });
+    }
+    async saveIdentity(identity) {
+        this.identity = identity;
+    }
+    async getIdentity() {
+        return this.identity;
+    }
+    async deleteIdentity() {
+        this.identity = null;
+    }
+    async saveSession(sessionId, session) {
+        // Deep clone to avoid reference issues
+        const sessionCopy = {
+            ...session,
+            skippedMessageKeys: new Map(session.skippedMessageKeys),
+            receivedMessageIds: new Set(session.receivedMessageIds),
+        };
+        this.sessions.set(sessionId, sessionCopy);
+    }
+    async getSession(sessionId) {
+        const session = this.sessions.get(sessionId);
+        if (!session)
+            return null;
+        // Return a deep clone
+        return {
+            ...session,
+            skippedMessageKeys: new Map(session.skippedMessageKeys),
+            receivedMessageIds: new Set(session.receivedMessageIds),
+        };
+    }
+    async deleteSession(sessionId) {
+        this.sessions.delete(sessionId);
+    }
+    async listSessions() {
+        return Array.from(this.sessions.keys());
+    }
+    async deleteAllSessions() {
+        this.sessions.clear();
+    }
+}

package/dist/types.js

@@ -0,0 +1 @@
+export {};

package/dist/utils.js

@@ -0,0 +1,27 @@
+import { blake3 } from "@noble/hashes/blake3.js";
+import { bytesToHex, concatBytes, utf8ToBytes } from "@noble/hashes/utils.js";
+export function deriveMessageKey(chainKey) {
+    return blake3(concatBytes(chainKey, utf8ToBytes("msg_key")), { dkLen: 32 });
+}
+export function deriveNewChainKey(chainKey) {
+    return blake3(concatBytes(chainKey, utf8ToBytes("chain_key")), { dkLen: 32 });
+}
+export function generateSessionId(localKemPublicKey, peerKemPublicKey, preKey) {
+    return bytesToHex(blake3(concatBytes(localKemPublicKey, peerKemPublicKey, preKey), {
+        dkLen: 32,
+    }));
+}
+export function validatePublicBundle(bundle) {
+    if (!bundle || !bundle.preKey || !bundle.preKey.key) {
+        throw new Error("Invalid peer bundle");
+    }
+    if (!bundle.userId || typeof bundle.userId !== "string") {
+        throw new Error("Invalid userId in bundle");
+    }
+    if (!bundle.kemPublicKey || !bundle.dsaPublicKey) {
+        throw new Error("Missing public keys in bundle");
+    }
+}
+export function serializeHeader(header) {
+    return utf8ToBytes(JSON.stringify(header));
+}

package/package.json

@@ -0,0 +1,54 @@
+{
+  "name": "@immahq/aegis",
+  "version": "0.0.1",
+  "description": "Lightweight, storage-agnostic library for client-side End-to-End (E2E) encryption",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "scope": "immahq",
+  "files": [
+    "dist"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "npm run clean && tsc --build",
+    "clean": "rimraf ./dist",
+    "demo": "tsx examples/demo.ts",
+    "demo:group": "tsx examples/group-demo.ts",
+    "test": "vitest run"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+ssh://git@github.com/imma-hq/aegis.git"
+  },
+  "keywords": [
+    "react",
+    "react native",
+    "native",
+    "select",
+    "dropdown",
+    "option"
+  ],
+  "author": "Aegis",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/imma-hq/aegis/issues"
+  },
+  "homepage": "https://github.com/imma-hq/aegis#readme",
+  "dependencies": {
+    "@noble/ciphers": "^2.0.1",
+    "@noble/curves": "^2.0.1",
+    "@noble/hashes": "^2.0.1",
+    "@noble/post-quantum": "^0.5.2",
+    "buffer": "^6.0.3"
+  },
+  "devDependencies": {
+    "@types/node": "^25.0.3",
+    "rimraf": "^6.1.2",
+    "tsx": "^4.21.0",
+    "typescript": "^5.9.3",
+    "vitest": "^4.0.16"
+  }
+}