@nexustechpro/baileys 2.0.2 → 2.0.5

package/lib/Utils/crypto.js

@@ -1,136 +1,110 @@
-import { createCipheriv, createDecipheriv, createHash, createHmac, randomBytes } from 'crypto';
-import * as curve from 'libsignal/src/curve.js';
-import { KEY_BUNDLE_TYPE } from '../Defaults/index.js';
-export { md5, hkdf } from 'whatsapp-rust-bridge';
-
-// insure browser & node compatibility
-const { subtle } = globalThis.crypto;
-
-/** prefix version byte to the pub keys, required for some curve crypto functions */
-export const generateSignalPubKey = (pubKey) => pubKey.length === 33 ? pubKey : Buffer.concat([KEY_BUNDLE_TYPE, pubKey]);
-
-export const Curve = {
-    generateKeyPair: () => {
-        const { pubKey, privKey } = curve.generateKeyPair();
-        return {
-            private: Buffer.from(privKey),
-            // remove version byte
-            public: Buffer.from(pubKey.slice(1))
-        };
-    },
-    sharedKey: (privateKey, publicKey) => {
-        const shared = curve.calculateAgreement(generateSignalPubKey(publicKey), privateKey);
-        return Buffer.from(shared);
-    },
-    sign: (privateKey, buf) => curve.calculateSignature(privateKey, buf),
-    verify: (pubKey, message, signature) => {
-        try {
-            curve.verifySignature(generateSignalPubKey(pubKey), message, signature);
-            return true;
-        }
-        catch (error) {
-            return false;
-        }
-    }
-};
-
-export const signedKeyPair = (identityKeyPair, keyId) => {
-    const preKey = Curve.generateKeyPair();
-    const pubKey = generateSignalPubKey(preKey.public);
-    const signature = Curve.sign(identityKeyPair.private, pubKey);
-    return { keyPair: preKey, signature, keyId };
-};
-
-const GCM_TAG_LENGTH = 128 >> 3;
-
-/**
- * encrypt AES 256 GCM;
- * where the tag tag is suffixed to the ciphertext
- * */
-export function aesEncryptGCM(plaintext, key, iv, additionalData) {
-    const cipher = createCipheriv('aes-256-gcm', key, iv);
-    cipher.setAAD(additionalData);
-    return Buffer.concat([cipher.update(plaintext), cipher.final(), cipher.getAuthTag()]);
-}
-
-/**
- * decrypt AES 256 GCM;
- * where the auth tag is suffixed to the ciphertext
- * */
-export function aesDecryptGCM(ciphertext, key, iv, additionalData) {
-    const decipher = createDecipheriv('aes-256-gcm', key, iv);
-    // decrypt additional adata
-    const enc = ciphertext.slice(0, ciphertext.length - GCM_TAG_LENGTH);
-    const tag = ciphertext.slice(ciphertext.length - GCM_TAG_LENGTH);
-    // set additional data
-    decipher.setAAD(additionalData);
-    decipher.setAuthTag(tag);
-    return Buffer.concat([decipher.update(enc), decipher.final()]);
-}
-
-export function aesEncryptCTR(plaintext, key, iv) {
-    const cipher = createCipheriv('aes-256-ctr', key, iv);
-    return Buffer.concat([cipher.update(plaintext), cipher.final()]);
-}
-
-export function aesDecryptCTR(ciphertext, key, iv) {
-    const decipher = createDecipheriv('aes-256-ctr', key, iv);
-    return Buffer.concat([decipher.update(ciphertext), decipher.final()]);
-}
-
-/** decrypt AES 256 CBC; where the IV is prefixed to the buffer */
-export function aesDecrypt(buffer, key) {
-    return aesDecryptWithIV(buffer.subarray(16), key, buffer.subarray(0, 16));
-}
-
-/** decrypt AES 256 CBC */
-export function aesDecryptWithIV(buffer, key, IV) {
-    const aes = createDecipheriv('aes-256-cbc', key, IV);
-    return Buffer.concat([aes.update(buffer), aes.final()]);
-}
-
-// encrypt AES 256 CBC; where a random IV is prefixed to the buffer
-export function aesEncrypt(buffer, key) {
-    const IV = randomBytes(16);
-    const aes = createCipheriv('aes-256-cbc', key, IV);
-    return Buffer.concat([IV, aes.update(buffer), aes.final()]); // prefix IV to the buffer
-}
-
-// encrypt AES 256 CBC with a given IV
-export function aesEncrypWithIV(buffer, key, IV) {
-    const aes = createCipheriv('aes-256-cbc', key, IV);
-    return Buffer.concat([aes.update(buffer), aes.final()]); // prefix IV to the buffer
-}
-
-// sign HMAC using SHA 256
-export function hmacSign(buffer, key, variant = 'sha256') {
-    return createHmac(variant, key).update(buffer).digest();
-}
-
-export function sha256(buffer) {
-    return createHash('sha256').update(buffer).digest();
-}
-
-export async function derivePairingCodeKey(pairingCode, salt) {
-    // Convert inputs to formats Web Crypto API can work with
-    const encoder = new TextEncoder();
-    const pairingCodeBuffer = encoder.encode(pairingCode);
-    const saltBuffer = new Uint8Array(salt instanceof Uint8Array ? salt : new Uint8Array(salt));
-
-    // Import the pairing code as key material
-    const keyMaterial = await subtle.importKey('raw', pairingCodeBuffer, { name: 'PBKDF2' }, false, [
-        'deriveBits'
-    ]);
-
-    // Derive bits using PBKDF2 with the same parameters
-    // 2 << 16 = 131,072 iterations
-    const derivedBits = await subtle.deriveBits({
-        name: 'PBKDF2',
-        salt: saltBuffer,
-        iterations: 2 << 16,
-        hash: 'SHA-256'
-    }, keyMaterial, 32 * 8 // 32 bytes * 8 = 256 bits
-    );
-
-    return Buffer.from(derivedBits);
+import { createCipheriv, createDecipheriv, createHash, createHmac, randomBytes } from 'crypto'
+import {
+    calculateAgreement,
+    calculateSignature,
+    verifySignature as rustVerifySignature,
+    generateKeyPair as rustGenerateKeyPair,
+    hkdf,
+    md5
+} from 'whatsapp-rust-bridge'
+import { KEY_BUNDLE_TYPE } from '../Defaults/index.js'
+
+export { hkdf, md5 }
+
+export const generateSignalPubKey = (pubKey) =>
+    pubKey.length === 33 ? pubKey : Buffer.concat([KEY_BUNDLE_TYPE, pubKey])
+
+export const Curve = {
+    generateKeyPair: () => {
+        const { pubKey, privKey } = rustGenerateKeyPair()
+        return {
+            private: Buffer.from(privKey),
+            public: Buffer.from(pubKey.slice(1)) // remove version byte
+        }
+    },
+    sharedKey: (privateKey, publicKey) => {
+        const shared = calculateAgreement(generateSignalPubKey(publicKey), privateKey)
+        return Buffer.from(shared)
+    },
+    sign: (privateKey, buf) => calculateSignature(privateKey, buf),
+    verify: (pubKey, message, signature) => {
+        try {
+            return rustVerifySignature(generateSignalPubKey(pubKey), message, signature)
+        } catch {
+            return false
+        }
+    }
+}
+
+export const signedKeyPair = (identityKeyPair, keyId) => {
+    const preKey = Curve.generateKeyPair()
+    const pubKey = generateSignalPubKey(preKey.public)
+    const signature = Curve.sign(identityKeyPair.private, pubKey)
+    return { keyPair: preKey, signature, keyId }
+}
+
+const GCM_TAG_LENGTH = 128 >> 3
+
+export function aesEncryptGCM(plaintext, key, iv, additionalData) {
+    const cipher = createCipheriv('aes-256-gcm', key, iv)
+    cipher.setAAD(additionalData)
+    return Buffer.concat([cipher.update(plaintext), cipher.final(), cipher.getAuthTag()])
+}
+
+export function aesDecryptGCM(ciphertext, key, iv, additionalData) {
+    const decipher = createDecipheriv('aes-256-gcm', key, iv)
+    const enc = ciphertext.slice(0, ciphertext.length - GCM_TAG_LENGTH)
+    const tag = ciphertext.slice(ciphertext.length - GCM_TAG_LENGTH)
+    decipher.setAAD(additionalData)
+    decipher.setAuthTag(tag)
+    return Buffer.concat([decipher.update(enc), decipher.final()])
+}
+
+export function aesEncryptCTR(plaintext, key, iv) {
+    const cipher = createCipheriv('aes-256-ctr', key, iv)
+    return Buffer.concat([cipher.update(plaintext), cipher.final()])
+}
+
+export function aesDecryptCTR(ciphertext, key, iv) {
+    const decipher = createDecipheriv('aes-256-ctr', key, iv)
+    return Buffer.concat([decipher.update(ciphertext), decipher.final()])
+}
+
+export function aesDecrypt(buffer, key) {
+    return aesDecryptWithIV(buffer.subarray(16), key, buffer.subarray(0, 16))
+}
+
+export function aesDecryptWithIV(buffer, key, IV) {
+    const aes = createDecipheriv('aes-256-cbc', key, IV)
+    return Buffer.concat([aes.update(buffer), aes.final()])
+}
+
+export function aesEncrypt(buffer, key) {
+    const IV = randomBytes(16)
+    const aes = createCipheriv('aes-256-cbc', key, IV)
+    return Buffer.concat([IV, aes.update(buffer), aes.final()])
+}
+
+export function aesEncrypWithIV(buffer, key, IV) {
+    const aes = createCipheriv('aes-256-cbc', key, IV)
+    return Buffer.concat([aes.update(buffer), aes.final()])
+}
+
+export function hmacSign(buffer, key, variant = 'sha256') {
+    return createHmac(variant, key).update(buffer).digest()
+}
+
+export function sha256(buffer) {
+    return createHash('sha256').update(buffer).digest()
+}
+
+export async function derivePairingCodeKey(pairingCode, salt) {
+    const { subtle } = globalThis.crypto
+    const encoder = new TextEncoder()
+    const keyMaterial = await subtle.importKey('raw', encoder.encode(pairingCode), { name: 'PBKDF2' }, false, ['deriveBits'])
+    const derivedBits = await subtle.deriveBits(
+        { name: 'PBKDF2', salt: new Uint8Array(salt instanceof Uint8Array ? salt : new Uint8Array(salt)), iterations: 2 << 16, hash: 'SHA-256' },
+        keyMaterial, 256
+    )
+    return Buffer.from(derivedBits)
 }