@sempdev/semp 0.4.3 → 0.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/crypto/index.d.ts +1 -1
- package/dist/crypto/index.d.ts.map +1 -1
- package/dist/crypto/index.js +1 -1
- package/dist/crypto/index.js.map +1 -1
- package/dist/crypto/kem.d.ts +29 -0
- package/dist/crypto/kem.d.ts.map +1 -1
- package/dist/crypto/kem.js +63 -0
- package/dist/crypto/kem.js.map +1 -1
- package/dist/delivery/forwarder.d.ts +74 -26
- package/dist/delivery/forwarder.d.ts.map +1 -1
- package/dist/delivery/forwarder.js +84 -42
- package/dist/delivery/forwarder.js.map +1 -1
- package/dist/delivery/index.d.ts +1 -1
- package/dist/delivery/index.d.ts.map +1 -1
- package/dist/delivery/index.js +1 -1
- package/dist/delivery/index.js.map +1 -1
- package/dist/handshake/client_state.d.ts +2 -1
- package/dist/handshake/client_state.d.ts.map +1 -1
- package/dist/handshake/client_state.js +41 -8
- package/dist/handshake/client_state.js.map +1 -1
- package/dist/handshake/driver.d.ts +16 -5
- package/dist/handshake/driver.d.ts.map +1 -1
- package/dist/handshake/driver.js +61 -12
- package/dist/handshake/driver.js.map +1 -1
- package/dist/handshake/index.d.ts +1 -1
- package/dist/handshake/index.d.ts.map +1 -1
- package/dist/handshake/index.js.map +1 -1
- package/dist/handshake/server.d.ts +26 -1
- package/dist/handshake/server.d.ts.map +1 -1
- package/dist/handshake/server.js +85 -10
- package/dist/handshake/server.js.map +1 -1
- package/dist/handshake/server_state.d.ts +29 -0
- package/dist/handshake/server_state.d.ts.map +1 -1
- package/dist/handshake/server_state.js +112 -7
- package/dist/handshake/server_state.js.map +1 -1
- package/dist/session/dispatcher.d.ts +2 -0
- package/dist/session/dispatcher.d.ts.map +1 -1
- package/dist/session/dispatcher.js +6 -0
- package/dist/session/dispatcher.js.map +1 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client_state.d.ts","sourceRoot":"","sources":["../../src/handshake/client_state.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAGH,OAAO,EACL,KAAK,WAAW,
|
|
1
|
+
{"version":3,"file":"client_state.d.ts","sourceRoot":"","sources":["../../src/handshake/client_state.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAGH,OAAO,EACL,KAAK,WAAW,EAQjB,MAAM,oBAAoB,CAAC;AAO5B,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AAErD,OAAO,EAEL,KAAK,YAAY,EAQlB,MAAM,eAAe,CAAC;AAMvB;;;;GAIG;AACH,MAAM,WAAW,qBAAqB;IACpC,KAAK,EAAE,cAAc,CAAC;IACtB,YAAY,EAAE,YAAY,CAAC;IAC3B,iDAAiD;IACjD,SAAS,EAAE,MAAM,CAAC;IAClB,kEAAkE;IAClE,eAAe,EAAE,UAAU,CAAC;IAC5B,6EAA6E;IAC7E,mBAAmB,CAAC,EAAE,UAAU,CAAC;IACjC,mDAAmD;IACnD,WAAW,CAAC,EAAE,UAAU,CAAC;IACzB;;;;OAIG;IACH,QAAQ,CAAC,EAAE;QACT,QAAQ,EAAE,MAAM,CAAC;QACjB,cAAc,EAAE,MAAM,CAAC;QACvB,YAAY,EAAE,UAAU,CAAC;QACzB,aAAa,EAAE,MAAM,CAAC;QACtB,2DAA2D;QAC3D,UAAU,CAAC,EAAE,UAAU,CAAC;KACzB,CAAC;CACH;AAED,qDAAqD;AACrD,MAAM,WAAW,sBAAsB;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,IAAI,EAAE,WAAW,CAAC;IAClB,wBAAwB,EAAE,MAAM,CAAC;IACjC,4BAA4B,EAAE,MAAM,CAAC;IACrC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,gBAAgB,CAAC,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC;CAC1D;AAGD,OAAO,EAAE,sBAAsB,EAAE,CAAC;AAElC;;;;GAIG;AACH,qBAAa,eAAe;IAE1B,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAiB;IACvC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAa;IAC7C,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAe;IAC5C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAoC;IAG7D,OAAO,CAAC,KAAK,CAA2B;IACxC,OAAO,CAAC,OAAO,CAA2B;IAC1C,OAAO,CAAC,MAAM,CAA2B;IACzC,OAAO,CAAC,aAAa,CAA2B;IAGhD,OAAO,CAAC,SAAS,CAAM;IACvB,OAAO,CAAC,WAAW,CAA4B;IAC/C,OAAO,CAAC,kBAAkB,CAAM;IAChC,OAAO,CAAC,sBAAsB,CAAM;IAGpC,OAAO,CAAC,gBAAgB,CAA2B;IACnD,OAAO,CAAC,WAAW,CAA2B;IAE9C,uDAAuD;IACvD,OAAO,CAAC,YAAY,CAAuC;gBAE/C,GAAG,EAAE,qBAAqB;IA4BtC;;;;OAIG;IACH,IAAI,IAAI,UAAU;IAwClB;;;;;;;OAOG;IACG,WAAW,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IA8ExD;;;;OAIG;IACH,UAAU,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU;IAsFxC;;;;;;OAMG;IACH,UAAU,CAAC,IAAI,EAAE,UAAU,GAAG,IAAI;IA2ClC;;;;OAIG;IACH,UAAU,CAAC,IAAI,EAAE,UAAU,GAAG,sBAAsB;IAiBpD;;;;;;;;;;;;OAYG;IACH,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU;IAuBlC;;;;OAIG;IACH,gBAAgB,CAAC,IAAI,EAAE,UAAU,GAAG;QAClC,OAAO,EAAE,sBAAsB,CAAC;QAChC,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;KAC/B;IA4DD;;;;OAIG;IACH,oBAAoB,CAAC,MAAM,EAAE,UAAU,GAAG,IAAI;IAO9C,kFAAkF;IAClF,OAAO,IAAI,sBAAsB;IASjC;;;OAGG;IACH,KAAK,IAAI,IAAI;CAWd"}
|
|
@@ -40,7 +40,7 @@
|
|
|
40
40
|
* @module
|
|
41
41
|
*/
|
|
42
42
|
import { marshal as canonicalMarshal } from "../canonical/index.js";
|
|
43
|
-
import { deriveSessionKeysWithResumption, newHKDFSHA512, x25519Agree, x25519PublicKey, } from "../crypto/index.js";
|
|
43
|
+
import { HybridPublicKeySize, deriveSessionKeysWithResumption, hybridDecapsulate, hybridGenerateKeyPair, newHKDFSHA512, x25519Agree, x25519PublicKey, } from "../crypto/index.js";
|
|
44
44
|
import { fingerprint, verify as ed25519Verify } from "../keys/index.js";
|
|
45
45
|
import { sha256 } from "@noble/hashes/sha2.js";
|
|
46
46
|
import { ChallengeInvalidError } from "./abort.js";
|
|
@@ -81,8 +81,9 @@ export class HandshakeClient {
|
|
|
81
81
|
/** Final session — populated by {@link onAccepted}. */
|
|
82
82
|
finalSession = null;
|
|
83
83
|
constructor(cfg) {
|
|
84
|
-
if (cfg.suite !== "x25519-chacha20-poly1305"
|
|
85
|
-
|
|
84
|
+
if (cfg.suite !== "x25519-chacha20-poly1305" &&
|
|
85
|
+
cfg.suite !== "pq-kyber768-x25519") {
|
|
86
|
+
throw new Error(`handshake: unsupported suite ${JSON.stringify(cfg.suite)}`);
|
|
86
87
|
}
|
|
87
88
|
if (cfg.serverDomainPub.length === 0) {
|
|
88
89
|
throw new Error("handshake: empty server domain pub");
|
|
@@ -111,14 +112,26 @@ export class HandshakeClient {
|
|
|
111
112
|
if (this.initCanonical !== null) {
|
|
112
113
|
throw new Error("handshake: init already called");
|
|
113
114
|
}
|
|
114
|
-
if (this.
|
|
115
|
-
this.ephPriv
|
|
115
|
+
if (this.suite === "pq-kyber768-x25519") {
|
|
116
|
+
if (this.ephPriv !== null) {
|
|
117
|
+
throw new Error("handshake: PQ suite does not accept pre-pinned clientEphemeralPriv");
|
|
118
|
+
}
|
|
119
|
+
const kp = hybridGenerateKeyPair();
|
|
120
|
+
this.ephPriv = kp.secretKey;
|
|
121
|
+
this.ephPub = kp.publicKey;
|
|
122
|
+
}
|
|
123
|
+
else {
|
|
124
|
+
if (this.ephPriv === null) {
|
|
125
|
+
this.ephPriv = randomBytes(32);
|
|
126
|
+
}
|
|
127
|
+
this.ephPub = x25519PublicKey(this.ephPriv);
|
|
116
128
|
}
|
|
117
|
-
this.ephPub = x25519PublicKey(this.ephPriv);
|
|
118
129
|
if (this.nonce === null) {
|
|
119
130
|
this.nonce = randomBytes(32);
|
|
120
131
|
}
|
|
121
|
-
const ephKeyId =
|
|
132
|
+
const ephKeyId = this.suite === "pq-kyber768-x25519"
|
|
133
|
+
? hexSha256(this.ephPub)
|
|
134
|
+
: fingerprint(this.ephPub);
|
|
122
135
|
const init = buildInit({
|
|
123
136
|
nonce: base64Encode(this.nonce),
|
|
124
137
|
transport: this.transportId,
|
|
@@ -220,7 +233,16 @@ export class HandshakeClient {
|
|
|
220
233
|
verifyServerSignature(resp, "server_signature", this.serverDomainPub);
|
|
221
234
|
const serverEphPub = base64Decode(resp.server_ephemeral_key.key);
|
|
222
235
|
const serverNonce = base64Decode(resp.server_nonce);
|
|
223
|
-
|
|
236
|
+
let shared;
|
|
237
|
+
if (this.suite === "pq-kyber768-x25519") {
|
|
238
|
+
if (this.ephPub === null || this.ephPub.length !== HybridPublicKeySize) {
|
|
239
|
+
throw new Error("handshake: PQ ephemeral pub missing or wrong size");
|
|
240
|
+
}
|
|
241
|
+
shared = hybridDecapsulate(serverEphPub, this.ephPriv);
|
|
242
|
+
}
|
|
243
|
+
else {
|
|
244
|
+
shared = x25519Agree(this.ephPriv, serverEphPub);
|
|
245
|
+
}
|
|
224
246
|
const kdf = newHKDFSHA512();
|
|
225
247
|
const keys = deriveSessionKeysWithResumption(kdf, shared, this.nonce, serverNonce);
|
|
226
248
|
// Erase ephemeral private once shared secret is in hand.
|
|
@@ -490,6 +512,17 @@ function randomBytes(n) {
|
|
|
490
512
|
globalThis.crypto.getRandomValues(out);
|
|
491
513
|
return out;
|
|
492
514
|
}
|
|
515
|
+
function hexSha256(bytes) {
|
|
516
|
+
// Hybrid ephemeral pubs (1216 bytes) overflow the 32-byte input
|
|
517
|
+
// `keys.fingerprint` accepts, so we surface a SHA-256 over the
|
|
518
|
+
// wire bytes as the opaque ephemeral key_id for the PQ suite.
|
|
519
|
+
const sum = sha256(bytes);
|
|
520
|
+
let s = "";
|
|
521
|
+
for (let i = 0; i < sum.length; i++) {
|
|
522
|
+
s += (sum[i] ?? 0).toString(16).padStart(2, "0");
|
|
523
|
+
}
|
|
524
|
+
return s;
|
|
525
|
+
}
|
|
493
526
|
function concat(a, b) {
|
|
494
527
|
const out = new Uint8Array(a.length + b.length);
|
|
495
528
|
out.set(a, 0);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client_state.js","sourceRoot":"","sources":["../../src/handshake/client_state.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAEH,OAAO,EAAE,OAAO,IAAI,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACpE,OAAO,EAEL,+BAA+B,EAC/B,aAAa,EACb,WAAW,EACX,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,WAAW,EAAE,MAAM,IAAI,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAExE,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C,OAAO,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACrD,OAAO,EAOL,eAAe,EACf,YAAY,EACZ,SAAS,GACV,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAE7D,wEAAwE;AACxE,MAAM,WAAW,GAAG,gBAAgB,CAAC;AA6CrC,iEAAiE;AACjE,OAAO,EAAE,sBAAsB,EAAE,CAAC;AAElC;;;;GAIG;AACH,MAAM,OAAO,eAAe;IAC1B,sBAAsB;IACL,KAAK,CAA6B;IAClC,eAAe,CAAa;IAC5B,YAAY,CAAe;IAC3B,WAAW,CAAS;IACpB,QAAQ,CAAoC;IAE7D,mBAAmB;IACX,KAAK,GAAsB,IAAI,CAAC;IAChC,OAAO,GAAsB,IAAI,CAAC;IAClC,MAAM,GAAsB,IAAI,CAAC;IACjC,aAAa,GAAsB,IAAI,CAAC;IAEhD,iDAAiD;IACzC,SAAS,GAAG,EAAE,CAAC;IACf,WAAW,GAAuB,IAAI,CAAC;IACvC,kBAAkB,GAAG,EAAE,CAAC;IACxB,sBAAsB,GAAG,EAAE,CAAC;IAEpC,oCAAoC;IAC5B,gBAAgB,GAAsB,IAAI,CAAC;IAC3C,WAAW,GAAsB,IAAI,CAAC;IAE9C,uDAAuD;IAC/C,YAAY,GAAkC,IAAI,CAAC;IAE3D,YAAY,GAA0B;QACpC,IAAI,GAAG,CAAC,KAAK,KAAK,0BAA0B,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CACb,uDAAuD,GAAG,CAAC,KAAK,EAAE,CACnE,CAAC;QACJ,CAAC;QACD,IAAI,GAAG,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,GAAG,CAAC,SAAS,KAAK,EAAE,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QACD,IAAI,CAAC,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC;QACvB,IAAI,CAAC,eAAe,GAAG,GAAG,CAAC,eAAe,CAAC;QAC3C,IAAI,CAAC,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC;QACrC,IAAI,CAAC,WAAW,GAAG,GAAG,CAAC,SAAS,CAAC;QACjC,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;QAC7B,IAAI,GAAG,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC;YAC1C,IAAI,CAAC,OAAO,GAAG,GAAG,CAAC,mBAAmB,CAAC;QACzC,CAAC;QACD,IAAI,GAAG,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YAClC,IAAI,CAAC,KAAK,GAAG,GAAG,CAAC,WAAW,CAAC;QAC/B,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,IAAI;QACF,IAAI,IAAI,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QACD,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,OAAO,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QACjC,CAAC;QACD,IAAI,CAAC,MAAM,GAAG,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC5C,IAAI,IAAI,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;YACxB,IAAI,CAAC,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QAC/B,CAAC;QACD,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC1C,MAAM,IAAI,GAAgB,SAAS,CAAC;YAClC,KAAK,EAAE,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC;YAC/B,SAAS,EAAE,IAAI,CAAC,WAAW;YAC3B,kBAAkB,EAAE;gBAClB,SAAS,EAAE,IAAI,CAAC,KAAK;gBACrB,GAAG,EAAE,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC;gBAC9B,MAAM,EAAE,QAAQ;aACjB;YACD,YAAY,EAAE,IAAI,CAAC,YAAY;SAChC,CAAC,CAAC;QACH,IAAI,CAAC,aAAa,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAC5C,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,WAAW,CAAC,IAAgB;QAChC,IAAI,IAAI,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QAYD,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC5C,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAiB,CAAC;QAC3C,IAAI,CAAC,CAAC,IAAI,KAAK,gBAAgB,IAAI,CAAC,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QACD,IAAI,CAAC,CAAC,cAAc,KAAK,eAAe,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CACb,yCAAyC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,cAAc,CAAC,EAAE,CAC5E,CAAC;QACJ,CAAC;QACD,kDAAkD;QAClD,IAAI,OAAO,CAAC,CAAC,gBAAgB,KAAK,QAAQ,IAAI,CAAC,CAAC,gBAAgB,KAAK,EAAE,EAAE,CAAC;YACxE,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,CAAC;QACD,MAAM,MAAM,GAAG,CAAC,CAAC,gBAAgB,CAAC;QAClC,MAAM,QAAQ,GAA4B,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3D,QAAQ,CAAC,gBAAgB,GAAG,EAAE,CAAC;QAC/B,MAAM,SAAS,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAC7C,MAAM,YAAY,GAAG,MAAM,CACzB,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,EACzC,SAAS,CACV,CAAC;QACF,IACE,CAAC,aAAa,CAAC,IAAI,CAAC,eAAe,EAAE,YAAY,CAAC,MAAM,CAAC,EAAE,YAAY,CAAC,EACxE,CAAC;YACD,MAAM,IAAI,KAAK,CACb,sDAAsD,CACvD,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAAG,CAAC,CAAC,UAAU,IAAI,EAAE,CAAC;QAClC,IAAI,MAAM,CAAC,SAAS,KAAK,cAAc,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CACb,wCAAwC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAC3E,CAAC;QACJ,CAAC;QACD,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,CAAC,CAAC;QAC1C,IAAI,UAAU,GAAG,WAAW,EAAE,CAAC;YAC7B,MAAM,IAAI,qBAAqB,CAC7B,cAAc,UAAU,yBAAyB,WAAW,EAAE,CAC/D,CAAC;QACJ,CAAC;QACD,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,IAAI,CAAC,CAAC,OAAO,KAAK,EAAE,EAAE,CAAC;YACtD,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YACjC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC;gBAC1C,MAAM,IAAI,qBAAqB,CAC7B,8BAA8B,CAAC,CAAC,OAAO,EAAE,CAC1C,CAAC;YACJ,CAAC;QACH,CAAC;QACD,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;QACjD,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,YAAY,IAAI,EAAE,EAAE,UAAU,CAAC,CAAC;QAC1E,MAAM,GAAG,GAAG;YACV,IAAI,EAAE,gBAAgB;YACtB,IAAI,EAAE,oBAAoB;YAC1B,KAAK,EAAE,QAAQ;YACf,OAAO,EAAE,OAAO;YAChB,YAAY,EAAE,CAAC,CAAC,YAAY;YAC5B,cAAc,EAAE,eAAe;YAC/B,QAAQ,EAAE,EAAE,KAAK,EAAE,QAAQ,CAAC,QAAQ,EAAE,IAAI,EAAE,QAAQ,CAAC,OAAO,EAAE;SAC/D,CAAC;QACF,OAAO,gBAAgB,CAAC,GAAyC,CAAC,CAAC;IACrE,CAAC;IAED;;;;OAIG;IACH,UAAU,CAAC,IAAgB;QACzB,IAAI,IAAI,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACvD,CAAC;QACD,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI,IAAI,IAAI,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QACD,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC5C,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAA4B,CAAC;QACtD,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,UAAU,EAAE,CAAC;YAC7B,MAAM,GAAG,GAAG,CAA+B,CAAC;YAC5C,MAAM,IAAI,sBAAsB,CAC9B,GAAG,CAAC,UAAU,EACd,GAAG,CAAC,WAAW,EACf,GAAG,CAAC,MAAM,CACX,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,CAAC,IAAI,KAAK,gBAAgB,IAAI,CAAC,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YACzD,MAAM,IAAI,KAAK,CACb,2CAA2C,CAAC,CAAC,IAAI,IAAI,GAAG,IAAI,CAAC,CAAC,IAAI,IAAI,GAAG,GAAG,CAC7E,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAG,CAA+B,CAAC;QAC7C,IAAI,IAAI,CAAC,YAAY,KAAK,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QACD,2BAA2B;QAC3B,qBAAqB,CACnB,IAA0C,EAC1C,kBAAkB,EAClB,IAAI,CAAC,eAAe,CACrB,CAAC;QACF,MAAM,YAAY,GAAG,YAAY,CAAC,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;QACjE,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACpD,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACvD,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;QAC5B,MAAM,IAAI,GAAG,+BAA+B,CAC1C,GAAG,EACH,MAAM,EACN,IAAI,CAAC,KAAK,EACV,WAAW,CACZ,CAAC;QACF,yDAAyD;QACzD,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACrB,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QAEpB,MAAM,aAAa,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAC7C,MAAM,EAAE,GAAG,gBAAgB,CAAC,IAAI,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;QAE/D,IAAI,gBAAgB,GAAG,EAAE,CAAC;QAC1B,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAChC,gBAAgB,GAAG,oBAAoB,CAAC;gBACtC,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ;gBAChC,cAAc,EAAE,IAAI,CAAC,QAAQ,CAAC,cAAc;gBAC5C,kBAAkB,EAAE,IAAI,CAAC,QAAQ,CAAC,YAAY;gBAC9C,mBAAmB,EAAE,IAAI,CAAC,QAAQ,CAAC,aAAa;gBAChD,SAAS,EAAE,IAAI,CAAC,UAAU;gBAC1B,gBAAgB,EAAE,EAAE;gBACpB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,KAAK,SAAS;oBACxC,CAAC,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE;oBAC1C,CAAC,CAAC,EAAE,CAAC;aACR,CAAC,CAAC,gBAAgB,CAAC;QACtB,CAAC;QACD,MAAM,OAAO,GAAmB,YAAY,CAAC;YAC3C,SAAS,EAAE,IAAI,CAAC,UAAU;YAC1B,mBAAmB,EAAE,YAAY,CAAC,EAAE,CAAC;YACrC,gBAAgB;SACjB,CAAC,CAAC;QAEH,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC;QACjC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC;QAC5D,IAAI,CAAC,sBAAsB,GAAG,IAAI,CAAC,qBAAqB,CAAC,SAAS,CAAC;QAEnE,OAAO,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACnC,CAAC;IAED;;;;;;OAMG;IACH,UAAU,CAAC,IAAgB;QACzB,IAAI,IAAI,CAAC,WAAW,KAAK,IAAI,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QACD,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC5C,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAA4B,CAAC;QACtD,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,UAAU,EAAE,CAAC;YAC7B,MAAM,GAAG,GAAG,CAA+B,CAAC;YAC5C,MAAM,IAAI,sBAAsB,CAC9B,GAAG,CAAC,UAAU,EACd,GAAG,CAAC,WAAW,EACf,GAAG,CAAC,MAAM,CACX,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,gBAAgB,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,UAAU,EAAE,CAAC;YAC/D,MAAM,IAAI,KAAK,CACb,2CAA2C,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC,GAAG,CACnG,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,GAAG,CAA+B,CAAC;QAC5C,IAAI,GAAG,CAAC,UAAU,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QACD,qBAAqB,CACnB,GAAyC,EACzC,kBAAkB,EAClB,IAAI,CAAC,eAAe,CACrB,CAAC;QACF,MAAM,GAAG,GAAG,GAAG,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC;QACxD,IAAI,CAAC,YAAY,GAAG;YAClB,SAAS,EAAE,GAAG,CAAC,UAAU;YACzB,UAAU,EAAE,GAAG;YACf,WAAW,EAAE,GAAG,CAAC,WAAW;YAC5B,IAAI,EAAE,IAAI,CAAC,WAAW;YACtB,wBAAwB,EAAE,IAAI,CAAC,kBAAkB;YACjD,4BAA4B,EAAE,IAAI,CAAC,sBAAsB;YACzD,UAAU,EAAE,GAAG,CAAC,UAAU;YAC1B,GAAG,CAAC,GAAG,CAAC,iBAAiB,KAAK,SAAS;gBACrC,CAAC,CAAC,EAAE,gBAAgB,EAAE,GAAG,CAAC,iBAAiB,EAAE;gBAC7C,CAAC,CAAC,EAAE,CAAC;SACR,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,UAAU,CAAC,IAAgB;QACzB,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC5C,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAGxB,CAAC;QACF,IAAI,CAAC,CAAC,IAAI,KAAK,gBAAgB,IAAI,CAAC,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YACzD,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC5D,CAAC;QACD,MAAM,GAAG,GAAG,CAAoB,CAAC;QACjC,OAAO,IAAI,sBAAsB,CAC/B,GAAG,CAAC,UAAU,EACd,GAAG,CAAC,WAAW,EACf,GAAG,CAAC,MAAM,CACX,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,MAAM,CAAC,MAAc;QACnB,IAAI,IAAI,CAAC,gBAAgB,KAAK,IAAI,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,CAAC;QACD,IAAI,MAAM,KAAK,EAAE,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,IAAI,CAAC,WAAW,KAAK,IAAI,EAAE,CAAC;YAC9B,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QACrC,CAAC;QACD,MAAM,GAAG,GAAG;YACV,IAAI,EAAE,gBAAgB;YACtB,IAAI,EAAE,QAAQ;YACd,KAAK,EAAE,QAAQ;YACf,OAAO,EAAE,OAAO;YAChB,MAAM;YACN,YAAY,EAAE,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC;YAC5C,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,UAAU,EAAE,EAAE;SACf,CAAC;QACF,OAAO,gBAAgB,CAAC,GAAyC,CAAC,CAAC;IACrE,CAAC;IAED;;;;OAIG;IACH,gBAAgB,CAAC,IAAgB;QAI/B,IAAI,IAAI,CAAC,gBAAgB,KAAK,IAAI,IAAI,IAAI,CAAC,WAAW,KAAK,IAAI,EAAE,CAAC;YAChE,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QACD,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC5C,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAA4B,CAAC;QACtD,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,UAAU,EAAE,CAAC;YAC7B,MAAM,GAAG,GAAG,CAA+B,CAAC;YAC5C,MAAM,IAAI,sBAAsB,CAC9B,GAAG,CAAC,UAAU,EACd,GAAG,CAAC,WAAW,EACf,GAAG,CAAC,MAAM,CACX,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,gBAAgB,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,UAAU,EAAE,CAAC;YAC/D,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,CAAC;QACD,MAAM,GAAG,GAAG,CAA2D,CAAC;QACxE,qBAAqB,CACnB,GAAyC,EACzC,kBAAkB,EAClB,IAAI,CAAC,eAAe,CACrB,CAAC;QACF,IAAI,OAAO,GAAG,CAAC,YAAY,KAAK,QAAQ,IAAI,GAAG,CAAC,YAAY,KAAK,EAAE,EAAE,CAAC;YACpE,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,CAAC;QACD,MAAM,WAAW,GAAG,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACnD,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;QAC5B,uDAAuD;QACvD,cAAc;QACd,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,IAAI,UAAU,EAAE,CAAC,CAAC;QAC5D,MAAM,IAAI,GAAG,+BAA+B,CAC1C,GAAG,EACH,GAAG,EACH,IAAI,CAAC,WAAW,EAChB,WAAW,CACZ,CAAC;QACF,mCAAmC;QACnC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC9B,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;QAC7B,MAAM,GAAG,GAAG,GAAG,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC;QACxD,MAAM,IAAI,GAA2B;YACnC,SAAS,EAAE,GAAG,CAAC,UAAU;YACzB,UAAU,EAAE,GAAG;YACf,WAAW,EAAE,GAAG,CAAC,WAAW;YAC5B,IAAI;YACJ,wBAAwB,EAAE,EAAE;YAC5B,4BAA4B,EAAE,EAAE;YAChC,UAAU,EAAE,GAAG,CAAC,UAAU;YAC1B,GAAG,CAAC,GAAG,CAAC,iBAAiB,KAAK,SAAS;gBACrC,CAAC,CAAC,EAAE,gBAAgB,EAAE,GAAG,CAAC,iBAAiB,EAAE;gBAC7C,CAAC,CAAC,EAAE,CAAC;SACR,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QACzB,OAAO;YACL,OAAO,EAAE,IAAI;YACb,SAAS,EAAE,GAAG,CAAC,iBAAiB,EAAE,KAAK;SACxC,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,oBAAoB,CAAC,MAAkB;QACrC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,CAAC,gBAAgB,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;IACzC,CAAC;IAED,kFAAkF;IAClF,OAAO;QACL,IAAI,IAAI,CAAC,YAAY,KAAK,IAAI,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CACb,gEAAgE,CACjE,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED;;;OAGG;IACH,KAAK;QACH,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACrB,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACtB,CAAC;QACD,IAAI,IAAI,CAAC,gBAAgB,KAAK,IAAI,EAAE,CAAC;YACnC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC9B,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;QAC/B,CAAC;QACD,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;CACF;AAED;;;;;;;;;;;GAWG;AACH,KAAK,UAAU,QAAQ,CACrB,MAAkB,EAClB,WAAmB,EACnB,UAAkB;IAElB,kDAAkD;IAClD,kEAAkE;IAClE,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC;IAC9B,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACvC,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,OAAO,IAAI,EAAE,CAAC;QACZ,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAC1C,MAAM,QAAQ,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;QACrC,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,SAAS,IAAI,WAAW,IAAI,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC1E,IAAI,eAAe,CAAC,GAAG,CAAC,IAAI,UAAU,EAAE,CAAC;YACvC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAChD,CAAC;QACD,OAAO,IAAI,EAAE,CAAC;QACd,8DAA8D;QAC9D,IAAI,OAAO,GAAG,KAAK,KAAK,EAAE,EAAE,CAAC;YAC3B,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,CAAS,EAAE,IAAY;IAC7C,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC;IACjC,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,KAAK,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QACnC,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC;QAC3B,CAAC,KAAK,EAAE,CAAC;IACX,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,UAAU,CAAC,CAAa;IAC/B,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,qBAAqB,CAC5B,OAAgC,EAChC,cAAsB,EACtB,eAA2B;IAE3B,MAAM,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;IACvC,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,EAAE,EAAE,CAAC;QAChD,MAAM,IAAI,KAAK,CAAC,cAAc,cAAc,mBAAmB,CAAC,CAAC;IACnE,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAA4B,CAAC;IAC7E,KAAK,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC;IAC3B,MAAM,SAAS,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAC1C,MAAM,YAAY,GAAG,MAAM,CACzB,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,EACzC,SAAS,CACV,CAAC;IACF,MAAM,GAAG,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACjC,IAAI,CAAC,aAAa,CAAC,eAAe,EAAE,GAAG,EAAE,YAAY,CAAC,EAAE,CAAC;QACvD,MAAM,IAAI,KAAK,CACb,cAAc,cAAc,yCAAyC,CACtE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,CAAS;IAC5B,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IAC9B,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;IACvC,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,MAAM,CAAC,CAAa,EAAE,CAAa;IAC1C,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IAChD,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACd,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;IACrB,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,YAAY,CAAC,CAAa;IACjC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACxC,CAAC;IACD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;AACnB,CAAC;AAED,SAAS,YAAY,CAAC,CAAS;IAC7B,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;IAClD,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
|
|
1
|
+
{"version":3,"file":"client_state.js","sourceRoot":"","sources":["../../src/handshake/client_state.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAEH,OAAO,EAAE,OAAO,IAAI,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACpE,OAAO,EAEL,mBAAmB,EACnB,+BAA+B,EAC/B,iBAAiB,EACjB,qBAAqB,EACrB,aAAa,EACb,WAAW,EACX,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,WAAW,EAAE,MAAM,IAAI,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAExE,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C,OAAO,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhD,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACrD,OAAO,EAOL,eAAe,EACf,YAAY,EACZ,SAAS,GACV,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAE7D,wEAAwE;AACxE,MAAM,WAAW,GAAG,gBAAgB,CAAC;AA6CrC,iEAAiE;AACjE,OAAO,EAAE,sBAAsB,EAAE,CAAC;AAElC;;;;GAIG;AACH,MAAM,OAAO,eAAe;IAC1B,sBAAsB;IACL,KAAK,CAAiB;IACtB,eAAe,CAAa;IAC5B,YAAY,CAAe;IAC3B,WAAW,CAAS;IACpB,QAAQ,CAAoC;IAE7D,mBAAmB;IACX,KAAK,GAAsB,IAAI,CAAC;IAChC,OAAO,GAAsB,IAAI,CAAC;IAClC,MAAM,GAAsB,IAAI,CAAC;IACjC,aAAa,GAAsB,IAAI,CAAC;IAEhD,iDAAiD;IACzC,SAAS,GAAG,EAAE,CAAC;IACf,WAAW,GAAuB,IAAI,CAAC;IACvC,kBAAkB,GAAG,EAAE,CAAC;IACxB,sBAAsB,GAAG,EAAE,CAAC;IAEpC,oCAAoC;IAC5B,gBAAgB,GAAsB,IAAI,CAAC;IAC3C,WAAW,GAAsB,IAAI,CAAC;IAE9C,uDAAuD;IAC/C,YAAY,GAAkC,IAAI,CAAC;IAE3D,YAAY,GAA0B;QACpC,IACE,GAAG,CAAC,KAAK,KAAK,0BAA0B;YACxC,GAAG,CAAC,KAAK,KAAK,oBAAoB,EAClC,CAAC;YACD,MAAM,IAAI,KAAK,CACb,gCAAgC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAC5D,CAAC;QACJ,CAAC;QACD,IAAI,GAAG,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,GAAG,CAAC,SAAS,KAAK,EAAE,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QACD,IAAI,CAAC,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC;QACvB,IAAI,CAAC,eAAe,GAAG,GAAG,CAAC,eAAe,CAAC;QAC3C,IAAI,CAAC,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC;QACrC,IAAI,CAAC,WAAW,GAAG,GAAG,CAAC,SAAS,CAAC;QACjC,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;QAC7B,IAAI,GAAG,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC;YAC1C,IAAI,CAAC,OAAO,GAAG,GAAG,CAAC,mBAAmB,CAAC;QACzC,CAAC;QACD,IAAI,GAAG,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YAClC,IAAI,CAAC,KAAK,GAAG,GAAG,CAAC,WAAW,CAAC;QAC/B,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,IAAI;QACF,IAAI,IAAI,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QACD,IAAI,IAAI,CAAC,KAAK,KAAK,oBAAoB,EAAE,CAAC;YACxC,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI,EAAE,CAAC;gBAC1B,MAAM,IAAI,KAAK,CACb,oEAAoE,CACrE,CAAC;YACJ,CAAC;YACD,MAAM,EAAE,GAAG,qBAAqB,EAAE,CAAC;YACnC,IAAI,CAAC,OAAO,GAAG,EAAE,CAAC,SAAS,CAAC;YAC5B,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,SAAS,CAAC;QAC7B,CAAC;aAAM,CAAC;YACN,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI,EAAE,CAAC;gBAC1B,IAAI,CAAC,OAAO,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;YACjC,CAAC;YACD,IAAI,CAAC,MAAM,GAAG,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9C,CAAC;QACD,IAAI,IAAI,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;YACxB,IAAI,CAAC,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QAC/B,CAAC;QACD,MAAM,QAAQ,GACZ,IAAI,CAAC,KAAK,KAAK,oBAAoB;YACjC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC;YACxB,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC/B,MAAM,IAAI,GAAgB,SAAS,CAAC;YAClC,KAAK,EAAE,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC;YAC/B,SAAS,EAAE,IAAI,CAAC,WAAW;YAC3B,kBAAkB,EAAE;gBAClB,SAAS,EAAE,IAAI,CAAC,KAAK;gBACrB,GAAG,EAAE,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC;gBAC9B,MAAM,EAAE,QAAQ;aACjB;YACD,YAAY,EAAE,IAAI,CAAC,YAAY;SAChC,CAAC,CAAC;QACH,IAAI,CAAC,aAAa,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAC5C,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,WAAW,CAAC,IAAgB;QAChC,IAAI,IAAI,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QAYD,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC5C,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAiB,CAAC;QAC3C,IAAI,CAAC,CAAC,IAAI,KAAK,gBAAgB,IAAI,CAAC,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QACD,IAAI,CAAC,CAAC,cAAc,KAAK,eAAe,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CACb,yCAAyC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,cAAc,CAAC,EAAE,CAC5E,CAAC;QACJ,CAAC;QACD,kDAAkD;QAClD,IAAI,OAAO,CAAC,CAAC,gBAAgB,KAAK,QAAQ,IAAI,CAAC,CAAC,gBAAgB,KAAK,EAAE,EAAE,CAAC;YACxE,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,CAAC;QACD,MAAM,MAAM,GAAG,CAAC,CAAC,gBAAgB,CAAC;QAClC,MAAM,QAAQ,GAA4B,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3D,QAAQ,CAAC,gBAAgB,GAAG,EAAE,CAAC;QAC/B,MAAM,SAAS,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAC7C,MAAM,YAAY,GAAG,MAAM,CACzB,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,EACzC,SAAS,CACV,CAAC;QACF,IACE,CAAC,aAAa,CAAC,IAAI,CAAC,eAAe,EAAE,YAAY,CAAC,MAAM,CAAC,EAAE,YAAY,CAAC,EACxE,CAAC;YACD,MAAM,IAAI,KAAK,CACb,sDAAsD,CACvD,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAAG,CAAC,CAAC,UAAU,IAAI,EAAE,CAAC;QAClC,IAAI,MAAM,CAAC,SAAS,KAAK,cAAc,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CACb,wCAAwC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAC3E,CAAC;QACJ,CAAC;QACD,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,CAAC,CAAC;QAC1C,IAAI,UAAU,GAAG,WAAW,EAAE,CAAC;YAC7B,MAAM,IAAI,qBAAqB,CAC7B,cAAc,UAAU,yBAAyB,WAAW,EAAE,CAC/D,CAAC;QACJ,CAAC;QACD,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,IAAI,CAAC,CAAC,OAAO,KAAK,EAAE,EAAE,CAAC;YACtD,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YACjC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC;gBAC1C,MAAM,IAAI,qBAAqB,CAC7B,8BAA8B,CAAC,CAAC,OAAO,EAAE,CAC1C,CAAC;YACJ,CAAC;QACH,CAAC;QACD,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;QACjD,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,YAAY,IAAI,EAAE,EAAE,UAAU,CAAC,CAAC;QAC1E,MAAM,GAAG,GAAG;YACV,IAAI,EAAE,gBAAgB;YACtB,IAAI,EAAE,oBAAoB;YAC1B,KAAK,EAAE,QAAQ;YACf,OAAO,EAAE,OAAO;YAChB,YAAY,EAAE,CAAC,CAAC,YAAY;YAC5B,cAAc,EAAE,eAAe;YAC/B,QAAQ,EAAE,EAAE,KAAK,EAAE,QAAQ,CAAC,QAAQ,EAAE,IAAI,EAAE,QAAQ,CAAC,OAAO,EAAE;SAC/D,CAAC;QACF,OAAO,gBAAgB,CAAC,GAAyC,CAAC,CAAC;IACrE,CAAC;IAED;;;;OAIG;IACH,UAAU,CAAC,IAAgB;QACzB,IAAI,IAAI,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACvD,CAAC;QACD,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI,IAAI,IAAI,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QACD,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC5C,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAA4B,CAAC;QACtD,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,UAAU,EAAE,CAAC;YAC7B,MAAM,GAAG,GAAG,CAA+B,CAAC;YAC5C,MAAM,IAAI,sBAAsB,CAC9B,GAAG,CAAC,UAAU,EACd,GAAG,CAAC,WAAW,EACf,GAAG,CAAC,MAAM,CACX,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,CAAC,IAAI,KAAK,gBAAgB,IAAI,CAAC,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YACzD,MAAM,IAAI,KAAK,CACb,2CAA2C,CAAC,CAAC,IAAI,IAAI,GAAG,IAAI,CAAC,CAAC,IAAI,IAAI,GAAG,GAAG,CAC7E,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAG,CAA+B,CAAC;QAC7C,IAAI,IAAI,CAAC,YAAY,KAAK,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QACD,2BAA2B;QAC3B,qBAAqB,CACnB,IAA0C,EAC1C,kBAAkB,EAClB,IAAI,CAAC,eAAe,CACrB,CAAC;QACF,MAAM,YAAY,GAAG,YAAY,CAAC,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;QACjE,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACpD,IAAI,MAAkB,CAAC;QACvB,IAAI,IAAI,CAAC,KAAK,KAAK,oBAAoB,EAAE,CAAC;YACxC,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,mBAAmB,EAAE,CAAC;gBACvE,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;YACvE,CAAC;YACD,MAAM,GAAG,iBAAiB,CAAC,YAAY,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QACzD,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACnD,CAAC;QACD,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;QAC5B,MAAM,IAAI,GAAG,+BAA+B,CAC1C,GAAG,EACH,MAAM,EACN,IAAI,CAAC,KAAK,EACV,WAAW,CACZ,CAAC;QACF,yDAAyD;QACzD,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACrB,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QAEpB,MAAM,aAAa,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAC7C,MAAM,EAAE,GAAG,gBAAgB,CAAC,IAAI,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;QAE/D,IAAI,gBAAgB,GAAG,EAAE,CAAC;QAC1B,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAChC,gBAAgB,GAAG,oBAAoB,CAAC;gBACtC,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ;gBAChC,cAAc,EAAE,IAAI,CAAC,QAAQ,CAAC,cAAc;gBAC5C,kBAAkB,EAAE,IAAI,CAAC,QAAQ,CAAC,YAAY;gBAC9C,mBAAmB,EAAE,IAAI,CAAC,QAAQ,CAAC,aAAa;gBAChD,SAAS,EAAE,IAAI,CAAC,UAAU;gBAC1B,gBAAgB,EAAE,EAAE;gBACpB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,KAAK,SAAS;oBACxC,CAAC,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE;oBAC1C,CAAC,CAAC,EAAE,CAAC;aACR,CAAC,CAAC,gBAAgB,CAAC;QACtB,CAAC;QACD,MAAM,OAAO,GAAmB,YAAY,CAAC;YAC3C,SAAS,EAAE,IAAI,CAAC,UAAU;YAC1B,mBAAmB,EAAE,YAAY,CAAC,EAAE,CAAC;YACrC,gBAAgB;SACjB,CAAC,CAAC;QAEH,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC;QACjC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC;QAC5D,IAAI,CAAC,sBAAsB,GAAG,IAAI,CAAC,qBAAqB,CAAC,SAAS,CAAC;QAEnE,OAAO,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACnC,CAAC;IAED;;;;;;OAMG;IACH,UAAU,CAAC,IAAgB;QACzB,IAAI,IAAI,CAAC,WAAW,KAAK,IAAI,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QACD,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC5C,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAA4B,CAAC;QACtD,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,UAAU,EAAE,CAAC;YAC7B,MAAM,GAAG,GAAG,CAA+B,CAAC;YAC5C,MAAM,IAAI,sBAAsB,CAC9B,GAAG,CAAC,UAAU,EACd,GAAG,CAAC,WAAW,EACf,GAAG,CAAC,MAAM,CACX,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,gBAAgB,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,UAAU,EAAE,CAAC;YAC/D,MAAM,IAAI,KAAK,CACb,2CAA2C,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC,GAAG,CACnG,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,GAAG,CAA+B,CAAC;QAC5C,IAAI,GAAG,CAAC,UAAU,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QACD,qBAAqB,CACnB,GAAyC,EACzC,kBAAkB,EAClB,IAAI,CAAC,eAAe,CACrB,CAAC;QACF,MAAM,GAAG,GAAG,GAAG,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC;QACxD,IAAI,CAAC,YAAY,GAAG;YAClB,SAAS,EAAE,GAAG,CAAC,UAAU;YACzB,UAAU,EAAE,GAAG;YACf,WAAW,EAAE,GAAG,CAAC,WAAW;YAC5B,IAAI,EAAE,IAAI,CAAC,WAAW;YACtB,wBAAwB,EAAE,IAAI,CAAC,kBAAkB;YACjD,4BAA4B,EAAE,IAAI,CAAC,sBAAsB;YACzD,UAAU,EAAE,GAAG,CAAC,UAAU;YAC1B,GAAG,CAAC,GAAG,CAAC,iBAAiB,KAAK,SAAS;gBACrC,CAAC,CAAC,EAAE,gBAAgB,EAAE,GAAG,CAAC,iBAAiB,EAAE;gBAC7C,CAAC,CAAC,EAAE,CAAC;SACR,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,UAAU,CAAC,IAAgB;QACzB,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC5C,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAGxB,CAAC;QACF,IAAI,CAAC,CAAC,IAAI,KAAK,gBAAgB,IAAI,CAAC,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YACzD,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC5D,CAAC;QACD,MAAM,GAAG,GAAG,CAAoB,CAAC;QACjC,OAAO,IAAI,sBAAsB,CAC/B,GAAG,CAAC,UAAU,EACd,GAAG,CAAC,WAAW,EACf,GAAG,CAAC,MAAM,CACX,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,MAAM,CAAC,MAAc;QACnB,IAAI,IAAI,CAAC,gBAAgB,KAAK,IAAI,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,CAAC;QACD,IAAI,MAAM,KAAK,EAAE,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,IAAI,CAAC,WAAW,KAAK,IAAI,EAAE,CAAC;YAC9B,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;QACrC,CAAC;QACD,MAAM,GAAG,GAAG;YACV,IAAI,EAAE,gBAAgB;YACtB,IAAI,EAAE,QAAQ;YACd,KAAK,EAAE,QAAQ;YACf,OAAO,EAAE,OAAO;YAChB,MAAM;YACN,YAAY,EAAE,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC;YAC5C,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,UAAU,EAAE,EAAE;SACf,CAAC;QACF,OAAO,gBAAgB,CAAC,GAAyC,CAAC,CAAC;IACrE,CAAC;IAED;;;;OAIG;IACH,gBAAgB,CAAC,IAAgB;QAI/B,IAAI,IAAI,CAAC,gBAAgB,KAAK,IAAI,IAAI,IAAI,CAAC,WAAW,KAAK,IAAI,EAAE,CAAC;YAChE,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QACD,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC5C,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAA4B,CAAC;QACtD,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,UAAU,EAAE,CAAC;YAC7B,MAAM,GAAG,GAAG,CAA+B,CAAC;YAC5C,MAAM,IAAI,sBAAsB,CAC9B,GAAG,CAAC,UAAU,EACd,GAAG,CAAC,WAAW,EACf,GAAG,CAAC,MAAM,CACX,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,gBAAgB,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,UAAU,EAAE,CAAC;YAC/D,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,CAAC;QACD,MAAM,GAAG,GAAG,CAA2D,CAAC;QACxE,qBAAqB,CACnB,GAAyC,EACzC,kBAAkB,EAClB,IAAI,CAAC,eAAe,CACrB,CAAC;QACF,IAAI,OAAO,GAAG,CAAC,YAAY,KAAK,QAAQ,IAAI,GAAG,CAAC,YAAY,KAAK,EAAE,EAAE,CAAC;YACpE,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,CAAC;QACD,MAAM,WAAW,GAAG,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACnD,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;QAC5B,uDAAuD;QACvD,cAAc;QACd,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,IAAI,UAAU,EAAE,CAAC,CAAC;QAC5D,MAAM,IAAI,GAAG,+BAA+B,CAC1C,GAAG,EACH,GAAG,EACH,IAAI,CAAC,WAAW,EAChB,WAAW,CACZ,CAAC;QACF,mCAAmC;QACnC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC9B,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;QAC7B,MAAM,GAAG,GAAG,GAAG,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC;QACxD,MAAM,IAAI,GAA2B;YACnC,SAAS,EAAE,GAAG,CAAC,UAAU;YACzB,UAAU,EAAE,GAAG;YACf,WAAW,EAAE,GAAG,CAAC,WAAW;YAC5B,IAAI;YACJ,wBAAwB,EAAE,EAAE;YAC5B,4BAA4B,EAAE,EAAE;YAChC,UAAU,EAAE,GAAG,CAAC,UAAU;YAC1B,GAAG,CAAC,GAAG,CAAC,iBAAiB,KAAK,SAAS;gBACrC,CAAC,CAAC,EAAE,gBAAgB,EAAE,GAAG,CAAC,iBAAiB,EAAE;gBAC7C,CAAC,CAAC,EAAE,CAAC;SACR,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QACzB,OAAO;YACL,OAAO,EAAE,IAAI;YACb,SAAS,EAAE,GAAG,CAAC,iBAAiB,EAAE,KAAK;SACxC,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,oBAAoB,CAAC,MAAkB;QACrC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,CAAC,gBAAgB,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;IACzC,CAAC;IAED,kFAAkF;IAClF,OAAO;QACL,IAAI,IAAI,CAAC,YAAY,KAAK,IAAI,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CACb,gEAAgE,CACjE,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED;;;OAGG;IACH,KAAK;QACH,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACrB,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACtB,CAAC;QACD,IAAI,IAAI,CAAC,gBAAgB,KAAK,IAAI,EAAE,CAAC;YACnC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC9B,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;QAC/B,CAAC;QACD,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;CACF;AAED;;;;;;;;;;;GAWG;AACH,KAAK,UAAU,QAAQ,CACrB,MAAkB,EAClB,WAAmB,EACnB,UAAkB;IAElB,kDAAkD;IAClD,kEAAkE;IAClE,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC;IAC9B,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACvC,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,OAAO,IAAI,EAAE,CAAC;QACZ,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAC1C,MAAM,QAAQ,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;QACrC,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,SAAS,IAAI,WAAW,IAAI,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC1E,IAAI,eAAe,CAAC,GAAG,CAAC,IAAI,UAAU,EAAE,CAAC;YACvC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAChD,CAAC;QACD,OAAO,IAAI,EAAE,CAAC;QACd,8DAA8D;QAC9D,IAAI,OAAO,GAAG,KAAK,KAAK,EAAE,EAAE,CAAC;YAC3B,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,CAAS,EAAE,IAAY;IAC7C,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC;IACjC,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,KAAK,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QACnC,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC;QAC3B,CAAC,KAAK,EAAE,CAAC;IACX,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,UAAU,CAAC,CAAa;IAC/B,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,qBAAqB,CAC5B,OAAgC,EAChC,cAAsB,EACtB,eAA2B;IAE3B,MAAM,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;IACvC,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,EAAE,EAAE,CAAC;QAChD,MAAM,IAAI,KAAK,CAAC,cAAc,cAAc,mBAAmB,CAAC,CAAC;IACnE,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAA4B,CAAC;IAC7E,KAAK,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC;IAC3B,MAAM,SAAS,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAC1C,MAAM,YAAY,GAAG,MAAM,CACzB,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,EACzC,SAAS,CACV,CAAC;IACF,MAAM,GAAG,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACjC,IAAI,CAAC,aAAa,CAAC,eAAe,EAAE,GAAG,EAAE,YAAY,CAAC,EAAE,CAAC;QACvD,MAAM,IAAI,KAAK,CACb,cAAc,cAAc,yCAAyC,CACtE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,CAAS;IAC5B,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IAC9B,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;IACvC,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,SAAS,CAAC,KAAiB;IAClC,gEAAgE;IAChE,+DAA+D;IAC/D,8DAA8D;IAC9D,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1B,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACnD,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,MAAM,CAAC,CAAa,EAAE,CAAa;IAC1C,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IAChD,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACd,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;IACrB,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,YAAY,CAAC,CAAa;IACjC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACxC,CAAC;IACD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;AACnB,CAAC;AAED,SAAS,YAAY,CAAC,CAAS;IAC7B,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;IAClD,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
|
|
@@ -23,9 +23,11 @@
|
|
|
23
23
|
* reason_code as a typed error.
|
|
24
24
|
*
|
|
25
25
|
* The PQ suite path is structurally identical; only the KEM is
|
|
26
|
-
* different.
|
|
27
|
-
*
|
|
28
|
-
*
|
|
26
|
+
* different. Both the baseline X25519 suite and the hybrid
|
|
27
|
+
* Kyber768 + X25519 PQ suite are supported end to end. On the PQ
|
|
28
|
+
* path step 1 generates a hybrid keypair, step 4 decapsulates the
|
|
29
|
+
* server's hybrid KEM ciphertext to recover the same combined
|
|
30
|
+
* shared secret the responder produced.
|
|
29
31
|
*
|
|
30
32
|
* @module
|
|
31
33
|
*/
|
|
@@ -33,10 +35,19 @@ import { type SessionKeys } from "../crypto/index.js";
|
|
|
33
35
|
import { Session } from "../session/index.js";
|
|
34
36
|
import type { Transport } from "../transport/index.js";
|
|
35
37
|
import { type Capabilities } from "./messages.js";
|
|
38
|
+
/**
|
|
39
|
+
* Negotiable handshake suite. The driver supports both the
|
|
40
|
+
* baseline X25519 + ChaCha20-Poly1305 suite and the hybrid
|
|
41
|
+
* Kyber768 + X25519 PQ suite. The negotiator picks one of these
|
|
42
|
+
* based on capability overlap; supplying `pq-kyber768-x25519`
|
|
43
|
+
* gives you the hybrid PQ KEM end-to-end and `x25519-chacha20-poly1305`
|
|
44
|
+
* gives you the classical baseline.
|
|
45
|
+
*/
|
|
46
|
+
export type HandshakeSuite = "x25519-chacha20-poly1305" | "pq-kyber768-x25519";
|
|
36
47
|
/** Configuration for the client side of a handshake. */
|
|
37
48
|
export interface ClientConfig {
|
|
38
|
-
/** Algorithm suite to negotiate.
|
|
39
|
-
suite:
|
|
49
|
+
/** Algorithm suite to negotiate. */
|
|
50
|
+
suite: HandshakeSuite;
|
|
40
51
|
/** Capability set to advertise. */
|
|
41
52
|
capabilities: Capabilities;
|
|
42
53
|
/** Transport identifier ("ws", "h2", "quic"). Echoed in INIT. */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"driver.d.ts","sourceRoot":"","sources":["../../src/handshake/driver.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"driver.d.ts","sourceRoot":"","sources":["../../src/handshake/driver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAGH,OAAO,EACL,KAAK,WAAW,EAQjB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC9C,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAMvD,OAAO,EAEL,KAAK,YAAY,EAQlB,MAAM,eAAe,CAAC;AAEvB;;;;;;;GAOG;AACH,MAAM,MAAM,cAAc,GACtB,0BAA0B,GAC1B,oBAAoB,CAAC;AAEzB,wDAAwD;AACxD,MAAM,WAAW,YAAY;IAC3B,oCAAoC;IACpC,KAAK,EAAE,cAAc,CAAC;IACtB,mCAAmC;IACnC,YAAY,EAAE,YAAY,CAAC;IAC3B,iEAAiE;IACjE,SAAS,EAAE,MAAM,CAAC;IAClB;;;;OAIG;IACH,eAAe,EAAE,UAAU,CAAC;IAC5B;;;;OAIG;IACH,mBAAmB,CAAC,EAAE,UAAU,CAAC;IACjC;;;OAGG;IACH,WAAW,CAAC,EAAE,UAAU,CAAC;IACzB;;;;;;;;;OASG;IACH,QAAQ,CAAC,EAAE;QACT,QAAQ,EAAE,MAAM,CAAC;QACjB,iCAAiC;QACjC,cAAc,EAAE,MAAM,CAAC;QACvB,kEAAkE;QAClE,YAAY,EAAE,UAAU,CAAC;QACzB,+CAA+C;QAC/C,aAAa,EAAE,MAAM,CAAC;QACtB;;;WAGG;QACH,UAAU,CAAC,EAAE,UAAU,CAAC;KACzB,CAAC;CACH;AAED;;;;GAIG;AACH,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,IAAI,EAAE,WAAW,CAAC;IAClB,6EAA6E;IAC7E,wBAAwB,EAAE,MAAM,CAAC;IACjC,wEAAwE;IACxE,4BAA4B,EAAE,MAAM,CAAC;IACrC,uDAAuD;IACvD,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,mDAAmD;IACnD,gBAAgB,CAAC,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC;CAC1D;AAED,0DAA0D;AAC1D,qBAAa,sBAAuB,SAAQ,KAAK;IAC/C,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;gBACxB,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,SAAS;CAM9E;AAED;;;;;;;;;GASG;AACH,wBAAsB,SAAS,CAC7B,SAAS,EAAE,SAAS,EACpB,MAAM,EAAE,YAAY,GACnB,OAAO,CAAC,OAAO,CAAC,CAkClB"}
|
package/dist/handshake/driver.js
CHANGED
|
@@ -23,16 +23,19 @@
|
|
|
23
23
|
* reason_code as a typed error.
|
|
24
24
|
*
|
|
25
25
|
* The PQ suite path is structurally identical; only the KEM is
|
|
26
|
-
* different.
|
|
27
|
-
*
|
|
28
|
-
*
|
|
26
|
+
* different. Both the baseline X25519 suite and the hybrid
|
|
27
|
+
* Kyber768 + X25519 PQ suite are supported end to end. On the PQ
|
|
28
|
+
* path step 1 generates a hybrid keypair, step 4 decapsulates the
|
|
29
|
+
* server's hybrid KEM ciphertext to recover the same combined
|
|
30
|
+
* shared secret the responder produced.
|
|
29
31
|
*
|
|
30
32
|
* @module
|
|
31
33
|
*/
|
|
32
34
|
import { marshal as canonicalMarshal } from "../canonical/index.js";
|
|
33
|
-
import { deriveSessionKeysWithResumption, newHKDFSHA512, x25519Agree, x25519PublicKey, } from "../crypto/index.js";
|
|
35
|
+
import { HybridPublicKeySize, deriveSessionKeysWithResumption, hybridDecapsulate, hybridGenerateKeyPair, newHKDFSHA512, x25519Agree, x25519PublicKey, } from "../crypto/index.js";
|
|
34
36
|
import { fingerprint, verify as ed25519Verify } from "../keys/index.js";
|
|
35
37
|
import { Session } from "../session/index.js";
|
|
38
|
+
import { sha256 } from "@noble/hashes/sha2.js";
|
|
36
39
|
import { confirmationHash } from "./confirm.js";
|
|
37
40
|
import { composeIdentityProof } from "./identity.js";
|
|
38
41
|
import { HandshakePrefix, buildConfirm, buildInit, } from "./messages.js";
|
|
@@ -59,8 +62,9 @@ export class HandshakeRejectedError extends Error {
|
|
|
59
62
|
* the returned Session — closing the Session closes the transport.
|
|
60
63
|
*/
|
|
61
64
|
export async function runClient(transport, config) {
|
|
62
|
-
if (config.suite !== "x25519-chacha20-poly1305"
|
|
63
|
-
|
|
65
|
+
if (config.suite !== "x25519-chacha20-poly1305" &&
|
|
66
|
+
config.suite !== "pq-kyber768-x25519") {
|
|
67
|
+
throw new Error(`handshake: unsupported suite ${JSON.stringify(config.suite)}`);
|
|
64
68
|
}
|
|
65
69
|
try {
|
|
66
70
|
const result = await runClientInner(transport, config);
|
|
@@ -91,11 +95,29 @@ export async function runClient(transport, config) {
|
|
|
91
95
|
}
|
|
92
96
|
}
|
|
93
97
|
async function runClientInner(transport, config) {
|
|
94
|
-
// Step 1: ephemeral + nonce.
|
|
95
|
-
|
|
96
|
-
|
|
98
|
+
// Step 1: ephemeral + nonce. The wire shape of the ephemeral
|
|
99
|
+
// key depends on the suite: 32-byte X25519 pub for baseline,
|
|
100
|
+
// 1216-byte hybrid (kyberPub || x25519Pub) for PQ.
|
|
101
|
+
const isPQ = config.suite === "pq-kyber768-x25519";
|
|
102
|
+
let ephPriv;
|
|
103
|
+
let ephPub;
|
|
104
|
+
if (isPQ) {
|
|
105
|
+
const kp = hybridGenerateKeyPair();
|
|
106
|
+
ephPriv = kp.secretKey;
|
|
107
|
+
ephPub = kp.publicKey;
|
|
108
|
+
}
|
|
109
|
+
else {
|
|
110
|
+
ephPriv = config.clientEphemeralPriv ?? randomBytes(32);
|
|
111
|
+
ephPub = x25519PublicKey(ephPriv);
|
|
112
|
+
}
|
|
97
113
|
const clientNonce = config.clientNonce ?? randomBytes(32);
|
|
98
|
-
|
|
114
|
+
// The hybrid pub is too large to fingerprint with the 32-byte
|
|
115
|
+
// KEY.md primitive; we use a stable SHA-256 over the wire bytes
|
|
116
|
+
// for the key_id field. For baseline this stays the same as
|
|
117
|
+
// before.
|
|
118
|
+
const ephKeyId = isPQ
|
|
119
|
+
? hexSha256(ephPub)
|
|
120
|
+
: fingerprint(ephPub);
|
|
99
121
|
// Step 2: INIT.
|
|
100
122
|
const init = buildInit({
|
|
101
123
|
nonce: base64Encode(clientNonce),
|
|
@@ -123,8 +145,21 @@ async function runClientInner(transport, config) {
|
|
|
123
145
|
verifyServerSignature(resp, "server_signature", config.serverDomainPub);
|
|
124
146
|
const serverNonce = base64Decode(resp.server_nonce);
|
|
125
147
|
const serverEphPub = base64Decode(resp.server_ephemeral_key.key);
|
|
126
|
-
// Step 4: derive session keys.
|
|
127
|
-
|
|
148
|
+
// Step 4: derive session keys. For the PQ suite the wire
|
|
149
|
+
// server_ephemeral_key is a hybrid KEM ciphertext (kyberCt ||
|
|
150
|
+
// responderX25519Pub) that we decapsulate with the hybrid
|
|
151
|
+
// private key we generated in step 1; for baseline we run the
|
|
152
|
+
// legacy X25519 ECDH.
|
|
153
|
+
let sharedSecret;
|
|
154
|
+
if (isPQ) {
|
|
155
|
+
if (ephPub.length !== HybridPublicKeySize) {
|
|
156
|
+
throw new Error(`handshake: PQ ephemeral pub ${ephPub.length} bytes, want ${HybridPublicKeySize}`);
|
|
157
|
+
}
|
|
158
|
+
sharedSecret = hybridDecapsulate(serverEphPub, ephPriv);
|
|
159
|
+
}
|
|
160
|
+
else {
|
|
161
|
+
sharedSecret = x25519Agree(ephPriv, serverEphPub);
|
|
162
|
+
}
|
|
128
163
|
const kdf = newHKDFSHA512();
|
|
129
164
|
const keys = deriveSessionKeysWithResumption(kdf, sharedSecret, clientNonce, serverNonce);
|
|
130
165
|
// Step 5: confirmation hash.
|
|
@@ -221,6 +256,20 @@ function randomBytes(n) {
|
|
|
221
256
|
globalThis.crypto.getRandomValues(out);
|
|
222
257
|
return out;
|
|
223
258
|
}
|
|
259
|
+
function hexSha256(bytes) {
|
|
260
|
+
// Hybrid ephemeral pubs are larger than 32 bytes, so we cannot
|
|
261
|
+
// route them through `keys.fingerprint` (which enforces a
|
|
262
|
+
// 32-byte input for KEY.md compatibility). The handshake uses
|
|
263
|
+
// ephemeral key_ids as opaque correlation tags only; SHA-256
|
|
264
|
+
// of the wire bytes gives a stable identifier of the right
|
|
265
|
+
// shape (lowercase hex).
|
|
266
|
+
const sum = sha256(bytes);
|
|
267
|
+
let s = "";
|
|
268
|
+
for (let i = 0; i < sum.length; i++) {
|
|
269
|
+
s += (sum[i] ?? 0).toString(16).padStart(2, "0");
|
|
270
|
+
}
|
|
271
|
+
return s;
|
|
272
|
+
}
|
|
224
273
|
function concat(a, b) {
|
|
225
274
|
const out = new Uint8Array(a.length + b.length);
|
|
226
275
|
out.set(a, 0);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"driver.js","sourceRoot":"","sources":["../../src/handshake/driver.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"driver.js","sourceRoot":"","sources":["../../src/handshake/driver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,EAAE,OAAO,IAAI,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACpE,OAAO,EAEL,mBAAmB,EACnB,+BAA+B,EAC/B,iBAAiB,EACjB,qBAAqB,EACrB,aAAa,EACb,WAAW,EACX,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,WAAW,EAAE,MAAM,IAAI,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACxE,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAG9C,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACrD,OAAO,EAOL,eAAe,EACf,YAAY,EACZ,SAAS,GACV,MAAM,eAAe,CAAC;AAqFvB,0DAA0D;AAC1D,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IACtC,SAAS,CAAS;IAClB,UAAU,CAAS;IACnB,MAAM,CAAqB;IACpC,YAAY,SAAiB,EAAE,UAAkB,EAAE,MAA0B;QAC3E,KAAK,CAAC,uBAAuB,UAAU,GAAG,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,KAAK,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACxF,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;CACF;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,SAAoB,EACpB,MAAoB;IAEpB,IACE,MAAM,CAAC,KAAK,KAAK,0BAA0B;QAC3C,MAAM,CAAC,KAAK,KAAK,oBAAoB,EACrC,CAAC;QACD,MAAM,IAAI,KAAK,CACb,gCAAgC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAC/D,CAAC;IACJ,CAAC;IACD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QACvD,OAAO,IAAI,OAAO,CAAC;YACjB,IAAI,EAAE,QAAQ;YACd,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,aAAa,EAAE,IAAI,IAAI,EAAE;YACzB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,SAAS;YACT,GAAG,CAAC,MAAM,CAAC,gBAAgB,KAAK,SAAS;gBACvC,CAAC,CAAC,EAAE,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,EAAE;gBAC/C,CAAC,CAAC,EAAE,CAAC;YACP,wBAAwB,EAAE,MAAM,CAAC,wBAAwB;YACzD,4BAA4B,EAAE,MAAM,CAAC,4BAA4B;YACjE,UAAU,EAAE,MAAM,CAAC,UAAU;SAC9B,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,CAAC;YACH,MAAM,SAAS,CAAC,KAAK,EAAE,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,iBAAiB;QACnB,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,cAAc,CAC3B,SAAoB,EACpB,MAAoB;IAGpB,6DAA6D;IAC7D,6DAA6D;IAC7D,mDAAmD;IACnD,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,KAAK,oBAAoB,CAAC;IACnD,IAAI,OAAmB,CAAC;IACxB,IAAI,MAAkB,CAAC;IACvB,IAAI,IAAI,EAAE,CAAC;QACT,MAAM,EAAE,GAAG,qBAAqB,EAAE,CAAC;QACnC,OAAO,GAAG,EAAE,CAAC,SAAS,CAAC;QACvB,MAAM,GAAG,EAAE,CAAC,SAAS,CAAC;IACxB,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,MAAM,CAAC,mBAAmB,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC;QACxD,MAAM,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC;IACD,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC;IAC1D,8DAA8D;IAC9D,gEAAgE;IAChE,4DAA4D;IAC5D,UAAU;IACV,MAAM,QAAQ,GAAG,IAAI;QACnB,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC;QACnB,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;IAExB,gBAAgB;IAChB,MAAM,IAAI,GAAgB,SAAS,CAAC;QAClC,KAAK,EAAE,YAAY,CAAC,WAAW,CAAC;QAChC,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,kBAAkB,EAAE;YAClB,SAAS,EAAE,MAAM,CAAC,KAAK;YACvB,GAAG,EAAE,YAAY,CAAC,MAAM,CAAC;YACzB,MAAM,EAAE,QAAQ;SACjB;QACD,YAAY,EAAE,MAAM,CAAC,YAAY;KAClC,CAAC,CAAC;IACH,MAAM,aAAa,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IAC7C,MAAM,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAEpC,oBAAoB;IACpB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAC9D,MAAM,OAAO,GAAG,qBAAqB,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,OAAO,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAChC,MAAM,GAAG,GAAG,OAA0B,CAAC;QACvC,MAAM,IAAI,sBAAsB,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAChF,CAAC;IACD,IAAI,OAAO,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,6CAA6C,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC;IAChF,CAAC;IACD,MAAM,IAAI,GAAG,OAA0B,CAAC;IACxC,qBAAqB,CACnB,IAA0C,EAC1C,kBAAkB,EAClB,MAAM,CAAC,eAAe,CACvB,CAAC;IAEF,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACpD,MAAM,YAAY,GAAG,YAAY,CAAC,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;IAEjE,yDAAyD;IACzD,8DAA8D;IAC9D,0DAA0D;IAC1D,8DAA8D;IAC9D,sBAAsB;IACtB,IAAI,YAAwB,CAAC;IAC7B,IAAI,IAAI,EAAE,CAAC;QACT,IAAI,MAAM,CAAC,MAAM,KAAK,mBAAmB,EAAE,CAAC;YAC1C,MAAM,IAAI,KAAK,CACb,+BAA+B,MAAM,CAAC,MAAM,gBAAgB,mBAAmB,EAAE,CAClF,CAAC;QACJ,CAAC;QACD,YAAY,GAAG,iBAAiB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAC1D,CAAC;SAAM,CAAC;QACN,YAAY,GAAG,WAAW,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IACpD,CAAC;IACD,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,MAAM,IAAI,GAAG,+BAA+B,CAC1C,GAAG,EACH,YAAY,EACZ,WAAW,EACX,WAAW,CACZ,CAAC;IAEF,6BAA6B;IAC7B,MAAM,aAAa,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IAC7C,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;IAExE,+DAA+D;IAC/D,+DAA+D;IAC/D,6DAA6D;IAC7D,mCAAmC;IACnC,IAAI,gBAAgB,GAAG,EAAE,CAAC;IAC1B,IAAI,MAAM,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QAClC,gBAAgB,GAAG,oBAAoB,CAAC;YACtC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;YAClC,cAAc,EAAE,MAAM,CAAC,QAAQ,CAAC,cAAc;YAC9C,kBAAkB,EAAE,MAAM,CAAC,QAAQ,CAAC,YAAY;YAChD,mBAAmB,EAAE,MAAM,CAAC,QAAQ,CAAC,aAAa;YAClD,SAAS,EAAE,IAAI,CAAC,UAAU;YAC1B,gBAAgB,EAAE,gBAAgB;YAClC,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,KAAK,SAAS;gBAC1C,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,CAAC,QAAQ,CAAC,UAAU,EAAE;gBAC5C,CAAC,CAAC,EAAE,CAAC;SACR,CAAC,CAAC,gBAAgB,CAAC;IACtB,CAAC;IACD,MAAM,OAAO,GAAmB,YAAY,CAAC;QAC3C,SAAS,EAAE,IAAI,CAAC,UAAU;QAC1B,mBAAmB,EAAE,YAAY,CAAC,gBAAgB,CAAC;QACnD,gBAAgB;KACjB,CAAC,CAAC;IACH,MAAM,SAAS,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC;IAEhD,kCAAkC;IAClC,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAClE,MAAM,WAAW,GAAG,qBAAqB,CAAC,aAAa,CAAC,CAAC;IACzD,IAAI,WAAW,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACpC,MAAM,GAAG,GAAG,WAA8B,CAAC;QAC3C,MAAM,IAAI,sBAAsB,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAChF,CAAC;IACD,IAAI,WAAW,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,6CAA6C,WAAW,CAAC,IAAI,GAAG,CAAC,CAAC;IACpF,CAAC;IACD,MAAM,QAAQ,GAAG,WAA8B,CAAC;IAChD,qBAAqB,CACnB,QAA8C,EAC9C,kBAAkB,EAClB,MAAM,CAAC,eAAe,CACvB,CAAC;IAEF,OAAO;QACL,SAAS,EAAE,QAAQ,CAAC,UAAU;QAC9B,UAAU,EAAE,QAAQ,CAAC,WAAW;QAChC,WAAW,EAAE,QAAQ,CAAC,WAAW;QACjC,IAAI;QACJ,wBAAwB,EAAE,IAAI,CAAC,qBAAqB,CAAC,MAAM;QAC3D,4BAA4B,EAAE,IAAI,CAAC,qBAAqB,CAAC,SAAS;QAClE,UAAU,EAAE,QAAQ,CAAC,UAAU;QAC/B,GAAG,CAAC,QAAQ,CAAC,iBAAiB,KAAK,SAAS;YAC1C,CAAC,CAAC,EAAE,gBAAgB,EAAE,QAAQ,CAAC,iBAAiB,EAAE;YAClD,CAAC,CAAC,EAAE,CAAC;KACR,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,YAAY;AAEZ,KAAK,UAAU,cAAc,CAAC,SAAoB,EAAE,QAAgB;IAClE,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE,CAAC;IACtC,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,4CAA4C,QAAQ,EAAE,CAAC,CAAC;IAC1E,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAiB;IAC9C,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAqC,CAAC;IACjE,IAAI,GAAG,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,iDAAiD,GAAG,CAAC,IAAI,IAAI,GAAG,GAAG,CAAC,CAAC;IACvF,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;IACD,OAAO,GAAuB,CAAC;AACjC,CAAC;AAED,SAAS,qBAAqB,CAC5B,OAAgC,EAChC,cAAsB,EACtB,eAA2B;IAE3B,MAAM,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;IACvC,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,EAAE,EAAE,CAAC;QAChD,MAAM,IAAI,KAAK,CAAC,cAAc,cAAc,mBAAmB,CAAC,CAAC;IACnE,CAAC;IACD,0DAA0D;IAC1D,kCAAkC;IAClC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAA4B,CAAC;IAC7E,KAAK,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC;IAC3B,MAAM,SAAS,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAC1C,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,SAAS,CAAC,CAAC;IAClF,MAAM,GAAG,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACjC,IAAI,CAAC,aAAa,CAAC,eAAe,EAAE,GAAG,EAAE,YAAY,CAAC,EAAE,CAAC;QACvD,MAAM,IAAI,KAAK,CAAC,cAAc,cAAc,yCAAyC,CAAC,CAAC;IACzF,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,CAAS;IAC5B,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IAC9B,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;IACvC,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,SAAS,CAAC,KAAiB;IAClC,+DAA+D;IAC/D,0DAA0D;IAC1D,8DAA8D;IAC9D,6DAA6D;IAC7D,2DAA2D;IAC3D,yBAAyB;IACzB,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1B,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACnD,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,MAAM,CAAC,CAAa,EAAE,CAAa;IAC1C,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IAChD,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACd,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;IACrB,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,YAAY,CAAC,CAAa;IACjC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACxC,CAAC;IACD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;AACnB,CAAC;AAED,SAAS,YAAY,CAAC,CAAS;IAC7B,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;IAClD,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
|
|
@@ -10,7 +10,7 @@ export { verifyChallengeSolution, firstContactDigest, leadingZeroBits, MaxPoWDif
|
|
|
10
10
|
export { FirstContactBindingHashSize, FirstContactBindingTag, FirstContactFieldSep, FirstContactPrefixRandBytes, computeFirstContactPrefix, decodeFirstContactPrefix, verifyFirstContactBinding, } from "./first_contact.js";
|
|
11
11
|
export { ImplementedSuites, SuitePreferenceOrder, defaultClientCapabilities, defaultServerCapabilities, negotiateCapabilities, } from "./capabilities.js";
|
|
12
12
|
export { ChallengeInvalidError, buildClientRejection, isChallengeInvalid, isResumptionFailed, } from "./abort.js";
|
|
13
|
-
export { type ClientConfig, type ClientSession, HandshakeRejectedError, runClient, } from "./driver.js";
|
|
13
|
+
export { type ClientConfig, type ClientSession, type HandshakeSuite, HandshakeRejectedError, runClient, } from "./driver.js";
|
|
14
14
|
export { type HandshakeClientConfig, type HandshakeClientSession, HandshakeClient, } from "./client_state.js";
|
|
15
15
|
export { type HandshakeServerConfig, type HandshakeServerSession, HandshakeServer, HandshakeServerRejectionError, } from "./server_state.js";
|
|
16
16
|
export { runClientResume, runClientResumeOrFull, } from "./resume_driver.js";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/handshake/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EACL,uBAAuB,EACvB,kBAAkB,EAClB,eAAe,EACf,gBAAgB,GACjB,MAAM,UAAU,CAAC;AAClB,OAAO,EACL,2BAA2B,EAC3B,sBAAsB,EACtB,oBAAoB,EACpB,2BAA2B,EAC3B,yBAAyB,EACzB,wBAAwB,EACxB,yBAAyB,GAC1B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,yBAAyB,EACzB,yBAAyB,EACzB,qBAAqB,GACtB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,sBAAsB,EACtB,SAAS,GACV,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,KAAK,qBAAqB,EAC1B,KAAK,sBAAsB,EAC3B,eAAe,GAChB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,KAAK,qBAAqB,EAC1B,KAAK,sBAAsB,EAC3B,eAAe,EACf,6BAA6B,GAC9B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,eAAe,EACf,qBAAqB,GACtB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,KAAK,WAAW,EAChB,KAAK,iBAAiB,EACtB,KAAK,wBAAwB,EAC7B,KAAK,cAAc,EACnB,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,sBAAsB,EAC3B,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,EAC/B,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,EAC/B,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,UAAU,EACf,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,sBAAsB,EACtB,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,KAAK,oBAAoB,EACzB,KAAK,YAAY,EACjB,SAAS,GACV,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,KAAK,yBAAyB,EAC9B,KAAK,kBAAkB,EACvB,KAAK,sBAAsB,EAC3B,cAAc,EACd,oBAAoB,EACpB,iBAAiB,GAClB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,KAAK,eAAe,EACpB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,cAAc,EACnB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,YAAY,EACjB,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,KAAK,MAAM,EACX,KAAK,UAAU,EACf,KAAK,eAAe,EACpB,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,mBAAmB,EACxB,eAAe,EACf,gBAAgB,EAChB,aAAa,EACb,YAAY,EACZ,SAAS,EACT,aAAa,EACb,aAAa,GACd,MAAM,eAAe,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/handshake/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EACL,uBAAuB,EACvB,kBAAkB,EAClB,eAAe,EACf,gBAAgB,GACjB,MAAM,UAAU,CAAC;AAClB,OAAO,EACL,2BAA2B,EAC3B,sBAAsB,EACtB,oBAAoB,EACpB,2BAA2B,EAC3B,yBAAyB,EACzB,wBAAwB,EACxB,yBAAyB,GAC1B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,yBAAyB,EACzB,yBAAyB,EACzB,qBAAqB,GACtB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,sBAAsB,EACtB,SAAS,GACV,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,KAAK,qBAAqB,EAC1B,KAAK,sBAAsB,EAC3B,eAAe,GAChB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,KAAK,qBAAqB,EAC1B,KAAK,sBAAsB,EAC3B,eAAe,EACf,6BAA6B,GAC9B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,eAAe,EACf,qBAAqB,GACtB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,KAAK,WAAW,EAChB,KAAK,iBAAiB,EACtB,KAAK,wBAAwB,EAC7B,KAAK,cAAc,EACnB,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,sBAAsB,EAC3B,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,EAC/B,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,EAC/B,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,UAAU,EACf,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,sBAAsB,EACtB,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,KAAK,oBAAoB,EACzB,KAAK,YAAY,EACjB,SAAS,GACV,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,KAAK,yBAAyB,EAC9B,KAAK,kBAAkB,EACvB,KAAK,sBAAsB,EAC3B,cAAc,EACd,oBAAoB,EACpB,iBAAiB,GAClB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,KAAK,eAAe,EACpB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,cAAc,EACnB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,YAAY,EACjB,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,KAAK,MAAM,EACX,KAAK,UAAU,EACf,KAAK,eAAe,EACpB,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,mBAAmB,EACxB,eAAe,EACf,gBAAgB,EAChB,aAAa,EACb,YAAY,EACZ,SAAS,EACT,aAAa,EACb,aAAa,GACd,MAAM,eAAe,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/handshake/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EACL,uBAAuB,EACvB,kBAAkB,EAClB,eAAe,EACf,gBAAgB,GACjB,MAAM,UAAU,CAAC;AAClB,OAAO,EACL,2BAA2B,EAC3B,sBAAsB,EACtB,oBAAoB,EACpB,2BAA2B,EAC3B,yBAAyB,EACzB,wBAAwB,EACxB,yBAAyB,GAC1B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,yBAAyB,EACzB,yBAAyB,EACzB,qBAAqB,GACtB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,YAAY,CAAC;AACpB,OAAO,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/handshake/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EACL,uBAAuB,EACvB,kBAAkB,EAClB,eAAe,EACf,gBAAgB,GACjB,MAAM,UAAU,CAAC;AAClB,OAAO,EACL,2BAA2B,EAC3B,sBAAsB,EACtB,oBAAoB,EACpB,2BAA2B,EAC3B,yBAAyB,EACzB,wBAAwB,EACxB,yBAAyB,GAC1B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,yBAAyB,EACzB,yBAAyB,EACzB,qBAAqB,GACtB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,YAAY,CAAC;AACpB,OAAO,EAIL,sBAAsB,EACtB,SAAS,GACV,MAAM,aAAa,CAAC;AACrB,OAAO,EAGL,eAAe,GAChB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAGL,eAAe,EACf,6BAA6B,GAC9B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,eAAe,EACf,qBAAqB,GACtB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAmBL,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,sBAAsB,EACtB,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAGL,SAAS,GACV,MAAM,aAAa,CAAC;AACrB,OAAO,EAIL,cAAc,EACd,oBAAoB,EACpB,iBAAiB,GAClB,MAAM,eAAe,CAAC;AACvB,OAAO,EAgBL,eAAe,EACf,gBAAgB,EAChB,aAAa,EACb,YAAY,EACZ,SAAS,EACT,aAAa,EACb,aAAa,GACd,MAAM,eAAe,CAAC"}
|
|
@@ -33,6 +33,7 @@
|
|
|
33
33
|
import { type SessionKeys } from "../crypto/index.js";
|
|
34
34
|
import { Session } from "../session/index.js";
|
|
35
35
|
import type { Transport } from "../transport/index.js";
|
|
36
|
+
import type { HandshakeSuite } from "./driver.js";
|
|
36
37
|
import { type ResumptionTicket } from "./messages.js";
|
|
37
38
|
/** Result the identity-proof hook returns. */
|
|
38
39
|
export interface IdentityProofVerdict {
|
|
@@ -56,7 +57,7 @@ export interface ServerConfig {
|
|
|
56
57
|
* Suites this server accepts, in preference order. The server
|
|
57
58
|
* picks the first one that's also in the client's offered set.
|
|
58
59
|
*/
|
|
59
|
-
supportedSuites: ReadonlyArray<
|
|
60
|
+
supportedSuites: ReadonlyArray<HandshakeSuite>;
|
|
60
61
|
/**
|
|
61
62
|
* Per-session identity-proof signature. The driver embeds this
|
|
62
63
|
* into RESPONSE.server_identity_proof. Production servers compute
|
|
@@ -78,11 +79,35 @@ export interface ServerConfig {
|
|
|
78
79
|
* CONFIRM. If omitted, the v1 driver accepts any non-empty
|
|
79
80
|
* proof (and an empty proof, since the v1 client driver leaves
|
|
80
81
|
* it empty).
|
|
82
|
+
*
|
|
83
|
+
* The `block` field is the AEAD-decrypted identity-proof block
|
|
84
|
+
* when the proof bytes successfully unwrapped under K_enc_c2s.
|
|
85
|
+
* It is undefined when the wrapped proof is empty or when AEAD
|
|
86
|
+
* open failed (in which case the driver has already rejected
|
|
87
|
+
* with `auth_failed` before invoking this callback). Consumers
|
|
88
|
+
* that already needed to decrypt the proof can read `block`
|
|
89
|
+
* instead of re-running {@link openIdentityProof}.
|
|
81
90
|
*/
|
|
82
91
|
verifyIdentityProof?: (input: {
|
|
83
92
|
identityProofB64: string;
|
|
84
93
|
sessionKeys: SessionKeys;
|
|
94
|
+
block?: import("./identity.js").IdentityProofBlock;
|
|
85
95
|
}) => IdentityProofVerdict;
|
|
96
|
+
/**
|
|
97
|
+
* Optional lookup of the public key for a client's long-term
|
|
98
|
+
* identity key. When supplied, the driver verifies the
|
|
99
|
+
* inner identity_signature inside the decrypted identity-proof
|
|
100
|
+
* block over `SEMP-IDENTITY: || session_id || confirmation_hash`
|
|
101
|
+
* and rejects with `auth_failed` on signature failure.
|
|
102
|
+
*
|
|
103
|
+
* When omitted, the inner signature is not checked. Callers
|
|
104
|
+
* that want to enforce identity binding without supplying this
|
|
105
|
+
* lookup can do so themselves inside
|
|
106
|
+
* {@link verifyIdentityProof}.
|
|
107
|
+
*
|
|
108
|
+
* Throw to reject the handshake with the `auth_failed` reason.
|
|
109
|
+
*/
|
|
110
|
+
lookupClientIdentityKey?: (clientIdentity: string, clientLongTermKeyId: string) => Uint8Array;
|
|
86
111
|
/**
|
|
87
112
|
* Permissions to grant on ACCEPTED. v1 driver does no
|
|
88
113
|
* authorization; the caller decides.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/handshake/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAGH,OAAO,EACL,KAAK,WAAW,
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/handshake/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAGH,OAAO,EACL,KAAK,WAAW,EAMjB,MAAM,oBAAoB,CAAC;AAI5B,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC9C,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAGvD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAMlD,OAAO,EAKL,KAAK,gBAAgB,EAKtB,MAAM,eAAe,CAAC;AAEvB,8CAA8C;AAC9C,MAAM,WAAW,oBAAoB;IACnC,uCAAuC;IACvC,EAAE,EAAE,OAAO,CAAC;IACZ;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,yDAAyD;IACzD,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,wDAAwD;AACxD,MAAM,WAAW,YAAY;IAC3B,uEAAuE;IACvE,uBAAuB,EAAE,UAAU,CAAC;IACpC,uEAAuE;IACvE,MAAM,EAAE,MAAM,CAAC;IACf;;;OAGG;IACH,eAAe,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;IAC/C;;;;;;OAMG;IACH,sBAAsB,EAAE,CAAC,KAAK,EAAE;QAC9B,kBAAkB,EAAE;YAAE,SAAS,EAAE,MAAM,CAAC;YAAC,GAAG,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,MAAM,CAAA;SAAE,CAAC;QACvE,WAAW,EAAE,MAAM,CAAC;QACpB,WAAW,EAAE,MAAM,CAAC;KACrB,KAAK,MAAM,CAAC;IACb;;;;;;;;;;;;;OAaG;IACH,mBAAmB,CAAC,EAAE,CAAC,KAAK,EAAE;QAC5B,gBAAgB,EAAE,MAAM,CAAC;QACzB,WAAW,EAAE,WAAW,CAAC;QACzB,KAAK,CAAC,EAAE,OAAO,eAAe,EAAE,kBAAkB,CAAC;KACpD,KAAK,oBAAoB,CAAC;IAC3B;;;;;;;;;;;;;OAaG;IACH,uBAAuB,CAAC,EAAE,CACxB,cAAc,EAAE,MAAM,EACtB,mBAAmB,EAAE,MAAM,KACxB,UAAU,CAAC;IAChB;;;OAGG;IACH,WAAW,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACnC,8BAA8B;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,qEAAqE;IACrE,gBAAgB,CAAC,EAAE,CAAC,WAAW,EAAE,WAAW,KAAK,gBAAgB,CAAC;IAClE,+DAA+D;IAC/D,iBAAiB,EAAE,MAAM,MAAM,CAAC;IAChC,mEAAmE;IACnE,mBAAmB,CAAC,EAAE,UAAU,CAAC;IACjC,6CAA6C;IAC7C,WAAW,CAAC,EAAE,UAAU,CAAC;IACzB,mDAAmD;IACnD,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9C;AAED;;;;;;GAMG;AACH,wBAAsB,SAAS,CAC7B,SAAS,EAAE,SAAS,EACpB,MAAM,EAAE,YAAY,GACnB,OAAO,CAAC,OAAO,CAAC,CAWlB"}
|
package/dist/handshake/server.js
CHANGED
|
@@ -31,10 +31,12 @@
|
|
|
31
31
|
* @module
|
|
32
32
|
*/
|
|
33
33
|
import { marshal as canonicalMarshal } from "../canonical/index.js";
|
|
34
|
-
import { deriveSessionKeysWithResumption, newHKDFSHA512, x25519Agree, x25519PublicKey, } from "../crypto/index.js";
|
|
35
|
-
import { fingerprint, publicKeyFromSeed } from "../keys/index.js";
|
|
34
|
+
import { deriveSessionKeysWithResumption, hybridEncapsulate, newHKDFSHA512, x25519Agree, x25519PublicKey, } from "../crypto/index.js";
|
|
35
|
+
import { fingerprint, publicKeyFromSeed, verify as ed25519Verify } from "../keys/index.js";
|
|
36
|
+
import { sha256 } from "@noble/hashes/sha2.js";
|
|
36
37
|
import { Session } from "../session/index.js";
|
|
37
38
|
import { confirmationHash } from "./confirm.js";
|
|
39
|
+
import { IdentityPrefix, openIdentityProof, } from "./identity.js";
|
|
38
40
|
import { buildAccepted, buildRejected, buildResponse, } from "./messages.js";
|
|
39
41
|
/**
|
|
40
42
|
* Drive a handshake from the server side over `transport`. Resolves
|
|
@@ -72,15 +74,33 @@ async function runServerInner(transport, config) {
|
|
|
72
74
|
await sendRejected(transport, sessionId, "version_unsupported", config.serverDomainSigningSeed);
|
|
73
75
|
throw new Error("handshake: no mutually supported suite");
|
|
74
76
|
}
|
|
75
|
-
// Step 3: ephemeral + nonce + session_id.
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
//
|
|
77
|
+
// Step 3: ephemeral + nonce + session_id. The wire form of
|
|
78
|
+
// server_ephemeral_key depends on the suite: a 32-byte X25519
|
|
79
|
+
// pub for baseline, a 1120-byte hybrid KEM ciphertext
|
|
80
|
+
// (kyberCt || responderX25519Pub) for PQ. The server holds no
|
|
81
|
+
// ephemeral private key on the PQ path because Encapsulate
|
|
82
|
+
// produces the shared secret directly.
|
|
83
|
+
const isPQ = negotiated === "pq-kyber768-x25519";
|
|
81
84
|
const clientEphPub = base64Decode(init.client_ephemeral_key.key);
|
|
82
85
|
const clientNonce = base64Decode(init.nonce);
|
|
83
|
-
const
|
|
86
|
+
const serverNonce = config.serverNonce ?? randomBytes(32);
|
|
87
|
+
let serverEphPub;
|
|
88
|
+
let sharedSecret;
|
|
89
|
+
if (isPQ) {
|
|
90
|
+
const enc = hybridEncapsulate(clientEphPub);
|
|
91
|
+
serverEphPub = enc.ciphertext;
|
|
92
|
+
sharedSecret = enc.sharedSecret;
|
|
93
|
+
}
|
|
94
|
+
else {
|
|
95
|
+
const serverEphPriv = config.serverEphemeralPriv ?? randomBytes(32);
|
|
96
|
+
serverEphPub = x25519PublicKey(serverEphPriv);
|
|
97
|
+
sharedSecret = x25519Agree(serverEphPriv, clientEphPub);
|
|
98
|
+
serverEphPriv.fill(0);
|
|
99
|
+
}
|
|
100
|
+
const serverEphKeyId = isPQ
|
|
101
|
+
? hexSha256(serverEphPub)
|
|
102
|
+
: fingerprint(serverEphPub);
|
|
103
|
+
// Step 4: derive session keys.
|
|
84
104
|
const kdf = newHKDFSHA512();
|
|
85
105
|
const keys = deriveSessionKeysWithResumption(kdf, sharedSecret, clientNonce, serverNonce);
|
|
86
106
|
// Step 5: signed RESPONSE.
|
|
@@ -128,11 +148,47 @@ async function runServerInner(transport, config) {
|
|
|
128
148
|
await sendRejected(transport, sessionId, "handshake_invalid", config.serverDomainSigningSeed);
|
|
129
149
|
throw new Error("handshake: confirmation hash mismatch");
|
|
130
150
|
}
|
|
131
|
-
// Step 7:
|
|
151
|
+
// Step 7: identity proof. Decrypt the AEAD-protected block when it
|
|
152
|
+
// is non-empty and surface it to the verifier; verify the inner
|
|
153
|
+
// identity_signature against `lookupClientIdentityKey` when
|
|
154
|
+
// supplied. The driver rejects with `auth_failed` on AEAD open
|
|
155
|
+
// failure, on a missing identity key, or on signature failure.
|
|
156
|
+
let identityBlock;
|
|
157
|
+
if (confirm.identity_proof !== "") {
|
|
158
|
+
try {
|
|
159
|
+
identityBlock = openIdentityProof({
|
|
160
|
+
identityProofB64: confirm.identity_proof,
|
|
161
|
+
encC2S: keys.encC2S,
|
|
162
|
+
sessionId,
|
|
163
|
+
});
|
|
164
|
+
}
|
|
165
|
+
catch (err) {
|
|
166
|
+
await sendRejected(transport, sessionId, "auth_failed", config.serverDomainSigningSeed, err instanceof Error ? err.message : String(err));
|
|
167
|
+
throw new Error(`handshake: identity_proof open failed (${err instanceof Error ? err.message : String(err)})`);
|
|
168
|
+
}
|
|
169
|
+
if (config.lookupClientIdentityKey !== undefined) {
|
|
170
|
+
let clientPub;
|
|
171
|
+
try {
|
|
172
|
+
clientPub = config.lookupClientIdentityKey(identityBlock.client_identity, identityBlock.client_long_term_key_id);
|
|
173
|
+
}
|
|
174
|
+
catch (err) {
|
|
175
|
+
await sendRejected(transport, sessionId, "auth_failed", config.serverDomainSigningSeed, err instanceof Error ? err.message : String(err));
|
|
176
|
+
throw new Error(`handshake: identity key lookup failed (${err instanceof Error ? err.message : String(err)})`);
|
|
177
|
+
}
|
|
178
|
+
const sessionIdBytes = new TextEncoder().encode(sessionId);
|
|
179
|
+
const signed = concat(new TextEncoder().encode(IdentityPrefix), concat(sessionIdBytes, wantHash));
|
|
180
|
+
const sig = base64Decode(identityBlock.identity_signature);
|
|
181
|
+
if (!ed25519Verify(clientPub, sig, signed)) {
|
|
182
|
+
await sendRejected(transport, sessionId, "auth_failed", config.serverDomainSigningSeed, "identity_signature did not verify");
|
|
183
|
+
throw new Error("handshake: identity_signature did not verify");
|
|
184
|
+
}
|
|
185
|
+
}
|
|
186
|
+
}
|
|
132
187
|
if (config.verifyIdentityProof !== undefined) {
|
|
133
188
|
const verdict = config.verifyIdentityProof({
|
|
134
189
|
identityProofB64: confirm.identity_proof,
|
|
135
190
|
sessionKeys: keys,
|
|
191
|
+
...(identityBlock !== undefined ? { block: identityBlock } : {}),
|
|
136
192
|
});
|
|
137
193
|
if (!verdict.ok) {
|
|
138
194
|
await sendRejected(transport, sessionId, verdict.reasonCode ?? "auth_failed", config.serverDomainSigningSeed, verdict.reason);
|
|
@@ -223,6 +279,25 @@ function randomBytes(n) {
|
|
|
223
279
|
globalThis.crypto.getRandomValues(out);
|
|
224
280
|
return out;
|
|
225
281
|
}
|
|
282
|
+
function concat(a, b) {
|
|
283
|
+
const out = new Uint8Array(a.length + b.length);
|
|
284
|
+
out.set(a, 0);
|
|
285
|
+
out.set(b, a.length);
|
|
286
|
+
return out;
|
|
287
|
+
}
|
|
288
|
+
function hexSha256(bytes) {
|
|
289
|
+
// Hybrid ephemeral pubs / KEM ciphertexts are larger than the
|
|
290
|
+
// 32-byte input `keys.fingerprint` accepts, so this opaque
|
|
291
|
+
// SHA-256-of-the-wire-bytes is what we surface as the
|
|
292
|
+
// ephemeral key_id field for the PQ suite. The handshake uses
|
|
293
|
+
// ephemeral key_ids as opaque correlation tags only.
|
|
294
|
+
const sum = sha256(bytes);
|
|
295
|
+
let s = "";
|
|
296
|
+
for (let i = 0; i < sum.length; i++) {
|
|
297
|
+
s += (sum[i] ?? 0).toString(16).padStart(2, "0");
|
|
298
|
+
}
|
|
299
|
+
return s;
|
|
300
|
+
}
|
|
226
301
|
function base64Encode(b) {
|
|
227
302
|
if (typeof Buffer !== "undefined") {
|
|
228
303
|
return Buffer.from(b).toString("base64");
|