@shhhum/xftp-web 0.1.0

package/dist/crypto/keys.d.ts

@@ -0,0 +1,27 @@
+export interface Ed25519KeyPair {
+    publicKey: Uint8Array;
+    privateKey: Uint8Array;
+}
+export declare function generateEd25519KeyPair(): Ed25519KeyPair;
+export declare function ed25519KeyPairFromSeed(seed: Uint8Array): Ed25519KeyPair;
+export interface X25519KeyPair {
+    publicKey: Uint8Array;
+    privateKey: Uint8Array;
+}
+export declare function generateX25519KeyPair(): X25519KeyPair;
+export declare function x25519KeyPairFromPrivate(privateKey: Uint8Array): X25519KeyPair;
+export declare function sign(privateKey: Uint8Array, msg: Uint8Array): Uint8Array;
+export declare function verify(publicKey: Uint8Array, sig: Uint8Array, msg: Uint8Array): boolean;
+export declare function dh(publicKey: Uint8Array, privateKey: Uint8Array): Uint8Array;
+export declare function encodePubKeyEd25519(rawPubKey: Uint8Array): Uint8Array;
+export declare function decodePubKeyEd25519(der: Uint8Array): Uint8Array;
+export declare function encodePubKeyX25519(rawPubKey: Uint8Array): Uint8Array;
+export declare function decodePubKeyX25519(der: Uint8Array): Uint8Array;
+export declare function encodePubKeyEd448(rawPubKey: Uint8Array): Uint8Array;
+export declare function decodePubKeyEd448(der: Uint8Array): Uint8Array;
+export declare function verifyEd448(publicKey: Uint8Array, sig: Uint8Array, msg: Uint8Array): boolean;
+export declare function encodePrivKeyEd25519(privateKey: Uint8Array): Uint8Array;
+export declare function decodePrivKeyEd25519(der: Uint8Array): Uint8Array;
+export declare function encodePrivKeyX25519(privateKey: Uint8Array): Uint8Array;
+export declare function decodePrivKeyX25519(der: Uint8Array): Uint8Array;
+export declare function keyHash(derPubKey: Uint8Array): Uint8Array;

package/dist/crypto/keys.js

@@ -0,0 +1,138 @@
+// Key generation, signing, DH -- Simplex.Messaging.Crypto (Ed25519/X25519/Ed448 functions).
+import sodium from "libsodium-wrappers-sumo";
+import { ed448 } from "@noble/curves/ed448";
+import { sha256 } from "./digest.js";
+import { concatBytes } from "../protocol/encoding.js";
+export function generateEd25519KeyPair() {
+    const kp = sodium.crypto_sign_keypair();
+    return { publicKey: kp.publicKey, privateKey: kp.privateKey };
+}
+// Generate from known 32-byte seed (deterministic, for testing/interop).
+export function ed25519KeyPairFromSeed(seed) {
+    const kp = sodium.crypto_sign_seed_keypair(seed);
+    return { publicKey: kp.publicKey, privateKey: kp.privateKey };
+}
+export function generateX25519KeyPair() {
+    const kp = sodium.crypto_box_keypair();
+    return { publicKey: kp.publicKey, privateKey: kp.privateKey };
+}
+// Derive X25519 keypair from raw 32-byte private key.
+export function x25519KeyPairFromPrivate(privateKey) {
+    const publicKey = sodium.crypto_scalarmult_base(privateKey);
+    return { publicKey, privateKey };
+}
+// -- Ed25519 signing (Crypto.hs:1175 sign')
+export function sign(privateKey, msg) {
+    return sodium.crypto_sign_detached(msg, privateKey);
+}
+// -- Ed25519 verification (Crypto.hs:1270 verify')
+export function verify(publicKey, sig, msg) {
+    try {
+        return sodium.crypto_sign_verify_detached(sig, msg, publicKey);
+    }
+    catch {
+        return false;
+    }
+}
+// -- X25519 Diffie-Hellman (Crypto.hs:1280 dh')
+export function dh(publicKey, privateKey) {
+    return sodium.crypto_scalarmult(privateKey, publicKey);
+}
+// -- DER encoding for Ed25519 public keys (RFC 8410, SubjectPublicKeyInfo)
+// SEQUENCE { SEQUENCE { OID 1.3.101.112 } BIT STRING { 0x00 <32 bytes> } }
+const ED25519_PUBKEY_DER_PREFIX = new Uint8Array([
+    0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
+]);
+const X25519_PUBKEY_DER_PREFIX = new Uint8Array([
+    0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e, 0x03, 0x21, 0x00,
+]);
+export function encodePubKeyEd25519(rawPubKey) {
+    return concatBytes(ED25519_PUBKEY_DER_PREFIX, rawPubKey);
+}
+export function decodePubKeyEd25519(der) {
+    if (der.length !== 44)
+        throw new Error("decodePubKeyEd25519: invalid length");
+    for (let i = 0; i < ED25519_PUBKEY_DER_PREFIX.length; i++) {
+        if (der[i] !== ED25519_PUBKEY_DER_PREFIX[i])
+            throw new Error("decodePubKeyEd25519: invalid DER prefix");
+    }
+    return der.subarray(12);
+}
+export function encodePubKeyX25519(rawPubKey) {
+    return concatBytes(X25519_PUBKEY_DER_PREFIX, rawPubKey);
+}
+export function decodePubKeyX25519(der) {
+    if (der.length !== 44)
+        throw new Error("decodePubKeyX25519: invalid length");
+    for (let i = 0; i < X25519_PUBKEY_DER_PREFIX.length; i++) {
+        if (der[i] !== X25519_PUBKEY_DER_PREFIX[i])
+            throw new Error("decodePubKeyX25519: invalid DER prefix");
+    }
+    return der.subarray(12);
+}
+// -- DER encoding for Ed448 public keys (RFC 8410, SubjectPublicKeyInfo)
+// SEQUENCE { SEQUENCE { OID 1.3.101.113 } BIT STRING { 0x00 <57 bytes> } }
+const ED448_PUBKEY_DER_PREFIX = new Uint8Array([
+    0x30, 0x43, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x71, 0x03, 0x3a, 0x00,
+]);
+export function encodePubKeyEd448(rawPubKey) {
+    return concatBytes(ED448_PUBKEY_DER_PREFIX, rawPubKey);
+}
+export function decodePubKeyEd448(der) {
+    if (der.length !== 69)
+        throw new Error("decodePubKeyEd448: invalid length");
+    for (let i = 0; i < ED448_PUBKEY_DER_PREFIX.length; i++) {
+        if (der[i] !== ED448_PUBKEY_DER_PREFIX[i])
+            throw new Error("decodePubKeyEd448: invalid DER prefix");
+    }
+    return der.subarray(12);
+}
+// -- Ed448 verification via @noble/curves (Crypto.hs:1270 verify')
+export function verifyEd448(publicKey, sig, msg) {
+    try {
+        return ed448.verify(sig, msg, publicKey);
+    }
+    catch {
+        return false;
+    }
+}
+// -- DER encoding for private keys (PKCS8 OneAsymmetricKey, RFC 8410)
+// SEQUENCE { INTEGER 0, SEQUENCE { OID }, OCTET STRING { OCTET STRING { <32 bytes> } } }
+const ED25519_PRIVKEY_DER_PREFIX = new Uint8Array([
+    0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x04, 0x22, 0x04, 0x20,
+]);
+const X25519_PRIVKEY_DER_PREFIX = new Uint8Array([
+    0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e, 0x04, 0x22, 0x04, 0x20,
+]);
+export function encodePrivKeyEd25519(privateKey) {
+    // privateKey is 64 bytes (libsodium: seed || pubkey), seed is first 32 bytes
+    const seed = privateKey.subarray(0, 32);
+    return concatBytes(ED25519_PRIVKEY_DER_PREFIX, seed);
+}
+export function decodePrivKeyEd25519(der) {
+    if (der.length !== 48)
+        throw new Error("decodePrivKeyEd25519: invalid length");
+    for (let i = 0; i < ED25519_PRIVKEY_DER_PREFIX.length; i++) {
+        if (der[i] !== ED25519_PRIVKEY_DER_PREFIX[i])
+            throw new Error("decodePrivKeyEd25519: invalid DER prefix");
+    }
+    // Returns 32-byte seed; call ed25519KeyPairFromSeed to get full keypair.
+    return der.subarray(16);
+}
+export function encodePrivKeyX25519(privateKey) {
+    return concatBytes(X25519_PRIVKEY_DER_PREFIX, privateKey);
+}
+export function decodePrivKeyX25519(der) {
+    if (der.length !== 48)
+        throw new Error("decodePrivKeyX25519: invalid length");
+    for (let i = 0; i < X25519_PRIVKEY_DER_PREFIX.length; i++) {
+        if (der[i] !== X25519_PRIVKEY_DER_PREFIX[i])
+            throw new Error("decodePrivKeyX25519: invalid DER prefix");
+    }
+    return der.subarray(16);
+}
+// -- KeyHash: SHA-256 of DER-encoded public key (Crypto.hs:981)
+export function keyHash(derPubKey) {
+    return sha256(derPubKey);
+}
+//# sourceMappingURL=keys.js.map

package/dist/crypto/keys.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keys.js","sourceRoot":"","sources":["../../src/crypto/keys.ts"],"names":[],"mappings":"AAAA,4FAA4F;AAE5F,OAAO,MAAM,MAAM,yBAAyB,CAAA;AAC5C,OAAO,EAAC,KAAK,EAAC,MAAM,qBAAqB,CAAA;AACzC,OAAO,EAAC,MAAM,EAAC,MAAM,aAAa,CAAA;AAClC,OAAO,EAAC,WAAW,EAAC,MAAM,yBAAyB,CAAA;AASnD,MAAM,UAAU,sBAAsB;IACpC,MAAM,EAAE,GAAG,MAAM,CAAC,mBAAmB,EAAE,CAAA;IACvC,OAAO,EAAC,SAAS,EAAE,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,EAAE,CAAC,UAAU,EAAC,CAAA;AAC7D,CAAC;AAED,yEAAyE;AACzE,MAAM,UAAU,sBAAsB,CAAC,IAAgB;IACrD,MAAM,EAAE,GAAG,MAAM,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAA;IAChD,OAAO,EAAC,SAAS,EAAE,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,EAAE,CAAC,UAAU,EAAC,CAAA;AAC7D,CAAC;AASD,MAAM,UAAU,qBAAqB;IACnC,MAAM,EAAE,GAAG,MAAM,CAAC,kBAAkB,EAAE,CAAA;IACtC,OAAO,EAAC,SAAS,EAAE,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,EAAE,CAAC,UAAU,EAAC,CAAA;AAC7D,CAAC;AAED,sDAAsD;AACtD,MAAM,UAAU,wBAAwB,CAAC,UAAsB;IAC7D,MAAM,SAAS,GAAG,MAAM,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAA;IAC3D,OAAO,EAAC,SAAS,EAAE,UAAU,EAAC,CAAA;AAChC,CAAC;AAED,4CAA4C;AAE5C,MAAM,UAAU,IAAI,CAAC,UAAsB,EAAE,GAAe;IAC1D,OAAO,MAAM,CAAC,oBAAoB,CAAC,GAAG,EAAE,UAAU,CAAC,CAAA;AACrD,CAAC;AAED,mDAAmD;AAEnD,MAAM,UAAU,MAAM,CAAC,SAAqB,EAAE,GAAe,EAAE,GAAe;IAC5E,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,2BAA2B,CAAC,GAAG,EAAE,GAAG,EAAE,SAAS,CAAC,CAAA;IAChE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AAED,gDAAgD;AAEhD,MAAM,UAAU,EAAE,CAAC,SAAqB,EAAE,UAAsB;IAC9D,OAAO,MAAM,CAAC,iBAAiB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAA;AACxD,CAAC;AAED,2EAA2E;AAC3E,2EAA2E;AAE3E,MAAM,yBAAyB,GAAG,IAAI,UAAU,CAAC;IAC/C,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;CACvE,CAAC,CAAA;AAEF,MAAM,wBAAwB,GAAG,IAAI,UAAU,CAAC;IAC9C,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;CACvE,CAAC,CAAA;AAEF,MAAM,UAAU,mBAAmB,CAAC,SAAqB;IACvD,OAAO,WAAW,CAAC,yBAAyB,EAAE,SAAS,CAAC,CAAA;AAC1D,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,GAAe;IACjD,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAA;IAC7E,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,yBAAyB,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC1D,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,yBAAyB,CAAC,CAAC,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAA;IACzG,CAAC;IACD,OAAO,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;AACzB,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,SAAqB;IACtD,OAAO,WAAW,CAAC,wBAAwB,EAAE,SAAS,CAAC,CAAA;AACzD,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,GAAe;IAChD,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;IAC5E,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,wBAAwB,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzD,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,wBAAwB,CAAC,CAAC,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAA;IACvG,CAAC;IACD,OAAO,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;AACzB,CAAC;AAED,yEAAyE;AACzE,2EAA2E;AAE3E,MAAM,uBAAuB,GAAG,IAAI,UAAU,CAAC;IAC7C,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;CACvE,CAAC,CAAA;AAEF,MAAM,UAAU,iBAAiB,CAAC,SAAqB;IACrD,OAAO,WAAW,CAAC,uBAAuB,EAAE,SAAS,CAAC,CAAA;AACxD,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,GAAe;IAC/C,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAA;IAC3E,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,uBAAuB,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACxD,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,uBAAuB,CAAC,CAAC,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAA;IACrG,CAAC;IACD,OAAO,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;AACzB,CAAC;AAED,mEAAmE;AAEnE,MAAM,UAAU,WAAW,CAAC,SAAqB,EAAE,GAAe,EAAE,GAAe;IACjF,IAAI,CAAC;QACH,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,SAAS,CAAC,CAAA;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AAED,sEAAsE;AACtE,yFAAyF;AAEzF,MAAM,0BAA0B,GAAG,IAAI,UAAU,CAAC;IAChD,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;CAC/F,CAAC,CAAA;AAEF,MAAM,yBAAyB,GAAG,IAAI,UAAU,CAAC;IAC/C,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;CAC/F,CAAC,CAAA;AAEF,MAAM,UAAU,oBAAoB,CAAC,UAAsB;IACzD,6EAA6E;IAC7E,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;IACvC,OAAO,WAAW,CAAC,0BAA0B,EAAE,IAAI,CAAC,CAAA;AACtD,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,GAAe;IAClD,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAA;IAC9E,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,0BAA0B,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3D,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,0BAA0B,CAAC,CAAC,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAA;IAC3G,CAAC;IACD,yEAAyE;IACzE,OAAO,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;AACzB,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,UAAsB;IACxD,OAAO,WAAW,CAAC,yBAAyB,EAAE,UAAU,CAAC,CAAA;AAC3D,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,GAAe;IACjD,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAA;IAC7E,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,yBAAyB,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC1D,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,yBAAyB,CAAC,CAAC,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAA;IACzG,CAAC;IACD,OAAO,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;AACzB,CAAC;AAED,gEAAgE;AAEhE,MAAM,UAAU,OAAO,CAAC,SAAqB;IAC3C,OAAO,MAAM,CAAC,SAAS,CAAC,CAAA;AAC1B,CAAC"}

package/dist/crypto/padding.d.ts

@@ -0,0 +1,8 @@
+export declare function pad(msg: Uint8Array, paddedLen: number): Uint8Array;
+export declare function unPad(padded: Uint8Array): Uint8Array;
+export declare function padLazy(msg: Uint8Array, msgLen: bigint, padLen: bigint): Uint8Array;
+export declare function unPadLazy(padded: Uint8Array): Uint8Array;
+export declare function splitLen(data: Uint8Array): {
+    len: bigint;
+    content: Uint8Array;
+};

package/dist/crypto/padding.js

@@ -0,0 +1,60 @@
+// Block padding matching Simplex.Messaging.Crypto (strict) and Simplex.Messaging.Crypto.Lazy.
+// Strict: 2-byte BE length prefix + message + '#' fill.
+// Lazy:   8-byte Int64 length prefix + message + '#' fill.
+import { encodeWord16, decodeWord16, encodeInt64, decodeInt64, Decoder } from "../protocol/encoding.js";
+const HASH = 0x23; // '#'
+// -- Strict pad/unPad (protocol messages) -- Crypto.hs:1077
+export function pad(msg, paddedLen) {
+    const len = msg.length;
+    if (len > 65535)
+        throw new Error("pad: message too large for Word16 length");
+    const fillLen = paddedLen - len - 2;
+    if (fillLen < 0)
+        throw new Error("pad: message exceeds padded size");
+    const result = new Uint8Array(paddedLen);
+    const lenBytes = encodeWord16(len);
+    result.set(lenBytes, 0);
+    result.set(msg, 2);
+    result.fill(HASH, 2 + len);
+    return result;
+}
+export function unPad(padded) {
+    if (padded.length < 2)
+        throw new Error("unPad: input too short");
+    const d = new Decoder(padded);
+    const len = decodeWord16(d);
+    if (padded.length - 2 < len)
+        throw new Error("unPad: invalid length");
+    return padded.subarray(2, 2 + len);
+}
+// -- Lazy pad/unPad (file encryption) -- Crypto/Lazy.hs:70
+export function padLazy(msg, msgLen, padLen) {
+    const fillLen = padLen - msgLen - 8n;
+    if (fillLen < 0n)
+        throw new Error("padLazy: message exceeds padded size");
+    const totalLen = Number(padLen);
+    const result = new Uint8Array(totalLen);
+    const lenBytes = encodeInt64(msgLen);
+    result.set(lenBytes, 0);
+    result.set(msg.subarray(0, Number(msgLen)), 8);
+    result.fill(HASH, 8 + Number(msgLen));
+    return result;
+}
+export function unPadLazy(padded) {
+    return splitLen(padded).content;
+}
+// splitLen: extract 8-byte Int64 length and content -- Crypto/Lazy.hs:96
+// Does not fail if content is shorter than declared length (for chunked decryption).
+export function splitLen(data) {
+    if (data.length < 8)
+        throw new Error("splitLen: input too short");
+    const d = new Decoder(data);
+    const len = decodeInt64(d);
+    if (len < 0n)
+        throw new Error("splitLen: negative length");
+    const numLen = Number(len);
+    const available = data.length - 8;
+    const takeLen = Math.min(numLen, available);
+    return { len, content: data.subarray(8, 8 + takeLen) };
+}
+//# sourceMappingURL=padding.js.map

package/dist/crypto/padding.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"padding.js","sourceRoot":"","sources":["../../src/crypto/padding.ts"],"names":[],"mappings":"AAAA,8FAA8F;AAC9F,wDAAwD;AACxD,2DAA2D;AAE3D,OAAO,EAAC,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,OAAO,EAAC,MAAM,yBAAyB,CAAA;AAErG,MAAM,IAAI,GAAG,IAAI,CAAA,CAAC,MAAM;AAExB,4DAA4D;AAE5D,MAAM,UAAU,GAAG,CAAC,GAAe,EAAE,SAAiB;IACpD,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAA;IACtB,IAAI,GAAG,GAAG,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAA;IAC5E,MAAM,OAAO,GAAG,SAAS,GAAG,GAAG,GAAG,CAAC,CAAA;IACnC,IAAI,OAAO,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAA;IACpE,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,CAAA;IACxC,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,CAAA;IAClC,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAA;IACvB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAA;IAClB,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,GAAG,GAAG,CAAC,CAAA;IAC1B,OAAO,MAAM,CAAA;AACf,CAAC;AAED,MAAM,UAAU,KAAK,CAAC,MAAkB;IACtC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAA;IAChE,MAAM,CAAC,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,CAAA;IAC7B,MAAM,GAAG,GAAG,YAAY,CAAC,CAAC,CAAC,CAAA;IAC3B,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,GAAG,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAA;IACrE,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,CAAA;AACpC,CAAC;AAED,2DAA2D;AAE3D,MAAM,UAAU,OAAO,CAAC,GAAe,EAAE,MAAc,EAAE,MAAc;IACrE,MAAM,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,EAAE,CAAA;IACpC,IAAI,OAAO,GAAG,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAA;IACzE,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAA;IAC/B,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAA;IACvC,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAA;IACpC,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAA;IACvB,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;IAC9C,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAA;IACrC,OAAO,MAAM,CAAA;AACf,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,MAAkB;IAC1C,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,OAAO,CAAA;AACjC,CAAC;AAED,yEAAyE;AACzE,qFAAqF;AACrF,MAAM,UAAU,QAAQ,CAAC,IAAgB;IACvC,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAA;IACjE,MAAM,CAAC,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;IAC3B,MAAM,GAAG,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;IAC1B,IAAI,GAAG,GAAG,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAA;IAC1D,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAA;IAC1B,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,CAAA;IACjC,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAA;IAC3C,OAAO,EAAC,GAAG,EAAE,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,EAAC,CAAA;AACtD,CAAC"}

package/dist/crypto/secretbox.d.ts

@@ -0,0 +1,22 @@
+import { StateAddress } from "libsodium-wrappers-sumo";
+export interface SbState {
+    _subkey: Uint8Array;
+    _nonce8: Uint8Array;
+    _counter: number;
+    _ksBuf: Uint8Array;
+    _ksOff: number;
+    _authState: StateAddress;
+}
+export declare function sbInit(key: Uint8Array, nonce: Uint8Array): SbState;
+export declare function cbInit(dhSecret: Uint8Array, nonce: Uint8Array): SbState;
+export declare function sbEncryptChunk(state: SbState, chunk: Uint8Array): Uint8Array;
+export declare function sbDecryptChunk(state: SbState, chunk: Uint8Array): Uint8Array;
+export declare function sbAuth(state: SbState): Uint8Array;
+export declare function sbEncryptTailTag(key: Uint8Array, nonce: Uint8Array, data: Uint8Array, len: bigint, padLen: bigint): Uint8Array;
+export declare function sbDecryptTailTag(key: Uint8Array, nonce: Uint8Array, paddedLen: bigint, data: Uint8Array): {
+    valid: boolean;
+    content: Uint8Array;
+};
+export declare function cryptoBox(key: Uint8Array, nonce: Uint8Array, msg: Uint8Array): Uint8Array;
+export declare function cbEncrypt(dhSecret: Uint8Array, nonce: Uint8Array, msg: Uint8Array, padLen: number): Uint8Array;
+export declare function cbDecrypt(dhSecret: Uint8Array, nonce: Uint8Array, packet: Uint8Array): Uint8Array;

package/dist/crypto/secretbox.js

@@ -0,0 +1,195 @@
+// Streaming XSalsa20-Poly1305 -- Simplex.Messaging.Crypto / Crypto.Lazy
+//
+// Libsodium-wrappers-sumo does not expose crypto_stream_xsalsa20_xor_ic,
+// so the Salsa20/20 stream cipher core is implemented here.
+// HSalsa20 uses libsodium's crypto_core_hsalsa20.
+// Poly1305 uses libsodium's streaming crypto_onetimeauth_* API.
+import sodium from "libsodium-wrappers-sumo";
+import { concatBytes } from "../protocol/encoding.js";
+import { pad, unPad, padLazy, unPadLazy } from "./padding.js";
+// crypto_core_hsalsa20 exists at runtime but is missing from @types/libsodium-wrappers-sumo
+const _sodium = sodium;
+// -- Salsa20/20 stream cipher core
+function readU32LE(buf, off) {
+    return ((buf[off] | (buf[off + 1] << 8) | (buf[off + 2] << 16) | (buf[off + 3] << 24)) >>> 0);
+}
+function writeU32LE(buf, off, val) {
+    buf[off] = val & 0xff;
+    buf[off + 1] = (val >>> 8) & 0xff;
+    buf[off + 2] = (val >>> 16) & 0xff;
+    buf[off + 3] = (val >>> 24) & 0xff;
+}
+function rotl32(v, n) {
+    return ((v << n) | (v >>> (32 - n))) >>> 0;
+}
+const SIGMA_0 = 0x61707865;
+const SIGMA_1 = 0x3320646e;
+const SIGMA_2 = 0x79622d32;
+const SIGMA_3 = 0x6b206574;
+function salsa20Block(key, nonce8, counter) {
+    const k0 = readU32LE(key, 0), k1 = readU32LE(key, 4);
+    const k2 = readU32LE(key, 8), k3 = readU32LE(key, 12);
+    const k4 = readU32LE(key, 16), k5 = readU32LE(key, 20);
+    const k6 = readU32LE(key, 24), k7 = readU32LE(key, 28);
+    const n0 = readU32LE(nonce8, 0), n1 = readU32LE(nonce8, 4);
+    const s0 = SIGMA_0, s1 = k0, s2 = k1, s3 = k2;
+    const s4 = k3, s5 = SIGMA_1, s6 = n0, s7 = n1;
+    const s8 = counter >>> 0, s9 = 0, s10 = SIGMA_2, s11 = k4;
+    const s12 = k5, s13 = k6, s14 = k7, s15 = SIGMA_3;
+    let x0 = s0, x1 = s1, x2 = s2, x3 = s3;
+    let x4 = s4, x5 = s5, x6 = s6, x7 = s7;
+    let x8 = s8, x9 = s9, x10 = s10, x11 = s11;
+    let x12 = s12, x13 = s13, x14 = s14, x15 = s15;
+    for (let i = 0; i < 10; i++) {
+        // Column round
+        x4 ^= rotl32((x0 + x12) >>> 0, 7);
+        x8 ^= rotl32((x4 + x0) >>> 0, 9);
+        x12 ^= rotl32((x8 + x4) >>> 0, 13);
+        x0 ^= rotl32((x12 + x8) >>> 0, 18);
+        x9 ^= rotl32((x5 + x1) >>> 0, 7);
+        x13 ^= rotl32((x9 + x5) >>> 0, 9);
+        x1 ^= rotl32((x13 + x9) >>> 0, 13);
+        x5 ^= rotl32((x1 + x13) >>> 0, 18);
+        x14 ^= rotl32((x10 + x6) >>> 0, 7);
+        x2 ^= rotl32((x14 + x10) >>> 0, 9);
+        x6 ^= rotl32((x2 + x14) >>> 0, 13);
+        x10 ^= rotl32((x6 + x2) >>> 0, 18);
+        x3 ^= rotl32((x15 + x11) >>> 0, 7);
+        x7 ^= rotl32((x3 + x15) >>> 0, 9);
+        x11 ^= rotl32((x7 + x3) >>> 0, 13);
+        x15 ^= rotl32((x11 + x7) >>> 0, 18);
+        // Row round
+        x1 ^= rotl32((x0 + x3) >>> 0, 7);
+        x2 ^= rotl32((x1 + x0) >>> 0, 9);
+        x3 ^= rotl32((x2 + x1) >>> 0, 13);
+        x0 ^= rotl32((x3 + x2) >>> 0, 18);
+        x6 ^= rotl32((x5 + x4) >>> 0, 7);
+        x7 ^= rotl32((x6 + x5) >>> 0, 9);
+        x4 ^= rotl32((x7 + x6) >>> 0, 13);
+        x5 ^= rotl32((x4 + x7) >>> 0, 18);
+        x11 ^= rotl32((x10 + x9) >>> 0, 7);
+        x8 ^= rotl32((x11 + x10) >>> 0, 9);
+        x9 ^= rotl32((x8 + x11) >>> 0, 13);
+        x10 ^= rotl32((x9 + x8) >>> 0, 18);
+        x12 ^= rotl32((x15 + x14) >>> 0, 7);
+        x13 ^= rotl32((x12 + x15) >>> 0, 9);
+        x14 ^= rotl32((x13 + x12) >>> 0, 13);
+        x15 ^= rotl32((x14 + x13) >>> 0, 18);
+    }
+    const out = new Uint8Array(64);
+    writeU32LE(out, 0, (x0 + s0) >>> 0);
+    writeU32LE(out, 4, (x1 + s1) >>> 0);
+    writeU32LE(out, 8, (x2 + s2) >>> 0);
+    writeU32LE(out, 12, (x3 + s3) >>> 0);
+    writeU32LE(out, 16, (x4 + s4) >>> 0);
+    writeU32LE(out, 20, (x5 + s5) >>> 0);
+    writeU32LE(out, 24, (x6 + s6) >>> 0);
+    writeU32LE(out, 28, (x7 + s7) >>> 0);
+    writeU32LE(out, 32, (x8 + s8) >>> 0);
+    writeU32LE(out, 36, (x9 + s9) >>> 0);
+    writeU32LE(out, 40, (x10 + s10) >>> 0);
+    writeU32LE(out, 44, (x11 + s11) >>> 0);
+    writeU32LE(out, 48, (x12 + s12) >>> 0);
+    writeU32LE(out, 52, (x13 + s13) >>> 0);
+    writeU32LE(out, 56, (x14 + s14) >>> 0);
+    writeU32LE(out, 60, (x15 + s15) >>> 0);
+    return out;
+}
+export function sbInit(key, nonce) {
+    // Double HSalsa20 cascade matching Haskell cryptonite XSalsa20 (Crypto.hs:xSalsa20):
+    //   subkey1 = HSalsa20(key, zeros16)
+    //   subkey2 = HSalsa20(subkey1, nonce[0:16])
+    //   keystream = Salsa20(subkey2, nonce[16:24])
+    const zeros16 = new Uint8Array(16);
+    const subkey1 = _sodium.crypto_core_hsalsa20(zeros16, key);
+    const subkey = _sodium.crypto_core_hsalsa20(nonce.subarray(0, 16), subkey1);
+    const nonce8 = new Uint8Array(nonce.subarray(16, 24));
+    const block0 = salsa20Block(subkey, nonce8, 0);
+    const poly1305Key = block0.subarray(0, 32);
+    const ksBuf = new Uint8Array(block0.subarray(32));
+    const authState = sodium.crypto_onetimeauth_init(poly1305Key);
+    return { _subkey: subkey, _nonce8: nonce8, _counter: 1, _ksBuf: ksBuf, _ksOff: 0, _authState: authState };
+}
+export function cbInit(dhSecret, nonce) {
+    return sbInit(dhSecret, nonce);
+}
+export function sbEncryptChunk(state, chunk) {
+    const cipher = xorKeystream(state, chunk);
+    sodium.crypto_onetimeauth_update(state._authState, cipher);
+    return cipher;
+}
+export function sbDecryptChunk(state, chunk) {
+    sodium.crypto_onetimeauth_update(state._authState, chunk);
+    return xorKeystream(state, chunk);
+}
+export function sbAuth(state) {
+    return sodium.crypto_onetimeauth_final(state._authState);
+}
+// -- High-level: tail tag (tag appended)
+export function sbEncryptTailTag(key, nonce, data, len, padLen) {
+    const padded = padLazy(data, len, padLen);
+    const state = sbInit(key, nonce);
+    const cipher = sbEncryptChunk(state, padded);
+    const tag = sbAuth(state);
+    return concatBytes(cipher, tag);
+}
+export function sbDecryptTailTag(key, nonce, paddedLen, data) {
+    const pLen = Number(paddedLen);
+    const cipher = data.subarray(0, pLen);
+    const providedTag = data.subarray(pLen);
+    const state = sbInit(key, nonce);
+    const plaintext = sbDecryptChunk(state, cipher);
+    const computedTag = sbAuth(state);
+    const valid = providedTag.length === 16 && constantTimeEqual(providedTag, computedTag);
+    const content = unPadLazy(plaintext);
+    return { valid, content };
+}
+// -- Tag-prepended secretbox (Haskell Crypto.hs:cryptoBox)
+export function cryptoBox(key, nonce, msg) {
+    const state = sbInit(key, nonce);
+    const cipher = sbEncryptChunk(state, msg);
+    const tag = sbAuth(state);
+    return concatBytes(tag, cipher);
+}
+export function cbEncrypt(dhSecret, nonce, msg, padLen) {
+    return cryptoBox(dhSecret, nonce, pad(msg, padLen));
+}
+export function cbDecrypt(dhSecret, nonce, packet) {
+    const tag = packet.subarray(0, 16);
+    const cipher = packet.subarray(16);
+    const state = sbInit(dhSecret, nonce);
+    const plaintext = sbDecryptChunk(state, cipher);
+    const computedTag = sbAuth(state);
+    if (!constantTimeEqual(tag, computedTag))
+        throw new Error("secretbox: authentication failed");
+    return unPad(plaintext);
+}
+// -- Internal
+function xorKeystream(state, data) {
+    const result = new Uint8Array(data.length);
+    let off = 0;
+    while (off < data.length) {
+        if (state._ksOff >= state._ksBuf.length) {
+            state._ksBuf = salsa20Block(state._subkey, state._nonce8, state._counter++);
+            state._ksOff = 0;
+        }
+        const available = state._ksBuf.length - state._ksOff;
+        const needed = data.length - off;
+        const n = Math.min(available, needed);
+        for (let i = 0; i < n; i++) {
+            result[off + i] = data[off + i] ^ state._ksBuf[state._ksOff + i];
+        }
+        state._ksOff += n;
+        off += n;
+    }
+    return result;
+}
+function constantTimeEqual(a, b) {
+    if (a.length !== b.length)
+        return false;
+    let diff = 0;
+    for (let i = 0; i < a.length; i++)
+        diff |= a[i] ^ b[i];
+    return diff === 0;
+}
+//# sourceMappingURL=secretbox.js.map

package/dist/crypto/secretbox.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secretbox.js","sourceRoot":"","sources":["../../src/crypto/secretbox.ts"],"names":[],"mappings":"AAAA,wEAAwE;AACxE,EAAE;AACF,yEAAyE;AACzE,4DAA4D;AAC5D,kDAAkD;AAClD,gEAAgE;AAEhE,OAAO,MAAsB,MAAM,yBAAyB,CAAA;AAC5D,OAAO,EAAC,WAAW,EAAC,MAAM,yBAAyB,CAAA;AACnD,OAAO,EAAC,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,EAAC,MAAM,cAAc,CAAA;AAE3D,4FAA4F;AAC5F,MAAM,OAAO,GAAG,MAEC,CAAA;AAEjB,mCAAmC;AAEnC,SAAS,SAAS,CAAC,GAAe,EAAE,GAAW;IAC7C,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAA;AAC/F,CAAC;AAED,SAAS,UAAU,CAAC,GAAe,EAAE,GAAW,EAAE,GAAW;IAC3D,GAAG,CAAC,GAAG,CAAC,GAAG,GAAG,GAAG,IAAI,CAAA;IACrB,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,GAAG,IAAI,CAAA;IACjC,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,KAAK,EAAE,CAAC,GAAG,IAAI,CAAA;IAClC,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,KAAK,EAAE,CAAC,GAAG,IAAI,CAAA;AACpC,CAAC;AAED,SAAS,MAAM,CAAC,CAAS,EAAE,CAAS;IAClC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;AAC5C,CAAC;AAED,MAAM,OAAO,GAAG,UAAU,CAAA;AAC1B,MAAM,OAAO,GAAG,UAAU,CAAA;AAC1B,MAAM,OAAO,GAAG,UAAU,CAAA;AAC1B,MAAM,OAAO,GAAG,UAAU,CAAA;AAE1B,SAAS,YAAY,CAAC,GAAe,EAAE,MAAkB,EAAE,OAAe;IACxE,MAAM,EAAE,GAAG,SAAS,CAAC,GAAG,EAAE,CAAC,CAAC,EAAG,EAAE,GAAG,SAAS,CAAC,GAAG,EAAE,CAAC,CAAC,CAAA;IACrD,MAAM,EAAE,GAAG,SAAS,CAAC,GAAG,EAAE,CAAC,CAAC,EAAG,EAAE,GAAG,SAAS,CAAC,GAAG,EAAE,EAAE,CAAC,CAAA;IACtD,MAAM,EAAE,GAAG,SAAS,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,GAAG,SAAS,CAAC,GAAG,EAAE,EAAE,CAAC,CAAA;IACtD,MAAM,EAAE,GAAG,SAAS,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,GAAG,SAAS,CAAC,GAAG,EAAE,EAAE,CAAC,CAAA;IACtD,MAAM,EAAE,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC,CAAA;IAE1D,MAAM,EAAE,GAAI,OAAO,EAAE,EAAE,GAAI,EAAE,EAAE,EAAE,GAAI,EAAE,EAAE,EAAE,GAAI,EAAE,CAAA;IACjD,MAAM,EAAE,GAAI,EAAE,EAAE,EAAE,GAAI,OAAO,EAAE,EAAE,GAAI,EAAE,EAAE,EAAE,GAAI,EAAE,CAAA;IACjD,MAAM,EAAE,GAAI,OAAO,KAAK,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,GAAG,GAAG,OAAO,EAAE,GAAG,GAAG,EAAE,CAAA;IAC1D,MAAM,GAAG,GAAG,EAAE,EAAE,GAAG,GAAG,EAAE,EAAE,GAAG,GAAG,EAAE,EAAE,GAAG,GAAG,OAAO,CAAA;IAEjD,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,CAAA;IACtC,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,CAAA;IACtC,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,GAAG,GAAG,GAAG,EAAE,GAAG,GAAG,GAAG,CAAA;IAC1C,IAAI,GAAG,GAAG,GAAG,EAAE,GAAG,GAAG,GAAG,EAAE,GAAG,GAAG,GAAG,EAAE,GAAG,GAAG,GAAG,CAAA;IAE9C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,eAAe;QACf,EAAE,IAAK,MAAM,CAAC,CAAC,EAAE,GAAI,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;QAAE,EAAE,IAAK,MAAM,CAAC,CAAC,EAAE,GAAI,EAAE,CAAC,KAAM,CAAC,EAAE,CAAC,CAAC,CAAA;QACzE,GAAG,IAAI,MAAM,CAAC,CAAC,EAAE,GAAI,EAAE,CAAC,KAAM,CAAC,EAAE,EAAE,CAAC,CAAC;QAAC,EAAE,IAAK,MAAM,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,KAAM,CAAC,EAAE,EAAE,CAAC,CAAA;QAC1E,EAAE,IAAK,MAAM,CAAC,CAAC,EAAE,GAAI,EAAE,CAAC,KAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAAE,GAAG,IAAI,MAAM,CAAC,CAAC,EAAE,GAAI,EAAE,CAAC,KAAM,CAAC,EAAE,CAAC,CAAC,CAAA;QACzE,EAAE,IAAK,MAAM,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,KAAM,CAAC,EAAE,EAAE,CAAC,CAAC;QAAC,EAAE,IAAK,MAAM,CAAC,CAAC,EAAE,GAAI,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAA;QAC1E,GAAG,IAAI,MAAM,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,KAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAAE,EAAE,IAAK,MAAM,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAA;QACzE,EAAE,IAAK,MAAM,CAAC,CAAC,EAAE,GAAI,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;QAAC,GAAG,IAAI,MAAM,CAAC,CAAC,EAAE,GAAI,EAAE,CAAC,KAAM,CAAC,EAAE,EAAE,CAAC,CAAA;QAC1E,EAAE,IAAK,MAAM,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;QAAE,EAAE,IAAK,MAAM,CAAC,CAAC,EAAE,GAAI,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAA;QACzE,GAAG,IAAI,MAAM,CAAC,CAAC,EAAE,GAAI,EAAE,CAAC,KAAM,CAAC,EAAE,EAAE,CAAC,CAAC;QAAC,GAAG,IAAI,MAAM,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,KAAM,CAAC,EAAE,EAAE,CAAC,CAAA;QAC1E,YAAY;QACZ,EAAE,IAAK,MAAM,CAAC,CAAC,EAAE,GAAI,EAAE,CAAC,KAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAAE,EAAE,IAAK,MAAM,CAAC,CAAC,EAAE,GAAI,EAAE,CAAC,KAAM,CAAC,EAAE,CAAC,CAAC,CAAA;QACzE,EAAE,IAAK,MAAM,CAAC,CAAC,EAAE,GAAI,EAAE,CAAC,KAAM,CAAC,EAAE,EAAE,CAAC,CAAC;QAAC,EAAE,IAAK,MAAM,CAAC,CAAC,EAAE,GAAI,EAAE,CAAC,KAAM,CAAC,EAAE,EAAE,CAAC,CAAA;QAC1E,EAAE,IAAK,MAAM,CAAC,CAAC,EAAE,GAAI,EAAE,CAAC,KAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAAE,EAAE,IAAK,MAAM,CAAC,CAAC,EAAE,GAAI,EAAE,CAAC,KAAM,CAAC,EAAE,CAAC,CAAC,CAAA;QACzE,EAAE,IAAK,MAAM,CAAC,CAAC,EAAE,GAAI,EAAE,CAAC,KAAM,CAAC,EAAE,EAAE,CAAC,CAAC;QAAC,EAAE,IAAK,MAAM,CAAC,CAAC,EAAE,GAAI,EAAE,CAAC,KAAM,CAAC,EAAE,EAAE,CAAC,CAAA;QAC1E,GAAG,IAAI,MAAM,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,KAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAAE,EAAE,IAAK,MAAM,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAA;QACzE,EAAE,IAAK,MAAM,CAAC,CAAC,EAAE,GAAI,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;QAAC,GAAG,IAAI,MAAM,CAAC,CAAC,EAAE,GAAI,EAAE,CAAC,KAAM,CAAC,EAAE,EAAE,CAAC,CAAA;QAC1E,GAAG,IAAI,MAAM,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;QAAE,GAAG,IAAI,MAAM,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAA;QACzE,GAAG,IAAI,MAAM,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;QAAC,GAAG,IAAI,MAAM,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAA;IAC5E,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAA;IAC9B,UAAU,CAAC,GAAG,EAAE,CAAC,EAAG,CAAC,EAAE,GAAI,EAAE,CAAC,KAAM,CAAC,CAAC,CAAC;IAAC,UAAU,CAAC,GAAG,EAAE,CAAC,EAAG,CAAC,EAAE,GAAI,EAAE,CAAC,KAAM,CAAC,CAAC,CAAA;IAC9E,UAAU,CAAC,GAAG,EAAE,CAAC,EAAG,CAAC,EAAE,GAAI,EAAE,CAAC,KAAM,CAAC,CAAC,CAAC;IAAC,UAAU,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,EAAE,GAAI,EAAE,CAAC,KAAM,CAAC,CAAC,CAAA;IAC9E,UAAU,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,EAAE,GAAI,EAAE,CAAC,KAAM,CAAC,CAAC,CAAC;IAAC,UAAU,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,EAAE,GAAI,EAAE,CAAC,KAAM,CAAC,CAAC,CAAA;IAC9E,UAAU,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,EAAE,GAAI,EAAE,CAAC,KAAM,CAAC,CAAC,CAAC;IAAC,UAAU,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,EAAE,GAAI,EAAE,CAAC,KAAM,CAAC,CAAC,CAAA;IAC9E,UAAU,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,EAAE,GAAI,EAAE,CAAC,KAAM,CAAC,CAAC,CAAC;IAAC,UAAU,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,EAAE,GAAI,EAAE,CAAC,KAAM,CAAC,CAAC,CAAA;IAC9E,UAAU,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;IAAC,UAAU,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAA;IAC9E,UAAU,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;IAAC,UAAU,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAA;IAC9E,UAAU,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;IAAC,UAAU,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAA;IAC9E,OAAO,GAAG,CAAA;AACZ,CAAC;AAaD,MAAM,UAAU,MAAM,CAAC,GAAe,EAAE,KAAiB;IACvD,qFAAqF;IACrF,qCAAqC;IACrC,6CAA6C;IAC7C,+CAA+C;IAC/C,MAAM,OAAO,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAA;IAClC,MAAM,OAAO,GAAG,OAAO,CAAC,oBAAoB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IAC1D,MAAM,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,OAAO,CAAC,CAAA;IAC3E,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAA;IACrD,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAA;IAC9C,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;IAC1C,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAA;IACjD,MAAM,SAAS,GAAG,MAAM,CAAC,uBAAuB,CAAC,WAAW,CAAC,CAAA;IAC7D,OAAO,EAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,EAAE,UAAU,EAAE,SAAS,EAAC,CAAA;AACzG,CAAC;AAED,MAAM,UAAU,MAAM,CAAC,QAAoB,EAAE,KAAiB;IAC5D,OAAO,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAA;AAChC,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,KAAc,EAAE,KAAiB;IAC9D,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;IACzC,MAAM,CAAC,yBAAyB,CAAC,KAAK,CAAC,UAAU,EAAE,MAAM,CAAC,CAAA;IAC1D,OAAO,MAAM,CAAA;AACf,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,KAAc,EAAE,KAAiB;IAC9D,MAAM,CAAC,yBAAyB,CAAC,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,CAAA;IACzD,OAAO,YAAY,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;AACnC,CAAC;AAED,MAAM,UAAU,MAAM,CAAC,KAAc;IACnC,OAAO,MAAM,CAAC,wBAAwB,CAAC,KAAK,CAAC,UAAU,CAAC,CAAA;AAC1D,CAAC;AAED,yCAAyC;AAEzC,MAAM,UAAU,gBAAgB,CAC9B,GAAe,EAAE,KAAiB,EAClC,IAAgB,EAAE,GAAW,EAAE,MAAc;IAE7C,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;IACzC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IAChC,MAAM,MAAM,GAAG,cAAc,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;IAC5C,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAA;IACzB,OAAO,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;AACjC,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,GAAe,EAAE,KAAiB,EAClC,SAAiB,EAAE,IAAgB;IAEnC,MAAM,IAAI,GAAG,MAAM,CAAC,SAAS,CAAC,CAAA;IAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,IAAI,CAAC,CAAA;IACrC,MAAM,WAAW,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;IACvC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IAChC,MAAM,SAAS,GAAG,cAAc,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;IAC/C,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,CAAC,CAAA;IACjC,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,KAAK,EAAE,IAAI,iBAAiB,CAAC,WAAW,EAAE,WAAW,CAAC,CAAA;IACtF,MAAM,OAAO,GAAG,SAAS,CAAC,SAAS,CAAC,CAAA;IACpC,OAAO,EAAC,KAAK,EAAE,OAAO,EAAC,CAAA;AACzB,CAAC;AAED,2DAA2D;AAE3D,MAAM,UAAU,SAAS,CAAC,GAAe,EAAE,KAAiB,EAAE,GAAe;IAC3E,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IAChC,MAAM,MAAM,GAAG,cAAc,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;IACzC,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAA;IACzB,OAAO,WAAW,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;AACjC,CAAC;AAED,MAAM,UAAU,SAAS,CACvB,QAAoB,EAAE,KAAiB,EACvC,GAAe,EAAE,MAAc;IAE/B,OAAO,SAAS,CAAC,QAAQ,EAAE,KAAK,EAAE,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAA;AACrD,CAAC;AAED,MAAM,UAAU,SAAS,CACvB,QAAoB,EAAE,KAAiB,EACvC,MAAkB;IAElB,MAAM,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;IAClC,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;IAClC,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAA;IACrC,MAAM,SAAS,GAAG,cAAc,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;IAC/C,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,CAAC,CAAA;IACjC,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,WAAW,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAA;IAC7F,OAAO,KAAK,CAAC,SAAS,CAAC,CAAA;AACzB,CAAC;AAED,cAAc;AAEd,SAAS,YAAY,CAAC,KAAc,EAAE,IAAgB;IACpD,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;IAC1C,IAAI,GAAG,GAAG,CAAC,CAAA;IACX,OAAO,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QACzB,IAAI,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACxC,KAAK,CAAC,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAA;YAC3E,KAAK,CAAC,MAAM,GAAG,CAAC,CAAA;QAClB,CAAC;QACD,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAA;QACpD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,GAAG,GAAG,CAAA;QAChC,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;QACrC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3B,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;QAClE,CAAC;QACD,KAAK,CAAC,MAAM,IAAI,CAAC,CAAA;QACjB,GAAG,IAAI,CAAC,CAAA;IACV,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAED,SAAS,iBAAiB,CAAC,CAAa,EAAE,CAAa;IACrD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAA;IACvC,IAAI,IAAI,GAAG,CAAC,CAAA;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;IACtD,OAAO,IAAI,KAAK,CAAC,CAAA;AACnB,CAAC"}

package/dist/download.d.ts

@@ -0,0 +1,9 @@
+import { type FileHeader } from "./crypto/file.js";
+import type { FileDescription } from "./protocol/description.js";
+export declare function processFileResponse(recipientPrivKey: Uint8Array, // Ephemeral X25519 private key (32 bytes)
+serverDhKey: Uint8Array): Uint8Array;
+export declare function decryptReceivedChunk(dhSecret: Uint8Array, cbNonce: Uint8Array, encData: Uint8Array, expectedDigest: Uint8Array | null): Uint8Array;
+export declare function processDownloadedFile(fd: FileDescription, plaintextChunks: Uint8Array[]): {
+    header: FileHeader;
+    content: Uint8Array;
+};

package/dist/download.js

@@ -0,0 +1,60 @@
+// XFTP download pipeline -- integration of protocol + crypto layers.
+//
+// Ties together: DH key exchange (keys), transport decryption (client),
+// file-level decryption (file), chunk sizing (chunks), digest verification.
+//
+// Usage:
+//   1. Parse FileDescription from YAML (description.ts)
+//   2. For each chunk replica:
+//      a. generateX25519KeyPair() -> ephemeral DH keypair
+//      b. encodeFGET(dhPub) -> FGET command
+//      c. encodeAuthTransmission(...) -> padded block (send to server)
+//      d. decodeTransmission(responseBlock) -> raw response
+//      e. decodeResponse(raw) -> FRFile { rcvDhKey, nonce }
+//      f. processFileResponse(rcvPrivKey, rcvDhKey, nonce) -> dhSecret
+//      g. decryptReceivedChunk(dhSecret, nonce, encData, digest) -> plaintext
+//   3. processDownloadedFile(fd, plaintextChunks) -> { header, content }
+import { dh } from "./crypto/keys.js";
+import { sha256 } from "./crypto/digest.js";
+import { decryptChunks } from "./crypto/file.js";
+import { decryptTransportChunk } from "./protocol/client.js";
+// -- Process FRFile response
+// Derive transport decryption secret from FRFile response parameters.
+// Uses DH(serverDhKey, recipientPrivKey) to produce shared secret.
+export function processFileResponse(recipientPrivKey, // Ephemeral X25519 private key (32 bytes)
+serverDhKey) {
+    return dh(serverDhKey, recipientPrivKey);
+}
+// -- Decrypt a single received chunk
+// Decrypt transport-encrypted chunk data and verify SHA-256 digest.
+// Returns decrypted content or throws on auth tag / digest failure.
+export function decryptReceivedChunk(dhSecret, cbNonce, encData, expectedDigest) {
+    const providedTag = encData.slice(encData.length - 16);
+    const { valid, content } = decryptTransportChunk(dhSecret, cbNonce, encData);
+    if (!valid)
+        throw new Error("transport auth tag verification failed");
+    if (expectedDigest !== null) {
+        const actual = sha256(content);
+        if (!digestEqual(actual, expectedDigest)) {
+            throw new Error("chunk digest mismatch");
+        }
+    }
+    return content;
+}
+// -- Full download pipeline
+// Process downloaded file: concatenate transport-decrypted chunks,
+// then file-level decrypt using key/nonce from file description.
+// Returns parsed FileHeader and file content.
+export function processDownloadedFile(fd, plaintextChunks) {
+    return decryptChunks(BigInt(fd.size), plaintextChunks, fd.key, fd.nonce);
+}
+// -- Internal
+function digestEqual(a, b) {
+    if (a.length !== b.length)
+        return false;
+    let diff = 0;
+    for (let i = 0; i < a.length; i++)
+        diff |= a[i] ^ b[i];
+    return diff === 0;
+}
+//# sourceMappingURL=download.js.map

package/dist/download.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"download.js","sourceRoot":"","sources":["../src/download.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,EAAE;AACF,wEAAwE;AACxE,4EAA4E;AAC5E,EAAE;AACF,SAAS;AACT,wDAAwD;AACxD,+BAA+B;AAC/B,0DAA0D;AAC1D,4CAA4C;AAC5C,uEAAuE;AACvE,4DAA4D;AAC5D,4DAA4D;AAC5D,uEAAuE;AACvE,8EAA8E;AAC9E,yEAAyE;AAEzE,OAAO,EAAC,EAAE,EAAC,MAAM,kBAAkB,CAAA;AACnC,OAAO,EAAC,MAAM,EAAC,MAAM,oBAAoB,CAAA;AACzC,OAAO,EAAC,aAAa,EAAkB,MAAM,kBAAkB,CAAA;AAC/D,OAAO,EAAC,qBAAqB,EAAC,MAAM,sBAAsB,CAAA;AAG1D,6BAA6B;AAE7B,sEAAsE;AACtE,mEAAmE;AACnE,MAAM,UAAU,mBAAmB,CACjC,gBAA4B,EAAG,0CAA0C;AACzE,WAAuB;IAEvB,OAAO,EAAE,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAA;AAC1C,CAAC;AAED,qCAAqC;AAErC,oEAAoE;AACpE,oEAAoE;AACpE,MAAM,UAAU,oBAAoB,CAClC,QAAoB,EACpB,OAAmB,EACnB,OAAmB,EACnB,cAAiC;IAEjC,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,CAAA;IACtD,MAAM,EAAC,KAAK,EAAE,OAAO,EAAC,GAAG,qBAAqB,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAA;IAC1E,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAA;IACrE,IAAI,cAAc,KAAK,IAAI,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,CAAA;QAC9B,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,cAAc,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAA;QAC1C,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,4BAA4B;AAE5B,mEAAmE;AACnE,iEAAiE;AACjE,8CAA8C;AAC9C,MAAM,UAAU,qBAAqB,CACnC,EAAmB,EACnB,eAA6B;IAE7B,OAAO,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,eAAe,EAAE,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,CAAC,CAAA;AAC1E,CAAC;AAED,cAAc;AAEd,SAAS,WAAW,CAAC,CAAa,EAAE,CAAa;IAC/C,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAA;IACvC,IAAI,IAAI,GAAG,CAAC,CAAA;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;IACtD,OAAO,IAAI,KAAK,CAAC,CAAA;AACnB,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,4 @@
+export * from "./agent.js";
+export { parseXFTPServer, formatXFTPServer, type XFTPServer } from "./protocol/address.js";
+export { decodeFileDescription, encodeFileDescription, validateFileDescription, type FileDescription, type FileChunk, type FileChunkReplica } from "./protocol/description.js";
+export { type FileHeader } from "./crypto/file.js";

package/dist/index.js

@@ -0,0 +1,4 @@
+export * from "./agent.js";
+export { parseXFTPServer, formatXFTPServer } from "./protocol/address.js";
+export { decodeFileDescription, encodeFileDescription, validateFileDescription } from "./protocol/description.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAA;AAC1B,OAAO,EAAC,eAAe,EAAE,gBAAgB,EAAkB,MAAM,uBAAuB,CAAA;AACxF,OAAO,EAAC,qBAAqB,EAAE,qBAAqB,EAAE,uBAAuB,EAA8D,MAAM,2BAA2B,CAAA"}

package/dist/protocol/address.d.ts

@@ -0,0 +1,7 @@
+export interface XFTPServer {
+    keyHash: Uint8Array;
+    host: string;
+    port: string;
+}
+export declare function parseXFTPServer(address: string): XFTPServer;
+export declare function formatXFTPServer(srv: XFTPServer): string;

package/dist/protocol/address.js

@@ -0,0 +1,50 @@
+// XFTP server address parsing/formatting -- Simplex.Messaging.Protocol (ProtocolServer)
+//
+// Parses/formats server address strings of the form:
+//   xftp://<keyhash>@<host>[,<host2>,...][:<port>]
+//
+// KeyHash is base64url-encoded SHA-256 fingerprint of the identity certificate.
+import { base64urlEncode } from "./description.js";
+// Decode base64url (RFC 4648 section 5) to Uint8Array.
+function base64urlDecode(s) {
+    // Convert base64url to standard base64
+    let b64 = s.replace(/-/g, '+').replace(/_/g, '/');
+    // Add padding if needed
+    while (b64.length % 4 !== 0)
+        b64 += '=';
+    const bin = atob(b64);
+    const bytes = new Uint8Array(bin.length);
+    for (let i = 0; i < bin.length; i++)
+        bytes[i] = bin.charCodeAt(i);
+    return bytes;
+}
+// Parse an XFTP server address string.
+// Format: xftp://<base64url-keyhash>@<host>[,<host2>,...][:<port>]
+export function parseXFTPServer(address) {
+    const m = address.match(/^xftp:\/\/([A-Za-z0-9_-]+={0,2})@(.+)$/);
+    if (!m)
+        throw new Error("parseXFTPServer: invalid address format");
+    const keyHash = base64urlDecode(m[1]);
+    if (keyHash.length !== 32)
+        throw new Error("parseXFTPServer: keyHash must be 32 bytes");
+    const hostPart = m[2];
+    // Take the first host (before any comma), then split port from that
+    const firstHost = hostPart.split(',')[0];
+    const colonIdx = firstHost.lastIndexOf(':');
+    let host;
+    let port;
+    if (colonIdx > 0) {
+        host = firstHost.substring(0, colonIdx);
+        port = firstHost.substring(colonIdx + 1);
+    }
+    else {
+        host = firstHost;
+        port = "443";
+    }
+    return { keyHash, host, port };
+}
+// Format an XFTPServer back to its URI string representation.
+export function formatXFTPServer(srv) {
+    return "xftp://" + base64urlEncode(srv.keyHash) + "@" + srv.host + ":" + srv.port;
+}
+//# sourceMappingURL=address.js.map