@shhhum/xftp-web 0.1.0

package/dist/protocol/handshake.js

@@ -0,0 +1,158 @@
+// XFTP handshake encoding/decoding -- Simplex.FileTransfer.Transport
+//
+// Handles XFTP client/server handshake messages and version negotiation.
+import { Decoder, concatBytes, encodeWord16, decodeWord16, encodeBytes, decodeBytes, encodeMaybe, decodeLarge, decodeNonEmpty } from "./encoding.js";
+import { sha256 } from "../crypto/digest.js";
+import { decodePubKeyX25519 } from "../crypto/keys.js";
+import { blockPad, blockUnpad, XFTP_BLOCK_SIZE } from "./transmission.js";
+// Encode version range as two big-endian Word16s.
+// Matches Haskell: smpEncode (VRange v1 v2) = smpEncode (v1, v2)
+export function encodeVersionRange(vr) {
+    return concatBytes(encodeWord16(vr.minVersion), encodeWord16(vr.maxVersion));
+}
+export function decodeVersionRange(d) {
+    const minVersion = decodeWord16(d);
+    const maxVersion = decodeWord16(d);
+    if (minVersion > maxVersion)
+        throw new Error("invalid version range: min > max");
+    return { minVersion, maxVersion };
+}
+// Version negotiation: intersection of two version ranges, or null if incompatible.
+// Matches Haskell compatibleVRange.
+export function compatibleVRange(a, b) {
+    const min = Math.max(a.minVersion, b.minVersion);
+    const max = Math.min(a.maxVersion, b.maxVersion);
+    if (min > max)
+        return null;
+    return { minVersion: min, maxVersion: max };
+}
+// Encode client hello (padded to XFTP_BLOCK_SIZE for web clients).
+// Wire format: smpEncode (Maybe ByteString), padded when webChallenge present
+export function encodeClientHello(hello) {
+    const body = encodeMaybe(encodeBytes, hello.webChallenge);
+    return hello.webChallenge ? blockPad(body, XFTP_BLOCK_SIZE) : body;
+}
+// Encode and pad client handshake to XFTP_BLOCK_SIZE.
+// Wire format: pad(smpEncode (xftpVersion, keyHash), 16384)
+export function encodeClientHandshake(ch) {
+    const body = concatBytes(encodeWord16(ch.xftpVersion), encodeBytes(ch.keyHash));
+    return blockPad(body, XFTP_BLOCK_SIZE);
+}
+// Decode padded server handshake block.
+// Wire format: unpad(block) -> (versionRange, sessionId, certChainPubKey, sigBytes)
+//   where certChainPubKey = (NonEmpty Large certChain, Large signedKey)
+//         sigBytes = ByteString (1-byte len prefix, empty for Nothing)
+// Trailing bytes (Tail) are ignored for forward compatibility.
+export function decodeServerHandshake(block) {
+    const raw = blockUnpad(block);
+    // Detect error responses (server sends padded error string like "HANDSHAKE")
+    if (raw.length < 20) {
+        const text = String.fromCharCode(...raw);
+        if (/^[A-Z_]+$/.test(text)) {
+            console.error('[XFTP] Server handshake error: %s', text);
+            throw new Error("Server handshake error: " + text);
+        }
+    }
+    const d = new Decoder(raw);
+    const xftpVersionRange = decodeVersionRange(d);
+    const sessionId = decodeBytes(d);
+    // CertChainPubKey: smpEncode (encodeCertChain certChain, SignedObject signedPubKey)
+    const certChainDer = decodeNonEmpty(decodeLarge, d);
+    const signedKeyDer = decodeLarge(d);
+    // webIdentityProof: 1-byte length-prefixed ByteString (empty = Nothing)
+    let webIdentityProof = null;
+    if (d.remaining() > 0) {
+        const sigBytes = decodeBytes(d);
+        webIdentityProof = sigBytes.length === 0 ? null : sigBytes;
+    }
+    // Remaining bytes are Tail (ignored for forward compatibility)
+    return { xftpVersionRange, sessionId, certChainDer, signedKeyDer, webIdentityProof };
+}
+export function chainIdCaCerts(certChainDer) {
+    switch (certChainDer.length) {
+        case 0: return { type: 'empty' };
+        case 1: return { type: 'self', cert: certChainDer[0] };
+        case 2: return { type: 'valid', leafCert: certChainDer[0], idCert: certChainDer[1], caCert: certChainDer[1] };
+        case 3: return { type: 'valid', leafCert: certChainDer[0], idCert: certChainDer[1], caCert: certChainDer[2] };
+        case 4: return { type: 'valid', leafCert: certChainDer[0], idCert: certChainDer[1], caCert: certChainDer[3] };
+        default: return { type: 'long' };
+    }
+}
+// SHA-256 fingerprint of the identity certificate.
+// For 2-cert chains: idCert = last cert (same as CA).
+// For 3+ cert chains: idCert = second cert (distinct from CA).
+// Matches Haskell: getFingerprint idCert HashSHA256
+export function caFingerprint(certChainDer) {
+    const cc = chainIdCaCerts(certChainDer);
+    if (cc.type !== 'valid')
+        throw new Error("caFingerprint: need valid chain (2-4 certs)");
+    return sha256(cc.idCert);
+}
+// Parse ASN.1 DER length (short and long form).
+function derLength(d) {
+    const first = d.anyByte();
+    if (first < 0x80)
+        return first;
+    const numBytes = first & 0x7f;
+    if (numBytes === 0 || numBytes > 4)
+        throw new Error("DER: unsupported length encoding");
+    let len = 0;
+    for (let i = 0; i < numBytes; i++) {
+        len = (len << 8) | d.anyByte();
+    }
+    return len;
+}
+// Read a complete TLV element, returning the full DER bytes (tag + length + value).
+function derElement(d) {
+    const start = d.offset();
+    d.anyByte(); // tag
+    const len = derLength(d);
+    d.take(len); // value
+    return d.buf.subarray(start, d.offset());
+}
+// Extract components from a SignedExact X.PubKey DER structure.
+// ASN.1 layout:
+//   SEQUENCE {
+//     SubjectPublicKeyInfo (SEQUENCE)  -- the signed object
+//     AlgorithmIdentifier  (SEQUENCE)  -- signature algorithm
+//     BIT STRING                       -- signature
+//   }
+export function extractSignedKey(signedDer) {
+    const outer = new Decoder(signedDer);
+    const outerTag = outer.anyByte();
+    if (outerTag !== 0x30)
+        throw new Error("SignedExact: expected SEQUENCE tag 0x30, got 0x" + outerTag.toString(16));
+    derLength(outer); // consume total content length
+    // First element: SubjectPublicKeyInfo
+    const objectDer = derElement(outer);
+    // Second element: AlgorithmIdentifier
+    const algorithm = derElement(outer);
+    // Third element: BIT STRING (signature)
+    const sigTag = outer.anyByte();
+    if (sigTag !== 0x03)
+        throw new Error("SignedExact: expected BIT STRING tag 0x03, got 0x" + sigTag.toString(16));
+    const sigLen = derLength(outer);
+    const unusedBits = outer.anyByte();
+    if (unusedBits !== 0)
+        throw new Error("SignedExact: expected 0 unused bits in signature");
+    const signature = outer.take(sigLen - 1);
+    // Extract X25519 key from the signed object.
+    // objectDer may be the raw SPKI (44 bytes) or a wrapper SEQUENCE
+    // from x509 objectToSignedExact which wraps toASN1 in Start Sequence.
+    const dhKey = decodeX25519Key(objectDer);
+    return { objectDer, dhKey, algorithm, signature };
+}
+// Extract X25519 raw public key from either direct SPKI (44 bytes)
+// or a wrapper SEQUENCE containing the SPKI.
+function decodeX25519Key(der) {
+    if (der.length === 44)
+        return decodePubKeyX25519(der);
+    if (der[0] !== 0x30)
+        throw new Error("decodeX25519Key: expected SEQUENCE");
+    const d = new Decoder(der);
+    d.anyByte();
+    derLength(d);
+    const inner = derElement(d);
+    return decodePubKeyX25519(inner);
+}
+//# sourceMappingURL=handshake.js.map

package/dist/protocol/handshake.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"handshake.js","sourceRoot":"","sources":["../../src/protocol/handshake.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,EAAE;AACF,yEAAyE;AAEzE,OAAO,EACL,OAAO,EAAE,WAAW,EACpB,YAAY,EAAE,YAAY,EAC1B,WAAW,EAAE,WAAW,EACxB,WAAW,EACX,WAAW,EAAE,cAAc,EAC5B,MAAM,eAAe,CAAA;AACtB,OAAO,EAAC,MAAM,EAAC,MAAM,qBAAqB,CAAA;AAC1C,OAAO,EAAC,kBAAkB,EAAC,MAAM,mBAAmB,CAAA;AACpD,OAAO,EAAC,QAAQ,EAAE,UAAU,EAAE,eAAe,EAAC,MAAM,mBAAmB,CAAA;AASvE,kDAAkD;AAClD,iEAAiE;AACjE,MAAM,UAAU,kBAAkB,CAAC,EAAgB;IACjD,OAAO,WAAW,CAAC,YAAY,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,YAAY,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;AAC9E,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,CAAU;IAC3C,MAAM,UAAU,GAAG,YAAY,CAAC,CAAC,CAAC,CAAA;IAClC,MAAM,UAAU,GAAG,YAAY,CAAC,CAAC,CAAC,CAAA;IAClC,IAAI,UAAU,GAAG,UAAU;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAA;IAChF,OAAO,EAAC,UAAU,EAAE,UAAU,EAAC,CAAA;AACjC,CAAC;AAED,oFAAoF;AACpF,oCAAoC;AACpC,MAAM,UAAU,gBAAgB,CAAC,CAAe,EAAE,CAAe;IAC/D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,UAAU,CAAC,CAAA;IAChD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,UAAU,CAAC,CAAA;IAChD,IAAI,GAAG,GAAG,GAAG;QAAE,OAAO,IAAI,CAAA;IAC1B,OAAO,EAAC,UAAU,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAC,CAAA;AAC3C,CAAC;AAQD,mEAAmE;AACnE,8EAA8E;AAC9E,MAAM,UAAU,iBAAiB,CAAC,KAAsB;IACtD,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,EAAE,KAAK,CAAC,YAAY,CAAC,CAAA;IACzD,OAAO,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;AACpE,CAAC;AASD,sDAAsD;AACtD,4DAA4D;AAC5D,MAAM,UAAU,qBAAqB,CAAC,EAAuB;IAC3D,MAAM,IAAI,GAAG,WAAW,CAAC,YAAY,CAAC,EAAE,CAAC,WAAW,CAAC,EAAE,WAAW,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAA;IAC/E,OAAO,QAAQ,CAAC,IAAI,EAAE,eAAe,CAAC,CAAA;AACxC,CAAC;AAYD,wCAAwC;AACxC,oFAAoF;AACpF,wEAAwE;AACxE,uEAAuE;AACvE,+DAA+D;AAC/D,MAAM,UAAU,qBAAqB,CAAC,KAAiB;IACrD,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,CAAA;IAC7B,6EAA6E;IAC7E,IAAI,GAAG,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACpB,MAAM,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,GAAG,CAAC,CAAA;QACxC,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,KAAK,CAAC,mCAAmC,EAAE,IAAI,CAAC,CAAA;YACxD,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,IAAI,CAAC,CAAA;QACpD,CAAC;IACH,CAAC;IACD,MAAM,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,CAAA;IAC1B,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAA;IAC9C,MAAM,SAAS,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;IAChC,oFAAoF;IACpF,MAAM,YAAY,GAAG,cAAc,CAAC,WAAW,EAAE,CAAC,CAAC,CAAA;IACnD,MAAM,YAAY,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;IACnC,wEAAwE;IACxE,IAAI,gBAAgB,GAAsB,IAAI,CAAA;IAC9C,IAAI,CAAC,CAAC,SAAS,EAAE,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,QAAQ,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;QAC/B,gBAAgB,GAAG,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAA;IAC5D,CAAC;IACD,+DAA+D;IAC/D,OAAO,EAAC,gBAAgB,EAAE,SAAS,EAAE,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAC,CAAA;AACpF,CAAC;AAWD,MAAM,UAAU,cAAc,CAAC,YAA0B;IACvD,QAAQ,YAAY,CAAC,MAAM,EAAE,CAAC;QAC5B,KAAK,CAAC,CAAC,CAAC,OAAO,EAAC,IAAI,EAAE,OAAO,EAAC,CAAA;QAC9B,KAAK,CAAC,CAAC,CAAC,OAAO,EAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,CAAC,CAAC,CAAC,EAAC,CAAA;QACpD,KAAK,CAAC,CAAC,CAAC,OAAO,EAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,EAAC,CAAA;QAC3G,KAAK,CAAC,CAAC,CAAC,OAAO,EAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,EAAC,CAAA;QAC3G,KAAK,CAAC,CAAC,CAAC,OAAO,EAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,EAAC,CAAA;QAC3G,OAAO,CAAC,CAAC,OAAO,EAAC,IAAI,EAAE,MAAM,EAAC,CAAA;IAChC,CAAC;AACH,CAAC;AAED,mDAAmD;AACnD,sDAAsD;AACtD,+DAA+D;AAC/D,oDAAoD;AACpD,MAAM,UAAU,aAAa,CAAC,YAA0B;IACtD,MAAM,EAAE,GAAG,cAAc,CAAC,YAAY,CAAC,CAAA;IACvC,IAAI,EAAE,CAAC,IAAI,KAAK,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAA;IACvF,OAAO,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,CAAA;AAC1B,CAAC;AAYD,gDAAgD;AAChD,SAAS,SAAS,CAAC,CAAU;IAC3B,MAAM,KAAK,GAAG,CAAC,CAAC,OAAO,EAAE,CAAA;IACzB,IAAI,KAAK,GAAG,IAAI;QAAE,OAAO,KAAK,CAAA;IAC9B,MAAM,QAAQ,GAAG,KAAK,GAAG,IAAI,CAAA;IAC7B,IAAI,QAAQ,KAAK,CAAC,IAAI,QAAQ,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAA;IACvF,IAAI,GAAG,GAAG,CAAC,CAAA;IACX,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,GAAG,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,CAAA;IAChC,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,oFAAoF;AACpF,SAAS,UAAU,CAAC,CAAU;IAC5B,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,EAAE,CAAA;IACxB,CAAC,CAAC,OAAO,EAAE,CAAA,CAAW,MAAM;IAC5B,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,CAAA;IACxB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA,CAAW,QAAQ;IAC9B,OAAO,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAA;AAC1C,CAAC;AAED,gEAAgE;AAChE,gBAAgB;AAChB,eAAe;AACf,4DAA4D;AAC5D,8DAA8D;AAC9D,oDAAoD;AACpD,MAAM;AACN,MAAM,UAAU,gBAAgB,CAAC,SAAqB;IACpD,MAAM,KAAK,GAAG,IAAI,OAAO,CAAC,SAAS,CAAC,CAAA;IACpC,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,EAAE,CAAA;IAChC,IAAI,QAAQ,KAAK,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,iDAAiD,GAAG,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAA;IACjH,SAAS,CAAC,KAAK,CAAC,CAAA,CAAC,+BAA+B;IAEhD,sCAAsC;IACtC,MAAM,SAAS,GAAG,UAAU,CAAC,KAAK,CAAC,CAAA;IAEnC,sCAAsC;IACtC,MAAM,SAAS,GAAG,UAAU,CAAC,KAAK,CAAC,CAAA;IAEnC,wCAAwC;IACxC,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,EAAE,CAAA;IAC9B,IAAI,MAAM,KAAK,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,mDAAmD,GAAG,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAA;IAC/G,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAA;IAC/B,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,EAAE,CAAA;IAClC,IAAI,UAAU,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAA;IACzF,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;IAExC,6CAA6C;IAC7C,iEAAiE;IACjE,sEAAsE;IACtE,MAAM,KAAK,GAAG,eAAe,CAAC,SAAS,CAAC,CAAA;IAExC,OAAO,EAAC,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,EAAC,CAAA;AACjD,CAAC;AAED,mEAAmE;AACnE,6CAA6C;AAC7C,SAAS,eAAe,CAAC,GAAe;IACtC,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE;QAAE,OAAO,kBAAkB,CAAC,GAAG,CAAC,CAAA;IACrD,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;IAC1E,MAAM,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,CAAA;IAC1B,CAAC,CAAC,OAAO,EAAE,CAAA;IACX,SAAS,CAAC,CAAC,CAAC,CAAA;IACZ,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,CAAA;IAC3B,OAAO,kBAAkB,CAAC,KAAK,CAAC,CAAA;AAClC,CAAC"}

package/dist/protocol/transmission.d.ts

@@ -0,0 +1,15 @@
+export declare const XFTP_BLOCK_SIZE = 16384;
+export declare const initialXFTPVersion = 1;
+export declare const authCmdsXFTPVersion = 2;
+export declare const blockedFilesXFTPVersion = 3;
+export declare const currentXFTPVersion = 3;
+export declare function blockPad(msg: Uint8Array, blockSize?: number): Uint8Array;
+export declare function blockUnpad(block: Uint8Array): Uint8Array;
+export declare function encodeAuthTransmission(sessionId: Uint8Array, corrId: Uint8Array, entityId: Uint8Array, cmdBytes: Uint8Array, privateKey: Uint8Array): Uint8Array;
+export declare function encodeTransmission(sessionId: Uint8Array, corrId: Uint8Array, entityId: Uint8Array, cmdBytes: Uint8Array): Uint8Array;
+export interface DecodedTransmission {
+    corrId: Uint8Array;
+    entityId: Uint8Array;
+    command: Uint8Array;
+}
+export declare function decodeTransmission(sessionId: Uint8Array, block: Uint8Array): DecodedTransmission;

package/dist/protocol/transmission.js

@@ -0,0 +1,84 @@
+// XFTP transmission framing -- Simplex.Messaging.Transport + FileTransfer.Protocol
+//
+// Handles block-level pad/unpad, batch encoding, and Ed25519 auth signing.
+import { Decoder, concatBytes, encodeBytes, decodeBytes, encodeLarge, decodeLarge } from "./encoding.js";
+import { sign } from "../crypto/keys.js";
+// -- Constants
+export const XFTP_BLOCK_SIZE = 16384;
+// Protocol versions (FileTransfer.Transport)
+export const initialXFTPVersion = 1;
+export const authCmdsXFTPVersion = 2;
+export const blockedFilesXFTPVersion = 3;
+export const currentXFTPVersion = 3;
+// -- Block-level pad/unpad (Crypto.hs:pad/unPad, strict ByteString)
+export function blockPad(msg, blockSize = XFTP_BLOCK_SIZE) {
+    const len = msg.length;
+    const padLen = blockSize - len - 2;
+    if (padLen < 0)
+        throw new Error("blockPad: message too large for block");
+    const result = new Uint8Array(blockSize);
+    result[0] = (len >>> 8) & 0xff;
+    result[1] = len & 0xff;
+    result.set(msg, 2);
+    result.fill(0x23, 2 + len); // '#' padding
+    return result;
+}
+export function blockUnpad(block) {
+    if (block.length < 2)
+        throw new Error("blockUnpad: too short");
+    const len = (block[0] << 8) | block[1];
+    if (2 + len > block.length)
+        throw new Error("blockUnpad: invalid length");
+    return block.subarray(2, 2 + len);
+}
+// -- Transmission encoding (client -> server)
+// Encode an authenticated XFTP command as a padded block.
+// Matches xftpEncodeAuthTransmission with implySessId = False:
+// sessionId is included in both signed data AND wire data.
+export function encodeAuthTransmission(sessionId, corrId, entityId, cmdBytes, privateKey) {
+    // t' = encodeTransmission_ v t = smpEncode (corrId, entityId) <> cmdBytes
+    const tInner = concatBytes(encodeBytes(corrId), encodeBytes(entityId), cmdBytes);
+    // tForAuth = smpEncode sessionId <> t'
+    const tForAuth = concatBytes(encodeBytes(sessionId), tInner);
+    const signature = sign(privateKey, tForAuth);
+    const authenticator = encodeBytes(signature);
+    // implySessId = False: tToSend = tForAuth (sessionId on wire)
+    const encoded = concatBytes(authenticator, tForAuth);
+    const batch = concatBytes(new Uint8Array([1]), encodeLarge(encoded));
+    return blockPad(batch);
+}
+// Encode an unsigned XFTP command (e.g. PING) as a padded block.
+// Matches xftpEncodeTransmission with implySessId = False: sessionId on wire.
+export function encodeTransmission(sessionId, corrId, entityId, cmdBytes) {
+    const tInner = concatBytes(encodeBytes(sessionId), encodeBytes(corrId), encodeBytes(entityId), cmdBytes);
+    // No auth: tEncodeAuth False Nothing = smpEncode B.empty = \x00
+    const authenticator = encodeBytes(new Uint8Array(0));
+    const encoded = concatBytes(authenticator, tInner);
+    const batch = concatBytes(new Uint8Array([1]), encodeLarge(encoded));
+    return blockPad(batch);
+}
+// Decode a server response block into raw parts.
+// Call decodeResponse(command) from commands.ts to parse the response.
+// Matches xftpDecodeTClient with implySessId = False: reads and verifies sessionId from wire.
+export function decodeTransmission(sessionId, block) {
+    const raw = blockUnpad(block);
+    const d = new Decoder(raw);
+    const count = d.anyByte();
+    if (count !== 1)
+        throw new Error("decodeTransmission: expected batch count 1, got " + count);
+    const transmission = decodeLarge(d);
+    const td = new Decoder(transmission);
+    // Skip authenticator (server responses have empty auth)
+    decodeBytes(td);
+    // implySessId = False: read sessionId from wire and verify
+    const sessId = decodeBytes(td);
+    if (sessId.length !== sessionId.length || !sessId.every((b, i) => b === sessionId[i])) {
+        console.error('[XFTP] Session ID mismatch in server response');
+        throw new Error("Session ID mismatch in server response");
+    }
+    const corrId = decodeBytes(td);
+    const entityId = decodeBytes(td);
+    const command = td.takeAll();
+    return { corrId, entityId, command };
+}
+//# sourceMappingURL=transmission.js.map

package/dist/protocol/transmission.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"transmission.js","sourceRoot":"","sources":["../../src/protocol/transmission.ts"],"names":[],"mappings":"AAAA,mFAAmF;AACnF,EAAE;AACF,2EAA2E;AAE3E,OAAO,EACL,OAAO,EAAE,WAAW,EACpB,WAAW,EAAE,WAAW,EACxB,WAAW,EAAE,WAAW,EACzB,MAAM,eAAe,CAAA;AACtB,OAAO,EAAC,IAAI,EAAC,MAAM,mBAAmB,CAAA;AAEtC,eAAe;AAEf,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,CAAA;AAEpC,6CAA6C;AAC7C,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAA;AACnC,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAA;AACpC,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAA;AACxC,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAA;AAEnC,oEAAoE;AAEpE,MAAM,UAAU,QAAQ,CAAC,GAAe,EAAE,YAAoB,eAAe;IAC3E,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAA;IACtB,MAAM,MAAM,GAAG,SAAS,GAAG,GAAG,GAAG,CAAC,CAAA;IAClC,IAAI,MAAM,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAA;IACxE,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,CAAA;IACxC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,GAAG,IAAI,CAAA;IAC9B,MAAM,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,IAAI,CAAA;IACtB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAA;IAClB,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,GAAG,GAAG,CAAC,CAAA,CAAC,cAAc;IACzC,OAAO,MAAM,CAAA;AACf,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,KAAiB;IAC1C,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAA;IAC9D,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;IACtC,IAAI,CAAC,GAAG,GAAG,GAAG,KAAK,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAA;IACzE,OAAO,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,CAAA;AACnC,CAAC;AAED,8CAA8C;AAE9C,0DAA0D;AAC1D,+DAA+D;AAC/D,2DAA2D;AAC3D,MAAM,UAAU,sBAAsB,CACpC,SAAqB,EACrB,MAAkB,EAClB,QAAoB,EACpB,QAAoB,EACpB,UAAsB;IAEtB,0EAA0E;IAC1E,MAAM,MAAM,GAAG,WAAW,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,WAAW,CAAC,QAAQ,CAAC,EAAE,QAAQ,CAAC,CAAA;IAChF,uCAAuC;IACvC,MAAM,QAAQ,GAAG,WAAW,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,CAAA;IAC5D,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAA;IAC5C,MAAM,aAAa,GAAG,WAAW,CAAC,SAAS,CAAC,CAAA;IAC5C,8DAA8D;IAC9D,MAAM,OAAO,GAAG,WAAW,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAA;IACpD,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC,CAAA;IACpE,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAA;AACxB,CAAC;AAED,iEAAiE;AACjE,8EAA8E;AAC9E,MAAM,UAAU,kBAAkB,CAChC,SAAqB,EACrB,MAAkB,EAClB,QAAoB,EACpB,QAAoB;IAEpB,MAAM,MAAM,GAAG,WAAW,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,WAAW,CAAC,MAAM,CAAC,EAAE,WAAW,CAAC,QAAQ,CAAC,EAAE,QAAQ,CAAC,CAAA;IACxG,gEAAgE;IAChE,MAAM,aAAa,GAAG,WAAW,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CAAA;IACpD,MAAM,OAAO,GAAG,WAAW,CAAC,aAAa,EAAE,MAAM,CAAC,CAAA;IAClD,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC,CAAA;IACpE,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAA;AACxB,CAAC;AAUD,iDAAiD;AACjD,uEAAuE;AACvE,8FAA8F;AAC9F,MAAM,UAAU,kBAAkB,CAAC,SAAqB,EAAE,KAAiB;IACzE,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,CAAA;IAC7B,MAAM,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,CAAA;IAC1B,MAAM,KAAK,GAAG,CAAC,CAAC,OAAO,EAAE,CAAA;IACzB,IAAI,KAAK,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,kDAAkD,GAAG,KAAK,CAAC,CAAA;IAC5F,MAAM,YAAY,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;IACnC,MAAM,EAAE,GAAG,IAAI,OAAO,CAAC,YAAY,CAAC,CAAA;IACpC,wDAAwD;IACxD,WAAW,CAAC,EAAE,CAAC,CAAA;IACf,2DAA2D;IAC3D,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,CAAC,CAAA;IAC9B,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACtF,OAAO,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAA;QAC9D,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAA;IAC3D,CAAC;IACD,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,CAAC,CAAA;IAC9B,MAAM,QAAQ,GAAG,WAAW,CAAC,EAAE,CAAC,CAAA;IAChC,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,EAAE,CAAA;IAC5B,OAAO,EAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAC,CAAA;AACpC,CAAC"}

package/package.json

@@ -0,0 +1,40 @@
+{
+  "name": "@shhhum/xftp-web",
+  "version": "0.1.0",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": ["dist", "src"],
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "postinstall": "ln -sf ../../../libsodium-sumo/dist/modules-sumo-esm/libsodium-sumo.mjs node_modules/libsodium-wrappers-sumo/dist/modules-sumo-esm/libsodium-sumo.mjs && npx playwright install chromium",
+    "build": "tsc",
+    "test": "vitest",
+    "dev": "npx tsx test/runSetup.ts && vite --mode development",
+    "build:local": "npx tsx test/runSetup.ts && vite build --mode development",
+    "build:prod": "vite build --mode production",
+    "preview": "vite preview",
+    "preview:local": "npm run build:local && vite preview",
+    "preview:prod": "vite build --mode production && vite preview",
+    "check:web": "tsc -p tsconfig.web.json --noEmit && tsc -p tsconfig.worker.json --noEmit",
+    "test:page": "playwright test test/page.spec.ts"
+  },
+  "devDependencies": {
+    "@types/libsodium-wrappers-sumo": "^0.7.8",
+    "@types/node": "^20.0.0",
+    "@types/pako": "^2.0.3",
+    "@vitest/browser": "^3.0.0",
+    "@playwright/test": "^1.50.0",
+    "playwright": "^1.50.0",
+    "typescript": "^5.4.0",
+    "vite": "^6.0.0",
+    "vitest": "^3.0.0"
+  },
+  "dependencies": {
+    "@noble/curves": "^1.9.7",
+    "libsodium-wrappers-sumo": "^0.7.13",
+    "pako": "^2.1.0"
+  }
+}