@sideband/secure-relay 0.0.1

package/dist/crypto.js

@@ -0,0 +1,145 @@
+// SPDX-FileCopyrightText: 2025-present Sideband
+// SPDX-License-Identifier: AGPL-3.0-or-later
+/**
+ * Cryptographic primitives for Sideband Relay Protocol (SBRP).
+ *
+ * Uses @noble/curves for Ed25519/X25519, @noble/ciphers for ChaCha20-Poly1305,
+ * and @noble/hashes for SHA-256/HKDF.
+ */
+import { chacha20poly1305 } from "@noble/ciphers/chacha";
+import { ed25519 } from "@noble/curves/ed25519";
+import { x25519 } from "@noble/curves/ed25519";
+import { hkdf } from "@noble/hashes/hkdf";
+import { sha256 } from "@noble/hashes/sha256";
+import { concatBytes, randomBytes } from "@noble/hashes/utils";
+import { AUTH_TAG_LENGTH, DIRECTION_CLIENT_TO_DAEMON, DIRECTION_DAEMON_TO_CLIENT, NONCE_LENGTH, SBRP_HANDSHAKE_CONTEXT, SBRP_SESSION_KEYS_INFO, SBRP_TRANSCRIPT_CONTEXT, SESSION_KEYS_LENGTH, SYMMETRIC_KEY_LENGTH, } from "./constants.js";
+import { Direction } from "./types.js";
+const textEncoder = new TextEncoder();
+/** Generate a new Ed25519 identity keypair */
+export function generateIdentityKeyPair() {
+    const privateKey = ed25519.utils.randomPrivateKey();
+    const publicKey = ed25519.getPublicKey(privateKey);
+    return { publicKey, privateKey };
+}
+/** Generate a new X25519 ephemeral keypair */
+export function generateEphemeralKeyPair() {
+    const privateKey = x25519.utils.randomPrivateKey();
+    const publicKey = x25519.getPublicKey(privateKey);
+    return { publicKey, privateKey };
+}
+/** Compute SHA-256 fingerprint of an identity public key */
+export function computeFingerprint(identityPublicKey) {
+    const hash = sha256(identityPublicKey);
+    const hex = Array.from(hash)
+        .map((b) => b.toString(16).padStart(2, "0").toUpperCase())
+        .join(":");
+    return `SHA256:${hex}`;
+}
+/**
+ * Create the signature payload for handshake authentication.
+ *
+ * payload = SHA256("sbrp-v1-handshake" || daemonId || browserPublicKey || daemonEphemeralPublicKey)
+ */
+export function createSignaturePayload(daemonId, browserPublicKey, daemonEphemeralPublicKey) {
+    return sha256(concatBytes(textEncoder.encode(SBRP_HANDSHAKE_CONTEXT), textEncoder.encode(daemonId), browserPublicKey, daemonEphemeralPublicKey));
+}
+/** Sign a payload with an Ed25519 identity private key */
+export function signPayload(payload, identityPrivateKey) {
+    return ed25519.sign(payload, identityPrivateKey);
+}
+/** Verify an Ed25519 signature */
+export function verifySignature(payload, signature, identityPublicKey) {
+    return ed25519.verify(signature, payload, identityPublicKey);
+}
+/** Compute X25519 shared secret */
+export function computeSharedSecret(myPrivateKey, peerPublicKey) {
+    return x25519.getSharedSecret(myPrivateKey, peerPublicKey);
+}
+/**
+ * Create the transcript hash for key derivation.
+ *
+ * transcript = SHA256("sbrp-v1-transcript" || daemonId || browserPublicKey || daemonPublicKey || signature)
+ */
+export function createTranscriptHash(daemonId, browserPublicKey, daemonPublicKey, signature) {
+    return sha256(concatBytes(textEncoder.encode(SBRP_TRANSCRIPT_CONTEXT), textEncoder.encode(daemonId), browserPublicKey, daemonPublicKey, signature));
+}
+/**
+ * Derive traffic keys using HKDF-SHA256.
+ *
+ * Keys are derived with transcript hash as salt to bind to the authenticated session.
+ */
+export function deriveTrafficKeys(sharedSecret, transcriptHash) {
+    const keys = hkdf(sha256, sharedSecret, transcriptHash, SBRP_SESSION_KEYS_INFO, SESSION_KEYS_LENGTH);
+    return {
+        clientToDaemon: keys.slice(0, SYMMETRIC_KEY_LENGTH),
+        daemonToClient: keys.slice(SYMMETRIC_KEY_LENGTH, SESSION_KEYS_LENGTH),
+    };
+}
+/**
+ * Construct a nonce for ChaCha20-Poly1305.
+ *
+ * Nonce format (12 bytes):
+ * - Bytes 0-3: Direction (0x00000001 = client→daemon, 0x00000002 = daemon→client)
+ * - Bytes 4-11: Sequence number (big-endian uint64)
+ */
+export function constructNonce(direction, seq) {
+    const nonce = new Uint8Array(NONCE_LENGTH);
+    const directionBytes = direction === Direction.ClientToDaemon
+        ? DIRECTION_CLIENT_TO_DAEMON
+        : DIRECTION_DAEMON_TO_CLIENT;
+    nonce.set(directionBytes, 0);
+    // Write sequence number as big-endian uint64 (bytes 4-11)
+    const view = new DataView(nonce.buffer);
+    view.setBigUint64(4, seq, false); // false = big-endian
+    return nonce;
+}
+/**
+ * Encrypt a message using ChaCha20-Poly1305.
+ *
+ * Returns: nonce (12 bytes) || ciphertext || authTag (16 bytes)
+ */
+export function encrypt(key, direction, seq, plaintext) {
+    const nonce = constructNonce(direction, seq);
+    const cipher = chacha20poly1305(key, nonce);
+    const ciphertext = cipher.encrypt(plaintext);
+    return concatBytes(nonce, ciphertext);
+}
+/**
+ * Decrypt a message using ChaCha20-Poly1305.
+ *
+ * Input format: nonce (12 bytes) || ciphertext || authTag (16 bytes)
+ * Returns the plaintext, or throws on decryption failure.
+ */
+export function decrypt(key, data) {
+    if (data.length < NONCE_LENGTH + AUTH_TAG_LENGTH) {
+        throw new Error("Invalid encrypted message: too short");
+    }
+    const nonce = data.slice(0, NONCE_LENGTH);
+    const ciphertext = data.slice(NONCE_LENGTH);
+    const cipher = chacha20poly1305(key, nonce);
+    return cipher.decrypt(ciphertext);
+}
+/**
+ * Extract sequence number from encrypted message data.
+ *
+ * Reads bytes 4-11 of the nonce as big-endian uint64.
+ */
+export function extractSequence(data) {
+    if (data.length < NONCE_LENGTH) {
+        throw new Error("Invalid encrypted message: too short");
+    }
+    const view = new DataView(data.buffer, data.byteOffset, data.byteLength);
+    return view.getBigUint64(4, false); // false = big-endian
+}
+/**
+ * Best-effort zeroization of sensitive key material.
+ *
+ * Note: JavaScript/GC limitations mean this is not guaranteed to prevent
+ * key material from remaining in memory.
+ */
+export function zeroize(data) {
+    data.fill(0);
+}
+/** Generate random bytes */
+export { randomBytes };
+//# sourceMappingURL=crypto.js.map

package/dist/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA,gDAAgD;AAChD,6CAA6C;AAE7C;;;;;GAKG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAChD,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAC/D,OAAO,EACL,eAAe,EACf,0BAA0B,EAC1B,0BAA0B,EAC1B,YAAY,EACZ,sBAAsB,EACtB,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,oBAAoB,GACrB,MAAM,gBAAgB,CAAC;AAOxB,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;AAEtC,8CAA8C;AAC9C,MAAM,UAAU,uBAAuB;IACrC,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;IACpD,MAAM,SAAS,GAAG,OAAO,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;IACnD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;AACnC,CAAC;AAED,8CAA8C;AAC9C,MAAM,UAAU,wBAAwB;IACtC,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;IACnD,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;IAClD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;AACnC,CAAC;AAED,4DAA4D;AAC5D,MAAM,UAAU,kBAAkB,CAAC,iBAA6B;IAC9D,MAAM,IAAI,GAAG,MAAM,CAAC,iBAAiB,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC;SACzB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;SACzD,IAAI,CAAC,GAAG,CAAC,CAAC;IACb,OAAO,UAAU,GAAG,EAAE,CAAC;AACzB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,sBAAsB,CACpC,QAAkB,EAClB,gBAA4B,EAC5B,wBAAoC;IAEpC,OAAO,MAAM,CACX,WAAW,CACT,WAAW,CAAC,MAAM,CAAC,sBAAsB,CAAC,EAC1C,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,EAC5B,gBAAgB,EAChB,wBAAwB,CACzB,CACF,CAAC;AACJ,CAAC;AAED,0DAA0D;AAC1D,MAAM,UAAU,WAAW,CACzB,OAAmB,EACnB,kBAA8B;IAE9B,OAAO,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;AACnD,CAAC;AAED,kCAAkC;AAClC,MAAM,UAAU,eAAe,CAC7B,OAAmB,EACnB,SAAqB,EACrB,iBAA6B;IAE7B,OAAO,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,iBAAiB,CAAC,CAAC;AAC/D,CAAC;AAED,mCAAmC;AACnC,MAAM,UAAU,mBAAmB,CACjC,YAAwB,EACxB,aAAyB;IAEzB,OAAO,MAAM,CAAC,eAAe,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC;AAC7D,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAClC,QAAkB,EAClB,gBAA4B,EAC5B,eAA2B,EAC3B,SAAqB;IAErB,OAAO,MAAM,CACX,WAAW,CACT,WAAW,CAAC,MAAM,CAAC,uBAAuB,CAAC,EAC3C,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,EAC5B,gBAAgB,EAChB,eAAe,EACf,SAAS,CACV,CACF,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAC/B,YAAwB,EACxB,cAA0B;IAE1B,MAAM,IAAI,GAAG,IAAI,CACf,MAAM,EACN,YAAY,EACZ,cAAc,EACd,sBAAsB,EACtB,mBAAmB,CACpB,CAAC;IAEF,OAAO;QACL,cAAc,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,oBAAoB,CAAC;QACnD,cAAc,EAAE,IAAI,CAAC,KAAK,CAAC,oBAAoB,EAAE,mBAAmB,CAAC;KACtE,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,cAAc,CAAC,SAAoB,EAAE,GAAW;IAC9D,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,YAAY,CAAC,CAAC;IAC3C,MAAM,cAAc,GAClB,SAAS,KAAK,SAAS,CAAC,cAAc;QACpC,CAAC,CAAC,0BAA0B;QAC5B,CAAC,CAAC,0BAA0B,CAAC;IAEjC,KAAK,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC;IAE7B,0DAA0D;IAC1D,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACxC,IAAI,CAAC,YAAY,CAAC,CAAC,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,qBAAqB;IAEvD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,OAAO,CACrB,GAAe,EACf,SAAoB,EACpB,GAAW,EACX,SAAqB;IAErB,MAAM,KAAK,GAAG,cAAc,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,gBAAgB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAC5C,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAE7C,OAAO,WAAW,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;AACxC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,OAAO,CAAC,GAAe,EAAE,IAAgB;IACvD,IAAI,IAAI,CAAC,MAAM,GAAG,YAAY,GAAG,eAAe,EAAE,CAAC;QACjD,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC1C,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IAE5C,MAAM,MAAM,GAAG,gBAAgB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAC5C,OAAO,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;AACpC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,IAAgB;IAC9C,IAAI,IAAI,CAAC,MAAM,GAAG,YAAY,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACzE,OAAO,IAAI,CAAC,YAAY,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,qBAAqB;AAC3D,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,OAAO,CAAC,IAAgB;IACtC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACf,CAAC;AAED,4BAA4B;AAC5B,OAAO,EAAE,WAAW,EAAE,CAAC"}

package/dist/handshake.d.ts

@@ -0,0 +1,42 @@
+import type { DaemonId, EphemeralKeyPair, HandshakeAccept, HandshakeInit, IdentityKeyPair, TrafficKeys } from "./types.js";
+/** Result of a successful daemon handshake */
+export interface DaemonHandshakeResult {
+    trafficKeys: TrafficKeys;
+    ephemeralKeyPair: EphemeralKeyPair;
+    signature: Uint8Array;
+}
+/** Result of a successful client handshake */
+export interface ClientHandshakeResult {
+    trafficKeys: TrafficKeys;
+    ephemeralKeyPair: EphemeralKeyPair;
+}
+/**
+ * Create a handshake init message (browser side).
+ *
+ * Generates an ephemeral X25519 keypair for this session.
+ */
+export declare function createHandshakeInit(): {
+    message: HandshakeInit;
+    ephemeralKeyPair: EphemeralKeyPair;
+};
+/**
+ * Process handshake init and create accept message (daemon side).
+ *
+ * 1. Generate ephemeral X25519 keypair
+ * 2. Sign ephemeral public key with identity key (context-bound)
+ * 3. Derive traffic keys
+ */
+export declare function processHandshakeInit(init: HandshakeInit, daemonId: DaemonId, identityKeyPair: IdentityKeyPair): {
+    message: HandshakeAccept;
+    result: DaemonHandshakeResult;
+};
+/**
+ * Process handshake accept message (client side).
+ *
+ * 1. Verify signature using PINNED identity key (TOFU)
+ * 2. Derive traffic keys using same transcript hash as daemon
+ *
+ * @throws {SbrpError} with code HandshakeFailed if signature verification fails
+ */
+export declare function processHandshakeAccept(accept: HandshakeAccept, daemonId: DaemonId, pinnedIdentityPublicKey: Uint8Array, ephemeralKeyPair: EphemeralKeyPair): ClientHandshakeResult;
+//# sourceMappingURL=handshake.d.ts.map

package/dist/handshake.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"handshake.d.ts","sourceRoot":"","sources":["../src/handshake.ts"],"names":[],"mappings":"AAoBA,OAAO,KAAK,EACV,QAAQ,EACR,gBAAgB,EAChB,eAAe,EACf,aAAa,EACb,eAAe,EACf,WAAW,EACZ,MAAM,YAAY,CAAC;AAGpB,8CAA8C;AAC9C,MAAM,WAAW,qBAAqB;IACpC,WAAW,EAAE,WAAW,CAAC;IACzB,gBAAgB,EAAE,gBAAgB,CAAC;IACnC,SAAS,EAAE,UAAU,CAAC;CACvB;AAED,8CAA8C;AAC9C,MAAM,WAAW,qBAAqB;IACpC,WAAW,EAAE,WAAW,CAAC;IACzB,gBAAgB,EAAE,gBAAgB,CAAC;CACpC;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,IAAI;IACrC,OAAO,EAAE,aAAa,CAAC;IACvB,gBAAgB,EAAE,gBAAgB,CAAC;CACpC,CASA;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAClC,IAAI,EAAE,aAAa,EACnB,QAAQ,EAAE,QAAQ,EAClB,eAAe,EAAE,eAAe,GAC/B;IAAE,OAAO,EAAE,eAAe,CAAC;IAAC,MAAM,EAAE,qBAAqB,CAAA;CAAE,CAuC7D;AAED;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,eAAe,EACvB,QAAQ,EAAE,QAAQ,EAClB,uBAAuB,EAAE,UAAU,EACnC,gBAAgB,EAAE,gBAAgB,GACjC,qBAAqB,CAyCvB"}

package/dist/handshake.js

@@ -0,0 +1,83 @@
+// SPDX-FileCopyrightText: 2025-present Sideband
+// SPDX-License-Identifier: AGPL-3.0-or-later
+/**
+ * E2EE handshake protocol for Sideband Relay Protocol (SBRP).
+ *
+ * Implements the authenticated key exchange between browser and daemon,
+ * with Ed25519 signatures for MITM protection.
+ */
+import { computeSharedSecret, createSignaturePayload, createTranscriptHash, deriveTrafficKeys, generateEphemeralKeyPair, signPayload, verifySignature, zeroize, } from "./crypto.js";
+import { SbrpError, SbrpErrorCode } from "./types.js";
+/**
+ * Create a handshake init message (browser side).
+ *
+ * Generates an ephemeral X25519 keypair for this session.
+ */
+export function createHandshakeInit() {
+    const ephemeralKeyPair = generateEphemeralKeyPair();
+    return {
+        message: {
+            type: "handshake.init",
+            browserPublicKey: ephemeralKeyPair.publicKey,
+        },
+        ephemeralKeyPair,
+    };
+}
+/**
+ * Process handshake init and create accept message (daemon side).
+ *
+ * 1. Generate ephemeral X25519 keypair
+ * 2. Sign ephemeral public key with identity key (context-bound)
+ * 3. Derive traffic keys
+ */
+export function processHandshakeInit(init, daemonId, identityKeyPair) {
+    const ephemeralKeyPair = generateEphemeralKeyPair();
+    // Sign ephemeral key with context binding
+    const signaturePayload = createSignaturePayload(daemonId, init.browserPublicKey, ephemeralKeyPair.publicKey);
+    const signature = signPayload(signaturePayload, identityKeyPair.privateKey);
+    // Derive traffic keys
+    const sharedSecret = computeSharedSecret(ephemeralKeyPair.privateKey, init.browserPublicKey);
+    const transcriptHash = createTranscriptHash(daemonId, init.browserPublicKey, ephemeralKeyPair.publicKey, signature);
+    const trafficKeys = deriveTrafficKeys(sharedSecret, transcriptHash);
+    // Best-effort zeroize shared secret
+    zeroize(sharedSecret);
+    return {
+        message: {
+            type: "handshake.accept",
+            daemonPublicKey: ephemeralKeyPair.publicKey,
+            signature,
+        },
+        result: {
+            trafficKeys,
+            ephemeralKeyPair,
+            signature,
+        },
+    };
+}
+/**
+ * Process handshake accept message (client side).
+ *
+ * 1. Verify signature using PINNED identity key (TOFU)
+ * 2. Derive traffic keys using same transcript hash as daemon
+ *
+ * @throws {SbrpError} with code HandshakeFailed if signature verification fails
+ */
+export function processHandshakeAccept(accept, daemonId, pinnedIdentityPublicKey, ephemeralKeyPair) {
+    // Verify daemon signature using PINNED key (not relay-provided!)
+    const signaturePayload = createSignaturePayload(daemonId, ephemeralKeyPair.publicKey, accept.daemonPublicKey);
+    const valid = verifySignature(signaturePayload, accept.signature, pinnedIdentityPublicKey);
+    if (!valid) {
+        throw new SbrpError(SbrpErrorCode.HandshakeFailed, "Signature verification failed");
+    }
+    // Derive traffic keys using same transcript hash as daemon
+    const sharedSecret = computeSharedSecret(ephemeralKeyPair.privateKey, accept.daemonPublicKey);
+    const transcriptHash = createTranscriptHash(daemonId, ephemeralKeyPair.publicKey, accept.daemonPublicKey, accept.signature);
+    const trafficKeys = deriveTrafficKeys(sharedSecret, transcriptHash);
+    // Best-effort zeroize shared secret
+    zeroize(sharedSecret);
+    return {
+        trafficKeys,
+        ephemeralKeyPair,
+    };
+}
+//# sourceMappingURL=handshake.js.map

package/dist/handshake.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"handshake.js","sourceRoot":"","sources":["../src/handshake.ts"],"names":[],"mappings":"AAAA,gDAAgD;AAChD,6CAA6C;AAE7C;;;;;GAKG;AAEH,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,oBAAoB,EACpB,iBAAiB,EACjB,wBAAwB,EACxB,WAAW,EACX,eAAe,EACf,OAAO,GACR,MAAM,aAAa,CAAC;AASrB,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAetD;;;;GAIG;AACH,MAAM,UAAU,mBAAmB;IAIjC,MAAM,gBAAgB,GAAG,wBAAwB,EAAE,CAAC;IACpD,OAAO;QACL,OAAO,EAAE;YACP,IAAI,EAAE,gBAAgB;YACtB,gBAAgB,EAAE,gBAAgB,CAAC,SAAS;SAC7C;QACD,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,oBAAoB,CAClC,IAAmB,EACnB,QAAkB,EAClB,eAAgC;IAEhC,MAAM,gBAAgB,GAAG,wBAAwB,EAAE,CAAC;IAEpD,0CAA0C;IAC1C,MAAM,gBAAgB,GAAG,sBAAsB,CAC7C,QAAQ,EACR,IAAI,CAAC,gBAAgB,EACrB,gBAAgB,CAAC,SAAS,CAC3B,CAAC;IACF,MAAM,SAAS,GAAG,WAAW,CAAC,gBAAgB,EAAE,eAAe,CAAC,UAAU,CAAC,CAAC;IAE5E,sBAAsB;IACtB,MAAM,YAAY,GAAG,mBAAmB,CACtC,gBAAgB,CAAC,UAAU,EAC3B,IAAI,CAAC,gBAAgB,CACtB,CAAC;IACF,MAAM,cAAc,GAAG,oBAAoB,CACzC,QAAQ,EACR,IAAI,CAAC,gBAAgB,EACrB,gBAAgB,CAAC,SAAS,EAC1B,SAAS,CACV,CAAC;IACF,MAAM,WAAW,GAAG,iBAAiB,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC;IAEpE,oCAAoC;IACpC,OAAO,CAAC,YAAY,CAAC,CAAC;IAEtB,OAAO;QACL,OAAO,EAAE;YACP,IAAI,EAAE,kBAAkB;YACxB,eAAe,EAAE,gBAAgB,CAAC,SAAS;YAC3C,SAAS;SACV;QACD,MAAM,EAAE;YACN,WAAW;YACX,gBAAgB;YAChB,SAAS;SACV;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,sBAAsB,CACpC,MAAuB,EACvB,QAAkB,EAClB,uBAAmC,EACnC,gBAAkC;IAElC,iEAAiE;IACjE,MAAM,gBAAgB,GAAG,sBAAsB,CAC7C,QAAQ,EACR,gBAAgB,CAAC,SAAS,EAC1B,MAAM,CAAC,eAAe,CACvB,CAAC;IAEF,MAAM,KAAK,GAAG,eAAe,CAC3B,gBAAgB,EAChB,MAAM,CAAC,SAAS,EAChB,uBAAuB,CACxB,CAAC;IAEF,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,SAAS,CACjB,aAAa,CAAC,eAAe,EAC7B,+BAA+B,CAChC,CAAC;IACJ,CAAC;IAED,2DAA2D;IAC3D,MAAM,YAAY,GAAG,mBAAmB,CACtC,gBAAgB,CAAC,UAAU,EAC3B,MAAM,CAAC,eAAe,CACvB,CAAC;IACF,MAAM,cAAc,GAAG,oBAAoB,CACzC,QAAQ,EACR,gBAAgB,CAAC,SAAS,EAC1B,MAAM,CAAC,eAAe,EACtB,MAAM,CAAC,SAAS,CACjB,CAAC;IACF,MAAM,WAAW,GAAG,iBAAiB,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC;IAEpE,oCAAoC;IACpC,OAAO,CAAC,YAAY,CAAC,CAAC;IAEtB,OAAO;QACL,WAAW;QACX,gBAAgB;KACjB,CAAC;AACJ,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,45 @@
+/**
+ * @sideband/secure-relay
+ *
+ * Sideband Relay Protocol (SBRP) implementation for E2EE communication
+ * between daemons and clients via a relay server.
+ *
+ * Features:
+ * - Ed25519 identity signatures for MITM protection
+ * - X25519 ephemeral key exchange for forward secrecy
+ * - ChaCha20-Poly1305 authenticated encryption
+ * - TOFU (Trust On First Use) identity pinning
+ * - Bitmap-based replay protection
+ *
+ * @example
+ * ```typescript
+ * // Daemon side: generate identity keypair on first run
+ * const identity = generateIdentityKeyPair();
+ *
+ * // Client side: create handshake init
+ * const { message: init, ephemeralKeyPair } = createHandshakeInit();
+ *
+ * // Daemon side: process init and create accept
+ * const { message: accept, result } = processHandshakeInit(init, daemonId, identity);
+ * const clientSession = createClientSession(clientId, result.trafficKeys);
+ *
+ * // Client side: process accept (with TOFU-pinned identity)
+ * const { trafficKeys } = processHandshakeAccept(accept, daemonId, pinnedKey, ephemeralKeyPair);
+ * const daemonConn = createDaemonConnection(trafficKeys);
+ *
+ * // Encrypt/decrypt messages
+ * const encrypted = encryptClientToDaemon(daemonConn, plaintext);
+ * const decrypted = decryptClientToDaemon(clientSession, encrypted);
+ * ```
+ */
+export type { ClientId, DaemonId, EncryptedMessage, EphemeralKeyPair, HandshakeAccept, HandshakeInit, IdentityKeyPair, PinnedIdentity, TrafficKeys, } from "./types.js";
+export { asClientId, asDaemonId, Direction, SbrpError, SbrpErrorCode } from "./types.js";
+export { AUTH_TAG_LENGTH, DEFAULT_REPLAY_WINDOW_SIZE, DIRECTION_CLIENT_TO_DAEMON, DIRECTION_DAEMON_TO_CLIENT, ED25519_PRIVATE_KEY_LENGTH, ED25519_PUBLIC_KEY_LENGTH, ED25519_SIGNATURE_LENGTH, NONCE_LENGTH, SBRP_HANDSHAKE_CONTEXT, SBRP_SESSION_KEYS_INFO, SBRP_TRANSCRIPT_CONTEXT, SESSION_KEYS_LENGTH, SYMMETRIC_KEY_LENGTH, X25519_PRIVATE_KEY_LENGTH, X25519_PUBLIC_KEY_LENGTH, } from "./constants.js";
+export { computeFingerprint, computeSharedSecret, constructNonce, createSignaturePayload, createTranscriptHash, decrypt, deriveTrafficKeys, encrypt, extractSequence, generateEphemeralKeyPair, generateIdentityKeyPair, randomBytes, signPayload, verifySignature, zeroize, } from "./crypto.js";
+export type { ClientHandshakeResult, DaemonHandshakeResult, } from "./handshake.js";
+export { createHandshakeInit, processHandshakeAccept, processHandshakeInit, } from "./handshake.js";
+export type { ReplayWindow } from "./replay.js";
+export { checkAndUpdateReplay, createReplayWindow, isValidSequence, resetReplayWindow, } from "./replay.js";
+export type { ClientSession, DaemonConnection } from "./session.js";
+export { clearClientSession, clearDaemonConnection, createClientSession, createDaemonConnection, decryptClientToDaemon, decryptDaemonToClient, encryptClientToDaemon, encryptDaemonToClient, } from "./session.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAGH,YAAY,EACV,QAAQ,EACR,QAAQ,EACR,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,aAAa,EACb,eAAe,EACf,cAAc,EACd,WAAW,GACZ,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAGzF,OAAO,EACL,eAAe,EACf,0BAA0B,EAC1B,0BAA0B,EAC1B,0BAA0B,EAC1B,0BAA0B,EAC1B,yBAAyB,EACzB,wBAAwB,EACxB,YAAY,EACZ,sBAAsB,EACtB,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,oBAAoB,EACpB,yBAAyB,EACzB,wBAAwB,GACzB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,kBAAkB,EAClB,mBAAmB,EACnB,cAAc,EACd,sBAAsB,EACtB,oBAAoB,EACpB,OAAO,EACP,iBAAiB,EACjB,OAAO,EACP,eAAe,EACf,wBAAwB,EACxB,uBAAuB,EACvB,WAAW,EACX,WAAW,EACX,eAAe,EACf,OAAO,GACR,MAAM,aAAa,CAAC;AAGrB,YAAY,EACV,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,gBAAgB,CAAC;AAGxB,YAAY,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAEhD,OAAO,EACL,oBAAoB,EACpB,kBAAkB,EAClB,eAAe,EACf,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAGrB,YAAY,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEpE,OAAO,EACL,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,sBAAsB,EACtB,qBAAqB,EACrB,qBAAqB,EACrB,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,cAAc,CAAC"}

package/dist/index.js

@@ -0,0 +1,11 @@
+// SPDX-FileCopyrightText: 2025-present Sideband
+// SPDX-License-Identifier: AGPL-3.0-or-later
+export { asClientId, asDaemonId, Direction, SbrpError, SbrpErrorCode } from "./types.js";
+// Constants
+export { AUTH_TAG_LENGTH, DEFAULT_REPLAY_WINDOW_SIZE, DIRECTION_CLIENT_TO_DAEMON, DIRECTION_DAEMON_TO_CLIENT, ED25519_PRIVATE_KEY_LENGTH, ED25519_PUBLIC_KEY_LENGTH, ED25519_SIGNATURE_LENGTH, NONCE_LENGTH, SBRP_HANDSHAKE_CONTEXT, SBRP_SESSION_KEYS_INFO, SBRP_TRANSCRIPT_CONTEXT, SESSION_KEYS_LENGTH, SYMMETRIC_KEY_LENGTH, X25519_PRIVATE_KEY_LENGTH, X25519_PUBLIC_KEY_LENGTH, } from "./constants.js";
+// Crypto primitives
+export { computeFingerprint, computeSharedSecret, constructNonce, createSignaturePayload, createTranscriptHash, decrypt, deriveTrafficKeys, encrypt, extractSequence, generateEphemeralKeyPair, generateIdentityKeyPair, randomBytes, signPayload, verifySignature, zeroize, } from "./crypto.js";
+export { createHandshakeInit, processHandshakeAccept, processHandshakeInit, } from "./handshake.js";
+export { checkAndUpdateReplay, createReplayWindow, isValidSequence, resetReplayWindow, } from "./replay.js";
+export { clearClientSession, clearDaemonConnection, createClientSession, createDaemonConnection, decryptClientToDaemon, decryptDaemonToClient, encryptClientToDaemon, encryptDaemonToClient, } from "./session.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,gDAAgD;AAChD,6CAA6C;AAkD7C,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEzF,YAAY;AACZ,OAAO,EACL,eAAe,EACf,0BAA0B,EAC1B,0BAA0B,EAC1B,0BAA0B,EAC1B,0BAA0B,EAC1B,yBAAyB,EACzB,wBAAwB,EACxB,YAAY,EACZ,sBAAsB,EACtB,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,oBAAoB,EACpB,yBAAyB,EACzB,wBAAwB,GACzB,MAAM,gBAAgB,CAAC;AAExB,oBAAoB;AACpB,OAAO,EACL,kBAAkB,EAClB,mBAAmB,EACnB,cAAc,EACd,sBAAsB,EACtB,oBAAoB,EACpB,OAAO,EACP,iBAAiB,EACjB,OAAO,EACP,eAAe,EACf,wBAAwB,EACxB,uBAAuB,EACvB,WAAW,EACX,WAAW,EACX,eAAe,EACf,OAAO,GACR,MAAM,aAAa,CAAC;AAQrB,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,gBAAgB,CAAC;AAKxB,OAAO,EACL,oBAAoB,EACpB,kBAAkB,EAClB,eAAe,EACf,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAKrB,OAAO,EACL,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,sBAAsB,EACtB,qBAAqB,EACrB,qBAAqB,EACrB,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,cAAc,CAAC"}

package/dist/replay.d.ts

@@ -0,0 +1,32 @@
+/** Replay window state */
+export interface ReplayWindow {
+    /** Highest accepted sequence number */
+    maxSeen: bigint;
+    /** Bitmap: bit i set = sequence (maxSeen - i) was seen */
+    bitmap: bigint;
+    /** Window size in bits */
+    windowSize: bigint;
+}
+/**
+ * Create a new replay window.
+ *
+ * @param windowSize - Window size in bits (default: 64)
+ */
+export declare function createReplayWindow(windowSize?: bigint): ReplayWindow;
+/**
+ * Check if a sequence number is valid (not a replay) and update the window.
+ *
+ * @returns true if the sequence is valid and accepted, false if it's a replay
+ */
+export declare function checkAndUpdateReplay(seq: bigint, window: ReplayWindow): boolean;
+/**
+ * Check if a sequence number would be valid without updating the window.
+ *
+ * Useful for pre-validation before decryption.
+ */
+export declare function isValidSequence(seq: bigint, window: ReplayWindow): boolean;
+/**
+ * Reset the replay window to initial state.
+ */
+export declare function resetReplayWindow(window: ReplayWindow): void;
+//# sourceMappingURL=replay.d.ts.map

package/dist/replay.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"replay.d.ts","sourceRoot":"","sources":["../src/replay.ts"],"names":[],"mappings":"AAaA,0BAA0B;AAC1B,MAAM,WAAW,YAAY;IAC3B,uCAAuC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,0DAA0D;IAC1D,MAAM,EAAE,MAAM,CAAC;IACf,0BAA0B;IAC1B,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,UAAU,GAAE,MAAmC,GAC9C,YAAY,CAMd;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,CAClC,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,YAAY,GACnB,OAAO,CAqCT;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,GAAG,OAAO,CAgB1E;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,YAAY,GAAG,IAAI,CAG5D"}

package/dist/replay.js

@@ -0,0 +1,89 @@
+// SPDX-FileCopyrightText: 2025-present Sideband
+// SPDX-License-Identifier: AGPL-3.0-or-later
+/**
+ * Bitmap-based replay protection for Sideband Relay Protocol (SBRP).
+ *
+ * Uses a sliding window to track seen sequence numbers and prevent
+ * replay attacks while avoiding memory exhaustion from attacker-controlled
+ * sequence numbers.
+ */
+import { DEFAULT_REPLAY_WINDOW_SIZE } from "./constants.js";
+/**
+ * Create a new replay window.
+ *
+ * @param windowSize - Window size in bits (default: 64)
+ */
+export function createReplayWindow(windowSize = DEFAULT_REPLAY_WINDOW_SIZE) {
+    return {
+        maxSeen: -1n, // No messages seen yet
+        bitmap: 0n,
+        windowSize,
+    };
+}
+/**
+ * Check if a sequence number is valid (not a replay) and update the window.
+ *
+ * @returns true if the sequence is valid and accepted, false if it's a replay
+ */
+export function checkAndUpdateReplay(seq, window) {
+    // First message ever
+    if (window.maxSeen === -1n) {
+        window.maxSeen = seq;
+        window.bitmap = 1n;
+        return true;
+    }
+    if (seq > window.maxSeen) {
+        // New high sequence - shift window
+        const shift = seq - window.maxSeen;
+        if (shift >= window.windowSize) {
+            // Sequence is far ahead, reset bitmap
+            window.bitmap = 1n;
+        }
+        else {
+            window.bitmap = (window.bitmap << shift) | 1n;
+        }
+        window.maxSeen = seq;
+        return true;
+    }
+    // Sequence is within or before the window
+    const diff = window.maxSeen - seq;
+    if (diff >= window.windowSize) {
+        // Too old, outside window
+        return false;
+    }
+    const mask = 1n << diff;
+    if (window.bitmap & mask) {
+        // Already seen (replay)
+        return false;
+    }
+    // Mark as seen
+    window.bitmap |= mask;
+    return true;
+}
+/**
+ * Check if a sequence number would be valid without updating the window.
+ *
+ * Useful for pre-validation before decryption.
+ */
+export function isValidSequence(seq, window) {
+    if (window.maxSeen === -1n) {
+        return true;
+    }
+    if (seq > window.maxSeen) {
+        return true;
+    }
+    const diff = window.maxSeen - seq;
+    if (diff >= window.windowSize) {
+        return false;
+    }
+    const mask = 1n << diff;
+    return (window.bitmap & mask) === 0n;
+}
+/**
+ * Reset the replay window to initial state.
+ */
+export function resetReplayWindow(window) {
+    window.maxSeen = -1n;
+    window.bitmap = 0n;
+}
+//# sourceMappingURL=replay.js.map

package/dist/replay.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"replay.js","sourceRoot":"","sources":["../src/replay.ts"],"names":[],"mappings":"AAAA,gDAAgD;AAChD,6CAA6C;AAE7C;;;;;;GAMG;AAEH,OAAO,EAAE,0BAA0B,EAAE,MAAM,gBAAgB,CAAC;AAY5D;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAChC,aAAqB,0BAA0B;IAE/C,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,EAAE,uBAAuB;QACrC,MAAM,EAAE,EAAE;QACV,UAAU;KACX,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAClC,GAAW,EACX,MAAoB;IAEpB,qBAAqB;IACrB,IAAI,MAAM,CAAC,OAAO,KAAK,CAAC,EAAE,EAAE,CAAC;QAC3B,MAAM,CAAC,OAAO,GAAG,GAAG,CAAC;QACrB,MAAM,CAAC,MAAM,GAAG,EAAE,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,GAAG,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;QACzB,mCAAmC;QACnC,MAAM,KAAK,GAAG,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC;QACnC,IAAI,KAAK,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YAC/B,sCAAsC;YACtC,MAAM,CAAC,MAAM,GAAG,EAAE,CAAC;QACrB,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,MAAM,GAAG,CAAC,MAAM,CAAC,MAAM,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;QAChD,CAAC;QACD,MAAM,CAAC,OAAO,GAAG,GAAG,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,0CAA0C;IAC1C,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,GAAG,GAAG,CAAC;IAClC,IAAI,IAAI,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QAC9B,0BAA0B;QAC1B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,IAAI,GAAG,EAAE,IAAI,IAAI,CAAC;IACxB,IAAI,MAAM,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC;QACzB,wBAAwB;QACxB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,eAAe;IACf,MAAM,CAAC,MAAM,IAAI,IAAI,CAAC;IACtB,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,GAAW,EAAE,MAAoB;IAC/D,IAAI,MAAM,CAAC,OAAO,KAAK,CAAC,EAAE,EAAE,CAAC;QAC3B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,GAAG,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,GAAG,GAAG,CAAC;IAClC,IAAI,IAAI,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,IAAI,GAAG,EAAE,IAAI,IAAI,CAAC;IACxB,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAoB;IACpD,MAAM,CAAC,OAAO,GAAG,CAAC,EAAE,CAAC;IACrB,MAAM,CAAC,MAAM,GAAG,EAAE,CAAC;AACrB,CAAC"}

package/dist/session.d.ts

@@ -0,0 +1,67 @@
+import { type ReplayWindow } from "./replay.js";
+import type { ClientId, EncryptedMessage, TrafficKeys } from "./types.js";
+/** Crypto state for one direction of communication (traffic key, counters, replay) */
+interface ChannelState {
+    trafficKey: Uint8Array;
+    sendSeq: bigint;
+    recvWindow: ReplayWindow;
+}
+/** Client session (daemon-side state for each connected client) */
+export interface ClientSession {
+    clientId: ClientId;
+    clientToDaemon: ChannelState;
+    daemonToClient: ChannelState;
+}
+/** Daemon connection (client-side state for communicating with daemon) */
+export interface DaemonConnection {
+    clientToDaemon: ChannelState;
+    daemonToClient: ChannelState;
+}
+/**
+ * Create a client session (daemon side).
+ *
+ * Used by daemon to manage state for each connected client.
+ */
+export declare function createClientSession(clientId: ClientId, trafficKeys: TrafficKeys): ClientSession;
+/**
+ * Create a daemon connection (client side).
+ *
+ * Used by client to communicate with daemon.
+ */
+export declare function createDaemonConnection(trafficKeys: TrafficKeys): DaemonConnection;
+/**
+ * Encrypt a message from client to daemon.
+ */
+export declare function encryptClientToDaemon(conn: DaemonConnection, plaintext: Uint8Array): EncryptedMessage;
+/**
+ * Encrypt a message from daemon to client.
+ */
+export declare function encryptDaemonToClient(session: ClientSession, plaintext: Uint8Array): EncryptedMessage;
+/**
+ * Decrypt a message received by daemon from client.
+ *
+ * @throws {SbrpError} with code SequenceError if replay detected
+ * @throws {SbrpError} with code DecryptFailed if decryption fails
+ */
+export declare function decryptClientToDaemon(session: ClientSession, message: EncryptedMessage): Uint8Array;
+/**
+ * Decrypt a message received by client from daemon.
+ *
+ * @throws {SbrpError} with code SequenceError if replay detected
+ * @throws {SbrpError} with code DecryptFailed if decryption fails
+ */
+export declare function decryptDaemonToClient(conn: DaemonConnection, message: EncryptedMessage): Uint8Array;
+/**
+ * Clear all key material from a client session.
+ *
+ * Best-effort zeroization (JS/GC limitations apply).
+ */
+export declare function clearClientSession(session: ClientSession): void;
+/**
+ * Clear all key material from a daemon connection.
+ *
+ * Best-effort zeroization (JS/GC limitations apply).
+ */
+export declare function clearDaemonConnection(conn: DaemonConnection): void;
+export {};
+//# sourceMappingURL=session.d.ts.map

package/dist/session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAWA,OAAO,EAGL,KAAK,YAAY,EAClB,MAAM,aAAa,CAAC;AACrB,OAAO,KAAK,EAAE,QAAQ,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAG1E,sFAAsF;AACtF,UAAU,YAAY;IACpB,UAAU,EAAE,UAAU,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,YAAY,CAAC;CAC1B;AAED,mEAAmE;AACnE,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,QAAQ,CAAC;IACnB,cAAc,EAAE,YAAY,CAAC;IAC7B,cAAc,EAAE,YAAY,CAAC;CAC9B;AAED,0EAA0E;AAC1E,MAAM,WAAW,gBAAgB;IAC/B,cAAc,EAAE,YAAY,CAAC;IAC7B,cAAc,EAAE,YAAY,CAAC;CAC9B;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,QAAQ,EAClB,WAAW,EAAE,WAAW,GACvB,aAAa,CAcf;AAED;;;;GAIG;AACH,wBAAgB,sBAAsB,CACpC,WAAW,EAAE,WAAW,GACvB,gBAAgB,CAalB;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,IAAI,EAAE,gBAAgB,EACtB,SAAS,EAAE,UAAU,GACpB,gBAAgB,CAUlB;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,aAAa,EACtB,SAAS,EAAE,UAAU,GACpB,gBAAgB,CAUlB;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,aAAa,EACtB,OAAO,EAAE,gBAAgB,GACxB,UAAU,CAeZ;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CACnC,IAAI,EAAE,gBAAgB,EACtB,OAAO,EAAE,gBAAgB,GACxB,UAAU,CAeZ;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,aAAa,GAAG,IAAI,CAG/D;AAED;;;;GAIG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,gBAAgB,GAAG,IAAI,CAGlE"}