@sixcore/baileys 1.0.0

package/src/Utils/crypto.ts

@@ -0,0 +1,184 @@
+import { createCipheriv, createDecipheriv, createHash, createHmac, randomBytes } from 'crypto'
+import * as curve from 'libsignal/src/curve'
+import { KEY_BUNDLE_TYPE } from '../Defaults'
+import type { KeyPair } from '../Types'
+
+// insure browser & node compatibility
+const { subtle } = globalThis.crypto
+
+/** prefix version byte to the pub keys, required for some curve crypto functions */
+export const generateSignalPubKey = (pubKey: Uint8Array | Buffer) =>
+	pubKey.length === 33 ? pubKey : Buffer.concat([KEY_BUNDLE_TYPE, pubKey])
+
+export const Curve = {
+	generateKeyPair: (): KeyPair => {
+		const { pubKey, privKey } = curve.generateKeyPair()
+		return {
+			private: Buffer.from(privKey),
+			// remove version byte
+			public: Buffer.from(pubKey.slice(1))
+		}
+	},
+	sharedKey: (privateKey: Uint8Array, publicKey: Uint8Array) => {
+		const shared = curve.calculateAgreement(generateSignalPubKey(publicKey), privateKey)
+		return Buffer.from(shared)
+	},
+	sign: (privateKey: Uint8Array, buf: Uint8Array) => curve.calculateSignature(privateKey, buf),
+	verify: (pubKey: Uint8Array, message: Uint8Array, signature: Uint8Array) => {
+		try {
+			curve.verifySignature(generateSignalPubKey(pubKey), message, signature)
+			return true
+		} catch (error) {
+			return false
+		}
+	}
+}
+
+export const signedKeyPair = (identityKeyPair: KeyPair, keyId: number) => {
+	const preKey = Curve.generateKeyPair()
+	const pubKey = generateSignalPubKey(preKey.public)
+
+	const signature = Curve.sign(identityKeyPair.private, pubKey)
+
+	return { keyPair: preKey, signature, keyId }
+}
+
+const GCM_TAG_LENGTH = 128 >> 3
+
+/**
+ * encrypt AES 256 GCM;
+ * where the tag tag is suffixed to the ciphertext
+ * */
+export function aesEncryptGCM(plaintext: Uint8Array, key: Uint8Array, iv: Uint8Array, additionalData: Uint8Array) {
+	const cipher = createCipheriv('aes-256-gcm', key, iv)
+	cipher.setAAD(additionalData)
+	return Buffer.concat([cipher.update(plaintext), cipher.final(), cipher.getAuthTag()])
+}
+
+/**
+ * decrypt AES 256 GCM;
+ * where the auth tag is suffixed to the ciphertext
+ * */
+export function aesDecryptGCM(ciphertext: Uint8Array, key: Uint8Array, iv: Uint8Array, additionalData: Uint8Array) {
+	const decipher = createDecipheriv('aes-256-gcm', key, iv)
+	// decrypt additional adata
+	const enc = ciphertext.slice(0, ciphertext.length - GCM_TAG_LENGTH)
+	const tag = ciphertext.slice(ciphertext.length - GCM_TAG_LENGTH)
+	// set additional data
+	decipher.setAAD(additionalData)
+	decipher.setAuthTag(tag)
+
+	return Buffer.concat([decipher.update(enc), decipher.final()])
+}
+
+export function aesEncryptCTR(plaintext: Uint8Array, key: Uint8Array, iv: Uint8Array) {
+	const cipher = createCipheriv('aes-256-ctr', key, iv)
+	return Buffer.concat([cipher.update(plaintext), cipher.final()])
+}
+
+export function aesDecryptCTR(ciphertext: Uint8Array, key: Uint8Array, iv: Uint8Array) {
+	const decipher = createDecipheriv('aes-256-ctr', key, iv)
+	return Buffer.concat([decipher.update(ciphertext), decipher.final()])
+}
+
+/** decrypt AES 256 CBC; where the IV is prefixed to the buffer */
+export function aesDecrypt(buffer: Buffer, key: Buffer) {
+	return aesDecryptWithIV(buffer.slice(16, buffer.length), key, buffer.slice(0, 16))
+}
+
+/** decrypt AES 256 CBC */
+export function aesDecryptWithIV(buffer: Buffer, key: Buffer, IV: Buffer) {
+	const aes = createDecipheriv('aes-256-cbc', key, IV)
+	return Buffer.concat([aes.update(buffer), aes.final()])
+}
+
+// encrypt AES 256 CBC; where a random IV is prefixed to the buffer
+export function aesEncrypt(buffer: Buffer | Uint8Array, key: Buffer) {
+	const IV = randomBytes(16)
+	const aes = createCipheriv('aes-256-cbc', key, IV)
+	return Buffer.concat([IV, aes.update(buffer), aes.final()]) // prefix IV to the buffer
+}
+
+// encrypt AES 256 CBC with a given IV
+export function aesEncrypWithIV(buffer: Buffer, key: Buffer, IV: Buffer) {
+	const aes = createCipheriv('aes-256-cbc', key, IV)
+	return Buffer.concat([aes.update(buffer), aes.final()]) // prefix IV to the buffer
+}
+
+// sign HMAC using SHA 256
+export function hmacSign(
+	buffer: Buffer | Uint8Array,
+	key: Buffer | Uint8Array,
+	variant: 'sha256' | 'sha512' = 'sha256'
+) {
+	return createHmac(variant, key).update(buffer).digest()
+}
+
+export function sha256(buffer: Buffer) {
+	return createHash('sha256').update(buffer).digest()
+}
+
+export function md5(buffer: Buffer) {
+	return createHash('md5').update(buffer).digest()
+}
+
+// HKDF key expansion
+export async function hkdf(
+	buffer: Uint8Array | Buffer,
+	expandedLength: number,
+	info: { salt?: Buffer; info?: string }
+): Promise<Buffer> {
+	// Normalize to a Uint8Array whose underlying buffer is a regular ArrayBuffer (not ArrayBufferLike)
+	// Cloning via new Uint8Array(...) guarantees the generic parameter is ArrayBuffer which satisfies WebCrypto types.
+	const inputKeyMaterial = new Uint8Array(buffer instanceof Uint8Array ? buffer : new Uint8Array(buffer))
+
+	// Set default values if not provided
+	const salt = info.salt ? new Uint8Array(info.salt) : new Uint8Array(0)
+	const infoBytes = info.info ? new TextEncoder().encode(info.info) : new Uint8Array(0)
+
+	// Import the input key material (cast to BufferSource to appease TS DOM typings)
+	const importedKey = await subtle.importKey('raw', inputKeyMaterial as BufferSource, { name: 'HKDF' }, false, [
+		'deriveBits'
+	])
+
+	// Derive bits using HKDF
+	const derivedBits = await subtle.deriveBits(
+		{
+			name: 'HKDF',
+			hash: 'SHA-256',
+			salt: salt,
+			info: infoBytes
+		},
+		importedKey,
+		expandedLength * 8 // Convert bytes to bits
+	)
+
+	return Buffer.from(derivedBits)
+}
+
+export async function derivePairingCodeKey(pairingCode: string, salt: Buffer): Promise<Buffer> {
+	// Convert inputs to formats Web Crypto API can work with
+	const encoder = new TextEncoder()
+	const pairingCodeBuffer = encoder.encode(pairingCode)
+	const saltBuffer = new Uint8Array(salt instanceof Uint8Array ? salt : new Uint8Array(salt))
+
+	// Import the pairing code as key material
+	const keyMaterial = await subtle.importKey('raw', pairingCodeBuffer as BufferSource, { name: 'PBKDF2' }, false, [
+		'deriveBits'
+	])
+
+	// Derive bits using PBKDF2 with the same parameters
+	// 2 << 16 = 131,072 iterations
+	const derivedBits = await subtle.deriveBits(
+		{
+			name: 'PBKDF2',
+			salt: saltBuffer as BufferSource,
+			iterations: 2 << 16,
+			hash: 'SHA-256'
+		},
+		keyMaterial,
+		32 * 8 // 32 bytes * 8 = 256 bits
+	)
+
+	return Buffer.from(derivedBits)
+}

package/src/Utils/decode-wa-message.ts

@@ -0,0 +1,355 @@
+import { Boom } from '@hapi/boom'
+import { proto } from '../../WAProto/index.js'
+import type { WAMessage, WAMessageKey } from '../Types'
+import type { SignalRepositoryWithLIDStore } from '../Types/Signal'
+import {
+	areJidsSameUser,
+	type BinaryNode,
+	isHostedLidUser,
+	isHostedPnUser,
+	isJidBroadcast,
+	isJidGroup,
+	isJidMetaAI,
+	isJidNewsletter,
+	isJidStatusBroadcast,
+	isLidUser,
+	isPnUser
+	//	transferDevice
+} from '../WABinary'
+import { unpadRandomMax16 } from './generics'
+import type { ILogger } from './logger'
+
+export const getDecryptionJid = async (sender: string, repository: SignalRepositoryWithLIDStore): Promise<string> => {
+	if (isLidUser(sender) || isHostedLidUser(sender)) {
+		return sender
+	}
+
+	const mapped = await repository.lidMapping.getLIDForPN(sender)
+	return mapped || sender
+}
+
+const storeMappingFromEnvelope = async (
+	stanza: BinaryNode,
+	sender: string,
+	repository: SignalRepositoryWithLIDStore,
+	decryptionJid: string,
+	logger: ILogger
+): Promise<void> => {
+	// TODO: Handle hosted IDs
+	const { senderAlt } = extractAddressingContext(stanza)
+
+	if (senderAlt && isLidUser(senderAlt) && isPnUser(sender) && decryptionJid === sender) {
+		try {
+			await repository.lidMapping.storeLIDPNMappings([{ lid: senderAlt, pn: sender }])
+			await repository.migrateSession(sender, senderAlt)
+			logger.debug({ sender, senderAlt }, 'Stored LID mapping from envelope')
+		} catch (error) {
+			logger.warn({ sender, senderAlt, error }, 'Failed to store LID mapping')
+		}
+	}
+}
+
+export const NO_MESSAGE_FOUND_ERROR_TEXT = 'Message absent from node'
+export const MISSING_KEYS_ERROR_TEXT = 'Key used already or never filled'
+
+// Retry configuration for failed decryption
+export const DECRYPTION_RETRY_CONFIG = {
+	maxRetries: 3,
+	baseDelayMs: 100,
+	sessionRecordErrors: ['No session record', 'SessionError: No session record']
+}
+
+export const NACK_REASONS = {
+	ParsingError: 487,
+	UnrecognizedStanza: 488,
+	UnrecognizedStanzaClass: 489,
+	UnrecognizedStanzaType: 490,
+	InvalidProtobuf: 491,
+	InvalidHostedCompanionStanza: 493,
+	MissingMessageSecret: 495,
+	SignalErrorOldCounter: 496,
+	MessageDeletedOnPeer: 499,
+	UnhandledError: 500,
+	UnsupportedAdminRevoke: 550,
+	UnsupportedLIDGroup: 551,
+	DBOperationFailed: 552
+}
+
+type MessageType =
+	| 'chat'
+	| 'peer_broadcast'
+	| 'other_broadcast'
+	| 'group'
+	| 'direct_peer_status'
+	| 'other_status'
+	| 'newsletter'
+
+export const extractAddressingContext = (stanza: BinaryNode) => {
+	let senderAlt: string | undefined
+	let recipientAlt: string | undefined
+
+	const sender = stanza.attrs.participant || stanza.attrs.from
+	const addressingMode = stanza.attrs.addressing_mode || (sender?.endsWith('lid') ? 'lid' : 'pn')
+
+	if (addressingMode === 'lid') {
+		// Message is LID-addressed: sender is LID, extract corresponding PN
+		// without device data
+		senderAlt = stanza.attrs.participant_pn || stanza.attrs.sender_pn || stanza.attrs.peer_recipient_pn
+		recipientAlt = stanza.attrs.recipient_pn
+		// with device data
+		//if (sender && senderAlt) senderAlt = transferDevice(sender, senderAlt)
+	} else {
+		// Message is PN-addressed: sender is PN, extract corresponding LID
+		// without device data
+		senderAlt = stanza.attrs.participant_lid || stanza.attrs.sender_lid || stanza.attrs.peer_recipient_lid
+		recipientAlt = stanza.attrs.recipient_lid
+
+		//with device data
+		//if (sender && senderAlt) senderAlt = transferDevice(sender, senderAlt)
+	}
+
+	return {
+		addressingMode,
+		senderAlt,
+		recipientAlt
+	}
+}
+
+/**
+ * Decode the received node as a message.
+ * @note this will only parse the message, not decrypt it
+ */
+export function decodeMessageNode(stanza: BinaryNode, meId: string, meLid: string) {
+	let msgType: MessageType
+	let chatId: string
+	let author: string
+	let fromMe = false
+
+	const msgId = stanza.attrs.id
+	const from = stanza.attrs.from
+	const participant: string | undefined = stanza.attrs.participant
+	const recipient: string | undefined = stanza.attrs.recipient
+
+	const addressingContext = extractAddressingContext(stanza)
+
+	const isMe = (jid: string) => areJidsSameUser(jid, meId)
+	const isMeLid = (jid: string) => areJidsSameUser(jid, meLid)
+
+	if (isPnUser(from) || isLidUser(from) || isHostedLidUser(from) || isHostedPnUser(from)) {
+		if (recipient && !isJidMetaAI(recipient)) {
+			if (!isMe(from!) && !isMeLid(from!)) {
+				throw new Boom('receipient present, but msg not from me', { data: stanza })
+			}
+
+			if (isMe(from!) || isMeLid(from!)) {
+				fromMe = true
+			}
+
+			chatId = recipient
+		} else {
+			chatId = from!
+		}
+
+		msgType = 'chat'
+		author = from!
+	} else if (isJidGroup(from)) {
+		if (!participant) {
+			throw new Boom('No participant in group message')
+		}
+
+		if (isMe(participant) || isMeLid(participant)) {
+			fromMe = true
+		}
+
+		msgType = 'group'
+		author = participant
+		chatId = from!
+	} else if (isJidBroadcast(from)) {
+		if (!participant) {
+			throw new Boom('No participant in group message')
+		}
+
+		const isParticipantMe = isMe(participant)
+		if (isJidStatusBroadcast(from!)) {
+			msgType = isParticipantMe ? 'direct_peer_status' : 'other_status'
+		} else {
+			msgType = isParticipantMe ? 'peer_broadcast' : 'other_broadcast'
+		}
+
+		fromMe = isParticipantMe
+		chatId = from!
+		author = participant
+	} else if (isJidNewsletter(from)) {
+		msgType = 'newsletter'
+		chatId = from!
+		author = from!
+
+		if (isMe(from!) || isMeLid(from!)) {
+			fromMe = true
+		}
+	} else {
+		throw new Boom('Unknown message type', { data: stanza })
+	}
+
+	const pushname = stanza?.attrs?.notify
+
+	const key: WAMessageKey = {
+		remoteJid: chatId,
+		remoteJidAlt: !isJidGroup(chatId) ? addressingContext.senderAlt : undefined,
+		fromMe,
+		id: msgId,
+		participant,
+		participantAlt: isJidGroup(chatId) ? addressingContext.senderAlt : undefined,
+		addressingMode: addressingContext.addressingMode,
+		...(msgType === 'newsletter' && stanza.attrs.server_id ? { server_id: stanza.attrs.server_id } : {})
+	}
+
+	const fullMessage: WAMessage = {
+		key,
+		category: stanza.attrs.category,
+		messageTimestamp: +stanza.attrs.t!,
+		pushName: pushname,
+		broadcast: isJidBroadcast(from)
+	}
+
+	if (key.fromMe) {
+		fullMessage.status = proto.WebMessageInfo.Status.SERVER_ACK
+	}
+
+	return {
+		fullMessage,
+		author,
+		sender: msgType === 'chat' ? author : chatId
+	}
+}
+
+export const decryptMessageNode = (
+	stanza: BinaryNode,
+	meId: string,
+	meLid: string,
+	repository: SignalRepositoryWithLIDStore,
+	logger: ILogger
+) => {
+	const { fullMessage, author, sender } = decodeMessageNode(stanza, meId, meLid)
+	return {
+		fullMessage,
+		category: stanza.attrs.category,
+		author,
+		async decrypt() {
+			let decryptables = 0
+			if (Array.isArray(stanza.content)) {
+				for (const { tag, attrs, content } of stanza.content) {
+					if (tag === 'verified_name' && content instanceof Uint8Array) {
+						const cert = proto.VerifiedNameCertificate.decode(content)
+						const details = proto.VerifiedNameCertificate.Details.decode(cert.details!)
+						fullMessage.verifiedBizName = details.verifiedName
+					}
+
+					if (tag === 'unavailable' && attrs.type === 'view_once') {
+						fullMessage.key.isViewOnce = true // TODO: remove from here and add a STUB TYPE
+					}
+
+					if (attrs.count && tag === 'enc') {
+						fullMessage.retryCount = Number(attrs.count)
+					}
+
+					if (tag !== 'enc' && tag !== 'plaintext') {
+						continue
+					}
+
+					if (!(content instanceof Uint8Array)) {
+						continue
+					}
+
+					decryptables += 1
+
+					let msgBuffer: Uint8Array
+
+					const decryptionJid = await getDecryptionJid(author, repository)
+
+					if (tag !== 'plaintext') {
+						// TODO: Handle hosted devices
+						await storeMappingFromEnvelope(stanza, author, repository, decryptionJid, logger)
+					}
+
+					try {
+						const e2eType = tag === 'plaintext' ? 'plaintext' : attrs.type
+
+						switch (e2eType) {
+							case 'skmsg':
+								msgBuffer = await repository.decryptGroupMessage({
+									group: sender,
+									authorJid: author,
+									msg: content
+								})
+								break
+							case 'pkmsg':
+							case 'msg':
+								msgBuffer = await repository.decryptMessage({
+									jid: decryptionJid,
+									type: e2eType,
+									ciphertext: content
+								})
+								break
+							case 'plaintext':
+								msgBuffer = content
+								break
+							default:
+								throw new Error(`Unknown e2e type: ${e2eType}`)
+						}
+
+						let msg: proto.IMessage = proto.Message.decode(
+							e2eType !== 'plaintext' ? unpadRandomMax16(msgBuffer) : msgBuffer
+						)
+						msg = msg.deviceSentMessage?.message || msg
+						if (msg.senderKeyDistributionMessage) {
+							//eslint-disable-next-line max-depth
+							try {
+								await repository.processSenderKeyDistributionMessage({
+									authorJid: author,
+									item: msg.senderKeyDistributionMessage
+								})
+							} catch (err) {
+								logger.error({ key: fullMessage.key, err }, 'failed to process sender key distribution message')
+							}
+						}
+
+						if (fullMessage.message) {
+							Object.assign(fullMessage.message, msg)
+						} else {
+							fullMessage.message = msg
+						}
+					} catch (err: any) {
+						const errorContext = {
+							key: fullMessage.key,
+							err,
+							messageType: tag === 'plaintext' ? 'plaintext' : attrs.type,
+							sender,
+							author,
+							isSessionRecordError: isSessionRecordError(err)
+						}
+
+						logger.error(errorContext, 'failed to decrypt message')
+
+						fullMessage.messageStubType = proto.WebMessageInfo.StubType.CIPHERTEXT
+						fullMessage.messageStubParameters = [err.message.toString()]
+					}
+				}
+			}
+
+			// if nothing was found to decrypt
+			if (!decryptables && !fullMessage.key?.isViewOnce) {
+				fullMessage.messageStubType = proto.WebMessageInfo.StubType.CIPHERTEXT
+				fullMessage.messageStubParameters = [NO_MESSAGE_FOUND_ERROR_TEXT]
+			}
+		}
+	}
+}
+
+/**
+ * Utility function to check if an error is related to missing session record
+ */
+function isSessionRecordError(error: any): boolean {
+	const errorMessage = error?.message || error?.toString() || ''
+	return DECRYPTION_RETRY_CONFIG.sessionRecordErrors.some(errorPattern => errorMessage.includes(errorPattern))
+}