@solana-mobile/mobile-wallet-adapter-protocol 2.0.0 → 2.0.2

package/src/createMobileWalletProxy.ts

@@ -0,0 +1,175 @@
+import { createSIWSMessageBase64 } from "./createSIWSMessage";
+import { 
+    AuthorizationResult, 
+    MobileWallet, 
+    ProtocolVersion, 
+    SignInPayload, 
+    SignInResult, 
+    SolanaCloneAuthorization, 
+    SolanaSignTransactions 
+} from "./types";
+import type { IdentifierArray } from "@wallet-standard/core";
+
+/**
+ * Creates a {@link MobileWallet} proxy that handles backwards compatibility and API to RPC conversion.
+ * 
+ * @param protocolVersion the protocol version in use for this session/request
+ * @param protocolRequestHandler callback function that handles sending the RPC request to the wallet endpoint.
+ * @returns a {@link MobileWallet} proxy
+ */
+export default function createMobileWalletProxy<
+    TMethodName extends keyof MobileWallet, 
+    TReturn extends Awaited<ReturnType<MobileWallet[TMethodName]>>
+>(
+    protocolVersion: ProtocolVersion,
+    protocolRequestHandler: (method: string, params: Parameters<MobileWallet[TMethodName]>[0]) => Promise<any>
+): MobileWallet {
+    return new Proxy<MobileWallet>({} as MobileWallet, {
+        get<TMethodName extends keyof MobileWallet>(target: MobileWallet, p: TMethodName) {
+            if (target[p] == null) {
+                target[p] = async function (inputParams: Parameters<MobileWallet[TMethodName]>[0]) {
+                    const { method, params } = handleMobileWalletRequest(p, inputParams, protocolVersion);
+                    const result = await protocolRequestHandler(method, params) as Awaited<ReturnType<MobileWallet[TMethodName]>>;
+                    // if the request tried to sign in but the wallet did not return a sign in result, fallback on message signing
+                    if (method === 'authorize' && (params as any).sign_in_payload && !(result as any).sign_in_result) {
+                        (result as any)['sign_in_result'] = await signInFallback(
+                            (params as Parameters<MobileWallet['authorize']>[0]).sign_in_payload as SignInPayload, 
+                            result as Awaited<ReturnType<MobileWallet['authorize']>>, 
+                            protocolRequestHandler
+                        );
+                    }
+                    return handleMobileWalletResponse(p, result, protocolVersion) as TReturn;
+                } as MobileWallet[TMethodName];
+            }
+            return target[p];
+        },
+        defineProperty() {
+            return false;
+        },
+        deleteProperty() {
+            return false;
+        },
+    });
+};
+
+/**
+ * Handles all {@link MobileWallet} API requests and determines the correct MWA RPC method and params to call.
+ * This handles backwards compatibility, based on the provided @protocolVersion. 
+ * 
+ * @param methodName the name of {@link MobileWallet} method that was called
+ * @param methodParams the parameters that were passed to the method
+ * @param protocolVersion the protocol version in use for this session/request
+ * @returns the RPC request method and params that should be sent to the wallet endpoint 
+ */
+function handleMobileWalletRequest<TMethodName extends keyof MobileWallet>(
+    methodName: TMethodName, 
+    methodParams: Parameters<MobileWallet[TMethodName]>[0],
+    protocolVersion: ProtocolVersion
+) {
+    let params = methodParams;
+    let method: string = methodName
+        .toString()
+        .replace(/[A-Z]/g, (letter) => `_${letter.toLowerCase()}`)
+        .toLowerCase();
+    switch (methodName) {
+        case 'authorize': {
+            let { chain } = params as Parameters<MobileWallet['authorize']>[0];
+            if (protocolVersion === 'legacy') {
+                switch (chain) {
+                    case 'solana:testnet': { chain = 'testnet'; break; }
+                    case 'solana:devnet': { chain = 'devnet'; break; }
+                    case 'solana:mainnet': { chain = 'mainnet-beta'; break; }
+                    default: { chain = (params as any).cluster; }
+                }
+                (params as any).cluster = chain;
+            } else {
+                switch (chain) {
+                    case 'testnet':
+                    case 'devnet': { chain = `solana:${chain}`; break; }
+                    case 'mainnet-beta': { chain = 'solana:mainnet'; break; }
+                }
+                (params as Parameters<MobileWallet['authorize']>[0]).chain = chain;
+            }
+        }
+        case 'reauthorize': {
+            const { auth_token, identity } = params as Parameters<MobileWallet['authorize' | 'reauthorize']>[0];
+            if (auth_token) {
+                switch (protocolVersion) {
+                    case 'legacy': {
+                        method = 'reauthorize';
+                        params = { auth_token: auth_token, identity: identity };
+                        break;
+                    }
+                    default: {
+                        method = 'authorize';
+                        break;
+                    }
+                }
+            }
+            break;
+        }
+    }
+    return { method, params }
+};
+
+/**
+ * Handles all {@link MobileWallet} API responses and modifies the response for backwards compatibility, if needed 
+ * 
+ * @param method the {@link MobileWallet} method that was called
+ * @param response the original response that was returned by the method call
+ * @param protocolVersion the protocol version in use for this session/request
+ * @returns the possibly modified response 
+ */
+function handleMobileWalletResponse<TMethodName extends keyof MobileWallet>(
+    method: TMethodName, 
+    response: Awaited<ReturnType<MobileWallet[TMethodName]>>,
+    protocolVersion: ProtocolVersion
+): Awaited<ReturnType<MobileWallet[TMethodName]>> {
+    switch (method) {
+        case 'getCapabilities': {
+            const capabilities = response as Awaited<ReturnType<MobileWallet['getCapabilities']>>
+            switch (protocolVersion) {
+                case 'legacy': {
+                    const features: `${string}:${string}`[] = [ SolanaSignTransactions ];
+                    if (capabilities.supports_clone_authorization === true) {
+                        features.push(SolanaCloneAuthorization);
+                    }
+                    return {
+                        ...capabilities,
+                        features: features as IdentifierArray,
+                    } as Awaited<ReturnType<MobileWallet[TMethodName]>>;
+                }
+                case 'v1': {
+                    return {
+                        ...capabilities,
+                        supports_sign_and_send_transactions: true,
+                        supports_clone_authorization: capabilities.features.includes(SolanaCloneAuthorization)
+                    } as Awaited<ReturnType<MobileWallet[TMethodName]>>;
+                }
+            }
+        }
+    }
+    return response;
+};
+
+async function signInFallback(
+    signInPayload: SignInPayload,
+    authorizationResult: Awaited<ReturnType<MobileWallet['authorize']>>,
+    protocolRequestHandler: (method: string, params: Parameters<MobileWallet['signMessages']>[0]) => Promise<unknown>
+) {
+    const domain = signInPayload.domain ?? window.location.host;
+    const address = (authorizationResult as AuthorizationResult).accounts[0].address;
+    const siwsMessage = createSIWSMessageBase64({ ...signInPayload, domain, address })
+    const signMessageResult = await (protocolRequestHandler('sign_messages', 
+        { 
+            addresses: [ address ], 
+            payloads: [ siwsMessage ]
+        }
+    ) as ReturnType<MobileWallet['signMessages']>);
+    const signInResult: SignInResult = {
+        address: address,
+        signed_message: siwsMessage,
+        signature: signMessageResult.signed_payloads[0].slice(siwsMessage.length)
+    };
+    return signInResult;
+}

package/src/createSIWSMessage.ts

@@ -0,0 +1,14 @@
+import {
+    SolanaSignInInputWithRequiredFields, 
+    createSignInMessageText,
+} from '@solana/wallet-standard-util';
+import { SignInPayload } from './types';
+import { encode } from './base64Utils';
+
+export function createSIWSMessage(payload: SolanaSignInInputWithRequiredFields & SignInPayload): string {
+    return createSignInMessageText(payload);
+}
+
+export function createSIWSMessageBase64(payload: SolanaSignInInputWithRequiredFields & SignInPayload): string {
+    return encode(createSIWSMessage(payload));
+}

package/src/createSequenceNumberVector.ts

@@ -0,0 +1,11 @@
+export const SEQUENCE_NUMBER_BYTES = 4;
+
+export default function createSequenceNumberVector(sequenceNumber: number): Uint8Array {
+    if (sequenceNumber >= 4294967296) {
+        throw new Error('Outbound sequence number overflow. The maximum sequence number is 32-bytes.');
+    }
+    const byteArray = new ArrayBuffer(SEQUENCE_NUMBER_BYTES);
+    const view = new DataView(byteArray);
+    view.setUint32(0, sequenceNumber, /* littleEndian */ false);
+    return new Uint8Array(byteArray);
+}

package/src/encryptedMessage.ts

@@ -0,0 +1,60 @@
+import createSequenceNumberVector, { SEQUENCE_NUMBER_BYTES } from './createSequenceNumberVector.js';
+import { SharedSecret } from './parseHelloRsp.js';
+
+const INITIALIZATION_VECTOR_BYTES = 12;
+export const ENCODED_PUBLIC_KEY_LENGTH_BYTES = 65;
+
+export async function encryptMessage(
+    plaintext: string,
+    sequenceNumber: number,
+    sharedSecret: SharedSecret,
+) {
+    const sequenceNumberVector = createSequenceNumberVector(sequenceNumber);
+    const initializationVector = new Uint8Array(INITIALIZATION_VECTOR_BYTES);
+    crypto.getRandomValues(initializationVector);
+    const ciphertext = await crypto.subtle.encrypt(
+        getAlgorithmParams(sequenceNumberVector, initializationVector),
+        sharedSecret,
+        new TextEncoder().encode(plaintext),
+    );
+    const response = new Uint8Array(
+        sequenceNumberVector.byteLength + initializationVector.byteLength + ciphertext.byteLength,
+    );
+    response.set(new Uint8Array(sequenceNumberVector), 0);
+    response.set(new Uint8Array(initializationVector), sequenceNumberVector.byteLength);
+    response.set(new Uint8Array(ciphertext), sequenceNumberVector.byteLength + initializationVector.byteLength);
+    return response;
+}
+
+export async function decryptMessage(message: ArrayBuffer, sharedSecret: SharedSecret) {
+    const sequenceNumberVector = message.slice(0, SEQUENCE_NUMBER_BYTES);
+    const initializationVector = message.slice(
+        SEQUENCE_NUMBER_BYTES,
+        SEQUENCE_NUMBER_BYTES + INITIALIZATION_VECTOR_BYTES,
+    );
+    const ciphertext = message.slice(SEQUENCE_NUMBER_BYTES + INITIALIZATION_VECTOR_BYTES);
+    const plaintextBuffer = await crypto.subtle.decrypt(
+        getAlgorithmParams(sequenceNumberVector, initializationVector),
+        sharedSecret,
+        ciphertext,
+    );
+    const plaintext = getUtf8Decoder().decode(plaintextBuffer);
+    return plaintext
+}
+
+function getAlgorithmParams(sequenceNumber: ArrayBuffer, initializationVector: ArrayBuffer) {
+    return {
+        additionalData: sequenceNumber,
+        iv: initializationVector,
+        name: 'AES-GCM',
+        tagLength: 128, // 16 byte tag => 128 bits
+    };
+}
+
+let _utf8Decoder: TextDecoder | undefined;
+function getUtf8Decoder() {
+    if (_utf8Decoder === undefined) {
+        _utf8Decoder = new TextDecoder('utf-8');
+    }
+    return _utf8Decoder;
+}

package/src/errors.ts

@@ -0,0 +1,95 @@
+// Typescript `enums` thwart tree-shaking. See https://bargsten.org/jsts/enums/
+export const SolanaMobileWalletAdapterErrorCode = {
+    ERROR_ASSOCIATION_PORT_OUT_OF_RANGE: 'ERROR_ASSOCIATION_PORT_OUT_OF_RANGE',
+    ERROR_FORBIDDEN_WALLET_BASE_URL: 'ERROR_FORBIDDEN_WALLET_BASE_URL',
+    ERROR_SECURE_CONTEXT_REQUIRED: 'ERROR_SECURE_CONTEXT_REQUIRED',
+    ERROR_SESSION_CLOSED: 'ERROR_SESSION_CLOSED',
+    ERROR_SESSION_TIMEOUT: 'ERROR_SESSION_TIMEOUT',
+    ERROR_WALLET_NOT_FOUND: 'ERROR_WALLET_NOT_FOUND',
+    ERROR_INVALID_PROTOCOL_VERSION: 'ERROR_INVALID_PROTOCOL_VERSION',
+} as const;
+type SolanaMobileWalletAdapterErrorCodeEnum =
+    typeof SolanaMobileWalletAdapterErrorCode[keyof typeof SolanaMobileWalletAdapterErrorCode];
+
+type ErrorDataTypeMap = {
+    [SolanaMobileWalletAdapterErrorCode.ERROR_ASSOCIATION_PORT_OUT_OF_RANGE]: {
+        port: number;
+    };
+    [SolanaMobileWalletAdapterErrorCode.ERROR_FORBIDDEN_WALLET_BASE_URL]: undefined;
+    [SolanaMobileWalletAdapterErrorCode.ERROR_SECURE_CONTEXT_REQUIRED]: undefined;
+    [SolanaMobileWalletAdapterErrorCode.ERROR_SESSION_CLOSED]: {
+        closeEvent: CloseEvent;
+    };
+    [SolanaMobileWalletAdapterErrorCode.ERROR_SESSION_TIMEOUT]: undefined;
+    [SolanaMobileWalletAdapterErrorCode.ERROR_WALLET_NOT_FOUND]: undefined;
+    [SolanaMobileWalletAdapterErrorCode.ERROR_INVALID_PROTOCOL_VERSION]: undefined;
+};
+
+export class SolanaMobileWalletAdapterError<TErrorCode extends SolanaMobileWalletAdapterErrorCodeEnum> extends Error {
+    data: ErrorDataTypeMap[TErrorCode] | undefined;
+    code: TErrorCode;
+    constructor(
+        ...args: ErrorDataTypeMap[TErrorCode] extends Record<string, unknown>
+            ? [code: TErrorCode, message: string, data: ErrorDataTypeMap[TErrorCode]]
+            : [code: TErrorCode, message: string]
+    ) {
+        const [code, message, data] = args;
+        super(message);
+        this.code = code;
+        this.data = data;
+        this.name = 'SolanaMobileWalletAdapterError';
+    }
+}
+
+type JSONRPCErrorCode = number;
+
+// Typescript `enums` thwart tree-shaking. See https://bargsten.org/jsts/enums/
+export const SolanaMobileWalletAdapterProtocolErrorCode = {
+    // Keep these in sync with `mobilewalletadapter/common/ProtocolContract.java`.
+    ERROR_AUTHORIZATION_FAILED: -1,
+    ERROR_INVALID_PAYLOADS: -2,
+    ERROR_NOT_SIGNED: -3,
+    ERROR_NOT_SUBMITTED: -4,
+    ERROR_TOO_MANY_PAYLOADS: -5,
+    ERROR_ATTEST_ORIGIN_ANDROID: -100,
+} as const;
+type SolanaMobileWalletAdapterProtocolErrorCodeEnum =
+    typeof SolanaMobileWalletAdapterProtocolErrorCode[keyof typeof SolanaMobileWalletAdapterProtocolErrorCode];
+
+type ProtocolErrorDataTypeMap = {
+    [SolanaMobileWalletAdapterProtocolErrorCode.ERROR_AUTHORIZATION_FAILED]: undefined;
+    [SolanaMobileWalletAdapterProtocolErrorCode.ERROR_INVALID_PAYLOADS]: undefined;
+    [SolanaMobileWalletAdapterProtocolErrorCode.ERROR_NOT_SIGNED]: undefined;
+    [SolanaMobileWalletAdapterProtocolErrorCode.ERROR_NOT_SUBMITTED]: undefined;
+    [SolanaMobileWalletAdapterProtocolErrorCode.ERROR_TOO_MANY_PAYLOADS]: undefined;
+    [SolanaMobileWalletAdapterProtocolErrorCode.ERROR_ATTEST_ORIGIN_ANDROID]: {
+        attest_origin_uri: string;
+        challenge: string;
+        context: string;
+    };
+};
+
+export class SolanaMobileWalletAdapterProtocolError<
+    TErrorCode extends SolanaMobileWalletAdapterProtocolErrorCodeEnum,
+> extends Error {
+    data: ProtocolErrorDataTypeMap[TErrorCode] | undefined;
+    code: TErrorCode | JSONRPCErrorCode;
+    jsonRpcMessageId: number;
+    constructor(
+        ...args: ProtocolErrorDataTypeMap[TErrorCode] extends Record<string, unknown>
+            ? [
+                  jsonRpcMessageId: number,
+                  code: TErrorCode | JSONRPCErrorCode,
+                  message: string,
+                  data: ProtocolErrorDataTypeMap[TErrorCode],
+              ]
+            : [jsonRpcMessageId: number, code: TErrorCode | JSONRPCErrorCode, message: string]
+    ) {
+        const [jsonRpcMessageId, code, message, data] = args;
+        super(message);
+        this.code = code;
+        this.data = data;
+        this.jsonRpcMessageId = jsonRpcMessageId;
+        this.name = 'SolanaMobileWalletAdapterProtocolError';
+    }
+}

package/src/generateAssociationKeypair.ts

@@ -0,0 +1,10 @@
+export default async function generateAssociationKeypair(): Promise<CryptoKeyPair> {
+    return await crypto.subtle.generateKey(
+        {
+            name: 'ECDSA',
+            namedCurve: 'P-256',
+        },
+        false /* extractable */,
+        ['sign'] /* keyUsages */,
+    );
+}

package/src/generateECDHKeypair.ts

@@ -0,0 +1,10 @@
+export default async function generateECDHKeypair(): Promise<CryptoKeyPair> {
+    return await crypto.subtle.generateKey(
+        {
+            name: 'ECDH',
+            namedCurve: 'P-256',
+        },
+        false /* extractable */,
+        ['deriveKey', 'deriveBits'] /* keyUsages */,
+    );
+}

package/src/getAssociateAndroidIntentURL.ts

@@ -0,0 +1,57 @@
+import arrayBufferToBase64String from './arrayBufferToBase64String.js';
+import { assertAssociationPort } from './associationPort.js';
+import { SolanaMobileWalletAdapterError, SolanaMobileWalletAdapterErrorCode } from './errors.js';
+import getStringWithURLUnsafeBase64CharactersReplaced from './getStringWithURLUnsafeBase64CharactersReplaced.js';
+import { ProtocolVersion } from './types.js';
+
+const INTENT_NAME = 'solana-wallet';
+
+function getPathParts(pathString: string) {
+    return (
+        pathString
+            // Strip leading and trailing slashes
+            .replace(/(^\/+|\/+$)/g, '')
+            // Return an array of directories
+            .split('/')
+    );
+}
+
+function getIntentURL(methodPathname: string, intentUrlBase?: string) {
+    let baseUrl: URL | null = null;
+    if (intentUrlBase) {
+        try {
+            baseUrl = new URL(intentUrlBase);
+        } catch {} // eslint-disable-line no-empty
+        if (baseUrl?.protocol !== 'https:') {
+            throw new SolanaMobileWalletAdapterError(
+                SolanaMobileWalletAdapterErrorCode.ERROR_FORBIDDEN_WALLET_BASE_URL,
+                'Base URLs supplied by wallets must be valid `https` URLs',
+            );
+        }
+    }
+    baseUrl ||= new URL(`${INTENT_NAME}:/`);
+    const pathname = methodPathname.startsWith('/')
+        ? // Method is an absolute path. Replace it wholesale.
+          methodPathname
+        : // Method is a relative path. Merge it with the existing one.
+          [...getPathParts(baseUrl.pathname), ...getPathParts(methodPathname)].join('/');
+    return new URL(pathname, baseUrl);
+}
+
+export default async function getAssociateAndroidIntentURL(
+    associationPublicKey: CryptoKey,
+    putativePort: number,
+    associationURLBase?: string,
+    protocolVersions: ProtocolVersion[] = ['v1'],
+): Promise<URL> {
+    const associationPort = assertAssociationPort(putativePort);
+    const exportedKey = await crypto.subtle.exportKey('raw', associationPublicKey);
+    const encodedKey = arrayBufferToBase64String(exportedKey);
+    const url = getIntentURL('v1/associate/local', associationURLBase);
+    url.searchParams.set('association', getStringWithURLUnsafeBase64CharactersReplaced(encodedKey));
+    url.searchParams.set('port', `${associationPort}`);
+    protocolVersions.forEach( (version) => {
+        url.searchParams.set('v', version);
+    })
+    return url;
+}

package/src/getJWS.ts

@@ -0,0 +1,19 @@
+import arrayBufferToBase64String from './arrayBufferToBase64String.js';
+
+export default async function getJWS(payload: string, privateKey: CryptoKey) {
+    const header = { alg: 'ES256' };
+    const headerEncoded = window.btoa(JSON.stringify(header));
+    const payloadEncoded = window.btoa(payload);
+    const message = `${headerEncoded}.${payloadEncoded}`;
+    const signatureBuffer = await crypto.subtle.sign(
+        {
+            name: 'ECDSA',
+            hash: 'SHA-256',
+        },
+        privateKey,
+        new TextEncoder().encode(message),
+    );
+    const signature = arrayBufferToBase64String(signatureBuffer);
+    const jws = `${message}.${signature}`;
+    return jws;
+}

package/src/getStringWithURLUnsafeBase64CharactersReplaced.ts

@@ -0,0 +1,11 @@
+export default function getStringWithURLUnsafeCharactersReplaced(unsafeBase64EncodedString: string): string {
+    return unsafeBase64EncodedString.replace(
+        /[/+=]/g,
+        (m) =>
+            ({
+                '/': '_',
+                '+': '-',
+                '=': '.',
+            }[m] as string),
+    );
+}

package/src/index.ts

@@ -0,0 +1,3 @@
+export * from './errors.js';
+export * from './transact.js';
+export * from './types.js';

package/src/jsonRpcMessage.ts

@@ -0,0 +1,38 @@
+import { decryptMessage, encryptMessage } from './encryptedMessage.js';
+import { SolanaMobileWalletAdapterProtocolError } from './errors.js';
+import { SharedSecret } from './parseHelloRsp.js';
+
+interface JSONRPCRequest<TParams> {
+    id: number;
+    jsonrpc: '2.0';
+    method: string;
+    params: TParams;
+}
+
+type JSONRPCResponse<TMessage> = {
+    id: number;
+    jsonrpc: '2.0';
+    result: TMessage;
+};
+
+export async function encryptJsonRpcMessage<TParams>(
+    jsonRpcMessage: JSONRPCRequest<TParams>,
+    sharedSecret: SharedSecret,
+) {
+    const plaintext = JSON.stringify(jsonRpcMessage);
+    const sequenceNumber = jsonRpcMessage.id;
+    return encryptMessage(plaintext, sequenceNumber, sharedSecret);
+}
+
+export async function decryptJsonRpcMessage<TMessage>(message: ArrayBuffer, sharedSecret: SharedSecret) {
+    const plaintext = await decryptMessage(message, sharedSecret);
+    const jsonRpcMessage = JSON.parse(plaintext);
+    if (Object.hasOwnProperty.call(jsonRpcMessage, 'error')) {
+        throw new SolanaMobileWalletAdapterProtocolError<typeof jsonRpcMessage.error.code>(
+            jsonRpcMessage.id,
+            jsonRpcMessage.error.code,
+            jsonRpcMessage.error.message,
+        );
+    }
+    return jsonRpcMessage as JSONRPCResponse<TMessage>;
+}

package/src/parseHelloRsp.ts

@@ -0,0 +1,46 @@
+import { ENCODED_PUBLIC_KEY_LENGTH_BYTES } from "./encryptedMessage";
+
+/**
+ * A secret agreed upon by the app and the wallet. Used as
+ * a symmetric key to encrypt and decrypt messages over an
+ * unsecured channel.
+ */
+export type SharedSecret = CryptoKey;
+
+export default async function parseHelloRsp(
+    payloadBuffer: ArrayBuffer, // The X9.62-encoded wallet endpoint ephemeral ECDH public keypoint.
+    associationPublicKey: CryptoKey,
+    ecdhPrivateKey: CryptoKey,
+): Promise<SharedSecret> {
+    const [associationPublicKeyBuffer, walletPublicKey] = await Promise.all([
+        crypto.subtle.exportKey('raw', associationPublicKey),
+        crypto.subtle.importKey(
+            'raw',
+            payloadBuffer.slice(0, ENCODED_PUBLIC_KEY_LENGTH_BYTES),
+            { name: 'ECDH', namedCurve: 'P-256' },
+            false /* extractable */,
+            [] /* keyUsages */,
+        ),
+    ]);
+    const sharedSecret = await crypto.subtle.deriveBits({ name: 'ECDH', public: walletPublicKey }, ecdhPrivateKey, 256);
+    const ecdhSecretKey = await crypto.subtle.importKey(
+        'raw',
+        sharedSecret,
+        'HKDF',
+        false /* extractable */,
+        ['deriveKey'] /* keyUsages */,
+    );
+    const aesKeyMaterialVal = await crypto.subtle.deriveKey(
+        {
+            name: 'HKDF',
+            hash: 'SHA-256',
+            salt: new Uint8Array(associationPublicKeyBuffer),
+            info: new Uint8Array(),
+        },
+        ecdhSecretKey,
+        { name: 'AES-GCM', length: 128 },
+        false /* extractable */,
+        ['encrypt', 'decrypt'],
+    );
+    return aesKeyMaterialVal as SharedSecret;
+}

package/src/parseSessionProps.ts

@@ -0,0 +1,33 @@
+import { decryptMessage } from "./encryptedMessage";
+import { SolanaMobileWalletAdapterError, SolanaMobileWalletAdapterErrorCode } from "./errors";
+import { SharedSecret } from "./parseHelloRsp";
+import { ProtocolVersion, SessionProperties } from "./types";
+
+export default async function parseSessionProps(
+    message: ArrayBuffer, 
+    sharedSecret: SharedSecret
+): Promise<SessionProperties> {
+    const plaintext = await decryptMessage(message, sharedSecret);
+    const jsonProperties = JSON.parse(plaintext);
+    let protocolVersion: ProtocolVersion = 'legacy';
+    if (Object.hasOwnProperty.call(jsonProperties, 'v')) {
+        switch (jsonProperties.v) {
+            case 1:
+            case '1':
+            case 'v1':
+                protocolVersion = 'v1'
+                break;
+            case 'legacy':
+                protocolVersion = 'legacy'
+                break;
+            default:
+                throw new SolanaMobileWalletAdapterError(
+                    SolanaMobileWalletAdapterErrorCode.ERROR_INVALID_PROTOCOL_VERSION, 
+                    `Unknown/unsupported protocol version: ${jsonProperties.v}`
+                );
+        }
+    }
+    return <SessionProperties>({
+        protocol_version: protocolVersion
+    })
+}