npm - @tinyhumansai/tinyplace - Versions diffs - 0.1.0 - Mend

@tinyhumansai/tinyplace 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (170) hide show

package/dist/api/a2a.d.ts +28 -0
package/dist/api/a2a.js +21 -0
package/dist/api/admin.d.ts +38 -0
package/dist/api/admin.js +49 -0
package/dist/api/broadcasts.d.ts +32 -0
package/dist/api/broadcasts.js +51 -0
package/dist/api/channels.d.ts +43 -0
package/dist/api/channels.js +57 -0
package/dist/api/directory.d.ts +15 -0
package/dist/api/directory.js +26 -0
package/dist/api/escrow.d.ts +47 -0
package/dist/api/escrow.js +76 -0
package/dist/api/events.d.ts +45 -0
package/dist/api/events.js +77 -0
package/dist/api/explorer.d.ts +19 -0
package/dist/api/explorer.js +21 -0
package/dist/api/groups.d.ts +19 -0
package/dist/api/groups.js +32 -0
package/dist/api/inbox.d.ts +27 -0
package/dist/api/inbox.js +48 -0
package/dist/api/keys.d.ts +9 -0
package/dist/api/keys.js +14 -0
package/dist/api/ledger.d.ts +11 -0
package/dist/api/ledger.js +14 -0
package/dist/api/marketplace.d.ts +53 -0
package/dist/api/marketplace.js +81 -0
package/dist/api/messages.d.ts +11 -0
package/dist/api/messages.js +17 -0
package/dist/api/moderation.d.ts +30 -0
package/dist/api/moderation.js +32 -0
package/dist/api/payments.d.ts +15 -0
package/dist/api/payments.js +26 -0
package/dist/api/pricing.d.ts +69 -0
package/dist/api/pricing.js +60 -0
package/dist/api/profiles.d.ts +18 -0
package/dist/api/profiles.js +23 -0
package/dist/api/registry.d.ts +26 -0
package/dist/api/registry.js +87 -0
package/dist/api/reputation.d.ts +24 -0
package/dist/api/reputation.js +29 -0
package/dist/api/search.d.ts +46 -0
package/dist/api/search.js +41 -0
package/dist/api/stats.d.ts +11 -0
package/dist/api/stats.js +20 -0
package/dist/auth.d.ts +16 -0
package/dist/auth.js +36 -0
package/dist/client.d.ts +63 -0
package/dist/client.js +73 -0
package/dist/crypto.d.ts +12 -0
package/dist/crypto.js +49 -0
package/dist/http.d.ts +30 -0
package/dist/http.js +101 -0
package/dist/index.d.ts +39 -0
package/dist/index.js +32 -0
package/dist/local-signer.d.ts +15 -0
package/dist/local-signer.js +51 -0
package/dist/signal/crypto.d.ts +29 -0
package/dist/signal/crypto.js +156 -0
package/dist/signal/index.d.ts +11 -0
package/dist/signal/index.js +6 -0
package/dist/signal/keys.d.ts +14 -0
package/dist/signal/keys.js +36 -0
package/dist/signal/memory-store.d.ts +21 -0
package/dist/signal/memory-store.js +50 -0
package/dist/signal/ratchet.d.ts +12 -0
package/dist/signal/ratchet.js +106 -0
package/dist/signal/session.d.ts +17 -0
package/dist/signal/session.js +117 -0
package/dist/signal/store.d.ts +36 -0
package/dist/signal/store.js +6 -0
package/dist/signal/x3dh.d.ts +18 -0
package/dist/signal/x3dh.js +86 -0
package/dist/signer.d.ts +13 -0
package/dist/signer.js +9 -0
package/dist/types/broadcasts.d.ts +74 -0
package/dist/types/broadcasts.js +1 -0
package/dist/types/commerce.d.ts +183 -0
package/dist/types/commerce.js +1 -0
package/dist/types/directory.d.ts +88 -0
package/dist/types/directory.js +1 -0
package/dist/types/escrow.d.ts +129 -0
package/dist/types/escrow.js +1 -0
package/dist/types/events.d.ts +137 -0
package/dist/types/events.js +1 -0
package/dist/types/explorer.d.ts +133 -0
package/dist/types/explorer.js +1 -0
package/dist/types/groups.d.ts +56 -0
package/dist/types/groups.js +1 -0
package/dist/types/identity.d.ts +94 -0
package/dist/types/identity.js +1 -0
package/dist/types/index.d.ts +16 -0
package/dist/types/index.js +16 -0
package/dist/types/ledger.d.ts +57 -0
package/dist/types/ledger.js +1 -0
package/dist/types/marketplace.d.ts +141 -0
package/dist/types/marketplace.js +1 -0
package/dist/types/messaging.d.ts +67 -0
package/dist/types/messaging.js +1 -0
package/dist/types/payments.d.ts +88 -0
package/dist/types/payments.js +1 -0
package/dist/types/profile.d.ts +49 -0
package/dist/types/profile.js +1 -0
package/dist/types/reputation.d.ts +90 -0
package/dist/types/reputation.js +1 -0
package/dist/types/search.d.ts +56 -0
package/dist/types/search.js +1 -0
package/dist/types/social.d.ts +158 -0
package/dist/types/social.js +1 -0
package/dist/websocket.d.ts +26 -0
package/dist/websocket.js +83 -0
package/package.json +30 -0
package/src/api/a2a.ts +50 -0
package/src/api/admin.ts +95 -0
package/src/api/broadcasts.ts +110 -0
package/src/api/channels.ts +110 -0
package/src/api/directory.ts +45 -0
package/src/api/escrow.ts +163 -0
package/src/api/events.ts +133 -0
package/src/api/explorer.ts +48 -0
package/src/api/groups.ts +64 -0
package/src/api/inbox.ts +71 -0
package/src/api/keys.ts +18 -0
package/src/api/ledger.ts +28 -0
package/src/api/marketplace.ts +165 -0
package/src/api/messages.ts +23 -0
package/src/api/moderation.ts +71 -0
package/src/api/payments.ts +47 -0
package/src/api/pricing.ts +122 -0
package/src/api/profiles.ts +43 -0
package/src/api/registry.ts +143 -0
package/src/api/reputation.ts +60 -0
package/src/api/search.ts +59 -0
package/src/api/stats.ts +32 -0
package/src/auth.ts +75 -0
package/src/client.ts +120 -0
package/src/crypto.ts +74 -0
package/src/http.ts +147 -0
package/src/index.ts +72 -0
package/src/local-signer.ts +78 -0
package/src/signal/crypto.ts +229 -0
package/src/signal/index.ts +28 -0
package/src/signal/keys.ts +54 -0
package/src/signal/memory-store.ts +66 -0
package/src/signal/ratchet.ts +162 -0
package/src/signal/session.ts +189 -0
package/src/signal/store.ts +49 -0
package/src/signal/x3dh.ts +130 -0
package/src/signer.ts +21 -0
package/src/types/broadcasts.ts +81 -0
package/src/types/commerce.ts +206 -0
package/src/types/directory.ts +98 -0
package/src/types/escrow.ts +163 -0
package/src/types/events.ts +155 -0
package/src/types/explorer.ts +152 -0
package/src/types/groups.ts +62 -0
package/src/types/identity.ts +113 -0
package/src/types/index.ts +16 -0
package/src/types/ledger.ts +78 -0
package/src/types/marketplace.ts +166 -0
package/src/types/messaging.ts +77 -0
package/src/types/payments.ts +103 -0
package/src/types/profile.ts +55 -0
package/src/types/reputation.ts +98 -0
package/src/types/search.ts +61 -0
package/src/types/social.ts +186 -0
package/src/websocket.ts +112 -0
package/tests/signal.test.ts +353 -0
package/tests/staging.test.ts +650 -0
package/tsconfig.json +15 -0
package/vitest.config.ts +7 -0

package/src/crypto.ts ADDED Viewed

@@ -0,0 +1,74 @@
+import { sha256 } from "@noble/hashes/sha2.js";
+import type { SigningKey } from "./auth.js";
+const crypto = globalThis.crypto;
+export interface KeyPair {
+  publicKey: Uint8Array;
+  privateKey: CryptoKey;
+}
+export async function generateKeyPair(): Promise<KeyPair> {
+  const pair = await crypto.subtle.generateKey("Ed25519", true, [
+    "sign",
+    "verify",
+  ]);
+  const publicKeyRaw = new Uint8Array(
+    await crypto.subtle.exportKey("raw", pair.publicKey),
+  );
+  return { publicKey: publicKeyRaw, privateKey: pair.privateKey };
+}
+function toHex(bytes: Uint8Array): string {
+  return Array.from(bytes)
+    .map((b) => b.toString(16).padStart(2, "0"))
+    .join("");
+}
+function toBase64(bytes: Uint8Array): string {
+  let binary = "";
+  for (const byte of bytes) {
+    binary += String.fromCharCode(byte);
+  }
+  return btoa(binary);
+}
+export function publicKeyToHex(publicKey: Uint8Array): string {
+  return toHex(publicKey);
+}
+export function publicKeyToBase64(publicKey: Uint8Array): string {
+  return toBase64(publicKey);
+}
+export function deriveCryptoId(publicKey: Uint8Array): string {
+  return `tiny1${toHex(publicKey).slice(0, 40)}`;
+}
+export function sha256Hex(data: Uint8Array | string): string {
+  const input =
+    typeof data === "string" ? new TextEncoder().encode(data) : data;
+  return toHex(sha256(input));
+}
+export function canonicalPayload(
+  action: string,
+  fields: Record<string, unknown>,
+): string {
+  return JSON.stringify({ action, fields });
+}
+export function createSigningKey(
+  agentId: string,
+  privateKey: CryptoKey,
+): SigningKey {
+  return {
+    agentId,
+    async sign(data: Uint8Array): Promise<Uint8Array> {
+      const buffer = new ArrayBuffer(data.byteLength);
+      new Uint8Array(buffer).set(data);
+      const sig = await crypto.subtle.sign("Ed25519", privateKey, buffer);
+      return new Uint8Array(sig);
+    },
+  };
+}

package/src/http.ts ADDED Viewed

@@ -0,0 +1,147 @@
+import type { SigningKey } from "./auth.js";
+import { signRequest, signDirectoryWrite } from "./auth.js";
+export class TinyVerseError extends Error {
+  constructor(
+    public readonly status: number,
+    public readonly body: unknown,
+    message?: string,
+  ) {
+    super(message ?? `HTTP ${status}`);
+    this.name = "TinyVerseError";
+  }
+}
+export interface HttpClientOptions {
+  baseUrl: string;
+  signingKey?: SigningKey;
+  publicKeyBase64?: string;
+  fetch?: typeof globalThis.fetch;
+}
+function buildQuery(params: Record<string, unknown>): string {
+  const parts: Array<string> = [];
+  for (const [key, value] of Object.entries(params)) {
+    if (value === undefined || value === null) continue;
+    if (Array.isArray(value)) {
+      for (const item of value) {
+        parts.push(`${encodeURIComponent(key)}=${encodeURIComponent(String(item))}`);
+      }
+    } else {
+      parts.push(`${encodeURIComponent(key)}=${encodeURIComponent(String(value))}`);
+    }
+  }
+  return parts.length > 0 ? `?${parts.join("&")}` : "";
+}
+export class HttpClient {
+  private readonly baseUrl: string;
+  private readonly signingKey?: SigningKey;
+  private readonly publicKeyBase64?: string;
+  private readonly _fetch: typeof globalThis.fetch;
+  constructor(options: HttpClientOptions) {
+    this.baseUrl = options.baseUrl.replace(/\/+$/, "");
+    this.signingKey = options.signingKey;
+    this.publicKeyBase64 = options.publicKeyBase64;
+    this._fetch = options.fetch ?? globalThis.fetch.bind(globalThis);
+  }
+  private async request<T>(
+    method: string,
+    path: string,
+    options?: {
+      body?: unknown;
+      query?: Record<string, unknown>;
+      signed?: boolean;
+      directoryAuth?: boolean;
+    },
+  ): Promise<T> {
+    const queryString = options?.query ? buildQuery(options.query) : "";
+    const url = `${this.baseUrl}${path}${queryString}`;
+    const headers: Record<string, string> = {
+      "Content-Type": "application/json",
+    };
+    const bodyStr = options?.body != null ? JSON.stringify(options.body) : "";
+    if (options?.directoryAuth && this.signingKey && this.publicKeyBase64) {
+      const requestUri = `${path}${queryString}`;
+      const writeHeaders = await signDirectoryWrite(
+        this.signingKey,
+        this.publicKeyBase64,
+        method,
+        requestUri,
+        bodyStr,
+      );
+      Object.assign(headers, writeHeaders);
+      headers["X-Agent-ID"] = this.publicKeyBase64;
+    } else if (options?.signed && this.signingKey) {
+      const authHeaders = await signRequest(this.signingKey, bodyStr);
+      Object.assign(headers, authHeaders);
+    }
+    const response = await this._fetch(url, {
+      method,
+      headers,
+      body: bodyStr || undefined,
+    });
+    if (!response.ok) {
+      const errorBody = await response.text().catch(() => "");
+      let parsed: unknown;
+      try {
+        parsed = JSON.parse(errorBody);
+      } catch {
+        parsed = errorBody;
+      }
+      throw new TinyVerseError(response.status, parsed, `HTTP ${response.status}: ${path}`);
+    }
+    if (response.status === 204) {
+      return undefined as T;
+    }
+    return response.json() as Promise<T>;
+  }
+  get<T>(path: string, query?: Record<string, unknown>): Promise<T> {
+    return this.request<T>("GET", path, { query });
+  }
+  getAuth<T>(path: string, query?: Record<string, unknown>): Promise<T> {
+    return this.request<T>("GET", path, { query, signed: true });
+  }
+  getDirectoryAuth<T>(path: string, query?: Record<string, unknown>): Promise<T> {
+    return this.request<T>("GET", path, { query, directoryAuth: true });
+  }
+  post<T>(path: string, body?: unknown): Promise<T> {
+    return this.request<T>("POST", path, { body, signed: true });
+  }
+  postPublic<T>(path: string, body?: unknown): Promise<T> {
+    return this.request<T>("POST", path, { body });
+  }
+  put<T>(path: string, body?: unknown): Promise<T> {
+    return this.request<T>("PUT", path, { body, signed: true });
+  }
+  postDirectoryAuth<T>(path: string, body?: unknown): Promise<T> {
+    return this.request<T>("POST", path, { body, directoryAuth: true });
+  }
+  putDirectoryAuth<T>(path: string, body?: unknown): Promise<T> {
+    return this.request<T>("PUT", path, { body, directoryAuth: true });
+  }
+  delete<T>(path: string, body?: unknown): Promise<T> {
+    return this.request<T>("DELETE", path, { body, signed: true });
+  }
+  deleteDirectoryAuth<T>(path: string, body?: unknown): Promise<T> {
+    return this.request<T>("DELETE", path, { body, directoryAuth: true });
+  }
+}

package/src/index.ts ADDED Viewed

@@ -0,0 +1,72 @@
+export const SDK_VERSION = "0.1.0";
+export { TinyVerseClient } from "./client.js";
+export type { TinyVerseClientOptions } from "./client.js";
+export { TinyVerseError } from "./http.js";
+export { TinyVerseWebSocket } from "./websocket.js";
+export type { TinyVerseWebSocketOptions, WebSocketEventHandler } from "./websocket.js";
+export type { SigningKey, AuthHeaders, DirectoryWriteHeaders } from "./auth.js";
+export { buildAuthHeader, signRequest, signDirectoryWrite, signCanonicalPayload } from "./auth.js";
+export { Signer } from "./signer.js";
+export { LocalSigner } from "./local-signer.js";
+export type { KeyPair } from "./crypto.js";
+export {
+  generateKeyPair,
+  publicKeyToHex,
+  publicKeyToBase64,
+  deriveCryptoId,
+  sha256Hex,
+  canonicalPayload,
+  createSigningKey,
+} from "./crypto.js";
+export type { RegisterRequest } from "./api/registry.js";
+export { RegistryApi } from "./api/registry.js";
+export { KeysApi } from "./api/keys.js";
+export { MessagesApi } from "./api/messages.js";
+export { DirectoryApi } from "./api/directory.js";
+export { GroupsApi } from "./api/groups.js";
+export { PaymentsApi } from "./api/payments.js";
+export { LedgerApi } from "./api/ledger.js";
+export { ReputationApi } from "./api/reputation.js";
+export { InboxApi } from "./api/inbox.js";
+export { ChannelsApi } from "./api/channels.js";
+export { BroadcastsApi } from "./api/broadcasts.js";
+export { EventsApi } from "./api/events.js";
+export { MarketplaceApi } from "./api/marketplace.js";
+export { EscrowApi } from "./api/escrow.js";
+export { SearchApi } from "./api/search.js";
+export { ProfilesApi } from "./api/profiles.js";
+export { ExplorerApi } from "./api/explorer.js";
+export { PricingApi } from "./api/pricing.js";
+export { ModerationApi } from "./api/moderation.js";
+export { StatsApi } from "./api/stats.js";
+export { AdminApi } from "./api/admin.js";
+export { A2AApi } from "./api/a2a.js";
+export type { A2ATaskRequest, A2ATaskResponse } from "./api/a2a.js";
+export * from "./types/index.js";
+export {
+  SignalSession,
+  MemorySessionStore,
+  generateSignedPreKey,
+  generatePreKeys,
+  serializeSignedKey,
+  serializePreKey,
+  generateX25519KeyPair,
+  ed25519PubToX25519Pub,
+} from "./signal/index.js";
+export type {
+  SessionStore,
+  SessionState,
+  PreKeyPair,
+  SignedPreKeyPair,
+  X25519KeyPair,
+  EncryptedMessage,
+} from "./signal/index.js";

package/src/local-signer.ts ADDED Viewed

@@ -0,0 +1,78 @@
+import { Signer } from "./signer.js";
+import {
+  generateKeyPair,
+  deriveCryptoId,
+  publicKeyToBase64,
+} from "./crypto.js";
+import type { KeyPair } from "./crypto.js";
+import { ed25519SeedToX25519KeyPair } from "./signal/crypto.js";
+import type { X25519KeyPair } from "./signal/crypto.js";
+export class LocalSigner extends Signer {
+  readonly agentId: string;
+  readonly publicKeyBase64: string;
+  readonly publicKey: Uint8Array;
+  private readonly privateKey: CryptoKey;
+  private constructor(keyPair: KeyPair) {
+    super();
+    this.publicKey = keyPair.publicKey;
+    this.privateKey = keyPair.privateKey;
+    this.agentId = deriveCryptoId(keyPair.publicKey);
+    this.publicKeyBase64 = publicKeyToBase64(keyPair.publicKey);
+  }
+  static async generate(): Promise<LocalSigner> {
+    const keyPair = await generateKeyPair();
+    return new LocalSigner(keyPair);
+  }
+  static async fromPrivateKey(privateKey: CryptoKey): Promise<LocalSigner> {
+    const crypto = globalThis.crypto;
+    const jwk = await crypto.subtle.exportKey("jwk", privateKey);
+    const publicOnlyJwk = { ...jwk, d: undefined, key_ops: ["verify"] };
+    const publicCryptoKey = await crypto.subtle.importKey(
+      "jwk",
+      publicOnlyJwk,
+      { name: "Ed25519" },
+      true,
+      ["verify"],
+    );
+    const publicKeyRaw = new Uint8Array(
+      await crypto.subtle.exportKey("raw", publicCryptoKey),
+    );
+    return new LocalSigner({ publicKey: publicKeyRaw, privateKey });
+  }
+  static fromKeyPair(keyPair: KeyPair): LocalSigner {
+    return new LocalSigner(keyPair);
+  }
+  async sign(data: Uint8Array): Promise<Uint8Array> {
+    const crypto = globalThis.crypto;
+    const buffer = new ArrayBuffer(data.byteLength);
+    new Uint8Array(buffer).set(data);
+    const sig = await crypto.subtle.sign("Ed25519", this.privateKey, buffer);
+    return new Uint8Array(sig);
+  }
+  async getX25519KeyPair(): Promise<X25519KeyPair> {
+    const crypto = globalThis.crypto;
+    const jwk = await crypto.subtle.exportKey("jwk", this.privateKey);
+    const seed = base64urlToBytes(jwk.d!);
+    return ed25519SeedToX25519KeyPair(seed);
+  }
+}
+function base64urlToBytes(b64url: string): Uint8Array {
+  const b64 = b64url.replace(/-/g, "+").replace(/_/g, "/");
+  const pad = (4 - (b64.length % 4)) % 4;
+  const padded = b64 + "=".repeat(pad);
+  const binary = atob(padded);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return bytes;
+}

package/src/signal/crypto.ts ADDED Viewed

@@ -0,0 +1,229 @@
+import { x25519 } from "@noble/curves/ed25519.js";
+import { hkdf } from "@noble/hashes/hkdf.js";
+import { sha256, sha512 } from "@noble/hashes/sha2.js";
+import { hmac } from "@noble/hashes/hmac.js";
+const crypto = globalThis.crypto;
+const HKDF_INFO = new TextEncoder().encode("WhisperRatchet");
+const MESSAGE_KEY_INFO = new TextEncoder().encode("WhisperMessageKeys");
+const CHAIN_KEY_SEED_MESSAGE = new Uint8Array([0x01]);
+const CHAIN_KEY_SEED_CHAIN = new Uint8Array([0x02]);
+export interface X25519KeyPair {
+  publicKey: Uint8Array;
+  privateKey: Uint8Array;
+}
+export function generateX25519KeyPair(): X25519KeyPair {
+  const privateKey = x25519.utils.randomSecretKey();
+  const publicKey = x25519.getPublicKey(privateKey);
+  return { publicKey, privateKey };
+}
+export function x25519SharedSecret(
+  privateKey: Uint8Array,
+  publicKey: Uint8Array,
+): Uint8Array {
+  return x25519.getSharedSecret(privateKey, publicKey);
+}
+export function ed25519SeedToX25519Private(seed: Uint8Array): Uint8Array {
+  const hash = sha512(seed);
+  const scalar = hash.slice(0, 32);
+  scalar[0]! &= 248;
+  scalar[31]! &= 127;
+  scalar[31]! |= 64;
+  return scalar;
+}
+export function ed25519SeedToX25519KeyPair(seed: Uint8Array): X25519KeyPair {
+  const privateKey = ed25519SeedToX25519Private(seed);
+  const publicKey = x25519.getPublicKey(privateKey);
+  return { publicKey, privateKey };
+}
+// Edwards (Ed25519) public key → Montgomery (X25519) public key.
+// Formula: u = (1 + y) / (1 - y) mod p, where p = 2^255 - 19.
+const P = (1n << 255n) - 19n;
+function modPow(base: bigint, exp: bigint, modulus: bigint): bigint {
+  let result = 1n;
+  base = ((base % modulus) + modulus) % modulus;
+  while (exp > 0n) {
+    if (exp & 1n) result = (result * base) % modulus;
+    exp >>= 1n;
+    base = (base * base) % modulus;
+  }
+  return result;
+}
+function modInverse(a: bigint, modulus: bigint): bigint {
+  return modPow(a, modulus - 2n, modulus);
+}
+export function ed25519PubToX25519Pub(edPub: Uint8Array): Uint8Array {
+  // Ed25519 public key encodes the y-coordinate in little-endian with
+  // the sign bit in the top bit of the last byte.
+  const bytes = new Uint8Array(edPub);
+  bytes[31] = bytes[31]! & 0x7f;
+  let y = 0n;
+  for (let i = 0; i < 32; i++) {
+    y |= BigInt(bytes[i]!) << BigInt(8 * i);
+  }
+  const numerator = ((1n + y) % P + P) % P;
+  const denominator = ((1n - y) % P + P) % P;
+  const u = (numerator * modInverse(denominator, P)) % P;
+  const result = new Uint8Array(32);
+  let val = u;
+  for (let i = 0; i < 32; i++) {
+    result[i] = Number(val & 0xffn);
+    val >>= 8n;
+  }
+  return result;
+}
+export function kdfRootKey(
+  rootKey: Uint8Array,
+  dhOutput: Uint8Array,
+): { rootKey: Uint8Array; chainKey: Uint8Array } {
+  const output = hkdf(sha256, dhOutput, rootKey, HKDF_INFO, 64);
+  return {
+    rootKey: output.slice(0, 32),
+    chainKey: output.slice(32, 64),
+  };
+}
+export function kdfChainKey(chainKey: Uint8Array): {
+  chainKey: Uint8Array;
+  messageKey: Uint8Array;
+} {
+  const newChainKey = hmac(sha256, chainKey, CHAIN_KEY_SEED_CHAIN);
+  const messageKey = hmac(sha256, chainKey, CHAIN_KEY_SEED_MESSAGE);
+  return { chainKey: newChainKey, messageKey };
+}
+export function deriveMessageKeys(messageKey: Uint8Array): {
+  encKey: Uint8Array;
+  macKey: Uint8Array;
+  iv: Uint8Array;
+} {
+  const output = hkdf(sha256, messageKey, new Uint8Array(32), MESSAGE_KEY_INFO, 80);
+  return {
+    encKey: output.slice(0, 32),
+    macKey: output.slice(32, 64),
+    iv: output.slice(64, 80),
+  };
+}
+function toArrayBuffer(bytes: Uint8Array): ArrayBuffer {
+  const buffer = new ArrayBuffer(bytes.length);
+  new Uint8Array(buffer).set(bytes);
+  return buffer;
+}
+export async function aesEncrypt(
+  key: Uint8Array,
+  iv: Uint8Array,
+  plaintext: Uint8Array,
+): Promise<Uint8Array> {
+  const crypto = globalThis.crypto;
+  const cryptoKey = await crypto.subtle.importKey(
+    "raw",
+    toArrayBuffer(key),
+    { name: "AES-CBC" },
+    false,
+    ["encrypt"],
+  );
+  const ciphertext = await crypto.subtle.encrypt(
+    { name: "AES-CBC", iv: toArrayBuffer(iv) },
+    cryptoKey,
+    toArrayBuffer(plaintext),
+  );
+  return new Uint8Array(ciphertext);
+}
+export async function aesDecrypt(
+  key: Uint8Array,
+  iv: Uint8Array,
+  ciphertext: Uint8Array,
+): Promise<Uint8Array> {
+  const crypto = globalThis.crypto;
+  const cryptoKey = await crypto.subtle.importKey(
+    "raw",
+    toArrayBuffer(key),
+    { name: "AES-CBC" },
+    false,
+    ["decrypt"],
+  );
+  const plaintext = await crypto.subtle.decrypt(
+    { name: "AES-CBC", iv: toArrayBuffer(iv) },
+    cryptoKey,
+    toArrayBuffer(ciphertext),
+  );
+  return new Uint8Array(plaintext);
+}
+export function computeHmac(key: Uint8Array, data: Uint8Array): Uint8Array {
+  return hmac(sha256, key, data);
+}
+export async function encrypt(
+  messageKey: Uint8Array,
+  plaintext: Uint8Array,
+  associatedData: Uint8Array,
+): Promise<Uint8Array> {
+  const { encKey, macKey, iv } = deriveMessageKeys(messageKey);
+  const ciphertext = await aesEncrypt(encKey, iv, plaintext);
+  const macInput = new Uint8Array(associatedData.length + ciphertext.length);
+  macInput.set(associatedData);
+  macInput.set(ciphertext, associatedData.length);
+  const mac = computeHmac(macKey, macInput).slice(0, 8);
+  const result = new Uint8Array(ciphertext.length + 8);
+  result.set(ciphertext);
+  result.set(mac, ciphertext.length);
+  return result;
+}
+export async function decrypt(
+  messageKey: Uint8Array,
+  ciphertextWithMac: Uint8Array,
+  associatedData: Uint8Array,
+): Promise<Uint8Array> {
+  const { encKey, macKey, iv } = deriveMessageKeys(messageKey);
+  const ciphertext = ciphertextWithMac.slice(0, -8);
+  const receivedMac = ciphertextWithMac.slice(-8);
+  const macInput = new Uint8Array(associatedData.length + ciphertext.length);
+  macInput.set(associatedData);
+  macInput.set(ciphertext, associatedData.length);
+  const computedMac = computeHmac(macKey, macInput).slice(0, 8);
+  if (!constantTimeEqual(receivedMac, computedMac)) {
+    throw new Error("MAC verification failed");
+  }
+  return aesDecrypt(encKey, iv, ciphertext);
+}
+function constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean {
+  if (a.length !== b.length) return false;
+  let diff = 0;
+  for (let i = 0; i < a.length; i++) {
+    diff |= a[i]! ^ b[i]!;
+  }
+  return diff === 0;
+}
+export function toBase64(bytes: Uint8Array): string {
+  let binary = "";
+  for (const byte of bytes) {
+    binary += String.fromCharCode(byte);
+  }
+  return btoa(binary);
+}
+export function fromBase64(b64: string): Uint8Array {
+  const binary = atob(b64);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return bytes;
+}

package/src/signal/index.ts ADDED Viewed

@@ -0,0 +1,28 @@
+export type { X25519KeyPair } from "./crypto.js";
+export {
+  generateX25519KeyPair,
+  ed25519PubToX25519Pub,
+  ed25519SeedToX25519KeyPair,
+  toBase64,
+  fromBase64,
+} from "./crypto.js";
+export type { SessionState, PreKeyPair, SignedPreKeyPair, SessionStore } from "./store.js";
+export { MemorySessionStore } from "./memory-store.js";
+export type { X3DHBundle, X3DHInitResult } from "./x3dh.js";
+export { x3dhInitiate, x3dhRespond, buildAssociatedData } from "./x3dh.js";
+export type { RatchetHeader, RatchetMessage } from "./ratchet.js";
+export { ratchetEncrypt, ratchetDecrypt } from "./ratchet.js";
+export {
+  generateSignedPreKey,
+  generatePreKeys,
+  serializeSignedKey,
+  serializePreKey,
+} from "./keys.js";
+export type { EncryptedMessage } from "./session.js";
+export { SignalSession } from "./session.js";

package/src/signal/keys.ts ADDED Viewed

@@ -0,0 +1,54 @@
+import { generateX25519KeyPair, toBase64 } from "./crypto.js";
+import type { Signer } from "../signer.js";
+import type { PreKeyPair, SignedPreKeyPair } from "./store.js";
+// Backend verifies: ed25519.Verify(identityPubKey, []byte(preKey.PublicKey), signature)
+// So we sign the base64 string representation of the X25519 public key.
+async function signPublicKey(signer: Signer, publicKey: Uint8Array): Promise<Uint8Array> {
+  const publicKeyB64 = toBase64(publicKey);
+  return signer.sign(new TextEncoder().encode(publicKeyB64));
+}
+export async function generateSignedPreKey(
+  signer: Signer,
+  keyId: string,
+): Promise<SignedPreKeyPair> {
+  const keyPair = generateX25519KeyPair();
+  const signature = await signPublicKey(signer, keyPair.publicKey);
+  return { keyId, keyPair, signature };
+}
+export async function generatePreKeys(
+  signer: Signer,
+  startId: number,
+  count: number,
+): Promise<Array<PreKeyPair>> {
+  const preKeys: Array<PreKeyPair> = [];
+  for (let i = 0; i < count; i++) {
+    const keyId = `pk_${startId + i}`;
+    const keyPair = generateX25519KeyPair();
+    const signature = await signPublicKey(signer, keyPair.publicKey);
+    preKeys.push({ keyId, keyPair, signature });
+  }
+  return preKeys;
+}
+export function serializeSignedKey(
+  preKey: SignedPreKeyPair,
+): { keyId: string; publicKey: string; signature: string } {
+  return {
+    keyId: preKey.keyId,
+    publicKey: toBase64(preKey.keyPair.publicKey),
+    signature: toBase64(preKey.signature),
+  };
+}
+export function serializePreKey(
+  preKey: PreKeyPair,
+): { keyId: string; publicKey: string; signature: string } {
+  return {
+    keyId: preKey.keyId,
+    publicKey: toBase64(preKey.keyPair.publicKey),
+    signature: toBase64(preKey.signature),
+  };
+}