@tinyhumansai/tinyplace 0.1.0

package/dist/index.d.ts

@@ -0,0 +1,39 @@
+export declare const SDK_VERSION = "0.1.0";
+export { TinyVerseClient } from "./client.js";
+export type { TinyVerseClientOptions } from "./client.js";
+export { TinyVerseError } from "./http.js";
+export { TinyVerseWebSocket } from "./websocket.js";
+export type { TinyVerseWebSocketOptions, WebSocketEventHandler } from "./websocket.js";
+export type { SigningKey, AuthHeaders, DirectoryWriteHeaders } from "./auth.js";
+export { buildAuthHeader, signRequest, signDirectoryWrite, signCanonicalPayload } from "./auth.js";
+export { Signer } from "./signer.js";
+export { LocalSigner } from "./local-signer.js";
+export type { KeyPair } from "./crypto.js";
+export { generateKeyPair, publicKeyToHex, publicKeyToBase64, deriveCryptoId, sha256Hex, canonicalPayload, createSigningKey, } from "./crypto.js";
+export type { RegisterRequest } from "./api/registry.js";
+export { RegistryApi } from "./api/registry.js";
+export { KeysApi } from "./api/keys.js";
+export { MessagesApi } from "./api/messages.js";
+export { DirectoryApi } from "./api/directory.js";
+export { GroupsApi } from "./api/groups.js";
+export { PaymentsApi } from "./api/payments.js";
+export { LedgerApi } from "./api/ledger.js";
+export { ReputationApi } from "./api/reputation.js";
+export { InboxApi } from "./api/inbox.js";
+export { ChannelsApi } from "./api/channels.js";
+export { BroadcastsApi } from "./api/broadcasts.js";
+export { EventsApi } from "./api/events.js";
+export { MarketplaceApi } from "./api/marketplace.js";
+export { EscrowApi } from "./api/escrow.js";
+export { SearchApi } from "./api/search.js";
+export { ProfilesApi } from "./api/profiles.js";
+export { ExplorerApi } from "./api/explorer.js";
+export { PricingApi } from "./api/pricing.js";
+export { ModerationApi } from "./api/moderation.js";
+export { StatsApi } from "./api/stats.js";
+export { AdminApi } from "./api/admin.js";
+export { A2AApi } from "./api/a2a.js";
+export type { A2ATaskRequest, A2ATaskResponse } from "./api/a2a.js";
+export * from "./types/index.js";
+export { SignalSession, MemorySessionStore, generateSignedPreKey, generatePreKeys, serializeSignedKey, serializePreKey, generateX25519KeyPair, ed25519PubToX25519Pub, } from "./signal/index.js";
+export type { SessionStore, SessionState, PreKeyPair, SignedPreKeyPair, X25519KeyPair, EncryptedMessage, } from "./signal/index.js";

package/dist/index.js

@@ -0,0 +1,32 @@
+export const SDK_VERSION = "0.1.0";
+export { TinyVerseClient } from "./client.js";
+export { TinyVerseError } from "./http.js";
+export { TinyVerseWebSocket } from "./websocket.js";
+export { buildAuthHeader, signRequest, signDirectoryWrite, signCanonicalPayload } from "./auth.js";
+export { Signer } from "./signer.js";
+export { LocalSigner } from "./local-signer.js";
+export { generateKeyPair, publicKeyToHex, publicKeyToBase64, deriveCryptoId, sha256Hex, canonicalPayload, createSigningKey, } from "./crypto.js";
+export { RegistryApi } from "./api/registry.js";
+export { KeysApi } from "./api/keys.js";
+export { MessagesApi } from "./api/messages.js";
+export { DirectoryApi } from "./api/directory.js";
+export { GroupsApi } from "./api/groups.js";
+export { PaymentsApi } from "./api/payments.js";
+export { LedgerApi } from "./api/ledger.js";
+export { ReputationApi } from "./api/reputation.js";
+export { InboxApi } from "./api/inbox.js";
+export { ChannelsApi } from "./api/channels.js";
+export { BroadcastsApi } from "./api/broadcasts.js";
+export { EventsApi } from "./api/events.js";
+export { MarketplaceApi } from "./api/marketplace.js";
+export { EscrowApi } from "./api/escrow.js";
+export { SearchApi } from "./api/search.js";
+export { ProfilesApi } from "./api/profiles.js";
+export { ExplorerApi } from "./api/explorer.js";
+export { PricingApi } from "./api/pricing.js";
+export { ModerationApi } from "./api/moderation.js";
+export { StatsApi } from "./api/stats.js";
+export { AdminApi } from "./api/admin.js";
+export { A2AApi } from "./api/a2a.js";
+export * from "./types/index.js";
+export { SignalSession, MemorySessionStore, generateSignedPreKey, generatePreKeys, serializeSignedKey, serializePreKey, generateX25519KeyPair, ed25519PubToX25519Pub, } from "./signal/index.js";

package/dist/local-signer.d.ts

@@ -0,0 +1,15 @@
+import { Signer } from "./signer.js";
+import type { KeyPair } from "./crypto.js";
+import type { X25519KeyPair } from "./signal/crypto.js";
+export declare class LocalSigner extends Signer {
+    readonly agentId: string;
+    readonly publicKeyBase64: string;
+    readonly publicKey: Uint8Array;
+    private readonly privateKey;
+    private constructor();
+    static generate(): Promise<LocalSigner>;
+    static fromPrivateKey(privateKey: CryptoKey): Promise<LocalSigner>;
+    static fromKeyPair(keyPair: KeyPair): LocalSigner;
+    sign(data: Uint8Array): Promise<Uint8Array>;
+    getX25519KeyPair(): Promise<X25519KeyPair>;
+}

package/dist/local-signer.js

@@ -0,0 +1,51 @@
+import { Signer } from "./signer.js";
+import { generateKeyPair, deriveCryptoId, publicKeyToBase64, } from "./crypto.js";
+import { ed25519SeedToX25519KeyPair } from "./signal/crypto.js";
+export class LocalSigner extends Signer {
+    constructor(keyPair) {
+        super();
+        this.publicKey = keyPair.publicKey;
+        this.privateKey = keyPair.privateKey;
+        this.agentId = deriveCryptoId(keyPair.publicKey);
+        this.publicKeyBase64 = publicKeyToBase64(keyPair.publicKey);
+    }
+    static async generate() {
+        const keyPair = await generateKeyPair();
+        return new LocalSigner(keyPair);
+    }
+    static async fromPrivateKey(privateKey) {
+        const crypto = globalThis.crypto;
+        const jwk = await crypto.subtle.exportKey("jwk", privateKey);
+        const publicOnlyJwk = { ...jwk, d: undefined, key_ops: ["verify"] };
+        const publicCryptoKey = await crypto.subtle.importKey("jwk", publicOnlyJwk, { name: "Ed25519" }, true, ["verify"]);
+        const publicKeyRaw = new Uint8Array(await crypto.subtle.exportKey("raw", publicCryptoKey));
+        return new LocalSigner({ publicKey: publicKeyRaw, privateKey });
+    }
+    static fromKeyPair(keyPair) {
+        return new LocalSigner(keyPair);
+    }
+    async sign(data) {
+        const crypto = globalThis.crypto;
+        const buffer = new ArrayBuffer(data.byteLength);
+        new Uint8Array(buffer).set(data);
+        const sig = await crypto.subtle.sign("Ed25519", this.privateKey, buffer);
+        return new Uint8Array(sig);
+    }
+    async getX25519KeyPair() {
+        const crypto = globalThis.crypto;
+        const jwk = await crypto.subtle.exportKey("jwk", this.privateKey);
+        const seed = base64urlToBytes(jwk.d);
+        return ed25519SeedToX25519KeyPair(seed);
+    }
+}
+function base64urlToBytes(b64url) {
+    const b64 = b64url.replace(/-/g, "+").replace(/_/g, "/");
+    const pad = (4 - (b64.length % 4)) % 4;
+    const padded = b64 + "=".repeat(pad);
+    const binary = atob(padded);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes;
+}

package/dist/signal/crypto.d.ts

@@ -0,0 +1,29 @@
+export interface X25519KeyPair {
+    publicKey: Uint8Array;
+    privateKey: Uint8Array;
+}
+export declare function generateX25519KeyPair(): X25519KeyPair;
+export declare function x25519SharedSecret(privateKey: Uint8Array, publicKey: Uint8Array): Uint8Array;
+export declare function ed25519SeedToX25519Private(seed: Uint8Array): Uint8Array;
+export declare function ed25519SeedToX25519KeyPair(seed: Uint8Array): X25519KeyPair;
+export declare function ed25519PubToX25519Pub(edPub: Uint8Array): Uint8Array;
+export declare function kdfRootKey(rootKey: Uint8Array, dhOutput: Uint8Array): {
+    rootKey: Uint8Array;
+    chainKey: Uint8Array;
+};
+export declare function kdfChainKey(chainKey: Uint8Array): {
+    chainKey: Uint8Array;
+    messageKey: Uint8Array;
+};
+export declare function deriveMessageKeys(messageKey: Uint8Array): {
+    encKey: Uint8Array;
+    macKey: Uint8Array;
+    iv: Uint8Array;
+};
+export declare function aesEncrypt(key: Uint8Array, iv: Uint8Array, plaintext: Uint8Array): Promise<Uint8Array>;
+export declare function aesDecrypt(key: Uint8Array, iv: Uint8Array, ciphertext: Uint8Array): Promise<Uint8Array>;
+export declare function computeHmac(key: Uint8Array, data: Uint8Array): Uint8Array;
+export declare function encrypt(messageKey: Uint8Array, plaintext: Uint8Array, associatedData: Uint8Array): Promise<Uint8Array>;
+export declare function decrypt(messageKey: Uint8Array, ciphertextWithMac: Uint8Array, associatedData: Uint8Array): Promise<Uint8Array>;
+export declare function toBase64(bytes: Uint8Array): string;
+export declare function fromBase64(b64: string): Uint8Array;

package/dist/signal/crypto.js

@@ -0,0 +1,156 @@
+import { x25519 } from "@noble/curves/ed25519.js";
+import { hkdf } from "@noble/hashes/hkdf.js";
+import { sha256, sha512 } from "@noble/hashes/sha2.js";
+import { hmac } from "@noble/hashes/hmac.js";
+const crypto = globalThis.crypto;
+const HKDF_INFO = new TextEncoder().encode("WhisperRatchet");
+const MESSAGE_KEY_INFO = new TextEncoder().encode("WhisperMessageKeys");
+const CHAIN_KEY_SEED_MESSAGE = new Uint8Array([0x01]);
+const CHAIN_KEY_SEED_CHAIN = new Uint8Array([0x02]);
+export function generateX25519KeyPair() {
+    const privateKey = x25519.utils.randomSecretKey();
+    const publicKey = x25519.getPublicKey(privateKey);
+    return { publicKey, privateKey };
+}
+export function x25519SharedSecret(privateKey, publicKey) {
+    return x25519.getSharedSecret(privateKey, publicKey);
+}
+export function ed25519SeedToX25519Private(seed) {
+    const hash = sha512(seed);
+    const scalar = hash.slice(0, 32);
+    scalar[0] &= 248;
+    scalar[31] &= 127;
+    scalar[31] |= 64;
+    return scalar;
+}
+export function ed25519SeedToX25519KeyPair(seed) {
+    const privateKey = ed25519SeedToX25519Private(seed);
+    const publicKey = x25519.getPublicKey(privateKey);
+    return { publicKey, privateKey };
+}
+// Edwards (Ed25519) public key → Montgomery (X25519) public key.
+// Formula: u = (1 + y) / (1 - y) mod p, where p = 2^255 - 19.
+const P = (1n << 255n) - 19n;
+function modPow(base, exp, modulus) {
+    let result = 1n;
+    base = ((base % modulus) + modulus) % modulus;
+    while (exp > 0n) {
+        if (exp & 1n)
+            result = (result * base) % modulus;
+        exp >>= 1n;
+        base = (base * base) % modulus;
+    }
+    return result;
+}
+function modInverse(a, modulus) {
+    return modPow(a, modulus - 2n, modulus);
+}
+export function ed25519PubToX25519Pub(edPub) {
+    // Ed25519 public key encodes the y-coordinate in little-endian with
+    // the sign bit in the top bit of the last byte.
+    const bytes = new Uint8Array(edPub);
+    bytes[31] = bytes[31] & 0x7f;
+    let y = 0n;
+    for (let i = 0; i < 32; i++) {
+        y |= BigInt(bytes[i]) << BigInt(8 * i);
+    }
+    const numerator = ((1n + y) % P + P) % P;
+    const denominator = ((1n - y) % P + P) % P;
+    const u = (numerator * modInverse(denominator, P)) % P;
+    const result = new Uint8Array(32);
+    let val = u;
+    for (let i = 0; i < 32; i++) {
+        result[i] = Number(val & 0xffn);
+        val >>= 8n;
+    }
+    return result;
+}
+export function kdfRootKey(rootKey, dhOutput) {
+    const output = hkdf(sha256, dhOutput, rootKey, HKDF_INFO, 64);
+    return {
+        rootKey: output.slice(0, 32),
+        chainKey: output.slice(32, 64),
+    };
+}
+export function kdfChainKey(chainKey) {
+    const newChainKey = hmac(sha256, chainKey, CHAIN_KEY_SEED_CHAIN);
+    const messageKey = hmac(sha256, chainKey, CHAIN_KEY_SEED_MESSAGE);
+    return { chainKey: newChainKey, messageKey };
+}
+export function deriveMessageKeys(messageKey) {
+    const output = hkdf(sha256, messageKey, new Uint8Array(32), MESSAGE_KEY_INFO, 80);
+    return {
+        encKey: output.slice(0, 32),
+        macKey: output.slice(32, 64),
+        iv: output.slice(64, 80),
+    };
+}
+function toArrayBuffer(bytes) {
+    const buffer = new ArrayBuffer(bytes.length);
+    new Uint8Array(buffer).set(bytes);
+    return buffer;
+}
+export async function aesEncrypt(key, iv, plaintext) {
+    const crypto = globalThis.crypto;
+    const cryptoKey = await crypto.subtle.importKey("raw", toArrayBuffer(key), { name: "AES-CBC" }, false, ["encrypt"]);
+    const ciphertext = await crypto.subtle.encrypt({ name: "AES-CBC", iv: toArrayBuffer(iv) }, cryptoKey, toArrayBuffer(plaintext));
+    return new Uint8Array(ciphertext);
+}
+export async function aesDecrypt(key, iv, ciphertext) {
+    const crypto = globalThis.crypto;
+    const cryptoKey = await crypto.subtle.importKey("raw", toArrayBuffer(key), { name: "AES-CBC" }, false, ["decrypt"]);
+    const plaintext = await crypto.subtle.decrypt({ name: "AES-CBC", iv: toArrayBuffer(iv) }, cryptoKey, toArrayBuffer(ciphertext));
+    return new Uint8Array(plaintext);
+}
+export function computeHmac(key, data) {
+    return hmac(sha256, key, data);
+}
+export async function encrypt(messageKey, plaintext, associatedData) {
+    const { encKey, macKey, iv } = deriveMessageKeys(messageKey);
+    const ciphertext = await aesEncrypt(encKey, iv, plaintext);
+    const macInput = new Uint8Array(associatedData.length + ciphertext.length);
+    macInput.set(associatedData);
+    macInput.set(ciphertext, associatedData.length);
+    const mac = computeHmac(macKey, macInput).slice(0, 8);
+    const result = new Uint8Array(ciphertext.length + 8);
+    result.set(ciphertext);
+    result.set(mac, ciphertext.length);
+    return result;
+}
+export async function decrypt(messageKey, ciphertextWithMac, associatedData) {
+    const { encKey, macKey, iv } = deriveMessageKeys(messageKey);
+    const ciphertext = ciphertextWithMac.slice(0, -8);
+    const receivedMac = ciphertextWithMac.slice(-8);
+    const macInput = new Uint8Array(associatedData.length + ciphertext.length);
+    macInput.set(associatedData);
+    macInput.set(ciphertext, associatedData.length);
+    const computedMac = computeHmac(macKey, macInput).slice(0, 8);
+    if (!constantTimeEqual(receivedMac, computedMac)) {
+        throw new Error("MAC verification failed");
+    }
+    return aesDecrypt(encKey, iv, ciphertext);
+}
+function constantTimeEqual(a, b) {
+    if (a.length !== b.length)
+        return false;
+    let diff = 0;
+    for (let i = 0; i < a.length; i++) {
+        diff |= a[i] ^ b[i];
+    }
+    return diff === 0;
+}
+export function toBase64(bytes) {
+    let binary = "";
+    for (const byte of bytes) {
+        binary += String.fromCharCode(byte);
+    }
+    return btoa(binary);
+}
+export function fromBase64(b64) {
+    const binary = atob(b64);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes;
+}

package/dist/signal/index.d.ts

@@ -0,0 +1,11 @@
+export type { X25519KeyPair } from "./crypto.js";
+export { generateX25519KeyPair, ed25519PubToX25519Pub, ed25519SeedToX25519KeyPair, toBase64, fromBase64, } from "./crypto.js";
+export type { SessionState, PreKeyPair, SignedPreKeyPair, SessionStore } from "./store.js";
+export { MemorySessionStore } from "./memory-store.js";
+export type { X3DHBundle, X3DHInitResult } from "./x3dh.js";
+export { x3dhInitiate, x3dhRespond, buildAssociatedData } from "./x3dh.js";
+export type { RatchetHeader, RatchetMessage } from "./ratchet.js";
+export { ratchetEncrypt, ratchetDecrypt } from "./ratchet.js";
+export { generateSignedPreKey, generatePreKeys, serializeSignedKey, serializePreKey, } from "./keys.js";
+export type { EncryptedMessage } from "./session.js";
+export { SignalSession } from "./session.js";

package/dist/signal/index.js

@@ -0,0 +1,6 @@
+export { generateX25519KeyPair, ed25519PubToX25519Pub, ed25519SeedToX25519KeyPair, toBase64, fromBase64, } from "./crypto.js";
+export { MemorySessionStore } from "./memory-store.js";
+export { x3dhInitiate, x3dhRespond, buildAssociatedData } from "./x3dh.js";
+export { ratchetEncrypt, ratchetDecrypt } from "./ratchet.js";
+export { generateSignedPreKey, generatePreKeys, serializeSignedKey, serializePreKey, } from "./keys.js";
+export { SignalSession } from "./session.js";

package/dist/signal/keys.d.ts

@@ -0,0 +1,14 @@
+import type { Signer } from "../signer.js";
+import type { PreKeyPair, SignedPreKeyPair } from "./store.js";
+export declare function generateSignedPreKey(signer: Signer, keyId: string): Promise<SignedPreKeyPair>;
+export declare function generatePreKeys(signer: Signer, startId: number, count: number): Promise<Array<PreKeyPair>>;
+export declare function serializeSignedKey(preKey: SignedPreKeyPair): {
+    keyId: string;
+    publicKey: string;
+    signature: string;
+};
+export declare function serializePreKey(preKey: PreKeyPair): {
+    keyId: string;
+    publicKey: string;
+    signature: string;
+};

package/dist/signal/keys.js

@@ -0,0 +1,36 @@
+import { generateX25519KeyPair, toBase64 } from "./crypto.js";
+// Backend verifies: ed25519.Verify(identityPubKey, []byte(preKey.PublicKey), signature)
+// So we sign the base64 string representation of the X25519 public key.
+async function signPublicKey(signer, publicKey) {
+    const publicKeyB64 = toBase64(publicKey);
+    return signer.sign(new TextEncoder().encode(publicKeyB64));
+}
+export async function generateSignedPreKey(signer, keyId) {
+    const keyPair = generateX25519KeyPair();
+    const signature = await signPublicKey(signer, keyPair.publicKey);
+    return { keyId, keyPair, signature };
+}
+export async function generatePreKeys(signer, startId, count) {
+    const preKeys = [];
+    for (let i = 0; i < count; i++) {
+        const keyId = `pk_${startId + i}`;
+        const keyPair = generateX25519KeyPair();
+        const signature = await signPublicKey(signer, keyPair.publicKey);
+        preKeys.push({ keyId, keyPair, signature });
+    }
+    return preKeys;
+}
+export function serializeSignedKey(preKey) {
+    return {
+        keyId: preKey.keyId,
+        publicKey: toBase64(preKey.keyPair.publicKey),
+        signature: toBase64(preKey.signature),
+    };
+}
+export function serializePreKey(preKey) {
+    return {
+        keyId: preKey.keyId,
+        publicKey: toBase64(preKey.keyPair.publicKey),
+        signature: toBase64(preKey.signature),
+    };
+}

package/dist/signal/memory-store.d.ts

@@ -0,0 +1,21 @@
+import type { X25519KeyPair } from "./crypto.js";
+import type { SessionStore, SessionState, PreKeyPair, SignedPreKeyPair } from "./store.js";
+export declare class MemorySessionStore implements SessionStore {
+    private readonly identityKeyPair;
+    private readonly signedPreKeys;
+    private readonly preKeys;
+    private readonly sessions;
+    private activeSignedPreKeyId;
+    constructor(identityKeyPair: X25519KeyPair);
+    getIdentityX25519KeyPair(): Promise<X25519KeyPair>;
+    getSignedPreKey(keyId: string): Promise<SignedPreKeyPair | null>;
+    getActiveSignedPreKey(): Promise<SignedPreKeyPair>;
+    storeSignedPreKey(preKey: SignedPreKeyPair): Promise<void>;
+    getPreKey(keyId: string): Promise<PreKeyPair | null>;
+    removePreKey(keyId: string): Promise<void>;
+    storePreKey(preKey: PreKeyPair): Promise<void>;
+    getAllPreKeys(): Promise<Array<PreKeyPair>>;
+    getSession(address: string): Promise<SessionState | null>;
+    storeSession(address: string, session: SessionState): Promise<void>;
+    removeSession(address: string): Promise<void>;
+}

package/dist/signal/memory-store.js

@@ -0,0 +1,50 @@
+export class MemorySessionStore {
+    constructor(identityKeyPair) {
+        this.signedPreKeys = new Map();
+        this.preKeys = new Map();
+        this.sessions = new Map();
+        this.activeSignedPreKeyId = null;
+        this.identityKeyPair = identityKeyPair;
+    }
+    async getIdentityX25519KeyPair() {
+        return this.identityKeyPair;
+    }
+    async getSignedPreKey(keyId) {
+        return this.signedPreKeys.get(keyId) ?? null;
+    }
+    async getActiveSignedPreKey() {
+        if (!this.activeSignedPreKeyId) {
+            throw new Error("No active signed pre-key");
+        }
+        const key = this.signedPreKeys.get(this.activeSignedPreKeyId);
+        if (!key) {
+            throw new Error("Active signed pre-key not found");
+        }
+        return key;
+    }
+    async storeSignedPreKey(preKey) {
+        this.signedPreKeys.set(preKey.keyId, preKey);
+        this.activeSignedPreKeyId = preKey.keyId;
+    }
+    async getPreKey(keyId) {
+        return this.preKeys.get(keyId) ?? null;
+    }
+    async removePreKey(keyId) {
+        this.preKeys.delete(keyId);
+    }
+    async storePreKey(preKey) {
+        this.preKeys.set(preKey.keyId, preKey);
+    }
+    async getAllPreKeys() {
+        return Array.from(this.preKeys.values());
+    }
+    async getSession(address) {
+        return this.sessions.get(address) ?? null;
+    }
+    async storeSession(address, session) {
+        this.sessions.set(address, session);
+    }
+    async removeSession(address) {
+        this.sessions.delete(address);
+    }
+}

package/dist/signal/ratchet.d.ts

@@ -0,0 +1,12 @@
+import type { SessionState } from "./store.js";
+export interface RatchetHeader {
+    publicKey: Uint8Array;
+    previousChainLength: number;
+    messageNumber: number;
+}
+export interface RatchetMessage {
+    header: RatchetHeader;
+    ciphertext: Uint8Array;
+}
+export declare function ratchetEncrypt(state: SessionState, plaintext: Uint8Array, associatedData: Uint8Array): Promise<RatchetMessage>;
+export declare function ratchetDecrypt(state: SessionState, message: RatchetMessage, associatedData: Uint8Array): Promise<Uint8Array>;

package/dist/signal/ratchet.js

@@ -0,0 +1,106 @@
+import { generateX25519KeyPair, x25519SharedSecret, kdfRootKey, kdfChainKey, encrypt, decrypt, } from "./crypto.js";
+import { skippedKeyId } from "./store.js";
+const MAX_SKIP = 1000;
+export async function ratchetEncrypt(state, plaintext, associatedData) {
+    if (!state.sendChainKey) {
+        dhRatchetStep(state);
+    }
+    const { chainKey, messageKey } = kdfChainKey(state.sendChainKey);
+    state.sendChainKey = chainKey;
+    const header = {
+        publicKey: state.dhSendKeyPair.publicKey,
+        previousChainLength: state.previousChainLength,
+        messageNumber: state.sendMessageNumber,
+    };
+    state.sendMessageNumber++;
+    const headerBytes = encodeHeader(header);
+    const ad = concat(associatedData, headerBytes);
+    const ciphertext = await encrypt(messageKey, plaintext, ad);
+    return { header, ciphertext };
+}
+export async function ratchetDecrypt(state, message, associatedData) {
+    const skId = skippedKeyId(message.header.publicKey, message.header.messageNumber);
+    const skippedMk = state.skippedKeys.get(skId);
+    if (skippedMk) {
+        state.skippedKeys.delete(skId);
+        const headerBytes = encodeHeader(message.header);
+        const ad = concat(associatedData, headerBytes);
+        return decrypt(skippedMk, message.ciphertext, ad);
+    }
+    const headerKeyChanged = !state.dhRecvPublicKey ||
+        !uint8ArrayEqual(state.dhRecvPublicKey, message.header.publicKey);
+    if (headerKeyChanged) {
+        if (state.recvChainKey) {
+            skipMessageKeys(state, message.header.previousChainLength);
+        }
+        dhRatchetStepWithRecv(state, message.header.publicKey);
+    }
+    skipMessageKeys(state, message.header.messageNumber);
+    const { chainKey, messageKey } = kdfChainKey(state.recvChainKey);
+    state.recvChainKey = chainKey;
+    state.recvMessageNumber++;
+    const headerBytes = encodeHeader(message.header);
+    const ad = concat(associatedData, headerBytes);
+    return decrypt(messageKey, message.ciphertext, ad);
+}
+function dhRatchetStep(state) {
+    if (!state.dhRecvPublicKey) {
+        throw new Error("Cannot perform DH ratchet without recipient public key");
+    }
+    const dhOutput = x25519SharedSecret(state.dhSendKeyPair.privateKey, state.dhRecvPublicKey);
+    const { rootKey, chainKey } = kdfRootKey(state.rootKey, dhOutput);
+    state.rootKey = rootKey;
+    state.sendChainKey = chainKey;
+}
+function dhRatchetStepWithRecv(state, newRecvPublicKey) {
+    state.previousChainLength = state.sendMessageNumber;
+    state.sendMessageNumber = 0;
+    state.recvMessageNumber = 0;
+    state.dhRecvPublicKey = newRecvPublicKey;
+    const dhRecv = x25519SharedSecret(state.dhSendKeyPair.privateKey, state.dhRecvPublicKey);
+    const recvResult = kdfRootKey(state.rootKey, dhRecv);
+    state.rootKey = recvResult.rootKey;
+    state.recvChainKey = recvResult.chainKey;
+    state.dhSendKeyPair = generateX25519KeyPair();
+    const dhSend = x25519SharedSecret(state.dhSendKeyPair.privateKey, state.dhRecvPublicKey);
+    const sendResult = kdfRootKey(state.rootKey, dhSend);
+    state.rootKey = sendResult.rootKey;
+    state.sendChainKey = sendResult.chainKey;
+}
+function skipMessageKeys(state, until) {
+    if (!state.recvChainKey)
+        return;
+    if (until - state.recvMessageNumber > MAX_SKIP) {
+        throw new Error("Too many skipped messages");
+    }
+    while (state.recvMessageNumber < until) {
+        const { chainKey, messageKey } = kdfChainKey(state.recvChainKey);
+        state.recvChainKey = chainKey;
+        const skId = skippedKeyId(state.dhRecvPublicKey, state.recvMessageNumber);
+        state.skippedKeys.set(skId, messageKey);
+        state.recvMessageNumber++;
+    }
+}
+function encodeHeader(header) {
+    const result = new Uint8Array(32 + 4 + 4);
+    result.set(header.publicKey);
+    const view = new DataView(result.buffer);
+    view.setUint32(32, header.previousChainLength, false);
+    view.setUint32(36, header.messageNumber, false);
+    return result;
+}
+function concat(a, b) {
+    const result = new Uint8Array(a.length + b.length);
+    result.set(a);
+    result.set(b, a.length);
+    return result;
+}
+function uint8ArrayEqual(a, b) {
+    if (a.length !== b.length)
+        return false;
+    for (let i = 0; i < a.length; i++) {
+        if (a[i] !== b[i])
+            return false;
+    }
+    return true;
+}

package/dist/signal/session.d.ts

@@ -0,0 +1,17 @@
+import type { SessionStore } from "./store.js";
+import type { KeyBundle, MessageEnvelope, SignalMetadata } from "../types/index.js";
+export interface EncryptedMessage {
+    body: string;
+    type: "CIPHERTEXT" | "PREKEY_BUNDLE";
+    signal?: SignalMetadata;
+}
+export declare class SignalSession {
+    private readonly store;
+    private readonly ourIdentityPublicKey;
+    constructor(store: SessionStore, ourIdentityPublicKey: Uint8Array);
+    encrypt(recipientAddress: string, recipientIdentityKey: Uint8Array, plaintext: Uint8Array, recipientBundle?: KeyBundle): Promise<EncryptedMessage>;
+    decrypt(senderAddress: string, senderIdentityKey: Uint8Array, envelope: MessageEnvelope): Promise<Uint8Array>;
+    private processPreKeyMessage;
+    hasSession(address: string): Promise<boolean>;
+    removeSession(address: string): Promise<void>;
+}