@unknownncat/swt-libsignal 1.0.4

package/dist/key-helper.js

@@ -0,0 +1,42 @@
+import { randomBytes } from 'crypto';
+import * as curve from './curve.js';
+function isNonNegativeInteger(n) {
+    return (typeof n === 'number' &&
+        Number.isInteger(n) &&
+        n >= 0);
+}
+export const generateIdentityKeyPair = curve.signalCrypto.generateIdentityKeyPair;
+export function generateRegistrationId() {
+    const bytes = randomBytes(2);
+    return (((bytes[0] ?? 0) << 8) | (bytes[1] ?? 0)) & 0x3fff;
+}
+export async function generateSignedPreKey(identityKeyPair, signedKeyId) {
+    if (!(identityKeyPair.privateKey instanceof Uint8Array) ||
+        identityKeyPair.privateKey.length !== 64) {
+        throw new TypeError('Invalid Ed25519 private key');
+    }
+    if (!(identityKeyPair.publicKey instanceof Uint8Array) ||
+        identityKeyPair.publicKey.length !== 32) {
+        throw new TypeError('Invalid Ed25519 public key');
+    }
+    if (!isNonNegativeInteger(signedKeyId)) {
+        throw new TypeError(`Invalid argument for signedKeyId: ${signedKeyId}`);
+    }
+    const keyPair = await curve.generateKeyPair();
+    const signature = curve.calculateSignature(identityKeyPair.privateKey, keyPair.publicKey);
+    return {
+        keyId: signedKeyId,
+        keyPair,
+        signature
+    };
+}
+export async function generatePreKey(keyId) {
+    if (!isNonNegativeInteger(keyId)) {
+        throw new TypeError(`Invalid argument for keyId: ${keyId}`);
+    }
+    const keyPair = await curve.generateKeyPair();
+    return {
+        keyId,
+        keyPair
+    };
+}

package/dist/protobuf.d.ts

@@ -0,0 +1 @@
+export { PreKeyWhisperMessage, WhisperMessage } from "./generated/WhisperTextProtocol.js";

package/dist/protobuf.js

@@ -0,0 +1,2 @@
+'use strict';
+export { PreKeyWhisperMessage, WhisperMessage } from "./generated/WhisperTextProtocol.js";

package/dist/protocol_address.d.ts

@@ -0,0 +1,9 @@
+export declare class ProtocolAddress {
+    readonly id: string;
+    readonly deviceId: number;
+    private cachedString;
+    static from(encodedAddress: string): ProtocolAddress;
+    constructor(id: string, deviceId: number);
+    toString(): string;
+    equals(other: unknown): boolean;
+}

package/dist/protocol_address.js

@@ -0,0 +1,50 @@
+export class ProtocolAddress {
+    id;
+    deviceId;
+    cachedString = null;
+    static from(encodedAddress) {
+        if (typeof encodedAddress !== 'string') {
+            throw new TypeError('encodedAddress must be a string');
+        }
+        const separatorIndex = encodedAddress.lastIndexOf('.');
+        if (separatorIndex <= 0 || separatorIndex === encodedAddress.length - 1) {
+            throw new Error('Invalid address encoding');
+        }
+        const id = encodedAddress.slice(0, separatorIndex);
+        const deviceStr = encodedAddress.slice(separatorIndex + 1);
+        if (!/^\d+$/.test(deviceStr)) {
+            throw new Error('Invalid deviceId encoding');
+        }
+        const deviceId = Number(deviceStr);
+        if (!Number.isSafeInteger(deviceId) || deviceId < 0) {
+            throw new Error('Invalid deviceId value');
+        }
+        return new ProtocolAddress(id, deviceId);
+    }
+    constructor(id, deviceId) {
+        if (typeof id !== 'string' || id.length === 0) {
+            throw new TypeError('id must be a non-empty string');
+        }
+        if (id.includes('.')) {
+            throw new TypeError('id must not contain "."');
+        }
+        if (!Number.isSafeInteger(deviceId) || deviceId < 0) {
+            throw new TypeError('deviceId must be a non-negative safe integer');
+        }
+        this.id = id;
+        this.deviceId = deviceId;
+    }
+    toString() {
+        if (this.cachedString === null) {
+            this.cachedString = `${this.id}.${this.deviceId}`;
+        }
+        return this.cachedString;
+    }
+    equals(other) {
+        if (!(other instanceof ProtocolAddress)) {
+            return false;
+        }
+        return (this.id === other.id &&
+            this.deviceId === other.deviceId);
+    }
+}

package/dist/session/builder/index.d.ts

@@ -0,0 +1,2 @@
+export * from './types.js';
+export * from './session-builder.js';

package/dist/session/builder/index.js

@@ -0,0 +1,2 @@
+export * from './types.js';
+export * from './session-builder.js';

package/dist/session/builder/session-builder.d.ts

@@ -0,0 +1,13 @@
+import type { ProtocolAddress } from '../../protocol_address.js';
+import { SessionRecord } from '../record/index.js';
+import type { PreKeyBundle, PreKeyWhisperMessage, SessionBuilderStorage } from './types.js';
+export declare class SessionBuilder {
+    private readonly addr;
+    private readonly storage;
+    constructor(storage: SessionBuilderStorage, protocolAddress: ProtocolAddress);
+    initOutgoing(device: PreKeyBundle): Promise<void>;
+    initIncoming(record: SessionRecord, message: PreKeyWhisperMessage): Promise<number | undefined>;
+    private initSession;
+    private calculateSendingRatchet;
+    private deriveSecrets;
+}

package/dist/session/builder/session-builder.js

@@ -0,0 +1,148 @@
+import { BaseKeyType } from '../../base_key_type.js';
+import { ChainType } from '../../chain_type.js';
+import { SessionRecord } from '../record/index.js';
+import { crypto } from '../../crypto.js';
+import { signalCrypto } from '../../curve.js';
+import { UntrustedIdentityKeyError, PreKeyError } from '../../signal-errors.js';
+import { enqueue } from '../../job_queue.js';
+export class SessionBuilder {
+    addr;
+    storage;
+    constructor(storage, protocolAddress) {
+        this.addr = protocolAddress;
+        this.storage = storage;
+    }
+    async initOutgoing(device) {
+        const fqAddr = this.addr.toString();
+        return enqueue(fqAddr, async () => {
+            if (!await this.storage.isTrustedIdentity(this.addr.id, device.identityKey)) {
+                throw new UntrustedIdentityKeyError(this.addr.id, device.identityKey);
+            }
+            signalCrypto.verify(device.identityKey, device.signedPreKey.publicKey, device.signedPreKey.signature);
+            const baseKey = await signalCrypto.generateDHKeyPair();
+            const session = await this.initSession(true, { pubKey: baseKey.publicKey, privKey: baseKey.privateKey }, undefined, device.identityKey, device.preKey?.publicKey, device.signedPreKey.publicKey, device.registrationId);
+            const pendingPreKey = {
+                baseKey: baseKey.publicKey,
+                signedKeyId: device.signedPreKey.keyId
+            };
+            if (device.preKey) {
+                pendingPreKey.preKeyId = device.preKey.keyId;
+            }
+            session.pendingPreKey = pendingPreKey;
+            let record = await this.storage.loadSession(fqAddr);
+            if (!record) {
+                record = new SessionRecord();
+            }
+            else {
+                const openSession = record.getOpenSession();
+                if (openSession)
+                    record.closeSession(openSession);
+            }
+            record.setSession(session);
+            await this.storage.storeSession(fqAddr, record);
+        });
+    }
+    async initIncoming(record, message) {
+        const fqAddr = this.addr.toString();
+        if (!await this.storage.isTrustedIdentity(fqAddr, message.identityKey)) {
+            throw new UntrustedIdentityKeyError(this.addr.id, message.identityKey);
+        }
+        if (record.getSession(message.baseKey)) {
+            return undefined;
+        }
+        const [preKeyPair, signedPreKeyPair] = await Promise.all([
+            message.preKeyId ? this.storage.loadPreKey(message.preKeyId) : Promise.resolve(undefined),
+            this.storage.loadSignedPreKey(message.signedPreKeyId)
+        ]);
+        if (message.preKeyId && !preKeyPair) {
+            throw new PreKeyError('Invalid PreKey ID');
+        }
+        if (!signedPreKeyPair) {
+            throw new PreKeyError('Missing SignedPreKey');
+        }
+        const existingOpenSession = record.getOpenSession();
+        if (existingOpenSession) {
+            console.warn('Closing open session in favor of incoming prekey bundle');
+            record.closeSession(existingOpenSession);
+        }
+        const session = await this.initSession(false, preKeyPair, signedPreKeyPair, message.identityKey, message.baseKey, undefined, message.registrationId);
+        record.setSession(session);
+        return message.preKeyId;
+    }
+    async initSession(isInitiator, ourEphemeralKey, ourSignedKey, theirIdentityPubKey, theirEphemeralPubKey, theirSignedPubKey, registrationId) {
+        if (isInitiator) {
+            ourSignedKey = ourEphemeralKey;
+        }
+        else {
+            theirSignedPubKey = theirEphemeralPubKey;
+        }
+        const sharedSecretLen = (!ourEphemeralKey || !theirEphemeralPubKey) ? 128 : 160;
+        const sharedSecret = new Uint8Array(sharedSecretLen);
+        sharedSecret.fill(0xff, 0, 32);
+        const ourIdentityKey = await this.storage.getOurIdentity();
+        const [a1, a2, a3] = await Promise.all([
+            signalCrypto.calculateAgreement(theirSignedPubKey, ourIdentityKey.privKey),
+            signalCrypto.calculateAgreement(theirIdentityPubKey, ourSignedKey.privKey),
+            signalCrypto.calculateAgreement(theirSignedPubKey, ourSignedKey.privKey)
+        ]);
+        sharedSecret.set(a1, isInitiator ? 32 : 64);
+        sharedSecret.set(a2, isInitiator ? 64 : 32);
+        sharedSecret.set(a3, 96);
+        if (ourEphemeralKey && theirEphemeralPubKey) {
+            const a4 = signalCrypto.calculateAgreement(theirEphemeralPubKey, ourEphemeralKey.privKey);
+            sharedSecret.set(a4, 128);
+        }
+        const masterKey = this.deriveSecrets(sharedSecret, new Uint8Array(32), new TextEncoder().encode('WhisperText'), 2);
+        const session = SessionRecord.createEntry();
+        session.registrationId = registrationId;
+        const ephemeralKP = isInitiator
+            ? await signalCrypto.generateDHKeyPair().then(kp => ({
+                pubKey: kp.publicKey,
+                privKey: kp.privateKey
+            }))
+            : {
+                pubKey: ourSignedKey.pubKey,
+                privKey: ourSignedKey.privKey
+            };
+        session.currentRatchet = {
+            rootKey: masterKey[0],
+            ephemeralKeyPair: ephemeralKP,
+            lastRemoteEphemeralKey: theirSignedPubKey,
+            previousCounter: 0
+        };
+        session.indexInfo = {
+            created: Date.now(),
+            used: Date.now(),
+            remoteIdentityKey: theirIdentityPubKey,
+            baseKey: isInitiator ? ourEphemeralKey.pubKey : theirEphemeralPubKey,
+            baseKeyType: isInitiator ? BaseKeyType.OURS : BaseKeyType.THEIRS,
+            closed: -1
+        };
+        if (isInitiator) {
+            this.calculateSendingRatchet(session, theirSignedPubKey);
+        }
+        return session;
+    }
+    calculateSendingRatchet(session, remoteKey) {
+        const ratchet = session.currentRatchet;
+        const sharedSecret = signalCrypto.calculateAgreement(remoteKey, ratchet.ephemeralKeyPair.privKey);
+        const masterKey = this.deriveSecrets(sharedSecret, ratchet.rootKey, new TextEncoder().encode('WhisperRatchet'), 2);
+        session.addChain(ratchet.ephemeralKeyPair.pubKey, {
+            messageKeys: {},
+            chainKey: {
+                counter: -1,
+                key: masterKey[1]
+            },
+            chainType: ChainType.SENDING
+        });
+        ratchet.rootKey = masterKey[0];
+    }
+    deriveSecrets(input, salt, info, chunks = 3) {
+        const hkdf = crypto.hkdf(input, salt, info, { length: chunks * 32 });
+        const result = [];
+        for (let i = 0; i < chunks; i++) {
+            result.push(hkdf.subarray(i * 32, (i + 1) * 32));
+        }
+        return result;
+    }
+}

package/dist/session/builder/types.d.ts

@@ -0,0 +1,38 @@
+import type { SessionRecord } from '../record/index.js';
+export interface PreKeyWhisperMessage {
+    identityKey: Uint8Array;
+    registrationId: number;
+    baseKey: Uint8Array;
+    signedPreKeyId: number;
+    preKeyId?: number;
+    message: Uint8Array;
+}
+export interface IdentityKeyPair {
+    pubKey: Uint8Array;
+    privKey: Uint8Array;
+}
+export type KeyPair = {
+    pubKey: Uint8Array;
+    privKey: Uint8Array;
+};
+export interface PreKeyBundle {
+    identityKey: Uint8Array;
+    registrationId: number;
+    preKey?: {
+        keyId: number;
+        publicKey: Uint8Array;
+    };
+    signedPreKey: {
+        keyId: number;
+        publicKey: Uint8Array;
+        signature: Uint8Array;
+    };
+}
+export interface SessionBuilderStorage {
+    isTrustedIdentity(addressName: string, identityKey: Uint8Array): Promise<boolean>;
+    loadSession(addressName: string): Promise<SessionRecord | undefined>;
+    storeSession(addressName: string, record: SessionRecord): Promise<void>;
+    getOurIdentity(): Promise<IdentityKeyPair>;
+    loadPreKey(preKeyId: number): Promise<KeyPair | undefined>;
+    loadSignedPreKey(signedPreKeyId: number): Promise<KeyPair | undefined>;
+}

package/dist/session/builder/types.js

@@ -0,0 +1 @@
+export {};

package/dist/session/cipher/encoding.d.ts

@@ -0,0 +1,13 @@
+import type { WhisperMessageProto, PreKeyWhisperMessageProto } from './types.js';
+export declare class WhisperMessageEncoder {
+    static encodeWhisperMessage(msg: WhisperMessageProto): Uint8Array;
+    static decodeWhisperMessage(buf: Uint8Array): WhisperMessageProto;
+    static encodePreKeyWhisperMessage(msg: PreKeyWhisperMessageProto): Uint8Array;
+    static decodePreKeyWhisperMessage(buf: Uint8Array): PreKeyWhisperMessageProto;
+    private static encodeFieldVarint;
+    private static encodeFieldBytes;
+    private static encodeVarint;
+    private static decodeVarint;
+    private static decodeFieldHeader;
+    private static concatUint8Arrays;
+}

package/dist/session/cipher/encoding.js

@@ -0,0 +1,135 @@
+export class WhisperMessageEncoder {
+    static encodeWhisperMessage(msg) {
+        const parts = [];
+        if (msg.ephemeralKey)
+            parts.push(this.encodeFieldBytes(1, msg.ephemeralKey));
+        if (msg.counter !== undefined)
+            parts.push(this.encodeFieldVarint(2, msg.counter));
+        if (msg.previousCounter !== undefined)
+            parts.push(this.encodeFieldVarint(3, msg.previousCounter));
+        if (msg.ciphertext)
+            parts.push(this.encodeFieldBytes(4, msg.ciphertext));
+        return this.concatUint8Arrays(parts);
+    }
+    static decodeWhisperMessage(buf) {
+        const msg = {};
+        let offset = 0;
+        while (offset < buf.length) {
+            const [tag, type, nextOffset] = this.decodeFieldHeader(buf, offset);
+            offset = nextOffset;
+            if (type === 2) {
+                const [len, next] = this.decodeVarint(buf, offset);
+                offset = next;
+                const value = buf.subarray(offset, offset + len);
+                offset += len;
+                if (tag === 1)
+                    msg.ephemeralKey = value;
+                if (tag === 4)
+                    msg.ciphertext = value;
+            }
+            else if (type === 0) {
+                const [value, next] = this.decodeVarint(buf, offset);
+                offset = next;
+                if (tag === 2)
+                    msg.counter = value;
+                if (tag === 3)
+                    msg.previousCounter = value;
+            }
+        }
+        return msg;
+    }
+    static encodePreKeyWhisperMessage(msg) {
+        const parts = [];
+        if (msg.identityKey)
+            parts.push(this.encodeFieldBytes(1, msg.identityKey));
+        if (msg.registrationId !== undefined)
+            parts.push(this.encodeFieldVarint(2, msg.registrationId));
+        if (msg.baseKey)
+            parts.push(this.encodeFieldBytes(3, msg.baseKey));
+        if (msg.signedPreKeyId !== undefined)
+            parts.push(this.encodeFieldVarint(4, msg.signedPreKeyId));
+        if (msg.preKeyId !== undefined)
+            parts.push(this.encodeFieldVarint(5, msg.preKeyId));
+        if (msg.message)
+            parts.push(this.encodeFieldBytes(6, msg.message));
+        return this.concatUint8Arrays(parts);
+    }
+    static decodePreKeyWhisperMessage(buf) {
+        const msg = {};
+        let offset = 0;
+        while (offset < buf.length) {
+            const [tag, type, nextOffset] = this.decodeFieldHeader(buf, offset);
+            offset = nextOffset;
+            if (type === 2) {
+                const [len, next] = this.decodeVarint(buf, offset);
+                offset = next;
+                const value = buf.subarray(offset, offset + len);
+                offset += len;
+                if (tag === 1)
+                    msg.identityKey = value;
+                if (tag === 3)
+                    msg.baseKey = value;
+                if (tag === 6)
+                    msg.message = value;
+            }
+            else if (type === 0) {
+                const [value, next] = this.decodeVarint(buf, offset);
+                offset = next;
+                if (tag === 2)
+                    msg.registrationId = value;
+                if (tag === 4)
+                    msg.signedPreKeyId = value;
+                if (tag === 5)
+                    msg.preKeyId = value;
+            }
+        }
+        return msg;
+    }
+    static encodeFieldVarint(tag, value) {
+        const header = this.encodeVarint((tag << 3) | 0);
+        const val = this.encodeVarint(value);
+        return this.concatUint8Arrays([header, val]);
+    }
+    static encodeFieldBytes(tag, value) {
+        const header = this.encodeVarint((tag << 3) | 2);
+        const len = this.encodeVarint(value.length);
+        return this.concatUint8Arrays([header, len, value]);
+    }
+    static encodeVarint(value) {
+        const result = [];
+        while ((value & 0xffffff80) !== 0) {
+            result.push((value & 0xff) | 0x80);
+            value >>>= 7;
+        }
+        result.push(value & 0xff);
+        return new Uint8Array(result);
+    }
+    static decodeVarint(buf, offset) {
+        let value = 0;
+        let shift = 0;
+        let i = offset;
+        while (i < buf.length) {
+            const byte = buf[i];
+            value |= (byte & 0x7f) << shift;
+            if ((byte & 0x80) === 0)
+                return [value, i + 1];
+            shift += 7;
+            i++;
+        }
+        throw new Error('Varint overflow');
+    }
+    static decodeFieldHeader(buf, offset) {
+        const [header, nextOffset] = this.decodeVarint(buf, offset);
+        return [header >> 3, header & 0x07, nextOffset];
+    }
+    static concatUint8Arrays(arrays) {
+        const total = arrays.reduce((sum, a) => sum + a.length, 0);
+        const result = new Uint8Array(total);
+        let offset = 0;
+        for (const arr of arrays) {
+            result.set(arr, offset);
+            offset += arr.length;
+        }
+        return result;
+    }
+}

package/dist/session/cipher/index.d.ts

@@ -0,0 +1,3 @@
+export * from './types.js';
+export * from './encoding.js';
+export * from './session-cipher.js';

package/dist/session/cipher/index.js

@@ -0,0 +1,3 @@
+export * from './types.js';
+export * from './encoding.js';
+export * from './session-cipher.js';

package/dist/session/cipher/session-cipher.d.ts

@@ -0,0 +1,26 @@
+import type { EncryptResult, SessionCipherStorage } from './types.js';
+import { ProtocolAddress } from '../../protocol_address.js';
+export declare class SessionCipher {
+    private readonly addr;
+    private readonly addrStr;
+    private readonly storage;
+    constructor(storage: SessionCipherStorage, protocolAddress: ProtocolAddress);
+    toString(): string;
+    private _encodeTupleByte;
+    private _decodeTupleByte;
+    private getRecord;
+    private storeRecord;
+    private queueJob;
+    encrypt(data: Uint8Array): Promise<EncryptResult>;
+    decryptWhisperMessage(data: Uint8Array): Promise<Uint8Array>;
+    decryptPreKeyWhisperMessage(data: Uint8Array): Promise<Uint8Array>;
+    hasOpenSession(): Promise<boolean>;
+    closeOpenSession(): Promise<void>;
+    private decryptWithSessions;
+    private doDecryptWhisperMessage;
+    private fillMessageKeys;
+    private maybeStepRatchet;
+    private calculateRatchet;
+    private deriveSecrets;
+    private verifyMAC;
+}