@unknownncat/swt-libsignal 1.0.4

package/dist/session/cipher/session-cipher.js

@@ -0,0 +1,300 @@
+import { PROTOCOL_VERSION } from '../constants.js';
+import { WhisperMessageEncoder } from './encoding.js';
+import { assertUint8 } from '../utils.js';
+import { ChainType } from '../../chain_type.js';
+import { ProtocolAddress } from '../../protocol_address.js';
+import { SessionBuilder } from '../builder/session-builder.js';
+import { SessionRecord } from '../record/index.js';
+import { crypto } from '../../crypto.js';
+import { signalCrypto } from '../../curve.js';
+import { SessionError, UntrustedIdentityKeyError, MessageCounterError } from '../../signal-errors.js';
+import { enqueue } from '../../job_queue.js';
+export class SessionCipher {
+    addr;
+    addrStr;
+    storage;
+    constructor(storage, protocolAddress) {
+        if (!(protocolAddress instanceof ProtocolAddress)) {
+            throw new TypeError('protocolAddress must be a ProtocolAddress');
+        }
+        this.addr = protocolAddress;
+        this.addrStr = protocolAddress.toString();
+        this.storage = storage;
+    }
+    toString() {
+        return `<SessionCipher(${this.addrStr})>`;
+    }
+    _encodeTupleByte(n1, n2) {
+        if (n1 > 15 || n2 > 15)
+            throw new TypeError('Numbers must be 4 bits or less');
+        return (n1 << 4) | n2;
+    }
+    _decodeTupleByte(byte) {
+        return [byte >> 4, byte & 0xf];
+    }
+    async getRecord() {
+        const record = await this.storage.loadSession(this.addrStr);
+        if (record && !(record instanceof SessionRecord)) {
+            throw new TypeError('SessionRecord type expected from loadSession');
+        }
+        return record;
+    }
+    async storeRecord(record) {
+        record.removeOldSessions();
+        await this.storage.storeSession(this.addrStr, record);
+    }
+    async queueJob(fn) {
+        return enqueue(this.addrStr, fn);
+    }
+    async encrypt(data) {
+        assertUint8(data);
+        const ourIdentity = await this.storage.getOurIdentity();
+        return this.queueJob(async () => {
+            const record = await this.getRecord();
+            if (!record)
+                throw new SessionError('No sessions');
+            const session = record.getOpenSession();
+            if (!session)
+                throw new SessionError('No open session');
+            const remoteIdentityKey = session.indexInfo.remoteIdentityKey;
+            if (!await this.storage.isTrustedIdentity(this.addr.id, remoteIdentityKey)) {
+                throw new UntrustedIdentityKeyError(this.addr.id, remoteIdentityKey);
+            }
+            const chain = session.getChain(session.currentRatchet.ephemeralKeyPair.pubKey);
+            if (!chain || chain.chainType === ChainType.RECEIVING) {
+                throw new Error('Tried to encrypt on a receiving chain');
+            }
+            this.fillMessageKeys(chain, chain.chainKey.counter + 1);
+            const messageKey = chain.messageKeys[chain.chainKey.counter];
+            if (!messageKey)
+                throw new Error('Message key not generated');
+            const keys = this.deriveSecrets(messageKey, new Uint8Array(32), new TextEncoder().encode('WhisperMessageKeys'));
+            delete chain.messageKeys[chain.chainKey.counter];
+            const [cipherKey, macKey, aadKey] = keys;
+            if (!cipherKey || !macKey || !aadKey)
+                throw new Error('Keys not derived');
+            const encrypted = await crypto.encrypt(cipherKey, data, { aad: aadKey.subarray(0, 16) });
+            const msg = {
+                ephemeralKey: session.currentRatchet.ephemeralKeyPair.pubKey,
+                counter: chain.chainKey.counter,
+                previousCounter: session.currentRatchet.previousCounter,
+                ciphertext: encrypted.ciphertext
+            };
+            const msgBuf = WhisperMessageEncoder.encodeWhisperMessage(msg);
+            const macInput = new Uint8Array(msgBuf.byteLength + 67);
+            macInput.set(ourIdentity.pubKey);
+            macInput.set(remoteIdentityKey, 33);
+            macInput[66] = this._encodeTupleByte(PROTOCOL_VERSION, PROTOCOL_VERSION);
+            macInput.set(msgBuf, 67);
+            const mac = crypto.hmacSha256(macKey, macInput);
+            const result = new Uint8Array(msgBuf.byteLength + 9);
+            result[0] = this._encodeTupleByte(PROTOCOL_VERSION, PROTOCOL_VERSION);
+            result.set(msgBuf, 1);
+            result.set(mac.subarray(0, 8), msgBuf.byteLength + 1);
+            await this.storeRecord(record);
+            if (session.pendingPreKey) {
+                const preKeyMsg = {
+                    identityKey: ourIdentity.pubKey,
+                    registrationId: await this.storage.getOurRegistrationId(),
+                    baseKey: session.pendingPreKey.baseKey,
+                    signedPreKeyId: session.pendingPreKey.signedKeyId,
+                    preKeyId: session.pendingPreKey.preKeyId,
+                    message: result
+                };
+                const preKeyBuf = WhisperMessageEncoder.encodePreKeyWhisperMessage(preKeyMsg);
+                const body = new Uint8Array(1 + preKeyBuf.byteLength);
+                body[0] = this._encodeTupleByte(PROTOCOL_VERSION, PROTOCOL_VERSION);
+                body.set(preKeyBuf, 1);
+                return { type: 3, body, registrationId: session.registrationId };
+            }
+            return { type: 1, body: result, registrationId: session.registrationId };
+        });
+    }
+    async decryptWhisperMessage(data) {
+        assertUint8(data);
+        return this.queueJob(async () => {
+            const record = await this.getRecord();
+            if (!record)
+                throw new SessionError('No session record');
+            const result = await this.decryptWithSessions(data, record.getSessions());
+            const remoteIdentityKey = result.session.indexInfo.remoteIdentityKey;
+            if (!await this.storage.isTrustedIdentity(this.addr.id, remoteIdentityKey)) {
+                throw new UntrustedIdentityKeyError(this.addr.id, remoteIdentityKey);
+            }
+            await this.storeRecord(record);
+            return result.plaintext;
+        });
+    }
+    async decryptPreKeyWhisperMessage(data) {
+        assertUint8(data);
+        if (!data[0])
+            throw new Error('Invalid PreKeyWhisperMessage');
+        const versions = this._decodeTupleByte(data[0]);
+        if (versions[1] > PROTOCOL_VERSION || versions[0] < PROTOCOL_VERSION) {
+            throw new Error('Incompatible version number on PreKeyWhisperMessage');
+        }
+        return this.queueJob(async () => {
+            let record = await this.getRecord();
+            const preKeyProto = WhisperMessageEncoder.decodePreKeyWhisperMessage(data.subarray(1));
+            if (!record) {
+                if (preKeyProto.registrationId == null)
+                    throw new Error('No registrationId');
+                record = new SessionRecord();
+            }
+            const builder = new SessionBuilder(this.storage, this.addr);
+            const preKeyId = await builder.initIncoming(record, preKeyProto);
+            const session = record.getSession(preKeyProto.baseKey);
+            if (!session)
+                throw new SessionError('Session not initialized');
+            const plaintext = await this.doDecryptWhisperMessage(preKeyProto.message, session);
+            await this.storeRecord(record);
+            if (preKeyId)
+                await this.storage.removePreKey(preKeyId);
+            return plaintext;
+        });
+    }
+    async hasOpenSession() {
+        return this.queueJob(async () => {
+            const record = await this.getRecord();
+            return !!record && record.haveOpenSession();
+        });
+    }
+    async closeOpenSession() {
+        return this.queueJob(async () => {
+            const record = await this.getRecord();
+            if (record) {
+                const open = record.getOpenSession();
+                if (open) {
+                    record.closeSession(open);
+                    await this.storeRecord(record);
+                }
+            }
+        });
+    }
+    async decryptWithSessions(data, sessions) {
+        if (!sessions.length)
+            throw new SessionError('No sessions available');
+        const errors = [];
+        for (const session of sessions) {
+            try {
+                const plaintext = await this.doDecryptWhisperMessage(data, session);
+                session.indexInfo.used = Date.now();
+                return { session, plaintext };
+            }
+            catch (e) {
+                errors.push(e);
+            }
+        }
+        console.error('Failed to decrypt with any session');
+        errors.forEach(e => console.error(e));
+        throw new SessionError('No matching sessions found for message');
+    }
+    async doDecryptWhisperMessage(messageBuffer, session) {
+        assertUint8(messageBuffer);
+        if (!messageBuffer[0])
+            throw new Error('Invalid WhisperMessage');
+        const versions = this._decodeTupleByte(messageBuffer[0]);
+        if (versions[1] > PROTOCOL_VERSION || versions[0] < PROTOCOL_VERSION) {
+            throw new Error('Incompatible version number on WhisperMessage');
+        }
+        const messageEnd = messageBuffer.byteLength - 8;
+        const messageProto = messageBuffer.subarray(1, messageEnd);
+        const message = WhisperMessageEncoder.decodeWhisperMessage(messageProto);
+        await this.maybeStepRatchet(session, message.ephemeralKey, message.previousCounter);
+        const chain = session.getChain(message.ephemeralKey);
+        if (!chain || chain.chainType === ChainType.SENDING) {
+            throw new Error('Tried to decrypt on a sending chain');
+        }
+        this.fillMessageKeys(chain, message.counter);
+        if (!Object.prototype.hasOwnProperty.call(chain.messageKeys, message.counter)) {
+            throw new MessageCounterError('Key used already or never filled');
+        }
+        const messageKey = chain.messageKeys[message.counter];
+        delete chain.messageKeys[message.counter];
+        const keys = this.deriveSecrets(messageKey, new Uint8Array(32), new TextEncoder().encode('WhisperMessageKeys'));
+        const ourIdentity = await this.storage.getOurIdentity();
+        const macInput = new Uint8Array(messageEnd + 67);
+        macInput.set(session.indexInfo.remoteIdentityKey);
+        macInput.set(ourIdentity.pubKey, 33);
+        macInput[66] = this._encodeTupleByte(PROTOCOL_VERSION, PROTOCOL_VERSION);
+        macInput.set(messageProto, 67);
+        const mac = messageBuffer.subarray(-8);
+        this.verifyMAC(macInput, keys[1], mac, 8);
+        const plaintext = await crypto.decrypt(keys[0], {
+            ciphertext: message.ciphertext,
+            iv: keys[2].subarray(0, 16),
+            tag: keys[2].subarray(16, 32)
+        });
+        delete session.pendingPreKey;
+        return plaintext;
+    }
+    fillMessageKeys(chain, targetCounter) {
+        if (chain.chainKey.counter >= targetCounter)
+            return;
+        if (targetCounter - chain.chainKey.counter > 2000) {
+            throw new SessionError('Over 2000 messages into the future!');
+        }
+        if (chain.chainKey.key === undefined) {
+            throw new SessionError('Chain closed');
+        }
+        let key = chain.chainKey.key;
+        let counter = chain.chainKey.counter;
+        while (counter < targetCounter) {
+            counter++;
+            chain.messageKeys[counter] = crypto.hmacSha256(key, new Uint8Array([1]));
+            key = crypto.hmacSha256(key, new Uint8Array([2]));
+        }
+        chain.chainKey.key = key;
+        chain.chainKey.counter = counter;
+    }
+    async maybeStepRatchet(session, remoteKey, previousCounter) {
+        if (session.getChain(remoteKey))
+            return;
+        const ratchet = session.currentRatchet;
+        const previousRatchet = session.getChain(ratchet.lastRemoteEphemeralKey);
+        if (previousRatchet) {
+            this.fillMessageKeys(previousRatchet, previousCounter);
+            previousRatchet.chainKey.key = undefined;
+        }
+        this.calculateRatchet(session, remoteKey, false);
+        const prevChain = session.getChain(ratchet.ephemeralKeyPair.pubKey);
+        if (prevChain) {
+            ratchet.previousCounter = prevChain.chainKey.counter;
+            session.deleteChain(ratchet.ephemeralKeyPair.pubKey);
+        }
+        const newKp = await signalCrypto.generateDHKeyPair();
+        ratchet.ephemeralKeyPair = {
+            pubKey: newKp.publicKey,
+            privKey: newKp.privateKey
+        };
+        this.calculateRatchet(session, remoteKey, true);
+        ratchet.lastRemoteEphemeralKey = remoteKey;
+    }
+    calculateRatchet(session, remoteKey, sending) {
+        const ratchet = session.currentRatchet;
+        const sharedSecret = signalCrypto.calculateAgreement(remoteKey, ratchet.ephemeralKeyPair.privKey);
+        const masterKeys = this.deriveSecrets(sharedSecret, ratchet.rootKey, new TextEncoder().encode('WhisperRatchet'), 2);
+        const chainKey = sending ? ratchet.ephemeralKeyPair.pubKey : remoteKey;
+        session.addChain(chainKey, {
+            messageKeys: {},
+            chainKey: { counter: -1, key: masterKeys[1] },
+            chainType: sending ? ChainType.SENDING : ChainType.RECEIVING
+        });
+        ratchet.rootKey = masterKeys[0];
+    }
+    deriveSecrets(input, salt, info, chunks = 3) {
+        const hkdf = crypto.hkdf(input, salt, info, { length: chunks * 32 });
+        const result = [];
+        for (let i = 0; i < chunks; i++) {
+            result.push(hkdf.subarray(i * 32, (i + 1) * 32));
+        }
+        return result;
+    }
+    verifyMAC(macInput, key, mac, length) {
+        const computed = crypto.hmacSha256(key, macInput);
+        for (let i = 0; i < length; i++) {
+            if (computed[i] !== mac[i])
+                throw new Error('MAC verification failed');
+        }
+    }
+}

package/dist/session/cipher/types.d.ts

@@ -0,0 +1,47 @@
+import type { SessionEntry } from "../record/session-entry.js";
+import type { SessionRecord } from "../record/session-record.js";
+export interface EncryptResult {
+    type: number;
+    body: Uint8Array;
+    registrationId: number;
+}
+export interface DecryptResult {
+    plaintext: Uint8Array;
+}
+export interface DecryptWithSessionResult {
+    session: SessionEntry;
+    plaintext: Uint8Array;
+}
+export interface WhisperMessageProto {
+    ephemeralKey: Uint8Array;
+    counter: number;
+    previousCounter: number;
+    ciphertext: Uint8Array;
+}
+export interface PreKeyWhisperMessageProto {
+    identityKey: Uint8Array;
+    registrationId: number;
+    baseKey: Uint8Array;
+    signedPreKeyId: number;
+    preKeyId?: number;
+    message: Uint8Array;
+}
+export interface SessionCipherStorage {
+    loadSession(addressName: string): Promise<SessionRecord | undefined>;
+    storeSession(addressName: string, record: SessionRecord): Promise<void>;
+    getOurIdentity(): Promise<{
+        pubKey: Uint8Array;
+        privKey: Uint8Array;
+    }>;
+    isTrustedIdentity(addressName: string, identityKey: Uint8Array): Promise<boolean>;
+    getOurRegistrationId(): Promise<number>;
+    loadPreKey(preKeyId: number): Promise<{
+        pubKey: Uint8Array;
+        privKey: Uint8Array;
+    } | undefined>;
+    loadSignedPreKey(signedPreKeyId: number): Promise<{
+        pubKey: Uint8Array;
+        privKey: Uint8Array;
+    } | undefined>;
+    removePreKey(preKeyId: number): Promise<void>;
+}

package/dist/session/cipher/types.js

@@ -0,0 +1 @@
+export {};

package/dist/session/constants.d.ts

@@ -0,0 +1,3 @@
+export declare const CLOSED_SESSIONS_MAX = 40;
+export declare const SESSION_RECORD_VERSION = "v1";
+export declare const PROTOCOL_VERSION = 3;

package/dist/session/constants.js

@@ -0,0 +1,3 @@
+export const CLOSED_SESSIONS_MAX = 40;
+export const SESSION_RECORD_VERSION = 'v1';
+export const PROTOCOL_VERSION = 3;

package/dist/session/index.d.ts

@@ -0,0 +1,3 @@
+export * from "./cipher/index.js";
+export * from "./record/index.js";
+export * from "./builder/index.js";

package/dist/session/index.js

@@ -0,0 +1,3 @@
+export * from "./cipher/index.js";
+export * from "./record/index.js";
+export * from "./builder/index.js";

package/dist/session/record/index.d.ts

@@ -0,0 +1,3 @@
+export * from './types.js';
+export * from './session-entry.js';
+export * from './session-record.js';

package/dist/session/record/index.js

@@ -0,0 +1,3 @@
+export * from './types.js';
+export * from './session-entry.js';
+export * from './session-record.js';

package/dist/session/record/session-entry.d.ts

@@ -0,0 +1,20 @@
+import type { ChainState, CurrentRatchet, IndexInfo, PendingPreKey, SerializedSessionEntry } from './types.js';
+export declare class SessionEntry {
+    registrationId: number;
+    currentRatchet: CurrentRatchet;
+    indexInfo: IndexInfo;
+    pendingPreKey?: PendingPreKey;
+    private _chains;
+    toString(): string;
+    inspect(): string;
+    addChain(key: Uint8Array, value: ChainState): void;
+    getChain(key: Uint8Array): ChainState | undefined;
+    deleteChain(key: Uint8Array): void;
+    chains(): Generator<[Uint8Array, ChainState]>;
+    private serializeChains;
+    private serializePendingPreKey;
+    serialize(): SerializedSessionEntry;
+    private static deserializeChains;
+    private static deserializePendingPreKey;
+    static deserialize(data: SerializedSessionEntry): SessionEntry;
+}

package/dist/session/record/session-entry.js

@@ -0,0 +1,146 @@
+import { assertUint8, toBase64, u8 } from '../utils.js';
+export class SessionEntry {
+    registrationId;
+    currentRatchet;
+    indexInfo;
+    pendingPreKey;
+    _chains = new Map();
+    toString() {
+        const baseKey = this.indexInfo?.baseKey ? toBase64(this.indexInfo.baseKey) : '—';
+        return `<SessionEntry [baseKey=${baseKey}]>`;
+    }
+    inspect() {
+        return this.toString();
+    }
+    addChain(key, value) {
+        assertUint8(key);
+        const id = toBase64(key);
+        if (this._chains.has(id))
+            throw new Error('Overwrite attempt');
+        this._chains.set(id, value);
+    }
+    getChain(key) {
+        assertUint8(key);
+        return this._chains.get(toBase64(key));
+    }
+    deleteChain(key) {
+        assertUint8(key);
+        const id = toBase64(key);
+        if (!this._chains.has(id))
+            throw new ReferenceError('Not Found');
+        this._chains.delete(id);
+    }
+    *chains() {
+        for (const [k, v] of this._chains) {
+            yield [fromBase64(k), v];
+        }
+    }
+    serializeChains() {
+        const result = {};
+        for (const [key, c] of this._chains) {
+            if (!c)
+                continue;
+            const messageKeys = {};
+            for (const [idx, mk] of Object.entries(c.messageKeys)) {
+                messageKeys[idx] = u8.encode(mk);
+            }
+            result[key] = {
+                chainKey: {
+                    counter: c.chainKey.counter,
+                    key: u8.encode(c.chainKey.key),
+                },
+                chainType: c.chainType,
+                messageKeys,
+            };
+        }
+        return result;
+    }
+    serializePendingPreKey(ppk) {
+        return {
+            baseKey: u8.encode(ppk.baseKey),
+            signedKeyId: ppk.signedKeyId,
+            ...(ppk.preKeyId !== undefined && { preKeyId: ppk.preKeyId }),
+        };
+    }
+    serialize() {
+        const data = {
+            registrationId: this.registrationId,
+            currentRatchet: {
+                ephemeralKeyPair: {
+                    pubKey: u8.encode(this.currentRatchet.ephemeralKeyPair.pubKey),
+                    privKey: u8.encode(this.currentRatchet.ephemeralKeyPair.privKey),
+                },
+                lastRemoteEphemeralKey: u8.encode(this.currentRatchet.lastRemoteEphemeralKey),
+                previousCounter: this.currentRatchet.previousCounter,
+                rootKey: u8.encode(this.currentRatchet.rootKey),
+            },
+            indexInfo: {
+                baseKey: u8.encode(this.indexInfo.baseKey),
+                baseKeyType: this.indexInfo.baseKeyType,
+                closed: this.indexInfo.closed,
+                used: this.indexInfo.used,
+                created: this.indexInfo.created,
+                remoteIdentityKey: u8.encode(this.indexInfo.remoteIdentityKey),
+            },
+            _chains: this.serializeChains(),
+        };
+        if (this.pendingPreKey) {
+            data.pendingPreKey = this.serializePendingPreKey(this.pendingPreKey);
+        }
+        return data;
+    }
+    static deserializeChains(chains) {
+        const result = new Map();
+        for (const [key, c] of Object.entries(chains)) {
+            if (!c)
+                continue;
+            const messageKeys = {};
+            for (const [idx, mk] of Object.entries(c.messageKeys)) {
+                messageKeys[idx] = u8.decode(mk);
+            }
+            result.set(key, {
+                chainKey: {
+                    counter: c.chainKey.counter,
+                    key: u8.decode(c.chainKey.key),
+                },
+                chainType: c.chainType,
+                messageKeys,
+            });
+        }
+        return result;
+    }
+    static deserializePendingPreKey(data) {
+        return {
+            baseKey: u8.decode(data.baseKey),
+            signedKeyId: data.signedKeyId,
+            preKeyId: data.preKeyId,
+        };
+    }
+    static deserialize(data) {
+        const obj = new SessionEntry();
+        obj.registrationId = data.registrationId;
+        obj.currentRatchet = {
+            ephemeralKeyPair: {
+                pubKey: u8.decode(data.currentRatchet.ephemeralKeyPair.pubKey),
+                privKey: u8.decode(data.currentRatchet.ephemeralKeyPair.privKey),
+            },
+            lastRemoteEphemeralKey: u8.decode(data.currentRatchet.lastRemoteEphemeralKey),
+            previousCounter: data.currentRatchet.previousCounter,
+            rootKey: u8.decode(data.currentRatchet.rootKey),
+        };
+        obj.indexInfo = {
+            baseKey: u8.decode(data.indexInfo.baseKey),
+            baseKeyType: data.indexInfo.baseKeyType,
+            closed: data.indexInfo.closed,
+            used: data.indexInfo.used,
+            created: data.indexInfo.created,
+            remoteIdentityKey: u8.decode(data.indexInfo.remoteIdentityKey),
+        };
+        obj._chains = this.deserializeChains(data._chains);
+        if (data.pendingPreKey) {
+            obj.pendingPreKey = this.deserializePendingPreKey(data.pendingPreKey);
+        }
+        return obj;
+    }
+}
+import { fromBase64 } from '../utils.js';

package/dist/session/record/session-record.d.ts

@@ -0,0 +1,21 @@
+import type { SerializedSessionRecord } from './types.js';
+import { SessionEntry } from './session-entry.js';
+export declare class SessionRecord {
+    sessions: Record<string, SessionEntry>;
+    version: string;
+    private _sortedSessions;
+    static createEntry(): SessionEntry;
+    static deserialize(data: SerializedSessionRecord): SessionRecord;
+    serialize(): SerializedSessionRecord;
+    private invalidateCache;
+    haveOpenSession(): boolean;
+    getSession(key: Uint8Array): SessionEntry | undefined;
+    getOpenSession(): SessionEntry | undefined;
+    setSession(session: SessionEntry): void;
+    getSessions(): SessionEntry[];
+    closeSession(session: SessionEntry): void;
+    openSession(session: SessionEntry): void;
+    isClosed(session: SessionEntry): boolean;
+    removeOldSessions(): void;
+    deleteAllSessions(): void;
+}

package/dist/session/record/session-record.js

@@ -0,0 +1,95 @@
+import { SessionEntry } from './session-entry.js';
+import { CLOSED_SESSIONS_MAX, SESSION_RECORD_VERSION } from '../constants.js';
+import { assertUint8, toBase64 } from '../utils.js';
+import { BaseKeyType } from '../../base_key_type.js';
+export class SessionRecord {
+    sessions = {};
+    version = SESSION_RECORD_VERSION;
+    _sortedSessions = null;
+    static createEntry() {
+        return new SessionEntry();
+    }
+    static deserialize(data) {
+        const obj = new SessionRecord();
+        if (data._sessions) {
+            for (const [key, entry] of Object.entries(data._sessions)) {
+                obj.sessions[key] = SessionEntry.deserialize(entry);
+            }
+        }
+        return obj;
+    }
+    serialize() {
+        const _sessions = {};
+        for (const [key, entry] of Object.entries(this.sessions)) {
+            _sessions[key] = entry.serialize();
+        }
+        return { _sessions, version: this.version };
+    }
+    invalidateCache() {
+        this._sortedSessions = null;
+    }
+    haveOpenSession() {
+        const open = this.getOpenSession();
+        return !!open && typeof open.registrationId === 'number';
+    }
+    getSession(key) {
+        assertUint8(key);
+        const session = this.sessions[toBase64(key)];
+        if (session?.indexInfo.baseKeyType === BaseKeyType.OURS) {
+            throw new Error('Tried to lookup a session using our basekey');
+        }
+        return session;
+    }
+    getOpenSession() {
+        for (const session of Object.values(this.sessions)) {
+            if (session.indexInfo.closed === -1)
+                return session;
+        }
+    }
+    setSession(session) {
+        this.sessions[toBase64(session.indexInfo.baseKey)] = session;
+        this.invalidateCache();
+    }
+    getSessions() {
+        if (!this._sortedSessions) {
+            this._sortedSessions = Object.values(this.sessions).sort((a, b) => {
+                const aUsed = a.indexInfo.used || 0;
+                const bUsed = b.indexInfo.used || 0;
+                return aUsed === bUsed ? 0 : aUsed < bUsed ? 1 : -1;
+            });
+        }
+        return this._sortedSessions;
+    }
+    closeSession(session) {
+        if (session.indexInfo.closed !== -1)
+            return;
+        session.indexInfo.closed = Date.now();
+    }
+    openSession(session) {
+        session.indexInfo.closed = -1;
+    }
+    isClosed(session) {
+        return session.indexInfo.closed !== -1;
+    }
+    removeOldSessions() {
+        const total = Object.keys(this.sessions).length;
+        if (total <= CLOSED_SESSIONS_MAX)
+            return;
+        const closed = [];
+        for (const [key, session] of Object.entries(this.sessions)) {
+            if (session.indexInfo.closed !== -1) {
+                closed.push({ key, closed: session.indexInfo.closed });
+            }
+        }
+        closed.sort((a, b) => a.closed - b.closed);
+        const toRemove = total - CLOSED_SESSIONS_MAX;
+        for (let i = 0; i < toRemove && i < closed.length; i++) {
+            delete this.sessions[closed[i].key];
+        }
+        this.invalidateCache();
+    }
+    deleteAllSessions() {
+        this.sessions = {};
+        this.invalidateCache();
+    }
+}