@unknownncat/swt-libsignal 1.0.5 → 1.0.6

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 @unknownncat/swt-libsignal
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/crypto.d.ts

@@ -1,2 +1,2 @@
-import type { CryptoAPI } from '../types/crypto.js';
+import type { CryptoAPI } from './types/crypto.js';
 export declare const crypto: CryptoAPI;

package/dist/crypto.js

@@ -8,34 +8,26 @@ function toBuffer(data) {
 function toUint8(data) {
     return new Uint8Array(data.buffer, data.byteOffset, data.byteLength);
 }
-async function encrypt(key, plaintext, options) {
+function encrypt(key, plaintext, options) {
     const k = toBuffer(key);
-    if (k.length !== 32) {
+    if (k.length !== 32)
         throw new Error('Key must be 32 bytes');
-    }
-    const iv = options?.iv
-        ? toBuffer(options.iv)
-        : randomBytes(12);
+    const iv = options?.iv ? toBuffer(options.iv) : randomBytes(12);
+    if (iv.length !== 12)
+        throw new Error('IV must be 12 bytes for AES-GCM');
     const cipher = createCipheriv('aes-256-gcm', k, iv);
-    if (options?.aad) {
+    if (options?.aad)
         cipher.setAAD(toBuffer(options.aad));
-    }
-    const plainBuf = toBuffer(plaintext);
-    const encrypted = cipher.update(plainBuf);
-    const final = cipher.final();
-    const ciphertext = encrypted.length === 0
-        ? final
-        : encrypted.length === final.length
-            ? Buffer.concat([encrypted, final], encrypted.length + final.length)
-            : Buffer.concat([encrypted, final]);
+    const encrypted = Buffer.concat([cipher.update(toBuffer(plaintext)), cipher.final()]);
     const tag = cipher.getAuthTag();
+    k.fill(0);
     return {
-        ciphertext: toUint8(ciphertext),
+        ciphertext: toUint8(encrypted),
         iv: toUint8(iv),
         tag: toUint8(tag)
     };
 }
-async function decrypt(key, data, options) {
+function decrypt(key, data, options) {
     const k = toBuffer(key);
     const decipher = createDecipheriv('aes-256-gcm', k, toBuffer(data.iv));
     if (options?.aad) {
@@ -53,28 +45,70 @@ async function decrypt(key, data, options) {
     return toUint8(plaintext);
 }
 function hkdf(ikm, salt, info, options) {
+    if (!Buffer.isBuffer(Buffer.from(ikm)) && !(ikm instanceof Uint8Array)) {
+        throw new TypeError('ikm must be Uint8Array');
+    }
+    if (ikm.length === 0) {
+        throw new Error('IKM cannot be empty');
+    }
+    if (ikm.length > 1024 * 1024) {
+        throw new Error('IKM too large (max 1MB)');
+    }
+    if (!(salt instanceof Uint8Array)) {
+        throw new TypeError('salt must be Uint8Array');
+    }
+    if (!(info instanceof Uint8Array)) {
+        throw new TypeError('info must be Uint8Array');
+    }
     const length = options.length;
+    if (!Number.isInteger(length) || length <= 0) {
+        throw new Error(`length must be positive integer, got ${length}`);
+    }
+    if (length > 255 * 32) {
+        throw new Error(`length exceeds maximum (${255 * 32} bytes)`);
+    }
     const hashLen = 32;
     const blocksNeeded = Math.ceil(length / hashLen);
-    const prk = createHmac('sha256', toBuffer(salt))
-        .update(toBuffer(ikm))
-        .digest();
-    const output = Buffer.allocUnsafe(length);
+    const ikmBuf = toBuffer(ikm);
+    const saltBuf = toBuffer(salt);
     const infoBuf = toBuffer(info);
-    let prev = EMPTY_BUFFER;
-    const infoWithCounter = Buffer.allocUnsafe(infoBuf.length + 1);
-    infoBuf.copy(infoWithCounter, 0);
-    for (let i = 0; i < blocksNeeded; i++) {
-        const hmac = createHmac('sha256', prk);
-        if (prev.length)
-            hmac.update(prev);
-        hmac.update(infoWithCounter.subarray(0, infoBuf.length));
-        infoWithCounter[infoBuf.length] = i + 1;
-        prev = hmac.digest();
-        const copyLen = Math.min(hashLen, length - i * hashLen);
-        prev.copy(output, i * hashLen, 0, copyLen);
+    const prkKey = saltBuf.length ? saltBuf : Buffer.alloc(hashLen, 0);
+    try {
+        const prk = createHmac('sha256', prkKey)
+            .update(ikmBuf)
+            .digest();
+        const output = Buffer.alloc(length);
+        let prev = EMPTY_BUFFER;
+        const counter = Buffer.alloc(1);
+        for (let i = 0; i < blocksNeeded; i++) {
+            const hmac = createHmac('sha256', prk);
+            if (prev.length) {
+                hmac.update(prev);
+            }
+            if (infoBuf.length) {
+                hmac.update(infoBuf);
+            }
+            counter[0] = i + 1;
+            hmac.update(counter);
+            prev = hmac.digest();
+            const copyLen = Math.min(hashLen, length - (i * hashLen));
+            prev.copy(output, i * hashLen, 0, copyLen);
+        }
+        prk.fill(0);
+        prev.fill(0);
+        ikmBuf.fill(0);
+        if (saltBuf.length)
+            saltBuf.fill(0);
+        infoBuf.fill(0);
+        return toUint8(output);
+    }
+    catch (err) {
+        ikmBuf.fill(0);
+        if (saltBuf.length)
+            saltBuf.fill(0);
+        infoBuf.fill(0);
+        throw err;
     }
-    return toUint8(output);
 }
 function sha512(data) {
     return toUint8(createHash('sha512')

package/dist/curve.d.ts

@@ -1,4 +1,4 @@
-import type { DHKeyPair, SignalAsymmetricAPI } from '../types/asymmetric.js';
+import type { DHKeyPair, SignalAsymmetricAPI } from './types/asymmetric.js';
 declare function generateKeyPair(): Promise<DHKeyPair>;
 declare function calculateSignature(identityPrivateKey: Uint8Array, data: Uint8Array): Uint8Array<ArrayBufferLike>;
 export declare const signalCrypto: SignalAsymmetricAPI;

package/dist/index.d.ts

@@ -7,14 +7,13 @@ export { SessionBuilder } from './session/builder/session-builder.js';
 export type { PreKeyBundle, SessionBuilderStorage, KeyPair, IdentityKeyPair } from './session/builder/index.js';
 export { crypto } from './crypto.js';
 export { signalCrypto, generateKeyPair, calculateSignature } from './curve.js';
-export type { CryptoAPI } from '../types/crypto.js';
-export type { SignalAsymmetricAPI, IdentityKeyPair as AsymIdentityKeyPair, DHKeyPair } from '../types/asymmetric.js';
+export type { CryptoAPI } from './types/crypto.js';
+export type { SignalAsymmetricAPI, IdentityKeyPair as AsymIdentityKeyPair, DHKeyPair } from './types/asymmetric.js';
 export { generateIdentityKeyPair, generateRegistrationId, generateSignedPreKey, generatePreKey } from './key-helper.js';
 export type { SignedPreKey, PreKey } from './key-helper.js';
 export { FingerprintGenerator } from './fingerprint.js';
 export { SignalError, UntrustedIdentityKeyError, SessionError, MessageCounterError, PreKeyError } from './signal-errors.js';
-export { ChainType } from './chain_type.js';
-export { BaseKeyType } from './base_key_type.js';
-export type { BaseKeyType as BaseKeyTypeValue } from './base_key_type.js';
+export * from "./ratchet-types.js";
+export type { BaseKeyType as BaseKeyTypeValue } from './ratchet-types.js';
 export { PreKeyWhisperMessage, WhisperMessage } from './protobuf.js';
 export { enqueue } from './job_queue.js';

package/dist/index.js

@@ -7,7 +7,6 @@ export { signalCrypto, generateKeyPair, calculateSignature } from './curve.js';
 export { generateIdentityKeyPair, generateRegistrationId, generateSignedPreKey, generatePreKey } from './key-helper.js';
 export { FingerprintGenerator } from './fingerprint.js';
 export { SignalError, UntrustedIdentityKeyError, SessionError, MessageCounterError, PreKeyError } from './signal-errors.js';
-export { ChainType } from './chain_type.js';
-export { BaseKeyType } from './base_key_type.js';
+export * from "./ratchet-types.js";
 export { PreKeyWhisperMessage, WhisperMessage } from './protobuf.js';
 export { enqueue } from './job_queue.js';

package/dist/job_queue.js

@@ -2,28 +2,32 @@ const queueBuckets = new Map();
 const GC_LIMIT = 10_000;
 async function asyncQueueExecutor(bucket, state) {
     const queue = state.queue;
-    while (state.offset < queue.length) {
-        const limit = Math.min(queue.length, state.offset + GC_LIMIT);
-        for (let i = state.offset; i < limit; i++) {
-            const job = queue[i];
-            if (!job)
-                continue;
-            try {
-                const result = await job.awaitable();
-                job.resolve(result);
+    try {
+        while (state.offset < queue.length) {
+            const limit = Math.min(queue.length, state.offset + GC_LIMIT);
+            for (let i = state.offset; i < limit; i++) {
+                const job = queue[i];
+                if (!job)
+                    continue;
+                try {
+                    const result = await job.awaitable();
+                    job.resolve(result);
+                }
+                catch (err) {
+                    job.reject(err);
+                }
             }
-            catch (err) {
-                job.reject(err);
+            state.offset = limit;
+            if (limit < queue.length) {
+                queue.splice(0, limit);
+                state.offset = 0;
             }
         }
-        state.offset = limit;
-        if (limit < queue.length) {
-            queue.splice(0, limit);
-            state.offset = 0;
-        }
     }
-    state.running = false;
-    queueBuckets.delete(bucket);
+    finally {
+        state.running = false;
+        queueBuckets.delete(bucket);
+    }
 }
 export function enqueue(bucket, awaitable) {
     let state = queueBuckets.get(bucket);

package/dist/key-helper.d.ts

@@ -1,4 +1,4 @@
-import type { IdentityKeyPair, DHKeyPair } from '../types/asymmetric.js';
+import type { IdentityKeyPair, DHKeyPair } from './types/asymmetric.js';
 export interface SignedPreKey {
     keyId: number;
     keyPair: DHKeyPair;

package/dist/{base_key_type.d.ts → ratchet-types.d.ts}

@@ -1,3 +1,8 @@
+export declare const ChainType: {
+    readonly SENDING: 1;
+    readonly RECEIVING: 2;
+};
+export type ChainType = typeof ChainType[keyof typeof ChainType];
 export declare const BaseKeyType: {
     readonly OURS: 1;
     readonly THEIRS: 2;

package/dist/{chain_type.js → ratchet-types.js}

@@ -2,3 +2,7 @@ export const ChainType = {
     SENDING: 1,
     RECEIVING: 2
 };
+export const BaseKeyType = {
+    OURS: 1,
+    THEIRS: 2
+};

package/dist/session/builder/session-builder.js

@@ -1,5 +1,4 @@
-import { BaseKeyType } from '../../base_key_type.js';
-import { ChainType } from '../../chain_type.js';
+import { BaseKeyType, ChainType } from "../../ratchet-types.js";
 import { SessionRecord } from '../record/index.js';
 import { crypto } from '../../crypto.js';
 import { signalCrypto } from '../../curve.js';
@@ -13,12 +12,33 @@ export class SessionBuilder {
         this.storage = storage;
     }
     async initOutgoing(device) {
+        if (!device) {
+            throw new TypeError('device must be a PreKeyBundle');
+        }
+        if (!device.identityKey || device.identityKey.length === 0) {
+            throw new Error('Invalid device.identityKey');
+        }
+        if (!device.signedPreKey) {
+            throw new Error('Missing device.signedPreKey');
+        }
+        if (!device.signedPreKey.publicKey || device.signedPreKey.publicKey.length === 0) {
+            throw new Error('Invalid device.signedPreKey.publicKey');
+        }
+        if (!device.signedPreKey.signature || device.signedPreKey.signature.length === 0) {
+            throw new Error('Invalid device.signedPreKey.signature');
+        }
+        if (device.registrationId == null || device.registrationId < 0) {
+            throw new Error('Invalid device.registrationId');
+        }
         const fqAddr = this.addr.toString();
         return enqueue(fqAddr, async () => {
             if (!await this.storage.isTrustedIdentity(this.addr.id, device.identityKey)) {
                 throw new UntrustedIdentityKeyError(this.addr.id, device.identityKey);
             }
-            signalCrypto.verify(device.identityKey, device.signedPreKey.publicKey, device.signedPreKey.signature);
+            const signatureValid = signalCrypto.verify(device.identityKey, device.signedPreKey.publicKey, device.signedPreKey.signature);
+            if (!signatureValid) {
+                throw new Error(`Invalid signature on signedPreKey from ${this.addr}. Possible MITM attack.`);
+            }
             const baseKey = await signalCrypto.generateDHKeyPair();
             const session = await this.initSession(true, { pubKey: baseKey.publicKey, privKey: baseKey.privateKey }, undefined, device.identityKey, device.preKey?.publicKey, device.signedPreKey.publicKey, device.registrationId);
             const pendingPreKey = {
@@ -70,26 +90,26 @@ export class SessionBuilder {
         return message.preKeyId;
     }
     async initSession(isInitiator, ourEphemeralKey, ourSignedKey, theirIdentityPubKey, theirEphemeralPubKey, theirSignedPubKey, registrationId) {
+        let ourEphemeralForInitSession = ourEphemeralKey;
+        let theirEphemeralForInitSession = theirEphemeralPubKey;
         if (isInitiator) {
             ourSignedKey = ourEphemeralKey;
         }
         else {
             theirSignedPubKey = theirEphemeralPubKey;
         }
-        const sharedSecretLen = (!ourEphemeralKey || !theirEphemeralPubKey) ? 128 : 160;
+        const sharedSecretLen = (!ourEphemeralForInitSession || !theirEphemeralForInitSession) ? 128 : 160;
         const sharedSecret = new Uint8Array(sharedSecretLen);
         sharedSecret.fill(0xff, 0, 32);
         const ourIdentityKey = await this.storage.getOurIdentity();
-        const [a1, a2, a3] = await Promise.all([
-            signalCrypto.calculateAgreement(theirSignedPubKey, ourIdentityKey.privKey),
-            signalCrypto.calculateAgreement(theirIdentityPubKey, ourSignedKey.privKey),
-            signalCrypto.calculateAgreement(theirSignedPubKey, ourSignedKey.privKey)
-        ]);
+        const a1 = signalCrypto.calculateAgreement(theirSignedPubKey, ourIdentityKey.privKey);
+        const a2 = signalCrypto.calculateAgreement(theirIdentityPubKey, ourSignedKey.privKey);
+        const a3 = signalCrypto.calculateAgreement(theirSignedPubKey, ourSignedKey.privKey);
         sharedSecret.set(a1, isInitiator ? 32 : 64);
         sharedSecret.set(a2, isInitiator ? 64 : 32);
         sharedSecret.set(a3, 96);
-        if (ourEphemeralKey && theirEphemeralPubKey) {
-            const a4 = signalCrypto.calculateAgreement(theirEphemeralPubKey, ourEphemeralKey.privKey);
+        if (ourEphemeralForInitSession && theirEphemeralForInitSession) {
+            const a4 = signalCrypto.calculateAgreement(theirEphemeralForInitSession, ourEphemeralForInitSession.privKey);
             sharedSecret.set(a4, 128);
         }
         const masterKey = this.deriveSecrets(sharedSecret, new Uint8Array(32), new TextEncoder().encode('WhisperText'), 2);

package/dist/session/cipher/session-cipher.js

@@ -1,7 +1,7 @@
 import { PROTOCOL_VERSION } from '../constants.js';
 import { WhisperMessageEncoder } from './encoding.js';
-import { assertUint8 } from '../utils.js';
-import { ChainType } from '../../chain_type.js';
+import { assertUint8, toBase64 } from '../utils.js';
+import { ChainType } from "../../ratchet-types.js";
 import { ProtocolAddress } from '../../protocol_address.js';
 import { SessionBuilder } from '../builder/session-builder.js';
 import { SessionRecord } from '../record/index.js';
@@ -69,45 +69,54 @@ export class SessionCipher {
             if (!messageKey)
                 throw new Error('Message key not generated');
             const keys = this.deriveSecrets(messageKey, new Uint8Array(32), new TextEncoder().encode('WhisperMessageKeys'));
-            delete chain.messageKeys[chain.chainKey.counter];
             const [cipherKey, macKey, aadKey] = keys;
-            if (!cipherKey || !macKey || !aadKey)
-                throw new Error('Keys not derived');
-            const encrypted = await crypto.encrypt(cipherKey, data, { aad: aadKey.subarray(0, 16) });
-            const msg = {
-                ephemeralKey: session.currentRatchet.ephemeralKeyPair.pubKey,
-                counter: chain.chainKey.counter,
-                previousCounter: session.currentRatchet.previousCounter,
-                ciphertext: encrypted.ciphertext
-            };
-            const msgBuf = WhisperMessageEncoder.encodeWhisperMessage(msg);
-            const macInput = new Uint8Array(msgBuf.byteLength + 67);
-            macInput.set(ourIdentity.pubKey);
-            macInput.set(remoteIdentityKey, 33);
-            macInput[66] = this._encodeTupleByte(PROTOCOL_VERSION, PROTOCOL_VERSION);
-            macInput.set(msgBuf, 67);
-            const mac = crypto.hmacSha256(macKey, macInput);
-            const result = new Uint8Array(msgBuf.byteLength + 9);
-            result[0] = this._encodeTupleByte(PROTOCOL_VERSION, PROTOCOL_VERSION);
-            result.set(msgBuf, 1);
-            result.set(mac.subarray(0, 8), msgBuf.byteLength + 1);
-            await this.storeRecord(record);
-            if (session.pendingPreKey) {
-                const preKeyMsg = {
-                    identityKey: ourIdentity.pubKey,
-                    registrationId: await this.storage.getOurRegistrationId(),
-                    baseKey: session.pendingPreKey.baseKey,
-                    signedPreKeyId: session.pendingPreKey.signedKeyId,
-                    preKeyId: session.pendingPreKey.preKeyId,
-                    message: result
+            if (!cipherKey || !macKey || !aadKey || cipherKey.length !== 32 || macKey.length !== 32 || aadKey.length !== 32) {
+                throw new Error('Invalid key derivation');
+            }
+            let result;
+            try {
+                const encrypted = await crypto.encrypt(cipherKey, data, { aad: aadKey.subarray(0, 16) });
+                const msg = {
+                    ephemeralKey: session.currentRatchet.ephemeralKeyPair.pubKey,
+                    counter: chain.chainKey.counter,
+                    previousCounter: session.currentRatchet.previousCounter,
+                    ciphertext: encrypted.ciphertext
                 };
-                const preKeyBuf = WhisperMessageEncoder.encodePreKeyWhisperMessage(preKeyMsg);
-                const body = new Uint8Array(1 + preKeyBuf.byteLength);
+                const msgBuf = WhisperMessageEncoder.encodeWhisperMessage(msg);
+                const macInput = new Uint8Array(msgBuf.byteLength + 67);
+                macInput.set(ourIdentity.pubKey);
+                macInput.set(remoteIdentityKey, 33);
+                macInput[66] = this._encodeTupleByte(PROTOCOL_VERSION, PROTOCOL_VERSION);
+                macInput.set(msgBuf, 67);
+                const mac = crypto.hmacSha256(macKey, macInput);
+                const body = new Uint8Array(msgBuf.byteLength + 9);
                 body[0] = this._encodeTupleByte(PROTOCOL_VERSION, PROTOCOL_VERSION);
-                body.set(preKeyBuf, 1);
-                return { type: 3, body, registrationId: session.registrationId };
+                body.set(msgBuf, 1);
+                body.set(mac.subarray(0, 8), msgBuf.byteLength + 1);
+                if (session.pendingPreKey) {
+                    const preKeyMsg = {
+                        identityKey: ourIdentity.pubKey,
+                        registrationId: await this.storage.getOurRegistrationId(),
+                        baseKey: session.pendingPreKey.baseKey,
+                        signedPreKeyId: session.pendingPreKey.signedKeyId,
+                        preKeyId: session.pendingPreKey.preKeyId,
+                        message: body
+                    };
+                    const preKeyBuf = WhisperMessageEncoder.encodePreKeyWhisperMessage(preKeyMsg);
+                    const finalBody = new Uint8Array(1 + preKeyBuf.byteLength);
+                    finalBody[0] = this._encodeTupleByte(PROTOCOL_VERSION, PROTOCOL_VERSION);
+                    finalBody.set(preKeyBuf, 1);
+                    result = { type: 3, body: finalBody, registrationId: session.registrationId };
+                }
+                else {
+                    result = { type: 1, body, registrationId: session.registrationId };
+                }
             }
-            return { type: 1, body: result, registrationId: session.registrationId };
+            finally {
+                delete chain.messageKeys[chain.chainKey.counter];
+            }
+            await this.storeRecord(record);
+            return result;
         });
     }
     async decryptWhisperMessage(data) {
@@ -136,9 +145,22 @@ export class SessionCipher {
         return this.queueJob(async () => {
             let record = await this.getRecord();
             const preKeyProto = WhisperMessageEncoder.decodePreKeyWhisperMessage(data.subarray(1));
+            if (!preKeyProto.identityKey || preKeyProto.identityKey.length === 0) {
+                throw new Error('Missing or empty identityKey in PreKeyWhisperMessage');
+            }
+            if (!preKeyProto.baseKey || preKeyProto.baseKey.length === 0) {
+                throw new Error('Missing or empty baseKey in PreKeyWhisperMessage');
+            }
+            if (!preKeyProto.message || preKeyProto.message.length === 0) {
+                throw new Error('Missing or empty message in PreKeyWhisperMessage');
+            }
+            if (preKeyProto.signedPreKeyId == null) {
+                throw new Error('Missing signedPreKeyId in PreKeyWhisperMessage');
+            }
+            if (preKeyProto.registrationId == null) {
+                throw new Error('Missing registrationId in PreKeyWhisperMessage');
+            }
             if (!record) {
-                if (preKeyProto.registrationId == null)
-                    throw new Error('No registrationId');
                 record = new SessionRecord();
             }
             const builder = new SessionBuilder(this.storage, this.addr);
@@ -175,19 +197,25 @@ export class SessionCipher {
         if (!sessions.length)
             throw new SessionError('No sessions available');
         const errors = [];
-        for (const session of sessions) {
+        for (let i = 0; i < sessions.length; i++) {
+            const session = sessions[i];
+            const sessionKey = toBase64(session.indexInfo.baseKey);
             try {
                 const plaintext = await this.doDecryptWhisperMessage(data, session);
                 session.indexInfo.used = Date.now();
                 return { session, plaintext };
             }
             catch (e) {
-                errors.push(e);
+                errors.push({
+                    sessionKey,
+                    error: e instanceof Error ? e : new Error(String(e))
+                });
             }
         }
-        console.error('Failed to decrypt with any session');
-        errors.forEach(e => console.error(e));
-        throw new SessionError('No matching sessions found for message');
+        const errorDetails = errors
+            .map(({ sessionKey, error }) => `[${sessionKey}]: ${error.message}`)
+            .join(' | ');
+        throw new SessionError(`No matching sessions found for message. Tried ${sessions.length} sessions. Errors: ${errorDetails}`, { cause: errors[0]?.error });
     }
     async doDecryptWhisperMessage(messageBuffer, session) {
         assertUint8(messageBuffer);
@@ -231,8 +259,13 @@ export class SessionCipher {
     fillMessageKeys(chain, targetCounter) {
         if (chain.chainKey.counter >= targetCounter)
             return;
-        if (targetCounter - chain.chainKey.counter > 2000) {
-            throw new SessionError('Over 2000 messages into the future!');
+        const maxFutureMessages = 2000;
+        const newMessages = targetCounter - chain.chainKey.counter;
+        if (newMessages > maxFutureMessages) {
+            throw new SessionError(`Over ${maxFutureMessages} messages into the future: ${newMessages} messages`);
+        }
+        if (targetCounter > Number.MAX_SAFE_INTEGER - 1000) {
+            throw new SessionError(`Counter would overflow: current=${chain.chainKey.counter}, target=${targetCounter}`);
         }
         if (chain.chainKey.key === undefined) {
             throw new SessionError('Chain closed');
@@ -283,18 +316,34 @@ export class SessionCipher {
         ratchet.rootKey = masterKeys[0];
     }
     deriveSecrets(input, salt, info, chunks = 3) {
-        const hkdf = crypto.hkdf(input, salt, info, { length: chunks * 32 });
+        const expectedLength = chunks * 32;
+        const hkdf = crypto.hkdf(input, salt, info, { length: expectedLength });
+        if (hkdf.length !== expectedLength) {
+            throw new Error(`HKDF derivation failed: expected ${expectedLength} bytes, got ${hkdf.length}`);
+        }
         const result = [];
         for (let i = 0; i < chunks; i++) {
-            result.push(hkdf.subarray(i * 32, (i + 1) * 32));
+            const key = hkdf.subarray(i * 32, (i + 1) * 32);
+            if (key.length !== 32) {
+                throw new Error(`Invalid key derivation at chunk ${i}: expected 32 bytes, got ${key.length}`);
+            }
+            result.push(key);
         }
         return result;
     }
     verifyMAC(macInput, key, mac, length) {
+        if (mac.length < length) {
+            throw new Error('MAC too short');
+        }
         const computed = crypto.hmacSha256(key, macInput);
+        let match = true;
         for (let i = 0; i < length; i++) {
-            if (computed[i] !== mac[i])
-                throw new Error('MAC verification failed');
+            if (computed[i] !== mac[i]) {
+                match = false;
+            }
+        }
+        if (!match) {
+            throw new Error('MAC verification failed');
         }
     }
 }

package/dist/session/record/session-entry.js

@@ -1,4 +1,4 @@
-import { assertUint8, toBase64, u8 } from '../utils.js';
+import { assertUint8, toBase64, fromBase64, u8 } from '../utils.js';
 export class SessionEntry {
     registrationId;
     currentRatchet;
@@ -113,7 +113,7 @@ export class SessionEntry {
         return {
             baseKey: u8.decode(data.baseKey),
             signedKeyId: data.signedKeyId,
-            preKeyId: data.preKeyId,
+            ...(data.preKeyId !== undefined && { preKeyId: data.preKeyId }),
         };
     }
     static deserialize(data) {
@@ -143,4 +143,3 @@ export class SessionEntry {
         return obj;
     }
 }
-import { fromBase64 } from '../utils.js';

package/dist/session/record/session-record.js

@@ -1,7 +1,7 @@
 import { SessionEntry } from './session-entry.js';
 import { CLOSED_SESSIONS_MAX, SESSION_RECORD_VERSION } from '../constants.js';
 import { assertUint8, toBase64 } from '../utils.js';
-import { BaseKeyType } from '../../base_key_type.js';
+import { BaseKeyType } from "../../ratchet-types.js";
 export class SessionRecord {
     sessions = {};
     version = SESSION_RECORD_VERSION;

package/dist/session/record/types.d.ts

@@ -1,4 +1,4 @@
-import type { BaseKeyType } from "../../base_key_type.js";
+import type { BaseKeyType, ChainType } from "../../ratchet-types.js";
 export interface PendingPreKey {
     baseKey: Uint8Array;
     signedKeyId: number;
@@ -10,7 +10,7 @@ export interface ChainKey {
 }
 export interface ChainState {
     chainKey: ChainKey;
-    chainType: number;
+    chainType: ChainType;
     messageKeys: Record<string, Uint8Array>;
 }
 export interface CurrentRatchet {
@@ -35,7 +35,7 @@ export interface SerializedChainState {
         counter: number;
         key: string | undefined;
     };
-    chainType: number;
+    chainType: ChainType;
     messageKeys: Record<string, string>;
 }
 export interface SerializedPendingPreKey {

package/dist/types/asymmetric.d.ts

@@ -0,0 +1,41 @@
+export interface IdentityKeyPair {
+    readonly publicKey: Uint8Array  // 32 bytes Ed25519
+    readonly privateKey: Uint8Array // 64 bytes Ed25519
+}
+
+export interface DHKeyPair {
+    readonly publicKey: Uint8Array  // 32 bytes X25519
+    readonly privateKey: Uint8Array // 32 bytes X25519
+}
+
+export interface SignalAsymmetricAPI {
+    /* Identity (Ed25519) */
+    generateIdentityKeyPair(): Promise<IdentityKeyPair>
+    sign(
+        privateKey: Uint8Array,
+        message: Uint8Array
+    ): Uint8Array
+    verify(
+        publicKey: Uint8Array,
+        message: Uint8Array,
+        signature: Uint8Array
+    ): boolean
+
+    /* DH (X25519) */
+    generateDHKeyPair(): Promise<DHKeyPair>
+    calculateAgreement(
+        publicKey: Uint8Array,
+        privateKey: Uint8Array
+    ): Uint8Array
+
+    /* Conversion */
+    convertIdentityPublicToX25519(
+        edPublicKey: Uint8Array
+    ): Uint8Array
+
+    convertIdentityPrivateToX25519(
+        edPrivateKey: Uint8Array
+    ): Uint8Array
+}
+
+export const signalCrypto: SignalAsymmetricAPI

package/dist/types/crypto.d.ts

@@ -0,0 +1,69 @@
+export interface CipherResult {
+    readonly ciphertext: Uint8Array
+    readonly iv: Uint8Array
+    readonly tag: Uint8Array
+}
+
+export interface EncryptOptions {
+    readonly aad?: Uint8Array
+    readonly iv?: Uint8Array
+}
+
+export interface DecryptOptions {
+    readonly aad?: Uint8Array
+}
+
+export interface HKDFOptions {
+    readonly length: number
+}
+
+/**
+ * High-level cryptographic API
+ */
+export interface CryptoAPI {
+    /**
+     * AES-256-GCM encryption
+     */
+    encrypt(
+        key: Uint8Array,
+        plaintext: Uint8Array,
+        options?: EncryptOptions
+    ): CipherResult
+
+    /**
+     * AES-256-GCM decryption
+     */
+    decrypt(
+        key: Uint8Array,
+        data: CipherResult,
+        options?: DecryptOptions
+    ): Uint8Array
+
+    /**
+     * HKDF using HMAC-SHA256
+     */
+    hkdf(
+        ikm: Uint8Array,
+        salt: Uint8Array,
+        info: Uint8Array,
+        options: HKDFOptions
+    ): Uint8Array
+
+    /**
+     * SHA-512 digest
+     */
+    sha512(data: Uint8Array): Uint8Array
+
+    /**
+     * HMAC-SHA256
+     */
+    hmacSha256(
+        key: Uint8Array,
+        data: Uint8Array
+    ): Uint8Array
+}
+
+/**
+ * Default Node implementation
+ */
+export const crypto: CryptoAPI

package/dist/types/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./asymmetric.js";
+export * from "./crypto.js";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@unknownncat/swt-libsignal",
-  "version": "1.0.5",
+  "version": "1.0.6",
   "description": "Libsignal reimplementation using libsodium",
   "type": "module",
   "main": "./dist/index.js",
@@ -18,9 +18,14 @@
     "dist"
   ],
   "scripts": {
-    "build": "tsc -p tsconfig.json",
+    "build": "tsc -p tsconfig.json && cpy \"src/**/*.d.ts\" dist",
     "dev": "tsx src/index.ts",
     "clean": "rimraf dist",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage",
+    "test:stress": "vitest run test/stress",
+    "test:security": "vitest run test/security",
     "prepublishOnly": "npm run clean && npm run build"
   },
   "engines": {
@@ -33,8 +38,11 @@
   "devDependencies": {
     "@protobuf-ts/plugin": "^2.11.1",
     "@types/node": "^20.19.33",
+    "@vitest/coverage-v8": "^2.0.0",
+    "cpy-cli": "^7.0.0",
     "rimraf": "^5.0.0",
     "tsx": "^4.7.0",
-    "typescript": "^5.4.0"
+    "typescript": "^5.4.0",
+    "vitest": "^2.0.0"
   }
 }

package/dist/base_key_type.js

@@ -1,4 +0,0 @@
-export const BaseKeyType = {
-    OURS: 1,
-    THEIRS: 2
-};

package/dist/chain_type.d.ts

@@ -1,5 +0,0 @@
-export declare const ChainType: {
-    readonly SENDING: 1;
-    readonly RECEIVING: 2;
-};
-export type BaseChainType = typeof ChainType[keyof typeof ChainType];

package/dist/teste.d.ts

@@ -1 +0,0 @@
-export {};

package/dist/teste.js

@@ -1,18 +0,0 @@
-import * as KeyHelper from "./key-helper.js";
-const preKeys = [];
-const identityKeyPairs = [];
-const signedPreKeys = [];
-for (let i = 0; i < 100; i++) {
-    console.time("identityKeyPair");
-    const identityKeyPair = await KeyHelper.generateIdentityKeyPair();
-    console.timeEnd("identityKeyPair");
-    console.time("signedPreKey");
-    const signedPreKey = await KeyHelper.generateSignedPreKey(identityKeyPair, i);
-    console.timeEnd("signedPreKey");
-    preKeys.push(await KeyHelper.generatePreKey(i));
-    identityKeyPairs.push(identityKeyPair);
-    signedPreKeys.push(signedPreKey);
-}
-console.log(preKeys);
-console.log(identityKeyPairs);
-console.log(signedPreKeys);