@unknownncat/swt-libsignal 1.0.5 → 1.0.7

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 @unknownncat/swt-libsignal
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/crypto.d.ts

@@ -1,2 +1,2 @@
-import type { CryptoAPI } from '../types/crypto.js';
+import type { CryptoAPI } from './types/crypto';
 export declare const crypto: CryptoAPI;

package/dist/crypto.js

@@ -8,34 +8,26 @@ function toBuffer(data) {
 function toUint8(data) {
     return new Uint8Array(data.buffer, data.byteOffset, data.byteLength);
 }
-async function encrypt(key, plaintext, options) {
+function encrypt(key, plaintext, options) {
     const k = toBuffer(key);
-    if (k.length !== 32) {
+    if (k.length !== 32)
         throw new Error('Key must be 32 bytes');
-    }
-    const iv = options?.iv
-        ? toBuffer(options.iv)
-        : randomBytes(12);
+    const iv = options?.iv ? toBuffer(options.iv) : randomBytes(12);
+    if (iv.length !== 12)
+        throw new Error('IV must be 12 bytes for AES-GCM');
     const cipher = createCipheriv('aes-256-gcm', k, iv);
-    if (options?.aad) {
+    if (options?.aad)
         cipher.setAAD(toBuffer(options.aad));
-    }
-    const plainBuf = toBuffer(plaintext);
-    const encrypted = cipher.update(plainBuf);
-    const final = cipher.final();
-    const ciphertext = encrypted.length === 0
-        ? final
-        : encrypted.length === final.length
-            ? Buffer.concat([encrypted, final], encrypted.length + final.length)
-            : Buffer.concat([encrypted, final]);
+    const encrypted = Buffer.concat([cipher.update(toBuffer(plaintext)), cipher.final()]);
     const tag = cipher.getAuthTag();
+    k.fill(0);
     return {
-        ciphertext: toUint8(ciphertext),
+        ciphertext: toUint8(encrypted),
         iv: toUint8(iv),
         tag: toUint8(tag)
     };
 }
-async function decrypt(key, data, options) {
+function decrypt(key, data, options) {
     const k = toBuffer(key);
     const decipher = createDecipheriv('aes-256-gcm', k, toBuffer(data.iv));
     if (options?.aad) {
@@ -53,28 +45,70 @@ async function decrypt(key, data, options) {
     return toUint8(plaintext);
 }
 function hkdf(ikm, salt, info, options) {
+    if (!Buffer.isBuffer(Buffer.from(ikm)) && !(ikm instanceof Uint8Array)) {
+        throw new TypeError('ikm must be Uint8Array');
+    }
+    if (ikm.length === 0) {
+        throw new Error('IKM cannot be empty');
+    }
+    if (ikm.length > 1024 * 1024) {
+        throw new Error('IKM too large (max 1MB)');
+    }
+    if (!(salt instanceof Uint8Array)) {
+        throw new TypeError('salt must be Uint8Array');
+    }
+    if (!(info instanceof Uint8Array)) {
+        throw new TypeError('info must be Uint8Array');
+    }
     const length = options.length;
+    if (!Number.isInteger(length) || length <= 0) {
+        throw new Error(`length must be positive integer, got ${length}`);
+    }
+    if (length > 255 * 32) {
+        throw new Error(`length exceeds maximum (${255 * 32} bytes)`);
+    }
     const hashLen = 32;
     const blocksNeeded = Math.ceil(length / hashLen);
-    const prk = createHmac('sha256', toBuffer(salt))
-        .update(toBuffer(ikm))
-        .digest();
-    const output = Buffer.allocUnsafe(length);
+    const ikmBuf = toBuffer(ikm);
+    const saltBuf = toBuffer(salt);
     const infoBuf = toBuffer(info);
-    let prev = EMPTY_BUFFER;
-    const infoWithCounter = Buffer.allocUnsafe(infoBuf.length + 1);
-    infoBuf.copy(infoWithCounter, 0);
-    for (let i = 0; i < blocksNeeded; i++) {
-        const hmac = createHmac('sha256', prk);
-        if (prev.length)
-            hmac.update(prev);
-        hmac.update(infoWithCounter.subarray(0, infoBuf.length));
-        infoWithCounter[infoBuf.length] = i + 1;
-        prev = hmac.digest();
-        const copyLen = Math.min(hashLen, length - i * hashLen);
-        prev.copy(output, i * hashLen, 0, copyLen);
+    const prkKey = saltBuf.length ? saltBuf : Buffer.alloc(hashLen, 0);
+    try {
+        const prk = createHmac('sha256', prkKey)
+            .update(ikmBuf)
+            .digest();
+        const output = Buffer.alloc(length);
+        let prev = EMPTY_BUFFER;
+        const counter = Buffer.alloc(1);
+        for (let i = 0; i < blocksNeeded; i++) {
+            const hmac = createHmac('sha256', prk);
+            if (prev.length) {
+                hmac.update(prev);
+            }
+            if (infoBuf.length) {
+                hmac.update(infoBuf);
+            }
+            counter[0] = i + 1;
+            hmac.update(counter);
+            prev = hmac.digest();
+            const copyLen = Math.min(hashLen, length - (i * hashLen));
+            prev.copy(output, i * hashLen, 0, copyLen);
+        }
+        prk.fill(0);
+        prev.fill(0);
+        ikmBuf.fill(0);
+        if (saltBuf.length)
+            saltBuf.fill(0);
+        infoBuf.fill(0);
+        return toUint8(output);
+    }
+    catch (err) {
+        ikmBuf.fill(0);
+        if (saltBuf.length)
+            saltBuf.fill(0);
+        infoBuf.fill(0);
+        throw err;
     }
-    return toUint8(output);
 }
 function sha512(data) {
     return toUint8(createHash('sha512')

package/dist/curve.d.ts

@@ -1,4 +1,4 @@
-import type { DHKeyPair, SignalAsymmetricAPI } from '../types/asymmetric.js';
+import type { DHKeyPair, SignalAsymmetricAPI } from './types/asymmetric';
 declare function generateKeyPair(): Promise<DHKeyPair>;
 declare function calculateSignature(identityPrivateKey: Uint8Array, data: Uint8Array): Uint8Array<ArrayBufferLike>;
 export declare const signalCrypto: SignalAsymmetricAPI;

package/dist/fingerprint.js

@@ -1,4 +1,4 @@
-import { crypto } from './crypto.js';
+import { crypto } from './crypto';
 const VERSION = 0;
 function numberToUint16BE(num) {
     const out = new Uint8Array(2);

package/dist/index.d.ts

@@ -1,20 +1,19 @@
-export { ProtocolAddress } from './protocol_address.js';
-export { SessionRecord, SessionEntry } from './session/record/index.js';
-export type { ChainKey, ChainState, CurrentRatchet, IndexInfo } from './session/record/index.js';
-export { SessionCipher } from './session/cipher/index.js';
-export type { EncryptResult, DecryptResult, DecryptWithSessionResult, SessionCipherStorage } from './session/cipher/index.js';
-export { SessionBuilder } from './session/builder/session-builder.js';
-export type { PreKeyBundle, SessionBuilderStorage, KeyPair, IdentityKeyPair } from './session/builder/index.js';
-export { crypto } from './crypto.js';
-export { signalCrypto, generateKeyPair, calculateSignature } from './curve.js';
-export type { CryptoAPI } from '../types/crypto.js';
-export type { SignalAsymmetricAPI, IdentityKeyPair as AsymIdentityKeyPair, DHKeyPair } from '../types/asymmetric.js';
-export { generateIdentityKeyPair, generateRegistrationId, generateSignedPreKey, generatePreKey } from './key-helper.js';
-export type { SignedPreKey, PreKey } from './key-helper.js';
-export { FingerprintGenerator } from './fingerprint.js';
-export { SignalError, UntrustedIdentityKeyError, SessionError, MessageCounterError, PreKeyError } from './signal-errors.js';
-export { ChainType } from './chain_type.js';
-export { BaseKeyType } from './base_key_type.js';
-export type { BaseKeyType as BaseKeyTypeValue } from './base_key_type.js';
-export { PreKeyWhisperMessage, WhisperMessage } from './protobuf.js';
-export { enqueue } from './job_queue.js';
+export { ProtocolAddress } from './protocol_address';
+export { SessionRecord, SessionEntry } from './session/record/index';
+export type { ChainKey, ChainState, CurrentRatchet, IndexInfo } from './session/record/index';
+export { SessionCipher, WhisperMessageEncoder } from './session/cipher/index';
+export type { EncryptResult, DecryptResult, DecryptWithSessionResult, SessionCipherStorage } from './session/cipher/index';
+export { SessionBuilder } from './session/builder/session-builder';
+export type { PreKeyBundle, SessionBuilderStorage, KeyPair, IdentityKeyPair } from './session/builder/index';
+export { crypto } from './crypto';
+export { signalCrypto, generateKeyPair, calculateSignature } from './curve';
+export type { CryptoAPI } from './types/crypto';
+export type { SignalAsymmetricAPI, IdentityKeyPair as AsymIdentityKeyPair, DHKeyPair } from './types/asymmetric';
+export { generateIdentityKeyPair, generateRegistrationId, generateSignedPreKey, generatePreKey } from './key-helper';
+export type { SignedPreKey, PreKey } from './key-helper';
+export { FingerprintGenerator } from './fingerprint';
+export { SignalError, UntrustedIdentityKeyError, SessionError, MessageCounterError, PreKeyError } from './signal-errors';
+export * from './ratchet-types';
+export type { BaseKeyType as BaseKeyTypeValue } from './ratchet-types';
+export { PreKeyWhisperMessage, WhisperMessage } from './protobuf';
+export { enqueue } from './job_queue';

package/dist/index.js

@@ -1,13 +1,12 @@
-export { ProtocolAddress } from './protocol_address.js';
-export { SessionRecord, SessionEntry } from './session/record/index.js';
-export { SessionCipher } from './session/cipher/index.js';
-export { SessionBuilder } from './session/builder/session-builder.js';
-export { crypto } from './crypto.js';
-export { signalCrypto, generateKeyPair, calculateSignature } from './curve.js';
-export { generateIdentityKeyPair, generateRegistrationId, generateSignedPreKey, generatePreKey } from './key-helper.js';
-export { FingerprintGenerator } from './fingerprint.js';
-export { SignalError, UntrustedIdentityKeyError, SessionError, MessageCounterError, PreKeyError } from './signal-errors.js';
-export { ChainType } from './chain_type.js';
-export { BaseKeyType } from './base_key_type.js';
-export { PreKeyWhisperMessage, WhisperMessage } from './protobuf.js';
-export { enqueue } from './job_queue.js';
+export { ProtocolAddress } from './protocol_address';
+export { SessionRecord, SessionEntry } from './session/record/index';
+export { SessionCipher, WhisperMessageEncoder } from './session/cipher/index';
+export { SessionBuilder } from './session/builder/session-builder';
+export { crypto } from './crypto';
+export { signalCrypto, generateKeyPair, calculateSignature } from './curve';
+export { generateIdentityKeyPair, generateRegistrationId, generateSignedPreKey, generatePreKey } from './key-helper';
+export { FingerprintGenerator } from './fingerprint';
+export { SignalError, UntrustedIdentityKeyError, SessionError, MessageCounterError, PreKeyError } from './signal-errors';
+export * from './ratchet-types';
+export { PreKeyWhisperMessage, WhisperMessage } from './protobuf';
+export { enqueue } from './job_queue';

package/dist/job_queue.js

@@ -2,28 +2,32 @@ const queueBuckets = new Map();
 const GC_LIMIT = 10_000;
 async function asyncQueueExecutor(bucket, state) {
     const queue = state.queue;
-    while (state.offset < queue.length) {
-        const limit = Math.min(queue.length, state.offset + GC_LIMIT);
-        for (let i = state.offset; i < limit; i++) {
-            const job = queue[i];
-            if (!job)
-                continue;
-            try {
-                const result = await job.awaitable();
-                job.resolve(result);
+    try {
+        while (state.offset < queue.length) {
+            const limit = Math.min(queue.length, state.offset + GC_LIMIT);
+            for (let i = state.offset; i < limit; i++) {
+                const job = queue[i];
+                if (!job)
+                    continue;
+                try {
+                    const result = await job.awaitable();
+                    job.resolve(result);
+                }
+                catch (err) {
+                    job.reject(err);
+                }
             }
-            catch (err) {
-                job.reject(err);
+            state.offset = limit;
+            if (limit < queue.length) {
+                queue.splice(0, limit);
+                state.offset = 0;
             }
         }
-        state.offset = limit;
-        if (limit < queue.length) {
-            queue.splice(0, limit);
-            state.offset = 0;
-        }
     }
-    state.running = false;
-    queueBuckets.delete(bucket);
+    finally {
+        state.running = false;
+        queueBuckets.delete(bucket);
+    }
 }
 export function enqueue(bucket, awaitable) {
     let state = queueBuckets.get(bucket);

package/dist/key-helper.d.ts

@@ -1,4 +1,4 @@
-import type { IdentityKeyPair, DHKeyPair } from '../types/asymmetric.js';
+import type { IdentityKeyPair, DHKeyPair } from './types/asymmetric';
 export interface SignedPreKey {
     keyId: number;
     keyPair: DHKeyPair;

package/dist/key-helper.js

@@ -1,5 +1,5 @@
 import { randomBytes } from 'crypto';
-import * as curve from './curve.js';
+import * as curve from './curve';
 function isNonNegativeInteger(n) {
     return (typeof n === 'number' &&
         Number.isInteger(n) &&

package/dist/protobuf.d.ts

@@ -1 +1 @@
-export { PreKeyWhisperMessage, WhisperMessage } from "./generated/WhisperTextProtocol.js";
+export { PreKeyWhisperMessage, WhisperMessage } from "./generated/WhisperTextProtocol";

package/dist/protobuf.js

@@ -1,2 +1,2 @@
 'use strict';
-export { PreKeyWhisperMessage, WhisperMessage } from "./generated/WhisperTextProtocol.js";
+export { PreKeyWhisperMessage, WhisperMessage } from "./generated/WhisperTextProtocol";

package/dist/{base_key_type.d.ts → ratchet-types.d.ts}

@@ -1,3 +1,8 @@
+export declare const ChainType: {
+    readonly SENDING: 1;
+    readonly RECEIVING: 2;
+};
+export type ChainType = typeof ChainType[keyof typeof ChainType];
 export declare const BaseKeyType: {
     readonly OURS: 1;
     readonly THEIRS: 2;

package/dist/{chain_type.js → ratchet-types.js}

@@ -2,3 +2,7 @@ export const ChainType = {
     SENDING: 1,
     RECEIVING: 2
 };
+export const BaseKeyType = {
+    OURS: 1,
+    THEIRS: 2
+};

package/dist/session/builder/index.d.ts

@@ -1,2 +1,2 @@
-export * from './types.js';
-export * from './session-builder.js';
+export * from './types';
+export * from './session-builder';

package/dist/session/builder/index.js

@@ -1,2 +1,2 @@
-export * from './types.js';
-export * from './session-builder.js';
+export * from './types';
+export * from './session-builder';

package/dist/session/builder/session-builder.d.ts

@@ -1,6 +1,6 @@
-import type { ProtocolAddress } from '../../protocol_address.js';
-import { SessionRecord } from '../record/index.js';
-import type { PreKeyBundle, PreKeyWhisperMessage, SessionBuilderStorage } from './types.js';
+import type { ProtocolAddress } from '../../protocol_address';
+import { SessionRecord } from '../record/index';
+import type { PreKeyBundle, PreKeyWhisperMessage, SessionBuilderStorage } from './types';
 export declare class SessionBuilder {
     private readonly addr;
     private readonly storage;

package/dist/session/builder/session-builder.js

@@ -1,10 +1,9 @@
-import { BaseKeyType } from '../../base_key_type.js';
-import { ChainType } from '../../chain_type.js';
-import { SessionRecord } from '../record/index.js';
-import { crypto } from '../../crypto.js';
-import { signalCrypto } from '../../curve.js';
-import { UntrustedIdentityKeyError, PreKeyError } from '../../signal-errors.js';
-import { enqueue } from '../../job_queue.js';
+import { BaseKeyType, ChainType } from "../../ratchet-types";
+import { SessionRecord } from '../record/index';
+import { crypto } from '../../crypto';
+import { signalCrypto } from '../../curve';
+import { UntrustedIdentityKeyError, PreKeyError } from '../../signal-errors';
+import { enqueue } from '../../job_queue';
 export class SessionBuilder {
     addr;
     storage;
@@ -13,12 +12,33 @@ export class SessionBuilder {
         this.storage = storage;
     }
     async initOutgoing(device) {
+        if (!device) {
+            throw new TypeError('device must be a PreKeyBundle');
+        }
+        if (!device.identityKey || device.identityKey.length === 0) {
+            throw new Error('Invalid device.identityKey');
+        }
+        if (!device.signedPreKey) {
+            throw new Error('Missing device.signedPreKey');
+        }
+        if (!device.signedPreKey.publicKey || device.signedPreKey.publicKey.length === 0) {
+            throw new Error('Invalid device.signedPreKey.publicKey');
+        }
+        if (!device.signedPreKey.signature || device.signedPreKey.signature.length === 0) {
+            throw new Error('Invalid device.signedPreKey.signature');
+        }
+        if (device.registrationId == null || device.registrationId < 0) {
+            throw new Error('Invalid device.registrationId');
+        }
         const fqAddr = this.addr.toString();
         return enqueue(fqAddr, async () => {
             if (!await this.storage.isTrustedIdentity(this.addr.id, device.identityKey)) {
                 throw new UntrustedIdentityKeyError(this.addr.id, device.identityKey);
             }
-            signalCrypto.verify(device.identityKey, device.signedPreKey.publicKey, device.signedPreKey.signature);
+            const signatureValid = signalCrypto.verify(device.identityKey, device.signedPreKey.publicKey, device.signedPreKey.signature);
+            if (!signatureValid) {
+                throw new Error(`Invalid signature on signedPreKey from ${this.addr}. Possible MITM attack.`);
+            }
             const baseKey = await signalCrypto.generateDHKeyPair();
             const session = await this.initSession(true, { pubKey: baseKey.publicKey, privKey: baseKey.privateKey }, undefined, device.identityKey, device.preKey?.publicKey, device.signedPreKey.publicKey, device.registrationId);
             const pendingPreKey = {
@@ -70,26 +90,26 @@ export class SessionBuilder {
         return message.preKeyId;
     }
     async initSession(isInitiator, ourEphemeralKey, ourSignedKey, theirIdentityPubKey, theirEphemeralPubKey, theirSignedPubKey, registrationId) {
+        let ourEphemeralForInitSession = ourEphemeralKey;
+        let theirEphemeralForInitSession = theirEphemeralPubKey;
         if (isInitiator) {
             ourSignedKey = ourEphemeralKey;
         }
         else {
             theirSignedPubKey = theirEphemeralPubKey;
         }
-        const sharedSecretLen = (!ourEphemeralKey || !theirEphemeralPubKey) ? 128 : 160;
+        const sharedSecretLen = (!ourEphemeralForInitSession || !theirEphemeralForInitSession) ? 128 : 160;
         const sharedSecret = new Uint8Array(sharedSecretLen);
         sharedSecret.fill(0xff, 0, 32);
         const ourIdentityKey = await this.storage.getOurIdentity();
-        const [a1, a2, a3] = await Promise.all([
-            signalCrypto.calculateAgreement(theirSignedPubKey, ourIdentityKey.privKey),
-            signalCrypto.calculateAgreement(theirIdentityPubKey, ourSignedKey.privKey),
-            signalCrypto.calculateAgreement(theirSignedPubKey, ourSignedKey.privKey)
-        ]);
+        const a1 = signalCrypto.calculateAgreement(theirSignedPubKey, ourIdentityKey.privKey);
+        const a2 = signalCrypto.calculateAgreement(theirIdentityPubKey, ourSignedKey.privKey);
+        const a3 = signalCrypto.calculateAgreement(theirSignedPubKey, ourSignedKey.privKey);
         sharedSecret.set(a1, isInitiator ? 32 : 64);
         sharedSecret.set(a2, isInitiator ? 64 : 32);
         sharedSecret.set(a3, 96);
-        if (ourEphemeralKey && theirEphemeralPubKey) {
-            const a4 = signalCrypto.calculateAgreement(theirEphemeralPubKey, ourEphemeralKey.privKey);
+        if (ourEphemeralForInitSession && theirEphemeralForInitSession) {
+            const a4 = signalCrypto.calculateAgreement(theirEphemeralForInitSession, ourEphemeralForInitSession.privKey);
             sharedSecret.set(a4, 128);
         }
         const masterKey = this.deriveSecrets(sharedSecret, new Uint8Array(32), new TextEncoder().encode('WhisperText'), 2);

package/dist/session/builder/types.d.ts

@@ -1,4 +1,4 @@
-import type { SessionRecord } from '../record/index.js';
+import type { SessionRecord } from '../record/index';
 export interface PreKeyWhisperMessage {
     identityKey: Uint8Array;
     registrationId: number;

package/dist/session/cipher/encoding.d.ts

@@ -1,4 +1,4 @@
-import type { WhisperMessageProto, PreKeyWhisperMessageProto } from './types.js';
+import type { WhisperMessageProto, PreKeyWhisperMessageProto } from './types';
 export declare class WhisperMessageEncoder {
     static encodeWhisperMessage(msg: WhisperMessageProto): Uint8Array;
     static decodeWhisperMessage(buf: Uint8Array): WhisperMessageProto;

package/dist/session/cipher/index.d.ts

@@ -1,3 +1,3 @@
-export * from './types.js';
-export * from './encoding.js';
-export * from './session-cipher.js';
+export { WhisperMessageEncoder } from "./encoding";
+export { SessionCipher } from './session-cipher';
+export type * from './types';

package/dist/session/cipher/index.js

@@ -1,3 +1,2 @@
-export * from './types.js';
-export * from './encoding.js';
-export * from './session-cipher.js';
+export { WhisperMessageEncoder } from "./encoding";
+export { SessionCipher } from './session-cipher';

package/dist/session/cipher/session-cipher.d.ts

@@ -1,5 +1,5 @@
-import type { EncryptResult, SessionCipherStorage } from './types.js';
-import { ProtocolAddress } from '../../protocol_address.js';
+import type { EncryptResult, SessionCipherStorage } from './types';
+import { ProtocolAddress } from '../../protocol_address';
 export declare class SessionCipher {
     private readonly addr;
     private readonly addrStr;