@unknownncat/swt-libsignal 1.0.5 → 1.0.7

package/dist/session/cipher/session-cipher.js

@@ -1,14 +1,14 @@
-import { PROTOCOL_VERSION } from '../constants.js';
-import { WhisperMessageEncoder } from './encoding.js';
-import { assertUint8 } from '../utils.js';
-import { ChainType } from '../../chain_type.js';
-import { ProtocolAddress } from '../../protocol_address.js';
-import { SessionBuilder } from '../builder/session-builder.js';
-import { SessionRecord } from '../record/index.js';
-import { crypto } from '../../crypto.js';
-import { signalCrypto } from '../../curve.js';
-import { SessionError, UntrustedIdentityKeyError, MessageCounterError } from '../../signal-errors.js';
-import { enqueue } from '../../job_queue.js';
+import { PROTOCOL_VERSION } from '../constants';
+import { WhisperMessageEncoder } from './encoding';
+import { assertUint8, toBase64 } from '../utils';
+import { ChainType } from "../../ratchet-types";
+import { ProtocolAddress } from '../../protocol_address';
+import { SessionBuilder } from '../builder/session-builder';
+import { SessionRecord } from '../record/index';
+import { crypto } from '../../crypto';
+import { signalCrypto } from '../../curve';
+import { SessionError, UntrustedIdentityKeyError, MessageCounterError } from '../../signal-errors';
+import { enqueue } from '../../job_queue';
 export class SessionCipher {
     addr;
     addrStr;
@@ -69,45 +69,54 @@ export class SessionCipher {
             if (!messageKey)
                 throw new Error('Message key not generated');
             const keys = this.deriveSecrets(messageKey, new Uint8Array(32), new TextEncoder().encode('WhisperMessageKeys'));
-            delete chain.messageKeys[chain.chainKey.counter];
             const [cipherKey, macKey, aadKey] = keys;
-            if (!cipherKey || !macKey || !aadKey)
-                throw new Error('Keys not derived');
-            const encrypted = await crypto.encrypt(cipherKey, data, { aad: aadKey.subarray(0, 16) });
-            const msg = {
-                ephemeralKey: session.currentRatchet.ephemeralKeyPair.pubKey,
-                counter: chain.chainKey.counter,
-                previousCounter: session.currentRatchet.previousCounter,
-                ciphertext: encrypted.ciphertext
-            };
-            const msgBuf = WhisperMessageEncoder.encodeWhisperMessage(msg);
-            const macInput = new Uint8Array(msgBuf.byteLength + 67);
-            macInput.set(ourIdentity.pubKey);
-            macInput.set(remoteIdentityKey, 33);
-            macInput[66] = this._encodeTupleByte(PROTOCOL_VERSION, PROTOCOL_VERSION);
-            macInput.set(msgBuf, 67);
-            const mac = crypto.hmacSha256(macKey, macInput);
-            const result = new Uint8Array(msgBuf.byteLength + 9);
-            result[0] = this._encodeTupleByte(PROTOCOL_VERSION, PROTOCOL_VERSION);
-            result.set(msgBuf, 1);
-            result.set(mac.subarray(0, 8), msgBuf.byteLength + 1);
-            await this.storeRecord(record);
-            if (session.pendingPreKey) {
-                const preKeyMsg = {
-                    identityKey: ourIdentity.pubKey,
-                    registrationId: await this.storage.getOurRegistrationId(),
-                    baseKey: session.pendingPreKey.baseKey,
-                    signedPreKeyId: session.pendingPreKey.signedKeyId,
-                    preKeyId: session.pendingPreKey.preKeyId,
-                    message: result
+            if (!cipherKey || !macKey || !aadKey || cipherKey.length !== 32 || macKey.length !== 32 || aadKey.length !== 32) {
+                throw new Error('Invalid key derivation');
+            }
+            let result;
+            try {
+                const encrypted = await crypto.encrypt(cipherKey, data, { aad: aadKey.subarray(0, 16) });
+                const msg = {
+                    ephemeralKey: session.currentRatchet.ephemeralKeyPair.pubKey,
+                    counter: chain.chainKey.counter,
+                    previousCounter: session.currentRatchet.previousCounter,
+                    ciphertext: encrypted.ciphertext
                 };
-                const preKeyBuf = WhisperMessageEncoder.encodePreKeyWhisperMessage(preKeyMsg);
-                const body = new Uint8Array(1 + preKeyBuf.byteLength);
+                const msgBuf = WhisperMessageEncoder.encodeWhisperMessage(msg);
+                const macInput = new Uint8Array(msgBuf.byteLength + 67);
+                macInput.set(ourIdentity.pubKey);
+                macInput.set(remoteIdentityKey, 33);
+                macInput[66] = this._encodeTupleByte(PROTOCOL_VERSION, PROTOCOL_VERSION);
+                macInput.set(msgBuf, 67);
+                const mac = crypto.hmacSha256(macKey, macInput);
+                const body = new Uint8Array(msgBuf.byteLength + 9);
                 body[0] = this._encodeTupleByte(PROTOCOL_VERSION, PROTOCOL_VERSION);
-                body.set(preKeyBuf, 1);
-                return { type: 3, body, registrationId: session.registrationId };
+                body.set(msgBuf, 1);
+                body.set(mac.subarray(0, 8), msgBuf.byteLength + 1);
+                if (session.pendingPreKey) {
+                    const preKeyMsg = {
+                        identityKey: ourIdentity.pubKey,
+                        registrationId: await this.storage.getOurRegistrationId(),
+                        baseKey: session.pendingPreKey.baseKey,
+                        signedPreKeyId: session.pendingPreKey.signedKeyId,
+                        preKeyId: session.pendingPreKey.preKeyId,
+                        message: body
+                    };
+                    const preKeyBuf = WhisperMessageEncoder.encodePreKeyWhisperMessage(preKeyMsg);
+                    const finalBody = new Uint8Array(1 + preKeyBuf.byteLength);
+                    finalBody[0] = this._encodeTupleByte(PROTOCOL_VERSION, PROTOCOL_VERSION);
+                    finalBody.set(preKeyBuf, 1);
+                    result = { type: 3, body: finalBody, registrationId: session.registrationId };
+                }
+                else {
+                    result = { type: 1, body, registrationId: session.registrationId };
+                }
             }
-            return { type: 1, body: result, registrationId: session.registrationId };
+            finally {
+                delete chain.messageKeys[chain.chainKey.counter];
+            }
+            await this.storeRecord(record);
+            return result;
         });
     }
     async decryptWhisperMessage(data) {
@@ -136,9 +145,22 @@ export class SessionCipher {
         return this.queueJob(async () => {
             let record = await this.getRecord();
             const preKeyProto = WhisperMessageEncoder.decodePreKeyWhisperMessage(data.subarray(1));
+            if (!preKeyProto.identityKey || preKeyProto.identityKey.length === 0) {
+                throw new Error('Missing or empty identityKey in PreKeyWhisperMessage');
+            }
+            if (!preKeyProto.baseKey || preKeyProto.baseKey.length === 0) {
+                throw new Error('Missing or empty baseKey in PreKeyWhisperMessage');
+            }
+            if (!preKeyProto.message || preKeyProto.message.length === 0) {
+                throw new Error('Missing or empty message in PreKeyWhisperMessage');
+            }
+            if (preKeyProto.signedPreKeyId == null) {
+                throw new Error('Missing signedPreKeyId in PreKeyWhisperMessage');
+            }
+            if (preKeyProto.registrationId == null) {
+                throw new Error('Missing registrationId in PreKeyWhisperMessage');
+            }
             if (!record) {
-                if (preKeyProto.registrationId == null)
-                    throw new Error('No registrationId');
                 record = new SessionRecord();
             }
             const builder = new SessionBuilder(this.storage, this.addr);
@@ -175,19 +197,25 @@ export class SessionCipher {
         if (!sessions.length)
             throw new SessionError('No sessions available');
         const errors = [];
-        for (const session of sessions) {
+        for (let i = 0; i < sessions.length; i++) {
+            const session = sessions[i];
+            const sessionKey = toBase64(session.indexInfo.baseKey);
             try {
                 const plaintext = await this.doDecryptWhisperMessage(data, session);
                 session.indexInfo.used = Date.now();
                 return { session, plaintext };
             }
             catch (e) {
-                errors.push(e);
+                errors.push({
+                    sessionKey,
+                    error: e instanceof Error ? e : new Error(String(e))
+                });
             }
         }
-        console.error('Failed to decrypt with any session');
-        errors.forEach(e => console.error(e));
-        throw new SessionError('No matching sessions found for message');
+        const errorDetails = errors
+            .map(({ sessionKey, error }) => `[${sessionKey}]: ${error.message}`)
+            .join(' | ');
+        throw new SessionError(`No matching sessions found for message. Tried ${sessions.length} sessions. Errors: ${errorDetails}`, { cause: errors[0]?.error });
     }
     async doDecryptWhisperMessage(messageBuffer, session) {
         assertUint8(messageBuffer);
@@ -231,8 +259,13 @@ export class SessionCipher {
     fillMessageKeys(chain, targetCounter) {
         if (chain.chainKey.counter >= targetCounter)
             return;
-        if (targetCounter - chain.chainKey.counter > 2000) {
-            throw new SessionError('Over 2000 messages into the future!');
+        const maxFutureMessages = 2000;
+        const newMessages = targetCounter - chain.chainKey.counter;
+        if (newMessages > maxFutureMessages) {
+            throw new SessionError(`Over ${maxFutureMessages} messages into the future: ${newMessages} messages`);
+        }
+        if (targetCounter > Number.MAX_SAFE_INTEGER - 1000) {
+            throw new SessionError(`Counter would overflow: current=${chain.chainKey.counter}, target=${targetCounter}`);
         }
         if (chain.chainKey.key === undefined) {
             throw new SessionError('Chain closed');
@@ -283,18 +316,34 @@ export class SessionCipher {
         ratchet.rootKey = masterKeys[0];
     }
     deriveSecrets(input, salt, info, chunks = 3) {
-        const hkdf = crypto.hkdf(input, salt, info, { length: chunks * 32 });
+        const expectedLength = chunks * 32;
+        const hkdf = crypto.hkdf(input, salt, info, { length: expectedLength });
+        if (hkdf.length !== expectedLength) {
+            throw new Error(`HKDF derivation failed: expected ${expectedLength} bytes, got ${hkdf.length}`);
+        }
         const result = [];
         for (let i = 0; i < chunks; i++) {
-            result.push(hkdf.subarray(i * 32, (i + 1) * 32));
+            const key = hkdf.subarray(i * 32, (i + 1) * 32);
+            if (key.length !== 32) {
+                throw new Error(`Invalid key derivation at chunk ${i}: expected 32 bytes, got ${key.length}`);
+            }
+            result.push(key);
         }
         return result;
     }
     verifyMAC(macInput, key, mac, length) {
+        if (mac.length < length) {
+            throw new Error('MAC too short');
+        }
         const computed = crypto.hmacSha256(key, macInput);
+        let match = true;
         for (let i = 0; i < length; i++) {
-            if (computed[i] !== mac[i])
-                throw new Error('MAC verification failed');
+            if (computed[i] !== mac[i]) {
+                match = false;
+            }
+        }
+        if (!match) {
+            throw new Error('MAC verification failed');
         }
     }
 }

package/dist/session/cipher/types.d.ts

@@ -1,5 +1,5 @@
-import type { SessionEntry } from "../record/session-entry.js";
-import type { SessionRecord } from "../record/session-record.js";
+import type { SessionEntry } from "../record/session-entry";
+import type { SessionRecord } from "../record/session-record";
 export interface EncryptResult {
     type: number;
     body: Uint8Array;

package/dist/session/index.d.ts

@@ -1,3 +1,5 @@
-export * from "./cipher/index.js";
-export * from "./record/index.js";
-export * from "./builder/index.js";
+export { WhisperMessageEncoder } from "./cipher/index";
+export * from "./cipher/index";
+export * from "./record/index";
+export * from "./builder/index";
+export * from "./storage/index";

package/dist/session/index.js

@@ -1,3 +1,5 @@
-export * from "./cipher/index.js";
-export * from "./record/index.js";
-export * from "./builder/index.js";
+export { WhisperMessageEncoder } from "./cipher/index";
+export * from "./cipher/index";
+export * from "./record/index";
+export * from "./builder/index";
+export * from "./storage/index";

package/dist/session/record/index.d.ts

@@ -1,3 +1,3 @@
-export * from './types.js';
-export * from './session-entry.js';
-export * from './session-record.js';
+export * from './types';
+export * from './session-entry';
+export * from './session-record';

package/dist/session/record/index.js

@@ -1,3 +1,3 @@
-export * from './types.js';
-export * from './session-entry.js';
-export * from './session-record.js';
+export * from './types';
+export * from './session-entry';
+export * from './session-record';

package/dist/session/record/session-entry.d.ts

@@ -1,4 +1,4 @@
-import type { ChainState, CurrentRatchet, IndexInfo, PendingPreKey, SerializedSessionEntry } from './types.js';
+import type { ChainState, CurrentRatchet, IndexInfo, PendingPreKey, SerializedSessionEntry } from './types';
 export declare class SessionEntry {
     registrationId: number;
     currentRatchet: CurrentRatchet;

package/dist/session/record/session-entry.js

@@ -1,4 +1,4 @@
-import { assertUint8, toBase64, u8 } from '../utils.js';
+import { assertUint8, toBase64, fromBase64, u8 } from '../utils';
 export class SessionEntry {
     registrationId;
     currentRatchet;
@@ -113,7 +113,7 @@ export class SessionEntry {
         return {
             baseKey: u8.decode(data.baseKey),
             signedKeyId: data.signedKeyId,
-            preKeyId: data.preKeyId,
+            ...(data.preKeyId !== undefined && { preKeyId: data.preKeyId }),
         };
     }
     static deserialize(data) {
@@ -143,4 +143,3 @@ export class SessionEntry {
         return obj;
     }
 }
-import { fromBase64 } from '../utils.js';

package/dist/session/record/session-record.d.ts

@@ -1,5 +1,5 @@
-import type { SerializedSessionRecord } from './types.js';
-import { SessionEntry } from './session-entry.js';
+import type { SerializedSessionRecord } from './types';
+import { SessionEntry } from './session-entry';
 export declare class SessionRecord {
     sessions: Record<string, SessionEntry>;
     version: string;

package/dist/session/record/session-record.js

@@ -1,7 +1,7 @@
-import { SessionEntry } from './session-entry.js';
-import { CLOSED_SESSIONS_MAX, SESSION_RECORD_VERSION } from '../constants.js';
-import { assertUint8, toBase64 } from '../utils.js';
-import { BaseKeyType } from '../../base_key_type.js';
+import { SessionEntry } from './session-entry';
+import { CLOSED_SESSIONS_MAX, SESSION_RECORD_VERSION } from '../constants';
+import { assertUint8, toBase64 } from '../utils';
+import { BaseKeyType } from "../../ratchet-types";
 export class SessionRecord {
     sessions = {};
     version = SESSION_RECORD_VERSION;

package/dist/session/record/types.d.ts

@@ -1,4 +1,4 @@
-import type { BaseKeyType } from "../../base_key_type.js";
+import type { BaseKeyType, ChainType } from "../../ratchet-types";
 export interface PendingPreKey {
     baseKey: Uint8Array;
     signedKeyId: number;
@@ -10,7 +10,7 @@ export interface ChainKey {
 }
 export interface ChainState {
     chainKey: ChainKey;
-    chainType: number;
+    chainType: ChainType;
     messageKeys: Record<string, Uint8Array>;
 }
 export interface CurrentRatchet {
@@ -35,7 +35,7 @@ export interface SerializedChainState {
         counter: number;
         key: string | undefined;
     };
-    chainType: number;
+    chainType: ChainType;
     messageKeys: Record<string, string>;
 }
 export interface SerializedPendingPreKey {

package/dist/session/storage/adapter.d.ts

@@ -0,0 +1,21 @@
+import { StorageAdapter } from './types';
+import { SessionRecord } from '../record/index';
+export declare function createSessionStorage(adapter: StorageAdapter): {
+    isTrustedIdentity(addressName: string, identityKey: Uint8Array): Promise<boolean>;
+    loadSession(addressName: string): Promise<SessionRecord | undefined>;
+    storeSession(addressName: string, record: ReturnType<(typeof SessionRecord)["prototype"]["serialize"]>): Promise<void>;
+    getOurIdentity(): Promise<{
+        pubKey: Uint8Array<ArrayBufferLike>;
+        privKey: Uint8Array<ArrayBufferLike>;
+    }>;
+    loadPreKey(preKeyId: number): Promise<{
+        pubKey: Uint8Array<ArrayBufferLike>;
+        privKey: Uint8Array<ArrayBufferLike>;
+    } | undefined>;
+    loadSignedPreKey(signedPreKeyId: number): Promise<{
+        pubKey: Uint8Array<ArrayBufferLike>;
+        privKey: Uint8Array<ArrayBufferLike>;
+    } | undefined>;
+    removePreKey(preKeyId: number): Promise<void>;
+    getOurRegistrationId(): Promise<number>;
+};

package/dist/session/storage/adapter.js

@@ -0,0 +1,57 @@
+import { SessionRecord } from '../record/index';
+import { toBase64, fromBase64 } from '../utils';
+function sessionKey(addr) { return `session:${addr}`; }
+function preKeyKey(id) { return `prekey:${id}`; }
+function signedPreKeyKey(id) { return `signedprekey:${id}`; }
+function identityKeyF(addr) { return `identity:${addr}`; }
+const OUR_IDENTITY = 'our_identity';
+const REG_ID = 'registration_id';
+export function createSessionStorage(adapter) {
+    return {
+        async isTrustedIdentity(addressName, identityKey) {
+            const stored = await adapter.get(identityKeyF(addressName));
+            const encoded = toBase64(identityKey);
+            if (!stored) {
+                await adapter.set(identityKeyF(addressName), encoded);
+                return true;
+            }
+            return stored === encoded;
+        },
+        async loadSession(addressName) {
+            const data = await adapter.get(sessionKey(addressName));
+            if (!data)
+                return undefined;
+            return SessionRecord.deserialize(data);
+        },
+        async storeSession(addressName, record) {
+            await adapter.set(sessionKey(addressName), record);
+        },
+        async getOurIdentity() {
+            const data = await adapter.get(OUR_IDENTITY);
+            if (!data)
+                throw new Error('Our identity not found in storage');
+            return { pubKey: fromBase64(data.pubKey), privKey: fromBase64(data.privKey) };
+        },
+        async loadPreKey(preKeyId) {
+            const data = await adapter.get(preKeyKey(preKeyId));
+            if (!data)
+                return undefined;
+            return { pubKey: fromBase64(data.pubKey), privKey: fromBase64(data.privKey) };
+        },
+        async loadSignedPreKey(signedPreKeyId) {
+            const data = await adapter.get(signedPreKeyKey(signedPreKeyId));
+            if (!data)
+                return undefined;
+            return { pubKey: fromBase64(data.pubKey), privKey: fromBase64(data.privKey) };
+        },
+        async removePreKey(preKeyId) {
+            await adapter.delete(preKeyKey(preKeyId));
+        },
+        async getOurRegistrationId() {
+            const v = await adapter.get(REG_ID);
+            if (typeof v !== 'number')
+                throw new Error('registration id missing');
+            return v;
+        }
+    };
+}

package/dist/session/storage/in-memory.d.ts

@@ -0,0 +1,13 @@
+import { StorageAdapter, BatchOp } from './types';
+export declare class InMemoryStorage implements StorageAdapter {
+    private store;
+    name: string;
+    constructor(initial?: Record<string, any>);
+    get<T = any>(key: string): Promise<T | undefined>;
+    set<T = any>(key: string, value: T): Promise<void>;
+    delete(key: string): Promise<void>;
+    batch(ops: BatchOp[]): Promise<void>;
+    clear(): Promise<void>;
+    close(): Promise<void>;
+}
+export declare function createInMemoryStorage(initial?: Record<string, any>): InMemoryStorage;

package/dist/session/storage/in-memory.js

@@ -0,0 +1,33 @@
+export class InMemoryStorage {
+    store = new Map();
+    name = 'in-memory';
+    constructor(initial) {
+        if (initial)
+            Object.entries(initial).forEach(([k, v]) => this.store.set(k, v));
+    }
+    async get(key) {
+        return this.store.has(key) ? this.store.get(key) : undefined;
+    }
+    async set(key, value) {
+        this.store.set(key, value);
+    }
+    async delete(key) {
+        this.store.delete(key);
+    }
+    async batch(ops) {
+        for (const op of ops) {
+            if (op.type === 'put')
+                this.store.set(op.key, op.value);
+            else
+                this.store.delete(op.key);
+        }
+    }
+    async clear() {
+        this.store.clear();
+    }
+    async close() {
+    }
+}
+export function createInMemoryStorage(initial) {
+    return new InMemoryStorage(initial);
+}

package/dist/session/storage/index.d.ts

@@ -0,0 +1,19 @@
+export * from './types';
+export * from './in-memory';
+export * from './migrations';
+export * from './adapter';
+import { StorageAdapter } from './types';
+export declare class StorageManager {
+    adapter: StorageAdapter;
+    constructor(adapter: StorageAdapter);
+    get<T = any>(key: string): Promise<T | undefined>;
+    set<T = any>(key: string, value: T): Promise<void>;
+    delete(key: string): Promise<void>;
+    batch(ops: Array<{
+        type: 'put' | 'del';
+        key: string;
+        value?: any;
+    }>): Promise<void>;
+    close(): Promise<void>;
+}
+export declare function createStorageManager(adapter: StorageAdapter): StorageManager;

package/dist/session/storage/index.js

@@ -0,0 +1,29 @@
+export * from './types';
+export * from './in-memory';
+export * from './migrations';
+export * from './adapter';
+export class StorageManager {
+    adapter;
+    constructor(adapter) {
+        this.adapter = adapter;
+    }
+    get(key) {
+        return this.adapter.get(key);
+    }
+    set(key, value) {
+        return this.adapter.set(key, value);
+    }
+    delete(key) {
+        return this.adapter.delete(key);
+    }
+    batch(ops) {
+        return this.adapter.batch(ops);
+    }
+    async close() {
+        if (this.adapter.close)
+            return this.adapter.close();
+    }
+}
+export function createStorageManager(adapter) {
+    return new StorageManager(adapter);
+}

package/dist/session/storage/migrations.d.ts

@@ -0,0 +1,2 @@
+import { StorageAdapter } from './types';
+export declare function runMigrations(adapter: StorageAdapter, fromVersion: number, toVersion: number): Promise<void>;

package/dist/session/storage/migrations.js

@@ -0,0 +1,6 @@
+export async function runMigrations(adapter, fromVersion, toVersion) {
+    if (adapter.migrate) {
+        await adapter.migrate(fromVersion, toVersion);
+        return;
+    }
+}

package/dist/session/storage/types.d.ts

@@ -0,0 +1,18 @@
+export type BatchOp = {
+    type: 'put' | 'del';
+    key: string;
+    value?: any;
+};
+export interface StorageAdapter {
+    get<T = any>(key: string): Promise<T | undefined>;
+    set<T = any>(key: string, value: T): Promise<void>;
+    delete(key: string): Promise<void>;
+    batch(ops: BatchOp[]): Promise<void>;
+    clear?(): Promise<void>;
+    close?(): Promise<void>;
+    name?: string;
+    migrate?(fromVersion: number, toVersion: number): Promise<void>;
+}
+export interface StorageManagerOptions {
+    adapter: StorageAdapter;
+}

package/dist/types/asymmetric.d.ts

@@ -0,0 +1,41 @@
+export interface IdentityKeyPair {
+    readonly publicKey: Uint8Array  // 32 bytes Ed25519
+    readonly privateKey: Uint8Array // 64 bytes Ed25519
+}
+
+export interface DHKeyPair {
+    readonly publicKey: Uint8Array  // 32 bytes X25519
+    readonly privateKey: Uint8Array // 32 bytes X25519
+}
+
+export interface SignalAsymmetricAPI {
+    /* Identity (Ed25519) */
+    generateIdentityKeyPair(): Promise<IdentityKeyPair>
+    sign(
+        privateKey: Uint8Array,
+        message: Uint8Array
+    ): Uint8Array
+    verify(
+        publicKey: Uint8Array,
+        message: Uint8Array,
+        signature: Uint8Array
+    ): boolean
+
+    /* DH (X25519) */
+    generateDHKeyPair(): Promise<DHKeyPair>
+    calculateAgreement(
+        publicKey: Uint8Array,
+        privateKey: Uint8Array
+    ): Uint8Array
+
+    /* Conversion */
+    convertIdentityPublicToX25519(
+        edPublicKey: Uint8Array
+    ): Uint8Array
+
+    convertIdentityPrivateToX25519(
+        edPrivateKey: Uint8Array
+    ): Uint8Array
+}
+
+export const signalCrypto: SignalAsymmetricAPI