npm - @vex-chat/libvex - Versions diffs - 7.1.2 → 7.1.4 - Mend

@vex-chat/libvex 7.1.2 → 7.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/dist/Client.d.ts +2 -0
package/dist/Client.d.ts.map +1 -1
package/dist/Client.js +72 -40
package/dist/Client.js.map +1 -1
package/dist/__tests__/harness/memory-storage.d.ts.map +1 -1
package/dist/__tests__/harness/memory-storage.js +3 -0
package/dist/__tests__/harness/memory-storage.js.map +1 -1
package/dist/storage/sqlite.d.ts.map +1 -1
package/dist/storage/sqlite.js +3 -0
package/dist/storage/sqlite.js.map +1 -1
package/package.json +1 -1
package/src/Client.ts +87 -41
package/src/__tests__/dm-own-device-forward.test.ts +113 -0
package/src/__tests__/harness/memory-storage.ts +3 -0
package/src/__tests__/prekey-reuse.test.ts +172 -0
package/src/storage/sqlite.ts +4 -0

package/src/__tests__/prekey-reuse.test.ts ADDED Viewed

@@ -0,0 +1,172 @@
+/**
+ * Copyright (c) 2020-2026 Vex Heavy Industries LLC
+ * Licensed under AGPL-3.0. See LICENSE for details.
+ * Commercial licenses available at vex.wtf
+ */
+import type { PreKeysCrypto, UnsavedPreKey, XKeyRing } from "../types/index.js";
+import type { CryptoProfile, KeyPair } from "@vex-chat/crypto";
+import {
+    setCryptoProfile,
+    xBoxKeyPairAsync,
+    xConstants,
+    xEcdhKeyPairFromEcdsaKeyPairAsync,
+    xEncode,
+    XKeyConvert,
+    xSignAsync,
+    xSignKeyPair,
+    xSignKeyPairAsync,
+    xSignOpenAsync,
+    XUtils,
+} from "@vex-chat/crypto";
+import { afterEach, beforeEach, describe, expect, it } from "vitest";
+import { Client } from "../Client.js";
+import { fipsP256PreKeySignPayload } from "../utils/fipsMailExtra.js";
+import { MemoryStorage } from "./harness/memory-storage.js";
+interface KeyRingHarness {
+    createPreKey: () => Promise<UnsavedPreKey>;
+    cryptoProfile: CryptoProfile;
+    database: MemoryStorage;
+    idKeys: KeyPair;
+    isPreKeySignedByCurrentDevice: (preKey: PreKeysCrypto) => Promise<boolean>;
+    runWithThisCryptoProfile: <T>(fn: () => Promise<T>) => Promise<T>;
+    sessionRecords: Record<string, unknown>;
+    signKeys: KeyPair;
+    xKeyRing?: XKeyRing;
+}
+const clientMethods = Client.prototype as unknown as {
+    createPreKey: () => Promise<UnsavedPreKey>;
+    isPreKeySignedByCurrentDevice: (preKey: PreKeysCrypto) => Promise<boolean>;
+    populateKeyRing: () => Promise<void>;
+    runWithThisCryptoProfile: <T>(fn: () => Promise<T>) => Promise<T>;
+};
+async function isValidFor(
+    preKey: PreKeysCrypto,
+    signKeys: KeyPair,
+    profile: CryptoProfile = "tweetnacl",
+): Promise<boolean> {
+    setCryptoProfile(profile);
+    const opened = await xSignOpenAsync(preKey.signature, signKeys.publicKey);
+    const payload =
+        profile === "fips"
+            ? fipsP256PreKeySignPayload(preKey.keyPair.publicKey)
+            : xEncode(xConstants.CURVE, preKey.keyPair.publicKey);
+    return Boolean(opened && XUtils.bytesEqual(opened, payload));
+}
+async function makeSignedPreKey(
+    signKeys: KeyPair,
+    profile: CryptoProfile = "tweetnacl",
+): Promise<UnsavedPreKey> {
+    setCryptoProfile(profile);
+    const keyPair = await xBoxKeyPairAsync();
+    const payload =
+        profile === "fips"
+            ? fipsP256PreKeySignPayload(keyPair.publicKey)
+            : xEncode(xConstants.CURVE, keyPair.publicKey);
+    return {
+        keyPair,
+        signature: await xSignAsync(payload, signKeys.secretKey),
+    };
+}
+describe("local signed prekey reuse", () => {
+    beforeEach(() => {
+        setCryptoProfile("tweetnacl");
+    });
+    afterEach(() => {
+        setCryptoProfile("tweetnacl");
+    });
+    it("regenerates a stored prekey signed by a different device key", async () => {
+        const staleSignKeys = xSignKeyPair();
+        const currentSignKeys = xSignKeyPair();
+        const idKeys = XKeyConvert.convertKeyPair(currentSignKeys);
+        if (!idKeys) {
+            throw new Error("Could not convert current signing key.");
+        }
+        const storage = new MemoryStorage(new Uint8Array(32).fill(7));
+        await storage.init();
+        await storage.savePreKeys(
+            [await makeSignedPreKey(staleSignKeys)],
+            false,
+        );
+        const harness: KeyRingHarness = {
+            createPreKey: clientMethods.createPreKey,
+            cryptoProfile: "tweetnacl",
+            database: storage,
+            idKeys,
+            isPreKeySignedByCurrentDevice:
+                clientMethods.isPreKeySignedByCurrentDevice,
+            runWithThisCryptoProfile: clientMethods.runWithThisCryptoProfile,
+            sessionRecords: {},
+            signKeys: currentSignKeys,
+        };
+        await clientMethods.populateKeyRing.call(harness);
+        expect(harness.xKeyRing).toBeDefined();
+        expect(
+            await isValidFor(harness.xKeyRing!.preKeys, currentSignKeys),
+        ).toBe(true);
+        expect(await isValidFor(harness.xKeyRing!.preKeys, staleSignKeys)).toBe(
+            false,
+        );
+        const persisted = await storage.getPreKeys();
+        expect(persisted).not.toBeNull();
+        expect(await isValidFor(persisted!, currentSignKeys)).toBe(true);
+    });
+    it("reuses a valid FIPS prekey when the global profile is tweetnacl", async () => {
+        setCryptoProfile("fips");
+        const currentSignKeys = await xSignKeyPairAsync();
+        const idKeys = await xEcdhKeyPairFromEcdsaKeyPairAsync(currentSignKeys);
+        const storedPreKey = await makeSignedPreKey(currentSignKeys, "fips");
+        const storage = new MemoryStorage(new Uint8Array(32).fill(8));
+        await storage.init();
+        await storage.savePreKeys([storedPreKey], false);
+        setCryptoProfile("tweetnacl");
+        const harness: KeyRingHarness = {
+            createPreKey: clientMethods.createPreKey,
+            cryptoProfile: "fips",
+            database: storage,
+            idKeys,
+            isPreKeySignedByCurrentDevice:
+                clientMethods.isPreKeySignedByCurrentDevice,
+            runWithThisCryptoProfile: clientMethods.runWithThisCryptoProfile,
+            sessionRecords: {},
+            signKeys: currentSignKeys,
+        };
+        await clientMethods.populateKeyRing.call(harness);
+        expect(harness.xKeyRing).toBeDefined();
+        expect(harness.xKeyRing!.preKeys.index).toBe(1);
+        expect(
+            XUtils.bytesEqual(
+                harness.xKeyRing!.preKeys.keyPair.publicKey,
+                storedPreKey.keyPair.publicKey,
+            ),
+        ).toBe(true);
+        expect(
+            await isValidFor(
+                harness.xKeyRing!.preKeys,
+                currentSignKeys,
+                "fips",
+            ),
+        ).toBe(true);
+    });
+});

package/src/storage/sqlite.ts CHANGED Viewed

@@ -609,6 +609,10 @@ export class SqliteStorage extends EventEmitter implements Storage {
         const table = oneTime ? ("oneTimeKeys" as const) : ("preKeys" as const);
         const saved: PreKeysSQL[] = [];
+        if (!oneTime) {
+            await this.db.deleteFrom("preKeys").execute();
+        }
         for (const preKey of preKeys) {
             const row = await this.db
                 .insertInto(table)