liangzimixin 0.3.25 → 0.3.26

package/dist/quantum-sdk/index.cjs

@@ -4399,7 +4399,8 @@ async function qss_calculate_mac(randomA, randomB, fkCipher) {
 }
 async function qss_encrypt(fkCipher, skCipher, iv, mode, plain, isFile) {
   const mod = await ready;
-  const MAX_CIPHER = plain.length + 256;
+  const plainLen = Buffer.from(plain, "utf-8").length;
+  const MAX_CIPHER = plainLen + 256;
   let plainPtr;
   if (isFile) {
     plainPtr = allocBytes(mod, plain);
@@ -4419,7 +4420,7 @@ async function qss_encrypt(fkCipher, skCipher, iv, mode, plain, isFile) {
       ivPtr,
       mode,
       plainPtr,
-      plain.length,
+      plainLen,
       cipherPtr,
       cipherLenPtr
     );
@@ -4469,7 +4470,6 @@ async function qss_decrypt(fkCipher, skCipher, iv, mode, cipher, isFile) {
     if (isFile) {
       return Buffer.from(mod.HEAPU8.subarray(plainPtr, plainPtr + plainLen));
     }
-    const hex = Buffer.from(mod.HEAPU8.subarray(plainPtr, plainPtr + plainLen)).toString("hex");
     return readCString(mod, plainPtr, plainLen);
   } finally {
     mod._free(fkCipherPtr);
@@ -4490,6 +4490,7 @@ var import_node_child_process = require("node:child_process");
 var cache2 = new store_default();
 var TOKEN_KEY2 = "kms_access_token";
 var KEY_DIR = "keys";
+var scmAddPromise = null;
 function getDeviceFingerprint() {
   var _a, _b, _c, _d;
   try {
@@ -4550,15 +4551,15 @@ function decryptWithDeviceKey(encryptedData) {
 function uuid() {
   return import_node_crypto.default.randomUUID().replace(/-/g, "");
 }
-async function getKeyAddress(baseUrl, spmId) {
+async function getKeyAddress(baseUrl, spmId2) {
   let params = {
     account: config_default.account,
     appId: config_default.appID,
     type: 2
   };
-  if (spmId) {
+  if (spmId2) {
     params = {
-      spmId,
+      spmId: spmId2,
       type: 2
     };
   }
@@ -4603,38 +4604,55 @@ async function getKeyFile() {
   }
 }
 async function scmAdd2(kmsUrl) {
-  const spmInfo = await getSpmInfo(kmsUrl);
-  let isPullAgain = 2;
-  if (spmInfo.keyLength - spmInfo.useNumber < 1e3) {
-    logger_default.info("\u5BC6\u94A5\u4F59\u91CF\u4E0D\u8DB3\uFF0C\u91CD\u65B0\u62C9\u53D6\u5BC6\u94A5");
-    isPullAgain = 2;
+  if (scmAddPromise) {
+    logger_default.info("scmAdd \u6B63\u5728\u6267\u884C\u4E2D\uFF0C\u7B49\u5F85\u590D\u7528\u7ED3\u679C");
+    try {
+      const result = await scmAddPromise;
+      return result;
+    } catch (err) {
+      logger_default.info("\u4E4B\u524D\u7684 scmAdd \u8BF7\u6C42\u5931\u8D25\uFF0C\u91CD\u65B0\u6267\u884C");
+    }
   }
-  const fkLen = 100 * 1024;
-  const params = await qss_assemble_fillkey_req(config_default.account, isPullAgain, fkLen);
-  const response = await scmAdd(kmsUrl, JSON.parse(params));
-  const keyTag = response.data.keyTag;
-  const { headerCipher, fkCipher } = await qss_parse_fillkey_rep(JSON.stringify(response.data));
-  const combinedData = headerCipher + fkCipher;
-  const encryptedData = encryptWithDeviceKey(combinedData);
-  const keysDir = import_node_path4.default.join(process.cwd(), ".cache", KEY_DIR);
-  const filePath = import_node_path4.default.join(keysDir, spmInfo.spmId);
-  await import_promises2.default.mkdir(keysDir, { recursive: true });
-  try {
-    const files = await import_promises2.default.readdir(keysDir);
-    for (const file of files) {
-      if (file !== spmInfo.spmId) {
-        await import_promises2.default.unlink(import_node_path4.default.join(keysDir, file));
+  scmAddPromise = (async () => {
+    try {
+      const spmInfo = await getSpmInfo(kmsUrl);
+      let isPullAgain = 1;
+      if (spmInfo.keyLength - spmInfo.useNumber < 1e3) {
+        logger_default.info("\u5BC6\u94A5\u4F59\u91CF\u4E0D\u8DB3\uFF0C\u91CD\u65B0\u62C9\u53D6\u5BC6\u94A5");
+        isPullAgain = 2;
       }
+      const fkLen = 100 * 1024;
+      const params = await qss_assemble_fillkey_req(config_default.account, isPullAgain, fkLen);
+      const response = await scmAdd(kmsUrl, JSON.parse(params));
+      const keyTag = response.data.keyTag;
+      logger_default.info("\u5BC6\u94A5\u5DF2\u83B7\u53D6\uFF0CkeyTag:", keyTag);
+      const { headerCipher, fkCipher } = await qss_parse_fillkey_rep(JSON.stringify(response.data));
+      const combinedData = headerCipher + fkCipher;
+      const encryptedData = encryptWithDeviceKey(combinedData);
+      const keysDir = import_node_path4.default.join(process.cwd(), ".cache", KEY_DIR);
+      const filePath = import_node_path4.default.join(keysDir, spmInfo.spmId);
+      await import_promises2.default.mkdir(keysDir, { recursive: true });
+      try {
+        const files = await import_promises2.default.readdir(keysDir);
+        for (const file of files) {
+          if (file !== spmInfo.spmId) {
+            await import_promises2.default.unlink(import_node_path4.default.join(keysDir, file));
+          }
+        }
+      } catch (err) {
+        if (err.code !== "ENOENT")
+          throw err;
+      }
+      await import_promises2.default.writeFile(filePath, encryptedData, "utf-8");
+      logger_default.info("\u5BC6\u94A5\u5DF2\u52A0\u5BC6\u4FDD\u5B58\u5230:", filePath);
+      return { headerCipher, fkCipher, keyTag, spmId: spmInfo.spmId, isPullAgain };
+    } finally {
+      scmAddPromise = null;
     }
-  } catch (err) {
-    if (err.code !== "ENOENT")
-      throw err;
-  }
-  await import_promises2.default.writeFile(filePath, encryptedData, "utf-8");
-  logger_default.info("\u5BC6\u94A5\u5DF2\u52A0\u5BC6\u4FDD\u5B58\u5230:", filePath);
-  return { headerCipher, fkCipher, keyTag, spmId: spmInfo.spmId };
+  })();
+  return scmAddPromise;
 }
-async function kmsLogin(kmsUrl, spmId, fkCiphers, localKeyTag) {
+async function kmsLogin(kmsUrl, spmId2, fkCiphers, localKeyTag) {
   const cachedToken = await cache2.get(TOKEN_KEY2);
   if (cachedToken) {
     logger_default.info("\u4F7F\u7528\u7F13\u5B58\u7684 accessToken");
@@ -4645,12 +4663,12 @@ async function kmsLogin(kmsUrl, spmId, fkCiphers, localKeyTag) {
     requestSn,
     account: config_default.account,
     appId: config_default.appID,
-    spmId,
+    spmId: spmId2,
     spmType: 6
   });
   const responseKeyTag = firstRequestResponse.data.keyTag;
   if (responseKeyTag + "" !== localKeyTag + "") {
-    logger_default.info("keyTag \u4E0D\u4E00\u81F4\uFF0C\u9700\u8981\u91CD\u65B0\u62C9\u53D6\u5BC6\u94A5");
+    logger_default.info("keyTag \u4E0D\u4E00\u81F4\uFF0C\u9700\u8981\u91CD\u65B0\u62C9\u53D6\u5BC6\u94A5", responseKeyTag, localKeyTag);
     throw new Error("KEY_TAG_MISMATCH");
   }
   const randomA = await qss_get_random(16);
@@ -4662,7 +4680,7 @@ async function kmsLogin(kmsUrl, spmId, fkCiphers, localKeyTag) {
     requestSn,
     account: config_default.account,
     appId: config_default.appID,
-    spmId,
+    spmId: spmId2,
     spmType: 6,
     randomA,
     randomB,
@@ -4725,6 +4743,7 @@ var QuantumEncryptPlug = class {
         try {
           const result = await qss_get_header_info(headerCipher);
           this.keyTag = result.keyTag;
+          logger_default.info("get_header_info \u6210\u529F\uFF0CkeyTag:", this.keyTag);
         } catch (error) {
           if (error.message === "KEY_TAG_MISMATCH") {
             logger_default.info("get_header_info \u5BC6\u94A5\u4E0D\u53EF\u4EE5\u7528\uFF0C\u91CD\u65B0\u62C9\u53D6\u5BC6\u94A5");
@@ -4743,20 +4762,20 @@ var QuantumEncryptPlug = class {
       }
       if (!this.fkCipher) {
         logger_default.info("\u5F00\u59CB\u62C9\u53D6\u5BC6\u94A5");
-        const { fkCipher, keyTag, spmId } = await scmAdd2(kmsUrl);
+        const { fkCipher, keyTag, spmId: spmId2 } = await scmAdd2(kmsUrl);
         this.fkCipher = fkCipher;
         this.keyTag = keyTag;
-        this.spmId = spmId;
+        this.spmId = spmId2;
       }
       try {
         await kmsLogin(kmsUrl, this.spmId, this.fkCipher, this.keyTag);
       } catch (err) {
         if (err.message === "KEY_TAG_MISMATCH") {
           logger_default.info("keyTag \u4E0D\u4E00\u81F4\uFF0C\u91CD\u65B0\u62C9\u53D6\u5BC6\u94A5");
-          const { fkCipher, keyTag, spmId } = await scmAdd2(kmsUrl);
+          const { fkCipher, keyTag, spmId: spmId2 } = await scmAdd2(kmsUrl);
           this.fkCipher = fkCipher;
           this.keyTag = keyTag;
-          this.spmId = spmId;
+          this.spmId = spmId2;
           await kmsLogin(kmsUrl, this.spmId, this.fkCipher, this.keyTag);
         } else {
           throw err;
@@ -4791,6 +4810,15 @@ var QuantumEncryptPlug = class {
   }
   async _doEncrypt(plainText, iv, mode) {
     const normalizedIV = this._normalizeIV(iv);
+    const sessionKeyInfo = await this._getSessionKey();
+    const fkCipher = this.fkCipher.slice(sessionKeyInfo.decKeySn * 2, sessionKeyInfo.decKeySn * 2 + 32);
+    const cipherText = await qss_encrypt(fkCipher, sessionKeyInfo.keyCipher, normalizedIV, this.encryptMode[mode], plainText);
+    return { cipherText, keyId: sessionKeyInfo.keyId };
+  }
+  /**
+   * 获取会话密钥（用于加密场景）
+   */
+  async _getSessionKey() {
     const { data: sessionKeyInfo } = await sessionKeyAdd(this.kmsUrl, {
       spmId: this.spmId,
       "keyLength": 16,
@@ -4801,15 +4829,62 @@ var QuantumEncryptPlug = class {
       "keyType": 2,
       "spmType": 6
     });
-    if (sessionKeyInfo.decKeyTag !== this.keyTag) {
-      logger_default.info("encrypt: keyTag \u4E0D\u4E00\u81F4\uFF0C\u91CD\u65B0\u83B7\u53D6\u5BC6\u94A5");
-      const { fkCipher: fkCipher2, keyTag } = await scmAdd2(this.kmsUrl);
-      this.fkCipher = fkCipher2;
+    if (sessionKeyInfo.decKeyTag + "" !== this.keyTag + "") {
+      logger_default.info("keyTag \u4E0D\u4E00\u81F4\uFF0C\u91CD\u65B0\u83B7\u53D6\u5BC6\u94A5", sessionKeyInfo.decKeyTag, this.keyTag);
+      const { fkCipher, keyTag, isPullAgain } = await scmAdd2(this.kmsUrl);
+      this.fkCipher = fkCipher;
       this.keyTag = keyTag;
+      if (isPullAgain === 2) {
+        return await this._refreshSessionKey();
+      }
+    } else {
+      const response = await getSpmId(this.kmsUrl, {
+        account: config_default.account,
+        appId: config_default.appID
+      });
+      const spmInfo = response.data;
+      if (spmInfo.keyLength - spmInfo.useNumber < 1e3) {
+        scmAdd2(this.kmsUrl).then(({ fkCipher, keyTag }) => {
+          this.fkCipher = fkCipher;
+          this.keyTag = keyTag;
+          this.spmId = spmId;
+        });
+      }
     }
-    const fkCipher = this.fkCipher.slice(sessionKeyInfo.decKeySn * 2, sessionKeyInfo.decKeySn * 2 + 32);
-    const cipherText = await qss_encrypt(fkCipher, sessionKeyInfo.keyCipher, normalizedIV || this.iv, this.encryptMode[mode], plainText);
-    return { cipherText, keyId: sessionKeyInfo.keyId };
+    return sessionKeyInfo;
+  }
+  /**
+   * 通过 keyId 获取会话密钥（用于解密场景）
+   */
+  async _getSessionKeyById(keyId) {
+    const { data: sessionKeyInfo } = await sessionKeyQuery(this.kmsUrl, {
+      spmId: this.spmId,
+      keyId
+    });
+    if (sessionKeyInfo.decKeyTag + "" !== this.keyTag + "") {
+      logger_default.info("keyTag \u4E0D\u4E00\u81F4\uFF0C\u91CD\u65B0\u83B7\u53D6\u5BC6\u94A5", sessionKeyInfo.decKeyTag, this.keyTag);
+      const { fkCipher, keyTag, isPullAgain } = await scmAdd2(this.kmsUrl);
+      this.fkCipher = fkCipher;
+      this.keyTag = keyTag;
+      this.spmId = spmId;
+      if (isPullAgain === 2) {
+        return await this._refreshSessionKeyById(keyId);
+      }
+    } else {
+      const response = await getSpmId(this.kmsUrl, {
+        account: config_default.account,
+        appId: config_default.appID
+      });
+      const spmInfo = response.data;
+      if (spmInfo.keyLength - spmInfo.useNumber < 1e3) {
+        scmAdd2(this.kmsUrl).then(({ fkCipher, keyTag }) => {
+          this.fkCipher = fkCipher;
+          this.keyTag = keyTag;
+          this.spmId = spmId;
+        });
+      }
+    }
+    return sessionKeyInfo;
   }
   async _reLogin() {
     try {
@@ -4817,10 +4892,10 @@ var QuantumEncryptPlug = class {
     } catch (err) {
       if (err.message === "KEY_TAG_MISMATCH") {
         logger_default.info("kmslogin keyTag \u4E0D\u4E00\u81F4\uFF0C\u91CD\u65B0\u62C9\u53D6\u5BC6\u94A5");
-        const { fkCipher, keyTag, spmId } = await scmAdd2(this.kmsUrl);
+        const { fkCipher, keyTag, spmId: spmId2 } = await scmAdd2(this.kmsUrl);
         this.fkCipher = fkCipher;
         this.keyTag = keyTag;
-        this.spmId = spmId;
+        this.spmId = spmId2;
         await kmsLogin(this.kmsUrl, this.spmId, this.fkCipher, this.keyTag);
       } else {
         throw err;
@@ -4865,19 +4940,38 @@ var QuantumEncryptPlug = class {
   }
   async _doDecrypt(cipherText, keyId, iv, mode) {
     const normalizedIV = this._normalizeIV(iv);
+    const sessionKeyInfo = await this._getSessionKeyById(keyId);
+    const fkCipher = this.fkCipher.slice(sessionKeyInfo.decKeySn * 2, sessionKeyInfo.decKeySn * 2 + 32);
+    const plainText = await qss_decrypt(fkCipher, sessionKeyInfo.keyCipher, normalizedIV, this.encryptMode[mode], cipherText);
+    return { plainText };
+  }
+  /**
+   * 刷新会话密钥（用于 isPullAgain === 2 时）
+   */
+  async _refreshSessionKey() {
+    logger_default.info("isPullAgain === 2\uFF0C\u91CD\u65B0\u83B7\u53D6\u4F1A\u8BDD\u5BC6\u94A5");
+    const { data: sessionKeyInfo } = await sessionKeyAdd(this.kmsUrl, {
+      spmId: this.spmId,
+      "keyLength": 16,
+      "calcMode": 1,
+      "auth": 0,
+      "accounts": [config_default.account],
+      "appId": config_default.appID,
+      "keyType": 2,
+      "spmType": 6
+    });
+    return sessionKeyInfo;
+  }
+  /**
+   * 通过 keyId 刷新会话密钥（用于 isPullAgain === 2 时）
+   */
+  async _refreshSessionKeyById(keyId) {
+    logger_default.info("isPullAgain === 2\uFF0C\u91CD\u65B0\u67E5\u8BE2\u4F1A\u8BDD\u5BC6\u94A5");
     const { data: sessionKeyInfo } = await sessionKeyQuery(this.kmsUrl, {
       spmId: this.spmId,
       keyId
     });
-    if (sessionKeyInfo.decKeyTag !== this.keyTag) {
-      logger_default.info("decrypt: keyTag \u4E0D\u4E00\u81F4\uFF0C\u91CD\u65B0\u83B7\u53D6\u5BC6\u94A5");
-      const { fkCipher: fkCipher2, keyTag } = await scmAdd2(this.kmsUrl);
-      this.fkCipher = fkCipher2;
-      this.keyTag = keyTag;
-    }
-    const fkCipher = this.fkCipher.slice(sessionKeyInfo.decKeySn * 2, sessionKeyInfo.decKeySn * 2 + 32);
-    const plainText = await qss_decrypt(fkCipher, sessionKeyInfo.keyCipher, normalizedIV || this.iv, this.encryptMode[mode], cipherText);
-    return { plainText };
+    return sessionKeyInfo;
   }
   /**
    * 文件加密
@@ -4906,22 +5000,7 @@ var QuantumEncryptPlug = class {
     let keySn = 0;
     if (!sessionKey || !fillKey) {
       logger_default.info("encryptFile: sessionKey or fillKey is null");
-      const { data: sessionKeyInfo } = await sessionKeyAdd(this.kmsUrl, {
-        spmId: this.spmId,
-        "keyLength": 16,
-        "calcMode": 1,
-        "auth": 0,
-        "accounts": [config_default.account],
-        "appId": config_default.appID,
-        "keyType": 2,
-        "spmType": 6
-      });
-      if (sessionKeyInfo.decKeyTag !== this.keyTag) {
-        logger_default.info("encrypt: keyTag \u4E0D\u4E00\u81F4\uFF0C\u91CD\u65B0\u83B7\u53D6\u5BC6\u94A5");
-        const { fkCipher, keyTag } = await scmAdd2(this.kmsUrl);
-        this.fkCipher = fkCipher;
-        this.keyTag = keyTag;
-      }
+      const sessionKeyInfo = await this._getSessionKey();
       sessionKey = sessionKeyInfo.keyCipher;
       keyId = sessionKeyInfo.keyId;
       keySn = sessionKeyInfo.decKeySn;
@@ -4957,21 +5036,12 @@ var QuantumEncryptPlug = class {
     if (sessionKey && fillKey) {
       logger_default.info("decryptFile: sessionKey \u548C fillKey \u5DF2\u6709\uFF0C\u65E0\u9700\u91CD\u65B0\u83B7\u53D6");
     } else {
-      const { data: sessionKeyInfo } = await sessionKeyQuery(this.kmsUrl, {
-        spmId: this.spmId,
-        keyId
-      });
-      if (sessionKeyInfo.decKeyTag !== this.keyTag) {
-        logger_default.info("decryptFile: keyTag \u4E0D\u4E00\u81F4\uFF0C\u91CD\u65B0\u83B7\u53D6\u5BC6\u94A5");
-        const { fkCipher: fkCipher2, keyTag } = await scmAdd2(this.kmsUrl);
-        this.fkCipher = fkCipher2;
-        this.keyTag = keyTag;
-      }
-      const fkCipher = this.fkCipher.slice(sessionKeyInfo.decKeySn * 2, sessionKeyInfo.decKeySn * 2 + 32);
+      const sessionKeyInfo = await this._getSessionKeyById(keyId);
       sessionKey = sessionKeyInfo.keyCipher;
+      const fkCipher = this.fkCipher.slice(sessionKeyInfo.decKeySn * 2, sessionKeyInfo.decKeySn * 2 + 32);
       fillKey = fkCipher;
     }
-    const plainData = await qss_decrypt(fillKey, sessionKey, normalizedIV || this.iv, this.encryptMode[mode], fileData, true);
+    const plainData = await qss_decrypt(fillKey, sessionKey, normalizedIV, this.encryptMode[mode], fileData, true);
     const fileBuffer = Buffer.isBuffer(plainData) ? plainData : Buffer.from(plainData, "hex");
     return { fileBuffer, sessionKey, fillKey };
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "liangzimixin",
-  "version": "0.3.25",
+  "version": "0.3.26",
   "description": "Quantum-encrypted IM channel plugin for OpenClaw",
   "type": "module",
   "main": "dist/index.cjs",