npm - nostr-tools - Versions diffs - 2.0.1 → 2.0.2 - Mend

nostr-tools 2.0.1 → 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/README.md CHANGED Viewed

@@ -21,7 +21,7 @@ If using TypeScript, this package requires TypeScript >= 5.0.
 ```js
 import { generateSecretKey, getPublicKey } from 'nostr-tools'
-let sk = generateSecretKey() // `sk` is a hex string
+let sk = generateSecretKey() // `sk` is a Uint8Array
 let pk = getPublicKey(sk) // `pk` is a hex string
 ```

package/lib/cjs/index.js CHANGED Viewed

@@ -45,6 +45,7 @@ __export(nostr_tools_exports, {
   nip30: () => nip30_exports,
   nip39: () => nip39_exports,
   nip42: () => nip42_exports,
+  nip44: () => nip44_exports,
   nip47: () => nip47_exports,
   nip57: () => nip57_exports,
   nip98: () => nip98_exports,
@@ -375,9 +376,9 @@ async function yieldThread() {
 }
 // relay.ts
-function relayConnect(url) {
+async function relayConnect(url) {
   const relay = new Relay(url);
-  relay.connect();
+  await relay.connect();
   return relay;
 }
 var Relay = class {
@@ -1633,6 +1634,128 @@ function makeAuthEvent(relayURL, challenge) {
   };
 }
+// nip44.ts
+var nip44_exports = {};
+__export(nip44_exports, {
+  default: () => nip44_default,
+  v2: () => v2
+});
+var import_chacha = require("@noble/ciphers/chacha");
+var import_utils9 = require("@noble/ciphers/utils");
+var import_secp256k13 = require("@noble/curves/secp256k1");
+var import_hkdf = require("@noble/hashes/hkdf");
+var import_hmac = require("@noble/hashes/hmac");
+var import_sha2562 = require("@noble/hashes/sha256");
+var import_utils10 = require("@noble/hashes/utils");
+var import_base3 = require("@scure/base");
+var decoder = new TextDecoder();
+var u = {
+  minPlaintextSize: 1,
+  maxPlaintextSize: 65535,
+  utf8Encode: import_utils10.utf8ToBytes,
+  utf8Decode(bytes) {
+    return decoder.decode(bytes);
+  },
+  getConversationKey(privkeyA, pubkeyB) {
+    const sharedX = import_secp256k13.secp256k1.getSharedSecret(privkeyA, "02" + pubkeyB).subarray(1, 33);
+    return (0, import_hkdf.extract)(import_sha2562.sha256, sharedX, "nip44-v2");
+  },
+  getMessageKeys(conversationKey, nonce) {
+    (0, import_utils9.ensureBytes)(conversationKey, 32);
+    (0, import_utils9.ensureBytes)(nonce, 32);
+    const keys = (0, import_hkdf.expand)(import_sha2562.sha256, conversationKey, nonce, 76);
+    return {
+      chacha_key: keys.subarray(0, 32),
+      chacha_nonce: keys.subarray(32, 44),
+      hmac_key: keys.subarray(44, 76)
+    };
+  },
+  calcPaddedLen(len) {
+    if (!Number.isSafeInteger(len) || len < 1)
+      throw new Error("expected positive integer");
+    if (len <= 32)
+      return 32;
+    const nextPower = 1 << Math.floor(Math.log2(len - 1)) + 1;
+    const chunk = nextPower <= 256 ? 32 : nextPower / 8;
+    return chunk * (Math.floor((len - 1) / chunk) + 1);
+  },
+  writeU16BE(num) {
+    if (!Number.isSafeInteger(num) || num < u.minPlaintextSize || num > u.maxPlaintextSize)
+      throw new Error("invalid plaintext size: must be between 1 and 65535 bytes");
+    const arr = new Uint8Array(2);
+    new DataView(arr.buffer).setUint16(0, num, false);
+    return arr;
+  },
+  pad(plaintext) {
+    const unpadded = u.utf8Encode(plaintext);
+    const unpaddedLen = unpadded.length;
+    const prefix = u.writeU16BE(unpaddedLen);
+    const suffix = new Uint8Array(u.calcPaddedLen(unpaddedLen) - unpaddedLen);
+    return (0, import_utils10.concatBytes)(prefix, unpadded, suffix);
+  },
+  unpad(padded) {
+    const unpaddedLen = new DataView(padded.buffer).getUint16(0);
+    const unpadded = padded.subarray(2, 2 + unpaddedLen);
+    if (unpaddedLen < u.minPlaintextSize || unpaddedLen > u.maxPlaintextSize || unpadded.length !== unpaddedLen || padded.length !== 2 + u.calcPaddedLen(unpaddedLen))
+      throw new Error("invalid padding");
+    return u.utf8Decode(unpadded);
+  },
+  hmacAad(key, message, aad) {
+    if (aad.length !== 32)
+      throw new Error("AAD associated data must be 32 bytes");
+    const combined = (0, import_utils10.concatBytes)(aad, message);
+    return (0, import_hmac.hmac)(import_sha2562.sha256, key, combined);
+  },
+  decodePayload(payload) {
+    if (typeof payload !== "string")
+      throw new Error("payload must be a valid string");
+    const plen = payload.length;
+    if (plen < 132 || plen > 87472)
+      throw new Error("invalid payload length: " + plen);
+    if (payload[0] === "#")
+      throw new Error("unknown encryption version");
+    let data;
+    try {
+      data = import_base3.base64.decode(payload);
+    } catch (error) {
+      throw new Error("invalid base64: " + error.message);
+    }
+    const dlen = data.length;
+    if (dlen < 99 || dlen > 65603)
+      throw new Error("invalid data length: " + dlen);
+    const vers = data[0];
+    if (vers !== 2)
+      throw new Error("unknown encryption version " + vers);
+    return {
+      nonce: data.subarray(1, 33),
+      ciphertext: data.subarray(33, -32),
+      mac: data.subarray(-32)
+    };
+  }
+};
+function encrypt2(plaintext, conversationKey, nonce = (0, import_utils10.randomBytes)(32)) {
+  const { chacha_key, chacha_nonce, hmac_key } = u.getMessageKeys(conversationKey, nonce);
+  const padded = u.pad(plaintext);
+  const ciphertext = (0, import_chacha.chacha20)(chacha_key, chacha_nonce, padded);
+  const mac = u.hmacAad(hmac_key, ciphertext, nonce);
+  return import_base3.base64.encode((0, import_utils10.concatBytes)(new Uint8Array([2]), nonce, ciphertext, mac));
+}
+function decrypt2(payload, conversationKey) {
+  const { nonce, ciphertext, mac } = u.decodePayload(payload);
+  const { chacha_key, chacha_nonce, hmac_key } = u.getMessageKeys(conversationKey, nonce);
+  const calculatedMac = u.hmacAad(hmac_key, ciphertext, nonce);
+  if (!(0, import_utils9.equalBytes)(calculatedMac, mac))
+    throw new Error("invalid MAC");
+  const padded = (0, import_chacha.chacha20)(chacha_key, chacha_nonce, ciphertext);
+  return u.unpad(padded);
+}
+var v2 = {
+  utils: u,
+  encrypt: encrypt2,
+  decrypt: decrypt2
+};
+var nip44_default = { v2 };
 // nip47.ts
 var nip47_exports = {};
 __export(nip47_exports, {
@@ -1675,7 +1798,7 @@ __export(nip57_exports, {
   useFetchImplementation: () => useFetchImplementation4,
   validateZapRequest: () => validateZapRequest
 });
-var import_base3 = require("@scure/base");
+var import_base4 = require("@scure/base");
 var _fetch4;
 try {
   _fetch4 = fetch;
@@ -1689,8 +1812,8 @@ async function getZapEndpoint(metadata) {
     let lnurl = "";
     let { lud06, lud16 } = JSON.parse(metadata.content);
     if (lud06) {
-      let { words } = import_base3.bech32.decode(lud06, 1e3);
-      let data = import_base3.bech32.fromWords(words);
+      let { words } = import_base4.bech32.decode(lud06, 1e3);
+      let data = import_base4.bech32.fromWords(words);
       lnurl = utf8Decoder.decode(data);
     } else if (lud16) {
       let [name, domain] = lud16.split("@");
@@ -1786,13 +1909,13 @@ __export(nip98_exports, {
   validateEvent: () => validateEvent2,
   validateToken: () => validateToken
 });
-var import_utils10 = require("@noble/hashes/utils");
-var import_sha2562 = require("@noble/hashes/sha256");
-var import_base4 = require("@scure/base");
+var import_utils12 = require("@noble/hashes/utils");
+var import_sha2563 = require("@noble/hashes/sha256");
+var import_base5 = require("@scure/base");
 var _authorizationScheme = "Nostr ";
 function hashPayload(payload) {
-  const hash = (0, import_sha2562.sha256)(utf8Encoder.encode(JSON.stringify(payload)));
-  return (0, import_utils10.bytesToHex)(hash);
+  const hash = (0, import_sha2563.sha256)(utf8Encoder.encode(JSON.stringify(payload)));
+  return (0, import_utils12.bytesToHex)(hash);
 }
 async function getToken(loginUrl, httpMethod, sign, includeAuthorizationScheme = false, payload) {
   const event = {
@@ -1805,11 +1928,11 @@ async function getToken(loginUrl, httpMethod, sign, includeAuthorizationScheme =
     content: ""
   };
   if (payload) {
-    event.tags.push(["payload", (0, import_utils10.bytesToHex)((0, import_sha2562.sha256)(utf8Encoder.encode(JSON.stringify(payload))))]);
+    event.tags.push(["payload", (0, import_utils12.bytesToHex)((0, import_sha2563.sha256)(utf8Encoder.encode(JSON.stringify(payload))))]);
   }
   const signedEvent = await sign(event);
   const authorizationScheme = includeAuthorizationScheme ? _authorizationScheme : "";
-  return authorizationScheme + import_base4.base64.encode(utf8Encoder.encode(JSON.stringify(signedEvent)));
+  return authorizationScheme + import_base5.base64.encode(utf8Encoder.encode(JSON.stringify(signedEvent)));
 }
 async function validateToken(token, url, method) {
   const event = await unpackEventFromToken(token).catch((error) => {
@@ -1825,7 +1948,7 @@ async function unpackEventFromToken(token) {
     throw new Error("Missing token");
   }
   token = token.replace(_authorizationScheme, "");
-  const eventB64 = utf8Decoder.decode(import_base4.base64.decode(token));
+  const eventB64 = utf8Decoder.decode(import_base5.base64.decode(token));
   if (!eventB64 || eventB64.length === 0 || !eventB64.startsWith("{")) {
     throw new Error("Invalid token");
   }
@@ -1858,7 +1981,7 @@ async function validateEvent2(event, url, method, body) {
   }
   if (Boolean(body) && Object.keys(body).length > 0) {
     const payloadTag = event.tags.find((t) => t[0] === "payload");
-    const payloadHash = (0, import_utils10.bytesToHex)((0, import_sha2562.sha256)(utf8Encoder.encode(JSON.stringify(body))));
+    const payloadHash = (0, import_utils12.bytesToHex)((0, import_sha2563.sha256)(utf8Encoder.encode(JSON.stringify(body))));
     if (payloadTag?.[1] !== payloadHash) {
       throw new Error("Invalid payload tag hash, does not match request body hash");
     }