shadowx-fca 8.0.0

package/src/e2ee/crypto.js

@@ -0,0 +1,173 @@
+"use strict";
+
+/**
+ * SHADOWX E2EE Crypto — All primitives using Node.js built-in crypto only.
+ * Implements: X25519 DH, HKDF-SHA256, AES-256-GCM, HMAC-SHA256
+ * Node.js >= 15 required (crypto.hkdfSync, crypto.generateKeyPairSync x25519).
+ */
+
+const crypto = require("crypto");
+
+// ─────────────────────────────────────────────────────────
+// X25519 Key Management
+// ─────────────────────────────────────────────────────────
+
+function generateKeyPair() {
+    const { privateKey, publicKey } = crypto.generateKeyPairSync("x25519", {
+        privateKeyEncoding: { type: "pkcs8", format: "der" },
+        publicKeyEncoding: { type: "spki", format: "der" }
+    });
+    return {
+        privateKey,
+        publicKey,
+        publicKeyRaw: exportRawPublicKey(publicKey)
+    };
+}
+
+function exportRawPublicKey(spkiDer) {
+    // X25519 SPKI DER: 12 bytes header + 32 bytes key
+    return Buffer.from(spkiDer).slice(-32);
+}
+
+function importPublicKey(raw32bytes) {
+    if (raw32bytes.length !== 32) throw new Error("X25519 public key must be 32 bytes");
+    // Build minimal SPKI wrapper for X25519
+    const header = Buffer.from("302a300506032b656e032100", "hex");
+    return Buffer.concat([header, raw32bytes]);
+}
+
+function dh(privateKeyPkcs8Der, peerPublicRaw32) {
+    const privKey = crypto.createPrivateKey({ key: Buffer.from(privateKeyPkcs8Der), format: "der", type: "pkcs8" });
+    const pubKeyDer = importPublicKey(Buffer.from(peerPublicRaw32));
+    const pubKey = crypto.createPublicKey({ key: pubKeyDer, format: "der", type: "spki" });
+    return crypto.diffieHellman({ privateKey: privKey, publicKey: pubKey });
+}
+
+// ─────────────────────────────────────────────────────────
+// HKDF-SHA256
+// ─────────────────────────────────────────────────────────
+
+function hkdf(ikm, length, salt, info) {
+    if (!salt) salt = Buffer.alloc(32, 0);
+    if (!info) info = Buffer.alloc(0);
+    if (typeof info === "string") info = Buffer.from(info, "utf8");
+    return Buffer.from(crypto.hkdfSync("sha256", ikm, salt, info, length));
+}
+
+function hkdfExtract(salt, ikm) {
+    return crypto.createHmac("sha256", salt).update(ikm).digest();
+}
+
+function hkdfExpand(prk, info, length) {
+    const results = [];
+    let t = Buffer.alloc(0);
+    let i = 0;
+    while (results.reduce((s, b) => s + b.length, 0) < length) {
+        i++;
+        const hmac = crypto.createHmac("sha256", prk);
+        hmac.update(t);
+        if (info) hmac.update(info);
+        hmac.update(Buffer.from([i]));
+        t = hmac.digest();
+        results.push(t);
+    }
+    return Buffer.concat(results).slice(0, length);
+}
+
+// ─────────────────────────────────────────────────────────
+// AES-256-GCM
+// ─────────────────────────────────────────────────────────
+
+function encrypt(key32, plaintext, aad) {
+    if (key32.length !== 32) throw new Error("AES-GCM key must be 32 bytes");
+    const iv = crypto.randomBytes(12);
+    const cipher = crypto.createCipheriv("aes-256-gcm", key32, iv);
+    if (aad) cipher.setAAD(aad);
+    const encrypted = Buffer.concat([cipher.update(plaintext), cipher.final()]);
+    const authTag = cipher.getAuthTag();
+    return Buffer.concat([iv, authTag, encrypted]);
+}
+
+function decrypt(key32, ciphertext, aad) {
+    if (key32.length !== 32) throw new Error("AES-GCM key must be 32 bytes");
+    if (ciphertext.length < 28) throw new Error("Ciphertext too short");
+    const iv = ciphertext.slice(0, 12);
+    const authTag = ciphertext.slice(12, 28);
+    const data = ciphertext.slice(28);
+    const decipher = crypto.createDecipheriv("aes-256-gcm", key32, iv);
+    decipher.setAuthTag(authTag);
+    if (aad) decipher.setAAD(aad);
+    return Buffer.concat([decipher.update(data), decipher.final()]);
+}
+
+// ─────────────────────────────────────────────────────────
+// HMAC-SHA256
+// ─────────────────────────────────────────────────────────
+
+function hmacSha256(key, data) {
+    return crypto.createHmac("sha256", key).update(data).digest();
+}
+
+function constantTimeEqual(a, b) {
+    if (a.length !== b.length) return false;
+    return crypto.timingSafeEqual(a, b);
+}
+
+// ─────────────────────────────────────────────────────────
+// X3DH Key Agreement (Extended Triple Diffie-Hellman)
+// ─────────────────────────────────────────────────────────
+
+/**
+ * Sender side of X3DH.
+ * @param {object} senderIdKey    - { privateKey, publicKey, publicKeyRaw } of sender identity key
+ * @param {object} ephemeralKey   - { privateKey, publicKey, publicKeyRaw } of ephemeral key
+ * @param {Buffer} recipientIdPub - recipient's identity public key (raw 32 bytes)
+ * @param {Buffer} recipientSpkPub - recipient's signed pre-key (raw 32 bytes)
+ * @param {Buffer} [recipientOpkPub] - recipient's one-time pre-key (raw 32 bytes), optional
+ * @returns {Buffer} 32-byte shared master secret
+ */
+function x3dhSend(senderIdKey, ephemeralKey, recipientIdPub, recipientSpkPub, recipientOpkPub) {
+    const dh1 = dh(senderIdKey.privateKey, recipientSpkPub);
+    const dh2 = dh(ephemeralKey.privateKey, recipientIdPub);
+    const dh3 = dh(ephemeralKey.privateKey, recipientSpkPub);
+    const parts = recipientOpkPub
+        ? [dh1, dh2, dh3, dh(ephemeralKey.privateKey, recipientOpkPub)]
+        : [dh1, dh2, dh3];
+    const ikm = Buffer.concat(parts);
+    const F = Buffer.alloc(32, 0xFF);
+    const salt = Buffer.alloc(32, 0);
+    return hkdf(Buffer.concat([F, ikm]), 32, salt, Buffer.from("WhisperText", "utf8"));
+}
+
+/**
+ * Receiver side of X3DH.
+ */
+function x3dhReceive(recipientIdKey, recipientSpkKey, recipientOpkKey, senderIdPub, senderEphemeralPub) {
+    const dh1 = dh(recipientSpkKey.privateKey, senderIdPub);
+    const dh2 = dh(recipientIdKey.privateKey, senderEphemeralPub);
+    const dh3 = dh(recipientSpkKey.privateKey, senderEphemeralPub);
+    const parts = recipientOpkKey
+        ? [dh1, dh2, dh3, dh(recipientOpkKey.privateKey, senderEphemeralPub)]
+        : [dh1, dh2, dh3];
+    const ikm = Buffer.concat(parts);
+    const F = Buffer.alloc(32, 0xFF);
+    const salt = Buffer.alloc(32, 0);
+    return hkdf(Buffer.concat([F, ikm]), 32, salt, Buffer.from("WhisperText", "utf8"));
+}
+
+module.exports = {
+    generateKeyPair,
+    exportRawPublicKey,
+    importPublicKey,
+    dh,
+    hkdf,
+    hkdfExtract,
+    hkdfExpand,
+    encrypt,
+    decrypt,
+    hmacSha256,
+    constantTimeEqual,
+    x3dhSend,
+    x3dhReceive,
+    randomBytes: crypto.randomBytes.bind(crypto)
+};

package/src/e2ee/index.js

@@ -0,0 +1,144 @@
+"use strict";
+
+/**
+ * SHADOWX E2EE Bridge — delegates to root e2ee.js (lib/index.mjs + messagix.so)
+ *
+ * The original vendor/fb-e2ee.cjs path is replaced by the root-level e2ee.js
+ * which uses the bundled messagix native binary via lib/index.mjs.
+ */
+
+const path   = require("path");
+const logger = require("../../logger");
+
+// Root e2ee.js — contains createBridge + patchApiForE2EE
+const rootE2EE = require("../../e2ee");
+
+class E2EEBridge {
+    constructor(ctx, api, defaultFuncs) {
+        this.ctx          = ctx;
+        this.api          = api;
+        this.defaultFuncs = defaultFuncs || null;
+        this.connected    = false;
+        this._bridge      = null;
+        this._messageCallback = null;
+    }
+
+    // ─────────────────────────────────────────────────────────────────────────
+    // Setup
+    // ─────────────────────────────────────────────────────────────────────────
+
+    async connect(deviceStorePath, userId) {
+        const fs = require("fs");
+
+        userId = userId || this.ctx.userID;
+
+        // Mirror the device-store path logic from the original bridge
+        if (!deviceStorePath) {
+            deviceStorePath = path.join(process.cwd(), ".shadowx-fca", "e2ee_device.json");
+        }
+        try { fs.mkdirSync(path.dirname(deviceStorePath), { recursive: true }); } catch (_) {}
+
+        logger.info("E2EE", "Device store: " + deviceStorePath);
+
+        // Propagate options into ctx.globalOptions so createBridge picks them up
+        const opts = this.ctx.globalOptions || {};
+        opts.enableE2EE      = true;
+        opts.e2eeMemoryOnly  = opts.e2eeMemoryOnly  !== false;
+        opts.e2eeDevicePath  = opts.e2eeDevicePath  || deviceStorePath;
+        this.ctx.globalOptions = opts;
+
+        // Patch the api object with E2EE helpers (sendMessage routing etc.)
+        rootE2EE.patchApiForE2EE(this.api, this.ctx);
+
+        // Obtain the bridge singleton for this ctx
+        this._bridge = rootE2EE.createBridge(this.ctx);
+
+        logger.info("E2EE", "Bootstrapping E2EE via lib/index.mjs + messagix native binary...");
+
+        // connect() returns the native Client; pass a callback to capture events
+        await this._bridge.connect((err, event) => {
+            if (err) {
+                logger.error("E2EE", "E2EE event error: " + (err && err.message ? err.message : String(err)));
+                return;
+            }
+            if (!event) return;
+
+            // Forward e2eeMessage events to the registered callback
+            if (event.type === "e2ee_message" && this._messageCallback) {
+                this._messageCallback(null, event);
+            }
+        });
+
+        this.connected = true;
+        logger.success("E2EE", "E2EE active — lib/index.mjs + messagix (Signal Protocol / Noise WebSocket)");
+        return this;
+    }
+
+    ensureConnected() {
+        if (!this.connected || !this._bridge) {
+            throw new Error("E2EE not connected. Call api.connectE2EE() first.");
+        }
+    }
+
+    isConnected() {
+        return this.connected && !!(this._bridge && this._bridge.isConnected());
+    }
+
+    // ─────────────────────────────────────────────────────────────────────────
+    // Send API
+    // ─────────────────────────────────────────────────────────────────────────
+
+    async sendMessage(threadId, msg, replyToMessageId) {
+        this.ensureConnected();
+        return this._bridge.sendMessage(threadId, msg, replyToMessageId);
+    }
+
+    async sendReaction(threadId, messageId, reaction, senderJid) {
+        this.ensureConnected();
+        return this._bridge.sendReaction(threadId, messageId, reaction, senderJid);
+    }
+
+    async sendTyping(threadId, isTyping) {
+        this.ensureConnected();
+        return this._bridge.sendTyping(threadId, isTyping);
+    }
+
+    async unsendMessage(messageId, threadId) {
+        this.ensureConnected();
+        return this._bridge.unsendMessage(messageId, threadId);
+    }
+
+    async editMessage(threadId, messageId, newText) {
+        this.ensureConnected();
+        return this._bridge.editMessage(threadId, messageId, newText);
+    }
+
+    // ─────────────────────────────────────────────────────────────────────────
+    // Receive API
+    // ─────────────────────────────────────────────────────────────────────────
+
+    onMessage(callback) {
+        this._messageCallback = callback;
+    }
+
+    // ─────────────────────────────────────────────────────────────────────────
+    // Info / lifecycle
+    // ─────────────────────────────────────────────────────────────────────────
+
+    getPublicKeys() {
+        return {
+            info: "Keys managed by lib/index.mjs + messagix native E2EE engine.",
+            note: "Device keys are stored in the device-store file. Do NOT delete it.",
+        };
+    }
+
+    async disconnect() {
+        if (this._bridge) {
+            try { await this._bridge.disconnect(); } catch (_) {}
+        }
+        this.connected = false;
+        logger.info("E2EE", "E2EE disconnected.");
+    }
+}
+
+module.exports = { E2EEBridge };

package/src/e2ee/proto/ArmadilloApplication.proto

@@ -0,0 +1,281 @@
+syntax = "proto2";
+package waArmadilloApplication;
+
+import "WACommon.proto";
+
+message Armadillo {
+    message Metadata {
+    }
+
+    message Payload {
+        oneof payload {
+            Content content = 1;
+            ApplicationData applicationData = 2;
+            Signal signal = 3;
+            SubProtocolPayload subProtocol = 4;
+        }
+    }
+
+    message SubProtocolPayload {
+        optional WACommon.FutureProofBehavior futureProof = 1;
+    }
+
+    message Signal {
+        message EncryptedBackupsSecrets {
+            message Epoch {
+                enum EpochStatus {
+                    ES_OPEN = 1;
+                    ES_CLOSE = 2;
+                }
+
+                optional uint64 ID = 1;
+                optional bytes anonID = 2;
+                optional bytes rootKey = 3;
+                optional EpochStatus status = 4;
+            }
+
+            optional uint64 backupID = 1;
+            optional uint64 serverDataID = 2;
+            repeated Epoch epoch = 3;
+            optional bytes tempOcmfClientState = 4;
+            optional bytes mailboxRootKey = 5;
+            optional bytes obliviousValidationToken = 6;
+        }
+
+        oneof signal {
+            EncryptedBackupsSecrets encryptedBackupsSecrets = 1;
+        }
+    }
+
+    message ApplicationData {
+        message MessageHistoryDocumentMessage {
+            optional WACommon.SubProtocol document = 1;
+        }
+
+        message AIBotResponseMessage {
+            optional string summonToken = 1;
+            optional string messageText = 2;
+            optional string serializedExtras = 3;
+        }
+
+        message MetadataSyncAction {
+            message SyncAttachmentInterventionAction {
+                enum InterventionType {
+                    UNKNOWN = 0;
+                    NUDE = 1;
+                    NOT_NUDE = 2;
+                }
+
+                optional WACommon.MessageKey messageKey = 1;
+                optional InterventionType interventionType = 2;
+            }
+
+            message SyncSpectraAction {
+                enum SpectraActionType {
+                    TAKEDOWN = 0;
+                    RESTORE = 1;
+                }
+
+                optional WACommon.MessageKey key = 1;
+                optional SpectraActionType actionType = 2;
+                optional int64 takedownActionID = 3;
+                optional string config = 4;
+            }
+
+            message SyncMessageAction {
+                message ActionMessageDelete {
+                }
+
+                oneof action {
+                    ActionMessageDelete messageDelete = 101;
+                }
+
+                optional WACommon.MessageKey key = 1;
+            }
+
+            message SyncChatAction {
+                message ActionChatRead {
+                    optional SyncActionMessageRange messageRange = 1;
+                    optional bool read = 2;
+                }
+
+                message ActionChatDelete {
+                    optional SyncActionMessageRange messageRange = 1;
+                }
+
+                message ActionChatArchive {
+                    optional SyncActionMessageRange messageRange = 1;
+                    optional bool archived = 2;
+                }
+
+                oneof action {
+                    ActionChatArchive chatArchive = 101;
+                    ActionChatDelete chatDelete = 102;
+                    ActionChatRead chatRead = 103;
+                }
+
+                optional string chatID = 1;
+            }
+
+            message SyncActionMessage {
+                optional WACommon.MessageKey key = 1;
+                optional int64 timestamp = 2;
+            }
+
+            message SyncActionMessageRange {
+                optional int64 lastMessageTimestamp = 1;
+                optional int64 lastSystemMessageTimestamp = 2;
+                repeated SyncActionMessage messages = 3;
+            }
+
+            oneof actionType {
+                SyncChatAction chatAction = 101;
+                SyncMessageAction messageAction = 102;
+                SyncSpectraAction spectraAction = 103;
+                SyncAttachmentInterventionAction attachmentInterventionAction = 104;
+            }
+
+            optional int64 actionTimestamp = 1;
+        }
+
+        message MetadataSyncNotification {
+            repeated MetadataSyncAction actions = 2;
+        }
+
+        oneof applicationData {
+            MetadataSyncNotification metadataSync = 1;
+            AIBotResponseMessage aiBotResponse = 2;
+            MessageHistoryDocumentMessage messageHistoryDocumentMessage = 3;
+        }
+    }
+
+    message Content {
+        message PaymentsTransactionMessage {
+            enum PaymentStatus {
+                PAYMENT_UNKNOWN = 0;
+                REQUEST_INITED = 4;
+                REQUEST_DECLINED = 5;
+                REQUEST_TRANSFER_INITED = 6;
+                REQUEST_TRANSFER_COMPLETED = 7;
+                REQUEST_TRANSFER_FAILED = 8;
+                REQUEST_CANCELED = 9;
+                REQUEST_EXPIRED = 10;
+                TRANSFER_INITED = 11;
+                TRANSFER_PENDING = 12;
+                TRANSFER_PENDING_RECIPIENT_VERIFICATION = 13;
+                TRANSFER_CANCELED = 14;
+                TRANSFER_COMPLETED = 15;
+                TRANSFER_NO_RECEIVER_CREDENTIAL_NO_RTS_PENDING_CANCELED = 16;
+                TRANSFER_NO_RECEIVER_CREDENTIAL_NO_RTS_PENDING_OTHER = 17;
+                TRANSFER_REFUNDED = 18;
+                TRANSFER_PARTIAL_REFUND = 19;
+                TRANSFER_CHARGED_BACK = 20;
+                TRANSFER_EXPIRED = 21;
+                TRANSFER_DECLINED = 22;
+                TRANSFER_UNAVAILABLE = 23;
+            }
+
+            optional uint64 transactionID = 1;
+            optional string amount = 2;
+            optional string currency = 3;
+            optional PaymentStatus paymentStatus = 4;
+            // optional waArmadilloXMA.ExtendedContentMessage extendedContentMessage = 5;
+        }
+
+        message NetworkVerificationMessage {
+            optional string codeText = 1;
+        }
+
+        message NoteReplyMessage {
+            oneof noteReplyContent {
+                WACommon.MessageText textContent = 4;
+                WACommon.SubProtocol stickerContent = 5;
+                WACommon.SubProtocol videoContent = 6;
+            }
+
+            optional string noteID = 1;
+            optional WACommon.MessageText noteText = 2;
+            optional int64 noteTimestampMS = 3;
+        }
+
+        message BumpExistingMessage {
+            optional WACommon.MessageKey key = 1;
+        }
+
+        message ImageGalleryMessage {
+            repeated WACommon.SubProtocol images = 1;
+        }
+
+        message ScreenshotAction {
+            enum ScreenshotType {
+                SCREENSHOT_IMAGE = 1;
+                SCREEN_RECORDING = 2;
+            }
+
+            optional ScreenshotType screenshotType = 1;
+        }
+
+        message ExtendedContentMessageWithSear {
+            optional string searID = 1;
+            optional bytes payload = 2;
+            optional string nativeURL = 3;
+            optional WACommon.SubProtocol searAssociatedMessage = 4;
+            optional string searSentWithMessageID = 5;
+        }
+
+        message RavenActionNotifMessage {
+            enum ActionType {
+                PLAYED = 0;
+                SCREENSHOT = 1;
+                FORCE_DISABLE = 2;
+            }
+
+            optional WACommon.MessageKey key = 1;
+            optional int64 actionTimestamp = 2;
+            optional ActionType actionType = 3;
+        }
+
+        message RavenMessage {
+            enum EphemeralType {
+                VIEW_ONCE = 0;
+                ALLOW_REPLAY = 1;
+                KEEP_IN_CHAT = 2;
+            }
+
+            oneof mediaContent {
+                WACommon.SubProtocol imageMessage = 2;
+                WACommon.SubProtocol videoMessage = 3;
+            }
+
+            optional EphemeralType ephemeralType = 1;
+        }
+
+        message CommonSticker {
+            enum StickerType {
+                SMALL_LIKE = 1;
+                MEDIUM_LIKE = 2;
+                LARGE_LIKE = 3;
+            }
+
+            optional StickerType stickerType = 1;
+        }
+
+        oneof content {
+            CommonSticker commonSticker = 1;
+            ScreenshotAction screenshotAction = 3;
+            // waArmadilloXMA.ExtendedContentMessage extendedContentMessage = 4;
+            RavenMessage ravenMessage = 5;
+            RavenActionNotifMessage ravenActionNotifMessage = 6;
+            ExtendedContentMessageWithSear extendedMessageContentWithSear = 7;
+            ImageGalleryMessage imageGalleryMessage = 8;
+            PaymentsTransactionMessage paymentsTransactionMessage = 10;
+            BumpExistingMessage bumpExistingMessage = 11;
+            NoteReplyMessage noteReplyMessage = 13;
+            RavenMessage ravenMessageMsgr = 14;
+            NetworkVerificationMessage networkVerificationMessage = 15;
+        }
+    }
+
+    optional Payload payload = 1;
+    optional Metadata metadata = 2;
+}

package/src/e2ee/proto/ArmadilloICDC.proto

@@ -0,0 +1,14 @@
+syntax = "proto2";
+package waArmadilloICDC;
+
+message ICDCIdentityList {
+  optional int32 seq = 1;
+  optional int64 timestamp = 2;
+  repeated bytes devices = 3;
+  optional int32 signingDeviceIndex = 4;
+}
+
+message SignedICDCIdentityList {
+  optional bytes details = 1;
+  optional bytes signature = 2;
+}