shogun-core 6.2.2 → 6.2.4

package/dist/browser/shogun-core.js

@@ -141716,6 +141716,11 @@ const performDHRatchetStep = async (state, newRemotePublicKey) => {
         // Generate our sending key pair for future messages
         console.log("🔑 Generating DH key pair for responder's future sending");
         state.sendingDHKeyPair = await (0, signal_protocol_1.generateSignalKeyPair)();
+        // For responder's first receive, we don't derive a sending chain yet
+        // because we haven't sent anything. The sending chain will be derived
+        // when we send our first message.
+        console.log("✓ DH ratchet step completed (responder first receive)");
+        return;
     }
     else if (state.sendingDHKeyPair) {
         console.log("🔄 Deriving receiving chain from: DH(our_current_private, their_public)");
@@ -141727,6 +141732,7 @@ const performDHRatchetStep = async (state, newRemotePublicKey) => {
         console.log("🔄 DH ratchet step - receiving chain established");
     }
     // Step 2: Generate NEW DH key pair and derive sending chain
+    // This only executes for subsequent ratchet steps (not responder's first receive)
     console.log("🔑 Generating NEW DH key pair for ratchet step");
     state.sendingDHKeyPair = await (0, signal_protocol_1.generateSignalKeyPair)();
     state.sendingMessageNumber = 0;
@@ -141763,8 +141769,24 @@ const skipMessageKeys = async (state, until) => {
 // Encrypt message using Double Ratchet
 const doubleRatchetEncrypt = async (state, plaintext) => {
     console.log(`🔒 Encrypting message #${state.sendingMessageNumber} with Double Ratchet`);
+    // If responder is sending first message, derive sending chain
     if (!state.sendingChainKey) {
-        throw new Error("No sending chain key available - cannot encrypt");
+        if (!state.isInitiator &&
+            state.receivingDHPublicKey &&
+            state.sendingDHKeyPair) {
+            console.log("🔄 Responder's first send: Deriving sending chain");
+            // Derive sending chain from our sending DH key pair and their receiving DH public key
+            const sendingDHOutput = await (0, signal_protocol_1.performSignalDH)(state.sendingDHKeyPair.privateKey, state.receivingDHPublicKey);
+            const hkdfSending = await doubleRatchetHKDF(new Uint8Array(state.rootKey), sendingDHOutput, DOUBLE_RATCHET_INFO_CHAIN_KEY, 64);
+            state.rootKey = hkdfSending.slice(0, 32);
+            state.sendingChainKey = hkdfSending.slice(32, 64);
+            state.sendingMessageNumber = 0;
+            state.previousChainLength = state.receivingMessageNumber;
+            console.log("✅ Sending chain derived for responder's first message");
+        }
+        else {
+            throw new Error("No sending chain key available - cannot encrypt");
+        }
     }
     // Derive message key
     const messageKey = await deriveMessageKey(state.sendingChainKey);
@@ -144397,7 +144419,8 @@ exports.importSignalPublicKey = importSignalPublicKey;
 const importSignalSigningPublicKey = async (keyBytes) => {
     return await crypto.subtle.importKey("raw", keyBytes, {
         name: "Ed25519",
-    }, false, ["verify"]);
+    }, true, // Make public keys extractable for re-export in bundles
+    ["verify"]);
 };
 exports.importSignalSigningPublicKey = importSignalSigningPublicKey;
 const performSignalDH = async (privateKey, publicKey) => {