shogun-core 6.2.4 → 6.3.0

package/dist/src/crypto/double-ratchet.js

@@ -0,0 +1,908 @@
+// Double Ratchet Protocol Implementation for shogun-core
+// Based on the Signal Protocol specification for ongoing secure messaging
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
+    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+var __read = (this && this.__read) || function (o, n) {
+    var m = typeof Symbol === "function" && o[Symbol.iterator];
+    if (!m) return o;
+    var i = m.call(o), r, ar = [], e;
+    try {
+        while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value);
+    }
+    catch (error) { e = { error: error }; }
+    finally {
+        try {
+            if (r && !r.done && (m = i["return"])) m.call(i);
+        }
+        finally { if (e) throw e.error; }
+    }
+    return ar;
+};
+var __spreadArray = (this && this.__spreadArray) || function (to, from, pack) {
+    if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) {
+        if (ar || !(i in from)) {
+            if (!ar) ar = Array.prototype.slice.call(from, 0, i);
+            ar[i] = from[i];
+        }
+    }
+    return to.concat(ar || Array.prototype.slice.call(from));
+};
+import { generateSignalKeyPair, exportSignalPublicKey, importSignalPublicKey, performSignalDH, bufferToSignalHex, } from "./signal-protocol.js";
+// Double Ratchet Protocol Constants
+var DOUBLE_RATCHET_INFO_MESSAGE_KEY = new TextEncoder().encode("DoubleRatchet_MessageKey");
+var DOUBLE_RATCHET_INFO_CHAIN_KEY = new TextEncoder().encode("DoubleRatchet_ChainKey");
+var DOUBLE_RATCHET_INFO_ROOT_KEY = new TextEncoder().encode("DoubleRatchet_RootKey");
+var DOUBLE_RATCHET_CHAIN_KEY_CONSTANT = new Uint8Array(1).fill(0x02);
+var DOUBLE_RATCHET_MESSAGE_KEY_CONSTANT = new Uint8Array(1).fill(0x01);
+var MAX_SKIPPED_MESSAGE_KEYS = 1000;
+// HKDF implementation for Double Ratchet
+var doubleRatchetHKDF = function (salt_1, inputKeyMaterial_1, info_1) {
+    var args_1 = [];
+    for (var _i = 3; _i < arguments.length; _i++) {
+        args_1[_i - 3] = arguments[_i];
+    }
+    return __awaiter(void 0, __spreadArray([salt_1, inputKeyMaterial_1, info_1], __read(args_1), false), void 0, function (salt, inputKeyMaterial, info, length) {
+        var saltKey, prk, prkKey, okm, t, counter, pos, input, _a, remaining, copyLength;
+        if (length === void 0) { length = 32; }
+        return __generator(this, function (_b) {
+            switch (_b.label) {
+                case 0: return [4 /*yield*/, crypto.subtle.importKey("raw", salt.length > 0 ? salt.buffer : new ArrayBuffer(32), { name: "HMAC", hash: "SHA-256" }, false, ["sign"])];
+                case 1:
+                    saltKey = _b.sent();
+                    return [4 /*yield*/, crypto.subtle.sign("HMAC", saltKey, inputKeyMaterial)];
+                case 2:
+                    prk = _b.sent();
+                    return [4 /*yield*/, crypto.subtle.importKey("raw", prk, { name: "HMAC", hash: "SHA-256" }, false, ["sign"])];
+                case 3:
+                    prkKey = _b.sent();
+                    okm = new Uint8Array(length);
+                    t = new Uint8Array(0);
+                    counter = 1;
+                    pos = 0;
+                    _b.label = 4;
+                case 4:
+                    if (!(pos < length)) return [3 /*break*/, 6];
+                    input = new Uint8Array(t.length + info.length + 1);
+                    input.set(t);
+                    input.set(info, t.length);
+                    input[t.length + info.length] = counter;
+                    _a = Uint8Array.bind;
+                    return [4 /*yield*/, crypto.subtle.sign("HMAC", prkKey, input)];
+                case 5:
+                    t = new (_a.apply(Uint8Array, [void 0, _b.sent()]))();
+                    remaining = length - pos;
+                    copyLength = Math.min(t.length, remaining);
+                    okm.set(t.subarray(0, copyLength), pos);
+                    pos += copyLength;
+                    counter++;
+                    return [3 /*break*/, 4];
+                case 6: return [2 /*return*/, okm.buffer];
+            }
+        });
+    });
+};
+// HMAC-SHA256 for chain key updates
+var doubleRatchetHMAC = function (key, data) { return __awaiter(void 0, void 0, void 0, function () {
+    var hmacKey;
+    return __generator(this, function (_a) {
+        switch (_a.label) {
+            case 0: return [4 /*yield*/, crypto.subtle.importKey("raw", key, { name: "HMAC", hash: "SHA-256" }, false, ["sign"])];
+            case 1:
+                hmacKey = _a.sent();
+                return [4 /*yield*/, crypto.subtle.sign("HMAC", hmacKey, data.buffer)];
+            case 2: return [2 /*return*/, _a.sent()];
+        }
+    });
+}); };
+// Initialize Double Ratchet state from X3DH shared secret
+export var initializeDoubleRatchet = function (sharedSecret_1, isInitiator_1) {
+    var args_1 = [];
+    for (var _i = 2; _i < arguments.length; _i++) {
+        args_1[_i - 2] = arguments[_i];
+    }
+    return __awaiter(void 0, __spreadArray([sharedSecret_1, isInitiator_1], __read(args_1), false), void 0, function (sharedSecret, isInitiator, remotePublicKey, x3dhEphemeralPublic) {
+        var initialRootKey, rootKeyHex, state, _a, initialRootKeyHexBeforeDerivation, hkdfOutput, newRootKey, sendingChainKey, newRootKeyHex, sendingChainKeyHex;
+        if (remotePublicKey === void 0) { remotePublicKey = null; }
+        return __generator(this, function (_b) {
+            switch (_b.label) {
+                case 0:
+                    console.log("\uD83D\uDD04 Initializing Double Ratchet (".concat(isInitiator ? "Initiator" : "Responder", ")"));
+                    return [4 /*yield*/, doubleRatchetHKDF(new Uint8Array(0), // Empty salt
+                        sharedSecret, DOUBLE_RATCHET_INFO_ROOT_KEY, 32)];
+                case 1:
+                    initialRootKey = _b.sent();
+                    rootKeyHex = bufferToSignalHex(initialRootKey);
+                    console.log("✓ Initial root key derived from X3DH secret", {
+                        role: isInitiator ? "Initiator" : "Responder",
+                        rootKeyHex: rootKeyHex.substring(0, 16) + "...",
+                        rootKeyLength: initialRootKey.byteLength,
+                    });
+                    state = {
+                        // Core ratchet state
+                        rootKey: initialRootKey,
+                        sendingChainKey: null,
+                        receivingChainKey: null,
+                        // DH key pairs
+                        sendingDHKeyPair: null,
+                        receivingDHPublicKey: remotePublicKey,
+                        // Message counters
+                        sendingMessageNumber: 0,
+                        receivingMessageNumber: 0,
+                        previousChainLength: 0,
+                        // Skipped message keys storage
+                        skippedMessageKeys: new Map(),
+                        // State flags
+                        isInitiator: isInitiator,
+                        initialized: Date.now(),
+                        // X3DH ephemeral (only for initiator)
+                        x3dhEphemeralPublic: x3dhEphemeralPublic,
+                    };
+                    if (!isInitiator) return [3 /*break*/, 4];
+                    // Initiator: Generate initial DH key pair and derive sending chain directly from root key
+                    console.log("🔑 Generating initial DH key pair for initiator");
+                    _a = state;
+                    return [4 /*yield*/, generateSignalKeyPair()];
+                case 2:
+                    _a.sendingDHKeyPair = _b.sent();
+                    initialRootKeyHexBeforeDerivation = bufferToSignalHex(initialRootKey);
+                    console.log("🔍 Initiator - root key before sending chain derivation:", {
+                        rootKeyHex: initialRootKeyHexBeforeDerivation.substring(0, 16) + "...",
+                        rootKeyLength: initialRootKey.byteLength,
+                    });
+                    return [4 /*yield*/, doubleRatchetHKDF(new Uint8Array(0), // Empty salt for direct derivation
+                        initialRootKey, DOUBLE_RATCHET_INFO_CHAIN_KEY, 64)];
+                case 3:
+                    hkdfOutput = _b.sent();
+                    newRootKey = hkdfOutput.slice(0, 32);
+                    sendingChainKey = hkdfOutput.slice(32, 64);
+                    newRootKeyHex = bufferToSignalHex(newRootKey);
+                    sendingChainKeyHex = bufferToSignalHex(sendingChainKey);
+                    state.rootKey = newRootKey;
+                    state.sendingChainKey = sendingChainKey;
+                    console.log("✓ Initial sending chain derived directly from root key", {
+                        oldRootKeyHex: initialRootKeyHexBeforeDerivation.substring(0, 16) + "...",
+                        newRootKeyHex: newRootKeyHex.substring(0, 16) + "...",
+                        sendingChainKeyHex: sendingChainKeyHex.substring(0, 16) + "...",
+                        sendingChainKeyLength: sendingChainKey.byteLength,
+                    });
+                    return [3 /*break*/, 5];
+                case 4:
+                    // Responder: Start with receiving mode, will derive receiving chain from root key on first message
+                    console.log("📥 Responder initialized, waiting for first message");
+                    _b.label = 5;
+                case 5:
+                    console.log("✅ Double Ratchet state initialized successfully");
+                    return [2 /*return*/, state];
+            }
+        });
+    });
+};
+// Derive message key from chain key
+var deriveMessageKey = function (chainKey) { return __awaiter(void 0, void 0, void 0, function () {
+    var messageKey;
+    return __generator(this, function (_a) {
+        switch (_a.label) {
+            case 0: return [4 /*yield*/, doubleRatchetHMAC(chainKey, DOUBLE_RATCHET_MESSAGE_KEY_CONSTANT)];
+            case 1:
+                messageKey = _a.sent();
+                return [2 /*return*/, new Uint8Array(messageKey)];
+        }
+    });
+}); };
+// Derive next chain key from current chain key
+var deriveNextChainKey = function (chainKey) { return __awaiter(void 0, void 0, void 0, function () {
+    var nextChainKey;
+    return __generator(this, function (_a) {
+        switch (_a.label) {
+            case 0: return [4 /*yield*/, doubleRatchetHMAC(chainKey, DOUBLE_RATCHET_CHAIN_KEY_CONSTANT)];
+            case 1:
+                nextChainKey = _a.sent();
+                return [2 /*return*/, nextChainKey];
+        }
+    });
+}); };
+// Perform DH ratchet step (when receiving new DH public key)
+var performDHRatchetStep = function (state, newRemotePublicKey) { return __awaiter(void 0, void 0, void 0, function () {
+    var wasReceivingMessageNumber, wasPreviousChainLength, isResponderFirstReceive, initialRootKeyHex, hkdfResult, newRootKey, receivingChainKey, newRootKeyHex, receivingChainKeyHex, _a, _b, ourPublicKeyHex, _c, theirPublicKeyHex, _d, currentReceivingDHPublicKeyHex, _e, _f, receivingDHOutput, rootKeyBeforeReceivingDerivation, rootKeyBeforeReceivingHex, hkdfReceiving, oldRootKeyHex, newRootKeyHex, receivingChainKeyHex, _g, rootKeyBeforeSendingDerivation, rootKeyBeforeSendingHex, sendingDHOutput, hkdfSending, rootKeyAfterHex, sendingChainKeyHex;
+    return __generator(this, function (_h) {
+        switch (_h.label) {
+            case 0:
+                console.log("🔄 Performing DH ratchet step");
+                wasReceivingMessageNumber = state.receivingMessageNumber;
+                wasPreviousChainLength = state.previousChainLength;
+                isResponderFirstReceive = !state.isInitiator &&
+                    !state.receivingChainKey &&
+                    wasReceivingMessageNumber === 0 &&
+                    wasPreviousChainLength === 0;
+                // Update state for ratchet step (after check)
+                state.previousChainLength = state.receivingMessageNumber;
+                state.receivingDHPublicKey = newRemotePublicKey;
+                // Note: receivingMessageNumber is reset to 0 AFTER the isResponderFirstReceive check
+                // because we need to check wasReceivingMessageNumber === 0
+                console.log("🔍 Checking isResponderFirstReceive:", {
+                    isResponder: !state.isInitiator,
+                    hasReceivingChainKey: !!state.receivingChainKey,
+                    wasReceivingMessageNumber: wasReceivingMessageNumber,
+                    wasPreviousChainLength: wasPreviousChainLength,
+                    isResponderFirstReceive: isResponderFirstReceive,
+                    hasSendingDHKeyPair: !!state.sendingDHKeyPair,
+                    conditionBreakdown: {
+                        notInitiator: !state.isInitiator,
+                        noReceivingChainKey: !state.receivingChainKey,
+                        receivingMessageNumberIsZero: wasReceivingMessageNumber === 0,
+                        previousChainLengthIsZero: wasPreviousChainLength === 0,
+                        allConditionsMet: !state.isInitiator &&
+                            !state.receivingChainKey &&
+                            wasReceivingMessageNumber === 0 &&
+                            wasPreviousChainLength === 0,
+                    },
+                });
+                if (!isResponderFirstReceive) return [3 /*break*/, 3];
+                console.log("🔄 First receive: matching initiator's direct root key derivation (responder only)");
+                initialRootKeyHex = bufferToSignalHex(state.rootKey);
+                console.log("🔍 Responder first receive - root key before derivation:", {
+                    rootKeyHex: initialRootKeyHex.substring(0, 16) + "...",
+                    rootKeyLength: state.rootKey.byteLength,
+                });
+                return [4 /*yield*/, doubleRatchetHKDF(new Uint8Array(0), // Empty salt - same as initiator used
+                    state.rootKey, // Same root key as initiator had
+                    DOUBLE_RATCHET_INFO_CHAIN_KEY, 64)];
+            case 1:
+                hkdfResult = _h.sent();
+                newRootKey = hkdfResult.slice(0, 32);
+                receivingChainKey = hkdfResult.slice(32, 64);
+                newRootKeyHex = bufferToSignalHex(newRootKey);
+                receivingChainKeyHex = bufferToSignalHex(receivingChainKey);
+                state.rootKey = newRootKey;
+                // Set receiving chain to match initiator's sending chain
+                state.receivingChainKey = receivingChainKey;
+                // Reset receiving message number for the new chain
+                state.receivingMessageNumber = 0;
+                console.log("🔄 Receiving chain set to match initiator's sending chain", {
+                    oldRootKeyHex: initialRootKeyHex.substring(0, 16) + "...",
+                    newRootKeyHex: newRootKeyHex.substring(0, 16) + "...",
+                    receivingChainKeyHex: receivingChainKeyHex.substring(0, 16) + "...",
+                    receivingChainKeyLength: receivingChainKey.byteLength,
+                });
+                // Generate our sending key pair for future messages
+                console.log("🔑 Generating DH key pair for responder's future sending");
+                _a = state;
+                return [4 /*yield*/, generateSignalKeyPair()];
+            case 2:
+                _a.sendingDHKeyPair = _h.sent();
+                // For responder's first receive, we don't derive a sending chain yet
+                // because we haven't sent anything. The sending chain will be derived
+                // when we send our first message.
+                console.log("✓ DH ratchet step completed (responder first receive)");
+                return [2 /*return*/];
+            case 3:
+                // Reset receiving message number for new chain (for non-first receive cases)
+                state.receivingMessageNumber = 0;
+                if (!!state.sendingDHKeyPair) return [3 /*break*/, 5];
+                console.log("⚠️ Warning: No sendingDHKeyPair found, generating new one. This might cause chain derivation issues if state was restored.");
+                _b = state;
+                return [4 /*yield*/, generateSignalKeyPair()];
+            case 4:
+                _b.sendingDHKeyPair = _h.sent();
+                _h.label = 5;
+            case 5:
+                if (!state.sendingDHKeyPair) return [3 /*break*/, 13];
+                console.log("🔄 Deriving receiving chain from: DH(our_current_private, their_public)");
+                _c = bufferToSignalHex;
+                return [4 /*yield*/, exportSignalPublicKey(state.sendingDHKeyPair.publicKey)];
+            case 6:
+                ourPublicKeyHex = _c.apply(void 0, [_h.sent()]);
+                _d = bufferToSignalHex;
+                return [4 /*yield*/, exportSignalPublicKey(newRemotePublicKey)];
+            case 7:
+                theirPublicKeyHex = _d.apply(void 0, [_h.sent()]);
+                if (!state.receivingDHPublicKey) return [3 /*break*/, 9];
+                _f = bufferToSignalHex;
+                return [4 /*yield*/, exportSignalPublicKey(state.receivingDHPublicKey)];
+            case 8:
+                _e = _f.apply(void 0, [_h.sent()]);
+                return [3 /*break*/, 10];
+            case 9:
+                _e = "null";
+                _h.label = 10;
+            case 10:
+                currentReceivingDHPublicKeyHex = _e;
+                console.log("🔍 DH key derivation details:", {
+                    ourPublicKeyHex: ourPublicKeyHex.substring(0, 16) + "...",
+                    theirPublicKeyHex: theirPublicKeyHex.substring(0, 16) + "...",
+                    currentReceivingDHPublicKeyHex: currentReceivingDHPublicKeyHex !== "null"
+                        ? currentReceivingDHPublicKeyHex.substring(0, 16) + "..."
+                        : "null",
+                    rootKeyLength: state.rootKey.byteLength,
+                    rootKeyHex: bufferToSignalHex(state.rootKey).substring(0, 16) + "...",
+                    previousChainLength: state.previousChainLength,
+                    receivingMessageNumber: state.receivingMessageNumber,
+                });
+                return [4 /*yield*/, performSignalDH(state.sendingDHKeyPair.privateKey, newRemotePublicKey)];
+            case 11:
+                receivingDHOutput = _h.sent();
+                rootKeyBeforeReceivingDerivation = state.rootKey;
+                rootKeyBeforeReceivingHex = bufferToSignalHex(rootKeyBeforeReceivingDerivation);
+                return [4 /*yield*/, doubleRatchetHKDF(new Uint8Array(rootKeyBeforeReceivingDerivation), receivingDHOutput, DOUBLE_RATCHET_INFO_CHAIN_KEY, 64)];
+            case 12:
+                hkdfReceiving = _h.sent();
+                oldRootKeyHex = rootKeyBeforeReceivingHex.substring(0, 16) + "...";
+                state.rootKey = hkdfReceiving.slice(0, 32);
+                state.receivingChainKey = hkdfReceiving.slice(32, 64);
+                newRootKeyHex = bufferToSignalHex(state.rootKey).substring(0, 16) + "...";
+                receivingChainKeyHex = bufferToSignalHex(state.receivingChainKey).substring(0, 16) + "...";
+                console.log("🔄 DH ratchet step - receiving chain established", {
+                    oldRootKeyHex: oldRootKeyHex,
+                    newRootKeyHex: newRootKeyHex,
+                    receivingChainKeyHex: receivingChainKeyHex,
+                    receivingChainKeyLength: state.receivingChainKey.byteLength,
+                    previousChainLength: state.previousChainLength,
+                });
+                _h.label = 13;
+            case 13:
+                // Step 2: Generate NEW DH key pair and derive sending chain
+                // This only executes for subsequent ratchet steps (not responder's first receive)
+                console.log("🔑 Generating NEW DH key pair for ratchet step", {
+                    rootKeyBeforeSendingDerivation: bufferToSignalHex(state.rootKey).substring(0, 16) + "...",
+                    previousChainLength: state.previousChainLength,
+                });
+                _g = state;
+                return [4 /*yield*/, generateSignalKeyPair()];
+            case 14:
+                _g.sendingDHKeyPair = _h.sent();
+                state.sendingMessageNumber = 0;
+                rootKeyBeforeSendingDerivation = state.rootKey;
+                rootKeyBeforeSendingHex = bufferToSignalHex(rootKeyBeforeSendingDerivation);
+                return [4 /*yield*/, performSignalDH(state.sendingDHKeyPair.privateKey, newRemotePublicKey)];
+            case 15:
+                sendingDHOutput = _h.sent();
+                return [4 /*yield*/, doubleRatchetHKDF(new Uint8Array(rootKeyBeforeSendingDerivation), sendingDHOutput, DOUBLE_RATCHET_INFO_CHAIN_KEY, 64)];
+            case 16:
+                hkdfSending = _h.sent();
+                state.rootKey = hkdfSending.slice(0, 32);
+                state.sendingChainKey = hkdfSending.slice(32, 64);
+                rootKeyAfterHex = bufferToSignalHex(state.rootKey);
+                sendingChainKeyHex = bufferToSignalHex(state.sendingChainKey);
+                console.log("🔄 DH ratchet step - sending chain established", {
+                    rootKeyBeforeHex: rootKeyBeforeSendingHex.substring(0, 16) + "...",
+                    rootKeyAfterHex: rootKeyAfterHex.substring(0, 16) + "...",
+                    sendingChainKeyHex: sendingChainKeyHex.substring(0, 16) + "...",
+                    previousChainLength: state.previousChainLength,
+                });
+                console.log("✓ DH ratchet step completed");
+                return [2 /*return*/];
+        }
+    });
+}); };
+// Skip message keys for out-of-order messages
+var skipMessageKeys = function (state, until) { return __awaiter(void 0, void 0, void 0, function () {
+    var dhPublicKeyHex, _a, _b, chainKey, messageKey, keyId;
+    return __generator(this, function (_c) {
+        switch (_c.label) {
+            case 0:
+                console.log("\u23ED\uFE0F Skipping message keys from ".concat(state.receivingMessageNumber, " to ").concat(until));
+                if (!(state.receivingChainKey && state.receivingMessageNumber < until)) return [3 /*break*/, 8];
+                if (until - state.receivingMessageNumber > MAX_SKIPPED_MESSAGE_KEYS) {
+                    throw new Error("Too many skipped message keys: ".concat(until - state.receivingMessageNumber));
+                }
+                if (!state.receivingDHPublicKey) return [3 /*break*/, 2];
+                _b = bufferToSignalHex;
+                return [4 /*yield*/, exportSignalPublicKey(state.receivingDHPublicKey)];
+            case 1:
+                _a = _b.apply(void 0, [_c.sent()]);
+                return [3 /*break*/, 3];
+            case 2:
+                _a = "null";
+                _c.label = 3;
+            case 3:
+                dhPublicKeyHex = _a;
+                chainKey = state.receivingChainKey;
+                _c.label = 4;
+            case 4:
+                if (!(state.receivingMessageNumber < until)) return [3 /*break*/, 7];
+                return [4 /*yield*/, deriveMessageKey(chainKey)];
+            case 5:
+                messageKey = _c.sent();
+                keyId = "".concat(dhPublicKeyHex, ":").concat(state.receivingMessageNumber);
+                state.skippedMessageKeys.set(keyId, messageKey);
+                return [4 /*yield*/, deriveNextChainKey(chainKey)];
+            case 6:
+                chainKey = _c.sent();
+                state.receivingMessageNumber++;
+                console.log("\uD83D\uDCDD Saved skipped message key for ".concat(keyId));
+                return [3 /*break*/, 4];
+            case 7:
+                state.receivingChainKey = chainKey;
+                _c.label = 8;
+            case 8: return [2 /*return*/];
+        }
+    });
+}); };
+// Encrypt message using Double Ratchet
+export var doubleRatchetEncrypt = function (state, plaintext) { return __awaiter(void 0, void 0, void 0, function () {
+    var sendingDHOutput, hkdfSending, messageKey, dhPublicKeyBuffer, dhPublicKeyBytes, sendingDHPublicKeyHex, rootKeyHex, sendingChainKeyHex, receivingDHPublicKeyHex, _a, _b, aad, view, plaintextBytes, iv, cryptoKey, ciphertext, _c, messageEnvelope;
+    return __generator(this, function (_d) {
+        switch (_d.label) {
+            case 0:
+                console.log("\uD83D\uDD12 Encrypting message #".concat(state.sendingMessageNumber, " with Double Ratchet"));
+                if (!!state.sendingChainKey) return [3 /*break*/, 4];
+                if (!(!state.isInitiator &&
+                    state.receivingDHPublicKey &&
+                    state.sendingDHKeyPair)) return [3 /*break*/, 3];
+                console.log("🔄 Responder's first send: Deriving sending chain");
+                return [4 /*yield*/, performSignalDH(state.sendingDHKeyPair.privateKey, state.receivingDHPublicKey)];
+            case 1:
+                sendingDHOutput = _d.sent();
+                return [4 /*yield*/, doubleRatchetHKDF(new Uint8Array(state.rootKey), sendingDHOutput, DOUBLE_RATCHET_INFO_CHAIN_KEY, 64)];
+            case 2:
+                hkdfSending = _d.sent();
+                state.rootKey = hkdfSending.slice(0, 32);
+                state.sendingChainKey = hkdfSending.slice(32, 64);
+                state.sendingMessageNumber = 0;
+                state.previousChainLength = state.receivingMessageNumber;
+                console.log("✅ Sending chain derived for responder's first message");
+                return [3 /*break*/, 4];
+            case 3: throw new Error("No sending chain key available - cannot encrypt");
+            case 4: return [4 /*yield*/, deriveMessageKey(state.sendingChainKey)];
+            case 5:
+                messageKey = _d.sent();
+                return [4 /*yield*/, exportSignalPublicKey(state.sendingDHKeyPair.publicKey)];
+            case 6:
+                dhPublicKeyBuffer = _d.sent();
+                dhPublicKeyBytes = new Uint8Array(dhPublicKeyBuffer);
+                sendingDHPublicKeyHex = bufferToSignalHex(dhPublicKeyBuffer);
+                rootKeyHex = bufferToSignalHex(state.rootKey);
+                sendingChainKeyHex = bufferToSignalHex(state.sendingChainKey);
+                if (!state.receivingDHPublicKey) return [3 /*break*/, 8];
+                _b = bufferToSignalHex;
+                return [4 /*yield*/, exportSignalPublicKey(state.receivingDHPublicKey)];
+            case 7:
+                _a = _b.apply(void 0, [_d.sent()]);
+                return [3 /*break*/, 9];
+            case 8:
+                _a = "null";
+                _d.label = 9;
+            case 9:
+                receivingDHPublicKeyHex = _a;
+                console.log("🔑 Alice encryption - Chain and message keys", {
+                    sendingDHPublicKeyHex: sendingDHPublicKeyHex.substring(0, 16) + "...",
+                    receivingDHPublicKeyHex: receivingDHPublicKeyHex !== "null"
+                        ? receivingDHPublicKeyHex.substring(0, 16) + "..."
+                        : "null",
+                    rootKeyHex: rootKeyHex.substring(0, 16) + "...",
+                    sendingChainKeyHex: sendingChainKeyHex.substring(0, 16) + "...",
+                    sendingMessageNumber: state.sendingMessageNumber,
+                    previousChainLength: state.previousChainLength,
+                });
+                aad = new Uint8Array(dhPublicKeyBytes.length + 8);
+                aad.set(dhPublicKeyBytes);
+                view = new DataView(aad.buffer, dhPublicKeyBytes.length);
+                view.setUint32(0, state.sendingMessageNumber, true);
+                view.setUint32(4, state.previousChainLength, true);
+                plaintextBytes = new TextEncoder().encode(plaintext);
+                iv = crypto.getRandomValues(new Uint8Array(12));
+                return [4 /*yield*/, crypto.subtle.importKey("raw", messageKey.buffer, { name: "AES-GCM" }, false, ["encrypt"])];
+            case 10:
+                cryptoKey = _d.sent();
+                return [4 /*yield*/, crypto.subtle.encrypt({ name: "AES-GCM", iv: iv, additionalData: aad }, cryptoKey, plaintextBytes)];
+            case 11:
+                ciphertext = _d.sent();
+                console.log("🔍 Encryption details:", {
+                    messageNumber: state.sendingMessageNumber,
+                    previousChainLength: state.previousChainLength,
+                    dhPublicKeyLength: dhPublicKeyBytes.length,
+                    plaintextLength: plaintextBytes.length,
+                    ciphertextLength: ciphertext.byteLength,
+                    ivLength: iv.length,
+                    aadLength: aad.length,
+                    messageKeyLength: messageKey.length,
+                });
+                // Update sending chain key
+                _c = state;
+                return [4 /*yield*/, deriveNextChainKey(state.sendingChainKey)];
+            case 12:
+                // Update sending chain key
+                _c.sendingChainKey = _d.sent();
+                messageEnvelope = {
+                    dhPublicKey: dhPublicKeyBytes,
+                    messageNumber: state.sendingMessageNumber,
+                    previousChainLength: state.previousChainLength,
+                    ciphertext: new Uint8Array(ciphertext),
+                    iv: iv,
+                    timestamp: Date.now(),
+                };
+                // Include X3DH ephemeral public key in the first message from initiator
+                if (state.isInitiator &&
+                    state.sendingMessageNumber === 0 &&
+                    state.x3dhEphemeralPublic) {
+                    console.log("📤 Including X3DH ephemeral public key in first message");
+                    messageEnvelope.x3dhEphemeralPublic = new Uint8Array(state.x3dhEphemeralPublic);
+                }
+                state.sendingMessageNumber++;
+                console.log("\u2705 Message encrypted successfully (msg #".concat(state.sendingMessageNumber - 1, ")"));
+                // Securely delete message key
+                messageKey.fill(0);
+                return [2 /*return*/, messageEnvelope];
+        }
+    });
+}); };
+// Decrypt message using Double Ratchet
+export var doubleRatchetDecrypt = function (state, messageEnvelope) { return __awaiter(void 0, void 0, void 0, function () {
+    var dhPublicKey, messageNumber, previousChainLength, ciphertext, iv, dhPublicKeyHex, skippedKeyId, messageKey, currentDhKeyHex, _a, _b, remotePublicKey, skippedKeyCheck, originalChainKey, receivingChainKeyHex, rootKeyHex, receivingDHPublicKeyHex, _c, _d, _e, currentMessageNumber, aad, view, cryptoKey, aadDetails, rootKeyHex, messageKeyHex, receivingChainKeyHex, plaintext, plaintextString, error_1, errorObj;
+    return __generator(this, function (_f) {
+        switch (_f.label) {
+            case 0:
+                console.log("\uD83D\uDD13 Decrypting message #".concat(messageEnvelope.messageNumber, " with Double Ratchet"));
+                // Log initial state for debugging
+                console.log("🔍 Initial decrypt state:", {
+                    receivingMessageNumber: state.receivingMessageNumber,
+                    sendingMessageNumber: state.sendingMessageNumber,
+                    previousChainLength: state.previousChainLength,
+                    hasReceivingChainKey: !!state.receivingChainKey,
+                    hasReceivingDHPublicKey: !!state.receivingDHPublicKey,
+                    hasSendingDHKeyPair: !!state.sendingDHKeyPair,
+                    isInitiator: state.isInitiator,
+                });
+                dhPublicKey = messageEnvelope.dhPublicKey, messageNumber = messageEnvelope.messageNumber, previousChainLength = messageEnvelope.previousChainLength, ciphertext = messageEnvelope.ciphertext, iv = messageEnvelope.iv;
+                dhPublicKeyHex = bufferToSignalHex(dhPublicKey.buffer);
+                skippedKeyId = "".concat(dhPublicKeyHex, ":").concat(messageNumber);
+                messageKey = state.skippedMessageKeys.get(skippedKeyId);
+                if (!messageKey) return [3 /*break*/, 1];
+                console.log("\uD83D\uDCCB Using skipped message key for message ".concat(messageNumber));
+                state.skippedMessageKeys.delete(skippedKeyId);
+                return [3 /*break*/, 17];
+            case 1:
+                if (!state.receivingDHPublicKey) return [3 /*break*/, 3];
+                _b = bufferToSignalHex;
+                return [4 /*yield*/, exportSignalPublicKey(state.receivingDHPublicKey)];
+            case 2:
+                _a = _b.apply(void 0, [_f.sent()]);
+                return [3 /*break*/, 4];
+            case 3:
+                _a = null;
+                _f.label = 4;
+            case 4:
+                currentDhKeyHex = _a;
+                console.log("🔍 DH key comparison:", {
+                    messageDhKeyHex: dhPublicKeyHex.substring(0, 16) + "...",
+                    currentDhKeyHex: currentDhKeyHex
+                        ? currentDhKeyHex.substring(0, 16) + "..."
+                        : "null",
+                    match: dhPublicKeyHex === currentDhKeyHex,
+                    receivingMessageNumber: state.receivingMessageNumber,
+                });
+                if (!(dhPublicKeyHex !== currentDhKeyHex)) return [3 /*break*/, 8];
+                console.log("🔄 New DH public key detected, performing ratchet step");
+                // Skip message keys for current chain if needed
+                return [4 /*yield*/, skipMessageKeys(state, state.receivingMessageNumber)];
+            case 5:
+                // Skip message keys for current chain if needed
+                _f.sent();
+                return [4 /*yield*/, importSignalPublicKey(dhPublicKey.buffer)];
+            case 6:
+                remotePublicKey = _f.sent();
+                return [4 /*yield*/, performDHRatchetStep(state, remotePublicKey)];
+            case 7:
+                _f.sent();
+                _f.label = 8;
+            case 8:
+                if (!(messageNumber > state.receivingMessageNumber)) return [3 /*break*/, 10];
+                return [4 /*yield*/, skipMessageKeys(state, messageNumber)];
+            case 9:
+                _f.sent();
+                _f.label = 10;
+            case 10:
+                if (!(messageNumber !== state.receivingMessageNumber)) return [3 /*break*/, 11];
+                skippedKeyCheck = state.skippedMessageKeys.get(skippedKeyId);
+                if (!skippedKeyCheck) {
+                    throw new Error("Message number mismatch: expected ".concat(state.receivingMessageNumber, ", got ").concat(messageNumber, ". This may indicate a missing message or synchronization issue."));
+                }
+                // If we found it in skipped keys, we should have handled it earlier
+                // This shouldn't happen, but if it does, use the skipped key
+                messageKey = skippedKeyCheck;
+                state.skippedMessageKeys.delete(skippedKeyId);
+                console.log("\uD83D\uDCCB Using skipped message key for message ".concat(messageNumber, " (late catch)"));
+                return [3 /*break*/, 17];
+            case 11:
+                // Derive message key
+                if (!state.receivingChainKey) {
+                    throw new Error("No receiving chain key available - cannot decrypt");
+                }
+                originalChainKey = state.receivingChainKey;
+                receivingChainKeyHex = bufferToSignalHex(originalChainKey);
+                rootKeyHex = bufferToSignalHex(state.rootKey);
+                if (!state.receivingDHPublicKey) return [3 /*break*/, 13];
+                _d = bufferToSignalHex;
+                return [4 /*yield*/, exportSignalPublicKey(state.receivingDHPublicKey)];
+            case 12:
+                _c = _d.apply(void 0, [_f.sent()]);
+                return [3 /*break*/, 14];
+            case 13:
+                _c = "null";
+                _f.label = 14;
+            case 14:
+                receivingDHPublicKeyHex = _c;
+                return [4 /*yield*/, deriveMessageKey(originalChainKey)];
+            case 15:
+                messageKey = _f.sent();
+                _e = state;
+                return [4 /*yield*/, deriveNextChainKey(originalChainKey)];
+            case 16:
+                _e.receivingChainKey = _f.sent();
+                currentMessageNumber = state.receivingMessageNumber;
+                state.receivingMessageNumber++;
+                console.log("🔑 Bob decryption - Chain and message keys", {
+                    messageNumber: currentMessageNumber,
+                    chainKeyLength: originalChainKey.byteLength,
+                    messageKeyLength: messageKey.length,
+                    nextReceivingMessageNumber: state.receivingMessageNumber,
+                    receivingDHPublicKeyHex: receivingDHPublicKeyHex.substring(0, 16) + "...",
+                    rootKeyHex: rootKeyHex.substring(0, 16) + "...",
+                    receivingChainKeyHex: receivingChainKeyHex.substring(0, 16) + "...",
+                    previousChainLength: state.previousChainLength,
+                });
+                _f.label = 17;
+            case 17:
+                aad = new Uint8Array(dhPublicKey.length + 8);
+                aad.set(dhPublicKey);
+                view = new DataView(aad.buffer, dhPublicKey.length);
+                view.setUint32(0, messageNumber, true);
+                view.setUint32(4, previousChainLength, true);
+                // Log AAD details for debugging (before decryption attempt)
+                console.log("🔍 AAD details for decryption:", {
+                    dhPublicKeyHex: dhPublicKeyHex.substring(0, 16) + "...",
+                    messageNumber: messageNumber,
+                    previousChainLength: previousChainLength,
+                    statePreviousChainLength: state.previousChainLength,
+                    receivingMessageNumber: state.receivingMessageNumber,
+                    aadLength: aad.length,
+                    messageKeyLength: messageKey.length,
+                });
+                return [4 /*yield*/, crypto.subtle.importKey("raw", messageKey.buffer, { name: "AES-GCM" }, false, ["decrypt"])];
+            case 18:
+                cryptoKey = _f.sent();
+                _f.label = 19;
+            case 19:
+                _f.trys.push([19, 21, , 22]);
+                aadDetails = {
+                    dhPublicKeyPrefix: Array.from(dhPublicKey.slice(0, 8))
+                        .map(function (b) { return b.toString(16).padStart(2, "0"); })
+                        .join(""),
+                    messageNumberBytes: Array.from(new Uint8Array(aad.slice(dhPublicKey.length, dhPublicKey.length + 4)))
+                        .map(function (b) { return b.toString(16).padStart(2, "0"); })
+                        .join(""),
+                    previousChainLengthBytes: Array.from(new Uint8Array(aad.slice(dhPublicKey.length + 4)))
+                        .map(function (b) { return b.toString(16).padStart(2, "0"); })
+                        .join(""),
+                };
+                rootKeyHex = bufferToSignalHex(state.rootKey);
+                messageKeyHex = bufferToSignalHex(messageKey.buffer);
+                receivingChainKeyHex = state.receivingChainKey
+                    ? bufferToSignalHex(state.receivingChainKey)
+                    : "null";
+                console.log("🔍 Decryption attempt details:", {
+                    messageNumber: messageNumber,
+                    previousChainLength: previousChainLength,
+                    statePreviousChainLength: state.previousChainLength,
+                    dhPublicKeyLength: dhPublicKey.length,
+                    ciphertextLength: ciphertext.length,
+                    ivLength: iv.length,
+                    aadLength: aad.length,
+                    messageKeyLength: messageKey.length,
+                    rootKeyHex: rootKeyHex.substring(0, 32) + "...", // Show more for comparison
+                    receivingChainKeyHex: receivingChainKeyHex !== "null"
+                        ? receivingChainKeyHex.substring(0, 32) + "..."
+                        : "null",
+                    messageKeyHex: messageKeyHex.substring(0, 32) + "...",
+                    receivingMessageNumber: state.receivingMessageNumber,
+                    aadDetails: aadDetails,
+                });
+                return [4 /*yield*/, crypto.subtle.decrypt({ name: "AES-GCM", iv: new Uint8Array(iv), additionalData: aad }, cryptoKey, new Uint8Array(ciphertext))];
+            case 20:
+                plaintext = _f.sent();
+                plaintextString = new TextDecoder().decode(plaintext);
+                console.log("\u2705 Message decrypted successfully: \"".concat(plaintextString, "\""));
+                // Securely delete message key
+                messageKey.fill(0);
+                return [2 /*return*/, plaintextString];
+            case 21:
+                error_1 = _f.sent();
+                errorObj = error_1 instanceof Error ? error_1 : new Error(String(error_1));
+                console.error("❌ Message decryption failed:", errorObj);
+                console.error("❌ Decryption error details:", {
+                    errorName: errorObj.name,
+                    errorMessage: errorObj.message,
+                    messageNumber: messageNumber,
+                    previousChainLength: previousChainLength,
+                    dhPublicKeyLength: dhPublicKey.length,
+                    ciphertextLength: ciphertext.length,
+                    ivLength: iv.length,
+                    aadLength: aad.length,
+                    messageKeyLength: messageKey.length,
+                });
+                throw new Error("Message decryption failed - authentication failed: ".concat(errorObj.message));
+            case 22: return [2 /*return*/];
+        }
+    });
+}); };
+// Serialize Double Ratchet state for storage
+export var serializeDoubleRatchetState = function (state) { return __awaiter(void 0, void 0, void 0, function () {
+    var serialized, _a, _b, _c, _d;
+    var _e;
+    return __generator(this, function (_f) {
+        switch (_f.label) {
+            case 0:
+                _e = {
+                    rootKey: bufferToSignalHex(state.rootKey),
+                    sendingChainKey: state.sendingChainKey
+                        ? bufferToSignalHex(state.sendingChainKey)
+                        : null,
+                    receivingChainKey: state.receivingChainKey
+                        ? bufferToSignalHex(state.receivingChainKey)
+                        : null
+                };
+                if (!state.sendingDHKeyPair) return [3 /*break*/, 2];
+                _b = bufferToSignalHex;
+                return [4 /*yield*/, exportSignalPublicKey(state.sendingDHKeyPair.publicKey)];
+            case 1:
+                _a = _b.apply(void 0, [_f.sent()]);
+                return [3 /*break*/, 3];
+            case 2:
+                _a = null;
+                _f.label = 3;
+            case 3:
+                _e.sendingDHPublicKey = _a;
+                if (!state.receivingDHPublicKey) return [3 /*break*/, 5];
+                _d = bufferToSignalHex;
+                return [4 /*yield*/, exportSignalPublicKey(state.receivingDHPublicKey)];
+            case 4:
+                _c = _d.apply(void 0, [_f.sent()]);
+                return [3 /*break*/, 6];
+            case 5:
+                _c = null;
+                _f.label = 6;
+            case 6:
+                serialized = (_e.receivingDHPublicKey = _c,
+                    _e.sendingMessageNumber = state.sendingMessageNumber,
+                    _e.receivingMessageNumber = state.receivingMessageNumber,
+                    _e.previousChainLength = state.previousChainLength,
+                    _e.isInitiator = state.isInitiator,
+                    _e.initialized = state.initialized,
+                    _e.skippedMessageKeysCount = state.skippedMessageKeys.size,
+                    _e);
+                return [2 /*return*/, JSON.stringify(serialized)];
+        }
+    });
+}); };
+// Clean up old skipped message keys to prevent memory bloat
+export var cleanupSkippedMessageKeys = function (state, maxAge) {
+    if (maxAge === void 0) { maxAge = 7 * 24 * 60 * 60 * 1000; }
+    var now = Date.now();
+    var keysToDelete = [];
+    // In a real implementation, you'd track the age of each skipped key
+    // For now, just limit the total number
+    if (state.skippedMessageKeys.size > MAX_SKIPPED_MESSAGE_KEYS * 0.8) {
+        var keys = Array.from(state.skippedMessageKeys.keys());
+        var deleteCount = state.skippedMessageKeys.size - MAX_SKIPPED_MESSAGE_KEYS / 2;
+        for (var i = 0; i < deleteCount; i++) {
+            keysToDelete.push(keys[i]);
+        }
+    }
+    keysToDelete.forEach(function (key) {
+        state.skippedMessageKeys.delete(key);
+    });
+    if (keysToDelete.length > 0) {
+        console.log("\uD83E\uDDF9 Cleaned up ".concat(keysToDelete.length, " old skipped message keys"));
+    }
+};
+// Demonstrate Double Ratchet conversation
+export var demonstrateDoubleRatchet = function () { return __awaiter(void 0, void 0, void 0, function () {
+    var _a, initializeSignalUser, getSignalPublicKeyBundle, performSignalX3DHKeyExchange, alice, bob, bobBundle, exchangeResult, aliceState, bobState, conversation, msg1, decrypted1, msg2, decrypted2, result, error_2;
+    var _b;
+    return __generator(this, function (_c) {
+        switch (_c.label) {
+            case 0:
+                _c.trys.push([0, 14, , 15]);
+                console.log("🚀 Starting Double Ratchet demonstration...");
+                return [4 /*yield*/, import("./signal-protocol")];
+            case 1:
+                _a = _c.sent(), initializeSignalUser = _a.initializeSignalUser, getSignalPublicKeyBundle = _a.getSignalPublicKeyBundle, performSignalX3DHKeyExchange = _a.performSignalX3DHKeyExchange;
+                return [4 /*yield*/, initializeSignalUser("Alice")];
+            case 2:
+                alice = _c.sent();
+                return [4 /*yield*/, initializeSignalUser("Bob")];
+            case 3:
+                bob = _c.sent();
+                return [4 /*yield*/, getSignalPublicKeyBundle(bob)];
+            case 4:
+                bobBundle = _c.sent();
+                return [4 /*yield*/, performSignalX3DHKeyExchange(alice, bobBundle)];
+            case 5:
+                exchangeResult = _c.sent();
+                return [4 /*yield*/, initializeDoubleRatchet(exchangeResult.masterSecret, true)];
+            case 6:
+                aliceState = _c.sent();
+                return [4 /*yield*/, initializeDoubleRatchet(exchangeResult.masterSecret, false)];
+            case 7:
+                bobState = _c.sent();
+                console.log("📊 Double Ratchet states initialized");
+                conversation = [];
+                return [4 /*yield*/, doubleRatchetEncrypt(aliceState, "Hello Bob! This is our first Double Ratchet message! 🔒")];
+            case 8:
+                msg1 = _c.sent();
+                conversation.push({ from: "Alice", envelope: msg1 });
+                return [4 /*yield*/, doubleRatchetDecrypt(bobState, msg1)];
+            case 9:
+                decrypted1 = _c.sent();
+                console.log("Bob decrypted: \"".concat(decrypted1, "\""));
+                return [4 /*yield*/, doubleRatchetEncrypt(bobState, "Hi Alice! The Double Ratchet is working perfectly! 🎉")];
+            case 10:
+                msg2 = _c.sent();
+                conversation.push({ from: "Bob", envelope: msg2 });
+                return [4 /*yield*/, doubleRatchetDecrypt(aliceState, msg2)];
+            case 11:
+                decrypted2 = _c.sent();
+                console.log("Alice decrypted: \"".concat(decrypted2, "\""));
+                console.log("✅ Double Ratchet basic exchange completed successfully");
+                _b = {
+                    success: true
+                };
+                return [4 /*yield*/, serializeDoubleRatchetState(aliceState)];
+            case 12:
+                _b.aliceState = _c.sent();
+                return [4 /*yield*/, serializeDoubleRatchetState(bobState)];
+            case 13:
+                result = (_b.bobState = _c.sent(),
+                    _b.conversation = conversation,
+                    _b.messagesExchanged = conversation.length,
+                    _b.demonstration = {
+                        forwardSecrecy: true,
+                        outOfOrderHandling: true,
+                        dhRatcheting: true,
+                        chainKeyUpdating: true,
+                    },
+                    _b);
+                console.log("✅ Double Ratchet demonstration completed successfully");
+                return [2 /*return*/, result];
+            case 14:
+                error_2 = _c.sent();
+                console.error("❌ Double Ratchet demonstration failed:", error_2);
+                throw error_2;
+            case 15: return [2 /*return*/];
+        }
+    });
+}); };