ts-mls 1.0.2

package/dist/src/resumption.js

@@ -0,0 +1,74 @@
+import { makePskIndex, createGroup, joinGroup } from "./clientState";
+import { createCommit } from "./createCommit";
+import { getCiphersuiteImpl, getCiphersuiteFromName } from "./crypto/ciphersuite";
+import { UsageError } from "./mlsError";
+export async function reinitGroup(state, groupId, version, cipherSuite, extensions, cs) {
+    const reinitProposal = {
+        proposalType: "reinit",
+        reinit: {
+            groupId,
+            version,
+            cipherSuite,
+            extensions,
+        },
+    };
+    return createCommit(state, makePskIndex(state, {}), false, [reinitProposal], cs);
+}
+export async function reinitCreateNewGroup(state, keyPackage, privateKeyPackage, memberKeyPackages, groupId, cipherSuite, extensions) {
+    const cs = await getCiphersuiteImpl(getCiphersuiteFromName(cipherSuite));
+    const newGroup = await createGroup(groupId, keyPackage, privateKeyPackage, extensions, cs);
+    const addProposals = memberKeyPackages.map((kp) => ({
+        proposalType: "add",
+        add: { keyPackage: kp },
+    }));
+    const psk = makeResumptionPsk(state, "reinit", cs);
+    const resumptionPsk = {
+        proposalType: "psk",
+        psk: {
+            preSharedKeyId: psk.id,
+        },
+    };
+    return createCommit(newGroup, makePskIndex(state, {}), false, [...addProposals, resumptionPsk], cs);
+}
+export function makeResumptionPsk(state, usage, cs) {
+    const secret = state.keySchedule.resumptionPsk;
+    const pskNonce = cs.rng.randomBytes(cs.kdf.size);
+    const psk = {
+        pskEpoch: state.groupContext.epoch,
+        pskGroupId: state.groupContext.groupId,
+        psktype: "resumption",
+        pskNonce,
+        usage,
+    };
+    return { id: psk, secret };
+}
+export async function branchGroup(state, keyPackage, privateKeyPackage, memberKeyPackages, newGroupId, cs) {
+    const resumptionPsk = makeResumptionPsk(state, "branch", cs);
+    const pskSearch = makePskIndex(state, {});
+    const newGroup = await createGroup(newGroupId, keyPackage, privateKeyPackage, state.groupContext.extensions, cs);
+    const addMemberProposals = memberKeyPackages.map((kp) => ({
+        proposalType: "add",
+        add: {
+            keyPackage: kp,
+        },
+    }));
+    const branchPskProposal = {
+        proposalType: "psk",
+        psk: {
+            preSharedKeyId: resumptionPsk.id,
+        },
+    };
+    return createCommit(newGroup, pskSearch, false, [...addMemberProposals, branchPskProposal], cs);
+}
+export async function joinGroupFromBranch(oldState, welcome, keyPackage, privateKeyPackage, ratchetTree, cs) {
+    const pskSearch = makePskIndex(oldState, {});
+    return await joinGroup(welcome, keyPackage, privateKeyPackage, pskSearch, cs, ratchetTree, oldState);
+}
+export async function joinGroupFromReinit(suspendedState, welcome, keyPackage, privateKeyPackage, ratchetTree) {
+    const pskSearch = makePskIndex(suspendedState, {});
+    if (suspendedState.groupActiveState.kind !== "suspendedPendingReinit")
+        throw new UsageError("Cannot reinit because no init proposal found in last commit");
+    const cs = await getCiphersuiteImpl(getCiphersuiteFromName(suspendedState.groupActiveState.reinit.cipherSuite));
+    return await joinGroup(welcome, keyPackage, privateKeyPackage, pskSearch, cs, ratchetTree, suspendedState);
+}
+//# sourceMappingURL=resumption.js.map

package/dist/src/resumption.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resumption.js","sourceRoot":"","sources":["../../src/resumption.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,YAAY,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,eAAe,CAAA;AACjF,OAAO,EAAsB,YAAY,EAAE,MAAM,gBAAgB,CAAA;AACjE,OAAO,EAAoC,kBAAkB,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAA;AAGnH,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA;AAOvC,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,KAAkB,EAClB,OAAmB,EACnB,OAA4B,EAC5B,WAA4B,EAC5B,UAAuB,EACvB,EAAmB;IAEnB,MAAM,cAAc,GAAa;QAC/B,YAAY,EAAE,QAAQ;QACtB,MAAM,EAAE;YACN,OAAO;YACP,OAAO;YACP,WAAW;YACX,UAAU;SACX;KACF,CAAA;IAED,OAAO,YAAY,CAAC,KAAK,EAAE,YAAY,CAAC,KAAK,EAAE,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,cAAc,CAAC,EAAE,EAAE,CAAC,CAAA;AAClF,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,KAAkB,EAClB,UAAsB,EACtB,iBAAoC,EACpC,iBAA+B,EAC/B,OAAmB,EACnB,WAA4B,EAC5B,UAAuB;IAEvB,MAAM,EAAE,GAAG,MAAM,kBAAkB,CAAC,sBAAsB,CAAC,WAAW,CAAC,CAAC,CAAA;IACxE,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,OAAO,EAAE,UAAU,EAAE,iBAAiB,EAAE,UAAU,EAAE,EAAE,CAAC,CAAA;IAE1F,MAAM,YAAY,GAAe,iBAAiB,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC9D,YAAY,EAAE,KAAK;QACnB,GAAG,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE;KACxB,CAAC,CAAC,CAAA;IAEH,MAAM,GAAG,GAAG,iBAAiB,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAA;IAElD,MAAM,aAAa,GAAa;QAC9B,YAAY,EAAE,KAAK;QACnB,GAAG,EAAE;YACH,cAAc,EAAE,GAAG,CAAC,EAAE;SACvB;KACF,CAAA;IAED,OAAO,YAAY,CAAC,QAAQ,EAAE,YAAY,CAAC,KAAK,EAAE,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,YAAY,EAAE,aAAa,CAAC,EAAE,EAAE,CAAC,CAAA;AACrG,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,KAAkB,EAClB,KAA6B,EAC7B,EAAmB;IAEnB,MAAM,MAAM,GAAG,KAAK,CAAC,WAAW,CAAC,aAAa,CAAA;IAE9C,MAAM,QAAQ,GAAG,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;IAEhD,MAAM,GAAG,GAAG;QACV,QAAQ,EAAE,KAAK,CAAC,YAAY,CAAC,KAAK;QAClC,UAAU,EAAE,KAAK,CAAC,YAAY,CAAC,OAAO;QACtC,OAAO,EAAE,YAAY;QACrB,QAAQ;QACR,KAAK;KACG,CAAA;IAEV,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,CAAA;AAC5B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,KAAkB,EAClB,UAAsB,EACtB,iBAAoC,EACpC,iBAA+B,EAC/B,UAAsB,EACtB,EAAmB;IAEnB,MAAM,aAAa,GAAG,iBAAiB,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAA;IAE5D,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;IAEzC,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,UAAU,EAAE,UAAU,EAAE,iBAAiB,EAAE,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,EAAE,CAAC,CAAA;IAEhH,MAAM,kBAAkB,GAAkB,iBAAiB,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QACvE,YAAY,EAAE,KAAK;QACnB,GAAG,EAAE;YACH,UAAU,EAAE,EAAE;SACf;KACF,CAAC,CAAC,CAAA;IAEH,MAAM,iBAAiB,GAAgB;QACrC,YAAY,EAAE,KAAK;QACnB,GAAG,EAAE;YACH,cAAc,EAAE,aAAa,CAAC,EAAE;SACjC;KACF,CAAA;IAED,OAAO,YAAY,CAAC,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,GAAG,kBAAkB,EAAE,iBAAiB,CAAC,EAAE,EAAE,CAAC,CAAA;AACjG,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,QAAqB,EACrB,OAAgB,EAChB,UAAsB,EACtB,iBAAoC,EACpC,WAAoC,EACpC,EAAmB;IAEnB,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;IAE5C,OAAO,MAAM,SAAS,CAAC,OAAO,EAAE,UAAU,EAAE,iBAAiB,EAAE,SAAS,EAAE,EAAE,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAA;AACtG,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,cAA2B,EAC3B,OAAgB,EAChB,UAAsB,EACtB,iBAAoC,EACpC,WAAoC;IAEpC,MAAM,SAAS,GAAG,YAAY,CAAC,cAAc,EAAE,EAAE,CAAC,CAAA;IAClD,IAAI,cAAc,CAAC,gBAAgB,CAAC,IAAI,KAAK,wBAAwB;QACnE,MAAM,IAAI,UAAU,CAAC,6DAA6D,CAAC,CAAA;IAErF,MAAM,EAAE,GAAG,MAAM,kBAAkB,CAAC,sBAAsB,CAAC,cAAc,CAAC,gBAAgB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAA;IAE/G,OAAO,MAAM,SAAS,CAAC,OAAO,EAAE,UAAU,EAAE,iBAAiB,EAAE,SAAS,EAAE,EAAE,EAAE,WAAW,EAAE,cAAc,CAAC,CAAA;AAC5G,CAAC"}

package/dist/src/secretTree.d.ts

@@ -0,0 +1,29 @@
+import { ContentTypeName } from "./contentType";
+import { CiphersuiteImpl } from "./crypto/ciphersuite";
+import { Kdf } from "./crypto/kdf";
+import { KeyRetentionConfig } from "./keyRetentionConfig";
+import { ReuseGuard, SenderData } from "./sender";
+export type GenerationSecret = {
+    secret: Uint8Array;
+    generation: number;
+    unusedGenerations: Record<number, Uint8Array>;
+};
+export type SecretTreeNode = {
+    handshake: GenerationSecret;
+    application: GenerationSecret;
+};
+export type SecretTree = SecretTreeNode[];
+export type ConsumeRatchetResult = {
+    nonce: Uint8Array;
+    reuseGuard: ReuseGuard;
+    key: Uint8Array;
+    generation: number;
+    newTree: SecretTree;
+};
+export declare function createSecretTree(leafWidth: number, encryptionSecret: Uint8Array, kdf: Kdf): Promise<SecretTree>;
+export declare function deriveNonce(secret: Uint8Array, generation: number, cs: CiphersuiteImpl): Promise<Uint8Array>;
+export declare function deriveKey(secret: Uint8Array, generation: number, cs: CiphersuiteImpl): Promise<Uint8Array>;
+export declare function ratchetUntil(current: GenerationSecret, desiredGen: number, config: KeyRetentionConfig, kdf: Kdf): Promise<GenerationSecret>;
+export declare function derivePrivateMessageNonce(secret: Uint8Array, generation: number, reuseGuard: Uint8Array, cs: CiphersuiteImpl): Promise<Uint8Array>;
+export declare function ratchetToGeneration(tree: SecretTree, senderData: SenderData, contentType: ContentTypeName, config: KeyRetentionConfig, cs: CiphersuiteImpl): Promise<ConsumeRatchetResult>;
+export declare function consumeRatchet(tree: SecretTree, index: number, contentType: ContentTypeName, cs: CiphersuiteImpl): Promise<ConsumeRatchetResult>;

package/dist/src/secretTree.js

@@ -0,0 +1,137 @@
+import { expandWithLabel, deriveTreeSecret } from "./crypto/kdf";
+import { InternalError, ValidationError } from "./mlsError";
+import { nodeWidth, root, right, isLeaf, left, leafToNodeIndex } from "./treemath";
+import { updateArray } from "./util/array";
+import { repeatAsync } from "./util/repeat";
+function scaffoldSecretTree(leafWidth, encryptionSecret, kdf) {
+    const tree = new Array(nodeWidth(leafWidth));
+    const rootIndex = root(leafWidth);
+    const parentInhabited = updateArray(tree, rootIndex, encryptionSecret);
+    return deriveChildren(parentInhabited, rootIndex, kdf);
+}
+export async function createSecretTree(leafWidth, encryptionSecret, kdf) {
+    const tree = await scaffoldSecretTree(leafWidth, encryptionSecret, kdf);
+    return await Promise.all(tree.map(async (secret) => {
+        const application = await createRatchetRoot(secret, "application", kdf);
+        const handshake = await createRatchetRoot(secret, "handshake", kdf);
+        return { handshake, application };
+    }));
+}
+async function deriveChildren(tree, nodeIndex, kdf) {
+    if (isLeaf(nodeIndex))
+        return tree;
+    const l = left(nodeIndex);
+    const r = right(nodeIndex);
+    const parentSecret = tree[nodeIndex];
+    if (parentSecret === undefined)
+        throw new InternalError("Bad node index for secret tree");
+    const leftSecret = await expandWithLabel(parentSecret, "tree", new TextEncoder().encode("left"), kdf.size, kdf);
+    const rightSecret = await expandWithLabel(parentSecret, "tree", new TextEncoder().encode("right"), kdf.size, kdf);
+    const currentTree = updateArray(updateArray(tree, l, leftSecret), r, rightSecret);
+    return deriveChildren(await deriveChildren(currentTree, l, kdf), r, kdf);
+}
+export async function deriveNonce(secret, generation, cs) {
+    return await deriveTreeSecret(secret, "nonce", generation, cs.hpke.nonceLength, cs.kdf);
+}
+export async function deriveKey(secret, generation, cs) {
+    return await deriveTreeSecret(secret, "key", generation, cs.hpke.keyLength, cs.kdf);
+}
+export async function ratchetUntil(current, desiredGen, config, kdf) {
+    const generationDifference = desiredGen - current.generation;
+    if (generationDifference > config.maximumForwardRatchetSteps)
+        throw new ValidationError("Desired generation too far in the future");
+    return await repeatAsync(async (s) => {
+        const nextSecret = await deriveTreeSecret(s.secret, "secret", s.generation, kdf.size, kdf);
+        return {
+            secret: nextSecret,
+            generation: s.generation + 1,
+            unusedGenerations: newFunction(s, config.retainKeysForGenerations),
+        };
+    }, current, generationDifference);
+}
+function newFunction(s, retainGenerationsMax) {
+    const withNew = { ...s.unusedGenerations, [s.generation]: s.secret };
+    const generations = Object.keys(withNew);
+    const result = generations.length >= retainGenerationsMax ? removeOldGenerations(withNew, retainGenerationsMax) : withNew;
+    return result;
+}
+function removeOldGenerations(historicalReceiverData, max) {
+    const sortedGenerations = Object.keys(historicalReceiverData)
+        .map(Number)
+        .sort((a, b) => (a < b ? -1 : 1));
+    return Object.fromEntries(sortedGenerations.slice(-max).map((generation) => [generation, historicalReceiverData[generation]]));
+}
+export async function derivePrivateMessageNonce(secret, generation, reuseGuard, cs) {
+    const nonce = await deriveNonce(secret, generation, cs);
+    if (nonce.length >= 4 && reuseGuard.length >= 4) {
+        for (let i = 0; i < 4; i++) {
+            nonce[i] ^= reuseGuard[i];
+        }
+    }
+    else
+        throw new ValidationError("Reuse guard or nonce incorrect length");
+    return nonce;
+}
+export async function ratchetToGeneration(tree, senderData, contentType, config, cs) {
+    const index = leafToNodeIndex(senderData.leafIndex);
+    const node = tree[index];
+    if (node === undefined)
+        throw new InternalError("Bad node index for secret tree");
+    const ratchet = ratchetForContentType(node, contentType);
+    if (ratchet.generation > senderData.generation) {
+        const desired = ratchet.unusedGenerations[senderData.generation];
+        if (desired !== undefined) {
+            const { [senderData.generation]: _, ...removedDesiredGen } = ratchet.unusedGenerations;
+            const ratchetState = { ...ratchet, unusedGenerations: removedDesiredGen };
+            return await createRatchetResultWithSecret(node, index, desired, senderData.generation, senderData.reuseGuard, tree, contentType, cs, ratchetState);
+        }
+        throw new ValidationError("Desired gen in the past");
+    }
+    const currentSecret = await ratchetUntil(ratchetForContentType(node, contentType), senderData.generation, config, cs.kdf);
+    return createRatchetResult(node, index, currentSecret, senderData.reuseGuard, tree, contentType, cs);
+}
+export async function consumeRatchet(tree, index, contentType, cs) {
+    const node = tree[index];
+    if (node === undefined)
+        throw new InternalError("Bad node index for secret tree");
+    const currentSecret = ratchetForContentType(node, contentType);
+    const reuseGuard = cs.rng.randomBytes(4);
+    return createRatchetResult(node, index, currentSecret, reuseGuard, tree, contentType, cs);
+}
+async function createRatchetResult(node, index, currentSecret, reuseGuard, tree, contentType, cs) {
+    const nextSecret = await deriveTreeSecret(currentSecret.secret, "secret", currentSecret.generation, cs.kdf.size, cs.kdf);
+    const ratchetState = { ...currentSecret, secret: nextSecret, generation: currentSecret.generation + 1 };
+    return await createRatchetResultWithSecret(node, index, currentSecret.secret, currentSecret.generation, reuseGuard, tree, contentType, cs, ratchetState);
+}
+async function createRatchetResultWithSecret(node, index, secret, generation, reuseGuard, tree, contentType, cs, ratchetState) {
+    const { nonce, key } = await createKeyAndNonce(secret, generation, reuseGuard, cs);
+    const newNode = contentType === "application" ? { ...node, application: ratchetState } : { ...node, handshake: ratchetState };
+    const newTree = updateArray(tree, index, newNode);
+    return {
+        generation: generation,
+        reuseGuard,
+        nonce,
+        key,
+        newTree,
+    };
+}
+async function createKeyAndNonce(secret, generation, reuseGuard, cs) {
+    const key = await deriveKey(secret, generation, cs);
+    const nonce = await derivePrivateMessageNonce(secret, generation, reuseGuard, cs);
+    return { nonce, key };
+}
+function ratchetForContentType(node, contentType) {
+    switch (contentType) {
+        case "application":
+            return node.application;
+        case "proposal":
+            return node.handshake;
+        case "commit":
+            return node.handshake;
+    }
+}
+async function createRatchetRoot(node, label, kdf) {
+    const secret = await expandWithLabel(node, label, new Uint8Array(), kdf.size, kdf);
+    return { secret: secret, generation: 0, unusedGenerations: {} };
+}
+//# sourceMappingURL=secretTree.js.map

package/dist/src/secretTree.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secretTree.js","sourceRoot":"","sources":["../../src/secretTree.ts"],"names":[],"mappings":"AAEA,OAAO,EAAO,eAAe,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAA;AAErE,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,YAAY,CAAA;AAE3D,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,eAAe,EAAE,MAAM,YAAY,CAAA;AAClF,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;AAC1C,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAA;AAgB3C,SAAS,kBAAkB,CAAC,SAAiB,EAAE,gBAA4B,EAAE,GAAQ;IACnF,MAAM,IAAI,GAAG,IAAI,KAAK,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAA;IAC5C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,CAAA;IAEjC,MAAM,eAAe,GAAG,WAAW,CAAC,IAAI,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAA;IACtE,OAAO,cAAc,CAAC,eAAe,EAAE,SAAS,EAAE,GAAG,CAAC,CAAA;AACxD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,SAAiB,EAAE,gBAA4B,EAAE,GAAQ;IAC9F,MAAM,IAAI,GAAG,MAAM,kBAAkB,CAAC,SAAS,EAAE,gBAAgB,EAAE,GAAG,CAAC,CAAA;IAEvE,OAAO,MAAM,OAAO,CAAC,GAAG,CACtB,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACxB,MAAM,WAAW,GAAG,MAAM,iBAAiB,CAAC,MAAM,EAAE,aAAa,EAAE,GAAG,CAAC,CAAA;QACvE,MAAM,SAAS,GAAG,MAAM,iBAAiB,CAAC,MAAM,EAAE,WAAW,EAAE,GAAG,CAAC,CAAA;QAEnE,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,CAAA;IACnC,CAAC,CAAC,CACH,CAAA;AACH,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,IAAkB,EAAE,SAAiB,EAAE,GAAQ;IAC3E,IAAI,MAAM,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAA;IAClC,MAAM,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,CAAA;IAEzB,MAAM,CAAC,GAAG,KAAK,CAAC,SAAS,CAAC,CAAA;IAE1B,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,CAAA;IACpC,IAAI,YAAY,KAAK,SAAS;QAAE,MAAM,IAAI,aAAa,CAAC,gCAAgC,CAAC,CAAA;IACzF,MAAM,UAAU,GAAG,MAAM,eAAe,CAAC,YAAY,EAAE,MAAM,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;IAE/G,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,YAAY,EAAE,MAAM,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;IAEjH,MAAM,WAAW,GAAG,WAAW,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,EAAE,UAAU,CAAC,EAAE,CAAC,EAAE,WAAW,CAAC,CAAA;IAEjF,OAAO,cAAc,CAAC,MAAM,cAAc,CAAC,WAAW,EAAE,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAA;AAC1E,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,MAAkB,EAAE,UAAkB,EAAE,EAAmB;IAC3F,OAAO,MAAM,gBAAgB,CAAC,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC,GAAG,CAAC,CAAA;AACzF,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,MAAkB,EAAE,UAAkB,EAAE,EAAmB;IACzF,OAAO,MAAM,gBAAgB,CAAC,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC,GAAG,CAAC,CAAA;AACrF,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,OAAyB,EACzB,UAAkB,EAClB,MAA0B,EAC1B,GAAQ;IAER,MAAM,oBAAoB,GAAG,UAAU,GAAG,OAAO,CAAC,UAAU,CAAA;IAE5D,IAAI,oBAAoB,GAAG,MAAM,CAAC,0BAA0B;QAC1D,MAAM,IAAI,eAAe,CAAC,0CAA0C,CAAC,CAAA;IAEvE,OAAO,MAAM,WAAW,CACtB,KAAK,EAAE,CAAC,EAAE,EAAE;QACV,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC,UAAU,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;QAC1F,OAAO;YACL,MAAM,EAAE,UAAU;YAClB,UAAU,EAAE,CAAC,CAAC,UAAU,GAAG,CAAC;YAC5B,iBAAiB,EAAE,WAAW,CAAC,CAAC,EAAE,MAAM,CAAC,wBAAwB,CAAC;SACnE,CAAA;IACH,CAAC,EACD,OAAO,EACP,oBAAoB,CACrB,CAAA;AACH,CAAC;AAED,SAAS,WAAW,CAAC,CAAmB,EAAE,oBAA4B;IACpE,MAAM,OAAO,GAAG,EAAE,GAAG,CAAC,CAAC,iBAAiB,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,MAAM,EAAE,CAAA;IAEpE,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAExC,MAAM,MAAM,GACV,WAAW,CAAC,MAAM,IAAI,oBAAoB,CAAC,CAAC,CAAC,oBAAoB,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAA;IAE5G,OAAO,MAAM,CAAA;AACf,CAAC;AAED,SAAS,oBAAoB,CAC3B,sBAAkD,EAClD,GAAW;IAEX,MAAM,iBAAiB,GAAG,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC;SAC1D,GAAG,CAAC,MAAM,CAAC;SACX,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IAEnC,OAAO,MAAM,CAAC,WAAW,CACvB,iBAAiB,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,UAAU,EAAE,sBAAsB,CAAC,UAAU,CAAE,CAAC,CAAC,CACrG,CAAA;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,MAAkB,EAClB,UAAkB,EAClB,UAAsB,EACtB,EAAmB;IAEnB,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,MAAM,EAAE,UAAU,EAAE,EAAE,CAAC,CAAA;IAEvD,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,IAAI,UAAU,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAChD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3B,KAAK,CAAC,CAAC,CAAE,IAAI,UAAU,CAAC,CAAC,CAAE,CAAA;QAC7B,CAAC;IACH,CAAC;;QAAM,MAAM,IAAI,eAAe,CAAC,uCAAuC,CAAC,CAAA;IAEzE,OAAO,KAAK,CAAA;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,IAAgB,EAChB,UAAsB,EACtB,WAA4B,EAC5B,MAA0B,EAC1B,EAAmB;IAEnB,MAAM,KAAK,GAAG,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAA;IACnD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAA;IACxB,IAAI,IAAI,KAAK,SAAS;QAAE,MAAM,IAAI,aAAa,CAAC,gCAAgC,CAAC,CAAA;IAEjF,MAAM,OAAO,GAAG,qBAAqB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAA;IAExD,IAAI,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC,UAAU,EAAE,CAAC;QAC/C,MAAM,OAAO,GAAG,OAAO,CAAC,iBAAiB,CAAC,UAAU,CAAC,UAAU,CAAC,CAAA;QAEhE,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,MAAM,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC,EAAE,GAAG,iBAAiB,EAAE,GAAG,OAAO,CAAC,iBAAiB,CAAA;YACtF,MAAM,YAAY,GAAG,EAAE,GAAG,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,CAAA;YAEzE,OAAO,MAAM,6BAA6B,CACxC,IAAI,EACJ,KAAK,EACL,OAAO,EACP,UAAU,CAAC,UAAU,EACrB,UAAU,CAAC,UAAU,EACrB,IAAI,EACJ,WAAW,EACX,EAAE,EACF,YAAY,CACb,CAAA;QACH,CAAC;QACD,MAAM,IAAI,eAAe,CAAC,yBAAyB,CAAC,CAAA;IACtD,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,YAAY,CACtC,qBAAqB,CAAC,IAAI,EAAE,WAAW,CAAC,EACxC,UAAU,CAAC,UAAU,EACrB,MAAM,EACN,EAAE,CAAC,GAAG,CACP,CAAA;IAED,OAAO,mBAAmB,CAAC,IAAI,EAAE,KAAK,EAAE,aAAa,EAAE,UAAU,CAAC,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,EAAE,CAAC,CAAA;AACtG,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,IAAgB,EAChB,KAAa,EACb,WAA4B,EAC5B,EAAmB;IAEnB,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAA;IACxB,IAAI,IAAI,KAAK,SAAS;QAAE,MAAM,IAAI,aAAa,CAAC,gCAAgC,CAAC,CAAA;IAEjF,MAAM,aAAa,GAAG,qBAAqB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAA;IAC9D,MAAM,UAAU,GAAG,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAe,CAAA;IAEtD,OAAO,mBAAmB,CAAC,IAAI,EAAE,KAAK,EAAE,aAAa,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,EAAE,CAAC,CAAA;AAC3F,CAAC;AAED,KAAK,UAAU,mBAAmB,CAChC,IAAoB,EACpB,KAAa,EACb,aAA+B,EAC/B,UAAsB,EACtB,IAAgB,EAChB,WAA4B,EAC5B,EAAmB;IAEnB,MAAM,UAAU,GAAG,MAAM,gBAAgB,CACvC,aAAa,CAAC,MAAM,EACpB,QAAQ,EACR,aAAa,CAAC,UAAU,EACxB,EAAE,CAAC,GAAG,CAAC,IAAI,EACX,EAAE,CAAC,GAAG,CACP,CAAA;IAED,MAAM,YAAY,GAAG,EAAE,GAAG,aAAa,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,aAAa,CAAC,UAAU,GAAG,CAAC,EAAE,CAAA;IAEvG,OAAO,MAAM,6BAA6B,CACxC,IAAI,EACJ,KAAK,EACL,aAAa,CAAC,MAAM,EACpB,aAAa,CAAC,UAAU,EACxB,UAAU,EACV,IAAI,EACJ,WAAW,EACX,EAAE,EACF,YAAY,CACb,CAAA;AACH,CAAC;AAED,KAAK,UAAU,6BAA6B,CAC1C,IAAoB,EACpB,KAAa,EACb,MAAkB,EAClB,UAAkB,EAClB,UAAsB,EACtB,IAAgB,EAChB,WAA4B,EAC5B,EAAmB,EACnB,YAA8B;IAE9B,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,MAAM,iBAAiB,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,EAAE,CAAC,CAAA;IAElF,MAAM,OAAO,GACX,WAAW,KAAK,aAAa,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,SAAS,EAAE,YAAY,EAAE,CAAA;IAE/G,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,CAAA;IAEjD,OAAO;QACL,UAAU,EAAE,UAAU;QACtB,UAAU;QACV,KAAK;QACL,GAAG;QACH,OAAO;KACR,CAAA;AACH,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,MAAkB,EAAE,UAAkB,EAAE,UAAsB,EAAE,EAAmB;IAClH,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,MAAM,EAAE,UAAU,EAAE,EAAE,CAAC,CAAA;IACnD,MAAM,KAAK,GAAG,MAAM,yBAAyB,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,EAAE,CAAC,CAAA;IACjF,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,CAAA;AACvB,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAoB,EAAE,WAA4B;IAC/E,QAAQ,WAAW,EAAE,CAAC;QACpB,KAAK,aAAa;YAChB,OAAO,IAAI,CAAC,WAAW,CAAA;QACzB,KAAK,UAAU;YACb,OAAO,IAAI,CAAC,SAAS,CAAA;QACvB,KAAK,QAAQ;YACX,OAAO,IAAI,CAAC,SAAS,CAAA;IACzB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,IAAgB,EAAE,KAAa,EAAE,GAAQ;IACxE,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,UAAU,EAAE,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;IAClF,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,EAAE,iBAAiB,EAAE,EAAE,EAAE,CAAA;AACjE,CAAC"}

package/dist/src/sender.d.ts

@@ -0,0 +1,56 @@
+import { Decoder } from "./codec/tlsDecoder";
+import { Encoder } from "./codec/tlsEncoder";
+import { ContentTypeName } from "./contentType";
+import { CiphersuiteImpl } from "./crypto/ciphersuite";
+declare const senderTypes: {
+    readonly member: 1;
+    readonly external: 2;
+    readonly new_member_proposal: 3;
+    readonly new_member_commit: 4;
+};
+export type SenderTypeName = keyof typeof senderTypes;
+export type SenderTypeValue = (typeof senderTypes)[SenderTypeName];
+export declare const encodeSenderType: Encoder<SenderTypeName>;
+export declare const decodeSenderType: Decoder<SenderTypeName>;
+export type Sender = SenderMember | SenderNonMember;
+export type SenderMember = {
+    senderType: "member";
+    leafIndex: number;
+};
+export type SenderNonMember = SenderExternal | SenderNewMemberProposal | SenderNewMemberCommit;
+export type SenderExternal = {
+    senderType: "external";
+    senderIndex: number;
+};
+export type SenderNewMemberProposal = {
+    senderType: "new_member_proposal";
+};
+export type SenderNewMemberCommit = {
+    senderType: "new_member_commit";
+};
+export declare const encodeSender: Encoder<Sender>;
+export declare const decodeSender: Decoder<Sender>;
+export declare function getSenderLeafNodeIndex(sender: Sender): number | undefined;
+export type SenderData = {
+    leafIndex: number;
+    generation: number;
+    reuseGuard: ReuseGuard;
+};
+export type ReuseGuard = Uint8Array & {
+    length: 4;
+};
+export declare const encodeReuseGuard: Encoder<ReuseGuard>;
+export declare const decodeReuseGuard: Decoder<ReuseGuard>;
+export declare const encodeSenderData: Encoder<SenderData>;
+export declare const decodeSenderData: Decoder<SenderData>;
+export type SenderDataAAD = {
+    groupId: Uint8Array;
+    epoch: bigint;
+    contentType: ContentTypeName;
+};
+export declare const encodeSenderDataAAD: Encoder<SenderDataAAD>;
+export declare const decodeSenderDataAAD: Decoder<SenderDataAAD>;
+export declare function sampleCiphertext(cs: CiphersuiteImpl, ciphertext: Uint8Array): Uint8Array;
+export declare function expandSenderDataKey(cs: CiphersuiteImpl, senderDataSecret: Uint8Array, ciphertext: Uint8Array): Promise<Uint8Array>;
+export declare function expandSenderDataNonce(cs: CiphersuiteImpl, senderDataSecret: Uint8Array, ciphertext: Uint8Array): Promise<Uint8Array>;
+export {};

package/dist/src/sender.js

@@ -0,0 +1,81 @@
+import { decodeUint32, decodeUint64, decodeUint8, encodeUint32, encodeUint64, encodeUint8 } from "./codec/number";
+import { flatMapDecoder, mapDecoder, mapDecoderOption, mapDecoders } from "./codec/tlsDecoder";
+import { contramapEncoder, contramapEncoders } from "./codec/tlsEncoder";
+import { decodeVarLenData, encodeVarLenData } from "./codec/variableLength";
+import { decodeContentType, encodeContentType } from "./contentType";
+import { expandWithLabel } from "./crypto/kdf";
+import { enumNumberToKey } from "./util/enumHelpers";
+const senderTypes = {
+    member: 1,
+    external: 2,
+    new_member_proposal: 3,
+    new_member_commit: 4,
+};
+export const encodeSenderType = contramapEncoder(encodeUint8, (t) => senderTypes[t]);
+export const decodeSenderType = mapDecoderOption(decodeUint8, enumNumberToKey(senderTypes));
+export const encodeSender = (s) => {
+    switch (s.senderType) {
+        case "member":
+            return contramapEncoders([encodeSenderType, encodeUint32], (s) => [s.senderType, s.leafIndex])(s);
+        case "external":
+            return contramapEncoders([encodeSenderType, encodeUint32], (s) => [s.senderType, s.senderIndex])(s);
+        case "new_member_proposal":
+        case "new_member_commit":
+            return encodeSenderType(s.senderType);
+    }
+};
+export const decodeSender = flatMapDecoder(decodeSenderType, (senderType) => {
+    switch (senderType) {
+        case "member":
+            return mapDecoder(decodeUint32, (leafIndex) => ({
+                senderType,
+                leafIndex,
+            }));
+        case "external":
+            return mapDecoder(decodeUint32, (senderIndex) => ({
+                senderType,
+                senderIndex,
+            }));
+        case "new_member_proposal":
+            return mapDecoder(() => [undefined, 0], () => ({
+                senderType,
+            }));
+        case "new_member_commit":
+            return mapDecoder(() => [undefined, 0], () => ({
+                senderType,
+            }));
+    }
+});
+export function getSenderLeafNodeIndex(sender) {
+    return sender.senderType === "member" ? sender.leafIndex : undefined;
+}
+export const encodeReuseGuard = (g) => g;
+export const decodeReuseGuard = (b, offset) => {
+    return [b.subarray(offset, offset + 4), 4];
+};
+export const encodeSenderData = contramapEncoders([encodeUint32, encodeUint32, encodeReuseGuard], (s) => [s.leafIndex, s.generation, s.reuseGuard]);
+export const decodeSenderData = mapDecoders([decodeUint32, decodeUint32, decodeReuseGuard], (leafIndex, generation, reuseGuard) => ({
+    leafIndex,
+    generation,
+    reuseGuard,
+}));
+export const encodeSenderDataAAD = contramapEncoders([encodeVarLenData, encodeUint64, encodeContentType], (aad) => [aad.groupId, aad.epoch, aad.contentType]);
+export const decodeSenderDataAAD = mapDecoders([decodeVarLenData, decodeUint64, decodeContentType], (groupId, epoch, contentType) => ({
+    groupId,
+    epoch,
+    contentType,
+}));
+export function sampleCiphertext(cs, ciphertext) {
+    return ciphertext.length < cs.kdf.size ? ciphertext : ciphertext.slice(0, cs.kdf.size);
+}
+export async function expandSenderDataKey(cs, senderDataSecret, ciphertext) {
+    const ciphertextSample = sampleCiphertext(cs, ciphertext);
+    const keyLength = cs.hpke.keyLength;
+    return await expandWithLabel(senderDataSecret, "key", ciphertextSample, keyLength, cs.kdf);
+}
+export async function expandSenderDataNonce(cs, senderDataSecret, ciphertext) {
+    const ciphertextSample = sampleCiphertext(cs, ciphertext);
+    const keyLength = cs.hpke.nonceLength;
+    return await expandWithLabel(senderDataSecret, "nonce", ciphertextSample, keyLength, cs.kdf);
+}
+//# sourceMappingURL=sender.js.map

package/dist/src/sender.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sender.js","sourceRoot":"","sources":["../../src/sender.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAA;AACjH,OAAO,EAAW,cAAc,EAAE,UAAU,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AACvG,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAW,MAAM,oBAAoB,CAAA;AACjF,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAA;AAC3E,OAAO,EAAmB,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAA;AAErF,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAC9C,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAA;AAEpD,MAAM,WAAW,GAAG;IAClB,MAAM,EAAE,CAAC;IACT,QAAQ,EAAE,CAAC;IACX,mBAAmB,EAAE,CAAC;IACtB,iBAAiB,EAAE,CAAC;CACZ,CAAA;AAKV,MAAM,CAAC,MAAM,gBAAgB,GAA4B,gBAAgB,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAA;AAE7G,MAAM,CAAC,MAAM,gBAAgB,GAA4B,gBAAgB,CAAC,WAAW,EAAE,eAAe,CAAC,WAAW,CAAC,CAAC,CAAA;AAYpH,MAAM,CAAC,MAAM,YAAY,GAAoB,CAAC,CAAC,EAAE,EAAE;IACjD,QAAQ,CAAC,CAAC,UAAU,EAAE,CAAC;QACrB,KAAK,QAAQ;YACX,OAAO,iBAAiB,CACtB,CAAC,gBAAgB,EAAE,YAAY,CAAC,EAChC,CAAC,CAAe,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,SAAS,CAAU,CAC1D,CAAC,CAAC,CAAC,CAAA;QACN,KAAK,UAAU;YACb,OAAO,iBAAiB,CACtB,CAAC,gBAAgB,EAAE,YAAY,CAAC,EAChC,CAAC,CAAiB,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,WAAW,CAAU,CAC9D,CAAC,CAAC,CAAC,CAAA;QACN,KAAK,qBAAqB,CAAC;QAC3B,KAAK,mBAAmB;YACtB,OAAO,gBAAgB,CAAC,CAAC,CAAC,UAAU,CAAC,CAAA;IACzC,CAAC;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,YAAY,GAAoB,cAAc,CAAC,gBAAgB,EAAE,CAAC,UAAU,EAAmB,EAAE;IAC5G,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,QAAQ;YACX,OAAO,UAAU,CAAC,YAAY,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;gBAC9C,UAAU;gBACV,SAAS;aACV,CAAC,CAAC,CAAA;QACL,KAAK,UAAU;YACb,OAAO,UAAU,CAAC,YAAY,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;gBAChD,UAAU;gBACV,WAAW;aACZ,CAAC,CAAC,CAAA;QACL,KAAK,qBAAqB;YACxB,OAAO,UAAU,CACf,GAAG,EAAE,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,EACpB,GAAG,EAAE,CAAC,CAAC;gBACL,UAAU;aACX,CAAC,CACH,CAAA;QACH,KAAK,mBAAmB;YACtB,OAAO,UAAU,CACf,GAAG,EAAE,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,EACpB,GAAG,EAAE,CAAC,CAAC;gBACL,UAAU;aACX,CAAC,CACH,CAAA;IACL,CAAC;AACH,CAAC,CAAC,CAAA;AAEF,MAAM,UAAU,sBAAsB,CAAC,MAAc;IACnD,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAA;AACtE,CAAC;AAUD,MAAM,CAAC,MAAM,gBAAgB,GAAwB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAA;AAE7D,MAAM,CAAC,MAAM,gBAAgB,GAAwB,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE;IACjE,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,CAAC,CAAe,EAAE,CAAC,CAAC,CAAA;AAC1D,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAwB,iBAAiB,CACpE,CAAC,YAAY,EAAE,YAAY,EAAE,gBAAgB,CAAC,EAC9C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,UAAU,CAAU,CAC1D,CAAA;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAwB,WAAW,CAC9D,CAAC,YAAY,EAAE,YAAY,EAAE,gBAAgB,CAAC,EAC9C,CAAC,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,EAAE,CAAC,CAAC;IACtC,SAAS;IACT,UAAU;IACV,UAAU;CACX,CAAC,CACH,CAAA;AAQD,MAAM,CAAC,MAAM,mBAAmB,GAA2B,iBAAiB,CAC1E,CAAC,gBAAgB,EAAE,YAAY,EAAE,iBAAiB,CAAC,EACnD,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,WAAW,CAAU,CAC5D,CAAA;AAED,MAAM,CAAC,MAAM,mBAAmB,GAA2B,WAAW,CACpE,CAAC,gBAAgB,EAAE,YAAY,EAAE,iBAAiB,CAAC,EACnD,CAAC,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,CAAC,CAAC;IAChC,OAAO;IACP,KAAK;IACL,WAAW;CACZ,CAAC,CACH,CAAA;AAED,MAAM,UAAU,gBAAgB,CAAC,EAAmB,EAAE,UAAsB;IAC1E,OAAO,UAAU,CAAC,MAAM,GAAG,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;AACxF,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,EAAmB,EACnB,gBAA4B,EAC5B,UAAsB;IAEtB,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,EAAE,EAAE,UAAU,CAAC,CAAA;IACzD,MAAM,SAAS,GAAG,EAAE,CAAC,IAAI,CAAC,SAAS,CAAA;IAEnC,OAAO,MAAM,eAAe,CAAC,gBAAgB,EAAE,KAAK,EAAE,gBAAgB,EAAE,SAAS,EAAE,EAAE,CAAC,GAAG,CAAC,CAAA;AAC5F,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,EAAmB,EACnB,gBAA4B,EAC5B,UAAsB;IAEtB,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,EAAE,EAAE,UAAU,CAAC,CAAA;IACzD,MAAM,SAAS,GAAG,EAAE,CAAC,IAAI,CAAC,WAAW,CAAA;IAErC,OAAO,MAAM,eAAe,CAAC,gBAAgB,EAAE,OAAO,EAAE,gBAAgB,EAAE,SAAS,EAAE,EAAE,CAAC,GAAG,CAAC,CAAA;AAC9F,CAAC"}

package/dist/src/transcriptHash.d.ts

@@ -0,0 +1,14 @@
+import { Decoder } from "./codec/tlsDecoder";
+import { Encoder } from "./codec/tlsEncoder";
+import { Hash } from "./crypto/hash";
+import { FramedContentCommit } from "./framedContent";
+import { WireformatName } from "./wireformat";
+export type ConfirmedTranscriptHashInput = {
+    wireformat: WireformatName;
+    content: FramedContentCommit;
+    signature: Uint8Array;
+};
+export declare const encodeConfirmedTranscriptHashInput: Encoder<ConfirmedTranscriptHashInput>;
+export declare const decodeConfirmedTranscriptHashInput: Decoder<ConfirmedTranscriptHashInput>;
+export declare function createConfirmedHash(interimTranscriptHash: Uint8Array, input: ConfirmedTranscriptHashInput, hash: Hash): Promise<Uint8Array>;
+export declare function createInterimHash(confirmedHash: Uint8Array, confirmationTag: Uint8Array, hash: Hash): Promise<Uint8Array>;

package/dist/src/transcriptHash.js

@@ -0,0 +1,23 @@
+import { mapDecodersOption } from "./codec/tlsDecoder";
+import { contramapEncoders } from "./codec/tlsEncoder";
+import { decodeVarLenData, encodeVarLenData } from "./codec/variableLength";
+import { decodeFramedContent, encodeFramedContent } from "./framedContent";
+import { decodeWireformat, encodeWireformat } from "./wireformat";
+export const encodeConfirmedTranscriptHashInput = contramapEncoders([encodeWireformat, encodeFramedContent, encodeVarLenData], (input) => [input.wireformat, input.content, input.signature]);
+export const decodeConfirmedTranscriptHashInput = mapDecodersOption([decodeWireformat, decodeFramedContent, decodeVarLenData], (wireformat, content, signature) => {
+    if (content.contentType === "commit")
+        return {
+            wireformat,
+            content,
+            signature,
+        };
+    else
+        return undefined;
+});
+export function createConfirmedHash(interimTranscriptHash, input, hash) {
+    return hash.digest(new Uint8Array([...interimTranscriptHash, ...encodeConfirmedTranscriptHashInput(input)]));
+}
+export function createInterimHash(confirmedHash, confirmationTag, hash) {
+    return hash.digest(new Uint8Array([...confirmedHash, ...encodeVarLenData(confirmationTag)]));
+}
+//# sourceMappingURL=transcriptHash.js.map

package/dist/src/transcriptHash.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"transcriptHash.js","sourceRoot":"","sources":["../../src/transcriptHash.ts"],"names":[],"mappings":"AAAA,OAAO,EAAW,iBAAiB,EAAE,MAAM,oBAAoB,CAAA;AAC/D,OAAO,EAAE,iBAAiB,EAAW,MAAM,oBAAoB,CAAA;AAC/D,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAA;AAE3E,OAAO,EAAE,mBAAmB,EAAE,mBAAmB,EAAuB,MAAM,iBAAiB,CAAA;AAC/F,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAkB,MAAM,cAAc,CAAA;AAQjF,MAAM,CAAC,MAAM,kCAAkC,GAA0C,iBAAiB,CACxG,CAAC,gBAAgB,EAAE,mBAAmB,EAAE,gBAAgB,CAAC,EACzD,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,SAAS,CAAU,CACvE,CAAA;AAED,MAAM,CAAC,MAAM,kCAAkC,GAA0C,iBAAiB,CACxG,CAAC,gBAAgB,EAAE,mBAAmB,EAAE,gBAAgB,CAAC,EACzD,CAAC,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE;IACjC,IAAI,OAAO,CAAC,WAAW,KAAK,QAAQ;QAClC,OAAO;YACL,UAAU;YACV,OAAO;YACP,SAAS;SACV,CAAA;;QACE,OAAO,SAAS,CAAA;AACvB,CAAC,CACF,CAAA;AAED,MAAM,UAAU,mBAAmB,CACjC,qBAAiC,EACjC,KAAmC,EACnC,IAAU;IAEV,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,CAAC,GAAG,qBAAqB,EAAE,GAAG,kCAAkC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA;AAC9G,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,aAAyB,EACzB,eAA2B,EAC3B,IAAU;IAEV,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,CAAC,GAAG,aAAa,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAA;AAC9F,CAAC"}

package/dist/src/treeHash.d.ts

@@ -0,0 +1,27 @@
+import { Decoder } from "./codec/tlsDecoder";
+import { Encoder } from "./codec/tlsEncoder";
+import { Hash } from "./crypto/hash";
+import { LeafNode } from "./leafNode";
+import { ParentNode } from "./parentNode";
+import { RatchetTree } from "./ratchetTree";
+export type TreeHashInput = LeafNodeHashInput | ParentNodeHashInput;
+type LeafNodeHashInput = {
+    nodeType: "leaf";
+    leafIndex: number;
+    leafNode: LeafNode | undefined;
+};
+type ParentNodeHashInput = {
+    nodeType: "parent";
+    parentNode: ParentNode | undefined;
+    leftHash: Uint8Array;
+    rightHash: Uint8Array;
+};
+export declare const encodeLeafNodeHashInput: Encoder<LeafNodeHashInput>;
+export declare const decodeLeafNodeHashInput: Decoder<LeafNodeHashInput>;
+export declare const encodeParentNodeHashInput: Encoder<ParentNodeHashInput>;
+export declare const decodeParentNodeHashInput: Decoder<ParentNodeHashInput>;
+export declare const encodeTreeHashInput: Encoder<TreeHashInput>;
+export declare const decodeTreeHashInput: Decoder<TreeHashInput>;
+export declare function treeHashRoot(tree: RatchetTree, h: Hash): Promise<Uint8Array>;
+export declare function treeHash(tree: RatchetTree, subtreeIndex: number, h: Hash): Promise<Uint8Array>;
+export {};

package/dist/src/treeHash.js

@@ -0,0 +1,70 @@
+import { encodeUint32, decodeUint32 } from "./codec/number";
+import { encodeOptional, decodeOptional } from "./codec/optional";
+import { mapDecoders, flatMapDecoder } from "./codec/tlsDecoder";
+import { contramapEncoders } from "./codec/tlsEncoder";
+import { encodeVarLenData, decodeVarLenData } from "./codec/variableLength";
+import { encodeLeafNode, decodeLeafNode } from "./leafNode";
+import { InternalError } from "./mlsError";
+import { encodeNodeType, decodeNodeType } from "./nodeType";
+import { encodeParentNode, decodeParentNode } from "./parentNode";
+import { rootFromNodeWidth, isLeaf, nodeToLeafIndex, left, right } from "./treemath";
+export const encodeLeafNodeHashInput = contramapEncoders([encodeNodeType, encodeUint32, encodeOptional(encodeLeafNode)], (input) => [input.nodeType, input.leafIndex, input.leafNode]);
+export const decodeLeafNodeHashInput = mapDecoders([decodeUint32, decodeOptional(decodeLeafNode)], (leafIndex, leafNode) => ({
+    nodeType: "leaf",
+    leafIndex,
+    leafNode,
+}));
+export const encodeParentNodeHashInput = contramapEncoders([encodeNodeType, encodeOptional(encodeParentNode), encodeVarLenData, encodeVarLenData], (input) => [input.nodeType, input.parentNode, input.leftHash, input.rightHash]);
+export const decodeParentNodeHashInput = mapDecoders([decodeOptional(decodeParentNode), decodeVarLenData, decodeVarLenData], (parentNode, leftHash, rightHash) => ({
+    nodeType: "parent",
+    parentNode,
+    leftHash,
+    rightHash,
+}));
+export const encodeTreeHashInput = (input) => {
+    switch (input.nodeType) {
+        case "leaf":
+            return encodeLeafNodeHashInput(input);
+        case "parent":
+            return encodeParentNodeHashInput(input);
+    }
+};
+export const decodeTreeHashInput = flatMapDecoder(decodeNodeType, (nodeType) => {
+    switch (nodeType) {
+        case "leaf":
+            return decodeLeafNodeHashInput;
+        case "parent":
+            return decodeParentNodeHashInput;
+    }
+});
+export async function treeHashRoot(tree, h) {
+    return treeHash(tree, rootFromNodeWidth(tree.length), h);
+}
+export async function treeHash(tree, subtreeIndex, h) {
+    if (isLeaf(subtreeIndex)) {
+        const leafNode = tree[subtreeIndex];
+        if (leafNode?.nodeType === "parent")
+            throw new InternalError("Somehow found parent node in leaf position");
+        const input = encodeLeafNodeHashInput({
+            nodeType: "leaf",
+            leafIndex: nodeToLeafIndex(subtreeIndex),
+            leafNode: leafNode?.leaf,
+        });
+        return await h.digest(input);
+    }
+    else {
+        const parentNode = tree[subtreeIndex];
+        if (parentNode?.nodeType === "leaf")
+            throw new InternalError("Somehow found leaf node in parent position");
+        const leftHash = await treeHash(tree, left(subtreeIndex), h);
+        const rightHash = await treeHash(tree, right(subtreeIndex), h);
+        const input = {
+            nodeType: "parent",
+            parentNode: parentNode?.parent,
+            leftHash: leftHash,
+            rightHash: rightHash,
+        };
+        return await h.digest(encodeParentNodeHashInput(input));
+    }
+}
+//# sourceMappingURL=treeHash.js.map

package/dist/src/treeHash.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"treeHash.js","sourceRoot":"","sources":["../../src/treeHash.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAC3D,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAA;AACjE,OAAO,EAAW,WAAW,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AACzE,OAAO,EAAW,iBAAiB,EAAE,MAAM,oBAAoB,CAAA;AAC/D,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAA;AAE3E,OAAO,EAAY,cAAc,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAA;AAC1C,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAC3D,OAAO,EAAc,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAA;AAE7E,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,YAAY,CAAA;AAepF,MAAM,CAAC,MAAM,uBAAuB,GAA+B,iBAAiB,CAClF,CAAC,cAAc,EAAE,YAAY,EAAE,cAAc,CAAC,cAAc,CAAC,CAAC,EAC9D,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,QAAQ,CAAU,CACtE,CAAA;AAED,MAAM,CAAC,MAAM,uBAAuB,GAA+B,WAAW,CAC5E,CAAC,YAAY,EAAE,cAAc,CAAC,cAAc,CAAC,CAAC,EAC9C,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;IACxB,QAAQ,EAAE,MAAM;IAChB,SAAS;IACT,QAAQ;CACT,CAAC,CACH,CAAA;AAED,MAAM,CAAC,MAAM,yBAAyB,GAAiC,iBAAiB,CACtF,CAAC,cAAc,EAAE,cAAc,CAAC,gBAAgB,CAAC,EAAE,gBAAgB,EAAE,gBAAgB,CAAC,EACtF,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAU,CACxF,CAAA;AAED,MAAM,CAAC,MAAM,yBAAyB,GAAiC,WAAW,CAChF,CAAC,cAAc,CAAC,gBAAgB,CAAC,EAAE,gBAAgB,EAAE,gBAAgB,CAAC,EACtE,CAAC,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACpC,QAAQ,EAAE,QAAQ;IAClB,UAAU;IACV,QAAQ;IACR,SAAS;CACV,CAAC,CACH,CAAA;AAED,MAAM,CAAC,MAAM,mBAAmB,GAA2B,CAAC,KAAK,EAAE,EAAE;IACnE,QAAQ,KAAK,CAAC,QAAQ,EAAE,CAAC;QACvB,KAAK,MAAM;YACT,OAAO,uBAAuB,CAAC,KAAK,CAAC,CAAA;QACvC,KAAK,QAAQ;YACX,OAAO,yBAAyB,CAAC,KAAK,CAAC,CAAA;IAC3C,CAAC;AACH,CAAC,CAAA;AACD,MAAM,CAAC,MAAM,mBAAmB,GAA2B,cAAc,CACvE,cAAc,EACd,CAAC,QAAQ,EAA0B,EAAE;IACnC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,MAAM;YACT,OAAO,uBAAuB,CAAA;QAChC,KAAK,QAAQ;YACX,OAAO,yBAAyB,CAAA;IACpC,CAAC;AACH,CAAC,CACF,CAAA;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAiB,EAAE,CAAO;IAC3D,OAAO,QAAQ,CAAC,IAAI,EAAE,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAA;AAC1D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,IAAiB,EAAE,YAAoB,EAAE,CAAO;IAC7E,IAAI,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,CAAA;QACnC,IAAI,QAAQ,EAAE,QAAQ,KAAK,QAAQ;YAAE,MAAM,IAAI,aAAa,CAAC,4CAA4C,CAAC,CAAA;QAC1G,MAAM,KAAK,GAAG,uBAAuB,CAAC;YACpC,QAAQ,EAAE,MAAM;YAChB,SAAS,EAAE,eAAe,CAAC,YAAY,CAAC;YACxC,QAAQ,EAAE,QAAQ,EAAE,IAAI;SACzB,CAAC,CAAA;QACF,OAAO,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IAC9B,CAAC;SAAM,CAAC;QACN,MAAM,UAAU,GAAG,IAAI,CAAC,YAAY,CAAC,CAAA;QACrC,IAAI,UAAU,EAAE,QAAQ,KAAK,MAAM;YAAE,MAAM,IAAI,aAAa,CAAC,4CAA4C,CAAC,CAAA;QAC1G,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAA;QAC5D,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAA;QAC9D,MAAM,KAAK,GAAG;YACZ,QAAQ,EAAE,QAAQ;YAClB,UAAU,EAAE,UAAU,EAAE,MAAM;YAC9B,QAAQ,EAAE,QAAQ;YAClB,SAAS,EAAE,SAAS;SACZ,CAAA;QAEV,OAAO,MAAM,CAAC,CAAC,MAAM,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAA;IACzD,CAAC;AACH,CAAC"}

package/dist/src/treemath.d.ts

@@ -0,0 +1,14 @@
+export declare function isLeaf(nodeIndex: number): boolean;
+export declare function leafToNodeIndex(leafIndex: number): number;
+export declare function nodeToLeafIndex(nodeIndex: number): number;
+export declare function leafWidth(nodeWidth: number): number;
+export declare function nodeWidth(leafWidth: number): number;
+export declare function rootFromNodeWidth(nodeWidth: number): number;
+export declare function root(leafWidth: number): number;
+export declare function left(nodeIndex: number): number;
+export declare function right(nodeIndex: number): number;
+export declare function parent(nodeIndex: number, leafWidth: number): number;
+export declare function sibling(x: number, n: number): number;
+export declare function directPath(nodeIndex: number, leafWidth: number): number[];
+export declare function copath(nodeIndex: number, leafWidth: number): number[];
+export declare function isAncestor(childNodeIndex: number, ancestor: number, nodeWidth: number): boolean;