violetics 7.0.1-alpha → 7.0.2-alpha

package/lib/Utils/crypto.js

@@ -1,44 +1,14 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.derivePairingCodeKey = exports.hkdf = exports.md5 = exports.sha256 = exports.hmacSign = exports.aesEncrypWithIV = exports.aesEncrypt = exports.aesDecryptWithIV = exports.aesDecrypt = exports.aesDecryptCTR = exports.aesEncryptCTR = exports.aesDecryptGCM = exports.aesEncryptGCM = exports.signedKeyPair = exports.Curve = exports.generateSignalPubKey = void 0;
-const crypto_1 = require("crypto");
-const futoin_hkdf_1 = __importDefault(require("futoin-hkdf"));
-const libsignal = __importStar(require("libsignal"));
-const Defaults_1 = require("../Defaults");
+import { createCipheriv, createDecipheriv, createHash, createHmac, randomBytes } from 'crypto';
+import * as curve from 'libsignal/src/curve.js';
+import { KEY_BUNDLE_TYPE } from '../Defaults/index.js';
+export { md5, hkdf } from 'whatsapp-rust-bridge';
+// insure browser & node compatibility
+const { subtle } = globalThis.crypto;
 /** prefix version byte to the pub keys, required for some curve crypto functions */
-const generateSignalPubKey = (pubKey) => (pubKey.length === 33
-    ? pubKey
-    : Buffer.concat([Defaults_1.KEY_BUNDLE_TYPE, pubKey]));
-exports.generateSignalPubKey = generateSignalPubKey;
-exports.Curve = {
+export const generateSignalPubKey = (pubKey) => pubKey.length === 33 ? pubKey : Buffer.concat([KEY_BUNDLE_TYPE, pubKey]);
+export const Curve = {
     generateKeyPair: () => {
-        const { pubKey, privKey } = libsignal.curve.generateKeyPair();
+        const { pubKey, privKey } = curve.generateKeyPair();
         return {
             private: Buffer.from(privKey),
             // remove version byte
@@ -46,13 +16,13 @@ exports.Curve = {
         };
     },
     sharedKey: (privateKey, publicKey) => {
-        const shared = libsignal.curve.calculateAgreement((0, exports.generateSignalPubKey)(publicKey), privateKey);
+        const shared = curve.calculateAgreement(generateSignalPubKey(publicKey), privateKey);
         return Buffer.from(shared);
     },
-    sign: (privateKey, buf) => (libsignal.curve.calculateSignature(privateKey, buf)),
+    sign: (privateKey, buf) => curve.calculateSignature(privateKey, buf),
     verify: (pubKey, message, signature) => {
         try {
-            libsignal.curve.verifySignature((0, exports.generateSignalPubKey)(pubKey), message, signature);
+            curve.verifySignature(generateSignalPubKey(pubKey), message, signature);
             return true;
         }
         catch (error) {
@@ -60,30 +30,28 @@ exports.Curve = {
         }
     }
 };
-const signedKeyPair = (identityKeyPair, keyId) => {
-    const preKey = exports.Curve.generateKeyPair();
-    const pubKey = (0, exports.generateSignalPubKey)(preKey.public);
-    const signature = exports.Curve.sign(identityKeyPair.private, pubKey);
+export const signedKeyPair = (identityKeyPair, keyId) => {
+    const preKey = Curve.generateKeyPair();
+    const pubKey = generateSignalPubKey(preKey.public);
+    const signature = Curve.sign(identityKeyPair.private, pubKey);
     return { keyPair: preKey, signature, keyId };
 };
-exports.signedKeyPair = signedKeyPair;
 const GCM_TAG_LENGTH = 128 >> 3;
 /**
  * encrypt AES 256 GCM;
  * where the tag tag is suffixed to the ciphertext
  * */
-function aesEncryptGCM(plaintext, key, iv, additionalData) {
-    const cipher = (0, crypto_1.createCipheriv)('aes-256-gcm', key, iv);
+export function aesEncryptGCM(plaintext, key, iv, additionalData) {
+    const cipher = createCipheriv('aes-256-gcm', key, iv);
     cipher.setAAD(additionalData);
     return Buffer.concat([cipher.update(plaintext), cipher.final(), cipher.getAuthTag()]);
 }
-exports.aesEncryptGCM = aesEncryptGCM;
 /**
  * decrypt AES 256 GCM;
  * where the auth tag is suffixed to the ciphertext
  * */
-function aesDecryptGCM(ciphertext, key, iv, additionalData) {
-    const decipher = (0, crypto_1.createDecipheriv)('aes-256-gcm', key, iv);
+export function aesDecryptGCM(ciphertext, key, iv, additionalData) {
+    const decipher = createDecipheriv('aes-256-gcm', key, iv);
     // decrypt additional adata
     const enc = ciphertext.slice(0, ciphertext.length - GCM_TAG_LENGTH);
     const tag = ciphertext.slice(ciphertext.length - GCM_TAG_LENGTH);
@@ -92,60 +60,58 @@ function aesDecryptGCM(ciphertext, key, iv, additionalData) {
     decipher.setAuthTag(tag);
     return Buffer.concat([decipher.update(enc), decipher.final()]);
 }
-exports.aesDecryptGCM = aesDecryptGCM;
-function aesEncryptCTR(plaintext, key, iv) {
-    const cipher = (0, crypto_1.createCipheriv)('aes-256-ctr', key, iv);
+export function aesEncryptCTR(plaintext, key, iv) {
+    const cipher = createCipheriv('aes-256-ctr', key, iv);
     return Buffer.concat([cipher.update(plaintext), cipher.final()]);
 }
-exports.aesEncryptCTR = aesEncryptCTR;
-function aesDecryptCTR(ciphertext, key, iv) {
-    const decipher = (0, crypto_1.createDecipheriv)('aes-256-ctr', key, iv);
+export function aesDecryptCTR(ciphertext, key, iv) {
+    const decipher = createDecipheriv('aes-256-ctr', key, iv);
     return Buffer.concat([decipher.update(ciphertext), decipher.final()]);
 }
-exports.aesDecryptCTR = aesDecryptCTR;
 /** decrypt AES 256 CBC; where the IV is prefixed to the buffer */
-function aesDecrypt(buffer, key) {
-    return aesDecryptWithIV(buffer.slice(16, buffer.length), key, buffer.slice(0, 16));
+export function aesDecrypt(buffer, key) {
+    return aesDecryptWithIV(buffer.subarray(16), key, buffer.subarray(0, 16));
 }
-exports.aesDecrypt = aesDecrypt;
 /** decrypt AES 256 CBC */
-function aesDecryptWithIV(buffer, key, IV) {
-    const aes = (0, crypto_1.createDecipheriv)('aes-256-cbc', key, IV);
+export function aesDecryptWithIV(buffer, key, IV) {
+    const aes = createDecipheriv('aes-256-cbc', key, IV);
     return Buffer.concat([aes.update(buffer), aes.final()]);
 }
-exports.aesDecryptWithIV = aesDecryptWithIV;
 // encrypt AES 256 CBC; where a random IV is prefixed to the buffer
-function aesEncrypt(buffer, key) {
-    const IV = (0, crypto_1.randomBytes)(16);
-    const aes = (0, crypto_1.createCipheriv)('aes-256-cbc', key, IV);
+export function aesEncrypt(buffer, key) {
+    const IV = randomBytes(16);
+    const aes = createCipheriv('aes-256-cbc', key, IV);
     return Buffer.concat([IV, aes.update(buffer), aes.final()]); // prefix IV to the buffer
 }
-exports.aesEncrypt = aesEncrypt;
 // encrypt AES 256 CBC with a given IV
-function aesEncrypWithIV(buffer, key, IV) {
-    const aes = (0, crypto_1.createCipheriv)('aes-256-cbc', key, IV);
+export function aesEncrypWithIV(buffer, key, IV) {
+    const aes = createCipheriv('aes-256-cbc', key, IV);
     return Buffer.concat([aes.update(buffer), aes.final()]); // prefix IV to the buffer
 }
-exports.aesEncrypWithIV = aesEncrypWithIV;
 // sign HMAC using SHA 256
-function hmacSign(buffer, key, variant = 'sha256') {
-    return (0, crypto_1.createHmac)(variant, key).update(buffer).digest();
-}
-exports.hmacSign = hmacSign;
-function sha256(buffer) {
-    return (0, crypto_1.createHash)('sha256').update(buffer).digest();
-}
-exports.sha256 = sha256;
-function md5(buffer) {
-    return (0, crypto_1.createHash)('md5').update(buffer).digest();
-}
-exports.md5 = md5;
-// HKDF key expansion
-function hkdf(buffer, expandedLength, info) {
-    return (0, futoin_hkdf_1.default)(!Buffer.isBuffer(buffer) ? Buffer.from(buffer) : buffer, expandedLength, info);
+export function hmacSign(buffer, key, variant = 'sha256') {
+    return createHmac(variant, key).update(buffer).digest();
 }
-exports.hkdf = hkdf;
-function derivePairingCodeKey(pairingCode, salt) {
-    return (0, crypto_1.pbkdf2Sync)(pairingCode, salt, 2 << 16, 32, 'sha256');
+export function sha256(buffer) {
+    return createHash('sha256').update(buffer).digest();
 }
-exports.derivePairingCodeKey = derivePairingCodeKey;
+export async function derivePairingCodeKey(pairingCode, salt) {
+    // Convert inputs to formats Web Crypto API can work with
+    const encoder = new TextEncoder();
+    const pairingCodeBuffer = encoder.encode(pairingCode);
+    const saltBuffer = new Uint8Array(salt instanceof Uint8Array ? salt : new Uint8Array(salt));
+    // Import the pairing code as key material
+    const keyMaterial = await subtle.importKey('raw', pairingCodeBuffer, { name: 'PBKDF2' }, false, [
+        'deriveBits'
+    ]);
+    // Derive bits using PBKDF2 with the same parameters
+    // 2 << 16 = 131,072 iterations
+    const derivedBits = await subtle.deriveBits({
+        name: 'PBKDF2',
+        salt: saltBuffer,
+        iterations: 2 << 16,
+        hash: 'SHA-256'
+    }, keyMaterial, 32 * 8 // 32 bytes * 8 = 256 bits
+    );
+    return Buffer.from(derivedBits);
+}

package/lib/Utils/decode-wa-message.js

@@ -1,43 +1,103 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.decryptMessageNode = exports.decodeMessageNode = void 0;
-const boom_1 = require("@hapi/boom");
-const WAProto_1 = require("../../WAProto");
-const WABinary_1 = require("../WABinary");
-const generics_1 = require("./generics");
-const NO_MESSAGE_FOUND_ERROR_TEXT = 'Message absent from node';
+import { Boom } from '@hapi/boom';
+import { proto } from '../../WAProto/index.js';
+import { areJidsSameUser, isHostedLidUser, isHostedPnUser, isJidBroadcast, isJidGroup, isJidMetaAI, isJidNewsletter, isJidStatusBroadcast, isLidUser, isPnUser
+//	transferDevice
+ } from '../WABinary/index.js';
+import { unpadRandomMax16 } from './generics.js';
+export const getDecryptionJid = async (sender, repository) => {
+    if (isLidUser(sender) || isHostedLidUser(sender)) {
+        return sender;
+    }
+    const mapped = await repository.lidMapping.getLIDForPN(sender);
+    return mapped || sender;
+};
+const storeMappingFromEnvelope = async (stanza, sender, repository, decryptionJid, logger) => {
+    // TODO: Handle hosted IDs
+    const { senderAlt } = extractAddressingContext(stanza);
+    if (senderAlt && isLidUser(senderAlt) && isPnUser(sender) && decryptionJid === sender) {
+        try {
+            await repository.lidMapping.storeLIDPNMappings([{ lid: senderAlt, pn: sender }]);
+            await repository.migrateSession(sender, senderAlt);
+            logger.debug({ sender, senderAlt }, 'Stored LID mapping from envelope');
+        }
+        catch (error) {
+            logger.warn({ sender, senderAlt, error }, 'Failed to store LID mapping');
+        }
+    }
+};
+export const NO_MESSAGE_FOUND_ERROR_TEXT = 'Message absent from node';
+export const MISSING_KEYS_ERROR_TEXT = 'Key used already or never filled';
+// Retry configuration for failed decryption
+export const DECRYPTION_RETRY_CONFIG = {
+    maxRetries: 3,
+    baseDelayMs: 100,
+    sessionRecordErrors: ['No session record', 'SessionError: No session record']
+};
+export const NACK_REASONS = {
+    ParsingError: 487,
+    UnrecognizedStanza: 488,
+    UnrecognizedStanzaClass: 489,
+    UnrecognizedStanzaType: 490,
+    InvalidProtobuf: 491,
+    InvalidHostedCompanionStanza: 493,
+    MissingMessageSecret: 495,
+    SignalErrorOldCounter: 496,
+    MessageDeletedOnPeer: 499,
+    UnhandledError: 500,
+    UnsupportedAdminRevoke: 550,
+    UnsupportedLIDGroup: 551,
+    DBOperationFailed: 552
+};
+export const extractAddressingContext = (stanza) => {
+    let senderAlt;
+    let recipientAlt;
+    const sender = stanza.attrs.participant || stanza.attrs.from;
+    const addressingMode = stanza.attrs.addressing_mode || (sender?.endsWith('lid') ? 'lid' : 'pn');
+    if (addressingMode === 'lid') {
+        // Message is LID-addressed: sender is LID, extract corresponding PN
+        // without device data
+        senderAlt = stanza.attrs.participant_pn || stanza.attrs.sender_pn || stanza.attrs.peer_recipient_pn;
+        recipientAlt = stanza.attrs.recipient_pn;
+        // with device data
+        //if (sender && senderAlt) senderAlt = transferDevice(sender, senderAlt)
+    }
+    else {
+        // Message is PN-addressed: sender is PN, extract corresponding LID
+        // without device data
+        senderAlt = stanza.attrs.participant_lid || stanza.attrs.sender_lid || stanza.attrs.peer_recipient_lid;
+        recipientAlt = stanza.attrs.recipient_lid;
+        //with device data
+        //if (sender && senderAlt) senderAlt = transferDevice(sender, senderAlt)
+    }
+    return {
+        addressingMode,
+        senderAlt,
+        recipientAlt
+    };
+};
 /**
  * Decode the received node as a message.
  * @note this will only parse the message, not decrypt it
  */
-function decodeMessageNode(stanza, meId, meLid) {
-    var _a, _b;
+export function decodeMessageNode(stanza, meId, meLid) {
     let msgType;
     let chatId;
     let author;
+    let fromMe = false;
     const msgId = stanza.attrs.id;
     const from = stanza.attrs.from;
     const participant = stanza.attrs.participant;
     const recipient = stanza.attrs.recipient;
-    const isMe = (jid) => (0, WABinary_1.areJidsSameUser)(jid, meId);
-    const isMeLid = (jid) => (0, WABinary_1.areJidsSameUser)(jid, meLid);
-    if ((0, WABinary_1.isJidUser)(from)) {
-        if (recipient) {
-            if (!isMe(from)) {
-                throw new boom_1.Boom('receipient present, but msg not from me', { data: stanza });
+    const addressingContext = extractAddressingContext(stanza);
+    const isMe = (jid) => areJidsSameUser(jid, meId);
+    const isMeLid = (jid) => areJidsSameUser(jid, meLid);
+    if (isPnUser(from) || isLidUser(from) || isHostedLidUser(from) || isHostedPnUser(from)) {
+        if (recipient && !isJidMetaAI(recipient)) {
+            if (!isMe(from) && !isMeLid(from)) {
+                throw new Boom('receipient present, but msg not from me', { data: stanza });
             }
-            chatId = recipient;
-        }
-        else {
-            chatId = from;
-        }
-        msgType = 'chat';
-        author = from;
-    }
-    else if ((0, WABinary_1.isLidUser)(from)) {
-        if (recipient) {
-            if (!isMeLid(from)) {
-                throw new boom_1.Boom('receipient present, but msg not from me', { data: stanza });
+            if (isMe(from) || isMeLid(from)) {
+                fromMe = true;
             }
             chatId = recipient;
         }
@@ -47,55 +107,63 @@ function decodeMessageNode(stanza, meId, meLid) {
         msgType = 'chat';
         author = from;
     }
-    else if ((0, WABinary_1.isJidGroup)(from)) {
+    else if (isJidGroup(from)) {
         if (!participant) {
-            throw new boom_1.Boom('No participant in group message');
+            throw new Boom('No participant in group message');
+        }
+        if (isMe(participant) || isMeLid(participant)) {
+            fromMe = true;
         }
         msgType = 'group';
         author = participant;
         chatId = from;
     }
-    else if ((0, WABinary_1.isJidBroadcast)(from)) {
+    else if (isJidBroadcast(from)) {
         if (!participant) {
-            throw new boom_1.Boom('No participant in group message');
+            throw new Boom('No participant in group message');
         }
         const isParticipantMe = isMe(participant);
-        if ((0, WABinary_1.isJidStatusBroadcast)(from)) {
+        if (isJidStatusBroadcast(from)) {
             msgType = isParticipantMe ? 'direct_peer_status' : 'other_status';
         }
         else {
             msgType = isParticipantMe ? 'peer_broadcast' : 'other_broadcast';
         }
+        fromMe = isParticipantMe;
         chatId = from;
         author = participant;
     }
-    else if ((0, WABinary_1.isJidNewsLetter)(from)) {
+    else if (isJidNewsletter(from)) {
         msgType = 'newsletter';
-        author = from;
         chatId = from;
+        author = from;
+        if (isMe(from) || isMeLid(from)) {
+            fromMe = true;
+        }
     }
     else {
-        throw new boom_1.Boom('Unknown message type', { data: stanza });
+        throw new Boom('Unknown message type', { data: stanza });
     }
-    const fromMe = (0, WABinary_1.isJidNewsLetter)(from) ? !!((_a = stanza.attrs) === null || _a === void 0 ? void 0 : _a.is_sender) : ((0, WABinary_1.isLidUser)(from) ? isMeLid : isMe)(stanza.attrs.participant || stanza.attrs.from);
-    const pushname = stanza.attrs.notify;
+    const pushname = stanza?.attrs?.notify;
     const key = {
         remoteJid: chatId,
+        remoteJidAlt: !isJidGroup(chatId) ? addressingContext.senderAlt : undefined,
         fromMe,
         id: msgId,
-        participant
+        participant,
+        participantAlt: isJidGroup(chatId) ? addressingContext.senderAlt : undefined,
+        addressingMode: addressingContext.addressingMode,
+        ...(msgType === 'newsletter' && stanza.attrs.server_id ? { server_id: stanza.attrs.server_id } : {})
     };
     const fullMessage = {
         key,
+        category: stanza.attrs.category,
         messageTimestamp: +stanza.attrs.t,
         pushName: pushname,
-        broadcast: (0, WABinary_1.isJidBroadcast)(from)
+        broadcast: isJidBroadcast(from)
     };
-    if (msgType === 'newsletter') {
-        fullMessage.newsletterServerId = +((_b = stanza.attrs) === null || _b === void 0 ? void 0 : _b.server_id);
-    }
     if (key.fromMe) {
-        fullMessage.status = WAProto_1.proto.WebMessageInfo.Status.SERVER_ACK;
+        fullMessage.status = proto.WebMessageInfo.Status.SERVER_ACK;
     }
     return {
         fullMessage,
@@ -103,44 +171,28 @@ function decodeMessageNode(stanza, meId, meLid) {
         sender: msgType === 'chat' ? author : chatId
     };
 }
-exports.decodeMessageNode = decodeMessageNode;
-const decryptMessageNode = (stanza, meId, meLid, repository, logger) => {
+export const decryptMessageNode = (stanza, meId, meLid, repository, logger) => {
     const { fullMessage, author, sender } = decodeMessageNode(stanza, meId, meLid);
     return {
         fullMessage,
         category: stanza.attrs.category,
         author,
         async decrypt() {
-            var _a;
             let decryptables = 0;
-            async function processSenderKeyDistribution(msg) {
-                if (msg.senderKeyDistributionMessage) {
-                    try {
-                        await repository.processSenderKeyDistributionMessage({
-                            authorJid: author,
-                            item: msg.senderKeyDistributionMessage
-                        });
-                    }
-                    catch (err) {
-                        logger.error({ key: fullMessage.key, err }, 'failed to process senderKeyDistribution');
-                    }
-                }
-            }
-            if ((0, WABinary_1.isJidNewsLetter)(fullMessage.key.remoteJid)) {
-                const node = (0, WABinary_1.getBinaryNodeChild)(stanza, 'plaintext');
-                const msg = WAProto_1.proto.Message.decode(node === null || node === void 0 ? void 0 : node.content);
-                await processSenderKeyDistribution(msg);
-                fullMessage.message = msg;
-                decryptables += 1;
-            }
-            else if (Array.isArray(stanza.content)) {
+            if (Array.isArray(stanza.content)) {
                 for (const { tag, attrs, content } of stanza.content) {
                     if (tag === 'verified_name' && content instanceof Uint8Array) {
-                        const cert = WAProto_1.proto.VerifiedNameCertificate.decode(content);
-                        const details = WAProto_1.proto.VerifiedNameCertificate.Details.decode(cert.details);
+                        const cert = proto.VerifiedNameCertificate.decode(content);
+                        const details = proto.VerifiedNameCertificate.Details.decode(cert.details);
                         fullMessage.verifiedBizName = details.verifiedName;
                     }
-                    if (tag !== 'enc') {
+                    if (tag === 'unavailable' && attrs.type === 'view_once') {
+                        fullMessage.key.isViewOnce = true; // TODO: remove from here and add a STUB TYPE
+                    }
+                    if (attrs.count && tag === 'enc') {
+                        fullMessage.retryCount = Number(attrs.count);
+                    }
+                    if (tag !== 'enc' && tag !== 'plaintext') {
                         continue;
                     }
                     if (!(content instanceof Uint8Array)) {
@@ -148,8 +200,13 @@ const decryptMessageNode = (stanza, meId, meLid, repository, logger) => {
                     }
                     decryptables += 1;
                     let msgBuffer;
+                    const decryptionJid = await getDecryptionJid(author, repository);
+                    if (tag !== 'plaintext') {
+                        // TODO: Handle hosted devices
+                        await storeMappingFromEnvelope(stanza, author, repository, decryptionJid, logger);
+                    }
                     try {
-                        const e2eType = attrs.type;
+                        const e2eType = tag === 'plaintext' ? 'plaintext' : attrs.type;
                         switch (e2eType) {
                             case 'skmsg':
                                 msgBuffer = await repository.decryptGroupMessage({
@@ -160,19 +217,32 @@ const decryptMessageNode = (stanza, meId, meLid, repository, logger) => {
                                 break;
                             case 'pkmsg':
                             case 'msg':
-                                const user = (0, WABinary_1.isJidUser)(sender) ? sender : author;
                                 msgBuffer = await repository.decryptMessage({
-                                    jid: user,
+                                    jid: decryptionJid,
                                     type: e2eType,
                                     ciphertext: content
                                 });
                                 break;
+                            case 'plaintext':
+                                msgBuffer = content;
+                                break;
                             default:
                                 throw new Error(`Unknown e2e type: ${e2eType}`);
                         }
-                        let msg = WAProto_1.proto.Message.decode((0, generics_1.unpadRandomMax16)(msgBuffer));
-                        msg = ((_a = msg.deviceSentMessage) === null || _a === void 0 ? void 0 : _a.message) || msg;
-                        await processSenderKeyDistribution(msg);
+                        let msg = proto.Message.decode(e2eType !== 'plaintext' ? unpadRandomMax16(msgBuffer) : msgBuffer);
+                        msg = msg.deviceSentMessage?.message || msg;
+                        if (msg.senderKeyDistributionMessage) {
+                            //eslint-disable-next-line max-depth
+                            try {
+                                await repository.processSenderKeyDistributionMessage({
+                                    authorJid: author,
+                                    item: msg.senderKeyDistributionMessage
+                                });
+                            }
+                            catch (err) {
+                                logger.error({ key: fullMessage.key, err }, 'failed to process sender key distribution message');
+                            }
+                        }
                         if (fullMessage.message) {
                             Object.assign(fullMessage.message, msg);
                         }
@@ -181,18 +251,32 @@ const decryptMessageNode = (stanza, meId, meLid, repository, logger) => {
                         }
                     }
                     catch (err) {
-                        logger.error({ key: fullMessage.key, err }, 'failed to decrypt message');
-                        fullMessage.messageStubType = WAProto_1.proto.WebMessageInfo.StubType.CIPHERTEXT;
-                        fullMessage.messageStubParameters = [err.message];
+                        const errorContext = {
+                            key: fullMessage.key,
+                            err,
+                            messageType: tag === 'plaintext' ? 'plaintext' : attrs.type,
+                            sender,
+                            author,
+                            isSessionRecordError: isSessionRecordError(err)
+                        };
+                        logger.error(errorContext, 'failed to decrypt message');
+                        fullMessage.messageStubType = proto.WebMessageInfo.StubType.CIPHERTEXT;
+                        fullMessage.messageStubParameters = [err.message.toString()];
                     }
                 }
             }
             // if nothing was found to decrypt
-            if (!decryptables) {
-                fullMessage.messageStubType = WAProto_1.proto.WebMessageInfo.StubType.CIPHERTEXT;
-                fullMessage.messageStubParameters = [NO_MESSAGE_FOUND_ERROR_TEXT, JSON.stringify(stanza, generics_1.BufferJSON.replacer)];
+            if (!decryptables && !fullMessage.key?.isViewOnce) {
+                fullMessage.messageStubType = proto.WebMessageInfo.StubType.CIPHERTEXT;
+                fullMessage.messageStubParameters = [NO_MESSAGE_FOUND_ERROR_TEXT];
             }
         }
     };
 };
-exports.decryptMessageNode = decryptMessageNode;
+/**
+ * Utility function to check if an error is related to missing session record
+ */
+function isSessionRecordError(error) {
+    const errorMessage = error?.message || error?.toString() || '';
+    return DECRYPTION_RETRY_CONFIG.sessionRecordErrors.some(errorPattern => errorMessage.includes(errorPattern));
+}