zapo-js 0.1.2 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +16 -4
- package/dist/appstate/WaAppStateCrypto.js +50 -42
- package/dist/appstate/WaAppStateSyncClient.js +215 -133
- package/dist/appstate/{store/sqlite.js → encoding.js} +13 -8
- package/dist/appstate/index.js +9 -7
- package/dist/appstate/utils.js +0 -5
- package/dist/auth/WaAuthClient.js +55 -57
- package/dist/auth/credentials-flow.js +195 -0
- package/dist/auth/index.js +1 -6
- package/dist/auth/pairing/WaPairingFlow.js +39 -32
- package/dist/auth/pairing/{WaPairingCodeCrypto.js → pairing-code-crypto.js} +35 -17
- package/dist/client/WaClient.js +338 -174
- package/dist/client/WaClientFactory.js +399 -66
- package/dist/client/connection/WaConnectionManager.js +23 -11
- package/dist/client/coordinators/WaAbPropsCoordinator.js +141 -0
- package/dist/client/coordinators/WaBusinessCoordinator.js +232 -0
- package/dist/client/coordinators/WaEmailCoordinator.js +63 -0
- package/dist/client/coordinators/WaGroupCoordinator.js +11 -7
- package/dist/client/coordinators/WaIncomingNodeCoordinator.js +34 -8
- package/dist/client/coordinators/WaMessageDispatchCoordinator.js +341 -118
- package/dist/client/coordinators/WaOfflineResumeCoordinator.js +114 -0
- package/dist/client/coordinators/WaPassiveTasksCoordinator.js +97 -36
- package/dist/client/coordinators/WaPrivacyCoordinator.js +134 -0
- package/dist/client/coordinators/WaProfileCoordinator.js +214 -0
- package/dist/client/coordinators/WaRetryCoordinator.js +184 -30
- package/dist/client/coordinators/WaStreamControlCoordinator.js +18 -11
- package/dist/client/coordinators/WaTrustedContactTokenCoordinator.js +184 -0
- package/dist/client/dirty.js +41 -21
- package/dist/client/events/abprops.js +43 -0
- package/dist/client/events/devices.js +72 -0
- package/dist/client/events/group.js +3 -11
- package/dist/client/events/identity.js +22 -0
- package/dist/client/events/privacy-token.js +38 -0
- package/dist/client/events/registration.js +42 -0
- package/dist/client/history-sync.js +50 -9
- package/dist/client/incoming.js +74 -7
- package/dist/client/mailbox.js +40 -23
- package/dist/client/media.js +243 -0
- package/dist/client/messages.js +245 -92
- package/dist/client/messaging/fanout.js +21 -11
- package/dist/client/messaging/participants.js +6 -4
- package/dist/client/persistence/WriteBehindPersistence.js +129 -0
- package/dist/client/tokens/cs-token.js +50 -0
- package/dist/client/tokens/tc-token.js +25 -0
- package/dist/crypto/core/index.js +5 -2
- package/dist/crypto/core/keys.js +4 -4
- package/dist/crypto/core/nonce.js +2 -0
- package/dist/crypto/core/primitives.js +0 -8
- package/dist/crypto/core/random.js +24 -8
- package/dist/crypto/core/xeddsa.js +57 -0
- package/dist/crypto/curves/X25519.js +43 -6
- package/dist/crypto/curves/constants.js +2 -1
- package/dist/crypto/index.js +3 -0
- package/dist/crypto/math/constants.js +13 -36
- package/dist/crypto/math/edwards.js +171 -44
- package/dist/crypto/math/fe.js +706 -0
- package/dist/crypto/math/mod.js +10 -3
- package/dist/esm/appstate/WaAppStateCrypto.js +40 -32
- package/dist/esm/appstate/WaAppStateSyncClient.js +206 -124
- package/dist/esm/appstate/{store/sqlite.js → encoding.js} +13 -8
- package/dist/esm/appstate/index.js +2 -2
- package/dist/esm/appstate/{WaAppStateSyncResponseParser.js → response-parser.js} +1 -1
- package/dist/esm/appstate/utils.js +2 -5
- package/dist/esm/auth/WaAuthClient.js +52 -54
- package/dist/esm/auth/credentials-flow.js +190 -0
- package/dist/esm/auth/index.js +0 -2
- package/dist/esm/auth/pairing/WaPairingFlow.js +39 -32
- package/dist/esm/auth/pairing/{WaPairingCodeCrypto.js → pairing-code-crypto.js} +26 -10
- package/dist/esm/client/WaClient.js +339 -175
- package/dist/esm/client/WaClientFactory.js +401 -68
- package/dist/esm/client/connection/WaConnectionManager.js +23 -11
- package/dist/esm/client/coordinators/WaAbPropsCoordinator.js +137 -0
- package/dist/esm/client/coordinators/WaBusinessCoordinator.js +229 -0
- package/dist/esm/client/coordinators/WaEmailCoordinator.js +60 -0
- package/dist/esm/client/coordinators/WaGroupCoordinator.js +11 -7
- package/dist/esm/client/coordinators/WaIncomingNodeCoordinator.js +36 -10
- package/dist/esm/client/coordinators/WaMessageDispatchCoordinator.js +337 -114
- package/dist/esm/client/coordinators/WaOfflineResumeCoordinator.js +110 -0
- package/dist/esm/client/coordinators/WaPassiveTasksCoordinator.js +97 -36
- package/dist/esm/client/coordinators/WaPrivacyCoordinator.js +131 -0
- package/dist/esm/client/coordinators/WaProfileCoordinator.js +211 -0
- package/dist/esm/client/coordinators/WaRetryCoordinator.js +186 -32
- package/dist/esm/client/coordinators/WaStreamControlCoordinator.js +19 -12
- package/dist/esm/client/coordinators/WaTrustedContactTokenCoordinator.js +180 -0
- package/dist/esm/client/dirty.js +41 -21
- package/dist/esm/client/events/abprops.js +40 -0
- package/dist/esm/client/events/devices.js +68 -0
- package/dist/esm/client/events/group.js +3 -11
- package/dist/esm/client/events/identity.js +19 -0
- package/dist/esm/client/events/privacy-token.js +35 -0
- package/dist/esm/client/events/registration.js +39 -0
- package/dist/esm/client/history-sync.js +50 -9
- package/dist/esm/client/incoming.js +74 -8
- package/dist/esm/client/mailbox.js +40 -23
- package/dist/esm/client/media.js +234 -0
- package/dist/esm/client/messages.js +244 -91
- package/dist/esm/client/messaging/fanout.js +22 -12
- package/dist/esm/client/messaging/participants.js +6 -4
- package/dist/esm/client/persistence/WriteBehindPersistence.js +125 -0
- package/dist/esm/client/tokens/cs-token.js +46 -0
- package/dist/esm/client/tokens/tc-token.js +18 -0
- package/dist/esm/crypto/core/index.js +3 -2
- package/dist/esm/crypto/core/keys.js +1 -1
- package/dist/esm/crypto/core/nonce.js +2 -0
- package/dist/esm/crypto/core/primitives.js +0 -7
- package/dist/esm/crypto/core/random.js +23 -7
- package/dist/esm/crypto/core/xeddsa.js +53 -0
- package/dist/esm/crypto/curves/X25519.js +45 -8
- package/dist/esm/crypto/curves/constants.js +1 -0
- package/dist/esm/crypto/index.js +1 -0
- package/dist/esm/crypto/math/constants.js +12 -35
- package/dist/esm/crypto/math/edwards.js +174 -47
- package/dist/esm/crypto/math/fe.js +691 -0
- package/dist/esm/crypto/math/mod.js +10 -1
- package/dist/esm/index.js +1 -1
- package/dist/esm/infra/perf/BackgroundQueue.js +478 -0
- package/dist/esm/infra/perf/BoundedTaskQueue.js +3 -1
- package/dist/esm/infra/perf/PromiseDedup.js +20 -0
- package/dist/esm/infra/perf/SharedExclusiveGate.js +109 -0
- package/dist/esm/infra/perf/StoreLock.js +80 -0
- package/dist/esm/media/WaMediaCrypto.js +332 -55
- package/dist/esm/media/WaMediaTransferClient.js +69 -220
- package/dist/esm/media/constants.js +4 -1
- package/dist/esm/media/processor.js +1 -0
- package/dist/esm/message/WaMessageClient.js +26 -19
- package/dist/esm/message/addon-crypto.js +130 -3
- package/dist/esm/message/content.js +206 -14
- package/dist/esm/message/icdc.js +76 -0
- package/dist/esm/message/incoming.js +38 -24
- package/dist/esm/message/phash.js +35 -13
- package/dist/esm/message/reporting-token.js +17 -30
- package/dist/esm/message/use-case-secret.js +1 -1
- package/dist/esm/protocol/abprops.js +159 -0
- package/dist/esm/protocol/appstate.js +9 -40
- package/dist/esm/protocol/browser.js +24 -18
- package/dist/esm/protocol/constants.js +8 -4
- package/dist/esm/protocol/defaults.js +6 -0
- package/dist/esm/protocol/email.js +30 -0
- package/dist/esm/protocol/index.js +1 -2
- package/dist/esm/protocol/jid.js +142 -39
- package/dist/esm/protocol/message.js +61 -1
- package/dist/esm/protocol/nodes.js +8 -2
- package/dist/esm/protocol/notification.js +9 -1
- package/dist/esm/protocol/privacy-token.js +17 -0
- package/dist/esm/protocol/privacy.js +55 -0
- package/dist/esm/protocol/stream.js +26 -1
- package/dist/esm/retry/codec.js +216 -0
- package/dist/esm/retry/constants.js +1 -1
- package/dist/esm/retry/index.js +2 -2
- package/dist/esm/retry/parse.js +50 -30
- package/dist/esm/retry/reason.js +1 -1
- package/dist/esm/retry/replay.js +11 -7
- package/dist/esm/retry/tracker.js +50 -12
- package/dist/esm/signal/api/SignalDeviceSyncApi.js +52 -32
- package/dist/esm/signal/api/SignalDigestSyncApi.js +21 -15
- package/dist/esm/signal/api/SignalIdentitySyncApi.js +30 -15
- package/dist/esm/signal/api/SignalMissingPreKeysSyncApi.js +19 -8
- package/dist/esm/signal/api/SignalRotateKeyApi.js +4 -2
- package/dist/esm/signal/api/SignalSessionSyncApi.js +17 -8
- package/dist/esm/signal/api/result-map.js +10 -0
- package/dist/esm/signal/constants.js +0 -4
- package/dist/esm/signal/crypto/WaAdvSignature.js +5 -45
- package/dist/esm/signal/crypto/constants.js +0 -4
- package/dist/esm/signal/{store/sqlite.js → encoding.js} +40 -29
- package/dist/esm/signal/group/SenderKeyChain.js +3 -3
- package/dist/esm/signal/group/SenderKeyCodec.js +8 -8
- package/dist/esm/signal/group/SenderKeyManager.js +131 -109
- package/dist/esm/signal/index.js +1 -0
- package/dist/esm/signal/registration/keygen.js +8 -5
- package/dist/esm/signal/registration/utils.js +3 -2
- package/dist/esm/signal/session/SignalProtocol.js +158 -81
- package/dist/esm/signal/session/SignalRatchet.js +21 -10
- package/dist/esm/signal/session/SignalSerializer.js +5 -6
- package/dist/esm/signal/session/SignalSession.js +11 -9
- package/dist/esm/signal/session/resolver.js +140 -105
- package/dist/esm/store/contracts/identity.store.js +1 -0
- package/dist/esm/store/contracts/message-secret.store.js +1 -0
- package/dist/esm/store/contracts/pre-key.store.js +1 -0
- package/dist/esm/store/contracts/privacy-token.store.js +1 -0
- package/dist/esm/store/contracts/session.store.js +1 -0
- package/dist/esm/store/createStore.js +143 -193
- package/dist/esm/store/index.js +5 -10
- package/dist/esm/store/locks/appstate.lock.js +26 -0
- package/dist/esm/store/locks/auth.lock.js +15 -0
- package/dist/esm/store/locks/contact.lock.js +20 -0
- package/dist/esm/store/locks/device-list.lock.js +20 -0
- package/dist/esm/store/locks/identity.lock.js +16 -0
- package/dist/esm/store/locks/message-secret.lock.js +17 -0
- package/dist/esm/store/locks/message.lock.js +21 -0
- package/dist/esm/store/locks/participants.lock.js +20 -0
- package/dist/esm/store/locks/pre-key.lock.js +27 -0
- package/dist/esm/store/locks/privacy-token.lock.js +18 -0
- package/dist/esm/store/locks/retry.lock.js +29 -0
- package/dist/esm/store/locks/sender-key.lock.js +52 -0
- package/dist/esm/store/locks/session.lock.js +19 -0
- package/dist/esm/store/locks/signal.lock.js +39 -0
- package/dist/esm/store/locks/thread.lock.js +21 -0
- package/dist/esm/store/noop.store.js +21 -1
- package/dist/esm/store/providers/memory/appstate.store.js +22 -24
- package/dist/esm/store/providers/memory/device-list.store.js +13 -5
- package/dist/esm/store/providers/memory/identity.store.js +31 -0
- package/dist/esm/store/providers/memory/message-secret.store.js +81 -0
- package/dist/esm/store/providers/memory/participants.store.js +3 -0
- package/dist/esm/store/providers/memory/pre-key.store.js +97 -0
- package/dist/esm/store/providers/memory/privacy-token.store.js +43 -0
- package/dist/esm/store/providers/memory/retry.store.js +99 -10
- package/dist/esm/store/providers/memory/sender-key.store.js +6 -1
- package/dist/esm/store/providers/memory/session.store.js +45 -0
- package/dist/esm/store/providers/memory/signal.store.js +1 -147
- package/dist/esm/transport/WaComms.js +7 -4
- package/dist/esm/transport/WaWebSocket.js +9 -7
- package/dist/esm/transport/binary/constants.js +0 -30
- package/dist/esm/transport/binary/decoder.js +4 -4
- package/dist/esm/transport/binary/encoder.js +8 -15
- package/dist/esm/transport/binary/index.js +0 -1
- package/dist/esm/transport/index.js +6 -0
- package/dist/esm/transport/keepalive/WaKeepAlive.js +17 -8
- package/dist/esm/transport/node/WaMobileTcpSocket.js +114 -0
- package/dist/esm/transport/node/WaNodeOrchestrator.js +37 -22
- package/dist/esm/transport/node/builders/abprops.js +20 -0
- package/dist/esm/transport/node/builders/business.js +129 -0
- package/dist/esm/transport/node/builders/device.js +11 -0
- package/dist/esm/transport/node/builders/email.js +65 -0
- package/dist/esm/transport/node/builders/global.js +370 -0
- package/dist/esm/transport/node/builders/message.js +63 -239
- package/dist/esm/transport/node/builders/offline.js +14 -0
- package/dist/esm/transport/node/builders/pairing.js +0 -24
- package/dist/esm/transport/node/builders/prekeys.js +37 -40
- package/dist/esm/transport/node/builders/presence.js +13 -0
- package/dist/esm/transport/node/builders/privacy-token.js +37 -0
- package/dist/esm/transport/node/builders/privacy.js +48 -0
- package/dist/esm/transport/node/builders/profile.js +70 -0
- package/dist/esm/transport/node/builders/retry.js +11 -23
- package/dist/esm/transport/node/builders/usync.js +6 -2
- package/dist/esm/transport/node/helpers.js +43 -1
- package/dist/esm/transport/node/mex/argo-decoder.js +152 -0
- package/dist/esm/transport/node/mex/client.js +83 -0
- package/dist/esm/transport/node/mex/persist-ids.js +10 -0
- package/dist/esm/transport/node/usync.js +3 -33
- package/dist/esm/transport/node/xml.js +35 -14
- package/dist/esm/transport/noise/WaClientPayload.js +24 -19
- package/dist/esm/transport/noise/WaFrameCodec.js +2 -2
- package/dist/esm/transport/noise/WaMobileClientPayload.js +53 -0
- package/dist/esm/transport/noise/WaNoiseCert.js +9 -27
- package/dist/esm/transport/noise/WaNoiseSession.js +76 -34
- package/dist/esm/transport/noise/WaNoiseSocket.js +8 -4
- package/dist/esm/transport/stream/parse.js +8 -4
- package/dist/esm/util/bytes.js +22 -18
- package/dist/esm/util/index.js +5 -0
- package/dist/esm/util/primitives.js +3 -2
- package/dist/index.js +7 -1
- package/dist/infra/perf/BackgroundQueue.js +482 -0
- package/dist/infra/perf/BoundedTaskQueue.js +3 -1
- package/dist/infra/perf/PromiseDedup.js +24 -0
- package/dist/infra/perf/SharedExclusiveGate.js +113 -0
- package/dist/infra/perf/StoreLock.js +84 -0
- package/dist/media/WaMediaCrypto.js +328 -51
- package/dist/media/WaMediaTransferClient.js +72 -253
- package/dist/media/constants.js +5 -2
- package/dist/media/processor.js +2 -0
- package/dist/message/WaMessageClient.js +26 -19
- package/dist/message/addon-crypto.js +131 -0
- package/dist/message/content.js +211 -14
- package/dist/message/icdc.js +81 -0
- package/dist/message/incoming.js +38 -24
- package/dist/message/phash.js +35 -13
- package/dist/message/reporting-token.js +16 -30
- package/dist/message/use-case-secret.js +1 -1
- package/dist/protocol/abprops.js +163 -0
- package/dist/protocol/appstate.js +10 -41
- package/dist/protocol/browser.js +25 -18
- package/dist/protocol/constants.js +33 -2
- package/dist/protocol/defaults.js +6 -0
- package/dist/protocol/email.js +33 -0
- package/dist/protocol/index.js +8 -5
- package/dist/protocol/jid.js +149 -39
- package/dist/protocol/message.js +62 -2
- package/dist/protocol/nodes.js +8 -2
- package/dist/protocol/notification.js +10 -2
- package/dist/protocol/privacy-token.js +20 -0
- package/dist/protocol/privacy.js +58 -0
- package/dist/protocol/stream.js +27 -2
- package/dist/retry/codec.js +220 -0
- package/dist/retry/constants.js +1 -1
- package/dist/retry/index.js +5 -5
- package/dist/retry/parse.js +51 -30
- package/dist/retry/reason.js +1 -1
- package/dist/retry/replay.js +10 -6
- package/dist/retry/tracker.js +50 -12
- package/dist/signal/api/SignalDeviceSyncApi.js +51 -31
- package/dist/signal/api/SignalDigestSyncApi.js +21 -15
- package/dist/signal/api/SignalIdentitySyncApi.js +29 -14
- package/dist/signal/api/SignalMissingPreKeysSyncApi.js +17 -6
- package/dist/signal/api/SignalRotateKeyApi.js +4 -2
- package/dist/signal/api/SignalSessionSyncApi.js +16 -7
- package/dist/signal/api/result-map.js +13 -0
- package/dist/signal/constants.js +1 -5
- package/dist/signal/crypto/WaAdvSignature.js +2 -44
- package/dist/signal/crypto/constants.js +1 -5
- package/dist/signal/{store/sqlite.js → encoding.js} +41 -25
- package/dist/signal/group/SenderKeyChain.js +2 -2
- package/dist/signal/group/SenderKeyCodec.js +8 -8
- package/dist/signal/group/SenderKeyManager.js +130 -108
- package/dist/signal/index.js +13 -1
- package/dist/signal/registration/keygen.js +7 -4
- package/dist/signal/registration/utils.js +3 -2
- package/dist/signal/session/SignalProtocol.js +158 -81
- package/dist/signal/session/SignalRatchet.js +19 -8
- package/dist/signal/session/SignalSerializer.js +5 -6
- package/dist/signal/session/SignalSession.js +11 -9
- package/dist/signal/session/resolver.js +138 -103
- package/dist/store/contracts/identity.store.js +2 -0
- package/dist/store/contracts/message-secret.store.js +2 -0
- package/dist/store/contracts/pre-key.store.js +2 -0
- package/dist/store/contracts/privacy-token.store.js +2 -0
- package/dist/store/contracts/session.store.js +2 -0
- package/dist/store/createStore.js +142 -192
- package/dist/store/index.js +23 -33
- package/dist/store/locks/appstate.lock.js +29 -0
- package/dist/store/locks/auth.lock.js +18 -0
- package/dist/store/locks/contact.lock.js +23 -0
- package/dist/store/locks/device-list.lock.js +23 -0
- package/dist/store/locks/identity.lock.js +19 -0
- package/dist/store/locks/message-secret.lock.js +20 -0
- package/dist/store/locks/message.lock.js +24 -0
- package/dist/store/locks/participants.lock.js +23 -0
- package/dist/store/locks/pre-key.lock.js +30 -0
- package/dist/store/locks/privacy-token.lock.js +21 -0
- package/dist/store/locks/retry.lock.js +32 -0
- package/dist/store/locks/sender-key.lock.js +55 -0
- package/dist/store/locks/session.lock.js +22 -0
- package/dist/store/locks/signal.lock.js +42 -0
- package/dist/store/locks/thread.lock.js +24 -0
- package/dist/store/noop.store.js +22 -2
- package/dist/store/providers/memory/appstate.store.js +22 -24
- package/dist/store/providers/memory/device-list.store.js +13 -5
- package/dist/store/providers/memory/identity.store.js +35 -0
- package/dist/store/providers/memory/message-secret.store.js +85 -0
- package/dist/store/providers/memory/participants.store.js +3 -0
- package/dist/store/providers/memory/pre-key.store.js +101 -0
- package/dist/store/providers/memory/privacy-token.store.js +47 -0
- package/dist/store/providers/memory/retry.store.js +98 -9
- package/dist/store/providers/memory/sender-key.store.js +6 -1
- package/dist/store/providers/memory/session.store.js +49 -0
- package/dist/store/providers/memory/signal.store.js +1 -147
- package/dist/transport/WaComms.js +7 -4
- package/dist/transport/WaWebSocket.js +9 -7
- package/dist/transport/binary/constants.js +1 -31
- package/dist/transport/binary/decoder.js +4 -4
- package/dist/transport/binary/encoder.js +8 -15
- package/dist/transport/binary/index.js +0 -4
- package/dist/transport/index.js +17 -1
- package/dist/transport/keepalive/WaKeepAlive.js +17 -8
- package/dist/transport/node/WaMobileTcpSocket.js +118 -0
- package/dist/transport/node/WaNodeOrchestrator.js +36 -21
- package/dist/transport/node/builders/abprops.js +23 -0
- package/dist/transport/node/builders/business.js +137 -0
- package/dist/transport/node/builders/device.js +14 -0
- package/dist/transport/node/builders/email.js +72 -0
- package/dist/transport/node/builders/global.js +375 -0
- package/dist/transport/node/builders/message.js +64 -245
- package/dist/transport/node/builders/offline.js +17 -0
- package/dist/transport/node/builders/pairing.js +0 -26
- package/dist/transport/node/builders/prekeys.js +36 -39
- package/dist/transport/node/builders/presence.js +16 -0
- package/dist/transport/node/builders/privacy-token.js +42 -0
- package/dist/transport/node/builders/privacy.js +55 -0
- package/dist/transport/node/builders/profile.js +78 -0
- package/dist/transport/node/builders/retry.js +10 -22
- package/dist/transport/node/builders/usync.js +6 -2
- package/dist/transport/node/helpers.js +46 -1
- package/dist/transport/node/mex/argo-decoder.js +189 -0
- package/dist/transport/node/mex/client.js +86 -0
- package/dist/transport/node/mex/persist-ids.js +13 -0
- package/dist/transport/node/usync.js +2 -32
- package/dist/transport/node/xml.js +35 -14
- package/dist/transport/noise/WaClientPayload.js +26 -21
- package/dist/transport/noise/WaFrameCodec.js +1 -1
- package/dist/transport/noise/WaMobileClientPayload.js +56 -0
- package/dist/transport/noise/WaNoiseCert.js +8 -26
- package/dist/transport/noise/WaNoiseSession.js +75 -33
- package/dist/transport/noise/WaNoiseSocket.js +8 -4
- package/dist/transport/stream/parse.js +7 -3
- package/dist/types/appstate/WaAppStateCrypto.d.ts +11 -8
- package/dist/types/appstate/WaAppStateSyncClient.d.ts +6 -2
- package/dist/types/appstate/encoding.d.ts +7 -0
- package/dist/types/appstate/index.d.ts +3 -3
- package/dist/types/appstate/{WaAppStateSyncResponseParser.d.ts → response-parser.d.ts} +1 -1
- package/dist/types/appstate/types.d.ts +1 -1
- package/dist/types/appstate/utils.d.ts +0 -2
- package/dist/types/auth/WaAuthClient.d.ts +9 -3
- package/dist/types/auth/credentials-flow.d.ts +20 -0
- package/dist/types/auth/index.d.ts +0 -2
- package/dist/types/auth/pairing/WaPairingFlow.d.ts +3 -2
- package/dist/types/auth/pairing/{WaPairingCodeCrypto.d.ts → pairing-code-crypto.d.ts} +6 -1
- package/dist/types/auth/types.d.ts +41 -0
- package/dist/types/client/WaClient.d.ts +44 -18
- package/dist/types/client/WaClientFactory.d.ts +22 -8
- package/dist/types/client/connection/WaConnectionManager.d.ts +2 -0
- package/dist/types/client/coordinators/WaAbPropsCoordinator.d.ts +26 -0
- package/dist/types/client/coordinators/WaBusinessCoordinator.d.ts +57 -0
- package/dist/types/client/coordinators/WaEmailCoordinator.d.ts +24 -0
- package/dist/types/client/coordinators/WaIncomingNodeCoordinator.d.ts +9 -2
- package/dist/types/client/coordinators/WaMessageDispatchCoordinator.d.ts +29 -2
- package/dist/types/client/coordinators/WaOfflineResumeCoordinator.d.ts +31 -0
- package/dist/types/client/coordinators/WaPassiveTasksCoordinator.d.ts +16 -1
- package/dist/types/client/coordinators/WaPrivacyCoordinator.d.ts +26 -0
- package/dist/types/client/coordinators/WaProfileCoordinator.d.ts +38 -0
- package/dist/types/client/coordinators/WaRetryCoordinator.d.ts +12 -0
- package/dist/types/client/coordinators/WaStreamControlCoordinator.d.ts +3 -2
- package/dist/types/client/coordinators/WaTrustedContactTokenCoordinator.d.ts +55 -0
- package/dist/types/client/dirty.d.ts +3 -1
- package/dist/types/client/events/abprops.d.ts +14 -0
- package/dist/types/client/events/devices.d.ts +20 -0
- package/dist/types/client/events/identity.d.ts +9 -0
- package/dist/types/client/events/privacy-token.d.ts +7 -0
- package/dist/types/client/events/registration.d.ts +17 -0
- package/dist/types/client/history-sync.d.ts +9 -6
- package/dist/types/client/incoming.d.ts +9 -2
- package/dist/types/client/index.d.ts +1 -1
- package/dist/types/client/mailbox.d.ts +5 -5
- package/dist/types/client/media.d.ts +31 -0
- package/dist/types/client/messages.d.ts +3 -2
- package/dist/types/client/persistence/WriteBehindPersistence.d.ts +34 -0
- package/dist/types/client/tokens/cs-token.d.ts +10 -0
- package/dist/types/client/tokens/tc-token.d.ts +5 -0
- package/dist/types/client/types.d.ts +151 -4
- package/dist/types/crypto/core/index.d.ts +3 -2
- package/dist/types/crypto/core/nonce.d.ts +2 -0
- package/dist/types/crypto/core/primitives.d.ts +1 -2
- package/dist/types/crypto/core/random.d.ts +2 -1
- package/dist/types/crypto/core/xeddsa.d.ts +2 -0
- package/dist/types/crypto/curves/constants.d.ts +1 -0
- package/dist/types/crypto/index.d.ts +2 -0
- package/dist/types/crypto/math/constants.d.ts +4 -2
- package/dist/types/crypto/math/fe.d.ts +30 -0
- package/dist/types/crypto/math/mod.d.ts +0 -2
- package/dist/types/crypto/math/types.d.ts +11 -4
- package/dist/types/index.d.ts +6 -3
- package/dist/types/infra/log/ConsoleLogger.d.ts +1 -1
- package/dist/types/infra/log/PinoLogger.d.ts +1 -1
- package/dist/types/infra/perf/BackgroundQueue.d.ts +58 -0
- package/dist/types/infra/perf/PromiseDedup.d.ts +4 -0
- package/dist/types/infra/perf/SharedExclusiveGate.d.ts +17 -0
- package/dist/types/infra/perf/StoreLock.d.ts +11 -0
- package/dist/types/media/WaMediaCrypto.d.ts +16 -6
- package/dist/types/media/WaMediaTransferClient.d.ts +6 -23
- package/dist/types/media/constants.d.ts +3 -1
- package/dist/types/media/index.d.ts +2 -1
- package/dist/types/media/processor.d.ts +28 -0
- package/dist/types/media/types.d.ts +19 -5
- package/dist/types/message/addon-crypto.d.ts +34 -3
- package/dist/types/message/content.d.ts +11 -1
- package/dist/types/message/icdc.d.ts +13 -0
- package/dist/types/message/reporting-token.d.ts +0 -1
- package/dist/types/message/types.d.ts +42 -11
- package/dist/types/protocol/abprops.d.ts +142 -0
- package/dist/types/protocol/appstate.d.ts +0 -11
- package/dist/types/protocol/browser.d.ts +1 -0
- package/dist/types/protocol/constants.d.ts +12 -4
- package/dist/types/protocol/defaults.d.ts +6 -0
- package/dist/types/protocol/email.d.ts +32 -0
- package/dist/types/protocol/index.d.ts +1 -2
- package/dist/types/protocol/jid.d.ts +20 -2
- package/dist/types/protocol/message.d.ts +60 -0
- package/dist/types/protocol/nodes.d.ts +6 -0
- package/dist/types/protocol/notification.d.ts +8 -0
- package/dist/types/protocol/privacy-token.d.ts +17 -0
- package/dist/types/protocol/privacy.d.ts +75 -0
- package/dist/types/protocol/stream.d.ts +31 -0
- package/dist/types/retry/codec.d.ts +3 -0
- package/dist/types/retry/index.d.ts +3 -3
- package/dist/types/retry/parse.d.ts +5 -2
- package/dist/types/retry/reason.d.ts +1 -1
- package/dist/types/retry/tracker.d.ts +1 -0
- package/dist/types/retry/types.d.ts +6 -1
- package/dist/types/signal/api/SignalDeviceSyncApi.d.ts +2 -1
- package/dist/types/signal/api/SignalDigestSyncApi.d.ts +9 -0
- package/dist/types/signal/api/SignalIdentitySyncApi.d.ts +5 -3
- package/dist/types/signal/api/SignalRotateKeyApi.d.ts +4 -5
- package/dist/types/signal/api/SignalSessionSyncApi.d.ts +8 -6
- package/dist/types/signal/api/result-map.d.ts +1 -0
- package/dist/types/signal/constants.d.ts +0 -3
- package/dist/types/signal/crypto/WaAdvSignature.d.ts +0 -2
- package/dist/types/signal/crypto/constants.d.ts +0 -1
- package/dist/types/signal/{store/sqlite.d.ts → encoding.d.ts} +9 -3
- package/dist/types/signal/group/SenderKeyChain.d.ts +1 -1
- package/dist/types/signal/group/SenderKeyManager.d.ts +17 -7
- package/dist/types/signal/index.d.ts +2 -0
- package/dist/types/signal/registration/utils.d.ts +2 -1
- package/dist/types/signal/session/SignalProtocol.d.ts +21 -6
- package/dist/types/signal/session/SignalSerializer.d.ts +2 -1
- package/dist/types/signal/session/resolver.d.ts +11 -4
- package/dist/types/signal/types.d.ts +16 -4
- package/dist/types/store/contracts/appstate.store.d.ts +1 -1
- package/dist/types/store/contracts/identity.store.d.ts +11 -0
- package/dist/types/store/contracts/message-secret.store.d.ts +16 -0
- package/dist/types/store/contracts/pre-key.store.d.ts +13 -0
- package/dist/types/store/contracts/privacy-token.store.d.ts +16 -0
- package/dist/types/store/contracts/retry.store.d.ts +7 -0
- package/dist/types/store/contracts/session.store.d.ts +14 -0
- package/dist/types/store/contracts/signal.store.d.ts +1 -27
- package/dist/types/store/createStore.d.ts +1 -1
- package/dist/types/store/index.d.ts +12 -12
- package/dist/types/store/locks/appstate.lock.d.ts +3 -0
- package/dist/types/store/locks/auth.lock.d.ts +3 -0
- package/dist/types/store/locks/contact.lock.d.ts +3 -0
- package/dist/types/store/locks/device-list.lock.d.ts +2 -0
- package/dist/types/store/locks/identity.lock.d.ts +3 -0
- package/dist/types/store/locks/message-secret.lock.d.ts +3 -0
- package/dist/types/store/locks/message.lock.d.ts +3 -0
- package/dist/types/store/locks/participants.lock.d.ts +2 -0
- package/dist/types/store/locks/pre-key.lock.d.ts +3 -0
- package/dist/types/store/locks/privacy-token.lock.d.ts +2 -0
- package/dist/types/store/locks/retry.lock.d.ts +2 -0
- package/dist/types/store/locks/sender-key.lock.d.ts +3 -0
- package/dist/types/store/locks/session.lock.d.ts +3 -0
- package/dist/types/store/locks/signal.lock.d.ts +3 -0
- package/dist/types/store/locks/thread.lock.d.ts +3 -0
- package/dist/types/store/noop.store.d.ts +4 -0
- package/dist/types/store/providers/memory/appstate.store.d.ts +1 -1
- package/dist/types/store/providers/memory/identity.store.d.ts +18 -0
- package/dist/types/store/providers/memory/message-secret.store.d.ts +21 -0
- package/dist/types/store/providers/memory/pre-key.store.d.ts +23 -0
- package/dist/types/store/providers/memory/privacy-token.store.d.ts +13 -0
- package/dist/types/store/providers/memory/retry.store.d.ts +15 -1
- package/dist/types/store/providers/memory/session.store.d.ts +21 -0
- package/dist/types/store/providers/memory/signal.store.d.ts +2 -43
- package/dist/types/store/providers/memory/thread.store.d.ts +1 -1
- package/dist/types/store/types.d.ts +69 -61
- package/dist/types/transport/WaWebSocket.d.ts +1 -1
- package/dist/types/transport/binary/constants.d.ts +0 -30
- package/dist/types/transport/binary/index.d.ts +0 -1
- package/dist/types/transport/index.d.ts +8 -1
- package/dist/types/transport/keepalive/WaKeepAlive.d.ts +4 -1
- package/dist/types/transport/node/WaMobileTcpSocket.d.ts +18 -0
- package/dist/types/transport/node/WaNodeOrchestrator.d.ts +9 -6
- package/dist/types/transport/node/builders/abprops.d.ts +5 -0
- package/dist/types/transport/node/builders/business.d.ts +29 -0
- package/dist/types/transport/node/builders/device.d.ts +2 -0
- package/dist/types/transport/node/builders/email.d.ts +11 -0
- package/dist/types/transport/node/builders/global.d.ts +102 -0
- package/dist/types/transport/node/builders/message.d.ts +8 -7
- package/dist/types/transport/node/builders/offline.d.ts +2 -0
- package/dist/types/transport/node/builders/pairing.d.ts +0 -2
- package/dist/types/transport/node/builders/prekeys.d.ts +4 -3
- package/dist/types/transport/node/builders/presence.d.ts +6 -0
- package/dist/types/transport/node/builders/privacy-token.d.ts +9 -0
- package/dist/types/transport/node/builders/privacy.d.ts +7 -0
- package/dist/types/transport/node/builders/profile.d.ts +8 -0
- package/dist/types/transport/node/builders/retry.d.ts +0 -1
- package/dist/types/transport/node/helpers.d.ts +8 -0
- package/dist/types/transport/node/mex/argo-decoder.d.ts +11 -0
- package/dist/types/transport/node/mex/client.d.ts +18 -0
- package/dist/types/transport/node/mex/persist-ids.d.ts +14 -0
- package/dist/types/transport/noise/WaMobileClientPayload.d.ts +29 -0
- package/dist/types/transport/noise/WaNoiseCert.d.ts +7 -1
- package/dist/types/transport/noise/WaNoiseSession.d.ts +4 -2
- package/dist/types/transport/noise/WaNoiseSocket.d.ts +4 -2
- package/dist/types/transport/types.d.ts +8 -0
- package/dist/types/util/bytes.d.ts +1 -1
- package/dist/types/util/index.d.ts +5 -0
- package/dist/types/util/primitives.d.ts +0 -1
- package/dist/util/bytes.js +22 -18
- package/dist/util/index.js +23 -0
- package/dist/util/primitives.js +2 -2
- package/package.json +34 -10
- package/proto/index.js +1 -1
- package/dist/auth/flow/WaAuthCredentialsFlow.js +0 -130
- package/dist/auth/pairing/constants.js +0 -5
- package/dist/client/connection/WaKeyShareCoordinator.js +0 -63
- package/dist/crypto/core/constants.js +0 -4
- package/dist/esm/auth/flow/WaAuthCredentialsFlow.js +0 -125
- package/dist/esm/auth/pairing/constants.js +0 -2
- package/dist/esm/client/connection/WaKeyShareCoordinator.js +0 -59
- package/dist/esm/crypto/core/constants.js +0 -1
- package/dist/esm/retry/outbound.js +0 -82
- package/dist/esm/store/providers/sqlite/BaseSqliteStore.js +0 -37
- package/dist/esm/store/providers/sqlite/appstate.store.js +0 -250
- package/dist/esm/store/providers/sqlite/auth.store.js +0 -176
- package/dist/esm/store/providers/sqlite/connection.js +0 -245
- package/dist/esm/store/providers/sqlite/contact.store.js +0 -74
- package/dist/esm/store/providers/sqlite/device-list.store.js +0 -127
- package/dist/esm/store/providers/sqlite/message.store.js +0 -132
- package/dist/esm/store/providers/sqlite/migrations.js +0 -347
- package/dist/esm/store/providers/sqlite/participants.store.js +0 -77
- package/dist/esm/store/providers/sqlite/retry.store.js +0 -141
- package/dist/esm/store/providers/sqlite/sender-key.store.js +0 -198
- package/dist/esm/store/providers/sqlite/signal.store.js +0 -435
- package/dist/esm/store/providers/sqlite/table-names.js +0 -107
- package/dist/esm/store/providers/sqlite/thread.store.js +0 -85
- package/dist/esm/transport/node/builders/index.js +0 -8
- package/dist/retry/outbound.js +0 -87
- package/dist/store/providers/sqlite/BaseSqliteStore.js +0 -41
- package/dist/store/providers/sqlite/appstate.store.js +0 -254
- package/dist/store/providers/sqlite/auth.store.js +0 -180
- package/dist/store/providers/sqlite/connection.js +0 -281
- package/dist/store/providers/sqlite/contact.store.js +0 -78
- package/dist/store/providers/sqlite/device-list.store.js +0 -131
- package/dist/store/providers/sqlite/message.store.js +0 -136
- package/dist/store/providers/sqlite/migrations.js +0 -350
- package/dist/store/providers/sqlite/participants.store.js +0 -81
- package/dist/store/providers/sqlite/retry.store.js +0 -145
- package/dist/store/providers/sqlite/sender-key.store.js +0 -202
- package/dist/store/providers/sqlite/signal.store.js +0 -439
- package/dist/store/providers/sqlite/table-names.js +0 -113
- package/dist/store/providers/sqlite/thread.store.js +0 -89
- package/dist/transport/node/builders/index.js +0 -42
- package/dist/types/appstate/store/sqlite.d.ts +0 -7
- package/dist/types/auth/flow/WaAuthCredentialsFlow.d.ts +0 -14
- package/dist/types/auth/pairing/constants.d.ts +0 -2
- package/dist/types/client/connection/WaKeyShareCoordinator.d.ts +0 -14
- package/dist/types/crypto/core/constants.d.ts +0 -1
- package/dist/types/retry/outbound.d.ts +0 -4
- package/dist/types/store/providers/sqlite/BaseSqliteStore.d.ts +0 -12
- package/dist/types/store/providers/sqlite/appstate.store.d.ts +0 -17
- package/dist/types/store/providers/sqlite/auth.store.d.ts +0 -10
- package/dist/types/store/providers/sqlite/connection.d.ts +0 -10
- package/dist/types/store/providers/sqlite/contact.store.d.ts +0 -12
- package/dist/types/store/providers/sqlite/device-list.store.d.ts +0 -15
- package/dist/types/store/providers/sqlite/message.store.d.ts +0 -13
- package/dist/types/store/providers/sqlite/migrations.d.ts +0 -3
- package/dist/types/store/providers/sqlite/participants.store.d.ts +0 -12
- package/dist/types/store/providers/sqlite/retry.store.d.ts +0 -15
- package/dist/types/store/providers/sqlite/sender-key.store.d.ts +0 -24
- package/dist/types/store/providers/sqlite/signal.store.d.ts +0 -53
- package/dist/types/store/providers/sqlite/table-names.d.ts +0 -5
- package/dist/types/store/providers/sqlite/thread.store.d.ts +0 -13
- package/dist/types/transport/node/builders/index.d.ts +0 -8
- /package/dist/appstate/{WaAppStateSyncResponseParser.js → response-parser.js} +0 -0
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.CsTokenGenerator = void 0;
|
|
4
|
+
const core_1 = require("../../crypto/core");
|
|
5
|
+
const bytes_1 = require("../../util/bytes");
|
|
6
|
+
const collections_1 = require("../../util/collections");
|
|
7
|
+
const CS_TOKEN_CACHE_MAX = 5;
|
|
8
|
+
class CsTokenGenerator {
|
|
9
|
+
constructor() {
|
|
10
|
+
this.cachedKey = null;
|
|
11
|
+
this.cachedSalt = null;
|
|
12
|
+
this.cache = new Map();
|
|
13
|
+
}
|
|
14
|
+
async generate(nctSalt, accountLid) {
|
|
15
|
+
const cached = this.cache.get(accountLid);
|
|
16
|
+
if (cached && this.isSameSalt(nctSalt)) {
|
|
17
|
+
return cached;
|
|
18
|
+
}
|
|
19
|
+
const key = await this.resolveKey(nctSalt);
|
|
20
|
+
const result = await (0, core_1.hmacSign)(key, bytes_1.TEXT_ENCODER.encode(accountLid));
|
|
21
|
+
(0, collections_1.setBoundedMapEntry)(this.cache, accountLid, result, CS_TOKEN_CACHE_MAX);
|
|
22
|
+
return result;
|
|
23
|
+
}
|
|
24
|
+
invalidate() {
|
|
25
|
+
this.cachedKey = null;
|
|
26
|
+
this.cachedSalt = null;
|
|
27
|
+
this.cache.clear();
|
|
28
|
+
}
|
|
29
|
+
isSameSalt(salt) {
|
|
30
|
+
if (!this.cachedSalt || this.cachedSalt.length !== salt.length) {
|
|
31
|
+
return false;
|
|
32
|
+
}
|
|
33
|
+
for (let i = 0; i < salt.length; i += 1) {
|
|
34
|
+
if (this.cachedSalt[i] !== salt[i]) {
|
|
35
|
+
return false;
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
return true;
|
|
39
|
+
}
|
|
40
|
+
async resolveKey(salt) {
|
|
41
|
+
if (this.cachedKey && this.isSameSalt(salt)) {
|
|
42
|
+
return this.cachedKey;
|
|
43
|
+
}
|
|
44
|
+
this.cachedKey = await (0, core_1.importHmacKey)(salt);
|
|
45
|
+
this.cachedSalt = salt;
|
|
46
|
+
this.cache.clear();
|
|
47
|
+
return this.cachedKey;
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
exports.CsTokenGenerator = CsTokenGenerator;
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.computeBucket = computeBucket;
|
|
4
|
+
exports.tokenExpirationCutoffS = tokenExpirationCutoffS;
|
|
5
|
+
exports.isTokenExpired = isTokenExpired;
|
|
6
|
+
exports.shouldSendNewToken = shouldSendNewToken;
|
|
7
|
+
exports.clampDuration = clampDuration;
|
|
8
|
+
function computeBucket(unixTimeS, durationS) {
|
|
9
|
+
return Math.floor(unixTimeS / durationS);
|
|
10
|
+
}
|
|
11
|
+
function tokenExpirationCutoffS(nowS, durationS, numBuckets) {
|
|
12
|
+
const currentBucket = computeBucket(nowS, durationS);
|
|
13
|
+
const cutoffBucket = currentBucket - numBuckets;
|
|
14
|
+
return cutoffBucket * durationS;
|
|
15
|
+
}
|
|
16
|
+
function isTokenExpired(tokenTimestampS, nowS, durationS, numBuckets) {
|
|
17
|
+
const cutoff = tokenExpirationCutoffS(nowS, durationS, numBuckets);
|
|
18
|
+
return tokenTimestampS < cutoff;
|
|
19
|
+
}
|
|
20
|
+
function shouldSendNewToken(senderTimestampS, nowS, senderDurationS) {
|
|
21
|
+
return computeBucket(senderTimestampS, senderDurationS) !== computeBucket(nowS, senderDurationS);
|
|
22
|
+
}
|
|
23
|
+
function clampDuration(durationS, maxDurationS) {
|
|
24
|
+
return Math.min(durationS, maxDurationS);
|
|
25
|
+
}
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
* Cryptographic utilities
|
|
4
4
|
*/
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
exports.
|
|
6
|
+
exports.xeddsaVerify = exports.xeddsaSign = exports.aesCtrDecrypt = exports.aesCtrEncrypt = exports.pbkdf2DeriveAesCtrKey = exports.hmacSign = exports.importHmacSha512Key = exports.importHmacKey = exports.aesCbcDecrypt = exports.aesCbcEncrypt = exports.importAesCbcKey = exports.aesGcmDecrypt = exports.aesGcmEncrypt = exports.importAesGcmKey = exports.sha512 = exports.sha256 = exports.sha1 = exports.randomIntAsync = exports.randomFillAsync = exports.randomBytesAsync = exports.buildNonce = exports.readVersionedContent = exports.prependVersion = exports.toRawPubKey = exports.toSerializedPubKey = exports.hkdfSplit = exports.hkdf = exports.X25519 = exports.Ed25519 = void 0;
|
|
7
7
|
var Ed25519_1 = require("../curves/Ed25519");
|
|
8
8
|
Object.defineProperty(exports, "Ed25519", { enumerable: true, get: function () { return Ed25519_1.Ed25519; } });
|
|
9
9
|
var X25519_1 = require("../curves/X25519");
|
|
@@ -20,6 +20,7 @@ var nonce_1 = require("../core/nonce");
|
|
|
20
20
|
Object.defineProperty(exports, "buildNonce", { enumerable: true, get: function () { return nonce_1.buildNonce; } });
|
|
21
21
|
var random_1 = require("../core/random");
|
|
22
22
|
Object.defineProperty(exports, "randomBytesAsync", { enumerable: true, get: function () { return random_1.randomBytesAsync; } });
|
|
23
|
+
Object.defineProperty(exports, "randomFillAsync", { enumerable: true, get: function () { return random_1.randomFillAsync; } });
|
|
23
24
|
Object.defineProperty(exports, "randomIntAsync", { enumerable: true, get: function () { return random_1.randomIntAsync; } });
|
|
24
25
|
var primitives_1 = require("../core/primitives");
|
|
25
26
|
Object.defineProperty(exports, "sha1", { enumerable: true, get: function () { return primitives_1.sha1; } });
|
|
@@ -37,4 +38,6 @@ Object.defineProperty(exports, "hmacSign", { enumerable: true, get: function ()
|
|
|
37
38
|
Object.defineProperty(exports, "pbkdf2DeriveAesCtrKey", { enumerable: true, get: function () { return primitives_1.pbkdf2DeriveAesCtrKey; } });
|
|
38
39
|
Object.defineProperty(exports, "aesCtrEncrypt", { enumerable: true, get: function () { return primitives_1.aesCtrEncrypt; } });
|
|
39
40
|
Object.defineProperty(exports, "aesCtrDecrypt", { enumerable: true, get: function () { return primitives_1.aesCtrDecrypt; } });
|
|
40
|
-
|
|
41
|
+
var xeddsa_1 = require("../core/xeddsa");
|
|
42
|
+
Object.defineProperty(exports, "xeddsaSign", { enumerable: true, get: function () { return xeddsa_1.xeddsaSign; } });
|
|
43
|
+
Object.defineProperty(exports, "xeddsaVerify", { enumerable: true, get: function () { return xeddsa_1.xeddsaVerify; } });
|
package/dist/crypto/core/keys.js
CHANGED
|
@@ -5,21 +5,21 @@ exports.toRawPubKey = toRawPubKey;
|
|
|
5
5
|
exports.versionByte = versionByte;
|
|
6
6
|
exports.prependVersion = prependVersion;
|
|
7
7
|
exports.readVersionedContent = readVersionedContent;
|
|
8
|
-
const constants_1 = require("../core/constants");
|
|
9
8
|
const bytes_1 = require("../../util/bytes");
|
|
9
|
+
const SERIALIZED_PUB_KEY_PREFIX = 5;
|
|
10
10
|
/**
|
|
11
11
|
* Converts a 32-byte raw public key to 33-byte serialized format (with 0x05 prefix)
|
|
12
12
|
*/
|
|
13
13
|
function toSerializedPubKey(key) {
|
|
14
14
|
if (key.length === 33) {
|
|
15
|
-
if (key[0] !==
|
|
15
|
+
if (key[0] !== SERIALIZED_PUB_KEY_PREFIX) {
|
|
16
16
|
throw new Error('invalid serialized signal public key prefix');
|
|
17
17
|
}
|
|
18
18
|
return key;
|
|
19
19
|
}
|
|
20
20
|
(0, bytes_1.assertByteLength)(key, 32, `invalid signal public key length ${key.length}`);
|
|
21
21
|
const out = new Uint8Array(33);
|
|
22
|
-
out[0] =
|
|
22
|
+
out[0] = SERIALIZED_PUB_KEY_PREFIX;
|
|
23
23
|
out.set(key, 1);
|
|
24
24
|
return out;
|
|
25
25
|
}
|
|
@@ -30,7 +30,7 @@ function toRawPubKey(key) {
|
|
|
30
30
|
if (key.length === 32) {
|
|
31
31
|
return key;
|
|
32
32
|
}
|
|
33
|
-
if (key.length === 33 && key[0] ===
|
|
33
|
+
if (key.length === 33 && key[0] === SERIALIZED_PUB_KEY_PREFIX) {
|
|
34
34
|
return key.subarray(1);
|
|
35
35
|
}
|
|
36
36
|
throw new Error(`invalid signal public key length ${key.length}`);
|
|
@@ -3,6 +3,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.buildNonce = buildNonce;
|
|
4
4
|
/**
|
|
5
5
|
* Builds a 12-byte nonce for AES-GCM encryption with counter in the last 4 bytes.
|
|
6
|
+
* Allocates a new buffer per call because concurrent Noise encrypt/decrypt operations
|
|
7
|
+
* may hold references to different nonces simultaneously.
|
|
6
8
|
* Throws if counter exceeds uint32 range to prevent nonce reuse.
|
|
7
9
|
*/
|
|
8
10
|
function buildNonce(counter) {
|
|
@@ -19,7 +19,6 @@ exports.hmacSign = hmacSign;
|
|
|
19
19
|
exports.pbkdf2DeriveAesCtrKey = pbkdf2DeriveAesCtrKey;
|
|
20
20
|
exports.aesCtrEncrypt = aesCtrEncrypt;
|
|
21
21
|
exports.aesCtrDecrypt = aesCtrDecrypt;
|
|
22
|
-
exports.ed25519VerifyRaw = ed25519VerifyRaw;
|
|
23
22
|
const node_crypto_1 = require("node:crypto");
|
|
24
23
|
const bytes_1 = require("../../util/bytes");
|
|
25
24
|
async function digestBytes(algorithm, value) {
|
|
@@ -109,10 +108,3 @@ async function aesCtrEncrypt(key, counter, plaintext) {
|
|
|
109
108
|
async function aesCtrDecrypt(key, counter, ciphertext) {
|
|
110
109
|
return (0, bytes_1.toBytesView)(await node_crypto_1.webcrypto.subtle.decrypt({ name: 'AES-CTR', counter, length: 64 }, key, ciphertext));
|
|
111
110
|
}
|
|
112
|
-
// ============================================
|
|
113
|
-
// Ed25519 raw verify (for Signal variant sigs)
|
|
114
|
-
// ============================================
|
|
115
|
-
async function ed25519VerifyRaw(publicKey, signature, message) {
|
|
116
|
-
const cryptoKey = await node_crypto_1.webcrypto.subtle.importKey('raw', publicKey, { name: 'Ed25519' }, false, ['verify']);
|
|
117
|
-
return node_crypto_1.webcrypto.subtle.verify('Ed25519', cryptoKey, signature, message);
|
|
118
|
-
}
|
|
@@ -1,13 +1,29 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.randomIntAsync = void 0;
|
|
4
|
-
exports.
|
|
3
|
+
exports.randomBytesAsync = exports.randomIntAsync = void 0;
|
|
4
|
+
exports.randomFillAsync = randomFillAsync;
|
|
5
5
|
const node_crypto_1 = require("node:crypto");
|
|
6
6
|
const node_util_1 = require("node:util");
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
const
|
|
10
|
-
|
|
11
|
-
|
|
7
|
+
async function randomFillAsync(target, offset, size) {
|
|
8
|
+
await new Promise((resolve, reject) => {
|
|
9
|
+
const onDone = (error) => {
|
|
10
|
+
if (error) {
|
|
11
|
+
reject(error);
|
|
12
|
+
return;
|
|
13
|
+
}
|
|
14
|
+
resolve();
|
|
15
|
+
};
|
|
16
|
+
if (offset === undefined) {
|
|
17
|
+
(0, node_crypto_1.randomFill)(target, onDone);
|
|
18
|
+
return;
|
|
19
|
+
}
|
|
20
|
+
if (size === undefined) {
|
|
21
|
+
(0, node_crypto_1.randomFill)(target, offset, onDone);
|
|
22
|
+
return;
|
|
23
|
+
}
|
|
24
|
+
(0, node_crypto_1.randomFill)(target, offset, size, onDone);
|
|
25
|
+
});
|
|
26
|
+
return target;
|
|
12
27
|
}
|
|
13
|
-
exports.randomIntAsync =
|
|
28
|
+
exports.randomIntAsync = (0, node_util_1.promisify)(node_crypto_1.randomInt);
|
|
29
|
+
exports.randomBytesAsync = (0, node_util_1.promisify)(node_crypto_1.randomBytes);
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.xeddsaVerify = xeddsaVerify;
|
|
4
|
+
exports.xeddsaSign = xeddsaSign;
|
|
5
|
+
const primitives_1 = require("../core/primitives");
|
|
6
|
+
const random_1 = require("../core/random");
|
|
7
|
+
const Ed25519_1 = require("../curves/Ed25519");
|
|
8
|
+
const X25519_1 = require("../curves/X25519");
|
|
9
|
+
const edwards_1 = require("../math/edwards");
|
|
10
|
+
const le_1 = require("../math/le");
|
|
11
|
+
const mod_1 = require("../math/mod");
|
|
12
|
+
const bytes_1 = require("../../util/bytes");
|
|
13
|
+
const PREFIX_SIGNATURE_RANDOM = new Uint8Array([
|
|
14
|
+
0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
15
|
+
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
|
|
16
|
+
]);
|
|
17
|
+
async function xeddsaVerify(curvePublicKey, message, signature) {
|
|
18
|
+
if (signature.length !== 64) {
|
|
19
|
+
return false;
|
|
20
|
+
}
|
|
21
|
+
if ((signature[63] & 0x60) !== 0) {
|
|
22
|
+
return false;
|
|
23
|
+
}
|
|
24
|
+
const lastByteIndex = 63;
|
|
25
|
+
const originalLastByte = signature[lastByteIndex];
|
|
26
|
+
const signBit = originalLastByte & 0x80;
|
|
27
|
+
signature[lastByteIndex] = originalLastByte & 0x7f;
|
|
28
|
+
const edPublic = (0, X25519_1.montgomeryToEdwardsPublic)(curvePublicKey, signBit);
|
|
29
|
+
try {
|
|
30
|
+
return await Ed25519_1.Ed25519.verify(message, signature, edPublic);
|
|
31
|
+
}
|
|
32
|
+
finally {
|
|
33
|
+
signature[lastByteIndex] = originalLastByte;
|
|
34
|
+
}
|
|
35
|
+
}
|
|
36
|
+
async function xeddsaSign(privateKey, message) {
|
|
37
|
+
(0, bytes_1.assertByteLength)(privateKey, 32, `invalid curve25519 private key length ${privateKey.length}`);
|
|
38
|
+
const clampedPrivateKey = (0, X25519_1.clampCurvePrivateKeyInPlace)(privateKey);
|
|
39
|
+
const privateScalar = (0, le_1.bytesToBigIntLE)(clampedPrivateKey);
|
|
40
|
+
const encodedPublic = (0, edwards_1.encodeExtendedPoint)((0, edwards_1.scalarMultBase)(privateScalar));
|
|
41
|
+
const pubKeySignBit = encodedPublic[31] & 0x80;
|
|
42
|
+
const randomSuffix = await (0, random_1.randomBytesAsync)(64);
|
|
43
|
+
const hashInput = (0, bytes_1.concatBytes)([
|
|
44
|
+
PREFIX_SIGNATURE_RANDOM,
|
|
45
|
+
clampedPrivateKey,
|
|
46
|
+
message,
|
|
47
|
+
randomSuffix
|
|
48
|
+
]);
|
|
49
|
+
const r = (0, mod_1.modGroup)((0, le_1.bytesToBigIntLE)(await (0, primitives_1.sha512)(hashInput)));
|
|
50
|
+
const encodedR = (0, edwards_1.encodeExtendedPoint)((0, edwards_1.scalarMultBase)(r));
|
|
51
|
+
const hInput = (0, bytes_1.concatBytes)([encodedR, encodedPublic, message]);
|
|
52
|
+
const h = (0, mod_1.modGroup)((0, le_1.bytesToBigIntLE)(await (0, primitives_1.sha512)(hInput)));
|
|
53
|
+
const s = (0, mod_1.modGroup)(r + h * privateScalar);
|
|
54
|
+
const encodedS = (0, le_1.bigIntToBytesLE)(s, 32);
|
|
55
|
+
encodedS[31] = (encodedS[31] & 0x7f) | pubKeySignBit;
|
|
56
|
+
return (0, bytes_1.concatBytes)([encodedR, encodedS]);
|
|
57
|
+
}
|
|
@@ -6,9 +6,26 @@ exports.montgomeryToEdwardsPublic = montgomeryToEdwardsPublic;
|
|
|
6
6
|
const node_crypto_1 = require("node:crypto");
|
|
7
7
|
const constants_1 = require("../curves/constants");
|
|
8
8
|
const types_1 = require("../curves/types");
|
|
9
|
-
const
|
|
10
|
-
const
|
|
9
|
+
const constants_2 = require("../math/constants");
|
|
10
|
+
const fe_1 = require("../math/fe");
|
|
11
11
|
const bytes_1 = require("../../util/bytes");
|
|
12
|
+
const runtime_1 = require("../../util/runtime");
|
|
13
|
+
const IS_BUN = (0, runtime_1.isBunRuntime)();
|
|
14
|
+
// Pre-allocated temps for montgomeryToEdwardsPublic (safe: single-threaded)
|
|
15
|
+
const _mx = (0, fe_1.fe)();
|
|
16
|
+
const _m1 = (0, fe_1.fe)();
|
|
17
|
+
const _m2 = (0, fe_1.fe)();
|
|
18
|
+
const _m3 = (0, fe_1.fe)();
|
|
19
|
+
// p-1 = 2^255-20 in LE bytes: 0xEC, 0xFF×30, 0x7F
|
|
20
|
+
// Mask bit 255 before comparing (non-canonical inputs may have it set)
|
|
21
|
+
function isFieldPMinus1(b) {
|
|
22
|
+
if (b[0] !== 0xec || (b[31] & 0x7f) !== 0x7f)
|
|
23
|
+
return false;
|
|
24
|
+
for (let i = 1; i < 31; i++)
|
|
25
|
+
if (b[i] !== 0xff)
|
|
26
|
+
return false;
|
|
27
|
+
return true;
|
|
28
|
+
}
|
|
12
29
|
function clampCurvePrivateKeyInPlace(privateKey) {
|
|
13
30
|
(0, bytes_1.assertByteLength)(privateKey, 32, `invalid curve25519 private key length ${privateKey.length}`);
|
|
14
31
|
privateKey[0] &= 248;
|
|
@@ -18,12 +35,16 @@ function clampCurvePrivateKeyInPlace(privateKey) {
|
|
|
18
35
|
}
|
|
19
36
|
function montgomeryToEdwardsPublic(curvePublicKey, signBit) {
|
|
20
37
|
(0, bytes_1.assertByteLength)(curvePublicKey, 32, `invalid curve25519 public key length ${curvePublicKey.length}`);
|
|
21
|
-
|
|
22
|
-
if (x === mod_1.FIELD_P - 1n) {
|
|
38
|
+
if (isFieldPMinus1(curvePublicKey)) {
|
|
23
39
|
throw new Error('invalid curve25519 low-order public key');
|
|
24
40
|
}
|
|
25
|
-
|
|
26
|
-
|
|
41
|
+
(0, fe_1.feFromBytes)(_mx, curvePublicKey);
|
|
42
|
+
(0, fe_1.feSub)(_m1, _mx, constants_2.FE_ONE);
|
|
43
|
+
(0, fe_1.feAdd)(_m2, _mx, constants_2.FE_ONE);
|
|
44
|
+
(0, fe_1.feInv)(_m3, _m2);
|
|
45
|
+
(0, fe_1.feMul)(_m1, _m1, _m3);
|
|
46
|
+
const encoded = new Uint8Array(32);
|
|
47
|
+
(0, fe_1.fePack)(encoded, _m1);
|
|
27
48
|
encoded[31] = (encoded[31] & 0x7f) | (signBit & 0x80);
|
|
28
49
|
return encoded;
|
|
29
50
|
}
|
|
@@ -50,6 +71,22 @@ class X25519 {
|
|
|
50
71
|
static async scalarMult(privKey, pubKey) {
|
|
51
72
|
(0, bytes_1.assertByteLength)(privKey, 32, 'x25519 private key must be 32 bytes');
|
|
52
73
|
(0, bytes_1.assertByteLength)(pubKey, 32, 'x25519 public key must be 32 bytes');
|
|
74
|
+
// TODO: When Bun supports deriveBits with X25519 change to Async Web Crypto API
|
|
75
|
+
// https://github.com/oven-sh/bun/pull/29152
|
|
76
|
+
if (IS_BUN) {
|
|
77
|
+
const spki = new Uint8Array(constants_1.X25519_SPKI_PREFIX.length + 32);
|
|
78
|
+
spki.set(constants_1.X25519_SPKI_PREFIX, 0);
|
|
79
|
+
spki.set(pubKey, constants_1.X25519_SPKI_PREFIX.length);
|
|
80
|
+
const shared = (0, node_crypto_1.diffieHellman)({
|
|
81
|
+
privateKey: (0, node_crypto_1.createPrivateKey)({
|
|
82
|
+
key: (0, types_1.pkcs8FromRawPrivate)(constants_1.X25519_PKCS8_PREFIX, privKey),
|
|
83
|
+
format: 'der',
|
|
84
|
+
type: 'pkcs8'
|
|
85
|
+
}),
|
|
86
|
+
publicKey: (0, node_crypto_1.createPublicKey)({ key: spki, format: 'der', type: 'spki' })
|
|
87
|
+
});
|
|
88
|
+
return (0, bytes_1.toBytesView)(shared);
|
|
89
|
+
}
|
|
53
90
|
const [privateKey, publicKey] = await Promise.all([
|
|
54
91
|
node_crypto_1.webcrypto.subtle.importKey('pkcs8', (0, types_1.pkcs8FromRawPrivate)(constants_1.X25519_PKCS8_PREFIX, privKey), { name: 'X25519' }, false, ['deriveBits']),
|
|
55
92
|
node_crypto_1.webcrypto.subtle.importKey('raw', pubKey, { name: 'X25519' }, false, [])
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.ED25519_PKCS8_PREFIX = exports.X25519_PKCS8_PREFIX = void 0;
|
|
3
|
+
exports.ED25519_PKCS8_PREFIX = exports.X25519_SPKI_PREFIX = exports.X25519_PKCS8_PREFIX = void 0;
|
|
4
4
|
const bytes_1 = require("../../util/bytes");
|
|
5
5
|
exports.X25519_PKCS8_PREFIX = (0, bytes_1.hexToBytes)('302e020100300506032b656e04220420');
|
|
6
|
+
exports.X25519_SPKI_PREFIX = (0, bytes_1.hexToBytes)('302a300506032b656e032100');
|
|
6
7
|
exports.ED25519_PKCS8_PREFIX = (0, bytes_1.hexToBytes)('302e020100300506032b657004220420');
|
package/dist/crypto/index.js
CHANGED
|
@@ -14,4 +14,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
14
14
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
exports.X25519 = void 0;
|
|
17
18
|
__exportStar(require("./core"), exports);
|
|
19
|
+
var X25519_1 = require("./curves/X25519");
|
|
20
|
+
Object.defineProperty(exports, "X25519", { enumerable: true, get: function () { return X25519_1.X25519; } });
|
|
@@ -1,44 +1,21 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.IDENTITY_POINT = exports.BASE_POINT = exports.
|
|
3
|
+
exports.IDENTITY_POINT = exports.BASE_POINT = exports.FE_ONE = exports.FE_ZERO = exports.FE_TWO_D = exports.GROUP_L = exports.FIELD_P = void 0;
|
|
4
|
+
const fe_1 = require("../math/fe");
|
|
4
5
|
exports.FIELD_P = (1n << 255n) - 19n;
|
|
5
6
|
exports.GROUP_L = (1n << 252n) + 27742317777372353535851937790883648493n;
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
}
|
|
10
|
-
function modPowField(base, exponent) {
|
|
11
|
-
let result = 1n;
|
|
12
|
-
let current = modField(base);
|
|
13
|
-
let power = exponent;
|
|
14
|
-
while (power > 0n) {
|
|
15
|
-
if ((power & 1n) === 1n) {
|
|
16
|
-
result = modField(result * current);
|
|
17
|
-
}
|
|
18
|
-
current = modField(current * current);
|
|
19
|
-
power >>= 1n;
|
|
20
|
-
}
|
|
21
|
-
return result;
|
|
22
|
-
}
|
|
23
|
-
function modInvField(value) {
|
|
24
|
-
if (value === 0n) {
|
|
25
|
-
throw new Error('field inversion by zero');
|
|
26
|
-
}
|
|
27
|
-
return modPowField(value, exports.FIELD_P - 2n);
|
|
28
|
-
}
|
|
29
|
-
const BASE_X = 15112221349535400772501151409588531511454012693041857206046113283949847762202n;
|
|
30
|
-
const BASE_Y = 46316835694926478169428394003475163141307993866256225615783033603165251855960n;
|
|
31
|
-
exports.EDWARDS_D = modField(-121665n * modInvField(121666n));
|
|
32
|
-
exports.TWO_D = modField(2n * exports.EDWARDS_D);
|
|
7
|
+
exports.FE_TWO_D = (0, fe_1.feFromBigInt)(16295367250680780974490674513165176452449235426866156013048779062215315747161n);
|
|
8
|
+
exports.FE_ZERO = (0, fe_1.fe)();
|
|
9
|
+
exports.FE_ONE = (0, fe_1.feFromBigInt)(1n);
|
|
33
10
|
exports.BASE_POINT = Object.freeze({
|
|
34
|
-
x:
|
|
35
|
-
y:
|
|
36
|
-
z: 1n,
|
|
37
|
-
t:
|
|
11
|
+
x: (0, fe_1.feFromBigInt)(15112221349535400772501151409588531511454012693041857206046113283949847762202n),
|
|
12
|
+
y: (0, fe_1.feFromBigInt)(46316835694926478169428394003475163141307993866256225615783033603165251855960n),
|
|
13
|
+
z: (0, fe_1.feFromBigInt)(1n),
|
|
14
|
+
t: (0, fe_1.feFromBigInt)(46827403850823179245072216630277197565144205554125654976674165829533817101731n)
|
|
38
15
|
});
|
|
39
16
|
exports.IDENTITY_POINT = Object.freeze({
|
|
40
|
-
x: 0n,
|
|
41
|
-
y: 1n,
|
|
42
|
-
z: 1n,
|
|
43
|
-
t: 0n
|
|
17
|
+
x: (0, fe_1.feFromBigInt)(0n),
|
|
18
|
+
y: (0, fe_1.feFromBigInt)(1n),
|
|
19
|
+
z: (0, fe_1.feFromBigInt)(1n),
|
|
20
|
+
t: (0, fe_1.feFromBigInt)(0n)
|
|
44
21
|
});
|
|
@@ -3,62 +3,189 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.scalarMultBase = scalarMultBase;
|
|
4
4
|
exports.encodeExtendedPoint = encodeExtendedPoint;
|
|
5
5
|
const constants_1 = require("../math/constants");
|
|
6
|
-
const
|
|
6
|
+
const fe_1 = require("../math/fe");
|
|
7
7
|
const mod_1 = require("../math/mod");
|
|
8
|
+
// Pre-allocated temporaries for point operations (safe: JS is single-threaded)
|
|
9
|
+
const _a = (0, fe_1.fe)();
|
|
10
|
+
const _b = (0, fe_1.fe)();
|
|
11
|
+
const _c = (0, fe_1.fe)();
|
|
12
|
+
const _d = (0, fe_1.fe)();
|
|
13
|
+
const _e = (0, fe_1.fe)();
|
|
14
|
+
const _f = (0, fe_1.fe)();
|
|
15
|
+
const _g = (0, fe_1.fe)();
|
|
16
|
+
const _h = (0, fe_1.fe)();
|
|
17
|
+
// Pre-allocated output points for hot-path operations
|
|
18
|
+
function mutablePoint() {
|
|
19
|
+
return { x: (0, fe_1.fe)(), y: (0, fe_1.fe)(), z: (0, fe_1.fe)(), t: (0, fe_1.fe)() };
|
|
20
|
+
}
|
|
21
|
+
const _addOut = mutablePoint();
|
|
22
|
+
const _dblOut = mutablePoint();
|
|
23
|
+
const _negOut = mutablePoint();
|
|
24
|
+
// Temporaries for feInv inside encodeExtendedPoint
|
|
25
|
+
const _invZinv = (0, fe_1.fe)();
|
|
26
|
+
const _invX = (0, fe_1.fe)();
|
|
27
|
+
const _invY = (0, fe_1.fe)();
|
|
28
|
+
const _invXBytes = new Uint8Array(32);
|
|
29
|
+
function addPointInto(out, a, b) {
|
|
30
|
+
(0, fe_1.feSub)(_a, a.y, a.x);
|
|
31
|
+
(0, fe_1.feSub)(_b, b.y, b.x);
|
|
32
|
+
(0, fe_1.feMul)(_a, _a, _b); // aTerm
|
|
33
|
+
(0, fe_1.feAdd)(_b, a.y, a.x);
|
|
34
|
+
(0, fe_1.feAdd)(_c, b.y, b.x);
|
|
35
|
+
(0, fe_1.feMul)(_b, _b, _c); // bTerm
|
|
36
|
+
(0, fe_1.feMul)(_c, constants_1.FE_TWO_D, a.t);
|
|
37
|
+
(0, fe_1.feMul)(_c, _c, b.t); // cTerm
|
|
38
|
+
(0, fe_1.feAdd)(_d, a.z, a.z);
|
|
39
|
+
(0, fe_1.feMul)(_d, _d, b.z); // dTerm
|
|
40
|
+
(0, fe_1.feSub)(_e, _b, _a); // eTerm
|
|
41
|
+
(0, fe_1.feSub)(_f, _d, _c); // fTerm
|
|
42
|
+
(0, fe_1.feAdd)(_g, _d, _c); // gTerm
|
|
43
|
+
(0, fe_1.feAdd)(_h, _b, _a); // hTerm
|
|
44
|
+
(0, fe_1.feMul)(out.x, _e, _f);
|
|
45
|
+
(0, fe_1.feMul)(out.y, _g, _h);
|
|
46
|
+
(0, fe_1.feMul)(out.z, _f, _g);
|
|
47
|
+
(0, fe_1.feMul)(out.t, _e, _h);
|
|
48
|
+
}
|
|
49
|
+
function doublePointInto(out, point) {
|
|
50
|
+
(0, fe_1.feMul)(_a, point.x, point.x); // aTerm = x^2
|
|
51
|
+
(0, fe_1.feMul)(_b, point.y, point.y); // bTerm = y^2
|
|
52
|
+
(0, fe_1.feMul)(_c, point.z, point.z);
|
|
53
|
+
(0, fe_1.feAdd)(_c, _c, _c); // cTerm = 2*z^2
|
|
54
|
+
(0, fe_1.feNeg)(_d, _a); // dTerm = -aTerm (a=-1 for ed25519)
|
|
55
|
+
(0, fe_1.feAdd)(_e, point.x, point.y);
|
|
56
|
+
(0, fe_1.feMul)(_e, _e, _e);
|
|
57
|
+
(0, fe_1.feAdd)(_f, _a, _b);
|
|
58
|
+
(0, fe_1.feSub)(_e, _e, _f); // eTerm = (x+y)^2 - aTerm - bTerm
|
|
59
|
+
(0, fe_1.feAdd)(_g, _d, _b); // gTerm = dTerm + bTerm
|
|
60
|
+
(0, fe_1.feSub)(_f, _g, _c); // fTerm = gTerm - cTerm
|
|
61
|
+
(0, fe_1.feSub)(_h, _d, _b); // hTerm = dTerm - bTerm
|
|
62
|
+
(0, fe_1.feMul)(out.x, _e, _f);
|
|
63
|
+
(0, fe_1.feMul)(out.y, _g, _h);
|
|
64
|
+
(0, fe_1.feMul)(out.z, _f, _g);
|
|
65
|
+
(0, fe_1.feMul)(out.t, _e, _h);
|
|
66
|
+
}
|
|
67
|
+
function negatePointInto(out, p) {
|
|
68
|
+
(0, fe_1.feNeg)(out.x, p.x);
|
|
69
|
+
(0, fe_1.feCopy)(out.y, p.y);
|
|
70
|
+
(0, fe_1.feCopy)(out.z, p.z);
|
|
71
|
+
(0, fe_1.feNeg)(out.t, p.t);
|
|
72
|
+
}
|
|
73
|
+
function clonePoint(p) {
|
|
74
|
+
const x = (0, fe_1.fe)();
|
|
75
|
+
const y = (0, fe_1.fe)();
|
|
76
|
+
const z = (0, fe_1.fe)();
|
|
77
|
+
const t = (0, fe_1.fe)();
|
|
78
|
+
(0, fe_1.feCopy)(x, p.x);
|
|
79
|
+
(0, fe_1.feCopy)(y, p.y);
|
|
80
|
+
(0, fe_1.feCopy)(z, p.z);
|
|
81
|
+
(0, fe_1.feCopy)(t, p.t);
|
|
82
|
+
return { x, y, z, t };
|
|
83
|
+
}
|
|
84
|
+
// Allocating versions for precomputation (runs once at module load)
|
|
8
85
|
function addPoint(a, b) {
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
const y1PlusX1 = (0, mod_1.mod)(a.y + a.x);
|
|
12
|
-
const y2PlusX2 = (0, mod_1.mod)(b.y + b.x);
|
|
13
|
-
const aTerm = (0, mod_1.mod)(y1MinusX1 * y2MinusX2);
|
|
14
|
-
const bTerm = (0, mod_1.mod)(y1PlusX1 * y2PlusX2);
|
|
15
|
-
const cTerm = (0, mod_1.mod)(constants_1.TWO_D * a.t * b.t);
|
|
16
|
-
const dTerm = (0, mod_1.mod)(2n * a.z * b.z);
|
|
17
|
-
const eTerm = (0, mod_1.mod)(bTerm - aTerm);
|
|
18
|
-
const fTerm = (0, mod_1.mod)(dTerm - cTerm);
|
|
19
|
-
const gTerm = (0, mod_1.mod)(dTerm + cTerm);
|
|
20
|
-
const hTerm = (0, mod_1.mod)(bTerm + aTerm);
|
|
21
|
-
return {
|
|
22
|
-
x: (0, mod_1.mod)(eTerm * fTerm),
|
|
23
|
-
y: (0, mod_1.mod)(gTerm * hTerm),
|
|
24
|
-
z: (0, mod_1.mod)(fTerm * gTerm),
|
|
25
|
-
t: (0, mod_1.mod)(eTerm * hTerm)
|
|
26
|
-
};
|
|
86
|
+
addPointInto(_addOut, a, b);
|
|
87
|
+
return clonePoint(_addOut);
|
|
27
88
|
}
|
|
28
|
-
function doublePoint(
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
const cTerm = (0, mod_1.mod)(2n * point.z * point.z);
|
|
32
|
-
const dTerm = (0, mod_1.mod)(-aTerm);
|
|
33
|
-
const eTerm = (0, mod_1.mod)((0, mod_1.mod)((point.x + point.y) * (point.x + point.y)) - aTerm - bTerm);
|
|
34
|
-
const gTerm = (0, mod_1.mod)(dTerm + bTerm);
|
|
35
|
-
const fTerm = (0, mod_1.mod)(gTerm - cTerm);
|
|
36
|
-
const hTerm = (0, mod_1.mod)(dTerm - bTerm);
|
|
37
|
-
return {
|
|
38
|
-
x: (0, mod_1.mod)(eTerm * fTerm),
|
|
39
|
-
y: (0, mod_1.mod)(gTerm * hTerm),
|
|
40
|
-
z: (0, mod_1.mod)(fTerm * gTerm),
|
|
41
|
-
t: (0, mod_1.mod)(eTerm * hTerm)
|
|
42
|
-
};
|
|
89
|
+
function doublePoint(a) {
|
|
90
|
+
doublePointInto(_dblOut, a);
|
|
91
|
+
return clonePoint(_dblOut);
|
|
43
92
|
}
|
|
93
|
+
const W = 5;
|
|
94
|
+
const halfW = 1 << W;
|
|
95
|
+
const mask = halfW - 1;
|
|
96
|
+
const precomp = new Array(1 << (W - 1));
|
|
97
|
+
precomp[0] = constants_1.BASE_POINT;
|
|
98
|
+
const _dbl = doublePoint(constants_1.BASE_POINT);
|
|
99
|
+
for (let i = 1; i < precomp.length; i++) {
|
|
100
|
+
precomp[i] = addPoint(precomp[i - 1], _dbl);
|
|
101
|
+
}
|
|
102
|
+
// Pre-allocated scratch buffers for scalarMultBase (safe: JS is single-threaded)
|
|
103
|
+
const _naf = new Int8Array(256);
|
|
104
|
+
const _loopResult = mutablePoint();
|
|
105
|
+
const _loopDbl = mutablePoint();
|
|
106
|
+
const _loopAdd = mutablePoint();
|
|
44
107
|
function scalarMultBase(scalar) {
|
|
45
108
|
let k = (0, mod_1.modGroup)(scalar);
|
|
46
|
-
|
|
47
|
-
|
|
109
|
+
if (k === 0n)
|
|
110
|
+
return clonePoint(constants_1.IDENTITY_POINT);
|
|
111
|
+
const naf = _naf;
|
|
112
|
+
naf.fill(0);
|
|
113
|
+
let nafLen = 0;
|
|
48
114
|
while (k > 0n) {
|
|
49
115
|
if ((k & 1n) === 1n) {
|
|
50
|
-
|
|
116
|
+
let digit = Number(k & BigInt(mask));
|
|
117
|
+
if (digit >= halfW >> 1)
|
|
118
|
+
digit -= halfW;
|
|
119
|
+
naf[nafLen++] = digit;
|
|
120
|
+
k -= BigInt(digit);
|
|
121
|
+
}
|
|
122
|
+
else {
|
|
123
|
+
nafLen++;
|
|
51
124
|
}
|
|
52
|
-
addend = doublePoint(addend);
|
|
53
125
|
k >>= 1n;
|
|
54
126
|
}
|
|
55
|
-
|
|
127
|
+
// Copy identity into loop result
|
|
128
|
+
(0, fe_1.feCopy)(_loopResult.x, constants_1.IDENTITY_POINT.x);
|
|
129
|
+
(0, fe_1.feCopy)(_loopResult.y, constants_1.IDENTITY_POINT.y);
|
|
130
|
+
(0, fe_1.feCopy)(_loopResult.z, constants_1.IDENTITY_POINT.z);
|
|
131
|
+
(0, fe_1.feCopy)(_loopResult.t, constants_1.IDENTITY_POINT.t);
|
|
132
|
+
for (let i = nafLen - 1; i >= 0; i--) {
|
|
133
|
+
doublePointInto(_loopDbl, _loopResult);
|
|
134
|
+
// swap dbl → result
|
|
135
|
+
const tmpX = _loopResult.x;
|
|
136
|
+
_loopResult.x = _loopDbl.x;
|
|
137
|
+
_loopDbl.x = tmpX;
|
|
138
|
+
const tmpY = _loopResult.y;
|
|
139
|
+
_loopResult.y = _loopDbl.y;
|
|
140
|
+
_loopDbl.y = tmpY;
|
|
141
|
+
const tmpZ = _loopResult.z;
|
|
142
|
+
_loopResult.z = _loopDbl.z;
|
|
143
|
+
_loopDbl.z = tmpZ;
|
|
144
|
+
const tmpT = _loopResult.t;
|
|
145
|
+
_loopResult.t = _loopDbl.t;
|
|
146
|
+
_loopDbl.t = tmpT;
|
|
147
|
+
const digit = naf[i];
|
|
148
|
+
if (digit > 0) {
|
|
149
|
+
addPointInto(_loopAdd, _loopResult, precomp[(digit - 1) >> 1]);
|
|
150
|
+
const ax = _loopResult.x;
|
|
151
|
+
_loopResult.x = _loopAdd.x;
|
|
152
|
+
_loopAdd.x = ax;
|
|
153
|
+
const ay = _loopResult.y;
|
|
154
|
+
_loopResult.y = _loopAdd.y;
|
|
155
|
+
_loopAdd.y = ay;
|
|
156
|
+
const az = _loopResult.z;
|
|
157
|
+
_loopResult.z = _loopAdd.z;
|
|
158
|
+
_loopAdd.z = az;
|
|
159
|
+
const at = _loopResult.t;
|
|
160
|
+
_loopResult.t = _loopAdd.t;
|
|
161
|
+
_loopAdd.t = at;
|
|
162
|
+
}
|
|
163
|
+
else if (digit < 0) {
|
|
164
|
+
negatePointInto(_negOut, precomp[(-digit - 1) >> 1]);
|
|
165
|
+
addPointInto(_loopAdd, _loopResult, _negOut);
|
|
166
|
+
const ax = _loopResult.x;
|
|
167
|
+
_loopResult.x = _loopAdd.x;
|
|
168
|
+
_loopAdd.x = ax;
|
|
169
|
+
const ay = _loopResult.y;
|
|
170
|
+
_loopResult.y = _loopAdd.y;
|
|
171
|
+
_loopAdd.y = ay;
|
|
172
|
+
const az = _loopResult.z;
|
|
173
|
+
_loopResult.z = _loopAdd.z;
|
|
174
|
+
_loopAdd.z = az;
|
|
175
|
+
const at = _loopResult.t;
|
|
176
|
+
_loopResult.t = _loopAdd.t;
|
|
177
|
+
_loopAdd.t = at;
|
|
178
|
+
}
|
|
179
|
+
}
|
|
180
|
+
return clonePoint(_loopResult);
|
|
56
181
|
}
|
|
57
182
|
function encodeExtendedPoint(point) {
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
const encoded =
|
|
62
|
-
|
|
183
|
+
(0, fe_1.feInv)(_invZinv, point.z);
|
|
184
|
+
(0, fe_1.feMul)(_invX, point.x, _invZinv);
|
|
185
|
+
(0, fe_1.feMul)(_invY, point.y, _invZinv);
|
|
186
|
+
const encoded = new Uint8Array(32);
|
|
187
|
+
(0, fe_1.fePack)(encoded, _invY);
|
|
188
|
+
(0, fe_1.fePack)(_invXBytes, _invX);
|
|
189
|
+
encoded[31] = (encoded[31] & 0x7f) | ((_invXBytes[0] & 1) << 7);
|
|
63
190
|
return encoded;
|
|
64
191
|
}
|