zapo-js 0.1.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (630) hide show
  1. package/README.md +16 -4
  2. package/dist/appstate/WaAppStateCrypto.js +50 -42
  3. package/dist/appstate/WaAppStateSyncClient.js +215 -133
  4. package/dist/appstate/{store/sqlite.js → encoding.js} +13 -8
  5. package/dist/appstate/index.js +9 -7
  6. package/dist/appstate/utils.js +0 -5
  7. package/dist/auth/WaAuthClient.js +55 -57
  8. package/dist/auth/credentials-flow.js +195 -0
  9. package/dist/auth/index.js +1 -6
  10. package/dist/auth/pairing/WaPairingFlow.js +39 -32
  11. package/dist/auth/pairing/{WaPairingCodeCrypto.js → pairing-code-crypto.js} +35 -17
  12. package/dist/client/WaClient.js +338 -174
  13. package/dist/client/WaClientFactory.js +399 -66
  14. package/dist/client/connection/WaConnectionManager.js +23 -11
  15. package/dist/client/coordinators/WaAbPropsCoordinator.js +141 -0
  16. package/dist/client/coordinators/WaBusinessCoordinator.js +232 -0
  17. package/dist/client/coordinators/WaEmailCoordinator.js +63 -0
  18. package/dist/client/coordinators/WaGroupCoordinator.js +11 -7
  19. package/dist/client/coordinators/WaIncomingNodeCoordinator.js +34 -8
  20. package/dist/client/coordinators/WaMessageDispatchCoordinator.js +341 -118
  21. package/dist/client/coordinators/WaOfflineResumeCoordinator.js +114 -0
  22. package/dist/client/coordinators/WaPassiveTasksCoordinator.js +97 -36
  23. package/dist/client/coordinators/WaPrivacyCoordinator.js +134 -0
  24. package/dist/client/coordinators/WaProfileCoordinator.js +214 -0
  25. package/dist/client/coordinators/WaRetryCoordinator.js +184 -30
  26. package/dist/client/coordinators/WaStreamControlCoordinator.js +18 -11
  27. package/dist/client/coordinators/WaTrustedContactTokenCoordinator.js +184 -0
  28. package/dist/client/dirty.js +41 -21
  29. package/dist/client/events/abprops.js +43 -0
  30. package/dist/client/events/devices.js +72 -0
  31. package/dist/client/events/group.js +3 -11
  32. package/dist/client/events/identity.js +22 -0
  33. package/dist/client/events/privacy-token.js +38 -0
  34. package/dist/client/events/registration.js +42 -0
  35. package/dist/client/history-sync.js +50 -9
  36. package/dist/client/incoming.js +74 -7
  37. package/dist/client/mailbox.js +40 -23
  38. package/dist/client/media.js +243 -0
  39. package/dist/client/messages.js +245 -92
  40. package/dist/client/messaging/fanout.js +21 -11
  41. package/dist/client/messaging/participants.js +6 -4
  42. package/dist/client/persistence/WriteBehindPersistence.js +129 -0
  43. package/dist/client/tokens/cs-token.js +50 -0
  44. package/dist/client/tokens/tc-token.js +25 -0
  45. package/dist/crypto/core/index.js +5 -2
  46. package/dist/crypto/core/keys.js +4 -4
  47. package/dist/crypto/core/nonce.js +2 -0
  48. package/dist/crypto/core/primitives.js +0 -8
  49. package/dist/crypto/core/random.js +24 -8
  50. package/dist/crypto/core/xeddsa.js +57 -0
  51. package/dist/crypto/curves/X25519.js +43 -6
  52. package/dist/crypto/curves/constants.js +2 -1
  53. package/dist/crypto/index.js +3 -0
  54. package/dist/crypto/math/constants.js +13 -36
  55. package/dist/crypto/math/edwards.js +171 -44
  56. package/dist/crypto/math/fe.js +706 -0
  57. package/dist/crypto/math/mod.js +10 -3
  58. package/dist/esm/appstate/WaAppStateCrypto.js +40 -32
  59. package/dist/esm/appstate/WaAppStateSyncClient.js +206 -124
  60. package/dist/esm/appstate/{store/sqlite.js → encoding.js} +13 -8
  61. package/dist/esm/appstate/index.js +2 -2
  62. package/dist/esm/appstate/{WaAppStateSyncResponseParser.js → response-parser.js} +1 -1
  63. package/dist/esm/appstate/utils.js +2 -5
  64. package/dist/esm/auth/WaAuthClient.js +52 -54
  65. package/dist/esm/auth/credentials-flow.js +190 -0
  66. package/dist/esm/auth/index.js +0 -2
  67. package/dist/esm/auth/pairing/WaPairingFlow.js +39 -32
  68. package/dist/esm/auth/pairing/{WaPairingCodeCrypto.js → pairing-code-crypto.js} +26 -10
  69. package/dist/esm/client/WaClient.js +339 -175
  70. package/dist/esm/client/WaClientFactory.js +401 -68
  71. package/dist/esm/client/connection/WaConnectionManager.js +23 -11
  72. package/dist/esm/client/coordinators/WaAbPropsCoordinator.js +137 -0
  73. package/dist/esm/client/coordinators/WaBusinessCoordinator.js +229 -0
  74. package/dist/esm/client/coordinators/WaEmailCoordinator.js +60 -0
  75. package/dist/esm/client/coordinators/WaGroupCoordinator.js +11 -7
  76. package/dist/esm/client/coordinators/WaIncomingNodeCoordinator.js +36 -10
  77. package/dist/esm/client/coordinators/WaMessageDispatchCoordinator.js +337 -114
  78. package/dist/esm/client/coordinators/WaOfflineResumeCoordinator.js +110 -0
  79. package/dist/esm/client/coordinators/WaPassiveTasksCoordinator.js +97 -36
  80. package/dist/esm/client/coordinators/WaPrivacyCoordinator.js +131 -0
  81. package/dist/esm/client/coordinators/WaProfileCoordinator.js +211 -0
  82. package/dist/esm/client/coordinators/WaRetryCoordinator.js +186 -32
  83. package/dist/esm/client/coordinators/WaStreamControlCoordinator.js +19 -12
  84. package/dist/esm/client/coordinators/WaTrustedContactTokenCoordinator.js +180 -0
  85. package/dist/esm/client/dirty.js +41 -21
  86. package/dist/esm/client/events/abprops.js +40 -0
  87. package/dist/esm/client/events/devices.js +68 -0
  88. package/dist/esm/client/events/group.js +3 -11
  89. package/dist/esm/client/events/identity.js +19 -0
  90. package/dist/esm/client/events/privacy-token.js +35 -0
  91. package/dist/esm/client/events/registration.js +39 -0
  92. package/dist/esm/client/history-sync.js +50 -9
  93. package/dist/esm/client/incoming.js +74 -8
  94. package/dist/esm/client/mailbox.js +40 -23
  95. package/dist/esm/client/media.js +234 -0
  96. package/dist/esm/client/messages.js +244 -91
  97. package/dist/esm/client/messaging/fanout.js +22 -12
  98. package/dist/esm/client/messaging/participants.js +6 -4
  99. package/dist/esm/client/persistence/WriteBehindPersistence.js +125 -0
  100. package/dist/esm/client/tokens/cs-token.js +46 -0
  101. package/dist/esm/client/tokens/tc-token.js +18 -0
  102. package/dist/esm/crypto/core/index.js +3 -2
  103. package/dist/esm/crypto/core/keys.js +1 -1
  104. package/dist/esm/crypto/core/nonce.js +2 -0
  105. package/dist/esm/crypto/core/primitives.js +0 -7
  106. package/dist/esm/crypto/core/random.js +23 -7
  107. package/dist/esm/crypto/core/xeddsa.js +53 -0
  108. package/dist/esm/crypto/curves/X25519.js +45 -8
  109. package/dist/esm/crypto/curves/constants.js +1 -0
  110. package/dist/esm/crypto/index.js +1 -0
  111. package/dist/esm/crypto/math/constants.js +12 -35
  112. package/dist/esm/crypto/math/edwards.js +174 -47
  113. package/dist/esm/crypto/math/fe.js +691 -0
  114. package/dist/esm/crypto/math/mod.js +10 -1
  115. package/dist/esm/index.js +1 -1
  116. package/dist/esm/infra/perf/BackgroundQueue.js +478 -0
  117. package/dist/esm/infra/perf/BoundedTaskQueue.js +3 -1
  118. package/dist/esm/infra/perf/PromiseDedup.js +20 -0
  119. package/dist/esm/infra/perf/SharedExclusiveGate.js +109 -0
  120. package/dist/esm/infra/perf/StoreLock.js +80 -0
  121. package/dist/esm/media/WaMediaCrypto.js +332 -55
  122. package/dist/esm/media/WaMediaTransferClient.js +69 -220
  123. package/dist/esm/media/constants.js +4 -1
  124. package/dist/esm/media/processor.js +1 -0
  125. package/dist/esm/message/WaMessageClient.js +26 -19
  126. package/dist/esm/message/addon-crypto.js +130 -3
  127. package/dist/esm/message/content.js +206 -14
  128. package/dist/esm/message/icdc.js +76 -0
  129. package/dist/esm/message/incoming.js +38 -24
  130. package/dist/esm/message/phash.js +35 -13
  131. package/dist/esm/message/reporting-token.js +17 -30
  132. package/dist/esm/message/use-case-secret.js +1 -1
  133. package/dist/esm/protocol/abprops.js +159 -0
  134. package/dist/esm/protocol/appstate.js +9 -40
  135. package/dist/esm/protocol/browser.js +24 -18
  136. package/dist/esm/protocol/constants.js +8 -4
  137. package/dist/esm/protocol/defaults.js +6 -0
  138. package/dist/esm/protocol/email.js +30 -0
  139. package/dist/esm/protocol/index.js +1 -2
  140. package/dist/esm/protocol/jid.js +142 -39
  141. package/dist/esm/protocol/message.js +61 -1
  142. package/dist/esm/protocol/nodes.js +8 -2
  143. package/dist/esm/protocol/notification.js +9 -1
  144. package/dist/esm/protocol/privacy-token.js +17 -0
  145. package/dist/esm/protocol/privacy.js +55 -0
  146. package/dist/esm/protocol/stream.js +26 -1
  147. package/dist/esm/retry/codec.js +216 -0
  148. package/dist/esm/retry/constants.js +1 -1
  149. package/dist/esm/retry/index.js +2 -2
  150. package/dist/esm/retry/parse.js +50 -30
  151. package/dist/esm/retry/reason.js +1 -1
  152. package/dist/esm/retry/replay.js +11 -7
  153. package/dist/esm/retry/tracker.js +50 -12
  154. package/dist/esm/signal/api/SignalDeviceSyncApi.js +52 -32
  155. package/dist/esm/signal/api/SignalDigestSyncApi.js +21 -15
  156. package/dist/esm/signal/api/SignalIdentitySyncApi.js +30 -15
  157. package/dist/esm/signal/api/SignalMissingPreKeysSyncApi.js +19 -8
  158. package/dist/esm/signal/api/SignalRotateKeyApi.js +4 -2
  159. package/dist/esm/signal/api/SignalSessionSyncApi.js +17 -8
  160. package/dist/esm/signal/api/result-map.js +10 -0
  161. package/dist/esm/signal/constants.js +0 -4
  162. package/dist/esm/signal/crypto/WaAdvSignature.js +5 -45
  163. package/dist/esm/signal/crypto/constants.js +0 -4
  164. package/dist/esm/signal/{store/sqlite.js → encoding.js} +40 -29
  165. package/dist/esm/signal/group/SenderKeyChain.js +3 -3
  166. package/dist/esm/signal/group/SenderKeyCodec.js +8 -8
  167. package/dist/esm/signal/group/SenderKeyManager.js +131 -109
  168. package/dist/esm/signal/index.js +1 -0
  169. package/dist/esm/signal/registration/keygen.js +8 -5
  170. package/dist/esm/signal/registration/utils.js +3 -2
  171. package/dist/esm/signal/session/SignalProtocol.js +158 -81
  172. package/dist/esm/signal/session/SignalRatchet.js +21 -10
  173. package/dist/esm/signal/session/SignalSerializer.js +5 -6
  174. package/dist/esm/signal/session/SignalSession.js +11 -9
  175. package/dist/esm/signal/session/resolver.js +140 -105
  176. package/dist/esm/store/contracts/identity.store.js +1 -0
  177. package/dist/esm/store/contracts/message-secret.store.js +1 -0
  178. package/dist/esm/store/contracts/pre-key.store.js +1 -0
  179. package/dist/esm/store/contracts/privacy-token.store.js +1 -0
  180. package/dist/esm/store/contracts/session.store.js +1 -0
  181. package/dist/esm/store/createStore.js +143 -193
  182. package/dist/esm/store/index.js +5 -10
  183. package/dist/esm/store/locks/appstate.lock.js +26 -0
  184. package/dist/esm/store/locks/auth.lock.js +15 -0
  185. package/dist/esm/store/locks/contact.lock.js +20 -0
  186. package/dist/esm/store/locks/device-list.lock.js +20 -0
  187. package/dist/esm/store/locks/identity.lock.js +16 -0
  188. package/dist/esm/store/locks/message-secret.lock.js +17 -0
  189. package/dist/esm/store/locks/message.lock.js +21 -0
  190. package/dist/esm/store/locks/participants.lock.js +20 -0
  191. package/dist/esm/store/locks/pre-key.lock.js +27 -0
  192. package/dist/esm/store/locks/privacy-token.lock.js +18 -0
  193. package/dist/esm/store/locks/retry.lock.js +29 -0
  194. package/dist/esm/store/locks/sender-key.lock.js +52 -0
  195. package/dist/esm/store/locks/session.lock.js +19 -0
  196. package/dist/esm/store/locks/signal.lock.js +39 -0
  197. package/dist/esm/store/locks/thread.lock.js +21 -0
  198. package/dist/esm/store/noop.store.js +21 -1
  199. package/dist/esm/store/providers/memory/appstate.store.js +22 -24
  200. package/dist/esm/store/providers/memory/device-list.store.js +13 -5
  201. package/dist/esm/store/providers/memory/identity.store.js +31 -0
  202. package/dist/esm/store/providers/memory/message-secret.store.js +81 -0
  203. package/dist/esm/store/providers/memory/participants.store.js +3 -0
  204. package/dist/esm/store/providers/memory/pre-key.store.js +97 -0
  205. package/dist/esm/store/providers/memory/privacy-token.store.js +43 -0
  206. package/dist/esm/store/providers/memory/retry.store.js +99 -10
  207. package/dist/esm/store/providers/memory/sender-key.store.js +6 -1
  208. package/dist/esm/store/providers/memory/session.store.js +45 -0
  209. package/dist/esm/store/providers/memory/signal.store.js +1 -147
  210. package/dist/esm/transport/WaComms.js +7 -4
  211. package/dist/esm/transport/WaWebSocket.js +9 -7
  212. package/dist/esm/transport/binary/constants.js +0 -30
  213. package/dist/esm/transport/binary/decoder.js +4 -4
  214. package/dist/esm/transport/binary/encoder.js +8 -15
  215. package/dist/esm/transport/binary/index.js +0 -1
  216. package/dist/esm/transport/index.js +6 -0
  217. package/dist/esm/transport/keepalive/WaKeepAlive.js +17 -8
  218. package/dist/esm/transport/node/WaMobileTcpSocket.js +114 -0
  219. package/dist/esm/transport/node/WaNodeOrchestrator.js +37 -22
  220. package/dist/esm/transport/node/builders/abprops.js +20 -0
  221. package/dist/esm/transport/node/builders/business.js +129 -0
  222. package/dist/esm/transport/node/builders/device.js +11 -0
  223. package/dist/esm/transport/node/builders/email.js +65 -0
  224. package/dist/esm/transport/node/builders/global.js +370 -0
  225. package/dist/esm/transport/node/builders/message.js +63 -239
  226. package/dist/esm/transport/node/builders/offline.js +14 -0
  227. package/dist/esm/transport/node/builders/pairing.js +0 -24
  228. package/dist/esm/transport/node/builders/prekeys.js +37 -40
  229. package/dist/esm/transport/node/builders/presence.js +13 -0
  230. package/dist/esm/transport/node/builders/privacy-token.js +37 -0
  231. package/dist/esm/transport/node/builders/privacy.js +48 -0
  232. package/dist/esm/transport/node/builders/profile.js +70 -0
  233. package/dist/esm/transport/node/builders/retry.js +11 -23
  234. package/dist/esm/transport/node/builders/usync.js +6 -2
  235. package/dist/esm/transport/node/helpers.js +43 -1
  236. package/dist/esm/transport/node/mex/argo-decoder.js +152 -0
  237. package/dist/esm/transport/node/mex/client.js +83 -0
  238. package/dist/esm/transport/node/mex/persist-ids.js +10 -0
  239. package/dist/esm/transport/node/usync.js +3 -33
  240. package/dist/esm/transport/node/xml.js +35 -14
  241. package/dist/esm/transport/noise/WaClientPayload.js +24 -19
  242. package/dist/esm/transport/noise/WaFrameCodec.js +2 -2
  243. package/dist/esm/transport/noise/WaMobileClientPayload.js +53 -0
  244. package/dist/esm/transport/noise/WaNoiseCert.js +9 -27
  245. package/dist/esm/transport/noise/WaNoiseSession.js +76 -34
  246. package/dist/esm/transport/noise/WaNoiseSocket.js +8 -4
  247. package/dist/esm/transport/stream/parse.js +8 -4
  248. package/dist/esm/util/bytes.js +22 -18
  249. package/dist/esm/util/index.js +5 -0
  250. package/dist/esm/util/primitives.js +3 -2
  251. package/dist/index.js +7 -1
  252. package/dist/infra/perf/BackgroundQueue.js +482 -0
  253. package/dist/infra/perf/BoundedTaskQueue.js +3 -1
  254. package/dist/infra/perf/PromiseDedup.js +24 -0
  255. package/dist/infra/perf/SharedExclusiveGate.js +113 -0
  256. package/dist/infra/perf/StoreLock.js +84 -0
  257. package/dist/media/WaMediaCrypto.js +328 -51
  258. package/dist/media/WaMediaTransferClient.js +72 -253
  259. package/dist/media/constants.js +5 -2
  260. package/dist/media/processor.js +2 -0
  261. package/dist/message/WaMessageClient.js +26 -19
  262. package/dist/message/addon-crypto.js +131 -0
  263. package/dist/message/content.js +211 -14
  264. package/dist/message/icdc.js +81 -0
  265. package/dist/message/incoming.js +38 -24
  266. package/dist/message/phash.js +35 -13
  267. package/dist/message/reporting-token.js +16 -30
  268. package/dist/message/use-case-secret.js +1 -1
  269. package/dist/protocol/abprops.js +163 -0
  270. package/dist/protocol/appstate.js +10 -41
  271. package/dist/protocol/browser.js +25 -18
  272. package/dist/protocol/constants.js +33 -2
  273. package/dist/protocol/defaults.js +6 -0
  274. package/dist/protocol/email.js +33 -0
  275. package/dist/protocol/index.js +8 -5
  276. package/dist/protocol/jid.js +149 -39
  277. package/dist/protocol/message.js +62 -2
  278. package/dist/protocol/nodes.js +8 -2
  279. package/dist/protocol/notification.js +10 -2
  280. package/dist/protocol/privacy-token.js +20 -0
  281. package/dist/protocol/privacy.js +58 -0
  282. package/dist/protocol/stream.js +27 -2
  283. package/dist/retry/codec.js +220 -0
  284. package/dist/retry/constants.js +1 -1
  285. package/dist/retry/index.js +5 -5
  286. package/dist/retry/parse.js +51 -30
  287. package/dist/retry/reason.js +1 -1
  288. package/dist/retry/replay.js +10 -6
  289. package/dist/retry/tracker.js +50 -12
  290. package/dist/signal/api/SignalDeviceSyncApi.js +51 -31
  291. package/dist/signal/api/SignalDigestSyncApi.js +21 -15
  292. package/dist/signal/api/SignalIdentitySyncApi.js +29 -14
  293. package/dist/signal/api/SignalMissingPreKeysSyncApi.js +17 -6
  294. package/dist/signal/api/SignalRotateKeyApi.js +4 -2
  295. package/dist/signal/api/SignalSessionSyncApi.js +16 -7
  296. package/dist/signal/api/result-map.js +13 -0
  297. package/dist/signal/constants.js +1 -5
  298. package/dist/signal/crypto/WaAdvSignature.js +2 -44
  299. package/dist/signal/crypto/constants.js +1 -5
  300. package/dist/signal/{store/sqlite.js → encoding.js} +41 -25
  301. package/dist/signal/group/SenderKeyChain.js +2 -2
  302. package/dist/signal/group/SenderKeyCodec.js +8 -8
  303. package/dist/signal/group/SenderKeyManager.js +130 -108
  304. package/dist/signal/index.js +13 -1
  305. package/dist/signal/registration/keygen.js +7 -4
  306. package/dist/signal/registration/utils.js +3 -2
  307. package/dist/signal/session/SignalProtocol.js +158 -81
  308. package/dist/signal/session/SignalRatchet.js +19 -8
  309. package/dist/signal/session/SignalSerializer.js +5 -6
  310. package/dist/signal/session/SignalSession.js +11 -9
  311. package/dist/signal/session/resolver.js +138 -103
  312. package/dist/store/contracts/identity.store.js +2 -0
  313. package/dist/store/contracts/message-secret.store.js +2 -0
  314. package/dist/store/contracts/pre-key.store.js +2 -0
  315. package/dist/store/contracts/privacy-token.store.js +2 -0
  316. package/dist/store/contracts/session.store.js +2 -0
  317. package/dist/store/createStore.js +142 -192
  318. package/dist/store/index.js +23 -33
  319. package/dist/store/locks/appstate.lock.js +29 -0
  320. package/dist/store/locks/auth.lock.js +18 -0
  321. package/dist/store/locks/contact.lock.js +23 -0
  322. package/dist/store/locks/device-list.lock.js +23 -0
  323. package/dist/store/locks/identity.lock.js +19 -0
  324. package/dist/store/locks/message-secret.lock.js +20 -0
  325. package/dist/store/locks/message.lock.js +24 -0
  326. package/dist/store/locks/participants.lock.js +23 -0
  327. package/dist/store/locks/pre-key.lock.js +30 -0
  328. package/dist/store/locks/privacy-token.lock.js +21 -0
  329. package/dist/store/locks/retry.lock.js +32 -0
  330. package/dist/store/locks/sender-key.lock.js +55 -0
  331. package/dist/store/locks/session.lock.js +22 -0
  332. package/dist/store/locks/signal.lock.js +42 -0
  333. package/dist/store/locks/thread.lock.js +24 -0
  334. package/dist/store/noop.store.js +22 -2
  335. package/dist/store/providers/memory/appstate.store.js +22 -24
  336. package/dist/store/providers/memory/device-list.store.js +13 -5
  337. package/dist/store/providers/memory/identity.store.js +35 -0
  338. package/dist/store/providers/memory/message-secret.store.js +85 -0
  339. package/dist/store/providers/memory/participants.store.js +3 -0
  340. package/dist/store/providers/memory/pre-key.store.js +101 -0
  341. package/dist/store/providers/memory/privacy-token.store.js +47 -0
  342. package/dist/store/providers/memory/retry.store.js +98 -9
  343. package/dist/store/providers/memory/sender-key.store.js +6 -1
  344. package/dist/store/providers/memory/session.store.js +49 -0
  345. package/dist/store/providers/memory/signal.store.js +1 -147
  346. package/dist/transport/WaComms.js +7 -4
  347. package/dist/transport/WaWebSocket.js +9 -7
  348. package/dist/transport/binary/constants.js +1 -31
  349. package/dist/transport/binary/decoder.js +4 -4
  350. package/dist/transport/binary/encoder.js +8 -15
  351. package/dist/transport/binary/index.js +0 -4
  352. package/dist/transport/index.js +17 -1
  353. package/dist/transport/keepalive/WaKeepAlive.js +17 -8
  354. package/dist/transport/node/WaMobileTcpSocket.js +118 -0
  355. package/dist/transport/node/WaNodeOrchestrator.js +36 -21
  356. package/dist/transport/node/builders/abprops.js +23 -0
  357. package/dist/transport/node/builders/business.js +137 -0
  358. package/dist/transport/node/builders/device.js +14 -0
  359. package/dist/transport/node/builders/email.js +72 -0
  360. package/dist/transport/node/builders/global.js +375 -0
  361. package/dist/transport/node/builders/message.js +64 -245
  362. package/dist/transport/node/builders/offline.js +17 -0
  363. package/dist/transport/node/builders/pairing.js +0 -26
  364. package/dist/transport/node/builders/prekeys.js +36 -39
  365. package/dist/transport/node/builders/presence.js +16 -0
  366. package/dist/transport/node/builders/privacy-token.js +42 -0
  367. package/dist/transport/node/builders/privacy.js +55 -0
  368. package/dist/transport/node/builders/profile.js +78 -0
  369. package/dist/transport/node/builders/retry.js +10 -22
  370. package/dist/transport/node/builders/usync.js +6 -2
  371. package/dist/transport/node/helpers.js +46 -1
  372. package/dist/transport/node/mex/argo-decoder.js +189 -0
  373. package/dist/transport/node/mex/client.js +86 -0
  374. package/dist/transport/node/mex/persist-ids.js +13 -0
  375. package/dist/transport/node/usync.js +2 -32
  376. package/dist/transport/node/xml.js +35 -14
  377. package/dist/transport/noise/WaClientPayload.js +26 -21
  378. package/dist/transport/noise/WaFrameCodec.js +1 -1
  379. package/dist/transport/noise/WaMobileClientPayload.js +56 -0
  380. package/dist/transport/noise/WaNoiseCert.js +8 -26
  381. package/dist/transport/noise/WaNoiseSession.js +75 -33
  382. package/dist/transport/noise/WaNoiseSocket.js +8 -4
  383. package/dist/transport/stream/parse.js +7 -3
  384. package/dist/types/appstate/WaAppStateCrypto.d.ts +11 -8
  385. package/dist/types/appstate/WaAppStateSyncClient.d.ts +6 -2
  386. package/dist/types/appstate/encoding.d.ts +7 -0
  387. package/dist/types/appstate/index.d.ts +3 -3
  388. package/dist/types/appstate/{WaAppStateSyncResponseParser.d.ts → response-parser.d.ts} +1 -1
  389. package/dist/types/appstate/types.d.ts +1 -1
  390. package/dist/types/appstate/utils.d.ts +0 -2
  391. package/dist/types/auth/WaAuthClient.d.ts +9 -3
  392. package/dist/types/auth/credentials-flow.d.ts +20 -0
  393. package/dist/types/auth/index.d.ts +0 -2
  394. package/dist/types/auth/pairing/WaPairingFlow.d.ts +3 -2
  395. package/dist/types/auth/pairing/{WaPairingCodeCrypto.d.ts → pairing-code-crypto.d.ts} +6 -1
  396. package/dist/types/auth/types.d.ts +41 -0
  397. package/dist/types/client/WaClient.d.ts +44 -18
  398. package/dist/types/client/WaClientFactory.d.ts +22 -8
  399. package/dist/types/client/connection/WaConnectionManager.d.ts +2 -0
  400. package/dist/types/client/coordinators/WaAbPropsCoordinator.d.ts +26 -0
  401. package/dist/types/client/coordinators/WaBusinessCoordinator.d.ts +57 -0
  402. package/dist/types/client/coordinators/WaEmailCoordinator.d.ts +24 -0
  403. package/dist/types/client/coordinators/WaIncomingNodeCoordinator.d.ts +9 -2
  404. package/dist/types/client/coordinators/WaMessageDispatchCoordinator.d.ts +29 -2
  405. package/dist/types/client/coordinators/WaOfflineResumeCoordinator.d.ts +31 -0
  406. package/dist/types/client/coordinators/WaPassiveTasksCoordinator.d.ts +16 -1
  407. package/dist/types/client/coordinators/WaPrivacyCoordinator.d.ts +26 -0
  408. package/dist/types/client/coordinators/WaProfileCoordinator.d.ts +38 -0
  409. package/dist/types/client/coordinators/WaRetryCoordinator.d.ts +12 -0
  410. package/dist/types/client/coordinators/WaStreamControlCoordinator.d.ts +3 -2
  411. package/dist/types/client/coordinators/WaTrustedContactTokenCoordinator.d.ts +55 -0
  412. package/dist/types/client/dirty.d.ts +3 -1
  413. package/dist/types/client/events/abprops.d.ts +14 -0
  414. package/dist/types/client/events/devices.d.ts +20 -0
  415. package/dist/types/client/events/identity.d.ts +9 -0
  416. package/dist/types/client/events/privacy-token.d.ts +7 -0
  417. package/dist/types/client/events/registration.d.ts +17 -0
  418. package/dist/types/client/history-sync.d.ts +9 -6
  419. package/dist/types/client/incoming.d.ts +9 -2
  420. package/dist/types/client/index.d.ts +1 -1
  421. package/dist/types/client/mailbox.d.ts +5 -5
  422. package/dist/types/client/media.d.ts +31 -0
  423. package/dist/types/client/messages.d.ts +3 -2
  424. package/dist/types/client/persistence/WriteBehindPersistence.d.ts +34 -0
  425. package/dist/types/client/tokens/cs-token.d.ts +10 -0
  426. package/dist/types/client/tokens/tc-token.d.ts +5 -0
  427. package/dist/types/client/types.d.ts +151 -4
  428. package/dist/types/crypto/core/index.d.ts +3 -2
  429. package/dist/types/crypto/core/nonce.d.ts +2 -0
  430. package/dist/types/crypto/core/primitives.d.ts +1 -2
  431. package/dist/types/crypto/core/random.d.ts +2 -1
  432. package/dist/types/crypto/core/xeddsa.d.ts +2 -0
  433. package/dist/types/crypto/curves/constants.d.ts +1 -0
  434. package/dist/types/crypto/index.d.ts +2 -0
  435. package/dist/types/crypto/math/constants.d.ts +4 -2
  436. package/dist/types/crypto/math/fe.d.ts +30 -0
  437. package/dist/types/crypto/math/mod.d.ts +0 -2
  438. package/dist/types/crypto/math/types.d.ts +11 -4
  439. package/dist/types/index.d.ts +6 -3
  440. package/dist/types/infra/log/ConsoleLogger.d.ts +1 -1
  441. package/dist/types/infra/log/PinoLogger.d.ts +1 -1
  442. package/dist/types/infra/perf/BackgroundQueue.d.ts +58 -0
  443. package/dist/types/infra/perf/PromiseDedup.d.ts +4 -0
  444. package/dist/types/infra/perf/SharedExclusiveGate.d.ts +17 -0
  445. package/dist/types/infra/perf/StoreLock.d.ts +11 -0
  446. package/dist/types/media/WaMediaCrypto.d.ts +16 -6
  447. package/dist/types/media/WaMediaTransferClient.d.ts +6 -23
  448. package/dist/types/media/constants.d.ts +3 -1
  449. package/dist/types/media/index.d.ts +2 -1
  450. package/dist/types/media/processor.d.ts +28 -0
  451. package/dist/types/media/types.d.ts +19 -5
  452. package/dist/types/message/addon-crypto.d.ts +34 -3
  453. package/dist/types/message/content.d.ts +11 -1
  454. package/dist/types/message/icdc.d.ts +13 -0
  455. package/dist/types/message/reporting-token.d.ts +0 -1
  456. package/dist/types/message/types.d.ts +42 -11
  457. package/dist/types/protocol/abprops.d.ts +142 -0
  458. package/dist/types/protocol/appstate.d.ts +0 -11
  459. package/dist/types/protocol/browser.d.ts +1 -0
  460. package/dist/types/protocol/constants.d.ts +12 -4
  461. package/dist/types/protocol/defaults.d.ts +6 -0
  462. package/dist/types/protocol/email.d.ts +32 -0
  463. package/dist/types/protocol/index.d.ts +1 -2
  464. package/dist/types/protocol/jid.d.ts +20 -2
  465. package/dist/types/protocol/message.d.ts +60 -0
  466. package/dist/types/protocol/nodes.d.ts +6 -0
  467. package/dist/types/protocol/notification.d.ts +8 -0
  468. package/dist/types/protocol/privacy-token.d.ts +17 -0
  469. package/dist/types/protocol/privacy.d.ts +75 -0
  470. package/dist/types/protocol/stream.d.ts +31 -0
  471. package/dist/types/retry/codec.d.ts +3 -0
  472. package/dist/types/retry/index.d.ts +3 -3
  473. package/dist/types/retry/parse.d.ts +5 -2
  474. package/dist/types/retry/reason.d.ts +1 -1
  475. package/dist/types/retry/tracker.d.ts +1 -0
  476. package/dist/types/retry/types.d.ts +6 -1
  477. package/dist/types/signal/api/SignalDeviceSyncApi.d.ts +2 -1
  478. package/dist/types/signal/api/SignalDigestSyncApi.d.ts +9 -0
  479. package/dist/types/signal/api/SignalIdentitySyncApi.d.ts +5 -3
  480. package/dist/types/signal/api/SignalRotateKeyApi.d.ts +4 -5
  481. package/dist/types/signal/api/SignalSessionSyncApi.d.ts +8 -6
  482. package/dist/types/signal/api/result-map.d.ts +1 -0
  483. package/dist/types/signal/constants.d.ts +0 -3
  484. package/dist/types/signal/crypto/WaAdvSignature.d.ts +0 -2
  485. package/dist/types/signal/crypto/constants.d.ts +0 -1
  486. package/dist/types/signal/{store/sqlite.d.ts → encoding.d.ts} +9 -3
  487. package/dist/types/signal/group/SenderKeyChain.d.ts +1 -1
  488. package/dist/types/signal/group/SenderKeyManager.d.ts +17 -7
  489. package/dist/types/signal/index.d.ts +2 -0
  490. package/dist/types/signal/registration/utils.d.ts +2 -1
  491. package/dist/types/signal/session/SignalProtocol.d.ts +21 -6
  492. package/dist/types/signal/session/SignalSerializer.d.ts +2 -1
  493. package/dist/types/signal/session/resolver.d.ts +11 -4
  494. package/dist/types/signal/types.d.ts +16 -4
  495. package/dist/types/store/contracts/appstate.store.d.ts +1 -1
  496. package/dist/types/store/contracts/identity.store.d.ts +11 -0
  497. package/dist/types/store/contracts/message-secret.store.d.ts +16 -0
  498. package/dist/types/store/contracts/pre-key.store.d.ts +13 -0
  499. package/dist/types/store/contracts/privacy-token.store.d.ts +16 -0
  500. package/dist/types/store/contracts/retry.store.d.ts +7 -0
  501. package/dist/types/store/contracts/session.store.d.ts +14 -0
  502. package/dist/types/store/contracts/signal.store.d.ts +1 -27
  503. package/dist/types/store/createStore.d.ts +1 -1
  504. package/dist/types/store/index.d.ts +12 -12
  505. package/dist/types/store/locks/appstate.lock.d.ts +3 -0
  506. package/dist/types/store/locks/auth.lock.d.ts +3 -0
  507. package/dist/types/store/locks/contact.lock.d.ts +3 -0
  508. package/dist/types/store/locks/device-list.lock.d.ts +2 -0
  509. package/dist/types/store/locks/identity.lock.d.ts +3 -0
  510. package/dist/types/store/locks/message-secret.lock.d.ts +3 -0
  511. package/dist/types/store/locks/message.lock.d.ts +3 -0
  512. package/dist/types/store/locks/participants.lock.d.ts +2 -0
  513. package/dist/types/store/locks/pre-key.lock.d.ts +3 -0
  514. package/dist/types/store/locks/privacy-token.lock.d.ts +2 -0
  515. package/dist/types/store/locks/retry.lock.d.ts +2 -0
  516. package/dist/types/store/locks/sender-key.lock.d.ts +3 -0
  517. package/dist/types/store/locks/session.lock.d.ts +3 -0
  518. package/dist/types/store/locks/signal.lock.d.ts +3 -0
  519. package/dist/types/store/locks/thread.lock.d.ts +3 -0
  520. package/dist/types/store/noop.store.d.ts +4 -0
  521. package/dist/types/store/providers/memory/appstate.store.d.ts +1 -1
  522. package/dist/types/store/providers/memory/identity.store.d.ts +18 -0
  523. package/dist/types/store/providers/memory/message-secret.store.d.ts +21 -0
  524. package/dist/types/store/providers/memory/pre-key.store.d.ts +23 -0
  525. package/dist/types/store/providers/memory/privacy-token.store.d.ts +13 -0
  526. package/dist/types/store/providers/memory/retry.store.d.ts +15 -1
  527. package/dist/types/store/providers/memory/session.store.d.ts +21 -0
  528. package/dist/types/store/providers/memory/signal.store.d.ts +2 -43
  529. package/dist/types/store/providers/memory/thread.store.d.ts +1 -1
  530. package/dist/types/store/types.d.ts +69 -61
  531. package/dist/types/transport/WaWebSocket.d.ts +1 -1
  532. package/dist/types/transport/binary/constants.d.ts +0 -30
  533. package/dist/types/transport/binary/index.d.ts +0 -1
  534. package/dist/types/transport/index.d.ts +8 -1
  535. package/dist/types/transport/keepalive/WaKeepAlive.d.ts +4 -1
  536. package/dist/types/transport/node/WaMobileTcpSocket.d.ts +18 -0
  537. package/dist/types/transport/node/WaNodeOrchestrator.d.ts +9 -6
  538. package/dist/types/transport/node/builders/abprops.d.ts +5 -0
  539. package/dist/types/transport/node/builders/business.d.ts +29 -0
  540. package/dist/types/transport/node/builders/device.d.ts +2 -0
  541. package/dist/types/transport/node/builders/email.d.ts +11 -0
  542. package/dist/types/transport/node/builders/global.d.ts +102 -0
  543. package/dist/types/transport/node/builders/message.d.ts +8 -7
  544. package/dist/types/transport/node/builders/offline.d.ts +2 -0
  545. package/dist/types/transport/node/builders/pairing.d.ts +0 -2
  546. package/dist/types/transport/node/builders/prekeys.d.ts +4 -3
  547. package/dist/types/transport/node/builders/presence.d.ts +6 -0
  548. package/dist/types/transport/node/builders/privacy-token.d.ts +9 -0
  549. package/dist/types/transport/node/builders/privacy.d.ts +7 -0
  550. package/dist/types/transport/node/builders/profile.d.ts +8 -0
  551. package/dist/types/transport/node/builders/retry.d.ts +0 -1
  552. package/dist/types/transport/node/helpers.d.ts +8 -0
  553. package/dist/types/transport/node/mex/argo-decoder.d.ts +11 -0
  554. package/dist/types/transport/node/mex/client.d.ts +18 -0
  555. package/dist/types/transport/node/mex/persist-ids.d.ts +14 -0
  556. package/dist/types/transport/noise/WaMobileClientPayload.d.ts +29 -0
  557. package/dist/types/transport/noise/WaNoiseCert.d.ts +7 -1
  558. package/dist/types/transport/noise/WaNoiseSession.d.ts +4 -2
  559. package/dist/types/transport/noise/WaNoiseSocket.d.ts +4 -2
  560. package/dist/types/transport/types.d.ts +8 -0
  561. package/dist/types/util/bytes.d.ts +1 -1
  562. package/dist/types/util/index.d.ts +5 -0
  563. package/dist/types/util/primitives.d.ts +0 -1
  564. package/dist/util/bytes.js +22 -18
  565. package/dist/util/index.js +23 -0
  566. package/dist/util/primitives.js +2 -2
  567. package/package.json +34 -10
  568. package/proto/index.js +1 -1
  569. package/dist/auth/flow/WaAuthCredentialsFlow.js +0 -130
  570. package/dist/auth/pairing/constants.js +0 -5
  571. package/dist/client/connection/WaKeyShareCoordinator.js +0 -63
  572. package/dist/crypto/core/constants.js +0 -4
  573. package/dist/esm/auth/flow/WaAuthCredentialsFlow.js +0 -125
  574. package/dist/esm/auth/pairing/constants.js +0 -2
  575. package/dist/esm/client/connection/WaKeyShareCoordinator.js +0 -59
  576. package/dist/esm/crypto/core/constants.js +0 -1
  577. package/dist/esm/retry/outbound.js +0 -82
  578. package/dist/esm/store/providers/sqlite/BaseSqliteStore.js +0 -37
  579. package/dist/esm/store/providers/sqlite/appstate.store.js +0 -250
  580. package/dist/esm/store/providers/sqlite/auth.store.js +0 -176
  581. package/dist/esm/store/providers/sqlite/connection.js +0 -245
  582. package/dist/esm/store/providers/sqlite/contact.store.js +0 -74
  583. package/dist/esm/store/providers/sqlite/device-list.store.js +0 -127
  584. package/dist/esm/store/providers/sqlite/message.store.js +0 -132
  585. package/dist/esm/store/providers/sqlite/migrations.js +0 -347
  586. package/dist/esm/store/providers/sqlite/participants.store.js +0 -77
  587. package/dist/esm/store/providers/sqlite/retry.store.js +0 -141
  588. package/dist/esm/store/providers/sqlite/sender-key.store.js +0 -198
  589. package/dist/esm/store/providers/sqlite/signal.store.js +0 -435
  590. package/dist/esm/store/providers/sqlite/table-names.js +0 -107
  591. package/dist/esm/store/providers/sqlite/thread.store.js +0 -85
  592. package/dist/esm/transport/node/builders/index.js +0 -8
  593. package/dist/retry/outbound.js +0 -87
  594. package/dist/store/providers/sqlite/BaseSqliteStore.js +0 -41
  595. package/dist/store/providers/sqlite/appstate.store.js +0 -254
  596. package/dist/store/providers/sqlite/auth.store.js +0 -180
  597. package/dist/store/providers/sqlite/connection.js +0 -281
  598. package/dist/store/providers/sqlite/contact.store.js +0 -78
  599. package/dist/store/providers/sqlite/device-list.store.js +0 -131
  600. package/dist/store/providers/sqlite/message.store.js +0 -136
  601. package/dist/store/providers/sqlite/migrations.js +0 -350
  602. package/dist/store/providers/sqlite/participants.store.js +0 -81
  603. package/dist/store/providers/sqlite/retry.store.js +0 -145
  604. package/dist/store/providers/sqlite/sender-key.store.js +0 -202
  605. package/dist/store/providers/sqlite/signal.store.js +0 -439
  606. package/dist/store/providers/sqlite/table-names.js +0 -113
  607. package/dist/store/providers/sqlite/thread.store.js +0 -89
  608. package/dist/transport/node/builders/index.js +0 -42
  609. package/dist/types/appstate/store/sqlite.d.ts +0 -7
  610. package/dist/types/auth/flow/WaAuthCredentialsFlow.d.ts +0 -14
  611. package/dist/types/auth/pairing/constants.d.ts +0 -2
  612. package/dist/types/client/connection/WaKeyShareCoordinator.d.ts +0 -14
  613. package/dist/types/crypto/core/constants.d.ts +0 -1
  614. package/dist/types/retry/outbound.d.ts +0 -4
  615. package/dist/types/store/providers/sqlite/BaseSqliteStore.d.ts +0 -12
  616. package/dist/types/store/providers/sqlite/appstate.store.d.ts +0 -17
  617. package/dist/types/store/providers/sqlite/auth.store.d.ts +0 -10
  618. package/dist/types/store/providers/sqlite/connection.d.ts +0 -10
  619. package/dist/types/store/providers/sqlite/contact.store.d.ts +0 -12
  620. package/dist/types/store/providers/sqlite/device-list.store.d.ts +0 -15
  621. package/dist/types/store/providers/sqlite/message.store.d.ts +0 -13
  622. package/dist/types/store/providers/sqlite/migrations.d.ts +0 -3
  623. package/dist/types/store/providers/sqlite/participants.store.d.ts +0 -12
  624. package/dist/types/store/providers/sqlite/retry.store.d.ts +0 -15
  625. package/dist/types/store/providers/sqlite/sender-key.store.d.ts +0 -24
  626. package/dist/types/store/providers/sqlite/signal.store.d.ts +0 -53
  627. package/dist/types/store/providers/sqlite/table-names.d.ts +0 -5
  628. package/dist/types/store/providers/sqlite/thread.store.d.ts +0 -13
  629. package/dist/types/transport/node/builders/index.d.ts +0 -8
  630. /package/dist/appstate/{WaAppStateSyncResponseParser.js → response-parser.js} +0 -0
package/dist/esm/media/WaMediaCrypto.js CHANGED
@@ -1,13 +1,98 @@
1
- import { createCipheriv, createDecipheriv, createHash, createHmac } from 'node:crypto';
1
+ import { createHash, createHmac } from 'node:crypto';
2
2
  import { once } from 'node:events';
3
+ import { createWriteStream } from 'node:fs';
4
+ import { stat, unlink } from 'node:fs/promises';
5
+ import { tmpdir } from 'node:os';
6
+ import { join } from 'node:path';
3
7
  import { PassThrough } from 'node:stream';
4
8
  import { hkdf } from '../crypto/core/hkdf.js';
5
9
  import { aesCbcDecrypt, aesCbcEncrypt, hmacSign, importAesCbcKey, importHmacKey, sha256 } from '../crypto/core/primitives.js';
6
10
  import { randomBytesAsync } from '../crypto/core/random.js';
7
- import { ENC_KEY_END, ENC_KEY_START, HMAC_TRUNCATED_SIZE, IV_SIZE, MAC_KEY_END, MAC_KEY_START, MEDIA_HKDF_SIZE } from './constants.js';
8
- import { WA_APP_STATE_KEY_TYPES, getWaMediaHkdfInfo } from '../protocol/constants.js';
9
- import { assertByteLength, concatBytes, EMPTY_BYTES, readAllBytes, toChunkBytes, toBytesView, uint8Equal, uint8TimingSafeEqual } from '../util/bytes.js';
11
+ import { ENC_KEY_END, ENC_KEY_START, HMAC_TRUNCATED_SIZE, IV_SIZE, MAC_KEY_END, MAC_KEY_START, MEDIA_HKDF_SIZE, SIDECAR_CHUNK_SIZE, SIDECAR_HMAC_SIZE } from './constants.js';
12
+ import { getWaMediaHkdfInfo, WA_APP_STATE_KEY_TYPES } from '../protocol/constants.js';
13
+ import { assertByteLength, concatBytes, EMPTY_BYTES, toBytesView, toChunkBytes, uint8Equal, uint8TimingSafeEqual } from '../util/bytes.js';
10
14
  import { toError } from '../util/primitives.js';
15
+ const AES_BLOCK_SIZE = 16;
16
+ const PKCS7_FULL_BLOCK = new Uint8Array(AES_BLOCK_SIZE).fill(AES_BLOCK_SIZE);
17
+ async function aesCbcEncryptChunk(key, iv, chunk, isFinal) {
18
+ const encrypted = await aesCbcEncrypt(key, iv, chunk);
19
+ if (isFinal) {
20
+ return {
21
+ ciphertext: encrypted,
22
+ nextIv: encrypted.subarray(encrypted.byteLength - AES_BLOCK_SIZE)
23
+ };
24
+ }
25
+ const ciphertext = encrypted.subarray(0, encrypted.byteLength - AES_BLOCK_SIZE);
26
+ return {
27
+ ciphertext,
28
+ nextIv: ciphertext.subarray(ciphertext.byteLength - AES_BLOCK_SIZE)
29
+ };
30
+ }
31
+ async function aesCbcDecryptChunk(key, iv, ciphertext, isFinal) {
32
+ const nextIv = toBytesView(ciphertext.subarray(ciphertext.byteLength - AES_BLOCK_SIZE));
33
+ if (isFinal) {
34
+ return { plaintext: await aesCbcDecrypt(key, iv, ciphertext), nextIv };
35
+ }
36
+ const padBlock = (await aesCbcEncrypt(key, nextIv, PKCS7_FULL_BLOCK)).subarray(0, AES_BLOCK_SIZE);
37
+ const withPad = concatBytes([ciphertext, padBlock]);
38
+ return { plaintext: await aesCbcDecrypt(key, iv, withPad), nextIv };
39
+ }
40
+ async function computeFirstFrameSidecar(macKey, ivCiphertext, firstFrameLength) {
41
+ const aligned = Math.ceil(firstFrameLength / AES_BLOCK_SIZE) * AES_BLOCK_SIZE;
42
+ const slice = ivCiphertext.subarray(0, IV_SIZE + aligned);
43
+ const key = await importHmacKey(macKey);
44
+ const digest = await hmacSign(key, slice);
45
+ return digest.subarray(0, SIDECAR_HMAC_SIZE);
46
+ }
47
+ class SidecarAccumulator {
48
+ constructor(macKey, estimatedSize = 0) {
49
+ this.resultOffset = 0;
50
+ this.totalPushed = 0;
51
+ this.windowOffset = 0;
52
+ this.nextChunkStart = 0;
53
+ this.macKey = macKey;
54
+ this.window = new Uint8Array(IV_SIZE + SIDECAR_CHUNK_SIZE);
55
+ const estimated = Math.max(Math.ceil(estimatedSize / SIDECAR_CHUNK_SIZE) + 1, 16);
56
+ this.result = new Uint8Array(estimated * SIDECAR_HMAC_SIZE);
57
+ }
58
+ push(data) {
59
+ let srcOffset = 0;
60
+ while (srcOffset < data.byteLength) {
61
+ const windowEnd = this.nextChunkStart + IV_SIZE + SIDECAR_CHUNK_SIZE;
62
+ const remaining = windowEnd - this.totalPushed;
63
+ const toCopy = Math.min(remaining, data.byteLength - srcOffset);
64
+ this.window.set(data.subarray(srcOffset, srcOffset + toCopy), this.windowOffset);
65
+ this.windowOffset += toCopy;
66
+ this.totalPushed += toCopy;
67
+ srcOffset += toCopy;
68
+ if (this.totalPushed === windowEnd) {
69
+ this.flushChunk();
70
+ }
71
+ }
72
+ }
73
+ finish() {
74
+ if (this.windowOffset > 0) {
75
+ this.flushChunk();
76
+ }
77
+ return this.result.subarray(0, this.resultOffset);
78
+ }
79
+ flushChunk() {
80
+ const digest = createHmac('sha256', this.macKey)
81
+ .update(this.window.subarray(0, this.windowOffset))
82
+ .digest();
83
+ if (this.resultOffset + SIDECAR_HMAC_SIZE > this.result.byteLength) {
84
+ const grown = new Uint8Array(this.result.byteLength * 2);
85
+ grown.set(this.result);
86
+ this.result = grown;
87
+ }
88
+ this.result.set(digest.subarray(0, SIDECAR_HMAC_SIZE), this.resultOffset);
89
+ this.resultOffset += SIDECAR_HMAC_SIZE;
90
+ this.nextChunkStart += SIDECAR_CHUNK_SIZE;
91
+ const overlapSrc = this.window.subarray(this.windowOffset - IV_SIZE, this.windowOffset);
92
+ this.window.set(overlapSrc, 0);
93
+ this.windowOffset = IV_SIZE;
94
+ }
95
+ }
11
96
  export class WaMediaCrypto {
12
97
  static async generateMediaKey() {
13
98
  return randomBytesAsync(32);
@@ -23,24 +108,41 @@ export class WaMediaCrypto {
23
108
  refKey: expanded.subarray(MAC_KEY_END, MEDIA_HKDF_SIZE)
24
109
  };
25
110
  }
26
- static async encryptBytes(mediaType, mediaKey, plaintext) {
111
+ static async encryptBytes(mediaType, mediaKey, plaintext, options) {
27
112
  const keys = await WaMediaCrypto.deriveKeys(mediaType, mediaKey);
28
- const [aesKey, macKey] = await Promise.all([
113
+ const [aesKey, hmacKey] = await Promise.all([
29
114
  importAesCbcKey(keys.encKey),
30
115
  importHmacKey(keys.macKey)
31
116
  ]);
32
117
  const ciphertext = await aesCbcEncrypt(aesKey, keys.iv, plaintext);
33
118
  const ivCiphertext = concatBytes([keys.iv, ciphertext]);
34
- const mac = await hmacSign(macKey, ivCiphertext);
119
+ const mac = await hmacSign(hmacKey, ivCiphertext);
35
120
  const signature = mac.subarray(0, HMAC_TRUNCATED_SIZE);
36
121
  const ciphertextHmac = concatBytes([ciphertext, signature]);
122
+ let streamingSidecar;
123
+ if (options?.sidecar !== false) {
124
+ const acc = new SidecarAccumulator(keys.macKey);
125
+ acc.push(keys.iv);
126
+ acc.push(ciphertext);
127
+ acc.push(signature);
128
+ streamingSidecar = acc.finish();
129
+ }
130
+ const firstFrameSidecar = options?.firstFrameLength !== undefined
131
+ ? await computeFirstFrameSidecar(keys.macKey, ivCiphertext, options.firstFrameLength)
132
+ : undefined;
37
133
  const [fileSha256, fileEncSha256] = await Promise.all([
38
134
  sha256(plaintext),
39
135
  sha256(ciphertextHmac)
40
136
  ]);
41
- return { ciphertextHmac, fileSha256, fileEncSha256 };
137
+ return {
138
+ ciphertextHmac,
139
+ fileSha256,
140
+ fileEncSha256,
141
+ streamingSidecar,
142
+ firstFrameSidecar
143
+ };
42
144
  }
43
- static async decryptBytes(mediaType, mediaKey, ciphertextHmac, expectedFileSha256, expectedFileEncSha256) {
145
+ static async decryptBytes(mediaType, mediaKey, ciphertextHmac, expectedFileSha256, expectedFileEncSha256, skipMacVerification = false) {
44
146
  if (ciphertextHmac.byteLength < HMAC_TRUNCATED_SIZE) {
45
147
  throw new Error(`ciphertext too short: ${ciphertextHmac.byteLength}`);
46
148
  }
@@ -51,17 +153,19 @@ export class WaMediaCrypto {
51
153
  }
52
154
  }
53
155
  const keys = await WaMediaCrypto.deriveKeys(mediaType, mediaKey);
156
+ const [aesKey, hmacKey] = await Promise.all([
157
+ importAesCbcKey(keys.encKey),
158
+ importHmacKey(keys.macKey)
159
+ ]);
54
160
  const ciphertext = ciphertextHmac.subarray(0, ciphertextHmac.byteLength - HMAC_TRUNCATED_SIZE);
55
161
  const expectedMac = ciphertextHmac.subarray(ciphertextHmac.byteLength - HMAC_TRUNCATED_SIZE);
56
162
  const ivCiphertext = concatBytes([keys.iv, ciphertext]);
57
- const [macKey, aesKey] = await Promise.all([
58
- importHmacKey(keys.macKey),
59
- importAesCbcKey(keys.encKey)
60
- ]);
61
- const mac = await hmacSign(macKey, ivCiphertext);
62
- const signature = mac.subarray(0, HMAC_TRUNCATED_SIZE);
63
- if (!uint8TimingSafeEqual(signature, expectedMac)) {
64
- throw new Error('media MAC mismatch');
163
+ if (!skipMacVerification) {
164
+ const mac = await hmacSign(hmacKey, ivCiphertext);
165
+ const signature = mac.subarray(0, HMAC_TRUNCATED_SIZE);
166
+ if (!uint8TimingSafeEqual(signature, expectedMac)) {
167
+ throw new Error('media MAC mismatch');
168
+ }
65
169
  }
66
170
  const plaintext = await aesCbcDecrypt(aesKey, keys.iv, ciphertext);
67
171
  const fileSha256 = await sha256(plaintext);
@@ -71,23 +175,28 @@ export class WaMediaCrypto {
71
175
  const fileEncSha256 = expectedFileEncSha256 ?? (await sha256(ciphertextHmac));
72
176
  return { plaintext, fileSha256, fileEncSha256 };
73
177
  }
74
- static async encryptReadable(mediaType, mediaKey, plaintext) {
178
+ static async encryptReadable(mediaType, mediaKey, plaintext, options) {
75
179
  const keys = await WaMediaCrypto.deriveKeys(mediaType, mediaKey);
76
180
  const encrypted = new PassThrough();
77
- const metadata = pumpEncryption(plaintext, encrypted, keys);
181
+ const metadata = pumpEncryption(plaintext, encrypted, keys, options?.sidecar !== false, options?.firstFrameLength);
78
182
  return { encrypted, metadata };
79
183
  }
80
- static async decryptReadableToBytes(encrypted, options) {
81
- const decrypted = await WaMediaCrypto.decryptReadable(encrypted, options);
82
- const [plaintext, metadata] = await Promise.all([
83
- readAllBytes(decrypted.plaintext),
84
- decrypted.metadata
85
- ]);
86
- return {
87
- plaintext,
88
- fileSha256: metadata.fileSha256,
89
- fileEncSha256: metadata.fileEncSha256
90
- };
184
+ static async encryptToFile(mediaType, mediaKey, plaintext, options) {
185
+ const keys = await WaMediaCrypto.deriveKeys(mediaType, mediaKey);
186
+ const filePath = join(tmpdir(), `zapo-enc-${Date.now()}-${Math.random().toString(36).slice(2)}`);
187
+ const output = createWriteStream(filePath);
188
+ try {
189
+ const metadata = await pumpEncryptionToWritable(plaintext, output, keys, options?.sidecar !== false, options?.firstFrameLength);
190
+ const fileSize = (await stat(filePath)).size;
191
+ return { filePath, fileSize, ...metadata };
192
+ }
193
+ catch (error) {
194
+ await unlink(filePath).catch(() => undefined);
195
+ throw error;
196
+ }
197
+ }
198
+ static async cleanupEncryptedFile(filePath) {
199
+ await unlink(filePath).catch(() => undefined);
91
200
  }
92
201
  static async decryptReadable(encrypted, options) {
93
202
  const keys = await WaMediaCrypto.deriveKeys(options.mediaType, options.mediaKey);
@@ -103,39 +212,80 @@ export class WaMediaCrypto {
103
212
  return paddedLength + HMAC_TRUNCATED_SIZE;
104
213
  }
105
214
  }
106
- async function pumpEncryption(plaintext, encrypted, keys) {
215
+ async function pumpEncryption(plaintext, encrypted, keys, computeSidecar, firstFrameLength) {
216
+ const aesKey = await importAesCbcKey(keys.encKey);
107
217
  const plainHash = createHash('sha256');
108
218
  const encHash = createHash('sha256');
109
219
  const hmac = createHmac('sha256', keys.macKey);
110
- const cipher = createCipheriv('aes-256-cbc', keys.encKey, keys.iv);
220
+ const sidecar = computeSidecar ? new SidecarAccumulator(keys.macKey) : null;
221
+ const ffTarget = firstFrameLength !== undefined
222
+ ? IV_SIZE + Math.ceil(firstFrameLength / AES_BLOCK_SIZE) * AES_BLOCK_SIZE
223
+ : 0;
224
+ let ffCollected = 0;
225
+ const ffChunks = ffTarget > 0 ? [keys.iv] : [];
226
+ if (ffTarget > 0)
227
+ ffCollected = IV_SIZE;
228
+ let plaintextLength = 0;
229
+ let currentIv = keys.iv;
230
+ let pending = EMPTY_BYTES;
111
231
  hmac.update(keys.iv);
232
+ sidecar?.push(keys.iv);
112
233
  try {
113
234
  for await (const chunk of plaintext) {
114
235
  const plainChunk = toChunkBytes(chunk);
115
- if (plainChunk.byteLength === 0) {
236
+ if (plainChunk.byteLength === 0)
116
237
  continue;
117
- }
238
+ plaintextLength += plainChunk.byteLength;
118
239
  plainHash.update(plainChunk);
119
- const encryptedChunk = cipher.update(plainChunk);
120
- if (encryptedChunk.byteLength > 0) {
121
- hmac.update(encryptedChunk);
122
- encHash.update(encryptedChunk);
123
- await writeChunk(encrypted, encryptedChunk);
240
+ const combined = pending.byteLength > 0
241
+ ? concatBytes([pending, plainChunk])
242
+ : toBytesView(plainChunk);
243
+ const aligned = combined.byteLength - (combined.byteLength % AES_BLOCK_SIZE);
244
+ if (aligned === 0) {
245
+ pending = combined;
246
+ continue;
247
+ }
248
+ const toEncrypt = toBytesView(combined.subarray(0, aligned));
249
+ pending = toBytesView(combined.subarray(aligned));
250
+ const { ciphertext, nextIv } = await aesCbcEncryptChunk(aesKey, currentIv, toEncrypt, false);
251
+ currentIv = nextIv;
252
+ hmac.update(ciphertext);
253
+ encHash.update(ciphertext);
254
+ sidecar?.push(ciphertext);
255
+ if (ffCollected < ffTarget) {
256
+ const need = ffTarget - ffCollected;
257
+ ffChunks.push(ciphertext.subarray(0, Math.min(need, ciphertext.byteLength)));
258
+ ffCollected += ciphertext.byteLength;
124
259
  }
260
+ await writeChunk(encrypted, ciphertext);
125
261
  }
126
- const encryptedFinal = cipher.final();
127
- if (encryptedFinal.byteLength > 0) {
128
- hmac.update(encryptedFinal);
129
- encHash.update(encryptedFinal);
130
- await writeChunk(encrypted, encryptedFinal);
262
+ const { ciphertext: finalCiphertext } = await aesCbcEncryptChunk(aesKey, currentIv, pending, true);
263
+ hmac.update(finalCiphertext);
264
+ encHash.update(finalCiphertext);
265
+ sidecar?.push(finalCiphertext);
266
+ if (ffCollected < ffTarget) {
267
+ const need = ffTarget - ffCollected;
268
+ ffChunks.push(finalCiphertext.subarray(0, Math.min(need, finalCiphertext.byteLength)));
131
269
  }
132
- const signature = hmac.digest().subarray(0, HMAC_TRUNCATED_SIZE);
270
+ await writeChunk(encrypted, finalCiphertext);
271
+ const signature = toBytesView(hmac.digest().subarray(0, HMAC_TRUNCATED_SIZE));
133
272
  encHash.update(signature);
273
+ sidecar?.push(signature);
134
274
  await writeChunk(encrypted, signature);
135
275
  encrypted.end();
276
+ let firstFrameSidecar;
277
+ if (ffTarget > 0) {
278
+ const ivCiphertextSlice = concatBytes(ffChunks);
279
+ const ffKey = await importHmacKey(keys.macKey);
280
+ const ffDigest = await hmacSign(ffKey, ivCiphertextSlice);
281
+ firstFrameSidecar = ffDigest.subarray(0, SIDECAR_HMAC_SIZE);
282
+ }
136
283
  return {
137
284
  fileSha256: toBytesView(plainHash.digest()),
138
- fileEncSha256: toBytesView(encHash.digest())
285
+ fileEncSha256: toBytesView(encHash.digest()),
286
+ plaintextLength,
287
+ streamingSidecar: sidecar?.finish(),
288
+ firstFrameSidecar
139
289
  };
140
290
  }
141
291
  catch (error) {
@@ -144,11 +294,121 @@ async function pumpEncryption(plaintext, encrypted, keys) {
144
294
  throw normalized;
145
295
  }
146
296
  }
297
+ async function writeChunkToWritable(stream, chunk) {
298
+ if (chunk.byteLength === 0) {
299
+ return;
300
+ }
301
+ if (stream.write(chunk)) {
302
+ return;
303
+ }
304
+ await new Promise((resolve, reject) => {
305
+ const onDrain = () => {
306
+ stream.off('error', onError);
307
+ resolve();
308
+ };
309
+ const onError = (err) => {
310
+ stream.off('drain', onDrain);
311
+ reject(err);
312
+ };
313
+ stream.once('drain', onDrain);
314
+ stream.once('error', onError);
315
+ });
316
+ }
317
+ async function endWritable(stream) {
318
+ return new Promise((resolve, reject) => {
319
+ stream.on('error', reject);
320
+ stream.end(() => resolve());
321
+ });
322
+ }
323
+ async function pumpEncryptionToWritable(plaintext, output, keys, computeSidecar, firstFrameLength) {
324
+ const aesKey = await importAesCbcKey(keys.encKey);
325
+ const plainHash = createHash('sha256');
326
+ const encHash = createHash('sha256');
327
+ const hmac = createHmac('sha256', keys.macKey);
328
+ const sidecar = computeSidecar ? new SidecarAccumulator(keys.macKey) : null;
329
+ const ffTarget = firstFrameLength !== undefined
330
+ ? IV_SIZE + Math.ceil(firstFrameLength / AES_BLOCK_SIZE) * AES_BLOCK_SIZE
331
+ : 0;
332
+ let ffCollected = 0;
333
+ const ffChunks = ffTarget > 0 ? [keys.iv] : [];
334
+ if (ffTarget > 0)
335
+ ffCollected = IV_SIZE;
336
+ let plaintextLength = 0;
337
+ let currentIv = keys.iv;
338
+ let pending = EMPTY_BYTES;
339
+ hmac.update(keys.iv);
340
+ sidecar?.push(keys.iv);
341
+ try {
342
+ for await (const chunk of plaintext) {
343
+ const plainChunk = toChunkBytes(chunk);
344
+ if (plainChunk.byteLength === 0)
345
+ continue;
346
+ plaintextLength += plainChunk.byteLength;
347
+ plainHash.update(plainChunk);
348
+ const combined = pending.byteLength > 0
349
+ ? concatBytes([pending, plainChunk])
350
+ : toBytesView(plainChunk);
351
+ const aligned = combined.byteLength - (combined.byteLength % AES_BLOCK_SIZE);
352
+ if (aligned === 0) {
353
+ pending = combined;
354
+ continue;
355
+ }
356
+ const toEncrypt = toBytesView(combined.subarray(0, aligned));
357
+ pending = toBytesView(combined.subarray(aligned));
358
+ const { ciphertext, nextIv } = await aesCbcEncryptChunk(aesKey, currentIv, toEncrypt, false);
359
+ currentIv = nextIv;
360
+ hmac.update(ciphertext);
361
+ encHash.update(ciphertext);
362
+ sidecar?.push(ciphertext);
363
+ if (ffCollected < ffTarget) {
364
+ const need = ffTarget - ffCollected;
365
+ ffChunks.push(ciphertext.subarray(0, Math.min(need, ciphertext.byteLength)));
366
+ ffCollected += ciphertext.byteLength;
367
+ }
368
+ await writeChunkToWritable(output, ciphertext);
369
+ }
370
+ const { ciphertext: finalCiphertext } = await aesCbcEncryptChunk(aesKey, currentIv, pending, true);
371
+ hmac.update(finalCiphertext);
372
+ encHash.update(finalCiphertext);
373
+ sidecar?.push(finalCiphertext);
374
+ if (ffCollected < ffTarget) {
375
+ const need = ffTarget - ffCollected;
376
+ ffChunks.push(finalCiphertext.subarray(0, Math.min(need, finalCiphertext.byteLength)));
377
+ }
378
+ await writeChunkToWritable(output, finalCiphertext);
379
+ const signature = toBytesView(hmac.digest().subarray(0, HMAC_TRUNCATED_SIZE));
380
+ encHash.update(signature);
381
+ sidecar?.push(signature);
382
+ await writeChunkToWritable(output, signature);
383
+ await endWritable(output);
384
+ let firstFrameSidecar;
385
+ if (ffTarget > 0) {
386
+ const ivCiphertextSlice = concatBytes(ffChunks);
387
+ const ffKey = await importHmacKey(keys.macKey);
388
+ const ffDigest = await hmacSign(ffKey, ivCiphertextSlice);
389
+ firstFrameSidecar = ffDigest.subarray(0, SIDECAR_HMAC_SIZE);
390
+ }
391
+ return {
392
+ fileSha256: toBytesView(plainHash.digest()),
393
+ fileEncSha256: toBytesView(encHash.digest()),
394
+ plaintextLength,
395
+ streamingSidecar: sidecar?.finish(),
396
+ firstFrameSidecar
397
+ };
398
+ }
399
+ catch (error) {
400
+ const normalized = toError(error);
401
+ output.destroy(normalized);
402
+ throw normalized;
403
+ }
404
+ }
147
405
  async function pumpDecryption(encrypted, plaintext, keys, options) {
406
+ const aesKey = await importAesCbcKey(keys.encKey);
148
407
  const plainHash = createHash('sha256');
149
408
  const encHash = createHash('sha256');
150
409
  const hmac = createHmac('sha256', keys.macKey);
151
- const decipher = createDecipheriv('aes-256-cbc', keys.encKey, keys.iv);
410
+ let currentIv = keys.iv;
411
+ let pending = EMPTY_BYTES;
152
412
  hmac.update(keys.iv);
153
413
  try {
154
414
  let trailing = EMPTY_BYTES;
@@ -166,20 +426,37 @@ async function pumpDecryption(encrypted, plaintext, keys, options) {
166
426
  const ciphertextChunk = merged.subarray(0, merged.byteLength - HMAC_TRUNCATED_SIZE);
167
427
  trailing = merged.subarray(merged.byteLength - HMAC_TRUNCATED_SIZE);
168
428
  hmac.update(ciphertextChunk);
169
- const plainChunk = decipher.update(ciphertextChunk);
170
- if (plainChunk.byteLength > 0) {
171
- plainHash.update(plainChunk);
172
- await writeChunk(plaintext, plainChunk);
429
+ const combined = pending.byteLength > 0
430
+ ? concatBytes([pending, ciphertextChunk])
431
+ : toBytesView(ciphertextChunk);
432
+ const aligned = combined.byteLength - (combined.byteLength % AES_BLOCK_SIZE);
433
+ if (aligned > AES_BLOCK_SIZE) {
434
+ const toDecrypt = combined.subarray(0, aligned - AES_BLOCK_SIZE);
435
+ const { plaintext: plainChunk, nextIv } = await aesCbcDecryptChunk(aesKey, currentIv, toDecrypt, false);
436
+ currentIv = nextIv;
437
+ if (plainChunk.byteLength > 0) {
438
+ plainHash.update(plainChunk);
439
+ await writeChunk(plaintext, plainChunk);
440
+ }
441
+ pending = toBytesView(combined.subarray(aligned - AES_BLOCK_SIZE));
442
+ }
443
+ else {
444
+ pending = combined;
173
445
  }
174
446
  }
175
447
  if (trailing.byteLength !== HMAC_TRUNCATED_SIZE) {
176
448
  throw new Error(`ciphertext too short: ${trailing.byteLength}`);
177
449
  }
178
- const signature = hmac.digest().subarray(0, HMAC_TRUNCATED_SIZE);
179
- if (!uint8TimingSafeEqual(signature, trailing)) {
180
- throw new Error('media MAC mismatch');
450
+ if (!options.skipMacVerification) {
451
+ const signature = hmac.digest().subarray(0, HMAC_TRUNCATED_SIZE);
452
+ if (!uint8TimingSafeEqual(signature, trailing)) {
453
+ throw new Error('media MAC mismatch');
454
+ }
455
+ }
456
+ if (pending.byteLength < AES_BLOCK_SIZE || pending.byteLength % AES_BLOCK_SIZE !== 0) {
457
+ throw new Error(`invalid ciphertext length: ${pending.byteLength}`);
181
458
  }
182
- const plainFinal = decipher.final();
459
+ const { plaintext: plainFinal } = await aesCbcDecryptChunk(aesKey, currentIv, pending, true);
183
460
  if (plainFinal.byteLength > 0) {
184
461
  plainHash.update(plainFinal);
185
462
  await writeChunk(plaintext, plainFinal);