zapo-js 0.1.2 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +16 -4
- package/dist/appstate/WaAppStateCrypto.js +50 -42
- package/dist/appstate/WaAppStateSyncClient.js +215 -133
- package/dist/appstate/{store/sqlite.js → encoding.js} +13 -8
- package/dist/appstate/index.js +9 -7
- package/dist/appstate/utils.js +0 -5
- package/dist/auth/WaAuthClient.js +55 -57
- package/dist/auth/credentials-flow.js +195 -0
- package/dist/auth/index.js +1 -6
- package/dist/auth/pairing/WaPairingFlow.js +39 -32
- package/dist/auth/pairing/{WaPairingCodeCrypto.js → pairing-code-crypto.js} +35 -17
- package/dist/client/WaClient.js +338 -174
- package/dist/client/WaClientFactory.js +399 -66
- package/dist/client/connection/WaConnectionManager.js +23 -11
- package/dist/client/coordinators/WaAbPropsCoordinator.js +141 -0
- package/dist/client/coordinators/WaBusinessCoordinator.js +232 -0
- package/dist/client/coordinators/WaEmailCoordinator.js +63 -0
- package/dist/client/coordinators/WaGroupCoordinator.js +11 -7
- package/dist/client/coordinators/WaIncomingNodeCoordinator.js +34 -8
- package/dist/client/coordinators/WaMessageDispatchCoordinator.js +341 -118
- package/dist/client/coordinators/WaOfflineResumeCoordinator.js +114 -0
- package/dist/client/coordinators/WaPassiveTasksCoordinator.js +97 -36
- package/dist/client/coordinators/WaPrivacyCoordinator.js +134 -0
- package/dist/client/coordinators/WaProfileCoordinator.js +214 -0
- package/dist/client/coordinators/WaRetryCoordinator.js +184 -30
- package/dist/client/coordinators/WaStreamControlCoordinator.js +18 -11
- package/dist/client/coordinators/WaTrustedContactTokenCoordinator.js +184 -0
- package/dist/client/dirty.js +41 -21
- package/dist/client/events/abprops.js +43 -0
- package/dist/client/events/devices.js +72 -0
- package/dist/client/events/group.js +3 -11
- package/dist/client/events/identity.js +22 -0
- package/dist/client/events/privacy-token.js +38 -0
- package/dist/client/events/registration.js +42 -0
- package/dist/client/history-sync.js +50 -9
- package/dist/client/incoming.js +74 -7
- package/dist/client/mailbox.js +40 -23
- package/dist/client/media.js +243 -0
- package/dist/client/messages.js +245 -92
- package/dist/client/messaging/fanout.js +21 -11
- package/dist/client/messaging/participants.js +6 -4
- package/dist/client/persistence/WriteBehindPersistence.js +129 -0
- package/dist/client/tokens/cs-token.js +50 -0
- package/dist/client/tokens/tc-token.js +25 -0
- package/dist/crypto/core/index.js +5 -2
- package/dist/crypto/core/keys.js +4 -4
- package/dist/crypto/core/nonce.js +2 -0
- package/dist/crypto/core/primitives.js +0 -8
- package/dist/crypto/core/random.js +24 -8
- package/dist/crypto/core/xeddsa.js +57 -0
- package/dist/crypto/curves/X25519.js +43 -6
- package/dist/crypto/curves/constants.js +2 -1
- package/dist/crypto/index.js +3 -0
- package/dist/crypto/math/constants.js +13 -36
- package/dist/crypto/math/edwards.js +171 -44
- package/dist/crypto/math/fe.js +706 -0
- package/dist/crypto/math/mod.js +10 -3
- package/dist/esm/appstate/WaAppStateCrypto.js +40 -32
- package/dist/esm/appstate/WaAppStateSyncClient.js +206 -124
- package/dist/esm/appstate/{store/sqlite.js → encoding.js} +13 -8
- package/dist/esm/appstate/index.js +2 -2
- package/dist/esm/appstate/{WaAppStateSyncResponseParser.js → response-parser.js} +1 -1
- package/dist/esm/appstate/utils.js +2 -5
- package/dist/esm/auth/WaAuthClient.js +52 -54
- package/dist/esm/auth/credentials-flow.js +190 -0
- package/dist/esm/auth/index.js +0 -2
- package/dist/esm/auth/pairing/WaPairingFlow.js +39 -32
- package/dist/esm/auth/pairing/{WaPairingCodeCrypto.js → pairing-code-crypto.js} +26 -10
- package/dist/esm/client/WaClient.js +339 -175
- package/dist/esm/client/WaClientFactory.js +401 -68
- package/dist/esm/client/connection/WaConnectionManager.js +23 -11
- package/dist/esm/client/coordinators/WaAbPropsCoordinator.js +137 -0
- package/dist/esm/client/coordinators/WaBusinessCoordinator.js +229 -0
- package/dist/esm/client/coordinators/WaEmailCoordinator.js +60 -0
- package/dist/esm/client/coordinators/WaGroupCoordinator.js +11 -7
- package/dist/esm/client/coordinators/WaIncomingNodeCoordinator.js +36 -10
- package/dist/esm/client/coordinators/WaMessageDispatchCoordinator.js +337 -114
- package/dist/esm/client/coordinators/WaOfflineResumeCoordinator.js +110 -0
- package/dist/esm/client/coordinators/WaPassiveTasksCoordinator.js +97 -36
- package/dist/esm/client/coordinators/WaPrivacyCoordinator.js +131 -0
- package/dist/esm/client/coordinators/WaProfileCoordinator.js +211 -0
- package/dist/esm/client/coordinators/WaRetryCoordinator.js +186 -32
- package/dist/esm/client/coordinators/WaStreamControlCoordinator.js +19 -12
- package/dist/esm/client/coordinators/WaTrustedContactTokenCoordinator.js +180 -0
- package/dist/esm/client/dirty.js +41 -21
- package/dist/esm/client/events/abprops.js +40 -0
- package/dist/esm/client/events/devices.js +68 -0
- package/dist/esm/client/events/group.js +3 -11
- package/dist/esm/client/events/identity.js +19 -0
- package/dist/esm/client/events/privacy-token.js +35 -0
- package/dist/esm/client/events/registration.js +39 -0
- package/dist/esm/client/history-sync.js +50 -9
- package/dist/esm/client/incoming.js +74 -8
- package/dist/esm/client/mailbox.js +40 -23
- package/dist/esm/client/media.js +234 -0
- package/dist/esm/client/messages.js +244 -91
- package/dist/esm/client/messaging/fanout.js +22 -12
- package/dist/esm/client/messaging/participants.js +6 -4
- package/dist/esm/client/persistence/WriteBehindPersistence.js +125 -0
- package/dist/esm/client/tokens/cs-token.js +46 -0
- package/dist/esm/client/tokens/tc-token.js +18 -0
- package/dist/esm/crypto/core/index.js +3 -2
- package/dist/esm/crypto/core/keys.js +1 -1
- package/dist/esm/crypto/core/nonce.js +2 -0
- package/dist/esm/crypto/core/primitives.js +0 -7
- package/dist/esm/crypto/core/random.js +23 -7
- package/dist/esm/crypto/core/xeddsa.js +53 -0
- package/dist/esm/crypto/curves/X25519.js +45 -8
- package/dist/esm/crypto/curves/constants.js +1 -0
- package/dist/esm/crypto/index.js +1 -0
- package/dist/esm/crypto/math/constants.js +12 -35
- package/dist/esm/crypto/math/edwards.js +174 -47
- package/dist/esm/crypto/math/fe.js +691 -0
- package/dist/esm/crypto/math/mod.js +10 -1
- package/dist/esm/index.js +1 -1
- package/dist/esm/infra/perf/BackgroundQueue.js +478 -0
- package/dist/esm/infra/perf/BoundedTaskQueue.js +3 -1
- package/dist/esm/infra/perf/PromiseDedup.js +20 -0
- package/dist/esm/infra/perf/SharedExclusiveGate.js +109 -0
- package/dist/esm/infra/perf/StoreLock.js +80 -0
- package/dist/esm/media/WaMediaCrypto.js +332 -55
- package/dist/esm/media/WaMediaTransferClient.js +69 -220
- package/dist/esm/media/constants.js +4 -1
- package/dist/esm/media/processor.js +1 -0
- package/dist/esm/message/WaMessageClient.js +26 -19
- package/dist/esm/message/addon-crypto.js +130 -3
- package/dist/esm/message/content.js +206 -14
- package/dist/esm/message/icdc.js +76 -0
- package/dist/esm/message/incoming.js +38 -24
- package/dist/esm/message/phash.js +35 -13
- package/dist/esm/message/reporting-token.js +17 -30
- package/dist/esm/message/use-case-secret.js +1 -1
- package/dist/esm/protocol/abprops.js +159 -0
- package/dist/esm/protocol/appstate.js +9 -40
- package/dist/esm/protocol/browser.js +24 -18
- package/dist/esm/protocol/constants.js +8 -4
- package/dist/esm/protocol/defaults.js +6 -0
- package/dist/esm/protocol/email.js +30 -0
- package/dist/esm/protocol/index.js +1 -2
- package/dist/esm/protocol/jid.js +142 -39
- package/dist/esm/protocol/message.js +61 -1
- package/dist/esm/protocol/nodes.js +8 -2
- package/dist/esm/protocol/notification.js +9 -1
- package/dist/esm/protocol/privacy-token.js +17 -0
- package/dist/esm/protocol/privacy.js +55 -0
- package/dist/esm/protocol/stream.js +26 -1
- package/dist/esm/retry/codec.js +216 -0
- package/dist/esm/retry/constants.js +1 -1
- package/dist/esm/retry/index.js +2 -2
- package/dist/esm/retry/parse.js +50 -30
- package/dist/esm/retry/reason.js +1 -1
- package/dist/esm/retry/replay.js +11 -7
- package/dist/esm/retry/tracker.js +50 -12
- package/dist/esm/signal/api/SignalDeviceSyncApi.js +52 -32
- package/dist/esm/signal/api/SignalDigestSyncApi.js +21 -15
- package/dist/esm/signal/api/SignalIdentitySyncApi.js +30 -15
- package/dist/esm/signal/api/SignalMissingPreKeysSyncApi.js +19 -8
- package/dist/esm/signal/api/SignalRotateKeyApi.js +4 -2
- package/dist/esm/signal/api/SignalSessionSyncApi.js +17 -8
- package/dist/esm/signal/api/result-map.js +10 -0
- package/dist/esm/signal/constants.js +0 -4
- package/dist/esm/signal/crypto/WaAdvSignature.js +5 -45
- package/dist/esm/signal/crypto/constants.js +0 -4
- package/dist/esm/signal/{store/sqlite.js → encoding.js} +40 -29
- package/dist/esm/signal/group/SenderKeyChain.js +3 -3
- package/dist/esm/signal/group/SenderKeyCodec.js +8 -8
- package/dist/esm/signal/group/SenderKeyManager.js +131 -109
- package/dist/esm/signal/index.js +1 -0
- package/dist/esm/signal/registration/keygen.js +8 -5
- package/dist/esm/signal/registration/utils.js +3 -2
- package/dist/esm/signal/session/SignalProtocol.js +158 -81
- package/dist/esm/signal/session/SignalRatchet.js +21 -10
- package/dist/esm/signal/session/SignalSerializer.js +5 -6
- package/dist/esm/signal/session/SignalSession.js +11 -9
- package/dist/esm/signal/session/resolver.js +140 -105
- package/dist/esm/store/contracts/identity.store.js +1 -0
- package/dist/esm/store/contracts/message-secret.store.js +1 -0
- package/dist/esm/store/contracts/pre-key.store.js +1 -0
- package/dist/esm/store/contracts/privacy-token.store.js +1 -0
- package/dist/esm/store/contracts/session.store.js +1 -0
- package/dist/esm/store/createStore.js +143 -193
- package/dist/esm/store/index.js +5 -10
- package/dist/esm/store/locks/appstate.lock.js +26 -0
- package/dist/esm/store/locks/auth.lock.js +15 -0
- package/dist/esm/store/locks/contact.lock.js +20 -0
- package/dist/esm/store/locks/device-list.lock.js +20 -0
- package/dist/esm/store/locks/identity.lock.js +16 -0
- package/dist/esm/store/locks/message-secret.lock.js +17 -0
- package/dist/esm/store/locks/message.lock.js +21 -0
- package/dist/esm/store/locks/participants.lock.js +20 -0
- package/dist/esm/store/locks/pre-key.lock.js +27 -0
- package/dist/esm/store/locks/privacy-token.lock.js +18 -0
- package/dist/esm/store/locks/retry.lock.js +29 -0
- package/dist/esm/store/locks/sender-key.lock.js +52 -0
- package/dist/esm/store/locks/session.lock.js +19 -0
- package/dist/esm/store/locks/signal.lock.js +39 -0
- package/dist/esm/store/locks/thread.lock.js +21 -0
- package/dist/esm/store/noop.store.js +21 -1
- package/dist/esm/store/providers/memory/appstate.store.js +22 -24
- package/dist/esm/store/providers/memory/device-list.store.js +13 -5
- package/dist/esm/store/providers/memory/identity.store.js +31 -0
- package/dist/esm/store/providers/memory/message-secret.store.js +81 -0
- package/dist/esm/store/providers/memory/participants.store.js +3 -0
- package/dist/esm/store/providers/memory/pre-key.store.js +97 -0
- package/dist/esm/store/providers/memory/privacy-token.store.js +43 -0
- package/dist/esm/store/providers/memory/retry.store.js +99 -10
- package/dist/esm/store/providers/memory/sender-key.store.js +6 -1
- package/dist/esm/store/providers/memory/session.store.js +45 -0
- package/dist/esm/store/providers/memory/signal.store.js +1 -147
- package/dist/esm/transport/WaComms.js +7 -4
- package/dist/esm/transport/WaWebSocket.js +9 -7
- package/dist/esm/transport/binary/constants.js +0 -30
- package/dist/esm/transport/binary/decoder.js +4 -4
- package/dist/esm/transport/binary/encoder.js +8 -15
- package/dist/esm/transport/binary/index.js +0 -1
- package/dist/esm/transport/index.js +6 -0
- package/dist/esm/transport/keepalive/WaKeepAlive.js +17 -8
- package/dist/esm/transport/node/WaMobileTcpSocket.js +114 -0
- package/dist/esm/transport/node/WaNodeOrchestrator.js +37 -22
- package/dist/esm/transport/node/builders/abprops.js +20 -0
- package/dist/esm/transport/node/builders/business.js +129 -0
- package/dist/esm/transport/node/builders/device.js +11 -0
- package/dist/esm/transport/node/builders/email.js +65 -0
- package/dist/esm/transport/node/builders/global.js +370 -0
- package/dist/esm/transport/node/builders/message.js +63 -239
- package/dist/esm/transport/node/builders/offline.js +14 -0
- package/dist/esm/transport/node/builders/pairing.js +0 -24
- package/dist/esm/transport/node/builders/prekeys.js +37 -40
- package/dist/esm/transport/node/builders/presence.js +13 -0
- package/dist/esm/transport/node/builders/privacy-token.js +37 -0
- package/dist/esm/transport/node/builders/privacy.js +48 -0
- package/dist/esm/transport/node/builders/profile.js +70 -0
- package/dist/esm/transport/node/builders/retry.js +11 -23
- package/dist/esm/transport/node/builders/usync.js +6 -2
- package/dist/esm/transport/node/helpers.js +43 -1
- package/dist/esm/transport/node/mex/argo-decoder.js +152 -0
- package/dist/esm/transport/node/mex/client.js +83 -0
- package/dist/esm/transport/node/mex/persist-ids.js +10 -0
- package/dist/esm/transport/node/usync.js +3 -33
- package/dist/esm/transport/node/xml.js +35 -14
- package/dist/esm/transport/noise/WaClientPayload.js +24 -19
- package/dist/esm/transport/noise/WaFrameCodec.js +2 -2
- package/dist/esm/transport/noise/WaMobileClientPayload.js +53 -0
- package/dist/esm/transport/noise/WaNoiseCert.js +9 -27
- package/dist/esm/transport/noise/WaNoiseSession.js +76 -34
- package/dist/esm/transport/noise/WaNoiseSocket.js +8 -4
- package/dist/esm/transport/stream/parse.js +8 -4
- package/dist/esm/util/bytes.js +22 -18
- package/dist/esm/util/index.js +5 -0
- package/dist/esm/util/primitives.js +3 -2
- package/dist/index.js +7 -1
- package/dist/infra/perf/BackgroundQueue.js +482 -0
- package/dist/infra/perf/BoundedTaskQueue.js +3 -1
- package/dist/infra/perf/PromiseDedup.js +24 -0
- package/dist/infra/perf/SharedExclusiveGate.js +113 -0
- package/dist/infra/perf/StoreLock.js +84 -0
- package/dist/media/WaMediaCrypto.js +328 -51
- package/dist/media/WaMediaTransferClient.js +72 -253
- package/dist/media/constants.js +5 -2
- package/dist/media/processor.js +2 -0
- package/dist/message/WaMessageClient.js +26 -19
- package/dist/message/addon-crypto.js +131 -0
- package/dist/message/content.js +211 -14
- package/dist/message/icdc.js +81 -0
- package/dist/message/incoming.js +38 -24
- package/dist/message/phash.js +35 -13
- package/dist/message/reporting-token.js +16 -30
- package/dist/message/use-case-secret.js +1 -1
- package/dist/protocol/abprops.js +163 -0
- package/dist/protocol/appstate.js +10 -41
- package/dist/protocol/browser.js +25 -18
- package/dist/protocol/constants.js +33 -2
- package/dist/protocol/defaults.js +6 -0
- package/dist/protocol/email.js +33 -0
- package/dist/protocol/index.js +8 -5
- package/dist/protocol/jid.js +149 -39
- package/dist/protocol/message.js +62 -2
- package/dist/protocol/nodes.js +8 -2
- package/dist/protocol/notification.js +10 -2
- package/dist/protocol/privacy-token.js +20 -0
- package/dist/protocol/privacy.js +58 -0
- package/dist/protocol/stream.js +27 -2
- package/dist/retry/codec.js +220 -0
- package/dist/retry/constants.js +1 -1
- package/dist/retry/index.js +5 -5
- package/dist/retry/parse.js +51 -30
- package/dist/retry/reason.js +1 -1
- package/dist/retry/replay.js +10 -6
- package/dist/retry/tracker.js +50 -12
- package/dist/signal/api/SignalDeviceSyncApi.js +51 -31
- package/dist/signal/api/SignalDigestSyncApi.js +21 -15
- package/dist/signal/api/SignalIdentitySyncApi.js +29 -14
- package/dist/signal/api/SignalMissingPreKeysSyncApi.js +17 -6
- package/dist/signal/api/SignalRotateKeyApi.js +4 -2
- package/dist/signal/api/SignalSessionSyncApi.js +16 -7
- package/dist/signal/api/result-map.js +13 -0
- package/dist/signal/constants.js +1 -5
- package/dist/signal/crypto/WaAdvSignature.js +2 -44
- package/dist/signal/crypto/constants.js +1 -5
- package/dist/signal/{store/sqlite.js → encoding.js} +41 -25
- package/dist/signal/group/SenderKeyChain.js +2 -2
- package/dist/signal/group/SenderKeyCodec.js +8 -8
- package/dist/signal/group/SenderKeyManager.js +130 -108
- package/dist/signal/index.js +13 -1
- package/dist/signal/registration/keygen.js +7 -4
- package/dist/signal/registration/utils.js +3 -2
- package/dist/signal/session/SignalProtocol.js +158 -81
- package/dist/signal/session/SignalRatchet.js +19 -8
- package/dist/signal/session/SignalSerializer.js +5 -6
- package/dist/signal/session/SignalSession.js +11 -9
- package/dist/signal/session/resolver.js +138 -103
- package/dist/store/contracts/identity.store.js +2 -0
- package/dist/store/contracts/message-secret.store.js +2 -0
- package/dist/store/contracts/pre-key.store.js +2 -0
- package/dist/store/contracts/privacy-token.store.js +2 -0
- package/dist/store/contracts/session.store.js +2 -0
- package/dist/store/createStore.js +142 -192
- package/dist/store/index.js +23 -33
- package/dist/store/locks/appstate.lock.js +29 -0
- package/dist/store/locks/auth.lock.js +18 -0
- package/dist/store/locks/contact.lock.js +23 -0
- package/dist/store/locks/device-list.lock.js +23 -0
- package/dist/store/locks/identity.lock.js +19 -0
- package/dist/store/locks/message-secret.lock.js +20 -0
- package/dist/store/locks/message.lock.js +24 -0
- package/dist/store/locks/participants.lock.js +23 -0
- package/dist/store/locks/pre-key.lock.js +30 -0
- package/dist/store/locks/privacy-token.lock.js +21 -0
- package/dist/store/locks/retry.lock.js +32 -0
- package/dist/store/locks/sender-key.lock.js +55 -0
- package/dist/store/locks/session.lock.js +22 -0
- package/dist/store/locks/signal.lock.js +42 -0
- package/dist/store/locks/thread.lock.js +24 -0
- package/dist/store/noop.store.js +22 -2
- package/dist/store/providers/memory/appstate.store.js +22 -24
- package/dist/store/providers/memory/device-list.store.js +13 -5
- package/dist/store/providers/memory/identity.store.js +35 -0
- package/dist/store/providers/memory/message-secret.store.js +85 -0
- package/dist/store/providers/memory/participants.store.js +3 -0
- package/dist/store/providers/memory/pre-key.store.js +101 -0
- package/dist/store/providers/memory/privacy-token.store.js +47 -0
- package/dist/store/providers/memory/retry.store.js +98 -9
- package/dist/store/providers/memory/sender-key.store.js +6 -1
- package/dist/store/providers/memory/session.store.js +49 -0
- package/dist/store/providers/memory/signal.store.js +1 -147
- package/dist/transport/WaComms.js +7 -4
- package/dist/transport/WaWebSocket.js +9 -7
- package/dist/transport/binary/constants.js +1 -31
- package/dist/transport/binary/decoder.js +4 -4
- package/dist/transport/binary/encoder.js +8 -15
- package/dist/transport/binary/index.js +0 -4
- package/dist/transport/index.js +17 -1
- package/dist/transport/keepalive/WaKeepAlive.js +17 -8
- package/dist/transport/node/WaMobileTcpSocket.js +118 -0
- package/dist/transport/node/WaNodeOrchestrator.js +36 -21
- package/dist/transport/node/builders/abprops.js +23 -0
- package/dist/transport/node/builders/business.js +137 -0
- package/dist/transport/node/builders/device.js +14 -0
- package/dist/transport/node/builders/email.js +72 -0
- package/dist/transport/node/builders/global.js +375 -0
- package/dist/transport/node/builders/message.js +64 -245
- package/dist/transport/node/builders/offline.js +17 -0
- package/dist/transport/node/builders/pairing.js +0 -26
- package/dist/transport/node/builders/prekeys.js +36 -39
- package/dist/transport/node/builders/presence.js +16 -0
- package/dist/transport/node/builders/privacy-token.js +42 -0
- package/dist/transport/node/builders/privacy.js +55 -0
- package/dist/transport/node/builders/profile.js +78 -0
- package/dist/transport/node/builders/retry.js +10 -22
- package/dist/transport/node/builders/usync.js +6 -2
- package/dist/transport/node/helpers.js +46 -1
- package/dist/transport/node/mex/argo-decoder.js +189 -0
- package/dist/transport/node/mex/client.js +86 -0
- package/dist/transport/node/mex/persist-ids.js +13 -0
- package/dist/transport/node/usync.js +2 -32
- package/dist/transport/node/xml.js +35 -14
- package/dist/transport/noise/WaClientPayload.js +26 -21
- package/dist/transport/noise/WaFrameCodec.js +1 -1
- package/dist/transport/noise/WaMobileClientPayload.js +56 -0
- package/dist/transport/noise/WaNoiseCert.js +8 -26
- package/dist/transport/noise/WaNoiseSession.js +75 -33
- package/dist/transport/noise/WaNoiseSocket.js +8 -4
- package/dist/transport/stream/parse.js +7 -3
- package/dist/types/appstate/WaAppStateCrypto.d.ts +11 -8
- package/dist/types/appstate/WaAppStateSyncClient.d.ts +6 -2
- package/dist/types/appstate/encoding.d.ts +7 -0
- package/dist/types/appstate/index.d.ts +3 -3
- package/dist/types/appstate/{WaAppStateSyncResponseParser.d.ts → response-parser.d.ts} +1 -1
- package/dist/types/appstate/types.d.ts +1 -1
- package/dist/types/appstate/utils.d.ts +0 -2
- package/dist/types/auth/WaAuthClient.d.ts +9 -3
- package/dist/types/auth/credentials-flow.d.ts +20 -0
- package/dist/types/auth/index.d.ts +0 -2
- package/dist/types/auth/pairing/WaPairingFlow.d.ts +3 -2
- package/dist/types/auth/pairing/{WaPairingCodeCrypto.d.ts → pairing-code-crypto.d.ts} +6 -1
- package/dist/types/auth/types.d.ts +41 -0
- package/dist/types/client/WaClient.d.ts +44 -18
- package/dist/types/client/WaClientFactory.d.ts +22 -8
- package/dist/types/client/connection/WaConnectionManager.d.ts +2 -0
- package/dist/types/client/coordinators/WaAbPropsCoordinator.d.ts +26 -0
- package/dist/types/client/coordinators/WaBusinessCoordinator.d.ts +57 -0
- package/dist/types/client/coordinators/WaEmailCoordinator.d.ts +24 -0
- package/dist/types/client/coordinators/WaIncomingNodeCoordinator.d.ts +9 -2
- package/dist/types/client/coordinators/WaMessageDispatchCoordinator.d.ts +29 -2
- package/dist/types/client/coordinators/WaOfflineResumeCoordinator.d.ts +31 -0
- package/dist/types/client/coordinators/WaPassiveTasksCoordinator.d.ts +16 -1
- package/dist/types/client/coordinators/WaPrivacyCoordinator.d.ts +26 -0
- package/dist/types/client/coordinators/WaProfileCoordinator.d.ts +38 -0
- package/dist/types/client/coordinators/WaRetryCoordinator.d.ts +12 -0
- package/dist/types/client/coordinators/WaStreamControlCoordinator.d.ts +3 -2
- package/dist/types/client/coordinators/WaTrustedContactTokenCoordinator.d.ts +55 -0
- package/dist/types/client/dirty.d.ts +3 -1
- package/dist/types/client/events/abprops.d.ts +14 -0
- package/dist/types/client/events/devices.d.ts +20 -0
- package/dist/types/client/events/identity.d.ts +9 -0
- package/dist/types/client/events/privacy-token.d.ts +7 -0
- package/dist/types/client/events/registration.d.ts +17 -0
- package/dist/types/client/history-sync.d.ts +9 -6
- package/dist/types/client/incoming.d.ts +9 -2
- package/dist/types/client/index.d.ts +1 -1
- package/dist/types/client/mailbox.d.ts +5 -5
- package/dist/types/client/media.d.ts +31 -0
- package/dist/types/client/messages.d.ts +3 -2
- package/dist/types/client/persistence/WriteBehindPersistence.d.ts +34 -0
- package/dist/types/client/tokens/cs-token.d.ts +10 -0
- package/dist/types/client/tokens/tc-token.d.ts +5 -0
- package/dist/types/client/types.d.ts +151 -4
- package/dist/types/crypto/core/index.d.ts +3 -2
- package/dist/types/crypto/core/nonce.d.ts +2 -0
- package/dist/types/crypto/core/primitives.d.ts +1 -2
- package/dist/types/crypto/core/random.d.ts +2 -1
- package/dist/types/crypto/core/xeddsa.d.ts +2 -0
- package/dist/types/crypto/curves/constants.d.ts +1 -0
- package/dist/types/crypto/index.d.ts +2 -0
- package/dist/types/crypto/math/constants.d.ts +4 -2
- package/dist/types/crypto/math/fe.d.ts +30 -0
- package/dist/types/crypto/math/mod.d.ts +0 -2
- package/dist/types/crypto/math/types.d.ts +11 -4
- package/dist/types/index.d.ts +6 -3
- package/dist/types/infra/log/ConsoleLogger.d.ts +1 -1
- package/dist/types/infra/log/PinoLogger.d.ts +1 -1
- package/dist/types/infra/perf/BackgroundQueue.d.ts +58 -0
- package/dist/types/infra/perf/PromiseDedup.d.ts +4 -0
- package/dist/types/infra/perf/SharedExclusiveGate.d.ts +17 -0
- package/dist/types/infra/perf/StoreLock.d.ts +11 -0
- package/dist/types/media/WaMediaCrypto.d.ts +16 -6
- package/dist/types/media/WaMediaTransferClient.d.ts +6 -23
- package/dist/types/media/constants.d.ts +3 -1
- package/dist/types/media/index.d.ts +2 -1
- package/dist/types/media/processor.d.ts +28 -0
- package/dist/types/media/types.d.ts +19 -5
- package/dist/types/message/addon-crypto.d.ts +34 -3
- package/dist/types/message/content.d.ts +11 -1
- package/dist/types/message/icdc.d.ts +13 -0
- package/dist/types/message/reporting-token.d.ts +0 -1
- package/dist/types/message/types.d.ts +42 -11
- package/dist/types/protocol/abprops.d.ts +142 -0
- package/dist/types/protocol/appstate.d.ts +0 -11
- package/dist/types/protocol/browser.d.ts +1 -0
- package/dist/types/protocol/constants.d.ts +12 -4
- package/dist/types/protocol/defaults.d.ts +6 -0
- package/dist/types/protocol/email.d.ts +32 -0
- package/dist/types/protocol/index.d.ts +1 -2
- package/dist/types/protocol/jid.d.ts +20 -2
- package/dist/types/protocol/message.d.ts +60 -0
- package/dist/types/protocol/nodes.d.ts +6 -0
- package/dist/types/protocol/notification.d.ts +8 -0
- package/dist/types/protocol/privacy-token.d.ts +17 -0
- package/dist/types/protocol/privacy.d.ts +75 -0
- package/dist/types/protocol/stream.d.ts +31 -0
- package/dist/types/retry/codec.d.ts +3 -0
- package/dist/types/retry/index.d.ts +3 -3
- package/dist/types/retry/parse.d.ts +5 -2
- package/dist/types/retry/reason.d.ts +1 -1
- package/dist/types/retry/tracker.d.ts +1 -0
- package/dist/types/retry/types.d.ts +6 -1
- package/dist/types/signal/api/SignalDeviceSyncApi.d.ts +2 -1
- package/dist/types/signal/api/SignalDigestSyncApi.d.ts +9 -0
- package/dist/types/signal/api/SignalIdentitySyncApi.d.ts +5 -3
- package/dist/types/signal/api/SignalRotateKeyApi.d.ts +4 -5
- package/dist/types/signal/api/SignalSessionSyncApi.d.ts +8 -6
- package/dist/types/signal/api/result-map.d.ts +1 -0
- package/dist/types/signal/constants.d.ts +0 -3
- package/dist/types/signal/crypto/WaAdvSignature.d.ts +0 -2
- package/dist/types/signal/crypto/constants.d.ts +0 -1
- package/dist/types/signal/{store/sqlite.d.ts → encoding.d.ts} +9 -3
- package/dist/types/signal/group/SenderKeyChain.d.ts +1 -1
- package/dist/types/signal/group/SenderKeyManager.d.ts +17 -7
- package/dist/types/signal/index.d.ts +2 -0
- package/dist/types/signal/registration/utils.d.ts +2 -1
- package/dist/types/signal/session/SignalProtocol.d.ts +21 -6
- package/dist/types/signal/session/SignalSerializer.d.ts +2 -1
- package/dist/types/signal/session/resolver.d.ts +11 -4
- package/dist/types/signal/types.d.ts +16 -4
- package/dist/types/store/contracts/appstate.store.d.ts +1 -1
- package/dist/types/store/contracts/identity.store.d.ts +11 -0
- package/dist/types/store/contracts/message-secret.store.d.ts +16 -0
- package/dist/types/store/contracts/pre-key.store.d.ts +13 -0
- package/dist/types/store/contracts/privacy-token.store.d.ts +16 -0
- package/dist/types/store/contracts/retry.store.d.ts +7 -0
- package/dist/types/store/contracts/session.store.d.ts +14 -0
- package/dist/types/store/contracts/signal.store.d.ts +1 -27
- package/dist/types/store/createStore.d.ts +1 -1
- package/dist/types/store/index.d.ts +12 -12
- package/dist/types/store/locks/appstate.lock.d.ts +3 -0
- package/dist/types/store/locks/auth.lock.d.ts +3 -0
- package/dist/types/store/locks/contact.lock.d.ts +3 -0
- package/dist/types/store/locks/device-list.lock.d.ts +2 -0
- package/dist/types/store/locks/identity.lock.d.ts +3 -0
- package/dist/types/store/locks/message-secret.lock.d.ts +3 -0
- package/dist/types/store/locks/message.lock.d.ts +3 -0
- package/dist/types/store/locks/participants.lock.d.ts +2 -0
- package/dist/types/store/locks/pre-key.lock.d.ts +3 -0
- package/dist/types/store/locks/privacy-token.lock.d.ts +2 -0
- package/dist/types/store/locks/retry.lock.d.ts +2 -0
- package/dist/types/store/locks/sender-key.lock.d.ts +3 -0
- package/dist/types/store/locks/session.lock.d.ts +3 -0
- package/dist/types/store/locks/signal.lock.d.ts +3 -0
- package/dist/types/store/locks/thread.lock.d.ts +3 -0
- package/dist/types/store/noop.store.d.ts +4 -0
- package/dist/types/store/providers/memory/appstate.store.d.ts +1 -1
- package/dist/types/store/providers/memory/identity.store.d.ts +18 -0
- package/dist/types/store/providers/memory/message-secret.store.d.ts +21 -0
- package/dist/types/store/providers/memory/pre-key.store.d.ts +23 -0
- package/dist/types/store/providers/memory/privacy-token.store.d.ts +13 -0
- package/dist/types/store/providers/memory/retry.store.d.ts +15 -1
- package/dist/types/store/providers/memory/session.store.d.ts +21 -0
- package/dist/types/store/providers/memory/signal.store.d.ts +2 -43
- package/dist/types/store/providers/memory/thread.store.d.ts +1 -1
- package/dist/types/store/types.d.ts +69 -61
- package/dist/types/transport/WaWebSocket.d.ts +1 -1
- package/dist/types/transport/binary/constants.d.ts +0 -30
- package/dist/types/transport/binary/index.d.ts +0 -1
- package/dist/types/transport/index.d.ts +8 -1
- package/dist/types/transport/keepalive/WaKeepAlive.d.ts +4 -1
- package/dist/types/transport/node/WaMobileTcpSocket.d.ts +18 -0
- package/dist/types/transport/node/WaNodeOrchestrator.d.ts +9 -6
- package/dist/types/transport/node/builders/abprops.d.ts +5 -0
- package/dist/types/transport/node/builders/business.d.ts +29 -0
- package/dist/types/transport/node/builders/device.d.ts +2 -0
- package/dist/types/transport/node/builders/email.d.ts +11 -0
- package/dist/types/transport/node/builders/global.d.ts +102 -0
- package/dist/types/transport/node/builders/message.d.ts +8 -7
- package/dist/types/transport/node/builders/offline.d.ts +2 -0
- package/dist/types/transport/node/builders/pairing.d.ts +0 -2
- package/dist/types/transport/node/builders/prekeys.d.ts +4 -3
- package/dist/types/transport/node/builders/presence.d.ts +6 -0
- package/dist/types/transport/node/builders/privacy-token.d.ts +9 -0
- package/dist/types/transport/node/builders/privacy.d.ts +7 -0
- package/dist/types/transport/node/builders/profile.d.ts +8 -0
- package/dist/types/transport/node/builders/retry.d.ts +0 -1
- package/dist/types/transport/node/helpers.d.ts +8 -0
- package/dist/types/transport/node/mex/argo-decoder.d.ts +11 -0
- package/dist/types/transport/node/mex/client.d.ts +18 -0
- package/dist/types/transport/node/mex/persist-ids.d.ts +14 -0
- package/dist/types/transport/noise/WaMobileClientPayload.d.ts +29 -0
- package/dist/types/transport/noise/WaNoiseCert.d.ts +7 -1
- package/dist/types/transport/noise/WaNoiseSession.d.ts +4 -2
- package/dist/types/transport/noise/WaNoiseSocket.d.ts +4 -2
- package/dist/types/transport/types.d.ts +8 -0
- package/dist/types/util/bytes.d.ts +1 -1
- package/dist/types/util/index.d.ts +5 -0
- package/dist/types/util/primitives.d.ts +0 -1
- package/dist/util/bytes.js +22 -18
- package/dist/util/index.js +23 -0
- package/dist/util/primitives.js +2 -2
- package/package.json +34 -10
- package/proto/index.js +1 -1
- package/dist/auth/flow/WaAuthCredentialsFlow.js +0 -130
- package/dist/auth/pairing/constants.js +0 -5
- package/dist/client/connection/WaKeyShareCoordinator.js +0 -63
- package/dist/crypto/core/constants.js +0 -4
- package/dist/esm/auth/flow/WaAuthCredentialsFlow.js +0 -125
- package/dist/esm/auth/pairing/constants.js +0 -2
- package/dist/esm/client/connection/WaKeyShareCoordinator.js +0 -59
- package/dist/esm/crypto/core/constants.js +0 -1
- package/dist/esm/retry/outbound.js +0 -82
- package/dist/esm/store/providers/sqlite/BaseSqliteStore.js +0 -37
- package/dist/esm/store/providers/sqlite/appstate.store.js +0 -250
- package/dist/esm/store/providers/sqlite/auth.store.js +0 -176
- package/dist/esm/store/providers/sqlite/connection.js +0 -245
- package/dist/esm/store/providers/sqlite/contact.store.js +0 -74
- package/dist/esm/store/providers/sqlite/device-list.store.js +0 -127
- package/dist/esm/store/providers/sqlite/message.store.js +0 -132
- package/dist/esm/store/providers/sqlite/migrations.js +0 -347
- package/dist/esm/store/providers/sqlite/participants.store.js +0 -77
- package/dist/esm/store/providers/sqlite/retry.store.js +0 -141
- package/dist/esm/store/providers/sqlite/sender-key.store.js +0 -198
- package/dist/esm/store/providers/sqlite/signal.store.js +0 -435
- package/dist/esm/store/providers/sqlite/table-names.js +0 -107
- package/dist/esm/store/providers/sqlite/thread.store.js +0 -85
- package/dist/esm/transport/node/builders/index.js +0 -8
- package/dist/retry/outbound.js +0 -87
- package/dist/store/providers/sqlite/BaseSqliteStore.js +0 -41
- package/dist/store/providers/sqlite/appstate.store.js +0 -254
- package/dist/store/providers/sqlite/auth.store.js +0 -180
- package/dist/store/providers/sqlite/connection.js +0 -281
- package/dist/store/providers/sqlite/contact.store.js +0 -78
- package/dist/store/providers/sqlite/device-list.store.js +0 -131
- package/dist/store/providers/sqlite/message.store.js +0 -136
- package/dist/store/providers/sqlite/migrations.js +0 -350
- package/dist/store/providers/sqlite/participants.store.js +0 -81
- package/dist/store/providers/sqlite/retry.store.js +0 -145
- package/dist/store/providers/sqlite/sender-key.store.js +0 -202
- package/dist/store/providers/sqlite/signal.store.js +0 -439
- package/dist/store/providers/sqlite/table-names.js +0 -113
- package/dist/store/providers/sqlite/thread.store.js +0 -89
- package/dist/transport/node/builders/index.js +0 -42
- package/dist/types/appstate/store/sqlite.d.ts +0 -7
- package/dist/types/auth/flow/WaAuthCredentialsFlow.d.ts +0 -14
- package/dist/types/auth/pairing/constants.d.ts +0 -2
- package/dist/types/client/connection/WaKeyShareCoordinator.d.ts +0 -14
- package/dist/types/crypto/core/constants.d.ts +0 -1
- package/dist/types/retry/outbound.d.ts +0 -4
- package/dist/types/store/providers/sqlite/BaseSqliteStore.d.ts +0 -12
- package/dist/types/store/providers/sqlite/appstate.store.d.ts +0 -17
- package/dist/types/store/providers/sqlite/auth.store.d.ts +0 -10
- package/dist/types/store/providers/sqlite/connection.d.ts +0 -10
- package/dist/types/store/providers/sqlite/contact.store.d.ts +0 -12
- package/dist/types/store/providers/sqlite/device-list.store.d.ts +0 -15
- package/dist/types/store/providers/sqlite/message.store.d.ts +0 -13
- package/dist/types/store/providers/sqlite/migrations.d.ts +0 -3
- package/dist/types/store/providers/sqlite/participants.store.d.ts +0 -12
- package/dist/types/store/providers/sqlite/retry.store.d.ts +0 -15
- package/dist/types/store/providers/sqlite/sender-key.store.d.ts +0 -24
- package/dist/types/store/providers/sqlite/signal.store.d.ts +0 -53
- package/dist/types/store/providers/sqlite/table-names.d.ts +0 -5
- package/dist/types/store/providers/sqlite/thread.store.d.ts +0 -13
- package/dist/types/transport/node/builders/index.d.ts +0 -8
- /package/dist/appstate/{WaAppStateSyncResponseParser.js → response-parser.js} +0 -0
|
@@ -0,0 +1,84 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.StoreLock = void 0;
|
|
4
|
+
class StoreLock {
|
|
5
|
+
constructor() {
|
|
6
|
+
this.chains = new Map();
|
|
7
|
+
this.closed = false;
|
|
8
|
+
}
|
|
9
|
+
run(key, task) {
|
|
10
|
+
return this.runInternal(key, task, true);
|
|
11
|
+
}
|
|
12
|
+
runInternal(key, task, rejectWhenClosed) {
|
|
13
|
+
if (this.closed) {
|
|
14
|
+
if (rejectWhenClosed) {
|
|
15
|
+
throw new Error('store lock is closed');
|
|
16
|
+
}
|
|
17
|
+
}
|
|
18
|
+
const previous = this.chains.get(key);
|
|
19
|
+
let current;
|
|
20
|
+
if (previous) {
|
|
21
|
+
current = previous.then(task);
|
|
22
|
+
}
|
|
23
|
+
else {
|
|
24
|
+
try {
|
|
25
|
+
current = task();
|
|
26
|
+
}
|
|
27
|
+
catch (error) {
|
|
28
|
+
current = Promise.reject(error);
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
const tracker = current.then(StoreLock._noop, StoreLock._noop);
|
|
32
|
+
this.chains.set(key, tracker);
|
|
33
|
+
tracker.then(() => {
|
|
34
|
+
if (this.chains.get(key) === tracker)
|
|
35
|
+
this.chains.delete(key);
|
|
36
|
+
}, () => {
|
|
37
|
+
if (this.chains.get(key) === tracker)
|
|
38
|
+
this.chains.delete(key);
|
|
39
|
+
});
|
|
40
|
+
return current;
|
|
41
|
+
}
|
|
42
|
+
runMany(keys, task) {
|
|
43
|
+
if (this.closed) {
|
|
44
|
+
throw new Error('store lock is closed');
|
|
45
|
+
}
|
|
46
|
+
if (keys.length <= 1) {
|
|
47
|
+
return keys.length === 0 ? task() : this.runInternal(keys[0], task, false);
|
|
48
|
+
}
|
|
49
|
+
const ordered = new Array(keys.length);
|
|
50
|
+
for (let index = 0; index < keys.length; index += 1) {
|
|
51
|
+
ordered[index] = keys[index];
|
|
52
|
+
}
|
|
53
|
+
ordered.sort();
|
|
54
|
+
let uniqueCount = 1;
|
|
55
|
+
let previousKey = ordered[0];
|
|
56
|
+
for (let index = 1; index < ordered.length; index += 1) {
|
|
57
|
+
const key = ordered[index];
|
|
58
|
+
if (key === previousKey) {
|
|
59
|
+
continue;
|
|
60
|
+
}
|
|
61
|
+
ordered[uniqueCount] = key;
|
|
62
|
+
uniqueCount += 1;
|
|
63
|
+
previousKey = key;
|
|
64
|
+
}
|
|
65
|
+
const acquire = (index) => index >= uniqueCount
|
|
66
|
+
? task()
|
|
67
|
+
: this.runInternal(ordered[index], () => Promise.resolve().then(() => acquire(index + 1)), false);
|
|
68
|
+
return acquire(0);
|
|
69
|
+
}
|
|
70
|
+
async shutdown() {
|
|
71
|
+
this.closed = true;
|
|
72
|
+
while (this.chains.size > 0) {
|
|
73
|
+
const pending = new Array(this.chains.size);
|
|
74
|
+
let pendingIndex = 0;
|
|
75
|
+
for (const chain of this.chains.values()) {
|
|
76
|
+
pending[pendingIndex] = chain;
|
|
77
|
+
pendingIndex += 1;
|
|
78
|
+
}
|
|
79
|
+
await Promise.allSettled(pending);
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
exports.StoreLock = StoreLock;
|
|
84
|
+
StoreLock._noop = () => undefined;
|
|
@@ -3,6 +3,10 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.WaMediaCrypto = void 0;
|
|
4
4
|
const node_crypto_1 = require("node:crypto");
|
|
5
5
|
const node_events_1 = require("node:events");
|
|
6
|
+
const node_fs_1 = require("node:fs");
|
|
7
|
+
const promises_1 = require("node:fs/promises");
|
|
8
|
+
const node_os_1 = require("node:os");
|
|
9
|
+
const node_path_1 = require("node:path");
|
|
6
10
|
const node_stream_1 = require("node:stream");
|
|
7
11
|
const hkdf_1 = require("../crypto/core/hkdf");
|
|
8
12
|
const primitives_1 = require("../crypto/core/primitives");
|
|
@@ -11,6 +15,87 @@ const constants_1 = require("./constants");
|
|
|
11
15
|
const constants_2 = require("../protocol/constants");
|
|
12
16
|
const bytes_1 = require("../util/bytes");
|
|
13
17
|
const primitives_2 = require("../util/primitives");
|
|
18
|
+
const AES_BLOCK_SIZE = 16;
|
|
19
|
+
const PKCS7_FULL_BLOCK = new Uint8Array(AES_BLOCK_SIZE).fill(AES_BLOCK_SIZE);
|
|
20
|
+
async function aesCbcEncryptChunk(key, iv, chunk, isFinal) {
|
|
21
|
+
const encrypted = await (0, primitives_1.aesCbcEncrypt)(key, iv, chunk);
|
|
22
|
+
if (isFinal) {
|
|
23
|
+
return {
|
|
24
|
+
ciphertext: encrypted,
|
|
25
|
+
nextIv: encrypted.subarray(encrypted.byteLength - AES_BLOCK_SIZE)
|
|
26
|
+
};
|
|
27
|
+
}
|
|
28
|
+
const ciphertext = encrypted.subarray(0, encrypted.byteLength - AES_BLOCK_SIZE);
|
|
29
|
+
return {
|
|
30
|
+
ciphertext,
|
|
31
|
+
nextIv: ciphertext.subarray(ciphertext.byteLength - AES_BLOCK_SIZE)
|
|
32
|
+
};
|
|
33
|
+
}
|
|
34
|
+
async function aesCbcDecryptChunk(key, iv, ciphertext, isFinal) {
|
|
35
|
+
const nextIv = (0, bytes_1.toBytesView)(ciphertext.subarray(ciphertext.byteLength - AES_BLOCK_SIZE));
|
|
36
|
+
if (isFinal) {
|
|
37
|
+
return { plaintext: await (0, primitives_1.aesCbcDecrypt)(key, iv, ciphertext), nextIv };
|
|
38
|
+
}
|
|
39
|
+
const padBlock = (await (0, primitives_1.aesCbcEncrypt)(key, nextIv, PKCS7_FULL_BLOCK)).subarray(0, AES_BLOCK_SIZE);
|
|
40
|
+
const withPad = (0, bytes_1.concatBytes)([ciphertext, padBlock]);
|
|
41
|
+
return { plaintext: await (0, primitives_1.aesCbcDecrypt)(key, iv, withPad), nextIv };
|
|
42
|
+
}
|
|
43
|
+
async function computeFirstFrameSidecar(macKey, ivCiphertext, firstFrameLength) {
|
|
44
|
+
const aligned = Math.ceil(firstFrameLength / AES_BLOCK_SIZE) * AES_BLOCK_SIZE;
|
|
45
|
+
const slice = ivCiphertext.subarray(0, constants_1.IV_SIZE + aligned);
|
|
46
|
+
const key = await (0, primitives_1.importHmacKey)(macKey);
|
|
47
|
+
const digest = await (0, primitives_1.hmacSign)(key, slice);
|
|
48
|
+
return digest.subarray(0, constants_1.SIDECAR_HMAC_SIZE);
|
|
49
|
+
}
|
|
50
|
+
class SidecarAccumulator {
|
|
51
|
+
constructor(macKey, estimatedSize = 0) {
|
|
52
|
+
this.resultOffset = 0;
|
|
53
|
+
this.totalPushed = 0;
|
|
54
|
+
this.windowOffset = 0;
|
|
55
|
+
this.nextChunkStart = 0;
|
|
56
|
+
this.macKey = macKey;
|
|
57
|
+
this.window = new Uint8Array(constants_1.IV_SIZE + constants_1.SIDECAR_CHUNK_SIZE);
|
|
58
|
+
const estimated = Math.max(Math.ceil(estimatedSize / constants_1.SIDECAR_CHUNK_SIZE) + 1, 16);
|
|
59
|
+
this.result = new Uint8Array(estimated * constants_1.SIDECAR_HMAC_SIZE);
|
|
60
|
+
}
|
|
61
|
+
push(data) {
|
|
62
|
+
let srcOffset = 0;
|
|
63
|
+
while (srcOffset < data.byteLength) {
|
|
64
|
+
const windowEnd = this.nextChunkStart + constants_1.IV_SIZE + constants_1.SIDECAR_CHUNK_SIZE;
|
|
65
|
+
const remaining = windowEnd - this.totalPushed;
|
|
66
|
+
const toCopy = Math.min(remaining, data.byteLength - srcOffset);
|
|
67
|
+
this.window.set(data.subarray(srcOffset, srcOffset + toCopy), this.windowOffset);
|
|
68
|
+
this.windowOffset += toCopy;
|
|
69
|
+
this.totalPushed += toCopy;
|
|
70
|
+
srcOffset += toCopy;
|
|
71
|
+
if (this.totalPushed === windowEnd) {
|
|
72
|
+
this.flushChunk();
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
finish() {
|
|
77
|
+
if (this.windowOffset > 0) {
|
|
78
|
+
this.flushChunk();
|
|
79
|
+
}
|
|
80
|
+
return this.result.subarray(0, this.resultOffset);
|
|
81
|
+
}
|
|
82
|
+
flushChunk() {
|
|
83
|
+
const digest = (0, node_crypto_1.createHmac)('sha256', this.macKey)
|
|
84
|
+
.update(this.window.subarray(0, this.windowOffset))
|
|
85
|
+
.digest();
|
|
86
|
+
if (this.resultOffset + constants_1.SIDECAR_HMAC_SIZE > this.result.byteLength) {
|
|
87
|
+
const grown = new Uint8Array(this.result.byteLength * 2);
|
|
88
|
+
grown.set(this.result);
|
|
89
|
+
this.result = grown;
|
|
90
|
+
}
|
|
91
|
+
this.result.set(digest.subarray(0, constants_1.SIDECAR_HMAC_SIZE), this.resultOffset);
|
|
92
|
+
this.resultOffset += constants_1.SIDECAR_HMAC_SIZE;
|
|
93
|
+
this.nextChunkStart += constants_1.SIDECAR_CHUNK_SIZE;
|
|
94
|
+
const overlapSrc = this.window.subarray(this.windowOffset - constants_1.IV_SIZE, this.windowOffset);
|
|
95
|
+
this.window.set(overlapSrc, 0);
|
|
96
|
+
this.windowOffset = constants_1.IV_SIZE;
|
|
97
|
+
}
|
|
98
|
+
}
|
|
14
99
|
class WaMediaCrypto {
|
|
15
100
|
static async generateMediaKey() {
|
|
16
101
|
return (0, random_1.randomBytesAsync)(32);
|
|
@@ -26,24 +111,41 @@ class WaMediaCrypto {
|
|
|
26
111
|
refKey: expanded.subarray(constants_1.MAC_KEY_END, constants_1.MEDIA_HKDF_SIZE)
|
|
27
112
|
};
|
|
28
113
|
}
|
|
29
|
-
static async encryptBytes(mediaType, mediaKey, plaintext) {
|
|
114
|
+
static async encryptBytes(mediaType, mediaKey, plaintext, options) {
|
|
30
115
|
const keys = await WaMediaCrypto.deriveKeys(mediaType, mediaKey);
|
|
31
|
-
const [aesKey,
|
|
116
|
+
const [aesKey, hmacKey] = await Promise.all([
|
|
32
117
|
(0, primitives_1.importAesCbcKey)(keys.encKey),
|
|
33
118
|
(0, primitives_1.importHmacKey)(keys.macKey)
|
|
34
119
|
]);
|
|
35
120
|
const ciphertext = await (0, primitives_1.aesCbcEncrypt)(aesKey, keys.iv, plaintext);
|
|
36
121
|
const ivCiphertext = (0, bytes_1.concatBytes)([keys.iv, ciphertext]);
|
|
37
|
-
const mac = await (0, primitives_1.hmacSign)(
|
|
122
|
+
const mac = await (0, primitives_1.hmacSign)(hmacKey, ivCiphertext);
|
|
38
123
|
const signature = mac.subarray(0, constants_1.HMAC_TRUNCATED_SIZE);
|
|
39
124
|
const ciphertextHmac = (0, bytes_1.concatBytes)([ciphertext, signature]);
|
|
125
|
+
let streamingSidecar;
|
|
126
|
+
if (options?.sidecar !== false) {
|
|
127
|
+
const acc = new SidecarAccumulator(keys.macKey);
|
|
128
|
+
acc.push(keys.iv);
|
|
129
|
+
acc.push(ciphertext);
|
|
130
|
+
acc.push(signature);
|
|
131
|
+
streamingSidecar = acc.finish();
|
|
132
|
+
}
|
|
133
|
+
const firstFrameSidecar = options?.firstFrameLength !== undefined
|
|
134
|
+
? await computeFirstFrameSidecar(keys.macKey, ivCiphertext, options.firstFrameLength)
|
|
135
|
+
: undefined;
|
|
40
136
|
const [fileSha256, fileEncSha256] = await Promise.all([
|
|
41
137
|
(0, primitives_1.sha256)(plaintext),
|
|
42
138
|
(0, primitives_1.sha256)(ciphertextHmac)
|
|
43
139
|
]);
|
|
44
|
-
return {
|
|
140
|
+
return {
|
|
141
|
+
ciphertextHmac,
|
|
142
|
+
fileSha256,
|
|
143
|
+
fileEncSha256,
|
|
144
|
+
streamingSidecar,
|
|
145
|
+
firstFrameSidecar
|
|
146
|
+
};
|
|
45
147
|
}
|
|
46
|
-
static async decryptBytes(mediaType, mediaKey, ciphertextHmac, expectedFileSha256, expectedFileEncSha256) {
|
|
148
|
+
static async decryptBytes(mediaType, mediaKey, ciphertextHmac, expectedFileSha256, expectedFileEncSha256, skipMacVerification = false) {
|
|
47
149
|
if (ciphertextHmac.byteLength < constants_1.HMAC_TRUNCATED_SIZE) {
|
|
48
150
|
throw new Error(`ciphertext too short: ${ciphertextHmac.byteLength}`);
|
|
49
151
|
}
|
|
@@ -54,17 +156,19 @@ class WaMediaCrypto {
|
|
|
54
156
|
}
|
|
55
157
|
}
|
|
56
158
|
const keys = await WaMediaCrypto.deriveKeys(mediaType, mediaKey);
|
|
159
|
+
const [aesKey, hmacKey] = await Promise.all([
|
|
160
|
+
(0, primitives_1.importAesCbcKey)(keys.encKey),
|
|
161
|
+
(0, primitives_1.importHmacKey)(keys.macKey)
|
|
162
|
+
]);
|
|
57
163
|
const ciphertext = ciphertextHmac.subarray(0, ciphertextHmac.byteLength - constants_1.HMAC_TRUNCATED_SIZE);
|
|
58
164
|
const expectedMac = ciphertextHmac.subarray(ciphertextHmac.byteLength - constants_1.HMAC_TRUNCATED_SIZE);
|
|
59
165
|
const ivCiphertext = (0, bytes_1.concatBytes)([keys.iv, ciphertext]);
|
|
60
|
-
|
|
61
|
-
(0, primitives_1.
|
|
62
|
-
(0,
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
if (!(0, bytes_1.uint8TimingSafeEqual)(signature, expectedMac)) {
|
|
67
|
-
throw new Error('media MAC mismatch');
|
|
166
|
+
if (!skipMacVerification) {
|
|
167
|
+
const mac = await (0, primitives_1.hmacSign)(hmacKey, ivCiphertext);
|
|
168
|
+
const signature = mac.subarray(0, constants_1.HMAC_TRUNCATED_SIZE);
|
|
169
|
+
if (!(0, bytes_1.uint8TimingSafeEqual)(signature, expectedMac)) {
|
|
170
|
+
throw new Error('media MAC mismatch');
|
|
171
|
+
}
|
|
68
172
|
}
|
|
69
173
|
const plaintext = await (0, primitives_1.aesCbcDecrypt)(aesKey, keys.iv, ciphertext);
|
|
70
174
|
const fileSha256 = await (0, primitives_1.sha256)(plaintext);
|
|
@@ -74,23 +178,28 @@ class WaMediaCrypto {
|
|
|
74
178
|
const fileEncSha256 = expectedFileEncSha256 ?? (await (0, primitives_1.sha256)(ciphertextHmac));
|
|
75
179
|
return { plaintext, fileSha256, fileEncSha256 };
|
|
76
180
|
}
|
|
77
|
-
static async encryptReadable(mediaType, mediaKey, plaintext) {
|
|
181
|
+
static async encryptReadable(mediaType, mediaKey, plaintext, options) {
|
|
78
182
|
const keys = await WaMediaCrypto.deriveKeys(mediaType, mediaKey);
|
|
79
183
|
const encrypted = new node_stream_1.PassThrough();
|
|
80
|
-
const metadata = pumpEncryption(plaintext, encrypted, keys);
|
|
184
|
+
const metadata = pumpEncryption(plaintext, encrypted, keys, options?.sidecar !== false, options?.firstFrameLength);
|
|
81
185
|
return { encrypted, metadata };
|
|
82
186
|
}
|
|
83
|
-
static async
|
|
84
|
-
const
|
|
85
|
-
const
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
187
|
+
static async encryptToFile(mediaType, mediaKey, plaintext, options) {
|
|
188
|
+
const keys = await WaMediaCrypto.deriveKeys(mediaType, mediaKey);
|
|
189
|
+
const filePath = (0, node_path_1.join)((0, node_os_1.tmpdir)(), `zapo-enc-${Date.now()}-${Math.random().toString(36).slice(2)}`);
|
|
190
|
+
const output = (0, node_fs_1.createWriteStream)(filePath);
|
|
191
|
+
try {
|
|
192
|
+
const metadata = await pumpEncryptionToWritable(plaintext, output, keys, options?.sidecar !== false, options?.firstFrameLength);
|
|
193
|
+
const fileSize = (await (0, promises_1.stat)(filePath)).size;
|
|
194
|
+
return { filePath, fileSize, ...metadata };
|
|
195
|
+
}
|
|
196
|
+
catch (error) {
|
|
197
|
+
await (0, promises_1.unlink)(filePath).catch(() => undefined);
|
|
198
|
+
throw error;
|
|
199
|
+
}
|
|
200
|
+
}
|
|
201
|
+
static async cleanupEncryptedFile(filePath) {
|
|
202
|
+
await (0, promises_1.unlink)(filePath).catch(() => undefined);
|
|
94
203
|
}
|
|
95
204
|
static async decryptReadable(encrypted, options) {
|
|
96
205
|
const keys = await WaMediaCrypto.deriveKeys(options.mediaType, options.mediaKey);
|
|
@@ -107,39 +216,80 @@ class WaMediaCrypto {
|
|
|
107
216
|
}
|
|
108
217
|
}
|
|
109
218
|
exports.WaMediaCrypto = WaMediaCrypto;
|
|
110
|
-
async function pumpEncryption(plaintext, encrypted, keys) {
|
|
219
|
+
async function pumpEncryption(plaintext, encrypted, keys, computeSidecar, firstFrameLength) {
|
|
220
|
+
const aesKey = await (0, primitives_1.importAesCbcKey)(keys.encKey);
|
|
111
221
|
const plainHash = (0, node_crypto_1.createHash)('sha256');
|
|
112
222
|
const encHash = (0, node_crypto_1.createHash)('sha256');
|
|
113
223
|
const hmac = (0, node_crypto_1.createHmac)('sha256', keys.macKey);
|
|
114
|
-
const
|
|
224
|
+
const sidecar = computeSidecar ? new SidecarAccumulator(keys.macKey) : null;
|
|
225
|
+
const ffTarget = firstFrameLength !== undefined
|
|
226
|
+
? constants_1.IV_SIZE + Math.ceil(firstFrameLength / AES_BLOCK_SIZE) * AES_BLOCK_SIZE
|
|
227
|
+
: 0;
|
|
228
|
+
let ffCollected = 0;
|
|
229
|
+
const ffChunks = ffTarget > 0 ? [keys.iv] : [];
|
|
230
|
+
if (ffTarget > 0)
|
|
231
|
+
ffCollected = constants_1.IV_SIZE;
|
|
232
|
+
let plaintextLength = 0;
|
|
233
|
+
let currentIv = keys.iv;
|
|
234
|
+
let pending = bytes_1.EMPTY_BYTES;
|
|
115
235
|
hmac.update(keys.iv);
|
|
236
|
+
sidecar?.push(keys.iv);
|
|
116
237
|
try {
|
|
117
238
|
for await (const chunk of plaintext) {
|
|
118
239
|
const plainChunk = (0, bytes_1.toChunkBytes)(chunk);
|
|
119
|
-
if (plainChunk.byteLength === 0)
|
|
240
|
+
if (plainChunk.byteLength === 0)
|
|
120
241
|
continue;
|
|
121
|
-
|
|
242
|
+
plaintextLength += plainChunk.byteLength;
|
|
122
243
|
plainHash.update(plainChunk);
|
|
123
|
-
const
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
244
|
+
const combined = pending.byteLength > 0
|
|
245
|
+
? (0, bytes_1.concatBytes)([pending, plainChunk])
|
|
246
|
+
: (0, bytes_1.toBytesView)(plainChunk);
|
|
247
|
+
const aligned = combined.byteLength - (combined.byteLength % AES_BLOCK_SIZE);
|
|
248
|
+
if (aligned === 0) {
|
|
249
|
+
pending = combined;
|
|
250
|
+
continue;
|
|
251
|
+
}
|
|
252
|
+
const toEncrypt = (0, bytes_1.toBytesView)(combined.subarray(0, aligned));
|
|
253
|
+
pending = (0, bytes_1.toBytesView)(combined.subarray(aligned));
|
|
254
|
+
const { ciphertext, nextIv } = await aesCbcEncryptChunk(aesKey, currentIv, toEncrypt, false);
|
|
255
|
+
currentIv = nextIv;
|
|
256
|
+
hmac.update(ciphertext);
|
|
257
|
+
encHash.update(ciphertext);
|
|
258
|
+
sidecar?.push(ciphertext);
|
|
259
|
+
if (ffCollected < ffTarget) {
|
|
260
|
+
const need = ffTarget - ffCollected;
|
|
261
|
+
ffChunks.push(ciphertext.subarray(0, Math.min(need, ciphertext.byteLength)));
|
|
262
|
+
ffCollected += ciphertext.byteLength;
|
|
128
263
|
}
|
|
264
|
+
await writeChunk(encrypted, ciphertext);
|
|
129
265
|
}
|
|
130
|
-
const
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
266
|
+
const { ciphertext: finalCiphertext } = await aesCbcEncryptChunk(aesKey, currentIv, pending, true);
|
|
267
|
+
hmac.update(finalCiphertext);
|
|
268
|
+
encHash.update(finalCiphertext);
|
|
269
|
+
sidecar?.push(finalCiphertext);
|
|
270
|
+
if (ffCollected < ffTarget) {
|
|
271
|
+
const need = ffTarget - ffCollected;
|
|
272
|
+
ffChunks.push(finalCiphertext.subarray(0, Math.min(need, finalCiphertext.byteLength)));
|
|
135
273
|
}
|
|
136
|
-
|
|
274
|
+
await writeChunk(encrypted, finalCiphertext);
|
|
275
|
+
const signature = (0, bytes_1.toBytesView)(hmac.digest().subarray(0, constants_1.HMAC_TRUNCATED_SIZE));
|
|
137
276
|
encHash.update(signature);
|
|
277
|
+
sidecar?.push(signature);
|
|
138
278
|
await writeChunk(encrypted, signature);
|
|
139
279
|
encrypted.end();
|
|
280
|
+
let firstFrameSidecar;
|
|
281
|
+
if (ffTarget > 0) {
|
|
282
|
+
const ivCiphertextSlice = (0, bytes_1.concatBytes)(ffChunks);
|
|
283
|
+
const ffKey = await (0, primitives_1.importHmacKey)(keys.macKey);
|
|
284
|
+
const ffDigest = await (0, primitives_1.hmacSign)(ffKey, ivCiphertextSlice);
|
|
285
|
+
firstFrameSidecar = ffDigest.subarray(0, constants_1.SIDECAR_HMAC_SIZE);
|
|
286
|
+
}
|
|
140
287
|
return {
|
|
141
288
|
fileSha256: (0, bytes_1.toBytesView)(plainHash.digest()),
|
|
142
|
-
fileEncSha256: (0, bytes_1.toBytesView)(encHash.digest())
|
|
289
|
+
fileEncSha256: (0, bytes_1.toBytesView)(encHash.digest()),
|
|
290
|
+
plaintextLength,
|
|
291
|
+
streamingSidecar: sidecar?.finish(),
|
|
292
|
+
firstFrameSidecar
|
|
143
293
|
};
|
|
144
294
|
}
|
|
145
295
|
catch (error) {
|
|
@@ -148,11 +298,121 @@ async function pumpEncryption(plaintext, encrypted, keys) {
|
|
|
148
298
|
throw normalized;
|
|
149
299
|
}
|
|
150
300
|
}
|
|
301
|
+
async function writeChunkToWritable(stream, chunk) {
|
|
302
|
+
if (chunk.byteLength === 0) {
|
|
303
|
+
return;
|
|
304
|
+
}
|
|
305
|
+
if (stream.write(chunk)) {
|
|
306
|
+
return;
|
|
307
|
+
}
|
|
308
|
+
await new Promise((resolve, reject) => {
|
|
309
|
+
const onDrain = () => {
|
|
310
|
+
stream.off('error', onError);
|
|
311
|
+
resolve();
|
|
312
|
+
};
|
|
313
|
+
const onError = (err) => {
|
|
314
|
+
stream.off('drain', onDrain);
|
|
315
|
+
reject(err);
|
|
316
|
+
};
|
|
317
|
+
stream.once('drain', onDrain);
|
|
318
|
+
stream.once('error', onError);
|
|
319
|
+
});
|
|
320
|
+
}
|
|
321
|
+
async function endWritable(stream) {
|
|
322
|
+
return new Promise((resolve, reject) => {
|
|
323
|
+
stream.on('error', reject);
|
|
324
|
+
stream.end(() => resolve());
|
|
325
|
+
});
|
|
326
|
+
}
|
|
327
|
+
async function pumpEncryptionToWritable(plaintext, output, keys, computeSidecar, firstFrameLength) {
|
|
328
|
+
const aesKey = await (0, primitives_1.importAesCbcKey)(keys.encKey);
|
|
329
|
+
const plainHash = (0, node_crypto_1.createHash)('sha256');
|
|
330
|
+
const encHash = (0, node_crypto_1.createHash)('sha256');
|
|
331
|
+
const hmac = (0, node_crypto_1.createHmac)('sha256', keys.macKey);
|
|
332
|
+
const sidecar = computeSidecar ? new SidecarAccumulator(keys.macKey) : null;
|
|
333
|
+
const ffTarget = firstFrameLength !== undefined
|
|
334
|
+
? constants_1.IV_SIZE + Math.ceil(firstFrameLength / AES_BLOCK_SIZE) * AES_BLOCK_SIZE
|
|
335
|
+
: 0;
|
|
336
|
+
let ffCollected = 0;
|
|
337
|
+
const ffChunks = ffTarget > 0 ? [keys.iv] : [];
|
|
338
|
+
if (ffTarget > 0)
|
|
339
|
+
ffCollected = constants_1.IV_SIZE;
|
|
340
|
+
let plaintextLength = 0;
|
|
341
|
+
let currentIv = keys.iv;
|
|
342
|
+
let pending = bytes_1.EMPTY_BYTES;
|
|
343
|
+
hmac.update(keys.iv);
|
|
344
|
+
sidecar?.push(keys.iv);
|
|
345
|
+
try {
|
|
346
|
+
for await (const chunk of plaintext) {
|
|
347
|
+
const plainChunk = (0, bytes_1.toChunkBytes)(chunk);
|
|
348
|
+
if (plainChunk.byteLength === 0)
|
|
349
|
+
continue;
|
|
350
|
+
plaintextLength += plainChunk.byteLength;
|
|
351
|
+
plainHash.update(plainChunk);
|
|
352
|
+
const combined = pending.byteLength > 0
|
|
353
|
+
? (0, bytes_1.concatBytes)([pending, plainChunk])
|
|
354
|
+
: (0, bytes_1.toBytesView)(plainChunk);
|
|
355
|
+
const aligned = combined.byteLength - (combined.byteLength % AES_BLOCK_SIZE);
|
|
356
|
+
if (aligned === 0) {
|
|
357
|
+
pending = combined;
|
|
358
|
+
continue;
|
|
359
|
+
}
|
|
360
|
+
const toEncrypt = (0, bytes_1.toBytesView)(combined.subarray(0, aligned));
|
|
361
|
+
pending = (0, bytes_1.toBytesView)(combined.subarray(aligned));
|
|
362
|
+
const { ciphertext, nextIv } = await aesCbcEncryptChunk(aesKey, currentIv, toEncrypt, false);
|
|
363
|
+
currentIv = nextIv;
|
|
364
|
+
hmac.update(ciphertext);
|
|
365
|
+
encHash.update(ciphertext);
|
|
366
|
+
sidecar?.push(ciphertext);
|
|
367
|
+
if (ffCollected < ffTarget) {
|
|
368
|
+
const need = ffTarget - ffCollected;
|
|
369
|
+
ffChunks.push(ciphertext.subarray(0, Math.min(need, ciphertext.byteLength)));
|
|
370
|
+
ffCollected += ciphertext.byteLength;
|
|
371
|
+
}
|
|
372
|
+
await writeChunkToWritable(output, ciphertext);
|
|
373
|
+
}
|
|
374
|
+
const { ciphertext: finalCiphertext } = await aesCbcEncryptChunk(aesKey, currentIv, pending, true);
|
|
375
|
+
hmac.update(finalCiphertext);
|
|
376
|
+
encHash.update(finalCiphertext);
|
|
377
|
+
sidecar?.push(finalCiphertext);
|
|
378
|
+
if (ffCollected < ffTarget) {
|
|
379
|
+
const need = ffTarget - ffCollected;
|
|
380
|
+
ffChunks.push(finalCiphertext.subarray(0, Math.min(need, finalCiphertext.byteLength)));
|
|
381
|
+
}
|
|
382
|
+
await writeChunkToWritable(output, finalCiphertext);
|
|
383
|
+
const signature = (0, bytes_1.toBytesView)(hmac.digest().subarray(0, constants_1.HMAC_TRUNCATED_SIZE));
|
|
384
|
+
encHash.update(signature);
|
|
385
|
+
sidecar?.push(signature);
|
|
386
|
+
await writeChunkToWritable(output, signature);
|
|
387
|
+
await endWritable(output);
|
|
388
|
+
let firstFrameSidecar;
|
|
389
|
+
if (ffTarget > 0) {
|
|
390
|
+
const ivCiphertextSlice = (0, bytes_1.concatBytes)(ffChunks);
|
|
391
|
+
const ffKey = await (0, primitives_1.importHmacKey)(keys.macKey);
|
|
392
|
+
const ffDigest = await (0, primitives_1.hmacSign)(ffKey, ivCiphertextSlice);
|
|
393
|
+
firstFrameSidecar = ffDigest.subarray(0, constants_1.SIDECAR_HMAC_SIZE);
|
|
394
|
+
}
|
|
395
|
+
return {
|
|
396
|
+
fileSha256: (0, bytes_1.toBytesView)(plainHash.digest()),
|
|
397
|
+
fileEncSha256: (0, bytes_1.toBytesView)(encHash.digest()),
|
|
398
|
+
plaintextLength,
|
|
399
|
+
streamingSidecar: sidecar?.finish(),
|
|
400
|
+
firstFrameSidecar
|
|
401
|
+
};
|
|
402
|
+
}
|
|
403
|
+
catch (error) {
|
|
404
|
+
const normalized = (0, primitives_2.toError)(error);
|
|
405
|
+
output.destroy(normalized);
|
|
406
|
+
throw normalized;
|
|
407
|
+
}
|
|
408
|
+
}
|
|
151
409
|
async function pumpDecryption(encrypted, plaintext, keys, options) {
|
|
410
|
+
const aesKey = await (0, primitives_1.importAesCbcKey)(keys.encKey);
|
|
152
411
|
const plainHash = (0, node_crypto_1.createHash)('sha256');
|
|
153
412
|
const encHash = (0, node_crypto_1.createHash)('sha256');
|
|
154
413
|
const hmac = (0, node_crypto_1.createHmac)('sha256', keys.macKey);
|
|
155
|
-
|
|
414
|
+
let currentIv = keys.iv;
|
|
415
|
+
let pending = bytes_1.EMPTY_BYTES;
|
|
156
416
|
hmac.update(keys.iv);
|
|
157
417
|
try {
|
|
158
418
|
let trailing = bytes_1.EMPTY_BYTES;
|
|
@@ -170,20 +430,37 @@ async function pumpDecryption(encrypted, plaintext, keys, options) {
|
|
|
170
430
|
const ciphertextChunk = merged.subarray(0, merged.byteLength - constants_1.HMAC_TRUNCATED_SIZE);
|
|
171
431
|
trailing = merged.subarray(merged.byteLength - constants_1.HMAC_TRUNCATED_SIZE);
|
|
172
432
|
hmac.update(ciphertextChunk);
|
|
173
|
-
const
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
433
|
+
const combined = pending.byteLength > 0
|
|
434
|
+
? (0, bytes_1.concatBytes)([pending, ciphertextChunk])
|
|
435
|
+
: (0, bytes_1.toBytesView)(ciphertextChunk);
|
|
436
|
+
const aligned = combined.byteLength - (combined.byteLength % AES_BLOCK_SIZE);
|
|
437
|
+
if (aligned > AES_BLOCK_SIZE) {
|
|
438
|
+
const toDecrypt = combined.subarray(0, aligned - AES_BLOCK_SIZE);
|
|
439
|
+
const { plaintext: plainChunk, nextIv } = await aesCbcDecryptChunk(aesKey, currentIv, toDecrypt, false);
|
|
440
|
+
currentIv = nextIv;
|
|
441
|
+
if (plainChunk.byteLength > 0) {
|
|
442
|
+
plainHash.update(plainChunk);
|
|
443
|
+
await writeChunk(plaintext, plainChunk);
|
|
444
|
+
}
|
|
445
|
+
pending = (0, bytes_1.toBytesView)(combined.subarray(aligned - AES_BLOCK_SIZE));
|
|
446
|
+
}
|
|
447
|
+
else {
|
|
448
|
+
pending = combined;
|
|
177
449
|
}
|
|
178
450
|
}
|
|
179
451
|
if (trailing.byteLength !== constants_1.HMAC_TRUNCATED_SIZE) {
|
|
180
452
|
throw new Error(`ciphertext too short: ${trailing.byteLength}`);
|
|
181
453
|
}
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
454
|
+
if (!options.skipMacVerification) {
|
|
455
|
+
const signature = hmac.digest().subarray(0, constants_1.HMAC_TRUNCATED_SIZE);
|
|
456
|
+
if (!(0, bytes_1.uint8TimingSafeEqual)(signature, trailing)) {
|
|
457
|
+
throw new Error('media MAC mismatch');
|
|
458
|
+
}
|
|
459
|
+
}
|
|
460
|
+
if (pending.byteLength < AES_BLOCK_SIZE || pending.byteLength % AES_BLOCK_SIZE !== 0) {
|
|
461
|
+
throw new Error(`invalid ciphertext length: ${pending.byteLength}`);
|
|
185
462
|
}
|
|
186
|
-
const plainFinal =
|
|
463
|
+
const { plaintext: plainFinal } = await aesCbcDecryptChunk(aesKey, currentIv, pending, true);
|
|
187
464
|
if (plainFinal.byteLength > 0) {
|
|
188
465
|
plainHash.update(plainFinal);
|
|
189
466
|
await writeChunk(plaintext, plainFinal);
|