import { createCipheriv, createDecipheriv, createHash, createHmac, randomBytes } from 'crypto' import * as libsignal from 'libsignal' import { KEY_BUNDLE_TYPE } from '../Defaults' import { KeyPair } from '../Types' // insure browser & node compatibility const { subtle } = globalThis.crypto /** prefix version byte to the pub keys, required for some curve crypto functions */ export const generateSignalPubKey = (pubKey: Uint8Array | Buffer) => pubKey.length === 33 ? pubKey : Buffer.concat([KEY_BUNDLE_TYPE, pubKey]) export const Curve = { generateKeyPair: (): KeyPair => { const { pubKey, privKey } = libsignal.curve.generateKeyPair() return { private: Buffer.from(privKey), // remove version byte public: Buffer.from((pubKey as Uint8Array).slice(1)) } }, sharedKey: (privateKey: Uint8Array, publicKey: Uint8Array) => { const shared = libsignal.curve.calculateAgreement(generateSignalPubKey(publicKey), privateKey) return Buffer.from(shared) }, sign: (privateKey: Uint8Array, buf: Uint8Array) => libsignal.curve.calculateSignature(privateKey, buf), verify: (pubKey: Uint8Array, message: Uint8Array, signature: Uint8Array) => { try { libsignal.curve.verifySignature(generateSignalPubKey(pubKey), message, signature) return true } catch (error) { return false } } } export const signedKeyPair = (identityKeyPair: KeyPair, keyId: number) => { const preKey = Curve.generateKeyPair() const pubKey = generateSignalPubKey(preKey.public) const signature = Curve.sign(identityKeyPair.private, pubKey) return { keyPair: preKey, signature, keyId } } const GCM_TAG_LENGTH = 128 >> 3 /** * encrypt AES 256 GCM; * where the tag tag is suffixed to the ciphertext * */ export function aesEncryptGCM(plaintext: Uint8Array, key: Uint8Array, iv: Uint8Array, additionalData: Uint8Array) { const cipher = createCipheriv('aes-256-gcm', key, iv) cipher.setAAD(additionalData) return Buffer.concat([cipher.update(plaintext), cipher.final(), cipher.getAuthTag()]) } /** * decrypt AES 256 GCM; * where the auth tag is suffixed to the ciphertext * */ export function aesDecryptGCM(ciphertext: Uint8Array, key: Uint8Array, iv: Uint8Array, additionalData: Uint8Array) { const decipher = createDecipheriv('aes-256-gcm', key, iv) // decrypt additional adata const enc = ciphertext.slice(0, ciphertext.length - GCM_TAG_LENGTH) const tag = ciphertext.slice(ciphertext.length - GCM_TAG_LENGTH) // set additional data decipher.setAAD(additionalData) decipher.setAuthTag(tag) return Buffer.concat([decipher.update(enc), decipher.final()]) } export function aesEncryptCTR(plaintext: Uint8Array, key: Uint8Array, iv: Uint8Array) { const cipher = createCipheriv('aes-256-ctr', key, iv) return Buffer.concat([cipher.update(plaintext), cipher.final()]) } export function aesDecryptCTR(ciphertext: Uint8Array, key: Uint8Array, iv: Uint8Array) { const decipher = createDecipheriv('aes-256-ctr', key, iv) return Buffer.concat([decipher.update(ciphertext), decipher.final()]) } /** decrypt AES 256 CBC; where the IV is prefixed to the buffer */ export function aesDecrypt(buffer: Buffer, key: Buffer) { return aesDecryptWithIV(buffer.slice(16, buffer.length), key, buffer.slice(0, 16)) } /** decrypt AES 256 CBC */ export function aesDecryptWithIV(buffer: Buffer, key: Buffer, IV: Buffer) { const aes = createDecipheriv('aes-256-cbc', key, IV) return Buffer.concat([aes.update(buffer), aes.final()]) } // encrypt AES 256 CBC; where a random IV is prefixed to the buffer export function aesEncrypt(buffer: Buffer | Uint8Array, key: Buffer) { const IV = randomBytes(16) const aes = createCipheriv('aes-256-cbc', key, IV) return Buffer.concat([IV, aes.update(buffer), aes.final()]) // prefix IV to the buffer } // encrypt AES 256 CBC with a given IV export function aesEncrypWithIV(buffer: Buffer, key: Buffer, IV: Buffer) { const aes = createCipheriv('aes-256-cbc', key, IV) return Buffer.concat([aes.update(buffer), aes.final()]) // prefix IV to the buffer } // sign HMAC using SHA 256 export function hmacSign( buffer: Buffer | Uint8Array, key: Buffer | Uint8Array, variant: 'sha256' | 'sha512' = 'sha256' ) { return createHmac(variant, key).update(buffer).digest() } export function sha256(buffer: Buffer) { return createHash('sha256').update(buffer).digest() } export function md5(buffer: Buffer) { return createHash('md5').update(buffer).digest() } // HKDF key expansion export async function hkdf( buffer: Uint8Array | Buffer, expandedLength: number, info: { salt?: Buffer; info?: string } ): Promise { // Ensure we have a Uint8Array for the key material const inputKeyMaterial = buffer instanceof Uint8Array ? buffer : new Uint8Array(buffer) // Set default values if not provided const salt = info.salt ? new Uint8Array(info.salt) : new Uint8Array(0) const infoBytes = info.info ? new TextEncoder().encode(info.info) : new Uint8Array(0) // Import the input key material const importedKey = await subtle.importKey('raw', inputKeyMaterial, { name: 'HKDF' }, false, ['deriveBits']) // Derive bits using HKDF const derivedBits = await subtle.deriveBits( { name: 'HKDF', hash: 'SHA-256', salt: salt, info: infoBytes }, importedKey, expandedLength * 8 // Convert bytes to bits ) return Buffer.from(derivedBits) } export async function derivePairingCodeKey(pairingCode: string, salt: Buffer): Promise { // Convert inputs to formats Web Crypto API can work with const encoder = new TextEncoder() const pairingCodeBuffer = encoder.encode(pairingCode) const saltBuffer = salt instanceof Uint8Array ? salt : new Uint8Array(salt) // Import the pairing code as key material const keyMaterial = await subtle.importKey('raw', pairingCodeBuffer, { name: 'PBKDF2' }, false, ['deriveBits']) // Derive bits using PBKDF2 with the same parameters // 2 << 16 = 131,072 iterations const derivedBits = await subtle.deriveBits( { name: 'PBKDF2', salt: saltBuffer, iterations: 2 << 16, hash: 'SHA-256' }, keyMaterial, 32 * 8 // 32 bytes * 8 = 256 bits ) return Buffer.from(derivedBits) }