2022-12-19 16:24:12 +11:00
|
|
|
import { Decoder as DecoderV0 } from "@waku/core/lib/message/version_0";
|
2025-06-03 11:08:02 +02:00
|
|
|
import type {
|
2025-07-19 18:07:38 +10:00
|
|
|
EncoderOptions as BaseEncoderOptions,
|
2025-06-03 11:08:02 +02:00
|
|
|
IDecoder,
|
|
|
|
|
IEncoder,
|
|
|
|
|
IEncryptedMessage,
|
|
|
|
|
IMessage,
|
|
|
|
|
IMetaSetter,
|
|
|
|
|
IProtoMessage,
|
2025-07-19 21:25:21 +10:00
|
|
|
IRoutingInfo,
|
|
|
|
|
PubsubTopic
|
2022-11-23 16:59:15 +11:00
|
|
|
} from "@waku/interfaces";
|
2022-12-19 16:24:12 +11:00
|
|
|
import { WakuMessage } from "@waku/proto";
|
2025-07-19 14:30:44 +10:00
|
|
|
import { Logger } from "@waku/utils";
|
2022-11-23 16:59:15 +11:00
|
|
|
|
2023-11-28 01:02:12 +01:00
|
|
|
import { generateSymmetricKey } from "./crypto/utils.js";
|
2023-03-07 15:29:41 +11:00
|
|
|
import { DecodedMessage } from "./decoded_message.js";
|
2022-11-23 16:59:15 +11:00
|
|
|
import {
|
|
|
|
|
decryptSymmetric,
|
|
|
|
|
encryptSymmetric,
|
|
|
|
|
postCipher,
|
2023-08-16 20:18:13 +05:30
|
|
|
preCipher
|
2023-11-28 01:02:12 +01:00
|
|
|
} from "./encryption.js";
|
|
|
|
|
import { OneMillion, Version } from "./misc.js";
|
2022-11-23 16:59:15 +11:00
|
|
|
|
2023-11-28 01:02:12 +01:00
|
|
|
export {
|
|
|
|
|
decryptSymmetric,
|
|
|
|
|
encryptSymmetric,
|
|
|
|
|
postCipher,
|
|
|
|
|
preCipher,
|
|
|
|
|
generateSymmetricKey
|
|
|
|
|
};
|
2022-11-23 16:59:15 +11:00
|
|
|
|
2023-10-20 16:36:47 +05:30
|
|
|
const log = new Logger("message-encryption:symmetric");
|
2022-11-23 16:59:15 +11:00
|
|
|
|
2023-03-07 15:29:41 +11:00
|
|
|
class Encoder implements IEncoder {
|
2024-07-19 15:58:17 +05:30
|
|
|
public constructor(
|
2022-11-23 16:59:15 +11:00
|
|
|
public contentTopic: string,
|
feat!: Introduce routing info concept
Concepts are being mixed up between the global network config (static vs auto sharding), that needs to be the same of all nodes in the network, individual node configuration (eg relay node subscribing to a given shard), and the routing characteristic of a specific message (eg pubsub topic, shard).
This stops proper configuration of nwaku post 0.36.0 because we know need to be deliberate on whether nwaku nodes are running with auto or static sharding.
It also included various back and forth conversions between shards, pubsub topics, etc.
With this change, we tidy up the network configuration, and make it explicit whether it is static or auto sharded.
We also introduce the concept of routing info, which is specific to a message, and tied to the overall network configuration.
Routing info abstract pubsub topic, shard, and autosharding needs. Which should lead to easier tidy up of the pubsub concept at a later stage.
# Conflicts:
# packages/core/src/lib/connection_manager/connection_manager.ts
# packages/core/src/lib/metadata/metadata.ts
# packages/interfaces/src/metadata.ts
# packages/interfaces/src/sharding.ts
# packages/relay/src/create.ts
# packages/sdk/src/filter/filter.ts
# packages/sdk/src/filter/types.ts
# packages/sdk/src/light_push/light_push.spec.ts
# packages/tests/tests/sharding/auto_sharding.spec.ts
# packages/tests/tests/sharding/static_sharding.spec.ts
# Conflicts:
# packages/sdk/src/store/store.ts
2025-07-11 13:33:45 +10:00
|
|
|
public routingInfo: IRoutingInfo,
|
2022-11-23 16:59:15 +11:00
|
|
|
private symKey: Uint8Array,
|
|
|
|
|
private sigPrivKey?: Uint8Array,
|
2023-03-10 14:41:07 +11:00
|
|
|
public ephemeral: boolean = false,
|
2023-08-16 20:18:13 +05:30
|
|
|
public metaSetter?: IMetaSetter
|
2023-04-03 20:15:31 +10:00
|
|
|
) {
|
|
|
|
|
if (!contentTopic || contentTopic === "") {
|
|
|
|
|
throw new Error("Content topic must be specified");
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-11-23 16:59:15 +11:00
|
|
|
|
2025-07-19 21:25:21 +10:00
|
|
|
public get pubsubTopic(): PubsubTopic {
|
|
|
|
|
return this.routingInfo.pubsubTopic;
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-19 15:58:17 +05:30
|
|
|
public async toWire(message: IMessage): Promise<Uint8Array | undefined> {
|
2022-11-23 16:59:15 +11:00
|
|
|
const protoMessage = await this.toProtoObj(message);
|
|
|
|
|
if (!protoMessage) return;
|
|
|
|
|
|
2022-12-19 16:24:12 +11:00
|
|
|
return WakuMessage.encode(protoMessage);
|
2022-11-23 16:59:15 +11:00
|
|
|
}
|
|
|
|
|
|
2024-07-19 15:58:17 +05:30
|
|
|
public async toProtoObj(
|
|
|
|
|
message: IMessage
|
|
|
|
|
): Promise<IProtoMessage | undefined> {
|
2022-11-23 16:59:15 +11:00
|
|
|
const timestamp = message.timestamp ?? new Date();
|
|
|
|
|
const preparedPayload = await preCipher(message.payload, this.sigPrivKey);
|
|
|
|
|
|
|
|
|
|
const payload = await encryptSymmetric(preparedPayload, this.symKey);
|
2023-03-10 14:41:07 +11:00
|
|
|
|
|
|
|
|
const protoMessage = {
|
2022-11-23 16:59:15 +11:00
|
|
|
payload,
|
|
|
|
|
version: Version,
|
|
|
|
|
contentTopic: this.contentTopic,
|
|
|
|
|
timestamp: BigInt(timestamp.valueOf()) * OneMillion,
|
2023-03-10 14:41:07 +11:00
|
|
|
meta: undefined,
|
2022-11-23 16:59:15 +11:00
|
|
|
rateLimitProof: message.rateLimitProof,
|
2023-08-16 20:18:13 +05:30
|
|
|
ephemeral: this.ephemeral
|
2022-11-23 16:59:15 +11:00
|
|
|
};
|
2023-03-10 14:41:07 +11:00
|
|
|
|
|
|
|
|
if (this.metaSetter) {
|
|
|
|
|
const meta = this.metaSetter(protoMessage);
|
|
|
|
|
return { ...protoMessage, meta };
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return protoMessage;
|
2022-11-23 16:59:15 +11:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2025-07-19 18:07:38 +10:00
|
|
|
export interface EncoderOptions extends BaseEncoderOptions {
|
2023-02-02 11:37:28 +05:30
|
|
|
/** The symmetric key to encrypt the payload with. */
|
|
|
|
|
symKey: Uint8Array;
|
|
|
|
|
/** An optional private key to be used to sign the payload before encryption. */
|
|
|
|
|
sigPrivKey?: Uint8Array;
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-05 15:54:55 +11:00
|
|
|
/**
|
|
|
|
|
* Creates an encoder that encrypts messages using symmetric encryption for the
|
|
|
|
|
* given key, as defined in [26/WAKU2-PAYLOAD](https://rfc.vac.dev/spec/26/).
|
|
|
|
|
*
|
|
|
|
|
* An encoder is used to encode messages in the [`14/WAKU2-MESSAGE](https://rfc.vac.dev/spec/14/)
|
|
|
|
|
* format to be sent over the Waku network. The resulting encoder can then be
|
2023-09-21 10:57:37 +02:00
|
|
|
* pass to { @link @waku/interfaces!ISender.send } to automatically encrypt
|
2022-12-05 15:54:55 +11:00
|
|
|
* and encode outgoing messages.
|
|
|
|
|
*
|
|
|
|
|
* The payload can optionally be signed with the given private key as defined
|
|
|
|
|
* in [26/WAKU2-PAYLOAD](https://rfc.vac.dev/spec/26/).
|
|
|
|
|
*/
|
2023-02-02 11:37:28 +05:30
|
|
|
export function createEncoder({
|
|
|
|
|
contentTopic,
|
feat!: Introduce routing info concept
Concepts are being mixed up between the global network config (static vs auto sharding), that needs to be the same of all nodes in the network, individual node configuration (eg relay node subscribing to a given shard), and the routing characteristic of a specific message (eg pubsub topic, shard).
This stops proper configuration of nwaku post 0.36.0 because we know need to be deliberate on whether nwaku nodes are running with auto or static sharding.
It also included various back and forth conversions between shards, pubsub topics, etc.
With this change, we tidy up the network configuration, and make it explicit whether it is static or auto sharded.
We also introduce the concept of routing info, which is specific to a message, and tied to the overall network configuration.
Routing info abstract pubsub topic, shard, and autosharding needs. Which should lead to easier tidy up of the pubsub concept at a later stage.
# Conflicts:
# packages/core/src/lib/connection_manager/connection_manager.ts
# packages/core/src/lib/metadata/metadata.ts
# packages/interfaces/src/metadata.ts
# packages/interfaces/src/sharding.ts
# packages/relay/src/create.ts
# packages/sdk/src/filter/filter.ts
# packages/sdk/src/filter/types.ts
# packages/sdk/src/light_push/light_push.spec.ts
# packages/tests/tests/sharding/auto_sharding.spec.ts
# packages/tests/tests/sharding/static_sharding.spec.ts
# Conflicts:
# packages/sdk/src/store/store.ts
2025-07-11 13:33:45 +10:00
|
|
|
routingInfo,
|
2023-02-02 11:37:28 +05:30
|
|
|
symKey,
|
|
|
|
|
sigPrivKey,
|
|
|
|
|
ephemeral = false,
|
2023-08-16 20:18:13 +05:30
|
|
|
metaSetter
|
2023-02-09 13:15:23 +05:30
|
|
|
}: EncoderOptions): Encoder {
|
2023-09-27 15:28:07 +05:30
|
|
|
return new Encoder(
|
|
|
|
|
contentTopic,
|
feat!: Introduce routing info concept
Concepts are being mixed up between the global network config (static vs auto sharding), that needs to be the same of all nodes in the network, individual node configuration (eg relay node subscribing to a given shard), and the routing characteristic of a specific message (eg pubsub topic, shard).
This stops proper configuration of nwaku post 0.36.0 because we know need to be deliberate on whether nwaku nodes are running with auto or static sharding.
It also included various back and forth conversions between shards, pubsub topics, etc.
With this change, we tidy up the network configuration, and make it explicit whether it is static or auto sharded.
We also introduce the concept of routing info, which is specific to a message, and tied to the overall network configuration.
Routing info abstract pubsub topic, shard, and autosharding needs. Which should lead to easier tidy up of the pubsub concept at a later stage.
# Conflicts:
# packages/core/src/lib/connection_manager/connection_manager.ts
# packages/core/src/lib/metadata/metadata.ts
# packages/interfaces/src/metadata.ts
# packages/interfaces/src/sharding.ts
# packages/relay/src/create.ts
# packages/sdk/src/filter/filter.ts
# packages/sdk/src/filter/types.ts
# packages/sdk/src/light_push/light_push.spec.ts
# packages/tests/tests/sharding/auto_sharding.spec.ts
# packages/tests/tests/sharding/static_sharding.spec.ts
# Conflicts:
# packages/sdk/src/store/store.ts
2025-07-11 13:33:45 +10:00
|
|
|
routingInfo,
|
2023-09-27 15:28:07 +05:30
|
|
|
symKey,
|
|
|
|
|
sigPrivKey,
|
|
|
|
|
ephemeral,
|
|
|
|
|
metaSetter
|
|
|
|
|
);
|
2022-11-23 16:59:15 +11:00
|
|
|
}
|
|
|
|
|
|
2025-06-03 11:08:02 +02:00
|
|
|
class Decoder extends DecoderV0 implements IDecoder<IEncryptedMessage> {
|
2024-07-19 15:58:17 +05:30
|
|
|
public constructor(
|
2023-08-11 15:14:02 +02:00
|
|
|
contentTopic: string,
|
2025-07-19 14:30:44 +10:00
|
|
|
routingInfo: IRoutingInfo,
|
2023-08-16 20:18:13 +05:30
|
|
|
private symKey: Uint8Array
|
2023-08-11 15:14:02 +02:00
|
|
|
) {
|
feat!: Introduce routing info concept
Concepts are being mixed up between the global network config (static vs auto sharding), that needs to be the same of all nodes in the network, individual node configuration (eg relay node subscribing to a given shard), and the routing characteristic of a specific message (eg pubsub topic, shard).
This stops proper configuration of nwaku post 0.36.0 because we know need to be deliberate on whether nwaku nodes are running with auto or static sharding.
It also included various back and forth conversions between shards, pubsub topics, etc.
With this change, we tidy up the network configuration, and make it explicit whether it is static or auto sharded.
We also introduce the concept of routing info, which is specific to a message, and tied to the overall network configuration.
Routing info abstract pubsub topic, shard, and autosharding needs. Which should lead to easier tidy up of the pubsub concept at a later stage.
# Conflicts:
# packages/core/src/lib/connection_manager/connection_manager.ts
# packages/core/src/lib/metadata/metadata.ts
# packages/interfaces/src/metadata.ts
# packages/interfaces/src/sharding.ts
# packages/relay/src/create.ts
# packages/sdk/src/filter/filter.ts
# packages/sdk/src/filter/types.ts
# packages/sdk/src/light_push/light_push.spec.ts
# packages/tests/tests/sharding/auto_sharding.spec.ts
# packages/tests/tests/sharding/static_sharding.spec.ts
# Conflicts:
# packages/sdk/src/store/store.ts
2025-07-11 13:33:45 +10:00
|
|
|
super(contentTopic, routingInfo);
|
2022-11-23 16:59:15 +11:00
|
|
|
}
|
|
|
|
|
|
2024-07-19 15:58:17 +05:30
|
|
|
public async fromProtoObj(
|
2023-10-16 12:52:32 +05:30
|
|
|
pubsubTopic: string,
|
2023-08-16 20:18:13 +05:30
|
|
|
protoMessage: IProtoMessage
|
2025-06-03 11:08:02 +02:00
|
|
|
): Promise<IEncryptedMessage | undefined> {
|
2022-11-23 16:59:15 +11:00
|
|
|
const cipherPayload = protoMessage.payload;
|
|
|
|
|
|
|
|
|
|
if (protoMessage.version !== Version) {
|
2023-10-20 16:36:47 +05:30
|
|
|
log.error(
|
2022-11-23 16:59:15 +11:00
|
|
|
"Failed to decrypt due to incorrect version, expected:",
|
|
|
|
|
Version,
|
|
|
|
|
", actual:",
|
2023-08-16 20:18:13 +05:30
|
|
|
protoMessage.version
|
2022-11-23 16:59:15 +11:00
|
|
|
);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let payload;
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
payload = await decryptSymmetric(cipherPayload, this.symKey);
|
|
|
|
|
} catch (e) {
|
2023-10-20 16:36:47 +05:30
|
|
|
log.error(
|
2022-11-23 16:59:15 +11:00
|
|
|
`Failed to decrypt message using asymmetric decryption for contentTopic: ${this.contentTopic}`,
|
2023-08-16 20:18:13 +05:30
|
|
|
e
|
2022-11-23 16:59:15 +11:00
|
|
|
);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!payload) {
|
2023-10-20 16:36:47 +05:30
|
|
|
log.error(
|
|
|
|
|
`Failed to decrypt payload for contentTopic ${this.contentTopic}`
|
|
|
|
|
);
|
2022-11-23 16:59:15 +11:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-24 16:04:24 +05:30
|
|
|
const res = postCipher(payload);
|
2022-11-23 16:59:15 +11:00
|
|
|
|
|
|
|
|
if (!res) {
|
2023-10-20 16:36:47 +05:30
|
|
|
log.error(
|
|
|
|
|
`Failed to decode payload for contentTopic ${this.contentTopic}`
|
|
|
|
|
);
|
2022-11-23 16:59:15 +11:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-20 16:36:47 +05:30
|
|
|
log.info("Message decrypted", protoMessage);
|
2022-11-23 16:59:15 +11:00
|
|
|
return new DecodedMessage(
|
2023-10-16 12:52:32 +05:30
|
|
|
pubsubTopic,
|
2022-11-23 16:59:15 +11:00
|
|
|
protoMessage,
|
|
|
|
|
res.payload,
|
|
|
|
|
res.sig?.signature,
|
2023-08-16 20:18:13 +05:30
|
|
|
res.sig?.publicKey
|
2022-11-23 16:59:15 +11:00
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-05 15:54:55 +11:00
|
|
|
/**
|
|
|
|
|
* Creates a decoder that decrypts messages using symmetric encryption, using
|
|
|
|
|
* the given key as defined in [26/WAKU2-PAYLOAD](https://rfc.vac.dev/spec/26/).
|
|
|
|
|
*
|
|
|
|
|
* A decoder is used to decode messages from the [14/WAKU2-MESSAGE](https://rfc.vac.dev/spec/14/)
|
|
|
|
|
* format when received from the Waku network. The resulting decoder can then be
|
2023-09-21 10:57:37 +02:00
|
|
|
* pass to { @link @waku/interfaces!IReceiver.subscribe } to automatically decrypt and
|
2022-12-05 15:54:55 +11:00
|
|
|
* decode incoming messages.
|
|
|
|
|
*
|
|
|
|
|
* @param contentTopic The resulting decoder will only decode messages with this content topic.
|
feat!: Introduce routing info concept
Concepts are being mixed up between the global network config (static vs auto sharding), that needs to be the same of all nodes in the network, individual node configuration (eg relay node subscribing to a given shard), and the routing characteristic of a specific message (eg pubsub topic, shard).
This stops proper configuration of nwaku post 0.36.0 because we know need to be deliberate on whether nwaku nodes are running with auto or static sharding.
It also included various back and forth conversions between shards, pubsub topics, etc.
With this change, we tidy up the network configuration, and make it explicit whether it is static or auto sharded.
We also introduce the concept of routing info, which is specific to a message, and tied to the overall network configuration.
Routing info abstract pubsub topic, shard, and autosharding needs. Which should lead to easier tidy up of the pubsub concept at a later stage.
# Conflicts:
# packages/core/src/lib/connection_manager/connection_manager.ts
# packages/core/src/lib/metadata/metadata.ts
# packages/interfaces/src/metadata.ts
# packages/interfaces/src/sharding.ts
# packages/relay/src/create.ts
# packages/sdk/src/filter/filter.ts
# packages/sdk/src/filter/types.ts
# packages/sdk/src/light_push/light_push.spec.ts
# packages/tests/tests/sharding/auto_sharding.spec.ts
# packages/tests/tests/sharding/static_sharding.spec.ts
# Conflicts:
# packages/sdk/src/store/store.ts
2025-07-11 13:33:45 +10:00
|
|
|
* @param routingInfo Routing information, depends on the network config (static vs auto sharding)
|
2022-12-05 15:54:55 +11:00
|
|
|
* @param symKey The symmetric key used to decrypt the message.
|
|
|
|
|
*/
|
2022-12-05 15:14:17 +11:00
|
|
|
export function createDecoder(
|
2022-11-23 16:59:15 +11:00
|
|
|
contentTopic: string,
|
2025-07-19 14:30:44 +10:00
|
|
|
routingInfo: IRoutingInfo,
|
feat!: Introduce routing info concept
Concepts are being mixed up between the global network config (static vs auto sharding), that needs to be the same of all nodes in the network, individual node configuration (eg relay node subscribing to a given shard), and the routing characteristic of a specific message (eg pubsub topic, shard).
This stops proper configuration of nwaku post 0.36.0 because we know need to be deliberate on whether nwaku nodes are running with auto or static sharding.
It also included various back and forth conversions between shards, pubsub topics, etc.
With this change, we tidy up the network configuration, and make it explicit whether it is static or auto sharded.
We also introduce the concept of routing info, which is specific to a message, and tied to the overall network configuration.
Routing info abstract pubsub topic, shard, and autosharding needs. Which should lead to easier tidy up of the pubsub concept at a later stage.
# Conflicts:
# packages/core/src/lib/connection_manager/connection_manager.ts
# packages/core/src/lib/metadata/metadata.ts
# packages/interfaces/src/metadata.ts
# packages/interfaces/src/sharding.ts
# packages/relay/src/create.ts
# packages/sdk/src/filter/filter.ts
# packages/sdk/src/filter/types.ts
# packages/sdk/src/light_push/light_push.spec.ts
# packages/tests/tests/sharding/auto_sharding.spec.ts
# packages/tests/tests/sharding/static_sharding.spec.ts
# Conflicts:
# packages/sdk/src/store/store.ts
2025-07-11 13:33:45 +10:00
|
|
|
symKey: Uint8Array
|
2022-12-05 15:14:17 +11:00
|
|
|
): Decoder {
|
feat!: Introduce routing info concept
Concepts are being mixed up between the global network config (static vs auto sharding), that needs to be the same of all nodes in the network, individual node configuration (eg relay node subscribing to a given shard), and the routing characteristic of a specific message (eg pubsub topic, shard).
This stops proper configuration of nwaku post 0.36.0 because we know need to be deliberate on whether nwaku nodes are running with auto or static sharding.
It also included various back and forth conversions between shards, pubsub topics, etc.
With this change, we tidy up the network configuration, and make it explicit whether it is static or auto sharded.
We also introduce the concept of routing info, which is specific to a message, and tied to the overall network configuration.
Routing info abstract pubsub topic, shard, and autosharding needs. Which should lead to easier tidy up of the pubsub concept at a later stage.
# Conflicts:
# packages/core/src/lib/connection_manager/connection_manager.ts
# packages/core/src/lib/metadata/metadata.ts
# packages/interfaces/src/metadata.ts
# packages/interfaces/src/sharding.ts
# packages/relay/src/create.ts
# packages/sdk/src/filter/filter.ts
# packages/sdk/src/filter/types.ts
# packages/sdk/src/light_push/light_push.spec.ts
# packages/tests/tests/sharding/auto_sharding.spec.ts
# packages/tests/tests/sharding/static_sharding.spec.ts
# Conflicts:
# packages/sdk/src/store/store.ts
2025-07-11 13:33:45 +10:00
|
|
|
return new Decoder(contentTopic, routingInfo, symKey);
|
2022-11-23 16:59:15 +11:00
|
|
|
}
|
2025-10-03 22:33:25 +10:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Result of decrypting a message with AES symmetric encryption.
|
|
|
|
|
*/
|
|
|
|
|
export interface SymmetricDecryptionResult {
|
|
|
|
|
/** The decrypted payload */
|
|
|
|
|
payload: Uint8Array;
|
|
|
|
|
/** The signature if the message was signed */
|
|
|
|
|
signature?: Uint8Array;
|
|
|
|
|
/** The recovered public key if the message was signed */
|
|
|
|
|
signaturePublicKey?: Uint8Array;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* AES symmetric encryption.
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* Follows [26/WAKU2-PAYLOAD](https://rfc.vac.dev/spec/26/) encryption standard.
|
|
|
|
|
*/
|
|
|
|
|
export class SymmetricEncryption {
|
|
|
|
|
/**
|
|
|
|
|
* Creates an AES Symmetric encryption instance.
|
|
|
|
|
*
|
|
|
|
|
* @param symKey - The symmetric key for encryption (32 bytes recommended)
|
|
|
|
|
* @param sigPrivKey - Optional private key to sign messages before encryption
|
|
|
|
|
*/
|
|
|
|
|
public constructor(
|
|
|
|
|
private symKey: Uint8Array,
|
|
|
|
|
private sigPrivKey?: Uint8Array
|
|
|
|
|
) {}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Encrypts a byte array payload.
|
|
|
|
|
*
|
|
|
|
|
* The encryption process:
|
|
|
|
|
* 1. Optionally signs the payload with the private key
|
|
|
|
|
* 2. Adds padding to obscure payload size
|
|
|
|
|
* 3. Encrypts using AES-256-GCM
|
|
|
|
|
*
|
|
|
|
|
* @param payload - The data to encrypt
|
|
|
|
|
* @returns The encrypted payload
|
|
|
|
|
*/
|
|
|
|
|
public async encrypt(payload: Uint8Array): Promise<Uint8Array> {
|
|
|
|
|
const preparedPayload = await preCipher(payload, this.sigPrivKey);
|
|
|
|
|
return encryptSymmetric(preparedPayload, this.symKey);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* AES symmetric decryption.
|
|
|
|
|
*
|
|
|
|
|
* Follows [26/WAKU2-PAYLOAD](https://rfc.vac.dev/spec/26/) encryption standard.
|
|
|
|
|
*/
|
|
|
|
|
export class SymmetricDecryption {
|
|
|
|
|
/**
|
|
|
|
|
* Creates an AES Symmetric decryption instance.
|
|
|
|
|
*
|
|
|
|
|
* @param symKey - The symmetric key for decryption (must match encryption key)
|
|
|
|
|
*/
|
|
|
|
|
public constructor(private symKey: Uint8Array) {}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Decrypts an encrypted byte array payload.
|
|
|
|
|
*
|
|
|
|
|
* The decryption process:
|
|
|
|
|
* 1. Decrypts using AES-256-GCM
|
|
|
|
|
* 2. Removes padding
|
|
|
|
|
* 3. Verifies and recovers signature if present
|
|
|
|
|
*
|
|
|
|
|
* @param encryptedPayload - The encrypted data (from [[SymmetricEncryption.encrypt]])
|
|
|
|
|
* @returns Object containing the decrypted payload and signature info, or undefined if decryption fails
|
|
|
|
|
*/
|
|
|
|
|
public async decrypt(
|
|
|
|
|
encryptedPayload: Uint8Array
|
|
|
|
|
): Promise<SymmetricDecryptionResult | undefined> {
|
|
|
|
|
try {
|
|
|
|
|
const decryptedData = await decryptSymmetric(
|
|
|
|
|
encryptedPayload,
|
|
|
|
|
this.symKey
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if (!decryptedData) {
|
|
|
|
|
return undefined;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const result = postCipher(decryptedData);
|
|
|
|
|
|
|
|
|
|
if (!result) {
|
|
|
|
|
return undefined;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
payload: result.payload,
|
|
|
|
|
signature: result.sig?.signature,
|
|
|
|
|
signaturePublicKey: result.sig?.publicKey
|
|
|
|
|
};
|
|
|
|
|
} catch (error) {
|
|
|
|
|
log.error("Failed to decrypt payload", error);
|
|
|
|
|
return undefined;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|