Files
InfiniteAPI/src/Utils/crypto.ts
T
Claude 2c18b734ee feat: replace async crypto with sync Rust WASM (port of Baileys b5c1741)
Surgically applies the changes from WhiskeySockets/Baileys commit b5c1741
("feat: replace async crypto with sync Rust WASM" by jlucaso1) while
preserving all custom modifications (interactive messages, carousels,
albums, sticker packs, native flow buttons, Prometheus metrics, etc).

Changes:
- Replace async hkdf/md5 (Web Crypto API) with sync re-exports from whatsapp-rust-bridge@0.5.2
- Replace LTHash class with LTHashAntiTampering from WASM
- Replace mutationKeys() with expandAppStateKeys() from WASM
- Remove ~25 unnecessary await keywords across crypto call chain
- Update Buffer→Uint8Array types for MediaDecryptionKeyInfo and internal crypto functions
- Make noise handshake, media retry encrypt/decrypt, and reporting token generation synchronous

Performance impact:
- Eliminates Promise overhead on every HKDF/LTHash operation
- Significant improvement during app state sync (hundreds of mutations per reconnection)
- Sync crypto reduces event loop pressure under high session load

Custom code preserved (zero conflicts):
- messages-send.ts: All interactive message, carousel, album, sticker pack logic intact
- Types/Message.ts: All custom types (NativeFlowButton, Carousel, Album, etc.) intact
- All Prometheus metrics, circuit breakers, session TTL logic intact

https://claude.ai/code/session_01Ffc5YrPuqv8N9SwEuSM8mr
2026-02-08 20:49:18 +00:00

149 lines
5.1 KiB
TypeScript

import { createCipheriv, createDecipheriv, createHash, createHmac, randomBytes } from 'crypto'
import * as curve from 'libsignal/src/curve'
import { KEY_BUNDLE_TYPE } from '../Defaults'
import type { KeyPair } from '../Types'
// insure browser & node compatibility
const { subtle } = globalThis.crypto
/** prefix version byte to the pub keys, required for some curve crypto functions */
export const generateSignalPubKey = (pubKey: Uint8Array | Buffer) =>
pubKey.length === 33 ? pubKey : Buffer.concat([KEY_BUNDLE_TYPE, pubKey])
export const Curve = {
generateKeyPair: (): KeyPair => {
const { pubKey, privKey } = curve.generateKeyPair()
return {
private: Buffer.from(privKey),
// remove version byte
public: Buffer.from(pubKey.slice(1))
}
},
sharedKey: (privateKey: Uint8Array, publicKey: Uint8Array) => {
const shared = curve.calculateAgreement(generateSignalPubKey(publicKey), privateKey)
return Buffer.from(shared)
},
sign: (privateKey: Uint8Array, buf: Uint8Array) => curve.calculateSignature(privateKey, buf),
verify: (pubKey: Uint8Array, message: Uint8Array, signature: Uint8Array) => {
try {
curve.verifySignature(generateSignalPubKey(pubKey), message, signature)
return true
} catch (error) {
return false
}
}
}
export const signedKeyPair = (identityKeyPair: KeyPair, keyId: number) => {
const preKey = Curve.generateKeyPair()
const pubKey = generateSignalPubKey(preKey.public)
const signature = Curve.sign(identityKeyPair.private, pubKey)
return { keyPair: preKey, signature, keyId }
}
const GCM_TAG_LENGTH = 128 >> 3
/**
* encrypt AES 256 GCM;
* where the tag tag is suffixed to the ciphertext
* */
export function aesEncryptGCM(plaintext: Uint8Array, key: Uint8Array, iv: Uint8Array, additionalData: Uint8Array) {
const cipher = createCipheriv('aes-256-gcm', key, iv)
cipher.setAAD(additionalData)
return Buffer.concat([cipher.update(plaintext), cipher.final(), cipher.getAuthTag()])
}
/**
* decrypt AES 256 GCM;
* where the auth tag is suffixed to the ciphertext
* */
export function aesDecryptGCM(ciphertext: Uint8Array, key: Uint8Array, iv: Uint8Array, additionalData: Uint8Array) {
const decipher = createDecipheriv('aes-256-gcm', key, iv)
// decrypt additional adata
const enc = ciphertext.slice(0, ciphertext.length - GCM_TAG_LENGTH)
const tag = ciphertext.slice(ciphertext.length - GCM_TAG_LENGTH)
// set additional data
decipher.setAAD(additionalData)
decipher.setAuthTag(tag)
return Buffer.concat([decipher.update(enc), decipher.final()])
}
export function aesEncryptCTR(plaintext: Uint8Array, key: Uint8Array, iv: Uint8Array) {
const cipher = createCipheriv('aes-256-ctr', key, iv)
return Buffer.concat([cipher.update(plaintext), cipher.final()])
}
export function aesDecryptCTR(ciphertext: Uint8Array, key: Uint8Array, iv: Uint8Array) {
const decipher = createDecipheriv('aes-256-ctr', key, iv)
return Buffer.concat([decipher.update(ciphertext), decipher.final()])
}
/** decrypt AES 256 CBC; where the IV is prefixed to the buffer */
export function aesDecrypt(buffer: Uint8Array, key: Uint8Array) {
return aesDecryptWithIV(buffer.subarray(16, buffer.length), key, buffer.subarray(0, 16))
}
/** decrypt AES 256 CBC */
export function aesDecryptWithIV(buffer: Uint8Array, key: Uint8Array, IV: Uint8Array) {
const aes = createDecipheriv('aes-256-cbc', key, IV)
return Buffer.concat([aes.update(buffer), aes.final()])
}
// encrypt AES 256 CBC; where a random IV is prefixed to the buffer
export function aesEncrypt(buffer: Buffer | Uint8Array, key: Uint8Array) {
const IV = randomBytes(16)
const aes = createCipheriv('aes-256-cbc', key, IV)
return Buffer.concat([IV, aes.update(buffer), aes.final()]) // prefix IV to the buffer
}
// encrypt AES 256 CBC with a given IV
export function aesEncrypWithIV(buffer: Buffer, key: Buffer, IV: Buffer) {
const aes = createCipheriv('aes-256-cbc', key, IV)
return Buffer.concat([aes.update(buffer), aes.final()]) // prefix IV to the buffer
}
// sign HMAC using SHA 256
export function hmacSign(
buffer: Buffer | Uint8Array,
key: Buffer | Uint8Array,
variant: 'sha256' | 'sha512' = 'sha256'
) {
return createHmac(variant, key).update(buffer).digest()
}
export function sha256(buffer: Buffer) {
return createHash('sha256').update(buffer).digest()
}
export { hkdf, md5 } from 'whatsapp-rust-bridge'
export async function derivePairingCodeKey(pairingCode: string, salt: Buffer): Promise<Buffer> {
// Convert inputs to formats Web Crypto API can work with
const encoder = new TextEncoder()
const pairingCodeBuffer = encoder.encode(pairingCode)
const saltBuffer = new Uint8Array(salt instanceof Uint8Array ? salt : new Uint8Array(salt))
// Import the pairing code as key material
const keyMaterial = await subtle.importKey('raw', pairingCodeBuffer as BufferSource, { name: 'PBKDF2' }, false, [
'deriveBits'
])
// Derive bits using PBKDF2 with the same parameters
// 2 << 16 = 131,072 iterations
const derivedBits = await subtle.deriveBits(
{
name: 'PBKDF2',
salt: saltBuffer as BufferSource,
iterations: 2 << 16,
hash: 'SHA-256'
},
keyMaterial,
32 * 8 // 32 bytes * 8 = 256 bits
)
return Buffer.from(derivedBits)
}