packages/shade-crypto-web/src/worker.ts

/**
 * Dedicated Web Worker entry. Bundle this as a module worker:
 *
 *   // Vite / modern Webpack / Rspack
 *   const w = new Worker(new URL('@shade/crypto-web/worker', import.meta.url),
 *                        { type: 'module' });
 *
 * The main thread talks to this worker via the protocol in
 * `worker-protocol.ts`. All heavy crypto (AES-GCM, HKDF, HMAC, X25519,
 * Ed25519) and stream state (per-lane keys + seq counters + running
 * sha256) live here so the main thread is never blocked.
 *
 * Lifecycle: every request is one `postMessage` round-trip. Sender /
 * receiver state is keyed by numeric ids handed in by the main thread —
 * the worker never invents ids. `destroy*` calls zeroize lane keys.
 */

import { StreamSender, StreamReceiver } from '@shade/streams';
import { SubtleCryptoProvider } from './provider.js';
import {
  WORKER_PROTOCOL_VERSION,
  fromTransferable,
  toTransferable,
  transferablesOf,
  type WorkerRequest,
  type WorkerResponse,
  type WorkerResult,
} from './worker-protocol.js';

interface DedicatedWorkerScope {
  postMessage(data: unknown, transfer?: ArrayBuffer[]): void;
  addEventListener(
    type: 'message',
    listener: (ev: { data: WorkerRequest }) => void,
  ): void;
}

const scope = globalThis as unknown as DedicatedWorkerScope;
const provider = new SubtleCryptoProvider();
const senders = new Map<number, StreamSender>();
const receivers = new Map<number, StreamReceiver>();

scope.addEventListener('message', (ev) => {
  void handle(ev.data);
});

async function handle(req: WorkerRequest): Promise<void> {
  try {
    const result = await dispatch(req);
    const transfer = transferablesOf(result);
    const res: WorkerResponse = { id: req.id, ok: true, result };
    scope.postMessage(res, transfer);
  } catch (err) {
    const error = err instanceof Error
      ? { name: err.name, message: err.message }
      : { name: 'Error', message: String(err) };
    const res: WorkerResponse = { id: req.id, ok: false, error };
    scope.postMessage(res);
  }
}

async function dispatch(req: WorkerRequest): Promise<WorkerResult> {
  switch (req.method) {
    case 'init': {
      if (req.protocolVersion !== WORKER_PROTOCOL_VERSION) {
        throw new Error(
          `worker protocol version mismatch: main=${req.protocolVersion} worker=${WORKER_PROTOCOL_VERSION}`,
        );
      }
      return { kind: 'ack' };
    }
    case 'ping':
      return { kind: 'pong' };

    // ─── crypto.* ─────────────────────────────────────────
    case 'crypto.generateX25519KeyPair': {
      const kp = await provider.generateX25519KeyPair();
      return {
        kind: 'keypair',
        publicKey: toTransferable(kp.publicKey),
        privateKey: toTransferable(kp.privateKey),
      };
    }
    case 'crypto.x25519': {
      const out = await provider.x25519(
        fromTransferable(req.privateKey),
        fromTransferable(req.publicKey),
      );
      return { kind: 'bytes', bytes: toTransferable(out) };
    }
    case 'crypto.generateEd25519KeyPair': {
      const kp = await provider.generateEd25519KeyPair();
      return {
        kind: 'keypair',
        publicKey: toTransferable(kp.publicKey),
        privateKey: toTransferable(kp.privateKey),
      };
    }
    case 'crypto.sign': {
      const sig = await provider.sign(
        fromTransferable(req.privateKey),
        fromTransferable(req.message),
      );
      return { kind: 'bytes', bytes: toTransferable(sig) };
    }
    case 'crypto.verify': {
      const valid = await provider.verify(
        fromTransferable(req.publicKey),
        fromTransferable(req.message),
        fromTransferable(req.signature),
      );
      return { kind: 'verify', valid };
    }
    case 'crypto.aesGcmEncrypt': {
      const out = await provider.aesGcmEncrypt(
        fromTransferable(req.key),
        fromTransferable(req.plaintext),
        req.aad ? fromTransferable(req.aad) : undefined,
      );
      return {
        kind: 'aead-encrypt',
        ciphertext: toTransferable(out.ciphertext),
        nonce: toTransferable(out.nonce),
      };
    }
    case 'crypto.aesGcmDecrypt': {
      const out = await provider.aesGcmDecrypt(
        fromTransferable(req.key),
        fromTransferable(req.ciphertext),
        fromTransferable(req.nonce),
        req.aad ? fromTransferable(req.aad) : undefined,
      );
      return { kind: 'bytes', bytes: toTransferable(out) };
    }
    case 'crypto.hkdf': {
      const out = await provider.hkdf(
        fromTransferable(req.ikm),
        fromTransferable(req.salt),
        fromTransferable(req.info),
        req.length,
      );
      return { kind: 'bytes', bytes: toTransferable(out) };
    }
    case 'crypto.hmacSha256': {
      const out = await provider.hmacSha256(
        fromTransferable(req.key),
        fromTransferable(req.data),
      );
      return { kind: 'bytes', bytes: toTransferable(out) };
    }

    // ─── stream.* (sender) ────────────────────────────────
    case 'stream.createSender': {
      if (senders.has(req.senderId)) {
        throw new Error(`senderId ${req.senderId} already exists`);
      }
      const sender = await StreamSender.create({
        crypto: provider,
        streamId: fromTransferable(req.streamId),
        streamSecret: fromTransferable(req.streamSecret),
        laneId: req.laneId,
        startSeq: req.startSeq,
      });
      senders.set(req.senderId, sender);
      return { kind: 'ack' };
    }
    case 'stream.encryptChunk': {
      const sender = senders.get(req.senderId);
      if (sender === undefined) throw new Error(`unknown senderId ${req.senderId}`);
      const chunk = await sender.encryptChunk(fromTransferable(req.plaintext), req.isLast);
      return {
        kind: 'chunk-encrypt',
        bytes: toTransferable(chunk.bytes),
        seq: chunk.seq,
      };
    }
    case 'stream.getSenderLaneSha256': {
      const sender = senders.get(req.senderId);
      if (sender === undefined) throw new Error(`unknown senderId ${req.senderId}`);
      return { kind: 'bytes', bytes: toTransferable(sender.getLaneSha256Digest()) };
    }
    case 'stream.destroySender': {
      const sender = senders.get(req.senderId);
      if (sender !== undefined) {
        sender.destroy();
        senders.delete(req.senderId);
      }
      return { kind: 'ack' };
    }

    // ─── stream.* (receiver) ──────────────────────────────
    case 'stream.createReceiver': {
      if (receivers.has(req.receiverId)) {
        throw new Error(`receiverId ${req.receiverId} already exists`);
      }
      const receiver = await StreamReceiver.create({
        crypto: provider,
        streamId: fromTransferable(req.streamId),
        streamSecret: fromTransferable(req.streamSecret),
        laneId: req.laneId,
        startSeq: req.startSeq,
      });
      receivers.set(req.receiverId, receiver);
      return { kind: 'ack' };
    }
    case 'stream.decryptChunk': {
      const receiver = receivers.get(req.receiverId);
      if (receiver === undefined) throw new Error(`unknown receiverId ${req.receiverId}`);
      const dec = await receiver.decryptChunk(fromTransferable(req.wireBytes));
      return {
        kind: 'chunk-decrypt',
        plaintext: toTransferable(dec.plaintext),
        seq: dec.seq,
        isLast: dec.isLast,
      };
    }
    case 'stream.getReceiverLaneSha256': {
      const receiver = receivers.get(req.receiverId);
      if (receiver === undefined) throw new Error(`unknown receiverId ${req.receiverId}`);
      return { kind: 'bytes', bytes: toTransferable(receiver.getLaneSha256Digest()) };
    }
    case 'stream.destroyReceiver': {
      const receiver = receivers.get(req.receiverId);
      if (receiver !== undefined) {
        receiver.destroy();
        receivers.delete(req.receiverId);
      }
      return { kind: 'ack' };
    }
  }
}
release(v4.0.0): Shade GA — V3.x consolidation + audit prep V3.1 → V3.12 consolidated and tagged for the first GA release. Wire format unchanged from 0.4.x — 4.0 peers interoperate with 0.4.x peers byte-for-byte. The version bump is semantic: audit-cycle complete, opt-in surface fully exposed, threat model refreshed for every new surface. Highlights: - All 24 @shade/* packages bumped to 4.0.0 in lockstep. - CHANGELOG 4.0.0 section is the canonical manifest of what landed. - THREAT-MODEL extended (§10 fingerprint gates, §11 WebRTC P2P, §12 Web-Worker boundary) + residual-risks table refreshed. - OpenAPI now covers all 27 routes: prekey, transfer, KT, inbox, bridge, observer, /metrics, /healthz, /ready. - MIGRATION 0.3.x → 4.0 documented + smoke-tested against shade migrate-storage on a real SQLite DB. - docs/audit/REVIEW-BUNDLE.md + SCOPE.md ready for external reviewer. - scripts/soak.ts harness for the GA-stable 2-week soak window. - All V*.md plans archived under docs/archive/ with Status: Done. - Voice/Video carved out into V5.0; 4.0 audit focuses on the frozen non-realtime stack. Tests: TS 1000/1000 + Kotlin 11/11 cross-platform vectors green. Docker: gt.zyon.no/stian/shade-prekey:4.0.0 builds and reports version 4.0.0 on /health. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-03 18:35:35 +02:00			`/**`
			`* Dedicated Web Worker entry. Bundle this as a module worker:`
			`*`
			`* // Vite / modern Webpack / Rspack`
			`* const w = new Worker(new URL('@shade/crypto-web/worker', import.meta.url),`
			`* { type: 'module' });`
			`*`
			`* The main thread talks to this worker via the protocol in`
			* `worker-protocol.ts`. All heavy crypto (AES-GCM, HKDF, HMAC, X25519,
			`* Ed25519) and stream state (per-lane keys + seq counters + running`
			`* sha256) live here so the main thread is never blocked.`
			`*`
			* Lifecycle: every request is one `postMessage` round-trip. Sender /
			`* receiver state is keyed by numeric ids handed in by the main thread —`
			* the worker never invents ids. `destroy*` calls zeroize lane keys.
			`*/`

			`import { StreamSender, StreamReceiver } from '@shade/streams';`
			`import { SubtleCryptoProvider } from './provider.js';`
			`import {`
			`WORKER_PROTOCOL_VERSION,`
			`fromTransferable,`
			`toTransferable,`
			`transferablesOf,`
			`type WorkerRequest,`
			`type WorkerResponse,`
			`type WorkerResult,`
			`} from './worker-protocol.js';`

			`interface DedicatedWorkerScope {`
			`postMessage(data: unknown, transfer?: ArrayBuffer[]): void;`
			`addEventListener(`
			`type: 'message',`
			`listener: (ev: { data: WorkerRequest }) => void,`
			`): void;`
			`}`

			`const scope = globalThis as unknown as DedicatedWorkerScope;`
			`const provider = new SubtleCryptoProvider();`
			`const senders = new Map<number, StreamSender>();`
			`const receivers = new Map<number, StreamReceiver>();`

			`scope.addEventListener('message', (ev) => {`
			`void handle(ev.data);`
			`});`

			`async function handle(req: WorkerRequest): Promise<void> {`
			`try {`
			`const result = await dispatch(req);`
			`const transfer = transferablesOf(result);`
			`const res: WorkerResponse = { id: req.id, ok: true, result };`
			`scope.postMessage(res, transfer);`
			`} catch (err) {`
			`const error = err instanceof Error`
			`? { name: err.name, message: err.message }`
			`: { name: 'Error', message: String(err) };`
			`const res: WorkerResponse = { id: req.id, ok: false, error };`
			`scope.postMessage(res);`
			`}`
			`}`

			`async function dispatch(req: WorkerRequest): Promise<WorkerResult> {`
			`switch (req.method) {`
			`case 'init': {`
			`if (req.protocolVersion !== WORKER_PROTOCOL_VERSION) {`
			`throw new Error(`
			`worker protocol version mismatch: main=${req.protocolVersion} worker=${WORKER_PROTOCOL_VERSION}`,
			`);`
			`}`
			`return { kind: 'ack' };`
			`}`
			`case 'ping':`
			`return { kind: 'pong' };`

			`// ─── crypto.* ─────────────────────────────────────────`
			`case 'crypto.generateX25519KeyPair': {`
			`const kp = await provider.generateX25519KeyPair();`
			`return {`
			`kind: 'keypair',`
			`publicKey: toTransferable(kp.publicKey),`
			`privateKey: toTransferable(kp.privateKey),`
			`};`
			`}`
			`case 'crypto.x25519': {`
			`const out = await provider.x25519(`
			`fromTransferable(req.privateKey),`
			`fromTransferable(req.publicKey),`
			`);`
			`return { kind: 'bytes', bytes: toTransferable(out) };`
			`}`
			`case 'crypto.generateEd25519KeyPair': {`
			`const kp = await provider.generateEd25519KeyPair();`
			`return {`
			`kind: 'keypair',`
			`publicKey: toTransferable(kp.publicKey),`
			`privateKey: toTransferable(kp.privateKey),`
			`};`
			`}`
			`case 'crypto.sign': {`
			`const sig = await provider.sign(`
			`fromTransferable(req.privateKey),`
			`fromTransferable(req.message),`
			`);`
			`return { kind: 'bytes', bytes: toTransferable(sig) };`
			`}`
			`case 'crypto.verify': {`
			`const valid = await provider.verify(`
			`fromTransferable(req.publicKey),`
			`fromTransferable(req.message),`
			`fromTransferable(req.signature),`
			`);`
			`return { kind: 'verify', valid };`
			`}`
			`case 'crypto.aesGcmEncrypt': {`
			`const out = await provider.aesGcmEncrypt(`
			`fromTransferable(req.key),`
			`fromTransferable(req.plaintext),`
			`req.aad ? fromTransferable(req.aad) : undefined,`
			`);`
			`return {`
			`kind: 'aead-encrypt',`
			`ciphertext: toTransferable(out.ciphertext),`
			`nonce: toTransferable(out.nonce),`
			`};`
			`}`
			`case 'crypto.aesGcmDecrypt': {`
			`const out = await provider.aesGcmDecrypt(`
			`fromTransferable(req.key),`
			`fromTransferable(req.ciphertext),`
			`fromTransferable(req.nonce),`
			`req.aad ? fromTransferable(req.aad) : undefined,`
			`);`
			`return { kind: 'bytes', bytes: toTransferable(out) };`
			`}`
			`case 'crypto.hkdf': {`
			`const out = await provider.hkdf(`
			`fromTransferable(req.ikm),`
			`fromTransferable(req.salt),`
			`fromTransferable(req.info),`
			`req.length,`
			`);`
			`return { kind: 'bytes', bytes: toTransferable(out) };`
			`}`
			`case 'crypto.hmacSha256': {`
			`const out = await provider.hmacSha256(`
			`fromTransferable(req.key),`
			`fromTransferable(req.data),`
			`);`
			`return { kind: 'bytes', bytes: toTransferable(out) };`
			`}`

			`// ─── stream.* (sender) ────────────────────────────────`
			`case 'stream.createSender': {`
			`if (senders.has(req.senderId)) {`
			throw new Error(`senderId ${req.senderId} already exists`);
			`}`
			`const sender = await StreamSender.create({`
			`crypto: provider,`
			`streamId: fromTransferable(req.streamId),`
			`streamSecret: fromTransferable(req.streamSecret),`
			`laneId: req.laneId,`
			`startSeq: req.startSeq,`
			`});`
			`senders.set(req.senderId, sender);`
			`return { kind: 'ack' };`
			`}`
			`case 'stream.encryptChunk': {`
			`const sender = senders.get(req.senderId);`
			if (sender === undefined) throw new Error(`unknown senderId ${req.senderId}`);
			`const chunk = await sender.encryptChunk(fromTransferable(req.plaintext), req.isLast);`
			`return {`
			`kind: 'chunk-encrypt',`
			`bytes: toTransferable(chunk.bytes),`
			`seq: chunk.seq,`
			`};`
			`}`
			`case 'stream.getSenderLaneSha256': {`
			`const sender = senders.get(req.senderId);`
			if (sender === undefined) throw new Error(`unknown senderId ${req.senderId}`);
			`return { kind: 'bytes', bytes: toTransferable(sender.getLaneSha256Digest()) };`
			`}`
			`case 'stream.destroySender': {`
			`const sender = senders.get(req.senderId);`
			`if (sender !== undefined) {`
			`sender.destroy();`
			`senders.delete(req.senderId);`
			`}`
			`return { kind: 'ack' };`
			`}`

			`// ─── stream.* (receiver) ──────────────────────────────`
			`case 'stream.createReceiver': {`
			`if (receivers.has(req.receiverId)) {`
			throw new Error(`receiverId ${req.receiverId} already exists`);
			`}`
			`const receiver = await StreamReceiver.create({`
			`crypto: provider,`
			`streamId: fromTransferable(req.streamId),`
			`streamSecret: fromTransferable(req.streamSecret),`
			`laneId: req.laneId,`
			`startSeq: req.startSeq,`
			`});`
			`receivers.set(req.receiverId, receiver);`
			`return { kind: 'ack' };`
			`}`
			`case 'stream.decryptChunk': {`
			`const receiver = receivers.get(req.receiverId);`
			if (receiver === undefined) throw new Error(`unknown receiverId ${req.receiverId}`);
			`const dec = await receiver.decryptChunk(fromTransferable(req.wireBytes));`
			`return {`
			`kind: 'chunk-decrypt',`
			`plaintext: toTransferable(dec.plaintext),`
			`seq: dec.seq,`
			`isLast: dec.isLast,`
			`};`
			`}`
			`case 'stream.getReceiverLaneSha256': {`
			`const receiver = receivers.get(req.receiverId);`
			if (receiver === undefined) throw new Error(`unknown receiverId ${req.receiverId}`);
			`return { kind: 'bytes', bytes: toTransferable(receiver.getLaneSha256Digest()) };`
			`}`
			`case 'stream.destroyReceiver': {`
			`const receiver = receivers.get(req.receiverId);`
			`if (receiver !== undefined) {`
			`receiver.destroy();`
			`receivers.delete(req.receiverId);`
			`}`
			`return { kind: 'ack' };`
			`}`
			`}`
			`}`