Sterister
e6fdf31b49
Some checks failed
Test / test (push) Has been cancelled
Cross-platform vectors / TypeScript vectors (bun) (push) Has been cancelled
Cross-platform vectors / Kotlin vectors (gradle) (push) Has been cancelled
Docker build and publish / docker (push) Has been cancelled
Publish / publish (push) Has been cancelled
V3.1 → V3.12 consolidated and tagged for the first GA release. Wire format unchanged from 0.4.x — 4.0 peers interoperate with 0.4.x peers byte-for-byte. The version bump is semantic: audit-cycle complete, opt-in surface fully exposed, threat model refreshed for every new surface. Highlights: - All 24 @shade/* packages bumped to 4.0.0 in lockstep. - CHANGELOG 4.0.0 section is the canonical manifest of what landed. - THREAT-MODEL extended (§10 fingerprint gates, §11 WebRTC P2P, §12 Web-Worker boundary) + residual-risks table refreshed. - OpenAPI now covers all 27 routes: prekey, transfer, KT, inbox, bridge, observer, /metrics, /healthz, /ready. - MIGRATION 0.3.x → 4.0 documented + smoke-tested against shade migrate-storage on a real SQLite DB. - docs/audit/REVIEW-BUNDLE.md + SCOPE.md ready for external reviewer. - scripts/soak.ts harness for the GA-stable 2-week soak window. - All V*.md plans archived under docs/archive/ with Status: Done. - Voice/Video carved out into V5.0; 4.0 audit focuses on the frozen non-realtime stack. Tests: TS 1000/1000 + Kotlin 11/11 cross-platform vectors green. Docker: gt.zyon.no/stian/shade-prekey:4.0.0 builds and reports version 4.0.0 on /health. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
232 lines
7.9 KiB
TypeScript
232 lines
7.9 KiB
TypeScript
/**
|
|
* Dedicated Web Worker entry. Bundle this as a module worker:
|
|
*
|
|
* // Vite / modern Webpack / Rspack
|
|
* const w = new Worker(new URL('@shade/crypto-web/worker', import.meta.url),
|
|
* { type: 'module' });
|
|
*
|
|
* The main thread talks to this worker via the protocol in
|
|
* `worker-protocol.ts`. All heavy crypto (AES-GCM, HKDF, HMAC, X25519,
|
|
* Ed25519) and stream state (per-lane keys + seq counters + running
|
|
* sha256) live here so the main thread is never blocked.
|
|
*
|
|
* Lifecycle: every request is one `postMessage` round-trip. Sender /
|
|
* receiver state is keyed by numeric ids handed in by the main thread —
|
|
* the worker never invents ids. `destroy*` calls zeroize lane keys.
|
|
*/
|
|
|
|
import { StreamSender, StreamReceiver } from '@shade/streams';
|
|
import { SubtleCryptoProvider } from './provider.js';
|
|
import {
|
|
WORKER_PROTOCOL_VERSION,
|
|
fromTransferable,
|
|
toTransferable,
|
|
transferablesOf,
|
|
type WorkerRequest,
|
|
type WorkerResponse,
|
|
type WorkerResult,
|
|
} from './worker-protocol.js';
|
|
|
|
interface DedicatedWorkerScope {
|
|
postMessage(data: unknown, transfer?: ArrayBuffer[]): void;
|
|
addEventListener(
|
|
type: 'message',
|
|
listener: (ev: { data: WorkerRequest }) => void,
|
|
): void;
|
|
}
|
|
|
|
const scope = globalThis as unknown as DedicatedWorkerScope;
|
|
const provider = new SubtleCryptoProvider();
|
|
const senders = new Map<number, StreamSender>();
|
|
const receivers = new Map<number, StreamReceiver>();
|
|
|
|
scope.addEventListener('message', (ev) => {
|
|
void handle(ev.data);
|
|
});
|
|
|
|
async function handle(req: WorkerRequest): Promise<void> {
|
|
try {
|
|
const result = await dispatch(req);
|
|
const transfer = transferablesOf(result);
|
|
const res: WorkerResponse = { id: req.id, ok: true, result };
|
|
scope.postMessage(res, transfer);
|
|
} catch (err) {
|
|
const error = err instanceof Error
|
|
? { name: err.name, message: err.message }
|
|
: { name: 'Error', message: String(err) };
|
|
const res: WorkerResponse = { id: req.id, ok: false, error };
|
|
scope.postMessage(res);
|
|
}
|
|
}
|
|
|
|
async function dispatch(req: WorkerRequest): Promise<WorkerResult> {
|
|
switch (req.method) {
|
|
case 'init': {
|
|
if (req.protocolVersion !== WORKER_PROTOCOL_VERSION) {
|
|
throw new Error(
|
|
`worker protocol version mismatch: main=${req.protocolVersion} worker=${WORKER_PROTOCOL_VERSION}`,
|
|
);
|
|
}
|
|
return { kind: 'ack' };
|
|
}
|
|
case 'ping':
|
|
return { kind: 'pong' };
|
|
|
|
// ─── crypto.* ─────────────────────────────────────────
|
|
case 'crypto.generateX25519KeyPair': {
|
|
const kp = await provider.generateX25519KeyPair();
|
|
return {
|
|
kind: 'keypair',
|
|
publicKey: toTransferable(kp.publicKey),
|
|
privateKey: toTransferable(kp.privateKey),
|
|
};
|
|
}
|
|
case 'crypto.x25519': {
|
|
const out = await provider.x25519(
|
|
fromTransferable(req.privateKey),
|
|
fromTransferable(req.publicKey),
|
|
);
|
|
return { kind: 'bytes', bytes: toTransferable(out) };
|
|
}
|
|
case 'crypto.generateEd25519KeyPair': {
|
|
const kp = await provider.generateEd25519KeyPair();
|
|
return {
|
|
kind: 'keypair',
|
|
publicKey: toTransferable(kp.publicKey),
|
|
privateKey: toTransferable(kp.privateKey),
|
|
};
|
|
}
|
|
case 'crypto.sign': {
|
|
const sig = await provider.sign(
|
|
fromTransferable(req.privateKey),
|
|
fromTransferable(req.message),
|
|
);
|
|
return { kind: 'bytes', bytes: toTransferable(sig) };
|
|
}
|
|
case 'crypto.verify': {
|
|
const valid = await provider.verify(
|
|
fromTransferable(req.publicKey),
|
|
fromTransferable(req.message),
|
|
fromTransferable(req.signature),
|
|
);
|
|
return { kind: 'verify', valid };
|
|
}
|
|
case 'crypto.aesGcmEncrypt': {
|
|
const out = await provider.aesGcmEncrypt(
|
|
fromTransferable(req.key),
|
|
fromTransferable(req.plaintext),
|
|
req.aad ? fromTransferable(req.aad) : undefined,
|
|
);
|
|
return {
|
|
kind: 'aead-encrypt',
|
|
ciphertext: toTransferable(out.ciphertext),
|
|
nonce: toTransferable(out.nonce),
|
|
};
|
|
}
|
|
case 'crypto.aesGcmDecrypt': {
|
|
const out = await provider.aesGcmDecrypt(
|
|
fromTransferable(req.key),
|
|
fromTransferable(req.ciphertext),
|
|
fromTransferable(req.nonce),
|
|
req.aad ? fromTransferable(req.aad) : undefined,
|
|
);
|
|
return { kind: 'bytes', bytes: toTransferable(out) };
|
|
}
|
|
case 'crypto.hkdf': {
|
|
const out = await provider.hkdf(
|
|
fromTransferable(req.ikm),
|
|
fromTransferable(req.salt),
|
|
fromTransferable(req.info),
|
|
req.length,
|
|
);
|
|
return { kind: 'bytes', bytes: toTransferable(out) };
|
|
}
|
|
case 'crypto.hmacSha256': {
|
|
const out = await provider.hmacSha256(
|
|
fromTransferable(req.key),
|
|
fromTransferable(req.data),
|
|
);
|
|
return { kind: 'bytes', bytes: toTransferable(out) };
|
|
}
|
|
|
|
// ─── stream.* (sender) ────────────────────────────────
|
|
case 'stream.createSender': {
|
|
if (senders.has(req.senderId)) {
|
|
throw new Error(`senderId ${req.senderId} already exists`);
|
|
}
|
|
const sender = await StreamSender.create({
|
|
crypto: provider,
|
|
streamId: fromTransferable(req.streamId),
|
|
streamSecret: fromTransferable(req.streamSecret),
|
|
laneId: req.laneId,
|
|
startSeq: req.startSeq,
|
|
});
|
|
senders.set(req.senderId, sender);
|
|
return { kind: 'ack' };
|
|
}
|
|
case 'stream.encryptChunk': {
|
|
const sender = senders.get(req.senderId);
|
|
if (sender === undefined) throw new Error(`unknown senderId ${req.senderId}`);
|
|
const chunk = await sender.encryptChunk(fromTransferable(req.plaintext), req.isLast);
|
|
return {
|
|
kind: 'chunk-encrypt',
|
|
bytes: toTransferable(chunk.bytes),
|
|
seq: chunk.seq,
|
|
};
|
|
}
|
|
case 'stream.getSenderLaneSha256': {
|
|
const sender = senders.get(req.senderId);
|
|
if (sender === undefined) throw new Error(`unknown senderId ${req.senderId}`);
|
|
return { kind: 'bytes', bytes: toTransferable(sender.getLaneSha256Digest()) };
|
|
}
|
|
case 'stream.destroySender': {
|
|
const sender = senders.get(req.senderId);
|
|
if (sender !== undefined) {
|
|
sender.destroy();
|
|
senders.delete(req.senderId);
|
|
}
|
|
return { kind: 'ack' };
|
|
}
|
|
|
|
// ─── stream.* (receiver) ──────────────────────────────
|
|
case 'stream.createReceiver': {
|
|
if (receivers.has(req.receiverId)) {
|
|
throw new Error(`receiverId ${req.receiverId} already exists`);
|
|
}
|
|
const receiver = await StreamReceiver.create({
|
|
crypto: provider,
|
|
streamId: fromTransferable(req.streamId),
|
|
streamSecret: fromTransferable(req.streamSecret),
|
|
laneId: req.laneId,
|
|
startSeq: req.startSeq,
|
|
});
|
|
receivers.set(req.receiverId, receiver);
|
|
return { kind: 'ack' };
|
|
}
|
|
case 'stream.decryptChunk': {
|
|
const receiver = receivers.get(req.receiverId);
|
|
if (receiver === undefined) throw new Error(`unknown receiverId ${req.receiverId}`);
|
|
const dec = await receiver.decryptChunk(fromTransferable(req.wireBytes));
|
|
return {
|
|
kind: 'chunk-decrypt',
|
|
plaintext: toTransferable(dec.plaintext),
|
|
seq: dec.seq,
|
|
isLast: dec.isLast,
|
|
};
|
|
}
|
|
case 'stream.getReceiverLaneSha256': {
|
|
const receiver = receivers.get(req.receiverId);
|
|
if (receiver === undefined) throw new Error(`unknown receiverId ${req.receiverId}`);
|
|
return { kind: 'bytes', bytes: toTransferable(receiver.getLaneSha256Digest()) };
|
|
}
|
|
case 'stream.destroyReceiver': {
|
|
const receiver = receivers.get(req.receiverId);
|
|
if (receiver !== undefined) {
|
|
receiver.destroy();
|
|
receivers.delete(req.receiverId);
|
|
}
|
|
return { kind: 'ack' };
|
|
}
|
|
}
|
|
}
|