Merge pull request #39 from internxt/switch_to_noble_curve

[_] Switch from crypto api to noble curve

Author: TamaraFinogina

README.md

@@ -85,7 +85,7 @@ expect(resultAlice).toStrictEqual(resultBob);
 // Symmetric encryption
 const data = utils.UTF8ToUint8('Sensitive information to encrypt'); // convert to Uint8Array 
 const additionalData = 'Additional non-secret data';
-const key = await symmetric.genSymmetricCryptoKey(); // CryptoKey 
+const key = await symmetric.genSymmetricKey(); 
 const ciphertext: Uint8Array = await symmetric.encryptSymmetrically(key, data, additionalData);
 const plainText = await symmetric.decryptSymmetrically(encryptionKey, ciphertext, additionalData);
 expect(data).toStrictEqual(plainText);

package.json

@@ -37,6 +37,7 @@
   },
   "dependencies": {
     "@noble/ciphers": "^2.1.1",
+    "@noble/curves": "^2.0.1",
     "@noble/hashes": "^2.0.1",
     "@noble/post-quantum": "^0.5.2",
     "@scure/bip39": "^2.0.1",

src/asymmetric-crypto/ellipticCurve.ts

@@ -1,24 +1,25 @@
-import { ECC_ALGORITHM, AES_KEY_BIT_LENGTH } from '../constants';
+import { x25519 } from '@noble/curves/webcrypto.js';
 
 /**
  * Derives secret key from the other user's public key and own private key
  *
- * @param otherUserPublicKey - The public key of the other user
- * @param ownPrivateKey - The private key
+ * @param aliceSecX - The secret key of the user deriving the shared secret key
+ * @param bobPubX - The public key of the other user
  * @returns The derived secret key bits
  */
-export async function deriveSecretKey(otherUserPublicKey: CryptoKey, ownPrivateKey: CryptoKey): Promise<Uint8Array> {
+export async function deriveSecretKey(aliceSecX: Uint8Array, bobPubX: Uint8Array): Promise<Uint8Array> {
   try {
-    const result = await crypto.subtle.deriveBits(
-      {
-        name: ECC_ALGORITHM,
-        public: otherUserPublicKey,
-      },
-      ownPrivateKey,
-      AES_KEY_BIT_LENGTH,
-    );
-    return new Uint8Array(result);
+    return await x25519.getSharedSecret(aliceSecX, bobPubX);
   } catch (error) {
     throw new Error('Failed to derive elliptic curve secret key', { cause: error });
   }
 }
+
+/**
+ * Generates elliptic curve key pair
+ *
+ * @returns The generated key pair
+ */
+export async function generateEccKeys(): Promise<{ secretKey: Uint8Array; publicKey: Uint8Array }> {
+  return x25519.keygen();
+}

src/asymmetric-crypto/index.ts

@@ -1,2 +1 @@
 export * from './ellipticCurve';
-export * from './keys';

src/asymmetric-crypto/keys.ts

@@ -7,8 +7,6 @@ export const KEY_WRAPPING_ALGORITHM = 'AES-KW';
 export const KEY_FORMAT = 'raw';
 export const CONTEXT_WRAPPING = 'CRYPTO library 2025-08-22 18:10:00 key derived from ecc and kyber secrets';
 
-export const ECC_ALGORITHM = 'X25519';
-
 export const CONTEXT_ENC_KEYSTORE = 'CRYPTO library 2025-07-30 16:18:03 key for opening encryption keys keystore';
 export const CONTEXT_RECOVERY = 'CRYPTO library 2025-07-30 16:20:00 key for account recovery';
 export const CONTEXT_INDEX = 'CRYPTO library 2025-07-30 17:20:00 key for protecting current search indices';

src/constants.ts

@@ -1,11 +1,4 @@
-export {
-  deriveSecretKey,
-  generateEccKeys,
-  exportPublicKey,
-  importPublicKey,
-  exportPrivateKey,
-  importPrivateKey,
-} from './asymmetric-crypto';
+export { deriveSecretKey, generateEccKeys } from './asymmetric-crypto';
 export {
   deriveSymmetricKeyFromTwoKeys,
   deriveSymmetricKeyFromTwoKeysAndContext,

src/index.ts

@@ -14,16 +14,6 @@ export type UserWithPublicKey = User & {
   publicHybridKey: Uint8Array;
 };
 
-export type PublicKeys = {
-  eccPublicKey: CryptoKey;
-  kyberPublicKey: Uint8Array;
-};
-
-export type PublicKeysBase64 = {
-  eccPublicKeyBase64: string;
-  kyberPublicKeyBase64: string;
-};
-
 export type HybridKeyPair = {
   publicKey: Uint8Array;
   secretKey: Uint8Array;

src/types.ts

@@ -2,12 +2,18 @@ import { describe, expect, it } from 'vitest';
 import { generateEccKeys, deriveSecretKey } from '../../src/asymmetric-crypto';
 
 describe('Test ecc functions', () => {
+  it('should generate elliptic curves key pair', async () => {
+    const keyPair = await generateEccKeys();
+    expect(keyPair.publicKey).toBeInstanceOf(Uint8Array);
+    expect(keyPair.secretKey).toBeInstanceOf(Uint8Array);
+  });
+
   it('should derive the same keys for Bob and Alice', async () => {
     const keysAlice = await generateEccKeys();
     const keysBob = await generateEccKeys();
 
-    const resultAlice = await deriveSecretKey(keysBob.publicKey, keysAlice.privateKey);
-    const resultBob = await deriveSecretKey(keysAlice.publicKey, keysBob.privateKey);
+    const resultAlice = await deriveSecretKey(keysBob.secretKey, keysAlice.publicKey);
+    const resultBob = await deriveSecretKey(keysAlice.secretKey, keysBob.publicKey);
 
     expect(resultAlice).toStrictEqual(resultBob);
   });
@@ -17,16 +23,16 @@ describe('Test ecc functions', () => {
     const keysBob = await generateEccKeys();
     const keysEve = await generateEccKeys();
 
-    const resultAliceEve = await deriveSecretKey(keysEve.publicKey, keysAlice.privateKey);
-    const resultAliceBob = await deriveSecretKey(keysBob.publicKey, keysAlice.privateKey);
+    const resultAliceEve = await deriveSecretKey(keysEve.secretKey, keysAlice.publicKey);
+    const resultAliceBob = await deriveSecretKey(keysBob.secretKey, keysAlice.publicKey);
 
     expect(resultAliceBob).not.toStrictEqual(resultAliceEve);
   });
 
   it('should throw an error if cannot derive', async () => {
     const keysAlice = await generateEccKeys();
 
-    await expect(deriveSecretKey(keysAlice.privateKey, keysAlice.privateKey)).rejects.toThrowError(
+    await expect(deriveSecretKey(keysAlice.secretKey, new Uint8Array())).rejects.toThrowError(
       /Failed to derive elliptic curve secret key/,
     );
   });