New default KDF (#83)

* New default KDF: HKDF-HMAC-SHA256 instead of just SHA256

* Updated README.md, few fixes

* Update README.md

* Fix hkdf

* Update crypt.test.ts

Author: savely-krasovsky

.circleci/config.yml

@@ -5,16 +5,15 @@ defaults: &defaults
   docker:
     - image: circleci/node:12
 
-
 jobs:
   test:
     <<: *defaults
     steps:
       - checkout
       - restore_cache:
           keys:
-          - v1-dependencies-{{ checksum "package-lock.json" }}
-          - v1-dependencies-
+            - v1-dependencies-{{ checksum "package-lock.json" }}
+            - v1-dependencies-
       - run:
           name: Install dependencies
           command: npm install
@@ -24,7 +23,7 @@ jobs:
           key: v1-dependencies-{{ checksum "package-lock.json" }}
       - run:
           name: Run tests and build js files
-          command: npm test && npm run build && npm pack --dry-run
+          command: npm test -- --bail --ci && npm run build && npm pack --dry-run
       - run:
           name: Upload coverage
           command: npx codecov

README.md

@@ -1,6 +1,6 @@
 # eciesjs
 
-[![Codacy Badge](https://api.codacy.com/project/badge/Grade/ba01a8bb2d3344f29f98157ccbd14519)](https://app.codacy.com/app/ecies/js)
+[![Codacy Badge](https://api.codacy.com/project/badge/Grade/47784cde956642b1b9e8e33cb8551674)](https://app.codacy.com/app/ecies/js)
 [![License](https://img.shields.io/github/license/ecies/js.svg)](https://github.com/ecies/js)
 [![Npm Package](https://img.shields.io/npm/v/eciesjs.svg)](https://www.npmjs.com/package/eciesjs)
 [![Circle CI](https://img.shields.io/circleci/project/ecies/js/master.svg)](https://circleci.com/gh/ecies/js)
@@ -57,6 +57,7 @@ Returns:  **Buffer**
 static fromHex(hex: string): PrivateKey;
 constructor(secret?: Buffer);
 toHex(): string;
+encapsulateKEM(pub: PublicKey): Buffer;
 ecdh(pub: PublicKey): Buffer;
 equals(other: PrivateKey): boolean;
 ```
@@ -76,6 +77,7 @@ readonly publicKey: PublicKey;
 static fromHex(hex: string): PublicKey;
 constructor(buffer: Buffer);
 toHex(compressed?: boolean): string;
+decapsulateKEM(priv: PrivateKey): Buffer;
 equals(other: PublicKey): boolean;
 ```
 

package-lock.json

@@ -41,6 +41,7 @@
     },
     "dependencies": {
         "@types/secp256k1": "^3.5.0",
+        "futoin-hkdf": "^1.2.0",
         "secp256k1": "^3.6.0"
     }
 }

package.json

@@ -4,7 +4,7 @@ import { aesDecrypt, aesEncrypt, decodeHex, getValidSecret, remove0x, sha256 } f
 export function encrypt(receiverPubhex: string, msg: Buffer): Buffer {
     const disposableKey = new PrivateKey();
     const receiverPubkey = PublicKey.fromHex(receiverPubhex);
-    const aesKey = disposableKey.ecdh(receiverPubkey);
+    const aesKey = disposableKey.encapsulateKEM(receiverPubkey);
     const encrypted = aesEncrypt(aesKey, msg);
     return Buffer.concat([disposableKey.publicKey.uncompressed, encrypted]);
 }
@@ -13,7 +13,7 @@ export function decrypt(receiverPrvhex: string, msg: Buffer): Buffer {
     const receiverPrvkey = PrivateKey.fromHex(receiverPrvhex);
     const senderPubkey = new PublicKey(msg.slice(0, 65));
     const encrypted = msg.slice(65);
-    const aesKey = receiverPrvkey.ecdh(senderPubkey);
+    const aesKey = senderPubkey.decapsulateKEM(receiverPrvkey);
     return aesDecrypt(aesKey, encrypted);
 }
 

src/index.ts

@@ -1,3 +1,4 @@
+import hkdf from "futoin-hkdf";
 import secp256k1 from "secp256k1";
 
 import { decodeHex, getValidSecret } from "../utils";
@@ -24,8 +25,17 @@ export default class PrivateKey {
         return `0x${this.secret.toString("hex")}`;
     }
 
-    public ecdh(pub: PublicKey) {
-        return secp256k1.ecdh(pub.compressed, this.secret);
+    public encapsulateKEM(pub: PublicKey): Buffer {
+        return hkdf(Buffer.concat([
+            this.publicKey.uncompressed,
+            this.multiply(pub),
+        ]), 32, {
+                hash: "SHA-256",
+            });
+    }
+
+    public multiply(pub: PublicKey): Buffer {
+        return secp256k1.ecdhUnsafe(pub.compressed, this.secret, false);
     }
 
     public equals(other: PrivateKey): boolean {

src/keys/PrivateKey.ts

@@ -1,6 +1,8 @@
+import hkdf from "futoin-hkdf";
 import secp256k1 from "secp256k1";
 
 import { decodeHex } from "../utils";
+import PrivateKey from "./PrivateKey";
 
 export default class PublicKey {
 
@@ -31,6 +33,15 @@ export default class PublicKey {
         }
     }
 
+    public decapsulateKEM(priv: PrivateKey): Buffer {
+        return hkdf(Buffer.concat([
+            this.uncompressed,
+            priv.multiply(this),
+        ]), 32, {
+                hash: "SHA-256",
+            });
+    }
+
     public equals(other: PublicKey): boolean {
         return this.uncompressed.equals(other.uncompressed);
     }

src/keys/PublicKey.ts

@@ -101,15 +101,21 @@ describe("test keys", () => {
         expect(ethPub.equals(ethPrv.publicKey)).to.be.equal(true);
     });
 
-    it("tests ecdh", () => {
-        const one = Buffer.from(new Uint8Array(32));
-        one[31] = 1;
+    it("tests multiply and hkdf", () => {
         const two = Buffer.from(new Uint8Array(32));
         two[31] = 2;
-
-        const k1 = new PrivateKey(one);
-        const k2 = new PrivateKey(two);
-        expect(k1.ecdh(k2.publicKey).equals(k2.ecdh(k1.publicKey))).to.be.equal(true);
+        const three = Buffer.from(new Uint8Array(32));
+        three[31] = 3;
+
+        const k1 = new PrivateKey(two);
+        const k2 = new PrivateKey(three);
+        expect(k1.multiply(k2.publicKey).equals(k2.multiply(k1.publicKey))).to.be.equal(true);
+
+        const derived = k1.encapsulateKEM(k2.publicKey);
+        const knownDerived = Buffer.from(decodeHex(
+            "6f982d63e8590c9d9b5b4c1959ff80315d772edd8f60287c9361d548d5200f82",
+        ));
+        expect(derived.equals(knownDerived)).to.be.equal(true);
     });
 
 });