add keyPair, exportPublicKey, and sharedKey to NamedGroup

Author: Srabutdotcom

deno.json

@@ -1,6 +1,6 @@
 {
   "name": "@tls/enum",
-  "version": "0.8.7",
+  "version": "0.8.8",
   "exports": "./src/mod.ts",
   "publish": {
     "exclude": ["dist/"]
@@ -18,6 +18,7 @@
     "@peculiar/x509": "npm:@peculiar/x509@^1.12.3",
     "@std/assert": "jsr:@std/assert@^1.0.2",
     "@tls/struct": "jsr:@tls/struct@^0.3.8",
+    "ec-key": "npm:ec-key@^0.0.6",
     "elliptic": "npm:elliptic@^6.6.1"
   }
 }

src/namedgroup.js

@@ -11,6 +11,7 @@ export class NamedGroup extends Enum {
    #keyGen;
    #privateKey;
    #publicKey;
+   #keyPair;
 
    /* Elliptic Curve Groups (ECDHE) */
    static SECP256R1 = new NamedGroup('SECP256R1', 0x0017);
@@ -124,10 +125,60 @@ export class NamedGroup extends Enum {
     * 
     * @returns {KeyShareEntry} A new KeyShareEntry instance.
     */
-   keyShareEntry() {
-      const key_exchange = KeyExchange.fromKey(this.publicKey);
+   async keyShareEntry() {
+      const key_exchange = KeyExchange.fromKey(await this.exportPublicKey());
       return new KeyShareEntry(this, key_exchange);
    }
+
+   async keyPair(){
+      if(this.#keyPair)return this.#keyPair
+      let algo
+      switch (this) {
+         case NamedGroup.X25519:{
+            algo = "X25519"
+            break;
+         }
+         case NamedGroup.SECP256R1: {
+            algo =  { name: "ECDH", namedCurve: "P-256" };
+            break;
+         }
+         case NamedGroup.SECP384R1: {
+            algo =  { name: "ECDH", namedCurve: "P-384" };
+            break;
+         }
+      }
+      this.#keyPair||= await generateKey(algo);
+      return this.#keyPair;
+   }
+
+   async exportPublicKey(){
+      const bits = await crypto.subtle.exportKey("raw", (await this.keyPair()).publicKey)
+      return new Uint8Array(bits)
+   }
+
+   async sharedKey(publicKey) {
+      let algo, length
+      switch (this) {
+         case NamedGroup.X25519:
+            algo = "X25519";
+            length = 256;
+            break;
+         case NamedGroup.SECP256R1:
+            algo = "ECDH";
+            length = 256;
+            break
+         case NamedGroup.SECP384R1:
+            algo = "ECDH";
+            length = 384
+            break;
+      }
+      const bits =  await crypto.subtle.deriveBits(
+         { name: algo, public: publicKey },
+         (await this.keyPair()).privateKey,
+         length // Output key length (384 bits for P-384)
+     )
+     return new Uint8Array(bits)
+   }
 }
 
 /**
@@ -169,5 +220,11 @@ export class KeyShareEntry extends Struct {
    }
 }
 
-
+async function generateKey(algo) {
+   return await crypto.subtle.generateKey(
+      algo,
+      true,
+      ["deriveKey", "deriveBits"]
+   );
+}
 // npx -p typescript tsc ./src/namedgroup.js --declaration --allowJs --emitDeclarationOnly --lib ESNext --outDir ./dist

src/utils.js

@@ -9,3 +9,102 @@ export function parseItems(copy, start, lengthOf, Fn) {
    return items
 }
 
+/**
+ * Converts secp384r1 (P-384) private and public key bytes to JWK format
+ * 
+ * @param {Uint8Array} privateKeyBytes - Raw private key bytes (optional)
+ * @param {Uint8Array} publicKeyBytes - Raw public key bytes (uncompressed format with 0x04 prefix)
+ * @returns {Object} JWK representation of the key
+ */
+export function secp384r1ToJwk(privateKeyBytes, publicKeyBytes) {
+   // Ensure we have at least one of the keys
+   if (!privateKeyBytes && !publicKeyBytes) {
+      throw new Error('Either privateKeyBytes or publicKeyBytes must be provided');
+   }
+
+   // Handle public key conversion
+   const jwk = {};
+
+   if (publicKeyBytes) {
+      // Public key should be in uncompressed form starting with 0x04 followed by 
+      // x and y coordinates (each 48 bytes for P-384)
+      if (publicKeyBytes.length !== 97 || publicKeyBytes[0] !== 4) {
+         throw new Error('Invalid public key format. Expected uncompressed format (0x04 + 96 bytes)');
+      }
+
+      // Extract x and y coordinates (skipping the 0x04 prefix)
+      const xCoord = publicKeyBytes.slice(1, 49);
+      const yCoord = publicKeyBytes.slice(49, 97);
+
+      // Base64Url encode coordinates
+      jwk.x = base64UrlEncode(xCoord);
+      jwk.y = base64UrlEncode(yCoord);
+   }
+
+   // Handle private key if provided
+   if (privateKeyBytes) {
+      if (privateKeyBytes.length !== 48) {
+         throw new Error('Invalid private key length. Expected 48 bytes for P-384');
+      }
+
+      jwk.d = base64UrlEncode(privateKeyBytes);
+   }
+
+   // Set common parameters for secp384r1 curve
+   jwk.kty = "EC";
+   jwk.crv = "P-384";
+
+   // Set key use based on what's provided
+   jwk.key_ops = privateKeyBytes ?
+      ["sign"] : // Private key can sign
+      ["verify"]; // Public key can verify
+
+   return jwk;
+}
+
+/**
+ * Helper function to convert bytes to base64url format
+ * 
+ * @param {Uint8Array} bytes - Byte array to encode
+ * @returns {string} base64url encoded string
+ */
+function base64UrlEncode(bytes) {
+   // Convert to regular base64
+   const base64 = btoa(String.fromCharCode.apply(null, bytes));
+
+   // Convert to base64url by replacing characters
+   return base64
+      .replace(/\+/g, '-')
+      .replace(/\//g, '_')
+      .replace(/=/g, '');
+}
+
+export async function convertSecp384r1ToJWK(privateKeyBytes, publicKeyBytes) {
+   //const crypto = globalThis.crypto || require("crypto").webcrypto; // Ensure WebCrypto API is available
+
+   // Import Private Key
+   const privateKey = await crypto.subtle.importKey(
+      "raw",
+      privateKeyBytes,
+      { name: "ECDH", namedCurve: "P-384" },
+      true,
+      ["deriveBits"]
+   );
+
+   // Export Private Key to JWK
+   const jwkPrivateKey = await crypto.subtle.exportKey("jwk", privateKey);
+
+   // Import Public Key
+   const publicKey = await crypto.subtle.importKey(
+      "raw",
+      publicKeyBytes,
+      { name: "ECDH", namedCurve: "P-384" },
+      true,
+      []
+   );
+
+   // Export Public Key to JWK
+   const jwkPublicKey = await crypto.subtle.exportKey("jwk", publicKey);
+
+   return { jwkPrivateKey, jwkPublicKey };
+}

test/namedgroup_test.js

@@ -3,6 +3,7 @@ import { NamedGroup } from "../src/namedgroup.js";
 import { p384 } from "@noble/curves/p384";
 import elliptic from "elliptic"
 import { safeuint8array } from "../src/dep.ts";
+import ECKey from "ec-key"
 
 Deno.test(
    "NamedGroup",
@@ -22,18 +23,20 @@ Deno.test(
    }
 )
 
+const x25519 = NamedGroup.X25519;
+
+const x25519_keyPair = await x25519.keyPair();
+const x25519_publicKeyByte = await x25519.exportPublicKey();
+const x25519_keyShareEntry = await x25519.keyShareEntry();
+
+
 const secP384R1 = NamedGroup.SECP384R1;
-const pub = secP384R1.publicKey;
+const p384_keys = await secP384R1.keyPair();
+const p384_pub = await secP384R1.exportPublicKey();
 const pri = secP384R1.privateKey;
 
-const keyPair = await crypto.subtle.generateKey(
-   { name: "ECDSA", namedCurve: "P-384" },
-   true,
-   ["sign", "verify"]
-);
-
-const publicKeyJwk = await crypto.subtle.exportKey("raw", keyPair.publicKey);
 
+debugger;
 
 var EC = elliptic.ec;
 var ec = new EC('p384');
@@ -45,10 +48,69 @@ var publicKey1 = key1.getPublic()
 var publicKey1Buffer = safeuint8array(0x04, publicKey1.getX().toBuffer(), publicKey1.getY().toBuffer());
 var publicKey2Buffer = publicKey1.encode('buffer');
 
+var privateKey1 = key1.getPrivate().toBuffer();
+var publicKey2 = key2.getPublic()
 
-var shared1 = key1.derive(key2.getPublic());
 
 const priv = p384.utils.randomPrivateKey();
-const publ = p384.getPublicKey(priv, false)
+const publ = p384.getPublicKey(priv, false);
+const shar = p384.getSharedSecret(priv, p384_pub);
+const shar_p384 = await secP384R1.sharedKey(await importECPublicKey(publ));
+debugger;
+
+//const key = ECKey;
+
+const _null = null;
+debugger;
+
+async function generateKey() {
+   return await crypto.subtle.generateKey(
+      { name: "ECDH", namedCurve: "P-384" },
+      true,
+      ["deriveKey", "deriveBits"]
+   );
+}
+async function x25519Key() {
+   return await crypto.subtle.generateKey(
+      "X25519",
+      true,
+      ["deriveKey", "deriveBits"]
+   )
+}
+;
+
+async function importEcPrivateKey(ecPrivKey) {
+   return await crypto.subtle.importKey(
+      "pkcs8",      // Key format (PKCS#8 for private keys)
+      ecPrivKey,    // Key data (ArrayBuffer)
+      {
+         name: "ECDH",  // Algorithm name (Elliptic Curve Diffie-Hellman)
+         namedCurve: "P-384" // SECP384R1 curve
+      },
+      true,         // Key is extractable (can be exported)
+      ["deriveKey", "deriveBits"] // Usages
+   );
+}
+
+async function importECPublicKey(keyBuffer) {
+   // 2️⃣ Import Key
+   return await crypto.subtle.importKey(
+       "raw",       // Public key format (SPKI)
+       keyBuffer,    // Key data (ArrayBuffer)
+       { 
+           name: "ECDH",  // Algorithm (Elliptic Curve Diffie-Hellman)
+           namedCurve: "P-384" // SECP384R1 curve
+       },
+       true,         // Key is extractable (can be exported)
+       []            // No key usages (public key is used for verification/derivation)
+   );
+}
 
+async function deriveECKey(privateKey, publicKey) {
+   return await crypto.subtle.deriveBits(
+      { name: "ECDH", public: publicKey },
+      privateKey,
+      384 // Output key length (384 bits for P-384)
+  )
+}
 

type/namedgroup.d.ts

@@ -93,6 +93,25 @@ export class NamedGroup extends Enum {
    * @returns {KeyShareEntry} A new KeyShareEntry instance.
    */
   keyShareEntry(): KeyShareEntry;
+
+  /**
+   * Generates or retrieves the key pair for this named group
+   * @returns {Promise<CryptoKeyPair>} The generated or cached key pair
+   */
+  keyPair(): Promise<CryptoKeyPair>;
+
+  /**
+   * Exports the public key in raw format
+   * @returns {Promise<Uint8Array>} The raw public key bytes
+   */
+  exportPublicKey(): Promise<Uint8Array>;
+
+  /**
+   * Derives a shared secret using the local private key and peer's public key
+   * @param {CryptoKey} publicKey - The peer's public key
+   * @returns {Promise<Uint8Array>} The derived shared secret
+   */
+  sharedKey(publicKey: CryptoKey): Promise<Uint8Array>;
 }
 
 /**