padded encryption

src/index.ts

@@ -43,7 +43,7 @@
   }
   let res = 0;
   for (let i = 0; i < b1.length; i++) {
     res |= b1[i] ^ b2[i]; // jshint ignore:line
   }
 
   return res === 0;
@@ -76,7 +76,7 @@
 
 function getAes(op: "encrypt" | "decrypt"): AesFunctionType {
   return async function (iv: Buffer, key: Buffer, data: Buffer) {
     if (subtle && subtle[op] && subtle.importKey) {
       const importAlgorithm = {
         name: "AES-CBC",
       };
@@ -86,7 +86,7 @@
         iv,
       };
       // encrypt and decrypt ops are not implemented in react-native-quick-crypto yet.
       const result = await subtle[op](encAlgorithm, cryptoKey, data);
       return Buffer.from(new Uint8Array(result));
     } else if (op === "encrypt" && browserCrypto.createCipheriv) {
       // This is available if crypto is polyfilled in react native environment
@@ -197,7 +197,7 @@
   throw new Error("Bad signature");
 };
 
-export const derive = async function (privateKeyA: Buffer, publicKeyB: Buffer): Promise<Buffer> {
+export const derive = async function (privateKeyA: Buffer, publicKeyB: Buffer, padding?: boolean): Promise<Buffer> {
   assert(Buffer.isBuffer(privateKeyA), "Bad private key");
   assert(Buffer.isBuffer(publicKeyB), "Bad public key");
   assert(privateKeyA.length === 32, "Bad private key");
@@ -212,30 +212,25 @@
   const keyA = ec.keyFromPrivate(privateKeyA);
   const keyB = ec.keyFromPublic(publicKeyB);
   const Px = keyA.derive(keyB.getPublic()); // BN instance
+  if (padding) {
+    return Buffer.from(Px.toString(16, 64), "hex");
+  }
   return Buffer.from(Px.toArray());
 };
 
-export const deriveUnpadded = derive;
-
 export const derivePadded = async function (privateKeyA: Buffer, publicKeyB: Buffer): Promise<Buffer> {
-  assert(Buffer.isBuffer(privateKeyA), "Bad private key");
-  assert(Buffer.isBuffer(publicKeyB), "Bad public key");
-  assert(privateKeyA.length === 32, "Bad private key");
-  assert(isValidPrivateKey(privateKeyA), "Bad private key");
-  assert(publicKeyB.length === 65 || publicKeyB.length === 33, "Bad public key");
-  if (publicKeyB.length === 65) {
-    assert(publicKeyB[0] === 4, "Bad public key");
-  }
-  if (publicKeyB.length === 33) {
-    assert(publicKeyB[0] === 2 || publicKeyB[0] === 3, "Bad public key");
-  }
-  const keyA = ec.keyFromPrivate(privateKeyA);
-  const keyB = ec.keyFromPublic(publicKeyB);
-  const Px = keyA.derive(keyB.getPublic()); // BN instance
-  return Buffer.from(Px.toString(16, 64), "hex");
+  return derive(privateKeyA, publicKeyB, true);
+};
+
+export const deriveUnpadded = async function (privateKeyA: Buffer, publicKeyB: Buffer): Promise<Buffer> {
+  return derive(privateKeyA, publicKeyB, false);
 };
 
-export const encrypt = async function (publicKeyTo: Buffer, msg: Buffer, opts?: { iv?: Buffer; ephemPrivateKey?: Buffer }): Promise<Ecies> {
+export const encrypt = async function (
+  publicKeyTo: Buffer,
+  msg: Buffer,
+  opts?: { iv?: Buffer; ephemPrivateKey?: Buffer; padding?: boolean }
+): Promise<Ecies> {
   opts = opts || {};
 
   let ephemPrivateKey = opts.ephemPrivateKey || randomBytes(32);
@@ -244,7 +239,7 @@
     ephemPrivateKey = opts.ephemPrivateKey || randomBytes(32);
   }
   const ephemPublicKey = getPublic(ephemPrivateKey);
-  const Px = await deriveUnpadded(ephemPrivateKey, publicKeyTo);
+  const Px = await derive(ephemPrivateKey, publicKeyTo, opts.padding);
   const hash = await sha512(Px);
   const iv = opts.iv || randomBytes(16);
   const encryptionKey = hash.slice(0, 32);
@@ -261,16 +256,14 @@
   };
 };
 
-export const decrypt = async function (privateKey: Buffer, opts: Ecies, _padding?: boolean): Promise<Buffer> {
-  const padding = _padding ?? false;
-  const deriveLocal = padding ? derivePadded : deriveUnpadded;
-  const Px = await deriveLocal(privateKey, opts.ephemPublicKey);
+export const decrypt = async function (privateKey: Buffer, opts: Ecies, padding?: boolean): Promise<Buffer> {
+  const Px = await derive(privateKey, opts.ephemPublicKey, padding);
   const hash = await sha512(Px);
   const encryptionKey = hash.slice(0, 32);
   const macKey = hash.slice(32);
   const dataToMac = Buffer.concat([opts.iv, opts.ephemPublicKey, opts.ciphertext]);
   const macGood = await hmacSha256Verify(Buffer.from(macKey), dataToMac, opts.mac);
-  if (!macGood && padding === false) {
+  if (!macGood && !padding) {
     return decrypt(privateKey, opts, true);
   } else if (!macGood && padding === true) {
     throw new Error("bad MAC after trying padded");

test/encrypt&decrypt.spec.ts

@@ -28,6 +28,14 @@ describe("Functions: encrypt & decrypt", () => {
   });
 
   describe("encrypt", () => {
+    it("should encrypt message with encOpts undefined", async () => {
+      const enc = await eccrypto.encrypt(publicKey, Buffer.from("test"));
+      expect(enc.iv).toBeDefined();
+      expect(enc.ephemPublicKey).toBeDefined();
+      expect(enc.ciphertext).toBeDefined();
+      expect(enc.mac).toBeDefined();
+    });
+
     it("should encrypt message when let encOpts empty", async () => {
       const enc = await eccrypto.encrypt(publicKey, Buffer.from("test"), {});
       expect(enc.iv).toBeDefined();
@@ -44,6 +52,15 @@ describe("Functions: encrypt & decrypt", () => {
       expect(Buffer.compare(enc.mac, mac)).toBe(0);
     });
 
+    it("should encrypt with padding", async () => {
+      const encOptsLocal = { ...encOpts, padding: true };
+      const enc = await eccrypto.encrypt(publicKey, Buffer.from("test"), encOptsLocal);
+      expect(Buffer.compare(enc.iv, iv)).toBe(0);
+      expect(Buffer.compare(enc.ephemPublicKey, ephemPublicKey)).toBe(0);
+      expect(Buffer.compare(enc.ciphertext, ciphertext)).toBe(0);
+      expect(Buffer.compare(enc.mac, mac)).toBe(0);
+    });
+
     it("should encrypt with compressed public key", async () => {
       const enc = await eccrypto.encrypt(publicKeyCompressed, Buffer.from("test"), encOpts);
       expect(Buffer.compare(enc.iv, iv)).toBe(0);