		@@ -6,2 +6,3 @@ "use strict";
		var x25519_1 = require("./x25519");
		var keyagreement_1 = require("./keyagreement");
		var benchmark_1 = require("@stablelib/benchmark");
		@@ -12,6 +13,6 @@ var r = new Uint8Array(32);
		var seed = benchmark_1.byteSeq(32);
		var offerMsg = new x25519_1.X25519KeyAgreement(seed).offer();
		var acceptMsg = new x25519_1.X25519KeyAgreement(seed).accept(offerMsg);
		var offerMsg = new keyagreement_1.X25519KeyAgreement(seed).offer();
		var acceptMsg = new keyagreement_1.X25519KeyAgreement(seed).accept(offerMsg);
		benchmark_1.report("X25519KeyAgreement offer/finish", benchmark_1.benchmark(function () {
		var state = new x25519_1.X25519KeyAgreement(seed);
		var state = new keyagreement_1.X25519KeyAgreement(seed);
		state.offer();
		@@ -21,4 +22,4 @@ state.finish(acceptMsg);
		benchmark_1.report("X25519KeyAgreement accept", benchmark_1.benchmark(function () {
		return new x25519_1.X25519KeyAgreement(seed).accept(offerMsg);
		return new keyagreement_1.X25519KeyAgreement(seed).accept(offerMsg);
		}));
		//# sourceMappingURL=x25519.bench.js.map

lib/x25519.d.ts

		@@ -0,3 +1,5 @@
		/**
		* Package x25519 implements X25519 key agreement.
		*/
		import { RandomSource } from "@stablelib/random";
		import { KeyAgreement } from "@stablelib/keyagreement";
		export declare const PUBLIC_KEY_LENGTH = 32;
		@@ -23,4 +25,4 @@ export declare const SECRET_KEY_LENGTH = 32;
		* > Protocol designers using Diffie-Hellman over the curves defined in
		* > this document must not assume "contributory behaviour". Specially,
		* > contributory behaviour means that both parties' private keys
		* > this document must not assume "contributory behavior". Specially,
		* > contributory behavior means that both parties' private keys
		* > contribute to the resulting shared key. Since curve25519 and
		@@ -33,34 +35,5 @@ * > curve448 have cofactors of 8 and 4 (respectively), an input point of
		*
		* Important: the returned key is a raw result of scalar multiplication.
		* IMPORTANT: the returned key is a raw result of scalar multiplication.
		* To use it as a key material, hash it with a cryptographic hash function.
		*/
		export declare function sharedKey(mySecretKey: Uint8Array, theirPublicKey: Uint8Array, rejectZero?: boolean): Uint8Array;
		/** Constants for key agreement */
		export declare const OFFER_MESSAGE_LENGTH = 32;
		export declare const ACCEPT_MESSAGE_LENGTH = 32;
		export declare const SAVED_STATE_LENGTH = 32;
		export declare const SECRET_SEED_LENGTH = 32;
		/**
		* X25519 key agreement using ephemeral key pairs.
		*
		* Note that unless this key agreement is combined withan authentication
		* method, such as public key signatures, it's vulnerable to man-in-the-middle
		* attacks.
		*/
		export declare class X25519KeyAgreement implements KeyAgreement {
		readonly offerMessageLength = 32;
		readonly acceptMessageLength = 32;
		readonly sharedKeyLength = 32;
		readonly savedStateLength = 32;
		private _secretKey;
		private _sharedKey;
		private _offered;
		constructor(secretSeed?: Uint8Array, prng?: RandomSource);
		saveState(): Uint8Array;
		restoreState(savedState: Uint8Array): this;
		clean(): void;
		offer(): Uint8Array;
		accept(offerMsg: Uint8Array): Uint8Array;
		finish(acceptMsg: Uint8Array): this;
		getSharedKey(): Uint8Array;
		}

lib/x25519.js

		@@ -5,2 +5,5 @@ "use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		/**
		* Package x25519 implements X25519 key agreement.
		*/
		var random_1 = require("@stablelib/random");
		@@ -601,4 +604,4 @@ var wipe_1 = require("@stablelib/wipe");
		* > Protocol designers using Diffie-Hellman over the curves defined in
		* > this document must not assume "contributory behaviour". Specially,
		* > contributory behaviour means that both parties' private keys
		* > this document must not assume "contributory behavior". Specially,
		* > contributory behavior means that both parties' private keys
		* > contribute to the resulting shared key. Since curve25519 and
		@@ -611,3 +614,3 @@ * > curve448 have cofactors of 8 and 4 (respectively), an input point of
		*
		* Important: the returned key is a raw result of scalar multiplication.
		* IMPORTANT: the returned key is a raw result of scalar multiplication.
		* To use it as a key material, hash it with a cryptographic hash function.
		@@ -636,77 +639,2 @@ */
		exports.sharedKey = sharedKey;
		/** Constants for key agreement */
		exports.OFFER_MESSAGE_LENGTH = exports.PUBLIC_KEY_LENGTH;
		exports.ACCEPT_MESSAGE_LENGTH = exports.PUBLIC_KEY_LENGTH;
		exports.SAVED_STATE_LENGTH = exports.SECRET_KEY_LENGTH;
		exports.SECRET_SEED_LENGTH = exports.SECRET_KEY_LENGTH;
		/**
		* X25519 key agreement using ephemeral key pairs.
		*
		* Note that unless this key agreement is combined withan authentication
		* method, such as public key signatures, it's vulnerable to man-in-the-middle
		* attacks.
		*/
		var X25519KeyAgreement = /** @class */ (function () {
		function X25519KeyAgreement(secretSeed, prng) {
		this.offerMessageLength = exports.OFFER_MESSAGE_LENGTH;
		this.acceptMessageLength = exports.ACCEPT_MESSAGE_LENGTH;
		this.sharedKeyLength = exports.SHARED_KEY_LENGTH;
		this.savedStateLength = exports.SAVED_STATE_LENGTH;
		this._offered = false;
		this._secretKey = secretSeed \|\| random_1.randomBytes(exports.SECRET_KEY_LENGTH, prng);
		}
		X25519KeyAgreement.prototype.saveState = function () {
		return new Uint8Array(this._secretKey);
		};
		X25519KeyAgreement.prototype.restoreState = function (savedState) {
		this._secretKey = new Uint8Array(savedState);
		return this;
		};
		X25519KeyAgreement.prototype.clean = function () {
		if (this._secretKey) {
		wipe_1.wipe(this._secretKey);
		}
		if (this._sharedKey) {
		wipe_1.wipe(this._sharedKey);
		}
		};
		X25519KeyAgreement.prototype.offer = function () {
		this._offered = true;
		var keyPair = generateKeyPairFromSeed(this._secretKey);
		return keyPair.publicKey;
		};
		X25519KeyAgreement.prototype.accept = function (offerMsg) {
		if (this._offered) {
		throw new Error("X25519KeyAgreement: accept shouldn't be called by offering party");
		}
		if (offerMsg.length !== this.offerMessageLength) {
		throw new Error("X25519KeyAgreement: incorrect offer message length");
		}
		var keyPair = generateKeyPairFromSeed(this._secretKey);
		this._sharedKey = sharedKey(keyPair.secretKey, offerMsg);
		wipe_1.wipe(keyPair.secretKey);
		return keyPair.publicKey;
		};
		X25519KeyAgreement.prototype.finish = function (acceptMsg) {
		if (acceptMsg.length !== this.acceptMessageLength) {
		throw new Error("X25519KeyAgreement: incorrect accept message length");
		}
		if (!this._secretKey) {
		throw new Error("X25519KeyAgreement: no offer state");
		}
		if (this._sharedKey) {
		throw new Error("X25519KeyAgreement: finish was already called");
		}
		this._sharedKey = sharedKey(this._secretKey, acceptMsg);
		return this;
		};
		X25519KeyAgreement.prototype.getSharedKey = function () {
		if (!this._sharedKey) {
		throw new Error("X25519KeyAgreement: no shared key established");
		}
		return new Uint8Array(this._sharedKey);
		};
		return X25519KeyAgreement;
		}());
		exports.X25519KeyAgreement = X25519KeyAgreement;
		//# sourceMappingURL=x25519.js.map

lib/x25519.test.js

		@@ -7,2 +7,3 @@ "use strict";
		var x25519_1 = require("./x25519");
		var keyagreement_1 = require("./keyagreement");
		describe("x25519.scalarMultBase", function () {
		@@ -71,6 +72,6 @@ it("should return correct result", function () {
		for (var i = 0; i < 5; i++) {
		var server = new x25519_1.X25519KeyAgreement();
		var server = new keyagreement_1.X25519KeyAgreement();
		var offerMsg = server.offer();
		// console.log("offerMsg:", encode(offerMsg));
		var client = new x25519_1.X25519KeyAgreement();
		var client = new keyagreement_1.X25519KeyAgreement();
		var acceptMsg = client.accept(offerMsg);
		@@ -88,3 +89,3 @@ // console.log("acceptMsg:", encode(acceptMsg));
		var serverPrng = new BadSource(0);
		var server = new x25519_1.X25519KeyAgreement(undefined, serverPrng);
		var server = new keyagreement_1.X25519KeyAgreement(undefined, serverPrng);
		var offerMsg = server.offer();
		@@ -94,3 +95,3 @@ expect("offerMsg: " + hex_1.encode(offerMsg))
		var clientPrng = new BadSource(64);
		var client = new x25519_1.X25519KeyAgreement(undefined, clientPrng);
		var client = new keyagreement_1.X25519KeyAgreement(undefined, clientPrng);
		var acceptMsg = client.accept(offerMsg);
		@@ -97,0 +98,0 @@ expect("acceptMsg: " + hex_1.encode(acceptMsg))

package.json

		{
		"name": "@stablelib/x25519",
		"version": "0.7.5",
		"version": "1.0.0",
		"description": "X25519 key agreement (Curve25519)",
		@@ -18,11 +18,11 @@ "main": "./lib/x25519.js",
		"dependencies": {
		"@stablelib/keyagreement": "^0.5.1",
		"@stablelib/random": "^0.7.4",
		"@stablelib/wipe": "^0.5.0"
		"@stablelib/keyagreement": "^1.0.0",
		"@stablelib/random": "^1.0.0",
		"@stablelib/wipe": "^1.0.0"
		},
		"devDependencies": {
		"@stablelib/benchmark": "^0.5.0",
		"@stablelib/hex": "^0.5.0"
		"@stablelib/benchmark": "^1.0.0",
		"@stablelib/hex": "^1.0.0"
		},
		"gitHead": "bfc2e6b7c9c3f31c7bb3610b8a0c09d3ef3613ca"
		"gitHead": "c3b9e138650642a738a9225956c75dbe44c76ae6"
		}

x25519.bench.ts

		// Copyright (C) 2016 Dmitry Chestnykh
		// MIT License. See LICENSE file for details.

		import { scalarMultBase, X25519KeyAgreement } from "./x25519";
		import { scalarMultBase } from "./x25519";
		import { X25519KeyAgreement } from "./keyagreement";
		import { benchmark, report, byteSeq } from "@stablelib/benchmark";
		@@ -6,0 +7,0 @@

x25519.test.ts

		@@ -7,4 +7,5 @@ // Copyright (C) 2016 Dmitry Chestnykh
		import {
		scalarMultBase, sharedKey, generateKeyPair, X25519KeyAgreement
		scalarMultBase, sharedKey, generateKeyPair
		} from "./x25519";
		import { X25519KeyAgreement } from './keyagreement';

		@@ -11,0 +12,0 @@ describe("x25519.scalarMultBase", () => {

100

x25519.ts

		// Copyright (C) 2016 Dmitry Chestnykh
		// MIT License. See LICENSE file for details.

		/**
		* Package x25519 implements X25519 key agreement.
		*/

		import { randomBytes, RandomSource } from "@stablelib/random";
		import { wipe } from "@stablelib/wipe";
		import { KeyAgreement } from "@stablelib/keyagreement";

		@@ -12,3 +15,3 @@ export const PUBLIC_KEY_LENGTH = 32;

		// TODO(dchest): some functions ara copies of ../sign/ed25519.
		// TODO(dchest): some functions are copies of ../sign/ed25519.
		// Find a way to combine them without opening up to public.
		@@ -602,4 +605,4 @@
		* > Protocol designers using Diffie-Hellman over the curves defined in
		* > this document must not assume "contributory behaviour". Specially,
		* > contributory behaviour means that both parties' private keys
		* > this document must not assume "contributory behavior". Specially,
		* > contributory behavior means that both parties' private keys
		* > contribute to the resulting shared key. Since curve25519 and
		@@ -612,3 +615,3 @@ * > curve448 have cofactors of 8 and 4 (respectively), an input point of
		*
		* Important: the returned key is a raw result of scalar multiplication.
		* IMPORTANT: the returned key is a raw result of scalar multiplication.
		* To use it as a key material, hash it with a cryptographic hash function.
		@@ -638,88 +641,1 @@ */
		}


		/** Constants for key agreement */
		export const OFFER_MESSAGE_LENGTH = PUBLIC_KEY_LENGTH;
		export const ACCEPT_MESSAGE_LENGTH = PUBLIC_KEY_LENGTH;
		export const SAVED_STATE_LENGTH = SECRET_KEY_LENGTH;
		export const SECRET_SEED_LENGTH = SECRET_KEY_LENGTH;

		/**
		* X25519 key agreement using ephemeral key pairs.
		*
		* Note that unless this key agreement is combined withan authentication
		* method, such as public key signatures, it's vulnerable to man-in-the-middle
		* attacks.
		*/
		export class X25519KeyAgreement implements KeyAgreement {
		readonly offerMessageLength = OFFER_MESSAGE_LENGTH;
		readonly acceptMessageLength = ACCEPT_MESSAGE_LENGTH;
		readonly sharedKeyLength = SHARED_KEY_LENGTH;
		readonly savedStateLength = SAVED_STATE_LENGTH;

		private _secretKey: Uint8Array;
		private _sharedKey: Uint8Array \| undefined;
		private _offered = false;

		constructor(secretSeed?: Uint8Array, prng?: RandomSource) {
		this._secretKey = secretSeed \|\| randomBytes(SECRET_KEY_LENGTH, prng);
		}

		saveState(): Uint8Array {
		return new Uint8Array(this._secretKey);
		}

		restoreState(savedState: Uint8Array): this {
		this._secretKey = new Uint8Array(savedState);
		return this;
		}

		clean(): void {
		if (this._secretKey) {
		wipe(this._secretKey);
		}
		if (this._sharedKey) {
		wipe(this._sharedKey);
		}
		}

		offer(): Uint8Array {
		this._offered = true;
		const keyPair = generateKeyPairFromSeed(this._secretKey);
		return keyPair.publicKey;
		}

		accept(offerMsg: Uint8Array): Uint8Array {
		if (this._offered) {
		throw new Error("X25519KeyAgreement: accept shouldn't be called by offering party");
		}
		if (offerMsg.length !== this.offerMessageLength) {
		throw new Error("X25519KeyAgreement: incorrect offer message length");
		}
		const keyPair = generateKeyPairFromSeed(this._secretKey);
		this._sharedKey = sharedKey(keyPair.secretKey, offerMsg);
		wipe(keyPair.secretKey);
		return keyPair.publicKey;
		}

		finish(acceptMsg: Uint8Array): this {
		if (acceptMsg.length !== this.acceptMessageLength) {
		throw new Error("X25519KeyAgreement: incorrect accept message length");
		}
		if (!this._secretKey) {
		throw new Error("X25519KeyAgreement: no offer state");
		}
		if (this._sharedKey) {
		throw new Error("X25519KeyAgreement: finish was already called");
		}
		this._sharedKey = sharedKey(this._secretKey, acceptMsg);
		return this;
		}

		getSharedKey(): Uint8Array {
		if (!this._sharedKey) {
		throw new Error("X25519KeyAgreement: no shared key established");
		}
		return new Uint8Array(this._sharedKey);
		}
		}

lib/x25519.bench.js.map

Sorry, the diff of this file is not supported yet

lib/x25519.js.map

Sorry, the diff of this file is not supported yet

lib/x25519.test.js.map

Sorry, the diff of this file is not supported yet

@stablelib/x25519 - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Dependency changes