@digitaldefiance/node-ecies-lib 1.1.21 → 1.1.22

package/src/services/aes-gcm.ts

@@ -0,0 +1,160 @@
+import { createCipheriv, createDecipheriv, randomBytes } from 'crypto';
+import { CipherGCMTypes } from 'crypto';
+import { IConstants } from '../interfaces/constants';
+import { getEciesPluginI18nEngine, NodeEciesComponentId, NodeEciesStringKey } from '../i18n';
+import { Constants } from '../constants';
+
+export class AESGCMService {
+  private readonly algorithmName: string;
+  private readonly mode: string;
+  private readonly keyBits: number;
+  private readonly ivSize: number;
+  private readonly keyringAlgorithmConfiguration: CipherGCMTypes;
+
+  constructor(constants: IConstants = Constants) {
+    this.algorithmName = constants.KEYRING.ALGORITHM;
+    this.mode = constants.KEYRING.MODE;
+    this.keyBits = constants.KEYRING.KEY_BITS;
+    this.ivSize = constants.WRAPPED_KEY.IV_SIZE;
+    this.keyringAlgorithmConfiguration = constants.KEYRING_ALGORITHM_CONFIGURATION;
+  }
+
+  public get ALGORITHM_NAME(): string {
+    return this.algorithmName;
+  }
+
+  public get MODE(): string {
+    return this.mode;
+  }
+
+  public get KEY_BITS(): number {
+    return this.keyBits;
+  }
+
+  /**
+   * Encrypt data using AES-GCM
+   * @param data Data to encrypt
+   * @param key Key to use for encryption (must be 16, 24 or 32 bytes for AES)
+   * @param authTag Whether to return separate auth tag
+   * @returns Encrypted data with IV and optional separate auth tag
+   */
+  public encrypt(
+    data: Buffer,
+    key: Buffer,
+    authTag: boolean = false,
+  ): { encrypted: Buffer; iv: Buffer; tag?: Buffer } {
+    const iv = randomBytes(this.ivSize);
+    const cipher = createCipheriv(this.keyringAlgorithmConfiguration, key, iv);
+    
+    const encrypted = Buffer.concat([cipher.update(data), cipher.final()]);
+    const tag = cipher.getAuthTag();
+
+    if (!authTag) {
+      const encryptedWithTag = Buffer.concat([encrypted, tag]);
+      return { encrypted: encryptedWithTag, iv: iv };
+    }
+
+    return {
+      encrypted: encrypted,
+      iv: iv,
+      tag: tag,
+    };
+  }
+
+  /**
+   * Combine encrypted data and auth tag into a single Buffer
+   * @param encryptedData The encrypted data
+   * @param authTag The authentication tag
+   * @returns The combined Buffer
+   */
+  public combineEncryptedDataAndTag(
+    encryptedData: Buffer,
+    authTag: Buffer,
+  ): Buffer {
+    return Buffer.concat([encryptedData, authTag]);
+  }
+
+  /**
+   * Combine IV and encrypted data (with optional auth tag) into a single Buffer
+   * @param iv The initialization vector
+   * @param encryptedDataWithTag The encrypted data with auth tag already appended (if applicable)
+   * @returns The combined Buffer
+   */
+  public combineIvAndEncryptedData(
+    iv: Buffer,
+    encryptedDataWithTag: Buffer,
+  ): Buffer {
+    return Buffer.concat([iv, encryptedDataWithTag]);
+  }
+
+  /**
+   * Combine IV, encrypted data and auth tag into a single Buffer
+   * @param iv The initialization vector
+   * @param encryptedData The encrypted data
+   * @param authTag The authentication tag
+   * @returns The combined Buffer
+   */
+  public combineIvTagAndEncryptedData(
+    iv: Buffer,
+    encryptedData: Buffer,
+    authTag: Buffer,
+  ): Buffer {
+    const encryptedWithTag = this.combineEncryptedDataAndTag(
+      encryptedData,
+      authTag,
+    );
+    return this.combineIvAndEncryptedData(iv, encryptedWithTag);
+  }
+
+  /**
+   * Split combined encrypted data back into its components
+   * @param combinedData The combined data containing IV, encrypted data, and optionally auth tag
+   * @param hasAuthTag Whether the combined data includes an authentication tag
+   * @returns Object containing the split components
+   */
+  public splitEncryptedData(
+    combinedData: Buffer,
+    hasAuthTag: boolean = true,
+  ): { iv: Buffer; encryptedDataWithTag: Buffer } {
+    const ivLength = this.ivSize;
+    const minLength = ivLength + (hasAuthTag ? 16 : 0);
+
+    if (combinedData.length < minLength) {
+      const pluginEngine = getEciesPluginI18nEngine();
+
+      throw new Error(
+        pluginEngine.translate(NodeEciesComponentId, NodeEciesStringKey.Error_CombinedDataTooShort),
+      );
+    }
+
+    const iv = combinedData.subarray(0, ivLength);
+    const encryptedDataWithTag = combinedData.subarray(ivLength);
+
+    return { iv, encryptedDataWithTag };
+  }
+
+  /**
+   * Decrypt data using AES-GCM
+   * @param iv The initialization vector
+   * @param encryptedData Data to decrypt (with auth tag appended)
+   * @param key Key to use for decryption (must be 16, 24 or 32 bytes for AES)
+   * @param authTag Whether the encrypted data includes an authentication tag
+   * @returns Decrypted data
+   */
+  public decrypt(
+    iv: Buffer,
+    encryptedData: Buffer,
+    key: Buffer,
+    authTag: boolean = false,
+  ): Buffer {
+    const decipher = createDecipheriv(this.keyringAlgorithmConfiguration, key, iv);
+    
+    const tagLength = 16;
+    const tag = encryptedData.subarray(-tagLength);
+    const ciphertext = encryptedData.subarray(0, -tagLength);
+    
+    decipher.setAuthTag(tag);
+
+    return Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+  }
+}

package/src/services/ecies/crypto-core.ts

@@ -0,0 +1,213 @@
+import {
+  ECIESError,
+  ECIESErrorTypeEnum,
+  IECIESConfig,
+  IECIESConstants,
+  SecureBuffer,
+  SecureString,
+} from '@digitaldefiance/ecies-lib';
+import { hdkey, Wallet } from '@ethereumjs/wallet';
+import { generateMnemonic, mnemonicToSeedSync, validateMnemonic } from 'bip39';
+import { secp256k1 } from 'ethereum-cryptography/secp256k1.js';
+import { createEciesTranslationEngine, getEciesPluginI18nEngine, NodeEciesComponentId, NodeEciesStringKey } from '../../i18n/ecies-i18n-factory';
+import { ISimpleKeyPairBuffer } from '../../interfaces/simple-keypair-buffer';
+import { IWalletSeed } from '../../interfaces/wallet-seed';
+import { Constants } from '../../constants';
+
+/**
+ * Core encryption and decryption functions for ECIES
+ * Includes coverage for simple and single modes, does not cover multiple mode which is in a separate module
+ */
+export class EciesCryptoCore {
+  protected readonly _config: IECIESConfig;
+  protected readonly _consts: IECIESConstants;
+  public get config(): IECIESConfig {
+    return this._config;
+  }
+
+  public get consts(): IECIESConstants {
+    return this._consts;
+  }
+
+  constructor(config: IECIESConfig, eciesParams: IECIESConstants = Constants.ECIES) {
+    this._config = config;
+    this._consts = eciesParams;
+  }
+
+  /**
+   * Validates and normalizes a public key for ECIES operations
+   * @param publicKey The public key to normalize
+   * @returns Properly formatted public key
+   */
+  public normalizePublicKey(publicKey: Buffer): Buffer {
+    if (!publicKey) {
+      const engine = createEciesTranslationEngine();
+      const pluginEngine = getEciesPluginI18nEngine();
+      throw new ECIESError(
+        ECIESErrorTypeEnum.InvalidEphemeralPublicKey,
+        engine,
+        undefined,
+        undefined,
+        {
+          error: pluginEngine.translate(NodeEciesComponentId, NodeEciesStringKey.Error_InvalidPublicKey),
+        },
+      );
+    }
+
+    const keyLength = publicKey.length;
+
+    // Already in correct format (65 bytes with 0x04 prefix)
+    if (
+      keyLength === this._consts.PUBLIC_KEY_LENGTH &&
+      publicKey[0] === this._consts.PUBLIC_KEY_MAGIC
+    ) {
+      return publicKey;
+    }
+
+    // Raw key without prefix (64 bytes) - add the 0x04 prefix
+    if (keyLength === this._consts.RAW_PUBLIC_KEY_LENGTH) {
+      return Buffer.concat([Buffer.from([this._consts.PUBLIC_KEY_MAGIC]), publicKey]);
+    }
+
+    const engine = createEciesTranslationEngine();
+    const pluginEngine = getEciesPluginI18nEngine();
+    // Invalid format
+    throw new ECIESError(
+      ECIESErrorTypeEnum.InvalidEphemeralPublicKey,
+      engine,
+      undefined,
+      undefined,
+      {
+        error: pluginEngine.translate(NodeEciesComponentId, NodeEciesStringKey.Error_InvalidPublicKeyFormat),
+        keyLength: String(keyLength),
+        expectedLength64: String(this._consts.RAW_PUBLIC_KEY_LENGTH),
+        expectedLength65: String(this._consts.PUBLIC_KEY_LENGTH),
+        keyPrefix: keyLength > 0 ? String(publicKey[0]) : 'N/A',
+        expectedPrefix: String(this._consts.PUBLIC_KEY_MAGIC),
+      },
+    );
+  }
+
+  /**
+   * Generate a new mnemonic
+   * @returns {SecureString} The new mnemonic
+   */
+  public generateNewMnemonic(): SecureString {
+    return new SecureString(generateMnemonic(this._config.mnemonicStrength));
+  }
+
+  /**
+   * Generate a new wallet from a seed
+   * @param seed {Buffer} The seed to generate the wallet from
+   * @returns {Wallet} The new wallet
+   */
+  public walletFromSeed(seed: Buffer): Wallet {
+    const hdWallet = hdkey.EthereumHDKey.fromMasterSeed(seed);
+    return hdWallet
+      .derivePath(this._config.primaryKeyDerivationPath)
+      .getWallet();
+  }
+
+  /**
+   * Generate a new wallet and seed from a mnemonic
+   * @param mnemonic {SecureString} The mnemonic to generate the wallet and seed from
+   * @returns {IWalletSeed} The new wallet and seed
+   */
+  public walletAndSeedFromMnemonic(mnemonic: SecureString): IWalletSeed {
+    if (!mnemonic.value || !validateMnemonic(mnemonic.value)) {
+      throw new ECIESError(
+        ECIESErrorTypeEnum.InvalidMnemonic,
+        createEciesTranslationEngine(),
+      );
+    }
+
+    const seed = mnemonicToSeedSync(mnemonic.value);
+    const wallet = this.walletFromSeed(seed);
+
+    return {
+      seed: new SecureBuffer(seed),
+      wallet,
+    };
+  }
+
+  /**
+   * Generate a new wallet and seed from a mnemonic
+   * @param wallet {Wallet} The wallet to generate the key pair from
+   * @returns {ISimpleKeyPairBuffer} The new key pair
+   */
+  public walletToSimpleKeyPairBuffer(wallet: Wallet): ISimpleKeyPairBuffer {
+    const privateKey = Buffer.from(wallet.getPrivateKey());
+    const buf04 = new Uint8Array(1);
+    buf04[0] = this._consts.PUBLIC_KEY_MAGIC;
+    const publicKey = Buffer.concat([buf04, wallet.getPublicKey()]);
+
+    return {
+      privateKey,
+      publicKey,
+    };
+  }
+
+  /**
+   * Create a simple key pair from a seed
+   * @param seed {Buffer} The seed to generate the key pair from
+   * @returns {ISimpleKeyPairBuffer} The new key pair
+   */
+  public seedToSimpleKeyPairBuffer(seed: Buffer): ISimpleKeyPairBuffer {
+    const wallet = this.walletFromSeed(seed);
+    return this.walletToSimpleKeyPairBuffer(wallet);
+  }
+
+  /**
+   * Create a simple key pair from a mnemonic
+   * @param mnemonic {SecureString} The mnemonic to generate the key pair from
+   * @returns {ISimpleKeyPairBuffer} The new key pair
+   */
+  public mnemonicToSimpleKeyPairBuffer(
+    mnemonic: SecureString,
+  ): ISimpleKeyPairBuffer {
+    const { seed } = this.walletAndSeedFromMnemonic(mnemonic);
+    return this.seedToSimpleKeyPairBuffer(Buffer.from(seed.value));
+  }
+
+  /**
+   * Generate a random private key
+   * @returns {Buffer} The new private key
+   */
+  public generatePrivateKey(): Buffer {
+    return Buffer.from(secp256k1.utils.randomPrivateKey());
+  }
+
+  /**
+   * Get public key from private key
+   * @param privateKey {Buffer} The private key
+   * @returns {Buffer} The public key
+   */
+  public getPublicKey(privateKey: Buffer): Buffer {
+    const publicKey = secp256k1.getPublicKey(privateKey, false);
+    return Buffer.from(publicKey);
+  }
+
+  /**
+   * Generate ephemeral key pair for ECIES
+   * @returns {Promise<ISimpleKeyPairBuffer>} The key pair
+   */
+  public async generateEphemeralKeyPair(): Promise<{
+    privateKey: Buffer;
+    publicKey: Buffer;
+  }> {
+    const privateKey = this.generatePrivateKey();
+    const publicKey = this.getPublicKey(privateKey);
+    return { privateKey, publicKey };
+  }
+
+  /**
+   * Compute ECDH shared secret
+   * @param privateKey {Buffer} The private key
+   * @param publicKey {Buffer} The public key
+   * @returns {Buffer} The shared secret
+   */
+  public computeSharedSecret(privateKey: Buffer, publicKey: Buffer): Buffer {
+    const sharedSecret = secp256k1.getSharedSecret(privateKey, publicKey, true);
+    return Buffer.from(sharedSecret.slice(1)); // Remove the 0x02/0x03 prefix
+  }
+}

package/src/services/ecies/file.ts

@@ -0,0 +1,174 @@
+import * as fs from 'fs';
+import { ECIESService } from './service';
+
+interface ChunkedFileHeader {
+  version: number;
+  chunkSize: number;
+  totalChunks: number;
+  originalSize: number;
+}
+
+export class EciesFileService {
+  protected readonly eciesService: ECIESService;
+  protected readonly userPrivateKey: Buffer;
+  protected readonly config: { chunkSize: number; headerSize: number };
+
+  constructor(
+    eciesService: ECIESService,
+    userPrivateKey: Buffer,
+    config: { chunkSize: number; headerSize: number } = {
+      chunkSize: 1024 * 1024, // 1MB chunks
+      headerSize: 20,
+    }
+  ) {
+    this.eciesService = eciesService;
+    this.userPrivateKey = userPrivateKey;
+    this.config = Object.freeze(config);
+  }
+
+  decryptFile(encryptedData: Buffer): Buffer {
+    const { header, chunks } = this.parseEncryptedFile(encryptedData);
+    const decryptedChunks: Buffer[] = [];
+
+    for (const chunk of chunks) {
+      const decrypted = this.eciesService.decryptSimpleOrSingleWithHeader(
+        false,
+        this.userPrivateKey,
+        chunk,
+      );
+      decryptedChunks.push(decrypted);
+    }
+
+    const result = Buffer.alloc(header.originalSize);
+    let offset = 0;
+    for (const chunk of decryptedChunks) {
+      const copyLength = Math.min(chunk.length, header.originalSize - offset);
+      chunk.copy(result, offset, 0, copyLength);
+      offset += copyLength;
+    }
+    return result;
+  }
+
+  encryptFileFromPath(filePath: string, recipientPublicKey: Buffer): Buffer {
+    const stats = fs.statSync(filePath);
+    const totalChunks = Math.ceil(stats.size / this.config.chunkSize);
+    const header: ChunkedFileHeader = {
+      version: 1,
+      chunkSize: this.config.chunkSize,
+      totalChunks,
+      originalSize: stats.size,
+    };
+
+    const headerBytes = this.serializeHeader(header);
+    const encryptedHeader = this.eciesService.encryptSimpleOrSingle(
+      false,
+      recipientPublicKey,
+      headerBytes,
+    );
+
+    const chunks: Buffer[] = [encryptedHeader];
+    const fd = fs.openSync(filePath, 'r');
+
+    try {
+      for (let i = 0; i < totalChunks; i++) {
+        const offset = i * this.config.chunkSize;
+        const chunkSize = Math.min(
+          this.config.chunkSize,
+          stats.size - offset,
+        );
+        const chunkData = Buffer.alloc(chunkSize);
+        fs.readSync(fd, chunkData, 0, chunkSize, offset);
+
+        const encryptedChunk = this.eciesService.encryptSimpleOrSingle(
+          false,
+          recipientPublicKey,
+          chunkData,
+        );
+        chunks.push(encryptedChunk);
+      }
+    } finally {
+      fs.closeSync(fd);
+    }
+
+    return Buffer.concat(chunks);
+  }
+
+  decryptFileToPath(encryptedData: Buffer, outputPath: string): void {
+    const { header, chunks } = this.parseEncryptedFile(encryptedData);
+    const fd = fs.openSync(outputPath, 'w');
+    let offset = 0;
+
+    try {
+      for (const chunk of chunks) {
+        const decrypted = this.eciesService.decryptSimpleOrSingleWithHeader(
+          false,
+          this.userPrivateKey,
+          chunk,
+        );
+        const writeLength = Math.min(
+          decrypted.length,
+          header.originalSize - offset,
+        );
+        fs.writeSync(fd, decrypted, 0, writeLength, offset);
+        offset += writeLength;
+      }
+    } finally {
+      fs.closeSync(fd);
+    }
+  }
+
+  protected serializeHeader(header: ChunkedFileHeader): Buffer {
+    const buffer = Buffer.alloc(this.config.headerSize);
+    buffer.writeUInt32BE(header.version, 0);
+    buffer.writeUInt32BE(header.chunkSize, 4);
+    buffer.writeUInt32BE(header.totalChunks, 8);
+    buffer.writeUInt32BE(header.originalSize, 12);
+    return buffer;
+  }
+
+  protected deserializeHeader(data: Buffer): ChunkedFileHeader {
+    return {
+      version: data.readUInt32BE(0),
+      chunkSize: data.readUInt32BE(4),
+      totalChunks: data.readUInt32BE(8),
+      originalSize: data.readUInt32BE(12),
+    };
+  }
+
+  protected parseEncryptedFile(encryptedData: Buffer): {
+    header: ChunkedFileHeader;
+    chunks: Buffer[];
+  } {
+    const headerLength = this.eciesService.computeEncryptedLengthFromDataLength(
+      this.config.headerSize,
+      'single',
+    );
+
+    const encryptedHeader = encryptedData.subarray(0, headerLength);
+    const decryptedHeaderBytes =
+      this.eciesService.decryptSimpleOrSingleWithHeader(
+        false,
+        this.userPrivateKey,
+        encryptedHeader,
+      );
+
+    const header = this.deserializeHeader(decryptedHeaderBytes);
+    const chunks: Buffer[] = [];
+    let offset = headerLength;
+
+    for (let i = 0; i < header.totalChunks; i++) {
+      const chunkLength =
+        this.eciesService.computeEncryptedLengthFromDataLength(
+          i === header.totalChunks - 1
+            ? header.originalSize % header.chunkSize || header.chunkSize
+            : header.chunkSize,
+          'single',
+        );
+
+      chunks.push(encryptedData.subarray(offset, offset + chunkLength));
+      offset += chunkLength;
+    }
+
+    return { header, chunks };
+  }
+}

package/{dist/services/ecies/index.d.ts → src/services/ecies/index.ts}

@@ -5,4 +5,3 @@ export * from './service';
 export * from './signature';
 export * from './single-recipient';
 export * from './utilities';
-//# sourceMappingURL=index.d.ts.map