@waku/message-encryption 0.0.4 → 0.0.6

package/dist/waku_payload.d.ts

@@ -0,0 +1,53 @@
+import { Signature } from "./index.js";
+/**
+ * Proceed with Asymmetric encryption of the data as per [26/WAKU-PAYLOAD](https://rfc.vac.dev/spec/26/).
+ * The data MUST be flags | payload-length | payload | [signature].
+ * The returned result  can be set to `WakuMessage.payload`.
+ *
+ * @internal
+ */
+export declare function encryptAsymmetric(data: Uint8Array, publicKey: Uint8Array | string): Promise<Uint8Array>;
+/**
+ * Proceed with Asymmetric decryption of the data as per [26/WAKU-PAYLOAD](https://rfc.vac.dev/spec/26/).
+ * The returned data is expected to be `flags | payload-length | payload | [signature]`.
+ *
+ * @internal
+ */
+export declare function decryptAsymmetric(payload: Uint8Array, privKey: Uint8Array): Promise<Uint8Array>;
+/**
+ * Proceed with Symmetric encryption of the data as per [26/WAKU-PAYLOAD](https://rfc.vac.dev/spec/26/).
+ *
+ * @param data The data to encrypt, expected to be `flags | payload-length | payload | [signature]`.
+ * @param key The key to use for encryption.
+ * @returns The decrypted data, `cipherText | tag | iv` and can be set to `WakuMessage.payload`.
+ *
+ * @internal
+ */
+export declare function encryptSymmetric(data: Uint8Array, key: Uint8Array | string): Promise<Uint8Array>;
+/**
+ * Proceed with Symmetric decryption of the data as per [26/WAKU-PAYLOAD](https://rfc.vac.dev/spec/26/).
+ *
+ * @param payload The cipher data, it is expected to be `cipherText | tag | iv`.
+ * @param key The key to use for decryption.
+ * @returns The decrypted data, expected to be `flags | payload-length | payload | [signature]`.
+ *
+ * @internal
+ */
+export declare function decryptSymmetric(payload: Uint8Array, key: Uint8Array | string): Promise<Uint8Array>;
+/**
+ * Prepare the payload pre-encryption.
+ *
+ * @internal
+ * @returns The encoded payload, ready for encryption using {@link encryptAsymmetric}
+ * or {@link encryptSymmetric}.
+ */
+export declare function preCipher(messagePayload: Uint8Array, sigPrivKey?: Uint8Array): Promise<Uint8Array>;
+/**
+ * Decode a decrypted payload.
+ *
+ * @internal
+ */
+export declare function postCipher(message: Uint8Array): {
+    payload: Uint8Array;
+    sig?: Signature;
+} | undefined;

package/dist/waku_payload.js

@@ -0,0 +1,178 @@
+import * as secp from "@noble/secp256k1";
+import { concat, hexToBytes } from "@waku/byte-utils";
+import { Symmetric } from "./constants.js";
+import * as ecies from "./crypto/ecies.js";
+import { keccak256, randomBytes, sign } from "./crypto/index.js";
+import * as symmetric from "./crypto/symmetric.js";
+const FlagsLength = 1;
+const FlagMask = 3; // 0011
+const IsSignedMask = 4; // 0100
+const PaddingTarget = 256;
+const SignatureLength = 65;
+function getSizeOfPayloadSizeField(message) {
+    const messageDataView = new DataView(message.buffer);
+    return messageDataView.getUint8(0) & FlagMask;
+}
+function getPayloadSize(message, sizeOfPayloadSizeField) {
+    let payloadSizeBytes = message.slice(1, 1 + sizeOfPayloadSizeField);
+    // int 32 == 4 bytes
+    if (sizeOfPayloadSizeField < 4) {
+        // If less than 4 bytes pad right (Little Endian).
+        payloadSizeBytes = concat([payloadSizeBytes, new Uint8Array(4 - sizeOfPayloadSizeField)], 4);
+    }
+    const payloadSizeDataView = new DataView(payloadSizeBytes.buffer);
+    return payloadSizeDataView.getInt32(0, true);
+}
+function isMessageSigned(message) {
+    const messageDataView = new DataView(message.buffer);
+    return (messageDataView.getUint8(0) & IsSignedMask) == IsSignedMask;
+}
+/**
+ * Proceed with Asymmetric encryption of the data as per [26/WAKU-PAYLOAD](https://rfc.vac.dev/spec/26/).
+ * The data MUST be flags | payload-length | payload | [signature].
+ * The returned result  can be set to `WakuMessage.payload`.
+ *
+ * @internal
+ */
+export async function encryptAsymmetric(data, publicKey) {
+    return ecies.encrypt(hexToBytes(publicKey), data);
+}
+/**
+ * Proceed with Asymmetric decryption of the data as per [26/WAKU-PAYLOAD](https://rfc.vac.dev/spec/26/).
+ * The returned data is expected to be `flags | payload-length | payload | [signature]`.
+ *
+ * @internal
+ */
+export async function decryptAsymmetric(payload, privKey) {
+    return ecies.decrypt(privKey, payload);
+}
+/**
+ * Proceed with Symmetric encryption of the data as per [26/WAKU-PAYLOAD](https://rfc.vac.dev/spec/26/).
+ *
+ * @param data The data to encrypt, expected to be `flags | payload-length | payload | [signature]`.
+ * @param key The key to use for encryption.
+ * @returns The decrypted data, `cipherText | tag | iv` and can be set to `WakuMessage.payload`.
+ *
+ * @internal
+ */
+export async function encryptSymmetric(data, key) {
+    const iv = symmetric.generateIv();
+    // Returns `cipher | tag`
+    const cipher = await symmetric.encrypt(iv, hexToBytes(key), data);
+    return concat([cipher, iv]);
+}
+/**
+ * Proceed with Symmetric decryption of the data as per [26/WAKU-PAYLOAD](https://rfc.vac.dev/spec/26/).
+ *
+ * @param payload The cipher data, it is expected to be `cipherText | tag | iv`.
+ * @param key The key to use for decryption.
+ * @returns The decrypted data, expected to be `flags | payload-length | payload | [signature]`.
+ *
+ * @internal
+ */
+export async function decryptSymmetric(payload, key) {
+    const ivStart = payload.length - Symmetric.ivSize;
+    const cipher = payload.slice(0, ivStart);
+    const iv = payload.slice(ivStart);
+    return symmetric.decrypt(iv, hexToBytes(key), cipher);
+}
+/**
+ * Computes the flags & auxiliary-field as per [26/WAKU-PAYLOAD](https://rfc.vac.dev/spec/26/).
+ */
+function addPayloadSizeField(msg, payload) {
+    const fieldSize = computeSizeOfPayloadSizeField(payload);
+    let field = new Uint8Array(4);
+    const fieldDataView = new DataView(field.buffer);
+    fieldDataView.setUint32(0, payload.length, true);
+    field = field.slice(0, fieldSize);
+    msg = concat([msg, field]);
+    msg[0] |= fieldSize;
+    return msg;
+}
+/**
+ * Returns the size of the auxiliary-field which in turns contains the payload size
+ */
+function computeSizeOfPayloadSizeField(payload) {
+    let s = 1;
+    for (let i = payload.length; i >= 256; i /= 256) {
+        s++;
+    }
+    return s;
+}
+function validateDataIntegrity(value, expectedSize) {
+    if (value.length !== expectedSize) {
+        return false;
+    }
+    return expectedSize <= 3 || value.findIndex((i) => i !== 0) !== -1;
+}
+function getSignature(message) {
+    return message.slice(message.length - SignatureLength, message.length);
+}
+function getHash(message, isSigned) {
+    if (isSigned) {
+        return keccak256(message.slice(0, message.length - SignatureLength));
+    }
+    return keccak256(message);
+}
+function ecRecoverPubKey(messageHash, signature) {
+    const recoveryDataView = new DataView(signature.slice(64).buffer);
+    const recovery = recoveryDataView.getUint8(0);
+    const _signature = secp.Signature.fromCompact(signature.slice(0, 64));
+    return secp.recoverPublicKey(messageHash, _signature, recovery, false);
+}
+/**
+ * Prepare the payload pre-encryption.
+ *
+ * @internal
+ * @returns The encoded payload, ready for encryption using {@link encryptAsymmetric}
+ * or {@link encryptSymmetric}.
+ */
+export async function preCipher(messagePayload, sigPrivKey) {
+    let envelope = new Uint8Array([0]); // No flags
+    envelope = addPayloadSizeField(envelope, messagePayload);
+    envelope = concat([envelope, messagePayload]);
+    // Calculate padding:
+    let rawSize = FlagsLength +
+        computeSizeOfPayloadSizeField(messagePayload) +
+        messagePayload.length;
+    if (sigPrivKey) {
+        rawSize += SignatureLength;
+    }
+    const remainder = rawSize % PaddingTarget;
+    const paddingSize = PaddingTarget - remainder;
+    const pad = randomBytes(paddingSize);
+    if (!validateDataIntegrity(pad, paddingSize)) {
+        throw new Error("failed to generate random padding of size " + paddingSize);
+    }
+    envelope = concat([envelope, pad]);
+    if (sigPrivKey) {
+        envelope[0] |= IsSignedMask;
+        const hash = keccak256(envelope);
+        const bytesSignature = await sign(hash, sigPrivKey);
+        envelope = concat([envelope, bytesSignature]);
+    }
+    return envelope;
+}
+/**
+ * Decode a decrypted payload.
+ *
+ * @internal
+ */
+export function postCipher(message) {
+    const sizeOfPayloadSizeField = getSizeOfPayloadSizeField(message);
+    if (sizeOfPayloadSizeField === 0)
+        return;
+    const payloadSize = getPayloadSize(message, sizeOfPayloadSizeField);
+    const payloadStart = 1 + sizeOfPayloadSizeField;
+    const payload = message.slice(payloadStart, payloadStart + payloadSize);
+    const isSigned = isMessageSigned(message);
+    let sig;
+    if (isSigned) {
+        const signature = getSignature(message);
+        const hash = getHash(message, isSigned);
+        const publicKey = ecRecoverPubKey(hash, signature);
+        sig = { signature, publicKey };
+    }
+    return { payload, sig };
+}
+//# sourceMappingURL=waku_payload.js.map

package/dist/waku_payload.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"waku_payload.js","sourceRoot":"","sources":["../src/waku_payload.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AACzC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAEtD,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,KAAK,KAAK,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AACjE,OAAO,KAAK,SAAS,MAAM,uBAAuB,CAAC;AAInD,MAAM,WAAW,GAAG,CAAC,CAAC;AACtB,MAAM,QAAQ,GAAG,CAAC,CAAC,CAAC,OAAO;AAC3B,MAAM,YAAY,GAAG,CAAC,CAAC,CAAC,OAAO;AAC/B,MAAM,aAAa,GAAG,GAAG,CAAC;AAC1B,MAAM,eAAe,GAAG,EAAE,CAAC;AAE3B,SAAS,yBAAyB,CAAC,OAAmB;IACpD,MAAM,eAAe,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACrD,OAAO,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC;AAChD,CAAC;AAED,SAAS,cAAc,CACrB,OAAmB,EACnB,sBAA8B;IAE9B,IAAI,gBAAgB,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,sBAAsB,CAAC,CAAC;IACpE,oBAAoB;IACpB,IAAI,sBAAsB,GAAG,CAAC,EAAE;QAC9B,kDAAkD;QAClD,gBAAgB,GAAG,MAAM,CACvB,CAAC,gBAAgB,EAAE,IAAI,UAAU,CAAC,CAAC,GAAG,sBAAsB,CAAC,CAAC,EAC9D,CAAC,CACF,CAAC;KACH;IACD,MAAM,mBAAmB,GAAG,IAAI,QAAQ,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAClE,OAAO,mBAAmB,CAAC,QAAQ,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,eAAe,CAAC,OAAmB;IAC1C,MAAM,eAAe,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACrD,OAAO,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC,IAAI,YAAY,CAAC;AACtE,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,IAAgB,EAChB,SAA8B;IAE9B,OAAO,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,CAAC;AACpD,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,OAAmB,EACnB,OAAmB;IAEnB,OAAO,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AACzC,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,IAAgB,EAChB,GAAwB;IAExB,MAAM,EAAE,GAAG,SAAS,CAAC,UAAU,EAAE,CAAC;IAElC,yBAAyB;IACzB,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,EAAE,EAAE,UAAU,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;IAClE,OAAO,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC;AAC9B,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,OAAmB,EACnB,GAAwB;IAExB,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC;IAClD,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IACzC,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAElC,OAAO,SAAS,CAAC,OAAO,CAAC,EAAE,EAAE,UAAU,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;AACxD,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,GAAe,EAAE,OAAmB;IAC/D,MAAM,SAAS,GAAG,6BAA6B,CAAC,OAAO,CAAC,CAAC;IACzD,IAAI,KAAK,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IAC9B,MAAM,aAAa,GAAG,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACjD,aAAa,CAAC,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IACjD,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;IAClC,GAAG,GAAG,MAAM,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;IAC3B,GAAG,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC;IACpB,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACH,SAAS,6BAA6B,CAAC,OAAmB;IACxD,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,KAAK,IAAI,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,IAAI,GAAG,EAAE,CAAC,IAAI,GAAG,EAAE;QAC/C,CAAC,EAAE,CAAC;KACL;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,qBAAqB,CAC5B,KAAiB,EACjB,YAAoB;IAEpB,IAAI,KAAK,CAAC,MAAM,KAAK,YAAY,EAAE;QACjC,OAAO,KAAK,CAAC;KACd;IAED,OAAO,YAAY,IAAI,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;AACrE,CAAC;AAED,SAAS,YAAY,CAAC,OAAmB;IACvC,OAAO,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,GAAG,eAAe,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;AACzE,CAAC;AAED,SAAS,OAAO,CAAC,OAAmB,EAAE,QAAiB;IACrD,IAAI,QAAQ,EAAE;QACZ,OAAO,SAAS,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,MAAM,GAAG,eAAe,CAAC,CAAC,CAAC;KACtE;IACD,OAAO,SAAS,CAAC,OAAO,CAAC,CAAC;AAC5B,CAAC;AAED,SAAS,eAAe,CACtB,WAAuB,EACvB,SAAqB;IAErB,MAAM,gBAAgB,GAAG,IAAI,QAAQ,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;IAClE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAEtE,OAAO,IAAI,CAAC,gBAAgB,CAAC,WAAW,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;AACzE,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,cAA0B,EAC1B,UAAuB;IAEvB,IAAI,QAAQ,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW;IAC/C,QAAQ,GAAG,mBAAmB,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IACzD,QAAQ,GAAG,MAAM,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC;IAE9C,qBAAqB;IACrB,IAAI,OAAO,GACT,WAAW;QACX,6BAA6B,CAAC,cAAc,CAAC;QAC7C,cAAc,CAAC,MAAM,CAAC;IAExB,IAAI,UAAU,EAAE;QACd,OAAO,IAAI,eAAe,CAAC;KAC5B;IAED,MAAM,SAAS,GAAG,OAAO,GAAG,aAAa,CAAC;IAC1C,MAAM,WAAW,GAAG,aAAa,GAAG,SAAS,CAAC;IAC9C,MAAM,GAAG,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;IAErC,IAAI,CAAC,qBAAqB,CAAC,GAAG,EAAE,WAAW,CAAC,EAAE;QAC5C,MAAM,IAAI,KAAK,CAAC,4CAA4C,GAAG,WAAW,CAAC,CAAC;KAC7E;IAED,QAAQ,GAAG,MAAM,CAAC,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC;IACnC,IAAI,UAAU,EAAE;QACd,QAAQ,CAAC,CAAC,CAAC,IAAI,YAAY,CAAC;QAC5B,MAAM,IAAI,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;QACjC,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QACpD,QAAQ,GAAG,MAAM,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC;KAC/C;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,UAAU,CACxB,OAAmB;IAEnB,MAAM,sBAAsB,GAAG,yBAAyB,CAAC,OAAO,CAAC,CAAC;IAClE,IAAI,sBAAsB,KAAK,CAAC;QAAE,OAAO;IAEzC,MAAM,WAAW,GAAG,cAAc,CAAC,OAAO,EAAE,sBAAsB,CAAC,CAAC;IACpE,MAAM,YAAY,GAAG,CAAC,GAAG,sBAAsB,CAAC;IAChD,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,YAAY,EAAE,YAAY,GAAG,WAAW,CAAC,CAAC;IAExE,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IAE1C,IAAI,GAAG,CAAC;IACR,IAAI,QAAQ,EAAE;QACZ,MAAM,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;QACxC,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QACxC,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QACnD,GAAG,GAAG,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;KAChC;IAED,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;AAC1B,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@waku/message-encryption",
-  "version": "0.0.4",
+  "version": "0.0.6",
   "description": "Waku Message Payload Encryption",
   "types": "./dist/index.d.ts",
   "module": "./dist/index.js",
@@ -8,6 +8,23 @@
     ".": {
       "types": "./dist/index.d.ts",
       "import": "./dist/index.js"
+    },
+    "./ecies": {
+      "types": "./dist/ecies.d.ts",
+      "import": "./dist/ecies.js"
+    },
+    "./symmetric": {
+      "types": "./dist/symmetric.d.ts",
+      "import": "./dist/symmetric.js"
+    }
+  },
+  "typesVersions": {
+    "*": {
+      "*": [
+        "*",
+        "dist/*",
+        "dist/*/index"
+      ]
     }
   },
   "type": "module",
@@ -70,7 +87,7 @@
     "@typescript-eslint/eslint-plugin": "^5.8.1",
     "@typescript-eslint/parser": "^5.8.1",
     "chai": "^4.3.6",
-    "cspell": "^5.14.0",
+    "cspell": "^6.17.0",
     "eslint": "^8.6.0",
     "eslint-config-prettier": "^8.3.0",
     "eslint-plugin-eslint-comments": "^3.2.0",

package/src/crypto/ecies.ts

@@ -0,0 +1,194 @@
+import * as secp from "@noble/secp256k1";
+import { concat, hexToBytes } from "@waku/byte-utils";
+
+import { getSubtle, randomBytes, sha256 } from "./index.js";
+/**
+ * HKDF as implemented in go-ethereum.
+ */
+function kdf(secret: Uint8Array, outputLength: number): Promise<Uint8Array> {
+  let ctr = 1;
+  let written = 0;
+  let willBeResult = Promise.resolve(new Uint8Array());
+  while (written < outputLength) {
+    const counters = new Uint8Array([ctr >> 24, ctr >> 16, ctr >> 8, ctr]);
+    const countersSecret = concat(
+      [counters, secret],
+      counters.length + secret.length
+    );
+    const willBeHashResult = sha256(countersSecret);
+    willBeResult = willBeResult.then((result) =>
+      willBeHashResult.then((hashResult) => {
+        const _hashResult = new Uint8Array(hashResult);
+        return concat(
+          [result, _hashResult],
+          result.length + _hashResult.length
+        );
+      })
+    );
+    written += 32;
+    ctr += 1;
+  }
+  return willBeResult;
+}
+
+function aesCtrEncrypt(
+  counter: Uint8Array,
+  key: ArrayBufferLike,
+  data: ArrayBufferLike
+): Promise<Uint8Array> {
+  return getSubtle()
+    .importKey("raw", key, "AES-CTR", false, ["encrypt"])
+    .then((cryptoKey) =>
+      getSubtle().encrypt(
+        { name: "AES-CTR", counter: counter, length: 128 },
+        cryptoKey,
+        data
+      )
+    )
+    .then((bytes) => new Uint8Array(bytes));
+}
+
+function aesCtrDecrypt(
+  counter: Uint8Array,
+  key: ArrayBufferLike,
+  data: ArrayBufferLike
+): Promise<Uint8Array> {
+  return getSubtle()
+    .importKey("raw", key, "AES-CTR", false, ["decrypt"])
+    .then((cryptoKey) =>
+      getSubtle().decrypt(
+        { name: "AES-CTR", counter: counter, length: 128 },
+        cryptoKey,
+        data
+      )
+    )
+    .then((bytes) => new Uint8Array(bytes));
+}
+
+function hmacSha256Sign(
+  key: ArrayBufferLike,
+  msg: ArrayBufferLike
+): PromiseLike<Uint8Array> {
+  const algorithm = { name: "HMAC", hash: { name: "SHA-256" } };
+  return getSubtle()
+    .importKey("raw", key, algorithm, false, ["sign"])
+    .then((cryptoKey) => getSubtle().sign(algorithm, cryptoKey, msg))
+    .then((bytes) => new Uint8Array(bytes));
+}
+
+function hmacSha256Verify(
+  key: ArrayBufferLike,
+  msg: ArrayBufferLike,
+  sig: ArrayBufferLike
+): Promise<boolean> {
+  const algorithm = { name: "HMAC", hash: { name: "SHA-256" } };
+  const _key = getSubtle().importKey("raw", key, algorithm, false, ["verify"]);
+  return _key.then((cryptoKey) =>
+    getSubtle().verify(algorithm, cryptoKey, sig, msg)
+  );
+}
+
+/**
+ * Derive shared secret for given private and public keys.
+ *
+ * @param  privateKeyA Sender's private key (32 bytes)
+ * @param  publicKeyB Recipient's public key (65 bytes)
+ * @returns  A promise that resolves with the derived shared secret (Px, 32 bytes)
+ * @throws Error If arguments are invalid
+ */
+function derive(privateKeyA: Uint8Array, publicKeyB: Uint8Array): Uint8Array {
+  if (privateKeyA.length !== 32) {
+    throw new Error(
+      `Bad private key, it should be 32 bytes but it's actually ${privateKeyA.length} bytes long`
+    );
+  } else if (publicKeyB.length !== 65) {
+    throw new Error(
+      `Bad public key, it should be 65 bytes but it's actually ${publicKeyB.length} bytes long`
+    );
+  } else if (publicKeyB[0] !== 4) {
+    throw new Error("Bad public key, a valid public key would begin with 4");
+  } else {
+    const px = secp.getSharedSecret(privateKeyA, publicKeyB, true);
+    // Remove the compression prefix
+    return new Uint8Array(hexToBytes(px).slice(1));
+  }
+}
+
+/**
+ * Encrypt message for given recipient's public key.
+ *
+ * @param  publicKeyTo Recipient's public key (65 bytes)
+ * @param  msg The message being encrypted
+ * @return A promise that resolves with the ECIES structure serialized
+ */
+export async function encrypt(
+  publicKeyTo: Uint8Array,
+  msg: Uint8Array
+): Promise<Uint8Array> {
+  const ephemPrivateKey = randomBytes(32);
+
+  const sharedPx = await derive(ephemPrivateKey, publicKeyTo);
+
+  const hash = await kdf(sharedPx, 32);
+
+  const iv = randomBytes(16);
+  const encryptionKey = hash.slice(0, 16);
+  const cipherText = await aesCtrEncrypt(iv, encryptionKey, msg);
+
+  const ivCipherText = concat([iv, cipherText], iv.length + cipherText.length);
+
+  const macKey = await sha256(hash.slice(16));
+  const hmac = await hmacSha256Sign(macKey, ivCipherText);
+  const ephemPublicKey = secp.getPublicKey(ephemPrivateKey, false);
+
+  return concat(
+    [ephemPublicKey, ivCipherText, hmac],
+    ephemPublicKey.length + ivCipherText.length + hmac.length
+  );
+}
+
+const metaLength = 1 + 64 + 16 + 32;
+
+/**
+ * Decrypt message using given private key.
+ *
+ * @param privateKey A 32-byte private key of recipient of the message
+ * @param encrypted ECIES serialized structure (result of ECIES encryption)
+ * @returns The clear text
+ * @throws Error If decryption fails
+ */
+export async function decrypt(
+  privateKey: Uint8Array,
+  encrypted: Uint8Array
+): Promise<Uint8Array> {
+  if (encrypted.length <= metaLength) {
+    throw new Error(
+      `Invalid Ciphertext. Data is too small. It should ba at least ${metaLength} bytes`
+    );
+  } else if (encrypted[0] !== 4) {
+    throw new Error(
+      `Not a valid ciphertext. It should begin with 4 but actually begin with ${encrypted[0]}`
+    );
+  } else {
+    // deserialize
+    const ephemPublicKey = encrypted.slice(0, 65);
+    const cipherTextLength = encrypted.length - metaLength;
+    const iv = encrypted.slice(65, 65 + 16);
+    const cipherAndIv = encrypted.slice(65, 65 + 16 + cipherTextLength);
+    const ciphertext = cipherAndIv.slice(16);
+    const msgMac = encrypted.slice(65 + 16 + cipherTextLength);
+
+    // check HMAC
+    const px = derive(privateKey, ephemPublicKey);
+    const hash = await kdf(px, 32);
+    const [encryptionKey, macKey] = await sha256(hash.slice(16)).then(
+      (macKey) => [hash.slice(0, 16), macKey]
+    );
+
+    if (!(await hmacSha256Verify(macKey, cipherAndIv, msgMac))) {
+      throw new Error("Incorrect MAC");
+    }
+
+    return aesCtrDecrypt(iv, encryptionKey, ciphertext);
+  }
+}

package/src/{crypto.ts → crypto/index.ts}

@@ -4,7 +4,7 @@ import * as secp from "@noble/secp256k1";
 import { concat } from "@waku/byte-utils";
 import sha3 from "js-sha3";
 
-import { Asymmetric, Symmetric } from "./constants.js";
+import { Asymmetric, Symmetric } from "../constants.js";
 
 declare const self: Record<string, any> | undefined;
 const crypto: { node?: any; web?: any } = {

package/src/crypto/symmetric.ts

@@ -0,0 +1,33 @@
+import { Symmetric } from "../constants.js";
+
+import { getSubtle, randomBytes } from "./index.js";
+
+export async function encrypt(
+  iv: Uint8Array,
+  key: Uint8Array,
+  clearText: Uint8Array
+): Promise<Uint8Array> {
+  return getSubtle()
+    .importKey("raw", key, Symmetric.algorithm, false, ["encrypt"])
+    .then((cryptoKey) =>
+      getSubtle().encrypt({ iv, ...Symmetric.algorithm }, cryptoKey, clearText)
+    )
+    .then((cipher) => new Uint8Array(cipher));
+}
+
+export async function decrypt(
+  iv: Uint8Array,
+  key: Uint8Array,
+  cipherText: Uint8Array
+): Promise<Uint8Array> {
+  return getSubtle()
+    .importKey("raw", key, Symmetric.algorithm, false, ["decrypt"])
+    .then((cryptoKey) =>
+      getSubtle().decrypt({ iv, ...Symmetric.algorithm }, cryptoKey, cipherText)
+    )
+    .then((clear) => new Uint8Array(clear));
+}
+
+export function generateIv(): Uint8Array {
+  return randomBytes(Symmetric.ivSize);
+}