chatly-sdk 0.0.8 → 2.0.0

package/src/chat/ChatSession.ts

@@ -1,9 +1,11 @@
 import type { User } from "../models/user.js";
 import type { Message } from "../models/message.js";
 import type { MediaAttachment } from "../models/mediaTypes.js";
-import { deriveSharedSecret, encryptMessage, decryptMessage } from "../crypto/e2e.js";
+import { deriveSharedSecret, deriveLegacySharedSecret, encryptMessage, decryptMessage } from "../crypto/e2e.js";
 import type { KeyPair } from "../crypto/keys.js";
 import { generateUUID } from "../crypto/uuid.js";
+import type { StorageProvider } from "../storage/adapters.js";
+import { logger } from "../utils/logger.js";
 
 export class ChatSession {
   private sharedSecret: Buffer | null = null;
@@ -12,7 +14,8 @@ export class ChatSession {
   constructor(
     public readonly id: string,
     public readonly userA: User,
-    public readonly userB: User
+    public readonly userB: User,
+    private storageProvider?: StorageProvider
   ) {}
 
   /**
@@ -41,6 +44,13 @@ export class ChatSession {
       privateKey: user.privateKey,
     };
     
+    logger.debug(`[ChatSession] Initializing for user ${user.id}`, {
+      hasLocalPriv: !!user.privateKey,
+      privType: typeof user.privateKey,
+      hasRemotePub: !!otherUser.publicKey,
+      pubType: typeof otherUser.publicKey
+    });
+    
     this.sharedSecret = deriveSharedSecret(localKeyPair, otherUser.publicKey);
   }
 
@@ -88,9 +98,9 @@ export class ChatSession {
     // Encrypt the message text (could be caption)
     const { ciphertext, iv } = encryptMessage(plaintext, this.sharedSecret);
 
-    // Encrypt the media data
-    const { ciphertext: encryptedMediaData } = encryptMessage(
-      media.data,
+    // Encrypt the media data with its own IV
+    const { ciphertext: encryptedMediaData, iv: mediaIv } = encryptMessage(
+      media.data || "",
       this.sharedSecret
     );
 
@@ -98,8 +108,24 @@ export class ChatSession {
     const encryptedMedia: MediaAttachment = {
       ...media,
       data: encryptedMediaData,
+      iv: mediaIv,
     };
 
+    // If storage provider is available, upload the encrypted data
+    if (this.storageProvider) {
+      const filename = `${this.id}/${generateUUID()}-${media.metadata.filename}`;
+      const uploadResult = await this.storageProvider.upload(
+        encryptedMediaData,
+        filename,
+        media.metadata.mimeType
+      );
+      
+      encryptedMedia.storage = this.storageProvider.name as 'local' | 's3';
+      encryptedMedia.storageKey = uploadResult.storageKey;
+      encryptedMedia.url = uploadResult.url;
+      encryptedMedia.data = undefined; // Remove data from attachment if stored remotely
+    }
+
     return {
       id: generateUUID(),
       senderId,
@@ -127,7 +153,31 @@ export class ChatSession {
       throw new Error("Failed to initialize session");
     }
 
-    return decryptMessage(message.ciphertext, message.iv, this.sharedSecret);
+    try {
+      return decryptMessage(message.ciphertext, message.iv, this.sharedSecret);
+    } catch (error) {
+      // Fallback for legacy messages (before salt logic)
+      const legacySecret = this.deriveLegacySecret(user);
+      try {
+        return decryptMessage(message.ciphertext, message.iv, legacySecret);
+      } catch (innerError) {
+        throw error; // Throw original error if fallback also fails
+      }
+    }
+  }
+
+  private deriveLegacySecret(user: User): Buffer {
+    const otherUser = user.id === this.userA.id ? this.userB : this.userA;
+    logger.debug(`[ChatSession] Deriving legacy secret for user ${user.id}`, {
+      hasPriv: !!user.privateKey,
+      privType: typeof user.privateKey,
+      remotePubType: typeof otherUser.publicKey
+    });
+    const localKeyPair: KeyPair = {
+      publicKey: user.publicKey,
+      privateKey: user.privateKey,
+    };
+    return deriveLegacySharedSecret(localKeyPair, otherUser.publicKey);
   }
 
   /**
@@ -151,12 +201,38 @@ export class ChatSession {
     // Decrypt the message text
     const text = decryptMessage(message.ciphertext, message.iv, this.sharedSecret);
 
-    // Decrypt the media data
-    const decryptedMediaData = decryptMessage(
-      message.media.data,
-      message.iv,
-      this.sharedSecret
-    );
+    let encryptedMediaData = message.media.data;
+
+    // If data is missing but storageKey is present, download it
+    if (!encryptedMediaData && message.media.storageKey && this.storageProvider) {
+      encryptedMediaData = await this.storageProvider.download(message.media.storageKey);
+    }
+
+    // Decrypt the media data using its own IV
+    if (!message.media.iv && !encryptedMediaData) {
+        throw new Error("Media data or IV missing");
+    }
+
+    let decryptedMediaData: string;
+    try {
+      decryptedMediaData = decryptMessage(
+        encryptedMediaData || "",
+        message.media.iv || message.iv,
+        this.sharedSecret
+      );
+    } catch (error) {
+      // Fallback for legacy media
+      const legacySecret = this.deriveLegacySecret(user);
+      try {
+        decryptedMediaData = decryptMessage(
+          encryptedMediaData || "",
+          message.media.iv || message.iv,
+          legacySecret
+        );
+      } catch (innerError) {
+        throw error;
+      }
+    }
 
     // Create decrypted media attachment
     const decryptedMedia: MediaAttachment = {

package/src/chat/GroupSession.ts

@@ -5,11 +5,12 @@ import { deriveGroupKey } from "../crypto/group.js";
 import { encryptMessage, decryptMessage } from "../crypto/e2e.js";
 import { base64ToBuffer } from "../crypto/utils.js";
 import { generateUUID } from "../crypto/uuid.js";
+import type { StorageProvider } from "../storage/adapters.js";
 
 export class GroupSession {
   private groupKey: Buffer | null = null;
 
-  constructor(public readonly group: Group) {}
+  constructor(public readonly group: Group, private storageProvider?: StorageProvider) {}
 
   /**
    * Initialize the session by deriving the group key
@@ -63,9 +64,9 @@ export class GroupSession {
     // Encrypt the message text (could be caption)
     const { ciphertext, iv } = encryptMessage(plaintext, this.groupKey);
 
-    // Encrypt the media data
-    const { ciphertext: encryptedMediaData } = encryptMessage(
-      media.data,
+    // Encrypt the media data with its own IV
+    const { ciphertext: encryptedMediaData, iv: mediaIv } = encryptMessage(
+      media.data || "",
       this.groupKey
     );
 
@@ -73,8 +74,24 @@ export class GroupSession {
     const encryptedMedia: MediaAttachment = {
       ...media,
       data: encryptedMediaData,
+      iv: mediaIv,
     };
 
+    // If storage provider is available, upload the encrypted data
+    if (this.storageProvider) {
+      const filename = `groups/${this.group.id}/${generateUUID()}-${media.metadata.filename}`;
+      const uploadResult = await this.storageProvider.upload(
+        encryptedMediaData,
+        filename,
+        media.metadata.mimeType
+      );
+      
+      encryptedMedia.storage = this.storageProvider.name as 'local' | 's3';
+      encryptedMedia.storageKey = uploadResult.storageKey;
+      encryptedMedia.url = uploadResult.url;
+      encryptedMedia.data = undefined; // Remove data from attachment if stored remotely
+    }
+
     return {
       id: generateUUID(),
       senderId,
@@ -121,10 +138,21 @@ export class GroupSession {
     // Decrypt the message text
     const text = decryptMessage(message.ciphertext, message.iv, this.groupKey);
 
-    // Decrypt the media data
+    let encryptedMediaData = message.media.data;
+
+    // If data is missing but storageKey is present, download it
+    if (!encryptedMediaData && message.media.storageKey && this.storageProvider) {
+      encryptedMediaData = await this.storageProvider.download(message.media.storageKey);
+    }
+
+    // Decrypt the media data using its own IV
+    if (!message.media.iv && !encryptedMediaData) {
+        throw new Error("Media data or IV missing");
+    }
+
     const decryptedMediaData = decryptMessage(
-      message.media.data,
-      message.iv,
+      encryptedMediaData || "",
+      message.media.iv || message.iv, // Fallback to message IV for backward compatibility
       this.groupKey
     );
 

package/src/crypto/e2e.ts

@@ -33,6 +33,15 @@
     return derivedKey;
   }
 
+  /**
+   * Legacy secret derivation without salt (for backward compatibility)
+   */
+  export function deriveLegacySharedSecret(local: KeyPair, remotePublicKey: string): Buffer {
+    const ecdh = createECDH(SUPPORTED_CURVE);
+    ecdh.setPrivateKey(base64ToBuffer(local.privateKey));
+    return ecdh.computeSecret(base64ToBuffer(remotePublicKey));
+  }
+
   /**
    * Encrypt a message using AES-GCM
    */

package/src/crypto/utils.ts

@@ -2,6 +2,8 @@ export function bufferToBase64(buffer: Buffer): string {
   return buffer.toString("base64");
 }
 
-export function base64ToBuffer(data: string): Buffer {
+export function base64ToBuffer(data: string | Buffer): Buffer {
+  if (Buffer.isBuffer(data)) return data;
+  if (!data) return Buffer.alloc(0);
   return Buffer.from(data, "base64");
 }

package/src/index.ts

@@ -9,6 +9,7 @@ import type {
   GroupStoreAdapter,
 } from "./stores/adapters.js";
 import type { TransportAdapter } from "./transport/adapters.js";
+import type { StorageProvider } from "./storage/adapters.js";
 import { ChatSession } from "./chat/ChatSession.js";
 import { GroupSession } from "./chat/GroupSession.js";
 import { generateIdentityKeyPair } from "./crypto/keys.js";
@@ -23,6 +24,7 @@ export interface ChatSDKConfig {
   userStore: UserStoreAdapter;
   messageStore: MessageStoreAdapter;
   groupStore: GroupStoreAdapter;
+  storageProvider?: StorageProvider;
   transport?: TransportAdapter;
   logLevel?: LogLevel;
 }
@@ -213,7 +215,7 @@ export class ChatSDK extends EventEmitter {
     const sessionId = `${ids[0]}-${ids[1]}`;
     
     try {
-      const session = new ChatSession(sessionId, userA, userB);
+      const session = new ChatSession(sessionId, userA, userB, this.config.storageProvider);
       await session.initialize();
       logger.info('Chat session created', { sessionId, users: [userA.id, userB.id] });
       this.emit(EVENTS.SESSION_CREATED, session);
@@ -245,7 +247,7 @@ export class ChatSDK extends EventEmitter {
 
     try {
       await this.config.groupStore.create(group);
-      const session = new GroupSession(group);
+      const session = new GroupSession(group, this.config.storageProvider);
       await session.initialize();
       logger.info('Group created', { groupId: group.id, name: group.name, memberCount: members.length });
       this.emit(EVENTS.GROUP_CREATED, session);
@@ -272,7 +274,7 @@ export class ChatSDK extends EventEmitter {
         throw new SessionError(`Group not found: ${id}`, { groupId: id });
       }
 
-      const session = new GroupSession(group);
+      const session = new GroupSession(group, this.config.storageProvider);
       await session.initialize();
       logger.debug('Group loaded', { groupId: id });
       return session;
@@ -437,7 +439,7 @@ export class ChatSDK extends EventEmitter {
         // Create consistent session ID
         const ids = [user.id, otherUser.id].sort();
         const sessionId = `${ids[0]}-${ids[1]}`;
-        const session = new ChatSession(sessionId, user, otherUser);
+        const session = new ChatSession(sessionId, user, otherUser, this.config.storageProvider);
         await session.initializeForUser(user);
         return await session.decrypt(message, user);
       }
@@ -467,7 +469,7 @@ export class ChatSDK extends EventEmitter {
         if (!group) {
           throw new SessionError(`Group not found: ${message.groupId}`, { groupId: message.groupId });
         }
-        const session = new GroupSession(group);
+        const session = new GroupSession(group, this.config.storageProvider);
         await session.initialize();
         return await session.decryptMedia(message);
       } else {
@@ -486,7 +488,7 @@ export class ChatSDK extends EventEmitter {
         // Create consistent session ID
         const ids = [user.id, otherUser.id].sort();
         const sessionId = `${ids[0]}-${ids[1]}`;
-        const session = new ChatSession(sessionId, user, otherUser);
+        const session = new ChatSession(sessionId, user, otherUser, this.config.storageProvider);
         await session.initializeForUser(user);
         return await session.decryptMedia(message, user);
       }
@@ -671,4 +673,7 @@ export * from "./utils/errors.js";
 export * from "./utils/logger.js";
 export * from "./utils/validation.js";
 export * from "./utils/mediaUtils.js";
+export * from "./storage/adapters.js";
+export * from "./storage/localStorage.js";
+export * from "./storage/s3Storage.js";
 export * from "./constants.js";

package/src/models/mediaTypes.ts

@@ -26,8 +26,12 @@ export interface MediaMetadata {
  */
 export interface MediaAttachment {
   type: MediaType;
-  data: string; // Base64 encoded file data
+  data?: string | undefined; // Base64 encoded file data (optional if stored remotely)
+  iv?: string | undefined;   // Separate IV for media data encryption
   metadata: MediaMetadata;
+  storage?: 'local' | 's3' | undefined; // Storage provider used
+  storageKey?: string | undefined;      // Key/path in the storage provider
+  url?: string | undefined;             // Public URL if available
 }
 
 /**

package/src/storage/adapters.ts

@@ -0,0 +1,36 @@
+export interface StorageUploadResult {
+  storageKey: string;
+  url?: string;
+}
+
+export interface StorageProvider {
+  /**
+   * Name of the storage provider (e.g., 'local', 's3')
+   */
+  readonly name: string;
+
+  /**
+   * Upload data to storage
+   * @param data Base64 encoded data or Buffer
+   * @param filename Desired filename or path
+   * @param mimeType MIME type of the file
+   */
+  upload(
+    data: string | Buffer,
+    filename: string,
+    mimeType: string
+  ): Promise<StorageUploadResult>;
+
+  /**
+   * Download data from storage
+   * @param storageKey Key/path of the file in storage
+   * @returns Base64 encoded data
+   */
+  download(storageKey: string): Promise<string>;
+
+  /**
+   * Delete data from storage
+   * @param storageKey Key/path of the file in storage
+   */
+  delete(storageKey: string): Promise<void>;
+}

package/src/storage/localStorage.ts

@@ -0,0 +1,49 @@
+import { promises as fs } from 'node:fs';
+import * as path from 'node:path';
+import { StorageProvider, StorageUploadResult } from './adapters.js';
+
+export class LocalStorageProvider implements StorageProvider {
+  public readonly name = 'local';
+  private storageDir: string;
+
+  constructor(storageDir: string = './storage') {
+    this.storageDir = path.resolve(storageDir);
+    // Ensure storage directory exists
+    fs.mkdir(this.storageDir, { recursive: true }).catch(() => {});
+  }
+
+  async upload(
+    data: string | Buffer,
+    filename: string,
+    mimeType: string
+  ): Promise<StorageUploadResult> {
+    const buffer = typeof data === 'string' ? Buffer.from(data, 'base64') : data;
+    const filePath = path.join(this.storageDir, filename);
+    
+    // Ensure parent directories exist
+    await fs.mkdir(path.dirname(filePath), { recursive: true });
+    await fs.writeFile(filePath, buffer);
+
+    return {
+      storageKey: filename,
+      url: `file://${filePath}`,
+    };
+  }
+
+  async download(storageKey: string): Promise<string> {
+    const filePath = path.join(this.storageDir, storageKey);
+    const buffer = await fs.readFile(filePath);
+    return buffer.toString('base64');
+  }
+
+  async delete(storageKey: string): Promise<void> {
+    const filePath = path.join(this.storageDir, storageKey);
+    try {
+      await fs.unlink(filePath);
+    } catch (error: any) {
+      if (error.code !== 'ENOENT') {
+        throw error;
+      }
+    }
+  }
+}

package/src/storage/s3Storage.ts

@@ -0,0 +1,84 @@
+import { S3Client, PutObjectCommand, GetObjectCommand, DeleteObjectCommand } from '@aws-sdk/client-s3';
+import { StorageProvider, StorageUploadResult } from './adapters.js';
+
+export interface S3Config {
+  region: string;
+  bucket: string;
+  credentials?: {
+    accessKeyId: string;
+    secretAccessKey: string;
+  };
+  endpoint?: string;
+  forcePathStyle?: boolean;
+}
+
+export class S3StorageProvider implements StorageProvider {
+  public readonly name = 's3';
+  private client: S3Client;
+  private bucket: string;
+
+  constructor(config: S3Config) {
+    const s3Config: any = {
+      region: config.region,
+      forcePathStyle: config.forcePathStyle,
+    };
+
+    if (config.credentials) {
+      s3Config.credentials = config.credentials;
+    }
+
+    if (config.endpoint) {
+      s3Config.endpoint = config.endpoint;
+    }
+
+    this.client = new S3Client(s3Config);
+    this.bucket = config.bucket;
+  }
+
+  async upload(
+    data: string | Buffer,
+    filename: string,
+    mimeType: string
+  ): Promise<StorageUploadResult> {
+    const body = typeof data === 'string' ? Buffer.from(data, 'base64') : data;
+    
+    await this.client.send(
+      new PutObjectCommand({
+        Bucket: this.bucket,
+        Key: filename,
+        Body: body,
+        ContentType: mimeType,
+      })
+    );
+
+    return {
+      storageKey: filename,
+      url: `https://${this.bucket}.s3.amazonaws.com/${filename}`,
+    };
+  }
+
+  async download(storageKey: string): Promise<string> {
+    const response = await this.client.send(
+      new GetObjectCommand({
+        Bucket: this.bucket,
+        Key: storageKey,
+      })
+    );
+
+    if (!response.Body) {
+      throw new Error('S3 download failed: empty body');
+    }
+
+    const bytes = await response.Body.transformToByteArray();
+    return Buffer.from(bytes).toString('base64');
+  }
+
+  async delete(storageKey: string): Promise<void> {
+    await this.client.send(
+      new DeleteObjectCommand({
+        Bucket: this.bucket,
+        Key: storageKey,
+      })
+    );
+  }
+}

package/src/stores/adapters.ts

@@ -11,8 +11,10 @@ export interface UserStoreAdapter {
 
 export interface MessageStoreAdapter {
   create(message: Message): Promise<Message>;
+  findById(id: string): Promise<Message | undefined>;
   listByUser(userId: string): Promise<Message[]>;
   listByGroup(groupId: string): Promise<Message[]>;
+  delete(id: string): Promise<void>;
 }
 
 export interface GroupStoreAdapter {

package/src/stores/memory/messageStore.ts

@@ -9,6 +9,10 @@ export class InMemoryMessageStore implements MessageStoreAdapter {
     return message;
   }
 
+  async findById(id: string): Promise<Message | undefined> {
+    return this.messages.find((msg) => msg.id === id);
+  }
+
   async listByUser(userId: string): Promise<Message[]> {
     return this.messages.filter(
       (msg) => msg.senderId === userId || msg.receiverId === userId
@@ -18,4 +22,8 @@ export class InMemoryMessageStore implements MessageStoreAdapter {
   async listByGroup(groupId: string): Promise<Message[]> {
     return this.messages.filter((msg) => msg.groupId === groupId);
   }
+
+  async delete(id: string): Promise<void> {
+    this.messages = this.messages.filter((msg) => msg.id !== id);
+  }
 }

package/test/crypto.test.ts

@@ -1,5 +1,5 @@
-import { encryptMessage, decryptMessage, deriveSharedSecret } from '../src/crypto/e2e';
-import { generateIdentityKeyPair } from '../src/crypto/keys';
+import { encryptMessage, decryptMessage, deriveSharedSecret } from '../src/crypto/e2e.js';
+import { generateIdentityKeyPair } from '../src/crypto/keys.js';
 
 describe('End-to-End Encryption', () => {
   describe('Key Generation', () => {
@@ -28,10 +28,10 @@ describe('End-to-End Encryption', () => {
       const aliceKeys = generateIdentityKeyPair();
       const bobKeys = generateIdentityKeyPair();
       
-      const aliceShared = await deriveSharedSecret(aliceKeys.privateKey, bobKeys.publicKey);
-      const bobShared = await deriveSharedSecret(bobKeys.privateKey, aliceKeys.publicKey);
+      const aliceShared = await deriveSharedSecret(aliceKeys, bobKeys.publicKey);
+      const bobShared = await deriveSharedSecret(bobKeys, aliceKeys.publicKey);
       
-      expect(aliceShared).toBe(bobShared);
+      expect(aliceShared).toEqual(bobShared);
     });
 
     it('should derive different secrets for different key pairs', async () => {
@@ -39,10 +39,10 @@ describe('End-to-End Encryption', () => {
       const bobKeys = generateIdentityKeyPair();
       const charlieKeys = generateIdentityKeyPair();
       
-      const aliceBobSecret = await deriveSharedSecret(aliceKeys.privateKey, bobKeys.publicKey);
-      const aliceCharlieSecret = await deriveSharedSecret(aliceKeys.privateKey, charlieKeys.publicKey);
+      const aliceBobSecret = await deriveSharedSecret(aliceKeys, bobKeys.publicKey);
+      const aliceCharlieSecret = await deriveSharedSecret(aliceKeys, charlieKeys.publicKey);
       
-      expect(aliceBobSecret).not.toBe(aliceCharlieSecret);
+      expect(aliceBobSecret).not.toEqual(aliceCharlieSecret);
     });
   });
 
@@ -50,7 +50,7 @@ describe('End-to-End Encryption', () => {
     it('should encrypt and decrypt a message correctly', async () => {
       const aliceKeys = generateIdentityKeyPair();
       const bobKeys = generateIdentityKeyPair();
-      const sharedSecret = await deriveSharedSecret(aliceKeys.privateKey, bobKeys.publicKey);
+      const sharedSecret = await deriveSharedSecret(aliceKeys, bobKeys.publicKey);
       
       const plaintext = 'Hello, Bob!';
       const encrypted = await encryptMessage(plaintext, sharedSecret);
@@ -67,7 +67,7 @@ describe('End-to-End Encryption', () => {
     it('should produce different ciphertexts for the same plaintext', async () => {
       const aliceKeys = generateIdentityKeyPair();
       const bobKeys = generateIdentityKeyPair();
-      const sharedSecret = await deriveSharedSecret(aliceKeys.privateKey, bobKeys.publicKey);
+      const sharedSecret = await deriveSharedSecret(aliceKeys, bobKeys.publicKey);
       
       const plaintext = 'Hello, Bob!';
       const encrypted1 = await encryptMessage(plaintext, sharedSecret);
@@ -82,21 +82,21 @@ describe('End-to-End Encryption', () => {
       const bobKeys = generateIdentityKeyPair();
       const charlieKeys = generateIdentityKeyPair();
       
-      const aliceBobSecret = await deriveSharedSecret(aliceKeys.privateKey, bobKeys.publicKey);
-      const aliceCharlieSecret = await deriveSharedSecret(aliceKeys.privateKey, charlieKeys.publicKey);
+      const aliceBobSecret = await deriveSharedSecret(aliceKeys, bobKeys.publicKey);
+      const aliceCharlieSecret = await deriveSharedSecret(aliceKeys, charlieKeys.publicKey);
       
       const plaintext = 'Secret message';
       const encrypted = await encryptMessage(plaintext, aliceBobSecret);
       
-      await expect(
+      expect(() =>
         decryptMessage(encrypted.ciphertext, encrypted.iv, aliceCharlieSecret)
-      ).rejects.toThrow();
+      ).toThrow(/Unsupported state or unable to authenticate data/);
     });
 
     it('should handle empty messages', async () => {
       const aliceKeys = generateIdentityKeyPair();
       const bobKeys = generateIdentityKeyPair();
-      const sharedSecret = await deriveSharedSecret(aliceKeys.privateKey, bobKeys.publicKey);
+      const sharedSecret = await deriveSharedSecret(aliceKeys, bobKeys.publicKey);
       
       const plaintext = '';
       const encrypted = await encryptMessage(plaintext, sharedSecret);
@@ -108,7 +108,7 @@ describe('End-to-End Encryption', () => {
     it('should handle long messages', async () => {
       const aliceKeys = generateIdentityKeyPair();
       const bobKeys = generateIdentityKeyPair();
-      const sharedSecret = await deriveSharedSecret(aliceKeys.privateKey, bobKeys.publicKey);
+      const sharedSecret = await deriveSharedSecret(aliceKeys, bobKeys.publicKey);
       
       const plaintext = 'A'.repeat(10000);
       const encrypted = await encryptMessage(plaintext, sharedSecret);
@@ -120,7 +120,7 @@ describe('End-to-End Encryption', () => {
     it('should handle special characters and emojis', async () => {
       const aliceKeys = generateIdentityKeyPair();
       const bobKeys = generateIdentityKeyPair();
-      const sharedSecret = await deriveSharedSecret(aliceKeys.privateKey, bobKeys.publicKey);
+      const sharedSecret = await deriveSharedSecret(aliceKeys, bobKeys.publicKey);
       
       const plaintext = 'Hello 👋 World! 🌍 Special chars: @#$%^&*()';
       const encrypted = await encryptMessage(plaintext, sharedSecret);