Add x25519 support (#403)

Author: kigawas

CHANGELOG.md

@@ -3,7 +3,9 @@
 ## 0.4.5
 
 - Add homemade key pair: `ecies.keys.PrivateKey` and `ecies.keys.PublicKey`
+- Deprecate some functions in `ecies.utils`
 - Bump dependencies
+- Add x25519 support
 
 ## 0.4.4
 

README.md

@@ -19,7 +19,7 @@ Other language versions:
 - [Java](https://github.com/ecies/java)
 - [Dart](https://github.com/ecies/dart)
 
-You can also check a web backend demo [here](https://github.com/ecies/py-demo).
+You can also check a [web backend demo](https://github.com/ecies/py-demo).
 
 ## Install
 
@@ -29,6 +29,8 @@ Or `pip install 'eciespy[eth]'` to install `eth-keys` as well.
 
 ## Quick Start
 
+### Secp256k1
+
 ```python
 >>> from ecies.keys import PrivateKey
 >>> from ecies import encrypt, decrypt
@@ -39,11 +41,24 @@ Or `pip install 'eciespy[eth]'` to install `eth-keys` as well.
 >>> decrypt(sk_bytes, encrypt(pk_bytes, data)).decode()
 'hello world🌍'
 >>> sk_hex = sk.to_hex() # hex str
->>> pk_hex = sk.public_key.to_hex() # hex str
+>>> pk_hex = sk.public_key.to_hex(True) # hex str
 >>> decrypt(sk_hex, encrypt(pk_hex, data)).decode()
 'hello world🌍'
 ```
 
+### X25519
+
+```python
+>>> from ecies.keys import PrivateKey
+>>> from ecies import encrypt, decrypt
+>>> from ecies.config import ECIES_CONFIG
+>>> ECIES_CONFIG.elliptic_curve = 'x25519'
+>>> data = 'hello world🌍'.encode()
+>>> sk = PrivateKey('x25519')
+>>> decrypt(sk.secret, encrypt(sk.public_key.to_bytes(), data)).decode()
+'hello world🌍'
+```
+
 Or just use a builtin command `eciespy` in your favorite [command line](#command-line-interface).
 
 ## API
@@ -120,26 +135,31 @@ $ rm sk pk data enc_data
 Ephemeral key format in the payload and shared key in the key derivation can be configured as compressed or uncompressed format.
 
 ```py
-from .consts import COMPRESSED_PUBLIC_KEY_SIZE, UNCOMPRESSED_PUBLIC_KEY_SIZE
-
+EllipticCurve = Literal["secp256k1", "x25519"]
 SymmetricAlgorithm = Literal["aes-256-gcm", "xchacha20"]
 NonceLength = Literal[12, 16] # only for aes-256-gcm, xchacha20 will always be 24
 
 
 @dataclass()
 class Config:
+ elliptic_curve: EllipticCurve = "secp256k1"
  is_ephemeral_key_compressed: bool = False
  is_hkdf_key_compressed: bool = False
  symmetric_algorithm: SymmetricAlgorithm = "aes-256-gcm"
  symmetric_nonce_length: NonceLength = 16
 
  @property
  def ephemeral_key_size(self):
- return (
- COMPRESSED_PUBLIC_KEY_SIZE
- if self.is_ephemeral_key_compressed
- else UNCOMPRESSED_PUBLIC_KEY_SIZE
- )
+ if self.elliptic_curve == "secp256k1":
+ return (
+ COMPRESSED_PUBLIC_KEY_SIZE
+ if self.is_ephemeral_key_compressed
+ else UNCOMPRESSED_PUBLIC_KEY_SIZE
+ )
+ elif self.elliptic_curve == "x25519":
+ return CURVE25519_PUBLIC_KEY_SIZE
+ else:
+ raise NotImplementedError
 
 
 ECIES_CONFIG = Config()

ecies/config.py

@@ -1,9 +1,13 @@
 from dataclasses import dataclass
 from typing import Literal
 
-from .consts import COMPRESSED_PUBLIC_KEY_SIZE, UNCOMPRESSED_PUBLIC_KEY_SIZE
+from .consts import (
+ COMPRESSED_PUBLIC_KEY_SIZE,
+ CURVE25519_PUBLIC_KEY_SIZE,
+ UNCOMPRESSED_PUBLIC_KEY_SIZE,
+)
 
-EllipticCurve = Literal["secp256k1"]
+EllipticCurve = Literal["secp256k1", "x25519"]
 SymmetricAlgorithm = Literal["aes-256-gcm", "xchacha20"]
 NonceLength = Literal[12, 16] # only for aes-256-gcm, xchacha20 will always be 24
 
@@ -18,11 +22,16 @@ class Config:
 
  @property
  def ephemeral_key_size(self):
- return (
- COMPRESSED_PUBLIC_KEY_SIZE
- if self.is_ephemeral_key_compressed
- else UNCOMPRESSED_PUBLIC_KEY_SIZE
- )
+ if self.elliptic_curve == "secp256k1":
+ return (
+ COMPRESSED_PUBLIC_KEY_SIZE
+ if self.is_ephemeral_key_compressed
+ else UNCOMPRESSED_PUBLIC_KEY_SIZE
+ )
+ elif self.elliptic_curve == "x25519":
+ return CURVE25519_PUBLIC_KEY_SIZE
+ else:
+ raise NotImplementedError
 
 
 ECIES_CONFIG = Config()

ecies/consts.py

@@ -1,6 +1,8 @@
 # elliptic
+SECRET_KEY_SIZE = 32
 COMPRESSED_PUBLIC_KEY_SIZE = 33
 UNCOMPRESSED_PUBLIC_KEY_SIZE = 65
+CURVE25519_PUBLIC_KEY_SIZE = 32
 ETH_PUBLIC_KEY_LENGTH = 64
 
 # symmetric

ecies/keys/helper.py

@@ -1,20 +1,30 @@
 from coincurve import PublicKey
 from coincurve.utils import GROUP_ORDER_INT
+from Crypto.Protocol.DH import (
+ import_x25519_private_key,
+ import_x25519_public_key,
+ key_agreement,
+)
 from Crypto.Random import get_random_bytes
 
 from ..config import EllipticCurve
-from ..consts import ETH_PUBLIC_KEY_LENGTH
+from ..consts import ETH_PUBLIC_KEY_LENGTH, SECRET_KEY_SIZE
 
 
 def is_valid_secret(curve: EllipticCurve, secret: bytes) -> bool:
+ if len(secret) != SECRET_KEY_SIZE:
+ return False
  if curve == "secp256k1":
  return 0 < bytes_to_int(secret) < GROUP_ORDER_INT
- raise NotImplementedError
+ elif curve == "x25519":
+ return True
+ else:
+ raise NotImplementedError
 
 
 def get_valid_secret(curve: EllipticCurve) -> bytes:
  while True:
- key = get_random_bytes(32)
+ key = get_random_bytes(SECRET_KEY_SIZE)
  if is_valid_secret(curve, key):
  return key
 
@@ -24,15 +34,25 @@ def get_public_key(
 ) -> bytes:
  if curve == "secp256k1":
  return PublicKey.from_secret(secret).format(compressed)
- raise NotImplementedError
+ elif curve == "x25519":
+ return import_x25519_private_key(secret).public_key().export_key(format="raw")
+ else:
+ raise NotImplementedError
 
 
 def get_shared_point(
  curve: EllipticCurve, sk: bytes, pk: bytes, compressed: bool = False
 ) -> bytes:
  if curve == "secp256k1":
  return PublicKey(pk).multiply(sk).format(compressed)
- raise NotImplementedError
+ elif curve == "x25519":
+ return key_agreement(
+ kdf=lambda x: x,
+ static_priv=import_x25519_private_key(sk),
+ eph_pub=import_x25519_public_key(pk),
+ )
+ else:
+ raise NotImplementedError
 
 
 def convert_public_key(
@@ -41,7 +61,10 @@ def convert_public_key(
  if curve == "secp256k1":
  # handle 33/65/64 bytes
  return PublicKey(pad_eth_public_key(data)).format(compressed)
- raise NotImplementedError
+ elif curve == "x25519":
+ return import_x25519_public_key(data).export_key(format="raw")
+ else:
+ raise NotImplementedError
 
 
 # private below

ecies/keys/private.py

@@ -16,14 +16,19 @@
 
 class PrivateKey:
  def __init__(self, curve: EllipticCurve, secret: Optional[bytes] = None):
- self._curve = curve
+ self._curve: EllipticCurve = curve
  if not secret:
- self._secret = get_valid_secret(curve)
- elif is_valid_secret(curve, secret):
+ self._secret = get_valid_secret(self._curve)
+ elif is_valid_secret(self._curve, secret):
  self._secret = secret
  else:
- raise ValueError(f"Invalid {curve} secret key")
- self._public_key = PublicKey(curve, get_public_key(curve, self._secret))
+ raise ValueError(f"Invalid {self._curve} secret key")
+ self._public_key = PublicKey(
+ self._curve, get_public_key(self._curve, self._secret)
+ )
+
+ def __repr__(self):
+ return f"PrivateKey('{self._curve}', {self._secret})"
 
  def __eq__(self, value):
  return self._secret == value._secret if isinstance(value, PrivateKey) else False

ecies/keys/public.py

@@ -20,6 +20,9 @@ def __init__(self, curve: EllipticCurve, data: bytes):
  uncompressed if len(compressed) != len(uncompressed) else b""
  )
 
+ def __repr__(self):
+ return f"PublicKey('{self._curve}', {self._data})"
+
  def __eq__(self, value):
  return self._data == value._data if isinstance(value, PublicKey) else False
 
@@ -40,7 +43,9 @@ def to_bytes(self, compressed: bool = False) -> bytes:
  """
  For secp256k1, return uncompressed public key (65 bytes) by default
  """
- return self._data if compressed else self._data_uncompressed
+ if not compressed and self._data_uncompressed:
+ return self._data_uncompressed
+ return self._data
 
  def decapsulate(self, sk: PrivateKey, compressed: bool = False) -> bytes:
  sender_point = self.to_bytes(compressed)

ecies/utils/elliptic.py

@@ -7,7 +7,7 @@
 from .hex import decode_hex
 
 
-@deprecated("Use `ecies.keys.PrivateKey` or `coincurve.PrivateKey` instead")
+@deprecated("Use `ecies.keys.PrivateKey` instead")
 def generate_key() -> PrivateKey:
  """
  Generate a random coincurve.PrivateKey`

ecies/utils/eth.py

@@ -18,7 +18,7 @@ def generate_eth_key():
  An ethereum flavored secp256k1 key
 
  """
- from eth_keys import keys
+ from eth_keys import keys # type:ignore
 
  return keys.PrivateKey(get_valid_secret())
 

ecies/utils/hash.py

@@ -11,6 +11,6 @@ def sha256(data: bytes) -> bytes:
 
 
 def derive_key(master: bytes, salt: bytes = b"") -> bytes:
- # for aes256 and xchacha20
+ # 32 bytes for aes256 and xchacha20
  derived = HKDF(master, 32, salt, SHA256, num_keys=1)
  return derived # type: ignore