From 75352abcacbd9dca234fdf6eb434bca1d7322b32 Mon Sep 17 00:00:00 2001 From: Franck Royer Date: Mon, 30 Aug 2021 20:41:18 +1000 Subject: [PATCH] Promote dedicated symmetric key generation API Using the private key API for symmetric key is confusing. --- CHANGELOG.md | 1 + README.md | 4 ++-- guides/encrypt-messages-version-1.md | 4 ++-- src/index.ts | 6 +++++- src/lib/waku_message/index.spec.ts | 8 ++++++-- src/lib/waku_message/symmetric/browser.ts | 6 +----- src/lib/waku_message/symmetric/index.ts | 4 ---- src/lib/waku_message/symmetric/node.ts | 6 +----- src/lib/waku_message/version_1.ts | 19 +++++++++++++------ src/lib/waku_store/index.spec.ts | 8 ++++++-- 10 files changed, 37 insertions(+), 29 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d87a9b9682..e3f12b8a2d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed - **Breaking**: Moved `startTime` and `endTime` for history queries to a `timeFilter` property as both or neither must be passed; passing only one parameter is not supported. +- Renamed and promote the usage of `generateSymmetricKey()` to generate random symmetric keys. ### Fixed - Buffer concat error when using symmetric encryption in the browser. diff --git a/README.md b/README.md index 30dddbd372..9e2463d4ee 100644 --- a/README.md +++ b/README.md @@ -138,14 +138,14 @@ A quick note on the cryptographic libraries used as it is a not a straightforwar Asymmetric private keys and symmetric keys are expected to be 32 bytes arrays. ```ts -import { generatePrivateKey, getPublicKey } from 'js-waku'; +import { generatePrivateKey, generateSymmetricKey, getPublicKey } from 'js-waku'; // Asymmetric const privateKey = generatePrivateKey(); const publicKey = getPublicKey(privateKey); // Symmetric -const symKey = generatePrivateKey(); +const symKey = generateSymmetricKey(); ``` #### Encrypt Waku Messages diff --git a/guides/encrypt-messages-version-1.md b/guides/encrypt-messages-version-1.md index 01a5edf289..8f00634aea 100644 --- a/guides/encrypt-messages-version-1.md +++ b/guides/encrypt-messages-version-1.md @@ -62,9 +62,9 @@ To use symmetric encryption, you first need to generate a key. You can simply use `generatePrivateKey` for secure key generation: ```js -import { generatePrivateKey } from 'js-waku'; +import { generateSymmetricKey } from 'js-waku'; -const key = generatePrivateKey(); +const key = generateSymmetricKey(); ``` ### Encrypt Message diff --git a/src/index.ts b/src/index.ts index ac71817bdf..69c667b160 100644 --- a/src/index.ts +++ b/src/index.ts @@ -6,7 +6,11 @@ export { Waku, DefaultPubSubTopic } from './lib/waku'; export { WakuMessage } from './lib/waku_message'; -export { generatePrivateKey, getPublicKey } from './lib/waku_message/version_1'; +export { + generatePrivateKey, + generateSymmetricKey, + getPublicKey, +} from './lib/waku_message/version_1'; export { WakuLightPush, diff --git a/src/lib/waku_message/index.spec.ts b/src/lib/waku_message/index.spec.ts index 7cb6a6ae79..9795c045e7 100644 --- a/src/lib/waku_message/index.spec.ts +++ b/src/lib/waku_message/index.spec.ts @@ -14,7 +14,11 @@ import { delay } from '../delay'; import { hexToBuf } from '../utils'; import { Waku } from '../waku'; -import { generatePrivateKey, getPublicKey } from './version_1'; +import { + generatePrivateKey, + generateSymmetricKey, + getPublicKey, +} from './version_1'; import { WakuMessage } from './index'; @@ -122,7 +126,7 @@ describe('Waku Message: Node only', function () { payload: Buffer.from(messageText, 'utf-8').toString('hex'), }; - const symKey = generatePrivateKey(); + const symKey = generateSymmetricKey(); waku.relay.addDecryptionKey(symKey); diff --git a/src/lib/waku_message/symmetric/browser.ts b/src/lib/waku_message/symmetric/browser.ts index 4f092f74da..bb1dd3222a 100644 --- a/src/lib/waku_message/symmetric/browser.ts +++ b/src/lib/waku_message/symmetric/browser.ts @@ -1,4 +1,4 @@ -import { IvSize, SymmetricKeySize } from './index'; +import { IvSize } from './index'; declare global { interface Window { @@ -44,10 +44,6 @@ export async function decrypt( .then(Buffer.from); } -export function generateKeyForSymmetricEnc(): Buffer { - return crypto.getRandomValues(Buffer.alloc(SymmetricKeySize)); -} - export function generateIv(): Uint8Array { const iv = new Uint8Array(IvSize); crypto.getRandomValues(iv); diff --git a/src/lib/waku_message/symmetric/index.ts b/src/lib/waku_message/symmetric/index.ts index 76a0b2faa1..58a69acd93 100644 --- a/src/lib/waku_message/symmetric/index.ts +++ b/src/lib/waku_message/symmetric/index.ts @@ -15,10 +15,6 @@ export interface Symmetric { * Proceed with symmetric decryption of `cipherText` value. */ decrypt: (iv: Buffer, key: Buffer, cipherText: Buffer) => Promise; - /** - * Generate a new private key for Symmetric encryption purposes. - */ - generateKeyForSymmetricEnc: () => Buffer; /** * Generate an Initialization Vector (iv) for for Symmetric encryption purposes. */ diff --git a/src/lib/waku_message/symmetric/node.ts b/src/lib/waku_message/symmetric/node.ts index 2ea07f4b5b..8ad95a0cf2 100644 --- a/src/lib/waku_message/symmetric/node.ts +++ b/src/lib/waku_message/symmetric/node.ts @@ -1,6 +1,6 @@ import { createCipheriv, createDecipheriv, randomBytes } from 'crypto'; -import { IvSize, SymmetricKeySize, TagSize } from './index'; +import { IvSize, TagSize } from './index'; const Algorithm = 'aes-256-gcm'; @@ -31,10 +31,6 @@ export async function decrypt( return Buffer.concat([a, b]); } -export function generateKeyForSymmetricEnc(): Buffer { - return randomBytes(SymmetricKeySize); -} - export function generateIv(): Buffer { return randomBytes(IvSize); } diff --git a/src/lib/waku_message/version_1.ts b/src/lib/waku_message/version_1.ts index 95fa2922b5..5795d87bce 100644 --- a/src/lib/waku_message/version_1.ts +++ b/src/lib/waku_message/version_1.ts @@ -7,7 +7,7 @@ import * as secp256k1 from 'secp256k1'; import { hexToBuf } from '../utils'; -import { IvSize, symmetric } from './symmetric'; +import { IvSize, symmetric, SymmetricKeySize } from './symmetric'; const FlagsLength = 1; const FlagMask = 3; // 0011 @@ -15,6 +15,8 @@ const IsSignedMask = 4; // 0100 const PaddingTarget = 256; const SignatureLength = 65; +export const PrivateKeySize = 32; + /** * Encode the payload pre-encryption. * @@ -172,14 +174,19 @@ export async function decryptSymmetric( } /** - * Generate a new key. Can be used as a private key for Asymmetric encryption - * or a key for symmetric encryption. + * Generate a new private key to be used for asymmetric encryption. * - * If using Asymmetric encryption, use {@link getPublicKey} to get the - * corresponding Public Key. + * Use {@link getPublicKey} to get the corresponding Public Key. */ export function generatePrivateKey(): Uint8Array { - return randomBytes(32); + return randomBytes(PrivateKeySize); +} + +/** + * Generate a new symmetric key to be used for symmetric encryption. + */ +export function generateSymmetricKey(): Uint8Array { + return randomBytes(SymmetricKeySize); } /** diff --git a/src/lib/waku_store/index.spec.ts b/src/lib/waku_store/index.spec.ts index 03fab4b0cc..0424de60ce 100644 --- a/src/lib/waku_store/index.spec.ts +++ b/src/lib/waku_store/index.spec.ts @@ -13,7 +13,11 @@ import { import { delay } from '../delay'; import { Waku } from '../waku'; import { WakuMessage } from '../waku_message'; -import { generatePrivateKey, getPublicKey } from '../waku_message/version_1'; +import { + generatePrivateKey, + generateSymmetricKey, + getPublicKey, +} from '../waku_message/version_1'; import { Direction } from './history_rpc'; @@ -160,7 +164,7 @@ describe('Waku Store', () => { 'This message is not for and I must not be able to read it'; const privateKey = generatePrivateKey(); - const symKey = generatePrivateKey(); + const symKey = generateSymmetricKey(); const publicKey = getPublicKey(privateKey); const [