- Updated sharedKey derivation using HKDF-HMAC-Sha256

- Updated test vector in unit tests
- Fixed unit tests

Author: rg911

package-lock.json

@@ -59,13 +59,14 @@
   "dependencies": {
     "bluebird": "^3.5.5",
     "catbuffer": "0.0.7",
-    "nem2-sdk-openapi-typescript-node-client": "0.7.20-beta.6",
     "crypto-js": "^3.1.9-1",
+    "futoin-hkdf": "^1.3.1",
     "js-joda": "^1.6.2",
     "js-sha256": "^0.9.0",
     "js-sha3": "^0.8.0",
     "long": "^4.0.0",
     "merkletreejs": "^0.1.7",
+    "nem2-sdk-openapi-typescript-node-client": "0.7.20-beta.6",
     "request": "^2.88.0",
     "request-promise-native": "^1.0.5",
     "ripemd160": "^2.0.2",

package.json

@@ -228,20 +228,19 @@ export class Crypto {
                              recipientPub: string,
                              msg: string,
                              iv: Uint8Array,
-                             salt: Uint8Array,
                              signSchema: SignSchema): string => {
         // Errors
-        if (!senderPriv || !recipientPub || !msg || !iv || !salt) { throw new Error('Missing argument !'); }
+        if (!senderPriv || !recipientPub || !msg || !iv) { throw new Error('Missing argument !'); }
         // Processing
         const keyPair = KeyPair.createKeyPairFromPrivateKeyString(senderPriv, signSchema);
         const pk = convert.hexToUint8(recipientPub);
-        const encKey = utility.ua2words(KeyPair.deriveSharedKey(keyPair, pk, salt, signSchema), 32);
+        const encKey = utility.ua2words(KeyPair.deriveSharedKey(keyPair, pk, signSchema), 32);
         const encIv = {
             iv: utility.ua2words(iv, 16),
         };
         const encrypted = CryptoJS.AES.encrypt(CryptoJS.enc.Hex.parse(msg), encKey, encIv);
         // Result
-        const result = convert.uint8ToHex(salt) + convert.uint8ToHex(iv) + CryptoJS.enc.Hex.stringify(encrypted.ciphertext);
+        const result = convert.uint8ToHex(iv) + CryptoJS.enc.Hex.stringify(encrypted.ciphertext);
         return result;
     }
 
@@ -264,8 +263,7 @@ export class Crypto {
         if (!senderPriv || !recipientPub || !msg) { throw new Error('Missing argument !'); }
         // Processing
         const iv = Crypto.randomBytes(16);
-        const salt = Crypto.randomBytes(32);
-        const encoded = Crypto._encode(senderPriv, recipientPub, isHexString ? msg : convert.utf8ToHex(msg), iv, salt, signSchema);
+        const encoded = Crypto._encode(senderPriv, recipientPub, isHexString ? msg : convert.utf8ToHex(msg), iv, signSchema);
         // Result
         return encoded;
     }
@@ -277,22 +275,20 @@ export class Crypto {
      * @param {string} senderPublic - A sender public key
      * @param {Uint8Array} payload - An encrypted message payload in bytes
      * @param {Uint8Array} iv - 16-byte AES initialization vector
-     * @param {Uint8Array} salt - 32-byte salt
      * @param {SignSchema} signSchema The Sign Schema. (KECCAK(NIS1) / SHA3(Catapult))
      * @return {string} - The decoded payload as hex
      */
     public static _decode = (recipientPrivate: string,
                              senderPublic: string,
                              payload: Uint8Array,
                              iv: Uint8Array,
-                             salt: Uint8Array,
                              signSchema: SignSchema): string => {
         // Error
         if (!recipientPrivate || !senderPublic || !payload) { throw new Error('Missing argument !'); }
         // Processing
         const keyPair = KeyPair.createKeyPairFromPrivateKeyString(recipientPrivate, signSchema);
         const pk = convert.hexToUint8(senderPublic);
-        const encKey = utility.ua2words(KeyPair.deriveSharedKey(keyPair, pk, salt, signSchema), 32);
+        const encKey = utility.ua2words(KeyPair.deriveSharedKey(keyPair, pk, signSchema), 32);
         const encIv = {
             iv: utility.ua2words(iv, 16),
         };
@@ -321,10 +317,9 @@ export class Crypto {
         if (!recipientPrivate || !senderPublic || !payload) { throw new Error('Missing argument !'); }
         // Processing
         const binPayload = convert.hexToUint8(payload);
-        const payloadBuffer = new Uint8Array(binPayload.buffer, 48);
-        const salt = new Uint8Array(binPayload.buffer, 0, 32);
-        const iv = new Uint8Array(binPayload.buffer, 32, 16);
-        const decoded = Crypto._decode(recipientPrivate, senderPublic, payloadBuffer, iv, salt, signSchema);
+        const payloadBuffer = new Uint8Array(binPayload.buffer, 16);
+        const iv = new Uint8Array(binPayload.buffer, 0, 16);
+        const decoded = Crypto._decode(recipientPrivate, senderPublic, payloadBuffer, iv, signSchema);
         return decoded.toUpperCase();
     }
 

src/core/crypto/Crypto.ts

@@ -70,13 +70,10 @@ export class KeyPair {
      * @param {SignSchema} signSchema The Sign Schema. (KECCAK(NIS1) / SHA3(Catapult))
      * @returns {Uint8Array} The shared key.
      */
-    public static deriveSharedKey = (keyPair, publicKey: Uint8Array, salt: Uint8Array, signSchema: SignSchema) => {
-        if (Utility.Key_Size !== salt.length) {
-            throw Error(`salt has unexpected size: ${salt.length}`);
-        }
+    public static deriveSharedKey = (keyPair, publicKey: Uint8Array, signSchema: SignSchema) => {
         if (Utility.Key_Size !== publicKey.length) {
-            throw Error(`public key has unexpected size: ${salt.length}`);
+            throw Error(`public key has unexpected size: ${publicKey.length}`);
         }
-        return Utility.catapult_crypto.deriveSharedKey(salt, keyPair.privateKey, publicKey, Utility.catapult_hash.func, signSchema);
+        return Utility.catapult_crypto.deriveSharedKey(keyPair.privateKey, publicKey, Utility.catapult_hash.func, signSchema);
     }
 }

src/core/crypto/KeyPair.ts

@@ -24,6 +24,7 @@ export const Signature_Size = 64;
 export const Half_Signature_Size = Signature_Size / 2;
 export const Hash_Size = 64;
 export const Half_Hash_Size = Hash_Size / 2;
+export const hkdf = require('futoin-hkdf');
 
 /**
  * Convert an Uint8Array to WordArray
@@ -68,7 +69,7 @@ export const catapult_hash = {
 };
 
 // custom catapult crypto functions
-export const catapult_crypto = (function() {
+export const catapult_crypto = (() => {
     function clamp(d) {
         d[0] &= 248;
         d[31] &= 127;
@@ -82,7 +83,7 @@ export const catapult_crypto = (function() {
         return d;
     }
 
-    const encodedSChecker = (function() {
+    const encodedSChecker = (() => {
         const Is_Reduced = 1;
         const Is_Zero = 2;
 
@@ -202,25 +203,21 @@ export const catapult_crypto = (function() {
             return 0 === c.crypto_verify_32(signature, 0, t, 0);
         },
 
-        deriveSharedKey: (salt, sk, pk, hashfunc, signSchema: SignSchema) => {
+        deriveSharedKey: (sk, pk, hashfunc, signSchema: SignSchema) => {
             const c = nacl;
             const d = prepareForScalarMult(sk, hashfunc, signSchema);
 
             // sharedKey = pack(p = d (derived from sk) * q (derived from pk))
             const q = [c.gf(), c.gf(), c.gf(), c.gf()];
             const p = [c.gf(), c.gf(), c.gf(), c.gf()];
-            const sharedKey = new Uint8Array(Key_Size);
+            const sharedSecret = new Uint8Array(Key_Size);
             c.unpack(q, pk);
             c.scalarmult(p, q, d);
-            c.pack(sharedKey, p);
-            // salt the shared key
-            for (let i = 0; i < Key_Size; ++i) {
-                sharedKey[i] ^= salt[i];
-            }
-            // return the hash of the result
-            const sharedKeyHash = new Uint8Array(Key_Size);
-            hashfunc(sharedKeyHash, sharedKey, Key_Size, signSchema);
-            return sharedKeyHash;
+            c.pack(sharedSecret, p);
+            const info = 'catapult';
+            const hash = 'SHA-256';
+            const sharedKey = hkdf(sharedSecret, 32, {salt: new Uint8Array(32), info, hash});
+            return sharedKey;
         },
     };
 })();

src/core/crypto/Utilities.ts

@@ -158,7 +158,7 @@ export class TransferTransaction extends Transaction {
         if (this.message.type === MessageType.PersistentHarvestingDelegationMessage) {
             if (this.mosaics.length > 0) {
                 throw new Error('PersistentDelegationRequestTransaction should be created without Mosaic');
-            } else if (!/^[0-9a-fA-F]{272}$/.test(this.message.payload)) {
+            } else if (!/^[0-9a-fA-F]{208}$/.test(this.message.payload)) {
                 throw new Error('PersistentDelegationRequestTransaction message is invalid');
             }
         }