Add x25519 support (#126)

Author: kigawas

.cargo/config.toml

@@ -2,4 +2,4 @@
 runner = 'wasm-bindgen-test-runner'
 
 [env]
-RUST_TEST_THREADS = "1" # restirct concurrency
+RUST_TEST_THREADS = "1" # restrict concurrency

.cspell.jsonc

@@ -5,6 +5,7 @@
   "language": "en",
   // words - list of words to be always considered correct
   "words": [
+    "armv",
     "bindgen",
     "chacha",
     "Codacy",
@@ -17,6 +18,7 @@
     "ecies",
     "eciespy",
     "eciesrs",
+    "getrandom",
     "helloworld",
     "HKDF",
     "keypair",
@@ -45,6 +47,6 @@
     ".cspell.jsonc",
     "LICENSE",
     "package.json",
-    "yarn.lock"
+    "Cargo.lock"
   ]
 }

.github/workflows/ci.yml

@@ -55,13 +55,19 @@ jobs:
         run: cargo doc --no-deps
 
       - run: sh ./scripts/test.sh
+        env:
+          CURVE: secp256k1
+      - run: sh ./scripts/test.sh
+        env:
+          CURVE: x25519
 
-      # Pure Rust AES and XChaCha20 on WASM target
       - run: cargo install wasm-bindgen-cli || true
-      - run: cargo test --no-default-features --features pure --target=wasm32-unknown-unknown
-      - run: cargo test --no-default-features --features pure,std --target=wasm32-unknown-unknown
-      - run: cargo test --no-default-features --features xchacha20 --target=wasm32-unknown-unknown
-      - run: cargo test --no-default-features --features xchacha20,std --target=wasm32-unknown-unknown
+      - run: sh ./scripts/test-wasm.sh
+        env:
+          CURVE: secp256k1
+      - run: sh ./scripts/test-wasm.sh
+        env:
+          CURVE: x25519
 
       # Coverage
       - run: cargo llvm-cov --no-default-features --features pure --lcov --output-path .lcov.info
@@ -81,7 +87,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: dtolnay/rust-toolchain@master
         with:
-          toolchain: 1.73.0
+          toolchain: 1.73.0 # msrv
       - run: cargo generate-lockfile
       - uses: Swatinem/rust-cache@v2
       - run: cargo build

.vscode/settings.json

@@ -1,6 +1,6 @@
 {
   "rust-analyzer.cargo.features": [
-    "openssl"
+    "pure"
   ],
   "rust-analyzer.cargo.noDefaultFeatures": true,
   "rust-analyzer.procMacro.enable": true,

CHANGELOG.md

@@ -3,6 +3,7 @@
 ## 0.2.8
 
 - Bump dependencies
+- Add x25519 support
 
 ## 0.2.1 ~ 0.2.7
 

Cargo.toml

@@ -5,7 +5,7 @@ version = "0.2.8"
 authors = ["Weiliang Li <[email protected]>"]
 description = "Elliptic Curve Integrated Encryption Scheme for secp256k1"
 edition = "2021"
-keywords = ["secp256k1", "crypto", "ecc", "ecies", "cryptocurrency"]
+keywords = ["secp256k1", "x25519", "crypto", "ecc", "ecies", "cryptocurrency"]
 license = "MIT"
 readme = "README.md"
 # links
@@ -14,25 +14,27 @@ homepage = "https://ecies.org/rs/"
 repository = "https://github.com/ecies/rs"
 
 [dependencies]
-hkdf = { version = "0.12.4", default-features = false }
-sha2 = { version = "0.10.8", default-features = false }
-
 # elliptic curves
 libsecp256k1 = { version = "0.7.2", default-features = false, features = [
   "static-context",
 ] }
-# x25519-dalek = {version = "2.0.0", default-features = false, features = ["static_secrets"], optional = true}
+x25519-dalek = { version = "2.0.1", default-features = false, features = [
+  "static_secrets",
+], optional = true }
 
-# openssl aes
+# symmetric ciphers
+# aes (openssl)
 openssl = { version = "0.10.71", default-features = false, optional = true }
-
-# pure rust aes
+# aes (pure Rust)
 aes-gcm = { version = "0.10.3", default-features = false, optional = true }
 typenum = { version = "1.18.0", default-features = false, optional = true }
-
-# chacha20 cipher
+# xchacha20
 chacha20poly1305 = { version = "0.10.1", default-features = false, optional = true }
 
+# hash
+hkdf = { version = "0.12.4", default-features = false }
+sha2 = { version = "0.10.8", default-features = false }
+
 # random number generator
 getrandom = { version = "=0.2.15", default-features = false }
 rand_core = { version = "0.6.4", default-features = false, features = [
@@ -52,22 +54,26 @@ once_cell = { version = "1.21.1", default-features = false, features = ["std"] }
 wasm-bindgen = { version = "0.2.100", default-features = false }
 
 [target.'cfg(all(target_arch = "wasm32", not(target_os="unknown")))'.dependencies]
-# allows wasm32-wasi to build
+# for wasm32-wasi
 once_cell = { version = "1.21.1", default-features = false, features = ["std"] }
 
 [features]
 default = ["openssl"]
-std = ["hkdf/std", "sha2/std", "once_cell/std", "libsecp256k1/std"]
+std = ["hkdf/std", "sha2/std", "once_cell/std"]
 
-# curve
-# secp256k1 = ["libsecp256k1"]
-# x25519 = ["x25519-dalek"]
+# curves
+# no usage, TODO: make optional after 0.3.0
+secp256k1 = []            #  ["libsecp256k1"]
+x25519 = ["x25519-dalek"]
 
-# cipher
-aes-12bytes-nonce = []            # with feature "openssl" or "pure". default: 16 bytes
+# aes
 openssl = ["dep:openssl"]
 pure = ["aes-gcm/aes", "typenum"]
-xchacha20 = ["chacha20poly1305"]
+# with feature "openssl" or "pure" (aes-256-gcm)
+aes-12bytes-nonce = [] # default: 16 bytes without this
+
+# xchacha20
+xchacha20 = ["chacha20poly1305/alloc"]
 
 [dev-dependencies]
 criterion = { version = "0.5.1", default-features = false }
@@ -78,7 +84,7 @@ wasm-bindgen-test = "0.3.50"
 
 [target.'cfg(not(target_arch = "wasm32"))'.dev-dependencies]
 futures-util = "0.3.31"
-reqwest = "0.12.14"
+reqwest = "0.12.15"
 tokio = { version = "1.44.1", default-features = false, features = [
   "rt-multi-thread",
 ] }

README.md

@@ -7,9 +7,9 @@
 [![Crates](https://img.shields.io/crates/v/ecies)](https://crates.io/crates/ecies)
 [![Doc](https://docs.rs/ecies/badge.svg)](https://docs.rs/ecies/latest/ecies/)
 
-Elliptic Curve Integrated Encryption Scheme for secp256k1 in Rust, based on [pure Rust implementation](https://github.com/paritytech/libsecp256k1) of secp256k1.
+Elliptic Curve Integrated Encryption Scheme for secp256k1/x25519 in Rust, based on pure-Rust secp256k1/x25519 implementation.
 
-ECIES functionalities are built upon AES-256-GCM and HKDF-SHA256.
+ECIES functionalities are built upon AES-256-GCM/XChaCha20-Poly1305 and HKDF-SHA256.
 
 This is the Rust version of [eciespy](https://github.com/ecies/py).
 
@@ -40,6 +40,14 @@ assert_eq!(
 );
 ```
 
+## Optional x25519 Support
+
+You can choose to use x25519 (key exchange function on curve25519) instead of secp256k1:
+
+```toml
+ecies = {version = "0.2", default-features = false, features = ["x25519"]}
+```
+
 ## Optional pure Rust AES backend
 
 You can choose to use OpenSSL implementation or [pure Rust implementation](https://github.com/RustCrypto/AEADs) of AES-256-GCM:
@@ -62,11 +70,17 @@ If you select the pure Rust backend on modern x86 CPUs, consider building with
 RUSTFLAGS="-Ctarget-cpu=sandybridge -Ctarget-feature=+aes,+sse2,+sse4.1,+ssse3"
 ```
 
-to speed up AES encryption/decryption. This would be no longer necessary when [`aes-gcm` supports automatic CPU detection](https://github.com/RustCrypto/AEADs/issues/243#issuecomment-738821935).
+It can speed up AES encryption/decryption. This would be no longer necessary when [`aes-gcm` supports automatic CPU detection](https://github.com/RustCrypto/AEADs/issues/243#issuecomment-738821935).
+
+On ARM CPUs, consider building with
+
+```bash
+RUSTFLAGS="--cfg aes_armv8" # Rust 1.61+
+```
 
 ## WASM compatibility
 
-It's also possible to build to the `wasm32-unknown-unknown` target with the pure Rust backend. Check out [this repo](https://github.com/ecies/rs-wasm) for more details.
+It's also possible to build to the `wasm32-unknown-unknown` target (or `wasm32-wasip2`) with the pure Rust backend. Check out [this repo](https://github.com/ecies/rs-wasm) for more details.
 
 ## Configuration
 
@@ -82,6 +96,8 @@ You can also enable a pure Rust [XChaCha20-Poly1305](https://github.com/RustCryp
 ecies = {version = "0.2", default-features = false, features = ["xchacha20"]}
 ```
 
+### Secp256k1-specific configuration
+
 Other behaviors can be configured by global static variable:
 
 ```rust

bench/simple.rs

@@ -11,7 +11,11 @@ fn criterion_benchmark(c: &mut Criterion) {
     use ecies::{decrypt, encrypt, utils::generate_keypair};
 
     let (sk, pk) = generate_keypair();
+
+    #[cfg(not(feature = "x25519"))]
     let (sk, pk) = (&sk.serialize(), &pk.serialize());
+    #[cfg(feature = "x25519")]
+    let (sk, pk) = (sk.as_bytes(), pk.as_bytes());
 
     let big = &BIG_MSG;
     let big_encrypted = &encrypt(pk, big).unwrap();

scripts/test-wasm.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+
+# Pure Rust AES and XChaCha20 on WASM target
+cargo test --no-default-features --features $CURVE,pure --target=wasm32-unknown-unknown
+cargo test --no-default-features --features $CURVE,pure,std --target=wasm32-unknown-unknown
+cargo test --no-default-features --features $CURVE,xchacha20 --target=wasm32-unknown-unknown
+cargo test --no-default-features --features $CURVE,xchacha20,std --target=wasm32-unknown-unknown

scripts/test.sh

@@ -1,17 +1,17 @@
 #!/bin/sh
 
 # OpenSSL AES
-cargo test --no-default-features --features openssl
-cargo test --no-default-features --features openssl,std
-cargo test --no-default-features --features openssl,aes-12bytes-nonce
-cargo test --no-default-features --features openssl,std,aes-12bytes-nonce
+cargo test --no-default-features --features $CURVE,openssl
+cargo test --no-default-features --features $CURVE,openssl,std
+cargo test --no-default-features --features $CURVE,openssl,aes-12bytes-nonce
+cargo test --no-default-features --features $CURVE,openssl,std,aes-12bytes-nonce
 
 # Pure Rust AES
-cargo test --no-default-features --features pure
-cargo test --no-default-features --features pure,std
-cargo test --no-default-features --features pure,aes-12bytes-nonce
-cargo test --no-default-features --features pure,std,aes-12bytes-nonce
+cargo test --no-default-features --features $CURVE,pure
+cargo test --no-default-features --features $CURVE,pure,std
+cargo test --no-default-features --features $CURVE,pure,aes-12bytes-nonce
+cargo test --no-default-features --features $CURVE,pure,std,aes-12bytes-nonce
 
 # XChaCha20
-cargo test --no-default-features --features xchacha20
-cargo test --no-default-features --features xchacha20,std
+cargo test --no-default-features --features $CURVE,xchacha20
+cargo test --no-default-features --features $CURVE,xchacha20,std

src/config.rs

@@ -29,8 +29,13 @@ pub fn is_ephemeral_key_compressed() -> bool {
     ECIES_CONFIG.read().is_ephemeral_key_compressed
 }
 
-/// Get ephemeral key size: compressed(33) or uncompressed(65)
-// #[cfg(feature = "secp256k1")]
+/// Get hkdf key derived from compressed shared point or not
+pub fn is_hkdf_key_compressed() -> bool {
+    ECIES_CONFIG.read().is_hkdf_key_compressed
+}
+
+/// Get ephemeral key size: compressed(33) or uncompressed(65) on secp256k1 or 32 on x25519
+#[cfg(not(feature = "x25519"))]
 pub fn get_ephemeral_key_size() -> usize {
     use crate::consts::{COMPRESSED_PUBLIC_KEY_SIZE, UNCOMPRESSED_PUBLIC_KEY_SIZE};
 
@@ -41,17 +46,9 @@ pub fn get_ephemeral_key_size() -> usize {
     }
 }
 
-// #[cfg(feature = "x25519")]
-// pub fn get_ephemeral_key_size() -> usize {
-//     32
-// }
-
-// #[cfg(all(not(feature = "x25519"), not(feature = "secp256k1")))]
-// pub fn get_ephemeral_key_size() -> usize {
-//     panic!("Not implemented")
-// }
+#[cfg(feature = "x25519")]
+pub fn get_ephemeral_key_size() -> usize {
+    use crate::consts::PUBLIC_KEY_SIZE;
 
-/// Get hkdf key derived from compressed shared point or not
-pub fn is_hkdf_key_compressed() -> bool {
-    ECIES_CONFIG.read().is_hkdf_key_compressed
+    PUBLIC_KEY_SIZE
 }

src/consts.rs

@@ -1,11 +1,14 @@
 /// Compressed public key size
-// #[cfg(feature = "secp256k1")]
+#[cfg(not(feature = "x25519"))]
 pub const COMPRESSED_PUBLIC_KEY_SIZE: usize = 33;
 
 /// Uncompressed public key size
-// #[cfg(feature = "secp256k1")]
+#[cfg(not(feature = "x25519"))]
 pub const UNCOMPRESSED_PUBLIC_KEY_SIZE: usize = 65;
 
+#[cfg(feature = "x25519")]
+pub const PUBLIC_KEY_SIZE: usize = 32;
+
 /// Nonce length. AES (12/16 bytes) or XChaCha20 (24 bytes)
 #[cfg(all(not(feature = "aes-12bytes-nonce"), not(feature = "xchacha20")))]
 pub const NONCE_LENGTH: usize = 16;

src/elliptic/mod.rs

@@ -1,16 +1,16 @@
-// #[cfg(feature = "secp256k1")]
+#[cfg(not(feature = "x25519"))]
 mod secp256k1;
-// #[cfg(feature = "secp256k1")]
+#[cfg(not(feature = "x25519"))]
 pub use secp256k1::{decapsulate, encapsulate, generate_keypair, PublicKey, SecretKey};
-// #[cfg(feature = "secp256k1")]
+#[cfg(not(feature = "x25519"))]
 pub(crate) use secp256k1::{parse_pk, parse_sk, pk_to_vec, Error};
 
-// #[cfg(feature = "x25519")]
-// mod x25519;
-// #[cfg(feature = "x25519")]
-// pub use x25519::{decapsulate, encapsulate, generate_keypair, PublicKey, SecretKey};
-// #[cfg(feature = "x25519")]
-// pub(crate) use x25519::{parse_pk, parse_sk, pk_to_vec, Error};
+#[cfg(feature = "x25519")]
+mod x25519;
+#[cfg(feature = "x25519")]
+pub use x25519::{decapsulate, encapsulate, generate_keypair, PublicKey, SecretKey};
+#[cfg(feature = "x25519")]
+pub(crate) use x25519::{parse_pk, parse_sk, pk_to_vec, Error};
 
 #[cfg(test)]
 mod tests {

src/elliptic/secp256k1.rs

@@ -109,6 +109,16 @@ mod known_tests {
             decode_hex("6f982d63e8590c9d9b5b4c1959ff80315d772edd8f60287c9361d548d5200f82")
         );
     }
+
+    #[cfg(feature = "xchacha20")]
+    #[test]
+    pub fn test_known_encrypted_xchacha20() {
+        use crate::decrypt;
+
+        let sk2 = decode_hex("0000000000000000000000000000000000000000000000000000000000000002");
+        let encrypted = decode_hex("0x04e314abc14398e07974cd50221b682ed5f0629e977345fc03e2047208ee6e279ffb2a6942878d3798c968d89e59c999e082b0598d1b641968c48c8d47c570210d0ab1ade95eeca1080c45366562f9983faa423ee3fd3260757053d5843c5f453e1ee6bb955c8e5d4aee8572139357a091909357a8931b");
+        assert_eq!(decrypt(&sk2, &encrypted).unwrap(), "helloworld🌍".as_bytes());
+    }
 }
 
 #[cfg(test)]