dajiaji / hpke-js Goto Github PK

https://datatracker.ietf.org/doc/draft-westerbaan-cfrg-hpke-xyber768d00/

When compiling this library with https://github.com/vercel/ncc

I get this error when trying to invoke methods

Error: Cannot find module './src/errors.js'

Reproduction can be found here:

• https://github.com/transmute-industries/jose-hpke/blob/main/package.json#L21

• https://github.com/transmute-industries/jose-hpke/blob/main/package.json#L22

Seems like it could be related to tsconfig, es modules or the vercel compiler...

We have been using hpke-js in our library. We found the hpke-js library is big in size.
Do you have some numbers for the size of the JS module?

It might be nice to expose the HKDFs as utilities, so that libraries taking dependencies on suites defined in the module, can import the HKDFs they want to use directly from the same module... this would for example, help with https://datatracker.ietf.org/doc/draft-housley-lamps-cms-cek-hkdf-sha256/

in the case that a content encryption key needed to be generated for a suite that already used sha256

I am trying to export/serialize the public key with the following code:

import { Aes256Gcm, CipherSuite, HkdfSha512 } from "@hpke/core";
import { DhkemX448HkdfSha512 } from "@hpke/dhkem-x448";


async function doHpke() {
  const suite = new CipherSuite({
    kem: new DhkemX448HkdfSha512(),
    kdf: new HkdfSha512(),
    aead: new Aes256Gcm(),
  });
  const kemContext = await suite.kemContext();

  // A recipient generates a key pair.
  const rkp = await suite.kem.generateKeyPair();

  const rawPubKey = await kemContext.serializePublicKey(rkp.publicKey);

  console.log(rawPubKey)

  // A sender encrypts a message with the recipient public key.
  const sender = await suite.createSenderContext({
    recipientPublicKey: rkp.publicKey,
  });

  const ct = await sender.seal(new TextEncoder().encode("Hello world!"));

I get the following error:
TypeError: suite.kemContext is not a function

Is there something I've overlooked?

Thank you

Hi folks! Thanks for a really useful implementation.

I recently wrote a brief specification for HPKE using DHKEM over secp256k1, for which IANA has allocated the codepoint 0x0016. (I am sorry to report that the code point 0x0013 used in this project's experimental implementation was already allocated to a different DHKEM variant, as you can see from the link above.)

It would be great if this project could update its experimental DHKEM-over-secp256k1 implementation to use this codepoint! I'm happy to submit a pull request---please let me know if/how I can be helpful.

It's sometimes necessary to encode and decode KEM public keys for transmission over the wire. There seems to be an API for doing this on the KemInterface, but I don't see an obvious way to invoke that. If it's not already done, would it make sense to expose these APIs for use?

This happens when you try to run the examples in the readme directly with jest.

I tried creating jest.config.js, but it did not resolve the issue.

with:

module.exports = {
  testEnvironment: 'node',
};

This is likely not a problem with your library, but rather with how jest handles node modules / es modules by default.

  "dependencies": {
    "hpke-js": "^0.13.0"
  },
  "devDependencies": {
    "jest": "^29.1.2"
  }

Work around... don't use jest.

Great work so far on this implementation! What's your plan for X25519 KEM and Chacha20poly1305 encryption since support seems to be spotty in browser for these algorithms?

I'm looking to use this implementation to play around with Oblivious DNS over HTTPS, but the implementation I'm trying to interoperate with only supports the following crypto primitives (KEM: X25519HkdfSha256, KDF: HkdfSha256, AEAD: AesGcm128). Should I plan on these cryptographic primitives being limited to only certain JS environments or do you have an idea in mind of how to get them supported in every major environment (particularly concerned about browser env right now)?

_sync:2 Uncaught Error: Cannot find module './src/cipherSuite.js'
    at webpackEmptyContext (_sync:2:10)
    at eval (mod.js:30:28)
    at eval (mod.js:17:17)
    at eval (mod.js:26:3)
    at ./node_modules/hpke-js/script/mod.js (main.js:372:1)
    at __webpack_require__ (main.js:726:42)
    at eval (app.js:40:17)
    at ./app.js (main.js:19:1)
    at __webpack_require__ (main.js:726:42)
    at eval (index.js:2:62)

This error occurs when bundling with web pack, a typescript application, that included hpke-js.

I created a PoC here: #301

Anyone has used browserify with this hpke-js library for loading into a Chrome browser extension V3? @dajiaji
I'm running into a problem where I can't import {CipherSuite, KemId, KdfId, etc.} into a browser extension's background.js getting an error that the module does not provide an export named "CipherSuite, ..etc"

Previously hpke-js allows to create reverse direction context.
After v1.00, this feature is dropped.
However, so far (v1.2.3), there isn't a way to construct a new hpke context using exported key, nonce, etc.

Basically what want to do:

1. derive new key, nonce, and exporter secret with SenderContext's exportersecret (this is doable via SenderContext.export
2. construct a recipient context with the exported key and nonce.

The step 2 does not seem to be supported by V1.2.3

I am wondering if we can expose APIs from Ciphersuite to make this possible?
E.g., add a new function called constructRecipientContext(key, base_nonce, seq, exporter_secret) and its variant for SenderContext: constructSenderContext(key, base_nonce, seq, exporter_secret) to CiphersuiteNative

I'd like to bring HPKE to web3 ecosystem. The curve secp256k1 is native on ethereum.

There's some existing js implementation of curve secp256k1 like secp256k1.
I believe that this curve is capable of KEM in HPKE.

I'm asking for your opinion of adding support of secp256k1. Then I can start to work and submit a pr to this repo.

to activate dependabot.

The hpke-js on npm depends on deprecated noble/curves.
Could you please publish a new version on npm?

The new library is up to 1.64x faster than your current one.

Some protocols that build on top of HPKE, such as Oblivious HTTP, use the KDF and AEAD interfaces associated with a HPKE suite for various things. In the specific case of OHTTP, the KDF and AEAD interfaces are used to encapsulate HTTP responses (pseudocode copied from the draft):

secret = context.Export("message/bhttp response", Nk)
response_nonce = random(max(Nn, Nk))
salt = concat(enc, response_nonce)
prk = Extract(salt, secret)
aead_key = Expand(prk, "key", Nk)
aead_nonce = Expand(prk, "nonce", Nn)
ct = Seal(aead_key, aead_nonce, "", response)
enc_response = concat(response_nonce, ct)

I don't see an obvious was to get access to these interfaces through the things that hpke-js exposes. One could certainly reimplement the KDF and AEAD interfaces on top of WebCrypto, but it seems a lot less error prone if this library allowed the caller to just use the already-implemented functions directly.

@dajiaji, what do you think about exposing these? For context, I'm trying to implement a Javascript version of OHTTP, and this is the last bit that's required.