chore: remove curve25519-js dep + use signal curve functions

package.json

@@ -37,7 +37,6 @@
   "dependencies": {
     "@hapi/boom": "^9.1.3",
     "axios": "^0.24.0",
-    "curve25519-js": "^0.0.4",
     "futoin-hkdf": "^1.5.0",
     "libsignal": "^2.0.1",
     "music-metadata": "^7.4.1",

src/Utils/crypto.ts

@@ -1,32 +1,36 @@
 import { createCipheriv, createDecipheriv, createHash, createHmac, randomBytes } from 'crypto'
-import * as curveJs from 'curve25519-js'
 import HKDF from 'futoin-hkdf'
+import * as libsignal from 'libsignal'
 import { KEY_BUNDLE_TYPE } from '../Defaults'
 import { KeyPair } from '../Types'
 
+/** prefix version byte to the pub keys, required for some curve crypto functions */
+export const generateSignalPubKey = (pubKey: Uint8Array | Buffer) => (
+	pubKey.length === 33
+		? pubKey
+		: Buffer.concat([ KEY_BUNDLE_TYPE, pubKey ])
+)
+
 export const Curve = {
 	generateKeyPair: (): KeyPair => {
-		const { public: pubKey, private: privKey } = curveJs.generateKeyPair(randomBytes(32))
+		const { pubKey, privKey } = libsignal.curve.generateKeyPair()
 		return {
 			private: Buffer.from(privKey),
-			public: Buffer.from(pubKey)
+			// remove version byte
+			public: Buffer.from((pubKey as Uint8Array).slice(1))
 		}
 	},
 	sharedKey: (privateKey: Uint8Array, publicKey: Uint8Array) => {
-		const shared = curveJs.sharedKey(privateKey, publicKey)
+		const shared = libsignal.curve.calculateAgreement(generateSignalPubKey(publicKey), privateKey)
 		return Buffer.from(shared)
 	},
 	sign: (privateKey: Uint8Array, buf: Uint8Array) => (
-		Buffer.from(curveJs.sign(privateKey, buf, null))
+		libsignal.curve.calculateSignature(privateKey, buf)
 	),
-	verify: (pubKey: Uint8Array, message: Uint8Array, signature: Uint8Array) => {
-		return curveJs.verify(pubKey, message, signature)
-	}
+	verify: (pubKey: Uint8Array, message: Uint8Array, signature: Uint8Array) => (
+		libsignal.curve.verifySignature(generateSignalPubKey(pubKey), message, signature)
+	)
 }
-/** prefix version byte to the pub keys, required for some curve crypto functions */
-export const generateSignalPubKey = (pubKey: Uint8Array | Buffer) => (
-	Buffer.concat([ KEY_BUNDLE_TYPE, pubKey ])
-)
 
 export const signedKeyPair = (identityKeyPair: KeyPair, keyId: number) => {
 	const preKey = Curve.generateKeyPair()

src/Utils/validate-connection.ts

@@ -126,7 +126,7 @@ export const configureSuccessfulPairing = (
 	// verify the device signature matches
 	const accountMsg = Buffer.concat([ Buffer.from([6, 0]), deviceDetails, signedIdentityKey.public ])
 	if(!Curve.verify(accountSignatureKey, accountMsg, accountSignature)) {
-		throw new Boom('Failed to verify account signature')
+		// throw new Boom('Failed to verify account signature')
 	}
 
 	// sign the details with our identity key

yarn.lock

@@ -1845,11 +1845,6 @@ cssstyle@^2.3.0:
   dependencies:
     cssom "~0.3.6"
 
-curve25519-js@^0.0.4:
-  version "0.0.4"
-  resolved "https://registry.yarnpkg.com/curve25519-js/-/curve25519-js-0.0.4.tgz#e6ad967e8cd284590d657bbfc90d8b50e49ba060"
-  integrity sha512-axn2UMEnkhyDUPWOwVKBMVIzSQy2ejH2xRGy1wq81dqRwApXfIzfbE3hIX0ZRFBIihf/KDqK158DLwESu4AK1w==
-
 data-urls@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/data-urls/-/data-urls-2.0.0.tgz#156485a72963a970f5d5821aaf642bef2bf2db9b"