From da4f74b60c6439149d765f576ddb2a93f9cdc5cf Mon Sep 17 00:00:00 2001
From: Sam Hadow <sam.hadow@inbox.lv>
Date: Wed, 19 Feb 2025 20:48:16 +0100
Subject: [PATCH] nobleCurves, serve file for cryptography in the browser

---
 .gitignore              |  2 ++
 Makefile                |  6 +++-
 babel.config.js         | 12 ++++++-
 package.json            |  1 +
 src/app.js              |  2 ++
 src/controllers/main.js | 54 +++++++++++++++----------------
 src/public/ecdh.js      | 10 +++---
 src/routes/root.js      | 70 ++++++++++++++++++++---------------------
 src/views/index.pug     |  3 +-
 tests/ecdh.test.js      | 16 ----------
 10 files changed, 90 insertions(+), 86 deletions(-)
 delete mode 100644 tests/ecdh.test.js

diff --git a/.gitignore b/.gitignore
index 24b41a7..a9676ba 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,5 @@
 # node.js
 node_modules/
 package-lock.json
+# nobleCurves
+src/public/noble-curves.*
diff --git a/Makefile b/Makefile
index 12a05c1..8cb5c11 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,5 @@
 
-run: test clean build
+run: ./src/public/noble-curves.js test clean build
 	podman pod create --name=e2ee -p 3333:3333
 	podman run -d --pod=e2ee -e POSTGRES_PASSWORD="password" -e POSTGRES_DB="e2ee" -e POSTGRES_USER="e2ee" -e POSTGRES_INITDB_ARGS="--encoding=UTF-8 --lc-collate=C --lc-ctype=C" --name=e2ee-db docker.io/library/postgres:15
 	podman run -d --pod=e2ee -e POSTGRES_PASSWORD="password" -e POSTGRES_DB="e2ee" -e POSTGRES_USER="e2ee" -e SHARED_SECRET="toto" --name=e2ee-app e2ee-messaging-service:latest
@@ -9,3 +9,7 @@ test:
 	npm test
 clean:
 	podman pod rm -f e2ee
+./src/public/noble-curves.js:
+	$(eval URL := $(shell wget -q -O - https://api.github.com/repos/paulmillr/noble-curves/releases/latest | jq -r '.assets[] | select(.name | contains("noble-curves.js")) | .browser_download_url'))
+	wget -O ./src/public/noble-curves.js $(URL)
+
diff --git a/babel.config.js b/babel.config.js
index 9ea84ed..98b2149 100644
--- a/babel.config.js
+++ b/babel.config.js
@@ -1 +1,11 @@
-module.exports = {presets: ['@babel/preset-env']}
+module.exports = {
+  presets: [
+    ['@babel/preset-env', {
+      targets: { node: 'current' },
+      modules: 'auto'
+    }]
+  ],
+    plugins: [
+    '@babel/plugin-syntax-bigint',
+  ]
+};
diff --git a/package.json b/package.json
index 4cfd64d..ea2e806 100644
--- a/package.json
+++ b/package.json
@@ -21,6 +21,7 @@
     "socket.io-client": "^4.8.1"
   },
   "devDependencies": {
+    "@babel/plugin-syntax-bigint": "^7.8.3",
     "@babel/preset-env": "^7.26.8",
     "jest": "^29.7.0"
   }
diff --git a/src/app.js b/src/app.js
index ac249b3..3f81188 100644
--- a/src/app.js
+++ b/src/app.js
@@ -35,6 +35,8 @@ app.use(sessionMiddleware);
 app.use("/", routes);
 // bootstrap
 app.use('/css', express.static(__dirname + '/node_modules/bootstrap/dist/css'));
+// scripts
+app.use('/', express.static(__dirname + '/public'));
 
 // socket.io
 io.engine.use(sessionMiddleware);
diff --git a/src/controllers/main.js b/src/controllers/main.js
index 8d97ff5..3999002 100644
--- a/src/controllers/main.js
+++ b/src/controllers/main.js
@@ -7,33 +7,33 @@ const mainController = {
         let isLoggedIn = typeof pubKey !== 'undefined';
         res.render('index', {isLoggedIn, pubKey});
     },
-    style: (req, res) => {
-        res.sendFile(path.resolve(__dirname + '/../public/style.css'));
-    },
-    script: (req, res) => {
-        res.sendFile(path.resolve(__dirname + '/../public/script.js'));
-    },
-    ecc: (req, res) => {
-        res.sendFile(path.resolve(__dirname + '/../public/ecc.js'));
-    },
-    ecdh: (req, res) => {
-        res.sendFile(path.resolve(__dirname + '/../public/ecdh.js'));
-    },
-    popups: (req, res) => {
-        res.sendFile(path.resolve(__dirname + '/../public/popups.js'));
-    },
-    chat : (req, res) => {
-        res.sendFile(path.resolve(__dirname + '/../public/chat.js'));
-    },
-    register : (req, res) => {
-        res.sendFile(path.resolve(__dirname + '/../public/register.js'));
-    },
-    pubkey : (req, res) => {
-        res.sendFile(path.resolve(__dirname + '/../public/pubkey.js'));
-    },
-    registertext : (req, res) => {
-        res.sendFile(path.resolve(__dirname + '/../public/registertext.js'));
-    }
+    // style: (req, res) => {
+    //     res.sendFile(path.resolve(__dirname + '/../public/style.css'));
+    // },
+    // script: (req, res) => {
+    //     res.sendFile(path.resolve(__dirname + '/../public/script.js'));
+    // },
+    // ecc: (req, res) => {
+    //     res.sendFile(path.resolve(__dirname + '/../public/ecc.js'));
+    // },
+    // ecdh: (req, res) => {
+    //     res.sendFile(path.resolve(__dirname + '/../public/ecdh.js'));
+    // },
+    // popups: (req, res) => {
+    //     res.sendFile(path.resolve(__dirname + '/../public/popups.js'));
+    // },
+    // chat : (req, res) => {
+    //     res.sendFile(path.resolve(__dirname + '/../public/chat.js'));
+    // },
+    // register : (req, res) => {
+    //     res.sendFile(path.resolve(__dirname + '/../public/register.js'));
+    // },
+    // pubkey : (req, res) => {
+    //     res.sendFile(path.resolve(__dirname + '/../public/pubkey.js'));
+    // },
+    // registertext : (req, res) => {
+    //     res.sendFile(path.resolve(__dirname + '/../public/registertext.js'));
+    // }
 };
 
 module.exports = mainController;
diff --git a/src/public/ecdh.js b/src/public/ecdh.js
index ab0d9b7..85677fe 100644
--- a/src/public/ecdh.js
+++ b/src/public/ecdh.js
@@ -1,9 +1,9 @@
-// X25519 aka ECDH on Curve25519 from [RFC7748](https://www.rfc-editor.org/rfc/rfc7748)
-import { x25519 } from '@noble/curves/ed25519';
+// X25519
+// aka ECDH on Curve25519 from [RFC7748](https://www.rfc-editor.org/rfc/rfc7748)
 
 export function genKeys() {
-    const priv = x25519.utils.randomPrivateKey();
-    const pub = x25519.getPublicKey(priv);
+    const priv = nobleCurves.x25519.utils.randomPrivateKey();
+    const pub = nobleCurves.x25519.getPublicKey(priv);
     return {
         privkey: priv,
         pubkey: pub
@@ -11,5 +11,5 @@ export function genKeys() {
 }
 
 export function sharedKey(priv, pub) {
-    return x25519.getSharedSecret(priv, pub);
+    return nobleCurves.x25519.getSharedSecret(priv, pub);
 }
diff --git a/src/routes/root.js b/src/routes/root.js
index 50f8f2e..a66780f 100644
--- a/src/routes/root.js
+++ b/src/routes/root.js
@@ -6,40 +6,40 @@ router
   .route("/")
   .get(mainController.root);
 
-router
-  .route("/style.css")
-  .get(mainController.style);
-
-router
-  .route("/script.js")
-  .get(mainController.script);
-
-router
-  .route("/ecc.js")
-  .get(mainController.ecc);
-
-router
-  .route("/ecdh.js")
-  .get(mainController.ecdh);
-
-router
-  .route("/popups.js")
-  .get(mainController.popups);
-
-router
-  .route("/chat.js")
-  .get(mainController.chat);
-
-router
-  .route("/register.js")
-  .get(mainController.register);
-
-router
-  .route("/pubkey.js")
-  .get(mainController.pubkey);
-
-router
-  .route("/registertext.js")
-  .get(mainController.registertext);
+// router
+//   .route("/style.css")
+//   .get(mainController.style);
+//
+// router
+//   .route("/script.js")
+//   .get(mainController.script);
+//
+// router
+//   .route("/ecc.js")
+//   .get(mainController.ecc);
+//
+// router
+//   .route("/ecdh.js")
+//   .get(mainController.ecdh);
+//
+// router
+//   .route("/popups.js")
+//   .get(mainController.popups);
+//
+// router
+//   .route("/chat.js")
+//   .get(mainController.chat);
+//
+// router
+//   .route("/register.js")
+//   .get(mainController.register);
+//
+// router
+//   .route("/pubkey.js")
+//   .get(mainController.pubkey);
+//
+// router
+//   .route("/registertext.js")
+//   .get(mainController.registertext);
 
 module.exports = router;
diff --git a/src/views/index.pug b/src/views/index.pug
index f16176e..fa323e5 100644
--- a/src/views/index.pug
+++ b/src/views/index.pug
@@ -10,8 +10,9 @@ html(lang="en-US")
     script(type="module", src="/ecc.js", defer)
     if isLoggedIn
       script(src="/chat.js", defer)
-      script(src="/ecdh.js", defer)
       script(src="/pubkey.js", defer)
+      script(src="/noble-curves.js", defer)
+      script(type="module", src="/ecdh.js", defer)
     else
        script(type="module", src="/popups.js", defer)
        script(type="module", src="/register.js", defer)
diff --git a/tests/ecdh.test.js b/tests/ecdh.test.js
deleted file mode 100644
index 89fcda9..0000000
--- a/tests/ecdh.test.js
+++ /dev/null
@@ -1,16 +0,0 @@
-import { genKeys, sharedKey } from '../src/public/ecdh.js';
-import { arrayToHex } from '../src/stringutils.js';
-
-describe('ecdh.js functions', () => {
-
-    it('key exchange test', () => {
-        const keysA= genKeys();
-        const keysB = genKeys();
-        const sharedA = sharedKey(keysA.privkey, keysB.pubkey);
-        const sharedB = sharedKey(keysB.privkey, keysA.pubkey);
-        const sharedAhex = arrayToHex(sharedA);
-        const sharedBhex = arrayToHex(sharedB);
-        expect(sharedAhex).toBe(sharedBhex);
-    });
-
-});