This is a project I made to learn more about crypto. I've also written a [post](
https://vaktibabat.github.io/posts/ecurvechat/) that explains all the crypto concepts and algorithms used in the project, and how I implemented them.
I'd be very glad for any feedback about both the code and the post :)
Some observations from a very quick scan:
1. You should include a disclaimer somewhere in the repo that this is an educational project, not something people should seriously use. This is the "escape hatch" for the "don't roll your own crypto" rule.
2. You're rolling your own curve math, including ECDH and ECDSA. These are not easy to get right; in particular, it looks like you've got a classic "attacker can send you a point not on the curve" bug here[1], unless I'm missing where you validate the other party's point.
3. Your protocol seems to allow variance over the curve parameters, which is notoriously dangerous (and is why X.509 and similar protocols prefer "named curve" sets over explicit parameter sets).
[1]: https://github.com/vaktibabat/ecurvechat/blob/4a1d91bd02bbc8...