@wallaby-cash/cryptography 1.0.0 → 1.0.1

package/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @wallaby-cash/cryptography
 
+## 1.0.1
+
+### Patch Changes
+
+- Fix package build configuration to exclude test files from published package
+
 ## 1.0.0
 
 ### Major Changes

package/dist/createIdentity.d.ts

@@ -0,0 +1,18 @@
+export declare const DEFAULT_ENTROPY_BYTES = 32;
+export declare const MINIMUM_SHANNON_ENTROPY = 4;
+/**
+ * creates a new private key
+ * @param { Uint8Array } entropy - optional entropy to create the private key
+ * @returns a new private key
+ */
+export declare const createPrivateKey: (entropy?: Uint8Array) => string;
+/**
+ * creates a new identity
+ * @param { Uint8Array } entropy - optional entropy to create the private key
+ * @returns a new pair of private and public key
+ */
+export declare const createIdentity: (entropy?: Uint8Array) => {
+    privateKey: string;
+    publicKey: string;
+};
+//# sourceMappingURL=createIdentity.d.ts.map

package/dist/createIdentity.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"createIdentity.d.ts","sourceRoot":"","sources":["../src/createIdentity.ts"],"names":[],"mappings":"AAMA,eAAO,MAAM,qBAAqB,KAAK,CAAC;AACxC,eAAO,MAAM,uBAAuB,IAAI,CAAC;AAEzC;;;;GAIG;AACH,eAAO,MAAM,gBAAgB,GAAI,UAAU,UAAU,WAmCpD,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,cAAc,GAAI,UAAU,UAAU;;;CASlD,CAAC"}

package/dist/createIdentity.js

@@ -0,0 +1,60 @@
+import { getRandomBytesSync as randomBytes } from 'ethereum-cryptography/random.js';
+import { addLeading0x, stripHexPrefix, concatUint8Arrays } from './util';
+import { publicKeyByPrivateKey } from './publicKeyByPrivateKey';
+import { bytesToHex } from 'ethereum-cryptography/utils';
+import { keccak256 } from 'ethereum-cryptography/keccak';
+export const DEFAULT_ENTROPY_BYTES = 32;
+export const MINIMUM_SHANNON_ENTROPY = 4;
+/**
+ * creates a new private key
+ * @param { Uint8Array } entropy - optional entropy to create the private key
+ * @returns a new private key
+ */
+export const createPrivateKey = (entropy) => {
+    if (entropy) {
+        if (!(entropy instanceof Uint8Array) || entropy.length < DEFAULT_ENTROPY_BYTES) {
+            throw new Error(`entropy must be a Uint8Array of at least ${DEFAULT_ENTROPY_BYTES} bytes`);
+        }
+        // Check byte diversity
+        const uniqueBytes = new Set(entropy);
+        if (uniqueBytes.size < Math.min(8, entropy.length / 4)) {
+            throw new Error(`entropy is too repetitive (only ${uniqueBytes.size} unique byte values)`);
+        }
+        // Estimate Shannon entropy
+        const byteCounts = new Uint32Array(256);
+        entropy.forEach((b) => byteCounts[b]++);
+        const total = entropy.length;
+        let shannonEntropy = 0;
+        for (let i = 0; i < 256; i++) {
+            if (byteCounts[i] > 0) {
+                const p = byteCounts[i] / total;
+                shannonEntropy -= p * Math.log2(p);
+            }
+        }
+        if (shannonEntropy < MINIMUM_SHANNON_ENTROPY) {
+            throw new Error(`entropy has low Shannon entropy (${shannonEntropy.toFixed(2)} bits/byte)`);
+        }
+        const outerHex = keccak256(entropy);
+        return addLeading0x(bytesToHex(outerHex));
+    }
+    else {
+        const innerHex = keccak256(concatUint8Arrays([randomBytes(32), randomBytes(32)]));
+        const middleHex = concatUint8Arrays([concatUint8Arrays([randomBytes(32), innerHex]), randomBytes(32)]);
+        const outerHex = keccak256(middleHex);
+        return addLeading0x(bytesToHex(outerHex));
+    }
+};
+/**
+ * creates a new identity
+ * @param { Uint8Array } entropy - optional entropy to create the private key
+ * @returns a new pair of private and public key
+ */
+export const createIdentity = (entropy) => {
+    const privateKey = createPrivateKey(entropy);
+    const walletPublicKey = publicKeyByPrivateKey(privateKey);
+    const identity = {
+        privateKey: privateKey,
+        publicKey: stripHexPrefix(walletPublicKey),
+    };
+    return identity;
+};

package/dist/decryptWithPrivateKey.d.ts

@@ -0,0 +1,3 @@
+import { Encrypted } from './types';
+export declare const decryptWithPrivateKey: (privateKey: string, encrypted: Encrypted) => string;
+//# sourceMappingURL=decryptWithPrivateKey.d.ts.map

package/dist/decryptWithPrivateKey.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"decryptWithPrivateKey.d.ts","sourceRoot":"","sources":["../src/decryptWithPrivateKey.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAEpC,eAAO,MAAM,qBAAqB,GAAI,YAAY,MAAM,EAAE,WAAW,SAAS,WAK7E,CAAC"}

package/dist/decryptWithPrivateKey.js

@@ -0,0 +1,7 @@
+import { stripHexPrefix } from './util';
+import { decrypt } from './encryption-utils';
+export const decryptWithPrivateKey = (privateKey, encrypted) => {
+    // remove '0x' from privateKey
+    const twoStripped = stripHexPrefix(privateKey);
+    return decrypt(twoStripped, encrypted);
+};

package/dist/encryptWithPublicKey.d.ts

@@ -0,0 +1,3 @@
+import { EncryptionOptions } from './types';
+export declare const encryptWithPublicKey: (publicKey: string, message: string, options?: EncryptionOptions) => import("./types").Encrypted;
+//# sourceMappingURL=encryptWithPublicKey.d.ts.map

package/dist/encryptWithPublicKey.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryptWithPublicKey.d.ts","sourceRoot":"","sources":["../src/encryptWithPublicKey.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAE5C,eAAO,MAAM,oBAAoB,GAAI,WAAW,MAAM,EAAE,SAAS,MAAM,EAAE,UAAU,iBAAiB,gCAOnG,CAAC"}

package/dist/encryptWithPublicKey.js

@@ -0,0 +1,9 @@
+import { decompress } from './util';
+import { encrypt } from './encryption-utils';
+export const encryptWithPublicKey = (publicKey, message, options) => {
+    // ensure its an uncompressed publicKey
+    const decompressedKey = decompress(publicKey);
+    // re-add the compression-flag
+    const pubString = '04' + decompressedKey;
+    return encrypt(pubString, message, options);
+};

package/dist/encryption-utils.d.ts

@@ -0,0 +1,19 @@
+import { Encrypted, EncryptionOptions } from './types';
+/**
+ *  See https://github.com/bitchan/eccrypto for the original implementation that eth-crypto used, it's ancient and not maintained.
+ */
+/**
+ * Encrypts a message using the recipient's public key.
+ * @param {string} publicKeyTo - The recipient's public key.
+ * @param {string} msg - The message to encrypt.
+ * @returns {Encrypted} The encrypted message.
+ */
+export declare const encrypt: (publicKeyTo: string, msg: string, options?: EncryptionOptions) => Encrypted;
+/**
+ * Decrypts an encrypted message using the recipient's private key.
+ * @param {string} privateKey - The recipient's private key.
+ * @param {Encrypted} opts - The encrypted message.
+ * @returns {string} The decrypted message.
+ */
+export declare const decrypt: (privateKey: string, opts: Encrypted) => string;
+//# sourceMappingURL=encryption-utils.d.ts.map

package/dist/encryption-utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption-utils.d.ts","sourceRoot":"","sources":["../src/encryption-utils.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAIvD;;GAEG;AAEH;;;;;GAKG;AAEH,eAAO,MAAM,OAAO,GAAI,aAAa,MAAM,EAAE,KAAK,MAAM,EAAE,UAAU,iBAAiB,KAAG,SAsBvF,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,OAAO,GAAI,YAAY,MAAM,EAAE,MAAM,SAAS,WA2B1D,CAAC"}

package/dist/encryption-utils.js

@@ -0,0 +1,82 @@
+import { sha512 } from 'ethereum-cryptography/sha512.js';
+import { secp256k1 } from 'ethereum-cryptography/secp256k1';
+import { getRandomBytesSync as randomBytes } from 'ethereum-cryptography/random.js';
+import { hexToBytes, bytesToHex, bytesToUtf8 } from 'ethereum-cryptography/utils.js';
+import { encrypt as aesEncrypt, decrypt as aesDecrypt } from 'ethereum-cryptography/aes.js';
+import { hmacSha256Sign } from './sign';
+import { concatUint8Arrays, utf8ToBytes } from './util';
+/**
+ *  See https://github.com/bitchan/eccrypto for the original implementation that eth-crypto used, it's ancient and not maintained.
+ */
+/**
+ * Encrypts a message using the recipient's public key.
+ * @param {string} publicKeyTo - The recipient's public key.
+ * @param {string} msg - The message to encrypt.
+ * @returns {Encrypted} The encrypted message.
+ */
+export const encrypt = (publicKeyTo, msg, options) => {
+    const ephemPrivateKey = options?.ephemPrivateKey ? hexToBytes(options.ephemPrivateKey) : randomBytes(32);
+    const iv = randomBytes(16);
+    const compressedPub = secp256k1.getPublicKey(ephemPrivateKey); // defaults to compressed format
+    const point = secp256k1.ProjectivePoint.fromHex(compressedPub); // decompress the pub into an EC point
+    const ephemPublicKey = point.toRawBytes(false); // Get uncompressed SEC1 format pub
+    const sharedSecret = secp256k1.getSharedSecret(ephemPrivateKey, hexToBytes(publicKeyTo), true).slice(1);
+    const hash = sha512(sharedSecret);
+    const encryptionKey = hash.subarray(0, 32);
+    const macKey = hash.subarray(32);
+    const message = utf8ToBytes(msg);
+    const data = aesEncrypt(message, encryptionKey, iv, 'aes-256-cbc');
+    const dataToMac = concatUint8Arrays([iv, ephemPublicKey, data]);
+    const mac = hmacSha256Sign(macKey, dataToMac);
+    return {
+        iv: bytesToHex(iv),
+        ephemPublicKey: bytesToHex(ephemPublicKey),
+        ciphertext: bytesToHex(data),
+        mac: bytesToHex(mac),
+    };
+};
+/**
+ * Decrypts an encrypted message using the recipient's private key.
+ * @param {string} privateKey - The recipient's private key.
+ * @param {Encrypted} opts - The encrypted message.
+ * @returns {string} The decrypted message.
+ */
+export const decrypt = (privateKey, opts) => {
+    let sharedSecret;
+    try {
+        sharedSecret = secp256k1.getSharedSecret(hexToBytes(privateKey), opts.ephemPublicKey, true).slice(1);
+    }
+    catch (e) {
+        throw new Error(`Invalid MAC: data integrity check failed: ${e}`);
+    }
+    const hash = sha512(sharedSecret);
+    const encryptionKey = hash.subarray(0, 32);
+    const macKey = hash.subarray(32);
+    const ciphertext = hexToBytes(opts.ciphertext);
+    const iv = hexToBytes(opts.iv);
+    const ephemPublicKey = hexToBytes(opts.ephemPublicKey);
+    const receivedMac = hexToBytes(opts.mac);
+    // Recompute MAC
+    const dataToMac = concatUint8Arrays([iv, ephemPublicKey, ciphertext]);
+    const expectedMac = hmacSha256Sign(macKey, dataToMac);
+    if (!constantTimeEqual(expectedMac, receivedMac)) {
+        throw new Error('Invalid MAC: data integrity check failed');
+    }
+    const decrypted = aesDecrypt(ciphertext, encryptionKey, iv, 'aes-256-cbc');
+    return bytesToUtf8(decrypted);
+};
+/**
+ * Compares two Uint8Arrays in constant time to prevent timing attacks.
+ * @param {Uint8Array} a - The first array.
+ * @param {Uint8Array} b - The second array.
+ * @returns {boolean} True if the arrays are equal, false otherwise.
+ */
+function constantTimeEqual(a, b) {
+    if (a.length !== b.length)
+        return false;
+    let result = 0;
+    for (let i = 0; i < a.length; i++) {
+        result |= a[i] ^ b[i];
+    }
+    return result === 0;
+}

package/dist/hash.d.ts

@@ -0,0 +1,2 @@
+export declare const keccak256: (params: string) => string;
+//# sourceMappingURL=hash.d.ts.map

package/dist/hash.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hash.d.ts","sourceRoot":"","sources":["../src/hash.ts"],"names":[],"mappings":"AAWA,eAAO,MAAM,SAAS,GAAI,QAAQ,MAAM,WAEvC,CAAC"}

package/dist/hash.js

@@ -0,0 +1,12 @@
+import { bytesToHex, hexToBytes } from 'ethereum-cryptography/utils.js';
+import { keccak256 as _keccak256 } from 'ethereum-cryptography/keccak.js';
+import { addLeading0x, utf8ToBytes } from './util';
+const solidityPackedKeccak256 = (value) => {
+    const bytes = utf8ToBytes(value);
+    const hex = addLeading0x(bytesToHex(bytes));
+    const hash = _keccak256(hexToBytes(hex));
+    return addLeading0x(bytesToHex(hash));
+};
+export const keccak256 = (params) => {
+    return solidityPackedKeccak256(params);
+};

package/dist/index.d.ts

@@ -0,0 +1,28 @@
+import { createIdentity } from './createIdentity';
+import { sign } from './sign';
+import { encryptWithPublicKey } from './encryptWithPublicKey';
+import { decryptWithPrivateKey } from './decryptWithPrivateKey';
+import { keccak256 } from './hash';
+import { publicKeyByPrivateKey } from './publicKeyByPrivateKey';
+import { recoverPublicKey } from './recoverPublicKey';
+declare const hash: {
+    keccak256: (params: string) => string;
+};
+export { createIdentity, decryptWithPrivateKey, encryptWithPublicKey, hash, keccak256, publicKeyByPrivateKey, recoverPublicKey, sign, };
+declare const _default: {
+    createIdentity: (entropy?: Uint8Array) => {
+        privateKey: string;
+        publicKey: string;
+    };
+    decryptWithPrivateKey: (privateKey: string, encrypted: import("./types").Encrypted) => string;
+    encryptWithPublicKey: (publicKey: string, message: string, options?: import("./types").EncryptionOptions) => import("./types").Encrypted;
+    hash: {
+        keccak256: (params: string) => string;
+    };
+    keccak256: (params: string) => string;
+    publicKeyByPrivateKey: (privateKey: string) => string;
+    recoverPublicKey: (signature: string, hash: string) => string;
+    sign: (privateKey: string, hash: string) => string;
+};
+export default _default;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAC9B,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACnC,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAEtD,QAAA,MAAM,IAAI;;CAET,CAAC;AAEF,OAAO,EACL,cAAc,EACd,qBAAqB,EACrB,oBAAoB,EACpB,IAAI,EACJ,SAAS,EACT,qBAAqB,EACrB,gBAAgB,EAChB,IAAI,GACL,CAAC;;;;;;;;;;;;;;;;AAEF,wBASE"}

package/{src/index.ts → dist/index.js}

@@ -5,29 +5,17 @@ import { decryptWithPrivateKey } from './decryptWithPrivateKey';
 import { keccak256 } from './hash';
 import { publicKeyByPrivateKey } from './publicKeyByPrivateKey';
 import { recoverPublicKey } from './recoverPublicKey';
-
 const hash = {
-  keccak256,
+    keccak256,
 };
-
-export {
-  createIdentity,
-  decryptWithPrivateKey,
-  encryptWithPublicKey,
-  hash,
-  keccak256,
-  publicKeyByPrivateKey,
-  recoverPublicKey,
-  sign,
-};
-
+export { createIdentity, decryptWithPrivateKey, encryptWithPublicKey, hash, keccak256, publicKeyByPrivateKey, recoverPublicKey, sign, };
 export default {
-  createIdentity,
-  decryptWithPrivateKey,
-  encryptWithPublicKey,
-  hash,
-  keccak256,
-  publicKeyByPrivateKey,
-  recoverPublicKey,
-  sign,
+    createIdentity,
+    decryptWithPrivateKey,
+    encryptWithPublicKey,
+    hash,
+    keccak256,
+    publicKeyByPrivateKey,
+    recoverPublicKey,
+    sign,
 };

package/dist/publicKeyByPrivateKey.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Generate publicKey from the privateKey.
+ * This creates the uncompressed publicKey,
+ * where 04 has stripped from left
+ * @returns {string}
+ */
+export declare const publicKeyByPrivateKey: (privateKey: string) => string;
+//# sourceMappingURL=publicKeyByPrivateKey.d.ts.map

package/dist/publicKeyByPrivateKey.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"publicKeyByPrivateKey.d.ts","sourceRoot":"","sources":["../src/publicKeyByPrivateKey.ts"],"names":[],"mappings":"AAIA;;;;;GAKG;AAEH,eAAO,MAAM,qBAAqB,GAAI,YAAY,MAAM,WAKvD,CAAC"}

package/dist/publicKeyByPrivateKey.js

@@ -0,0 +1,15 @@
+import { decompress, stripHexPrefix } from './util';
+import { secp256k1 } from 'ethereum-cryptography/secp256k1.js';
+import { bytesToHex } from 'ethereum-cryptography/utils';
+/**
+ * Generate publicKey from the privateKey.
+ * This creates the uncompressed publicKey,
+ * where 04 has stripped from left
+ * @returns {string}
+ */
+export const publicKeyByPrivateKey = (privateKey) => {
+    const key = stripHexPrefix(privateKey);
+    const compressedPub = secp256k1.getPublicKey(key); // defaults to compressed format
+    const point = secp256k1.ProjectivePoint.fromHex(compressedPub); // decompress the pub into an EC point
+    return decompress(bytesToHex(point.toRawBytes(false))); // Get uncompressed SEC1 format pub
+};

package/dist/recoverPublicKey.d.ts

@@ -0,0 +1,8 @@
+/**
+ * returns the publicKey for the privateKey with which the messageHash was signed
+ * @param  {string} signature
+ * @param  {string} hash
+ * @return {string} publicKey
+ */
+export declare const recoverPublicKey: (signature: string, hash: string) => string;
+//# sourceMappingURL=recoverPublicKey.d.ts.map

package/dist/recoverPublicKey.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"recoverPublicKey.d.ts","sourceRoot":"","sources":["../src/recoverPublicKey.ts"],"names":[],"mappings":"AAIA;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,GAAI,WAAW,MAAM,EAAE,MAAM,MAAM,WAe/D,CAAC"}

package/dist/recoverPublicKey.js

@@ -0,0 +1,20 @@
+import { ecdsaRecover } from 'ethereum-cryptography/secp256k1-compat';
+import { stripHexPrefix } from './util';
+import { bytesToHex, hexToBytes } from 'ethereum-cryptography/utils';
+/**
+ * returns the publicKey for the privateKey with which the messageHash was signed
+ * @param  {string} signature
+ * @param  {string} hash
+ * @return {string} publicKey
+ */
+export const recoverPublicKey = (signature, hash) => {
+    const noHex = stripHexPrefix(signature);
+    // split into v-value and sig
+    const sigOnly = noHex.substring(0, noHex.length - 2); // all but last 2 chars
+    const vValue = noHex.slice(-2); // last 2 chars
+    const recoveryNumber = vValue === '1c' ? 1 : 0;
+    let pubKey = bytesToHex(ecdsaRecover(hexToBytes(sigOnly), recoveryNumber, hexToBytes(stripHexPrefix(hash)), false));
+    // remove trailing '04'
+    pubKey = pubKey.slice(2);
+    return pubKey;
+};

package/dist/sign.d.ts

@@ -0,0 +1,9 @@
+/**
+ * signs the given message
+ * @param  {string} privateKey
+ * @param  {string} hash
+ * @return {string} hexString
+ */
+export declare const sign: (privateKey: string, hash: string) => string;
+export declare const hmacSha256Sign: (key: Uint8Array, msg: Uint8Array) => Uint8Array<ArrayBufferLike>;
+//# sourceMappingURL=sign.d.ts.map

package/dist/sign.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sign.d.ts","sourceRoot":"","sources":["../src/sign.ts"],"names":[],"mappings":"AAMA;;;;;GAKG;AACH,eAAO,MAAM,IAAI,GAAI,YAAY,MAAM,EAAE,MAAM,MAAM,WASpD,CAAC;AAEF,eAAO,MAAM,cAAc,GAAI,KAAK,UAAU,EAAE,KAAK,UAAU,gCAG9D,CAAC"}

package/dist/sign.js

@@ -0,0 +1,24 @@
+import { secp256k1 } from 'ethereum-cryptography/secp256k1.js';
+import { hmac } from '@noble/hashes/hmac.js';
+import { sha256 } from '@noble/hashes/sha2.js';
+import { hexToBytes } from 'ethereum-cryptography/utils';
+import { addLeading0x, isHexString, stripHexPrefix } from './util';
+/**
+ * signs the given message
+ * @param  {string} privateKey
+ * @param  {string} hash
+ * @return {string} hexString
+ */
+export const sign = (privateKey, hash) => {
+    const hashWith0x = addLeading0x(hash);
+    if (hashWith0x.length !== 66 || !isHexString(hashWith0x))
+        throw new Error('Can only sign hashes, given: ' + hash);
+    const sigObj = secp256k1.sign(hexToBytes(stripHexPrefix(hash)), hexToBytes(stripHexPrefix(privateKey)));
+    const recoveryId = sigObj.recovery === 1 ? '1c' : '1b';
+    const newSignature = '0x' + sigObj.toCompactHex() + recoveryId;
+    return newSignature;
+};
+export const hmacSha256Sign = (key, msg) => {
+    const result = hmac(sha256, key, msg);
+    return result;
+};

package/dist/types.d.ts

@@ -0,0 +1,10 @@
+export type Encrypted = {
+    iv: string;
+    ephemPublicKey: string;
+    ciphertext: string;
+    mac: string;
+};
+export type EncryptionOptions = {
+    ephemPrivateKey?: string;
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,SAAS,GAAG;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,GAAG,EAAE,MAAM,CAAC;CACb,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC"}

package/dist/types.js

@@ -0,0 +1 @@
+export {};

package/dist/util.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Returns a `Boolean` on whether or not the a `String` starts with '0x'
+ * @param str the string input value
+ * @return a boolean if it is or is not hex prefixed
+ * @throws if the str input is not a string
+ */
+export declare const isHexPrefixed: (str: string) => boolean;
+/**
+ * Removes '0x' from a given `String` if present
+ * @param str the string value
+ * @returns the string without 0x prefix
+ */
+export declare const stripHexPrefix: (str: string) => string;
+/**
+ * Is the string a hex string.
+ *
+ * @param  value
+ * @param  length
+ * @returns  output the string is a hex string
+ */
+export declare const isHexString: (value: string, length?: number) => boolean;
+/**
+ * Adds '0x' to a given `String` if not present
+ * @param str the string input value
+ * @return the string with a 0x prefix
+ */
+export declare const addLeading0x: (str: string) => string;
+export declare const decompress: (startsWith02Or03: string) => string;
+/** Helper function to concat UInt8Arrays mimicking the behaviour of the
+ *  Buffer.concat function in Node.js
+ */
+export declare const concatUint8Arrays: (uint8arrays: Uint8Array[]) => Uint8Array<ArrayBuffer>;
+/**
+ * Converts a UTF-8 string to a Uint8Array without using TextEncoder, which is not available in mobile
+ * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])
+ */
+export declare const utf8ToBytes: (str: string) => Uint8Array;
+//# sourceMappingURL=util.d.ts.map

package/dist/util.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AACH,eAAO,MAAM,aAAa,GAAI,KAAK,MAAM,YAMxC,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,cAAc,GAAI,KAAK,MAAM,KAAG,MAI5C,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,WAAW,GAAI,OAAO,MAAM,EAAE,SAAS,MAAM,KAAG,OAM5D,CAAC;AAEF;;;;GAIG;AAEH,eAAO,MAAM,YAAY,GAAI,KAAK,MAAM,WAGvC,CAAC;AAEF,eAAO,MAAM,UAAU,GAAI,kBAAkB,MAAM,WAOlD,CAAC;AAEF;;GAEG;AAEH,eAAO,MAAM,iBAAiB,GAAI,aAAa,UAAU,EAAE,4BAS1D,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,WAAW,GAAI,KAAK,MAAM,KAAG,UA4BzC,CAAC"}

package/dist/util.js

@@ -0,0 +1,98 @@
+import { hexToBytes } from 'ethereum-cryptography/utils';
+/**
+ * Returns a `Boolean` on whether or not the a `String` starts with '0x'
+ * @param str the string input value
+ * @return a boolean if it is or is not hex prefixed
+ * @throws if the str input is not a string
+ */
+export const isHexPrefixed = (str) => {
+    if (typeof str !== 'string') {
+        throw new Error(`[isHexPrefixed] input must be type 'string', received type ${typeof str}`);
+    }
+    return str[0] === '0' && str[1] === 'x';
+};
+/**
+ * Removes '0x' from a given `String` if present
+ * @param str the string value
+ * @returns the string without 0x prefix
+ */
+export const stripHexPrefix = (str) => {
+    if (typeof str !== 'string')
+        throw new Error(`[stripHexPrefix] input must be type 'string', received ${typeof str}`);
+    return isHexPrefixed(str) ? str.slice(2) : str;
+};
+/**
+ * Is the string a hex string.
+ *
+ * @param  value
+ * @param  length
+ * @returns  output the string is a hex string
+ */
+export const isHexString = (value, length) => {
+    if (typeof value !== 'string' || !value.match(/^0x[0-9A-Fa-f]+$/))
+        return false;
+    if (length && value.length !== 2 + 2 * length)
+        return false;
+    return true;
+};
+/**
+ * Adds '0x' to a given `String` if not present
+ * @param str the string input value
+ * @return the string with a 0x prefix
+ */
+export const addLeading0x = (str) => {
+    if (!str.startsWith('0x'))
+        return '0x' + str;
+    else
+        return str;
+};
+export const decompress = (startsWith02Or03) => {
+    const testByteArray = hexToBytes(startsWith02Or03);
+    let startsWith04 = startsWith02Or03;
+    if (testByteArray.length === 64) {
+        startsWith04 = '04' + startsWith02Or03;
+    }
+    return startsWith04.substring(2);
+};
+/** Helper function to concat UInt8Arrays mimicking the behaviour of the
+ *  Buffer.concat function in Node.js
+ */
+export const concatUint8Arrays = (uint8arrays) => {
+    const totalLength = uint8arrays.reduce((total, uint8array) => total + uint8array.byteLength, 0);
+    const result = new Uint8Array(totalLength);
+    let offset = 0;
+    uint8arrays.forEach((uint8array) => {
+        result.set(uint8array, offset);
+        offset += uint8array.byteLength;
+    });
+    return result;
+};
+/**
+ * Converts a UTF-8 string to a Uint8Array without using TextEncoder, which is not available in mobile
+ * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])
+ */
+export const utf8ToBytes = (str) => {
+    if (typeof str !== 'string')
+        throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
+    const bytes = [];
+    for (let i = 0; i < str.length; i++) {
+        const codePoint = str.codePointAt(i);
+        if (!codePoint) {
+            throw new Error('Invalid code point');
+        }
+        if (codePoint < 0x80) {
+            bytes.push(codePoint);
+        }
+        else if (codePoint < 0x800) {
+            bytes.push(0xc0 | (codePoint >> 6), 0x80 | (codePoint & 0x3f));
+        }
+        else if (codePoint < 0x10000) {
+            bytes.push(0xe0 | (codePoint >> 12), 0x80 | ((codePoint >> 6) & 0x3f), 0x80 | (codePoint & 0x3f));
+        }
+        else {
+            i++; // skip one iteration since we have a surrogate pair
+            bytes.push(0xf0 | (codePoint >> 18), 0x80 | ((codePoint >> 12) & 0x3f), 0x80 | ((codePoint >> 6) & 0x3f), 0x80 | (codePoint & 0x3f));
+        }
+    }
+    return new Uint8Array(bytes);
+};

package/package.json

@@ -1,13 +1,20 @@
 {
   "name": "@wallaby-cash/cryptography",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "Cryptography utilities for Wallaby Cash",
-  "main": "./src/index.ts",
-  "types": "./src/index.ts",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
   "exports": {
-    ".": "./src/index.ts",
-    "./*": "./src/*.ts"
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
   },
+  "files": [
+    "dist",
+    "README.md",
+    "CHANGELOG.md"
+  ],
   "publishConfig": {
     "access": "public"
   },
@@ -25,6 +32,8 @@
     "directory": "packages/cryptography"
   },
   "scripts": {
+    "build": "tsc",
+    "prepublishOnly": "npm run build",
     "lint": "eslint . --max-warnings 0",
     "generate:component": "turbo gen react-component",
     "check-types": "tsc --noEmit"
@@ -39,6 +48,7 @@
     "typescript": "5.9.2"
   },
   "dependencies": {
+    "@noble/hashes": "^2.0.1",
     "ethereum-cryptography": "^3.2.0",
     "react": "^19.2.0",
     "react-dom": "^19.2.0"

package/src/createIdentity.ts

@@ -1,66 +0,0 @@
-import { getRandomBytesSync as randomBytes } from 'ethereum-cryptography/random.js';
-import { addLeading0x, stripHexPrefix, concatUint8Arrays } from './util';
-import { publicKeyByPrivateKey } from './publicKeyByPrivateKey';
-import { bytesToHex } from 'ethereum-cryptography/utils';
-import { keccak256 } from 'ethereum-cryptography/keccak';
-
-export const DEFAULT_ENTROPY_BYTES = 32;
-export const MINIMUM_SHANNON_ENTROPY = 4;
-
-/**
- * creates a new private key
- * @param { Uint8Array } entropy - optional entropy to create the private key
- * @returns a new private key
- */
-export const createPrivateKey = (entropy?: Uint8Array) => {
-  if (entropy) {
-    if (!(entropy instanceof Uint8Array) || entropy.length < DEFAULT_ENTROPY_BYTES) {
-      throw new Error(`entropy must be a Uint8Array of at least ${DEFAULT_ENTROPY_BYTES} bytes`);
-    }
-
-    // Check byte diversity
-    const uniqueBytes = new Set(entropy);
-    if (uniqueBytes.size < Math.min(8, entropy.length / 4)) {
-      throw new Error(`entropy is too repetitive (only ${uniqueBytes.size} unique byte values)`);
-    }
-
-    // Estimate Shannon entropy
-    const byteCounts = new Uint32Array(256);
-    entropy.forEach((b) => byteCounts[b]!++);
-    const total = entropy.length;
-    let shannonEntropy = 0;
-    for (let i = 0; i < 256; i++) {
-      if (byteCounts[i]! > 0) {
-        const p = byteCounts[i]! / total;
-        shannonEntropy -= p * Math.log2(p);
-      }
-    }
-    if (shannonEntropy < MINIMUM_SHANNON_ENTROPY) {
-      throw new Error(`entropy has low Shannon entropy (${shannonEntropy.toFixed(2)} bits/byte)`);
-    }
-
-    const outerHex = keccak256(entropy);
-    return addLeading0x(bytesToHex(outerHex));
-  } else {
-    const innerHex = keccak256(concatUint8Arrays([randomBytes(32), randomBytes(32)]));
-    const middleHex = concatUint8Arrays([concatUint8Arrays([randomBytes(32), innerHex]), randomBytes(32)]);
-    const outerHex = keccak256(middleHex);
-    return addLeading0x(bytesToHex(outerHex));
-  }
-};
-
-/**
- * creates a new identity
- * @param { Uint8Array } entropy - optional entropy to create the private key
- * @returns a new pair of private and public key
- */
-export const createIdentity = (entropy?: Uint8Array) => {
-  const privateKey = createPrivateKey(entropy);
-
-  const walletPublicKey = publicKeyByPrivateKey(privateKey);
-  const identity = {
-    privateKey: privateKey,
-    publicKey: stripHexPrefix(walletPublicKey),
-  };
-  return identity;
-};

package/src/decryptWithPrivateKey.ts

@@ -1,10 +0,0 @@
-import { stripHexPrefix } from './util';
-import { decrypt } from './encryption-utils';
-import { Encrypted } from './types';
-
-export const decryptWithPrivateKey = (privateKey: string, encrypted: Encrypted) => {
-  // remove '0x' from privateKey
-  const twoStripped = stripHexPrefix(privateKey);
-
-  return decrypt(twoStripped, encrypted);
-};

package/src/encryptWithPublicKey.ts

@@ -1,12 +0,0 @@
-import { decompress } from './util';
-import { encrypt } from './encryption-utils';
-import { EncryptionOptions } from './types';
-
-export const encryptWithPublicKey = (publicKey: string, message: string, options?: EncryptionOptions) => {
-  // ensure its an uncompressed publicKey
-  const decompressedKey = decompress(publicKey);
-
-  // re-add the compression-flag
-  const pubString = '04' + decompressedKey;
-  return encrypt(pubString, message, options);
-};

package/src/encryption-utils.ts

@@ -1,93 +0,0 @@
-import { sha512 } from 'ethereum-cryptography/sha512.js';
-import { secp256k1 } from 'ethereum-cryptography/secp256k1';
-import { getRandomBytesSync as randomBytes } from 'ethereum-cryptography/random.js';
-import { hexToBytes, bytesToHex, bytesToUtf8 } from 'ethereum-cryptography/utils.js';
-import { encrypt as aesEncrypt, decrypt as aesDecrypt } from 'ethereum-cryptography/aes.js';
-import { Encrypted, EncryptionOptions } from './types';
-import { hmacSha256Sign } from './sign';
-import { concatUint8Arrays, utf8ToBytes } from './util';
-
-/**
- *  See https://github.com/bitchan/eccrypto for the original implementation that eth-crypto used, it's ancient and not maintained.
- */
-
-/**
- * Encrypts a message using the recipient's public key.
- * @param {string} publicKeyTo - The recipient's public key.
- * @param {string} msg - The message to encrypt.
- * @returns {Encrypted} The encrypted message.
- */
-
-export const encrypt = (publicKeyTo: string, msg: string, options?: EncryptionOptions): Encrypted => {
-  const ephemPrivateKey = options?.ephemPrivateKey ? hexToBytes(options.ephemPrivateKey) : randomBytes(32);
-  const iv = randomBytes(16);
-
-  const compressedPub = secp256k1.getPublicKey(ephemPrivateKey); // defaults to compressed format
-  const point = secp256k1.ProjectivePoint.fromHex(compressedPub); // decompress the pub into an EC point
-  const ephemPublicKey = point.toRawBytes(false); // Get uncompressed SEC1 format pub
-  const sharedSecret = secp256k1.getSharedSecret(ephemPrivateKey, hexToBytes(publicKeyTo), true).slice(1);
-  const hash = sha512(sharedSecret);
-  const encryptionKey = hash.subarray(0, 32);
-  const macKey = hash.subarray(32);
-  const message = utf8ToBytes(msg);
-  const data = aesEncrypt(message, encryptionKey, iv, 'aes-256-cbc');
-  const dataToMac = concatUint8Arrays([iv, ephemPublicKey, data]);
-  const mac = hmacSha256Sign(macKey, dataToMac);
-
-  return {
-    iv: bytesToHex(iv),
-    ephemPublicKey: bytesToHex(ephemPublicKey),
-    ciphertext: bytesToHex(data),
-    mac: bytesToHex(mac),
-  };
-};
-
-/**
- * Decrypts an encrypted message using the recipient's private key.
- * @param {string} privateKey - The recipient's private key.
- * @param {Encrypted} opts - The encrypted message.
- * @returns {string} The decrypted message.
- */
-export const decrypt = (privateKey: string, opts: Encrypted) => {
-  let sharedSecret: Uint8Array;
-  try {
-    sharedSecret = secp256k1.getSharedSecret(hexToBytes(privateKey), opts.ephemPublicKey, true).slice(1);
-  } catch (e) {
-    throw new Error(`Invalid MAC: data integrity check failed: ${e}`);
-  }
-
-  const hash = sha512(sharedSecret);
-  const encryptionKey = hash.subarray(0, 32);
-  const macKey = hash.subarray(32);
-
-  const ciphertext = hexToBytes(opts.ciphertext);
-  const iv = hexToBytes(opts.iv);
-  const ephemPublicKey = hexToBytes(opts.ephemPublicKey);
-  const receivedMac = hexToBytes(opts.mac);
-
-  // Recompute MAC
-  const dataToMac = concatUint8Arrays([iv, ephemPublicKey, ciphertext]);
-  const expectedMac = hmacSha256Sign(macKey, dataToMac);
-
-  if (!constantTimeEqual(expectedMac, receivedMac)) {
-    throw new Error('Invalid MAC: data integrity check failed');
-  }
-
-  const decrypted = aesDecrypt(ciphertext, encryptionKey, iv, 'aes-256-cbc');
-  return bytesToUtf8(decrypted);
-};
-
-/**
- * Compares two Uint8Arrays in constant time to prevent timing attacks.
- * @param {Uint8Array} a - The first array.
- * @param {Uint8Array} b - The second array.
- * @returns {boolean} True if the arrays are equal, false otherwise.
- */
-function constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean {
-  if (a.length !== b.length) return false;
-  let result = 0;
-  for (let i = 0; i < a.length; i++) {
-    result |= a[i]! ^ b[i]!;
-  }
-  return result === 0;
-}

package/src/hash.ts

@@ -1,14 +0,0 @@
-import { bytesToHex, hexToBytes } from 'ethereum-cryptography/utils.js';
-import { keccak256 as _keccak256 } from 'ethereum-cryptography/keccak.js';
-import { addLeading0x, utf8ToBytes } from './util';
-
-const solidityPackedKeccak256 = (value: string) => {
-  const bytes = utf8ToBytes(value);
-  const hex = addLeading0x(bytesToHex(bytes));
-  const hash = _keccak256(hexToBytes(hex));
-  return addLeading0x(bytesToHex(hash));
-};
-
-export const keccak256 = (params: string) => {
-  return solidityPackedKeccak256(params);
-};

package/src/publicKeyByPrivateKey.ts

@@ -1,17 +0,0 @@
-import { decompress, stripHexPrefix } from './util';
-import { secp256k1 } from 'ethereum-cryptography/secp256k1.js';
-import { bytesToHex } from 'ethereum-cryptography/utils';
-
-/**
- * Generate publicKey from the privateKey.
- * This creates the uncompressed publicKey,
- * where 04 has stripped from left
- * @returns {string}
- */
-
-export const publicKeyByPrivateKey = (privateKey: string) => {
-  const key = stripHexPrefix(privateKey);
-  const compressedPub = secp256k1.getPublicKey(key); // defaults to compressed format
-  const point = secp256k1.ProjectivePoint.fromHex(compressedPub); // decompress the pub into an EC point
-  return decompress(bytesToHex(point.toRawBytes(false))); // Get uncompressed SEC1 format pub
-};

package/src/recoverPublicKey.ts

@@ -1,26 +0,0 @@
-import { ecdsaRecover } from 'ethereum-cryptography/secp256k1-compat';
-import { stripHexPrefix } from './util';
-import { bytesToHex, hexToBytes } from 'ethereum-cryptography/utils';
-
-/**
- * returns the publicKey for the privateKey with which the messageHash was signed
- * @param  {string} signature
- * @param  {string} hash
- * @return {string} publicKey
- */
-export const recoverPublicKey = (signature: string, hash: string) => {
-  const noHex = stripHexPrefix(signature);
-
-  // split into v-value and sig
-  const sigOnly = noHex.substring(0, noHex.length - 2); // all but last 2 chars
-  const vValue = noHex.slice(-2); // last 2 chars
-
-  const recoveryNumber = vValue === '1c' ? 1 : 0;
-
-  let pubKey = bytesToHex(ecdsaRecover(hexToBytes(sigOnly), recoveryNumber, hexToBytes(stripHexPrefix(hash)), false));
-
-  // remove trailing '04'
-  pubKey = pubKey.slice(2);
-
-  return pubKey;
-};

package/src/sign.ts

@@ -1,27 +0,0 @@
-import { secp256k1 } from 'ethereum-cryptography/secp256k1.js';
-import { hmac } from '@noble/hashes/hmac';
-import { sha256 } from '@noble/hashes/sha2';
-import { hexToBytes } from 'ethereum-cryptography/utils';
-import { addLeading0x, isHexString, stripHexPrefix } from './util';
-
-/**
- * signs the given message
- * @param  {string} privateKey
- * @param  {string} hash
- * @return {string} hexString
- */
-export const sign = (privateKey: string, hash: string) => {
-  const hashWith0x = addLeading0x(hash);
-  if (hashWith0x.length !== 66 || !isHexString(hashWith0x)) throw new Error('Can only sign hashes, given: ' + hash);
-
-  const sigObj = secp256k1.sign(hexToBytes(stripHexPrefix(hash)), hexToBytes(stripHexPrefix(privateKey)));
-
-  const recoveryId = sigObj.recovery === 1 ? '1c' : '1b';
-  const newSignature = '0x' + sigObj.toCompactHex() + recoveryId;
-  return newSignature;
-};
-
-export const hmacSha256Sign = (key: Uint8Array, msg: Uint8Array) => {
-  const result = hmac(sha256, key, msg);
-  return result;
-};

package/src/types.ts

@@ -1,10 +0,0 @@
-export type Encrypted = {
-  iv: string;
-  ephemPublicKey: string;
-  ciphertext: string;
-  mac: string;
-};
-
-export type EncryptionOptions = {
-  ephemPrivateKey?: string;
-};

package/src/util.ts

@@ -1,110 +0,0 @@
-import { hexToBytes } from 'ethereum-cryptography/utils';
-
-/**
- * Returns a `Boolean` on whether or not the a `String` starts with '0x'
- * @param str the string input value
- * @return a boolean if it is or is not hex prefixed
- * @throws if the str input is not a string
- */
-export const isHexPrefixed = (str: string) => {
-  if (typeof str !== 'string') {
-    throw new Error(`[isHexPrefixed] input must be type 'string', received type ${typeof str}`);
-  }
-
-  return str[0] === '0' && str[1] === 'x';
-};
-
-/**
- * Removes '0x' from a given `String` if present
- * @param str the string value
- * @returns the string without 0x prefix
- */
-export const stripHexPrefix = (str: string): string => {
-  if (typeof str !== 'string') throw new Error(`[stripHexPrefix] input must be type 'string', received ${typeof str}`);
-
-  return isHexPrefixed(str) ? str.slice(2) : str;
-};
-
-/**
- * Is the string a hex string.
- *
- * @param  value
- * @param  length
- * @returns  output the string is a hex string
- */
-export const isHexString = (value: string, length?: number): boolean => {
-  if (typeof value !== 'string' || !value.match(/^0x[0-9A-Fa-f]+$/)) return false;
-
-  if (length && value.length !== 2 + 2 * length) return false;
-
-  return true;
-};
-
-/**
- * Adds '0x' to a given `String` if not present
- * @param str the string input value
- * @return the string with a 0x prefix
- */
-
-export const addLeading0x = (str: string) => {
-  if (!str.startsWith('0x')) return '0x' + str;
-  else return str;
-};
-
-export const decompress = (startsWith02Or03: string) => {
-  const testByteArray = hexToBytes(startsWith02Or03);
-  let startsWith04 = startsWith02Or03;
-  if (testByteArray.length === 64) {
-    startsWith04 = '04' + startsWith02Or03;
-  }
-  return startsWith04.substring(2);
-};
-
-/** Helper function to concat UInt8Arrays mimicking the behaviour of the
- *  Buffer.concat function in Node.js
- */
-
-export const concatUint8Arrays = (uint8arrays: Uint8Array[]) => {
-  const totalLength = uint8arrays.reduce((total, uint8array) => total + uint8array.byteLength, 0);
-  const result = new Uint8Array(totalLength);
-  let offset = 0;
-  uint8arrays.forEach((uint8array) => {
-    result.set(uint8array, offset);
-    offset += uint8array.byteLength;
-  });
-  return result;
-};
-
-/**
- * Converts a UTF-8 string to a Uint8Array without using TextEncoder, which is not available in mobile
- * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])
- */
-export const utf8ToBytes = (str: string): Uint8Array => {
-  if (typeof str !== 'string') throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
-  const bytes = [];
-
-  for (let i = 0; i < str.length; i++) {
-    const codePoint = str.codePointAt(i);
-
-    if (!codePoint) {
-      throw new Error('Invalid code point');
-    }
-
-    if (codePoint < 0x80) {
-      bytes.push(codePoint);
-    } else if (codePoint < 0x800) {
-      bytes.push(0xc0 | (codePoint >> 6), 0x80 | (codePoint & 0x3f));
-    } else if (codePoint < 0x10000) {
-      bytes.push(0xe0 | (codePoint >> 12), 0x80 | ((codePoint >> 6) & 0x3f), 0x80 | (codePoint & 0x3f));
-    } else {
-      i++; // skip one iteration since we have a surrogate pair
-      bytes.push(
-        0xf0 | (codePoint >> 18),
-        0x80 | ((codePoint >> 12) & 0x3f),
-        0x80 | ((codePoint >> 6) & 0x3f),
-        0x80 | (codePoint & 0x3f),
-      );
-    }
-  }
-  return new Uint8Array(bytes);
-};