eth-crypto-ts 0.0.1

package/.eslintrc.js

@@ -0,0 +1,21 @@
+module.exports = {
+  parser: '@typescript-eslint/parser',
+  parserOptions: {
+    project: 'tsconfig.json',
+    sourceType: 'module',
+  },
+  plugins: ['@typescript-eslint/eslint-plugin', 'prettier'],
+  extends: ['plugin:@typescript-eslint/recommended', 'plugin:prettier/recommended', 'prettier'],
+  root: true,
+  env: {
+    node: true,
+    jest: true,
+  },
+  rules: {
+    '@typescript-eslint/interface-name-prefix': 'off',
+    '@typescript-eslint/explicit-function-return-type': 'off',
+    '@typescript-eslint/explicit-module-boundary-types': 'off',
+    '@typescript-eslint/no-explicit-any': 'off',
+    'prettier/prettier': ['error', { endOfLine: 'auto' }],
+  },
+};

package/.github/workflows/cd.yml

@@ -0,0 +1,43 @@
+name: CD
+on:
+  release:
+    types: [published]
+
+permissions:
+  contents: read
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+      id-token: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: '.nvmrc'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build resources
+        run: npm run build:prod
+
+      - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
+        run: npm audit signatures
+
+      - name: Configure npm
+        run: npm config set //registry.npmjs.org/:_authToken ${{ secrets.NPM_TOKEN }}
+
+      - name: Release
+        run: npm run release
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

package/.github/workflows/ci.yml

@@ -0,0 +1,37 @@
+name: CI
+on:
+  pull_request:
+    branches:
+      - master
+jobs:
+  build-audit-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get branch name
+        id: branch_name
+        run: echo "branch=$(echo ${GITHUB_HEAD_REF#refs/heads/})" >>$GITHUB_OUTPUT
+
+      - name: Checkout ${{ steps.branch_name.outputs.branch }}
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ steps.branch_name.outputs.branch }}
+
+      - name: Setup Up Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: '.nvmrc'
+
+      - name: Install dependencies
+        run: npm install
+
+      # - name: Run linter
+      #   run: npm run lint --no-color
+
+      # - name: Run tests
+      #   if: always()
+      #   run: npm run test
+
+      - name: Run Audit-CI to check for vulnerabilities
+        id: audit
+        if: always()
+        run: npm run audit-ci

package/.nvmrc

@@ -0,0 +1 @@
+v20.14.0

package/.prettierrc

@@ -0,0 +1,7 @@
+{
+  "singleQuote": true,
+  "trailingComma": "all",
+  "printWidth": 130,
+  "useTabs": false,
+  "bracketSpacing": true
+}

package/.releaserc.json

@@ -0,0 +1,22 @@
+{
+  "branches": ["main"],
+  "preset": "angular",
+  "plugins": [
+    ["@semantic-release/commit-analyzer", {
+      "preset": "angular",
+      "releaseRules": [
+        {"type": "docs", "scope": "README", "release": "patch"},
+        {"type": "refactor", "scope": "core-*", "release": "minor"},
+        {"type": "chore", "release": "patch"},
+        {"feat": "feat", "release": "minor"},
+        {"scope": "no-release", "release": false}
+      ]
+    }],
+    "@semantic-release/changelog",
+    "@semantic-release/release-notes-generator",
+    ["@semantic-release/git", {
+      "assets": ["dist/**"],
+      "message": "chore(release): ${nextRelease.version} [skip ci]\n\n ${nextRelease.notes}"
+    }]
+  ]
+}

package/audit-ci.jsonc

@@ -0,0 +1,7 @@
+{
+  "high": true,
+  "moderate": true,
+  "low": true,
+  "report-type": "summary",
+  "allowlist": ["GHSA-78xj-cgh5-2h22", "GHSA-c2qf-rxjj-qqgw", "GHSA-pp7h-53gx-mx7r", "GHSA-wrw9-m778-g6mc", "GHSA-x6fg-f45m-jf5q"]
+}

package/package.json

@@ -0,0 +1,46 @@
+{
+  "name": "eth-crypto-ts",
+  "version": "0.0.1",
+  "description": "eth-crypto library with typescript",
+  "main": "index.js",
+  "scripts": {
+    "prebuild": "rimraf dist",
+    "build": "rollup --config --sourcemap --validate --bundleConfigAsCjs",
+    "build:prod": "npm run build --compact --environment production",
+    "build:dev": "rollup --config --bundleConfigAsCjs --watch",
+    "test": "NODE_ENV=test jest",
+    "test:watch": "NODE_ENV=test jest --watch",
+    "lint": "eslint",
+    "audit-ci": "audit-ci --config audit-ci.jsonc",
+    "release": "npm publish --access-public"
+  },
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "eccrypto": "^1.1.6",
+    "ethereumjs-util": "^7.1.5",
+    "ethers": "^6.13.1",
+    "secp256k1": "^5.0.0"
+  },
+  "devDependencies": {
+    "@rollup/plugin-commonjs": "^26.0.1",
+    "@rollup/plugin-json": "^6.1.0",
+    "@rollup/plugin-node-resolve": "^15.2.3",
+    "@rollup/plugin-terser": "^0.4.4",
+    "@rollup/plugin-typescript": "^11.1.6",
+    "@types/eccrypto": "^1.1.6",
+    "@types/secp256k1": "^4.0.6",
+    "@types/jest": "^29.5.0",
+    "audit-ci": "^7.0.1",
+    "ts-jest": "^29.1.0",
+    "jest-environment-jsdom": "^29.5.0",
+    "eslint": "^9.5.0",
+    "jest": "^29.7.0",
+    "rimraf": "^5.0.7",
+    "rollup": "^4.18.0",
+    "rollup-plugin-node-builtins": "^2.0.0",
+    "rollup-plugin-node-globals": "^1.4.0",
+    "rollup-plugin-polyfill-node": "^0.13.0",
+    "typescript": "^5.5.2"
+  }
+}

package/rollup.config.js

@@ -0,0 +1,76 @@
+/**
+ * @type {import('rollup').RollupOptions}
+ */
+
+import pkg from './package.json' assert { type: 'json' };
+
+import { defineConfig } from 'rollup';
+import builtins from 'rollup-plugin-node-builtins';
+import commonjs from '@rollup/plugin-commonjs';
+import globals from 'rollup-plugin-node-globals';
+import json from '@rollup/plugin-json';
+import polyfillNode from 'rollup-plugin-polyfill-node';
+import resolve from '@rollup/plugin-node-resolve';
+import terser from '@rollup/plugin-terser';
+import typescript from '@rollup/plugin-typescript';
+
+const isProduction = process.env.NODE_ENV === 'production';
+
+const defaultOutput = {
+  chunkFileNames: 'r/oci-[hash].js',
+  esModule: true,
+  exports: 'auto',
+  generatedCode: 'es5',
+  indent: false,
+  interop: 'compat',
+  sourcemap: 'inline',
+  validate: true,
+};
+
+export default defineConfig({
+  perf: true,
+  logLevel: 'info',
+  input: 'src/index.ts',
+  output: [
+    {
+      file: 'dist/index.cjs.js',
+      format: 'cjs',
+      ...defaultOutput,
+    },
+    {
+      file: 'dist/index.esm.js',
+      format: 'esm',
+      ...defaultOutput,
+    },
+    {
+      file: 'dist/index.js',
+      format: 'module',
+      ...defaultOutput,
+    },
+  ],
+  external: Object.keys(pkg.dependencies),
+  plugins: [
+    builtins(),
+    commonjs({ exclude: ['node_modules/**'] }),
+    globals(),
+    json(),
+    polyfillNode({
+      include: [
+        'assert',
+        'browser',
+        'browserify',
+        'buffer',
+        'Buffer',
+        'crypto',
+        'crypto-browserify',
+        'readable-stream',
+        'stream',
+      ],
+    }),
+    resolve({
+      preferBuiltins: true,
+    }),
+    isProduction && terser(),
+    typescript({ tsconfig: './tsconfig.json' }),
+  ],
+});

package/src/constants/index.ts

@@ -0,0 +1,3 @@
+export const SIGN_PREFIX = '\x19Ethereum Signed Message:\n32';
+
+export const MIN_ENTROPY_SIZE = 128;

package/src/index.ts

@@ -0,0 +1,10 @@
+export * from './lib/cipher';
+export * from './lib/hash';
+export * from './lib/sign';
+export * from './lib/utils'
+export * from './lib/encrypt-with-private-key';
+export * from './lib/decrypt-with-private-key';
+export * from './lib/compress-public-key';
+export * from './lib/decompress-public-key';
+export * from './lib/create-identity';
+export * from './lib/public-key-by-private-key';

package/src/lib/cipher/index.ts

@@ -0,0 +1,46 @@
+import { Encrypted } from '../../types';
+import { compress } from '../compress-public-key';
+import { decompress } from '../decompress-public-key';
+
+interface CipherInterface {
+  stringify(encrypted: Encrypted): string;
+  parse(string: string): Encrypted;
+}
+
+export class Cipher implements CipherInterface {
+  constructor() {}
+
+  stringify(encrypted: Encrypted) {
+    if (typeof encrypted === 'string') return encrypted;
+
+    // use compressed key because it's smaller
+    const compressedKey = compress(encrypted.ephemPublicKey);
+
+    const ret = Buffer.concat([
+      Buffer.from(encrypted.iv, 'hex'), // 16bit
+      Buffer.from(compressedKey, 'hex'), // 33bit
+      Buffer.from(encrypted.mac, 'hex'), // 32bit
+      Buffer.from(encrypted.ciphertext, 'hex'), // var bit
+    ]);
+
+    return ret.toString('hex');
+  }
+
+  parse(str: string): Encrypted {
+    if (typeof str !== 'string') return str;
+
+    const buf = Buffer.from(str, 'hex');
+
+    const ret = {
+      iv: buf.toString('hex', 0, 16),
+      ephemPublicKey: buf.toString('hex', 16, 49),
+      mac: buf.toString('hex', 49, 81),
+      ciphertext: buf.toString('hex', 81, buf.length),
+    };
+
+    // decompress publicKey
+    ret.ephemPublicKey = '04' + decompress(ret.ephemPublicKey);
+
+    return ret;
+  }
+}

package/src/lib/compress-public-key.ts

@@ -0,0 +1,10 @@
+import { publicKeyConvert } from 'secp256k1';
+import { uint8ArrayToHex, hexToUnit8Array } from './utils';
+
+export function compress(startsWith04: any) {
+  // add trailing 04 if not done before
+  const testBuffer = Buffer.from(startsWith04, 'hex');
+  if (testBuffer.length === 64) startsWith04 = '04' + startsWith04;
+
+  return uint8ArrayToHex(publicKeyConvert(hexToUnit8Array(startsWith04), true));
+}

package/src/lib/create-identity.ts

@@ -0,0 +1,41 @@
+import { keccak256, Wallet, concat, randomBytes } from 'ethers';
+import { publicKeyByPrivateKey } from './public-key-by-private-key';
+import { MIN_ENTROPY_SIZE } from '../constants';
+
+/**
+ * create a privateKey from the given entropy or a new one
+ * @param  {Buffer} entropy
+ * @return {string}
+ */
+export function createPrivateKey(entropy?: Buffer) {
+  if (entropy) {
+    if (!Buffer.isBuffer(entropy)) throw new Error('EthCrypto.createPrivateKey(): given entropy is no Buffer');
+    if (Buffer.byteLength(entropy, 'utf8') < MIN_ENTROPY_SIZE)
+      throw new Error('EthCrypto.createPrivateKey(): Entropy-size must be at least ' + MIN_ENTROPY_SIZE);
+
+    const outerHex = keccak256(entropy);
+    return outerHex;
+  } else {
+    const innerHex = keccak256(concat([randomBytes(32), randomBytes(32)]));
+    const middleHex = concat([concat([randomBytes(32), innerHex]), randomBytes(32)]);
+    const outerHex = keccak256(middleHex);
+    return outerHex;
+  }
+}
+
+/**
+ * creates a new object with
+ * private-, public-Key and address
+ * @param {Buffer?} entropy if provided, will use that as single random-source
+ */
+export function createIdentity(entropy?: Buffer) {
+  const privateKey = createPrivateKey(entropy);
+  const wallet = new Wallet(privateKey);
+  const identity = {
+    privateKey: privateKey,
+    publicKey: publicKeyByPrivateKey(privateKey),
+    address: wallet.address,
+  };
+
+  return identity;
+}

package/src/lib/decompress-public-key.ts

@@ -0,0 +1,14 @@
+import { publicKeyConvert } from 'secp256k1';
+import { hexToUnit8Array, uint8ArrayToHex } from './utils';
+
+export function decompress(startsWith02Or03: any) {
+  // if already decompressed an not has trailing 04
+  const testBuffer = Buffer.from(startsWith02Or03, 'hex');
+  if (testBuffer.length === 64) startsWith02Or03 = '04' + startsWith02Or03;
+
+  let decompressed = uint8ArrayToHex(publicKeyConvert(hexToUnit8Array(startsWith02Or03), false));
+
+  // remove trailing 04
+  decompressed = decompressed.substring(2);
+  return decompressed;
+}

package/src/lib/decrypt-with-private-key.ts

@@ -0,0 +1,23 @@
+import { decrypt } from 'eccrypto';
+import { Encrypted } from '../types';
+import { removeLeading0x } from './utils';
+import { Cipher } from './cipher';
+
+export function decryptWithPrivateKey(privateKey: string, encrypted: Encrypted | any) {
+  const cipher = new Cipher();
+
+  // ensuring the encrypted data is in the correct format.
+  encrypted = cipher.parse(encrypted);
+
+  // remove trailing '0x' from privateKey
+  const twoStripped = removeLeading0x(privateKey);
+
+  const encryptedBuffer = {
+    iv: Buffer.from(encrypted.iv, 'hex'),
+    ephemPublicKey: Buffer.from(encrypted.ephemPublicKey, 'hex'),
+    ciphertext: Buffer.from(encrypted.ciphertext, 'hex'),
+    mac: Buffer.from(encrypted.mac, 'hex'),
+  };
+
+  return decrypt(Buffer.from(twoStripped, 'hex'), encryptedBuffer).then((decryptedBuffer) => decryptedBuffer.toString());
+}

package/src/lib/encrypt-with-private-key.ts

@@ -0,0 +1,23 @@
+import { encrypt } from 'eccrypto';
+import { Encrypted, EncryptOptions } from '../types';
+import { decompress } from './decompress-public-key';
+
+export function encryptWithPublicKey(publicKey: string, message: string, options?: EncryptOptions): Promise<Encrypted> {
+
+  // ensure its an uncompressed publicKey
+  publicKey = decompress(publicKey);
+
+  // re-add the compression-flag
+  const pubString = '04' + publicKey;
+
+  return encrypt(Buffer.from(pubString, 'hex'), Buffer.from(message), options ? options : {}).then((encryptedBuffers) => {
+    const encrypted = {
+      iv: encryptedBuffers.iv.toString('hex'),
+      ephemPublicKey: encryptedBuffers.ephemPublicKey.toString('hex'),
+      ciphertext: encryptedBuffers.ciphertext.toString('hex'),
+      mac: encryptedBuffers.mac.toString('hex'),
+    };
+
+    return encrypted;
+  });
+}

package/src/lib/hash/index.ts

@@ -0,0 +1,20 @@
+import { solidityPackedKeccak256 } from "ethers";
+
+export class Hash {
+  constructor() {}
+
+  keccak256(params: any | any[]) {
+    const types = [];
+    const values = [];
+    if (!Array.isArray(params)) {
+      types.push('string');
+      values.push(params);
+    } else {
+      params.forEach((p) => {
+        types.push(p.type);
+        values.push(p.value);
+      });
+    }
+    return solidityPackedKeccak256(types, values);
+  }
+}

package/src/lib/public-key-by-private-key.ts

@@ -0,0 +1,18 @@
+import { privateToPublic, toBuffer } from "ethereumjs-util";
+import { addLeading0x } from "./utils";
+
+type publicKeyByPrivateKeyType = (privateKey: string) => string;
+
+/**
+ * Generate publicKey from the privateKey.
+ * This creates the uncompressed publicKey,
+ * where 04 has stripped from left
+ * @param {string} privateKey
+ * @returns {string}
+ */
+export function publicKeyByPrivateKey(privateKey: string) {
+  privateKey = addLeading0x(privateKey);
+  const publicKeyBuffer = privateToPublic(toBuffer(privateKey));
+
+  return publicKeyBuffer.toString('hex');
+}

package/src/lib/recover-public-key.ts

@@ -0,0 +1,30 @@
+import { ecdsaRecover } from "secp256k1";
+import { hexToUnit8Array, removeLeading0x, uint8ArrayToHex } from "./utils";
+
+/**
+ * returns the publicKey for the privateKey with which the messageHash was signed
+ * @param  {string} signature
+ * @param  {string} hash
+ * @return {string} publicKey
+ */
+export function recoverPublicKey(signature: string, hash: string) {
+  signature = removeLeading0x(signature);
+
+  // split into v-value and sig
+  const sigOnly = signature.substring(0, signature.length - 2); // all but last 2 chars
+  const vValue = signature.slice(-2); // last 2 chars
+
+  const recoveryNumber = vValue === '1c' ? 1 : 0;
+
+  let pubKey = uint8ArrayToHex(ecdsaRecover(
+      hexToUnit8Array(sigOnly),
+      recoveryNumber,
+      hexToUnit8Array(removeLeading0x(hash)),
+      false
+  ));
+
+  // remove trailing '04'
+  pubKey = pubKey.slice(2);
+
+  return pubKey;
+}

package/src/lib/sign.ts

@@ -0,0 +1,24 @@
+import { ecdsaSign as secp256k1_sign } from 'secp256k1';
+import { addLeading0x, removeLeading0x } from './utils';
+
+/**
+ * signs the given message
+ * we do not use sign from eth-lib because the pure secp256k1-version is 90% faster
+ * @param  {string} privateKey
+ * @param  {string} hash
+ * @return {string} hexString
+ */
+export function sign(privateKey: string, hash: string) {
+  hash = addLeading0x(hash);
+  if (hash.length !== 66) throw new Error('EthCrypto.sign(): Can only sign hashes, given: ' + hash);
+
+  const sigObj = secp256k1_sign(
+    new Uint8Array(Buffer.from(removeLeading0x(hash), 'hex')),
+    new Uint8Array(Buffer.from(removeLeading0x(privateKey), 'hex')),
+  );
+
+  const recoveryId = sigObj.recid === 1 ? '1c' : '1b';
+
+  const newSignature = '0x' + Buffer.from(sigObj.signature).toString('hex') + recoveryId;
+  return newSignature;
+}

package/src/lib/utils.ts

@@ -0,0 +1,19 @@
+export function removeLeading0x(str: string) {
+  if (str.startsWith('0x'))
+      return str.substring(2);
+  else return str;
+}
+
+export function addLeading0x(str: string) {
+  if (!str.startsWith('0x'))
+      return '0x' + str;
+  else return str;
+}
+
+export function uint8ArrayToHex(arr: any[] | Uint8Array) {
+  return Buffer.from(arr).toString('hex');
+}
+
+export function hexToUnit8Array(str: string) {
+  return new Uint8Array(Buffer.from(str, 'hex'));
+}

package/src/types/index.ts

@@ -0,0 +1,11 @@
+export type Encrypted = {
+  iv: string,
+  ephemPublicKey: string,
+  ciphertext: string,
+  mac: string
+};
+
+export type EncryptOptions = {
+  iv?: Buffer,
+  ephemPrivateKey?: Buffer
+};

package/tsconfig.json

@@ -0,0 +1,25 @@
+{
+  "preventAssignment": true,
+  "include": ["src", "src/types"],
+  "exclude": ["node_modules", "**/*spec.ts", "**/*test.ts", "/test", "/tests", "test", "**/*__mocks__/*"],
+  "compilerOptions": {
+    "target": "ESNext",
+    "moduleResolution": "node", // use Node's module resolution algorithm, instead of the legacy TS one
+    "module": "esnext",
+    "lib": ["dom", "esnext"],
+    "rootDir": "./src",
+    "baseUrl": "./",
+    "outDir": "./dist",
+    "sourceMap": true,
+    "declaration": true, // output .d.ts declaration files for consumers
+    "allowJs": true,
+    "importHelpers": true,
+    "strict": true, // stricter type-checking for stronger correctness. Recommended by TS
+    "noImplicitReturns": true, // linter checks for common issues
+    "noFallthroughCasesInSwitch": true,
+    "noUnusedParameters": true,
+    "esModuleInterop": true, // interop between ESM and CJS modules. Recommended by TS
+    "skipLibCheck": true, // significant perf increase by skipping checking .d.ts files, particularly those in node_modules. Recommended by TS
+    "forceConsistentCasingInFileNames": true // error out if import and file system have a casing mismatch. Recommended by TS
+  }
+}