Merge pull request #680 from xmtp/rygine/encryption-module

Create shared encryption module

.github/workflows/encryption.yml

@@ -0,0 +1,92 @@
+name: Encryption
+
+on:
+  push:
+    branches:
+      - main
+
+  pull_request:
+    paths:
+      - "shared/encryption/**"
+      - ".github/workflows/encryption.yml"
+      - ".node-version"
+      - ".nvmrc"
+      - ".yarnrc.yml"
+      - "turbo.json"
+
+jobs:
+  typecheck:
+    name: Typecheck
+    runs-on: warp-ubuntu-latest-x64-8x
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: ".nvmrc"
+          cache: "yarn"
+        env:
+          SKIP_YARN_COREPACK_CHECK: "1"
+      - name: Enable corepack
+        run: corepack enable
+      - name: Install dependencies
+        run: yarn
+      - name: Typecheck
+        run: yarn turbo run typecheck --filter='./shared/encryption'
+
+  lint:
+    name: Lint
+    runs-on: warp-ubuntu-latest-x64-8x
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: ".nvmrc"
+          cache: "yarn"
+        env:
+          SKIP_YARN_COREPACK_CHECK: "1"
+      - name: Enable corepack
+        run: corepack enable
+      - name: Install dependencies
+        run: yarn
+      - name: Lint
+        run: yarn turbo run lint --filter='./shared/encryption'
+
+  test:
+    name: Test
+    runs-on: warp-ubuntu-latest-x64-8x
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: ".nvmrc"
+          cache: "yarn"
+        env:
+          SKIP_YARN_COREPACK_CHECK: "1"
+      - name: Enable corepack
+        run: corepack enable
+      - name: Install dependencies
+        run: yarn
+      - name: Start dev environment
+        run: ./dev/up
+      - name: Sleep for 5 seconds
+        run: sleep 5s
+      - name: Run tests
+        run: yarn turbo run test --filter='./shared/encryption'
+
+  build:
+    name: Build
+    runs-on: warp-ubuntu-latest-x64-8x
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: ".nvmrc"
+          cache: "yarn"
+        env:
+          SKIP_YARN_COREPACK_CHECK: "1"
+      - name: Enable corepack
+        run: corepack enable
+      - name: Install dependencies
+        run: yarn
+      - name: Build
+        run: yarn turbo run build --filter='./shared/encryption'

content-types/content-type-remote-attachment/package.json

@@ -66,10 +66,11 @@
   "dependencies": {
     "@noble/secp256k1": "^1.7.1",
     "@xmtp/content-type-primitives": "^1.0.1",
-    "@xmtp/proto": "^3.61.1",
-    "@xmtp/xmtp-js": "^11.6.3"
+    "@xmtp/encryption": "workspace:*",
+    "@xmtp/proto": "^3.61.1"
   },
   "devDependencies": {
+    "@rollup/plugin-node-resolve": "^15.3.0",
     "@rollup/plugin-terser": "^0.4.4",
     "@rollup/plugin-typescript": "^12.1.0",
     "@types/node": "^18.19.22",

content-types/content-type-remote-attachment/rollup.config.js

@@ -1,3 +1,4 @@
+import { nodeResolve } from "@rollup/plugin-node-resolve";
 import terser from "@rollup/plugin-terser";
 import typescript from "@rollup/plugin-typescript";
 import { resolveExtensions } from "@xmtp/rollup-plugin-resolve-extensions";
@@ -13,13 +14,15 @@ const plugins = [
   filesize({
     showMinifiedSize: false,
   }),
+  nodeResolve({
+    resolveOnly: ["@xmtp/encryption"],
+  }),
 ];
 
 const external = [
   "@noble/secp256k1",
-  "@xmtp/proto",
   "@xmtp/content-type-primitives",
-  "@xmtp/xmtp-js",
+  "@xmtp/proto",
   "node:crypto",
 ];
 

content-types/content-type-remote-attachment/src/RemoteAttachment.ts

@@ -5,9 +5,8 @@ import {
   type ContentCodec,
   type EncodedContent,
 } from "@xmtp/content-type-primitives";
+import { Ciphertext, crypto, decrypt, encrypt } from "@xmtp/encryption";
 import { content as proto } from "@xmtp/proto";
-import { Ciphertext, decrypt, encrypt } from "@xmtp/xmtp-js";
-import { crypto } from "./encryption";
 
 export const ContentTypeRemoteAttachment = new ContentTypeId({
   authorityId: "xmtp.org",

sdks/js-sdk/bench/helpers.ts

@@ -1,7 +1,7 @@
+import { crypto } from "@xmtp/encryption";
 import type Benchmark from "benchmark";
 import { cycle, save, suite } from "benny";
 import type { Config } from "benny/lib/internal/common-types";
-import crypto from "@/crypto/crypto";
 import { PrivateKeyBundleV1 } from "@/crypto/PrivateKeyBundle";
 import { newWallet } from "@test/helpers";
 

sdks/js-sdk/package.json

@@ -98,6 +98,7 @@
     "@xmtp/consent-proof-signature": "^0.1.3",
     "@xmtp/content-type-primitives": "^1.0.1",
     "@xmtp/content-type-text": "^1.0.0",
+    "@xmtp/encryption": "workspace:*",
     "@xmtp/proto": "^3.68.0",
     "@xmtp/user-preferences-bindings-wasm": "^0.3.6",
     "async-mutex": "^0.5.0",
@@ -108,6 +109,7 @@
   "devDependencies": {
     "@metamask/providers": "^17.1.1",
     "@rollup/plugin-json": "^6.1.0",
+    "@rollup/plugin-node-resolve": "^15.3.0",
     "@rollup/plugin-terser": "^0.4.4",
     "@rollup/plugin-typescript": "^12.1.0",
     "@types/benchmark": "^2.1.5",

sdks/js-sdk/rollup.config.js

@@ -1,4 +1,5 @@
 import json from "@rollup/plugin-json";
+import { nodeResolve } from "@rollup/plugin-node-resolve";
 import terser from "@rollup/plugin-terser";
 import typescript from "@rollup/plugin-typescript";
 import { resolveExtensions } from "@xmtp/rollup-plugin-resolve-extensions";
@@ -35,6 +36,9 @@ const plugins = [
   json({
     preferConst: true,
   }),
+  nodeResolve({
+    resolveOnly: ["@xmtp/encryption"],
+  }),
 ];
 
 export default defineConfig([

sdks/js-sdk/src/Invitation.ts

@@ -1,10 +1,8 @@
+import { Ciphertext, crypto, decrypt, encrypt } from "@xmtp/encryption";
 import { invitation, type messageApi } from "@xmtp/proto";
 import Long from "long";
 import { dateToNs } from "@/utils/date";
 import { buildDirectMessageTopicV2 } from "@/utils/topic";
-import Ciphertext from "./crypto/Ciphertext";
-import crypto from "./crypto/crypto";
-import { decrypt, encrypt } from "./crypto/encryption";
 import type { PrivateKeyBundleV2 } from "./crypto/PrivateKeyBundle";
 import { SignedPublicKeyBundle } from "./crypto/PublicKeyBundle";
 

sdks/js-sdk/src/Message.ts

@@ -1,4 +1,5 @@
 import type { ContentTypeId } from "@xmtp/content-type-primitives";
+import { Ciphertext, sha256 } from "@xmtp/encryption";
 import { message as proto, type conversationReference } from "@xmtp/proto";
 import Long from "long";
 import { PublicKey } from "@/crypto/PublicKey";
@@ -9,8 +10,6 @@ import {
   ConversationV2,
   type Conversation,
 } from "./conversations/Conversation";
-import Ciphertext from "./crypto/Ciphertext";
-import { sha256 } from "./crypto/encryption";
 import { bytesToHex } from "./crypto/utils";
 import type { KeystoreInterfaces } from "./keystore/rpcDefinitions";
 import { dateToNs, nsToDate } from "./utils/date";

sdks/js-sdk/src/PreparedMessage.ts

@@ -1,5 +1,5 @@
+import { sha256 } from "@xmtp/encryption";
 import type { Envelope } from "@xmtp/proto/ts/dist/types/message_api/v1/message_api.pb";
-import { sha256 } from "./crypto/encryption";
 import { bytesToHex } from "./crypto/utils";
 import type { DecodedMessage } from "./Message";
 

sdks/js-sdk/src/conversations/Conversation.ts

@@ -1,4 +1,5 @@
 import { ContentTypeText } from "@xmtp/content-type-text";
+import { sha256 } from "@xmtp/encryption";
 import {
   message,
   content as proto,
@@ -15,7 +16,6 @@ import type {
 } from "@/Client";
 import type Client from "@/Client";
 import type { ConsentState } from "@/Contacts";
-import { sha256 } from "@/crypto/encryption";
 import { SignedPublicKey } from "@/crypto/PublicKey";
 import {
   PublicKeyBundle,

sdks/js-sdk/src/crypto/PrivateKey.ts

@@ -1,8 +1,7 @@
 import * as secp from "@noble/secp256k1";
+import { decrypt, encrypt, sha256, type Ciphertext } from "@xmtp/encryption";
 import { privateKey } from "@xmtp/proto";
 import Long from "long";
-import type Ciphertext from "./Ciphertext";
-import { decrypt, encrypt, sha256 } from "./encryption";
 import { PublicKey, SignedPublicKey, UnsignedPublicKey } from "./PublicKey";
 import Signature, {
   ecdsaSignerKey,

sdks/js-sdk/src/crypto/PublicKey.ts

@@ -1,9 +1,9 @@
 import * as secp from "@noble/secp256k1";
+import { sha256 } from "@xmtp/encryption";
 import { publicKey } from "@xmtp/proto";
 import Long from "long";
 import { hashMessage, hexToBytes, type Hex } from "viem";
 import type { Signer } from "@/types/Signer";
-import { sha256 } from "./encryption";
 import Signature, { WalletSigner } from "./Signature";
 import { computeAddress, equalBytes, splitSignature } from "./utils";
 

sdks/js-sdk/src/crypto/SignedEciesCiphertext.ts

@@ -1,5 +1,5 @@
+import { sha256 } from "@xmtp/encryption";
 import { ciphertext } from "@xmtp/proto";
-import { sha256 } from "./encryption";
 import type { PrivateKey, SignedPrivateKey } from "./PrivateKey";
 import type { PublicKey, SignedPublicKey } from "./PublicKey";
 import Signature from "./Signature";

sdks/js-sdk/src/crypto/ecies.ts

@@ -3,8 +3,8 @@
  * `elliptic` is a CommonJS module and has issues with named imports
  * DO NOT CHANGE THIS TO A NAMED IMPORT
  */
+import { crypto } from "@xmtp/encryption";
 import elliptic from "elliptic";
-import crypto from "./crypto";
 
 const EC = elliptic.ec;
 const ec = new EC("secp256k1");

sdks/js-sdk/src/index.ts

@@ -6,7 +6,7 @@ export {
   PrivateKeyBundleV1,
   PrivateKeyBundleV2,
 } from "./crypto/PrivateKeyBundle";
-export { default as Ciphertext } from "./crypto/Ciphertext";
+export { Ciphertext } from "@xmtp/encryption";
 export { PublicKey, SignedPublicKey } from "./crypto/PublicKey";
 export {
   PublicKeyBundle,
@@ -21,7 +21,7 @@ export {
   hkdfHmacKey,
   importHmacKey,
   verifyHmacSignature,
-} from "./crypto/encryption";
+} from "@xmtp/encryption";
 export { default as Stream } from "./Stream";
 export type { Signer } from "./types/Signer";
 export type {

sdks/js-sdk/src/keystore/InMemoryKeystore.ts

@@ -1,3 +1,9 @@
+import {
+  crypto,
+  exportHmacKey,
+  generateHmacSignature,
+  hkdfHmacKey,
+} from "@xmtp/encryption";
 import {
   keystore,
   privatePreferences,
@@ -8,13 +14,7 @@ import {
 import Long from "long";
 import type { PublishParams } from "@/ApiClient";
 import LocalAuthenticator from "@/authn/LocalAuthenticator";
-import crypto from "@/crypto/crypto";
 import { hmacSha256Sign } from "@/crypto/ecies";
-import {
-  exportHmacKey,
-  generateHmacSignature,
-  hkdfHmacKey,
-} from "@/crypto/encryption";
 import type { PrivateKey } from "@/crypto/PrivateKey";
 import {
   PrivateKeyBundleV2,

sdks/js-sdk/src/keystore/encryption.ts

@@ -1,5 +1,5 @@
+import { decrypt, encrypt } from "@xmtp/encryption";
 import type { ciphertext } from "@xmtp/proto";
-import { decrypt, encrypt } from "@/crypto/encryption";
 import type { PrivateKeyBundleV1 } from "@/crypto/PrivateKeyBundle";
 import type { PublicKeyBundle } from "@/crypto/PublicKeyBundle";
 

sdks/js-sdk/src/keystore/providers/NetworkKeyManager.ts

@@ -1,10 +1,8 @@
+import { Ciphertext, crypto, decrypt, encrypt } from "@xmtp/encryption";
 import { privateKey as proto } from "@xmtp/proto";
 import { getAddress, hexToBytes, verifyMessage, type Hex } from "viem";
 import LocalAuthenticator from "@/authn/LocalAuthenticator";
 import type { PreEventCallback } from "@/Client";
-import Ciphertext from "@/crypto/Ciphertext";
-import crypto from "@/crypto/crypto";
-import { decrypt, encrypt } from "@/crypto/encryption";
 import {
   decodePrivateKeyBundle,
   PrivateKeyBundleV1,

sdks/js-sdk/test/Invitation.test.ts

@@ -1,6 +1,5 @@
+import { Ciphertext, crypto } from "@xmtp/encryption";
 import Long from "long";
-import Ciphertext from "@/crypto/Ciphertext";
-import crypto from "@/crypto/crypto";
 import { NoMatchingPreKeyError } from "@/crypto/errors";
 import { PrivateKeyBundleV2 } from "@/crypto/PrivateKeyBundle";
 import {

sdks/js-sdk/test/Message.test.ts

@@ -1,11 +1,11 @@
 import { ContentTypeText } from "@xmtp/content-type-text";
+import { sha256 } from "@xmtp/encryption";
 import type { Wallet } from "ethers";
 import { createWalletClient, http } from "viem";
 import { generatePrivateKey, privateKeyToAccount } from "viem/accounts";
 import { mainnet } from "viem/chains";
 import Client from "@/Client";
 import { ConversationV1 } from "@/conversations/Conversation";
-import { sha256 } from "@/crypto/encryption";
 import { PrivateKeyBundleV1 } from "@/crypto/PrivateKeyBundle";
 import { bytesToHex, equalBytes } from "@/crypto/utils";
 import { KeystoreError } from "@/keystore/errors";

sdks/js-sdk/test/crypto/SignedEciesCiphertext.test.ts

@@ -1,4 +1,4 @@
-import crypto from "@/crypto/crypto";
+import { crypto } from "@xmtp/encryption";
 import { encrypt, getPublic } from "@/crypto/ecies";
 import { PrivateKeyBundleV1 } from "@/crypto/PrivateKeyBundle";
 import SignedEciesCiphertext from "@/crypto/SignedEciesCiphertext";

sdks/js-sdk/test/crypto/index.test.ts

@@ -1,6 +1,5 @@
+import { crypto, decrypt, encrypt } from "@xmtp/encryption";
 import { assert } from "vitest";
-import crypto from "@/crypto/crypto";
-import { decrypt, encrypt } from "@/crypto/encryption";
 import { PrivateKey } from "@/crypto/PrivateKey";
 import { PrivateKeyBundleV1 } from "@/crypto/PrivateKeyBundle";
 import { PublicKeyBundle } from "@/crypto/PublicKeyBundle";

sdks/js-sdk/test/keystore/InMemoryKeystore.test.ts

@@ -1,15 +1,15 @@
+import {
+  generateHmacSignature,
+  hkdfHmacKey,
+  importHmacKey,
+  verifyHmacSignature,
+} from "@xmtp/encryption";
 import { keystore, privateKey } from "@xmtp/proto";
 import type { CreateInviteResponse } from "@xmtp/proto/ts/dist/types/keystore_api/v1/keystore.pb";
 import Long from "long";
 import { toBytes } from "viem";
 import { assert } from "vitest";
 import Token from "@/authn/Token";
-import {
-  generateHmacSignature,
-  hkdfHmacKey,
-  importHmacKey,
-  verifyHmacSignature,
-} from "@/crypto/encryption";
 import {
   PrivateKeyBundleV1,
   PrivateKeyBundleV2,