Merge pull request #685 from xmtp/rygine/fix-encryption

Fix encryption dependency

.changeset/sweet-coins-jump.md

@@ -0,0 +1,6 @@
+---
+"@xmtp/content-type-remote-attachment": patch
+"@xmtp/xmtp-js": patch
+---
+
+Fix encryption dependency

content-types/content-type-remote-attachment/package.json

@@ -65,11 +65,9 @@
   "dependencies": {
     "@noble/secp256k1": "^1.7.1",
     "@xmtp/content-type-primitives": "^1.0.2",
-    "@xmtp/encryption": "workspace:*",
     "@xmtp/proto": "^3.61.1"
   },
   "devDependencies": {
-    "@rollup/plugin-node-resolve": "^15.3.0",
     "@rollup/plugin-terser": "^0.4.4",
     "@rollup/plugin-typescript": "^12.1.1",
     "@types/node": "^20.16.11",

content-types/content-type-remote-attachment/rollup.config.js

@@ -1,4 +1,3 @@
-import { nodeResolve } from "@rollup/plugin-node-resolve";
 import terser from "@rollup/plugin-terser";
 import typescript from "@rollup/plugin-typescript";
 import { resolveExtensions } from "@xmtp/rollup-plugin-resolve-extensions";
@@ -14,9 +13,6 @@ const plugins = [
   filesize({
     showMinifiedSize: false,
   }),
-  nodeResolve({
-    resolveOnly: ["@xmtp/encryption"],
-  }),
 ];
 
 const external = [

content-types/content-type-remote-attachment/src/RemoteAttachment.ts

@@ -5,8 +5,8 @@ import {
   type ContentCodec,
   type EncodedContent,
 } from "@xmtp/content-type-primitives";
-import { Ciphertext, crypto, decrypt, encrypt } from "@xmtp/encryption";
 import { content as proto } from "@xmtp/proto";
+import { Ciphertext, crypto, decrypt, encrypt } from "./encryption";
 
 export const ContentTypeRemoteAttachment = new ContentTypeId({
   authorityId: "xmtp.org",

shared/encryption/src/encryption.ts → content-types/content-type-remote-attachment/src/encryption/encryption.ts

@@ -1,6 +1,6 @@
 import type { ciphertext } from "@xmtp/proto";
-import Ciphertext, { AESGCMNonceSize, KDFSaltSize } from "@/Ciphertext";
-import crypto from "@/crypto";
+import Ciphertext, { AESGCMNonceSize, KDFSaltSize } from "./Ciphertext";
+import crypto from "./crypto";
 
 const hkdfNoInfo = new Uint8Array().buffer;
 const hkdfNoSalt = new Uint8Array().buffer;

eslint.config.js

@@ -82,7 +82,7 @@ export default tseslint.config(
         {
           selector: "ImportDeclaration[source.value=/^(node:)?crypto$/]",
           message:
-            "Do not import directly from `crypto`, use `@xmtp/encryption` instead.",
+            "Do not import directly from `crypto`, use `@/encryption` instead.",
         },
       ],
     },

sdks/js-sdk/bench/helpers.ts

@@ -1,8 +1,8 @@
-import { crypto } from "@xmtp/encryption";
 import type Benchmark from "benchmark";
 import { cycle, save, suite } from "benny";
 import type { Config } from "benny/lib/internal/common-types";
 import { PrivateKeyBundleV1 } from "@/crypto/PrivateKeyBundle";
+import { crypto } from "@/encryption";
 import { newWallet } from "@test/helpers";
 
 const MAX_RANDOM_BYTES_SIZE = 65536;

sdks/js-sdk/package.json

@@ -97,7 +97,6 @@
     "@xmtp/consent-proof-signature": "^0.1.3",
     "@xmtp/content-type-primitives": "^1.0.1",
     "@xmtp/content-type-text": "^1.0.0",
-    "@xmtp/encryption": "workspace:*",
     "@xmtp/proto": "^3.68.0",
     "@xmtp/user-preferences-bindings-wasm": "^0.3.6",
     "async-mutex": "^0.5.0",
@@ -108,7 +107,6 @@
   "devDependencies": {
     "@metamask/providers": "^17.1.1",
     "@rollup/plugin-json": "^6.1.0",
-    "@rollup/plugin-node-resolve": "^15.3.0",
     "@rollup/plugin-terser": "^0.4.4",
     "@rollup/plugin-typescript": "^12.1.1",
     "@types/benchmark": "^2.1.5",

sdks/js-sdk/rollup.config.js

@@ -1,5 +1,4 @@
 import json from "@rollup/plugin-json";
-import { nodeResolve } from "@rollup/plugin-node-resolve";
 import terser from "@rollup/plugin-terser";
 import typescript from "@rollup/plugin-typescript";
 import { resolveExtensions } from "@xmtp/rollup-plugin-resolve-extensions";
@@ -36,9 +35,6 @@ const plugins = [
   json({
     preferConst: true,
   }),
-  nodeResolve({
-    resolveOnly: ["@xmtp/encryption"],
-  }),
 ];
 
 export default defineConfig([

sdks/js-sdk/src/Invitation.ts

@@ -1,6 +1,6 @@
-import { Ciphertext, crypto, decrypt, encrypt } from "@xmtp/encryption";
 import { invitation, type messageApi } from "@xmtp/proto";
 import Long from "long";
+import { Ciphertext, crypto, decrypt, encrypt } from "@/encryption";
 import { dateToNs } from "@/utils/date";
 import { buildDirectMessageTopicV2 } from "@/utils/topic";
 import type { PrivateKeyBundleV2 } from "./crypto/PrivateKeyBundle";

sdks/js-sdk/src/Message.ts

@@ -1,9 +1,9 @@
 import type { ContentTypeId } from "@xmtp/content-type-primitives";
-import { Ciphertext, sha256 } from "@xmtp/encryption";
 import { message as proto, type conversationReference } from "@xmtp/proto";
 import Long from "long";
 import { PublicKey } from "@/crypto/PublicKey";
 import { PublicKeyBundle } from "@/crypto/PublicKeyBundle";
+import { Ciphertext, sha256 } from "@/encryption";
 import type Client from "./Client";
 import {
   ConversationV1,

sdks/js-sdk/src/PreparedMessage.ts

@@ -1,5 +1,5 @@
-import { sha256 } from "@xmtp/encryption";
 import type { Envelope } from "@xmtp/proto/ts/dist/types/message_api/v1/message_api.pb";
+import { sha256 } from "@/encryption";
 import { bytesToHex } from "./crypto/utils";
 import type { DecodedMessage } from "./Message";
 

sdks/js-sdk/src/conversations/Conversation.ts

@@ -1,5 +1,4 @@
 import { ContentTypeText } from "@xmtp/content-type-text";
-import { sha256 } from "@xmtp/encryption";
 import {
   message,
   content as proto,
@@ -22,6 +21,7 @@ import {
   SignedPublicKeyBundle,
 } from "@/crypto/PublicKeyBundle";
 import Signature from "@/crypto/Signature";
+import { sha256 } from "@/encryption";
 import type { InvitationContext } from "@/Invitation";
 import { DecodedMessage, MessageV1, MessageV2 } from "@/Message";
 import { PreparedMessage } from "@/PreparedMessage";

sdks/js-sdk/src/crypto/PrivateKey.ts

@@ -1,7 +1,7 @@
 import * as secp from "@noble/secp256k1";
-import { decrypt, encrypt, sha256, type Ciphertext } from "@xmtp/encryption";
 import { privateKey } from "@xmtp/proto";
 import Long from "long";
+import { decrypt, encrypt, sha256, type Ciphertext } from "@/encryption";
 import { PublicKey, SignedPublicKey, UnsignedPublicKey } from "./PublicKey";
 import Signature, {
   ecdsaSignerKey,

sdks/js-sdk/src/crypto/PublicKey.ts

@@ -1,8 +1,8 @@
 import * as secp from "@noble/secp256k1";
-import { sha256 } from "@xmtp/encryption";
 import { publicKey } from "@xmtp/proto";
 import Long from "long";
 import { hashMessage, hexToBytes, type Hex } from "viem";
+import { sha256 } from "@/encryption";
 import type { Signer } from "@/types/Signer";
 import Signature, { WalletSigner } from "./Signature";
 import { computeAddress, equalBytes, splitSignature } from "./utils";

sdks/js-sdk/src/crypto/SignedEciesCiphertext.ts

@@ -1,5 +1,5 @@
-import { sha256 } from "@xmtp/encryption";
 import { ciphertext } from "@xmtp/proto";
+import { sha256 } from "@/encryption";
 import type { PrivateKey, SignedPrivateKey } from "./PrivateKey";
 import type { PublicKey, SignedPublicKey } from "./PublicKey";
 import Signature from "./Signature";

sdks/js-sdk/src/crypto/ecies.ts

@@ -3,8 +3,8 @@
  * `elliptic` is a CommonJS module and has issues with named imports
  * DO NOT CHANGE THIS TO A NAMED IMPORT
  */
-import { crypto } from "@xmtp/encryption";
 import elliptic from "elliptic";
+import { crypto } from "@/encryption";
 
 const EC = elliptic.ec;
 const ec = new EC("secp256k1");

sdks/js-sdk/src/encryption/Ciphertext.ts

@@ -0,0 +1,43 @@
+import { ciphertext } from "@xmtp/proto";
+
+export const AESKeySize = 32; // bytes
+export const KDFSaltSize = 32; // bytes
+// AES-GCM defaults from https://developer.mozilla.org/en-US/docs/Web/API/AesGcmParams
+export const AESGCMNonceSize = 12; // property iv
+export const AESGCMTagLength = 16; // property tagLength
+
+// Ciphertext packages the encrypted ciphertext with the salt and nonce used to produce it.
+// salt and nonce are not secret, and should be transmitted/stored along with the encrypted ciphertext.
+export default class Ciphertext implements ciphertext.Ciphertext {
+  aes256GcmHkdfSha256: ciphertext.Ciphertext_Aes256gcmHkdfsha256 | undefined;
+
+  constructor(obj: ciphertext.Ciphertext) {
+    if (!obj.aes256GcmHkdfSha256) {
+      throw new Error("invalid ciphertext");
+    }
+    if (obj.aes256GcmHkdfSha256.payload.length < AESGCMTagLength) {
+      throw new Error(
+        `invalid ciphertext ciphertext length: ${obj.aes256GcmHkdfSha256.payload.length}`,
+      );
+    }
+    if (obj.aes256GcmHkdfSha256.hkdfSalt.length !== KDFSaltSize) {
+      throw new Error(
+        `invalid ciphertext salt length: ${obj.aes256GcmHkdfSha256.hkdfSalt.length}`,
+      );
+    }
+    if (obj.aes256GcmHkdfSha256.gcmNonce.length !== AESGCMNonceSize) {
+      throw new Error(
+        `invalid ciphertext nonce length: ${obj.aes256GcmHkdfSha256.gcmNonce.length}`,
+      );
+    }
+    this.aes256GcmHkdfSha256 = obj.aes256GcmHkdfSha256;
+  }
+
+  toBytes(): Uint8Array {
+    return ciphertext.Ciphertext.encode(this).finish();
+  }
+
+  static fromBytes(bytes: Uint8Array): Ciphertext {
+    return new Ciphertext(ciphertext.Ciphertext.decode(bytes));
+  }
+}

sdks/js-sdk/src/encryption/crypto.browser.ts

@@ -0,0 +1,5 @@
+/***********************************************************************************************
+ * DO NOT IMPORT THIS FILE DIRECTLY
+ ***********************************************************************************************/
+const crypto = window.crypto;
+export default crypto;

sdks/js-sdk/src/encryption/crypto.ts

@@ -0,0 +1,4 @@
+import { webcrypto } from "node:crypto";
+
+const crypto = webcrypto;
+export default crypto;