Merge pull request #7310 from LiskHQ/6710-update-crypto-structure

Update exposed crypto structure - Closes #6710

commander/src/bootstrapping/commands/account/create.ts

@@ -30,11 +30,13 @@ interface AccountInfo {
 
 const createAccount = (prefix: string): AccountInfo => {
 	const generatedPassphrase = passphrase.Mnemonic.generateMnemonic();
-	const { privateKey, publicKey } = cryptography.getKeys(generatedPassphrase);
-	const blsPrivateKey = cryptography.generatePrivateKey(Buffer.from(generatedPassphrase, 'utf-8'));
-	const blsPublicKey = cryptography.getPublicKeyFromPrivateKey(blsPrivateKey);
-	const binaryAddress = cryptography.getAddressFromPublicKey(publicKey);
-	const address = cryptography.getLisk32AddressFromPublicKey(publicKey, prefix);
+	const { privateKey, publicKey } = cryptography.ed.getKeys(generatedPassphrase);
+	const blsPrivateKey = cryptography.bls.generatePrivateKey(
+		Buffer.from(generatedPassphrase, 'utf-8'),
+	);
+	const blsPublicKey = cryptography.bls.getPublicKeyFromPrivateKey(blsPrivateKey);
+	const binaryAddress = cryptography.address.getAddressFromPublicKey(publicKey);
+	const address = cryptography.address.getLisk32AddressFromPublicKey(publicKey, prefix);
 
 	return {
 		passphrase: generatedPassphrase,

commander/src/bootstrapping/commands/account/validate.ts

@@ -39,8 +39,10 @@ export class ValidateCommand extends Command {
 
 		try {
 			// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
-			cryptography.validateLisk32Address(address, this.config.pjson.lisk.addressPrefix);
-			const binaryAddress = cryptography.getAddressFromLisk32Address(address).toString('hex');
+			cryptography.address.validateLisk32Address(address, this.config.pjson.lisk.addressPrefix);
+			const binaryAddress = cryptography.address
+				.getAddressFromLisk32Address(address)
+				.toString('hex');
 
 			// eslint-disable-next-line @typescript-eslint/restrict-template-expressions
 			this.log(

commander/src/bootstrapping/commands/blskey/create.ts

@@ -25,8 +25,8 @@ interface BlsKey {
 }
 
 const createBlsKey = (passphrase: string): BlsKey => {
-	const blsPrivateKey = cryptography.generatePrivateKey(Buffer.from(passphrase, 'utf-8'));
-	const blsPublicKey = cryptography.getPublicKeyFromPrivateKey(blsPrivateKey);
+	const blsPrivateKey = cryptography.bls.generatePrivateKey(Buffer.from(passphrase, 'utf-8'));
+	const blsPublicKey = cryptography.bls.getPublicKeyFromPrivateKey(blsPrivateKey);
 
 	return {
 		blsPrivateKey: blsPrivateKey.toString('hex'),

commander/src/bootstrapping/commands/forging/config.ts

@@ -74,14 +74,14 @@ export class ConfigCommand extends Command {
 			fs.ensureDirSync(dir);
 		}
 
-		const seed = cryptography.generateHashOnionSeed();
+		const seed = cryptography.utils.generateHashOnionSeed();
 
-		const hashBuffers = cryptography.hashOnion(seed, count, distance);
+		const hashBuffers = cryptography.utils.hashOnion(seed, count, distance);
 		const hashes = hashBuffers.map(buf => buf.toString('hex'));
 		const hashOnion = { count, distance, hashes };
 
 		const passphrase = passphraseSource ?? (await getPassphraseFromPrompt('passphrase', true));
-		const address = cryptography.getAddressFromPassphrase(passphrase).toString('hex');
+		const address = cryptography.address.getAddressFromPassphrase(passphrase).toString('hex');
 		const password = passwordSource ?? (await getPasswordFromPrompt('password', true));
 		const { encryptedPassphrase } = await encryptPassphrase(passphrase, password, false);
 		const message = { address, encryptedPassphrase, hashOnion };

commander/src/bootstrapping/commands/genesis-block/create.ts

@@ -229,22 +229,22 @@ export abstract class BaseGenesisBlockCommand extends Command {
 			width: 20,
 			total: validators - 1,
 		});
-		const onionSeed = cryptography.generateHashOnionSeed();
+		const onionSeed = cryptography.utils.generateHashOnionSeed();
 		const password = createMnemonicPassphrase();
 		const passwordList = { defaultPassword: password };
 		const generatorInfo = validatorList.map(async (val, index) => {
-			const encryptedPassphrase = await cryptography.encryptPassphraseWithPassword(
+			const encryptedPassphrase = await cryptography.encrypt.encryptPassphraseWithPassword(
 				val.passphrase,
 				password,
 				{ kdfparams: { iterations: validatorsPassphraseEncryptionIterations } },
 			);
 			const info = {
 				// TODO: use a better password, user sourced using flag
-				encryptedPassphrase: cryptography.stringifyEncryptedPassphrase(encryptedPassphrase),
+				encryptedPassphrase: cryptography.encrypt.stringifyEncryptedPassphrase(encryptedPassphrase),
 				hashOnion: {
 					count: validatorsHashOnionCount,
 					distance: validatorsHashOnionDistance,
-					hashes: cryptography
+					hashes: cryptography.utils
 						.hashOnion(onionSeed, validatorsHashOnionCount, validatorsHashOnionDistance)
 						.map(buf => buf.toString('hex')),
 				},

commander/src/bootstrapping/commands/hash-onion.ts

@@ -64,9 +64,9 @@ export class HashOnionCommand extends Command {
 			fs.ensureDirSync(dir);
 		}
 
-		const seed = cryptography.generateHashOnionSeed();
+		const seed = cryptography.utils.generateHashOnionSeed();
 
-		const hashBuffers = cryptography.hashOnion(seed, count, distance);
+		const hashBuffers = cryptography.utils.hashOnion(seed, count, distance);
 		const hashes = hashBuffers.map(buf => buf.toString('hex'));
 
 		const result = { count, distance, hashes };

commander/src/bootstrapping/commands/passphrase/decrypt.ts

@@ -25,8 +25,10 @@ const processInputs = async (
 	password: string,
 	encryptedPassphrase: string,
 ): Promise<Record<string, string>> => {
-	const encryptedPassphraseObject = cryptography.parseEncryptedPassphrase(encryptedPassphrase);
-	const passphrase = await cryptography.decryptPassphraseWithPassword(
+	const encryptedPassphraseObject = cryptography.encrypt.parseEncryptedPassphrase(
+		encryptedPassphrase,
+	);
+	const passphrase = await cryptography.encrypt.decryptPassphraseWithPassword(
 		encryptedPassphraseObject as never,
 		password,
 	);

commander/src/bootstrapping/commands/transaction/create.ts

@@ -71,8 +71,8 @@ interface Transaction {
 const getParamsObject = async (metadata: ModuleMetadataJSON[], flags: CreateFlags, args: Args) => {
 	const paramsSchema = getParamsSchema(
 		metadata,
-		cryptography.intToBuffer(args.moduleID, 4).toString('hex'),
-		cryptography.intToBuffer(args.commandID, 4).toString('hex'),
+		cryptography.utils.intToBuffer(args.moduleID, 4).toString('hex'),
+		cryptography.utils.intToBuffer(args.commandID, 4).toString('hex'),
 	) as Schema;
 	const params = flags.params ? JSON.parse(flags.params) : await getParamsFromPrompt(paramsSchema);
 
@@ -86,11 +86,11 @@ const getPassphraseAddressAndPublicKey = async (flags: CreateFlags) => {
 
 	if (flags['no-signature']) {
 		publicKey = Buffer.from(flags['sender-public-key'] as string, 'hex');
-		address = cryptography.getAddressFromPublicKey(publicKey);
+		address = cryptography.address.getAddressFromPublicKey(publicKey);
 		passphrase = '';
 	} else {
 		passphrase = flags.passphrase ?? (await getPassphraseFromPrompt('passphrase', true));
-		const result = cryptography.getAddressAndPublicKeyFromPassphrase(passphrase);
+		const result = cryptography.address.getAddressAndPublicKeyFromPassphrase(passphrase);
 		publicKey = result.publicKey;
 		address = result.address;
 	}
@@ -271,8 +271,8 @@ export abstract class CreateCommand extends Command {
 		const { args, flags } = this.parse(CreateCommand);
 
 		const incompleteTransaction = {
-			moduleID: cryptography.intToBuffer(args.moduleID, 4).toString('hex'),
-			commandID: cryptography.intToBuffer(args.commandID, 4).toString('hex'),
+			moduleID: cryptography.utils.intToBuffer(args.moduleID, 4).toString('hex'),
+			commandID: cryptography.utils.intToBuffer(args.commandID, 4).toString('hex'),
 			fee: args.fee,
 			nonce: '0',
 			senderPublicKey: '',

commander/src/bootstrapping/commands/transaction/sign.ts

@@ -165,7 +165,7 @@ const signTransactionOnline = async (
 	// Sign non multi-sig transaction
 	const transactionObject = decodeTransaction(registeredSchema, metadata, transactionHexStr);
 	const passphrase = flags.passphrase ?? (await getPassphraseFromPrompt('passphrase', true));
-	const address = cryptography.getAddressFromPassphrase(passphrase);
+	const address = cryptography.address.getAddressFromPassphrase(passphrase);
 
 	let signedTransaction: Record<string, unknown>;
 

commander/src/commands/message/decrypt.ts

@@ -13,7 +13,7 @@
  * Removal or modification of this copyright notice is prohibited.
  *
  */
-import { decryptMessageWithPassphrase } from '@liskhq/lisk-cryptography';
+import { encrypt } from '@liskhq/lisk-cryptography';
 import { flags as flagParser } from '@oclif/command';
 
 import BaseCommand from '../../base';
@@ -37,7 +37,7 @@ const processInputs = (
 		throw new ValidationError('No message was provided.');
 	}
 
-	return decryptMessageWithPassphrase(
+	return encrypt.decryptMessageWithPassphrase(
 		message,
 		nonce,
 		passphrase,

commander/src/commands/message/encrypt.ts

@@ -13,7 +13,7 @@
  * Removal or modification of this copyright notice is prohibited.
  *
  */
-import { encryptMessageWithPassphrase } from '@liskhq/lisk-cryptography';
+import { encrypt } from '@liskhq/lisk-cryptography';
 import { flags as flagParser } from '@oclif/command';
 
 import BaseCommand from '../../base';
@@ -32,7 +32,11 @@ const processInputs = (recipientPublicKey: string, passphrase: string, message?:
 	}
 
 	return {
-		...encryptMessageWithPassphrase(message, passphrase, Buffer.from(recipientPublicKey, 'hex')),
+		...encrypt.encryptMessageWithPassphrase(
+			message,
+			passphrase,
+			Buffer.from(recipientPublicKey, 'hex'),
+		),
 		recipientPublicKey,
 	};
 };

commander/src/commands/message/sign.ts

@@ -13,7 +13,7 @@
  * Removal or modification of this copyright notice is prohibited.
  *
  */
-import { signMessageWithPassphrase } from '@liskhq/lisk-cryptography';
+import { ed } from '@liskhq/lisk-cryptography';
 import { flags as flagParser } from '@oclif/command';
 
 import BaseCommand from '../../base';
@@ -30,7 +30,7 @@ const processInputs = (passphrase: string, message?: string) => {
 		throw new ValidationError('No message was provided.');
 	}
 
-	const signedMessageWithOnePassphrase = signMessageWithPassphrase(message, passphrase);
+	const signedMessageWithOnePassphrase = ed.signMessageWithPassphrase(message, passphrase);
 	return {
 		...signedMessageWithOnePassphrase,
 		publicKey: signedMessageWithOnePassphrase.publicKey.toString('hex'),

commander/src/commands/message/verify.ts

@@ -13,7 +13,7 @@
  * Removal or modification of this copyright notice is prohibited.
  *
  */
-import { verifyMessageWithPublicKey } from '@liskhq/lisk-cryptography';
+import { ed } from '@liskhq/lisk-cryptography';
 import { flags as flagParser } from '@oclif/command';
 
 import BaseCommand from '../../base';
@@ -33,7 +33,7 @@ const processInputs = (publicKey: string, signature: string, message?: string) =
 	}
 
 	return {
-		verified: verifyMessageWithPublicKey({
+		verified: ed.verifyMessageWithPublicKey({
 			publicKey: Buffer.from(publicKey, 'hex'),
 			signature: Buffer.from(signature, 'hex'),
 			message,

commander/src/commands/network-identifier.ts

@@ -13,7 +13,7 @@
  * Removal or modification of this copyright notice is prohibited.
  *
  */
-import { getNetworkIdentifier } from '@liskhq/lisk-cryptography';
+import { utils } from '@liskhq/lisk-cryptography';
 import { flags as flagParser } from '@oclif/command';
 
 import BaseCommand from '../base';
@@ -49,7 +49,7 @@ export default class NetworkIdentifierCommand extends BaseCommand {
 			// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
 			args: { genesisBlockID },
 		} = this.parse(NetworkIdentifierCommand);
-		const networkIdentifier = getNetworkIdentifier(
+		const networkIdentifier = utils.getNetworkIdentifier(
 			Buffer.from(genesisBlockID, 'hex'),
 			communityIdentifier,
 		);

commander/src/utils/commons.ts

@@ -31,16 +31,18 @@ export const encryptPassphrase = async (
 	password: string,
 	outputPublicKey: boolean,
 ): Promise<Record<string, unknown>> => {
-	const encryptedPassphraseObject = await cryptography.encryptPassphraseWithPassword(
+	const encryptedPassphraseObject = await cryptography.encrypt.encryptPassphraseWithPassword(
 		passphrase,
 		password,
 	);
-	const encryptedPassphrase = cryptography.stringifyEncryptedPassphrase(encryptedPassphraseObject);
+	const encryptedPassphrase = cryptography.encrypt.stringifyEncryptedPassphrase(
+		encryptedPassphraseObject,
+	);
 
 	return outputPublicKey
 		? {
 				encryptedPassphrase,
-				publicKey: cryptography.getKeys(passphrase).publicKey.toString('hex'),
+				publicKey: cryptography.ed.getKeys(passphrase).publicKey.toString('hex'),
 		  }
 		: { encryptedPassphrase };
 };

commander/src/utils/genesis_creation.ts

@@ -15,15 +15,7 @@
  */
 import { Mnemonic } from '@liskhq/lisk-passphrase';
 import { Schema } from '@liskhq/lisk-codec';
-import {
-	generatePrivateKey,
-	getAddressFromPublicKey,
-	getKeys,
-	getLisk32AddressFromPublicKey,
-	getPublicKeyFromPrivateKey,
-	blsPopProve,
-	intToBuffer,
-} from '@liskhq/lisk-cryptography';
+import { bls, address, utils, ed } from '@liskhq/lisk-cryptography';
 import {
 	dposGenesisStoreSchema,
 	DPoSModule,
@@ -73,22 +65,22 @@ export const generateGenesisBlockDefaultDPoSAssets = (input: GenesisBlockDefault
 	const accountList = [];
 	for (let i = 0; i < input.numberOfAccounts; i += 1) {
 		const passphrase = Mnemonic.generateMnemonic(256);
-		const keys = getKeys(passphrase);
+		const keys = ed.getKeys(passphrase);
 		accountList.push({
 			publicKey: keys.publicKey,
 			privateKey: keys.privateKey,
 			passphrase,
-			address: getAddressFromPublicKey(keys.publicKey),
-			lisk32Address: getLisk32AddressFromPublicKey(keys.publicKey),
+			address: address.getAddressFromPublicKey(keys.publicKey),
+			lisk32Address: address.getLisk32AddressFromPublicKey(keys.publicKey),
 		});
 	}
 	const validatorList = [];
 	for (let i = 0; i < input.numberOfValidators; i += 1) {
 		const passphrase = Mnemonic.generateMnemonic(256);
-		const keys = getKeys(passphrase);
-		const blsPrivateKey = generatePrivateKey(Buffer.from(passphrase, 'utf-8'));
-		const blsPublicKey = getPublicKeyFromPrivateKey(blsPrivateKey);
-		const blsPoP = blsPopProve(blsPrivateKey);
+		const keys = ed.getKeys(passphrase);
+		const blsPrivateKey = bls.generatePrivateKey(Buffer.from(passphrase, 'utf-8'));
+		const blsPublicKey = bls.getPublicKeyFromPrivateKey(blsPrivateKey);
+		const blsPoP = bls.popProve(blsPrivateKey);
 		validatorList.push({
 			publicKey: keys.publicKey,
 			name: `genesis_${i}`,
@@ -97,8 +89,8 @@ export const generateGenesisBlockDefaultDPoSAssets = (input: GenesisBlockDefault
 			blsPrivateKey,
 			blsPoP,
 			passphrase,
-			address: getAddressFromPublicKey(keys.publicKey),
-			lisk32Address: getLisk32AddressFromPublicKey(keys.publicKey),
+			address: address.getAddressFromPublicKey(keys.publicKey),
+			lisk32Address: address.getLisk32AddressFromPublicKey(keys.publicKey),
 		});
 	}
 
@@ -109,8 +101,8 @@ export const generateGenesisBlockDefaultDPoSAssets = (input: GenesisBlockDefault
 				userSubstore: accountList.map(a => ({
 					address: a.address,
 					tokenID: {
-						chainID: intToBuffer(0, 4),
-						localID: intToBuffer(0, 4),
+						chainID: utils.intToBuffer(0, 4),
+						localID: utils.intToBuffer(0, 4),
 					},
 					availableBalance: BigInt(input.tokenDistribution),
 					lockedBalances: [],

commander/src/utils/transaction.ts

@@ -44,7 +44,7 @@ export const decodeTransaction = (
 	transactionHexStr: string,
 ) => {
 	const transactionBytes = Buffer.from(transactionHexStr, 'hex');
-	const id = cryptography.hash(transactionBytes);
+	const id = cryptography.utils.hash(transactionBytes);
 	const transaction = codec.decodeJSON<TransactionJSON>(schema.transaction, transactionBytes);
 	const paramsSchema = getParamsSchema(metadata, transaction.moduleID, transaction.commandID);
 	const params = codec.decodeJSON<Record<string, unknown>>(