@bsv/sdk 1.9.11 → 1.9.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/dist/cjs/package.json +1 -1
  2. package/dist/cjs/src/primitives/SymmetricKey.js +11 -3
  3. package/dist/cjs/src/primitives/SymmetricKey.js.map +1 -1
  4. package/dist/cjs/tsconfig.cjs.tsbuildinfo +1 -1
  5. package/dist/esm/src/primitives/SymmetricKey.js +11 -3
  6. package/dist/esm/src/primitives/SymmetricKey.js.map +1 -1
  7. package/dist/esm/tsconfig.esm.tsbuildinfo +1 -1
  8. package/dist/types/src/primitives/SymmetricKey.d.ts.map +1 -1
  9. package/dist/types/tsconfig.types.tsbuildinfo +1 -1
  10. package/dist/umd/bundle.js +1 -1
  11. package/dist/umd/bundle.js.map +1 -1
  12. package/package.json +1 -1
  13. package/src/primitives/SymmetricKey.ts +17 -9
  14. package/src/primitives/__tests/SymmetricKey.test.ts +22 -0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@bsv/sdk",
3
- "version": "1.9.11",
3
+ "version": "1.9.12",
4
4
  "type": "module",
5
5
  "description": "BSV Blockchain Software Development Kit",
6
6
  "main": "dist/cjs/mod.js",
package/src/primitives/SymmetricKey.ts CHANGED
@@ -44,12 +44,7 @@ export default class SymmetricKey extends BigNumber {
44
44
  const iv = Random(32)
45
45
  msg = toArray(msg, enc)
46
46
  const keyBytes = this.toArray('be', 32)
47
- const { result, authenticationTag } = AESGCM(
48
- msg,
49
- [],
50
- iv,
51
- keyBytes
52
- )
47
+ const { result, authenticationTag } = AESGCM(msg, [], iv, keyBytes)
53
48
  const totalLength = iv.length + result.length + authenticationTag.length
54
49
  const combined = new Array(totalLength)
55
50
  let offset = 0
@@ -79,10 +74,23 @@ export default class SymmetricKey extends BigNumber {
79
74
  */
80
75
  decrypt (msg: number[] | string, enc?: 'hex' | 'utf8'): string | number[] {
81
76
  msg = toArray(msg, enc)
82
- const iv = msg.slice(0, 32)
83
- const tagStart = msg.length - 16
84
- const ciphertext = msg.slice(32, tagStart)
77
+
78
+ const ivLength = 32
79
+ const tagLength = 16
80
+
81
+ if (msg.length < ivLength + tagLength) {
82
+ throw new Error('Ciphertext too short')
83
+ }
84
+
85
+ const iv = msg.slice(0, ivLength)
86
+ const tagStart = msg.length - tagLength
87
+ const ciphertext = msg.slice(ivLength, tagStart)
85
88
  const messageTag = msg.slice(tagStart)
89
+
90
+ if (tagStart < ivLength) {
91
+ throw new Error('Malformed ciphertext')
92
+ }
93
+
86
94
  const result = AESGCMDecrypt(
87
95
  ciphertext,
88
96
  [],
package/src/primitives/__tests/SymmetricKey.test.ts CHANGED
@@ -102,5 +102,27 @@ describe('SymmetricKey', () => {
102
102
 
103
103
  expect(decrypted).toBe(plaintext)
104
104
  })
105
+
106
+ it('throws "Ciphertext too short" for inputs shorter than IV + tag', () => {
107
+ const shortCipherArray = new Array(47).fill(0)
108
+ expect(() => {
109
+ KEYS[0].decrypt(shortCipherArray)
110
+ }).toThrow(new Error('Ciphertext too short'))
111
+ })
112
+
113
+ it('throws "Ciphertext too short" for hex-encoded inputs shorter than IV + tag', () => {
114
+ const shortBuffer = Buffer.alloc(47, 0)
115
+ const shortHex = shortBuffer.toString('hex')
116
+
117
+ expect(() => {
118
+ KEYS[0].decrypt(shortHex, 'hex')
119
+ }).toThrow(new Error('Ciphertext too short'))
120
+ })
121
+
122
+ it('still throws "Decryption failed!" for structurally valid but wrong ciphertext', () => {
123
+ expect(() => {
124
+ KEYS[2].decrypt(CIPHERTEXT_1, 'hex')
125
+ }).toThrow(new Error('Decryption failed!'))
126
+ })
105
127
  })
106
128
  })