@cloudpss/crypto 0.5.24 → 0.5.25

package/tests/encryption.js

@@ -1,11 +1,21 @@
 import { MAGIC_NUMBER } from '../dist/encryption/index.js';
-import { isEncrypted, encrypt, decrypt } from '../dist/index.js';
+import { isEncrypted, encrypt, decrypt, encryptAad, extractAad } from '../dist/index.js';
 import { toUint8Array } from '../dist/utils.js';
+import { createModule } from '../dist/encryption/module.js';
 import * as nodeImpl from '../dist/encryption/node.js';
 import * as browserImpl from '../dist/encryption/browser.js';
 import * as webImpl from '../dist/encryption/web.js';
 import * as jsImpl from '../dist/encryption/pure-js.js';
 
+const data = [
+    Buffer.from(''),
+    Buffer.from('Hello, World!'),
+    Buffer.from('Hello, World!'.repeat(100)),
+    new Uint8Array(100),
+    Buffer.from('Hello, World!'.repeat(1000)).buffer,
+].map((d) => ({ raw: d, length: d.byteLength, type: d.constructor.name }));
+const passphrase = 'test';
+
 describe('Encryption root export', () => {
     it('has MAGIC_NUMBER', () => {
         expect(MAGIC_NUMBER).toBeInstanceOf(Uint8Array);
@@ -16,8 +26,8 @@ describe('Encryption root export', () => {
         // @ts-expect-error bad type
         expect(() => isEncrypted({})).toThrow('Invalid data');
         expect(isEncrypted(Buffer.from(MAGIC_NUMBER))).toBe(false);
-        expect(isEncrypted(Buffer.concat([MAGIC_NUMBER, Buffer.alloc(32)]))).toBe(false);
-        expect(isEncrypted(Buffer.concat([MAGIC_NUMBER, Buffer.alloc(33)]))).toBe(true);
+        expect(isEncrypted(Buffer.concat([MAGIC_NUMBER, Buffer.alloc(31)]))).toBe(false);
+        expect(isEncrypted(Buffer.concat([MAGIC_NUMBER, Buffer.alloc(32)]))).toBe(true);
         expect(isEncrypted(Buffer.alloc(40))).toBe(false);
         expect(isEncrypted(Buffer.alloc(41))).toBe(false);
     });
@@ -40,71 +50,137 @@ describe('Encryption root export', () => {
         await expect(() => decrypt(Buffer.alloc(100), 'xx')).rejects.toThrow('Invalid encrypted data');
     });
 
-    it('encrypt/decrypt', async () => {
-        const data = [
-            Buffer.from(''),
-            Buffer.from('Hello, World!'),
-            Buffer.from('Hello, World!'.repeat(100)),
-            new Uint8Array(100),
-            Buffer.from('Hello, World!'.repeat(1000)).buffer,
-        ];
-        const passphrase = 'test';
-        for (const raw of data) {
-            const encrypted = await encrypt(raw, passphrase);
-            expect(encrypted).toBeInstanceOf(Uint8Array);
-            expect(encrypted.byteLength).toBeGreaterThan(raw.byteLength);
-            expect(isEncrypted(encrypted)).toBe(true);
+    it('accepts empty aad', async () => {
+        const encrypted = await encryptAad(Buffer.alloc(0), Buffer.alloc(0), passphrase);
+        expect(encrypted).toBeInstanceOf(Uint8Array);
+        const extractedAad = extractAad(encrypted);
+        expect(extractedAad).toBeUndefined();
+    });
 
-            await expect(async () => {
-                await decrypt(encrypted, 'xx');
-                throw new Error('This may not be thrown since cipher may not report error');
-            }).rejects.toThrow();
+    it('accepts undefined aad', async () => {
+        const encrypted = await encryptAad(Buffer.alloc(0), undefined, passphrase);
+        expect(encrypted).toBeInstanceOf(Uint8Array);
+        const extractedAad = extractAad(encrypted);
+        expect(extractedAad).toBeUndefined();
+    });
 
-            const decrypted = await decrypt(encrypted, passphrase);
-            expect(decrypted).toBeInstanceOf(Uint8Array);
-            expect(decrypted).toEqual(toUint8Array(raw));
-        }
+    it('rejects invalid aad size', async () => {
+        const aad2 = Buffer.alloc(1024 * 1024 * 1024 + 1);
+        await expect(async () => {
+            await encryptAad(Buffer.alloc(0), aad2, passphrase);
+        }).rejects.toThrow('Invalid AAD size');
     });
+
+    checkModule({ encrypt, decrypt, encryptAad });
 });
 
 /**
- * 检查实现
- * @param {any} impl impl module
+ * 检查实现模块
+ * @param {any} module wrapped module
  */
-function checkImpl(impl) {
-    expect(impl).toMatchObject({
-        encrypt: expect.any(Function),
-        decrypt: expect.any(Function),
+function checkModule(module) {
+    it('has correct exports', () => {
+        expect(module).toMatchObject({
+            encrypt: expect.any(Function),
+            decrypt: expect.any(Function),
+            encryptAad: expect.any(Function),
+        });
+    });
+
+    // eslint-disable-next-line @typescript-eslint/unbound-method
+    const { encrypt, decrypt, encryptAad } = module;
+
+    it.each(data)('encrypt/decrypt $type[$length]', async ({ raw }) => {
+        const encrypted = await encrypt(raw, passphrase);
+        expect(encrypted).toBeInstanceOf(Uint8Array);
+        expect(encrypted.byteLength).toBeGreaterThan(raw.byteLength);
+        expect(isEncrypted(encrypted)).toBe(true);
+
+        await expect(async () => {
+            await decrypt(encrypted, 'xx');
+        }).rejects.toThrow();
+
+        const decrypted = await decrypt(encrypted, passphrase);
+        expect(decrypted).toBeInstanceOf(Uint8Array);
+        expect(decrypted).toEqual(toUint8Array(raw));
+    });
+
+    it.each(data)('encrypt/decrypt $type[$length] with aad', async ({ raw }) => {
+        const aad = Buffer.from('Hello, AAD!');
+        const encrypted = await encryptAad(raw, aad, passphrase);
+        expect(encrypted).toBeInstanceOf(Uint8Array);
+        expect(encrypted.byteLength).toBeGreaterThan(raw.byteLength);
+        expect(isEncrypted(encrypted)).toBe(true);
+
+        const extractedAad = extractAad(encrypted);
+        expect(extractedAad).toBeInstanceOf(Uint8Array);
+        expect(extractedAad).toEqual(toUint8Array(aad));
+
+        await expect(async () => {
+            await decrypt(encrypted, 'xx');
+        }).rejects.toThrow();
+
+        const decrypted = await decrypt(encrypted, passphrase);
+        expect(decrypted).toBeInstanceOf(Uint8Array);
+        expect(decrypted).toEqual(toUint8Array(raw));
     });
-    checkImplEncryption(impl.encrypt, impl.decrypt);
 }
 
 /**
  * 检查实现
- * @param {(arg0: Buffer, arg1: string) => any} encrypt encrypt
- * @param {(arg0: any, arg1: string) => any} decrypt decrypt
+ * @param {(data: import('../dist/encryption/common.js').PlainData, passphrase: string) => Promise<import('../dist/encryption/common.js').EncryptedData>} encrypt encrypt
+ * @param {(data: import('../dist/encryption/common.js').EncryptedData, passphrase: string) => Promise<import('../dist/encryption/common.js').PlainData>} decrypt decrypt
  */
 function checkImplEncryption(encrypt, decrypt) {
-    const data = [Buffer.alloc(0), Buffer.from('Hello, World!'), Buffer.from('Hello, World!'.repeat(100))];
-    const passphrase = 'test';
-    it.each(data.map((v) => ({ length: v.byteLength, buffer: v })))(
-        `len=$length`,
-        async ({ buffer: raw }) => {
-            const encrypted = await encrypt(raw, passphrase);
-            expect(encrypted.salt).toBeInstanceOf(Uint8Array);
-            expect(encrypted.salt.byteLength).toBe(16);
-            expect(encrypted.iv).toBeInstanceOf(Uint8Array);
-            expect(encrypted.iv.byteLength).toBe(16);
+    it.each(data)(
+        `$type[$length]`,
+        async ({ raw }) => {
+            const encrypted = await encrypt({ data: toUint8Array(raw) }, passphrase);
+            expect(encrypted.nonce).toBeInstanceOf(Uint8Array);
+            expect(encrypted.nonce.byteLength).toBe(12);
+            expect(encrypted.aad).toBeUndefined();
             expect(encrypted.data).toBeInstanceOf(Uint8Array);
 
             await expect(async () => {
                 await decrypt(encrypted, 'xx');
-                throw new Error('This may not be thrown since cipher may not report error');
             }).rejects.toThrow();
 
             const decrypted = await decrypt(encrypted, passphrase);
-            expect(decrypted).toBeInstanceOf(Uint8Array);
-            expect(decrypted).toEqual(toUint8Array(raw));
+            expect(decrypted.data).toBeInstanceOf(Uint8Array);
+            expect(decrypted.data).toEqual(toUint8Array(raw));
+            expect(decrypted.aad).toBeUndefined();
+        },
+        100_000,
+    );
+    it.each(data)(
+        `(aad) $type[$length]`,
+        async ({ raw }) => {
+            const aad = Buffer.from('Hello, AAD!');
+            const encrypted = await encrypt({ data: toUint8Array(raw), aad }, passphrase);
+            expect(encrypted.nonce).toBeInstanceOf(Uint8Array);
+            expect(encrypted.nonce.byteLength).toBe(12);
+            expect(encrypted.data).toBeInstanceOf(Uint8Array);
+
+            await expect(async () => {
+                await decrypt(
+                    {
+                        nonce: encrypted.nonce,
+                        data: encrypted.data,
+                    },
+                    passphrase,
+                );
+            }).rejects.toThrow();
+
+            const decrypted = await decrypt(
+                {
+                    nonce: encrypted.nonce,
+                    aad: toUint8Array(aad),
+                    data: encrypted.data,
+                },
+                passphrase,
+            );
+            expect(decrypted.data).toBeInstanceOf(Uint8Array);
+            expect(decrypted.data).toEqual(toUint8Array(raw));
         },
         100_000,
     );
@@ -118,7 +194,8 @@ describe('Encryption impl', () => {
         js: jsImpl,
     });
     describe.each(impls)('impl %s', (name, impl) => {
-        checkImpl(impl);
+        const module = createModule(impl);
+        checkModule(module);
     });
     describe.each(impls.slice(1))(`cross impl %s/${impls[0][0]}`, (name, impl) => {
         describe(`${impls[0][0]} -> ${name}`, () => {
@@ -140,6 +217,6 @@ describe('Encryption impl browser', () => {
         afterAll(() => {
             globalThis.crypto = crypto;
         });
-        checkImpl(browserImpl);
+        checkModule(createModule(browserImpl));
     });
 });