@cloudpss/crypto 0.6.15 → 0.6.16

package/README.md

@@ -1,3 +1,13 @@
 # @cloudpss/crypto
 
 Pre-configured crypto libraries for use in CloudPSS.
+
+## Example
+
+```ts
+import { encrypt, decrypt, isEncrypted } from '@cloudpss/crypto';
+
+const encrypted = await encrypt(new TextEncoder().encode('secret'), 'passphrase');
+const ok = isEncrypted(encrypted);
+const plain = await decrypt(encrypted, 'passphrase');
+```

package/dist/encryption/browser.d.ts

@@ -1,4 +1,6 @@
 import type { EncryptedData, PlainData } from './common.js';
+/** For test purposes */
+export declare function resetModuleLoader(): void;
 /** browser encrypt */
 export declare function encrypt(data: PlainData, passphrase: string): Promise<EncryptedData>;
 /** browser decrypt */

package/dist/encryption/browser.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"browser.d.ts","sourceRoot":"","sources":["../../src/encryption/browser.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAiB5D,sBAAsB;AACtB,wBAAsB,OAAO,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAGzF;AAED,sBAAsB;AACtB,wBAAsB,OAAO,CAAC,IAAI,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAGzF"}
+{"version":3,"file":"browser.d.ts","sourceRoot":"","sources":["../../src/encryption/browser.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAoB5D,wBAAwB;AACxB,wBAAgB,iBAAiB,IAAI,IAAI,CAOxC;AAID,sBAAsB;AACtB,wBAAsB,OAAO,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAGzF;AAED,sBAAsB;AACtB,wBAAsB,OAAO,CAAC,IAAI,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAGzF"}

package/dist/encryption/browser.js

@@ -1,4 +1,5 @@
-const module = async () => {
+/** 动态选择加密模块 */
+async function loadModule() {
     if (typeof crypto == 'object' &&
         typeof crypto.subtle == 'object' &&
         typeof crypto.subtle.importKey == 'function' &&
@@ -10,7 +11,18 @@ const module = async () => {
     else {
         return import('./wasm.js');
     }
-};
+}
+let module;
+/** For test purposes */
+export function resetModuleLoader() {
+    module = async () => {
+        const mod = await loadModule();
+        // eslint-disable-next-line @typescript-eslint/promise-function-async
+        module = () => Promise.resolve(mod);
+        return mod;
+    };
+}
+resetModuleLoader();
 /** browser encrypt */
 export async function encrypt(data, passphrase) {
     const { encrypt } = await module();

package/dist/encryption/browser.js.map

@@ -1 +1 @@
-{"version":3,"file":"browser.js","sourceRoot":"","sources":["../../src/encryption/browser.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,GAAG,KAAK,IAAI,EAAE;IACtB,IACI,OAAO,MAAM,IAAI,QAAQ;QACzB,OAAO,MAAM,CAAC,MAAM,IAAI,QAAQ;QAChC,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,IAAI,UAAU;QAC5C,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,IAAI,UAAU;QAC5C,OAAO,MAAM,CAAC,MAAM,CAAC,OAAO,IAAI,UAAU;QAC1C,OAAO,MAAM,CAAC,MAAM,CAAC,OAAO,IAAI,UAAU,EAC5C,CAAC;QACC,OAAO,MAAM,CAAC,UAAU,CAAC,CAAC;IAC9B,CAAC;SAAM,CAAC;QACJ,OAAO,MAAM,CAAC,WAAW,CAAC,CAAC;IAC/B,CAAC;AACL,CAAC,CAAC;AAEF,sBAAsB;AACtB,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,IAAe,EAAE,UAAkB;IAC7D,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM,EAAE,CAAC;IACnC,OAAO,MAAM,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;AAC3C,CAAC;AAED,sBAAsB;AACtB,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,IAAmB,EAAE,UAAkB;IACjE,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM,EAAE,CAAC;IACnC,OAAO,MAAM,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;AAC3C,CAAC"}
+{"version":3,"file":"browser.js","sourceRoot":"","sources":["../../src/encryption/browser.ts"],"names":[],"mappings":"AAEA,eAAe;AACf,KAAK,UAAU,UAAU;IACrB,IACI,OAAO,MAAM,IAAI,QAAQ;QACzB,OAAO,MAAM,CAAC,MAAM,IAAI,QAAQ;QAChC,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,IAAI,UAAU;QAC5C,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,IAAI,UAAU;QAC5C,OAAO,MAAM,CAAC,MAAM,CAAC,OAAO,IAAI,UAAU;QAC1C,OAAO,MAAM,CAAC,MAAM,CAAC,OAAO,IAAI,UAAU,EAC5C,CAAC;QACC,OAAO,MAAM,CAAC,UAAU,CAAC,CAAC;IAC9B,CAAC;SAAM,CAAC;QACJ,OAAO,MAAM,CAAC,WAAW,CAAC,CAAC;IAC/B,CAAC;AACL,CAAC;AAED,IAAI,MAAyB,CAAC;AAE9B,wBAAwB;AACxB,MAAM,UAAU,iBAAiB;IAC7B,MAAM,GAAG,KAAK,IAAI,EAAE;QAChB,MAAM,GAAG,GAAG,MAAM,UAAU,EAAE,CAAC;QAC/B,qEAAqE;QACrE,MAAM,GAAG,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACpC,OAAO,GAAG,CAAC;IACf,CAAC,CAAC;AACN,CAAC;AAED,iBAAiB,EAAE,CAAC;AAEpB,sBAAsB;AACtB,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,IAAe,EAAE,UAAkB;IAC7D,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM,EAAE,CAAC;IACnC,OAAO,MAAM,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;AAC3C,CAAC;AAED,sBAAsB;AACtB,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,IAAmB,EAAE,UAAkB;IACjE,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM,EAAE,CAAC;IACnC,OAAO,MAAM,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;AAC3C,CAAC"}

package/dist/encryption/index.d.ts

@@ -5,22 +5,28 @@ export declare function isEncrypted(data: BufferSource): boolean;
  * 从加密数据中提取附加数据
  * @throws {TypeError} 如果数据不是有效的加密数据
  */
-export declare function extractAad(data: BufferSource): Uint8Array | undefined;
+export declare function extractAad(data: BufferSource): Uint8Array<ArrayBuffer> | undefined;
 export declare const 
 /**
- * 加密数据
+ * 加密数据，包含不加密的附加数据
  * @throws {TypeError} 如果密码无效
  */
-encrypt: (data: BufferSource, passphrase: string) => Promise<Uint8Array<ArrayBuffer>>, 
+encryptAad: (data: BufferSource, aad: BufferSource | undefined, passphrase: string) => Promise<Uint8Array<ArrayBuffer>>, 
 /**
- * 加密数据，包含不加密的附加数据
+ * 解密数据，包含不加密的附加数据
+ * @throws {TypeError} 如果数据不是有效的加密数据
  * @throws {TypeError} 如果密码无效
  */
-encryptAad: (data: BufferSource, aad: BufferSource | undefined, passphrase: string) => Promise<Uint8Array<ArrayBuffer>>, 
+decryptAad: (data: BufferSource, passphrase: string) => Promise<import("./common.js").PlainData>;
+/**
+ * 加密数据
+ * @throws {TypeError} 如果密码无效
+ */
+export declare function encrypt(data: BufferSource, passphrase: string): Promise<Uint8Array<ArrayBuffer>>;
 /**
  * 解密数据
  * @throws {TypeError} 如果数据不是有效的加密数据
  * @throws {TypeError} 如果密码无效
  */
-decrypt: (data: BufferSource, passphrase: string) => Promise<Uint8Array<ArrayBuffer>>;
+export declare function decrypt(data: BufferSource, passphrase: string): Promise<Uint8Array<ArrayBuffer>>;
 //# sourceMappingURL=index.d.ts.map

package/dist/encryption/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/encryption/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,0BAA0B;AAC1B,wBAAgB,WAAW,CAAC,IAAI,EAAE,YAAY,GAAG,OAAO,CAEvD;AAED;;;GAGG;AACH,wBAAgB,UAAU,CAAC,IAAI,EAAE,YAAY,GAAG,UAAU,GAAG,SAAS,CAQrE;AAED,eAAO;AACH;;;GAGG;AAEH,OAAO;AACP;;;GAGG;AAEH,UAAU;AACV;;;;GAIG;AAEH,OAAO,8EACW,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/encryption/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,0BAA0B;AAC1B,wBAAgB,WAAW,CAAC,IAAI,EAAE,YAAY,GAAG,OAAO,CAEvD;AAED;;;GAGG;AACH,wBAAgB,UAAU,CAAC,IAAI,EAAE,YAAY,GAAG,UAAU,CAAC,WAAW,CAAC,GAAG,SAAS,CAQlF;AAED,eAAO;AACH;;;GAGG;AAEH,UAAU;AACV;;;;GAIG;AAEH,UAAU,sFACQ,CAAC;AAEvB;;;GAGG;AACH,wBAAsB,OAAO,CAAC,IAAI,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAEtG;AACD;;;;GAIG;AACH,wBAAsB,OAAO,CAAC,IAAI,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAGtG"}

package/dist/encryption/index.js

@@ -22,22 +22,32 @@ export function extractAad(data) {
 }
 export const { 
 /**
- * 加密数据
+ * 加密数据，包含不加密的附加数据
  * @throws {TypeError} 如果密码无效
  */
 // eslint-disable-next-line @typescript-eslint/unbound-method
-encrypt, 
+encryptAad, 
 /**
- * 加密数据，包含不加密的附加数据
+ * 解密数据，包含不加密的附加数据
+ * @throws {TypeError} 如果数据不是有效的加密数据
  * @throws {TypeError} 如果密码无效
  */
 // eslint-disable-next-line @typescript-eslint/unbound-method
-encryptAad, 
+decryptAad, } = createModule(impl);
+/**
+ * 加密数据
+ * @throws {TypeError} 如果密码无效
+ */
+export async function encrypt(data, passphrase) {
+    return await encryptAad(data, undefined, passphrase);
+}
 /**
  * 解密数据
  * @throws {TypeError} 如果数据不是有效的加密数据
  * @throws {TypeError} 如果密码无效
  */
-// eslint-disable-next-line @typescript-eslint/unbound-method
-decrypt, } = createModule(impl);
+export async function decrypt(data, passphrase) {
+    const decrypted = await decryptAad(data, passphrase);
+    return decrypted.data;
+}
 //# sourceMappingURL=index.js.map

package/dist/encryption/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/encryption/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,aAAa,CAAC;AACpC,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,0BAA0B;AAC1B,MAAM,UAAU,WAAW,CAAC,IAAkB;IAC1C,OAAO,cAAc,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC;AACxC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,UAAU,CAAC,IAAkB;IACzC,MAAM,SAAS,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,SAAS,IAAI,IAAI,EAAE,CAAC;QACpB,MAAM,IAAI,SAAS,CAAC,wBAAwB,CAAC,CAAC;IAClD,CAAC;IACD,MAAM,EAAE,GAAG,EAAE,GAAG,SAAS,CAAC;IAC1B,IAAI,CAAC,GAAG,CAAC,UAAU;QAAE,OAAO,SAAS,CAAC;IACtC,OAAO,GAAG,CAAC;AACf,CAAC;AAED,MAAM,CAAC,MAAM;AACT;;;GAGG;AACH,6DAA6D;AAC7D,OAAO;AACP;;;GAGG;AACH,6DAA6D;AAC7D,UAAU;AACV;;;;GAIG;AACH,6DAA6D;AAC7D,OAAO,GACV,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/encryption/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,aAAa,CAAC;AACpC,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,0BAA0B;AAC1B,MAAM,UAAU,WAAW,CAAC,IAAkB;IAC1C,OAAO,cAAc,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC;AACxC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,UAAU,CAAC,IAAkB;IACzC,MAAM,SAAS,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,SAAS,IAAI,IAAI,EAAE,CAAC;QACpB,MAAM,IAAI,SAAS,CAAC,wBAAwB,CAAC,CAAC;IAClD,CAAC;IACD,MAAM,EAAE,GAAG,EAAE,GAAG,SAAS,CAAC;IAC1B,IAAI,CAAC,GAAG,CAAC,UAAU;QAAE,OAAO,SAAS,CAAC;IACtC,OAAO,GAAG,CAAC;AACf,CAAC;AAED,MAAM,CAAC,MAAM;AACT;;;GAGG;AACH,6DAA6D;AAC7D,UAAU;AACV;;;;GAIG;AACH,6DAA6D;AAC7D,UAAU,GACb,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;AAEvB;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,IAAkB,EAAE,UAAkB;IAChE,OAAO,MAAM,UAAU,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;AACzD,CAAC;AACD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,IAAkB,EAAE,UAAkB;IAChE,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IACrD,OAAO,SAAS,CAAC,IAAI,CAAC;AAC1B,CAAC"}

package/dist/encryption/module.d.ts

@@ -1,21 +1,17 @@
+import { type PlainData } from './common.js';
 /** 模块 */
 interface Module {
-    /**
-     * 加密数据
-     * @throws {TypeError} 如果密码无效
-     */
-    encrypt(data: BufferSource, passphrase: string): Promise<Uint8Array<ArrayBuffer>>;
     /**
      * 加密数据，包含不加密的附加数据
      * @throws {TypeError} 如果密码无效
      */
     encryptAad(data: BufferSource, aad: BufferSource | undefined, passphrase: string): Promise<Uint8Array<ArrayBuffer>>;
     /**
-     * 解密数据
+     * 解密数据，包含不加密的附加数据
      * @throws {TypeError} 如果数据不是有效的加密数据
      * @throws {TypeError} 如果密码无效
      */
-    decrypt(data: BufferSource, passphrase: string): Promise<Uint8Array<ArrayBuffer>>;
+    decryptAad(data: BufferSource, passphrase: string): Promise<PlainData>;
 }
 /** 创建模块 */
 export declare function createModule(impl: typeof import('#encryption') | typeof import('./wasm.js')): Module;

package/dist/encryption/module.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"module.d.ts","sourceRoot":"","sources":["../../src/encryption/module.ts"],"names":[],"mappings":"AAsBA,SAAS;AACT,UAAU,MAAM;IACZ;;;OAGG;IACH,OAAO,CAAC,IAAI,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC;IAClF;;;OAGG;IACH,UAAU,CAAC,IAAI,EAAE,YAAY,EAAE,GAAG,EAAE,YAAY,GAAG,SAAS,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC;IACpH;;;;OAIG;IACH,OAAO,CAAC,IAAI,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC;CACrF;AAED,WAAW;AACX,wBAAgB,YAAY,CAAC,IAAI,EAAE,cAAc,aAAa,CAAC,GAAG,cAAc,WAAW,CAAC,GAAG,MAAM,CAkDpG"}
+{"version":3,"file":"module.d.ts","sourceRoot":"","sources":["../../src/encryption/module.ts"],"names":[],"mappings":"AACA,OAAO,EAQH,KAAK,SAAS,EACjB,MAAM,aAAa,CAAC;AAYrB,SAAS;AACT,UAAU,MAAM;IACZ;;;OAGG;IACH,UAAU,CAAC,IAAI,EAAE,YAAY,EAAE,GAAG,EAAE,YAAY,GAAG,SAAS,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC;IACpH;;;;OAIG;IACH,UAAU,CAAC,IAAI,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;CAC1E;AAED,WAAW;AACX,wBAAgB,YAAY,CAAC,IAAI,EAAE,cAAc,aAAa,CAAC,GAAG,cAAc,WAAW,CAAC,GAAG,MAAM,CA8CpG"}

package/dist/encryption/module.js

@@ -36,27 +36,22 @@ export function createModule(impl) {
         result.set(encrypted.data, MAGIC_NUMBER.length + NONCE_SIZE + AAD_LEN_SIZE + paddedAddSize);
         return result;
     };
-    const encrypt = async (data, passphrase) => {
-        return await encryptAad(data, undefined, passphrase);
-    };
-    const decrypt = async (data, passphrase) => {
+    const decryptAad = async (data, passphrase) => {
         assertPassphrase(passphrase);
         const encrypted = parseEncrypted(data);
         if (encrypted == null) {
             throw new TypeError('Invalid encrypted data');
         }
         try {
-            const result = await impl.decrypt(encrypted, passphrase);
-            return result.data;
+            return await impl.decrypt(encrypted, passphrase);
         }
         catch (ex) {
             throw new Error('Wrong passphrase', { cause: ex });
         }
     };
     return {
-        encrypt,
         encryptAad,
-        decrypt,
+        decryptAad,
     };
 }
 //# sourceMappingURL=module.js.map

package/dist/encryption/module.js.map

@@ -1 +1 @@
-{"version":3,"file":"module.js","sourceRoot":"","sources":["../../src/encryption/module.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACzD,OAAO,EACH,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,YAAY,EACZ,UAAU,EACV,OAAO,EACP,cAAc,GAEjB,MAAM,aAAa,CAAC;AAErB,WAAW;AACX,SAAS,gBAAgB,CAAC,UAAkB;IACxC,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;QACjC,MAAM,IAAI,SAAS,CAAC,sCAAsC,CAAC,CAAC;IAChE,CAAC;IACD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAC;IACjE,CAAC;AACL,CAAC;AAsBD,WAAW;AACX,MAAM,UAAU,YAAY,CAAC,IAA+D;IACxF,MAAM,UAAU,GAAyB,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE;QACrE,gBAAgB,CAAC,UAAU,CAAC,CAAC;QAC7B,MAAM,OAAO,GAAG,GAAG,EAAE,UAAU,IAAI,CAAC,CAAC;QACrC,IAAI,OAAO,GAAG,YAAY,EAAE,CAAC;YACzB,MAAM,IAAI,SAAS,CAAC,kBAAkB,CAAC,CAAC;QAC5C,CAAC;QACD,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QACpD,MAAM,KAAK,GAAc;YACrB,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,GAAI,CAAC,CAAC,CAAC,CAAC,YAAY;YAChD,IAAI,EAAE,YAAY,CAAC,IAAI,CAAC;SAC3B,CAAC;QACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;QACxD,MAAM,MAAM,GAAG,IAAI,UAAU,CACzB,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,YAAY,GAAG,aAAa,GAAG,SAAS,CAAC,IAAI,CAAC,MAAM,CAC1F,CAAC;QACF,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACzB,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC;QACjD,IAAI,OAAO,EAAE,CAAC;YACV,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,UAAU,CAAC,GAAG,OAAO,KAAK,EAAE,CAAC;YAC1D,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,CAAC,CAAC,GAAG,OAAO,KAAK,EAAE,CAAC;YAC9D,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,CAAC,CAAC,GAAG,OAAO,KAAK,CAAC,CAAC;YAC7D,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,CAAC,CAAC,GAAG,OAAO,CAAC;YACvD,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,YAAY,CAAC,CAAC;QAC3E,CAAC;QACD,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,YAAY,GAAG,aAAa,CAAC,CAAC;QAC5F,OAAO,MAAM,CAAC;IAClB,CAAC,CAAC;IACF,MAAM,OAAO,GAAsB,KAAK,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE;QAC1D,OAAO,MAAM,UAAU,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IACzD,CAAC,CAAC;IAEF,MAAM,OAAO,GAAsB,KAAK,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE;QAC1D,gBAAgB,CAAC,UAAU,CAAC,CAAC;QAC7B,MAAM,SAAS,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;QACvC,IAAI,SAAS,IAAI,IAAI,EAAE,CAAC;YACpB,MAAM,IAAI,SAAS,CAAC,wBAAwB,CAAC,CAAC;QAClD,CAAC;QACD,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;YACzD,OAAO,MAAM,CAAC,IAAI,CAAC;QACvB,CAAC;QAAC,OAAO,EAAE,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;QACvD,CAAC;IACL,CAAC,CAAC;IACF,OAAO;QACH,OAAO;QACP,UAAU;QACV,OAAO;KACV,CAAC;AACN,CAAC"}
+{"version":3,"file":"module.js","sourceRoot":"","sources":["../../src/encryption/module.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACzD,OAAO,EACH,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,YAAY,EACZ,UAAU,EACV,OAAO,EACP,cAAc,GAEjB,MAAM,aAAa,CAAC;AAErB,WAAW;AACX,SAAS,gBAAgB,CAAC,UAAkB;IACxC,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;QACjC,MAAM,IAAI,SAAS,CAAC,sCAAsC,CAAC,CAAC;IAChE,CAAC;IACD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAC;IACjE,CAAC;AACL,CAAC;AAiBD,WAAW;AACX,MAAM,UAAU,YAAY,CAAC,IAA+D;IACxF,MAAM,UAAU,GAAyB,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE;QACrE,gBAAgB,CAAC,UAAU,CAAC,CAAC;QAC7B,MAAM,OAAO,GAAG,GAAG,EAAE,UAAU,IAAI,CAAC,CAAC;QACrC,IAAI,OAAO,GAAG,YAAY,EAAE,CAAC;YACzB,MAAM,IAAI,SAAS,CAAC,kBAAkB,CAAC,CAAC;QAC5C,CAAC;QACD,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QACpD,MAAM,KAAK,GAAc;YACrB,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,GAAI,CAAC,CAAC,CAAC,CAAC,YAAY;YAChD,IAAI,EAAE,YAAY,CAAC,IAAI,CAAC;SAC3B,CAAC;QACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;QACxD,MAAM,MAAM,GAAG,IAAI,UAAU,CACzB,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,YAAY,GAAG,aAAa,GAAG,SAAS,CAAC,IAAI,CAAC,MAAM,CAC1F,CAAC;QACF,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACzB,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC;QACjD,IAAI,OAAO,EAAE,CAAC;YACV,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,UAAU,CAAC,GAAG,OAAO,KAAK,EAAE,CAAC;YAC1D,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,CAAC,CAAC,GAAG,OAAO,KAAK,EAAE,CAAC;YAC9D,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,CAAC,CAAC,GAAG,OAAO,KAAK,CAAC,CAAC;YAC7D,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,CAAC,CAAC,GAAG,OAAO,CAAC;YACvD,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,YAAY,CAAC,CAAC;QAC3E,CAAC;QACD,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,YAAY,GAAG,aAAa,CAAC,CAAC;QAC5F,OAAO,MAAM,CAAC;IAClB,CAAC,CAAC;IAEF,MAAM,UAAU,GAAyB,KAAK,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE;QAChE,gBAAgB,CAAC,UAAU,CAAC,CAAC;QAC7B,MAAM,SAAS,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;QACvC,IAAI,SAAS,IAAI,IAAI,EAAE,CAAC;YACpB,MAAM,IAAI,SAAS,CAAC,wBAAwB,CAAC,CAAC;QAClD,CAAC;QACD,IAAI,CAAC;YACD,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QACrD,CAAC;QAAC,OAAO,EAAE,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;QACvD,CAAC;IACL,CAAC,CAAC;IAEF,OAAO;QACH,UAAU;QACV,UAAU;KACb,CAAC;AACN,CAAC"}

package/dist/index.d.ts

@@ -1,2 +1,2 @@
-export { isEncrypted, encrypt, decrypt, encryptAad, extractAad } from './encryption/index.js';
+export { isEncrypted, encrypt, decrypt, encryptAad, extractAad, decryptAad } from './encryption/index.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/index.js

@@ -1,2 +1,2 @@
-export { isEncrypted, encrypt, decrypt, encryptAad, extractAad } from './encryption/index.js';
+export { isEncrypted, encrypt, decrypt, encryptAad, extractAad, decryptAad } from './encryption/index.js';
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cloudpss/crypto",
-  "version": "0.6.15",
+  "version": "0.6.16",
   "author": "CloudPSS",
   "license": "MIT",
   "type": "module",

package/src/encryption/browser.ts

@@ -1,6 +1,7 @@
 import type { EncryptedData, PlainData } from './common.js';
 
-const module = async () => {
+/** 动态选择加密模块 */
+async function loadModule() {
     if (
         typeof crypto == 'object' &&
         typeof crypto.subtle == 'object' &&
@@ -13,7 +14,21 @@ const module = async () => {
     } else {
         return import('./wasm.js');
     }
-};
+}
+
+let module: typeof loadModule;
+
+/** For test purposes */
+export function resetModuleLoader(): void {
+    module = async () => {
+        const mod = await loadModule();
+        // eslint-disable-next-line @typescript-eslint/promise-function-async
+        module = () => Promise.resolve(mod);
+        return mod;
+    };
+}
+
+resetModuleLoader();
 
 /** browser encrypt */
 export async function encrypt(data: PlainData, passphrase: string): Promise<EncryptedData> {

package/src/encryption/index.ts

@@ -13,7 +13,7 @@ export function isEncrypted(data: BufferSource): boolean {
  * 从加密数据中提取附加数据
  * @throws {TypeError} 如果数据不是有效的加密数据
  */
-export function extractAad(data: BufferSource): Uint8Array | undefined {
+export function extractAad(data: BufferSource): Uint8Array<ArrayBuffer> | undefined {
     const encrypted = parseEncrypted(data);
     if (encrypted == null) {
         throw new TypeError('Invalid encrypted data');
@@ -24,12 +24,6 @@ export function extractAad(data: BufferSource): Uint8Array | undefined {
 }
 
 export const {
-    /**
-     * 加密数据
-     * @throws {TypeError} 如果密码无效
-     */
-    // eslint-disable-next-line @typescript-eslint/unbound-method
-    encrypt,
     /**
      * 加密数据，包含不加密的附加数据
      * @throws {TypeError} 如果密码无效
@@ -37,10 +31,27 @@ export const {
     // eslint-disable-next-line @typescript-eslint/unbound-method
     encryptAad,
     /**
-     * 解密数据
+     * 解密数据，包含不加密的附加数据
      * @throws {TypeError} 如果数据不是有效的加密数据
      * @throws {TypeError} 如果密码无效
      */
     // eslint-disable-next-line @typescript-eslint/unbound-method
-    decrypt,
+    decryptAad,
 } = createModule(impl);
+
+/**
+ * 加密数据
+ * @throws {TypeError} 如果密码无效
+ */
+export async function encrypt(data: BufferSource, passphrase: string): Promise<Uint8Array<ArrayBuffer>> {
+    return await encryptAad(data, undefined, passphrase);
+}
+/**
+ * 解密数据
+ * @throws {TypeError} 如果数据不是有效的加密数据
+ * @throws {TypeError} 如果密码无效
+ */
+export async function decrypt(data: BufferSource, passphrase: string): Promise<Uint8Array<ArrayBuffer>> {
+    const decrypted = await decryptAad(data, passphrase);
+    return decrypted.data;
+}

package/src/encryption/module.ts

@@ -22,22 +22,17 @@ function assertPassphrase(passphrase: string): void {
 
 /** 模块 */
 interface Module {
-    /**
-     * 加密数据
-     * @throws {TypeError} 如果密码无效
-     */
-    encrypt(data: BufferSource, passphrase: string): Promise<Uint8Array<ArrayBuffer>>;
     /**
      * 加密数据，包含不加密的附加数据
      * @throws {TypeError} 如果密码无效
      */
     encryptAad(data: BufferSource, aad: BufferSource | undefined, passphrase: string): Promise<Uint8Array<ArrayBuffer>>;
     /**
-     * 解密数据
+     * 解密数据，包含不加密的附加数据
      * @throws {TypeError} 如果数据不是有效的加密数据
      * @throws {TypeError} 如果密码无效
      */
-    decrypt(data: BufferSource, passphrase: string): Promise<Uint8Array<ArrayBuffer>>;
+    decryptAad(data: BufferSource, passphrase: string): Promise<PlainData>;
 }
 
 /** 创建模块 */
@@ -69,26 +64,22 @@ export function createModule(impl: typeof import('#encryption') | typeof import(
         result.set(encrypted.data, MAGIC_NUMBER.length + NONCE_SIZE + AAD_LEN_SIZE + paddedAddSize);
         return result;
     };
-    const encrypt: Module['encrypt'] = async (data, passphrase) => {
-        return await encryptAad(data, undefined, passphrase);
-    };
 
-    const decrypt: Module['decrypt'] = async (data, passphrase) => {
+    const decryptAad: Module['decryptAad'] = async (data, passphrase) => {
         assertPassphrase(passphrase);
         const encrypted = parseEncrypted(data);
         if (encrypted == null) {
             throw new TypeError('Invalid encrypted data');
         }
         try {
-            const result = await impl.decrypt(encrypted, passphrase);
-            return result.data;
+            return await impl.decrypt(encrypted, passphrase);
         } catch (ex) {
             throw new Error('Wrong passphrase', { cause: ex });
         }
     };
+
     return {
-        encrypt,
         encryptAad,
-        decrypt,
+        decryptAad,
     };
 }

package/src/index.ts

@@ -1 +1 @@
-export { isEncrypted, encrypt, decrypt, encryptAad, extractAad } from './encryption/index.js';
+export { isEncrypted, encrypt, decrypt, encryptAad, extractAad, decryptAad } from './encryption/index.js';

package/tests/.check.ts

@@ -0,0 +1,134 @@
+import { randomUUID } from 'node:crypto';
+import { isEncrypted, extractAad, type encryptAad as e, type decryptAad as d } from '../dist/index.js';
+import { toUint8Array } from '../dist/utils.js';
+import type * as nodeImpl from '../dist/encryption/node.js';
+import type * as webImpl from '../dist/encryption/web.js';
+import type * as wasmImpl from '../dist/encryption/wasm.js';
+
+const data = Object.entries({
+    empty: Buffer.from(''),
+    short: Buffer.from('Hello, World!'),
+    long: Buffer.from('Hello, World!'.repeat(100)),
+    zeros: new Uint8Array(100),
+    longlong: Buffer.from('Hello, World!'.repeat(1000)).buffer,
+    unaligned: Buffer.from('Hello, World!'.repeat(1000)).subarray(1),
+}).map(([k, d]) => ({ raw: d, length: d.byteLength, type: d.constructor.name, tag: k }));
+
+const passphrase = randomUUID();
+
+/**
+ * 检查实现模块
+ */
+export function checkModule(module: { decryptAad: typeof d; encryptAad: typeof e }): void {
+    it('has correct exports', () => {
+        expect(module).toMatchObject({
+            decryptAad: expect.any(Function) as unknown,
+            encryptAad: expect.any(Function) as unknown,
+        });
+    });
+
+    const { decryptAad, encryptAad } = module;
+
+    it.each(data)('encrypt/decrypt $type[$length] ($tag)', async ({ raw }) => {
+        const encrypted = await encryptAad(raw, undefined, passphrase);
+        expect(encrypted).toBeInstanceOf(Uint8Array);
+        expect(encrypted.byteLength).toBeGreaterThan(raw.byteLength);
+        expect(isEncrypted(encrypted)).toBe(true);
+
+        await expect(async () => {
+            await decryptAad(encrypted, 'xx');
+        }).rejects.toThrow();
+
+        const decrypted = await decryptAad(encrypted, passphrase);
+        expect(decrypted.data).toBeInstanceOf(Uint8Array);
+        expect(decrypted.data).toEqual(toUint8Array(raw));
+        expect(decrypted.aad).toBeInstanceOf(Uint8Array);
+        expect(decrypted.aad.byteLength).toBe(0);
+    });
+
+    it.each(data)('encrypt/decrypt $type[$length] ($tag) with aad', async ({ raw }) => {
+        const aad = Buffer.from('Hello, AAD!');
+        const encrypted = await encryptAad(raw, aad, passphrase);
+        expect(encrypted).toBeInstanceOf(Uint8Array);
+        expect(encrypted.byteLength).toBeGreaterThan(raw.byteLength);
+        expect(isEncrypted(encrypted)).toBe(true);
+
+        const extractedAad = extractAad(encrypted);
+        expect(extractedAad).toBeInstanceOf(Uint8Array);
+        expect(extractedAad).toEqual(toUint8Array(aad));
+
+        await expect(async () => {
+            await decryptAad(encrypted, 'xx');
+        }).rejects.toThrow();
+
+        const decrypted = await decryptAad(encrypted, passphrase);
+        expect(decrypted.data).toBeInstanceOf(Uint8Array);
+        expect(decrypted.data).toEqual(toUint8Array(raw));
+        expect(decrypted.aad).toBeInstanceOf(Uint8Array);
+        expect(decrypted.aad).toEqual(toUint8Array(aad));
+    });
+}
+
+/**
+ * 检查实现
+ */
+export function checkImplEncryption(
+    encrypt: typeof webImpl.encrypt | typeof wasmImpl.encrypt | typeof nodeImpl.encrypt,
+    decrypt: typeof webImpl.decrypt | typeof wasmImpl.decrypt | typeof nodeImpl.decrypt,
+): void {
+    it.each(data)(
+        `$type[$length] ($tag)`,
+        async ({ raw }) => {
+            const encrypted = await encrypt({ data: toUint8Array(raw), aad: new Uint8Array(0) }, passphrase);
+            expect(encrypted.nonce).toBeInstanceOf(Uint8Array);
+            expect(encrypted.nonce.byteLength).toBe(12);
+            expect(encrypted.aad).toBeInstanceOf(Uint8Array);
+            expect(encrypted.aad.byteLength).toBe(0);
+            expect(encrypted.data).toBeInstanceOf(Uint8Array);
+
+            await expect(async () => {
+                await decrypt(encrypted, 'xx');
+            }).rejects.toThrow();
+
+            const decrypted = await decrypt(encrypted, passphrase);
+            expect(decrypted.data).toBeInstanceOf(Uint8Array);
+            expect(decrypted.data).toEqual(toUint8Array(raw));
+            expect(decrypted.aad).toBeInstanceOf(Uint8Array);
+            expect(decrypted.aad.byteLength).toBe(0);
+        },
+        100_000,
+    );
+    it.each(data)(
+        `(aad) $type[$length] ($tag)`,
+        async ({ raw }) => {
+            const aad = Buffer.from('Hello, AAD!');
+            const encrypted = await encrypt({ data: toUint8Array(raw), aad }, passphrase);
+            expect(encrypted.nonce).toBeInstanceOf(Uint8Array);
+            expect(encrypted.nonce.byteLength).toBe(12);
+            expect(encrypted.data).toBeInstanceOf(Uint8Array);
+
+            await expect(async () => {
+                await decrypt(
+                    // @ts-expect-error no aad
+                    {
+                        nonce: encrypted.nonce,
+                        data: encrypted.data,
+                    },
+                    passphrase,
+                );
+            }).rejects.toThrow();
+
+            const decrypted = await decrypt(
+                {
+                    nonce: encrypted.nonce,
+                    aad: toUint8Array(aad),
+                    data: encrypted.data,
+                },
+                passphrase,
+            );
+            expect(decrypted.data).toBeInstanceOf(Uint8Array);
+            expect(decrypted.data).toEqual(toUint8Array(raw));
+        },
+        100_000,
+    );
+}

package/tests/browser.ts

@@ -0,0 +1,28 @@
+import { createModule } from '../dist/encryption/module.js';
+import * as browserImpl from '../dist/encryption/browser.js';
+
+import { checkModule } from './.check.ts';
+
+describe('Encryption impl browser', () => {
+    const { subtle } = crypto;
+    describe('should work with crypto subtle', () => {
+        beforeAll(() => {
+            browserImpl.resetModuleLoader();
+        });
+        test('subtle exists', () => {
+            expect(crypto.subtle).toEqual(expect.any(Object));
+        });
+        checkModule(createModule(browserImpl));
+    });
+    describe('should work without crypto subtle', () => {
+        beforeAll(() => {
+            Object.defineProperty(crypto, 'subtle', { value: undefined, configurable: true });
+            browserImpl.resetModuleLoader();
+        });
+        afterAll(() => {
+            Object.defineProperty(crypto, 'subtle', { value: subtle, configurable: true });
+            browserImpl.resetModuleLoader();
+        });
+        checkModule(createModule(browserImpl));
+    });
+});

package/tests/encryption.ts

@@ -1,21 +1,8 @@
+import { randomUUID } from 'node:crypto';
 import { MAGIC_NUMBER } from '../dist/encryption/index.js';
-import { isEncrypted, encrypt, decrypt, encryptAad, extractAad } from '../dist/index.js';
-import { toUint8Array } from '../dist/utils.js';
-import { createModule } from '../dist/encryption/module.js';
-import * as nodeImpl from '../dist/encryption/node.js';
-import * as browserImpl from '../dist/encryption/browser.js';
-import * as webImpl from '../dist/encryption/web.js';
-import * as wasmImpl from '../dist/encryption/wasm.js';
-
-const data = Object.entries({
-    empty: Buffer.from(''),
-    short: Buffer.from('Hello, World!'),
-    long: Buffer.from('Hello, World!'.repeat(100)),
-    zeros: new Uint8Array(100),
-    longlong: Buffer.from('Hello, World!'.repeat(1000)).buffer,
-    unaligned: Buffer.from('Hello, World!'.repeat(1000)).subarray(1),
-}).map(([k, d]) => ({ raw: d, length: d.byteLength, type: d.constructor.name, tag: k }));
-const passphrase = 'test';
+import { isEncrypted, encrypt, decrypt, encryptAad, decryptAad, extractAad } from '../dist/index.js';
+
+const passphrase = randomUUID();
 
 describe('Encryption root export', () => {
     it('has MAGIC_NUMBER', () => {
@@ -64,6 +51,18 @@ describe('Encryption root export', () => {
         await expect(async () => decrypt(Buffer.alloc(100), 'xx')).rejects.toThrow('Invalid encrypted data');
     });
 
+    it('encrypt/decrypt', async () => {
+        const raw = Buffer.from('Hello, World!');
+        const encrypted = await encrypt(raw, passphrase);
+        expect(encrypted).toBeInstanceOf(Uint8Array);
+        expect(isEncrypted(encrypted)).toBe(true);
+
+        const decrypted = await decrypt(encrypted, passphrase);
+        expect(decrypted).toBeInstanceOf(Uint8Array);
+        expect(decrypted).toEqual(raw);
+        expect(decrypted).not.toBe(raw);
+    });
+
     describe('aad', () => {
         it('accepts empty aad', async () => {
             const encrypted = await encryptAad(Buffer.alloc(0), Buffer.alloc(0), passphrase);
@@ -79,166 +78,37 @@ describe('Encryption root export', () => {
             expect(extractedAad).toBeUndefined();
         });
 
-        it('rejects invalid aad size', async () => {
-            const aad2 = Buffer.alloc(1024 * 1024 * 1024 + 1);
-            await expect(async () => {
-                await encryptAad(Buffer.alloc(0), aad2, passphrase);
-            }).rejects.toThrow('Invalid AAD size');
-        });
-
-        it('rejects invalid data', () => {
-            const data = Buffer.alloc(10);
-            expect(() => extractAad(data)).toThrow('Invalid encrypted data');
-        });
-    });
-
-    checkModule({ encrypt, decrypt, encryptAad });
-});
-
-/**
- * 检查实现模块
- */
-function checkModule(module: { encrypt: typeof encrypt; decrypt: typeof decrypt; encryptAad: typeof encryptAad }) {
-    it('has correct exports', () => {
-        expect(module).toMatchObject({
-            encrypt: expect.any(Function) as unknown,
-            decrypt: expect.any(Function) as unknown,
-            encryptAad: expect.any(Function) as unknown,
-        });
-    });
-
-    const { encrypt, decrypt, encryptAad } = module;
-
-    it.each(data)('encrypt/decrypt $type[$length] ($tag)', async ({ raw }) => {
-        const encrypted = await encrypt(raw, passphrase);
-        expect(encrypted).toBeInstanceOf(Uint8Array);
-        expect(encrypted.byteLength).toBeGreaterThan(raw.byteLength);
-        expect(isEncrypted(encrypted)).toBe(true);
-
-        await expect(async () => {
-            await decrypt(encrypted, 'xx');
-        }).rejects.toThrow();
-
-        const decrypted = await decrypt(encrypted, passphrase);
-        expect(decrypted).toBeInstanceOf(Uint8Array);
-        expect(decrypted).toEqual(toUint8Array(raw));
-    });
-
-    it.each(data)('encrypt/decrypt $type[$length] ($tag) with aad', async ({ raw }) => {
-        const aad = Buffer.from('Hello, AAD!');
-        const encrypted = await encryptAad(raw, aad, passphrase);
-        expect(encrypted).toBeInstanceOf(Uint8Array);
-        expect(encrypted.byteLength).toBeGreaterThan(raw.byteLength);
-        expect(isEncrypted(encrypted)).toBe(true);
-
-        const extractedAad = extractAad(encrypted);
-        expect(extractedAad).toBeInstanceOf(Uint8Array);
-        expect(extractedAad).toEqual(toUint8Array(aad));
-
-        await expect(async () => {
-            await decrypt(encrypted, 'xx');
-        }).rejects.toThrow();
+        it('encrypts and decrypts with aad', async () => {
+            const raw = Buffer.from('Hello, World!');
+            const aad = Buffer.from('Hello, AAD!');
+            const encrypted = await encryptAad(raw, aad, passphrase);
+            expect(encrypted).toBeInstanceOf(Uint8Array);
 
-        const decrypted = await decrypt(encrypted, passphrase);
-        expect(decrypted).toBeInstanceOf(Uint8Array);
-        expect(decrypted).toEqual(toUint8Array(raw));
-    });
-}
-
-/**
- * 检查实现
- */
-function checkImplEncryption(
-    encrypt: typeof webImpl.encrypt | typeof wasmImpl.encrypt | typeof nodeImpl.encrypt,
-    decrypt: typeof webImpl.decrypt | typeof wasmImpl.decrypt | typeof nodeImpl.decrypt,
-) {
-    it.each(data)(
-        `$type[$length] ($tag)`,
-        async ({ raw }) => {
-            const encrypted = await encrypt({ data: toUint8Array(raw), aad: new Uint8Array(0) }, passphrase);
-            expect(encrypted.nonce).toBeInstanceOf(Uint8Array);
-            expect(encrypted.nonce.byteLength).toBe(12);
-            expect(encrypted.aad).toBeInstanceOf(Uint8Array);
-            expect(encrypted.aad.byteLength).toBe(0);
-            expect(encrypted.data).toBeInstanceOf(Uint8Array);
+            const extractedAad = extractAad(encrypted);
+            expect(extractedAad).toBeInstanceOf(Uint8Array);
+            expect(extractedAad).toEqual(aad);
 
             await expect(async () => {
-                await decrypt(encrypted, 'xx');
+                await decryptAad(encrypted, 'xx');
             }).rejects.toThrow();
 
-            const decrypted = await decrypt(encrypted, passphrase);
+            const decrypted = await decryptAad(encrypted, passphrase);
             expect(decrypted.data).toBeInstanceOf(Uint8Array);
-            expect(decrypted.data).toEqual(toUint8Array(raw));
+            expect(decrypted.data).toEqual(raw);
             expect(decrypted.aad).toBeInstanceOf(Uint8Array);
-            expect(decrypted.aad.byteLength).toBe(0);
-        },
-        100_000,
-    );
-    it.each(data)(
-        `(aad) $type[$length] ($tag)`,
-        async ({ raw }) => {
-            const aad = Buffer.from('Hello, AAD!');
-            const encrypted = await encrypt({ data: toUint8Array(raw), aad }, passphrase);
-            expect(encrypted.nonce).toBeInstanceOf(Uint8Array);
-            expect(encrypted.nonce.byteLength).toBe(12);
-            expect(encrypted.data).toBeInstanceOf(Uint8Array);
+            expect(decrypted.aad).toEqual(aad);
+        });
 
+        it('rejects invalid aad size', async () => {
+            const aad2 = Buffer.alloc(1024 * 1024 * 1024 + 1);
             await expect(async () => {
-                await decrypt(
-                    // @ts-expect-error no aad
-                    {
-                        nonce: encrypted.nonce,
-                        data: encrypted.data,
-                    },
-                    passphrase,
-                );
-            }).rejects.toThrow();
-
-            const decrypted = await decrypt(
-                {
-                    nonce: encrypted.nonce,
-                    aad: toUint8Array(aad),
-                    data: encrypted.data,
-                },
-                passphrase,
-            );
-            expect(decrypted.data).toBeInstanceOf(Uint8Array);
-            expect(decrypted.data).toEqual(toUint8Array(raw));
-        },
-        100_000,
-    );
-}
-
-describe('Encryption impl', () => {
-    const impls = Object.entries({
-        node: nodeImpl,
-        browser: browserImpl,
-        web: webImpl,
-        wasm: wasmImpl,
-    });
-    describe.each(impls)('impl %s', (name, impl) => {
-        const module = createModule(impl);
-        checkModule(module);
-    });
-    describe.each(impls.slice(1))(`cross impl %s/${impls[0][0]}`, (name, impl) => {
-        describe(`${impls[0][0]} -> ${name}`, () => {
-            checkImplEncryption(impls[0][1].encrypt, impl.decrypt);
-        });
-        describe(`${name} -> ${impls[0][0]}`, () => {
-            checkImplEncryption(impl.encrypt, impls[0][1].decrypt);
+                await encryptAad(Buffer.alloc(0), aad2, passphrase);
+            }).rejects.toThrow('Invalid AAD size');
         });
-    });
-});
 
-describe('Encryption impl browser', () => {
-    describe('should work without crypto subtle', () => {
-        const { subtle } = crypto;
-        beforeAll(() => {
-            Object.defineProperty(crypto, 'subtle', { value: undefined, configurable: true });
-        });
-        afterAll(() => {
-            Object.defineProperty(crypto, 'subtle', { value: subtle, configurable: true });
+        it('rejects invalid data', () => {
+            const data = Buffer.alloc(10);
+            expect(() => extractAad(data)).toThrow('Invalid encrypted data');
         });
-        checkModule(createModule(browserImpl));
     });
 });

package/tests/modules.ts

@@ -0,0 +1,30 @@
+import { encryptAad, decryptAad } from '../dist/index.js';
+import { createModule } from '../dist/encryption/module.js';
+import * as nodeImpl from '../dist/encryption/node.js';
+import * as webImpl from '../dist/encryption/web.js';
+import * as wasmImpl from '../dist/encryption/wasm.js';
+
+import { checkImplEncryption, checkModule } from './.check.ts';
+
+describe('Encryption impl', () => {
+    const impls = Object.entries({
+        node: nodeImpl,
+        web: webImpl,
+        wasm: wasmImpl,
+    });
+    describe('root exports', () => {
+        checkModule({ encryptAad, decryptAad });
+    });
+    describe.each(impls)('impl %s', (name, impl) => {
+        const module = createModule(impl);
+        checkModule(module);
+    });
+    describe.each(impls.slice(1))(`cross impl %s/${impls[0][0]}`, (name, impl) => {
+        describe(`${impls[0][0]} -> ${name}`, () => {
+            checkImplEncryption(impls[0][1].encrypt, impl.decrypt);
+        });
+        describe(`${name} -> ${impls[0][0]}`, () => {
+            checkImplEncryption(impl.encrypt, impls[0][1].decrypt);
+        });
+    });
+});