@codesense/conseal 0.2.2 → 0.3.0

package/README.md

@@ -135,10 +135,30 @@ import { saveCryptoKey, loadCryptoKey, deleteCryptoKey } from 'conseal'
 
 ```bash
 npm install
-npm test           # run tests
+npm test           # unit tests (Vitest + happy-dom)
 npm run build      # build to dist/
 ```
 
+### Cross-browser tests
+
+SubtleCrypto behaviour is not identical across engines. The browser suite runs the full test suite in real Chromium, Firefox, and WebKit engines via Playwright.
+
+First-time setup — download browser binaries (~300 MB, one-off):
+
+```bash
+npx playwright install
+```
+
+Then run:
+
+```bash
+npm run test:browser
+```
+
+WebKit is the highest-value target: every browser on iOS uses WebKit under the hood regardless of brand, so this provides real Safari/iOS coverage without a device.
+
+Both suites run automatically on CI for every push and pull request to `main`.
+
 ## License
 
 Dual-licensed under [AGPL-3.0](LICENSE) and a [commercial license](COMMERCIAL-LICENSE.md).

package/dist/index.js

@@ -63,6 +63,7 @@ async function combinePassphraseAndSecretKey(passphrase, secretKey) {
 // src/pbkdf2.ts
 var ITERATIONS = 6e5;
 var SALT_LENGTH = 16;
+var IV_LENGTH = 12;
 async function deriveWrappingKey(passphrase, salt) {
   const keyMaterial = await crypto.subtle.importKey(
     "raw",
@@ -74,14 +75,21 @@ async function deriveWrappingKey(passphrase, salt) {
   return crypto.subtle.deriveKey(
     { name: "PBKDF2", salt, iterations: ITERATIONS, hash: "SHA-256" },
     keyMaterial,
-    { name: "AES-KW", length: 256 },
+    { name: "AES-GCM", length: 256 },
     false,
-    ["wrapKey", "unwrapKey"]
+    ["encrypt", "decrypt"]
   );
 }
 async function resolvePassphrase(passphrase, secretKey) {
   return secretKey ? combinePassphraseAndSecretKey(passphrase, secretKey) : passphrase;
 }
+async function decryptWrappedKey(wrappingKey, wrappedKey, extractable) {
+  const bytes = new Uint8Array(wrappedKey);
+  const iv = bytes.slice(0, IV_LENGTH);
+  const ciphertext = bytes.slice(IV_LENGTH);
+  const raw = await crypto.subtle.decrypt({ name: "AES-GCM", iv }, wrappingKey, ciphertext);
+  return crypto.subtle.importKey("raw", raw, { name: "AES-GCM", length: 256 }, extractable, ["encrypt", "decrypt"]);
+}
 async function wrapKey(passphrase, key, secretKey) {
   if (!key.extractable) {
     throw new Error("wrapKey: key must be extractable (extractable: true)");
@@ -89,36 +97,23 @@ async function wrapKey(passphrase, key, secretKey) {
   const effective = await resolvePassphrase(passphrase, secretKey);
   const salt = crypto.getRandomValues(new Uint8Array(SALT_LENGTH));
   const wrappingKey = await deriveWrappingKey(effective, salt);
-  const wrappedKey = await crypto.subtle.wrapKey("raw", key, wrappingKey, "AES-KW");
-  return { wrappedKey, salt };
+  const raw = await crypto.subtle.exportKey("raw", key);
+  const iv = crypto.getRandomValues(new Uint8Array(IV_LENGTH));
+  const ciphertext = await crypto.subtle.encrypt({ name: "AES-GCM", iv }, wrappingKey, raw);
+  const wrapped = new Uint8Array(IV_LENGTH + ciphertext.byteLength);
+  wrapped.set(iv, 0);
+  wrapped.set(new Uint8Array(ciphertext), IV_LENGTH);
+  return { wrappedKey: wrapped.buffer, salt };
 }
 async function unwrapKey(passphrase, wrappedKey, salt, secretKey) {
   const effective = await resolvePassphrase(passphrase, secretKey);
   const wrappingKey = await deriveWrappingKey(effective, salt);
-  return crypto.subtle.unwrapKey(
-    "raw",
-    wrappedKey,
-    wrappingKey,
-    "AES-KW",
-    { name: "AES-GCM", length: 256 },
-    false,
-    // extractable: false — safe for IndexedDB storage
-    ["encrypt", "decrypt"]
-  );
+  return decryptWrappedKey(wrappingKey, wrappedKey, false);
 }
 async function rekey(oldPassphrase, newPassphrase, wrappedKey, salt, secretKey) {
   const effectiveOld = await resolvePassphrase(oldPassphrase, secretKey);
   const oldWrappingKey = await deriveWrappingKey(effectiveOld, salt);
-  const aek = await crypto.subtle.unwrapKey(
-    "raw",
-    wrappedKey,
-    oldWrappingKey,
-    "AES-KW",
-    { name: "AES-GCM", length: 256 },
-    true,
-    // extractable: true — needed so wrapKey() can wrap it again
-    ["encrypt", "decrypt"]
-  );
+  const aek = await decryptWrappedKey(oldWrappingKey, wrappedKey, true);
   return wrapKey(newPassphrase, aek, secretKey);
 }
 async function rekeySecretKey(passphrase, oldSecretKey, newSecretKey, wrappedKey, salt) {
@@ -127,16 +122,7 @@ async function rekeySecretKey(passphrase, oldSecretKey, newSecretKey, wrappedKey
   }
   const effectiveOld = await resolvePassphrase(passphrase, oldSecretKey);
   const oldWrappingKey = await deriveWrappingKey(effectiveOld, salt);
-  const aek = await crypto.subtle.unwrapKey(
-    "raw",
-    wrappedKey,
-    oldWrappingKey,
-    "AES-KW",
-    { name: "AES-GCM", length: 256 },
-    true,
-    // extractable: true — needed so wrapKey() can wrap it again
-    ["encrypt", "decrypt"]
-  );
+  const aek = await decryptWrappedKey(oldWrappingKey, wrappedKey, true);
   return wrapKey(passphrase, aek, newSecretKey);
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@codesense/conseal",
-  "version": "0.2.2",
+  "version": "0.3.0",
   "description": "Browser-side zero-knowledge cryptography library using SubtleCrypto.",
   "type": "module",
   "main": "./dist/index.js",
@@ -14,7 +14,8 @@
   "scripts": {
     "build": "tsup",
     "test": "vitest run",
-    "test:watch": "vitest"
+    "test:watch": "vitest",
+    "test:browser": "vitest run --config vitest.browser.config.ts"
   },
   "files": [
     "dist"
@@ -24,9 +25,12 @@
   },
   "devDependencies": {
     "@scure/bip39": "^2.0.0",
+    "@vitest/browser": "^4.1.2",
+    "@vitest/browser-playwright": "^4.1.2",
     "fake-indexeddb": "^6.2.5",
     "happy-dom": "^20.0.0",
     "jsdom": "^29.0.1",
+    "playwright": "^1.51.0",
     "tsup": "^8.0.0",
     "typescript": "^6.0.0",
     "vitest": "^4.1.2"