@digitaldefiance/node-ecies-lib 4.4.9 → 4.4.12

package/src/services/pbkdf2.ts

@@ -1,304 +0,0 @@
-import { PluginI18nEngine, CoreLanguageCode } from '@digitaldefiance/i18n-lib';
-import {
-  IPbkdf2Config,
-  IPBkdf2Consts,
-  Pbkdf2ErrorType,
-} from '@digitaldefiance/ecies-lib';
-import { pbkdf2 as pbkdf2Async, pbkdf2Sync, randomBytes } from 'crypto';
-import { promisify } from 'util';
-import { IConstants } from '../interfaces/constants';
-import { Pbkdf2ProfileEnum } from '../enumerations/pbkdf2-profile';
-import {
-  getNodeEciesTranslation,
-  NodeEciesStringKey,
-} from '../i18n/ecies-i18n-factory';
-import { IPbkdf2Result } from '../interfaces/pbkdf2-result';
-import { IECIESConsts } from '../interfaces/ecies-consts';
-import { Constants } from '../constants';
-
-/**
- * Custom PBKDF2 error class that works with the plugin i18n system
- */
-export class NodePbkdf2Error extends Error {
-  constructor(
-    message: string,
-    public readonly type: Pbkdf2ErrorType,
-  ) {
-    super(message);
-    this.name = 'NodePbkdf2Error';
-  }
-}
-
-/**
- * Service for handling PBKDF2 (Password-Based Key Derivation Function 2) operations.
- * This service provides functionality for:
- * - Generating secure key derivation configurations
- * - Deriving cryptographic keys from passwords
- * - Managing salt and iteration parameters
- * - Both synchronous and asynchronous key derivation
- */
-export class Pbkdf2Service<
-  TLanguage extends CoreLanguageCode = CoreLanguageCode,
-> {
-  protected readonly profiles: Record<string, IPbkdf2Config>;
-  protected readonly eciesConsts: IECIESConsts;
-  protected readonly pbkdf2Consts: IPBkdf2Consts;
-
-  constructor(
-    profiles: Record<string, IPbkdf2Config> = Constants.PBKDF2_PROFILES,
-    eciesParams: IECIESConsts = Constants.ECIES,
-    pbkdf2Params: IPBkdf2Consts = Constants.PBKDF2,
-  ) {
-    this.profiles = profiles;
-    this.eciesConsts = eciesParams;
-    this.pbkdf2Consts = pbkdf2Params;
-  }
-
-  /**
-   * Register a new PBKDF2 profile
-   * @param profileName The name of the profile
-   * @param config The configuration for the profile
-   */
-  public registerProfile(profileName: string, config: IPbkdf2Config): void {
-    this.profiles[profileName] = { ...config };
-  }
-
-  /**
-   * Get all registered profile names
-   * @returns Array of profile names
-   */
-  public getRegisteredProfiles(): string[] {
-    return Object.keys(this.profiles);
-  }
-
-  /**
-   * Check if a profile is registered
-   * @param profileName The name of the profile to check
-   * @returns True if the profile exists
-   */
-  public hasProfile(profileName: string): boolean {
-    return profileName in this.profiles;
-  }
-
-  /**
-   * Create a Pbkdf2Service instance from IConstants (for backward compatibility)
-   * @param constants The constants object
-   * @returns A new Pbkdf2Service instance
-   */
-  public static fromConstants(constants: IConstants): Pbkdf2Service {
-    return new Pbkdf2Service(
-      constants.PBKDF2_PROFILES,
-      constants.ECIES,
-      constants.PBKDF2,
-    );
-  }
-  /**
-   * Get a predefined configuration profile for common use cases
-   * @param profile The name of the profile to use
-   * @returns Configuration object for the specified profile
-   */
-  public getProfileConfig(profile: string): IPbkdf2Config {
-    const profileConfig = this.profiles[profile];
-    if (!profileConfig) {
-      throw new NodePbkdf2Error(
-        getNodeEciesTranslation(
-          NodeEciesStringKey.Error_Pbkdf2_InvalidSaltLength,
-        ),
-        Pbkdf2ErrorType.InvalidProfile,
-      );
-    }
-    return {
-      hashBytes: profileConfig.hashBytes,
-      saltBytes: profileConfig.saltBytes,
-      iterations: profileConfig.iterations,
-      algorithm: profileConfig.algorithm,
-    };
-  }
-
-  /**
-   * Generate an options object for pbkdf2
-   * @param iterations Optional number of iterations (defaults to Pbkdf2IterationsPerSecond)
-   * @param saltBytes Optional salt size in bytes (defaults to PBKDF2.SALT_BYTES)
-   * @param hashBytes Optional hash size in bytes (defaults to ECIES.SYMMETRIC.KEY_SIZE)
-   * @param algorithm Optional hash algorithm (defaults to PBKDF2.ALGORITHM)
-   * @returns Configuration object for PBKDF2
-   */
-  public getConfig(
-    iterations?: number,
-    saltBytes?: number,
-    hashBytes?: number,
-    algorithm?: string,
-  ): IPbkdf2Config {
-    // larger numbers mean better security, less
-    return {
-      // size of the generated hash
-      hashBytes: hashBytes ?? this.eciesConsts.SYMMETRIC.KEY_SIZE,
-      // larger salt means hashed passwords are more resistant to rainbow table, but
-      // you get diminishing returns pretty fast
-      saltBytes: saltBytes ?? this.pbkdf2Consts.SALT_BYTES,
-      // more iterations means an attacker has to take longer to brute force an
-      // individual password, so larger is better. however, larger also means longer
-      // to hash the password. tune so that hashing the password takes about a
-      // second
-      iterations: iterations ?? this.pbkdf2Consts.ITERATIONS_PER_SECOND,
-      // hash algorithm
-      algorithm: algorithm ?? this.pbkdf2Consts.ALGORITHM,
-    };
-  }
-
-  /**
-   * Given a password, use pbkdf2 to generate an appropriately sized key for AES encryption
-   * @param password The password to derive a key from
-   * @param salt Optional salt (will be randomly generated if not provided)
-   * @param iterations Optional number of iterations
-   * @param saltBytes Optional salt size in bytes
-   * @param keySize Optional key size in bytes
-   * @param algorithm Optional hash algorithm
-   * @returns Object containing the derived key, salt, and iteration count
-   */
-  public deriveKeyFromPassword(
-    password: Buffer,
-    salt?: Buffer,
-    iterations?: number,
-    saltBytes?: number,
-    keySize?: number,
-    algorithm?: string,
-  ): IPbkdf2Result {
-    const config = this.getConfig(iterations, saltBytes, keySize, algorithm);
-    const saltBytes_ = salt ?? randomBytes(config.saltBytes);
-
-    if (saltBytes_.length !== config.saltBytes) {
-      throw new NodePbkdf2Error(
-        getNodeEciesTranslation(
-          NodeEciesStringKey.Error_Pbkdf2_InvalidSaltLength,
-        ),
-        Pbkdf2ErrorType.InvalidSaltLength,
-      );
-    }
-
-    const hashBytes = pbkdf2Sync(
-      password,
-      saltBytes_,
-      config.iterations,
-      config.hashBytes,
-      config.algorithm,
-    );
-
-    if (hashBytes.length !== config.hashBytes) {
-      throw new NodePbkdf2Error(
-        getNodeEciesTranslation(
-          NodeEciesStringKey.Error_Pbkdf2_InvalidHashLength,
-        ),
-        Pbkdf2ErrorType.InvalidHashLength,
-      );
-    }
-
-    return {
-      salt: saltBytes_,
-      hash: hashBytes,
-      iterations: config.iterations,
-    };
-  }
-
-  /**
-   * Async version of deriveKeyFromPassword that uses libuv threadpool via crypto.pbkdf2
-   * to avoid blocking the event loop during password verification.
-   * @param password The password to derive a key from
-   * @param salt Optional salt (will be randomly generated if not provided)
-   * @param iterations Optional number of iterations
-   * @param saltBytes Optional salt size in bytes
-   * @param keySize Optional key size in bytes
-   * @param algorithm Optional hash algorithm
-   * @returns Promise resolving to object containing the derived key, salt, and iteration count
-   */
-  public async deriveKeyFromPasswordAsync(
-    password: Buffer,
-    salt?: Buffer,
-    iterations?: number,
-    saltBytes?: number,
-    keySize?: number,
-    algorithm?: string,
-  ): Promise<IPbkdf2Result> {
-    const config = this.getConfig(iterations, saltBytes, keySize, algorithm);
-    const saltBytes_ = salt ?? randomBytes(config.saltBytes);
-
-    if (saltBytes_.length !== config.saltBytes) {
-      throw new NodePbkdf2Error(
-        getNodeEciesTranslation(
-          NodeEciesStringKey.Error_Pbkdf2_InvalidSaltLength,
-        ),
-        Pbkdf2ErrorType.InvalidSaltLength,
-      );
-    }
-
-    const pbkdf2 = promisify(pbkdf2Async);
-    const hashBytes = (await pbkdf2(
-      password,
-      saltBytes_,
-      config.iterations,
-      config.hashBytes,
-      config.algorithm,
-    )) as Buffer;
-
-    if (hashBytes.length !== config.hashBytes) {
-      throw new NodePbkdf2Error(
-        getNodeEciesTranslation(
-          NodeEciesStringKey.Error_Pbkdf2_InvalidHashLength,
-        ),
-        Pbkdf2ErrorType.InvalidHashLength,
-      );
-    }
-
-    return {
-      salt: saltBytes_,
-      hash: hashBytes,
-      iterations: config.iterations,
-    };
-  }
-
-  /**
-   * Derive a key using a predefined configuration profile
-   * @param password The password to derive a key from
-   * @param profile The configuration profile to use
-   * @param salt Optional salt (will be randomly generated if not provided)
-   * @returns Object containing the derived key, salt, and iteration count
-   */
-  public deriveKeyFromPasswordWithProfile(
-    password: Buffer,
-    profile: Pbkdf2ProfileEnum,
-    salt?: Buffer,
-  ): IPbkdf2Result {
-    const config = this.getProfileConfig(profile);
-    return this.deriveKeyFromPassword(
-      password,
-      salt,
-      config.iterations,
-      config.saltBytes,
-      config.hashBytes,
-      config.algorithm,
-    );
-  }
-
-  /**
-   * Async version of deriveKeyFromPasswordWithProfile
-   * @param password The password to derive a key from
-   * @param profile The configuration profile to use
-   * @param salt Optional salt (will be randomly generated if not provided)
-   * @returns Promise resolving to object containing the derived key, salt, and iteration count
-   */
-  public async deriveKeyFromPasswordWithProfileAsync(
-    password: Buffer,
-    profile: Pbkdf2ProfileEnum,
-    salt?: Buffer,
-  ): Promise<IPbkdf2Result> {
-    const config = this.getProfileConfig(profile);
-    return this.deriveKeyFromPasswordAsync(
-      password,
-      salt,
-      config.iterations,
-      config.saltBytes,
-      config.hashBytes,
-      config.algorithm,
-    );
-  }
-}

package/src/services/progress-tracker.ts

@@ -1,43 +0,0 @@
-import { IStreamProgress } from '../interfaces/stream-progress';
-
-export class ProgressTracker {
-  private processedBytes = 0;
-  private startTime = Date.now();
-  private recentSamples: Array<{ bytes: number; timestamp: number }> = [];
-  private readonly maxSamples = 5;
-
-  public update(bytesProcessed: number): IStreamProgress {
-    this.processedBytes += bytesProcessed;
-    const now = Date.now();
-    
-    this.recentSamples.push({ bytes: bytesProcessed, timestamp: now });
-    if (this.recentSamples.length > this.maxSamples) {
-      this.recentSamples.shift();
-    }
-
-    const elapsedMs = now - this.startTime;
-    const elapsedSec = elapsedMs / 1000;
-    
-    let throughputBytesPerSec = 0;
-    if (this.recentSamples.length >= 2) {
-      const firstSample = this.recentSamples[0];
-      const lastSample = this.recentSamples[this.recentSamples.length - 1];
-      const sampleBytes = this.recentSamples.reduce((sum, s) => sum + s.bytes, 0);
-      const sampleTime = (lastSample.timestamp - firstSample.timestamp) / 1000;
-      
-      if (sampleTime > 0) {
-        throughputBytesPerSec = sampleBytes / sampleTime;
-      }
-    } else if (elapsedSec > 0) {
-      throughputBytesPerSec = this.processedBytes / elapsedSec;
-    }
-
-    return {
-      processedBytes: this.processedBytes,
-      totalBytes: 0,
-      percentComplete: 0,
-      throughputBytesPerSec,
-      estimatedTimeRemainingMs: 0,
-    };
-  }
-}

package/src/test-mocks/index.ts

@@ -1 +0,0 @@
-export * from './mock-backend-member';

package/src/test-mocks/mock-backend-member.ts

@@ -1,195 +0,0 @@
-import {
-  EmailString,
-  MemberType,
-  SecureBuffer,
-  SecureString,
-} from '@digitaldefiance/ecies-lib';
-import { Wallet } from '@ethereumjs/wallet';
-import { faker } from '@faker-js/faker';
-import { randomBytes } from 'crypto';
-
-import type { IBackendMemberOperational } from '../interfaces/backend-member-operational';
-import { SignatureBuffer } from '../types';
-
-const createMockWallet = (): Wallet =>
-  ({
-    getPrivateKey: () =>
-      Buffer.from(faker.string.hexadecimal({ length: 64 }), 'hex'),
-    getPublicKey: () =>
-      Buffer.from(faker.string.hexadecimal({ length: 128 }), 'hex'),
-    getAddress: () =>
-      Buffer.from(faker.string.hexadecimal({ length: 40 }), 'hex'),
-    sign: () => Buffer.from(faker.string.hexadecimal({ length: 128 }), 'hex'),
-  } as any);
-
-export class MockBackendMember implements IBackendMemberOperational<Buffer> {
-  private _id: Buffer;
-  private _type: MemberType;
-  private _name: string;
-  private _email: EmailString;
-  private _publicKey: Buffer;
-  private _creatorId: Buffer;
-  private _dateCreated: Date;
-  private _dateUpdated: Date;
-  private _privateKey?: SecureBuffer;
-  private _wallet?: Wallet;
-  private _hasPrivateKey: boolean;
-
-  constructor(
-    data: Partial<{
-      id: Buffer;
-      type: MemberType;
-      name: string;
-      email: EmailString;
-      publicKey: Buffer;
-      privateKey: SecureBuffer;
-      wallet: Wallet;
-      creatorId: Buffer;
-      dateCreated: Date;
-      dateUpdated: Date;
-      hasPrivateKey: boolean;
-    }> = {}
-  ) {
-    this._id = data.id || randomBytes(12);
-    this._type = data.type || faker.helpers.enumValue(MemberType);
-    this._name = data.name || faker.person.fullName();
-    this._email = data.email || new EmailString(faker.internet.email());
-    this._publicKey =
-      data.publicKey ||
-      Buffer.from(faker.string.hexadecimal({ length: 130 }), 'hex');
-    this._creatorId = data.creatorId || this._id;
-    this._dateCreated = data.dateCreated || faker.date.past();
-    this._dateUpdated =
-      data.dateUpdated ||
-      faker.date.between({ from: this._dateCreated, to: new Date() });
-    this._privateKey = data.privateKey;
-    this._wallet =
-      data.wallet ||
-      (data.hasPrivateKey !== false ? createMockWallet() : undefined);
-    this._hasPrivateKey = data.hasPrivateKey ?? !!this._privateKey;
-  }
-
-  get id(): Buffer {
-    return this._id;
-  }
-  get type(): MemberType {
-    return this._type;
-  }
-  get name(): string {
-    return this._name;
-  }
-  get email(): EmailString {
-    return this._email;
-  }
-  get publicKey(): Uint8Array {
-    return this._publicKey;
-  }
-  get creatorId(): Buffer {
-    return this._creatorId;
-  }
-  get dateCreated(): Date {
-    return this._dateCreated;
-  }
-  get dateUpdated(): Date {
-    return this._dateUpdated;
-  }
-  get privateKey(): SecureBuffer | undefined {
-    return this._privateKey;
-  }
-  get wallet(): Wallet | undefined {
-    return this._wallet;
-  }
-  get hasPrivateKey(): boolean {
-    return this._hasPrivateKey;
-  }
-
-  unloadPrivateKey(): void {}
-
-  unloadWallet(): void {}
-
-  unloadWalletAndPrivateKey(): void {}
-
-  loadWallet(mnemonic: SecureString): void {}
-
-  loadPrivateKey(privateKey: SecureBuffer): void {}
-
-  sign(data: Buffer): SignatureBuffer {
-    return Buffer.from(
-      faker.string.hexadecimal({ length: 128 }),
-      'hex'
-    ) as SignatureBuffer;
-  }
-
-  verify(signature: SignatureBuffer, data: Buffer): boolean {
-    return true;
-  }
-
-  encryptData(data: string | Buffer): Uint8Array {
-    return Buffer.from(faker.string.hexadecimal({ length: 256 }), 'hex');
-  }
-
-  decryptData(encryptedData: Buffer): Uint8Array {
-    return Buffer.from(faker.lorem.paragraph());
-  }
-
-  async *encryptDataStream(): AsyncGenerator<any, void, unknown> {
-    yield { data: Buffer.from('mock'), header: {} };
-  }
-
-  async *decryptDataStream(): AsyncGenerator<Buffer, void, unknown> {
-    yield Buffer.from('mock');
-  }
-
-  toJson(): string {
-    return JSON.stringify({
-      id: this._id.toString('hex'),
-      type: this._type,
-      name: this._name,
-      email: this._email.toString(),
-      publicKey: this._publicKey.toString('base64'),
-      creatorId: this._creatorId.toString('hex'),
-      dateCreated: this._dateCreated.toISOString(),
-      dateUpdated: this._dateUpdated.toISOString(),
-    });
-  }
-
-  dispose(): void {}
-
-  static create(
-    overrides: Partial<{
-      id: Buffer;
-      type: MemberType;
-      name: string;
-      email: EmailString;
-      publicKey: Buffer;
-      privateKey: SecureBuffer;
-      wallet: Wallet;
-      creatorId: Buffer;
-      dateCreated: Date;
-      dateUpdated: Date;
-      hasPrivateKey: boolean;
-    }> = {}
-  ): MockBackendMember {
-    return new MockBackendMember(overrides);
-  }
-
-  static createMultiple(count: number): MockBackendMember[] {
-    return Array.from({ length: count }, () => this.create());
-  }
-
-  static createWithPrivateKey(): MockBackendMember {
-    return new MockBackendMember({
-      privateKey: new SecureBuffer(
-        Buffer.from(faker.string.hexadecimal({ length: 64 }), 'hex')
-      ),
-      hasPrivateKey: true,
-    });
-  }
-
-  static createWithoutPrivateKey(): MockBackendMember {
-    return new MockBackendMember({
-      privateKey: undefined,
-      hasPrivateKey: false,
-    });
-  }
-}

package/src/testing.ts

@@ -1,2 +0,0 @@
-// Test utilities entry point - import from '@digitaldefiance/node-ecies-lib/testing'
-export * from './test-mocks';

package/src/types/id-guards.ts

@@ -1,91 +0,0 @@
-/**
- * Type guards and converters for ID types
- * Used to safely convert between Buffer and Uint8Array without unsafe type casts
- */
-
-/**
- * Type guard to check if a value is a Buffer
- * @param value - The value to check
- * @returns True if the value is a Buffer
- */
-export function isBuffer(value: unknown): value is Buffer {
-  return Buffer.isBuffer(value);
-}
-
-/**
- * Type guard to check if a value is a Uint8Array
- * @param value - The value to check
- * @returns True if the value is a Uint8Array
- */
-export function isUint8Array(value: unknown): value is Uint8Array {
-  return value instanceof Uint8Array;
-}
-
-/**
- * Safely converts an ID value to Buffer
- * @param id - The ID to convert (Buffer, Uint8Array, or string)
- * @returns The ID as a Buffer
- * @throws Error if the ID type is not supported
- */
-export function toBuffer(id: Buffer | Uint8Array | string): Buffer {
-  if (isBuffer(id)) {
-    return id;
-  }
-  if (isUint8Array(id)) {
-    return Buffer.from(id);
-  }
-  if (typeof id === 'string') {
-    return Buffer.from(id, 'hex');
-  }
-  throw new Error(`Cannot convert ID of type ${typeof id} to Buffer`);
-}
-
-/**
- * Safely converts an ID value to Uint8Array
- * @param id - The ID to convert (Buffer, Uint8Array, or string)
- * @returns The ID as a Uint8Array
- * @throws Error if the ID type is not supported
- */
-export function toUint8Array(id: Buffer | Uint8Array | string): Uint8Array {
-  if (isUint8Array(id)) {
-    return id;
-  }
-  if (isBuffer(id)) {
-    return new Uint8Array(id);
-  }
-  if (typeof id === 'string') {
-    return new Uint8Array(Buffer.from(id, 'hex'));
-  }
-  throw new Error(`Cannot convert ID of type ${typeof id} to Uint8Array`);
-}
-
-/**
- * Generic ID converter that can convert between Buffer, Uint8Array, and string
- * @param id - The ID to convert
- * @param toType - The target type ('Buffer', 'Uint8Array', or 'string')
- * @returns The converted ID
- * @throws Error if the conversion is not supported
- */
-export function convertId<T extends 'Buffer' | 'Uint8Array' | 'string'>(
-  id: Buffer | Uint8Array | string,
-  toType: T
-): T extends 'Buffer' ? Buffer : T extends 'Uint8Array' ? Uint8Array : string {
-  if (toType === 'Buffer') {
-    return toBuffer(id) as any;
-  }
-  if (toType === 'Uint8Array') {
-    return toUint8Array(id) as any;
-  }
-  if (toType === 'string') {
-    if (typeof id === 'string') {
-      return id as any;
-    }
-    if (isBuffer(id)) {
-      return id.toString('hex') as any;
-    }
-    if (isUint8Array(id)) {
-      return Buffer.from(id).toString('hex') as any;
-    }
-  }
-  throw new Error(`Cannot convert ID to type ${toType}`);
-}

package/src/types/index.ts

@@ -1 +0,0 @@
-export * from './id-guards';