@digitaldefiance/node-ecies-lib 4.5.19 → 4.6.3

package/src/services/multi-recipient-processor.js

@@ -0,0 +1,325 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MultiRecipientProcessor = void 0;
+const crypto_1 = require("crypto");
+const ecies_lib_1 = require("@digitaldefiance/ecies-lib");
+const constants_1 = require("../constants");
+const multi_recipient_chunk_1 = require("../interfaces/multi-recipient-chunk");
+const aes_gcm_1 = require("./aes-gcm");
+const multi_recipient_1 = require("./ecies/multi-recipient");
+class MultiRecipientProcessor {
+    aesGcm;
+    cryptoCore;
+    consts;
+    eciesMultiRecipient;
+    constants;
+    recipientIdSize;
+    constructor(cryptoCore, consts = constants_1.Constants.ECIES, aesGcm, eciesMultiRecipient) {
+        this.cryptoCore = cryptoCore;
+        this.consts = consts;
+        // Use injected dependencies or create defaults
+        this.aesGcm = aesGcm ?? new aes_gcm_1.AESGCMService();
+        this.eciesMultiRecipient =
+            eciesMultiRecipient ?? new multi_recipient_1.EciesMultiRecipient(cryptoCore);
+        this.recipientIdSize = consts.MULTIPLE.RECIPIENT_ID_SIZE;
+        this.constants = (0, multi_recipient_chunk_1.getMultiRecipientConstants)(this.recipientIdSize);
+    }
+    /**
+     * Encrypts a message for multiple recipients.
+     * Wrapper around EciesMultiRecipient.encryptMultiple for backward compatibility.
+     */
+    async encryptMultiple(recipients, message, preamble = Buffer.alloc(0)) {
+        // Convert IMultiRecipient to IMember-like objects
+        // EciesMultiRecipient expects IMember[] which has id: Buffer and publicKey: Buffer
+        // IMultiRecipient already matches this structure, so we can safely cast
+        const members = recipients;
+        const result = this.eciesMultiRecipient.encryptMultiple(members, message, preamble);
+        return result;
+    }
+    /**
+     * Builds the header for a message encrypted for multiple recipients.
+     * Wrapper around EciesMultiRecipient.buildECIESMultipleRecipientHeader for backward compatibility.
+     */
+    buildHeader(data) {
+        return this.eciesMultiRecipient.buildECIESMultipleRecipientHeader(data);
+    }
+    async encryptChunk(data, recipients, chunkIndex, isLast, symmetricKey, senderPrivateKey) {
+        if (chunkIndex < 0 || chunkIndex > 0xffffffff) {
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidDataLength);
+        }
+        // Sign-then-Encrypt
+        let dataToEncrypt = data;
+        if (senderPrivateKey) {
+            const signature = this.cryptoCore.sign(senderPrivateKey, data);
+            dataToEncrypt = Buffer.concat([signature, data]);
+        }
+        if (dataToEncrypt.length > this.consts.MAX_RAW_DATA_SIZE) {
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.FileSizeTooLarge);
+        }
+        // Generate ONE ephemeral key pair for all recipients
+        const ecdh = (0, crypto_1.createECDH)(this.cryptoCore.config.curveName);
+        ecdh.generateKeys();
+        const ephemeralPrivateKey = ecdh.getPrivateKey();
+        let ephemeralPublicKey = ecdh.getPublicKey(null, 'compressed');
+        // Ensure public key has 0x04 prefix
+        if (ephemeralPublicKey.length === this.cryptoCore.consts.RAW_PUBLIC_KEY_LENGTH) {
+            ephemeralPublicKey = Buffer.concat([
+                Buffer.from([this.cryptoCore.consts.PUBLIC_KEY_MAGIC]),
+                ephemeralPublicKey,
+            ]);
+        }
+        // Build recipient headers
+        const recipientHeaders = [];
+        for (const recipient of recipients) {
+            // Use Recipient ID as AAD for key encryption
+            const encryptedKey = this.eciesMultiRecipient.encryptKey(recipient.publicKey, symmetricKey, ephemeralPrivateKey, recipient.id);
+            recipientHeaders.push({
+                id: recipient.id,
+                keySize: encryptedKey.length,
+                encryptedKey,
+            });
+        }
+        // Calculate encrypted size (Data + Tag)
+        // AES-GCM tag is 16 bytes
+        const encryptedSize = dataToEncrypt.length + 16;
+        // Calculate total size
+        let recipientHeadersSize = 0;
+        for (const h of recipientHeaders) {
+            recipientHeadersSize +=
+                this.recipientIdSize + this.constants.KEY_SIZE_BYTES + h.keySize;
+        }
+        const totalSize = this.constants.HEADER_SIZE +
+            recipientHeadersSize +
+            12 + // IV
+            encryptedSize;
+        // Build chunk buffer
+        const chunk = Buffer.alloc(totalSize);
+        let offset = 0;
+        // Write header
+        chunk.writeUInt32BE(this.constants.MAGIC, offset);
+        offset += 4;
+        chunk.writeUInt16BE(this.constants.VERSION, offset);
+        offset += 2;
+        chunk.writeUInt16BE(recipients.length, offset);
+        offset += 2;
+        chunk.writeUInt32BE(chunkIndex, offset);
+        offset += 4;
+        chunk.writeUInt32BE(dataToEncrypt.length, offset); // Original Size
+        offset += 4;
+        chunk.writeUInt32BE(encryptedSize, offset);
+        offset += 4;
+        chunk.writeUInt8(isLast ? this.constants.FLAG_IS_LAST : 0, offset);
+        offset += 1;
+        // Write Ephemeral Public Key (33 bytes)
+        ephemeralPublicKey.copy(chunk, offset);
+        offset += 33;
+        // Padding to HEADER_SIZE (64 bytes)
+        offset = this.constants.HEADER_SIZE;
+        // Write recipient headers
+        for (const header of recipientHeaders) {
+            header.id.copy(chunk, offset);
+            offset += this.recipientIdSize;
+            chunk.writeUInt16BE(header.keySize, offset);
+            offset += this.constants.KEY_SIZE_BYTES;
+            header.encryptedKey.copy(chunk, offset);
+            offset += header.keySize;
+        }
+        // Extract the full header (including recipient headers) to use as AAD
+        const headerBytes = chunk.subarray(0, offset);
+        // Encrypt data with AES-256-GCM using Header as AAD
+        const iv = (0, crypto_1.randomBytes)(this.consts.IV_SIZE);
+        const cipher = (0, crypto_1.createCipheriv)(this.consts.SYMMETRIC_ALGORITHM_CONFIGURATION, symmetricKey, iv);
+        cipher.setAAD(headerBytes);
+        // eslint-disable-next-line @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-assignment
+        const encrypted = cipher.update(dataToEncrypt);
+        // eslint-disable-next-line @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-assignment
+        const final = cipher.final();
+        const authTag = cipher.getAuthTag();
+        // Write IV
+        iv.copy(chunk, offset);
+        offset += 12;
+        // Write encrypted data
+        encrypted.copy(chunk, offset);
+        offset += encrypted.length;
+        final.copy(chunk, offset); // Should be empty usually
+        offset += final.length;
+        // Write auth tag
+        authTag.copy(chunk, offset);
+        const header = {
+            chunkIndex,
+            flags: isLast ? 1 : 0,
+            recipientCount: recipients.length,
+            magic: this.constants.MAGIC,
+            version: this.constants.VERSION,
+            originalSize: dataToEncrypt.length,
+            encryptedSize,
+        };
+        return {
+            header,
+            data: chunk,
+        };
+    }
+    async decryptChunk(chunkData, recipientId, privateKey, senderPublicKey) {
+        if (chunkData.length < this.constants.HEADER_SIZE) {
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidDataLength);
+        }
+        let offset = 0;
+        // Parse header
+        const magic = chunkData.readUInt32BE(offset);
+        offset += 4;
+        if (magic !== this.constants.MAGIC) {
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidDataLength); // Invalid Magic
+        }
+        const version = chunkData.readUInt16BE(offset);
+        offset += 2;
+        if (version !== this.constants.VERSION) {
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidVersion);
+        }
+        const recipientCount = chunkData.readUInt16BE(offset);
+        offset += 2;
+        const chunkIndex = chunkData.readUInt32BE(offset);
+        offset += 4;
+        const originalSize = chunkData.readUInt32BE(offset);
+        offset += 4;
+        const encryptedSize = chunkData.readUInt32BE(offset);
+        offset += 4;
+        const flags = chunkData.readUInt8(offset);
+        offset += 1;
+        // Read Ephemeral Public Key (33 bytes)
+        const ephemeralPublicKey = chunkData.subarray(offset, offset + 33);
+        offset += 33;
+        offset = this.constants.HEADER_SIZE;
+        // Find recipient header and decrypt symmetric key
+        let symmetricKey = null;
+        let tempOffset = offset;
+        for (let i = 0; i < recipientCount; i++) {
+            const id = chunkData.subarray(tempOffset, tempOffset + this.recipientIdSize);
+            tempOffset += this.recipientIdSize;
+            const keySize = chunkData.readUInt16BE(tempOffset);
+            tempOffset += this.constants.KEY_SIZE_BYTES;
+            const encryptedKey = chunkData.subarray(tempOffset, tempOffset + keySize);
+            tempOffset += keySize;
+            // Check if this is our recipient
+            if (id.equals(recipientId)) {
+                // Use Recipient ID as AAD for key decryption
+                symmetricKey = this.eciesMultiRecipient.decryptKey(privateKey, encryptedKey, ephemeralPublicKey, id);
+            }
+        }
+        if (!symmetricKey) {
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.RecipientNotFound);
+        }
+        // Update offset to after all recipient headers
+        offset = tempOffset;
+        // Extract header bytes for AAD
+        const headerBytes = chunkData.subarray(0, offset);
+        // Read IV
+        const iv = chunkData.subarray(offset, offset + 12);
+        offset += 12;
+        // Read encrypted data (includes tag)
+        const encryptedWithTag = chunkData.subarray(offset, offset + encryptedSize);
+        offset += encryptedSize;
+        // Extract tag from end of encrypted data
+        const authTag = encryptedWithTag.subarray(encryptedWithTag.length - 16);
+        const encrypted = encryptedWithTag.subarray(0, encryptedWithTag.length - 16);
+        // Decrypt with AAD
+        const decipher = (0, crypto_1.createDecipheriv)(this.consts.SYMMETRIC_ALGORITHM_CONFIGURATION, symmetricKey, iv);
+        decipher.setAuthTag(authTag);
+        decipher.setAAD(headerBytes);
+        // eslint-disable-next-line @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-assignment
+        const decrypted = decipher.update(encrypted);
+        // eslint-disable-next-line @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-assignment
+        const final = decipher.final();
+        const decryptedMessage = Buffer.concat([decrypted, final]);
+        // Verify signature if sender public key provided
+        let finalData = decryptedMessage;
+        if (senderPublicKey) {
+            if (decryptedMessage.length < 64) {
+                throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidSignature);
+            }
+            const signature = decryptedMessage.subarray(0, 64);
+            const message = decryptedMessage.subarray(64);
+            const isValid = this.cryptoCore.verify(senderPublicKey, message, signature);
+            if (!isValid) {
+                throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidSignature);
+            }
+            finalData = message;
+        }
+        return {
+            data: finalData,
+            header: {
+                chunkIndex,
+                flags,
+                recipientCount,
+                magic,
+                version,
+                originalSize,
+                encryptedSize,
+            },
+        };
+    }
+    /**
+     * Decrypts a message encrypted with multiple ECIE for a recipient.
+     * Wrapper around EciesMultiRecipient.decryptMultipleECIEForRecipient for backward compatibility.
+     */
+    async decryptMultipleForRecipient(encryptedData, recipientId, privateKey, senderPublicKey) {
+        // Create a partial IMember with only the properties needed for decryption
+        const member = {
+            id: recipientId,
+            privateKey: new ecies_lib_1.SecureBuffer(privateKey),
+        };
+        return this.eciesMultiRecipient.decryptMultipleECIEForRecipient(encryptedData, member, senderPublicKey);
+    }
+    /**
+     * Parses a multi-encrypted header.
+     * Wrapper around EciesMultiRecipient.parseMultiEncryptedHeader for backward compatibility.
+     */
+    parseHeader(data) {
+        const result = this.eciesMultiRecipient.parseMultiEncryptedHeader(data);
+        return result;
+    }
+    /**
+     * Parses a multi-encrypted buffer into its components.
+     * Wrapper around EciesMultiRecipient.parseMultiEncryptedBuffer for backward compatibility.
+     */
+    parseMessage(data) {
+        const result = this.eciesMultiRecipient.parseMultiEncryptedBuffer(data);
+        return result;
+    }
+    /**
+     * Encrypts a symmetric key for a recipient.
+     * Generates a new ephemeral key pair.
+     * Returns [EphemeralPublicKey][EncryptedKey]
+     */
+    async encryptKey(recipientPublicKey, symmetricKey) {
+        // Generate ephemeral key pair
+        const ecdh = (0, crypto_1.createECDH)(this.cryptoCore.config.curveName);
+        ecdh.generateKeys();
+        const ephemeralPrivateKey = ecdh.getPrivateKey();
+        let ephemeralPublicKey = ecdh.getPublicKey(null, 'compressed');
+        // Ensure public key has 0x04 prefix
+        if (ephemeralPublicKey.length === this.cryptoCore.consts.RAW_PUBLIC_KEY_LENGTH) {
+            ephemeralPublicKey = Buffer.concat([
+                Buffer.from([this.cryptoCore.consts.PUBLIC_KEY_MAGIC]),
+                ephemeralPublicKey,
+            ]);
+        }
+        const encryptedKey = this.eciesMultiRecipient.encryptKey(recipientPublicKey, symmetricKey, ephemeralPrivateKey, Buffer.alloc(0));
+        return Buffer.concat([ephemeralPublicKey, encryptedKey]);
+    }
+    /**
+     * Decrypts a symmetric key.
+     * Expects [EphemeralPublicKey][EncryptedKey]
+     */
+    async decryptKey(privateKey, encryptedData) {
+        // Extract ephemeral public key
+        // const pubKeyLength = this.cryptoCore.consts.PUBLIC_KEY_LENGTH; // 33
+        const ephemeralPublicKey = encryptedData.subarray(0, 33);
+        const encryptedKey = encryptedData.subarray(33);
+        return this.eciesMultiRecipient.decryptKey(privateKey, encryptedKey, ephemeralPublicKey, Buffer.alloc(0));
+    }
+    getHeaderSize(recipientCount) {
+        return this.eciesMultiRecipient.getHeaderSize(recipientCount);
+    }
+}
+exports.MultiRecipientProcessor = MultiRecipientProcessor;
+//# sourceMappingURL=multi-recipient-processor.js.map

package/src/services/multi-recipient-processor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"multi-recipient-processor.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-ecies-lib/src/services/multi-recipient-processor.ts"],"names":[],"mappings":";;;AAAA,mCAKgB;AAEhB,0DAKoC;AAEpC,4CAAyC;AAIzC,+EAK6C;AAE7C,uCAA0C;AAE1C,6DAA8D;AAiB9D,MAAa,uBAAuB;IACjB,MAAM,CAAgB;IACtB,UAAU,CAAkB;IAC5B,MAAM,CAAkB;IACxB,mBAAmB,CAAsB;IACzC,SAAS,CAA2B;IACpC,eAAe,CAAS;IAEzC,YACE,UAA2B,EAC3B,SAA0B,qBAAS,CAAC,KAAK,EACzC,MAAsB,EACtB,mBAAyC;QAEzC,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,+CAA+C;QAC/C,IAAI,CAAC,MAAM,GAAG,MAAM,IAAI,IAAI,uBAAa,EAAE,CAAC;QAC5C,IAAI,CAAC,mBAAmB;YACtB,mBAAmB,IAAI,IAAI,qCAAmB,CAAC,UAAU,CAAC,CAAC;QAC7D,IAAI,CAAC,eAAe,GAAG,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CAAC;QACzD,IAAI,CAAC,SAAS,GAAG,IAAA,kDAA0B,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACpE,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,eAAe,CAC1B,UAA6B,EAC7B,OAAe,EACf,WAAmB,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAElC,kDAAkD;QAClD,mFAAmF;QACnF,wEAAwE;QACxE,MAAM,OAAO,GAAG,UAAuB,CAAC;QAExC,MAAM,MAAM,GAAG,IAAI,CAAC,mBAAmB,CAAC,eAAe,CACrD,OAAO,EACP,OAAO,EACP,QAAQ,CACT,CAAC;QAEF,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;OAGG;IACI,WAAW,CAAC,IAA4B;QAC7C,OAAO,IAAI,CAAC,mBAAmB,CAAC,iCAAiC,CAAC,IAAI,CAAC,CAAC;IAC1E,CAAC;IAEM,KAAK,CAAC,YAAY,CACvB,IAAY,EACZ,UAA6B,EAC7B,UAAkB,EAClB,MAAe,EACf,YAAoB,EACpB,gBAAyB;QAEzB,IAAI,UAAU,GAAG,CAAC,IAAI,UAAU,GAAG,UAAU,EAAE,CAAC;YAC9C,MAAM,IAAI,sBAAU,CAAC,8BAAkB,CAAC,iBAAiB,CAAC,CAAC;QAC7D,CAAC;QAED,oBAAoB;QACpB,IAAI,aAAa,GAAG,IAAI,CAAC;QACzB,IAAI,gBAAgB,EAAE,CAAC;YACrB,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;YAC/D,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,aAAa,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;YACzD,MAAM,IAAI,sBAAU,CAAC,8BAAkB,CAAC,gBAAgB,CAAC,CAAC;QAC5D,CAAC;QAED,qDAAqD;QACrD,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC1D,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,MAAM,mBAAmB,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACjD,IAAI,kBAAkB,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;QAE/D,oCAAoC;QACpC,IACE,kBAAkB,CAAC,MAAM,KAAK,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,qBAAqB,EAC1E,CAAC;YACD,kBAAkB,GAAG,MAAM,CAAC,MAAM,CAAC;gBACjC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;gBACtD,kBAAkB;aACnB,CAAC,CAAC;QACL,CAAC;QAED,0BAA0B;QAC1B,MAAM,gBAAgB,GAIjB,EAAE,CAAC;QACR,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,6CAA6C;YAC7C,MAAM,YAAY,GAAG,IAAI,CAAC,mBAAmB,CAAC,UAAU,CACtD,SAAS,CAAC,SAAS,EACnB,YAAY,EACZ,mBAAmB,EACnB,SAAS,CAAC,EAAE,CACb,CAAC;YAEF,gBAAgB,CAAC,IAAI,CAAC;gBACpB,EAAE,EAAE,SAAS,CAAC,EAAE;gBAChB,OAAO,EAAE,YAAY,CAAC,MAAM;gBAC5B,YAAY;aACb,CAAC,CAAC;QACL,CAAC;QAED,wCAAwC;QACxC,0BAA0B;QAC1B,MAAM,aAAa,GAAG,aAAa,CAAC,MAAM,GAAG,EAAE,CAAC;QAEhD,uBAAuB;QACvB,IAAI,oBAAoB,GAAG,CAAC,CAAC;QAC7B,KAAK,MAAM,CAAC,IAAI,gBAAgB,EAAE,CAAC;YACjC,oBAAoB;gBAClB,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,SAAS,CAAC,cAAc,GAAG,CAAC,CAAC,OAAO,CAAC;QACrE,CAAC;QAED,MAAM,SAAS,GACb,IAAI,CAAC,SAAS,CAAC,WAAW;YAC1B,oBAAoB;YACpB,EAAE,GAAG,KAAK;YACV,aAAa,CAAC;QAEhB,qBAAqB;QACrB,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACtC,IAAI,MAAM,GAAG,CAAC,CAAC;QAEf,eAAe;QACf,KAAK,CAAC,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAClD,MAAM,IAAI,CAAC,CAAC;QACZ,KAAK,CAAC,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACpD,MAAM,IAAI,CAAC,CAAC;QACZ,KAAK,CAAC,aAAa,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC/C,MAAM,IAAI,CAAC,CAAC;QACZ,KAAK,CAAC,aAAa,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QACxC,MAAM,IAAI,CAAC,CAAC;QACZ,KAAK,CAAC,aAAa,CAAC,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,gBAAgB;QACnE,MAAM,IAAI,CAAC,CAAC;QACZ,KAAK,CAAC,aAAa,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAC3C,MAAM,IAAI,CAAC,CAAC;QACZ,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;QACnE,MAAM,IAAI,CAAC,CAAC;QAEZ,wCAAwC;QACxC,kBAAkB,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QACvC,MAAM,IAAI,EAAE,CAAC;QAEb,oCAAoC;QACpC,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC;QAEpC,0BAA0B;QAC1B,KAAK,MAAM,MAAM,IAAI,gBAAgB,EAAE,CAAC;YACtC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YAC9B,MAAM,IAAI,IAAI,CAAC,eAAe,CAAC;YAC/B,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC5C,MAAM,IAAI,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC;YACxC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YACxC,MAAM,IAAI,MAAM,CAAC,OAAO,CAAC;QAC3B,CAAC;QAED,sEAAsE;QACtE,MAAM,WAAW,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;QAE9C,oDAAoD;QACpD,MAAM,EAAE,GAAG,IAAA,oBAAW,EAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC5C,MAAM,MAAM,GAAG,IAAA,uBAAc,EAC3B,IAAI,CAAC,MAAM,CAAC,iCAAiC,EAC7C,YAAY,EACZ,EAAE,CACoB,CAAC;QAEzB,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAE3B,sGAAsG;QACtG,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,aAAa,CAAW,CAAC;QACzD,sGAAsG;QACtG,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,EAAY,CAAC;QACvC,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEpC,WAAW;QACV,EAAa,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QACnC,MAAM,IAAI,EAAE,CAAC;QAEb,uBAAuB;QACtB,SAAoB,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC1C,MAAM,IAAK,SAAoB,CAAC,MAAM,CAAC;QACtC,KAAgB,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,0BAA0B;QACjE,MAAM,IAAK,KAAgB,CAAC,MAAM,CAAC;QAEnC,iBAAiB;QACjB,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAE5B,MAAM,MAAM,GAA+B;YACzC,UAAU;YACV,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACrB,cAAc,EAAE,UAAU,CAAC,MAAM;YACjC,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK;YAC3B,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO;YAC/B,YAAY,EAAE,aAAa,CAAC,MAAM;YAClC,aAAa;SACd,CAAC;QAEF,OAAO;YACL,MAAM;YACN,IAAI,EAAE,KAAK;SACZ,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,YAAY,CACvB,SAAiB,EACjB,WAAmB,EACnB,UAAkB,EAClB,eAAwB;QAExB,IAAI,SAAS,CAAC,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;YAClD,MAAM,IAAI,sBAAU,CAAC,8BAAkB,CAAC,iBAAiB,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,MAAM,GAAG,CAAC,CAAC;QAEf,eAAe;QACf,MAAM,KAAK,GAAG,SAAS,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC7C,MAAM,IAAI,CAAC,CAAC;QACZ,IAAI,KAAK,KAAK,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;YACnC,MAAM,IAAI,sBAAU,CAAC,8BAAkB,CAAC,iBAAiB,CAAC,CAAC,CAAC,gBAAgB;QAC9E,CAAC;QAED,MAAM,OAAO,GAAG,SAAS,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC/C,MAAM,IAAI,CAAC,CAAC;QACZ,IAAI,OAAO,KAAK,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;YACvC,MAAM,IAAI,sBAAU,CAAC,8BAAkB,CAAC,cAAc,CAAC,CAAC;QAC1D,CAAC;QAED,MAAM,cAAc,GAAG,SAAS,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QACtD,MAAM,IAAI,CAAC,CAAC;QAEZ,MAAM,UAAU,GAAG,SAAS,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAClD,MAAM,IAAI,CAAC,CAAC;QACZ,MAAM,YAAY,GAAG,SAAS,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QACpD,MAAM,IAAI,CAAC,CAAC;QACZ,MAAM,aAAa,GAAG,SAAS,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QACrD,MAAM,IAAI,CAAC,CAAC;QACZ,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAC1C,MAAM,IAAI,CAAC,CAAC;QAEZ,uCAAuC;QACvC,MAAM,kBAAkB,GAAG,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,EAAE,CAAC,CAAC;QACnE,MAAM,IAAI,EAAE,CAAC;QAEb,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC;QAEpC,kDAAkD;QAClD,IAAI,YAAY,GAAkB,IAAI,CAAC;QACvC,IAAI,UAAU,GAAG,MAAM,CAAC;QAExB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,cAAc,EAAE,CAAC,EAAE,EAAE,CAAC;YACxC,MAAM,EAAE,GAAG,SAAS,CAAC,QAAQ,CAC3B,UAAU,EACV,UAAU,GAAG,IAAI,CAAC,eAAe,CAClC,CAAC;YACF,UAAU,IAAI,IAAI,CAAC,eAAe,CAAC;YAEnC,MAAM,OAAO,GAAG,SAAS,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;YACnD,UAAU,IAAI,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC;YAE5C,MAAM,YAAY,GAAG,SAAS,CAAC,QAAQ,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,CAAC;YAC1E,UAAU,IAAI,OAAO,CAAC;YAEtB,iCAAiC;YACjC,IAAI,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC3B,6CAA6C;gBAC7C,YAAY,GAAG,IAAI,CAAC,mBAAmB,CAAC,UAAU,CAChD,UAAU,EACV,YAAY,EACZ,kBAAkB,EAClB,EAAE,CACH,CAAC;YACJ,CAAC;QACH,CAAC;QAED,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,sBAAU,CAAC,8BAAkB,CAAC,iBAAiB,CAAC,CAAC;QAC7D,CAAC;QAED,+CAA+C;QAC/C,MAAM,GAAG,UAAU,CAAC;QAEpB,+BAA+B;QAC/B,MAAM,WAAW,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;QAElD,UAAU;QACV,MAAM,EAAE,GAAG,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,EAAE,CAAC,CAAC;QACnD,MAAM,IAAI,EAAE,CAAC;QAEb,qCAAqC;QACrC,MAAM,gBAAgB,GAAG,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,aAAa,CAAC,CAAC;QAC5E,MAAM,IAAI,aAAa,CAAC;QAExB,yCAAyC;QACzC,MAAM,OAAO,GAAG,gBAAgB,CAAC,QAAQ,CAAC,gBAAgB,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACxE,MAAM,SAAS,GAAG,gBAAgB,CAAC,QAAQ,CACzC,CAAC,EACD,gBAAgB,CAAC,MAAM,GAAG,EAAE,CAC7B,CAAC;QAEF,mBAAmB;QACnB,MAAM,QAAQ,GAAG,IAAA,yBAAgB,EAC/B,IAAI,CAAC,MAAM,CAAC,iCAAiC,EAC7C,YAAY,EACZ,EAAE,CACsB,CAAC;QAE3B,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAC7B,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAE7B,sGAAsG;QACtG,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAW,CAAC;QACvD,sGAAsG;QACtG,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,EAAY,CAAC;QACzC,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC;QAE3D,iDAAiD;QACjD,IAAI,SAAS,GAAG,gBAAgB,CAAC;QACjC,IAAI,eAAe,EAAE,CAAC;YACpB,IAAI,gBAAgB,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;gBACjC,MAAM,IAAI,sBAAU,CAAC,8BAAkB,CAAC,gBAAgB,CAAC,CAAC;YAC5D,CAAC;YACD,MAAM,SAAS,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACnD,MAAM,OAAO,GAAG,gBAAgB,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;YAE9C,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CACpC,eAAe,EACf,OAAO,EACP,SAAS,CACV,CAAC;YACF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,sBAAU,CAAC,8BAAkB,CAAC,gBAAgB,CAAC,CAAC;YAC5D,CAAC;YACD,SAAS,GAAG,OAAO,CAAC;QACtB,CAAC;QAED,OAAO;YACL,IAAI,EAAE,SAAS;YACf,MAAM,EAAE;gBACN,UAAU;gBACV,KAAK;gBACL,cAAc;gBACd,KAAK;gBACL,OAAO;gBACP,YAAY;gBACZ,aAAa;aACd;SACF,CAAC;IACJ,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,2BAA2B,CACtC,aAAqC,EACrC,WAAmB,EACnB,UAAkB,EAClB,eAAwB;QAExB,0EAA0E;QAC1E,MAAM,MAAM,GAAuC;YACjD,EAAE,EAAE,WAAW;YACf,UAAU,EAAE,IAAI,wBAAY,CAAC,UAAU,CAAC;SACzC,CAAC;QAEF,OAAO,IAAI,CAAC,mBAAmB,CAAC,+BAA+B,CAC7D,aAAa,EACb,MAAiB,EACjB,eAAe,CAChB,CAAC;IACJ,CAAC;IAED;;;OAGG;IACI,WAAW,CAChB,IAAY;QAEZ,MAAM,MAAM,GAAG,IAAI,CAAC,mBAAmB,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC;QACxE,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;OAGG;IACI,YAAY,CAAC,IAAY;QAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,mBAAmB,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC;QACxE,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,UAAU,CACrB,kBAA0B,EAC1B,YAAoB;QAEpB,8BAA8B;QAC9B,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC1D,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,MAAM,mBAAmB,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACjD,IAAI,kBAAkB,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;QAE/D,oCAAoC;QACpC,IACE,kBAAkB,CAAC,MAAM,KAAK,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,qBAAqB,EAC1E,CAAC;YACD,kBAAkB,GAAG,MAAM,CAAC,MAAM,CAAC;gBACjC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;gBACtD,kBAAkB;aACnB,CAAC,CAAC;QACL,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,mBAAmB,CAAC,UAAU,CACtD,kBAAkB,EAClB,YAAY,EACZ,mBAAmB,EACnB,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAChB,CAAC;QAEF,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,kBAAkB,EAAE,YAAY,CAAC,CAAC,CAAC;IAC3D,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,UAAU,CACrB,UAAkB,EAClB,aAAqB;QAErB,+BAA+B;QAC/B,uEAAuE;QAEvE,MAAM,kBAAkB,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACzD,MAAM,YAAY,GAAG,aAAa,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QAEhD,OAAO,IAAI,CAAC,mBAAmB,CAAC,UAAU,CACxC,UAAU,EACV,YAAY,EACZ,kBAAkB,EAClB,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAChB,CAAC;IACJ,CAAC;IAEM,aAAa,CAAC,cAAsB;QACzC,OAAO,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC;IAChE,CAAC;CACF;AApdD,0DAodC"}

package/src/services/pbkdf2.d.ts

@@ -0,0 +1,105 @@
+import { IPbkdf2Config, IPBkdf2Consts, Pbkdf2ErrorType } from '@digitaldefiance/ecies-lib';
+import { CoreLanguageCode } from '@digitaldefiance/i18n-lib';
+import { Pbkdf2ProfileEnum } from '../enumerations/pbkdf2-profile';
+import { IConstants } from '../interfaces/constants';
+import { IECIESConsts } from '../interfaces/ecies-consts';
+import { IPbkdf2Result } from '../interfaces/pbkdf2-result';
+/**
+ * Custom PBKDF2 error class that works with the plugin i18n system
+ */
+export declare class NodePbkdf2Error extends Error {
+    readonly type: Pbkdf2ErrorType;
+    constructor(message: string, type: Pbkdf2ErrorType);
+}
+/**
+ * Service for handling PBKDF2 (Password-Based Key Derivation Function 2) operations.
+ * This service provides functionality for:
+ * - Generating secure key derivation configurations
+ * - Deriving cryptographic keys from passwords
+ * - Managing salt and iteration parameters
+ * - Both synchronous and asynchronous key derivation
+ */
+export declare class Pbkdf2Service<TLanguage extends CoreLanguageCode = CoreLanguageCode> {
+    protected readonly profiles: Record<string, IPbkdf2Config>;
+    protected readonly eciesConsts: IECIESConsts;
+    protected readonly pbkdf2Consts: IPBkdf2Consts;
+    constructor(profiles?: Record<string, IPbkdf2Config>, eciesParams?: IECIESConsts, pbkdf2Params?: IPBkdf2Consts);
+    /**
+     * Register a new PBKDF2 profile
+     * @param profileName The name of the profile
+     * @param config The configuration for the profile
+     */
+    registerProfile(profileName: string, config: IPbkdf2Config): void;
+    /**
+     * Get all registered profile names
+     * @returns Array of profile names
+     */
+    getRegisteredProfiles(): string[];
+    /**
+     * Check if a profile is registered
+     * @param profileName The name of the profile to check
+     * @returns True if the profile exists
+     */
+    hasProfile(profileName: string): boolean;
+    /**
+     * Create a Pbkdf2Service instance from IConstants (for backward compatibility)
+     * @param constants The constants object
+     * @returns A new Pbkdf2Service instance
+     */
+    static fromConstants(constants: IConstants): Pbkdf2Service;
+    /**
+     * Get a predefined configuration profile for common use cases
+     * @param profile The name of the profile to use
+     * @returns Configuration object for the specified profile
+     */
+    getProfileConfig(profile: string): IPbkdf2Config;
+    /**
+     * Generate an options object for pbkdf2
+     * @param iterations Optional number of iterations (defaults to Pbkdf2IterationsPerSecond)
+     * @param saltBytes Optional salt size in bytes (defaults to PBKDF2.SALT_BYTES)
+     * @param hashBytes Optional hash size in bytes (defaults to ECIES.SYMMETRIC.KEY_SIZE)
+     * @param algorithm Optional hash algorithm (defaults to PBKDF2.ALGORITHM)
+     * @returns Configuration object for PBKDF2
+     */
+    getConfig(iterations?: number, saltBytes?: number, hashBytes?: number, algorithm?: string): IPbkdf2Config;
+    /**
+     * Given a password, use pbkdf2 to generate an appropriately sized key for AES encryption
+     * @param password The password to derive a key from
+     * @param salt Optional salt (will be randomly generated if not provided)
+     * @param iterations Optional number of iterations
+     * @param saltBytes Optional salt size in bytes
+     * @param keySize Optional key size in bytes
+     * @param algorithm Optional hash algorithm
+     * @returns Object containing the derived key, salt, and iteration count
+     */
+    deriveKeyFromPassword(password: Buffer, salt?: Buffer, iterations?: number, saltBytes?: number, keySize?: number, algorithm?: string): IPbkdf2Result;
+    /**
+     * Async version of deriveKeyFromPassword that uses libuv threadpool via crypto.pbkdf2
+     * to avoid blocking the event loop during password verification.
+     * @param password The password to derive a key from
+     * @param salt Optional salt (will be randomly generated if not provided)
+     * @param iterations Optional number of iterations
+     * @param saltBytes Optional salt size in bytes
+     * @param keySize Optional key size in bytes
+     * @param algorithm Optional hash algorithm
+     * @returns Promise resolving to object containing the derived key, salt, and iteration count
+     */
+    deriveKeyFromPasswordAsync(password: Buffer, salt?: Buffer, iterations?: number, saltBytes?: number, keySize?: number, algorithm?: string): Promise<IPbkdf2Result>;
+    /**
+     * Derive a key using a predefined configuration profile
+     * @param password The password to derive a key from
+     * @param profile The configuration profile to use
+     * @param salt Optional salt (will be randomly generated if not provided)
+     * @returns Object containing the derived key, salt, and iteration count
+     */
+    deriveKeyFromPasswordWithProfile(password: Buffer, profile: Pbkdf2ProfileEnum, salt?: Buffer): IPbkdf2Result;
+    /**
+     * Async version of deriveKeyFromPasswordWithProfile
+     * @param password The password to derive a key from
+     * @param profile The configuration profile to use
+     * @param salt Optional salt (will be randomly generated if not provided)
+     * @returns Promise resolving to object containing the derived key, salt, and iteration count
+     */
+    deriveKeyFromPasswordWithProfileAsync(password: Buffer, profile: Pbkdf2ProfileEnum, salt?: Buffer): Promise<IPbkdf2Result>;
+}
+//# sourceMappingURL=pbkdf2.d.ts.map

package/src/services/pbkdf2.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pbkdf2.d.ts","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-ecies-lib/src/services/pbkdf2.ts"],"names":[],"mappings":"AAKA,OAAO,EACL,aAAa,EACb,aAAa,EACb,eAAe,EAChB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAG7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AAKnE,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAE5D;;GAEG;AACH,qBAAa,eAAgB,SAAQ,KAAK;aAGtB,IAAI,EAAE,eAAe;gBADrC,OAAO,EAAE,MAAM,EACC,IAAI,EAAE,eAAe;CAKxC;AAED;;;;;;;GAOG;AACH,qBAAa,aAAa,CAExB,SAAS,SAAS,gBAAgB,GAAG,gBAAgB;IAErD,SAAS,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAC3D,SAAS,CAAC,QAAQ,CAAC,WAAW,EAAE,YAAY,CAAC;IAC7C,SAAS,CAAC,QAAQ,CAAC,YAAY,EAAE,aAAa,CAAC;gBAG7C,QAAQ,GAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAA6B,EACnE,WAAW,GAAE,YAA8B,EAC3C,YAAY,GAAE,aAAgC;IAOhD;;;;OAIG;IACI,eAAe,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,GAAG,IAAI;IAIxE;;;OAGG;IACI,qBAAqB,IAAI,MAAM,EAAE;IAIxC;;;;OAIG;IACI,UAAU,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO;IAI/C;;;;OAIG;WACW,aAAa,CAAC,SAAS,EAAE,UAAU,GAAG,aAAa;IAOjE;;;;OAIG;IACI,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,aAAa;IAkBvD;;;;;;;OAOG;IACI,SAAS,CACd,UAAU,CAAC,EAAE,MAAM,EACnB,SAAS,CAAC,EAAE,MAAM,EAClB,SAAS,CAAC,EAAE,MAAM,EAClB,SAAS,CAAC,EAAE,MAAM,GACjB,aAAa;IAkBhB;;;;;;;;;OASG;IACI,qBAAqB,CAC1B,QAAQ,EAAE,MAAM,EAChB,IAAI,CAAC,EAAE,MAAM,EACb,UAAU,CAAC,EAAE,MAAM,EACnB,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,GACjB,aAAa;IAqChB;;;;;;;;;;OAUG;IACU,0BAA0B,CACrC,QAAQ,EAAE,MAAM,EAChB,IAAI,CAAC,EAAE,MAAM,EACb,UAAU,CAAC,EAAE,MAAM,EACnB,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,aAAa,CAAC;IAsCzB;;;;;;OAMG;IACI,gCAAgC,CACrC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,iBAAiB,EAC1B,IAAI,CAAC,EAAE,MAAM,GACZ,aAAa;IAYhB;;;;;;OAMG;IACU,qCAAqC,CAChD,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,iBAAiB,EAC1B,IAAI,CAAC,EAAE,MAAM,GACZ,OAAO,CAAC,aAAa,CAAC;CAW1B"}

package/src/services/pbkdf2.js

@@ -0,0 +1,191 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Pbkdf2Service = exports.NodePbkdf2Error = void 0;
+/* eslint-disable @typescript-eslint/no-unsafe-assignment */
+/* eslint-disable @typescript-eslint/no-unsafe-member-access */
+const crypto_1 = require("crypto");
+const util_1 = require("util");
+const ecies_lib_1 = require("@digitaldefiance/ecies-lib");
+const constants_1 = require("../constants");
+const ecies_i18n_factory_1 = require("../i18n/ecies-i18n-factory");
+/**
+ * Custom PBKDF2 error class that works with the plugin i18n system
+ */
+class NodePbkdf2Error extends Error {
+    type;
+    constructor(message, type) {
+        super(message);
+        this.type = type;
+        this.name = 'NodePbkdf2Error';
+    }
+}
+exports.NodePbkdf2Error = NodePbkdf2Error;
+/**
+ * Service for handling PBKDF2 (Password-Based Key Derivation Function 2) operations.
+ * This service provides functionality for:
+ * - Generating secure key derivation configurations
+ * - Deriving cryptographic keys from passwords
+ * - Managing salt and iteration parameters
+ * - Both synchronous and asynchronous key derivation
+ */
+class Pbkdf2Service {
+    profiles;
+    eciesConsts;
+    pbkdf2Consts;
+    constructor(profiles = constants_1.Constants.PBKDF2_PROFILES, eciesParams = constants_1.Constants.ECIES, pbkdf2Params = constants_1.Constants.PBKDF2) {
+        this.profiles = profiles;
+        this.eciesConsts = eciesParams;
+        this.pbkdf2Consts = pbkdf2Params;
+    }
+    /**
+     * Register a new PBKDF2 profile
+     * @param profileName The name of the profile
+     * @param config The configuration for the profile
+     */
+    registerProfile(profileName, config) {
+        this.profiles[profileName] = { ...config };
+    }
+    /**
+     * Get all registered profile names
+     * @returns Array of profile names
+     */
+    getRegisteredProfiles() {
+        return Object.keys(this.profiles);
+    }
+    /**
+     * Check if a profile is registered
+     * @param profileName The name of the profile to check
+     * @returns True if the profile exists
+     */
+    hasProfile(profileName) {
+        return profileName in this.profiles;
+    }
+    /**
+     * Create a Pbkdf2Service instance from IConstants (for backward compatibility)
+     * @param constants The constants object
+     * @returns A new Pbkdf2Service instance
+     */
+    static fromConstants(constants) {
+        return new Pbkdf2Service(constants.PBKDF2_PROFILES, constants.ECIES, constants.PBKDF2);
+    }
+    /**
+     * Get a predefined configuration profile for common use cases
+     * @param profile The name of the profile to use
+     * @returns Configuration object for the specified profile
+     */
+    getProfileConfig(profile) {
+        const profileConfig = this.profiles[profile];
+        if (!profileConfig) {
+            throw new NodePbkdf2Error((0, ecies_i18n_factory_1.getNodeEciesTranslation)(ecies_i18n_factory_1.NodeEciesStringKey.Error_Pbkdf2_InvalidSaltLength), ecies_lib_1.Pbkdf2ErrorType.InvalidProfile);
+        }
+        return {
+            hashBytes: profileConfig.hashBytes,
+            saltBytes: profileConfig.saltBytes,
+            iterations: profileConfig.iterations,
+            algorithm: profileConfig.algorithm,
+        };
+    }
+    /**
+     * Generate an options object for pbkdf2
+     * @param iterations Optional number of iterations (defaults to Pbkdf2IterationsPerSecond)
+     * @param saltBytes Optional salt size in bytes (defaults to PBKDF2.SALT_BYTES)
+     * @param hashBytes Optional hash size in bytes (defaults to ECIES.SYMMETRIC.KEY_SIZE)
+     * @param algorithm Optional hash algorithm (defaults to PBKDF2.ALGORITHM)
+     * @returns Configuration object for PBKDF2
+     */
+    getConfig(iterations, saltBytes, hashBytes, algorithm) {
+        // larger numbers mean better security, less
+        return {
+            // size of the generated hash
+            hashBytes: hashBytes ?? this.eciesConsts.SYMMETRIC.KEY_SIZE,
+            // larger salt means hashed passwords are more resistant to rainbow table, but
+            // you get diminishing returns pretty fast
+            saltBytes: saltBytes ?? this.pbkdf2Consts.SALT_BYTES,
+            // more iterations means an attacker has to take longer to brute force an
+            // individual password, so larger is better. however, larger also means longer
+            // to hash the password. tune so that hashing the password takes about a
+            // second
+            iterations: iterations ?? this.pbkdf2Consts.ITERATIONS_PER_SECOND,
+            // hash algorithm
+            algorithm: algorithm ?? this.pbkdf2Consts.ALGORITHM,
+        };
+    }
+    /**
+     * Given a password, use pbkdf2 to generate an appropriately sized key for AES encryption
+     * @param password The password to derive a key from
+     * @param salt Optional salt (will be randomly generated if not provided)
+     * @param iterations Optional number of iterations
+     * @param saltBytes Optional salt size in bytes
+     * @param keySize Optional key size in bytes
+     * @param algorithm Optional hash algorithm
+     * @returns Object containing the derived key, salt, and iteration count
+     */
+    deriveKeyFromPassword(password, salt, iterations, saltBytes, keySize, algorithm) {
+        const config = this.getConfig(iterations, saltBytes, keySize, algorithm);
+        const saltBytes_ = salt ?? (0, crypto_1.randomBytes)(config.saltBytes);
+        if (saltBytes_.length !== config.saltBytes) {
+            throw new NodePbkdf2Error((0, ecies_i18n_factory_1.getNodeEciesTranslation)(ecies_i18n_factory_1.NodeEciesStringKey.Error_Pbkdf2_InvalidSaltLength), ecies_lib_1.Pbkdf2ErrorType.InvalidSaltLength);
+        }
+        const hashBytes = (0, crypto_1.pbkdf2Sync)(password, saltBytes_, config.iterations, config.hashBytes, config.algorithm);
+        if (hashBytes.length !== config.hashBytes) {
+            throw new NodePbkdf2Error((0, ecies_i18n_factory_1.getNodeEciesTranslation)(ecies_i18n_factory_1.NodeEciesStringKey.Error_Pbkdf2_InvalidHashLength), ecies_lib_1.Pbkdf2ErrorType.InvalidHashLength);
+        }
+        return {
+            salt: saltBytes_,
+            hash: hashBytes,
+            iterations: config.iterations,
+        };
+    }
+    /**
+     * Async version of deriveKeyFromPassword that uses libuv threadpool via crypto.pbkdf2
+     * to avoid blocking the event loop during password verification.
+     * @param password The password to derive a key from
+     * @param salt Optional salt (will be randomly generated if not provided)
+     * @param iterations Optional number of iterations
+     * @param saltBytes Optional salt size in bytes
+     * @param keySize Optional key size in bytes
+     * @param algorithm Optional hash algorithm
+     * @returns Promise resolving to object containing the derived key, salt, and iteration count
+     */
+    async deriveKeyFromPasswordAsync(password, salt, iterations, saltBytes, keySize, algorithm) {
+        const config = this.getConfig(iterations, saltBytes, keySize, algorithm);
+        const saltBytes_ = salt ?? (0, crypto_1.randomBytes)(config.saltBytes);
+        if (saltBytes_.length !== config.saltBytes) {
+            throw new NodePbkdf2Error((0, ecies_i18n_factory_1.getNodeEciesTranslation)(ecies_i18n_factory_1.NodeEciesStringKey.Error_Pbkdf2_InvalidSaltLength), ecies_lib_1.Pbkdf2ErrorType.InvalidSaltLength);
+        }
+        const pbkdf2 = (0, util_1.promisify)(crypto_1.pbkdf2);
+        const hashBytes = (await pbkdf2(password, saltBytes_, config.iterations, config.hashBytes, config.algorithm));
+        if (hashBytes.length !== config.hashBytes) {
+            throw new NodePbkdf2Error((0, ecies_i18n_factory_1.getNodeEciesTranslation)(ecies_i18n_factory_1.NodeEciesStringKey.Error_Pbkdf2_InvalidHashLength), ecies_lib_1.Pbkdf2ErrorType.InvalidHashLength);
+        }
+        return {
+            salt: saltBytes_,
+            hash: hashBytes,
+            iterations: config.iterations,
+        };
+    }
+    /**
+     * Derive a key using a predefined configuration profile
+     * @param password The password to derive a key from
+     * @param profile The configuration profile to use
+     * @param salt Optional salt (will be randomly generated if not provided)
+     * @returns Object containing the derived key, salt, and iteration count
+     */
+    deriveKeyFromPasswordWithProfile(password, profile, salt) {
+        const config = this.getProfileConfig(profile);
+        return this.deriveKeyFromPassword(password, salt, config.iterations, config.saltBytes, config.hashBytes, config.algorithm);
+    }
+    /**
+     * Async version of deriveKeyFromPasswordWithProfile
+     * @param password The password to derive a key from
+     * @param profile The configuration profile to use
+     * @param salt Optional salt (will be randomly generated if not provided)
+     * @returns Promise resolving to object containing the derived key, salt, and iteration count
+     */
+    async deriveKeyFromPasswordWithProfileAsync(password, profile, salt) {
+        const config = this.getProfileConfig(profile);
+        return this.deriveKeyFromPasswordAsync(password, salt, config.iterations, config.saltBytes, config.hashBytes, config.algorithm);
+    }
+}
+exports.Pbkdf2Service = Pbkdf2Service;
+//# sourceMappingURL=pbkdf2.js.map

package/src/services/pbkdf2.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pbkdf2.js","sourceRoot":"","sources":["../../../../../packages/digitaldefiance-node-ecies-lib/src/services/pbkdf2.ts"],"names":[],"mappings":";;;AAAA,4DAA4D;AAC5D,+DAA+D;AAC/D,mCAAwE;AACxE,+BAAiC;AAEjC,0DAIoC;AAGpC,4CAAyC;AAEzC,mEAGoC;AAKpC;;GAEG;AACH,MAAa,eAAgB,SAAQ,KAAK;IAGtB;IAFlB,YACE,OAAe,EACC,IAAqB;QAErC,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,SAAI,GAAJ,IAAI,CAAiB;QAGrC,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;IAChC,CAAC;CACF;AARD,0CAQC;AAED;;;;;;;GAOG;AACH,MAAa,aAAa;IAIL,QAAQ,CAAgC;IACxC,WAAW,CAAe;IAC1B,YAAY,CAAgB;IAE/C,YACE,WAA0C,qBAAS,CAAC,eAAe,EACnE,cAA4B,qBAAS,CAAC,KAAK,EAC3C,eAA8B,qBAAS,CAAC,MAAM;QAE9C,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAED;;;;OAIG;IACI,eAAe,CAAC,WAAmB,EAAE,MAAqB;QAC/D,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;IAC7C,CAAC;IAED;;;OAGG;IACI,qBAAqB;QAC1B,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACpC,CAAC;IAED;;;;OAIG;IACI,UAAU,CAAC,WAAmB;QACnC,OAAO,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC;IACtC,CAAC;IAED;;;;OAIG;IACI,MAAM,CAAC,aAAa,CAAC,SAAqB;QAC/C,OAAO,IAAI,aAAa,CACtB,SAAS,CAAC,eAAe,EACzB,SAAS,CAAC,KAAK,EACf,SAAS,CAAC,MAAM,CACjB,CAAC;IACJ,CAAC;IACD;;;;OAIG;IACI,gBAAgB,CAAC,OAAe;QACrC,MAAM,aAAa,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC7C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,eAAe,CACvB,IAAA,4CAAuB,EACrB,uCAAkB,CAAC,8BAA8B,CAClD,EACD,2BAAe,CAAC,cAAc,CAC/B,CAAC;QACJ,CAAC;QACD,OAAO;YACL,SAAS,EAAE,aAAa,CAAC,SAAS;YAClC,SAAS,EAAE,aAAa,CAAC,SAAS;YAClC,UAAU,EAAE,aAAa,CAAC,UAAU;YACpC,SAAS,EAAE,aAAa,CAAC,SAAS;SACnC,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACI,SAAS,CACd,UAAmB,EACnB,SAAkB,EAClB,SAAkB,EAClB,SAAkB;QAElB,4CAA4C;QAC5C,OAAO;YACL,6BAA6B;YAC7B,SAAS,EAAE,SAAS,IAAI,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,QAAQ;YAC3D,8EAA8E;YAC9E,0CAA0C;YAC1C,SAAS,EAAE,SAAS,IAAI,IAAI,CAAC,YAAY,CAAC,UAAU;YACpD,yEAAyE;YACzE,8EAA8E;YAC9E,wEAAwE;YACxE,SAAS;YACT,UAAU,EAAE,UAAU,IAAI,IAAI,CAAC,YAAY,CAAC,qBAAqB;YACjE,iBAAiB;YACjB,SAAS,EAAE,SAAS,IAAI,IAAI,CAAC,YAAY,CAAC,SAAS;SACpD,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACI,qBAAqB,CAC1B,QAAgB,EAChB,IAAa,EACb,UAAmB,EACnB,SAAkB,EAClB,OAAgB,EAChB,SAAkB;QAElB,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;QACzE,MAAM,UAAU,GAAG,IAAI,IAAI,IAAA,oBAAW,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEzD,IAAI,UAAU,CAAC,MAAM,KAAK,MAAM,CAAC,SAAS,EAAE,CAAC;YAC3C,MAAM,IAAI,eAAe,CACvB,IAAA,4CAAuB,EACrB,uCAAkB,CAAC,8BAA8B,CAClD,EACD,2BAAe,CAAC,iBAAiB,CAClC,CAAC;QACJ,CAAC;QAED,MAAM,SAAS,GAAG,IAAA,mBAAU,EAC1B,QAAQ,EACR,UAAU,EACV,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,SAAS,CACjB,CAAC;QAEF,IAAI,SAAS,CAAC,MAAM,KAAK,MAAM,CAAC,SAAS,EAAE,CAAC;YAC1C,MAAM,IAAI,eAAe,CACvB,IAAA,4CAAuB,EACrB,uCAAkB,CAAC,8BAA8B,CAClD,EACD,2BAAe,CAAC,iBAAiB,CAClC,CAAC;QACJ,CAAC;QAED,OAAO;YACL,IAAI,EAAE,UAAU;YAChB,IAAI,EAAE,SAAS;YACf,UAAU,EAAE,MAAM,CAAC,UAAU;SAC9B,CAAC;IACJ,CAAC;IAED;;;;;;;;;;OAUG;IACI,KAAK,CAAC,0BAA0B,CACrC,QAAgB,EAChB,IAAa,EACb,UAAmB,EACnB,SAAkB,EAClB,OAAgB,EAChB,SAAkB;QAElB,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;QACzE,MAAM,UAAU,GAAG,IAAI,IAAI,IAAA,oBAAW,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEzD,IAAI,UAAU,CAAC,MAAM,KAAK,MAAM,CAAC,SAAS,EAAE,CAAC;YAC3C,MAAM,IAAI,eAAe,CACvB,IAAA,4CAAuB,EACrB,uCAAkB,CAAC,8BAA8B,CAClD,EACD,2BAAe,CAAC,iBAAiB,CAClC,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,IAAA,gBAAS,EAAC,eAAW,CAAC,CAAC;QACtC,MAAM,SAAS,GAAG,CAAC,MAAM,MAAM,CAC7B,QAAQ,EACR,UAAU,EACV,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,SAAS,CACjB,CAAW,CAAC;QAEb,IAAI,SAAS,CAAC,MAAM,KAAK,MAAM,CAAC,SAAS,EAAE,CAAC;YAC1C,MAAM,IAAI,eAAe,CACvB,IAAA,4CAAuB,EACrB,uCAAkB,CAAC,8BAA8B,CAClD,EACD,2BAAe,CAAC,iBAAiB,CAClC,CAAC;QACJ,CAAC;QAED,OAAO;YACL,IAAI,EAAE,UAAU;YAChB,IAAI,EAAE,SAAS;YACf,UAAU,EAAE,MAAM,CAAC,UAAU;SAC9B,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACI,gCAAgC,CACrC,QAAgB,EAChB,OAA0B,EAC1B,IAAa;QAEb,MAAM,MAAM,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAC9C,OAAO,IAAI,CAAC,qBAAqB,CAC/B,QAAQ,EACR,IAAI,EACJ,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,SAAS,CACjB,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,qCAAqC,CAChD,QAAgB,EAChB,OAA0B,EAC1B,IAAa;QAEb,MAAM,MAAM,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAC9C,OAAO,IAAI,CAAC,0BAA0B,CACpC,QAAQ,EACR,IAAI,EACJ,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,SAAS,CACjB,CAAC;IACJ,CAAC;CACF;AAzQD,sCAyQC"}