@lindorm/aes 0.6.5 → 0.7.1

package/__tests__/noble-ciphers.test.ts

@@ -1,208 +0,0 @@
-import { createCipheriv, randomBytes } from "crypto";
-import { gcm, cbc, aeskw } from "@noble/ciphers/aes";
-import { encryptAes, decryptAes } from "../src/utils/private/encryption";
-import { ecbKeyWrap, ecbKeyUnwrap } from "../src/utils/private/key-wrap/ecb-key-wrap";
-import { toUint8Array, toBuffer } from "./helpers/buffer-utils";
-import {
-  RAW_KEY_128,
-  RAW_KEY_192,
-  RAW_KEY_256,
-  RAW_KEY_256_CBC,
-  RAW_KEY_384_CBC,
-  RAW_KEY_512_CBC,
-  KEK_128,
-  KEK_192,
-  KEK_256,
-  createOctKryptos,
-} from "./fixtures/keys";
-
-const GCM_TAG_LENGTH = 16;
-const GCM_IV_LENGTH = 12;
-const AES_BLOCK_SIZE = 16;
-
-// ---------------------------------------------------------------------------
-// 3.1 AES-GCM Cross-Reference
-// ---------------------------------------------------------------------------
-
-describe("AES-GCM cross-reference with @noble/ciphers", () => {
-  describe.each([
-    { name: "A128GCM", key: RAW_KEY_128, encryption: "A128GCM" as const },
-    { name: "A192GCM", key: RAW_KEY_192, encryption: "A192GCM" as const },
-    { name: "A256GCM", key: RAW_KEY_256, encryption: "A256GCM" as const },
-  ])("$name", ({ key, encryption }) => {
-    const plaintext = "test plaintext";
-
-    test("our encryptAes -> noble gcm decrypt", () => {
-      const kryptos = createOctKryptos(key, "dir", encryption);
-
-      const record = encryptAes({ data: plaintext, encryption, kryptos });
-
-      const iv = toUint8Array(record.initialisationVector);
-      const ciphertext = toUint8Array(record.content);
-      const tag = toUint8Array(record.authTag);
-
-      // noble expects ciphertext || tag concatenated
-      const ciphertextWithTag = new Uint8Array(ciphertext.length + tag.length);
-      ciphertextWithTag.set(ciphertext, 0);
-      ciphertextWithTag.set(tag, ciphertext.length);
-
-      const decrypted = gcm(toUint8Array(key), iv).decrypt(ciphertextWithTag);
-      const result = new TextDecoder().decode(decrypted);
-
-      expect(result).toBe(plaintext);
-    });
-
-    test("noble gcm encrypt -> our decryptAes", () => {
-      const kryptos = createOctKryptos(key, "dir", encryption);
-      const iv = randomBytes(GCM_IV_LENGTH);
-      const plaintextBytes = new TextEncoder().encode(plaintext);
-
-      const encrypted = gcm(toUint8Array(key), toUint8Array(iv)).encrypt(plaintextBytes);
-
-      // noble returns ciphertext || tag (last 16 bytes are the auth tag)
-      const ciphertext = toBuffer(encrypted.slice(0, -GCM_TAG_LENGTH));
-      const authTag = toBuffer(encrypted.slice(-GCM_TAG_LENGTH));
-
-      const result = decryptAes({
-        content: ciphertext,
-        authTag,
-        initialisationVector: iv,
-        encryption,
-        contentType: "text/plain",
-        kryptos,
-      });
-
-      expect(result).toBe(plaintext);
-    });
-
-    test("byte-identical ciphertext with pinned IV", () => {
-      const iv = Buffer.alloc(GCM_IV_LENGTH, 0xab);
-      const plaintextBytes = Buffer.from(plaintext, "utf8");
-
-      // Our side: raw Node.js createCipheriv
-      const cipher = createCipheriv(
-        `aes-${key.length * 8}-gcm` as "aes-128-gcm" | "aes-192-gcm" | "aes-256-gcm",
-        key,
-        iv,
-        { authTagLength: GCM_TAG_LENGTH },
-      );
-      const ourCiphertext = Buffer.concat([
-        cipher.update(plaintextBytes),
-        cipher.final(),
-      ]);
-      const ourTag = cipher.getAuthTag();
-
-      // Noble side
-      const nobleResult = gcm(toUint8Array(key), toUint8Array(iv)).encrypt(
-        toUint8Array(plaintextBytes),
-      );
-      const nobleCiphertext = nobleResult.slice(0, -GCM_TAG_LENGTH);
-      const nobleTag = nobleResult.slice(-GCM_TAG_LENGTH);
-
-      expect(ourCiphertext.equals(toBuffer(nobleCiphertext))).toBe(true);
-      expect(ourTag.equals(toBuffer(nobleTag))).toBe(true);
-    });
-  });
-});
-
-// ---------------------------------------------------------------------------
-// 3.2 AES-KW (RFC 3394) Cross-Reference
-// ---------------------------------------------------------------------------
-
-describe("AES-KW cross-reference with @noble/ciphers", () => {
-  describe.each([
-    { name: "A128KW", kek: KEK_128, algorithm: "A128KW" as const },
-    { name: "A192KW", kek: KEK_192, algorithm: "A192KW" as const },
-    { name: "A256KW", kek: KEK_256, algorithm: "A256KW" as const },
-  ])("$name", ({ kek, algorithm }) => {
-    // CEK to wrap: 32 bytes (suitable for A256GCM)
-    const cek = randomBytes(32);
-
-    test("our ecbKeyWrap -> noble aeskw decrypt", () => {
-      const kryptos = createOctKryptos(kek, algorithm);
-
-      const { publicEncryptionKey } = ecbKeyWrap({
-        contentEncryptionKey: cek,
-        keyEncryptionKey: kek,
-        kryptos,
-      });
-
-      const unwrapped = aeskw(toUint8Array(kek)).decrypt(
-        toUint8Array(publicEncryptionKey),
-      );
-
-      expect(cek.equals(toBuffer(unwrapped))).toBe(true);
-    });
-
-    test("noble aeskw encrypt -> our ecbKeyUnwrap", () => {
-      const kryptos = createOctKryptos(kek, algorithm);
-
-      const wrapped = aeskw(toUint8Array(kek)).encrypt(toUint8Array(cek));
-
-      const { contentEncryptionKey } = ecbKeyUnwrap({
-        keyEncryptionKey: kek,
-        kryptos,
-        publicEncryptionKey: toBuffer(wrapped),
-      });
-
-      expect(cek.equals(contentEncryptionKey)).toBe(true);
-    });
-
-    test("byte-identical wrapped key (deterministic)", () => {
-      const kryptos = createOctKryptos(kek, algorithm);
-
-      const { publicEncryptionKey } = ecbKeyWrap({
-        contentEncryptionKey: cek,
-        keyEncryptionKey: kek,
-        kryptos,
-      });
-
-      const nobleWrapped = aeskw(toUint8Array(kek)).encrypt(toUint8Array(cek));
-
-      expect(publicEncryptionKey.equals(toBuffer(nobleWrapped))).toBe(true);
-    });
-  });
-});
-
-// ---------------------------------------------------------------------------
-// 3.3 AES-CBC Raw Cross-Reference
-// ---------------------------------------------------------------------------
-
-describe("AES-CBC raw cross-reference with @noble/ciphers", () => {
-  describe.each([
-    {
-      name: "A128CBC",
-      // A128CBC-HS256: 32B CEK -> first 16B = HMAC key, last 16B = AES-128-CBC key
-      encKey: RAW_KEY_256_CBC.subarray(16),
-      nodeCipher: "aes-128-cbc" as const,
-    },
-    {
-      name: "A192CBC",
-      // A192CBC-HS384: 48B CEK -> first 24B = HMAC key, last 24B = AES-192-CBC key
-      encKey: RAW_KEY_384_CBC.subarray(24),
-      nodeCipher: "aes-192-cbc" as const,
-    },
-    {
-      name: "A256CBC",
-      // A256CBC-HS512: 64B CEK -> first 32B = HMAC key, last 32B = AES-256-CBC key
-      encKey: RAW_KEY_512_CBC.subarray(32),
-      nodeCipher: "aes-256-cbc" as const,
-    },
-  ])("$name", ({ encKey, nodeCipher }) => {
-    test("byte-identical ciphertext (PKCS7 padding)", () => {
-      const iv = Buffer.alloc(AES_BLOCK_SIZE, 0xcd);
-      const plaintext = Buffer.from("cross-reference CBC test", "utf8");
-
-      // Our side: raw Node.js createCipheriv
-      const cipher = createCipheriv(nodeCipher, encKey, iv);
-      const ourCiphertext = Buffer.concat([cipher.update(plaintext), cipher.final()]);
-
-      // Noble side
-      const nobleCiphertext = cbc(toUint8Array(encKey), toUint8Array(iv)).encrypt(
-        toUint8Array(plaintext),
-      );
-
-      expect(ourCiphertext.equals(toBuffer(nobleCiphertext))).toBe(true);
-    });
-  });
-});

package/dist/mocks/index.d.ts

@@ -1,2 +0,0 @@
-export { createMockAesKit, type MockAesKit } from "./mock-aes-kit";
-//# sourceMappingURL=index.d.ts.map

package/dist/mocks/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/mocks/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,KAAK,UAAU,EAAE,MAAM,gBAAgB,CAAC"}

package/dist/mocks/index.js

@@ -1,6 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createMockAesKit = void 0;
-var mock_aes_kit_1 = require("./mock-aes-kit");
-Object.defineProperty(exports, "createMockAesKit", { enumerable: true, get: function () { return mock_aes_kit_1.createMockAesKit; } });
-//# sourceMappingURL=index.js.map

package/dist/mocks/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/mocks/index.ts"],"names":[],"mappings":";;;AAAA,+CAAmE;AAA1D,gHAAA,gBAAgB,OAAA"}

package/dist/mocks/mock-aes-kit.d.ts

@@ -1,4 +0,0 @@
-import { IAesKit } from "../interfaces";
-export type MockAesKit = jest.Mocked<IAesKit>;
-export declare const createMockAesKit: () => MockAesKit;
-//# sourceMappingURL=mock-aes-kit.d.ts.map

package/dist/mocks/mock-aes-kit.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"mock-aes-kit.d.ts","sourceRoot":"","sources":["../../src/mocks/mock-aes-kit.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAGxC,MAAM,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AAQ9C,eAAO,MAAM,gBAAgB,QAAO,UAwElC,CAAC"}

package/dist/mocks/mock-aes-kit.js

@@ -1,74 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createMockAesKit = void 0;
-const kryptos_1 = require("@lindorm/kryptos");
-const encode = (data) => Buffer.from(JSON.stringify(data)).toString("base64url");
-const decode = (encoded) => JSON.parse(Buffer.from(encoded, "base64url").toString());
-const createMockAesKit = () => ({
-    kryptos: (0, kryptos_1.createMockKryptos)(),
-    encrypt: jest.fn().mockImplementation((data, mode) => {
-        const encoded = encode(data);
-        switch (mode) {
-            case "tokenised":
-                return `aes:${encoded}`;
-            case "serialised":
-                return {
-                    cek: undefined,
-                    ciphertext: encoded,
-                    header: encode({ alg: "dir", enc: "A256GCM", cty: "text/plain" }),
-                    iv: "mock_iv",
-                    tag: "mock_tag",
-                    v: "1",
-                };
-            case "record":
-                return {
-                    algorithm: "dir",
-                    authTag: Buffer.from("mock_tag"),
-                    content: Buffer.from(encoded),
-                    contentType: "text/plain",
-                    encryption: "A256GCM",
-                    initialisationVector: Buffer.from("mock_iv"),
-                    keyId: "mock_key_id",
-                    pbkdfIterations: undefined,
-                    pbkdfSalt: undefined,
-                    publicEncryptionIv: undefined,
-                    publicEncryptionJwk: undefined,
-                    publicEncryptionKey: undefined,
-                    publicEncryptionTag: undefined,
-                    version: "1",
-                };
-            case "encoded":
-            default:
-                return encoded;
-        }
-    }),
-    decrypt: jest.fn().mockImplementation((data) => {
-        if (typeof data === "string") {
-            if (data.startsWith("aes:")) {
-                return decode(data.slice(4));
-            }
-            return decode(data);
-        }
-        if (data.ciphertext) {
-            return decode(data.ciphertext);
-        }
-        if (Buffer.isBuffer(data.content)) {
-            return decode(data.content.toString());
-        }
-        return data;
-    }),
-    assert: jest.fn(),
-    verify: jest.fn().mockReturnValue(true),
-    prepareEncryption: jest.fn().mockReturnValue({
-        headerParams: {},
-        publicEncryptionKey: undefined,
-        encrypt: jest.fn().mockReturnValue({
-            authTag: Buffer.alloc(16),
-            content: Buffer.alloc(0),
-            contentType: "text/plain",
-            initialisationVector: Buffer.alloc(12),
-        }),
-    }),
-});
-exports.createMockAesKit = createMockAesKit;
-//# sourceMappingURL=mock-aes-kit.js.map

package/dist/mocks/mock-aes-kit.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"mock-aes-kit.js","sourceRoot":"","sources":["../../src/mocks/mock-aes-kit.ts"],"names":[],"mappings":";;;AAAA,8CAAqD;AAMrD,MAAM,MAAM,GAAG,CAAC,IAAgB,EAAU,EAAE,CAC1C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AAE1D,MAAM,MAAM,GAAG,CAAgC,OAAe,EAAK,EAAE,CACnE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,QAAQ,EAAE,CAAM,CAAC;AAEzD,MAAM,gBAAgB,GAAG,GAAe,EAAE,CAAC,CAAC;IACjD,OAAO,EAAE,IAAA,2BAAiB,GAAE;IAE5B,OAAO,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,CAAC,IAAgB,EAAE,IAAa,EAAE,EAAE;QACxE,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;QAE7B,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,WAAW;gBACd,OAAO,OAAO,OAAO,EAAE,CAAC;YAE1B,KAAK,YAAY;gBACf,OAAO;oBACL,GAAG,EAAE,SAAS;oBACd,UAAU,EAAE,OAAO;oBACnB,MAAM,EAAE,MAAM,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,YAAY,EAAE,CAAC;oBACjE,EAAE,EAAE,SAAS;oBACb,GAAG,EAAE,UAAU;oBACf,CAAC,EAAE,GAAG;iBACP,CAAC;YAEJ,KAAK,QAAQ;gBACX,OAAO;oBACL,SAAS,EAAE,KAAK;oBAChB,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;oBAChC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC;oBAC7B,WAAW,EAAE,YAAqB;oBAClC,UAAU,EAAE,SAAkB;oBAC9B,oBAAoB,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;oBAC5C,KAAK,EAAE,aAAa;oBACpB,eAAe,EAAE,SAAS;oBAC1B,SAAS,EAAE,SAAS;oBACpB,kBAAkB,EAAE,SAAS;oBAC7B,mBAAmB,EAAE,SAAS;oBAC9B,mBAAmB,EAAE,SAAS;oBAC9B,mBAAmB,EAAE,SAAS;oBAC9B,OAAO,EAAE,GAAG;iBACb,CAAC;YAEJ,KAAK,SAAS,CAAC;YACf;gBACE,OAAO,OAAO,CAAC;QACnB,CAAC;IACH,CAAC,CAAC;IAEF,OAAO,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,CAAC,IAAS,EAAE,EAAE;QAClD,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7B,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC5B,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAC/B,CAAC;YACD,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC;QACtB,CAAC;QACD,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,OAAO,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACjC,CAAC;QACD,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAClC,OAAO,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;QACzC,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;IAEF,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE;IACjB,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC;IACvC,iBAAiB,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC;QAC3C,YAAY,EAAE,EAAE;QAChB,mBAAmB,EAAE,SAAS;QAC9B,OAAO,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC;YACjC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;YACxB,WAAW,EAAE,YAAY;YACzB,oBAAoB,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;SACvC,CAAC;KACH,CAAC;CACH,CAAC,CAAC;AAxEU,QAAA,gBAAgB,oBAwE1B"}

package/jest.config.interop.mjs

@@ -1,24 +0,0 @@
-import base from "../../jest.config.base.mjs";
-import packageJson from "./package.json" with { type: "json" };
-
-export default {
-  ...base,
-  displayName: `${packageJson.name}/interop`,
-  roots: ["<rootDir>/__tests__"],
-  extensionsToTreatAsEsm: [".ts"],
-  moduleNameMapper: {
-    "^(\\.{1,2}/.*)\\.js$": "$1",
-  },
-  transform: {
-    "^.+\\.tsx?$": [
-      "ts-jest",
-      {
-        useESM: true,
-        tsconfig: "tsconfig.interop.json",
-      },
-    ],
-  },
-  transformIgnorePatterns: ["node_modules/(?!(@noble/ciphers|jose)/)"],
-  collectCoverageFrom: [],
-  coverageThreshold: {},
-};

package/tsconfig.interop.json

@@ -1,9 +0,0 @@
-{
-  "extends": "../../tsconfig.json",
-  "compilerOptions": {
-    "module": "esnext",
-    "moduleResolution": "node",
-    "rootDir": "."
-  },
-  "include": ["__tests__/**/*", "src/**/*"]
-}