@storacha/encrypt-upload-client 1.1.80 → 1.1.82

package/dist/test/lit-crypto-adapter.spec.js

@@ -0,0 +1,76 @@
+import './setup.js';
+import { test, describe } from 'node:test';
+import assert from 'node:assert';
+import { GenericAesCtrStreamingCrypto } from '../src/crypto/symmetric/generic-aes-ctr-streaming-crypto.js';
+import { LitCryptoAdapter } from '../src/crypto/adapters/lit-crypto-adapter.js';
+import { stringToUint8Array, streamToUint8Array, uint8ArrayToString, } from './helpers/test-file-utils.js';
+// Mock Lit client - cast to any for testing
+const mockLitClient = /** @type {any} */ ({
+// Add mock methods as needed
+});
+const mockAuthManager = /** @type {any} */ ({
+// Add mock methods as needed
+});
+await describe('LitCryptoAdapter', async () => {
+    await describe('Generic AES-CTR Crypto Implementation', async () => {
+        await test('should delegate symmetric crypto operations to the generic implementation', async () => {
+            const symmetricCrypto = new GenericAesCtrStreamingCrypto();
+            const adapter = new LitCryptoAdapter(symmetricCrypto, mockLitClient, mockAuthManager);
+            const originalText = 'Op, this is a test for strategy-based encryption!';
+            const blob = new Blob([stringToUint8Array(originalText)]);
+            // Test that it delegates to the symmetric crypto implementation
+            const { key, iv, encryptedStream } = await adapter.encryptStream(blob);
+            assert(key instanceof Uint8Array, 'Key should be a Uint8Array');
+            assert(iv instanceof Uint8Array, 'IV should be a Uint8Array');
+            assert(encryptedStream instanceof ReadableStream, 'Encrypted stream should be a ReadableStream');
+            // Test decryption delegation
+            const decryptedStream = await adapter.decryptStream(encryptedStream, key, iv);
+            const decryptedBytes = await streamToUint8Array(decryptedStream);
+            const decryptedText = uint8ArrayToString(decryptedBytes);
+            assert.strictEqual(decryptedText, originalText, 'Decrypted text should match original');
+        });
+        await test('should initialize Generic Lit adapter with correct configuration', async () => {
+            const symmetricCrypto = new GenericAesCtrStreamingCrypto();
+            const adapter = new LitCryptoAdapter(symmetricCrypto, mockLitClient, mockAuthManager);
+            // Test that the adapter has the required methods
+            assert(typeof adapter.encryptSymmetricKey === 'function', 'encryptSymmetricKey should be a function');
+            assert(typeof adapter.decryptSymmetricKey === 'function', 'decryptSymmetricKey should be a function');
+            // Verify adapter has the lit client
+            assert.strictEqual(adapter.litClient, mockLitClient, 'Adapter should store the Lit client');
+            // Verify it uses the correct crypto implementation
+            assert(adapter.symmetricCrypto instanceof GenericAesCtrStreamingCrypto, 'Should use GenericAesCtrStreamingCrypto');
+        });
+    });
+    await describe('Cross-Implementation Compatibility', async () => {
+        await test('should demonstrate algorithm differences between implementations', async () => {
+            const genericCrypto = new GenericAesCtrStreamingCrypto();
+            const genericAdapter = new LitCryptoAdapter(genericCrypto, mockLitClient, mockAuthManager);
+            const originalText = 'Test data for algorithm comparison';
+            const blob = new Blob([stringToUint8Array(originalText)]);
+            // Encrypt with all adapters
+            const genericResult = await genericAdapter.encryptStream(blob);
+            // Convert streams to bytes
+            const genericEncrypted = await streamToUint8Array(genericResult.encryptedStream);
+            // Verify both can decrypt their own data
+            const genericDecryptStream = new ReadableStream({
+                start(controller) {
+                    controller.enqueue(genericEncrypted);
+                    controller.close();
+                },
+            });
+            const genericDecrypted = await genericAdapter.decryptStream(genericDecryptStream, genericResult.key, genericResult.iv);
+            const genericDecryptedBytes = await streamToUint8Array(genericDecrypted);
+            // Should decrypt to the same original text
+            assert.strictEqual(uint8ArrayToString(genericDecryptedBytes), originalText, 'Generic adapter should decrypt correctly');
+            console.log('All crypto implementations work with Lit adapter');
+        });
+        await test('should verify factory function behavior', async () => {
+            const { createGenericLitAdapter } = await import('../src/crypto/factories.node.js');
+            const genericAdapter = createGenericLitAdapter(mockLitClient, mockAuthManager);
+            // Verify factory functions create adapters with correct crypto implementations
+            assert(genericAdapter.symmetricCrypto instanceof GenericAesCtrStreamingCrypto, 'Generic factory should create adapter with GenericAesCtrStreamingCrypto');
+            console.log('Factory functions create adapters with correct crypto implementations');
+        });
+    });
+});
+//# sourceMappingURL=lit-crypto-adapter.spec.js.map

package/dist/test/memory-efficiency.spec.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=memory-efficiency.spec.d.ts.map

package/dist/test/memory-efficiency.spec.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory-efficiency.spec.d.ts","sourceRoot":"","sources":["../../test/memory-efficiency.spec.js"],"names":[],"mappings":""}

package/dist/test/memory-efficiency.spec.js

@@ -0,0 +1,93 @@
+import './setup.js';
+import { test, describe } from 'node:test';
+import assert from 'node:assert';
+import { GenericAesCtrStreamingCrypto } from '../src/crypto/symmetric/generic-aes-ctr-streaming-crypto.js';
+import { createTestFile } from './helpers/test-file-utils.js';
+/**
+ * These tests demonstrate why streaming is necessary for large files.
+ * They show that buffered approaches fail with memory errors while streaming succeeds.
+ */
+await describe('Memory Efficiency - Why Streaming Matters', async () => {
+    await test('should show streaming handles progressively larger files', async () => {
+        const streamingCrypto = new GenericAesCtrStreamingCrypto();
+        // Test with multiple sizes to show streaming scales linearly
+        const testSizes = [5, 10, 15, 20, 50, 100, 500, 1000]; // MB - sizes that would challenge buffered approaches
+        for (const sizeMB of testSizes) {
+            console.log(`Processing ${sizeMB}MB file...`);
+            const testFile = createTestFile(sizeMB);
+            const startTime = Date.now();
+            const { encryptedStream } = await streamingCrypto.encryptStream(testFile);
+            let processedBytes = 0;
+            let chunkCount = 0;
+            const reader = encryptedStream.getReader();
+            try {
+                // eslint-disable-next-line no-constant-condition
+                while (true) {
+                    const { done, value } = await reader.read();
+                    if (done)
+                        break;
+                    processedBytes += value.length;
+                    chunkCount++;
+                }
+            }
+            finally {
+                reader.releaseLock();
+            }
+            const processingTime = Date.now() - startTime;
+            const throughput = processedBytes / 1024 / 1024 / (processingTime / 1000); // MB/s
+            assert.strictEqual(processedBytes, testFile.size, `Should process entire ${sizeMB}MB file`);
+            console.log(`✓ ${sizeMB}MB: ${chunkCount} chunks, ${throughput.toFixed(1)} MB/s`);
+        }
+        console.log('DEMONSTRATED: Streaming handles large files with consistent performance');
+    });
+    await test('should project memory behavior for realistic file sizes', async () => {
+        const streamingCrypto = new GenericAesCtrStreamingCrypto();
+        // Test with a size we can actually handle to project larger files
+        const testFile = createTestFile(5); // 5MB
+        const getMemoryUsage = () => {
+            if (globalThis.gc)
+                globalThis.gc();
+            return process.memoryUsage ? process.memoryUsage().heapUsed : 0;
+        };
+        const baseMemory = getMemoryUsage();
+        const { encryptedStream } = await streamingCrypto.encryptStream(testFile);
+        let peakMemoryDelta = 0;
+        let processedBytes = 0;
+        const reader = encryptedStream.getReader();
+        try {
+            // eslint-disable-next-line no-constant-condition
+            while (true) {
+                const { done, value } = await reader.read();
+                if (done)
+                    break;
+                processedBytes += value.length;
+                // Sample memory usage
+                const currentMemory = getMemoryUsage();
+                const memoryDelta = currentMemory - baseMemory;
+                peakMemoryDelta = Math.max(peakMemoryDelta, memoryDelta);
+            }
+        }
+        finally {
+            reader.releaseLock();
+        }
+        const peakMemoryMB = peakMemoryDelta / 1024 / 1024;
+        const fileSize = testFile.size / 1024 / 1024;
+        const memoryEfficiency = (peakMemoryDelta / testFile.size) * 100;
+        console.log(`File size: ${fileSize.toFixed(1)}MB`);
+        console.log(`Peak memory delta: ${peakMemoryMB.toFixed(2)}MB`);
+        console.log(`Memory efficiency: ${memoryEfficiency.toFixed(1)}% of file size`);
+        // Project to larger file sizes
+        console.log('\nProjected memory usage:');
+        const projectedSizes = [100, 1000, 5000]; // MB = 100MB, 1GB, 5GB
+        for (const sizeMB of projectedSizes) {
+            const projectedMemory = (memoryEfficiency / 100) * sizeMB;
+            const sizeLabel = sizeMB >= 1000 ? `${sizeMB / 1000}GB` : `${sizeMB}MB`;
+            console.log(`  ${sizeLabel}: ~${projectedMemory.toFixed(1)}MB memory`);
+        }
+        // Memory should be bounded (much less than file size)
+        assert(peakMemoryMB < fileSize, 'Streaming should use less memory than file size');
+        assert(memoryEfficiency < 50, 'Memory usage should be less than 50% of file size');
+        console.log('DEMONSTRATED: Streaming memory usage scales sub-linearly with file size');
+    });
+});
+//# sourceMappingURL=memory-efficiency.spec.js.map

package/dist/test/mocks/key-manager.d.ts

@@ -0,0 +1,58 @@
+/**
+ * Create mock KMS service with proper capability handlers
+ *
+ * @param {object} options
+ * @param {string} options.mockPublicKey - Mock RSA public key in PEM format
+ * @param {string} [options.mockProvider] - Mock KMS provider
+ * @param {string} [options.mockAlgorithm] - Mock algorithm
+ * @param {Function} [options.onEncryptionSetup] - Optional callback for setup calls
+ * @param {Function} [options.onKeyDecrypt] - Optional callback for decrypt calls
+ */
+export function createMockKeyManagerService(options: {
+    mockPublicKey: string;
+    mockProvider?: string | undefined;
+    mockAlgorithm?: string | undefined;
+    onEncryptionSetup?: Function | undefined;
+    onKeyDecrypt?: Function | undefined;
+}): {
+    space: {
+        encryption: {
+            setup: Server.ServiceMethod<Server.API.Capability<"space/encryption/setup", `did:key:${string}` & `did:${string}` & Server.API.Phantom<{
+                protocol: "did:";
+            }>, Partial<Pick<{
+                location: string | undefined;
+                keyring: string | undefined;
+            }, "location" | "keyring">>>, {
+                publicKey: string;
+                provider: string;
+                algorithm: string;
+            }, Server.API.Failure & {
+                name: string;
+                message: string;
+            }>;
+            key: {
+                decrypt: Server.ServiceMethod<Server.API.Capability<"space/encryption/key/decrypt", `did:key:${string}` & `did:${string}` & Server.API.Phantom<{
+                    protocol: "did:";
+                }>, Pick<{
+                    key: Uint8Array<ArrayBufferLike>;
+                }, "key">>, {
+                    decryptedSymmetricKey: string;
+                }, Server.API.Failure & {
+                    name: string;
+                    message: string;
+                }>;
+            };
+        };
+    };
+};
+/**
+ * Create a mock key manager service server
+ *
+ * @param {object} service - The service object with capability handlers
+ * @param {*} keyManagerServiceDID - The key manager service DID keypair
+ * @param {number} port - The port to listen on
+ * @param {boolean} [useHttps] - Whether to use HTTPS URLs (testing HTTPS scenarios)
+ */
+export function createMockKeyManagerServer(service: object, keyManagerServiceDID: any, port: number, useHttps?: boolean): Promise<any>;
+import * as Server from '@ucanto/server';
+//# sourceMappingURL=key-manager.d.ts.map

package/dist/test/mocks/key-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-manager.d.ts","sourceRoot":"","sources":["../../../test/mocks/key-manager.js"],"names":[],"mappings":"AAMA;;;;;;;;;GASG;AACH,qDANG;IAAwB,aAAa,EAA7B,MAAM;IACW,YAAY;IACZ,aAAa;IACX,iBAAiB;IACjB,YAAY;CACzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAwEA;AAED;;;;;;;GAOG;AACH,oDALW,MAAM,wBACN,GAAC,QACD,MAAM,aACN,OAAO,gBA6DjB;wBA3JuB,gBAAgB"}

package/dist/test/mocks/key-manager.js

@@ -0,0 +1,137 @@
+import { createServer } from 'node:http';
+import * as Server from '@ucanto/server';
+import { CAR } from '@ucanto/transport';
+import * as Space from '@storacha/capabilities/space';
+import { base64 } from 'multiformats/bases/base64';
+/**
+ * Create mock KMS service with proper capability handlers
+ *
+ * @param {object} options
+ * @param {string} options.mockPublicKey - Mock RSA public key in PEM format
+ * @param {string} [options.mockProvider] - Mock KMS provider
+ * @param {string} [options.mockAlgorithm] - Mock algorithm
+ * @param {Function} [options.onEncryptionSetup] - Optional callback for setup calls
+ * @param {Function} [options.onKeyDecrypt] - Optional callback for decrypt calls
+ */
+export function createMockKeyManagerService(options) {
+    const { mockPublicKey, mockProvider = 'google-kms', mockAlgorithm = 'RSA-OAEP-2048-SHA256', onEncryptionSetup, onKeyDecrypt, } = options;
+    return {
+        space: {
+            encryption: {
+                setup: Server.provide(Space.EncryptionSetup, async (input) => {
+                    // Call optional callback for testing
+                    if (onEncryptionSetup) {
+                        onEncryptionSetup(input);
+                    }
+                    // Validate the space DID format
+                    if (!input.capability.with.startsWith('did:key:')) {
+                        return Server.error({
+                            name: 'InvalidSpace',
+                            message: 'Space DID must be a did:key',
+                        });
+                    }
+                    // Return mock RSA public key and metadata
+                    return Server.ok({
+                        publicKey: mockPublicKey,
+                        provider: mockProvider,
+                        algorithm: mockAlgorithm,
+                    });
+                }),
+                key: {
+                    decrypt: Server.provide(Space.EncryptionKeyDecrypt, async (input) => {
+                        // Call optional callback for testing
+                        if (onKeyDecrypt) {
+                            onKeyDecrypt(input);
+                        }
+                        // Validate the space DID
+                        if (!input.capability.with.startsWith('did:key:')) {
+                            return Server.error({
+                                name: 'InvalidSpace',
+                                message: 'Space DID must be a did:key',
+                            });
+                        }
+                        // Validate encrypted key is provided
+                        if (!input.capability.nb.key) {
+                            return Server.error({
+                                name: 'KeyNotFound',
+                                message: 'key is required',
+                            });
+                        }
+                        // For testing purposes, "decrypt" by converting bytes back to base64 string
+                        // In real implementation, this would call Google KMS
+                        const keyBytes = input.capability.nb.key;
+                        // No base64 decode here, just return the bytes as base64 string for mock
+                        const mockDecryptedKey = base64.encode(keyBytes);
+                        return Server.ok({
+                            decryptedSymmetricKey: mockDecryptedKey,
+                        });
+                    }),
+                },
+            },
+        },
+    };
+}
+/**
+ * Create a mock key manager service server
+ *
+ * @param {object} service - The service object with capability handlers
+ * @param {*} keyManagerServiceDID - The key manager service DID keypair
+ * @param {number} port - The port to listen on
+ * @param {boolean} [useHttps] - Whether to use HTTPS URLs (testing HTTPS scenarios)
+ */
+export function createMockKeyManagerServer(service, keyManagerServiceDID, port, useHttps = false) {
+    const ucantoServer = Server.create({
+        id: keyManagerServiceDID,
+        service,
+        codec: CAR.inbound,
+        validateAuthorization: () => ({ ok: {} }), // Skip auth validation for tests
+    });
+    const httpServer = createServer(async (req, res) => {
+        res.setHeader('Access-Control-Allow-Origin', '*');
+        res.setHeader('Access-Control-Allow-Methods', '*');
+        res.setHeader('Access-Control-Allow-Headers', '*');
+        if (req.method === 'OPTIONS')
+            return res.end();
+        if (req.method === 'POST') {
+            const bodyBuffer = Buffer.concat(await collect(req));
+            const reqHeaders = /** @type {Record<string, string>} */ (Object.fromEntries(Object.entries(req.headers)));
+            const { headers, body, status } = await ucantoServer.request({
+                body: new Uint8Array(bodyBuffer.buffer, bodyBuffer.byteOffset, bodyBuffer.byteLength),
+                headers: reqHeaders,
+            });
+            for (const [key, value] of Object.entries(headers)) {
+                res.setHeader(key, value);
+            }
+            res.writeHead(status ?? 200);
+            res.end(body);
+        }
+        else {
+            res.end();
+        }
+    });
+    return new Promise((resolve, reject) => {
+        httpServer.listen(port, (/** @type {Error | undefined} */ err) => {
+            if (err) {
+                reject(err);
+            }
+            else {
+                const protocol = useHttps ? 'https' : 'http';
+                resolve({
+                    server: httpServer,
+                    url: `${protocol}://localhost:${port}`,
+                    close: () => new Promise((resolve) => httpServer.close(resolve)),
+                });
+            }
+        });
+    });
+}
+/** @param {import('node:stream').Readable} stream */
+const collect = (stream) => {
+    return /** @type {Promise<Buffer[]>} */ (new Promise((resolve, reject) => {
+        const chunks = /** @type {Buffer[]} */ ([]);
+        stream.on('data', (chunk) => chunks.push(Buffer.from(chunk)));
+        stream.on('error', (err) => reject(err));
+        stream.on('end', () => resolve(chunks));
+    }));
+};
+//# sourceMappingURL=key-manager.js.map

package/dist/test/node-crypto-adapter.spec.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=node-crypto-adapter.spec.d.ts.map

package/dist/test/node-crypto-adapter.spec.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"node-crypto-adapter.spec.d.ts","sourceRoot":"","sources":["../../test/node-crypto-adapter.spec.js"],"names":[],"mappings":""}

package/dist/test/node-crypto-adapter.spec.js

@@ -0,0 +1,103 @@
+import { test, describe } from 'node:test';
+import assert from 'node:assert';
+import { NodeAesCbcCrypto } from '../src/crypto/symmetric/node-aes-cbc-crypto.js';
+import { stringToUint8Array, uint8ArrayToString, streamToUint8Array, createMockBlob, } from './helpers/test-file-utils.js';
+await describe('NodeAesCbcCrypto', async () => {
+    await test('should encrypt and decrypt data and return the original data', async () => {
+        const adapter = new NodeAesCbcCrypto();
+        const originalText = 'Hello, this is a test for Node.js AES-CBC encryption!';
+        const mockBlob = createMockBlob(stringToUint8Array(originalText));
+        // Encrypt
+        const { key, iv, encryptedStream } = await adapter.encryptStream(mockBlob);
+        // Decrypt
+        const decryptedStream = await adapter.decryptStream(encryptedStream, key, iv);
+        const decryptedBytes = await streamToUint8Array(decryptedStream);
+        const decryptedText = uint8ArrayToString(decryptedBytes);
+        assert.strictEqual(decryptedText, originalText);
+    });
+    await test('should handle empty data', async () => {
+        const adapter = new NodeAesCbcCrypto();
+        const mockBlob = createMockBlob(new Uint8Array(0));
+        const { key, iv, encryptedStream } = await adapter.encryptStream(mockBlob);
+        const decryptedStream = await adapter.decryptStream(encryptedStream, key, iv);
+        const decryptedBytes = await streamToUint8Array(decryptedStream);
+        assert.strictEqual(decryptedBytes.length, 0);
+    });
+    await test('should combine key and IV correctly', async () => {
+        const adapter = new NodeAesCbcCrypto();
+        const key = new Uint8Array(32).fill(3); // 32-byte AES-256 key
+        const iv = new Uint8Array(16).fill(6); // 16-byte AES-CBC IV
+        const combined = adapter.combineKeyAndIV(key, iv);
+        assert.strictEqual(combined.length, 48, 'Combined length should be 48 bytes (32 + 16)');
+        // Verify first 32 bytes are the key
+        for (let i = 0; i < 32; i++) {
+            assert.strictEqual(combined[i], 3, `Key byte ${i} should match`);
+        }
+        // Verify last 16 bytes are the IV
+        for (let i = 32; i < 48; i++) {
+            assert.strictEqual(combined[i], 6, `IV byte ${i - 32} should match`);
+        }
+    });
+    await test('should split combined key and IV correctly', async () => {
+        const adapter = new NodeAesCbcCrypto();
+        const originalKey = new Uint8Array(32).fill(123);
+        const originalIV = new Uint8Array(16).fill(234);
+        const combined = adapter.combineKeyAndIV(originalKey, originalIV);
+        const { key, iv } = adapter.splitKeyAndIV(combined);
+        assert.strictEqual(key.length, 32, 'Split key should be 32 bytes');
+        assert.strictEqual(iv.length, 16, 'Split IV should be 16 bytes');
+        // Verify key matches
+        for (let i = 0; i < 32; i++) {
+            assert.strictEqual(key[i], originalKey[i], `Key byte ${i} should match original`);
+        }
+        // Verify IV matches
+        for (let i = 0; i < 16; i++) {
+            assert.strictEqual(iv[i], originalIV[i], `IV byte ${i} should match original`);
+        }
+    });
+    await test('should roundtrip combine/split correctly', async () => {
+        const adapter = new NodeAesCbcCrypto();
+        const { randomBytes } = await import('crypto');
+        // Convert Buffer to Uint8Array to match the expected types
+        const originalKey = new Uint8Array(randomBytes(32));
+        const originalIV = new Uint8Array(randomBytes(16));
+        const combined = adapter.combineKeyAndIV(originalKey, originalIV);
+        const { key, iv } = adapter.splitKeyAndIV(combined);
+        assert.deepStrictEqual(key, originalKey, 'Roundtrip key should match original');
+        assert.deepStrictEqual(iv, originalIV, 'Roundtrip IV should match original');
+    });
+    await test('should validate key length in combineKeyAndIV', async () => {
+        const adapter = new NodeAesCbcCrypto();
+        const wrongKey = new Uint8Array(31); // Wrong size
+        const correctIV = new Uint8Array(16);
+        assert.throws(() => adapter.combineKeyAndIV(wrongKey, correctIV), {
+            name: 'Error',
+            message: 'AES-256 key must be 32 bytes, got 31',
+        }, 'Should throw error for wrong key size');
+    });
+    await test('should validate IV length in combineKeyAndIV', async () => {
+        const adapter = new NodeAesCbcCrypto();
+        const correctKey = new Uint8Array(32);
+        const wrongIV = new Uint8Array(15); // Wrong size
+        assert.throws(() => adapter.combineKeyAndIV(correctKey, wrongIV), {
+            name: 'Error',
+            message: 'AES-CBC IV must be 16 bytes, got 15',
+        }, 'Should throw error for wrong IV size');
+    });
+    await test('should validate combined length in splitKeyAndIV', async () => {
+        const adapter = new NodeAesCbcCrypto();
+        const wrongCombined = new Uint8Array(47); // Wrong size
+        assert.throws(() => adapter.splitKeyAndIV(wrongCombined), {
+            name: 'Error',
+            message: 'AES-256-CBC combined key+IV must be 48 bytes, got 47',
+        }, 'Should throw error for wrong combined size');
+    });
+    await test('should use constants for validation', async () => {
+        const adapter = new NodeAesCbcCrypto();
+        // Test with different wrong sizes to ensure constants are used
+        assert.throws(() => adapter.combineKeyAndIV(new Uint8Array(16), new Uint8Array(16)), /AES-256 key must be 32 bytes, got 16/, 'Should use KEY_LENGTH constant in error message');
+        assert.throws(() => adapter.combineKeyAndIV(new Uint8Array(32), new Uint8Array(8)), /AES-CBC IV must be 16 bytes, got 8/, 'Should use IV_LENGTH constant in error message');
+        assert.throws(() => adapter.splitKeyAndIV(new Uint8Array(32)), /AES-256-CBC combined key\+IV must be 48 bytes, got 32/, 'Should use calculated expected length in error message');
+    });
+});
+//# sourceMappingURL=node-crypto-adapter.spec.js.map

package/dist/test/node-generic-crypto-adapter.spec.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=node-generic-crypto-adapter.spec.d.ts.map

package/dist/test/node-generic-crypto-adapter.spec.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"node-generic-crypto-adapter.spec.d.ts","sourceRoot":"","sources":["../../test/node-generic-crypto-adapter.spec.js"],"names":[],"mappings":""}

package/dist/test/node-generic-crypto-adapter.spec.js

@@ -0,0 +1,95 @@
+import './setup.js';
+import { test, describe } from 'node:test';
+import assert from 'node:assert';
+import { GenericAesCtrStreamingCrypto } from '../src/crypto/symmetric/generic-aes-ctr-streaming-crypto.js';
+import { stringToUint8Array, streamToUint8Array, uint8ArrayToString, } from './helpers/test-file-utils.js';
+await describe('GenericAesCtrStreamingCrypto (Node Environment)', async () => {
+    await test('should encrypt and decrypt a Blob and return the original data', async () => {
+        const adapter = new GenericAesCtrStreamingCrypto();
+        const originalText = 'Op, this is a test for streaming encryption!';
+        const blob = new Blob([stringToUint8Array(originalText)]);
+        // Encrypt
+        const { key, iv, encryptedStream } = await adapter.encryptStream(blob);
+        // Decrypt
+        const decryptedStream = await adapter.decryptStream(encryptedStream, key, iv);
+        const decryptedBytes = await streamToUint8Array(decryptedStream);
+        const decryptedText = uint8ArrayToString(decryptedBytes);
+        assert.strictEqual(decryptedText, originalText);
+    });
+    await test('should handle empty data', async () => {
+        const adapter = new GenericAesCtrStreamingCrypto();
+        const blob = new Blob([]);
+        const { key, iv, encryptedStream } = await adapter.encryptStream(blob);
+        const decryptedStream = await adapter.decryptStream(encryptedStream, key, iv);
+        const decryptedBytes = await streamToUint8Array(decryptedStream);
+        assert.strictEqual(decryptedBytes.length, 0);
+    });
+    await test('should combine key and IV correctly', async () => {
+        const adapter = new GenericAesCtrStreamingCrypto();
+        const key = new Uint8Array(32).fill(1); // 32-byte AES-256 key
+        const iv = new Uint8Array(16).fill(2); // 16-byte AES-CTR IV
+        const combined = adapter.combineKeyAndIV(key, iv);
+        assert.strictEqual(combined.length, 48, 'Combined length should be 48 bytes (32 + 16)');
+        // Verify first 32 bytes are the key
+        for (let i = 0; i < 32; i++) {
+            assert.strictEqual(combined[i], 1, `Key byte ${i} should match`);
+        }
+        // Verify last 16 bytes are the IV
+        for (let i = 32; i < 48; i++) {
+            assert.strictEqual(combined[i], 2, `IV byte ${i - 32} should match`);
+        }
+    });
+    await test('should split combined key and IV correctly', async () => {
+        const adapter = new GenericAesCtrStreamingCrypto();
+        const originalKey = new Uint8Array(32).fill(42);
+        const originalIV = new Uint8Array(16).fill(84);
+        const combined = adapter.combineKeyAndIV(originalKey, originalIV);
+        const { key, iv } = adapter.splitKeyAndIV(combined);
+        assert.strictEqual(key.length, 32, 'Split key should be 32 bytes');
+        assert.strictEqual(iv.length, 16, 'Split IV should be 16 bytes');
+        // Verify key matches
+        for (let i = 0; i < 32; i++) {
+            assert.strictEqual(key[i], originalKey[i], `Key byte ${i} should match original`);
+        }
+        // Verify IV matches
+        for (let i = 0; i < 16; i++) {
+            assert.strictEqual(iv[i], originalIV[i], `IV byte ${i} should match original`);
+        }
+    });
+    await test('should roundtrip combine/split correctly', async () => {
+        const adapter = new GenericAesCtrStreamingCrypto();
+        const originalKey = globalThis.crypto.getRandomValues(new Uint8Array(32));
+        const originalIV = globalThis.crypto.getRandomValues(new Uint8Array(16));
+        const combined = adapter.combineKeyAndIV(originalKey, originalIV);
+        const { key, iv } = adapter.splitKeyAndIV(combined);
+        assert.deepStrictEqual(key, originalKey, 'Roundtrip key should match original');
+        assert.deepStrictEqual(iv, originalIV, 'Roundtrip IV should match original');
+    });
+    await test('should validate key length in combineKeyAndIV', async () => {
+        const adapter = new GenericAesCtrStreamingCrypto();
+        const wrongKey = new Uint8Array(31); // Wrong size
+        const correctIV = new Uint8Array(16);
+        assert.throws(() => adapter.combineKeyAndIV(wrongKey, correctIV), {
+            name: 'Error',
+            message: 'AES-256 key must be 32 bytes, got 31',
+        }, 'Should throw error for wrong key size');
+    });
+    await test('should validate IV length in combineKeyAndIV', async () => {
+        const adapter = new GenericAesCtrStreamingCrypto();
+        const correctKey = new Uint8Array(32);
+        const wrongIV = new Uint8Array(15); // Wrong size
+        assert.throws(() => adapter.combineKeyAndIV(correctKey, wrongIV), {
+            name: 'Error',
+            message: 'AES-CTR IV must be 16 bytes, got 15',
+        }, 'Should throw error for wrong IV size');
+    });
+    await test('should validate combined length in splitKeyAndIV', async () => {
+        const adapter = new GenericAesCtrStreamingCrypto();
+        const wrongCombined = new Uint8Array(47); // Wrong size
+        assert.throws(() => adapter.splitKeyAndIV(wrongCombined), {
+            name: 'Error',
+            message: 'AES-256-CTR combined key+IV must be 48 bytes, got 47',
+        }, 'Should throw error for wrong combined size');
+    });
+});
+//# sourceMappingURL=node-generic-crypto-adapter.spec.js.map

package/dist/test/setup.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=setup.d.ts.map

package/dist/test/setup.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"setup.d.ts","sourceRoot":"","sources":["../../test/setup.js"],"names":[],"mappings":""}

package/dist/test/setup.js

@@ -0,0 +1,12 @@
+// Centralized polyfill for globalThis.crypto for Node.js <19
+if (typeof globalThis.crypto === 'undefined') {
+    try {
+        // @ts-expect-error
+        globalThis.crypto = (await import('crypto')).webcrypto;
+    }
+    catch (e) {
+        throw new Error('globalThis.crypto is not available.');
+    }
+}
+export {};
+//# sourceMappingURL=setup.js.map