cyberchef 10.24.0 → 11.1.0

package/src/web/static/sitemap.mjs

@@ -1,5 +1,5 @@
-import sm from "sitemap";
-import OperationConfig from "../../core/config/OperationConfig.json" assert { type: "json" };
+import { SitemapStream, streamToPromise } from "sitemap";
+import OperationConfig from "../../core/config/OperationConfig.json" with { type: "json" };
 
 /**
  * Generates an XML sitemap for all CyberChef operations and a number of recipes.
@@ -11,7 +11,7 @@ import OperationConfig from "../../core/config/OperationConfig.json" assert { ty
 
 const baseUrl = "https://gchq.github.io/CyberChef/";
 
-const smStream = new sm.SitemapStream({});
+const smStream = new SitemapStream({});
 
 smStream.write({
     url: baseUrl,
@@ -28,6 +28,6 @@ for (const op in OperationConfig) {
 }
 smStream.end();
 
-sm.streamToPromise(smStream).then(
+streamToPromise(smStream).then(
     (buffer) => console.log(buffer.toString()), // eslint-disable-line no-console
 );

package/src/web/waiters/RecipeWaiter.mjs

@@ -487,11 +487,19 @@ class RecipeWaiter {
      * @param {HTMLElement} op
      */
     triggerArgEvents(op) {
-        // Trigger populateOption and argSelector events
+        // Trigger argSelector events and populateOption events only where the target is empty.
+        // When loading a saved recipe, arguments are populated before this method is called, so
+        // re-triggering populateOption events would overwrite saved custom values with defaults.
+        const args = op.querySelectorAll(".arg");
         const triggerableOptions = op.querySelectorAll(".populate-option, .arg-selector");
         const evt = new Event("change", {bubbles: true});
+
         if (triggerableOptions.length) {
             for (const el of triggerableOptions) {
+                if (el.classList.contains("populate-option")) {
+                    const target = args[el.getAttribute("data-target")];
+                    if (target && target.value !== "") continue;
+                }
                 el.dispatchEvent(evt);
             }
         }

package/tests/browser/02_ops.js

@@ -30,8 +30,8 @@ module.exports = {
         testOp(browser, "A1Z26 Cipher Decode", "20 5 19 20 15 21 20 16 21 20", "testoutput");
         testOp(browser, "A1Z26 Cipher Encode", "test input", "20 5 19 20 9 14 16 21 20");
         testOp(browser, "ADD", "test input", "Ê»ÉÊv¿ÄÆËÊ", [{ "option": "Hex", "string": "56" }]);
-        testOp(browser, "AES Decrypt", "b443f7f7c16ac5396a34273f6f639caa", "test output", [{ "option": "Hex", "string": "00112233445566778899aabbccddeeff" }, { "option": "Hex", "string": "00000000000000000000000000000000" }, "CBC", "Hex", "Raw", { "option": "Hex", "string": "" }]);
-        testOp(browser, "AES Encrypt", "test input", "e42eb8fbfb7a98fff061cd2c1a794d92", [{"option": "Hex", "string": "00112233445566778899aabbccddeeff"}, {"option": "Hex", "string": "00000000000000000000000000000000"}, "CBC", "Raw", "Hex"]);
+        testOp(browser, "AES Decrypt", "b443f7f7c16ac5396a34273f6f639caa", "test output", [{ "option": "Hex", "string": "00112233445566778899aabbccddeeff" }, { "option": "Hex", "string": "00000000000000000000000000000000" }, 16, "CBC", "Hex", "Raw", { "option": "Hex", "string": "" }, { "option": "Hex", "string": "" }, "Off"]);
+        testOp(browser, "AES Encrypt", "test input", "e42eb8fbfb7a98fff061cd2c1a794d92", [{"option": "Hex", "string": "00112233445566778899aabbccddeeff"}, {"option": "Hex", "string": "00000000000000000000000000000000"}, "CBC", "Raw", "Hex", "Off"]);
         testOp(browser, "AND", "test input", "4$04  $044", [{ "option": "Hex", "string": "34" }]);
         testOp(browser, "Add line numbers", "test input", "1 test input");
         testOp(browser, ["From Hex", "Add Text To Image", "SHA2"], Images.PNG_HEX, "50cdf8ea483c55564a091650c2bccb4586f919b721e5fe9d6a61660505b4346d6ebdb2ef0cf075a7728cd84cb26ea3e477b5bd86a94a49a27d79423994afb60a", [[], ["Chef", "Center", "Middle", 0, 0, 16, "Roboto"], []]);
@@ -64,7 +64,7 @@ module.exports = {
         testOp(browser, "BSON serialise", '{"a":"test"}', "\u0011\u0000\u0000\u0000\u0002a\u0000\u0005\u0000\u0000\u0000test\u0000\u0000");
         // testOp(browser, "Bacon Cipher Decode", "test input", "test_output");
         // testOp(browser, "Bacon Cipher Encode", "test input", "test_output");
-        testOp(browser, "Bcrypt", "test input", /^\$2a\$06\$.{53}$/, [6]);
+        testOp(browser, "Bcrypt", "test input", /^\$2b\$06\$.{53}$/, [6]);
         testOp(browser, "Bcrypt compare", "test input", "Match: test input", ["$2a$05$FCfBSVX7OeRkK.9kQVFCiOYu9XtwtIbePqUiroD1lkASW9q5QClzG"]);
         testOp(browser, "Bcrypt parse", "$2a$05$kXWtAIGB/R8VEzInoM5ocOTBtyc0m2YTIwFiBU/0XoW032f9QrkWW", /Rounds: 5/);
         testOp(browser, "Bifid Cipher Decode", "qblb tfovy", "test input", ["pass"]);
@@ -80,8 +80,8 @@ module.exports = {
         testOpHtml(browser, "Bombe", "XTSYN WAEUG EZALY NRQIM AMLZX MFUOD AWXLY LZCUZ QOQBQ JLCPK NDDRW F", "table tr:last-child td:first-child", "ECG", ["3-rotor", "LEYJVCNIXWPBQMDRTAKZGFUHOS", "BDFHJLCPRTXVZNYEIWGAKMUSQO<W", "AJDKSIRUXBLHWTMCQGZNPYFVOE<F", "ESOVPZJAYQUIRHXLNFTGKDCMWB<K", "AY BR CU DH EQ FS GL IP JX KN MO TZ VW", "HELLO CYBER CHEFU SER", 0, true]);
         testOp(browser, ["Bzip2 Compress", "To Hex"], "test input", "42 5a 68 39 31 41 59 26 53 59 cf 96 82 1d 00 00 03 91 80 40 00 02 21 4e 00 20 00 21 90 c2 10 c0 88 33 92 8e df 17 72 45 38 50 90 cf 96 82 1d");
         testOp(browser, ["From Hex", "Bzip2 Decompress"], "425a68393141592653597b0884b7000003038000008200ce00200021a647a4218013709517c5dc914e14241ec2212dc0", "test_output", [[], [true]]);
-    // testOp(browser, "CBOR Decode", "test input", "test output");
-    // testOp(browser, "CBOR Encode", "test input", "test output");
+        testOp(browser, ["From Hex", "CBOR Decode"], "f9 3e 00", "1.5");
+        testOp(browser, ["CBOR Encode", "To Hex"], "1.5", "f9 3e 00");
         testOp(browser, "CRC Checksum", "test input", "77c7", ["CRC-16"]);
         testOp(browser, "CRC Checksum", "test input", "29822bc8", ["CRC-32"]);
         testOp(browser, "CRC Checksum", "test input", "9d", ["CRC-8"]);
@@ -278,11 +278,11 @@ module.exports = {
         testOpHtml(browser, "Parse UDP", "04 89 00 35 00 2c 01 01", "tr:last-child td:last-child", "0x0101");
         // testOp(browser, "Parse UNIX file permissions", "test input", "test_output");
         // testOp(browser, "Parse URI", "test input", "test_output");
-    // testOp(browser, "Parse User Agent", "test input", "test_output");
+        testOp(browser, "Parse User Agent", "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0 ", /Architecture: amd64/);
         // testOp(browser, "Parse X.509 certificate", "test input", "test_output");
         testOpFile(browser, "Play Media", "files/mp3example.mp3", "audio", "");
         // testOp(browser, "Power Set", "test input", "test_output");
-    // testOp(browser, "Protobuf Decode", "test input", "test_output");
+        testOp(browser, ["From Hex", "Protobuf Decode"], "0d1c0000001203596f751a024d65202b2a0a0a066162633132331200", /"1": "abc123"/, [[], ["", false, false]]);
         // testOp(browser, "Pseudo-Random Number Generator", "test input", "test_output");
     // testOp(browser, "RC2 Decrypt", "test input", "test_output");
     // testOp(browser, "RC2 Encrypt", "test input", "test_output");

package/tests/browser/03_recipe_load.js

@@ -0,0 +1,48 @@
+/**
+ * Regression tests for recipe loading behaviour.
+ *
+ * @author C85297 [95289555+C85297@users.noreply.github.com]
+ * @copyright Crown Copyright
+ * @license Apache-2.0
+ */
+
+const utils = require("./browserUtils.js");
+
+module.exports = {
+    before: browser => {
+        browser
+            .resizeWindow(1280, 800)
+            .url(browser.launchUrl)
+            .useCss()
+            .waitForElementNotPresent("#preloader", 10000);
+    },
+
+    "Recipe load preserves populated arguments": browser => {
+        const inputFormat = "HH:mm:ss a MMM DD, YYYY ";
+        const input = "10:20:30 pm Sep 26, 2019 ";
+
+        utils.loadRecipe(
+            browser,
+            "Translate DateTime Format",
+            input,
+            [
+                "Standard date and time",
+                inputFormat,
+                "UTC",
+                "DD/MM/YYYY HH:mm:ss",
+                "UTC"
+            ]
+        );
+
+        browser.execute(() => {
+            return Array.from(document.querySelectorAll("#rec-list li.operation .arg"))
+                .map(arg => arg.value);
+        }, [], function({value}) {
+            browser.expect(value[1]).to.equal(inputFormat);
+        });
+    },
+
+    after: browser => {
+        browser.end();
+    }
+};

package/tests/browser/browserUtils.js

@@ -51,14 +51,17 @@ function setInput(browser, input, type=true) {
  */
 function bake(browser) {
     browser
+        // Let any pending debounced inputChange/stateChange (~20ms each) fire so the
+        // worker has the latest input buffer before we ask it to bake.
+        .pause(50)
         // Ensure we're not currently busy
-        .waitForElementNotVisible("#output-loader", 5000)
+        .waitForElementNotVisible("#output-loader", 10000)
         .expect.element("#bake span").text.to.equal("BAKE!");
 
     browser
         .click("#bake")
-        .waitForElementNotVisible("#stale-indicator", 5000)
-        .waitForElementNotVisible("#output-loader", 5000);
+        .waitForElementNotVisible("#stale-indicator", 10000)
+        .waitForElementNotVisible("#output-loader", 10000);
 }
 
 /** @function

package/tests/lib/wasmFetchPolyfill.mjs

@@ -0,0 +1,31 @@
+/**
+ * Polyfill for Node.js 22+ where globalThis.fetch is built-in but rejects
+ * bare filesystem paths. WASM libraries like argon2-browser call fetch() with
+ * an absolute path (e.g. "/path/to/argon2.wasm") expecting a browser-style
+ * fallback, but Node.js 22's fetch throws synchronously for non-URL strings.
+ *
+ * This wrapper intercepts such calls and serves the file via Node's fs module,
+ * returning a synthetic Response so the WASM module loads correctly.
+ */
+
+import { readFile } from "fs/promises";
+
+if (globalThis.fetch) {
+    const originalFetch = globalThis.fetch;
+    globalThis.fetch = async function patchedFetch(url, options) {
+        const urlStr = typeof url === "string" ?
+            url :
+            url instanceof URL ?
+                url.href :
+                String(url);
+        // Intercept bare filesystem paths (absolute POSIX or Windows)
+        if (urlStr.startsWith("/") || /^[A-Za-z]:[/\\]/.test(urlStr)) {
+            const buffer = await readFile(urlStr);
+            return new Response(buffer, {
+                status: 200,
+                headers: { "Content-Type": "application/wasm" },
+            });
+        }
+        return originalFetch(url, options);
+    };
+}

package/tests/node/consumers/cjs-consumer.js

@@ -8,9 +8,9 @@
 
 const assert = require("assert");
 
-require("cyberchef").then(chef => {
+require("cyberchef").then(async chef => {
 
-    const d = chef.bake("Testing, 1 2 3", [
+    const d = await chef.bake("Testing, 1 2 3", [
         chef.toHex,
         chef.reverse,
         {

package/tests/node/consumers/esm-consumer.mjs

@@ -9,7 +9,7 @@ import assert from "assert";
 import chef from "cyberchef";
 import { bake, toHex, reverse, unique, multiply } from "cyberchef";
 
-const a = bake("Testing, 1 2 3", [
+const a = await bake("Testing, 1 2 3", [
     toHex,
     reverse,
     {
@@ -28,7 +28,7 @@ const a = bake("Testing, 1 2 3", [
 
 assert.equal(a.value, "630957449041920");
 
-const b = chef.bake("Testing, 1 2 3", [
+const b = await chef.bake("Testing, 1 2 3", [
     chef.toHex,
     chef.reverse,
     {

package/tests/node/index.mjs

@@ -18,6 +18,7 @@ import {
 import TestRegister from "../lib/TestRegister.mjs";
 import "./tests/nodeApi.mjs";
 import "./tests/operations.mjs";
+import "./tests/PGP.mjs";
 import "./tests/File.mjs";
 import "./tests/Dish.mjs";
 import "./tests/NodeDish.mjs";

package/tests/node/tests/Categories.mjs

@@ -1,6 +1,6 @@
 import TestRegister from "../../lib/TestRegister.mjs";
-import Categories from "../../../src/core/config/Categories.json" assert {type: "json"};
-import OperationConfig from "../../../src/core/config/OperationConfig.json" assert {type: "json"};
+import Categories from "../../../src/core/config/Categories.json" with { type: "json" };
+import OperationConfig from "../../../src/core/config/OperationConfig.json" with { type: "json" };
 import it from "../assertionHandler.mjs";
 import assert from "assert";
 

package/tests/node/tests/PGP.mjs

@@ -0,0 +1,69 @@
+/**
+ * PGP node tests.
+ *
+ * @author C85297 [95289555+C85297@users.noreply.github.com]
+ * @copyright Crown Copyright 2026
+ * @license Apache-2.0
+ */
+
+import assert from "assert";
+import kbpgp from "kbpgp";
+import * as es6promisify from "es6-promisify";
+
+import TestRegister from "../../lib/TestRegister.mjs";
+import it from "../assertionHandler.mjs";
+import GeneratePGPKeyPair from "../../../src/core/operations/GeneratePGPKeyPair.mjs";
+
+const promisify = es6promisify.default ? es6promisify.default.promisify : es6promisify.promisify;
+
+const PUBLIC_KEY_BLOCK = /-----BEGIN PGP PUBLIC KEY BLOCK-----[\s\S]*-----END PGP PUBLIC KEY BLOCK-----/;
+
+/**
+ * Generate a PGP key pair and import the generated public key.
+ *
+ * @param {string} keyType
+ * @returns {Promise<Object>}
+ */
+async function generateAndImportPublicKey(keyType) {
+    const operation = new GeneratePGPKeyPair();
+    const generatedKeyPair = await operation.run("", [
+        keyType,
+        "",
+        "User",
+        "akb@notreal.gchq.gov.uk"
+    ]);
+
+    const publicKey = generatedKeyPair.match(PUBLIC_KEY_BLOCK);
+
+    assert(publicKey, "Generated key pair should contain an ASCII-armoured public key");
+
+    return promisify(kbpgp.KeyManager.import_from_armored_pgp)({
+        armored: publicKey[0],
+        opts: {
+            "no_check_keys": true
+        }
+    });
+}
+
+TestRegister.addApiTests([
+    it("Generate PGP Key Pair: ECC keys should include ECDSA signing and ECDH encryption subkeys", async () => {
+        const publicKey = await generateAndImportPublicKey("ECC-256");
+        const subkeyAlgorithms = publicKey.subkeys.map(subkey => subkey.key.type);
+
+        assert.strictEqual(
+            publicKey.primary.key.type,
+            kbpgp.const.openpgp.public_key_algorithms.ECDSA,
+            "Generated ECC PGP primary key should use ECDSA"
+        );
+
+        assert(
+            subkeyAlgorithms.includes(kbpgp.const.openpgp.public_key_algorithms.ECDSA),
+            "Generated ECC PGP key should include an ECDSA signing subkey"
+        );
+
+        assert(
+            subkeyAlgorithms.includes(kbpgp.const.openpgp.public_key_algorithms.ECDH),
+            "Generated ECC PGP key should include an ECDH encryption subkey"
+        );
+    })
+]);

package/tests/node/tests/nodeApi.mjs

@@ -170,77 +170,77 @@ TestRegister.addApiTests([
         assert(chef.bake);
     }),
 
-    it("chef.bake: should return NodeDish", () => {
-        const result = chef.bake("input", "to base 64");
+    it("chef.bake: should return NodeDish", async () => {
+        const result = await chef.bake("input", "to base 64");
         assert(result instanceof NodeDish);
     }),
 
-    it("chef.bake: should take an input and an op name and perform it", () => {
-        const result = chef.bake("some input", "to base 32");
+    it("chef.bake: should take an input and an op name and perform it", async () => {
+        const result = await chef.bake("some input", "to base 32");
         assert.strictEqual(result.toString(), "ONXW2ZJANFXHA5LU");
     }),
 
-    it("chef.bake: should complain if recipe isnt a valid object", () => {
-        assert.throws(() => chef.bake("some input", 3264), {
+    it("chef.bake: should complain if recipe isnt a valid object", async () => {
+        await assert.rejects(() => chef.bake("some input", 3264), {
             name: "TypeError",
             message: "Recipe can only contain function names or functions"
         });
     }),
 
-    it("chef.bake: Should complain if string op is invalid", () => {
-        assert.throws(() => chef.bake("some input", "not a valid operation"), {
+    it("chef.bake: Should complain if string op is invalid", async () => {
+        await assert.rejects(() => chef.bake("some input", "not a valid operation"), {
             name: "TypeError",
             message: "Couldn't find an operation with name 'not a valid operation'."
         });
     }),
 
-    it("chef.bake: Should take an input and an operation and perform it", () => {
-        const result = chef.bake("https://google.com/search?q=help", chef.parseURI);
+    it("chef.bake: Should take an input and an operation and perform it", async () => {
+        const result = await chef.bake("https://google.com/search?q=help", chef.parseURI);
         assert.strictEqual(result.toString(), "Protocol:\thttps:\nHostname:\tgoogle.com\nPath name:\t/search\nArguments:\n\tq = help\n");
     }),
 
-    it("chef.bake: Should complain if an invalid operation is inputted", () => {
-        assert.throws(() => chef.bake("https://google.com/search?q=help", () => {}), {
+    it("chef.bake: Should complain if an invalid operation is inputted", async () => {
+        await assert.rejects(() => chef.bake("https://google.com/search?q=help", () => {}), {
             name: "TypeError",
             message: "Inputted function not a Chef operation."
         });
     }),
 
-    it("chef.bake: accepts an array of operation names and performs them all in order", () => {
-        const result = chef.bake("https://google.com/search?q=that's a complicated question", ["URL encode", "URL decode", "Parse URI"]);
+    it("chef.bake: accepts an array of operation names and performs them all in order", async () => {
+        const result = await chef.bake("https://google.com/search?q=that's a complicated question", ["URL encode", "URL decode", "Parse URI"]);
         assert.strictEqual(result.toString(), "Protocol:\thttps:\nHostname:\tgoogle.com\nPath name:\t/search\nArguments:\n\tq = that's a complicated question\n");
     }),
 
-    it("chef.bake: forgiving with operation names", () =>{
-        const result = chef.bake("https://google.com/search?q=that's a complicated question", ["urlencode", "url decode", "parseURI"]);
+    it("chef.bake: forgiving with operation names", async () =>{
+        const result = await chef.bake("https://google.com/search?q=that's a complicated question", ["urlencode", "url decode", "parseURI"]);
         assert.strictEqual(result.toString(), "Protocol:\thttps:\nHostname:\tgoogle.com\nPath name:\t/search\nArguments:\n\tq = that's a complicated question\n");
     }),
 
-    it("chef.bake: forgiving with operation names", () =>{
-        const result = chef.bake("hello", ["to base 64"]);
+    it("chef.bake: forgiving with operation names", async () =>{
+        const result = await chef.bake("hello", ["to base 64"]);
         assert.strictEqual(result.toString(), "aGVsbG8=");
     }),
 
-    it("chef.bake: if recipe is empty array, return input as dish", () => {
-        const result = chef.bake("some input", []);
+    it("chef.bake: if recipe is empty array, return input as dish", async () => {
+        const result = await chef.bake("some input", []);
         assert.strictEqual(result.toString(), "some input");
         assert(result instanceof NodeDish, "Result is not instance of NodeDish");
     }),
 
-    it("chef.bake: accepts an array of operations as recipe", () => {
-        const result = chef.bake("https://google.com/search?q=that's a complicated question", [chef.URLEncode, chef.URLDecode, chef.parseURI]);
+    it("chef.bake: accepts an array of operations as recipe", async () => {
+        const result = await chef.bake("https://google.com/search?q=that's a complicated question", [chef.URLEncode, chef.URLDecode, chef.parseURI]);
         assert.strictEqual(result.toString(), "Protocol:\thttps:\nHostname:\tgoogle.com\nPath name:\t/search\nArguments:\n\tq = that's a complicated question\n");
     }),
 
-    it("should complain if an invalid operation is inputted as part of array", () => {
-        assert.throws(() => chef.bake("something", [() => {}]), {
+    it("should complain if an invalid operation is inputted as part of array", async () => {
+        await assert.rejects(() => chef.bake("something", [() => {}]), {
             name: "TypeError",
             message: "Inputted function not a Chef operation."
         });
     }),
 
-    it("chef.bake: should take single JSON object describing op and args OBJ", () => {
-        const result = chef.bake("some input", {
+    it("chef.bake: should take single JSON object describing op and args OBJ", async () => {
+        const result = await chef.bake("some input", {
             op: chef.toHex,
             args: {
                 Delimiter: "Colon"
@@ -249,23 +249,23 @@ TestRegister.addApiTests([
         assert.strictEqual(result.toString(), "73:6f:6d:65:20:69:6e:70:75:74");
     }),
 
-    it("chef.bake: should take single JSON object desribing op with optional args", () => {
-        const result = chef.bake("some input", {
+    it("chef.bake: should take single JSON object desribing op with optional args", async () => {
+        const result = await chef.bake("some input", {
             op: chef.toHex,
         });
         assert.strictEqual(result.toString(), "73 6f 6d 65 20 69 6e 70 75 74");
     }),
 
-    it("chef.bake: should take single JSON object describing op and args ARRAY", () => {
-        const result = chef.bake("some input", {
+    it("chef.bake: should take single JSON object describing op and args ARRAY", async () => {
+        const result = await chef.bake("some input", {
             op: chef.toHex,
             args: ["Colon"]
         });
         assert.strictEqual(result.toString(), "73:6f:6d:65:20:69:6e:70:75:74");
     }),
 
-    it("chef.bake: should error if op in JSON is not chef op", () => {
-        assert.throws(() => chef.bake("some input", {
+    it("chef.bake: should error if op in JSON is not chef op", async () => {
+        await assert.rejects(() => chef.bake("some input", {
             op: () => {},
             args: ["Colon"],
         }), {
@@ -274,8 +274,8 @@ TestRegister.addApiTests([
         });
     }),
 
-    it("chef.bake: should take multiple ops in JSON object form, some ops by string", () => {
-        const result = chef.bake("some input", [
+    it("chef.bake: should take multiple ops in JSON object form, some ops by string", async () => {
+        const result = await chef.bake("some input", [
             {
                 op: chef.toHex,
                 args: ["Colon"]
@@ -290,8 +290,8 @@ TestRegister.addApiTests([
         assert.strictEqual(result.toString(), "67;63;72;66;146;72;66;144;72;66;65;72;62;60;72;66;71;72;66;145;72;67;60;72;67;65;72;67;64");
     }),
 
-    it("chef.bake: should take multiple ops in JSON object form, some without args", () => {
-        const result = chef.bake("some input", [
+    it("chef.bake: should take multiple ops in JSON object form, some without args", async () => {
+        const result = await chef.bake("some input", [
             {
                 op: chef.toHex,
             },
@@ -305,8 +305,8 @@ TestRegister.addApiTests([
         assert.strictEqual(result.toString(), "67;63;40;66;146;40;66;144;40;66;65;40;62;60;40;66;71;40;66;145;40;67;60;40;67;65;40;67;64");
     }),
 
-    it("chef.bake: should handle op with multiple args", () => {
-        const result = chef.bake("some input", {
+    it("chef.bake: should handle op with multiple args", async () => {
+        const result = await chef.bake("some input", {
             op: "to morse code",
             args: {
                 formatOptions: "Dash/Dot",
@@ -317,13 +317,13 @@ TestRegister.addApiTests([
         assert.strictEqual(result.toString(), "DotDotDot\\DashDashDash\\DashDash\\Dot,DotDot\\DashDot\\DotDashDashDot\\DotDotDash\\Dash");
     }),
 
-    it("chef.bake: should take compact JSON format from Chef Website as recipe", () => {
-        const result = chef.bake("some input", [{"op": "To Morse Code", "args": ["Dash/Dot", "Backslash", "Comma"]}, {"op": "Hex to PEM", "args": ["SOMETHING"]}, {"op": "To Snake case", "args": [false]}]);
+    it("chef.bake: should take compact JSON format from Chef Website as recipe", async () => {
+        const result = await chef.bake("some input", [{"op": "To Morse Code", "args": ["Dash/Dot", "Backslash", "Comma"]}, {"op": "Hex to PEM", "args": ["SOMETHING"]}, {"op": "To Snake case", "args": [false]}]);
         assert.strictEqual(result.toString(), "begin_something_anananaaaaak_da_aaak_da_aaaaananaaaaaaan_da_aaaaaaanan_da_aaak_end_something");
     }),
 
-    it("chef.bake: should accept Clean JSON format from Chef website as recipe", () => {
-        const result = chef.bake("some input", [
+    it("chef.bake: should accept Clean JSON format from Chef website as recipe", async () => {
+        const result = await chef.bake("some input", [
             { "op": "To Morse Code",
                 "args": ["Dash/Dot", "Backslash", "Comma"] },
             { "op": "Hex to PEM",
@@ -334,8 +334,8 @@ TestRegister.addApiTests([
         assert.strictEqual(result.toString(), "begin_something_anananaaaaak_da_aaak_da_aaaaananaaaaaaan_da_aaaaaaanan_da_aaak_end_something");
     }),
 
-    it("chef.bake: should accept Clean JSON format from Chef website - args optional", () => {
-        const result = chef.bake("some input", [
+    it("chef.bake: should accept Clean JSON format from Chef website - args optional", async () => {
+        const result = await chef.bake("some input", [
             { "op": "To Morse Code" },
             { "op": "Hex to PEM",
                 "args": ["SOMETHING"] },
@@ -345,31 +345,28 @@ TestRegister.addApiTests([
         assert.strictEqual(result.toString(), "begin_something_aaaaaaaaaaaaaa_end_something");
     }),
 
-    it("chef.bake: should accept operation names from Chef Website which contain forward slash", () => {
-        const result = chef.bake("I'll have the test salmon", [
+    it("chef.bake: should accept operation names from Chef Website which contain forward slash", async () => {
+        const result = await chef.bake("I'll have the test salmon", [
             { "op": "Find / Replace",
                 "args": [{ "option": "Regex", "string": "test" }, "good", true, false, true, false]}
         ]);
         assert.strictEqual(result.toString(), "I'll have the good salmon");
     }),
 
-    it("chef.bake: should accept operation names from Chef Website which contain a hyphen", () => {
-        const result = chef.bake("I'll have the test salmon", [
+    it("chef.bake: should accept operation names from Chef Website which contain a hyphen", async () => {
+        const result = await chef.bake("I'll have the test salmon", [
             { "op": "Adler-32 Checksum",
                 "args": [] }
         ]);
         assert.strictEqual(result.toString(), "6e4208f8");
     }),
 
-    it("chef.bake: should accept operation names from Chef Website which contain a period", () => {
-        const result = chef.bake("30 13 02 01 05 16 0e 41 6e 79 62 6f 64 79 20 74 68 65 72 65 3f", [
+    it("chef.bake: should accept operation names from Chef Website which contain a period", async () => {
+        const result = await chef.bake("30 13 02 01 05 16 0e 41 6e 79 62 6f 64 79 20 74 68 65 72 65 3f", [
             { "op": "Parse ASN.1 hex string",
                 "args": [0, 32] }
         ]);
-        assert.strictEqual(result.toString(), `SEQUENCE
-  INTEGER 05
-  IA5String 'Anybody there?'
-`);
+        assert.strictEqual(result.toString(), `SEQUENCE\n  INTEGER 05\n  IA5String 'Anybody there?'\n`);
     }),
 
     it("Excluded operations: throw a sensible error when you try and call one", () => {
@@ -381,16 +378,16 @@ TestRegister.addApiTests([
         }
     }),
 
-    it("chef.bake: cannot accept flowControl operations in recipe", () => {
-        assert.throws(() => chef.bake("some input", "magic"), {
+    it("chef.bake: cannot accept flowControl operations in recipe", async () => {
+        await assert.rejects(() => chef.bake("some input", "magic"), {
             name: "TypeError",
             message: "flowControl operations like Magic are not currently allowed in recipes for chef.bake in the Node API"
         });
-        assert.throws(() => chef.bake("some input", magic), {
+        await assert.rejects(() => chef.bake("some input", magic), {
             name: "TypeError",
             message: "flowControl operations like Magic are not currently allowed in recipes for chef.bake in the Node API"
         });
-        assert.throws(() => chef.bake("some input", ["to base 64", "magic"]), {
+        await assert.rejects(() => chef.bake("some input", ["to base 64", "magic"]), {
             name: "TypeError",
             message: "flowControl operations like Magic are not currently allowed in recipes for chef.bake in the Node API"
         });

package/tests/node/tests/operations.mjs

@@ -79,7 +79,46 @@ TestRegister.addApiTests([
                 string: "some iv some iv1",
                 option: "utf8",
             },
+            ivLength: 16,
             mode: "OFB",
+            inputType: "Hex",
+            outputType: "Raw",
+            gcmTag: {
+                option: "Hex",
+                string: ""
+            },
+            aad: {
+                option: "Hex",
+                string: ""
+            },
+            ivFromInput: "Off"
+        });
+        assert.equal(result.toString(), "a slightly longer sampleinput?");
+    }),
+
+    it("AES decrypt: IV from input", () => {
+        const result = AESDecrypt("4a123af235a507bbc9d5871721d61b98504d569a9a5a7847e2d78315fec7736f6d6520697620736f6d6520697631", {
+            key: {
+                string: "some longer key1",
+                option: "utf8",
+            },
+            iv: {
+                string: "",
+                option: "Hex",
+            },
+            ivLength: 16,
+            mode: "OFB",
+            inputType: "Hex",
+            outputType: "Raw",
+            gcmTag: {
+                option: "Hex",
+                string: ""
+            },
+            aad: {
+                option: "Hex",
+                string: ""
+            },
+            ivFromInput: "From end"
         });
         assert.equal(result.toString(), "a slightly longer sampleinput?");
     }),
@@ -136,8 +175,8 @@ Tiger-128`;
     it("Bcrypt", async () => {
         const result = await chef.bcrypt("Put a Sock In It");
         const strResult = result.toString();
-        assert.equal(strResult.length, 60);
-        assert.equal(strResult.slice(0, 7), "$2a$10$");
+        assert.match(strResult, /^\$2b\$10\$[./A-Za-z0-9]{53}$/);
+        assert.equal(strResult.split("$").length, 4);
     }),
 
     it("bcryptCompare", async() => {