retornando possibilidade de hashes para kdf e corrigindo os defeitos …

…apontos pelos testes unitários relacionados a este trecho
antonioconselheiro · Feb 14, 2024 · 64c5d65 · 64c5d65
1 parent f0c826f
commit 64c5d65
Show file tree

Hide file tree

Showing 32 changed files with 97 additions and 15 deletions.
diff --git a/.vscode/settings.json b/.vscode/settings.json
diff --git a/TODO b/TODO
diff --git a/docs/ciphers/jest-html-reporters-attach/test-report/result.js b/docs/ciphers/jest-html-reporters-attach/test-report/result.js
diff --git a/docs/ciphers/test-report.html b/docs/ciphers/test-report.html
diff --git a/docs/core/jest-html-reporters-attach/test-report/result.js b/docs/core/jest-html-reporters-attach/test-report/result.js
diff --git a/docs/core/test-report.html b/docs/core/test-report.html
diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/ciphers/aes/cbc/index.ts b/packages/ciphers/aes/cbc/index.ts
@@ -20,8 +20,10 @@ class EncryptedURIAESCBCDecrypter extends EncryptedURIDecrypter<TInitializationV
     const ivhex = getInitializationVector(this.decoded);
     const cipher = base64.decode(this.decoded.cipher);
     const params = getSalt(cipher, this.decoded?.params);
+    console.info(' >>> this.decoded: ', this.decoded);
+    const derivatedKey = kdf(this.password, params.salt, this.decoded);
 
-    const result = await cbc(kdf(this.password, params.salt, this.decoded), hexToBytes(ivhex))
+    const result = await cbc(derivatedKey, hexToBytes(ivhex))
       .decrypt(params.cipher);
 
     return bytesToUtf8(result);
@@ -46,7 +48,9 @@ class EncryptedURIAESCBCEncrypter extends EncryptedURIEncrypter<TInitializationV
     const content = utf8ToBytes(this.params.content);
     const saltLength = 8;
     const salt = randomBytes(saltLength);
-    const cipher = await cbc(kdf(this.params.password, salt, this.params), iv).encrypt(content);
+    console.info(' >>> this.params: ', this.params);
+    const derivatedKey = kdf(this.params.password, salt, this.params);
+    const cipher = await cbc(derivatedKey, iv).encrypt(content);
 
     return Promise.resolve({
       cipher: base64.encode(OpenSSLSerializer.encode(cipher, salt)),

diff --git a/packages/ciphers/aes/kdf.ts b/packages/ciphers/aes/kdf.ts
@@ -5,9 +5,10 @@ import { HashSupport } from '../hashes/hash-support';
 export function kdf<T extends TURIParams>(
   password: string,
   salt: Uint8Array,
-  decoded?: TEncryptedURI<T> | TEncryptedURIResultset<T>
+  kdfConfig?: TEncryptedURI<T> | TEncryptedURIResultset<T>
 ): Uint8Array {
-  const cfg = EncryptedURI.getKDFConfig(decoded);
+  const cfg = EncryptedURI.getKDFConfig(kdfConfig);
+  console.info(' >>> cfg: ', cfg);
 
   const saltLength = 8;
   if (salt.length !== saltLength) {

diff --git a/packages/ciphers/aes/openssl-serializer.ts b/packages/ciphers/aes/openssl-serializer.ts
diff --git a/packages/ciphers/aes/salt.ts b/packages/ciphers/aes/salt.ts
diff --git a/packages/ciphers/hashes/hash-support.ts b/packages/ciphers/hashes/hash-support.ts
diff --git a/packages/ciphers/hashes/index.ts b/packages/ciphers/hashes/index.ts
@@ -1 +1,12 @@
-export * from './sha256';
+export * from './keccak_224';
+export * from './keccak_256';
+export * from './keccak_384';
+export * from './keccak_512';
+export * from './sha256';
+export * from './sha384';
+export * from './sha3_224';
+export * from './sha3_256';
+export * from './sha3_384';
+export * from './sha3_512';
+export * from './sha512';
+export * from './sha512_256';
diff --git a/packages/ciphers/hashes/keccak_224.ts b/packages/ciphers/hashes/keccak_224.ts
@@ -0,0 +1,4 @@
+import { keccak_224 } from '@noble/hashes/sha3';
+import { HashSupport } from './hash-support';
+
+HashSupport.addSupport('keccak_224', keccak_224);
diff --git a/packages/ciphers/hashes/keccak_256.ts b/packages/ciphers/hashes/keccak_256.ts
@@ -0,0 +1,4 @@
+import { keccak_256 } from '@noble/hashes/sha3';
+import { HashSupport } from './hash-support';
+
+HashSupport.addSupport('keccak_256', keccak_256);
diff --git a/packages/ciphers/hashes/keccak_384.ts b/packages/ciphers/hashes/keccak_384.ts
@@ -0,0 +1,5 @@
+import { keccak_384 } from '@noble/hashes/sha3';
+import { HashSupport } from './hash-support';
+
+HashSupport.addSupport('keccak_384', keccak_384);
+
diff --git a/packages/ciphers/hashes/keccak_512.ts b/packages/ciphers/hashes/keccak_512.ts
@@ -0,0 +1,5 @@
+import { keccak_512 } from '@noble/hashes/sha3';
+import { HashSupport } from './hash-support';
+
+HashSupport.addSupport('keccak_512', keccak_512);
+
diff --git a/packages/ciphers/hashes/sha256.ts b/packages/ciphers/hashes/sha256.ts
diff --git a/packages/ciphers/hashes/sha384.ts b/packages/ciphers/hashes/sha384.ts
@@ -0,0 +1,4 @@
+import { sha384 } from '@noble/hashes/sha512'
+import { HashSupport } from './hash-support';
+
+HashSupport.addSupport('sha384', sha384);
diff --git a/packages/ciphers/hashes/sha3_224.ts b/packages/ciphers/hashes/sha3_224.ts
@@ -0,0 +1,4 @@
+import { sha3_224 } from '@noble/hashes/sha3';
+import { HashSupport } from './hash-support';
+
+HashSupport.addSupport('sha3_224', sha3_224);
diff --git a/packages/ciphers/hashes/sha3_256.ts b/packages/ciphers/hashes/sha3_256.ts
@@ -0,0 +1,4 @@
+import { sha3_256 } from '@noble/hashes/sha3';
+import { HashSupport } from './hash-support';
+
+HashSupport.addSupport('sha3_256', sha3_256);
diff --git a/packages/ciphers/hashes/sha3_384.ts b/packages/ciphers/hashes/sha3_384.ts
@@ -0,0 +1,4 @@
+import { sha3_384 } from '@noble/hashes/sha3';
+import { HashSupport } from './hash-support';
+
+HashSupport.addSupport('sha3_384', sha3_384);
diff --git a/packages/ciphers/hashes/sha3_512.ts b/packages/ciphers/hashes/sha3_512.ts
@@ -0,0 +1,4 @@
+import { sha3_512 } from '@noble/hashes/sha3';
+import { HashSupport } from './hash-support';
+
+HashSupport.addSupport('sha3_512', sha3_512);
diff --git a/packages/ciphers/hashes/sha512.ts b/packages/ciphers/hashes/sha512.ts
@@ -0,0 +1,4 @@
+import { sha512 } from '@noble/hashes/sha512';
+import { HashSupport } from './hash-support';
+
+HashSupport.addSupport('sha512', sha512);
diff --git a/packages/ciphers/hashes/sha512_256.ts b/packages/ciphers/hashes/sha512_256.ts
@@ -0,0 +1,4 @@
+import { sha512_256 } from '@noble/hashes/sha512';
+import { HashSupport } from './hash-support';
+
+HashSupport.addSupport('sha512_256', sha512_256);
diff --git a/packages/ciphers/jest.config.js b/packages/ciphers/jest.config.js
diff --git a/packages/ciphers/kdf.test.ts b/packages/ciphers/kdf.test.ts
diff --git a/packages/ciphers/package-lock.json b/packages/ciphers/package-lock.json
diff --git a/packages/ciphers/params.test.ts b/packages/ciphers/params.test.ts
@@ -2,7 +2,7 @@ import { EncryptedURI, EncryptedURIParser, TEncryptedURIKDFConfig } from '@encry
 import './aes';
 import './hashes';
 
-xdescribe('hashing customization', () => {
+describe('hashing customization', () => {
   it('[3] kdf with hasher sha512', async () => {
     const kdf: TEncryptedURIKDFConfig = {
       hasher: 'sha512' as any as 'sha256'

diff --git a/packages/core/index.test.ts b/packages/core/index.test.ts
@@ -346,7 +346,7 @@ describe('EncryptedURI object', () => {
 });
 
 describe('EncryptedURI getKDFConfig', () => {
-  it('[1] EncryptedURI get KDF config from decoded URI', () => {
+  it('[1] EncryptedURI get KDF config from KDF config', () => {
     const configs = EncryptedURI.getKDFConfig({
       algorithm: 'aes/cbc',
       content: 'mensagem secreta, favor não ler em voz alta',
@@ -369,4 +369,27 @@ describe('EncryptedURI getKDFConfig', () => {
     });
 
   });
+
+
+  it('[2] EncryptedURI get KDF config from decoded URI', () => {
+    const configs = EncryptedURI.getKDFConfig({
+      algorithm: 'aes/cbc',
+      cipher: 'U2FsdGVkX18WeA03azX1tWETWsG/oSiQYzgI0en6RPgQ7Z2i9YbxCL3VcfzL6nsFo5Sdf0xF/UVatnJEehkcHQ==',
+      queryString: 'iv=44b9c510f05a8461c0ad153ba915d9dc&h=keccak_224',
+      params: {
+        iv: '44b9c510f05a8461c0ad153ba915d9dc',
+        h: 'keccak_224'
+      }
+    });
+
+    expect(configs).toEqual({
+      kdf: 'pbkdf2',
+      ignoreDefaults: true,
+      hasher: 'keccak_224',
+      rounds: 32,
+      derivateKeyLength: 32
+    });
+
+  });
+
 });
diff --git a/packages/core/index.ts b/packages/core/index.ts
@@ -53,7 +53,7 @@ export type TEncryptedURIKDFConfig = {
    * 
    * @default sha256
    */
-  hasher?: 'sha256';
+  hasher?: string | 'sha256' | 'sha512'| 'sha512_256'| 'sha384'| 'sha3_512'| 'sha3_384'| 'sha3_256'| 'sha3_224'| 'keccak_512'| 'keccak_384'| 'keccak_256'| 'keccak_224';
 
   /**
    * Iterations of hashing for pbkdf2
@@ -134,10 +134,7 @@ class EncryptedURIDecoder<T extends TURIParams> {
       config.kdf = params.kdf as 'pbkdf2';
     }
 
-    if (typeof params.h === 'string'
-    //  remove this when this issue is implemented:
-    //  https://github.com/antonioconselheiro/encrypted-uri/issues/27
-      && params.h === 'sha256') {
+    if (typeof params.h === 'string') {
       config.hasher = params.h;
     }
 
@@ -395,7 +392,7 @@ export type TEncryptedURIParams<T extends TURIParams> = {
    * number of counts, rounds serialized as string
    * this is a pbkdf2 kdf param
    * 
-   * @default '1'
+   * @default '32'
    */
   c?: string;
 

diff --git a/packages/core/package-lock.json b/packages/core/package-lock.json