Merge pull request #32 from antonioconselheiro/feature/interoperability

interoperability

README.md

@@ -61,7 +61,7 @@ Algorithm with no param:
 Basic use, how to decode and encrypt and how to decode and decrypt: 
 
 ```typescript
-import { EncryptedURIAlgorithm, EncryptedURIDecrypter, EncryptedURIEncrypter, TEncryptedURI, TEncryptedURIKDFConfig, TEncryptedURIResultset, TURIParams } from '@encrypted-uri/core';
+import { EncryptedURIAlgorithm, EncryptedURIDecrypter, EncryptedURIEncrypter, TEncryptedURI, TEncryptedURIResultset, TURIParams } from '@encrypted-uri/core';
 import { ecb } from '@noble/ciphers/aes';
 import { bytesToUtf8, utf8ToBytes } from '@noble/ciphers/utils';
 import { randomBytes } from '@noble/hashes/utils';
@@ -70,10 +70,9 @@ import { base64 } from '@scure/base';
 class EncryptedURIAESECBDecrypter<T extends TURIParams = TURIParams> extends EncryptedURIDecrypter<T> {
   constructor(
     decoded: TEncryptedURI<T>,
-    password: string,
-    defaultsKDF: Required<TEncryptedURIKDFConfig>
+    password: string
   ) {
-    super(decoded, password, defaultsKDF);
+    super(decoded, password);
   }
 
   async decrypt(): Promise<string> {
@@ -90,10 +89,11 @@ class EncryptedURIAESECBDecrypter<T extends TURIParams = TURIParams> extends Enc
   algorithm: 'aes/ecb',
   decrypter: EncryptedURIAESECBDecrypter
 })
+// eslint-disable-next-line @typescript-eslint/no-unused-vars
 class EncryptedURIAESECBEncrypter<T extends TURIParams = TURIParams> extends EncryptedURIEncrypter<TURIParams> {
 
   constructor(
-    protected override params: TEncryptedURIResultset<T>
+    params: TEncryptedURIResultset<T>
   ) {
     super(params);
   }
@@ -102,18 +102,19 @@ class EncryptedURIAESECBEncrypter<T extends TURIParams = TURIParams> extends Enc
     const content = utf8ToBytes(this.params.content);
     const saltLength = 8;
     const salt = randomBytes(saltLength);
-    const rawCipher = await ecb(kdf(this.params.password, salt, this.params.kdf)).encrypt(content);
+    const rawCipher = await ecb(kdf(this.params.password, salt, this.params)).encrypt(content);
     const cipher = base64.encode(OpenSSLSerializer.encode(rawCipher, salt));
 
     return Promise.resolve({ cipher });
   }
 }
 
+
 ```
 
 Advanced use, how to add default encrypter and how to add more alias to an algorithm: 
 ```typescript
-import { EncryptedURI, EncryptedURIAlgorithm, EncryptedURIDecrypter, EncryptedURIEncrypter, TEncryptedURI, TEncryptedURIKDFConfig, TEncryptedURIResultset } from '@encrypted-uri/core';
+import { EncryptedURI, EncryptedURIAlgorithm, EncryptedURIDecrypter, EncryptedURIEncrypter, TEncryptedURI, TEncryptedURIResultset } from '@encrypted-uri/core';
 import { bytesToUtf8, hexToBytes, utf8ToBytes } from '@noble/ciphers/utils';
 import { cbc } from '@noble/ciphers/webcrypto/aes';
 import { randomBytes } from '@noble/hashes/utils';
@@ -122,10 +123,9 @@ import { base64 } from '@scure/base';
 class EncryptedURIAESCBCDecrypter extends EncryptedURIDecrypter<TInitializationVectorParams> {
   constructor(
     decoded: TEncryptedURI<TInitializationVectorParams>,
-    password: string,
-    defaultsKDF: Required<TEncryptedURIKDFConfig>
+    password: string
   ) {
-    super(decoded, password, defaultsKDF);
+    super(decoded, password);
   }
 
   async decrypt(): Promise<string> {
@@ -147,7 +147,7 @@ class EncryptedURIAESCBCDecrypter extends EncryptedURIDecrypter<TInitializationV
 class EncryptedURIAESCBCEncrypter extends EncryptedURIEncrypter<TInitializationVectorParams> {
 
   constructor(
-    protected override params: TEncryptedURIResultset<TInitializationVectorParams>
+    params: TEncryptedURIResultset<TInitializationVectorParams>
   ) {
     super(params);
   }
@@ -158,7 +158,7 @@ class EncryptedURIAESCBCEncrypter extends EncryptedURIEncrypter<TInitializationV
     const content = utf8ToBytes(this.params.content);
     const saltLength = 8;
     const salt = randomBytes(saltLength);
-    const cipher = await cbc(kdf(this.params.password, salt, this.params.kdf), iv).encrypt(content);
+    const cipher = await cbc(kdf(this.params.password, salt, this.params), iv).encrypt(content);
 
     return Promise.resolve({
       cipher: base64.encode(OpenSSLSerializer.encode(cipher, salt)),
@@ -169,6 +169,7 @@ class EncryptedURIAESCBCEncrypter extends EncryptedURIEncrypter<TInitializationV
 
 EncryptedURI.setAlgorithm('', EncryptedURIAESCBCEncrypter, EncryptedURIAESCBCDecrypter);
 EncryptedURI.setAlgorithm('aes', EncryptedURIAESCBCEncrypter, EncryptedURIAESCBCDecrypter);
+
 ```
 
 ## Example of practical application

packages/ciphers/README.md

@@ -7,12 +7,10 @@
 [![Npm Total Downloads](https://img.shields.io/npm/dt/@encrypted-uri/ciphers.svg)](https://github.com/antonioconselheiro/encrypted-uri)
 [![Npm Monthly Downloads](https://img.shields.io/npm/dm/@encrypted-uri/ciphers.svg)](https://github.com/antonioconselheiro/encrypted-uri)
 
-Include AES algorithms from @noble/ciphers into Encrypted URI (@encrypted-uri/core). Only ```initialization vector``` and ```number once``` params are included.
+Include AES algorithms from @noble/ciphers into Encrypted URI (@encrypted-uri/core).
 
 Support for Encrypted URI using _@scure_ and _@noble_ packages.
 
-*under beta test*
-
 ## Installation
 
 ```npm install @encrypted-uri/core @encrypted-uri/ciphers --save```

packages/ciphers/aes.test.ts

@@ -18,15 +18,6 @@ describe('success flow aes', () => {
     expect(decoded).toEqual(originalMessage);
   });
 
-  it('cbc generated from other implementation with the same algorithm type and params', async () => {
-    const decoded = await EncryptedURI.decrypt('encrypted:aes?iv=1dc8d28370372579a75feac6b5bf5290;U2FsdGVkX18K2mCM3jqJz9SSPC2Rss61NOk4JWeG5IE=', 'teste123', {
-      rounds: 250000,
-      hasher: 'sha256',
-      derivateKeyLength: 32
-    });
-    expect(decoded).toEqual('teste123');
-  });
-
   it('ctr', async () => {
     const originalMessage = 'mensagem secreta, favor não ler em voz alta';
     const password = 'senha123';

packages/ciphers/aes/cbc/index.ts

@@ -21,7 +21,9 @@ class EncryptedURIAESCBCDecrypter extends EncryptedURIDecrypter<TInitializationV
     const cipher = base64.decode(this.decoded.cipher);
     const params = getSalt(cipher, this.decoded?.params);
 
-    const result = await cbc(kdf(this.password, params.salt, this.decoded), hexToBytes(ivhex))
+    const derivatedKey = kdf(this.password, params.salt, this.decoded);
+
+    const result = await cbc(derivatedKey, hexToBytes(ivhex))
       .decrypt(params.cipher);
 
     return bytesToUtf8(result);
@@ -46,7 +48,9 @@ class EncryptedURIAESCBCEncrypter extends EncryptedURIEncrypter<TInitializationV
     const content = utf8ToBytes(this.params.content);
     const saltLength = 8;
     const salt = randomBytes(saltLength);
-    const cipher = await cbc(kdf(this.params.password, salt, this.params), iv).encrypt(content);
+
+    const derivatedKey = kdf(this.params.password, salt, this.params);
+    const cipher = await cbc(derivatedKey, iv).encrypt(content);
 
     return Promise.resolve({
       cipher: base64.encode(OpenSSLSerializer.encode(cipher, salt)),

packages/ciphers/aes/kdf.ts

@@ -5,13 +5,12 @@ import { HashSupport } from '../hashes/hash-support';
 export function kdf<T extends TURIParams>(
   password: string,
   salt: Uint8Array,
-  decoded?: TEncryptedURI<T> | TEncryptedURIResultset<T>
+  kdfConfig?: TEncryptedURI<T> | TEncryptedURIResultset<T>
 ): Uint8Array {
-  const cfg = EncryptedURI.getKDFConfig(decoded);
-
+  const cfg = EncryptedURI.getKDFConfig(kdfConfig);
   const saltLength = 8;
   if (salt.length !== saltLength) {
-    throw new Error(`salt length must be 8 bytes, ${salt.length} bytes was given`);
+    throw new Error(`salt length must be ${saltLength} bytes, ${salt.length} bytes was given`);
   }
 
   if (cfg.kdf === 'pbkdf2') {

packages/ciphers/kdf.test.ts

@@ -2,14 +2,14 @@ import { EncryptedURI, TEncryptedURIKDFConfig } from '@encrypted-uri/core';
 import './aes';
 import './hashes';
 
-xdescribe('kdf success flow', () => {
+describe('kdf success flow', () => {
 
   it('[2] kdf include all parameters including default', async () => {
     const kdf: TEncryptedURIKDFConfig = {
       kdf: 'pbkdf2',
       ignoreDefaults: false,
       hasher: 'sha256',
-      rounds: 100,
+      rounds: 10,
       derivateKeyLength: 32
     };
 
@@ -41,7 +41,6 @@ xdescribe('kdf success flow', () => {
       password,
       kdf
     });
-    console.info(' >>> encoded', encoded)
 
     const decrypted = await EncryptedURI.decrypt(encoded, password);
     expect(decrypted).toEqual(originalMessage);
@@ -237,24 +236,3 @@ xdescribe('kdf success flow', () => {
     expect(decrypted).toEqual(originalMessage);
   });
 });
-
-describe('kdf failure flow', () => {
-  it('[1] overriding kdf config with wrong default values', async () => {
-    const originalMessage = 'mensagem secreta, favor não ler em voz alta';
-    const password = 'senha123';
-
-    const encoded = await EncryptedURI.encrypt({
-      algorithm: 'aes/ctr',
-      content: originalMessage,
-      password
-    });
-
-    const decrypted = await EncryptedURI.decrypt(encoded, password, {
-      kdf: 'pbkdf2',
-      hasher: 'sha256',
-      rounds: 32,
-      derivateKeyLength: 32
-    });
-    expect(decrypted).not.toEqual(originalMessage);
-  });
-});

packages/ciphers/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@encrypted-uri/ciphers",
-  "version": "1.0.10",
+  "version": "1.1.1",
   "description": "encrypt and decrypt from encrypted uri",
   "repository": {
     "type": "git",
@@ -37,6 +37,6 @@
     "tslib": "^2.6.2"
   },
   "peerDependencies": {
-    "@encrypted-uri/core": "^1.0.0"
+    "@encrypted-uri/core": "^1.1.1"
   }
 }

packages/ciphers/params.test.ts

@@ -2,10 +2,10 @@ import { EncryptedURI, EncryptedURIParser, TEncryptedURIKDFConfig } from '@encry
 import './aes';
 import './hashes';
 
-xdescribe('hashing customization', () => {
+describe('hashing customization', () => {
   it('[3] kdf with hasher sha512', async () => {
     const kdf: TEncryptedURIKDFConfig = {
-      hasher: 'sha512' as any as 'sha256'
+      hasher: 'sha512'
     };
 
     const originalMessage = 'mensagem secreta, favor não ler em voz alta';
@@ -28,7 +28,7 @@ xdescribe('hashing customization', () => {
 
   it('[4] kdf with hasher sha512_256', async () => {
     const kdf: TEncryptedURIKDFConfig = {
-      hasher: 'sha512_256' as any as 'sha256'
+      hasher: 'sha512_256'
     };
 
     const originalMessage = 'mensagem secreta, favor não ler em voz alta';
@@ -51,7 +51,7 @@ xdescribe('hashing customization', () => {
 
   it('[5] kdf with hasher sha384', async () => {
     const kdf: TEncryptedURIKDFConfig = {
-      hasher: 'sha384' as any as 'sha256'
+      hasher: 'sha384'
     };
 
     const originalMessage = 'mensagem secreta, favor não ler em voz alta';
@@ -74,7 +74,7 @@ xdescribe('hashing customization', () => {
 
   it('[6] kdf with hasher sha3_512', async () => {
     const kdf: TEncryptedURIKDFConfig = {
-      hasher: 'sha3_512' as any as 'sha256'
+      hasher: 'sha3_512'
     };
 
     const originalMessage = 'mensagem secreta, favor não ler em voz alta';
@@ -97,7 +97,7 @@ xdescribe('hashing customization', () => {
 
   it('[7] kdf with hasher sha3_384', async () => {
     const kdf: TEncryptedURIKDFConfig = {
-      hasher: 'sha3_384' as any as 'sha256'
+      hasher: 'sha3_384'
     };
 
     const originalMessage = 'mensagem secreta, favor não ler em voz alta';
@@ -120,7 +120,7 @@ xdescribe('hashing customization', () => {
 
   it('[8] kdf with hasher sha3_256', async () => {
     const kdf: TEncryptedURIKDFConfig = {
-      hasher: 'sha3_256' as any as 'sha256'
+      hasher: 'sha3_256'
     };
 
     const originalMessage = 'mensagem secreta, favor não ler em voz alta';
@@ -143,7 +143,7 @@ xdescribe('hashing customization', () => {
 
   it('[9] kdf with hasher sha3_224', async () => {
     const kdf: TEncryptedURIKDFConfig = {
-      hasher: 'sha3_224' as any as 'sha256'
+      hasher: 'sha3_224'
     };
 
     const originalMessage = 'mensagem secreta, favor não ler em voz alta';
@@ -166,7 +166,7 @@ xdescribe('hashing customization', () => {
 
   it('[10] kdf with hasher keccak_512', async () => {
     const kdf: TEncryptedURIKDFConfig = {
-      hasher: 'keccak_512' as any as 'sha256'
+      hasher: 'keccak_512'
     };
 
     const originalMessage = 'mensagem secreta, favor não ler em voz alta';
@@ -189,7 +189,7 @@ xdescribe('hashing customization', () => {
 
   it('[11] kdf with hasher keccak_384', async () => {
     const kdf: TEncryptedURIKDFConfig = {
-      hasher: 'keccak_384' as any as 'sha256'
+      hasher: 'keccak_384'
     };
 
     const originalMessage = 'mensagem secreta, favor não ler em voz alta';
@@ -212,7 +212,7 @@ xdescribe('hashing customization', () => {
 
   it('[12] kdf with hasher keccak_256', async () => {
     const kdf: TEncryptedURIKDFConfig = {
-      hasher: 'keccak_256' as any as 'sha256'
+      hasher: 'keccak_256'
     };
 
     const originalMessage = 'mensagem secreta, favor não ler em voz alta';

packages/core/index.test.ts

@@ -344,3 +344,52 @@ describe('EncryptedURI object', () => {
     })
   });
 });
+
+describe('EncryptedURI getKDFConfig', () => {
+  it('[1] EncryptedURI get KDF config from KDF config', () => {
+    const configs = EncryptedURI.getKDFConfig({
+      algorithm: 'aes/cbc',
+      content: 'mensagem secreta, favor não ler em voz alta',
+      password: 'senha123',
+      kdf: {
+        kdf: 'pbkdf2',
+        ignoreDefaults: false,
+        hasher: 'sha256',
+        rounds: 10,
+        derivateKeyLength: 32
+      }
+    });
+
+    expect(configs).toEqual({
+      kdf: 'pbkdf2',
+      ignoreDefaults: false,
+      hasher: 'sha256',
+      rounds: 10,
+      derivateKeyLength: 32
+    });
+
+  });
+
+
+  it('[2] EncryptedURI get KDF config from decoded URI', () => {
+    const configs = EncryptedURI.getKDFConfig({
+      algorithm: 'aes/cbc',
+      cipher: 'U2FsdGVkX18WeA03azX1tWETWsG/oSiQYzgI0en6RPgQ7Z2i9YbxCL3VcfzL6nsFo5Sdf0xF/UVatnJEehkcHQ==',
+      queryString: 'iv=44b9c510f05a8461c0ad153ba915d9dc&h=keccak_224',
+      params: {
+        iv: '44b9c510f05a8461c0ad153ba915d9dc',
+        h: 'keccak_224'
+      }
+    });
+
+    expect(configs).toEqual({
+      kdf: 'pbkdf2',
+      ignoreDefaults: true,
+      hasher: 'keccak_224',
+      rounds: 32,
+      derivateKeyLength: 32
+    });
+
+  });
+
+});