diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 64523b024..19699146d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,9 +2,9 @@ name: Deno CI on: push: - branches: [ main ] + branches: [main] pull_request: - branches: [ main ] + branches: [main] permissions: contents: read @@ -12,11 +12,14 @@ permissions: jobs: test: runs-on: ubuntu-latest + strategy: + matrix: + deno-version: [1.x, 2.x] steps: - uses: actions/checkout@v4 - uses: denoland/setup-deno@v1 with: - deno-version: v1.x + deno-version: ${{ matrix.deno-version }} - name: Run deno test run: | deno fmt --check diff --git a/.github/workflows/ci_browser.yml b/.github/workflows/ci_browser.yml index cffcc7115..178d51b24 100644 --- a/.github/workflows/ci_browser.yml +++ b/.github/workflows/ci_browser.yml @@ -2,9 +2,9 @@ name: Browser CI on: push: - branches: [ main ] + branches: [main] pull_request: - branches: [ main ] + branches: [main] permissions: contents: read @@ -16,7 +16,7 @@ jobs: - uses: actions/checkout@v4 - uses: denoland/setup-deno@v1 with: - deno-version: v1.x + deno-version: 2.x - uses: actions/setup-node@v4 with: node-version: v20.x @@ -120,4 +120,4 @@ jobs: - working-directory: ./packages/dhkem-secp256k1/test/runtimes/browsers run: npm install && npx playwright install && npx playwright test - working-directory: ./packages/hpke-js/test/runtimes/browsers - run: npm install && npx playwright install && npx playwright test \ No newline at end of file + run: npm install && npx playwright install && npx playwright test diff --git a/.github/workflows/ci_bun.yml b/.github/workflows/ci_bun.yml index 2b33ead1a..6560003cf 100644 --- a/.github/workflows/ci_bun.yml +++ b/.github/workflows/ci_bun.yml @@ -2,9 +2,9 @@ name: bun CI on: push: - branches: [ main ] + branches: [main] pull_request: - branches: [ main ] + branches: [main] permissions: contents: read @@ -16,7 +16,7 @@ jobs: - uses: actions/checkout@v4 - uses: denoland/setup-deno@v1 with: - deno-version: v1.x + deno-version: 2.x - uses: actions/setup-node@v4 with: node-version: v20.x @@ -28,4 +28,4 @@ jobs: deno task npm deno task bun-link - name: Run test - run: deno task test:bun \ No newline at end of file + run: deno task test:bun diff --git a/.github/workflows/ci_cloudflare.yml b/.github/workflows/ci_cloudflare.yml index 465a06776..4738aa610 100644 --- a/.github/workflows/ci_cloudflare.yml +++ b/.github/workflows/ci_cloudflare.yml @@ -2,9 +2,9 @@ name: Cloudflare Workers CI on: push: - branches: [ main ] + branches: [main] pull_request: - branches: [ main ] + branches: [main] permissions: contents: read @@ -16,11 +16,11 @@ jobs: - uses: actions/checkout@v4 - uses: denoland/setup-deno@v1 with: - deno-version: v1.x + deno-version: 2.x - uses: actions/setup-node@v4 with: node-version: v20.x - name: Prepare test run: deno task npm - name: Run test - run: deno task test:cloudflare \ No newline at end of file + run: deno task test:cloudflare diff --git a/.github/workflows/ci_node.yml b/.github/workflows/ci_node.yml index 72150fa4c..ad83c9460 100644 --- a/.github/workflows/ci_node.yml +++ b/.github/workflows/ci_node.yml @@ -2,9 +2,9 @@ name: Node.js CI on: push: - branches: [ main ] + branches: [main] pull_request: - branches: [ main ] + branches: [main] jobs: build: @@ -21,7 +21,7 @@ jobs: node-version: ${{ matrix.node-version }} - uses: denoland/setup-deno@v1 with: - deno-version: v1.x + deno-version: 2.x - name: Run dnt & minify run: | npm install -g esbuild @@ -88,4 +88,4 @@ jobs: deno task minify > ../../npm/packages/hpke-js/hpke.min.js - name: Publish to npm (dry) for /packages/hpke-js working-directory: ./npm/packages/hpke-js - run: npm publish --dry-run \ No newline at end of file + run: npm publish --dry-run diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 8256f855d..23896ba28 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -13,12 +13,12 @@ name: "CodeQL" on: push: - branches: [ main ] + branches: [main] pull_request: # The branches below must be a subset of the branches above - branches: [ main ] + branches: [main] schedule: - - cron: '38 17 * * 6' + - cron: "38 17 * * 6" jobs: analyze: @@ -32,41 +32,40 @@ jobs: strategy: fail-fast: false matrix: - language: [ 'javascript' ] + language: ["javascript"] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support steps: - - name: Checkout repository - uses: actions/checkout@v4 + - name: Checkout repository + uses: actions/checkout@v4 - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v2 + # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 - # If the Autobuild fails above, remove it and uncomment the following three lines. - # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - # - run: | - # echo "Run, Build Application using script" - # ./location_of_script_within_repo/buildscript.sh + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index e93b0f8fe..0f06471af 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -14,7 +14,7 @@ jobs: - uses: actions/checkout@v4 - uses: denoland/setup-deno@v1 with: - deno-version: v1.x + deno-version: 2.x - name: Run dnt run: | deno task test diff --git a/README.md b/README.md index 7a500748e..3a9fc59b9 100644 --- a/README.md +++ b/README.md @@ -454,7 +454,12 @@ Browsers: diff --git a/deno.json b/deno.json index a90195415..5ee49a00d 100644 --- a/deno.json +++ b/deno.json @@ -37,6 +37,7 @@ "test": { "exclude": [ "npm/", + "**/*.md", "**/*/*.js", "**/*/npm/", "**/*/.wrangler/", @@ -45,7 +46,7 @@ }, "tasks": { "test:all": "deno task test && deno task npm && deno task test:cloudflare && deno task bun-link && deno task test:bun", - "test": "deno fmt && deno lint && deno test --import-map=./import_map.json -A --fail-fast --doc --coverage=coverage --parallel --allow-read", + "test": "deno fmt && deno lint && deno test --import-map=./import_map.json --fail-fast --doc --coverage=coverage --parallel --allow-read", "test:common": "cd packages/common && deno task test", "test:core": "cd packages/core && deno task test", "test:chacha20poly1305": "cd packages/chacha20poly1305 && deno task test", diff --git a/packages/chacha20poly1305/README.md b/packages/chacha20poly1305/README.md index 64de0058a..4cdcb1cbe 100644 --- a/packages/chacha20poly1305/README.md +++ b/packages/chacha20poly1305/README.md @@ -216,7 +216,9 @@ try { diff --git a/packages/chacha20poly1305/test/runtimes/browsers/pages/index.html b/packages/chacha20poly1305/test/runtimes/browsers/pages/index.html index e2f08634c..d90d2bf61 100644 --- a/packages/chacha20poly1305/test/runtimes/browsers/pages/index.html +++ b/packages/chacha20poly1305/test/runtimes/browsers/pages/index.html @@ -14,7 +14,7 @@ HkdfSha384, HkdfSha512, } from "./src/hpke-core.js"; - import { Chacha20Poly1305 } from './src/hpke-chacha20poly1305.js'; + import { Chacha20Poly1305 } from "./src/hpke-chacha20poly1305.js"; const kems = [ new DhkemP256HkdfSha256(), @@ -41,27 +41,28 @@ for (const kdf of kdfs) { try { const suite = new CipherSuite({ kem: kem, kdf: kdf, aead: aead }); - + const rkp = await suite.kem.generateKeyPair(); - + const sender = await suite.createSenderContext({ - recipientPublicKey: rkp.publicKey + recipientPublicKey: rkp.publicKey, }); - + const recipient = await suite.createRecipientContext({ recipientKey: rkp, enc: sender.enc, }); - + // encrypt - const ct = await sender.seal(new TextEncoder().encode('hello world!')); - + const ct = await sender.seal( + new TextEncoder().encode("hello world!"), + ); + // decrypt const pt = await recipient.open(ct); // hello world! - 'hello world!' === new TextDecoder().decode(pt) ? pass++ : fail++; - + "hello world!" === new TextDecoder().decode(pt) ? pass++ : fail++; } catch (e) { fail++; } @@ -69,32 +70,34 @@ } document.getElementById("pass").innerHTML = pass; document.getElementById("fail").innerHTML = fail; - } + }; globalThis.reset = () => { document.getElementById("pass").innerHTML = "-"; document.getElementById("fail").innerHTML = "-"; - } - + }; -

@hpke/chacha20poly1305 test

+

+ @hpke/chacha20poly1305 + test +

-
+
-
+
- + - +
pass: pass: -
fail: fail: -
diff --git a/packages/common/src/kdfs/hkdf.ts b/packages/common/src/kdfs/hkdf.ts index 5f580f1ae..61e67a0b1 100644 --- a/packages/common/src/kdfs/hkdf.ts +++ b/packages/common/src/kdfs/hkdf.ts @@ -182,11 +182,11 @@ export class HkdfNative extends NativeAlgorithm implements KdfInterface { export class HkdfSha256Native extends HkdfNative { /** KdfId.HkdfSha256 (0x0001) */ - public readonly id: KdfId = KdfId.HkdfSha256; + override id: KdfId = KdfId.HkdfSha256; /** 32 */ - public readonly hashSize: number = 32; + override hashSize: number = 32; /** The parameters for Web Cryptography API */ - protected readonly algHash: HmacKeyGenParams = { + override algHash: HmacKeyGenParams = { name: "HMAC", hash: "SHA-256", length: 256, @@ -195,11 +195,11 @@ export class HkdfSha256Native extends HkdfNative { export class HkdfSha384Native extends HkdfNative { /** KdfId.HkdfSha384 (0x0002) */ - public readonly id: KdfId = KdfId.HkdfSha384; + override id: KdfId = KdfId.HkdfSha384; /** 48 */ - public readonly hashSize: number = 48; + override hashSize: number = 48; /** The parameters for Web Cryptography API */ - protected readonly algHash: HmacKeyGenParams = { + override algHash: HmacKeyGenParams = { name: "HMAC", hash: "SHA-384", length: 384, @@ -208,11 +208,11 @@ export class HkdfSha384Native extends HkdfNative { export class HkdfSha512Native extends HkdfNative { /** KdfId.HkdfSha512 (0x0003) */ - public readonly id: KdfId = KdfId.HkdfSha512; + override id: KdfId = KdfId.HkdfSha512; /** 64 */ - public readonly hashSize: number = 64; + override hashSize: number = 64; /** The parameters for Web Cryptography API */ - protected readonly algHash: HmacKeyGenParams = { + override algHash: HmacKeyGenParams = { name: "HMAC", hash: "SHA-512", length: 512, diff --git a/packages/common/src/utils/misc.ts b/packages/common/src/utils/misc.ts index b8c2f8d06..e6c724012 100644 --- a/packages/common/src/utils/misc.ts +++ b/packages/common/src/utils/misc.ts @@ -2,7 +2,7 @@ import { KemId } from "../identifiers.ts"; export const isNode = (): boolean => // deno-lint-ignore no-explicit-any - (globalThis as any).process?.versions?.node != null; + (globalThis as any).process?.versions?.deno === undefined; /** * Checks whetehr the type of input is CryptoKeyPair or not. diff --git a/packages/core/README.md b/packages/core/README.md index 9c853bc89..2c28e6c67 100644 --- a/packages/core/README.md +++ b/packages/core/README.md @@ -226,21 +226,23 @@ try { diff --git a/packages/core/src/aeads/aesGcm.ts b/packages/core/src/aeads/aesGcm.ts index 5ee28a093..33eef6864 100644 --- a/packages/core/src/aeads/aesGcm.ts +++ b/packages/core/src/aeads/aesGcm.ts @@ -135,11 +135,11 @@ export class Aes128Gcm implements AeadInterface { */ export class Aes256Gcm extends Aes128Gcm { /** AeadId.Aes256Gcm (0x0002) */ - public readonly id: AeadId = AeadId.Aes256Gcm; + override id: AeadId = AeadId.Aes256Gcm; /** 32 */ - public readonly keySize: number = 32; + override keySize: number = 32; /** 12 */ - public readonly nonceSize: number = 12; + override nonceSize: number = 12; /** 16 */ - public readonly tagSize: number = 16; + override tagSize: number = 16; } diff --git a/packages/core/src/kems/dhkemNative.ts b/packages/core/src/kems/dhkemNative.ts index 1e69af5f0..2f4a4c1d9 100644 --- a/packages/core/src/kems/dhkemNative.ts +++ b/packages/core/src/kems/dhkemNative.ts @@ -8,11 +8,11 @@ import { } from "@hpke/common"; export class DhkemP256HkdfSha256Native extends Dhkem { - public readonly id: KemId = KemId.DhkemP256HkdfSha256; - public readonly secretSize: number = 32; - public readonly encSize: number = 65; - public readonly publicKeySize: number = 65; - public readonly privateKeySize: number = 32; + override id: KemId = KemId.DhkemP256HkdfSha256; + override secretSize: number = 32; + override encSize: number = 65; + override publicKeySize: number = 65; + override privateKeySize: number = 32; constructor() { const kdf = new HkdfSha256Native(); @@ -22,11 +22,11 @@ export class DhkemP256HkdfSha256Native extends Dhkem { } export class DhkemP384HkdfSha384Native extends Dhkem { - public readonly id: KemId = KemId.DhkemP384HkdfSha384; - public readonly secretSize: number = 48; - public readonly encSize: number = 97; - public readonly publicKeySize: number = 97; - public readonly privateKeySize: number = 48; + override id: KemId = KemId.DhkemP384HkdfSha384; + override secretSize: number = 48; + override encSize: number = 97; + override publicKeySize: number = 97; + override privateKeySize: number = 48; constructor() { const kdf = new HkdfSha384Native(); @@ -36,11 +36,11 @@ export class DhkemP384HkdfSha384Native extends Dhkem { } export class DhkemP521HkdfSha512Native extends Dhkem { - public readonly id: KemId = KemId.DhkemP521HkdfSha512; - public readonly secretSize: number = 64; - public readonly encSize: number = 133; - public readonly publicKeySize: number = 133; - public readonly privateKeySize: number = 64; + override id: KemId = KemId.DhkemP521HkdfSha512; + override secretSize: number = 64; + override encSize: number = 133; + override publicKeySize: number = 133; + override privateKeySize: number = 64; constructor() { const kdf = new HkdfSha512Native(); diff --git a/packages/core/src/recipientContext.ts b/packages/core/src/recipientContext.ts index 340fb04c4..715891955 100644 --- a/packages/core/src/recipientContext.ts +++ b/packages/core/src/recipientContext.ts @@ -3,7 +3,7 @@ import { EMPTY, OpenError } from "@hpke/common"; import { EncryptionContextImpl } from "./encryptionContext.ts"; export class RecipientContextImpl extends EncryptionContextImpl { - public async open( + override async open( data: ArrayBuffer, aad: ArrayBuffer = EMPTY, ): Promise { diff --git a/packages/core/src/senderContext.ts b/packages/core/src/senderContext.ts index 0940588a6..bc0783c67 100644 --- a/packages/core/src/senderContext.ts +++ b/packages/core/src/senderContext.ts @@ -19,7 +19,7 @@ export class SenderContextImpl extends EncryptionContextImpl this.enc = enc; } - public async seal( + override async seal( data: ArrayBuffer, aad: ArrayBuffer = EMPTY, ): Promise { diff --git a/packages/core/test/cipherSuite.test.ts b/packages/core/test/cipherSuite.test.ts index 3853c42a2..f9d2f712c 100644 --- a/packages/core/test/cipherSuite.test.ts +++ b/packages/core/test/cipherSuite.test.ts @@ -516,7 +516,8 @@ describe("deriveKeyPair", () => { describe("with official test-vector for DhkemP256HkdfSha256.", () => { it("should derive a proper key pair.", async () => { - if (!isNode()) { + console.log(Deno.version.deno); + if (Deno.version.deno.startsWith("1.") || !isNode()) { return; } const ikmR = hexToBytes( diff --git a/packages/core/test/runtimes/browsers/pages/index.html b/packages/core/test/runtimes/browsers/pages/index.html index 664bcab08..51b5737a1 100644 --- a/packages/core/test/runtimes/browsers/pages/index.html +++ b/packages/core/test/runtimes/browsers/pages/index.html @@ -40,27 +40,28 @@ for (const aead of aeads) { try { const suite = new CipherSuite({ kem: kem, kdf: kdf, aead: aead }); - + const rkp = await suite.kem.generateKeyPair(); - + const sender = await suite.createSenderContext({ - recipientPublicKey: rkp.publicKey + recipientPublicKey: rkp.publicKey, }); - + const recipient = await suite.createRecipientContext({ recipientKey: rkp, enc: sender.enc, }); - + // encrypt - const ct = await sender.seal(new TextEncoder().encode('hello world!')); - + const ct = await sender.seal( + new TextEncoder().encode("hello world!"), + ); + // decrypt const pt = await recipient.open(ct); // hello world! - 'hello world!' === new TextDecoder().decode(pt) ? pass++ : fail++; - + "hello world!" === new TextDecoder().decode(pt) ? pass++ : fail++; } catch (e) { fail++; } @@ -69,13 +70,12 @@ } document.getElementById("pass").innerHTML = pass; document.getElementById("fail").innerHTML = fail; - } + }; globalThis.reset = () => { document.getElementById("pass").innerHTML = "-"; document.getElementById("fail").innerHTML = "-"; - } - + };

@hpke/core test

@@ -85,16 +85,16 @@

@hpke/core test

-
+
-
+
- + - +
pass: pass: -
fail: fail: -
diff --git a/packages/dhkem-secp256k1/README.md b/packages/dhkem-secp256k1/README.md index e853397ad..b0c9c5457 100644 --- a/packages/dhkem-secp256k1/README.md +++ b/packages/dhkem-secp256k1/README.md @@ -214,7 +214,11 @@ try { diff --git a/packages/dhkem-secp256k1/src/dhkemSecp256k1.ts b/packages/dhkem-secp256k1/src/dhkemSecp256k1.ts index 2fdca86bc..bb32f380a 100644 --- a/packages/dhkem-secp256k1/src/dhkemSecp256k1.ts +++ b/packages/dhkem-secp256k1/src/dhkemSecp256k1.ts @@ -51,15 +51,15 @@ import { Secp256k1 } from "./secp256k1.ts"; */ export class DhkemSecp256k1HkdfSha256 extends Dhkem { /** KemId.DhkemSecp256k1HkdfSha256 (0x0013) EXPERIMENTAL */ - public readonly id: KemId = KemId.DhkemSecp256k1HkdfSha256; + override id: KemId = KemId.DhkemSecp256k1HkdfSha256; /** 32 */ - public readonly secretSize: number = 32; + override secretSize: number = 32; /** 33 */ - public readonly encSize: number = 33; + override encSize: number = 33; /** 33 */ - public readonly publicKeySize: number = 33; + override publicKeySize: number = 33; /** 32 */ - public readonly privateKeySize: number = 32; + override privateKeySize: number = 32; constructor() { const kdf = new HkdfSha256(); diff --git a/packages/dhkem-secp256k1/test/runtimes/browsers/pages/index.html b/packages/dhkem-secp256k1/test/runtimes/browsers/pages/index.html index 028812045..17ee8d0a1 100644 --- a/packages/dhkem-secp256k1/test/runtimes/browsers/pages/index.html +++ b/packages/dhkem-secp256k1/test/runtimes/browsers/pages/index.html @@ -14,7 +14,7 @@ HkdfSha384, HkdfSha512, } from "./src/hpke-core.js"; - import { DhkemSecp256k1HkdfSha256 } from './src/hpke-dhkem-secp256k1.js'; + import { DhkemSecp256k1HkdfSha256 } from "./src/hpke-dhkem-secp256k1.js"; // const kems = [ // new DhkemP256HkdfSha256(), @@ -41,27 +41,28 @@ for (const aead of aeads) { try { const suite = new CipherSuite({ kem: kem, kdf: kdf, aead: aead }); - + const rkp = await suite.kem.generateKeyPair(); - + const sender = await suite.createSenderContext({ - recipientPublicKey: rkp.publicKey + recipientPublicKey: rkp.publicKey, }); - + const recipient = await suite.createRecipientContext({ recipientKey: rkp, enc: sender.enc, }); - + // encrypt - const ct = await sender.seal(new TextEncoder().encode('hello world!')); - + const ct = await sender.seal( + new TextEncoder().encode("hello world!"), + ); + // decrypt const pt = await recipient.open(ct); // hello world! - 'hello world!' === new TextDecoder().decode(pt) ? pass++ : fail++; - + "hello world!" === new TextDecoder().decode(pt) ? pass++ : fail++; } catch (e) { fail++; } @@ -69,32 +70,34 @@ } document.getElementById("pass").innerHTML = pass; document.getElementById("fail").innerHTML = fail; - } + }; globalThis.reset = () => { document.getElementById("pass").innerHTML = "-"; document.getElementById("fail").innerHTML = "-"; - } - + }; -

@hpke/dhkem-secp256k1 test

+

+ @hpke/dhkem-secp256k1 + test +

-
+
-
+
- + - +
pass: pass: -
fail: fail: -
diff --git a/packages/dhkem-x25519/README.md b/packages/dhkem-x25519/README.md index 17cb39209..edb029a4e 100644 --- a/packages/dhkem-x25519/README.md +++ b/packages/dhkem-x25519/README.md @@ -214,7 +214,11 @@ try { diff --git a/packages/dhkem-x25519/src/dhkemX25519.ts b/packages/dhkem-x25519/src/dhkemX25519.ts index f405276f1..53f8e73bd 100644 --- a/packages/dhkem-x25519/src/dhkemX25519.ts +++ b/packages/dhkem-x25519/src/dhkemX25519.ts @@ -46,15 +46,15 @@ import { X25519 } from "./x25519.ts"; */ export class DhkemX25519HkdfSha256 extends Dhkem { /** KemId.DhkemX25519HkdfSha256 (0x0020) */ - public readonly id: KemId = KemId.DhkemX25519HkdfSha256; + override id: KemId = KemId.DhkemX25519HkdfSha256; /** 32 */ - public readonly secretSize: number = 32; + override secretSize: number = 32; /** 32 */ - public readonly encSize: number = 32; + override encSize: number = 32; /** 32 */ - public readonly publicKeySize: number = 32; + override publicKeySize: number = 32; /** 32 */ - public readonly privateKeySize: number = 32; + override privateKeySize: number = 32; constructor() { const kdf = new HkdfSha256(); diff --git a/packages/dhkem-x25519/test/runtimes/browsers/pages/index.html b/packages/dhkem-x25519/test/runtimes/browsers/pages/index.html index 2125b0143..247635119 100644 --- a/packages/dhkem-x25519/test/runtimes/browsers/pages/index.html +++ b/packages/dhkem-x25519/test/runtimes/browsers/pages/index.html @@ -14,7 +14,7 @@ HkdfSha384, HkdfSha512, } from "./src/hpke-core.js"; - import { DhkemX25519HkdfSha256 } from './src/hpke-dhkem-x25519.js'; + import { DhkemX25519HkdfSha256 } from "./src/hpke-dhkem-x25519.js"; // const kems = [ // new DhkemP256HkdfSha256(), @@ -41,27 +41,28 @@ for (const aead of aeads) { try { const suite = new CipherSuite({ kem: kem, kdf: kdf, aead: aead }); - + const rkp = await suite.kem.generateKeyPair(); - + const sender = await suite.createSenderContext({ - recipientPublicKey: rkp.publicKey + recipientPublicKey: rkp.publicKey, }); - + const recipient = await suite.createRecipientContext({ recipientKey: rkp, enc: sender.enc, }); - + // encrypt - const ct = await sender.seal(new TextEncoder().encode('hello world!')); - + const ct = await sender.seal( + new TextEncoder().encode("hello world!"), + ); + // decrypt const pt = await recipient.open(ct); // hello world! - 'hello world!' === new TextDecoder().decode(pt) ? pass++ : fail++; - + "hello world!" === new TextDecoder().decode(pt) ? pass++ : fail++; } catch (e) { fail++; } @@ -69,32 +70,33 @@ } document.getElementById("pass").innerHTML = pass; document.getElementById("fail").innerHTML = fail; - } + }; globalThis.reset = () => { document.getElementById("pass").innerHTML = "-"; document.getElementById("fail").innerHTML = "-"; - } - + }; -

@hpke/dhkem-x25519 test

+

+ @hpke/dhkem-x25519 test +

-
+
-
+
- + - +
pass: pass: -
fail: fail: -
diff --git a/packages/dhkem-x448/README.md b/packages/dhkem-x448/README.md index 57a2ef7e9..a8b21c5e0 100644 --- a/packages/dhkem-x448/README.md +++ b/packages/dhkem-x448/README.md @@ -210,7 +210,11 @@ try { diff --git a/packages/dhkem-x448/src/dhkemX448.ts b/packages/dhkem-x448/src/dhkemX448.ts index 093743f8c..05c28a30d 100644 --- a/packages/dhkem-x448/src/dhkemX448.ts +++ b/packages/dhkem-x448/src/dhkemX448.ts @@ -43,15 +43,15 @@ import { X448 } from "./x448.ts"; */ export class DhkemX448HkdfSha512 extends Dhkem { /** KemId.DhkemX448HkdfSha512 (0x0021) */ - public readonly id: KemId = KemId.DhkemX448HkdfSha512; + override id: KemId = KemId.DhkemX448HkdfSha512; /** 64 */ - public readonly secretSize: number = 64; + override secretSize: number = 64; /** 56 */ - public readonly encSize: number = 56; + override encSize: number = 56; /** 56 */ - public readonly publicKeySize: number = 56; + override publicKeySize: number = 56; /** 56 */ - public readonly privateKeySize: number = 56; + override privateKeySize: number = 56; constructor() { const kdf = new HkdfSha512(); diff --git a/packages/dhkem-x448/test/runtimes/browsers/pages/index.html b/packages/dhkem-x448/test/runtimes/browsers/pages/index.html index 4864bbff2..64c05a9ae 100644 --- a/packages/dhkem-x448/test/runtimes/browsers/pages/index.html +++ b/packages/dhkem-x448/test/runtimes/browsers/pages/index.html @@ -14,7 +14,7 @@ HkdfSha384, HkdfSha512, } from "./src/hpke-core.js"; - import { DhkemX448HkdfSha512 } from './src/hpke-dhkem-x448.js'; + import { DhkemX448HkdfSha512 } from "./src/hpke-dhkem-x448.js"; // const kems = [ // new DhkemP256HkdfSha256(), @@ -41,27 +41,28 @@ for (const aead of aeads) { try { const suite = new CipherSuite({ kem: kem, kdf: kdf, aead: aead }); - + const rkp = await suite.kem.generateKeyPair(); - + const sender = await suite.createSenderContext({ - recipientPublicKey: rkp.publicKey + recipientPublicKey: rkp.publicKey, }); - + const recipient = await suite.createRecipientContext({ recipientKey: rkp, enc: sender.enc, }); - + // encrypt - const ct = await sender.seal(new TextEncoder().encode('hello world!')); - + const ct = await sender.seal( + new TextEncoder().encode("hello world!"), + ); + // decrypt const pt = await recipient.open(ct); // hello world! - 'hello world!' === new TextDecoder().decode(pt) ? pass++ : fail++; - + "hello world!" === new TextDecoder().decode(pt) ? pass++ : fail++; } catch (e) { fail++; } @@ -69,32 +70,33 @@ } document.getElementById("pass").innerHTML = pass; document.getElementById("fail").innerHTML = fail; - } + }; globalThis.reset = () => { document.getElementById("pass").innerHTML = "-"; document.getElementById("fail").innerHTML = "-"; - } - + }; -

@hpke/dhkem-x448 test

+

+ @hpke/dhkem-x448 test +

-
+
-
+
- + - +
pass: pass: -
fail: fail: -
diff --git a/packages/hpke-js/README.md b/packages/hpke-js/README.md index ba4706f19..3cee24100 100644 --- a/packages/hpke-js/README.md +++ b/packages/hpke-js/README.md @@ -42,8 +42,6 @@ npm install hpke-js Then, you can use it as follows: ```js -// import { AeadId, CipherSuite, KdfId, KemId } from "hpke-js"; -// const { AeadId, CipherSuite, KdfId, KemId } = require("@hpke/hpke-js"); import { Aes128Gcm, CipherSuite, @@ -52,32 +50,42 @@ import { } from "@hpke/core"; async function doHpke() { - // When using "hpke-js", specify the cryptographic algorithm as follows: - // const suite = new CipherSuite({ - // kem: KemId.DhkemP256HkdfSha256, - // kdf: KdfId.HkdfSha256, - // aead: AeadId.Aes128Gcm, - // }); - // When using "@hpke/core", specify the cryptographic algorithm instances - // as follows, instead of identities above: const suite = new CipherSuite({ kem: new DhkemP256HkdfSha256(), kdf: new HkdfSha256(), aead: new Aes128Gcm(), }); - // A recipient generates a key pair. - const rkp = await suite.kem.generateKeyPair(); - - // A sender encrypts a message with the recipient public key. + const jwkPkR = { + kty: "EC", + crv: "P-256", + kid: "P-256-01", + x: "-eZXC6nV-xgthy8zZMCN8pcYSeE2XfWWqckA2fsxHPc", + y: "BGU5soLgsu_y7GN2I3EPUXS9EZ7Sw0qif-V70JtInFI", + key_ops: [], + }; + const pkR = await suite.kem.importKey("jwk", jwkPkR, true); + + // The sender encrypts a message. const sender = await suite.createSenderContext({ - recipientPublicKey: rkp.publicKey, + recipientPublicKey: pkR, }); const ct = await sender.seal(new TextEncoder().encode("Hello world!")); + const jwkSkR = { + kty: "EC", + crv: "P-256", + kid: "P-256-01", + x: "-eZXC6nV-xgthy8zZMCN8pcYSeE2XfWWqckA2fsxHPc", + y: "BGU5soLgsu_y7GN2I3EPUXS9EZ7Sw0qif-V70JtInFI", + d: "kwibx3gas6Kz1V2fyQHKSnr-ybflddSjN0eOnbmLmyo", + key_ops: ["deriveBits"], + }; + const skR = await suite.kem.importKey("jwk", jwkSkR, false); + // The recipient decrypts it. const recipient = await suite.createRecipientContext({ - recipientKey: rkp.privateKey, + recipientKey: skR, enc: sender.enc, }); const pt = await recipient.open(ct); @@ -448,7 +456,12 @@ Browsers: @@ -524,8 +535,8 @@ async function doHpke() { try { doHpke(); -} catch (err) { - console.log("failed:", err.message); +} catch (err: unknown) { + console.log("failed:", (err as Error).message); } ``` @@ -565,14 +576,14 @@ async function doHpke() { try { doHpke(); -} catch (err) { - console.log("failed:", err.message); +} catch (err: unknown) { + console.log("failed:", (err as Error).message); } ``` ### PSK mode -Node.js: +Deno: ```ts import { AeadId, CipherSuite, KdfId, KemId } from "@hpke/hpke-js"; @@ -617,8 +628,8 @@ async function doHpke() { try { doHpke(); -} catch (err) { - console.log("failed:", err.message); +} catch (err: unknown) { + console.log("failed:", (err as Error).message); } ``` @@ -662,8 +673,8 @@ async function doHpke() { try { doHpke(); -} catch (err) { - console.log("failed:", err.message); +} catch (err: unknown) { + console.log("failed:", (err as Error).message); } ``` @@ -717,8 +728,8 @@ async function doHpke() { try { doHpke(); -} catch (err) { - console.log("failed:", err.message); +} catch (err: unknown) { + console.log("failed:", (err as Error).message); } ``` diff --git a/packages/hpke-js/samples/browser/index.html b/packages/hpke-js/samples/browser/index.html index e3ca30ca5..729bd16a8 100644 --- a/packages/hpke-js/samples/browser/index.html +++ b/packages/hpke-js/samples/browser/index.html @@ -4,25 +4,27 @@ diff --git a/packages/hpke-js/samples/ts-webpack/app.ts b/packages/hpke-js/samples/ts-webpack/app.ts index 8e384041a..63d8827d4 100644 --- a/packages/hpke-js/samples/ts-webpack/app.ts +++ b/packages/hpke-js/samples/ts-webpack/app.ts @@ -16,7 +16,7 @@ export const test = async () => { // const rkp = await suite.kem.generateKeyPair(); // instead I needed to do: const extractable = true; - const rkp = await window.crypto.subtle.generateKey( + const rkp = await globalThis.crypto.subtle.generateKey( { name: "ECDH", namedCurve: "P-256", diff --git a/packages/hpke-js/samples/ts-webpack/index.html b/packages/hpke-js/samples/ts-webpack/index.html index 2a71c9289..b652e97ec 100644 --- a/packages/hpke-js/samples/ts-webpack/index.html +++ b/packages/hpke-js/samples/ts-webpack/index.html @@ -1,14 +1,13 @@ - - - Test - - - - -
See developer console.
- - \ No newline at end of file + + Test + + + + +
See developer console.
+ + diff --git a/packages/hpke-js/src/kems/dhkemP256.ts b/packages/hpke-js/src/kems/dhkemP256.ts index 34ea33d65..1843d250e 100644 --- a/packages/hpke-js/src/kems/dhkemP256.ts +++ b/packages/hpke-js/src/kems/dhkemP256.ts @@ -2,11 +2,11 @@ import { Dhkem, Ec, KemId } from "@hpke/common"; import { HkdfSha256 } from "@hpke/dhkem-x25519"; export class DhkemP256HkdfSha256 extends Dhkem { - public readonly id: KemId = KemId.DhkemP256HkdfSha256; - public readonly secretSize: number = 32; - public readonly encSize: number = 65; - public readonly publicKeySize: number = 65; - public readonly privateKeySize: number = 32; + override id: KemId = KemId.DhkemP256HkdfSha256; + override secretSize: number = 32; + override encSize: number = 65; + override publicKeySize: number = 65; + override privateKeySize: number = 32; constructor() { const kdf = new HkdfSha256(); diff --git a/packages/hpke-js/src/kems/dhkemP384.ts b/packages/hpke-js/src/kems/dhkemP384.ts index 92a69133c..f89d2c033 100644 --- a/packages/hpke-js/src/kems/dhkemP384.ts +++ b/packages/hpke-js/src/kems/dhkemP384.ts @@ -2,11 +2,11 @@ import { Dhkem, Ec, KemId } from "@hpke/common"; import { HkdfSha384 } from "../kdfs/hkdfSha384.ts"; export class DhkemP384HkdfSha384 extends Dhkem { - public readonly id: KemId = KemId.DhkemP384HkdfSha384; - public readonly secretSize: number = 48; - public readonly encSize: number = 97; - public readonly publicKeySize: number = 97; - public readonly privateKeySize: number = 48; + override id: KemId = KemId.DhkemP384HkdfSha384; + override secretSize: number = 48; + override encSize: number = 97; + override publicKeySize: number = 97; + override privateKeySize: number = 48; constructor() { const kdf = new HkdfSha384(); diff --git a/packages/hpke-js/src/kems/dhkemP521.ts b/packages/hpke-js/src/kems/dhkemP521.ts index ba5313b8c..ecbb21bb4 100644 --- a/packages/hpke-js/src/kems/dhkemP521.ts +++ b/packages/hpke-js/src/kems/dhkemP521.ts @@ -3,11 +3,11 @@ import { Dhkem, Ec, KemId } from "@hpke/common"; import { HkdfSha512 } from "@hpke/dhkem-x448"; export class DhkemP521HkdfSha512 extends Dhkem { - public readonly id: KemId = KemId.DhkemP521HkdfSha512; - public readonly secretSize: number = 64; - public readonly encSize: number = 133; - public readonly publicKeySize: number = 133; - public readonly privateKeySize: number = 64; + override id: KemId = KemId.DhkemP521HkdfSha512; + override secretSize: number = 64; + override encSize: number = 133; + override publicKeySize: number = 133; + override privateKeySize: number = 64; constructor() { const kdf = new HkdfSha512(); diff --git a/packages/hpke-js/test/cipherSuiteBackwardCompat.test.ts b/packages/hpke-js/test/cipherSuiteBackwardCompat.test.ts index bb4bd3daa..3bb7236ab 100644 --- a/packages/hpke-js/test/cipherSuiteBackwardCompat.test.ts +++ b/packages/hpke-js/test/cipherSuiteBackwardCompat.test.ts @@ -1368,9 +1368,6 @@ describe("CipherSuite(backward-compat)", () => { describe("A README example of Oblivious HTTP (HKDF-SHA384)", () => { it("should work normally", async () => { - if (!isNode()) { - return; - } const te = new TextEncoder(); const cryptoApi = await loadCrypto(); diff --git a/packages/hpke-js/test/dhkemPrimitives.test.ts b/packages/hpke-js/test/dhkemPrimitives.test.ts index ac7002065..fe66e2325 100644 --- a/packages/hpke-js/test/dhkemPrimitives.test.ts +++ b/packages/hpke-js/test/dhkemPrimitives.test.ts @@ -247,9 +247,6 @@ describe("derivePublicKey", () => { }); it("should throw DeserializeError on X448 with a P-521 private key", async () => { - if (!isNode()) { - return; - } const kdf = new HkdfSha512(); const prim = new X448(kdf); const kdf2 = new HkdfSha512(); diff --git a/packages/hpke-js/test/kemContext.test.ts b/packages/hpke-js/test/kemContext.test.ts index 17e5732d6..27fcf4dcd 100644 --- a/packages/hpke-js/test/kemContext.test.ts +++ b/packages/hpke-js/test/kemContext.test.ts @@ -2,12 +2,7 @@ import { assertEquals, assertRejects } from "@std/assert"; import { describe, it } from "@std/testing/bdd"; import { isNode, loadCrypto } from "@hpke/common"; -import { - DeriveKeyPairError, - DeserializeError, - KemId, - SerializeError, -} from "@hpke/core"; +import { DeserializeError, KemId, SerializeError } from "@hpke/core"; import { DhkemX25519HkdfSha256 } from "@hpke/dhkem-x25519"; import { DhkemX448HkdfSha512 } from "@hpke/dhkem-x448"; @@ -278,23 +273,23 @@ describe("deriveKeyPair", () => { }); }); - describe("with invalid parameters", () => { - it("should throw NotSupportedError with DhkemP256HkdfSha256", async () => { - if (isNode()) { - return; - } - const cryptoApi = await loadCrypto(); - const ikm = new Uint8Array(32); - cryptoApi.getRandomValues(ikm); - - // assert - const kemContext = new DhkemP256HkdfSha256(); - await assertRejects( - () => kemContext.deriveKeyPair(ikm.buffer), - DeriveKeyPairError, - ); - }); - }); + // describe("with invalid parameters", () => { + // it("should throw NotSupportedError with DhkemP256HkdfSha256", async () => { + // if (isNode()) { + // return; + // } + // const cryptoApi = await loadCrypto(); + // const ikm = new Uint8Array(32); + // cryptoApi.getRandomValues(ikm); + + // // assert + // const kemContext = new DhkemP256HkdfSha256(); + // await assertRejects( + // () => kemContext.deriveKeyPair(ikm.buffer), + // DeriveKeyPairError, + // ); + // }); + // }); }); describe("serialize/deserializePublicKey", () => { diff --git a/packages/hpke-js/test/runtimes/browsers/pages/index.html b/packages/hpke-js/test/runtimes/browsers/pages/index.html index 030be424a..29d9e14d3 100644 --- a/packages/hpke-js/test/runtimes/browsers/pages/index.html +++ b/packages/hpke-js/test/runtimes/browsers/pages/index.html @@ -2,7 +2,7 @@ hpke-js test

hpke-js test

@@ -77,16 +77,16 @@

hpke-js test

-
+
-
+
- + - +
pass: pass: -
fail: fail: -
diff --git a/packages/hybridkem-x25519-kyber768/README.md b/packages/hybridkem-x25519-kyber768/README.md index 1d363c3bc..e7d32e086 100644 --- a/packages/hybridkem-x25519-kyber768/README.md +++ b/packages/hybridkem-x25519-kyber768/README.md @@ -217,7 +217,11 @@ try { diff --git a/packages/hybridkem-x25519-kyber768/src/hybridkemX25519Kyber768.ts b/packages/hybridkem-x25519-kyber768/src/hybridkemX25519Kyber768.ts index dd9fef7d1..c4b097cee 100644 --- a/packages/hybridkem-x25519-kyber768/src/hybridkemX25519Kyber768.ts +++ b/packages/hybridkem-x25519-kyber768/src/hybridkemX25519Kyber768.ts @@ -6,11 +6,11 @@ import { HkdfSha256, X25519 } from "@hpke/dhkem-x25519"; import { KemKyber768 } from "./kemKyber768.ts"; class DhkemX25519HkdfSha256 extends Dhkem implements DhkemInterface { - public readonly id: KemId = KemId.DhkemX25519HkdfSha256; - public readonly secretSize: number = 32; - public readonly encSize: number = 32; - public readonly publicKeySize: number = 32; - public readonly privateKeySize: number = 32; + override id: KemId = KemId.DhkemX25519HkdfSha256; + override secretSize: number = 32; + override encSize: number = 32; + override publicKeySize: number = 32; + override privateKeySize: number = 32; constructor() { const kdf = new HkdfSha256(); @@ -44,12 +44,12 @@ class DhkemX25519HkdfSha256 extends Dhkem implements DhkemInterface { * ``` */ export class HybridkemX25519Kyber768 extends Hybridkem { - public readonly id: KemId = KemId.HybridkemX25519Kyber768; - public readonly name: string = "X25519Kyber25519"; - public readonly secretSize: number = 64; - public readonly encSize: number = 1120; - public readonly publicKeySize: number = 1216; - public readonly privateKeySize: number = 2432; + override id: KemId = KemId.HybridkemX25519Kyber768; + override name: string = "X25519Kyber25519"; + override secretSize: number = 64; + override encSize: number = 1120; + override publicKeySize: number = 1216; + override privateKeySize: number = 2432; public readonly auth: boolean = false; constructor() { diff --git a/packages/hybridkem-x25519-kyber768/src/kyber/kyber768.ts b/packages/hybridkem-x25519-kyber768/src/kyber/kyber768.ts index 58ff19cf1..6aa5e7921 100644 --- a/packages/hybridkem-x25519-kyber768/src/kyber/kyber768.ts +++ b/packages/hybridkem-x25519-kyber768/src/kyber/kyber768.ts @@ -26,11 +26,11 @@ import { KyberBase } from "./kyberBase.ts"; * ``` */ export class Kyber768 extends KyberBase { - protected _k = 3; - protected _du = 10; - protected _dv = 4; - protected _eta1 = 2; - protected _eta2 = 2; + override _k = 3; + override _du = 10; + override _dv = 4; + override _eta1 = 2; + override _eta2 = 2; constructor() { super(); diff --git a/packages/hybridkem-x25519-kyber768/test/runtimes/browsers/pages/index.html b/packages/hybridkem-x25519-kyber768/test/runtimes/browsers/pages/index.html index 99849ff5f..c616ae4b5 100644 --- a/packages/hybridkem-x25519-kyber768/test/runtimes/browsers/pages/index.html +++ b/packages/hybridkem-x25519-kyber768/test/runtimes/browsers/pages/index.html @@ -14,7 +14,7 @@ HkdfSha384, HkdfSha512, } from "./src/hpke-core.js"; - import { HybridkemX25519Kyber768 } from './src/hpke-hybridkem-x25519-kyber768.js'; + import { HybridkemX25519Kyber768 } from "./src/hpke-hybridkem-x25519-kyber768.js"; // const kems = [ // new DhkemP256HkdfSha256(), @@ -41,27 +41,28 @@ for (const aead of aeads) { try { const suite = new CipherSuite({ kem: kem, kdf: kdf, aead: aead }); - + const rkp = await suite.kem.generateKeyPair(); - + const sender = await suite.createSenderContext({ - recipientPublicKey: rkp.publicKey + recipientPublicKey: rkp.publicKey, }); - + const recipient = await suite.createRecipientContext({ recipientKey: rkp, enc: sender.enc, }); - + // encrypt - const ct = await sender.seal(new TextEncoder().encode('hello world!')); - + const ct = await sender.seal( + new TextEncoder().encode("hello world!"), + ); + // decrypt const pt = await recipient.open(ct); // hello world! - 'hello world!' === new TextDecoder().decode(pt) ? pass++ : fail++; - + "hello world!" === new TextDecoder().decode(pt) ? pass++ : fail++; } catch (e) { fail++; } @@ -69,32 +70,34 @@ } document.getElementById("pass").innerHTML = pass; document.getElementById("fail").innerHTML = fail; - } + }; globalThis.reset = () => { document.getElementById("pass").innerHTML = "-"; document.getElementById("fail").innerHTML = "-"; - } - + }; -

@hpke/hybridkem-x25519-kyber768 test

+

+ @hpke/hybridkem-x25519-kyber768 test +

-
+
-
+
- + - +
pass: pass: -
fail: fail: -