Skip to content

Add Vault encrypting algorithms support #372

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pangea-andrest merged 3 commits into from
Jan 17, 2024
Merged

Add Vault encrypting algorithms support #372

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
02e2b85
Add Vault encrypting algorithms support
pangea-andrest Jan 16, 2024
283e6ad
remove commented tests
pangea-andrest Jan 16, 2024
ad47bcb
Updates:
pangea-andrest Jan 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions packages/pangea-node-sdk/src/types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -637,6 +637,8 @@ export namespace Vault {
AES128_CFB = "AES-CFB-128",
AES256_CFB = "AES-CFB-256",
AES256_GCM = "AES-GCM-256",
AES128_CBC = "AES-CBC-128",
AES256_CBC = "AES-CBC-256",
AES = "AES-CFB-128", // deprecated, use AES128_CFB instead
}

Expand Down
64 changes: 37 additions & 27 deletions packages/pangea-node-sdk/tests/integration/vault.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -199,7 +199,7 @@ async function jwtAsymSigningCycle(id: string) {
expect(verify1Resp.result.valid_signature).toBe(true);
} catch (e) {
e instanceof PangeaErrors.APIError ? console.log(e.toString()) : console.log(e);
expect(false).toBeTruthy();
throw e;
}
}

Expand Down Expand Up @@ -240,7 +240,7 @@ async function jwtSymSigningCycle(id: string) {
expect(verify1Resp.result.valid_signature).toBe(true);
} catch (e) {
e instanceof PangeaErrors.APIError ? console.log(e.toString()) : console.log(e);
expect(false).toBeTruthy();
throw e;
}
}

Expand Down Expand Up @@ -281,10 +281,6 @@ async function encryptingCycle(id: string) {
const decDefaultResp = await vault.decrypt(id, enc2Resp.result.cipher_text);
expect(decDefaultResp.result.plain_text).toBe(dataB64);

// // Decrypt wrong version
// const decBad1Resp = await vault.decrypt(id, enc1Resp.result.cipher_text);
// expect(decBad1Resp.result.plain_text).not.toBe(dataB64);

let f = async () => {
await vault.decrypt("notandid", enc2Resp.result.cipher_text);
};
Expand Down Expand Up @@ -479,20 +475,28 @@ it("RSA encrypting life cycle", async () => {
} catch (e) {
e instanceof PangeaErrors.APIError ? console.log(e.toString()) : console.log(e);
console.log(`Failed asymmetric encrypting life cycle with ${algorithm} and ${purpose}`);
expect(false).toBeTruthy();
throw e;
}
});

it("AES encrypting life cycle", async () => {
const algorithm = Vault.SymmetricAlgorithm.AES;
const algorithms = [
Vault.SymmetricAlgorithm.AES128_CBC,
Vault.SymmetricAlgorithm.AES256_CBC,
Vault.SymmetricAlgorithm.AES128_CFB,
Vault.SymmetricAlgorithm.AES256_CFB,
Vault.SymmetricAlgorithm.AES256_GCM,
];
const purpose = Vault.KeyPurpose.ENCRYPTION;
try {
const id = await symGenerateDefault(algorithm, purpose);
await encryptingCycle(id);
await vault.delete(id);
} catch (e) {
console.log(`Failed symmetric encrypting life cycle with ${algorithm} and ${purpose}`);
expect(false).toBeTruthy();
for (const algorithm of algorithms) {
try {
const id = await symGenerateDefault(algorithm, purpose);
await encryptingCycle(id);
await vault.delete(id);
} catch (e) {
console.log(`Failed symmetric encrypting life cycle with ${algorithm} and ${purpose}`);
throw e;
}
}
});

Expand All @@ -503,29 +507,35 @@ it("JWT asymmetric signing life cycle", async () => {
Vault.AsymmetricAlgorithm.ES512,
];
const purpose = Vault.KeyPurpose.JWT;
algorithms.forEach(async (algorithm) => {
for (const algorithm of algorithms) {
try {
const id = await asymGenerateDefault(algorithm, purpose);
await jwtAsymSigningCycle(id);
await vault.delete(id);
} catch (e) {
console.log(`Failed JWT asymmetric signing life cycle with ${algorithm} and ${purpose}`);
expect(false).toBeTruthy();
throw e;
}
});
}
});

it("JWT symmetric signing life cycle", async () => {
const algorithm = Vault.SymmetricAlgorithm.HS256;
const purpose = Vault.KeyPurpose.JWT;
try {
const id = await symGenerateDefault(algorithm, purpose);
await jwtSymSigningCycle(id);
await vault.delete(id);
} catch (e) {
e instanceof PangeaErrors.APIError ? console.log(e.toString()) : console.log(e);
console.log(`Failed JWT symmetric signing life cycle with ${algorithm} and ${purpose}`);
expect(false).toBeTruthy();
const algorithms = [
Vault.SymmetricAlgorithm.HS256,
Vault.SymmetricAlgorithm.HS384,
Vault.SymmetricAlgorithm.HS512,
];
for (const algorithm of algorithms) {
try {
const id = await symGenerateDefault(algorithm, purpose);
await jwtSymSigningCycle(id);
await vault.delete(id);
} catch (e) {
e instanceof PangeaErrors.APIError ? console.log(e.toString()) : console.log(e);
console.log(`Failed JWT symmetric signing life cycle with ${algorithm} and ${purpose}`);
throw e;
}
}
});

Expand Down