diff --git a/spec/node/services/nodeCryptoFunction.service.spec.ts b/spec/node/services/nodeCryptoFunction.service.spec.ts index 746a0563b4..6250c642ca 100644 --- a/spec/node/services/nodeCryptoFunction.service.spec.ts +++ b/spec/node/services/nodeCryptoFunction.service.spec.ts @@ -27,6 +27,22 @@ const RsaPrivateKey = 'MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCXRVrCX 'BokBGnjFnTnKcs7nv/O8='; describe('NodeCrypto Function Service', () => { + describe('pbkdf2', () => { + const regular256Key = 'pj9prw/OHPleXI6bRdmlaD+saJS4awrMiQsQiDjeu2I='; + const utf8256Key = 'yqvoFXgMRmHR3QPYr5pyR4uVuoHkltv9aHUP63p8n7I='; + const unicode256Key = 'ZdeOata6xoRpB4DLp8zHhXz5kLmkWtX5pd+TdRH8w8w='; + + const regular512Key = 'liTi/Ke8LPU1Qv+Vl7NGEVt/XMbsBVJ2kQxtVG/Z1/JFHFKQW3ZkI81qVlwTiCpb+cFXzs+57' + + 'eyhhx5wfKo5Cg=='; + const utf8512Key = 'df0KdvIBeCzD/kyXptwQohaqUa4e7IyFUyhFQjXCANu5T+scq55hCcE4dG4T/MhAk2exw8j7ixRN' + + 'zXANiVZpnw=='; + const unicode512Key = 'FE+AnUJaxv8jh+zUDtZz4mjjcYk0/PZDZm+SLJe3XtxtnpdqqpblX6JjuMZt/dYYNMOrb2+mD' + + 'L3FiQDTROh1lg=='; + + testPbkdf2('sha256', regular256Key, utf8256Key, unicode256Key); + testPbkdf2('sha512', regular512Key, utf8512Key, unicode512Key); + }); + describe('aesEncrypt', () => { it('should successfully encrypt data', async () => { const nodeCryptoFunctionService = new NodeCryptoFunctionService(); @@ -113,6 +129,40 @@ describe('NodeCrypto Function Service', () => { }); }); +function testPbkdf2(algorithm: 'sha256' | 'sha512', regularKey: string, utf8Key: string, unicodeKey: string) { + const regularEmail = 'user@example.com'; + const utf8Email = 'üser@example.com'; + + const regularPassword = 'password'; + const utf8Password = 'pǻssword'; + const unicodePassword = '😀password🙏'; + + it('should create valid ' + algorithm + ' key from regular input', async () => { + const cryptoFunctionService = new NodeCryptoFunctionService(); + const key = await cryptoFunctionService.pbkdf2(regularPassword, regularEmail, algorithm, 5000); + expect(Utils.fromBufferToB64(key)).toBe(regularKey); + }); + + it('should create valid ' + algorithm + ' key from utf8 input', async () => { + const cryptoFunctionService = new NodeCryptoFunctionService(); + const key = await cryptoFunctionService.pbkdf2(utf8Password, utf8Email, algorithm, 5000); + expect(Utils.fromBufferToB64(key)).toBe(utf8Key); + }); + + it('should create valid ' + algorithm + ' key from unicode input', async () => { + const cryptoFunctionService = new NodeCryptoFunctionService(); + const key = await cryptoFunctionService.pbkdf2(unicodePassword, regularEmail, algorithm, 5000); + expect(Utils.fromBufferToB64(key)).toBe(unicodeKey); + }); + + it('should create valid ' + algorithm + ' key from array buffer input', async () => { + const cryptoFunctionService = new NodeCryptoFunctionService(); + const key = await cryptoFunctionService.pbkdf2(Utils.fromUtf8ToArray(regularPassword).buffer, + Utils.fromUtf8ToArray(regularEmail).buffer, algorithm, 5000); + expect(Utils.fromBufferToB64(key)).toBe(regularKey); + }); +} + function makeStaticByteArray(length: number) { const arr = new Uint8Array(length); for (let i = 0; i < length; i++) { diff --git a/src/services/nodeCryptoFunction.service.ts b/src/services/nodeCryptoFunction.service.ts index 063d665d93..1739df9987 100644 --- a/src/services/nodeCryptoFunction.service.ts +++ b/src/services/nodeCryptoFunction.service.ts @@ -9,11 +9,11 @@ import { Utils } from '../misc/utils'; export class NodeCryptoFunctionService implements CryptoFunctionService { pbkdf2(password: string | ArrayBuffer, salt: string | ArrayBuffer, algorithm: 'sha256' | 'sha512', iterations: number): Promise { - const len = algorithm === 'sha256' ? 256 : 512; + const len = algorithm === 'sha256' ? 32 : 64; const nodePassword = this.toNodeValue(password); const nodeSalt = this.toNodeValue(salt); return new Promise((resolve, reject) => { - crypto.pbkdf2(nodePassword, nodeSalt, iterations, length, algorithm, (error, key) => { + crypto.pbkdf2(nodePassword, nodeSalt, iterations, len, algorithm, (error, key) => { if (error != null) { reject(error); } else {