Fix types. Closes #84

hapijs · Sep 20, 2019 · 5a46ab4 · 5a46ab4
1 parent a241c1c
commit 5a46ab4
Show file tree

Hide file tree

Showing 2 changed files with 165 additions and 58 deletions.
diff --git a/lib/index.d.ts b/lib/index.d.ts
@@ -1,59 +1,170 @@
-export interface Options {
-    saltBits: number;
-    salt?: string;
-    algorithm: string;
-    iterations: number;
-    iv?: string;
-    minPasswordlength: number;
+/**
+Configuration options for built-in algorithms.
+*/
+export interface Algorithms {
+    'aes-128-ctr': {
+        keyBits: number;
+        ivBits: number;
+    };
+
+    'aes-256-cbc': {
+        keyBits: number;
+        ivBits: number;
+    };
+
+    'sha256': {
+        keyBits: number;
+    };
 }
 
 
+/**
+seal() method options.
+*/
 export interface SealOptionsSub {
+
+    /**
+    The length of the salt (random buffer used to ensure that two identical objects will generate a different encrypted result). Defaults to 256.
+    */
     saltBits: number;
-    algorithm: string;
+
+    /**
+    The algorithm used. Defaults to 'aes-256-cbc' for encryption and 'sha256' for integrity.
+    */
+    algorithm: keyof Algorithms;
+
+    /**
+    The number of iterations used to derive a key from the password. Defaults to 1.
+    */
     iterations: number;
+
+    /**
+    Minimum password size. Defaults to 32.
+    */
     minPasswordlength: number;
 }
 
 
+/**
+generateKey() method options.
+*/
+export interface GenerateKeyOptions extends Pick<SealOptionsSub, 'algorithm' | 'iterations' | 'minPasswordlength'> {
+
+    saltBits?: number;
+    salt?: string;
+    iv?: string;
+}
+
+
+/**
+Options for customizing the key derivation algorithm used to generate encryption and integrity verification keys as well as the algorithms and salt sizes used.
+*/
 export interface SealOptions {
+
+    /**
+    Encryption step options.
+    */
     encryption: SealOptionsSub;
+
+    /**
+    Integrity step options.
+    */
     integrity: SealOptionsSub;
+
+    /**
+    Sealed object lifetime in milliseconds where 0 means forever. Defaults to 0.
+     */
     ttl: number;
+
+    /**
+    Number of seconds of permitted clock skew for incoming expirations. Defaults to 60 seconds.
+    */
     timestampSkewSec: number;
+
+    /**
+    Local clock time offset, expressed in number of milliseconds (positive or negative). Defaults to 0.
+    */
     localtimeOffsetMsec: number;
 }
 
 
+/**
+Generated internal key object.
+*/
 export interface Key {
-    key: string;
+    key: Buffer;
     salt: string;
     iv: string;
 }
 
 
+/**
+Generated HMAC internal results.
+*/
+export interface HMacResult {
+    digest: string;
+    salt: string;
+}
+
+
+/**
+Password secret string or buffer.
+*/
 type Password = string | Buffer
 
 
 declare namespace password {
 
+    /**
+    Secret object with optional id.
+    */
     interface Secret {
         id?: string,
         secret: Password
     }
 
+    /**
+    Secret object with optional id and specified password for each encryption and integrity.
+    */
     interface Specific {
         id?: string,
         encryption: Password,
         integrity: Password
     }
 
+    /**
+    Key-value pairs hash of password id to value
+    */
     interface Hash {
         [id: string]: Password | Secret | Specific;
     }
 }
 
 
+/**
+The default encryption and integrity settings.
+*/
+export const defaults: SealOptions;
+
+
+/**
+Configuration of each supported algorithm. 
+*/
+export const algorithms: Algorithms;
+
+
+/**
+MAC normalization format version.
+*/
+export const macFormatVersion: string;
+
+
+/**
+MAC normalization prefix.
+*/
+export const macPrefix: string;
+
+
 /**
 Generates a key from the password
 
@@ -62,8 +173,7 @@ Generates a key from the password
 
 @returns An object with keys: key, salt, iv
 */
-
-export function generateKey(password: Password, options: Options): Key
+export function generateKey(password: Password, options: GenerateKeyOptions): Promise<Key>
 
 
 /**
@@ -75,8 +185,7 @@ Encrypt data
 
 @returns an object with the following keys: encrypted, key
 */
-
-export function encrypt(password: Password, options: Options, data: string): { encrypted: Buffer, key: Key }
+export function encrypt(password: Password, options: GenerateKeyOptions, data: string): Promise<{ encrypted: Buffer, key: Key }>
 
 
 /**
@@ -88,8 +197,7 @@ Decrypt data
 
 @returns the decrypted string
 */
-
-export function decrypt(password: Password, options: Options, data: string): string
+export function decrypt(password: Password, options: GenerateKeyOptions, data: string): Promise<string>
 
 
 /**
@@ -101,8 +209,7 @@ Calculates a HMAC digest
 
 @returns An object with the following keys: digest, salt
 */
-
-export function hmacWithPassword(password: Password, options: Options, data: string): { digest: string, salt: string }
+export function hmacWithPassword(password: Password, options: GenerateKeyOptions, data: string): Promise<HMacResult>
 
 
 /**
@@ -114,8 +221,7 @@ Serializes, encrypts, and signs objects into an iron protocol string
 
 @returns Iron sealed string
 */
-
-export function seal(object: any, password: Password | password.Secret | password.Specific, options: SealOptions): string
+export function seal(object: any, password: Password | password.Secret | password.Specific, options: SealOptions): Promise<string>
 
 
 /**
@@ -127,5 +233,4 @@ Verifies, decrypts, and reconstruct an iron protocol string into an object
 
 @returns the verified decrypted object
 */
-
-export function unseal(sealed: string, password: Password | password.Hash, options?: SealOptions): object
+export function unseal(sealed: string, password: Password | password.Hash, options?: SealOptions): Promise<any>
diff --git a/test/index.ts b/test/index.ts
@@ -8,46 +8,48 @@ const { expect } = Lab.types;
 
 
 const password = 'some_not_random_password_that_is_also_long_enough';
+
 const buffer = Cryptiles.randomBits(256);
+
 const defaults = {
-  encryption: {
-      saltBits: 256,
-      algorithm: 'aes-256-cbc',
-      iterations: 1,
-      minPasswordlength: 32
-  },
-
-  integrity: {
-      saltBits: 256,
-      algorithm: 'sha256',
-      iterations: 1,
-      minPasswordlength: 32
-  },
-
-  ttl: 0,                                         
-  timestampSkewSec: 60,                             
-  localtimeOffsetMsec: 0                             
-};
+    encryption: {
+        saltBits: 256,
+        algorithm: 'aes-256-cbc',
+        iterations: 1,
+        minPasswordlength: 32
+    },
+
+    integrity: {
+        saltBits: 256,
+        algorithm: 'sha256',
+        iterations: 1,
+        minPasswordlength: 32
+    },
+
+    ttl: 0,
+    timestampSkewSec: 60,
+    localtimeOffsetMsec: 0
+} as Iron.SealOptions;
 
 const options = {
-  saltBits: 256,                                  
-  salt: '4d8nr9q384nr9q384nr93q8nruq9348run',
-  algorithm: 'aes-128-ctr',
-  iterations: 10000,
-  iv: 'sdfsdfsdfsdfscdrgercgesrcgsercg',         
-  minPasswordlength: 32
-}
+    saltBits: 256,
+    salt: '4d8nr9q384nr9q384nr93q8nruq9348run',
+    algorithm: 'aes-128-ctr',
+    iterations: 10000,
+    iv: 'sdfsdfsdfsdfscdrgercgesrcgsercg',
+    minPasswordlength: 32
+} as Iron.GenerateKeyOptions;
 
 
 // generateKey()
 
 Iron.generateKey(password, options)
 Iron.generateKey(password, defaults.encryption)
 
-expect.type<{key: string, salt: string, iv: string}>(Iron.generateKey(password, options))
+expect.type<Iron.Key>(await Iron.generateKey(password, options))
 
 expect.error(Iron.generateKey(256, options))
-expect.error(Iron.generateKey({ foo: "bar"}, options))
+expect.error(Iron.generateKey({ foo: "bar" }, options))
 expect.error(Iron.generateKey('password', 'password'))
 expect.error(Iron.generateKey('password'))
 
@@ -57,8 +59,8 @@ expect.error(Iron.generateKey('password'))
 Iron.encrypt(password, options, "hello")
 Iron.encrypt(buffer, options, "hello")
 
-expect.type<{ encrypted: Buffer, key: { key: string, salt: string, iv: string }}>(Iron.encrypt(password, options, "hello"))
-expect.type<{ encrypted: Buffer, key: { key: string, salt: string, iv: string }}>(Iron.encrypt(buffer, options, "hello"))
+expect.type<{ encrypted: Buffer, key: Iron.Key }>(await Iron.encrypt(password, options, "hello"))
+expect.type<{ encrypted: Buffer, key: Iron.Key }>(await Iron.encrypt(buffer, options, "hello"))
 
 expect.error(Iron.encrypt(256, options, "hello"))
 expect.error(Iron.encrypt({ foo: "bar" }, options, "hello"))
@@ -71,8 +73,8 @@ expect.error(Iron.encrypt(password, options))
 Iron.decrypt(password, options, "uuddlrlrbabas")
 Iron.decrypt(buffer, options, "uuddlrlrbabas")
 
-expect.type<string>(Iron.decrypt(password, options, "uuddlrlrbabas"))
-expect.type<string>(Iron.decrypt(buffer, options, "uuddlrlrbabas"))
+expect.type<string>(await Iron.decrypt(password, options, "uuddlrlrbabas"))
+expect.type<string>(await Iron.decrypt(buffer, options, "uuddlrlrbabas"))
 
 expect.error(Iron.decrypt(256, options, "uuddlrlrbabas"))
 expect.error(Iron.decrypt({ foo: "bar" }, options, "uuddlrlrbabas"))
@@ -85,8 +87,8 @@ expect.error(Iron.decrypt(password, options))
 Iron.hmacWithPassword(password, options, 'some_string')
 Iron.hmacWithPassword(buffer, options, 'some_string')
 
-expect.type<{ digest: string, salt: string }>(Iron.hmacWithPassword(password, options, 'some_string'))
-expect.type<{ digest: string, salt: string }>(Iron.hmacWithPassword(buffer, options, 'some_string'))
+expect.type<{ digest: string, salt: string }>(await Iron.hmacWithPassword(password, options, 'some_string'))
+expect.type<{ digest: string, salt: string }>(await Iron.hmacWithPassword(buffer, options, 'some_string'))
 
 expect.error(Iron.hmacWithPassword(256, options, 'some_string'))
 expect.error(Iron.hmacWithPassword({ foo: "bar" }, options, 'some_string'))
@@ -104,8 +106,8 @@ Iron.seal(256, password, defaults)
 Iron.seal(["a", 1, true], password, defaults)
 Iron.seal(["a", 1, true], buffer, defaults)
 
-expect.type<string>(Iron.seal('seal_this_string', password, defaults))
-expect.type<string>(Iron.seal('seal_this_string', buffer, defaults))
+expect.type<string>(await Iron.seal('seal_this_string', password, defaults))
+expect.type<string>(await Iron.seal('seal_this_string', buffer, defaults))
 
 expect.error(Iron.seal('seal_this_string', 256, defaults))
 expect.error(Iron.seal('seal_this_string', password, options))
@@ -118,8 +120,8 @@ expect.error(Iron.seal('seal_this_string', password))
 Iron.unseal('uuddlrlrbabas', password, defaults)
 Iron.unseal('uuddlrlrbabas', buffer, defaults)
 
-expect.type<object>(Iron.unseal('uuddlrlrbabas', password, defaults))
-expect.type<object>(Iron.unseal('uuddlrlrbabas', buffer, defaults))
+expect.type<object>(await Iron.unseal('uuddlrlrbabas', password, defaults))
+expect.type<object>(await Iron.unseal('uuddlrlrbabas', buffer, defaults))
 
 expect.error(Iron.unseal(256, password, defaults))
 expect.error(Iron.unseal('uuddlrlrbabas', password, options))