feat: update load ops key decryption

Author: HinsonSIDAN

package.json

@@ -1,7 +1,7 @@
 {
     "name": "@deltadefi-protocol/sdk",
     "description": "The Typescript SDK for DeltaDeFi protocol",
-    "version": "1.0.0",
+    "version": "1.0.1",
     "main": "./dist/index.cjs",
     "browser": "./dist/index.js",
     "module": "./dist/index.js",

src/client/components/encryption.ts

@@ -30,7 +30,10 @@ export async function encryptWithCipher({
     algorithm?: string;
     initializationVectorSize?: number;
 }) {
-    // Derive a cryptographic key from the input key using SHA-256
+    // Generate a random salt for PBKDF2
+    const salt = crypto.getRandomValues(new Uint8Array(initializationVectorSize));
+
+    // Derive a cryptographic key from the input key using PBKDF2
     const keyMaterial = await crypto.subtle.importKey(
         'raw',
         new TextEncoder().encode(key),
@@ -42,7 +45,7 @@ export async function encryptWithCipher({
     const cryptoKey = await crypto.subtle.deriveKey(
         {
             name: 'PBKDF2',
-            salt: new Uint8Array(initializationVectorSize), // Use a fixed salt for simplicity
+            salt,
             iterations: 100000,
             hash: 'SHA-256',
         },
@@ -62,9 +65,10 @@ export async function encryptWithCipher({
         new TextEncoder().encode(data),
     );
 
-    // Return the encrypted data as a base64 string
+    // Return the encrypted data as a base64 string with salt included
     return JSON.stringify({
         iv: Buffer.from(iv).toString('base64'),
+        salt: Buffer.from(salt).toString('base64'),
         ciphertext: Buffer.from(encrypted).toString('base64'),
     });
 }
@@ -77,12 +81,27 @@ export async function decryptWithCipher({
     key: string;
     algorithm?: string;
 }) {
+    // Parse the encrypted data JSON - salt is optional for backward compatibility
     const _encryptedData: {
         iv: string;
+        salt?: string;
         ciphertext: string;
     } = JSON.parse(encryptedDataJSON);
 
-    // Derive a cryptographic key from the input key using SHA-256
+    // Decode IV from base64
+    const decodedIv = Buffer.from(_encryptedData.iv, 'base64');
+
+    // Handle salt - support both new format (with salt) and legacy format (without salt)
+    let salt: BufferSource;
+    if (_encryptedData.salt && _encryptedData.salt !== '') {
+        // New format: use the provided salt
+        salt = Buffer.from(_encryptedData.salt, 'base64');
+    } else {
+        // Legacy format: use zero-filled salt of IV length for backward compatibility
+        salt = new Uint8Array(decodedIv.length);
+    }
+
+    // Derive a cryptographic key from the input key using PBKDF2
     const keyMaterial = await crypto.subtle.importKey(
         'raw',
         new TextEncoder().encode(key),
@@ -94,7 +113,7 @@ export async function decryptWithCipher({
     const cryptoKey = await crypto.subtle.deriveKey(
         {
             name: 'PBKDF2',
-            salt: new Uint8Array(Buffer.from(_encryptedData.iv, 'base64').length), // Use the same salt size as IV
+            salt,
             iterations: 100000,
             hash: 'SHA-256',
         },
@@ -104,8 +123,7 @@ export async function decryptWithCipher({
         ['decrypt'],
     );
 
-    // Decode the IV and encrypted data from base64
-    const decodedIv = Buffer.from(_encryptedData.iv, 'base64');
+    // Decode the ciphertext from base64
     const decodedEncryptedData = Buffer.from(_encryptedData.ciphertext, 'base64');
 
     // Decrypt the data

src/validation/index.ts

@@ -1,6 +1,6 @@
 /* eslint-disable arrow-body-style */
-import { Asset } from '@meshsdk/core';
-import { DeltaDeFiOrderInfo, DeltaDeFiTxInfo } from '../types/validation';
+// import { Asset } from '@meshsdk/core';
+// import { DeltaDeFiOrderInfo, DeltaDeFiTxInfo } from '../types/validation';
 // import { Value } from '../src/types/responses';
 
 // /**

tests/decryption.test.ts

@@ -0,0 +1,36 @@
+/* eslint-disable import/no-unresolved */
+/* eslint-disable import/no-extraneous-dependencies */
+import { decryptWithCipher } from '../src/client/components/encryption';
+
+describe('DecryptWithCipher', () => {
+    const encryptedData = JSON.stringify({
+        iv: 'XRAGv22SYgpZiGhy',
+        salt: '5YowN2Txol1ejcvt9gJB1A==',
+        ciphertext:
+            'SUJcKVu5/yLVXvcVRI0xLTT+HN0j0JQc2YGL4uwmdErIAa4ZwTkfaKP3VNlclBeXoRfRqCRw9ioYZLSrZOsUlSKRDIGkrfHamZw3Nt+bTwWgzAecWmLOeU8Ks1ou6iQa1K9Yqt2+zJi6rDJfkEFEZJBOjC0iFnmeIMemYVD5UexqIkTlGZcKzwW57WU4HPKHpri/PhupcPRVpbZaNurCTB9tfnDLsr83zgHqSFILOdnSwvUaMA==',
+    });
+
+    test('correct password should decrypt successfully', async () => {
+        const password = 'testing123456';
+
+        const result = await decryptWithCipher({
+            encryptedDataJSON: encryptedData,
+            key: password,
+        });
+
+        expect(result).toBeTruthy();
+        expect(result).not.toBe('');
+        console.log(`Decrypted successfully, result length: ${result.length}`);
+    });
+
+    test('incorrect password should fail', async () => {
+        const password = 'wrongPassword';
+
+        await expect(
+            decryptWithCipher({
+                encryptedDataJSON: encryptedData,
+                key: password,
+            }),
+        ).rejects.toThrow();
+    });
+});