Adding symmetric encryption tests

.github/workflows/app-build.yml → .github/workflows/pull-request-build-test.yml

@@ -1,4 +1,4 @@
-name: Pull request build
+name: Pull request build and test
 on:
   pull_request:
 
@@ -29,3 +29,6 @@ jobs:
           NEXT_PUBLIC_IPFS_API_KEY: x
           NEXT_PUBLIC_ETHERSCAN_API_KEY: x
           NODE_ENV: production
+
+      - name: Run tests
+        run: bun test

package.json

@@ -9,7 +9,8 @@
     "lint": "next lint",
     "prettier": "prettier -c ./components ./context ./hooks ./pages ./plugins ./scripts ./utils ./constants.ts ; echo 'To write the changes: npm run prettier:write'",
     "prettier:write": "prettier -w ./components ./context ./hooks ./pages ./plugins ./scripts ./utils ./constants.ts",
-    "deploy-dao": "bun ./scripts/deploy.ts"
+    "deploy-dao": "bun ./scripts/deploy.ts",
+    "test": "bun test"
   },
   "dependencies": {
     "@aragon/ods": "1.0.15",
@@ -33,6 +34,7 @@
   },
   "devDependencies": {
     "@aragon/osx-commons-configs": "^0.2.0",
+    "@types/bun": "latest",
     "@types/dompurify": "^3.0.5",
     "@types/libsodium-wrappers": "^0.7.13",
     "@types/node": "^20",

tests/symmetric.test.ts

@@ -0,0 +1,46 @@
+import { expect, test, describe, beforeAll } from "bun:test";
+import {
+  decryptBytes,
+  decryptString,
+  encrypt,
+  generateSymmetricKey,
+} from "../utils/encryption/symmetric";
+import libsodium from "libsodium-wrappers";
+
+describe("Symmetric encryption", () => {
+  beforeAll(async () => {
+    await libsodium.ready;
+  });
+  test("Generates a random symmetric key", () => {
+    const key1 = generateSymmetricKey();
+    const key2 = generateSymmetricKey();
+
+    expect(libsodium.to_hex(key1)).not.toBe(libsodium.to_hex(key2));
+  });
+
+  test("Encrypts and decrypts a string", () => {
+    const symKey = generateSymmetricKey();
+    const encryptedPayload = encrypt("Hello world", symKey);
+
+    expect(libsodium.to_hex(encryptedPayload)).toMatch(/^[0-9a-fA-F]+$/);
+    expect(encryptedPayload.length).toBe(51);
+
+    const decrypted = decryptString(encryptedPayload, symKey);
+    expect(decrypted).toBe("Hello world");
+
+    const decryptedHex = decryptBytes(encryptedPayload, symKey);
+    expect(libsodium.to_hex(decryptedHex)).toBe("48656c6c6f20776f726c64");
+  });
+
+  test("Encrypts and decrypts a buffer", () => {
+    const symKey = generateSymmetricKey();
+    const bytes = new Uint8Array([10, 15, 50, 55, 80, 85]);
+    const encryptedPayload = encrypt(bytes, symKey);
+
+    expect(libsodium.to_hex(encryptedPayload)).toMatch(/^[0-9a-fA-F]+$/);
+    expect(encryptedPayload.length).toBe(46);
+
+    const decryptedHex = decryptBytes(encryptedPayload, symKey);
+    expect(libsodium.to_hex(decryptedHex)).toBe("0a0f32375055");
+  });
+});

utils/encryption/symmetric.ts

@@ -1,11 +1,7 @@
 import sodium from "libsodium-wrappers";
 import { concatenate } from "./util";
 
-export function getSymKey() {
-  return sodium.from_hex(
-    "724b092810ec86d7e35c9d067702b31ef90bc43a7b598626749914d6a3e033ed"
-  );
-}
+const SYM_KEY_LENGTH = 32;
 
 export function encrypt(
   message: string | Uint8Array,
@@ -36,7 +32,12 @@ export function decryptString(
     sodium.crypto_secretbox_NONCEBYTES
   );
 
-  return sodium.crypto_secretbox_open_easy(ciphertext, nonce, symmetricKey);
+  return sodium.crypto_secretbox_open_easy(
+    ciphertext,
+    nonce,
+    symmetricKey,
+    "text"
+  );
 }
 
 export function decryptBytes(
@@ -61,6 +62,12 @@ export function decryptBytes(
     ciphertext,
     nonce,
     symmetricKey,
-    "text"
+    "uint8array"
   );
 }
+
+// Key helpers
+
+export function generateSymmetricKey(size: number = SYM_KEY_LENGTH) {
+  return sodium.randombytes_buf(size, "uint8array");
+}