tools/test_hybrid_decrypt_node.mjs

43 lines · javascript

import { readFileSync } from 'node:fs';
import { join, resolve } from 'node:path';
import { pathToFileURL } from 'node:url';
 
function argValue(name, fallback) {
  const idx = process.argv.indexOf(name);
  if (idx >= 0 && idx + 1 < process.argv.length) return process.argv[idx + 1];
  return fallback;
}
 
const viewerDir = resolve(argValue('--viewer-dir', process.env.OVERSIGHT_VIEWER_DIR || 'site/viewer'));
const sealedPath = resolve(argValue('--sealed', join(viewerDir, 'samples/tutorial-hybrid.sealed')));
const identityPath = resolve(argValue('--identity', join(viewerDir, 'samples/tutorial-hybrid-identity.json')));
 
const VIEWER = pathToFileURL(join(viewerDir, 'viewer.js')).href;
const NOBLE_CHACHA = pathToFileURL(join(viewerDir, 'vendor/noble-ciphers-chacha-1.3.0.js')).href;
const NOBLE_MLKEM = pathToFileURL(join(viewerDir, 'vendor/noble-post-quantum-ml-kem-0.6.1.js')).href;
 
const { parseSealed, verifyManifestSignature, decryptSealed } = await import(VIEWER);
const { xchacha20poly1305 } = await import(NOBLE_CHACHA);
const { ml_kem768 } = await import(NOBLE_MLKEM);
 
const sealedBuf = readFileSync(sealedPath);
const identity = JSON.parse(readFileSync(identityPath, 'utf8'));
 
const parsed = parseSealed(sealedBuf.buffer.slice(sealedBuf.byteOffset, sealedBuf.byteOffset + sealedBuf.byteLength));
console.log('parsed.suiteName        :', parsed.suiteName);
console.log('parsed.manifest.suite   :', parsed.manifest.suite);
console.log('parsed.content_hash     :', parsed.manifest.content_hash);
console.log('parsed.ciphertextLen    :', parsed.ciphertextLen);
console.log('parsed.wrappedDek keys  :', Object.keys(parsed.wrappedDek || {}).join(','));
 
const sigCheck = await verifyManifestSignature(parsed.manifest);
console.log('Ed25519 signature verify:', sigCheck.ok, sigCheck.reason || '');
 
const plaintext = await decryptSealed(parsed, identity, xchacha20poly1305, ml_kem768);
const text = new TextDecoder().decode(plaintext);
console.log('decrypted plaintext     :', JSON.stringify(text));
 
const expected = 'hello hybrid post-quantum oversight\n';
const pass = sigCheck.ok && text === expected;
console.log('TEST                    :', pass ? 'PASS' : 'FAIL');
process.exit(pass ? 0 : 1);

1	import { readFileSync } from 'node:fs';
2	import { join, resolve } from 'node:path';
3	import { pathToFileURL } from 'node:url';
4
5	function argValue(name, fallback) {
6	const idx = process.argv.indexOf(name);
7	if (idx >= 0 && idx + 1 < process.argv.length) return process.argv[idx + 1];
8	return fallback;
9	}
10
11	const viewerDir = resolve(argValue('--viewer-dir', process.env.OVERSIGHT_VIEWER_DIR \|\| 'site/viewer'));
12	const sealedPath = resolve(argValue('--sealed', join(viewerDir, 'samples/tutorial-hybrid.sealed')));
13	const identityPath = resolve(argValue('--identity', join(viewerDir, 'samples/tutorial-hybrid-identity.json')));
14
15	const VIEWER = pathToFileURL(join(viewerDir, 'viewer.js')).href;
16	const NOBLE_CHACHA = pathToFileURL(join(viewerDir, 'vendor/noble-ciphers-chacha-1.3.0.js')).href;
17	const NOBLE_MLKEM = pathToFileURL(join(viewerDir, 'vendor/noble-post-quantum-ml-kem-0.6.1.js')).href;
18
19	const { parseSealed, verifyManifestSignature, decryptSealed } = await import(VIEWER);
20	const { xchacha20poly1305 } = await import(NOBLE_CHACHA);
21	const { ml_kem768 } = await import(NOBLE_MLKEM);
22
23	const sealedBuf = readFileSync(sealedPath);
24	const identity = JSON.parse(readFileSync(identityPath, 'utf8'));
25
26	const parsed = parseSealed(sealedBuf.buffer.slice(sealedBuf.byteOffset, sealedBuf.byteOffset + sealedBuf.byteLength));
27	console.log('parsed.suiteName :', parsed.suiteName);
28	console.log('parsed.manifest.suite :', parsed.manifest.suite);
29	console.log('parsed.content_hash :', parsed.manifest.content_hash);
30	console.log('parsed.ciphertextLen :', parsed.ciphertextLen);
31	console.log('parsed.wrappedDek keys :', Object.keys(parsed.wrappedDek \|\| {}).join(','));
32
33	const sigCheck = await verifyManifestSignature(parsed.manifest);
34	console.log('Ed25519 signature verify:', sigCheck.ok, sigCheck.reason \|\| '');
35
36	const plaintext = await decryptSealed(parsed, identity, xchacha20poly1305, ml_kem768);
37	const text = new TextDecoder().decode(plaintext);
38	console.log('decrypted plaintext :', JSON.stringify(text));
39
40	const expected = 'hello hybrid post-quantum oversight\n';
41	const pass = sigCheck.ok && text === expected;
42	console.log('TEST :', pass ? 'PASS' : 'FAIL');
43	process.exit(pass ? 0 : 1);