review feedback

Author: garethbowen

packages/xforms-engine/src/lib/client-reactivity/instance-state/quarantine/encryption.ts

@@ -4,7 +4,7 @@
  * More info: README.md
  */
 
-import { SubmissionManifestDefinition } from '../../../../parse/model/SubmissionManifestDefinition';
+import { EncryptedSubmissionManifestDefinition } from '../../../../parse/model/EncryptedSubmissionManifestDefinition';
 import { type Submission } from '../prepareInstancePayload';
 import { getEncryptedSymmetricKey } from './asymmetric';
 import { encryptAttachments } from './symmetric';
@@ -29,7 +29,7 @@ export const encryptSubmission = async (
 	const symmetricKey = generateSymmetricKey();
 	const encryptedSymmetricKey = await getEncryptedSymmetricKey(encryptionKey, symmetricKey);
 
-	const manifest = new SubmissionManifestDefinition(
+	const manifest = new EncryptedSubmissionManifestDefinition(
 		formId,
 		formVersion,
 		instanceId,

…se/model/SubmissionManifestDefinition.ts …EncryptedSubmissionManifestDefinition.tspackages/xforms-engine/src/parse/model/SubmissionManifestDefinition.ts renamed to packages/xforms-engine/src/parse/model/EncryptedSubmissionManifestDefinition.ts packages/xforms-engine/src/parse/model/SubmissionManifestDefinition.ts renamed to packages/xforms-engine/src/parse/model/EncryptedSubmissionManifestDefinition.ts

@@ -7,7 +7,7 @@ import {
 	ENCRYPTED_SUFFIX,
 } from '../../lib/client-reactivity/instance-state/quarantine/encryption';
 
-export class SubmissionManifestDefinition {
+export class EncryptedSubmissionManifestDefinition {
 	readonly attachments: string[];
 
 	constructor(

packages/xforms-engine/test/lib/client-reactivity/instance-state/quarantine/asymmetric.test.ts

@@ -32,8 +32,11 @@ describe('asymmetric encryption', () => {
 		expect(() => atob(actual)).not.toThrow();
 	});
 
+	// ensures attacker cannot figure out what the plaintext is by looking up known encrypted submissions
+	// See:
+	// - https://en.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding
+	// - https://en.wikipedia.org/wiki/Probabilistic_encryption
 	it('should produce different ciphertexts for the same input', async () => {
-		// ensures attacker cannot figure out what the plaintext is by looking up known encrypted submissions
 		const result1 = await getEncryptedSymmetricKey(publicKeyBase64, symmetricKey);
 		const result2 = await getEncryptedSymmetricKey(publicKeyBase64, symmetricKey);
 		expect(result1).not.toBe(result2);

packages/xforms-engine/test/lib/client-reactivity/instance-state/quarantine/symmetric.test.ts

@@ -82,10 +82,10 @@ describe('symmetric encryption', () => {
 		});
 
 		describe('functions are symmetrical', () => {
-			[[][0], [0, 1], [0, 1, 2], [0, 1, 2, 3], [0x80], [0xff, 0xff, 0xff, 0xff]].forEach(
+			[[], [0], [0, 1], [0, 1, 2], [0, 1, 2, 3], [0x80], [0xff, 0xff, 0xff, 0xff]].forEach(
 				(input, idx) => {
 					it(`should not mangle example #${idx}`, () => {
-						const given = new Uint8Array(input!);
+						const given = new Uint8Array(input);
 						const actual = wordArrayToArrayBuffer(arrayBufferToWordArray(given));
 						expect(actual).to.deep.equal(given);
 					});